-- *****************************************************************
-- FS-SECZONE-CONTEXT-MIB.mib:  FS security zone MIB file for multiple context
--
-- December 2009, rendh
--
-- Copyright (c) 2009 by FS.COM Inc..
-- All rights reserved.
-- 
-- *****************************************************************
--
FS-SECZONE-CONTEXT-MIB DEFINITIONS ::= BEGIN

IMPORTS
    MODULE-IDENTITY,
    OBJECT-TYPE,
    IpAddress
            FROM SNMPv2-SMI
    DisplayString,
    RowStatus
            FROM SNMPv2-TC
    MODULE-COMPLIANCE,
    OBJECT-GROUP
            FROM SNMPv2-CONF
    ConfigStatus
            FROM FS-TC
    fsMgmt
            FROM FS-SMI;

fsSecZoneVCMIB MODULE-IDENTITY
    LAST-UPDATED "200912060000Z"
    ORGANIZATION "FS.COM Inc.."
    CONTACT-INFO
            " 
            Tel: 400-865-2852 

            E-mail: https://www.fs.com/live_chat_service_mail.html"
    DESCRIPTION
            "This module defines my Security Zone mibs for multiple context."
    REVISION      "200912060000Z"
    DESCRIPTION
            "Initial version of this MIB module."
    ::= { fsMgmt 68 }
    
fsSecZoneVCMIBObjects OBJECT IDENTIFIER ::= { fsSecZoneVCMIB 1 }


-- *****************************************************************************************
--     define Security  Zone chain
-- *****************************************************************************************
fsSecZoneChainVCTable OBJECT-TYPE
        SYNTAX SEQUENCE OF FSSecZoneChainVCEntry
        MAX-ACCESS not-accessible
        STATUS current
        DESCRIPTION
               "A table of Security Zone Chain entries."
        ::= { fsSecZoneVCMIBObjects 1 }
    
fsSecZoneChainVCEntry OBJECT-TYPE
        SYNTAX FSSecZoneChainVCEntry
        MAX-ACCESS not-accessible
        STATUS current
        DESCRIPTION
                "Entry contains chain name and level."  
        INDEX {fsSecZoneContextNameVC,fsSecZoneChainNameVC }
        ::= { fsSecZoneChainVCTable 1 }
        
FSSecZoneChainVCEntry ::= 
        SEQUENCE {
                fsSecZoneContextNameVC            DisplayString,
                fsSecZoneChainNameVC              DisplayString,
                fsSecZoneLevelVC                  INTEGER,
                fsSecZoneAclNameVC                DisplayString,
                fsSecZoneViolationNotifyThreshVC  INTEGER,
                fsSecZoneViolationNotifyActionVC  INTEGER,
                fsSecZoneViolationBlockThreshVC   INTEGER,
                fsSecZoneViolationBlockActionVC   INTEGER,
                fsSecZoneViolationBlockTimeoutVC  INTEGER,
                fsSecZoneChainEntryStatusVC       RowStatus
        } 
        

fsSecZoneContextNameVC OBJECT-TYPE
        SYNTAX DisplayString(SIZE (1..31))
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "context name of this entry."
        ::= { fsSecZoneChainVCEntry  1 }        

fsSecZoneChainNameVC OBJECT-TYPE
        SYNTAX DisplayString(SIZE (1..32))
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "security zone chain name of this entry."
        ::= { fsSecZoneChainVCEntry  2 }

fsSecZoneLevelVC OBJECT-TYPE
       SYNTAX  INTEGER(0..100)
       MAX-ACCESS read-create
       STATUS current
        DESCRIPTION
               "Config level of this Seczone. value 0 means level is not defined so cannot use for comparing two zones's level "
       DEFVAL{ 0 }        
        ::= { fsSecZoneChainVCEntry 3 } 
        
fsSecZoneAclNameVC   OBJECT-TYPE
        SYNTAX DisplayString(SIZE (1..32))
        MAX-ACCESS read-create
        STATUS current
        DESCRIPTION
            "Access list name of security zone belong to. "
        ::= { fsSecZoneChainVCEntry  4 }
        
fsSecZoneViolationNotifyThreshVC   OBJECT-TYPE
      SYNTAX  INTEGER(0..65535)
      MAX-ACCESS read-create
      STATUS current
      DESCRIPTION 
        "Threshold of security zone access violation . value 0 means no notify."
      DEFVAL{ 0 }     
      ::= {fsSecZoneChainVCEntry  5  }  

fsSecZoneViolationNotifyActionVC   OBJECT-TYPE
      SYNTAX  INTEGER{
               nologtrap(0),
               log(1),
               trap(2), 
               logtrap(3)
      }         
      MAX-ACCESS read-create
      STATUS current
      DESCRIPTION 
        "Action of security zone access violation Notify:nologtrap(0),log (1), trap (2) , log and trap(3)."
      DEFVAL{ 0 }       
      ::= {fsSecZoneChainVCEntry  6  }  

fsSecZoneViolationBlockThreshVC   OBJECT-TYPE
      SYNTAX  INTEGER(0..65535)
      MAX-ACCESS read-create
      STATUS current
      DESCRIPTION 
        "Threshold of security zone access violation Blocking. value 0 means no block."
      DEFVAL{ 0 }         
      ::= {fsSecZoneChainVCEntry  7  }               
      
fsSecZoneViolationBlockActionVC   OBJECT-TYPE
      SYNTAX  INTEGER{              
              globalblock (1),
              zoneblock(2) 
      }         
      MAX-ACCESS read-create
      STATUS current
      DESCRIPTION 
        "Action of security zone access violation Blocking:globalblock(1),zoneblock(2) ."
      DEFVAL{ 1 }           
      ::= {fsSecZoneChainVCEntry  8  }             

fsSecZoneViolationBlockTimeoutVC    OBJECT-TYPE
      SYNTAX  INTEGER (0..3600)
      MAX-ACCESS read-create
      STATUS current
      DESCRIPTION 
        "Timeout(minutes)of security zone access violation Blocking . value 0 means block permanently"
      DEFVAL{ 1 }         
      ::= {fsSecZoneChainVCEntry  9  }   
        
fsSecZoneChainEntryStatusVC  OBJECT-TYPE
        SYNTAX RowStatus
        MAX-ACCESS read-create
        STATUS current
        DESCRIPTION
            "Status of this entry, set its value to invalid will delete this entry.
            set its value to valid has no effect."
        ::= { fsSecZoneChainVCEntry 10 }

-- *****************************************************************************************
-- define zone to zone policy for multi context
-- *****************************************************************************************


fsSecZone2ZoneVCTable OBJECT-TYPE
        SYNTAX SEQUENCE OF FSSecZone2ZoneVCEntry
        MAX-ACCESS not-accessible
        STATUS current
        DESCRIPTION
               "A table of Two Security Zone entries."
        ::= { fsSecZoneVCMIBObjects 2 }

fsSecZone2ZoneVCEntry OBJECT-TYPE
        SYNTAX FSSecZone2ZoneVCEntry
        MAX-ACCESS not-accessible
        STATUS current
        DESCRIPTION
                "Entry contains policy from one Zone to another Zone ."  
        INDEX { fsZone2ZoneContextNameVC, fsZoneFirstNameVC ,fsZoneSecondNameVC,fsZone2ZoneAclNameVC }
        ::= { fsSecZone2ZoneVCTable 1 }        
        
FSSecZone2ZoneVCEntry ::= 
        SEQUENCE {
                fsZone2ZoneContextNameVC DisplayString,
                fsZoneFirstNameVC        DisplayString,
                fsZoneSecondNameVC       DisplayString,
                fsZone2ZoneAclNameVC     DisplayString,
                fsZone2ZoneEntryStautsVC RowStatus
        }         

fsZone2ZoneContextNameVC OBJECT-TYPE
        SYNTAX DisplayString(SIZE (1..31))
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "context name of this entry."
        ::= { fsSecZone2ZoneVCEntry  1 }                

fsZoneFirstNameVC OBJECT-TYPE
        SYNTAX DisplayString(SIZE (1..32))
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "First zone name of this entry."
        ::= { fsSecZone2ZoneVCEntry  2 }                

fsZoneSecondNameVC OBJECT-TYPE
        SYNTAX DisplayString(SIZE (1..32))
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "Second zone name  of this entry."
        ::= { fsSecZone2ZoneVCEntry  3 }                       

fsZone2ZoneAclNameVC OBJECT-TYPE
        SYNTAX DisplayString(SIZE (1..32))
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "Key chain name of this entry."
        ::= { fsSecZone2ZoneVCEntry  4 }                              
        
fsZone2ZoneEntryStautsVC OBJECT-TYPE
        SYNTAX RowStatus
        MAX-ACCESS read-create
        STATUS current
        DESCRIPTION
            "entry status for this list."      
       ::= { fsSecZone2ZoneVCEntry  5 }   

-- *****************************************************************************************       
-- blocking ip table for multi context
-- *****************************************************************************************       

fsSecZoneBlockingVCTable OBJECT-TYPE
      SYNTAX SEQUENCE OF FSSecZoneBlockingVCEntry
      MAX-ACCESS not-accessible
      STATUS current
      DESCRIPTION
               "A table of IP blocking entries."
      ::= { fsSecZoneVCMIBObjects 3 }
      
fsSecZoneBlockingVCEntry OBJECT-TYPE      
      SYNTAX FSSecZoneBlockingVCEntry
      MAX-ACCESS not-accessible
      STATUS current
      DESCRIPTION
                "Entry contains blocking IPs ."  
      INDEX { fsBockingContextNameVC , fsBockingIPVC }
      ::= { fsSecZoneBlockingVCTable 1 } 
      
                     
      
FSSecZoneBlockingVCEntry ::= 
      SEQUENCE {fsBockingContextNameVC       DisplayString,
                fsBockingIPVC                IpAddress,
                fsBockingCurrentStatusVC     INTEGER,
                fsBockingTryAccessZoneNameVC DisplayString,
                fsBockingEntryStatusVC       ConfigStatus
      }    

fsBockingContextNameVC   OBJECT-TYPE
        SYNTAX DisplayString(SIZE (1..31))
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "context name of this entry."
        ::= { fsSecZoneBlockingVCEntry  1 }                               
      
fsBockingIPVC    OBJECT-TYPE
   SYNTAX IpAddress
   MAX-ACCESS read-only
   STATUS current
   DESCRIPTION
            "ip address of Blocking table.To clear all blocking IP use 0.0.0.0 "
        ::= { fsSecZoneBlockingVCEntry 2 }

fsBockingCurrentStatusVC  OBJECT-TYPE
  SYNTAX INTEGER{
              globalblock (1),
              zoneblock(2) 
      }         
   MAX-ACCESS read-only
   STATUS current
   DESCRIPTION
            "status of security zone access violation Blocking:globalblock(1),zoneblock(2)."
        ::= { fsSecZoneBlockingVCEntry 3 }   
        
fsBockingTryAccessZoneNameVC  OBJECT-TYPE
   SYNTAX   DisplayString(SIZE (0..32))     
   MAX-ACCESS read-only
   STATUS current
   DESCRIPTION
         "Try access Zone name of blocking IP.It indicate that 
         this  doesn't match any Zone if this string is null"
        ::= { fsSecZoneBlockingVCEntry 4 }   
        
fsBockingEntryStatusVC  OBJECT-TYPE
   SYNTAX ConfigStatus
   MAX-ACCESS read-write
   STATUS current
   DESCRIPTION
            "Status of this entry, set its value to invalid (2)will delete this entry.
            set its value to valid(1)has no effect."
   ::= { fsSecZoneBlockingVCEntry 5 }        
   


    

-- compliance statements
         
fsSecZoneVCMIBConformance OBJECT IDENTIFIER ::= { fsSecZoneVCMIB 3 }
fsSecZoneVCMIBCompliances OBJECT IDENTIFIER ::= { fsSecZoneVCMIBConformance 1 }
fsSecZoneVCMIBGroups      OBJECT IDENTIFIER ::= { fsSecZoneVCMIBConformance 2 }

fsSecZoneVCMIBCompliance MODULE-COMPLIANCE
    STATUS  current
    DESCRIPTION
            "The compliance statement for entities which implement
            the  security zone MIB for multiple context"
    MODULE  -- this module
            MANDATORY-GROUPS { fsSecZoneVCMIBGroup
             }
                   
    ::= { fsSecZoneVCMIBCompliances 1 }
            
-- units of conformance

fsSecZoneVCMIBGroup OBJECT-GROUP
    OBJECTS {
                fsSecZoneContextNameVC,
                fsSecZoneChainNameVC,
                fsSecZoneLevelVC,
                fsSecZoneAclNameVC,
                fsSecZoneViolationNotifyThreshVC,
                fsSecZoneViolationNotifyActionVC,
                fsSecZoneViolationBlockThreshVC,
                fsSecZoneViolationBlockActionVC,
                fsSecZoneViolationBlockTimeoutVC,
                fsSecZoneChainEntryStatusVC,
                
                fsZone2ZoneContextNameVC,
                fsZoneFirstNameVC,
                fsZoneSecondNameVC,
                fsZone2ZoneAclNameVC,
                fsZone2ZoneEntryStautsVC,
                
                fsBockingContextNameVC  ,
                fsBockingIPVC,
                fsBockingCurrentStatusVC,
                fsBockingTryAccessZoneNameVC,
                fsBockingEntryStatusVC
            
    }
    STATUS  current
    DESCRIPTION
            "A collection of objects providing Security Zone management and
            opertion to a My agent."
    ::= { fsSecZoneVCMIBGroups 1 } 

-- 
                   

END    
