-- *****************************************************************
-- FS-SECZONE-MIB.mib:  FS security zone MIB file
--
-- March 2009, rendh
--
-- Copyright (c) 2009 by FS.COM Inc..
-- All rights reserved.
-- 
-- *****************************************************************
--
FS-SECZONE-MIB DEFINITIONS ::= BEGIN

IMPORTS
    MODULE-IDENTITY,
    OBJECT-TYPE,
    NOTIFICATION-TYPE,
    IpAddress,
    Integer32
            FROM SNMPv2-SMI
    DisplayString,
    RowStatus
            FROM SNMPv2-TC
    MODULE-COMPLIANCE,
    OBJECT-GROUP,
    NOTIFICATION-GROUP
            FROM SNMPv2-CONF
    ConfigStatus
            FROM FS-TC
    fsMgmt
            FROM FS-SMI;

fsSecZoneMIB MODULE-IDENTITY
    LAST-UPDATED "200908110000Z"
    ORGANIZATION "FS.COM Inc.."
    CONTACT-INFO
            " 
            Tel: 400-865-2852 

            E-mail: https://www.fs.com/live_chat_service_mail.html"
    DESCRIPTION
            "This module defines my Security Zone mibs."
    REVISION      "200908110000Z"
    DESCRIPTION
            "Initial version of this MIB module."
    ::= { fsMgmt 54}
    
fsSecZoneMIBObjects OBJECT IDENTIFIER ::= { fsSecZoneMIB 1 }


-- *****************************************************************************************
--     define Security  Zone chain
-- *****************************************************************************************
fsSecZoneChainTable OBJECT-TYPE
        SYNTAX SEQUENCE OF FSSecZoneChainEntry
        MAX-ACCESS not-accessible
        STATUS current
        DESCRIPTION
               "A table of Security Zone Chain entries."
        ::= { fsSecZoneMIBObjects 1 }
    
fsSecZoneChainEntry OBJECT-TYPE
        SYNTAX FSSecZoneChainEntry
        MAX-ACCESS not-accessible
        STATUS current
        DESCRIPTION
                "Entry contains chain name and level."  
        INDEX { fsSecZoneChainName }
        ::= { fsSecZoneChainTable 1 }
        
FSSecZoneChainEntry ::= 
        SEQUENCE {
                fsSecZoneChainName DisplayString,
                fsSecZoneLevel INTEGER,
                fsSecZoneAclName DisplayString,
                fsSecZoneViolationNotifyThresh  INTEGER,
                fsSecZoneViolationNotifyAction  INTEGER,
                fsSecZoneViolationBlockThresh   INTEGER,
                fsSecZoneViolationBlockAction   INTEGER,
                fsSecZoneViolationBlockTimeout  INTEGER,
                fsSecZoneChainEntryStatus RowStatus
        } 

fsSecZoneChainName OBJECT-TYPE
        SYNTAX DisplayString(SIZE (1..32))
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "security zone chain name of this entry.This value is unique for every entry
            When this string be used as an index,Value of a sub-identifier equal 
            ASCII value of corresponding character(first sub-identifier corresponds
            first character of string). The number of sub-identifiers of this string
            must be 32,If length of string is less than 32 the sub-identifier(0x0) 
            will be filled in tail."
        ::= { fsSecZoneChainEntry  1 }

fsSecZoneLevel OBJECT-TYPE
       SYNTAX  INTEGER(0..100)
       MAX-ACCESS read-write
       STATUS current
        DESCRIPTION
               " Config level of this Seczone"
        ::= { fsSecZoneChainEntry 2 } 
        
fsSecZoneAclName   OBJECT-TYPE
        SYNTAX DisplayString(SIZE (1..32))
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
            "Access list name of security zone belong to.
            When this string be used as an index,Value of a sub-identifier equal 
            ASCII value of corresponding character(first sub-identifier corresponds
            first character of string). The number of sub-identifiers of this string
            must be 32,If length of string is less than 32 the sub-identifier(0x0) 
            will be filled in tail."
        ::= { fsSecZoneChainEntry  3 }
        
fsSecZoneViolationNotifyThresh   OBJECT-TYPE
      SYNTAX  INTEGER(0..65535)
      MAX-ACCESS read-write
      STATUS current
      DESCRIPTION 
        "Threshold of security zone access violation . value 0 means no notify."
      ::= {fsSecZoneChainEntry  4  }  

fsSecZoneViolationNotifyAction   OBJECT-TYPE
      SYNTAX  INTEGER{
               log(1),
               trap(2), 
               logtrap(3)
      }         
      MAX-ACCESS read-write
      STATUS current
      DESCRIPTION 
        "Action of security zone access violation Notify:log (1), trap (2) , log and trap(3)."
      ::= {fsSecZoneChainEntry  5  }  

fsSecZoneViolationBlockThresh   OBJECT-TYPE
      SYNTAX  INTEGER(0..65535)
      MAX-ACCESS read-write
      STATUS current
      DESCRIPTION 
        "Threshold of security zone access violation Blocking. value 0 means no block."
      ::= {fsSecZoneChainEntry  6  }               
      
fsSecZoneViolationBlockAction   OBJECT-TYPE
      SYNTAX  INTEGER{
              globalblock (1),
              zoneblock(2) 
      }         
      MAX-ACCESS read-write
      STATUS current
      DESCRIPTION 
        "Action of security zone access violation Blocking:globalblock(1),zoneblock(2) ."
      ::= {fsSecZoneChainEntry  7  }             

fsSecZoneViolationBlockTimeout    OBJECT-TYPE
      SYNTAX  INTEGER (0..3600)
      MAX-ACCESS read-write
      STATUS current
      DESCRIPTION 
        "Timeout of security zone access violation Blocking . value 0 means block permanently"
      ::= {fsSecZoneChainEntry  8  }   
        
fsSecZoneChainEntryStatus  OBJECT-TYPE
        SYNTAX RowStatus
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
            "Status of this entry, set its value to invalid will delete this entry.
            set its value to valid has no effect."
        ::= { fsSecZoneChainEntry 9 }

-- *****************************************************************************************
-- define zone to zone policy
-- *****************************************************************************************


fsSecZone2ZoneTable OBJECT-TYPE
        SYNTAX SEQUENCE OF FSSecZone2ZoneEntry
        MAX-ACCESS not-accessible
        STATUS current
        DESCRIPTION
               "A table of Two Security Zone entries."
        ::= { fsSecZoneMIBObjects 2 }

fsSecZone2ZoneEntry OBJECT-TYPE
        SYNTAX FSSecZone2ZoneEntry
        MAX-ACCESS not-accessible
        STATUS current
        DESCRIPTION
                "Entry contains policy from one Zone to another Zone ."  
        INDEX { fsZoneFirstName ,fsZoneSecondName,fsZone2ZoneAclName }
        ::= { fsSecZone2ZoneTable 1 }        
        
FSSecZone2ZoneEntry ::= 
        SEQUENCE {
                fsZoneFirstName DisplayString,
                fsZoneSecondName   DisplayString,
                fsZone2ZoneAclName DisplayString,
                fsZone2ZoneEntryStauts RowStatus
        }         

fsZoneFirstName OBJECT-TYPE
        SYNTAX DisplayString(SIZE (1..32))
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "First zone name of this entry.This value is unique for every entry
            When this string be used as an index,Value of a sub-identifier equal 
            ASCII value of corresponding character(first sub-identifier corresponds
            first character of string). The number of sub-identifiers of this string
            must be 32,If length of string is less than 32 the sub-identifier(0x0) 
            will be filled in tail."
        ::= { fsSecZone2ZoneEntry  1 }                

fsZoneSecondName OBJECT-TYPE
        SYNTAX DisplayString(SIZE (1..32))
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "Second zone name  of this entry.This value is unique for every entry
            When this string be used as an index,Value of a sub-identifier equal 
            ASCII value of corresponding character(first sub-identifier corresponds
            first character of string). The number of sub-identifiers of this string
            must be 32,If length of string is less than 32 the sub-identifier(0x0) 
            will be filled in tail."
        ::= { fsSecZone2ZoneEntry  2 }                       

fsZone2ZoneAclName OBJECT-TYPE
        SYNTAX DisplayString(SIZE (1..32))
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "Key chain name of this entry.This value is unique for every entry
            When this string be used as an index,Value of a sub-identifier equal 
            ASCII value of corresponding character(first sub-identifier corresponds
            first character of string). The number of sub-identifiers of this string
            must be 32,If length of string is less than 32 the sub-identifier(0x0) 
            will be filled in tail."
        ::= { fsSecZone2ZoneEntry  3 }                              
        
fsZone2ZoneEntryStauts OBJECT-TYPE
        SYNTAX RowStatus
        MAX-ACCESS read-create
        STATUS current
        DESCRIPTION
            "entry status for this list."      
       ::= { fsSecZone2ZoneEntry  4 }   

-- *****************************************************************************************       
-- blocking ip table
-- *****************************************************************************************       

fsSecZoneBlockingTable OBJECT-TYPE
      SYNTAX SEQUENCE OF FSSecZoneBlockingEntry
      MAX-ACCESS not-accessible
      STATUS current
      DESCRIPTION
               "A table of IP blocking entries."
      ::= { fsSecZoneMIBObjects 3 }
      
fsSecZoneBlockingEntry OBJECT-TYPE      
      SYNTAX FSSecZoneBlockingEntry
      MAX-ACCESS not-accessible
      STATUS current
      DESCRIPTION
                "Entry contains blocking IP .value 0 mean all block IP for deleting all blocking IP"  
      INDEX { fsBockingIP }
      ::= { fsSecZoneBlockingTable 1 } 
      
FSSecZoneBlockingEntry ::= 
      SEQUENCE {
                fsBockingIP  IpAddress  ,
                fsBockingCurrentStatus INTEGER ,
                fsBockingTryAccessZoneName DisplayString,
                fsBockingEntryStatus ConfigStatus
      }               
      
fsBockingIP    OBJECT-TYPE
   SYNTAX IpAddress
   MAX-ACCESS read-only
   STATUS current
   DESCRIPTION
            "ip address of Blocking table. "
        ::= { fsSecZoneBlockingEntry 1 }

fsBockingCurrentStatus  OBJECT-TYPE
  SYNTAX INTEGER{
              globalblock (1),
              zoneblock(2) 
      }         
   MAX-ACCESS read-only
   STATUS current
   DESCRIPTION
            "status of security zone access violation Blocking:globalblock(1),zoneblock(2)."
        ::= { fsSecZoneBlockingEntry 2 }   
        
fsBockingTryAccessZoneName  OBJECT-TYPE
   SYNTAX   DisplayString(SIZE (0..32))     
   MAX-ACCESS read-only
   STATUS current
   DESCRIPTION
         "Try access Zone name of blocking IP.It indicate that 
         this  doesn't match any Zone if this string is null"
        ::= { fsSecZoneBlockingEntry 3 }   
        
fsBockingEntryStatus  OBJECT-TYPE
   SYNTAX ConfigStatus
   MAX-ACCESS read-write
   STATUS current
   DESCRIPTION
            "Status of this entry, set its value to invalid (2)will delete this entry.
            set its value to valid(1)has no effect."
   ::= { fsSecZoneBlockingEntry 4 }        
   
-- *****************************************************************************************               
--     define Global Violation policy parameter
-- *****************************************************************************************               


fsGlobalViolationNotifyThresh   OBJECT-TYPE
      SYNTAX  INTEGER(0..65535)
      MAX-ACCESS read-write
      STATUS current
      DESCRIPTION 
        "Threshold of Global parameter access violation . value 0 means no notify."
      ::= { fsSecZoneMIBObjects 4   }  

fsGlobalViolationNotifyAction   OBJECT-TYPE
      SYNTAX  INTEGER{
               log(1),
               trap(2), 
               logtrap(3)
      }         
      MAX-ACCESS read-write
      STATUS current
      DESCRIPTION 
        "Action of Global parameter access violation Notify:log (1), trap (2) , log and trap(3)."
      ::= { fsSecZoneMIBObjects 5 }  

fsGlobalViolationBlockThresh   OBJECT-TYPE
      SYNTAX  INTEGER(0..65535)
      MAX-ACCESS read-write
      STATUS current
      DESCRIPTION 
        "Threshold of Global parameter access violation Blocking. value 0 means no block."
      ::= {fsSecZoneMIBObjects 6  }               
      
fsGlobalViolationBlockAction   OBJECT-TYPE
      SYNTAX  INTEGER{
              globalblock (1),
              zoneblock(2) 
      }         
      MAX-ACCESS read-write
      STATUS current
      DESCRIPTION 
        "Action of Global parameter access violation Blocking:globalblock(1),zoneblock(2) ."
      ::= {fsSecZoneMIBObjects 7  }             

fsGlobalViolationBlockTimeout    OBJECT-TYPE
      SYNTAX  INTEGER (0..3600)
      MAX-ACCESS read-write
      STATUS current
      DESCRIPTION 
        "Timeout of Global parameter access violation Blocking . value 0 means block permanently"
      ::= {fsSecZoneMIBObjects 8  }   


-- *****************************************************************************************               
-- trap define 
-- *****************************************************************************************               

fsSecZoneMIBTraps OBJECT IDENTIFIER ::= { fsSecZoneMIB 2 }      

violationTime OBJECT-TYPE 
     SYNTAX       DisplayString 
     MAX-ACCESS   accessible-for-notify
     STATUS       current
     DESCRIPTION
         "The time of  packet violation. Used by trap."
     ::= { fsSecZoneMIBObjects 9  }
                
violationSrcIP OBJECT-TYPE 
     SYNTAX       IpAddress
     MAX-ACCESS   accessible-for-notify
     STATUS       current
     DESCRIPTION
         "The source IP address of packet violation. Used by trap."
     ::= { fsSecZoneMIBObjects 10  }

violationDestIP OBJECT-TYPE 
     SYNTAX       IpAddress
     MAX-ACCESS   accessible-for-notify
     STATUS       current
     DESCRIPTION
         "The dest IP address of packet violation. Used by trap."
     ::= { fsSecZoneMIBObjects 11 }     
     
violationProtocol OBJECT-TYPE 
     SYNTAX       Integer32
     MAX-ACCESS   accessible-for-notify
     STATUS       current
     DESCRIPTION
         "The protocol of packet violation. Used by trap."
     ::= { fsSecZoneMIBObjects 12 }      

violationL4Key OBJECT-TYPE 
     SYNTAX       Integer32
     MAX-ACCESS   accessible-for-notify
     STATUS       current
     DESCRIPTION
         "The tcp/udp port or icmp type&code of packet violation. Used by trap."
     ::= { fsSecZoneMIBObjects 13 }           
             
fsSecZoneViolationTrap NOTIFICATION-TYPE
    OBJECTS   {  violationTime,  
                 violationSrcIP, 
                 violationDestIP,
                 violationProtocol,      
                 violationL4Key, 
                 fsZoneFirstName,
                 fsZoneSecondName
    }
    STATUS     current
    DESCRIPTION
            "Security zone access Violation trap."
    ::= { fsSecZoneMIBTraps 1 }                    
    
-- *****************************************************************************************                   


fsSecZoneMIBConformance OBJECT IDENTIFIER ::= { fsSecZoneMIB 3 }
fsSecZoneMIBCompliances OBJECT IDENTIFIER ::= { fsSecZoneMIBConformance 1 }
fsSecZoneMIBGroups      OBJECT IDENTIFIER ::= { fsSecZoneMIBConformance 2 }


-- compliance statements

fsSecZoneMIBCompliance MODULE-COMPLIANCE
        STATUS  current
        DESCRIPTION
                "The compliance statement for entities which implement
                the FS SecZone MIB"
        MODULE  -- this module
                MANDATORY-GROUPS { 
                        fsSecZoneMIBGroup,
                        fsSecZoneNotifObjectsGroup,
                        fsSecZoneNotificationsGroup
                 }         
 
         ::= { fsSecZoneMIBCompliances 1 }
         
-- units of conformance

fsSecZoneMIBGroup OBJECT-GROUP
        OBJECTS {
              fsSecZoneChainName,
              fsSecZoneLevel,
              fsSecZoneAclName,
              fsSecZoneViolationNotifyThresh,
              fsSecZoneViolationNotifyAction,
              fsSecZoneViolationBlockThresh,
              fsSecZoneViolationBlockAction,
              fsSecZoneViolationBlockTimeout,
              fsSecZoneChainEntryStatus,
              fsZoneFirstName,
              fsZoneSecondName,
              fsZone2ZoneAclName,
              fsZone2ZoneEntryStauts,
              fsBockingIP,
              fsBockingCurrentStatus,
              fsBockingTryAccessZoneName,
              fsBockingEntryStatus,
              fsGlobalViolationNotifyThresh,
              fsGlobalViolationNotifyAction,
              fsGlobalViolationBlockThresh,
              fsGlobalViolationBlockAction,
              fsGlobalViolationBlockTimeout
        }
        STATUS  current
        DESCRIPTION
                "A collection of objects providing seczone managment."
        ::= { fsSecZoneMIBGroups 1 }
     
fsSecZoneNotifObjectsGroup OBJECT-GROUP
        OBJECTS {
              violationTime,
              violationSrcIP,
              violationDestIP,
              violationProtocol,
              violationL4Key
        }
        STATUS  current
        DESCRIPTION
                "A collection of objects that specify information for
                 TRIP notifications."
        ::= { fsSecZoneMIBGroups 2 }
           
fsSecZoneNotificationsGroup NOTIFICATION-GROUP
        NOTIFICATIONS {
               fsSecZoneViolationTrap     
        }
        STATUS        current
        DESCRIPTION
              "A collection of security zone access Violation traps."
      ::= { fsSecZoneMIBGroups 3 }
END    
