5.0.0.3.mib

MIB of Netscreen firewa

./snmp/mib_files/5.0/NS-ADDR.mib010075000020300000144000000075000775460527500205550ustar00build_masterscreenos00003610232230-- These MIBs were created on 05/14/2001 -- This module defines NetScreen private MIBs for address book -- -- Copyright (c) 1999 - 2000 by NetScreen Technologies, Inc. -- All rights reserved. -- -- MODULE-IDENTITY -- OrgName -- Netscreen Technologies, Inc. -- ContactInfo -- Customer Support -- -- 350 Oakmead Parkway -- Sunnyvale, CA 94085 -- USA -- -- Tel: 1.877.NETSCREEN -- E-mail: support@netscreen.com -- Http://www.netscreen.com -- Descr -- This module defines the object that are used to monitor -- all the entries in the Address Book -- -- Last modified date: 09/28/2001 -- -- Last modified date: 11/10/2003 -- Correct spelling mistake -- NETSCREEN-ADDR-MIB DEFINITIONS ::= BEGIN IMPORTS DisplayString FROM RFC1213-MIB netscreenAddr FROM NETSCREEN-SMI; nsAddrTable OBJECT-TYPE SYNTAX SEQUENCE OF NsAddrEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "The NetScreen ScreenOS classifies the addresses of all other devices by location and netmask. For example trusted addresses are located behind the trusted interface. This table collects all address items that exist in ScreenOS" ::= { netscreenAddr 1 } nsAddrEntry OBJECT-TYPE SYNTAX NsAddrEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "Address entry collects some attributes of the address item." INDEX { nsAddrIndex } ::= { nsAddrTable 1 } NsAddrEntry ::= SEQUENCE { nsAddrIndex INTEGER, nsAddrName DisplayString, nsAddrVsys INTEGER, nsAddrZone INTEGER, nsAddrIpOrDomain DisplayString, nsAddrNetmask IpAddress, nsAddrComment DisplayString } nsAddrIndex OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "A unique value for each address. Its value ranges between 0 and 65535 and may not be contiguous." ::= { nsAddrEntry 1 } nsAddrName OBJECT-TYPE SYNTAX DisplayString(SIZE(0..32)) ACCESS read-only STATUS mandatory DESCRIPTION "Address item name." ::= { nsAddrEntry 2 } nsAddrVsys OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "Virtual system name this address belongs to." ::= { nsAddrEntry 3 } nsAddrZone OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "Security zone name this address belongs to." ::= { nsAddrEntry 4 } nsAddrIpOrDomain OBJECT-TYPE SYNTAX DisplayString(SIZE(0..32)) ACCESS read-only STATUS mandatory DESCRIPTION "Address item's ip address or domain name." ::= { nsAddrEntry 5 } nsAddrNetmask OBJECT-TYPE SYNTAX IpAddress ACCESS read-only STATUS mandatory DESCRIPTION "Subnet mask address use." ::= { nsAddrEntry 6 } nsAddrComment OBJECT-TYPE SYNTAX DisplayString(SIZE(0..32)) ACCESS read-only STATUS mandatory DESCRIPTION "Comments on this address." ::= { nsAddrEntry 7 } END ./snmp/mib_files/5.0/NS-BGP4.mib010075000020300000144000001075100775433364100205340ustar00build_masterscreenos00003610232230-- These MIBs were created on 1/2/2003 -- This module defines NetScreen private MIBs for NS BGP -- -- Copyright (c) 1999 - 2003 by NetScreen Technologies, Inc. -- All rights reserved. -- -- MODULE-IDENTITY -- OrgName -- Netscreen Technologies, Inc. -- ContactInfo -- Customer Support -- -- 350 Oakmead Parkway -- Sunnyvale, CA 94085 -- USA -- -- Tel: 1.877.NETSCREEN -- E-mail: support@netscreen.com -- Http://www.netscreen.com -- Descr -- This module defines the object that are used to monitor -- NS's BGP configuration -- -- Last modified date: 01/8/2003 -- Last modified date: 11/10/2003 -- NETSCREEN-BGP4-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE, IpAddress, Integer32, Counter32, Gauge32 FROM SNMPv2-SMI netscreenVR FROM NETSCREEN-SMI; nsBgp MODULE-IDENTITY LAST-UPDATED "0301020000Z" ORGANIZATION "NS BGP Working Group" CONTACT-INFO " Customer Support NetScreen 350 Oakmead Parkway Sunnyvale, CA 94085 USA Tel: 1.877.NETSCREEN E-mail: support@netscreen.com Http://www.netscreen.com" DESCRIPTION "The MIB module for NS-BGP-4." ::= { netscreenVR 3 } -- BGP Info table. This table contains, one entry per -- VR, information about the BGP's Version, LocalAs and Identifier. nsBgpInfoTable OBJECT-TYPE SYNTAX SEQUENCE OF NsBgpInfoEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "BGP info table. This table contains, one entry per VR, information about the BGP's Version, LocalAs and Identifier." ::= { nsBgp 1 } nsBgpInfoEntry OBJECT-TYPE SYNTAX NsBgpInfoEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Entry containing information about the BGP's Version, LocalAs and Identifier" INDEX { nsBgpInfoVRID } ::= { nsBgpInfoTable 1 } NsBgpInfoEntry ::= SEQUENCE { nsBgpInfoVersion OCTET STRING, nsBgpInfoLocalAs INTEGER, nsBgpInfoIdentifier IpAddress, nsBgpInfoVRID INTEGER } nsBgpInfoVersion OBJECT-TYPE SYNTAX OCTET STRING (SIZE (1..255)) MAX-ACCESS read-only STATUS current DESCRIPTION "Vector of supported BGP protocol version numbers. Each peer negotiates the version from this vector. Versions are identified via the string of bits contained within this object. The first octet contains bits 0 to 7, the second octet contains bits 8 to 15, and so on, with the most significant bit referring to the lowest bit number in the octet (e.g., the MSB of the first octet refers to bit 0). If a bit, i, is present and set, then the version (i+1) of the BGP is supported." ::= { nsBgpInfoEntry 1 } nsBgpInfoLocalAs OBJECT-TYPE SYNTAX INTEGER (0..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "The local autonomous system number." ::= { nsBgpInfoEntry 2 } nsBgpInfoIdentifier OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The BGP Identifier of local system." ::= { nsBgpInfoEntry 3 } nsBgpInfoVRID OBJECT-TYPE SYNTAX INTEGER (0..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "Virtual Router ID" ::= { nsBgpInfoEntry 4 } -- BGP Peer table. This table contains, one entry per -- BGP peer, information about the BGP peer. nsBgpPeerTable OBJECT-TYPE SYNTAX SEQUENCE OF NsBgpPeerEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "BGP peer table. This table contains, one entry per BGP peer, information about the connections with BGP peers." ::= { nsBgp 3 } nsBgpPeerEntry OBJECT-TYPE SYNTAX NsBgpPeerEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Entry containing information about the connection with a BGP peer." INDEX { nsBgpPeerRemoteAddr, nsBgpPeerVRID } ::= { nsBgpPeerTable 1 } NsBgpPeerEntry ::= SEQUENCE { nsBgpPeerIdentifier IpAddress, nsBgpPeerState INTEGER, nsBgpPeerAdminStatus INTEGER, nsBgpPeerNegotiatedVersion Integer32, nsBgpPeerLocalAddr IpAddress, nsBgpPeerLocalPort INTEGER, nsBgpPeerRemoteAddr IpAddress, nsBgpPeerRemotePort INTEGER, nsBgpPeerRemoteAs INTEGER, nsBgpPeerInUpdates Counter32, nsBgpPeerOutUpdates Counter32, nsBgpPeerInTotalMessages Counter32, nsBgpPeerOutTotalMessages Counter32, nsBgpPeerLastError OCTET STRING, nsBgpPeerFsmEstablishedTransitions Counter32, nsBgpPeerFsmEstablishedTime Gauge32, nsBgpPeerConnectRetryInterval INTEGER, nsBgpPeerHoldTime INTEGER, nsBgpPeerKeepAlive INTEGER, nsBgpPeerHoldTimeConfigured INTEGER, nsBgpPeerKeepAliveConfigured INTEGER, nsBgpPeerMinASOriginationInterval INTEGER, nsBgpPeerMinRouteAdvertisementInterval INTEGER, nsBgpPeerInUpdateElapsedTime Gauge32, nsBgpPeerVRID INTEGER } nsBgpPeerIdentifier OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The BGP Identifier of this entry's BGP peer." ::= { nsBgpPeerEntry 1 } nsBgpPeerState OBJECT-TYPE SYNTAX INTEGER { idle(1), connect(2), active(3), opensent(4), openconfirm(5), established(6) } MAX-ACCESS read-only STATUS current DESCRIPTION "The BGP peer connection state." ::= { nsBgpPeerEntry 2 } nsBgpPeerAdminStatus OBJECT-TYPE SYNTAX INTEGER { stop(1), start(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "The desired state of the BGP connection. A transition from 'stop' to 'start' will cause the BGP Start Event to be generated. A transition from 'start' to 'stop' will cause the BGP Stop Event to be generated. This parameter can be used to restart BGP peer connections. Care should be used in providing write access to this object without adequate authentication." ::= { nsBgpPeerEntry 3 } nsBgpPeerNegotiatedVersion OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "The negotiated version of BGP running between the two peers." ::= { nsBgpPeerEntry 4 } nsBgpPeerLocalAddr OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The local IP address of this entry's BGP connection." ::= { nsBgpPeerEntry 5 } nsBgpPeerLocalPort OBJECT-TYPE SYNTAX INTEGER (0..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "The local port for the TCP connection between the BGP peers." ::= { nsBgpPeerEntry 6 } nsBgpPeerRemoteAddr OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The remote IP address of this entry's BGP peer." ::= { nsBgpPeerEntry 7 } nsBgpPeerRemotePort OBJECT-TYPE SYNTAX INTEGER (0..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "The remote port for the TCP connection between the BGP peers. Note that the objects nsBgpPeerLocalAddr, nsBgpPeerLocalPort, nsBgpPeerRemoteAddr and nsBgpPeerRemotePort provide the appropriate reference to the standard MIB TCP connection table." ::= { nsBgpPeerEntry 8 } nsBgpPeerRemoteAs OBJECT-TYPE SYNTAX INTEGER (0..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "The remote autonomous system number." ::= { nsBgpPeerEntry 9 } nsBgpPeerInUpdates OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of BGP UPDATE messages received on this connection. This object should be initialized to zero (0) when the connection is established." ::= { nsBgpPeerEntry 10 } nsBgpPeerOutUpdates OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of BGP UPDATE messages transmitted on this connection. This object should be initialized to zero (0) when the connection is established." ::= { nsBgpPeerEntry 11 } nsBgpPeerInTotalMessages OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of messages received from the remote peer on this connection. This object should be initialized to zero when the connection is established." ::= { nsBgpPeerEntry 12 } nsBgpPeerOutTotalMessages OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of messages transmitted to the remote peer on this connection. This object should be initialized to zero when the connection is established." ::= { nsBgpPeerEntry 13 } nsBgpPeerLastError OBJECT-TYPE SYNTAX OCTET STRING (SIZE (2)) MAX-ACCESS read-only STATUS current DESCRIPTION "The last error code and subcode seen by this peer on this connection. If no error has occurred, this field is zero. Otherwise, the first byte of this two byte OCTET STRING contains the error code, and the second byte contains the subcode." ::= { nsBgpPeerEntry 14 } nsBgpPeerFsmEstablishedTransitions OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of times the BGP FSM transitioned into the established state." ::= { nsBgpPeerEntry 15 } nsBgpPeerFsmEstablishedTime OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "This timer indicates how long (in seconds) this peer has been in the Established state or how long since this peer was last in the Established state. It is set to zero when a new peer is configured or the router is booted." ::= { nsBgpPeerEntry 16 } nsBgpPeerConnectRetryInterval OBJECT-TYPE SYNTAX INTEGER (1..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "Time interval in seconds for the ConnectRetry timer. The suggested value for this timer is 120 seconds." ::= { nsBgpPeerEntry 17 } nsBgpPeerHoldTime OBJECT-TYPE SYNTAX INTEGER ( 0 | 3..65535 ) MAX-ACCESS read-only STATUS current DESCRIPTION "Time interval in seconds for the Hold Timer established with the peer. The value of this object is calculated by this BGP speaker by using the smaller of the value in nsBgpPeerHoldTimeConfigured and the Hold Time received in the OPEN message. This value must be at lease three seconds if it is not zero (0) in which case the Hold Timer has not been established with the peer, or, the value of nsBgpPeerHoldTimeConfigured is zero (0)." ::= { nsBgpPeerEntry 18 } nsBgpPeerKeepAlive OBJECT-TYPE SYNTAX INTEGER ( 0 | 1..21845 ) MAX-ACCESS read-only STATUS current DESCRIPTION "Time interval in seconds for the KeepAlive timer established with the peer. The value of this object is calculated by this BGP speaker such that, when compared with nsBgpPeerHoldTime, it has the same proportion as what nsBgpPeerKeepAliveConfigured has when compared with nsBgpPeerHoldTimeConfigured. If the value of this object is zero (0), it indicates that the KeepAlive timer has not been established with the peer, or, the value of nsBgpPeerKeepAliveConfigured is zero (0)." ::= { nsBgpPeerEntry 19 } nsBgpPeerHoldTimeConfigured OBJECT-TYPE SYNTAX INTEGER ( 0 | 3..65535 ) MAX-ACCESS read-only STATUS current DESCRIPTION "Time interval in seconds for the Hold Time configured for this BGP speaker with this peer. This value is placed in an OPEN message sent to this peer by this BGP speaker, and is compared with the Hold Time field in an OPEN message received from the peer when determining the Hold Time (nsBgpPeerHoldTime) with the peer. This value must not be less than three seconds if it is not zero (0) in which case the Hold Time is NOT to be established with the peer. The suggested value for this timer is 90 seconds." ::= { nsBgpPeerEntry 20 } nsBgpPeerKeepAliveConfigured OBJECT-TYPE SYNTAX INTEGER ( 0 | 1..21845 ) MAX-ACCESS read-only STATUS current DESCRIPTION "Time interval in seconds for the KeepAlive timer configured for this BGP speaker with this peer. The value of this object will only determine the KEEPALIVE messages' frequency relative to the value specified in nsBgpPeerHoldTimeConfigured; the actual time interval for the KEEPALIVE messages is indicated by nsBgpPeerKeepAlive. A reasonable maximum value for this timer would be configured to be one third of that of nsBgpPeerHoldTimeConfigured. If the value of this object is zero (0), no periodical KEEPALIVE messages are sent to the peer after the BGP connection has been established. The suggested value for this timer is 30 seconds." ::= { nsBgpPeerEntry 21 } nsBgpPeerMinASOriginationInterval OBJECT-TYPE SYNTAX INTEGER (1..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "Time interval in seconds for the MinASOriginationInterval timer. The suggested value for this timer is 15 seconds." ::= { nsBgpPeerEntry 22 } nsBgpPeerMinRouteAdvertisementInterval OBJECT-TYPE SYNTAX INTEGER (1..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "Time interval in seconds for the MinRouteAdvertisementInterval timer. The suggested value for this timer is 30 seconds." ::= { nsBgpPeerEntry 23 } nsBgpPeerInUpdateElapsedTime OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "Elapsed time in seconds since the last BGP UPDATE message was received from the peer. Each time nsBgpPeerInUpdates is incremented, the value of this object is set to zero (0)." ::= { nsBgpPeerEntry 24 } nsBgpPeerVRID OBJECT-TYPE SYNTAX INTEGER (0..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "Virtual Router ID" ::= { nsBgpPeerEntry 25 } -- BGP-4 Received Path Attribute Table. This table -- contains, one entry per path to a network, path -- attributes received from all peers running BGP-4. nsBgp4PathAttrTable OBJECT-TYPE SYNTAX SEQUENCE OF NsBgp4PathAttrEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The BGP-4 Received Path Attribute Table contains information about paths to destination networks received from all BGP4 peers." ::= { nsBgp 6 } nsBgp4PathAttrEntry OBJECT-TYPE SYNTAX NsBgp4PathAttrEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Information about a path to a network." INDEX { nsBgp4PathAttrIpAddrPrefix, nsBgp4PathAttrIpAddrPrefixLen, nsBgp4PathAttrPeer, nsBgp4PathAttrVRID } ::= { nsBgp4PathAttrTable 1 } NsBgp4PathAttrEntry ::= SEQUENCE { nsBgp4PathAttrPeer IpAddress, nsBgp4PathAttrIpAddrPrefixLen INTEGER, nsBgp4PathAttrIpAddrPrefix IpAddress, nsBgp4PathAttrOrigin INTEGER, nsBgp4PathAttrASPathSegment OCTET STRING, nsBgp4PathAttrNextHop IpAddress, nsBgp4PathAttrMultiExitDisc INTEGER, nsBgp4PathAttrLocalPref INTEGER, nsBgp4PathAttrAtomicAggregate INTEGER, nsBgp4PathAttrAggregatorAS INTEGER, nsBgp4PathAttrAggregatorAddr IpAddress, nsBgp4PathAttrCalcLocalPref INTEGER, nsBgp4PathAttrBest INTEGER, nsBgp4PathAttrUnknown OCTET STRING, nsBgp4PathAttrVRID INTEGER } nsBgp4PathAttrPeer OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The IP address of the peer where the path information was learned." ::= { nsBgp4PathAttrEntry 1 } nsBgp4PathAttrIpAddrPrefixLen OBJECT-TYPE SYNTAX INTEGER (0..32) MAX-ACCESS read-only STATUS current DESCRIPTION "Length in bits of the IP address prefix in the Network Layer Reachability Information field." ::= { nsBgp4PathAttrEntry 2 } nsBgp4PathAttrIpAddrPrefix OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "An IP address prefix in the Network Layer Reachability Information field. This object is an IP address containing the prefix with length specified by nsBgp4PathAttrIpAddrPrefixLen. Any bits beyond the length specified by nsBgp4PathAttrIpAddrPrefixLen are zeroed." ::= { nsBgp4PathAttrEntry 3 } nsBgp4PathAttrOrigin OBJECT-TYPE SYNTAX INTEGER { igp(1),-- networks are interior egp(2),-- networks learned -- via EGP incomplete(3) -- undetermined } MAX-ACCESS read-only STATUS current DESCRIPTION "The ultimate origin of the path information." ::= { nsBgp4PathAttrEntry 4 } nsBgp4PathAttrASPathSegment OBJECT-TYPE SYNTAX OCTET STRING (SIZE (2..255)) MAX-ACCESS read-only STATUS current DESCRIPTION "The sequence of AS path segments. Each AS path segment is represented by a triple . The type is a 1-octet field which has two possible values: 1 AS_SET: unordered set of ASs a route in the UPDATE message has traversed 2 AS_SEQUENCE: ordered set of ASs a route in the UPDATE message has traversed. The length is a 1-octet field containing the number of ASs in the value field. The value field contains one or more AS numbers, each AS is represented in the octet string as a pair of octets according to the following algorithm: first-byte-of-pair = ASNumber / 256; second-byte-of-pair = ASNumber & 255;" ::= { nsBgp4PathAttrEntry 5 } nsBgp4PathAttrNextHop OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The address of the border router that should be used for the destination network." ::= { nsBgp4PathAttrEntry 6 } nsBgp4PathAttrMultiExitDisc OBJECT-TYPE SYNTAX INTEGER (-1..2147483647) MAX-ACCESS read-only STATUS current DESCRIPTION "This metric is used to discriminate between multiple exit points to an adjacent autonomous system. A value of -1 indicates the absence of this attribute." ::= { nsBgp4PathAttrEntry 7 } nsBgp4PathAttrLocalPref OBJECT-TYPE SYNTAX INTEGER (-1..2147483647) MAX-ACCESS read-only STATUS current DESCRIPTION "The originating BGP4 speaker's degree of preference for an advertised route. A value of -1 indicates the absence of this attribute." ::= { nsBgp4PathAttrEntry 8 } nsBgp4PathAttrAtomicAggregate OBJECT-TYPE SYNTAX INTEGER { lessSpecificRrouteNotSelected(1), lessSpecificRouteSelected(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "Whether or not the local system has selected a less specific route without selecting a more specific route." ::= { nsBgp4PathAttrEntry 9 } nsBgp4PathAttrAggregatorAS OBJECT-TYPE SYNTAX INTEGER (0..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "The AS number of the last BGP4 speaker that performed route aggregation. A value of zero (0) indicates the absence of this attribute." ::= { nsBgp4PathAttrEntry 10 } nsBgp4PathAttrAggregatorAddr OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "The IP address of the last BGP4 speaker that performed route aggregation. A value of 0.0.0.0 indicates the absence of this attribute." ::= { nsBgp4PathAttrEntry 11 } nsBgp4PathAttrCalcLocalPref OBJECT-TYPE SYNTAX INTEGER (-1..2147483647) MAX-ACCESS read-only STATUS current DESCRIPTION "The degree of preference calculated by the receiving BGP4 speaker for an advertised route. A value of -1 indicates the absence of this attribute." ::= { nsBgp4PathAttrEntry 12 } nsBgp4PathAttrBest OBJECT-TYPE SYNTAX INTEGER { false(1),-- not chosen as best route true(2) -- chosen as best route } MAX-ACCESS read-only STATUS current DESCRIPTION "An indication of whether or not this route was chosen as the best BGP4 route." ::= { nsBgp4PathAttrEntry 13 } nsBgp4PathAttrUnknown OBJECT-TYPE SYNTAX OCTET STRING (SIZE(0..255)) MAX-ACCESS read-only STATUS current DESCRIPTION "One or more path attributes not understood by this BGP4 speaker. Size zero (0) indicates the absence of such attribute(s). Octets beyond the maximum size, if any, are not recorded by this object." ::= { nsBgp4PathAttrEntry 14 } nsBgp4PathAttrVRID OBJECT-TYPE SYNTAX INTEGER (0..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "Virtual Router ID" ::= { nsBgp4PathAttrEntry 15 } -- Traps. nsBgpTraps OBJECT IDENTIFIER ::= { nsBgp 7 } nsBgpEstablished NOTIFICATION-TYPE OBJECTS { netscreenTrapType, netscreenTrapDesc, nsBgpPeerIdentifier, nsBgpPeerVRID, nsBgpPeerLastError, nsBgpPeerState } STATUS current DESCRIPTION "The BGP Established event is generated when the BGP FSM enters the ESTABLISHED state." ::= { nsBgpTraps 1 } END rAddr IpAddress, nsBgp4PathAttrCalcLocalPref INTEGER, nsBgp4PathAttrBest ./snmp/mib_files/5.0/NS-IDS.mib010075000020300000144000000510670762505635300204630ustar00build_masterscreenos00003610232230-- These MIBs were created on 01/08/2001 -- This module defines NetScreen private MIBs Firewall Setting. -- -- Copyright (c) 1999 - 2001 by NetScreen Technologies, Inc. -- All rights reserved. -- -- MODULE-IDENTITY -- OrgName -- Netscreen Technologies, Inc. -- ContactInfo -- Customer Support -- -- 350 Oakmead Parkway -- Sunnyvale, CA 94085 -- USA -- -- Tel: 1.877.NETSCREEN -- E-mail: support@netscreen.com -- Http://www.netscreen.com -- -- Last modified date: 09/28/2001 -- -- Add new screen field -- zhong wang -- -- Last modified data: 04/26/2002 -- (1) screen option on zone setting -- (2) add a new screen option -- ZHONG WANG -- NETSCREEN-IDS-MIB DEFINITIONS ::= BEGIN IMPORTS DisplayString FROM RFC1213-MIB netscreenIDS FROM NETSCREEN-SMI; nsIdsProtect OBJECT IDENTIFIER ::= { netscreenIDS 1 } nsIdsProtectSetTable OBJECT-TYPE SYNTAX SEQUENCE OF NsIdsProtectSetEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "NetScreen ScreenOS can allow firewall protection on each of NetScreen device's physical interface. This table collects the firewall protection configuration on each physical interface." ::= {nsIdsProtect 1} nsIdsProtectSetEntry OBJECT-TYPE SYNTAX NsIdsProtectSetEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "Hold the firewall setting attribute." INDEX { nsIdsProtectZoneIdx } ::= { nsIdsProtectSetTable 1 } NsIdsProtectSetEntry ::= SEQUENCE { nsIdsProtectZoneIdx INTEGER, nsIdsDetectPingOfDeath INTEGER, nsIdsDetectTearDrop INTEGER, nsIdsDetectWinNuke INTEGER, nsIdsFilterIpSrcRoute INTEGER, nsIdsDetectPortScan INTEGER, nsIdsDetectAddrSweep INTEGER, nsIdsDetectLand INTEGER, nsIdsBlockComponent INTEGER, nsIdsDetectIpSpoof INTEGER, nsIdsDetectSyn INTEGER, nsIdsDetectIcmpFlood INTEGER, nsIdsDetectUdpFlood INTEGER, nsIdsDetectSynFrag INTEGER, nsIdsDetectTcpNoFlag INTEGER, nsIdsDetectIpUnknownProt INTEGER, nsIdsDetectIpOptBad INTEGER, nsIdsDetectIpOptRecord INTEGER, nsIdsDetectIpOptTimestamp INTEGER, nsIdsDetectIpOptSCHT INTEGER, nsIdsDetectIpOptLSR INTEGER, nsIdsDetectIpOptSSR INTEGER, nsIdsDetectIpOptStream INTEGER, nsIdsDetectIcmpFrag INTEGER, nsIdsDetectIcmpLarge INTEGER, nsIdsDetectTcpSynFin INTEGER, nsIdsDetectTcpFinNoAck INTEGER, nsIdsHttpMalUrl INTEGER, nsIdsSessMalNum INTEGER, nsIdsDetectSynAckAck INTEGER, nsIdsDetectIpFrag INTEGER } nsIdsProtectZoneIdx OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "unique zone id." ::= { nsIdsProtectSetEntry 1 } nsIdsDetectPingOfDeath OBJECT-TYPE SYNTAX INTEGER { disable(0), enabled(1) } ACCESS read-only STATUS mandatory DESCRIPTION "Detect Ping of Death." ::= { nsIdsProtectSetEntry 2 } nsIdsDetectTearDrop OBJECT-TYPE SYNTAX INTEGER { disable(0), enabled(1) } ACCESS read-only STATUS mandatory DESCRIPTION "Detect Tear Drop Attack." ::= { nsIdsProtectSetEntry 3 } nsIdsDetectWinNuke OBJECT-TYPE SYNTAX INTEGER { disable(0), enabled(1) } ACCESS read-only STATUS mandatory DESCRIPTION "Detect Win Nuke Attack." ::= { nsIdsProtectSetEntry 4 } nsIdsFilterIpSrcRoute OBJECT-TYPE SYNTAX INTEGER { disable(0), enabled(1) } ACCESS read-only STATUS mandatory DESCRIPTION "Detect Filter IP Source Route Option attack." ::= { nsIdsProtectSetEntry 5 } nsIdsDetectPortScan OBJECT-TYPE SYNTAX INTEGER { disable(0), enabled(1) } ACCESS read-only STATUS mandatory DESCRIPTION "Detect Port Scan Death attack." ::= { nsIdsProtectSetEntry 6 } nsIdsDetectAddrSweep OBJECT-TYPE SYNTAX INTEGER { disable(0), enabled(1) } ACCESS read-only STATUS mandatory DESCRIPTION "Detect Address Sweep Attack." ::= { nsIdsProtectSetEntry 7 } nsIdsDetectLand OBJECT-TYPE SYNTAX INTEGER { disable(0), enabled(1) } ACCESS read-only STATUS mandatory DESCRIPTION "Detect Land Attack." ::= { nsIdsProtectSetEntry 8 } nsIdsBlockComponent OBJECT-TYPE SYNTAX INTEGER { disable(0), enabled(1) } ACCESS read-only STATUS mandatory DESCRIPTION "Block Java/ActiveX/ZIP/EXE Component." ::= { nsIdsProtectSetEntry 9 } nsIdsDetectIpSpoof OBJECT-TYPE SYNTAX INTEGER { disable(0), enabled(1) } ACCESS read-only STATUS mandatory DESCRIPTION "Detect IP Spoofing attack." ::= { nsIdsProtectSetEntry 10 } nsIdsDetectSyn OBJECT-TYPE SYNTAX INTEGER { disable(0), enabled(1) } ACCESS read-only STATUS mandatory DESCRIPTION "Detect SYN attack." ::= { nsIdsProtectSetEntry 11 } nsIdsDetectIcmpFlood OBJECT-TYPE SYNTAX INTEGER { disable(0), enabled(1) } ACCESS read-only STATUS mandatory DESCRIPTION "Detect ICMP Flood attack." ::= { nsIdsProtectSetEntry 12 } nsIdsDetectUdpFlood OBJECT-TYPE SYNTAX INTEGER { disable(0), enabled(1) } ACCESS read-only STATUS mandatory DESCRIPTION "Detect UDP Flood attack." ::= { nsIdsProtectSetEntry 13 } nsIdsDetectSynFrag OBJECT-TYPE SYNTAX INTEGER { disable(0), enabled(1) } ACCESS read-only STATUS mandatory DESCRIPTION "Detect SYN fragment" ::= { nsIdsProtectSetEntry 14 } nsIdsDetectTcpNoFlag OBJECT-TYPE SYNTAX INTEGER { disable(0), enabled(1) } ACCESS read-only STATUS mandatory DESCRIPTION "Detect TCP without flag set." ::= { nsIdsProtectSetEntry 15 } nsIdsDetectIpUnknownProt OBJECT-TYPE SYNTAX INTEGER { disable(0), enabled(1) } ACCESS read-only STATUS mandatory DESCRIPTION "Detect Unknown protocol IP packet." ::= { nsIdsProtectSetEntry 16 } nsIdsDetectIpOptBad OBJECT-TYPE SYNTAX INTEGER { disable(0), enabled(1) } ACCESS read-only STATUS mandatory DESCRIPTION "Detect IP bad option." ::= { nsIdsProtectSetEntry 17 } nsIdsDetectIpOptRecord OBJECT-TYPE SYNTAX INTEGER { disable(0), enabled(1) } ACCESS read-only STATUS mandatory DESCRIPTION "Detect IP record option." ::= { nsIdsProtectSetEntry 18 } nsIdsDetectIpOptTimestamp OBJECT-TYPE SYNTAX INTEGER { disable(0), enabled(1) } ACCESS read-only STATUS mandatory DESCRIPTION "Detect IP timestamp option." ::= { nsIdsProtectSetEntry 19 } nsIdsDetectIpOptSCHT OBJECT-TYPE SYNTAX INTEGER { disable(0), enabled(1) } ACCESS read-only STATUS mandatory DESCRIPTION "Detect IP security option." ::= { nsIdsProtectSetEntry 20 } nsIdsDetectIpOptLSR OBJECT-TYPE SYNTAX INTEGER { disable(0), enabled(1) } ACCESS read-only STATUS mandatory DESCRIPTION "Detect Loose source route." ::= { nsIdsProtectSetEntry 21 } nsIdsDetectIpOptSSR OBJECT-TYPE SYNTAX INTEGER { disable(0), enabled(1) } ACCESS read-only STATUS mandatory DESCRIPTION "Detect strict source route." ::= { nsIdsProtectSetEntry 22 } nsIdsDetectIpOptStream OBJECT-TYPE SYNTAX INTEGER { disable(0), enabled(1) } ACCESS read-only STATUS mandatory DESCRIPTION "Detect IP stream option." ::= { nsIdsProtectSetEntry 23 } nsIdsDetectIcmpFrag OBJECT-TYPE SYNTAX INTEGER { disable(0), enabled(1) } ACCESS read-only STATUS mandatory DESCRIPTION "Detect icmp fragment." ::= { nsIdsProtectSetEntry 24 } nsIdsDetectIcmpLarge OBJECT-TYPE SYNTAX INTEGER { disable(0), enabled(1) } ACCESS read-only STATUS mandatory DESCRIPTION "Detect large ICMP packet." ::= { nsIdsProtectSetEntry 25 } nsIdsDetectTcpSynFin OBJECT-TYPE SYNTAX INTEGER { disable(0), enabled(1) } ACCESS read-only STATUS mandatory DESCRIPTION "Detect TCP syn fin both set." ::= { nsIdsProtectSetEntry 26 } nsIdsDetectTcpFinNoAck OBJECT-TYPE SYNTAX INTEGER { disable(0), enabled(1) } ACCESS read-only STATUS mandatory DESCRIPTION "Detect TCP fin set without ack bit set." ::= { nsIdsProtectSetEntry 27 } nsIdsHttpMalUrl OBJECT-TYPE SYNTAX INTEGER { disable(0), enabled(1) } ACCESS read-only STATUS mandatory DESCRIPTION "Detect maliciouse URL." ::= { nsIdsProtectSetEntry 28 } nsIdsSessMalNum OBJECT-TYPE SYNTAX INTEGER { disable(0), enabled(1) } ACCESS read-only STATUS mandatory DESCRIPTION "Detect malicouse session connection." ::= { nsIdsProtectSetEntry 29 } nsIdsDetectSynAckAck OBJECT-TYPE SYNTAX INTEGER { disable(0), enabled(1) } ACCESS read-only STATUS mandatory DESCRIPTION "Detect SYN ACK ACK DoS." ::= { nsIdsProtectSetEntry 30 } nsIdsDetectIpFrag OBJECT-TYPE SYNTAX INTEGER { disable(0), enabled(1) } ACCESS read-only STATUS mandatory DESCRIPTION "Block IP fragment packet." ::= { nsIdsProtectSetEntry 31 } nsIdsProtectThreshTable OBJECT-TYPE SYNTAX SEQUENCE OF NsIdsProtectThreshEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "NetScreen ScreenOS can allow firewall protection on each of NetScreen device's physical interface. This table collects the firewall protection configuration on each physical interface." ::= {nsIdsProtect 2} nsIdsProtectThreshEntry OBJECT-TYPE SYNTAX NsIdsProtectThreshEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "Hold the firewall setting attribute." INDEX { nsIdsProtectThreshZoneIdx } ::= { nsIdsProtectThreshTable 1 } NsIdsProtectThreshEntry ::= SEQUENCE { nsIdsProtectThreshZoneIdx INTEGER, nsIdsSynAttackThresh INTEGER, nsIdsSynAttackTimeout INTEGER, nsIdsSynAttackAlmTh INTEGER, nsIdsSynAttackQueSize INTEGER, nsIdsSynAttackAgeTime INTEGER, nsIdsIcmpFloodThresh INTEGER, nsIdsUdpFloodThresh INTEGER, nsIdsPortScanThresh INTEGER, nsIdsIpSweepThresh INTEGER, nsIdsSynAckAckThres INTEGER } nsIdsProtectThreshZoneIdx OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "unique zone id." ::= { nsIdsProtectThreshEntry 1 } nsIdsSynAttackThresh OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "SYN attack threshold." ::= { nsIdsProtectThreshEntry 2 } nsIdsSynAttackTimeout OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "SYN attack timeout." ::= { nsIdsProtectThreshEntry 3 } nsIdsSynAttackAlmTh OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "SYN attack alarm threshold." ::= { nsIdsProtectThreshEntry 4 } nsIdsSynAttackQueSize OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "SYN attack queue size." ::= { nsIdsProtectThreshEntry 5 } nsIdsSynAttackAgeTime OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "SYN flood age time." ::= { nsIdsProtectThreshEntry 6 } nsIdsIcmpFloodThresh OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "ICMP attack alarm threshold." ::= { nsIdsProtectThreshEntry 7 } nsIdsUdpFloodThresh OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "UDP attack alarm threshold." ::= { nsIdsProtectThreshEntry 8 } nsIdsPortScanThresh OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "ICMP attack alarm threshold." ::= { nsIdsProtectThreshEntry 9 } nsIdsIpSweepThresh OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "UDP attack alarm threshold." ::= { nsIdsProtectThreshEntry 10 } nsIdsSynAckAckThres OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "SYN ack ack alarm threshold." ::= { nsIdsProtectThreshEntry 11 } nsIdsAttkMonTable OBJECT-TYPE SYNTAX SEQUENCE OF NsIdsAttkMonEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "The table monitors the intrusion attack attemps amount to NetScreen Device." ::= { netscreenIDS 2 } nsIdsAttkMonEntry OBJECT-TYPE SYNTAX NsIdsAttkMonEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "An entry containing intrusion attack couters." INDEX { nsIdsAttkMonIfIdx } ::= { nsIdsAttkMonTable 1 } NsIdsAttkMonEntry ::= SEQUENCE { nsIdsAttkMonIfIdx INTEGER, nsIdsAttkMonVsys INTEGER, nsIdsAttkMonSynAttk Counter, nsIdsAttkMonTearDrop Counter, nsIdsAttkMonSrcRoute Counter, nsIdsAttkMonPingDeath Counter, nsIdsAttkMonAddrSpoof Counter, nsIdsAttkMonLand Counter, nsIdsAttkMonIcmpFlood Counter, nsIdsAttkMonUdpFlood Counter, nsIdsAttkMonWinnuke Counter, nsIdsAttkMonPortScan Counter, nsIdsAttkMonIpSweep Counter, nsAttkMonSynFrag Counter, nsAttkMonTcpNoFlag Counter, nsAttkMonIpUnknownProt Counter, nsAttkMonIpOptBad Counter, nsAttkMonIpOptRecord Counter, nsAttkMonIpOptTimestamp Counter, nsAttkMonIpOptSCHT Counter, nsAttkMonIpOptLSR Counter, nsAttkMonIpOptSSR Counter, nsAttkMonIpOptStream Counter, nsAttkMonIcmpFrag Counter, nsAttkMonIcmpLarge Counter, nsAttkMonTcpSynFin Counter, nsAttkMonTcpFinNoAck Counter, nsAttkMonHttpMalUrl Counter, nsAttkMonSessMalNum Counter, nsAttkMonSynAckAck Counter, nsAttkMonIpFrag Counter } nsIdsAttkMonIfIdx OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "unique interface id." ::= { nsIdsAttkMonEntry 1 } nsIdsAttkMonVsys OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "according NetScreen's concepts. each interface belongs to one virtual system. This attribute displays the virtual system name an interface belongs to." ::= { nsIdsAttkMonEntry 2 } nsIdsAttkMonSynAttk OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "sync attack packet counter." ::= { nsIdsAttkMonEntry 3 } nsIdsAttkMonTearDrop OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "tear drop attack packet counter." ::= { nsIdsAttkMonEntry 4 } nsIdsAttkMonSrcRoute OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "source route option attack packet counter." ::= { nsIdsAttkMonEntry 5 } nsIdsAttkMonPingDeath OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "ping of death attack packet counter." ::= { nsIdsAttkMonEntry 6 } nsIdsAttkMonAddrSpoof OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "address spoofing attack packet counter." ::= { nsIdsAttkMonEntry 7 } nsIdsAttkMonLand OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "land attack packet counter." ::= { nsIdsAttkMonEntry 8 } nsIdsAttkMonIcmpFlood OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "icmp flood attack packet counter." ::= { nsIdsAttkMonEntry 9 } nsIdsAttkMonUdpFlood OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "udp flood attack packet counter." ::= { nsIdsAttkMonEntry 10 } nsIdsAttkMonWinnuke OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "weired netbios attack packet counter." ::= { nsIdsAttkMonEntry 11 } nsIdsAttkMonPortScan OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "port scan attempt attack packet counter." ::= { nsIdsAttkMonEntry 12 } nsIdsAttkMonIpSweep OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "address sweep attemp attack packet counter." ::= { nsIdsAttkMonEntry 13 } nsAttkMonSynFrag OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "Detect SYN fragment" ::= { nsIdsAttkMonEntry 14 } nsAttkMonTcpNoFlag OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "Detect TCP without flag set." ::= { nsIdsAttkMonEntry 15 } nsAttkMonIpUnknownProt OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "Detect Unknown protocol IP packet." ::= { nsIdsAttkMonEntry 16 } nsAttkMonIpOptBad OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "Detect IP bad option." ::= { nsIdsAttkMonEntry 17 } nsAttkMonIpOptRecord OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "Detect IP record option." ::= { nsIdsAttkMonEntry 18 } nsAttkMonIpOptTimestamp OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "Detect IP timestamp option." ::= { nsIdsAttkMonEntry 19 } nsAttkMonIpOptSCHT OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "Detect IP security option." ::= { nsIdsAttkMonEntry 20 } nsAttkMonIpOptLSR OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "Detect Loose source route." ::= { nsIdsAttkMonEntry 21 } nsAttkMonIpOptSSR OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "Detect strict source route." ::= { nsIdsAttkMonEntry 22 } nsAttkMonIpOptStream OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "Detect IP stream option." ::= { nsIdsAttkMonEntry 23 } nsAttkMonIcmpFrag OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "Detect icmp fragment." ::= { nsIdsAttkMonEntry 24 } nsAttkMonIcmpLarge OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "Detect large ICMP packet." ::= { nsIdsAttkMonEntry 25 } nsAttkMonTcpSynFin OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "Detect TCP syn fin both set." ::= { nsIdsAttkMonEntry 26 } nsAttkMonTcpFinNoAck OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "Detect TCP fin set without ack bit set." ::= { nsIdsAttkMonEntry 27 } nsAttkMonHttpMalUrl OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "Detect maliciouse URL." ::= { nsIdsAttkMonEntry 28 } nsAttkMonSessMalNum OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "Detect malicouse session connection." ::= { nsIdsAttkMonEntry 29 } nsAttkMonSynAckAck OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "Detect SYN ACK ACK attack." ::= { nsIdsAttkMonEntry 30 } nsAttkMonIpFrag OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "Block IP fragment packet." ::= { nsIdsAttkMonEntry 31 } END STATUS mandatory DESCRIPTION "SYN attack timeout." ::= { nsIdsProtectThreshEntry 3 } nsIdsSynAttackAlmTh OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "SYN attack alarm threshold." ::= { nsIdsProtectThreshEntry 4 } nsIdsSynAttackQueSize OBJECT-TYPE SYNTAX ./snmp/mib_files/5.0/NS-INTERFACE.mib010075000020300000144000000451220770603051500213270ustar00build_masterscreenos00003610232230-- These MIBs were created on 05/11/2001 -- This module defines NetScreen private MIBs for interface configuration -- -- Copyright (c) 1999 - 2001 by NetScreen Technologies, Inc. -- All rights reserved. -- -- MODULE-IDENTITY -- OrgName -- Netscreen Technologies, Inc. -- ContactInfo -- Customer Support -- -- 350 Oakmead Parkway -- Sunnyvale, CA 94085 -- USA -- -- Tel: 1.877.NETSCREEN -- E-mail: support@netscreen.com -- Http://www.netscreen.com -- Descr -- This module defines the object that are used to monitor -- NS's interface configuration -- -- Last modified date: 09/28/2001 -- NETSCREEN-INTERFACE-MIB DEFINITIONS ::= BEGIN IMPORTS DisplayString FROM RFC1213-MIB netscreenInterface FROM NETSCREEN-SMI; nsIfSecondaryIpTable OBJECT-TYPE SYNTAX SEQUENCE OF NsIfSecondaryIpEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "In some ScreenOS, it supports multiple IP addresses and related subnets based on the same interface. This table collects the multiple IP addresses configuration on an interface. " ::= { netscreenInterface 2 } nsIfSecondaryIpEntry OBJECT-TYPE SYNTAX NsIfSecondaryIpEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "nsIfSecondaryIpEntry collects some attributes about multiple IP configurations on an interface." INDEX { nsIfSecondaryIpIndex } ::= { nsIfSecondaryIpTable 1 } NsIfSecondaryIpEntry ::= SEQUENCE { nsIfSecondaryIpIndex INTEGER, nsIfSecondaryIpIfIdx INTEGER, nsIfSecondaryIpVsys INTEGER, nsIfSecondaryIpZone INTEGER, nsIfSecondaryIpAddress IpAddress, nsIfSecondaryIpNetmask IpAddress } nsIfSecondaryIpIndex OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "The table index used as primary key when retrieving the table." ::= { nsIfSecondaryIpEntry 1 } nsIfSecondaryIpIfIdx OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "The index value which uniquely identifies an interface the secodary ip belongs to. The interface identified by a particular value of this index is the same interface as identified by the same value of ifIndex." ::= { nsIfSecondaryIpEntry 2 } nsIfSecondaryIpVsys OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "According NetScreen's concepts, each interface belongs to one virtual system. This attribute displays the virtual system ID an interface belongs to. If the device is device which doesn't support vsys such as NS-100, we can logically think all the setting belongs to 'root' vsys." ::= { nsIfSecondaryIpEntry 3 } nsIfSecondaryIpZone OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "each interface belongs to one security zone. this attribute displays the security zone name an interface belongs to." ::= { nsIfSecondaryIpEntry 4 } nsIfSecondaryIpAddress OBJECT-TYPE SYNTAX IpAddress ACCESS read-only STATUS mandatory DESCRIPTION "Ip Address value." ::= { nsIfSecondaryIpEntry 5 } nsIfSecondaryIpNetmask OBJECT-TYPE SYNTAX IpAddress ACCESS read-only STATUS mandatory DESCRIPTION "Subnet of a ip belongs to." ::= { nsIfSecondaryIpEntry 6 } nsIfTable OBJECT-TYPE SYNTAX SEQUENCE OF NsIfEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "All NetScreen devices have a trusted interface and an untrusted interface. The NetScreen-10 and -100 also have a DMZ interface. Additionally, on each of the virtual systems supported by the NetScreen-1000 there can be on or more tursted subinterfaces linking a particular virtual system to one or more virtual LANs. Other interfaces-some physical, some logical, and some virtual-provide exclusive channels for administrative traffic, or for communication among member in a redundant group. In this table, it will collect following interface: tursted interface, untrusted interface, DMZ interface, Management Interface and Subinterface." ::= { netscreenInterface 1 } nsIfEntry OBJECT-TYPE SYNTAX NsIfEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "nsIfEntry collects some attributes about NetScreen interface settings." INDEX { nsIfIndex } ::= { nsIfTable 1 } NsIfEntry ::= SEQUENCE { nsIfIndex INTEGER, nsIfName DisplayString(SIZE(0..32)), nsIfVsys INTEGER, nsIfZone INTEGER, nsIfStatus INTEGER, nsIfIp IpAddress, nsIfNetmask IpAddress, nsIfGateway IpAddress, nsIfMngIp IpAddress, nsIfMode INTEGER, nsIfMAC DisplayString(SIZE(0..32)), nsIfMngTelnet INTEGER, nsIfMngSCS INTEGER, nsIfMngWEB INTEGER, nsIfMngSSL INTEGER, nsIfMngSNMP INTEGER, nsIfMngGlobal INTEGER, nsIfMngGlobalPro INTEGER, nsIfMngPing INTEGER, nsIfMngIdentReset INTEGER } nsIfIndex OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "Interface number which uniquely identifies an interface." ::= { nsIfEntry 1 } nsIfName OBJECT-TYPE SYNTAX DisplayString(SIZE(0..32)) ACCESS read-only STATUS mandatory DESCRIPTION "Each interface has a readable name such as 'trust', 'trust/1', etc." ::= { nsIfEntry 2 } nsIfVsys OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "According NetScreen's concepts, each interface belongs to one virtual system. This attribute displays the virtual system name an interface belongs to. If the device is device which doesn't support vsys such as NS-100, we can logically think all the setting belongs to 'root' vsys." ::= { nsIfEntry 3 } nsIfZone OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "Each interface belongs to one security zone. This attribute displays the security zone name an interface belongs to." ::= { nsIfEntry 4 } nsIfStatus OBJECT-TYPE SYNTAX INTEGER { down(0), up(1), ready(2), inactive(3) } ACCESS read-only STATUS mandatory DESCRIPTION "The interface status which indicates interface's operational status. " ::= { nsIfEntry 5 } nsIfIp OBJECT-TYPE SYNTAX IpAddress ACCESS read-only STATUS mandatory DESCRIPTION "Each interface must be assigned an IP address." ::= { nsIfEntry 6 } nsIfNetmask OBJECT-TYPE SYNTAX IpAddress ACCESS read-only STATUS mandatory DESCRIPTION "Each interface must belong to a subnet represented by netmask." ::= { nsIfEntry 7 } nsIfGateway OBJECT-TYPE SYNTAX IpAddress ACCESS read-only STATUS mandatory DESCRIPTION "Default gateway ip address." ::= { nsIfEntry 8 } nsIfMngIp OBJECT-TYPE SYNTAX IpAddress ACCESS read-only STATUS mandatory DESCRIPTION "Trusted, untrusted and DMZ interfaces can have two IP address: an interface IP address that corresponds to the physical port through which that interface connects to a network, and a Manage IP address that can be used to receive administrative traffic" ::= { nsIfEntry 9 } nsIfMode OBJECT-TYPE SYNTAX INTEGER { transparent(0), nat(1), route(2), not-applicable(3) } ACCESS read-only STATUS mandatory DESCRIPTION "NetScreen interface can has three operation modes. They are transparent, nat and route. " ::= { nsIfEntry 10 } nsIfMAC OBJECT-TYPE SYNTAX DisplayString(SIZE(0..32)) ACCESS read-only STATUS mandatory DESCRIPTION "MAC address the interface has." ::= { nsIfEntry 11 } nsIfMngTelnet OBJECT-TYPE SYNTAX INTEGER { disable(0), enable(1) } ACCESS read-only STATUS mandatory DESCRIPTION "This attribute is used to indicate whether the interface permits telnet management." ::= { nsIfEntry 12 } nsIfMngSCS OBJECT-TYPE SYNTAX INTEGER { disable(0), enable(1) } ACCESS read-only STATUS mandatory DESCRIPTION "This attribute is used to indicate whether the interface permits Secure Command Shell management." ::= { nsIfEntry 13 } nsIfMngWEB OBJECT-TYPE SYNTAX INTEGER { disable(0), enable(1) } ACCESS read-only STATUS mandatory DESCRIPTION "This attribute is used to indicate whether the interface permits WEB UI management." ::= { nsIfEntry 14 } nsIfMngSSL OBJECT-TYPE SYNTAX INTEGER { disable(0), enable(1) } ACCESS read-only STATUS mandatory DESCRIPTION "This attribute is used to indicate whether the interface permits SSL management." ::= { nsIfEntry 15 } nsIfMngSNMP OBJECT-TYPE SYNTAX INTEGER { disable(0), enable(1) } ACCESS read-only STATUS mandatory DESCRIPTION "This attribute is used to indicate whether the interface permits SNMP management." ::= { nsIfEntry 16 } nsIfMngGlobal OBJECT-TYPE SYNTAX INTEGER { disable(0), enable(1) } ACCESS read-only STATUS mandatory DESCRIPTION "This attribute is used to indicate whether the interface permits NS Global management." ::= { nsIfEntry 17 } nsIfMngGlobalPro OBJECT-TYPE SYNTAX INTEGER { disable(0), enable(1) } ACCESS read-only STATUS mandatory DESCRIPTION "This attribute is used to indicate whether the interface permits NS Global Pro management." ::= { nsIfEntry 18 } nsIfMngPing OBJECT-TYPE SYNTAX INTEGER { disable(0), enable(1) } ACCESS read-only STATUS mandatory DESCRIPTION "This attribute is used to indicate whether the interface permits Ping go-through." ::= { nsIfEntry 19 } nsIfMngIdentReset OBJECT-TYPE SYNTAX INTEGER { disable(0), enable(1) } ACCESS read-only STATUS mandatory DESCRIPTION "This attribute is used to indicate whether the interface permits ident reset." ::= { nsIfEntry 20 } nsIfFlowTable OBJECT-TYPE SYNTAX SEQUENCE OF NsIfFlowEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "nsIfFlowTable is used to get flow statistical information of the interface." ::= { netscreenInterface 3 } nsIfFlowEntry OBJECT-TYPE SYNTAX NsIfFlowEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "Table entry collect some attributes about interface flow counters." INDEX { nsIfFlowIfIdx } ::= { nsIfFlowTable 1 } NsIfFlowEntry ::= SEQUENCE { nsIfFlowIfIdx INTEGER, nsIfFlowVsys INTEGER, nsIfFlowInByte Counter, nsIfFlowInPacket Counter, nsIfFlowOutByte Counter, nsIfFlowOutPacket Counter, nsIfFlowInVpn Counter, nsIfInVlan Counter, nsIfOutVlan Counter } nsIfFlowIfIdx OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "Unique interface id, also used as table index." ::= { nsIfFlowEntry 1 } nsIfFlowVsys OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "According NetScreen's concepts. each interface belongs to one virtual system. This attribute displays the virtual system name an interface belongs to." ::= { nsIfFlowEntry 2 } nsIfFlowInByte OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "Incoming byte number arriving at the this interface" ::= { nsIfFlowEntry 3 } nsIfFlowInPacket OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "Incoming packet number arriving at the this interface" ::= { nsIfFlowEntry 4 } nsIfFlowOutByte OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "Outgoing byte number sending through this interface" ::= { nsIfFlowEntry 5 } nsIfFlowOutPacket OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "Outgoing packet number sending through this interface" ::= { nsIfFlowEntry 6 } nsIfFlowInVpn OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "VPN packet go through this interface" ::= { nsIfFlowEntry 7 } nsIfInVlan OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "Incoming vlan packet" ::= { nsIfFlowEntry 8 } nsIfOutVlan OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "Outgoing vlan packet" ::= { nsIfFlowEntry 9 } nsIfMonTable OBJECT-TYPE SYNTAX SEQUENCE OF NsIfMonEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "This table collects some of dropped packet counters of interface" ::= { netscreenInterface 4 } nsIfMonEntry OBJECT-TYPE SYNTAX NsIfMonEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "An entry containing tunnel information" INDEX { nsIfMonIfIdx } ::= { nsIfMonTable 1 } NsIfMonEntry ::= SEQUENCE { nsIfMonIfIdx INTEGER, nsIfMonVsys INTEGER, nsIfMonPlyDeny Counter, nsIfMonAuthFail Counter, nsIfMonUrlBlock Counter, nsIfMonTrMngQueue Counter, nsIfMonTrMngDrop Counter, nsIfMonEncFail Counter, nsIfMonNoSa Counter, nsIfMonNoSaPly Counter, nsIfMonSaInactive Counter, nsIfMonSaPolicyDeny Counter } nsIfMonIfIdx OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "Unique interface id, also used as table index." ::= { nsIfMonEntry 1 } nsIfMonVsys OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "According NetScreen's concepts, each interface belongs to one virtual system. This attribute displays the virtual system name an interface belongs to." ::= { nsIfMonEntry 2 } nsIfMonPlyDeny OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "Packet drop since denied by policy." ::= { nsIfMonEntry 3 } nsIfMonAuthFail OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "Packet drop due to authentication failed." ::= { nsIfMonEntry 4 } nsIfMonUrlBlock OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "Packet drop due to URL blocking." ::= { nsIfMonEntry 5 } nsIfMonTrMngQueue OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "packet queue up due to traffic management" ::= { nsIfMonEntry 6 } nsIfMonTrMngDrop OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "Packet drop due to traffic management" ::= { nsIfMonEntry 7 } nsIfMonEncFail OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "IPSec enc failed due to sa not available, no ipak, etc" ::= { nsIfMonEntry 8 } nsIfMonNoSa OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "packet drop due to no sa found for incomig spi" ::= { nsIfMonEntry 9 } nsIfMonNoSaPly OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "packet drop due to no policy associated with found sa" ::= { nsIfMonEntry 10 } nsIfMonSaInactive OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "packet drop due to sa not active" ::= { nsIfMonEntry 11 } nsIfMonSaPolicyDeny OBJECT-TYPE SYNTAX Counter ACCESS read-only STATUS mandatory DESCRIPTION "packet drop due to denial by sa policy" ::= { nsIfMonEntry 12 } END ddress the interface has." ::= { nsIfEntry 11 } nsIfMngTelnet OBJECT-TYPE SYNTAX INTEGER { disable(0), enable(1) } ACCESS read-only STATUS mandatory DESCRIPTION "This attribute is used to indicate whether the interface permits telnet management." ::= { nsIfEntry 12 } nsIfMngSCS OBJECT-TYPE SYNTAX INTEGER { disable(0), enable(1) }./snmp/mib_files/5.0/NS-IP-ARP.mib010075000020300000144000000074520775460527500210010ustar00build_masterscreenos00003610232230-- These MIBs were created on 05/02/2001 -- This module defines NetScreen private MIBs for ARP -- -- Copyright (c) 1999 - 2001 by NetScreen Technologies, Inc. -- All rights reserved. -- -- MODULE-IDENTITY -- OrgName -- NetScreen Technologies, Inc. -- ContactInfo -- Customer Support -- -- 350 Oakmead Parkway -- Sunnyvale, CA 94085 -- USA -- -- Tel: 1.877.NETSCREEN -- E-mail: support@netscreen.com -- Http://www.netscreen.com -- -- Last modified date: 09/28/2001 -- -- Last modified date: 11/10/2003 -- Correct spelling mistake -- NETSCREEN-IP-ARP-MIB DEFINITIONS ::= BEGIN IMPORTS DisplayString FROM RFC1213-MIB netscreenIp FROM NETSCREEN-SMI; nsIpArp OBJECT IDENTIFIER ::= { netscreenIp 1} nsIpArpAOD OBJECT-TYPE SYNTAX INTEGER { disable(0), enabled(1) } ACCESS not-accessible STATUS mandatory DESCRIPTION "ARP always on destination." ::= {nsIpArp 1} nsIpArpCachUpdate OBJECT-TYPE SYNTAX INTEGER { disable(0), enabled(1) } ACCESS not-accessible STATUS mandatory DESCRIPTION "ARP cache update." ::= { nsIpArp 2} nsIpArpTable OBJECT-TYPE SYNTAX SEQUENCE OF NsIpArpEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "This table collects all the ARP entries existing in NetScreen device." ::= { nsIpArp 3 } nsIpArpEntry OBJECT-TYPE SYNTAX NsIpArpEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "An entry containing attributes of arp info" INDEX { nsIpArpIndex } ::= { nsIpArpTable 1 } NsIpArpEntry ::= SEQUENCE { nsIpArpIndex INTEGER, nsIpArpIp IpAddress, nsIpArpMac DisplayString, nsIpArpVsys INTEGER, nsIpArpIfIdx INTEGER, nsIpArpState INTEGER, nsIpArpAge INTEGER, nsIpArpRetry INTEGER, nsIpArpPakQue INTEGER } nsIpArpIndex OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "A unique value for arp table. Its value ranges between 0 and 65535 and may not be contiguous." ::= { nsIpArpEntry 1 } nsIpArpIp OBJECT-TYPE SYNTAX IpAddress ACCESS read-only STATUS mandatory DESCRIPTION "IP address." ::= { nsIpArpEntry 2 } nsIpArpMac OBJECT-TYPE SYNTAX DisplayString (SIZE (0..32)) ACCESS read-only STATUS mandatory DESCRIPTION "MAC address." ::= { nsIpArpEntry 3 } nsIpArpVsys OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "Virtual system id this entry belongs to." ::= { nsIpArpEntry 4 } nsIpArpIfIdx OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "Interface location." ::= { nsIpArpEntry 5 } nsIpArpState OBJECT-TYPE SYNTAX INTEGER { pending(1), valid(2), delete(3), static(4) } ACCESS read-only STATUS mandatory DESCRIPTION "ARP entry state." ::= { nsIpArpEntry 6 } nsIpArpAge OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "ARP entry age." ::= { nsIpArpEntry 7 } nsIpArpRetry OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "ARP entry retry time." ::= { nsIpArpEntry 8 } nsIpArpPakQue OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "ARP entry package queue." ::= { nsIpArpEntry 9 } END ./snmp/mib_files/5.0/NS-NAT.mib010075000020300000144000000311570766730022600204610ustar00build_masterscreenos00003610232230-- These MIBs were created on 05/27/2001 -- This module defines NetScreen private MIBs for NAT -- -- Copyright (c) 1999 - 2001 by NetScreen Technologies, Inc. -- All rights reserved. -- -- MODULE-IDENTITY -- OrgName -- NetScreen Technologies, Inc. -- ContactInfo -- Customer Support -- -- 350 Oakmead Parkway -- Sunnyvale, CA 94085 -- USA -- -- Tel: 1.877.NETSCREEN -- E-mail: support@netscreen.com -- Http://www.netscreen.com -- Descr -- This module defines the managed objects for Netscreen NAT -- -- change VIP configuration per physical interface -- Last modified date: 6/3/2003 -- NETSCREEN-NAT-MIB DEFINITIONS ::= BEGIN IMPORTS DisplayString FROM RFC1213-MIB netscreenNAT FROM NETSCREEN-SMI; nsNatMipTable OBJECT-TYPE SYNTAX SEQUENCE OF NsNatMipEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "Mapped IP(MIP) is a direct one-to-one maping of traffic destined for one IP address ot another IP address. On NetScreen device, MIP addresses for tunnel and untrusted interfaces can be created." ::= { netscreenNAT 1 } nsNatMipEntry OBJECT-TYPE SYNTAX NsNatMipEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "An entry containing attributes of a mip address" INDEX { nsNatMipIndex } ::= { nsNatMipTable 1 } NsNatMipEntry ::= SEQUENCE { nsNatMipIndex INTEGER, nsNatMipIp IpAddress, nsNatMipNetmask IpAddress, nsNatMipHost IpAddress, nsNatMipIfIp IpAddress, nsNatMipIfNetmask IpAddress, nsNatMipVsys INTEGER } nsNatMipIndex OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "A unique value for each address. Its value ranges between 0 and 65535 and may not be contingous." ::= { nsNatMipEntry 1 } nsNatMipIp OBJECT-TYPE SYNTAX IpAddress ACCESS read-only STATUS mandatory DESCRIPTION "mip address. A MIP must be in the same subnet as the tunnel interface to which it is linked to; however, for the untrusted interface, a MIP does not need to be in the same subnet. In either case, a MIP must not be the same as the interface address or be in any DIP pool that might also be on that subnet." ::= { nsNatMipEntry 2 } nsNatMipNetmask OBJECT-TYPE SYNTAX IpAddress ACCESS read-only STATUS mandatory DESCRIPTION "Subnet mask for this MIP." ::= { nsNatMipEntry 3 } nsNatMipHost OBJECT-TYPE SYNTAX IpAddress ACCESS read-only STATUS mandatory DESCRIPTION "Host ip address mip mapping to." ::= { nsNatMipEntry 4 } nsNatMipIfIp OBJECT-TYPE SYNTAX IpAddress ACCESS read-only STATUS mandatory DESCRIPTION "Interface's ip address that a MIP is linked to." ::= { nsNatMipEntry 5 } nsNatMipIfNetmask OBJECT-TYPE SYNTAX IpAddress ACCESS read-only STATUS mandatory DESCRIPTION "Interface's netmask that a MIP is linked to." ::= { nsNatMipEntry 6 } nsNatMipVsys OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "Virtual system this mip belongs to." ::= { nsNatMipEntry 7 } nsNatDipTable OBJECT-TYPE SYNTAX SEQUENCE OF NsNatDipEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "A DIP(Dynamic IP) pool is a range of IP addresses from which the NetScreen device can dynamically take addresses to use when performing NAT on the source IP address of outgoing or incoming IP packets." ::= { netscreenNAT 2 } nsNatDipEntry OBJECT-TYPE SYNTAX NsNatDipEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "An entry containing attributes of a dynamic address" INDEX { nsNatDipIndex } ::= { nsNatDipTable 1 } NsNatDipEntry ::= SEQUENCE { nsNatDipIndex INTEGER, nsNatDipId INTEGER, nsNatDipLow IpAddress, nsNatDipHigh IpAddress, nsNatDipIfIp IpAddress, nsNatDipIfNetmask IpAddress, nsNatDipPTEnable INTEGER, nsNatDipVsys INTEGER } nsNatDipIndex OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "A unique value for each address. Its value ranges between 0 and 65535 and may not be contigous." ::= { nsNatDipEntry 1 } nsNatDipId OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "DIP pool id." ::= { nsNatDipEntry 2 } nsNatDipLow OBJECT-TYPE SYNTAX IpAddress ACCESS read-only STATUS mandatory DESCRIPTION "Start IP Address Range. The range of addresses in a DIP pool must be in the same subnet as the interface IP address, but the DIP pool should not contain the interface IP or any MIP or VIP address that might on that subnet." ::= { nsNatDipEntry 3 } nsNatDipHigh OBJECT-TYPE SYNTAX IpAddress ACCESS read-only STATUS mandatory DESCRIPTION "End IP Address Range. The range of addresses in a DIP pool must be in the same subnet as the interface IP address, but the DIP pool should not contain the interface IP or any MIP or VIP address that might on that subnet." ::= { nsNatDipEntry 4 } nsNatDipIfIp OBJECT-TYPE SYNTAX IpAddress ACCESS read-only STATUS mandatory DESCRIPTION "Interface's ip address that a DIP is linked to." ::= { nsNatDipEntry 5 } nsNatDipIfNetmask OBJECT-TYPE SYNTAX IpAddress ACCESS read-only STATUS mandatory DESCRIPTION "interface's ip address that a DIP is linked to." ::= { nsNatDipEntry 6 } nsNatDipPTEnable OBJECT-TYPE SYNTAX INTEGER { disable(0), enabled(1) } ACCESS read-only STATUS mandatory DESCRIPTION "Enable Port Translation" ::= { nsNatDipEntry 7 } nsNatDipVsys OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "virtual system this dip belongs to" ::= { nsNatDipEntry 8 } nsNatVip OBJECT IDENTIFIER ::= { netscreenNAT 3 } nsNatVipCfgTable OBJECT-TYPE SYNTAX SEQUENCE OF NsNatVipCfgEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "VIP(Virtual IP) allows you to map routable IP addresses to internal servers, therby providing transparent connections for a NAT networks to the Internet. This table collects all VIP configurations in NetScreen device." ::= { nsNatVip 1 } nsNatVipCfgEntry OBJECT-TYPE SYNTAX NsNatVipCfgEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "Each entry in the nsNatVipCfgTable holds a set of configuration parameters associated with an instance of VIP." INDEX { nsNatVipCfgIndex } ::= { nsNatVipCfgTable 1 } NsNatVipCfgEntry ::= SEQUENCE { nsNatVipCfgIndex INTEGER, nsNatVipCfgIp IpAddress, nsNatVipCfgPort INTEGER, nsNatVipCfgService DisplayString, nsNatVipCfgStatus INTEGER, nsNatVipCfgLoadBalance INTEGER } nsNatVipCfgIndex OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "A unique value for each vip configuation. Its value ranges between 1 and 65535 and may not be contingous." ::= { nsNatVipCfgEntry 1 } nsNatVipCfgIp OBJECT-TYPE SYNTAX IpAddress ACCESS read-only STATUS mandatory DESCRIPTION "The IP address for the VIP, which must be in the same subnet as the untrusted interface and can even be the same address as the untrusted interface." ::= { nsNatVipCfgEntry 2 } nsNatVipCfgPort OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "The port number for communication between the trusted server and the untrusted interfce on the NetScreen device." ::= { nsNatVipCfgEntry 3 } nsNatVipCfgService OBJECT-TYPE SYNTAX DisplayString (SIZE(0..255)) ACCESS read-only STATUS mandatory DESCRIPTION "Service for the server on the trusted interface." ::= { nsNatVipCfgEntry 4 } nsNatVipCfgStatus OBJECT-TYPE SYNTAX INTEGER { not-available(0), available(1) } ACCESS read-only STATUS mandatory DESCRIPTION "The status of the server on the trusted/DMZ interface." ::= { nsNatVipCfgEntry 5 } nsNatVipCfgLoadBalance OBJECT-TYPE SYNTAX INTEGER { null(0), round-robin(1), weighted-round-robin(2), least-conns(3), weighted-least-conns(4) } ACCESS read-only STATUS mandatory DESCRIPTION "Load balance algorithm for the Virtual IP servers." ::= { nsNatVipCfgEntry 6 } nsNatVipServerTable OBJECT-TYPE SYNTAX SEQUENCE OF NsNatVipServerEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "Ballancing the loads on NetScreen servers allow traffic intended for a server(one IP address on the untrusted network) to be mapped to several different IP addresses on the DMZ or trusted network. There can be up to eight servers in one load balancing group, which apperas as a single virtual server.This table collects all the server pool configurations for the virtual ip server." ::= { nsNatVip 2 } nsNatVipServerEntry OBJECT-TYPE SYNTAX NsNatVipServerEntry ACCESS not-accessible STATUS mandatory DESCRIPTION "An entry containing attributes of a vip configuration's server pool." INDEX { nsNatVipServerIndex } ::= { nsNatVipServerTable 1 } NsNatVipServerEntry ::= SEQUENCE { nsNatVipServerIndex INTEGER, nsNatVipServerVIP IpAddress, nsNatVipServerService INTEGER, nsNatVipServerLoadBalance INTEGER, nsNatVipServerIp IpAddress, nsNatVipServerWeight INTEGER, nsNatVipServerStatus INTEGER } nsNatVipServerIndex OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "A unique value for each vip server configuation. Its value ranges between 1 and 65535 and may not be contigous." ::= { nsNatVipServerEntry 1 } nsNatVipServerVIP OBJECT-TYPE SYNTAX IpAddress ACCESS read-only STATUS mandatory DESCRIPTION "The IP address for the VIP." ::= { nsNatVipServerEntry 2 } nsNatVipServerService OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "Service provideing through the VIP." ::= { nsNatVipServerEntry 3 } nsNatVipServerLoadBalance OBJECT-TYPE SYNTAX INTEGER { null(0), round-robin(1), weighted-round-robin(2), least-conns(3), weighted-least-conns(4) } ACCESS read-only STATUS mandatory DESCRIPTIO