-- **************************************************************************
-- *                                                                        *
-- *                                                                        *
-- *                    Hirschmann Automation and Control GmbH              *
-- *                                                                        *
-- *                             P.O. Box 1649                              *
-- *                           D-72602 Nuertingen                           *
-- *                                Germany                                 *
-- *                                                                        *
-- *                                                                        *
-- *                   Hirschmann Security Devices MIB Revision 2           *
-- *                                                                        *
-- *                          Date:  08-dec-2008                            *
-- *                                                                        *
-- *                                                                        *
-- *    Dies ist die SNMP Security MIB fuer Hirschmann Eagle.               *
-- *                                                                        *
-- *    Sollten Sie weitere Fragen haben, wenden Sie sich bitte an ihren    *
-- *    Hirschmann-Vertragspartner.                                         *
-- *                                                                        *
-- *    Aktuelle Hirschmann-Infos zu unseren Produkten erhalten Sie ueber   *
-- *    unseren WWW-Server unter http://www.hirschmann-ac.com               *
-- *                                                                        *
-- *    This is the SNMP Security MIB for the Hirschmann Eagle              *
-- *                                                                        *
-- *    If you have any further questions please contact your               *
-- *    Hirschmann contractual partner.                                     *
-- *                                                                        *
-- *    You can access current information about Hirschmann products        *
-- *    via our WWW server on http://www.hirschmann-ac.com                  *
-- *                                                                        *
-- **************************************************************************

HMSECURITY2-MIB   DEFINITIONS ::= BEGIN

IMPORTS
	NOTIFICATION-TYPE, OBJECT-IDENTITY,  MODULE-IDENTITY, OBJECT-TYPE,
	enterprises,
    Integer32,
	IpAddress,
    Counter32,
    TimeTicks			FROM SNMPv2-SMI
	PhysAddress,
	DisplayString,
	RowStatus,
	MacAddress,
	TestAndIncr	  		FROM SNMPv2-TC
	SnmpAdminString     FROM SNMP-FRAMEWORK-MIB
	SnmpTagValue,
	SnmpTagList	        FROM SNMP-TARGET-MIB
	InetPortNumber	  	FROM INET-ADDRESS-MIB -- [RFC3291]
	hmLastIpAddr		FROM HMPRIV-MGMT-SNMP-MIB
	hmLastLoginUserName FROM HMPRIV-MGMT-SNMP-MIB;

hmSecurity2 MODULE-IDENTITY
    LAST-UPDATED "201501231200Z" -- Jan 23, 2015
    ORGANIZATION "Hirschmann Automation and Control GmbH"
    CONTACT-INFO 
          "Customer Support
           Postal: 
           Hirschmann Automation and Control GmbH
           Stuttgarter Str. 45-51
           72654 Neckartenzlingen
           Germany
	       Phone:      +49 7127 - 14 -0
           E-mail:     hac.support@belden.com"
    DESCRIPTION
          "The Hirschmann Private Security MIB definitions."

    REVISION        "200812081200Z" -- December 08, 2008
    DESCRIPTION
    		"Minor changes."
          
    REVISION        "200809301200Z" -- September 30, 2008
    DESCRIPTION
    		"Minor changes."
          
    REVISION        "201005201200Z" -- May 20, 2010
    DESCRIPTION
            "Minor changes."

    REVISION        "201210021200Z" -- Oct 02, 2012
    DESCRIPTION
            "Published as is."
    REVISION        "201310221200Z" -- Oct 22, 2013
    DESCRIPTION
            "Published as is."
    REVISION        "201501231200Z" -- Jan 23, 2015
    DESCRIPTION
            "Published as is."
   ::= { hirschmann 52 }

--
-- hmSecurity2 / Hirschmann Security Devices MIB Revision 2 --
--

hirschmann    OBJECT IDENTIFIER ::= { enterprises 248 }

hmSecurity2Objects OBJECT IDENTIFIER ::= { hmSecurity2 1 }

-- device related variables
hmSec2Device OBJECT IDENTIFIER ::= { hmSecurity2Objects 1 }

-- management agent variables
-- includes configuration storage, diagnosis and other features
hmSec2Agent OBJECT IDENTIFIER ::= { hmSecurity2Objects 2 }

-- security related variables
hmSec2Security OBJECT IDENTIFIER ::= { hmSecurity2Objects 3 }

-- firewall related variables
hmSec2Firewall OBJECT IDENTIFIER ::= { hmSecurity2Objects 11 }

-- network configuration variables
hmSec2Network OBJECT IDENTIFIER ::= { hmSecurity2Objects 12 }

-- VPN related variables
hmSec2Vpn OBJECT IDENTIFIER ::= { hmSecurity2Objects 13 }

-- redundancy related variables
hmSec2Redundancy OBJECT IDENTIFIER ::= { hmSecurity2Objects 14 }

-- NAT related variables
hmSec2Nat OBJECT IDENTIFIER ::= { hmSecurity2Objects 15 }

-- general related info variables
hmSec2Info       OBJECT IDENTIFIER ::= { hmSecurity2Objects 20 }


--
-- Web Server Management Definitions --
--
hmSec2WebGroup OBJECT IDENTIFIER ::= { hmSec2Agent 3 }

hmSec2WebLoginAccessWeb OBJECT-TYPE
			 SYNTAX 		INTEGER {
			 				enable (1),
			 				disable (2)
							}
			 MAX-ACCESS 	read-write
			 STATUS 		current
			 DESCRIPTION
				 "Enables/Disables Web access to the device."
			 DEFVAL  { enable }				 
			 ::= { hmSec2WebGroup 1 }

hmSec2WebLoginTimeoutWeb OBJECT-TYPE
			 SYNTAX 		INTEGER (0..120)
			 MAX-ACCESS 	read-write
			 STATUS 		current
			 DESCRIPTION
				 "Timeout for Web connections in minutes."
			 DEFVAL  { 5 }	
			 ::= { hmSec2WebGroup 2 }

hmSec2WebHttpsPortNumber  	OBJECT-TYPE
			SYNTAX	Integer32 (1..65535)
			MAX-ACCESS	read-write
			STATUS	current
			DESCRIPTION
			"The port number of the https web server.
			 To activate the port number the device
			 has to be restarted."						
			DEFVAL  { 443 }
			::= { hmSec2WebGroup 6 }

hmSec2WebSNMPoverHTTPS OBJECT-TYPE
			 SYNTAX 		INTEGER {
			 				enable (1),
			 				disable (2)
							}
			 MAX-ACCESS 	read-write
			 STATUS 		current
			 DESCRIPTION
				 "Enables/Disables Web tunneling SNMP over HTTPS."
			 DEFVAL  { disable }				 
			 ::= { hmSec2WebGroup 7 }

hmSec2WebHttpsCertFingerPrintType OBJECT-TYPE
	     	 SYNTAX INTEGER {
	               				sha1(1),
	               				sha256(2)
	                 		}
		     MAX-ACCESS  read-write
		     STATUS      current
		     DESCRIPTION
	         	"Controls HTTPS certificate fingerprint generation. If set to 'sha1' hmSec2WebHttpsCertFingerPrint
	         	 will show the SHA1 fingerprint of the certificate."
		     DEFVAL { sha256 } 
	     	::= { hmSec2WebGroup  8 }
     
hmSec2WebHttpsCertFingerPrint    OBJECT-TYPE
	     	SYNTAX         DisplayString
	     	MAX-ACCESS     read-only
	     	STATUS         current
	     	DESCRIPTION
	        	"The HTTPS certificate fingerprint as hash. The type of the hash is defined with hmSec2WebHttpsCertFingerPrintType."                        
	    	::= { hmSec2WebGroup  9 }                  


--
-- Command Line Interface Management Definitions --
--
hmSec2CliGroup OBJECT IDENTIFIER ::= { hmSec2Agent 4 }

hmSec2CliLoginPrompt OBJECT-TYPE
			 SYNTAX 		DisplayString (SIZE(0..32))
			 MAX-ACCESS 	read-write
			 STATUS 		current
			 DESCRIPTION
				 "Prompt string for the command line interface."
			 DEFVAL  { "" }				 
			 ::= { hmSec2CliGroup 1 }

			 

hmSec2CliLoginTimeoutSerial OBJECT-TYPE
			 SYNTAX 		INTEGER (0..120)
			 MAX-ACCESS 	read-write
			 STATUS 		current
			 DESCRIPTION
				 "Timeout for serial connections in minutes.
				  If the value is set to 0, there will be 
				  no idle logout at all."
			 DEFVAL  { 5 }				 
			 ::= { hmSec2CliGroup 2 }
			 
hmSec2CliLoginTimeoutSSH OBJECT-TYPE
			 SYNTAX 		INTEGER (1..120)
			 MAX-ACCESS 	read-write
			 STATUS 		current
			 DESCRIPTION
				 "Timeout for SSH connections in minutes."
			 DEFVAL  { 5 }				 
			 ::= { hmSec2CliGroup 3 }
			 
hmSec2CliLoginTimeoutTelnet OBJECT-TYPE
			 SYNTAX 		INTEGER (1..120)
			 MAX-ACCESS 	read-write
			 STATUS 		current
			 DESCRIPTION
				 "Timeout for Telnet connections in minutes."
			 DEFVAL  { 5 }				 
			 ::= { hmSec2CliGroup 4 }

hmSec2CliLoginAccessSSH OBJECT-TYPE
			 SYNTAX 		INTEGER {
			 				enable (1),
			 				disable (2)
							}
			 MAX-ACCESS 	read-write
			 STATUS 		current
			 DESCRIPTION
				 "Enables/Disables CLI access to the device over SSH."
			 DEFVAL  { enable }				 
			 ::= { hmSec2CliGroup 6 }

hmSec2CliLoginAccessTelnet OBJECT-TYPE
			 SYNTAX 		INTEGER {
			 				enable (1),
			 				disable (2)
							}
			 MAX-ACCESS 	read-write
			 STATUS 		current
			 DESCRIPTION
				 "Enables/Disables CLI access to the device over Telnet."
			 DEFVAL  { disable }				 
			 ::= { hmSec2CliGroup 7 }
			 
hmSec2CliLoginSshPortNumber  	OBJECT-TYPE
			SYNTAX	Integer32 (1..65535)
			MAX-ACCESS	read-write
			STATUS	current
			DESCRIPTION
			"The port number of the ssh login server.
			 To activate the port number the device
			 has to be restarted."						
			DEFVAL  { 22 }
			::= { hmSec2CliGroup 8 }

hmSec2CliLoginFingerPrintDSA  	OBJECT-TYPE
			SYNTAX DisplayString (SIZE (0..128))
			MAX-ACCESS	read-only
			STATUS	current
			DESCRIPTION
			"The local DSA fingerprint for SSH connections."						
			::= { hmSec2CliGroup 9 }

hmSec2CliLoginFingerPrintRSA  	OBJECT-TYPE
			SYNTAX DisplayString (SIZE (0..128))
			MAX-ACCESS	read-only
			STATUS	current
			DESCRIPTION
			"The local RSA fingerprint for SSH connections."						
			::= { hmSec2CliGroup 10 }

hmSec2CliLoginDefaultPasswordActive  	OBJECT-TYPE
			SYNTAX	INTEGER {
				enable (1),
				disable (2)
			}
			MAX-ACCESS	read-only
			STATUS	current
			DESCRIPTION
			"This variable displays if there are currently default passwords 
			set for priviledged users."						
			::= { hmSec2CliGroup 11 }



--
-- File Management Definitions --
--

hmSec2FileManagementGroup OBJECT IDENTIFIER ::= { hmSec2Agent 5 }

hmSec2FileManagementActionGroup OBJECT IDENTIFIER ::= { hmSec2FileManagementGroup 1 }


hmSec2FMActionType OBJECT-TYPE
			 SYNTAX 		INTEGER {
			 				other (1),
							copy (2),
							clear (3)
							}
			 MAX-ACCESS 	read-write
			 STATUS 		current
			 DESCRIPTION
				 "Type of the action to be performed."
			 DEFVAL  { copy }				 
			 ::= { hmSec2FileManagementActionGroup 1 }
			 
			 
hmSec2FMActionItemType OBJECT-TYPE
			 SYNTAX 		INTEGER {
			 				config (1),
			 				firmware (2),
			 				eventlog (3),
			 				certs (4),
			 				sysinfo (5)
							}
			 MAX-ACCESS 	read-write
			 STATUS 		current
			 DESCRIPTION
				 "Type of the item to be processed."
			 DEFVAL  { config }				 
			 ::= { hmSec2FileManagementActionGroup 2 }
			 
			 
hmSec2FMActionSourceType OBJECT-TYPE
			 SYNTAX 		INTEGER {
							nv (1),
							aca (2),
							running-config (3),
							system (4)
							}
			 MAX-ACCESS 	read-write
			 STATUS 		current
			 DESCRIPTION
				 "Type of the source object to be processed."
			 DEFVAL  { running-config }				 
			 ::= { hmSec2FileManagementActionGroup 3 }
			 
			 
hmSec2FMActionSourceData OBJECT-TYPE
			 SYNTAX 		DisplayString (SIZE(0..128))
			 MAX-ACCESS 	read-write
			 STATUS 		current
			 DESCRIPTION
				 "Additional Data for the source object. This could
				 be a profile name or URL"
			 DEFVAL  { "" }				 
			 ::= { hmSec2FileManagementActionGroup 4 }
	
			 
hmSec2FMActionDestinationType OBJECT-TYPE
			 SYNTAX 		INTEGER {
							nv (1),
							aca (2),
							running-config (3)
							}
			 MAX-ACCESS 	read-write
			 STATUS 		current
			 DESCRIPTION
				 "Type of the destination object to be processed."
			 DEFVAL  { nv }				 
			 ::= { hmSec2FileManagementActionGroup 5 }
			
			 
hmSec2FMActionDestinationData OBJECT-TYPE
			 SYNTAX 		DisplayString (SIZE(0..128))
			 MAX-ACCESS 	read-write
			 STATUS 		current
			 DESCRIPTION
				 "Additional Data for the source object. This could
				 be a profile name or URL"
			 DEFVAL  { "" }				 
			 ::= { hmSec2FileManagementActionGroup 6 }

			 
hmSec2FMActionActivate OBJECT-TYPE
			 SYNTAX 		INTEGER {
			 				other (1),
			 				activate (2)
							}
			 MAX-ACCESS 	read-write
			 STATUS 		current
			 DESCRIPTION
				 "If set to activate(2), the action will be started.
				 When read, this variable returns always other(1)."
			 DEFVAL  { other }				 
			 ::= { hmSec2FileManagementActionGroup 7 }

			 
hmSec2FMActionActivateResult OBJECT-TYPE
			 SYNTAX 		INTEGER {
			 				ok (1),
			 				param-error (2),
			 				busy (3)
							}
			 MAX-ACCESS 	read-only
			 STATUS 		current
			 DESCRIPTION
				 "Either returns ok(1) if the action is successfully
				 started or param-error(2) if there is some problem
				 with the given parameters or returns busy(3) if there
				 is still an action in progress."
			 DEFVAL  { ok }				 
			 ::= { hmSec2FileManagementActionGroup 8 }
	
			 
hmSec2FMActionActivateResultText OBJECT-TYPE
			 SYNTAX 		DisplayString
			 MAX-ACCESS 	read-only
			 STATUS 		current
			 DESCRIPTION
				 "Text describing why the start of the operation
				 has failed."
			 ::= { hmSec2FileManagementActionGroup 9 }
			 
			 
hmSec2FMActionStatus OBJECT-TYPE
			 SYNTAX 		INTEGER {
			 				idle (1),
			 				running (2)
							}
			 MAX-ACCESS 	read-only
			 STATUS 		current
			 DESCRIPTION
				 "Returns the running status of the action."
			 ::= { hmSec2FileManagementActionGroup 10 }


hmSec2FMActionPercentReady OBJECT-TYPE
			 SYNTAX 		INTEGER (0..100)
			 MAX-ACCESS 	read-only
			 STATUS 		current
			 DESCRIPTION
				 "Estimation of how many percent of the operation
				 is done."
			 ::= { hmSec2FileManagementActionGroup 11 }
			 
			 
hmSec2FMActionResult OBJECT-TYPE
			 SYNTAX 		INTEGER {
			 				ok (1),
			 				error (2)
							}
			 MAX-ACCESS 	read-only
			 STATUS 		current
			 DESCRIPTION
				 "Error Status of the last action which has been performed."
			 ::= { hmSec2FileManagementActionGroup 12 }
	
			 
hmSec2FMActionResultText OBJECT-TYPE
			 SYNTAX 		DisplayString
			 MAX-ACCESS 	read-only
			 STATUS 		current
			 DESCRIPTION
				 "either OK or a descriptive text giving
				 a reason why the last operation failed"
			 ::= { hmSec2FileManagementActionGroup 13 }



hmSec2FileManagementProfileGroup OBJECT IDENTIFIER ::= { hmSec2FileManagementGroup 2 }

--
-- Profiles in non volative memory
--
hmSec2FMNvProfileTable OBJECT-TYPE
			 SYNTAX SEQUENCE OF HmSec2FMNvProfileEntry
			 MAX-ACCESS not-accessible
			 STATUS current
			 DESCRIPTION
				 "A list of Profiles stored in NV memory."
			 ::= { hmSec2FileManagementProfileGroup 1 }

hmSec2FMNvProfileEntry   OBJECT-TYPE
			 SYNTAX HmSec2FMNvProfileEntry
			 MAX-ACCESS not-accessible
			 STATUS current
			 DESCRIPTION "A profile entry."
			 INDEX { hmSec2FMNvProfileIndex }
			 ::= { hmSec2FMNvProfileTable 1 }
 
HmSec2FMNvProfileEntry ::= SEQUENCE {
			hmSec2FMNvProfileIndex				INTEGER,
			hmSec2FMNvProfileName				DisplayString,
			hmSec2FMNvProfileDateTime			TimeTicks,
			hmSec2FMNvProfileActive				INTEGER,
			hmSec2FMNvProfileAction				INTEGER
			}


hmSec2FMNvProfileIndex OBJECT-TYPE
			 SYNTAX 		INTEGER (1..100)
			 MAX-ACCESS 	read-only
			 STATUS 		current
			 DESCRIPTION
				 "Index of the profile entry."
			 ::= { hmSec2FMNvProfileEntry 1 }
	
			 
hmSec2FMNvProfileName OBJECT-TYPE
			 SYNTAX 		DisplayString (SIZE(0..32))
			 MAX-ACCESS 	read-only
			 STATUS 		current
			 DESCRIPTION
				 "name of entry consisting of alphanumeric
				 characters plus hyphen and underscore."
			 ::= { hmSec2FMNvProfileEntry 2 }
	
			 
hmSec2FMNvProfileDateTime OBJECT-TYPE
			 SYNTAX 		TimeTicks
			 MAX-ACCESS 	read-only
			 STATUS 		current
			 DESCRIPTION
				 "Time and Date of last write access using the
				 content of the variable hmSystemTime."
			 ::= { hmSec2FMNvProfileEntry 3 }
	
			 
hmSec2FMNvProfileActive OBJECT-TYPE
			 SYNTAX 		INTEGER {
			 				active (1),
			 				inactive (2)
							}
			 MAX-ACCESS 	read-write
			 STATUS 		current
			 DESCRIPTION
				 "Setting the variable to active(1) enables the profile
				 so that it will be used the next time the configuration
				 is reloaded. Setting the value to inactive(2) is not
				 allowed since there must be always one profile active."
			 ::= { hmSec2FMNvProfileEntry 4 }
	
			 
hmSec2FMNvProfileAction OBJECT-TYPE
			 SYNTAX 		INTEGER{
			 				other (1),
			 				delete (2)
							}
			 MAX-ACCESS 	read-write
			 STATUS 		current
			 DESCRIPTION
				 "Action to be performed on the profile entry. setting
				 the value to delete(2) erases the profile. If it was
				 the active profile then the first entry in the list 
				 becomes the active entry if the list is not empty.
				 On reading the variable always returns other(1)."
			 ::= { hmSec2FMNvProfileEntry 5 }
			 

--
-- Profiles on auto configuration adapter
--
hmSec2FMAcaProfileTable OBJECT-TYPE
			 SYNTAX SEQUENCE OF HmSec2FMAcaProfileEntry
			 MAX-ACCESS not-accessible
			 STATUS current
			 DESCRIPTION
				 "A list of Profiles stored in NV memory."
			 ::= { hmSec2FileManagementProfileGroup 2 }

hmSec2FMAcaProfileEntry   OBJECT-TYPE
			 SYNTAX HmSec2FMAcaProfileEntry
			 MAX-ACCESS not-accessible
			 STATUS current
			 DESCRIPTION "A profile entry."
			 INDEX { hmSec2FMAcaProfileIndex }
			 ::= { hmSec2FMAcaProfileTable 1 }
 
HmSec2FMAcaProfileEntry ::= SEQUENCE {
			hmSec2FMAcaProfileIndex				INTEGER,
			hmSec2FMAcaProfileName				DisplayString,
			hmSec2FMAcaProfileDateTime			TimeTicks,
			hmSec2FMAcaProfileActive			INTEGER,
			hmSec2FMAcaProfileAction			INTEGER
			}


hmSec2FMAcaProfileIndex OBJECT-TYPE
			 SYNTAX 		INTEGER (1..100)
			 MAX-ACCESS 	read-only
			 STATUS 		current
			 DESCRIPTION
				 "Index of the profile entry."
			 ::= { hmSec2FMAcaProfileEntry 1 }
	
			 
hmSec2FMAcaProfileName OBJECT-TYPE
			 SYNTAX 		DisplayString (SIZE(0..32))
			 MAX-ACCESS 	read-only
			 STATUS 		current
			 DESCRIPTION
				 "name of entry consisting of alphanumeric
				 characters plus hyphen and underscore."
			 ::= { hmSec2FMAcaProfileEntry 2 }
	
			 
hmSec2FMAcaProfileDateTime OBJECT-TYPE
			 SYNTAX 		TimeTicks
			 MAX-ACCESS 	read-only
			 STATUS 		current
			 DESCRIPTION
				 "Time and Date of last write access using the
				 content of the variable hmSystemTime."
			 ::= { hmSec2FMAcaProfileEntry 3 }
	
			 
hmSec2FMAcaProfileActive OBJECT-TYPE
			 SYNTAX 		INTEGER {
			 				active (1),
			 				inactive (2)
							}
			 MAX-ACCESS 	read-write
			 STATUS 		current
			 DESCRIPTION
				 "Setting the variable to active(1) enables the profile
				 so that it will be used the next time the configuration
				 is reloaded. Setting the value to inactive(2) is not
				 allowed since there must be always one profile active."
			 ::= { hmSec2FMAcaProfileEntry 4 }
	
			 
hmSec2FMAcaProfileAction OBJECT-TYPE
			 SYNTAX 		INTEGER{
			 				other (1),
			 				delete (2)
							}
			 MAX-ACCESS 	read-write
			 STATUS 		current
			 DESCRIPTION
				 "Action to be performed on the profile entry. setting
				 the value to delete(2) erases the profile.
				 Reading the variable always returns other(1)."
			 ::= { hmSec2FMAcaProfileEntry 5 }

			 

hmSec2FileManagementStatusGroup OBJECT IDENTIFIER ::= { hmSec2FileManagementGroup 3 }

hmSec2FMNvState OBJECT-TYPE
			 SYNTAX 		INTEGER{
			 				ok (1),
			 				out-of-sync (2)
							}
			 MAX-ACCESS 	read-only
			 STATUS 		current
			 DESCRIPTION
				 "This variable returns ok(1) if the contents
				 of the running-config is the same as the currently,
				 out-of-sync(2) if there are any differences.
				 used configuration in NV memory."
			 ::= { hmSec2FileManagementStatusGroup 1 }
			 

hmSec2FMAcaState OBJECT-TYPE
			 SYNTAX 		INTEGER{
			 				ok (1),
			 				out-of-sync (2),
			 				absent (3),
			 				autodisabled (4)
							}
			 MAX-ACCESS 	read-only
			 STATUS 		current
			 DESCRIPTION
				 "This variable returns ok(1) if the contents
				 of the currently used configuration on the ACA
				 is the same than that stored in NV memory,
				 out-of-sync(2) if there are any differences.
				 If the value is absent(3), then the auto config
				 adapter is not connected.
				 In case of autodisabled(4) the USB port or the 
				 auto configuration adapter has been disabled."
			 ::= { hmSec2FileManagementStatusGroup 2 }
			 




--
-- Logging Definitions --
--

hmSec2LoggingGroup OBJECT IDENTIFIER ::= { hmSec2Agent 10 }
hmSec2LoggingGeneral OBJECT IDENTIFIER ::= { hmSec2LoggingGroup 1 }


	hmSec2SyslogServerIPAddr   OBJECT-TYPE
			 SYNTAX 		IpAddress
			 MAX-ACCESS 	read-write
			 STATUS 		current
			 DESCRIPTION
                 "IP address of syslog server for logging.
				  Set this value to 0.0.0.0 to disable transmission to syslog server."
			 DEFVAL  { '00000000'H } -- 0.0.0.0

			 ::= { hmSec2LoggingGeneral 1 }


	hmSec2SyslogServerUdpPort   OBJECT-TYPE
		     SYNTAX         InetPortNumber
			 MAX-ACCESS 	read-write
			 STATUS 		current
			 DESCRIPTION
                 "UDP port used for syslog server transmission. If this value is
                  zero then the default port 514 is used."
			 DEFVAL  { 514 }

			 ::= { hmSec2LoggingGeneral 2 }


	hmSec2LogPermFileSize	OBJECT-TYPE
			 SYNTAX			INTEGER
			 MAX-ACCESS		read-write
			 STATUS 		current
			 DESCRIPTION
				 "Maximum persistent logfile size on ACA in Kbytes (0..4096).
				  If this value is zero logging is disabled."
			 DEFVAL  { 0 }

			 ::= { hmSec2LoggingGeneral 3 }


	hmSec2LogPermFilesMax	OBJECT-TYPE
			 SYNTAX			INTEGER
			 MAX-ACCESS		read-write
			 STATUS 		current
			 DESCRIPTION
				 "Maximum number of persistent logfiles on ACA (0..99).
				  If this value is zero logging and archiving is disabled."
			 DEFVAL  { 0 }

			 ::= { hmSec2LoggingGeneral 4 }


	hmSec2LogPermFilesLock	OBJECT-TYPE
			 SYNTAX			INTEGER	{
							enable(1),
							disable(2)
							}
			 MAX-ACCESS		read-write
			 STATUS 		current
			 DESCRIPTION
				 "Enable locking of persistent logfiles on ACA.
				  If it is enabled the ACA could be plugged-in/out securely."
			 DEFVAL  { disable }

			 ::= { hmSec2LoggingGeneral 5 }



--
-- Log level table
--

hmSec2LogLevelTable	OBJECT-TYPE
			 SYNTAX SEQUENCE OF HmSec2LogLevelEntry
			 MAX-ACCESS not-accessible
			 STATUS current
			 DESCRIPTION
				 "A list of log levels for various log categories"
			 ::= { hmSec2LoggingGroup 2 }

hmSec2LogLevelEntry   OBJECT-TYPE
			 SYNTAX HmSec2LogLevelEntry
			 MAX-ACCESS not-accessible
			 STATUS current
			 DESCRIPTION ""
			 INDEX { hmSec2LogLevelIndex }
			 ::= { hmSec2LogLevelTable 1 }
 
HmSec2LogLevelEntry ::= SEQUENCE {
			 hmSec2LogLevelIndex		INTEGER, -- facility
			 hmSec2LogLevelUpto         INTEGER, -- severity
             hmSec2LogLevelName         DisplayString, -- facility name
             hmSec2LogLevelDesc         DisplayString, -- facility description
             hmSec2LogLevelPerm         INTEGER -- facility logging
			 }

hmSec2LogLevelIndex   OBJECT-TYPE
			 SYNTAX 		 INTEGER
			 MAX-ACCESS 	 read-only
			 STATUS 		 current
			 DESCRIPTION
				 "An index that uniquely identifies the entry
				  in the table and so the log facility."
			 ::= { hmSec2LogLevelEntry 1 }


hmSec2LogLevelUpto   OBJECT-TYPE
		   	 SYNTAX			 INTEGER {
		   					 emergency(1),
							 alert(2),
							 critical(3),
							 error(4),
							 warning(5),
							 notice(6),
							 info(7),
							 debug(8)
					  }
			 MAX-ACCESS 		 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "Log level"
			 DEFVAL  { warning }
			 ::= { hmSec2LogLevelEntry 2 }


hmSec2LogLevelName   OBJECT-TYPE
                         SYNTAX                  DisplayString (SIZE (0..15))
                         MAX-ACCESS              read-only
                         STATUS                  current
                         DESCRIPTION
                             "Name of log facility"
                         ::= { hmSec2LogLevelEntry 3 }

hmSec2LogLevelDesc   OBJECT-TYPE
                         SYNTAX                  DisplayString (SIZE (0..127))
                         MAX-ACCESS              read-only
                         STATUS                  current
                         DESCRIPTION
                             "Description of log facility"
                         ::= { hmSec2LogLevelEntry 4 }

hmSec2LogLevelPerm   OBJECT-TYPE
                         SYNTAX                  INTEGER {
                                                 enable(1),
                                                 disable(2)
                                                 }
                         MAX-ACCESS              read-write
                         STATUS                  current
                         DESCRIPTION
                             "Enable logging to persistent logfile
                              on ACA for log facility"
                         DEFVAL  { disable }
                         ::= { hmSec2LogLevelEntry 5 }


--**************************************************************************************
--    hmSec2UserConfigGroup
--**************************************************************************************

hmSec2UserConfigGroup    OBJECT IDENTIFIER ::= { hmSec2Agent 20 }

hmSec2UserConfigTable OBJECT-TYPE
         SYNTAX      SEQUENCE OF HmSec2UserConfigEntry
         MAX-ACCESS  not-accessible
         STATUS      current
         DESCRIPTION 
                     "User Config Table. 
					  This table provides the functionality the system uses
					  for any interaction started by the user - Authentication,
                      Encryption - changing authentication, password and access mode
					  for login purposes through CLI, SSH, SNMPv3 ,.
					  The authentication is done through a policy defined in the
					  hmSec2UserAuthenticationList for CLI, SSH, ... ,. For SNMPv3
					  the standard SNMPv3 authentication/encryption methods are used.
					  To create a new user set hmSec2UserStatus to 'createAndWait,
					  and set the corresponding objects to their values. Setting
					  hmSec2UserStatus to 'active' activates the user. To delete a
					  user set hmSec2UserStatus to 'destroy'. Creating a new user
					  in the hmSec2UserConfigTable also creates a new user in the
					  SNMPv3 tables.
					  All objects in this table can be set while a row is 'active'."
         ::= { hmSec2UserConfigGroup 1 }
    
    hmSec2UserConfigEntry OBJECT-TYPE
         SYNTAX      HmSec2UserConfigEntry
         MAX-ACCESS  not-accessible
         STATUS      current
         DESCRIPTION 
                     "User Config Entry"
         INDEX { IMPLIED hmSec2UserName }
         ::= { hmSec2UserConfigTable 1 }

HmSec2UserConfigEntry ::= SEQUENCE {
                 hmSec2UserName
                     SnmpAdminString,
                 hmSec2UserPassword
                     DisplayString,
                 hmSec2UserAccessMode
                     INTEGER,
                 hmSec2UserSnmpAuthenticationType
                     INTEGER,
                 hmSec2UserSnmpEncryptionType
                     INTEGER,
				 hmSec2UserAuthenticationList
					 SnmpTagList,
                 hmSec2UserStatus
                     RowStatus                 
             }
    
    hmSec2UserName OBJECT-TYPE
         SYNTAX      SnmpAdminString (SIZE(1..128))
         MAX-ACCESS  not-accessible
         STATUS      current
         DESCRIPTION
                     "Agent User Name."
         ::= { hmSec2UserConfigEntry 1 }
        
    hmSec2UserPassword OBJECT-TYPE
         SYNTAX      DisplayString (SIZE(4..32))
         MAX-ACCESS  read-write
         STATUS      current
         DESCRIPTION
                     "Agent User Password
                     This object will always return '********' even if a password is set.
					 The User Password can be set while the row is active."
		 DEFVAL  { "" }
         ::= { hmSec2UserConfigEntry 2 }
        
    hmSec2UserAccessMode OBJECT-TYPE
         SYNTAX      INTEGER {
         			 no-access(0),
                     read-access(1),
                     read-write-access(2)
                  }
         MAX-ACCESS  read-write
         STATUS      current
         DESCRIPTION
                     "Agent User Access Mode.
					 The User Access Mode can be set while the row is active."
  		 DEFVAL  { no-access }
         ::= { hmSec2UserConfigEntry 3 }
        
    hmSec2UserSnmpAuthenticationType OBJECT-TYPE
         SYNTAX      INTEGER {
                     none(0),
                     hmacmd5(1),
                     hmacsha(2)
                  }
         MAX-ACCESS  read-write
         STATUS      current
         DESCRIPTION
                     "SNMPv3 User Authentication.  The user passsword must be set
                     to a string greater than or equal to 8 characters for this to be
                     set to anything but none(0).
                     
                     - none(0)      -> no authentication used
                     - hmacmd5(1)   -> Use HMAC-MD5 authentication
                     - hmacsha(2)   -> Use HMAC-SHA authentication

					 The User Authentication Type can be set while the row is active ."
 		 DEFVAL  { none }
         ::= { hmSec2UserConfigEntry 4 }

    hmSec2UserSnmpEncryptionType OBJECT-TYPE
         SYNTAX      INTEGER {
                     none(0),
                     des(1),
					 aes-cfb-128(2)
                  }
         MAX-ACCESS  read-write
         STATUS      current
         DESCRIPTION
                     "SNMPv3 User Encryption
                     Can not be set to des(2) or aes-cfb-128(3) if
					 hmSec2UserSnmpAuthenticationType is set to none(0).
                     - none(0) 			-> no encryption used
                     - des(1)  			-> DES encryption used
					 - aes-cfb-128(2)  	-> AES-128 encryption used
					 The User Encryption Type can be set while the row is active."
		 DEFVAL  { none }
         ::= { hmSec2UserConfigEntry 5 }
    
    hmSec2UserAuthenticationList OBJECT-TYPE
         SYNTAX      SnmpTagList (SIZE(1..128))
         MAX-ACCESS  read-write
         STATUS      current
         DESCRIPTION
                     "The authentication list used for this user to authenticate
					  to the system. 
 					  The User Authentication List can be set while the row is active."
 		 DEFVAL  { "systemLoginDefaultList" }
         ::= { hmSec2UserConfigEntry 6 }

    
    hmSec2UserStatus OBJECT-TYPE
         SYNTAX      RowStatus
         MAX-ACCESS  read-write
         STATUS      current
         DESCRIPTION
                     "Agent User Status.
                     active(1)  		- This user account is active.
					 notInService(2) 	- Row has been suspended.
					 notReady(3)		- Row has incomplete values.
					 createAndGo(4)		- Accept row values and activate.
					 createAndWait(5)	- Accept row values and wait.
                     destroy(6) 		- Set to this value to remove this user account."
         ::= { hmSec2UserConfigEntry 7 }

--**************************************************************************************
--    hmSec2UserAuthListGroup
--**************************************************************************************

    hmSec2UserAuthListGroup               OBJECT IDENTIFIER ::= { hmSec2Agent 30 }

    hmSec2UserAuthListTable OBJECT-TYPE
         SYNTAX      SEQUENCE OF HmSec2UserAuthListEntry
         MAX-ACCESS  not-accessible
         STATUS      current
         DESCRIPTION
                     "The hmSec2UserAuthListTable holds up to 3 policies
					  a user authenticates to the system."
         ::= { hmSec2UserAuthListGroup 1 }

    hmSec2UserAuthListEntry OBJECT-TYPE
         SYNTAX      HmSec2UserAuthListEntry
         MAX-ACCESS  not-accessible
         STATUS      current
         DESCRIPTION
                     "The hmSec2UserAuthListEntry."
         INDEX       { IMPLIED hmSec2UserAuthListName }
         ::= { hmSec2UserAuthListTable 1 }

    HmSec2UserAuthListEntry ::=
         SEQUENCE {
         hmSec2UserAuthListName
                 SnmpTagValue,
         hmSec2UserAuthListPolicy1
                 INTEGER,
         hmSec2UserAuthListPolicy2
                 INTEGER,
         hmSec2UserAuthListPolicy3
                 INTEGER,
         hmSec2UserAuthListStatus
                 RowStatus
         }

    hmSec2UserAuthListName OBJECT-TYPE
         SYNTAX      SnmpTagValue (SIZE(1..128))
         MAX-ACCESS  not-accessible
         STATUS      current
         DESCRIPTION
                     "Authentication List Index
                     Unique name used for indexing into this table."
         ::= { hmSec2UserAuthListEntry 1 }

    hmSec2UserAuthListPolicy1 OBJECT-TYPE
         SYNTAX      INTEGER {
					 none(1),
                     local(2),
                     radius(3),
                     deny(4)
                     }
         MAX-ACCESS  read-write
         STATUS      current
         DESCRIPTION
                     "Authenticion List Policy 1
                      Configures the first authentication policy to use when this list is
                      specified.
					  - none 	-> no authentication policy set
					  - local	-> authentication is done through local user DB
					  - radius	-> authentication is done through a RADIUS server
					  - deny	-> no authentication is ever allowed for this user name"
         ::= { hmSec2UserAuthListEntry 2 }

    hmSec2UserAuthListPolicy2 OBJECT-TYPE
         SYNTAX      INTEGER {
					 none(1),
                     local(2),
                     radius(3),
                     deny(4)
                     }
         MAX-ACCESS  read-write
         STATUS      current
         DESCRIPTION
                     "Authenticion List Policy 2
                      Configures the second authentication policy to use when this list is
                      specified.
 					  - none 	-> no authentication policy set
					  - local	-> authentication is done through local user DB
					  - radius	-> authentication is done through a RADIUS server
					  - deny	-> no authentication is ever allowed for this user name"
         ::= { hmSec2UserAuthListEntry 3 }

    hmSec2UserAuthListPolicy3 OBJECT-TYPE
         SYNTAX      INTEGER {
					 none(1),
                     local(2),
                     radius(3),
                     deny(4)
                     }
         MAX-ACCESS  read-write
         STATUS      current
         DESCRIPTION
                     "Authenticion List Policy 3
                      Configures the third authentication policy to use when this list is
                      specified.
					  - none 	-> no authentication policy set
					  - local	-> authentication is done through local user DB
					  - radius	-> authentication is done through a RADIUS server
					  - deny	-> no authentication is ever allowed for this user name"
         ::= { hmSec2UserAuthListEntry 4 }

    hmSec2UserAuthListStatus OBJECT-TYPE
         SYNTAX      RowStatus
         MAX-ACCESS  read-write
         STATUS      current
         DESCRIPTION
                     "The status of the Authentication List.
                     active(1)  		- This auth list is active.
					 notInService(2) 	- Row has been suspended.
					 notReady(3)		- Row has incomplete values.
					 createAndGo(4)		- Accept row values and activate.
					 createAndWait(5)	- Accept row values and wait.
                     destroy(6) 		- Set to this value to remove this auth list."
         ::= { hmSec2UserAuthListEntry 5 }

    
	hmSec2UserAuthListDefault OBJECT-TYPE
         SYNTAX      SnmpTagValue (SIZE(0..128))
         MAX-ACCESS  read-write
         STATUS      current
         DESCRIPTION
                     "Default System Login Authentication List
					  This object configures the Authentication List to be used for 
					  non-configured users for System Login. An empty string means
					  this object is not configured -> non-configured users never
					  grant System Login access.
					  The list must be configured in the hmSec2UserAuthListTable before setting."
         ::= { hmSec2UserAuthListGroup 2 }


    hmSec2UserFirewallAuthListDefault OBJECT-TYPE
         SYNTAX      SnmpTagValue (SIZE(0..128))
         MAX-ACCESS  read-write 
         STATUS      current
         DESCRIPTION
                     "Default User Firewall Login Authentication List
					  This object configures the Authentication List to be used for 
					  non-configured users for User Firewall Login. An empty string means
					  this object is not configured -> non-configured users never
					  grant User Firewall Login access.
					  The list must be configured in the hmSec2UserAuthListTable before setting."
         ::= { hmSec2UserAuthListGroup 3 }

--**************************************************************************************
--    hmSec2UsrFwUserGroup
--**************************************************************************************

hmSec2UsrFwUserGroup    OBJECT IDENTIFIER ::= { hmSec2Agent 40 }

hmSec2UsrFwUserGroupAuth OBJECT-TYPE
			 SYNTAX 		INTEGER {
			 				enable (1),
			 				disable (2)
							}
			 MAX-ACCESS 	read-write
			 STATUS 		current
			 DESCRIPTION
				 "Enables/Disables Group Authentication for User Firewall users."
			 DEFVAL  { disable }				 
			 ::= { hmSec2UsrFwUserGroup 1 }

hmSec2UsrFwUserTable OBJECT-TYPE
         SYNTAX      SEQUENCE OF HmSec2UsrFwUserEntry
         MAX-ACCESS  not-accessible
         STATUS      current
         DESCRIPTION 
                     "Firewall User Config Table. 
                     This table provides the functionality the system uses
                     for Firewal Users management.
                     To create a new user set hmSec2UsrFwUserStatus to 'createAndWait',
                     and set the corresponding objects to their values.
                     Setting hmSec2UsrFwUserStatus to 'active' activates the user.
                     To delete a user set hmSec2UsrFwUserStatus to 'destroy'.
                     Creating a new user in the hmSec2UsrFwUserTable also
                     creates a new user in the SNMPv3 tables.
                     All objects in this table can be set while a row is 'active'."
         ::= { hmSec2UsrFwUserGroup 2 }
    
    hmSec2UsrFwUserEntry OBJECT-TYPE
         SYNTAX      HmSec2UsrFwUserEntry
         MAX-ACCESS  not-accessible
         STATUS      current
         DESCRIPTION 
                     "User Config Entry"
         INDEX { IMPLIED hmSec2UsrFwUserName }
         ::= { hmSec2UsrFwUserTable 1 }

HmSec2UsrFwUserEntry ::= SEQUENCE {
                 hmSec2UsrFwUserName		SnmpAdminString,
                 hmSec2UsrFwUserPassword	DisplayString,
                 hmSec2UsrFwUserAuthList	SnmpTagValue,
                 hmSec2UsrFwUserLoginStatus INTEGER,
                 hmSec2UsrFwUserLoginAddr	DisplayString,
                 hmSec2UsrFwUserStatus		RowStatus                 
             }
    
    hmSec2UsrFwUserName OBJECT-TYPE
         SYNTAX      SnmpAdminString (SIZE(1..128))
         MAX-ACCESS  read-only
         STATUS      current
         DESCRIPTION
                     "Firewall User Name."
         ::= { hmSec2UsrFwUserEntry 1 }
        
    hmSec2UsrFwUserPassword OBJECT-TYPE
         SYNTAX      DisplayString (SIZE(5..32))
         MAX-ACCESS  read-write
         STATUS      current
         DESCRIPTION
                     "Firewall User Password
                     This object will always return '********' even if a
                     password is set.
                     The User Password can be set while the row is active."
         DEFVAL  { "" }
         ::= { hmSec2UsrFwUserEntry 2 }
        
    hmSec2UsrFwUserAuthList OBJECT-TYPE
         SYNTAX      SnmpTagValue (SIZE(1..128))
         MAX-ACCESS  read-write
         STATUS      current
         DESCRIPTION
                     "The authentication list used for this user to authenticate
                     to the system. 
                     The User Authentication List can be set while the row is active."
         DEFVAL  { "systemLoginDefaultList" }
         ::= { hmSec2UsrFwUserEntry 3 }
    
	hmSec2UsrFwUserLoginStatus OBJECT-TYPE
         SYNTAX      INTEGER {
                         logout (1),
                         login (2)
					 }
         MAX-ACCESS  read-write
         STATUS      current
         DESCRIPTION
                     "Log-in status of the firewall user."
         ::= { hmSec2UsrFwUserEntry 4 }

    hmSec2UsrFwUserLoginAddr OBJECT-TYPE
         SYNTAX      DisplayString (SIZE(0..20))
         MAX-ACCESS  read-only
         STATUS      current
         DESCRIPTION
                     "The IP address the firewall user logged in from,
                     or epty string if the user isn't logged in."
         ::= { hmSec2UsrFwUserEntry 5 }
    
    hmSec2UsrFwUserStatus OBJECT-TYPE
         SYNTAX      RowStatus
         MAX-ACCESS  read-write
         STATUS      current
         DESCRIPTION
                     "Firewall User Status.
                     active(1)        - This user account is active.
                     notInService(2)  - Row has been suspended.
                     notReady(3)      - Row has incomplete values.
                     createAndGo(4)   - Accept row values and activate.
                     createAndWait(5) - Accept row values and wait.
                     destroy(6)       - Set to this value to remove this user account."
         ::= { hmSec2UsrFwUserEntry 6 }


--
-- Radius client support
--

hmSec2Radius OBJECT IDENTIFIER ::= { hmSec2Security 1 }
hmSec2RadiusClient OBJECT IDENTIFIER ::= { hmSec2Radius 1 }

hmSec2RadiusMaxRetries OBJECT-TYPE
            SYNTAX      Integer32 (1..15)
            MAX-ACCESS  read-write
            STATUS      current
            DESCRIPTION
                "Maximum number of retransmissions of a radius request packet"
            DEFVAL { 3 }
            ::= { hmSec2RadiusClient 1 }

hmSec2RadiusTimeout OBJECT-TYPE
            SYNTAX      Integer32 (1..30)
            MAX-ACCESS  read-write
            STATUS      current
            DESCRIPTION
                "Time out duration (in seconds) before packets are retransmitted"
            DEFVAL { 3 }
            ::= { hmSec2RadiusClient 2 }


--
-- Radius Authentication Servers
--

hmSec2RadiusAuthServerTable OBJECT-TYPE
            SYNTAX      SEQUENCE OF HmSec2RadiusAuthServerEntry
            MAX-ACCESS  not-accessible
            STATUS      current
            DESCRIPTION
                "List of radius authentication servers.
                 The priority of a server depends on the position in the table,
                 i.e. the primary server is the first one in the table,
                 the secondary is the second one, etc."
            ::= { hmSec2RadiusClient 10 }

hmSec2RadiusAuthServerEntry OBJECT-TYPE
            SYNTAX      HmSec2RadiusAuthServerEntry
            MAX-ACCESS  not-accessible
            STATUS      current
            DESCRIPTION
                "A radius authentication server entry."
            INDEX       { hmSec2RadiusAuthServerIndex }
            ::= { hmSec2RadiusAuthServerTable 1 }
         
HmSec2RadiusAuthServerEntry ::=
            SEQUENCE {
            hmSec2RadiusAuthServerIndex     Integer32,
            hmSec2RadiusAuthServerAddress   IpAddress,
            hmSec2RadiusAuthServerPort      Integer32,
            hmSec2RadiusAuthServerSecret    DisplayString,
            hmSec2RadiusAuthServerStatus    RowStatus
            }

hmSec2RadiusAuthServerIndex OBJECT-TYPE
            SYNTAX      Integer32 (1..3)
            MAX-ACCESS  not-accessible
            STATUS      current
            DESCRIPTION
                "Table index."
            ::= { hmSec2RadiusAuthServerEntry 1 }

hmSec2RadiusAuthServerAddress OBJECT-TYPE
            SYNTAX      IpAddress
            MAX-ACCESS  read-write
            STATUS      current
            DESCRIPTION
                "IP address of the radius authentication server."
            ::= { hmSec2RadiusAuthServerEntry 2 }

hmSec2RadiusAuthServerPort OBJECT-TYPE
            SYNTAX      Integer32 (1..65535)
            MAX-ACCESS  read-write
            STATUS      current
            DESCRIPTION
                "Port number of the radius authentication server."
            DEFVAL { 1812 }
            ::= { hmSec2RadiusAuthServerEntry 3 }

hmSec2RadiusAuthServerSecret OBJECT-TYPE
            SYNTAX      DisplayString (SIZE(0..20))
            MAX-ACCESS  read-write
            STATUS      current
            DESCRIPTION
                "Shared secret for the radius authentication server."
            ::= { hmSec2RadiusAuthServerEntry 4 }

hmSec2RadiusAuthServerStatus OBJECT-TYPE
            SYNTAX      RowStatus
            MAX-ACCESS  read-write
            STATUS      current
            DESCRIPTION
                "Row status of this entry:
                 active(1)       - Authentication entry is active.
                 notInService(2) - Entry has been suspended."
            ::= { hmSec2RadiusAuthServerEntry 5 }


--
-- Firewall Definitions --
--

--
-- Denial of Service variables --
--
hmSec2FirewallDenialOfServiceGroup OBJECT IDENTIFIER ::= { hmSec2Firewall 1 }

hmSec2FirewallDenialOfServiceVars OBJECT IDENTIFIER ::= { hmSec2FirewallDenialOfServiceGroup 1 }


hmSec2FwDosInSynLimit   OBJECT-TYPE
		   	 SYNTAX			 Integer32 (1..999999)
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "Maximum number of new incoming TCP connections (SYN) per second."
			 DEFVAL  { 25 }                
			 ::= { hmSec2FirewallDenialOfServiceVars 1 }

hmSec2FwDosOutSynLimit   OBJECT-TYPE
		   	 SYNTAX			 Integer32 (1..999999)
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "Maximum number of new outgoing TCP connections (SYN) per second."
			 DEFVAL  { 75 }                
			 ::= { hmSec2FirewallDenialOfServiceVars 2 }

hmSec2FwDosInPingLimit   OBJECT-TYPE
		   	 SYNTAX			 Integer32 (1..999999)
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "Maximum number of incoming ping frames (ICMP Echo Request) per second."
			 DEFVAL  { 3 }                
			 ::= { hmSec2FirewallDenialOfServiceVars 3 }

hmSec2FwDosOutPingLimit   OBJECT-TYPE
		   	 SYNTAX			 Integer32 (1..999999)
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "Maximum number of outgoing ping frames (ICMP Echo Request) per second"
			 DEFVAL  { 5 }                
			 ::= { hmSec2FirewallDenialOfServiceVars 4 }

hmSec2FwDosInArpLimit   OBJECT-TYPE
		   	 SYNTAX			 Integer32 (1..999999)
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "Maximum number of incoming ARP frames per second."
			 DEFVAL  { 500 }                
			 ::= { hmSec2FirewallDenialOfServiceVars 5 }

hmSec2FwDosOutArpLimit   OBJECT-TYPE
		   	 SYNTAX			 Integer32 (1..999999)
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "Maximum number of outgoing ARP frames per second."
			 DEFVAL  { 500 }                
			 ::= { hmSec2FirewallDenialOfServiceVars 6 }

hmSec2FwDosInSynLimitLog   OBJECT-TYPE
		     SYNTAX			 INTEGER {
							 enable(1),
							 disable(2)
					  }
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "Enables or disables logging for incoming DOS rules."
			 DEFVAL  { enable }                
			 ::= { hmSec2FirewallDenialOfServiceVars 7 }

hmSec2FwDosOutSynLimitLog   OBJECT-TYPE
		     SYNTAX			 INTEGER {
							 enable(1),
							 disable(2)
					  }
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "Enables or disables logging for outgoing DOS rules."
			 DEFVAL  { enable }                
			 ::= { hmSec2FirewallDenialOfServiceVars 8 }

hmSec2FwDosInPingLimitLog   OBJECT-TYPE
		     SYNTAX			 INTEGER {
							 enable(1),
							 disable(2)
					  }
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "Enables or disables logging for incoming DOS rules."
			 DEFVAL  { enable }                
			 ::= { hmSec2FirewallDenialOfServiceVars 9 }

hmSec2FwDosOutPingLimitLog   OBJECT-TYPE
		     SYNTAX			 INTEGER {
							 enable(1),
							 disable(2)
					  }
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "Enables or disables logging for outgoing DOS rules."
			 DEFVAL  { enable }                
			 ::= { hmSec2FirewallDenialOfServiceVars 10 }

hmSec2FwDosInArpLimitLog   OBJECT-TYPE
		     SYNTAX			 INTEGER {
							 enable(1),
							 disable(2)
					  }
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "Enables or disables logging for incoming DOS rules."
			 DEFVAL  { enable }                
			 ::= { hmSec2FirewallDenialOfServiceVars 11 }

hmSec2FwDosOutArpLimitLog   OBJECT-TYPE
		     SYNTAX			 INTEGER {
							 enable(1),
							 disable(2)
					  }
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "Enables or disables logging for outgoing DOS rules."
			 DEFVAL  { enable }                
			 ::= { hmSec2FirewallDenialOfServiceVars 12 }

--
-- MAC Rules for incoming traffic variables --
--
hmSec2FirewallL2PacketFilterGroup OBJECT IDENTIFIER ::= { hmSec2Firewall 2 }
hmSec2FirewallL2PfIncomingGroup OBJECT IDENTIFIER ::= { hmSec2FirewallL2PacketFilterGroup 1 }
hmSec2FirewallL2PfOutgoingGroup OBJECT IDENTIFIER ::= { hmSec2FirewallL2PacketFilterGroup 2 }


--
-- MAC Rules for incoming traffic table --
--
hmSec2FwL2PfInTable	OBJECT-TYPE
			 SYNTAX SEQUENCE OF HmSec2FwL2PfInEntry
			 MAX-ACCESS not-accessible
			 STATUS current
			 DESCRIPTION
				 "A list of MAC rules for incoming traffic."
			 ::= { hmSec2FirewallL2PfIncomingGroup 1 }

hmSec2FwL2PfInEntry   OBJECT-TYPE
			 SYNTAX HmSec2FwL2PfInEntry
			 MAX-ACCESS not-accessible
			 STATUS current
			 DESCRIPTION ""
			 INDEX { hmSec2FwL2PfInIndex }
			 ::= { hmSec2FwL2PfInTable 1 }
 
HmSec2FwL2PfInEntry ::= SEQUENCE {
			 hmSec2FwL2PfInIndex		Integer32,
			 hmSec2FwL2PfInSrcAddr		DisplayString,
			 hmSec2FwL2PfInDstAddr		DisplayString,
			 hmSec2FwL2PfInProto		DisplayString,
			 hmSec2FwL2PfInAction		INTEGER,
			 hmSec2FwL2PfInLog			INTEGER,
			 hmSec2FwL2PfInDesc			DisplayString,
			 hmSec2FwL2PfInErrorText	DisplayString,
			 hmSec2FwL2PfInRowStatus	RowStatus
			 }

hmSec2FwL2PfInIndex   OBJECT-TYPE
			 SYNTAX 		 Integer32
			 MAX-ACCESS 	 read-only
			 STATUS 		 current
			 DESCRIPTION
				 "An index that uniquely identifies the entry in the table. The
				  index must be choosen in ascending and compact order. It may
				  change if a rule (not the last in list) is deleted or a new
				  row is inserted."
			 ::= { hmSec2FwL2PfInEntry 1 }

hmSec2FwL2PfInSrcAddr   OBJECT-TYPE
			 SYNTAX 		 DisplayString (SIZE (0..20))
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
			     "Single MAC address aa:bb:cc:dd:ee:ff or address with
                  wildcards aa:bb:??:dd:ee:ff or the keywords 'me'
                  or 'any'."
			 DEFVAL  { "any" }
			 ::= { hmSec2FwL2PfInEntry 2 }

hmSec2FwL2PfInDstAddr   OBJECT-TYPE
			 SYNTAX 		 DisplayString (SIZE (0..20))
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
			     "Single MAC address aa:bb:cc:dd:ee:ff or address with
                  wildcards aa:bb:??:dd:ee:ff or the keywords 'me'
                  or 'any'."
			 DEFVAL  { "any" }                
			 ::= { hmSec2FwL2PfInEntry 4 }

hmSec2FwL2PfInProto   OBJECT-TYPE
		   	 SYNTAX			 DisplayString (SIZE (0..10))
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "The Ethernet protocol as a hexadecimal number
                  in range 0000 - FFFF or the keyword 'any' for
                  protocol-independent filtering."
			 DEFVAL  { "any" }
			 ::= { hmSec2FwL2PfInEntry 6 }

hmSec2FwL2PfInAction   OBJECT-TYPE
		   	 SYNTAX			 INTEGER {
							 accept(1),
							 drop(2)
					  }
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "Action to be performed if the filter rule matches"
			 DEFVAL  { accept }                
			 ::= { hmSec2FwL2PfInEntry 7 }

hmSec2FwL2PfInLog	   OBJECT-TYPE
		     SYNTAX			 INTEGER {
							 enable(1),
							 disable(2),
							 logAndTrap(3)
					  }
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "Enables or disables logging for packets matching this rule."
			 DEFVAL  { disable }                
			 ::= { hmSec2FwL2PfInEntry 8 }

hmSec2FwL2PfInDesc   OBJECT-TYPE
			 SYNTAX 		 DisplayString (SIZE (0..128))
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "user defined text"
			 DEFVAL  { "" }                
			 ::= { hmSec2FwL2PfInEntry 9 }

hmSec2FwL2PfInErrorText   OBJECT-TYPE
			 SYNTAX 		 DisplayString (SIZE (0..128))
			 MAX-ACCESS 	 read-only
			 STATUS 		 current
			 DESCRIPTION
				 "error text"
			 DEFVAL  { "" }                
			 ::= { hmSec2FwL2PfInEntry 10 }

hmSec2FwL2PfInRowStatus   OBJECT-TYPE
			 SYNTAX 		 RowStatus
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "the row status for the table entry"
			 ::= { hmSec2FwL2PfInEntry 11 }


--
-- MAC Rules for outgoing traffic table --
--
hmSec2FwL2PfOutTable	OBJECT-TYPE
			 SYNTAX SEQUENCE OF HmSec2FwL2PfOutEntry
			 MAX-ACCESS not-accessible
			 STATUS current
			 DESCRIPTION
				 "A list of the MAC rules for outgoing traffic"
			 ::= { hmSec2FirewallL2PfOutgoingGroup 1 }

hmSec2FwL2PfOutEntry   OBJECT-TYPE
			 SYNTAX HmSec2FwL2PfOutEntry
			 MAX-ACCESS not-accessible
			 STATUS current
			 DESCRIPTION ""
			 INDEX { hmSec2FwL2PfOutIndex }
			 ::= { hmSec2FwL2PfOutTable 1 }
 
HmSec2FwL2PfOutEntry ::= SEQUENCE {
			 hmSec2FwL2PfOutIndex		Integer32,
			 hmSec2FwL2PfOutSrcAddr		DisplayString,
			 hmSec2FwL2PfOutDstAddr		DisplayString,
			 hmSec2FwL2PfOutProto		DisplayString,
			 hmSec2FwL2PfOutAction		INTEGER,
			 hmSec2FwL2PfOutLog			INTEGER,
			 hmSec2FwL2PfOutDesc		DisplayString,
			 hmSec2FwL2PfOutErrorText	DisplayString,
			 hmSec2FwL2PfOutRowStatus	RowStatus
			 }

hmSec2FwL2PfOutIndex   OBJECT-TYPE
			 SYNTAX 		 Integer32
			 MAX-ACCESS 	 read-only
			 STATUS 		 current
			 DESCRIPTION
				 "An index that uniquely identifies the entry in the table. The
				  index must be choosen in ascending and compact order. It may
				  change if a rule (not the last in list) is deleted or a new
				  row is inserted."
			 ::= { hmSec2FwL2PfOutEntry 1 }

hmSec2FwL2PfOutSrcAddr   OBJECT-TYPE
			 SYNTAX 		 DisplayString (SIZE (0..20))
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
			     "Single address aa:bb:cc:dd:ee:ff or address with
                 wildcards aa:bb:??:dd:ee:ff or the keywords 'me'
                 or 'any'."
			 DEFVAL  { "any" }
			 ::= { hmSec2FwL2PfOutEntry 2 }

hmSec2FwL2PfOutDstAddr   OBJECT-TYPE
			 SYNTAX 		 DisplayString (SIZE (0..20))
			 MAX-ACCESS 		 read-write
			 STATUS 		 current
			 DESCRIPTION
			     "Single address aa:bb:cc:dd:ee:ff or address with
                 wildcards aa:bb:??:dd:ee:ff or the keywords 'me'
                 or 'any'."
			 DEFVAL  { "any" }
			 ::= { hmSec2FwL2PfOutEntry 4 }

hmSec2FwL2PfOutProto   OBJECT-TYPE
		   	 SYNTAX			 DisplayString (SIZE (0..10))
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "The Ethernet protocol as a hexdecimal number
                 in range 0000 - FFFF or the keyword 'any' for
                 protocol-independent filtering."
			 DEFVAL  { "any" }
			 ::= { hmSec2FwL2PfOutEntry 6 }

hmSec2FwL2PfOutAction   OBJECT-TYPE
		   	 SYNTAX			 INTEGER {
							 accept(1),
							 drop(2)
					  }
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "Action to be performed if the firewall rule matches"
			 DEFVAL  { drop }                
			 ::= { hmSec2FwL2PfOutEntry 7 }

hmSec2FwL2PfOutLog	   OBJECT-TYPE
		   	 SYNTAX			 INTEGER {
							 enable(1),
							 disable(2),
							 logAndTrap(3)
					  }
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "Enables or disables logging for packets matching this rule"
			 DEFVAL  { disable }                
			 ::= { hmSec2FwL2PfOutEntry 8 }

hmSec2FwL2PfOutDesc   OBJECT-TYPE
			 SYNTAX 		 DisplayString (SIZE (0..128))
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "User defined text."
			 DEFVAL  { "" }                
			 ::= { hmSec2FwL2PfOutEntry 9 }

hmSec2FwL2PfOutErrorText   OBJECT-TYPE
			 SYNTAX 		 DisplayString (SIZE (0..128))
			 MAX-ACCESS 	 read-only
			 STATUS 		 current
			 DESCRIPTION
				 "Error text."
			 DEFVAL  { "" }                
			 ::= { hmSec2FwL2PfOutEntry 10 }

hmSec2FwL2PfOutRowStatus   OBJECT-TYPE
			 SYNTAX 		 RowStatus
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "The row status for this table entry."
			 ::= { hmSec2FwL2PfOutEntry 11 }





--
-- IP Rules for incoming traffic variables --
--
hmSec2FirewallL3PacketFilterGroup OBJECT IDENTIFIER ::= { hmSec2Firewall 3 }
hmSec2FirewallL3PfIncomingGroup OBJECT IDENTIFIER ::= { hmSec2FirewallL3PacketFilterGroup 1 }
hmSec2FirewallL3PfOutgoingGroup OBJECT IDENTIFIER ::= { hmSec2FirewallL3PacketFilterGroup 2 }


--
-- IP Rules for incoming traffic table --
--
hmSec2FwL3PfInTable	OBJECT-TYPE
			 SYNTAX SEQUENCE OF HmSec2FwL3PfInEntry
			 MAX-ACCESS not-accessible
			 STATUS current
			 DESCRIPTION
				 "A list of the IP rules for incoming traffic."
			 ::= { hmSec2FirewallL3PfIncomingGroup 1 }

hmSec2FwL3PfInEntry   OBJECT-TYPE
			 SYNTAX HmSec2FwL3PfInEntry
			 MAX-ACCESS not-accessible
			 STATUS current
			 DESCRIPTION ""
			 INDEX { hmSec2FwL3PfInIndex }
			 ::= { hmSec2FwL3PfInTable 1 }
 
HmSec2FwL3PfInEntry ::= SEQUENCE {
			 hmSec2FwL3PfInIndex		Integer32,
			 hmSec2FwL3PfInSrcNet		DisplayString,
			 hmSec2FwL3PfInSrcPort		DisplayString,
			 hmSec2FwL3PfInDstNet		DisplayString,
			 hmSec2FwL3PfInDstPort		DisplayString,
			 hmSec2FwL3PfInProto		DisplayString,
			 hmSec2FwL3PfInAction		INTEGER,
			 hmSec2FwL3PfInLog			INTEGER,
			 hmSec2FwL3PfInDesc			DisplayString,
			 hmSec2FwL3PfInErrorText	DisplayString,
			 hmSec2FwL3PfInRowStatus	RowStatus
			 }

hmSec2FwL3PfInIndex   OBJECT-TYPE
			 SYNTAX 		 Integer32
			 MAX-ACCESS 	 read-only
			 STATUS 		 current
			 DESCRIPTION
				 "An index that uniquely identifies the entry in the table. The
				  index must be choosen in ascending and compact order. It may
				  change if a rule (not the last in list) is deleted or a new
				  row is inserted."
			 ::= { hmSec2FwL3PfInEntry 1 }

hmSec2FwL3PfInSrcNet   OBJECT-TYPE
			 SYNTAX 		 DisplayString (SIZE (0..20))
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
                 "Single address (a.b.c.d) or address range in
                  CIDR notation (a.b.c.d/n) or the keywords 'me'
                  or 'any'."
			 DEFVAL  { "any" }
			 ::= { hmSec2FwL3PfInEntry 2 }

hmSec2FwL3PfInSrcPort   OBJECT-TYPE
			 SYNTAX 		 DisplayString (SIZE (0..20))
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
                 "Port expression or the keyword 'any'. A port expressions is
                  structured as 'port' (default), 'op port' or 'port1 op port2',
                  where 'op' is a mathematical operator for:
                  o  equal (default)           =
                  o  unequal                   !=
                  o  less than                 <
                  o  less than or equal        <=
                  o  greater than              >
                  o  greater than or equal to  >=
                  o  outside range             <>
                  o  inside range              ><

                  The port must be specified as a decimal number or one of the
                  aliases:
                  o  tcp/udp: echo (7)
                  o  tcp/udp: discard, sink, null (9)
                  o  tcp: ftp-data (20)
                  o  tcp: ftp (21)
                  o  tcp/udp: ssh (22)
                  o  tcp: telnet (23)
                  o  tcp/udp: domain, nameserver (53)
                  o  tcp/udp: bootps (67)
                  o  tcp/udp: bootpc (68)
                  o  udp: tftp (69)
                  o  tcp/udp: www, http (80)
                  o  tcp/udp: kerberos, krb5 (88)
                  o  tcp: sftp (115)
                  o  tcp/udp: ntp (123)
                  o  udp: snmp (161)
                  o  udp: snmp-trap, snmptrap (162)
                  o  tcp/udp: bgp (179)
                  o  tcp/udp: ldap (389)
                  o  tcp/udp: https (443)
                  
                  For ICMP only:
                  ICMP type and code can be specified as:
                  o 'type <i>'
                  o 'type <i> code <j>'
                  where <i> and <j> are decimal numbers (0..255)."
			 DEFVAL  { "any" }                
			 ::= { hmSec2FwL3PfInEntry 3 }

hmSec2FwL3PfInDstNet   OBJECT-TYPE
			 SYNTAX 		 DisplayString (SIZE (0..20))
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
                 "Single address (a.b.c.d) or address range in CIDR notation
                  (a.b.c.d/n) or the keywords 'me' or 'any'."
			 DEFVAL  { "any" }                
			 ::= { hmSec2FwL3PfInEntry 4 }

hmSec2FwL3PfInDstPort   OBJECT-TYPE
			 SYNTAX 		 DisplayString (SIZE (0..20))
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
                 "Port expression or the keyword 'any'. A port expressions is
                  structured as 'port' (default), 'op port' or 'port1 op port2',
                  where 'op' is a mathematical operator for:
                  o  equal (default)           =
                  o  unequal                   !=
                  o  less than                 <
                  o  less than or equal        <=
                  o  greater than              >
                  o  greater than or equal to  >=
                  o  outside range             <>
                  o  inside range              ><

                  The port must be specified as a decimal number or one of the
                  aliases:
                  o  tcp/udp: echo (7)
                  o  tcp/udp: discard, sink, null (9)
                  o  tcp: ftp-data (20)
                  o  tcp: ftp (21)
                  o  tcp/udp: ssh (22)
                  o  tcp: telnet (23)
                  o  tcp/udp: domain, nameserver (53)
                  o  tcp/udp: bootps (67)
                  o  tcp/udp: bootpc (68)
                  o  udp: tftp (69)
                  o  tcp/udp: www, http (80)
                  o  tcp/udp: kerberos, krb5 (88)
                  o  tcp: sftp (115)
                  o  tcp/udp: ntp (123)
                  o  udp: snmp (161)
                  o  udp: snmp-trap, snmptrap (162)
                  o  tcp/udp: bgp (179)
                  o  tcp/udp: ldap (389)
                  o  tcp/udp: https (443)"
			 DEFVAL  { "any" }                
			 ::= { hmSec2FwL3PfInEntry 5 }

hmSec2FwL3PfInProto   OBJECT-TYPE
		   	 SYNTAX			 DisplayString (SIZE (0..10))
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "The IP protocol (RFC 791) as a decimal number (in range 1 -
                  255), a name or the keyword 'any' for protocol-independent
                  filtering. The following protocol names are currently
                  supported:
                  o  'icmp': internet control message protocol (RFC 792)
                  o  'igmp': internet group management protocol
                  o  'ipip': IP in IP tunneling (RFC 1853)
                  o  'tcp': transmission control protocol (RFC 793)
                  o  'udp': user datagram protocol (RFC 768)
                  o  'esp': IPsec encapsulated security payload (RFC 2406)
                  o  'ah': IPsec authentication header (RFC 2402)
                  o  'ipv6-icmp': internet control message protocol for IPv6"
			 DEFVAL  { "any" }
			 ::= { hmSec2FwL3PfInEntry 6 }

hmSec2FwL3PfInAction   OBJECT-TYPE
		   	 SYNTAX			 INTEGER {
							 accept(1),
							 drop(2),
							 reject(3)
					  }
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "Action to be performed if the firewall rule matches."
			 DEFVAL  { accept }                
			 ::= { hmSec2FwL3PfInEntry 7 }

hmSec2FwL3PfInLog	   OBJECT-TYPE
		     SYNTAX			 INTEGER {
							 enable(1),
							 disable(2),
							 logAndTrap(3)
					  }
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "Enables or disables logging for packets matching this rule."
			 DEFVAL  { disable }                
			 ::= { hmSec2FwL3PfInEntry 8 }

hmSec2FwL3PfInDesc   OBJECT-TYPE
			 SYNTAX 		 DisplayString (SIZE (0..128))
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "User defined text."
			 DEFVAL  { "" }                
			 ::= { hmSec2FwL3PfInEntry 9 }

hmSec2FwL3PfInErrorText   OBJECT-TYPE
			 SYNTAX 		 DisplayString (SIZE (0..128))
			 MAX-ACCESS 	 read-only
			 STATUS 		 current
			 DESCRIPTION
				 "Error text."
			 DEFVAL  { "" }                
			 ::= { hmSec2FwL3PfInEntry 10 }

hmSec2FwL3PfInRowStatus   OBJECT-TYPE
			 SYNTAX 		 RowStatus
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "The row status of this table entry."
			 ::= { hmSec2FwL3PfInEntry 11 }


hmSec2FwL3PfInLogNonMatching   OBJECT-TYPE
		     SYNTAX			 INTEGER {
							 enable(1),
							 disable(2)
					  }
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "Log incoming packets not matching any rule."
			 DEFVAL  { disable }
			 ::= { hmSec2FirewallL3PfIncomingGroup 2 }

--
-- IP Rules for outgoing traffic table --
--
hmSec2FwL3PfOutTable	OBJECT-TYPE
			 SYNTAX SEQUENCE OF HmSec2FwL3PfOutEntry
			 MAX-ACCESS not-accessible
			 STATUS current
			 DESCRIPTION
				 "A list of the IP rules for outgoing traffic."
			 ::= { hmSec2FirewallL3PfOutgoingGroup 1 }

hmSec2FwL3PfOutEntry   OBJECT-TYPE
			 SYNTAX HmSec2FwL3PfOutEntry
			 MAX-ACCESS not-accessible
			 STATUS current
			 DESCRIPTION ""
			 INDEX { hmSec2FwL3PfOutIndex }
			 ::= { hmSec2FwL3PfOutTable 1 }
 
HmSec2FwL3PfOutEntry ::= SEQUENCE {
			 hmSec2FwL3PfOutIndex		Integer32,
			 hmSec2FwL3PfOutSrcNet		DisplayString,
			 hmSec2FwL3PfOutSrcPort		DisplayString,
			 hmSec2FwL3PfOutDstNet		DisplayString,
			 hmSec2FwL3PfOutDstPort		DisplayString,
			 hmSec2FwL3PfOutProto		DisplayString,
			 hmSec2FwL3PfOutAction		INTEGER,
			 hmSec2FwL3PfOutLog			INTEGER,
			 hmSec2FwL3PfOutDesc		DisplayString,
			 hmSec2FwL3PfOutErrorText	DisplayString,
			 hmSec2FwL3PfOutRowStatus	RowStatus
			 }

hmSec2FwL3PfOutIndex   OBJECT-TYPE
			 SYNTAX 		 Integer32
			 MAX-ACCESS 	 read-only
			 STATUS 		 current
			 DESCRIPTION
				 "An index that uniquely identifies the entry in the table. The
				  index must be choosen in ascending and compact order. It may
				  change if a rule (not the last in list) is deleted or a new
				  row is inserted."
			 ::= { hmSec2FwL3PfOutEntry 1 }

hmSec2FwL3PfOutSrcNet   OBJECT-TYPE
			 SYNTAX 		 DisplayString (SIZE (0..20))
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
                 "Single address (a.b.c.d) or address range in CIDR notation
                  (a.b.c.d/n) or the keywords 'me' or 'any'."
			 DEFVAL  { "any" }
			 ::= { hmSec2FwL3PfOutEntry 2 }

hmSec2FwL3PfOutSrcPort   OBJECT-TYPE
			 SYNTAX 		 DisplayString (SIZE (0..20))
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
                 "Port expression or the keyword 'any'. A port expressions is
                  structured as 'port' (default), 'op port' or 'port1 op port2',
                  where 'op' is a mathematical operator for:
                  o  equal (default)           =
                  o  unequal                   !=
                  o  less than                 <
                  o  less than or equal        <=
                  o  greater than              >
                  o  greater than or equal to  >=
                  o  outside range             <>
                  o  inside range              ><

                  The port must be specified as a decimal number or one of the
                  aliases:
                  o  tcp/udp: echo (7)
                  o  tcp/udp: discard, sink, null (9)
                  o  tcp: ftp-data (20)
                  o  tcp: ftp (21)
                  o  tcp/udp: ssh (22)
                  o  tcp: telnet (23)
                  o  tcp/udp: domain, nameserver (53)
                  o  tcp/udp: bootps (67)
                  o  tcp/udp: bootpc (68)
                  o  udp: tftp (69)
                  o  tcp/udp: www, http (80)
                  o  tcp/udp: kerberos, krb5 (88)
                  o  tcp: sftp (115)
                  o  tcp/udp: ntp (123)
                  o  udp: snmp (161)
                  o  udp: snmp-trap, snmptrap (162)
                  o  tcp/udp: bgp (179)
                  o  tcp/udp: ldap (389)
                  o  tcp/udp: https (443)
                  
                  For ICMP only:
                  ICMP type and code can be specified as:
                  o 'type <i>'
                  o 'type <i> code <j>'
                  where <i> and <j> are decimal numbers (0..255)."
			 DEFVAL  { "any" }                
			 ::= { hmSec2FwL3PfOutEntry 3 }

hmSec2FwL3PfOutDstNet   OBJECT-TYPE
			 SYNTAX 		 DisplayString (SIZE (0..20))
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
                 "Single address (a.b.c.d) or address range in
                  CIDR notation (a.b.c.d/n) or the keywords 'me'
                  or 'any'."
			 DEFVAL  { "any" }
			 ::= { hmSec2FwL3PfOutEntry 4 }

hmSec2FwL3PfOutDstPort   OBJECT-TYPE
			 SYNTAX 		 DisplayString (SIZE (0..20))
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
                 "Port expression or the keyword 'any'. A port expressions is
                  structured as 'port' (default), 'op port' or 'port1 op port2',
                  where 'op' is a mathematical operator for:
                  o  equal (default)           =
                  o  unequal                   !=
                  o  less than                 <
                  o  less than or equal        <=
                  o  greater than              >
                  o  greater than or equal to  >=
                  o  outside range             <>
                  o  inside range              ><

                  The port must be specified as a decimal number or one of the
                  aliases:
                  o  tcp/udp: echo (7)
                  o  tcp/udp: discard, sink, null (9)
                  o  tcp: ftp-data (20)
                  o  tcp: ftp (21)
                  o  tcp/udp: ssh (22)
                  o  tcp: telnet (23)
                  o  tcp/udp: domain, nameserver (53)
                  o  tcp/udp: bootps (67)
                  o  tcp/udp: bootpc (68)
                  o  udp: tftp (69)
                  o  tcp/udp: www, http (80)
                  o  tcp/udp: kerberos, krb5 (88)
                  o  tcp: sftp (115)
                  o  tcp/udp: ntp (123)
                  o  udp: snmp (161)
                  o  udp: snmp-trap, snmptrap (162)
                  o  tcp/udp: bgp (179)
                  o  tcp/udp: ldap (389)
                  o  tcp/udp: https (443)"
			 DEFVAL  { "any" }                
			 ::= { hmSec2FwL3PfOutEntry 5 }

hmSec2FwL3PfOutProto   OBJECT-TYPE
		   	 SYNTAX			 DisplayString (SIZE (0..10))
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "The IP protocol (RFC 791) as a decimal number (in range 1 -
                  255), a name or the keyword 'any' for protocol-independent
                  filtering. The following protocol names are currently
                  supported:
                  o  'icmp': internet control message protocol (RFC 792)
                  o  'igmp': internet group management protocol
                  o  'ipip': IP in IP tunneling (RFC 1853)
                  o  'tcp': transmission control protocol (RFC 793)
                  o  'udp': user datagram protocol (RFC 768)
                  o  'esp': IPsec encapsulated security payload (RFC 2406)
                  o  'ah': IPsec authentication header (RFC 2402)
                  o  'ipv6-icmp': internet control message protocol for IPv6"
			 DEFVAL  { "any" }                
			 ::= { hmSec2FwL3PfOutEntry 6 }

hmSec2FwL3PfOutAction   OBJECT-TYPE
		   	 SYNTAX			 INTEGER {
							 accept(1),
							 drop(2),
							 reject(3)
					  }
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "Action to be performed if the firewall rule matches."
			 DEFVAL  { drop }                
			 ::= { hmSec2FwL3PfOutEntry 7 }

hmSec2FwL3PfOutLog	   OBJECT-TYPE
		   	 SYNTAX			 INTEGER {
							 enable(1),
							 disable(2),
							 logAndTrap(3)
					  }
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "Enables or disables logging for packets matching this rule."
			 DEFVAL  { disable }                
			 ::= { hmSec2FwL3PfOutEntry 8 }

hmSec2FwL3PfOutDesc   OBJECT-TYPE
			 SYNTAX 		 DisplayString (SIZE (0..128))
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "User defined text."
			 DEFVAL  { "" }                
			 ::= { hmSec2FwL3PfOutEntry 9 }

hmSec2FwL3PfOutErrorText   OBJECT-TYPE
			 SYNTAX 		 DisplayString (SIZE (0..128))
			 MAX-ACCESS 	 read-only
			 STATUS 		 current
			 DESCRIPTION
				 "Error text."
			 DEFVAL  { "" }                
			 ::= { hmSec2FwL3PfOutEntry 10 }

hmSec2FwL3PfOutRowStatus   OBJECT-TYPE
			 SYNTAX 		 RowStatus
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "The row status for this table entry."
			 ::= { hmSec2FwL3PfOutEntry 11 }


hmSec2FwL3PfOutLogNonMatching   OBJECT-TYPE
		     SYNTAX			 INTEGER {
							 enable(1),
							 disable(2)
					  }
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "Log incoming packets not matching any rule."
			 DEFVAL  { disable }                
			 ::= { hmSec2FirewallL3PfOutgoingGroup 2 }

--
-- IP template definitions
--
hmSec2FirewallL3TemplateGroup OBJECT IDENTIFIER ::= { hmSec2FirewallL3PacketFilterGroup 3 }

-- Id to Name mapping

hmSec2FwL3TplIdTable	OBJECT-TYPE
			 SYNTAX SEQUENCE OF HmSec2FwL3TplIdEntry
			 MAX-ACCESS not-accessible
			 STATUS current
			 DESCRIPTION
				 "A list of IP templates."
			 ::= { hmSec2FirewallL3TemplateGroup 1 }

hmSec2FwL3TplIdEntry	OBJECT-TYPE
			 SYNTAX HmSec2FwL3TplIdEntry
			 MAX-ACCESS not-accessible
			 STATUS current
			 DESCRIPTION ""
			 INDEX { hmSec2FwL3TplIdIndex }
			 ::= { hmSec2FwL3TplIdTable 1 }
 
HmSec2FwL3TplIdEntry ::= SEQUENCE {
			 hmSec2FwL3TplIdIndex		Integer32,
			 hmSec2FwL3TplIdName        DisplayString,
			 hmSec2FwL3TplIdRowStatus   RowStatus
			 }

hmSec2FwL3TplIdIndex	OBJECT-TYPE
			 SYNTAX 		 Integer32
			 MAX-ACCESS 	 read-only
			 STATUS 		 current
			 DESCRIPTION
				 "Table index."
			 ::= { hmSec2FwL3TplIdEntry 1 }

hmSec2FwL3TplIdName	OBJECT-TYPE
			 SYNTAX 		 DisplayString (SIZE (1..19))
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
                 		"The (unique) name of the template."
			 DEFVAL  { "any" }
			 ::= { hmSec2FwL3TplIdEntry 2 }

hmSec2FwL3TplIdRowStatus   OBJECT-TYPE
			 SYNTAX 		 RowStatus
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "The row status of this table entry.
				  This object can be set to createAndGo(4) or destroy(6)."
			 ::= { hmSec2FwL3TplIdEntry 3 }

-- Template network table

hmSec2FwL3TplNetTable	OBJECT-TYPE
			 SYNTAX SEQUENCE OF HmSec2FwL3TplNetEntry
			 MAX-ACCESS not-accessible
			 STATUS current
			 DESCRIPTION
				 "Holds the addresses/networks of the templates."
			 ::= { hmSec2FirewallL3TemplateGroup 2 }

hmSec2FwL3TplNetEntry	OBJECT-TYPE
			 SYNTAX HmSec2FwL3TplNetEntry
			 MAX-ACCESS not-accessible
			 STATUS current
			 DESCRIPTION ""
			 INDEX { hmSec2FwL3TplNetIdIndex, hmSec2FwL3TplNetIndex }
			 ::= { hmSec2FwL3TplNetTable 1 }
 
HmSec2FwL3TplNetEntry ::= SEQUENCE {
			 hmSec2FwL3TplNetIdIndex	Integer32,
			 hmSec2FwL3TplNetIndex		Integer32,
			 hmSec2FwL3TplNetAddr       DisplayString,
			 hmSec2FwL3TplNetRowStatus	RowStatus
			 }

hmSec2FwL3TplNetIdIndex	OBJECT-TYPE
			 SYNTAX 		 Integer32
			 MAX-ACCESS 	 read-only
			 STATUS 		 current
			 DESCRIPTION
				 "The corresponding index in the hmSec2FwL3TplIdTable."
			 ::= { hmSec2FwL3TplNetEntry	1 }

hmSec2FwL3TplNetIndex	OBJECT-TYPE
			 SYNTAX 		 Integer32
			 MAX-ACCESS 	 read-only
			 STATUS 		 current
			 DESCRIPTION
				 "The index of the net entry within a template."
			 ::= { hmSec2FwL3TplNetEntry	2 }

hmSec2FwL3TplNetAddr	OBJECT-TYPE
			 SYNTAX 		 DisplayString (SIZE (0..20))
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
            	     "Single address (a.b.c.d) or address range in
           		      CIDR notation (a.b.c.d/n) or the keywords 'me'
	                  or 'any'."
			 DEFVAL  { "any" }
			 ::= { hmSec2FwL3TplNetEntry	3 }

hmSec2FwL3TplNetRowStatus   OBJECT-TYPE
			 SYNTAX 		 RowStatus
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "The row status of this table entry."
			 ::= { hmSec2FwL3TplNetEntry	4 }


--
-- IP Rules for incoming PPP traffic variables --
--
hmSec2FirewallPppFilterGroup OBJECT IDENTIFIER ::= { hmSec2Firewall 4 }
hmSec2FirewallPppIncomingGroup OBJECT IDENTIFIER ::= { hmSec2FirewallPppFilterGroup 1 }


--
-- IP Rules for incoming PPP traffic table --
--
hmSec2FwPppInTable	OBJECT-TYPE
			 SYNTAX SEQUENCE OF HmSec2FwPppInEntry
			 MAX-ACCESS not-accessible
			 STATUS current
			 DESCRIPTION
				 "A list of the IP rules for incoming traffic from the PPP interface."
			 ::= { hmSec2FirewallPppIncomingGroup 1 }

hmSec2FwPppInEntry   OBJECT-TYPE
			 SYNTAX HmSec2FwPppInEntry
			 MAX-ACCESS not-accessible
			 STATUS current
			 DESCRIPTION ""
			 INDEX { hmSec2FwPppInIndex }
			 ::= { hmSec2FwPppInTable 1 }
 
HmSec2FwPppInEntry ::= SEQUENCE {
			 hmSec2FwPppInIndex		    Integer32,
			 hmSec2FwPppInSrcNet		DisplayString,
			 hmSec2FwPppInSrcPort		DisplayString,
			 hmSec2FwPppInDstNet		DisplayString,
			 hmSec2FwPppInDstPort		DisplayString,
			 hmSec2FwPppInProto		    DisplayString,
			 hmSec2FwPppInAction		INTEGER,
			 hmSec2FwPppInLog			INTEGER,
			 hmSec2FwPppInDesc			DisplayString,
			 hmSec2FwPppInErrorText	    DisplayString,
			 hmSec2FwPppInRowStatus	    RowStatus
			 }

hmSec2FwPppInIndex   OBJECT-TYPE
			 SYNTAX 		 Integer32
			 MAX-ACCESS 	 read-only
			 STATUS 		 current
			 DESCRIPTION
				 "An index that uniquely identifies the entry in the table. The
				  index must be choosen in ascending and compact order. It may
				  change if a rule (not the last in list) is deleted or a new
				  row is inserted."
			 ::= { hmSec2FwPppInEntry 1 }

hmSec2FwPppInSrcNet   OBJECT-TYPE
			 SYNTAX 		 DisplayString (SIZE (0..20))
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
                 "Single address (a.b.c.d) or address range in
                  CIDR notation (a.b.c.d/n) or the keywords 'me'
                  or 'any'."
			 DEFVAL  { "any" }
			 ::= { hmSec2FwPppInEntry 2 }

hmSec2FwPppInSrcPort   OBJECT-TYPE
			 SYNTAX 		 DisplayString (SIZE (0..20))
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
                 "Port expression or the keyword 'any'. A port expressions is
                  structured as 'port' (default), 'op port' or 'port1 op port2',
                  where 'op' is a mathematical operator for:
                  o  equal (default)           =
                  o  unequal                   !=
                  o  less than                 <
                  o  less than or equal        <=
                  o  greater than              >
                  o  greater than or equal to  >=
                  o  outside range             <>
                  o  inside range              ><

                  The port must be specified as a decimal number or one of the
                  aliases:
                  o  tcp/udp: echo (7)
                  o  tcp/udp: discard, sink, null (9)
                  o  tcp: ftp-data (20)
                  o  tcp: ftp (21)
                  o  tcp/udp: ssh (22)
                  o  tcp: telnet (23)
                  o  tcp/udp: domain, nameserver (53)
                  o  tcp/udp: bootps (67)
                  o  tcp/udp: bootpc (68)
                  o  udp: tftp (69)
                  o  tcp/udp: www, http (80)
                  o  tcp/udp: kerberos, krb5 (88)
                  o  tcp: sftp (115)
                  o  tcp/udp: ntp (123)
                  o  udp: snmp (161)
                  o  udp: snmp-trap, snmptrap (162)
                  o  tcp/udp: bgp (179)
                  o  tcp/udp: ldap (389)
                  o  tcp/udp: https (443)
                  
                  For ICMP only:
                  ICMP type and code can be specified as:
                  o 'type <i>'
                  o 'type <i> code <j>'
                  where <i> and <j> are decimal numbers (0..255)."
			 DEFVAL  { "any" }                
			 ::= { hmSec2FwPppInEntry 3 }

hmSec2FwPppInDstNet   OBJECT-TYPE
			 SYNTAX 		 DisplayString (SIZE (0..20))
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
                 "Single address (a.b.c.d) or address range in CIDR notation
                  (a.b.c.d/n) or the keywords 'me' or 'any'."
			 DEFVAL  { "any" }                
			 ::= { hmSec2FwPppInEntry 4 }

hmSec2FwPppInDstPort   OBJECT-TYPE
			 SYNTAX 		 DisplayString (SIZE (0..20))
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
                 "Port expression or the keyword 'any'. A port expressions is
                  structured as 'port' (default), 'op port' or 'port1 op port2',
                  where 'op' is a mathematical operator for:
                  o  equal (default)           =
                  o  unequal                   !=
                  o  less than                 <
                  o  less than or equal        <=
                  o  greater than              >
                  o  greater than or equal to  >=
                  o  outside range             <>
                  o  inside range              ><

                  The port must be specified as a decimal number or one of the
                  aliases:
                  o  tcp/udp: echo (7)
                  o  tcp/udp: discard, sink, null (9)
                  o  tcp: ftp-data (20)
                  o  tcp: ftp (21)
                  o  tcp/udp: ssh (22)
                  o  tcp: telnet (23)
                  o  tcp/udp: domain, nameserver (53)
                  o  tcp/udp: bootps (67)
                  o  tcp/udp: bootpc (68)
                  o  udp: tftp (69)
                  o  tcp/udp: www, http (80)
                  o  tcp/udp: kerberos, krb5 (88)
                  o  tcp: sftp (115)
                  o  tcp/udp: ntp (123)
                  o  udp: snmp (161)
                  o  udp: snmp-trap, snmptrap (162)
                  o  tcp/udp: bgp (179)
                  o  tcp/udp: ldap (389)
                  o  tcp/udp: https (443)"
			 DEFVAL  { "any" }                
			 ::= { hmSec2FwPppInEntry 5 }

hmSec2FwPppInProto   OBJECT-TYPE
		   	 SYNTAX			 DisplayString (SIZE (0..10))
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "The IP protocol (RFC 791) as a decimal number (in range 1 -
                  255), a name or the keyword 'any' for protocol-independent
                  filtering. The following protocol names are currently
                  supported:
                  o  'icmp': internet control message protocol (RFC 792)
                  o  'igmp': internet group management protocol
                  o  'ipip': IP in IP tunneling (RFC 1853)
                  o  'tcp': transmission control protocol (RFC 793)
                  o  'udp': user datagram protocol (RFC 768)
                  o  'esp': IPsec encapsulated security payload (RFC 2406)
                  o  'ah': IPsec authentication header (RFC 2402)
                  o  'ipv6-icmp': internet control message protocol for IPv6"
			 DEFVAL  { "any" }
			 ::= { hmSec2FwPppInEntry 6 }

hmSec2FwPppInAction   OBJECT-TYPE
		   	 SYNTAX			 INTEGER {
							 accept(1),
							 drop(2),
							 reject(3)
					  }
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "Action to be performed if the firewall rule matches."
			 DEFVAL  { accept }                
			 ::= { hmSec2FwPppInEntry 7 }

hmSec2FwPppInLog	   OBJECT-TYPE
		     SYNTAX			 INTEGER {
							 enable(1),
							 disable(2),
							 logAndTrap(3)
					  }
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "Enables or disables logging for packets matching this rule."
			 DEFVAL  { disable }                
			 ::= { hmSec2FwPppInEntry 8 }

hmSec2FwPppInDesc   OBJECT-TYPE
			 SYNTAX 		 DisplayString (SIZE (0..128))
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "User defined text."
			 DEFVAL  { "" }                
			 ::= { hmSec2FwPppInEntry 9 }

hmSec2FwPppInErrorText   OBJECT-TYPE
			 SYNTAX 		 DisplayString (SIZE (0..128))
			 MAX-ACCESS 	 read-only
			 STATUS 		 current
			 DESCRIPTION
				 "Error text."
			 DEFVAL  { "" }                
			 ::= { hmSec2FwPppInEntry 10 }

hmSec2FwPppInRowStatus   OBJECT-TYPE
			 SYNTAX 		 RowStatus
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "The row status of this table entry."
			 ::= { hmSec2FwPppInEntry 11 }


hmSec2FwPppInLogNonMatching   OBJECT-TYPE
		     SYNTAX			 INTEGER {
							 enable(1),
							 disable(2)
					  }
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "Log incoming packets not matching any rule."
			 DEFVAL  { disable }
			 ::= { hmSec2FirewallPppIncomingGroup 2 }


--
-- IP Rules for SNMP filter variables --
--
hmSec2FirewallSnmpFilterGroup OBJECT IDENTIFIER ::= { hmSec2Firewall 5 }


--
-- IP Rules for incoming traffic table --
--
hmSec2FwSnmpTable	OBJECT-TYPE
			 SYNTAX SEQUENCE OF HmSec2FwSnmpEntry
			 MAX-ACCESS not-accessible
			 STATUS current
			 DESCRIPTION
				 "A list of firewall rules for SNMP traffic."
			 ::= { hmSec2FirewallSnmpFilterGroup 1 }

hmSec2FwSnmpEntry   OBJECT-TYPE
			 SYNTAX HmSec2FwSnmpEntry
			 MAX-ACCESS not-accessible
			 STATUS current
			 DESCRIPTION ""
			 INDEX { hmSec2FwSnmpIndex }
			 ::= { hmSec2FwSnmpTable 1 }
 
HmSec2FwSnmpEntry ::= SEQUENCE {
			 hmSec2FwSnmpIndex		Integer32,
             hmSec2FwSnmpInterface  INTEGER,
			 hmSec2FwSnmpSrcNet		DisplayString,
			 hmSec2FwSnmpAction		INTEGER,
			 hmSec2FwSnmpLog		INTEGER,
			 hmSec2FwSnmpDesc		DisplayString,
			 hmSec2FwSnmpErrorText	DisplayString,
			 hmSec2FwSnmpRowStatus	RowStatus
			 }

hmSec2FwSnmpIndex   OBJECT-TYPE
			 SYNTAX 		 Integer32
			 MAX-ACCESS 	 read-only
			 STATUS 		 current
			 DESCRIPTION
				 "An index that uniquely identifies the entry in the table. The
				  index must be choosen in ascending and compact order. It may
				  change if a rule (not the last in list) is deleted or a new
				  row is inserted."
			 ::= { hmSec2FwSnmpEntry 1 }

hmSec2FwSnmpInterface OBJECT-TYPE
			SYNTAX			 INTEGER {
							 int  (1),
							 ext (2),
							 ppp (3)
							 }
			MAX-ACCESS		 read-write
			STATUS			 current
			DESCRIPTION
                 "Interface for which this firewall rule applies"
			 DEFVAL  { ext }
			::= { hmSec2FwSnmpEntry 2 }


hmSec2FwSnmpSrcNet   OBJECT-TYPE
			 SYNTAX 		 DisplayString (SIZE (0..20))
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
                 "Single address (a.b.c.d) or address range in
                  CIDR notation (a.b.c.d/n) or the keywords 'me'
                  or 'any'."
			 DEFVAL  { "any" }
			 ::= { hmSec2FwSnmpEntry 3 }

hmSec2FwSnmpAction   OBJECT-TYPE
		   	 SYNTAX			 INTEGER {
							 accept(1),
							 drop(2),
							 reject(3)
					  }
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "Action to be performed if the firewall rule matches."
			 DEFVAL  { accept }                
			 ::= { hmSec2FwSnmpEntry 4 }

hmSec2FwSnmpLog	   OBJECT-TYPE
		     SYNTAX			 INTEGER {
							 enable(1),
							 disable(2),
							 logAndTrap(3)
					  }
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "Enables or disables logging for packets matching this rule."
			 DEFVAL  { disable }                
			 ::= { hmSec2FwSnmpEntry 5 }

hmSec2FwSnmpDesc   OBJECT-TYPE
			 SYNTAX 		 DisplayString (SIZE (0..128))
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "User defined text."
			 DEFVAL  { "" }                
			 ::= { hmSec2FwSnmpEntry 6 }

hmSec2FwSnmpErrorText   OBJECT-TYPE
			 SYNTAX 		 DisplayString (SIZE (0..128))
			 MAX-ACCESS 	 read-only
			 STATUS 		 current
			 DESCRIPTION
				 "Error text."
			 DEFVAL  { "" }                
			 ::= { hmSec2FwSnmpEntry 7 }

hmSec2FwSnmpRowStatus   OBJECT-TYPE
			 SYNTAX 		 RowStatus
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "The row status of this table entry."
			 ::= { hmSec2FwSnmpEntry 8 }


--
-- IP Rules for SSH filter variables --
--
hmSec2FirewallSshFilterGroup OBJECT IDENTIFIER ::= { hmSec2Firewall 6 }


--
-- IP Rules for incoming traffic table --
--
hmSec2FwSshTable	OBJECT-TYPE
			 SYNTAX SEQUENCE OF HmSec2FwSshEntry
			 MAX-ACCESS not-accessible
			 STATUS current
			 DESCRIPTION
				 "A list of firewall rules for SSH traffic."
			 ::= { hmSec2FirewallSshFilterGroup 1 }

hmSec2FwSshEntry   OBJECT-TYPE
			 SYNTAX HmSec2FwSshEntry
			 MAX-ACCESS not-accessible
			 STATUS current
			 DESCRIPTION ""
			 INDEX { hmSec2FwSshIndex }
			 ::= { hmSec2FwSshTable 1 }
 
HmSec2FwSshEntry ::= SEQUENCE {
			 hmSec2FwSshIndex		Integer32,
             hmSec2FwSshInterface  INTEGER,
			 hmSec2FwSshSrcNet		DisplayString,
			 hmSec2FwSshAction		INTEGER,
			 hmSec2FwSshLog		INTEGER,
			 hmSec2FwSshDesc		DisplayString,
			 hmSec2FwSshErrorText	DisplayString,
			 hmSec2FwSshRowStatus	RowStatus
			 }

hmSec2FwSshIndex   OBJECT-TYPE
			 SYNTAX 		 Integer32
			 MAX-ACCESS 	 read-only
			 STATUS 		 current
			 DESCRIPTION
				 "An index that uniquely identifies the entry in the table. The
				  index must be choosen in ascending and compact order. It may
				  change if a rule (not the last in list) is deleted or a new
				  row is inserted."
			 ::= { hmSec2FwSshEntry 1 }

hmSec2FwSshInterface OBJECT-TYPE
			SYNTAX			 INTEGER {
							 int  (1),
							 ext (2),
							 ppp (3)
							 }
			MAX-ACCESS		 read-write
			STATUS			 current
			DESCRIPTION
                 "Interface for which this firewall rule applies"
			DEFVAL  { ext }
			::= { hmSec2FwSshEntry 2 }


hmSec2FwSshSrcNet   OBJECT-TYPE
			 SYNTAX 		 DisplayString (SIZE (0..20))
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
                 "Single address (a.b.c.d) or address range in
                  CIDR notation (a.b.c.d/n) or the keywords 'me'
                  or 'any'."
			 DEFVAL  { "any" }
			 ::= { hmSec2FwSshEntry 3 }

hmSec2FwSshAction   OBJECT-TYPE
		   	 SYNTAX			 INTEGER {
							 accept(1),
							 drop(2),
							 reject(3)
					  }
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "Action to be performed if the firewall rule matches."
			 DEFVAL  { accept }                
			 ::= { hmSec2FwSshEntry 4 }

hmSec2FwSshLog	   OBJECT-TYPE
		     SYNTAX			 INTEGER {
							 enable(1),
							 disable(2),
							 logAndTrap(3)
					  }
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "Enables or disables logging for packets matching this rule."
			 DEFVAL  { disable }                
			 ::= { hmSec2FwSshEntry 5 }

hmSec2FwSshDesc   OBJECT-TYPE
			 SYNTAX 		 DisplayString (SIZE (0..128))
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "User defined text."
			 DEFVAL  { "" }                
			 ::= { hmSec2FwSshEntry 6 }

hmSec2FwSshErrorText   OBJECT-TYPE
			 SYNTAX 		 DisplayString (SIZE (0..128))
			 MAX-ACCESS 	 read-only
			 STATUS 		 current
			 DESCRIPTION
				 "Error text."
			 DEFVAL  { "" }                
			 ::= { hmSec2FwSshEntry 7 }

hmSec2FwSshRowStatus   OBJECT-TYPE
			 SYNTAX 		 RowStatus
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "The row status of this table entry."
			 ::= { hmSec2FwSshEntry 8 }


--
-- IP Rules for HTTPS filter variables --
--
hmSec2FirewallHttpsFilterGroup OBJECT IDENTIFIER ::= { hmSec2Firewall 7 }


--
-- IP Rules for incoming traffic table --
--
hmSec2FwHttpsTable	OBJECT-TYPE
			 SYNTAX SEQUENCE OF HmSec2FwHttpsEntry
			 MAX-ACCESS not-accessible
			 STATUS current
			 DESCRIPTION
				 "A list of firewall rules for HTTPS traffic."
			 ::= { hmSec2FirewallHttpsFilterGroup 1 }

hmSec2FwHttpsEntry   OBJECT-TYPE
			 SYNTAX HmSec2FwHttpsEntry
			 MAX-ACCESS not-accessible
			 STATUS current
			 DESCRIPTION ""
			 INDEX { hmSec2FwHttpsIndex }
			 ::= { hmSec2FwHttpsTable 1 }
 
HmSec2FwHttpsEntry ::= SEQUENCE {
			 hmSec2FwHttpsIndex		Integer32,
             hmSec2FwHttpsInterface INTEGER,
			 hmSec2FwHttpsSrcNet	DisplayString,
			 hmSec2FwHttpsAction	INTEGER,
			 hmSec2FwHttpsLog		INTEGER,
			 hmSec2FwHttpsDesc		DisplayString,
			 hmSec2FwHttpsErrorText	DisplayString,
			 hmSec2FwHttpsRowStatus	RowStatus
			 }

hmSec2FwHttpsIndex   OBJECT-TYPE
			 SYNTAX 		 Integer32
			 MAX-ACCESS 	 read-only
			 STATUS 		 current
			 DESCRIPTION
				 "An index that uniquely identifies the entry in the table. The
				  index must be choosen in ascending and compact order. It may
				  change if a rule (not the last in list) is deleted or a new
				  row is inserted."
			 ::= { hmSec2FwHttpsEntry 1 }

hmSec2FwHttpsInterface OBJECT-TYPE
			SYNTAX			 INTEGER {
							 int  (1),
							 ext (2),
							 ppp (3)
							 }
			MAX-ACCESS		 read-write
			STATUS			 current
			DESCRIPTION
                 "Interface for which this firewall rule applies"
			DEFVAL  { ext }
			::= { hmSec2FwHttpsEntry 2 }


hmSec2FwHttpsSrcNet   OBJECT-TYPE
			 SYNTAX 		 DisplayString (SIZE (0..20))
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
                 "Single address (a.b.c.d) or address range in
                  CIDR notation (a.b.c.d/n) or the keywords 'me'
                  or 'any'."
			 DEFVAL  { "any" }
			 ::= { hmSec2FwHttpsEntry 3 }

hmSec2FwHttpsAction   OBJECT-TYPE
		   	 SYNTAX			 INTEGER {
							 accept(1),
							 drop(2),
							 reject(3)
					  }
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "Action to be performed if the firewall rule matches."
			 DEFVAL  { accept }
			 ::= { hmSec2FwHttpsEntry 4 }

hmSec2FwHttpsLog	   OBJECT-TYPE
		     SYNTAX			 INTEGER {
							 enable(1),
							 disable(2),
							 logAndTrap(3)
					  }
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "Enables or disables logging for packets matching this rule."
			 DEFVAL  { disable }                
			 ::= { hmSec2FwHttpsEntry 5 }

hmSec2FwHttpsDesc   OBJECT-TYPE
			 SYNTAX 		 DisplayString (SIZE (0..128))
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "User defined text."
			 DEFVAL  { "" }                
			 ::= { hmSec2FwHttpsEntry 6 }

hmSec2FwHttpsErrorText   OBJECT-TYPE
			 SYNTAX 		 DisplayString (SIZE (0..128))
			 MAX-ACCESS 	 read-only
			 STATUS 		 current
			 DESCRIPTION
				 "Error text."
			 DEFVAL  { "" }                
			 ::= { hmSec2FwHttpsEntry 7 }

hmSec2FwHttpsRowStatus   OBJECT-TYPE
			 SYNTAX 		 RowStatus
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "The row status of this table entry."
			 ::= { hmSec2FwHttpsEntry 8 }


--**************************************************************************************
--   UserFirewall group
--**************************************************************************************

hmSec2UsrFwConfigGroup OBJECT IDENTIFIER ::= { hmSec2Firewall 8 }

hmSec2UsrFwStatus OBJECT-TYPE
			 SYNTAX 		INTEGER {
-- Comment out the next line to disable the error state
-- and USRFW_STATUS_ERROR_FLAG in usrfw/h/usrfw.h too
							error (0),
			 				enable (1),
			 				disable (2)
							}
			 MAX-ACCESS 	read-write
			 STATUS 		current
			 DESCRIPTION
				 "Enables/Disables the User Firewall."
			 DEFVAL  { enable }				 
			 ::= { hmSec2UsrFwConfigGroup 1 }

hmSec2UsrFwTemplateTable	OBJECT-TYPE
			 SYNTAX SEQUENCE OF HmSec2UsrFwTemplateEntry
			 MAX-ACCESS not-accessible
			 STATUS current
			 DESCRIPTION
				 "A list of the User Firewall templates."
			 ::= { hmSec2UsrFwConfigGroup 2 }

hmSec2UsrFwTemplateEntry   OBJECT-TYPE
			 SYNTAX HmSec2UsrFwTemplateEntry
			 MAX-ACCESS not-accessible
			 STATUS current
			 DESCRIPTION ""
			 INDEX { hmSec2UsrFwTemplateIndex }
			 ::= { hmSec2UsrFwTemplateTable 1 }
 
HmSec2UsrFwTemplateEntry ::= SEQUENCE {
			 hmSec2UsrFwTemplateIndex		Integer32,
			 hmSec2UsrFwTemplateName		SnmpAdminString,
			 hmSec2UsrFwTemplateTimeout		Integer32,
			 hmSec2UsrFwTemplateTimeoutType	INTEGER,
			 hmSec2UsrFwTemplateComment		DisplayString,
			 hmSec2UsrFwTemplateSrcAddr		DisplayString,
			 hmSec2UsrFwTemplateStatus		RowStatus
			 }

	hmSec2UsrFwTemplateIndex	OBJECT-TYPE
			 SYNTAX 			Integer32
			 MAX-ACCESS 		read-only
			 STATUS 			current
			 DESCRIPTION
				 "Table index."
			 ::= { hmSec2UsrFwTemplateEntry 1 }

    hmSec2UsrFwTemplateName		OBJECT-TYPE
			 SYNTAX				SnmpAdminString (SIZE(1..128))
			 MAX-ACCESS			read-write
			 STATUS				current
			 DESCRIPTION
                 "The descriptive name of the template."
             DEFVAL  { "(unnamed)" }
			 ::= { hmSec2UsrFwTemplateEntry 2 }

	hmSec2UsrFwTemplateTimeout	OBJECT-TYPE
			 SYNTAX 		Integer32 (30..604800)
			 MAX-ACCESS 	read-write
			 STATUS 		current
			 DESCRIPTION
				 "Timeout in seconds after that the User Firewall user
				  will be logged out."
			 DEFVAL { 28800 }
			 ::= { hmSec2UsrFwTemplateEntry 3 }

	hmSec2UsrFwTemplateTimeoutType OBJECT-TYPE
			 SYNTAX 		INTEGER {
			 				static (1),
			 				dynamic (2)
							}
			 MAX-ACCESS 	read-write
			 STATUS 		current
			 DESCRIPTION
				 "Type of the User Firewall Timeout.
				 static - means the user will be logged out after the time
				 elapsed regardless of the user network activity.
				 dynamic - the countdown for logout will not start until
				 all user connections are closed and/or timed out."
			 DEFVAL  { static }				 
			 ::= { hmSec2UsrFwTemplateEntry 4 }

    hmSec2UsrFwTemplateComment	OBJECT-TYPE
			 SYNTAX			DisplayString (SIZE(0..128))
			 MAX-ACCESS		read-write
			 STATUS			current
			 DESCRIPTION
                 "A comment for the template."
             DEFVAL  { "" }
			 ::= { hmSec2UsrFwTemplateEntry 5 }

	hmSec2UsrFwTemplateSrcAddr   OBJECT-TYPE
			 SYNTAX			DisplayString (SIZE (2..20))
			 MAX-ACCESS		read-write
			 STATUS			current
			 DESCRIPTION
				 "Source IP address for the user firewall rules.
				 	- single address (a.b.c.d)
				 	- address range in CIDR notation (a.b.c.d/n)
				 	- keyword 'me'
				 	- keyword 'any'
				 	- placeholder '%authorized_ip' the IP address user
				 	  logged in from."
			 DEFVAL  { "%authorized_ip" }
			 ::= { hmSec2UsrFwTemplateEntry 6 }

    hmSec2UsrFwTemplateStatus OBJECT-TYPE
			 SYNTAX      RowStatus
			 MAX-ACCESS  read-write
			 STATUS      current
			 DESCRIPTION
                     "Template Status.
                     active(1)  		- This template is active.
					 notInService(2) 	- Row has been suspended.
					 notReady(3)		- Row has incomplete values.
					 createAndGo(4)		- Accept row values and activate.
					 createAndWait(5)	- Accept row values and wait.
                     destroy(6) 		- Set to this value to remove this template."
			 ::= { hmSec2UsrFwTemplateEntry 7 }

hmSec2UsrFwTemplateUserTable	OBJECT-TYPE
			 SYNTAX SEQUENCE OF HmSec2UsrFwTemplateUserEntry
			 MAX-ACCESS not-accessible
			 STATUS current
			 DESCRIPTION
				 "Users for the template."
			 ::= { hmSec2UsrFwConfigGroup 3 }

hmSec2UsrFwTemplateUserEntry   OBJECT-TYPE
			 SYNTAX HmSec2UsrFwTemplateUserEntry
			 MAX-ACCESS not-accessible
			 STATUS current
			 DESCRIPTION ""
			 INDEX {
			 	hmSec2UsrFwTemplateIndex,
			 	IMPLIED hmSec2UsrFwTemplateUserName
			 }
			 ::= { hmSec2UsrFwTemplateUserTable 1 }
 
HmSec2UsrFwTemplateUserEntry ::= SEQUENCE {
			 hmSec2UsrFwTemplateUserTemplateIndex	Integer32,
			 hmSec2UsrFwTemplateUserName			SnmpAdminString,
			 hmSec2UsrFwTemplateUserStatus			RowStatus
			 }

	hmSec2UsrFwTemplateUserTemplateIndex	OBJECT-TYPE
			 SYNTAX 			Integer32
			 MAX-ACCESS 		read-only
			 STATUS 			current
			 DESCRIPTION
				 "Template index from the hmSec2UsrFwTemplateTable above."
			 ::= { hmSec2UsrFwTemplateUserEntry 1 }

    hmSec2UsrFwTemplateUserName		OBJECT-TYPE
			 SYNTAX				SnmpAdminString (SIZE(1..128))
			 MAX-ACCESS			read-only
			 STATUS				current
			 DESCRIPTION
                 "User name."
             DEFVAL  { "" }
			 ::= { hmSec2UsrFwTemplateUserEntry 2 }

    hmSec2UsrFwTemplateUserStatus OBJECT-TYPE
			 SYNTAX      RowStatus
			 MAX-ACCESS  read-write
			 STATUS      current
			 DESCRIPTION
                     "Template-User Entry Status.
                     active(1)  		- This entry is active.
					 notInService(2) 	- Row has been suspended.
					 notReady(3)		- Row has incomplete values.
					 createAndGo(4)		- Accept row values and activate.
					 createAndWait(5)	- Accept row values and wait.
                     destroy(6) 		- Set to this value to remove this entry."
			 ::= { hmSec2UsrFwTemplateUserEntry 3 }

hmSec2UsrFwTemplateRuleTable	OBJECT-TYPE
			 SYNTAX SEQUENCE OF HmSec2UsrFwTemplateRuleEntry
			 MAX-ACCESS not-accessible
			 STATUS current
			 DESCRIPTION
				 "Firewall rules for a template."
			 ::= { hmSec2UsrFwConfigGroup 4 }

hmSec2UsrFwTemplateRuleEntry   OBJECT-TYPE
			 SYNTAX HmSec2UsrFwTemplateRuleEntry
			 MAX-ACCESS not-accessible
			 STATUS current
			 DESCRIPTION ""
			 INDEX {
			 	 hmSec2UsrFwTemplateRuleTemplateIndex,
			 	 hmSec2UsrFwTemplateRuleIndex
			 }
			 ::= { hmSec2UsrFwTemplateRuleTable 1 }
 
HmSec2UsrFwTemplateRuleEntry ::= SEQUENCE {
			 hmSec2UsrFwTemplateRuleTemplateIndex	Integer32,
			 hmSec2UsrFwTemplateRuleIndex			Integer32,
			 hmSec2UsrFwTemplateRuleProto			DisplayString,
			 hmSec2UsrFwTemplateRuleSrcPort			DisplayString,
			 hmSec2UsrFwTemplateRuleDstNet			DisplayString,
			 hmSec2UsrFwTemplateRuleDstPort 		DisplayString,
			 hmSec2UsrFwTemplateRuleComment			DisplayString,
			 hmSec2UsrFwTemplateRuleLog				INTEGER,
			 hmSec2UsrFwTemplateRuleStatus			RowStatus
			 }

	hmSec2UsrFwTemplateRuleTemplateIndex	OBJECT-TYPE
			 SYNTAX 			Integer32
			 MAX-ACCESS 		read-only
			 STATUS 			current
			 DESCRIPTION
				 "Index of the hmSec2UsrFwTemplateTable above"
			 ::= { hmSec2UsrFwTemplateRuleEntry 1 }

	hmSec2UsrFwTemplateRuleIndex	OBJECT-TYPE
			 SYNTAX 			Integer32
			 MAX-ACCESS 		read-only
			 STATUS 			current
			 DESCRIPTION
				 "The table index."
			 ::= { hmSec2UsrFwTemplateRuleEntry 2 }


	hmSec2UsrFwTemplateRuleProto   OBJECT-TYPE
		   	 SYNTAX			 DisplayString (SIZE (0..10))
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "The IP protocol (RFC 791) as a decimal number (in range 1 -
                  255), a name or the keyword 'any' for protocol-independent
                  filtering. The following protocol names are currently
                  supported:
                  o  'icmp': internet control message protocol (RFC 792)
                  o  'igmp': internet group management protocol
                  o  'ipip': IP in IP tunneling (RFC 1853)
                  o  'tcp': transmission control protocol (RFC 793)
                  o  'udp': user datagram protocol (RFC 768)
                  o  'esp': IPsec encapsulated security payload (RFC 2406)
                  o  'ah': IPsec authentication header (RFC 2402)
                  o  'ipv6-icmp': internet control message protocol for IPv6"
			 DEFVAL  { "tcp" }
			 ::= { hmSec2UsrFwTemplateRuleEntry 3 }

	hmSec2UsrFwTemplateRuleSrcPort   OBJECT-TYPE
			 SYNTAX 		 DisplayString (SIZE (0..20))
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
                 "Port expression or the keyword 'any'. A port expressions is
                  structured as 'port' (default), 'op port' or 'port1 op port2',
                  where 'op' is a mathematical operator for:
                  o  equal (default)           =
                  o  unequal                   !=
                  o  less than                 <
                  o  less than or equal        <=
                  o  greater than              >
                  o  greater than or equal to  >=
                  o  outside range             <>
                  o  inside range              ><

                  The port must be specified as a decimal number or one of the
                  aliases:
                  o  tcp/udp: echo (7)
                  o  tcp/udp: discard, sink, null (9)
                  o  tcp: ftp-data (20)
                  o  tcp: ftp (21)
                  o  tcp/udp: ssh (22)
                  o  tcp: telnet (23)
                  o  tcp/udp: domain, nameserver (53)
                  o  tcp/udp: bootps (67)
                  o  tcp/udp: bootpc (68)
                  o  udp: tftp (69)
                  o  tcp/udp: www, http (80)
                  o  tcp/udp: kerberos, krb5 (88)
                  o  tcp: sftp (115)
                  o  tcp/udp: ntp (123)
                  o  udp: snmp (161)
                  o  udp: snmp-trap, snmptrap (162)
                  o  tcp/udp: bgp (179)
                  o  tcp/udp: ldap (389)
                  o  tcp/udp: https (443)"
			 DEFVAL  { "any" }                
			 ::= { hmSec2UsrFwTemplateRuleEntry 4 }

	hmSec2UsrFwTemplateRuleDstNet   OBJECT-TYPE
			 SYNTAX 		 DisplayString (SIZE (0..20))
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
                "Single address (a.b.c.d) or address range in
				CIDR notation (a.b.c.d/n) or the keywords 'me'
				or 'any'."
			 DEFVAL  { "" }                
			 ::= { hmSec2UsrFwTemplateRuleEntry 5 }

	hmSec2UsrFwTemplateRuleDstPort   OBJECT-TYPE
			 SYNTAX 		 DisplayString (SIZE (0..20))
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
                 "Port expression or the keyword 'any'. A port expressions is
                  structured as 'port' (default), 'op port' or 'port1 op port2',
                  where 'op' is a mathematical operator for:
                  o  equal (default)           =
                  o  unequal                   !=
                  o  less than                 <
                  o  less than or equal        <=
                  o  greater than              >
                  o  greater than or equal to  >=
                  o  outside range             <>
                  o  inside range              ><

                  The port must be specified as a decimal number or one of the
                  aliases:
                  o  tcp/udp: echo (7)
                  o  tcp/udp: discard, sink, null (9)
                  o  tcp: ftp-data (20)
                  o  tcp: ftp (21)
                  o  tcp/udp: ssh (22)
                  o  tcp: telnet (23)
                  o  tcp/udp: domain, nameserver (53)
                  o  tcp/udp: bootps (67)
                  o  tcp/udp: bootpc (68)
                  o  udp: tftp (69)
                  o  tcp/udp: www, http (80)
                  o  tcp/udp: kerberos, krb5 (88)
                  o  tcp: sftp (115)
                  o  tcp/udp: ntp (123)
                  o  udp: snmp (161)
                  o  udp: snmp-trap, snmptrap (162)
                  o  tcp/udp: bgp (179)
                  o  tcp/udp: ldap (389)
                  o  tcp/udp: https (443)"
			 DEFVAL  { "any" }                
			 ::= { hmSec2UsrFwTemplateRuleEntry 6 }

    hmSec2UsrFwTemplateRuleComment	OBJECT-TYPE
			 SYNTAX			DisplayString (SIZE(0..128))
			 MAX-ACCESS		read-write
			 STATUS			current
			 DESCRIPTION
                 "A comment for the firewall rule."
             DEFVAL  { "" }
			 ::= { hmSec2UsrFwTemplateRuleEntry 7 }

	hmSec2UsrFwTemplateRuleLog	   OBJECT-TYPE
		     SYNTAX			 INTEGER {
							 enable(1),
							 disable(2)
					  }
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "Enables or disables logging for packets matching this rule."
			 DEFVAL  { disable }                
			 ::= { hmSec2UsrFwTemplateRuleEntry 8 }

    hmSec2UsrFwTemplateRuleStatus OBJECT-TYPE
			 SYNTAX      RowStatus
			 MAX-ACCESS  read-write
			 STATUS      current
			 DESCRIPTION
                     "Firewall rule status.
                     active(1)  		- This rule is active.
					 notInService(2) 	- Row has been suspended.
					 notReady(3)		- Row has incomplete values.
					 createAndGo(4)		- Accept row values and activate.
					 createAndWait(5)	- Accept row values and wait.
                     destroy(6) 		- Set to this value to remove this rule."
			 ::= { hmSec2UsrFwTemplateRuleEntry 9 }



--
-- Firewall Diagnostics --
--
hmSec2FirewallDiagnosticsGroup OBJECT IDENTIFIER ::= { hmSec2Firewall 9 }


--
-- List of all IP firewall rules --
--
hmSec2FwDiagL3Table	OBJECT-TYPE
			 SYNTAX SEQUENCE OF HmSec2FwDiagL3Entry
			 MAX-ACCESS not-accessible
			 STATUS current
			 DESCRIPTION
				 "Complete list of IP firewall rules."
			 ::= { hmSec2FirewallDiagnosticsGroup 1 }

hmSec2FwDiagL3Entry   OBJECT-TYPE
			 SYNTAX HmSec2FwDiagL3Entry
			 MAX-ACCESS not-accessible
			 STATUS current
			 DESCRIPTION "Firewall rule"
			 INDEX { hmSec2FwDiagL3Index }
			 ::= { hmSec2FwDiagL3Table 1 }
 
HmSec2FwDiagL3Entry ::= SEQUENCE {
			 hmSec2FwDiagL3Index		Integer32,
			 hmSec2FwDiagL3Group		DisplayString,
			 hmSec2FwDiagL3Ref			Integer32,
			 hmSec2FwDiagL3Interface	DisplayString,
			 hmSec2FwDiagL3SrcNet		DisplayString,
			 hmSec2FwDiagL3SrcPort		DisplayString,
			 hmSec2FwDiagL3DstNet		DisplayString,
			 hmSec2FwDiagL3DstPort		DisplayString,
			 hmSec2FwDiagL3Proto		DisplayString,
			 hmSec2FwDiagL3Action		INTEGER,
			 hmSec2FwDiagL3Log			INTEGER,
			 hmSec2FwDiagL3MatchCnt		Counter32
			 }

hmSec2FwDiagL3Index   OBJECT-TYPE
			 SYNTAX 		 Integer32
			 MAX-ACCESS 	 read-only
			 STATUS 		 current
			 DESCRIPTION
				 "Rule number in IP firewall table"
			 ::= { hmSec2FwDiagL3Entry 1 }

hmSec2FwDiagL3Group   OBJECT-TYPE
			 SYNTAX 		 DisplayString (SIZE (0..32))
			 MAX-ACCESS 	 read-only
			 STATUS 		 current
			 DESCRIPTION
				 "Name of group this rule belongs to."
			 ::= { hmSec2FwDiagL3Entry 2 }

hmSec2FwDiagL3Ref   OBJECT-TYPE
			 SYNTAX 		 Integer32
			 MAX-ACCESS 	 read-only
			 STATUS 		 current
			 DESCRIPTION
				 "Reference into group (typically the rule number).
                 If this value is -1, then no reference exist."
			 ::= { hmSec2FwDiagL3Entry 3 }


hmSec2FwDiagL3Interface   OBJECT-TYPE
			 SYNTAX 		 DisplayString (SIZE (0..15))
			 MAX-ACCESS 	 read-only
			 STATUS 		 current
			 DESCRIPTION
				 "Interface (or type of traffic)."
			 ::= { hmSec2FwDiagL3Entry 4 }


hmSec2FwDiagL3SrcNet   OBJECT-TYPE
			 SYNTAX 		 DisplayString (SIZE (0..20))
			 MAX-ACCESS 	 read-only
			 STATUS 		 current
			 DESCRIPTION
                 "Source address."
			 ::= { hmSec2FwDiagL3Entry 5 }

hmSec2FwDiagL3SrcPort   OBJECT-TYPE
			 SYNTAX 		 DisplayString (SIZE (0..20))
			 MAX-ACCESS 	 read-only
			 STATUS 		 current
			 DESCRIPTION
                 "Source port (expression)."
			 ::= { hmSec2FwDiagL3Entry 6 }

hmSec2FwDiagL3DstNet   OBJECT-TYPE
			 SYNTAX 		 DisplayString (SIZE (0..20))
			 MAX-ACCESS 	 read-only
			 STATUS 		 current
			 DESCRIPTION
                 "Destination address."
			 ::= { hmSec2FwDiagL3Entry 7 }

hmSec2FwDiagL3DstPort   OBJECT-TYPE
			 SYNTAX 		 DisplayString (SIZE (0..20))
			 MAX-ACCESS 	 read-only
			 STATUS 		 current
			 DESCRIPTION
                 "Destination port (expression)"
			 ::= { hmSec2FwDiagL3Entry 8 }

hmSec2FwDiagL3Proto   OBJECT-TYPE
		   	 SYNTAX			 DisplayString (SIZE (0..10))
			 MAX-ACCESS 	 read-only
			 STATUS 		 current
			 DESCRIPTION
				 "IP protocol"
			 ::= { hmSec2FwDiagL3Entry 9 }

hmSec2FwDiagL3Action   OBJECT-TYPE
		   	 SYNTAX			 INTEGER {
							 accept(1),
							 drop(2),
							 reject(3)
					  }
			 MAX-ACCESS 	 read-only
			 STATUS 		 current
			 DESCRIPTION
				 "Action."
			 ::= { hmSec2FwDiagL3Entry 10 }

hmSec2FwDiagL3Log	   OBJECT-TYPE
		     SYNTAX			 INTEGER {
							 enable(1),
							 disable(2),
							 logAndTrap(3)
					  }
			 MAX-ACCESS 	 read-only
			 STATUS 		 current
			 DESCRIPTION
				 "Logging."
			 ::= { hmSec2FwDiagL3Entry 11 }

hmSec2FwDiagL3MatchCnt OBJECT-TYPE
		     SYNTAX			 Counter32 
			 MAX-ACCESS 	 read-only
			 STATUS 		 current
			 DESCRIPTION
				 "Counts the matches on this rule."
			 ::= { hmSec2FwDiagL3Entry 12 }

--
-- Firewall Learning Mode --
--
hmSec2FirewallLearningModeGroup OBJECT IDENTIFIER ::= { hmSec2Firewall 10 }

hmSec2FirewallLearningModeVars OBJECT IDENTIFIER ::= { hmSec2FirewallLearningModeGroup 1 }

--
-- List of States and Generic Vars for Firewall Learning Mode--
--

hmSec2FLMAdminState   OBJECT-TYPE
		     SYNTAX			 INTEGER {
							 enable(1),
							 disable(2)
					  }
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "Enable or disable the Firewall Learning Mode "
			 DEFVAL  { disable }		 
			 ::= { hmSec2FirewallLearningModeVars 1 }

hmSec2FLMAction   OBJECT-TYPE
		     SYNTAX			 INTEGER {
							 other(1),
							 start(2),
							 stop(3),
							 clear(4)
					  }
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "Actions to control the Firewall Learning Mode "
			 DEFVAL  { other }		 
			 ::= { hmSec2FirewallLearningModeVars 2 }

hmSec2FLMInterfaces   OBJECT-TYPE
		     SYNTAX			 INTEGER {
							 both(1),
							 int(2),
							 ext(3)
					  }
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "Defines the Interface to learn from"
			 DEFVAL  { both }		 
			 ::= { hmSec2FirewallLearningModeVars 3 }

hmSec2FLMType  OBJECT-TYPE
		     SYNTAX			 INTEGER {
							 learn(1),
							 test(2)
					  }
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "Learning or testing Mode"
			 DEFVAL  { learn }		 
			 ::= { hmSec2FirewallLearningModeVars 4 }

hmSec2FLMAppState  OBJECT-TYPE
		     SYNTAX			 INTEGER {
							 off(1),
							 stoppeddatanotpresent(2),
							 stoppeddatapresent(3),
							 learning(4),
							 testing(5),
							 pending(6)
					  }
			 MAX-ACCESS 	 read-only
			 STATUS 		 current
			 DESCRIPTION
				 "State of running FLM Application"
			 ::= { hmSec2FirewallLearningModeVars 5 }

hmSec2FLMAppInfoEnum OBJECT-TYPE
		     SYNTAX			 INTEGER {
							 other(1),
							 normal(2),
							 ramlow(3),
							 ramempty(4),
							 conndrop(5)
					 }	 
			 MAX-ACCESS 	 read-only
			 STATUS 		 current
			 DESCRIPTION
				 "Enum for Infostring"
			 ::= { hmSec2FirewallLearningModeVars 6 }

hmSec2FLMAppInfoString   OBJECT-TYPE
			 SYNTAX 		 DisplayString (SIZE (0..80))
			 MAX-ACCESS 	 read-only
			 STATUS 		 current
			 DESCRIPTION
                 "Special Statusmessage"
			 ::= { hmSec2FirewallLearningModeVars 7 }
			 

hmSec2FLML3Entries OBJECT-TYPE
		     SYNTAX			 Integer32
			 MAX-ACCESS 	 read-only
			 STATUS 		 current
			 DESCRIPTION
				 "Number of Layer 3 entries in the connection table"
			 ::= { hmSec2FirewallLearningModeVars 8 }

hmSec2FLMFreeMem  OBJECT-TYPE
		     SYNTAX			 Integer32
			 MAX-ACCESS 	 read-only
			 STATUS 		 current
			 DESCRIPTION
				 "Free Mem For Learning Data"
			 ::= { hmSec2FirewallLearningModeVars 9 }

hmSec2FLMAnyRuleChange  OBJECT-TYPE
		    SYNTAX			 INTEGER
		     {
			 automatic(1),
			 manual(2)
				}	
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "How to handle detected accept-any rules during Learning Mode.
				 This can only be set during state: Data not present"
			 DEFVAL  { automatic }		  
			 ::= { hmSec2FirewallLearningModeVars 10 }

--
-- List of all MAC firewall rules --
--
hmSec2FwDiagL2Table	OBJECT-TYPE
			 SYNTAX SEQUENCE OF HmSec2FwDiagL2Entry
			 MAX-ACCESS not-accessible
			 STATUS current
			 DESCRIPTION
				 "Complete list of MAC firewall rules."
			 ::= { hmSec2FirewallDiagnosticsGroup 2 }

hmSec2FwDiagL2Entry   OBJECT-TYPE
			 SYNTAX HmSec2FwDiagL2Entry
			 MAX-ACCESS not-accessible
			 STATUS current
			 DESCRIPTION "Firewall rule"
			 INDEX { hmSec2FwDiagL2Index }
			 ::= { hmSec2FwDiagL2Table 1 }
 
HmSec2FwDiagL2Entry ::= SEQUENCE {
			 hmSec2FwDiagL2Index		Integer32,
			 hmSec2FwDiagL2Group		DisplayString,
			 hmSec2FwDiagL2Ref			Integer32,
			 hmSec2FwDiagL2Interface	DisplayString,
			 hmSec2FwDiagL2SrcNet		DisplayString,
			 hmSec2FwDiagL2DstNet		DisplayString,
			 hmSec2FwDiagL2Proto		DisplayString,
			 hmSec2FwDiagL2Action		INTEGER,
			 hmSec2FwDiagL2Log			INTEGER,
 			 hmSec2FwDiagL2MatchCnt		Counter32
			 }

hmSec2FwDiagL2Index   OBJECT-TYPE
			 SYNTAX 		 Integer32
			 MAX-ACCESS 	 read-only
			 STATUS 		 current
			 DESCRIPTION
				 "Rule number in MAC firewall table"
			 ::= { hmSec2FwDiagL2Entry 1 }

hmSec2FwDiagL2Group   OBJECT-TYPE
			 SYNTAX 		 DisplayString (SIZE (0..32))
			 MAX-ACCESS 	 read-only
			 STATUS 		 current
			 DESCRIPTION
				 "Name of group this rule belongs to."
			 ::= { hmSec2FwDiagL2Entry 2 }

hmSec2FwDiagL2Ref   OBJECT-TYPE
			 SYNTAX 		 Integer32
			 MAX-ACCESS 	 read-only
			 STATUS 		 current
			 DESCRIPTION
				 "Reference into group (typically the rule number).
                 If this value is -1, then no reference exist."
			 ::= { hmSec2FwDiagL2Entry 3 }


hmSec2FwDiagL2Interface   OBJECT-TYPE
			 SYNTAX 		 DisplayString (SIZE (0..15))
			 MAX-ACCESS 	 read-only
			 STATUS 		 current
			 DESCRIPTION
				 "Interface (or type of traffic)."
			 ::= { hmSec2FwDiagL2Entry 4 }


hmSec2FwDiagL2SrcNet   OBJECT-TYPE
			 SYNTAX 		 DisplayString (SIZE (0..20))
			 MAX-ACCESS 	 read-only
			 STATUS 		 current
			 DESCRIPTION
                 "Source address."
			 ::= { hmSec2FwDiagL2Entry 5 }

hmSec2FwDiagL2DstNet   OBJECT-TYPE
			 SYNTAX 		 DisplayString (SIZE (0..20))
			 MAX-ACCESS 	 read-only
			 STATUS 		 current
			 DESCRIPTION
                 "Destination address."
			 ::= { hmSec2FwDiagL2Entry 6 }

hmSec2FwDiagL2Proto   OBJECT-TYPE
		   	 SYNTAX			 DisplayString (SIZE (0..10))
			 MAX-ACCESS 	 read-only
			 STATUS 		 current
			 DESCRIPTION
				 "Layer 2 (Ethernet) protocol"
			 ::= { hmSec2FwDiagL2Entry 7 }

hmSec2FwDiagL2Action   OBJECT-TYPE
		   	 SYNTAX			 INTEGER {
							 accept(1),
							 drop(2)
					  }
			 MAX-ACCESS 	 read-only
			 STATUS 		 current
			 DESCRIPTION
				 "Action."
			 ::= { hmSec2FwDiagL2Entry 8 }

hmSec2FwDiagL2Log	   OBJECT-TYPE
		     SYNTAX			 INTEGER {
							 enable(1),
							 disable(2),
							 logAndTrap(3)
					  }
			 MAX-ACCESS 	 read-only
			 STATUS 		 current
			 DESCRIPTION
				 "Logging."
			 ::= { hmSec2FwDiagL2Entry 9 }

hmSec2FwDiagL2MatchCnt OBJECT-TYPE
		     SYNTAX			 Counter32 
			 MAX-ACCESS 	 read-only
			 STATUS 		 current
			 DESCRIPTION
				 "Counts the matches on this rule."
			 ::= { hmSec2FwDiagL2Entry 10 }

hmSec2FwConfigGroup OBJECT IDENTIFIER ::= { hmSec2Firewall 11 }

hmSec2FwStaticPacketCheck OBJECT-TYPE
	   	 SYNTAX			 INTEGER {
						 enable(1),
						 disable(2)
						  }
		MAX-ACCESS		 read-write
		STATUS			 current
		DESCRIPTION
             "Enable or disable static packet check  
             in the firewall (disable for performance reasons)."
	    DEFVAL  { enable }                
		::= { hmSec2FwConfigGroup 1 }

hmSec2FwInternRemNumIPRules OBJECT-TYPE
		SYNTAX			 Counter32 
		MAX-ACCESS 	 	 read-only
		STATUS 		 	 current
		DESCRIPTION
             "Remaining number of internally available IP firewall rules."
		::= { hmSec2FwConfigGroup 2 }

--
-- Network group 
--
    hmSec2NetGeneralGroup OBJECT IDENTIFIER ::= { hmSec2Network 1 }
    hmSec2NetTransparentGroup OBJECT IDENTIFIER ::= { hmSec2Network 2 }
    hmSec2NetRouterGroup OBJECT IDENTIFIER ::= { hmSec2Network 3 }
    hmSec2NetPPPoEGroup OBJECT IDENTIFIER ::= { hmSec2Network 4 }
    hmSec2NetPPPGroup OBJECT IDENTIFIER ::= { hmSec2Network 5 }
    hmSec2NetDNSClientGroup OBJECT IDENTIFIER ::= { hmSec2Network 6 }
    hmSec2NetDynDNSGroup OBJECT IDENTIFIER ::= { hmSec2Network 7 }
    hmSec2NetPingGroup OBJECT IDENTIFIER ::= { hmSec2Network 8 }

--
-- General Network variables
--
    hmSec2NetworkMode OBJECT-TYPE
     SYNTAX INTEGER {
			transparent(1),
			router(2),
			pppoe(3)
		    }
     MAX-ACCESS read-write
     STATUS current
     DESCRIPTION
        "Network mode:
          Transparent Mode or Routing Mode (PPPoE is also Routing Mode)"
    ::= { hmSec2NetGeneralGroup 1 }

	hmSec2NetAction OBJECT-TYPE
			 SYNTAX 		 INTEGER {
							 other (1),
							 activate (2),
							 flushstates (3)
							 }
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "This object, when read, always returns a value of other(1).
				 Setting the object to activate(2) causes a reconfiguration
				 of the IP protocol stack and network configuration with the 
				 current value of hmSec2NetworkMode.
				 All of the further configuration depends on the used operating
				 mode, such as hmSec2LocalIPAddr, hmSec2GatewayIPAddr, 
				 hmSec2NetMask, hmSec2UseVLAN and hmSec2MgmtVLANID in 
				 Transparent Mode or the tables values out of 
				 hmSec2NetIPInterfaceTable (defined by hmSec2NetIPInterfaceEntry)
				 in Router or PPPoE mode. In PPPoE mode also the PPPoE 
				 configuration is taken into account. Additional routing 
				 values will be used after the reconfiguration.
				 Setting the object to flushstates(3) causes a flush to the
				 Firewall and NAT state/mapping tables, which removes all
				 active mappings and connection entries. Clients behind the 
				 Firewall or the NAT router will have to re-establish 
				 their connections."
		     DEFVAL  { other }				 
			 ::= { hmSec2NetGeneralGroup 2 }

	hmSec2NetDirectedBroadcasts OBJECT-TYPE
	   	 	 SYNTAX			 INTEGER {
							 enable(1),
							 disable(2)
							  }
			 MAX-ACCESS		 read-write
			 STATUS			 current
			 DESCRIPTION
             	 "Enable or disable forwarding of net directed broadcasts  
             	 by the device. Remark: net directed broadcast can be used 
             	 for so called Smurf attacks.  
             	 Per default this feature is disabled 
             	 (do not allow Smurf attacks)."
	 	     DEFVAL  { disable }                
			 ::= { hmSec2NetGeneralGroup 3 }

	hmSec2NetIPFragmentsAllowed OBJECT-TYPE
	   	 	 SYNTAX			 INTEGER {
							 enable(1),
							 disable(2)
							  }
			 MAX-ACCESS		 read-write
			 STATUS			 current
			 DESCRIPTION
             	 "Enable or disable forwarding of IP fragments  
             	 by the device. 
             	 Per default this feature is enabled."
	 	     DEFVAL  { enable }                
			 ::= { hmSec2NetGeneralGroup 4 }

	hmSec2NetICMPSendRedirects OBJECT-TYPE
	   	 	 SYNTAX			 INTEGER {
							 enable(1),
							 disable(2)
							  }
			 MAX-ACCESS		 read-write
			 STATUS			 current
			 DESCRIPTION
             	 "Enable or disable sending of ICMP redirects  
             	 by the device, when the incoming subnet and interface 
             	 and the outgoing subnet and interface is the same
             	 for the forwarded packet. 
             	 Per default this feature is enabled."
	 	     DEFVAL  { enable }                
			 ::= { hmSec2NetGeneralGroup 5 }

	hmSec2NetEtherBroadcastRoute OBJECT-TYPE
	   	 	 SYNTAX			 INTEGER {
							 enable(1),
							 disable(2)
							  }
			 MAX-ACCESS		 read-write
			 STATUS			 current
			 DESCRIPTION
             	 "Internal use only."
	 	     DEFVAL  { disable }                
			 ::= { hmSec2NetGeneralGroup 6 }

	hmSec2LocalIPAddr   OBJECT-TYPE
			 SYNTAX 		 IpAddress
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
                 "IP address of the management agent in transparent mode.
				 Changing this value will take effect after activating with hmNetAction."
			 DEFVAL  { 'C0A80101'H } -- 192.168.1.1
			 ::= { hmSec2NetTransparentGroup 1 }

	hmSec2LocalPhysAddr	 OBJECT-TYPE
			 SYNTAX 		 PhysAddress
			 MAX-ACCESS 	 read-only
			 STATUS 		 current
			 DESCRIPTION
				 "Physical MAC-address of the agent."
			 ::= { hmSec2NetTransparentGroup 2 }

	hmSec2GatewayIPAddr	 OBJECT-TYPE
			 SYNTAX 		 IpAddress
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "IP address of the default gateway.
				 Changing this value will take effect after activating with hmNetAction."
			 DEFVAL  { '00000000'H } -- 0.0.0.0
			 ::= { hmSec2NetTransparentGroup 3 }

	hmSec2NetMask	OBJECT-TYPE
			 SYNTAX 		 IpAddress
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "Subnet mask.
				 Changing this value will take effect after activating with hmNetAction."
			 DEFVAL  { 'FFFFFF00'H } -- 255.255.255.0
			 ::= { hmSec2NetTransparentGroup 4 }

	hmSec2UseVLAN	OBJECT-TYPE
		   	 SYNTAX			 INTEGER {
							 enable(1),
							 disable(2)
					  }
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "Use VLAN Tag and Management VLAN ID."
			 DEFVAL  { disable }                
			 ::= { hmSec2NetTransparentGroup 5 }

 	hmSec2MgmtVLANID	OBJECT-TYPE
		   	 SYNTAX			 Integer32 (1..4094)
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "Management VLAN ID."
			 DEFVAL  { 1 }                
			 ::= { hmSec2NetTransparentGroup 6 }
                       
	hmSec2NetProto OBJECT-TYPE
			SYNTAX			 INTEGER {
							 none  (1),
							 dhcp (2)
							 }
			MAX-ACCESS		 read-write
			STATUS			 current
			DESCRIPTION
                 "Network Protocol to obtain IP configuration. 
                 (1) none means use fix configuration, (2) DHCP means 
                 using DHCP in transparent mode to obtain a IP address from server."
		    DEFVAL  { none }                
			::= { hmSec2NetTransparentGroup 7 }
                        
	hmSec2NetPassThroughSTP OBJECT-TYPE
		   	 SYNTAX			 INTEGER {
							 enable(1),
							 disable(2)
							  }
			MAX-ACCESS		 read-write
			STATUS			 current
			DESCRIPTION
                 "Passthorugh Spanning Tree Protocol BPDU frames 
                 in Transparent Mode."
		    DEFVAL  { enable }                
			::= { hmSec2NetTransparentGroup 8 }

	hmSec2NetPassThroughGMRP OBJECT-TYPE
		   	 SYNTAX			 INTEGER {
							 enable(1),
							 disable(2)
							  }
			MAX-ACCESS		 read-write
			STATUS			 current
			DESCRIPTION
                 "Passthorugh GMRP (GARP Multicast registration protocol) 
                 frames in Transparent Mode."
		    DEFVAL  { disable }                
			::= { hmSec2NetTransparentGroup 9 }

	hmSec2NetPassThroughDHCP OBJECT-TYPE
		   	 SYNTAX			 INTEGER {
							 enable(1),
							 disable(2)
							  }
			MAX-ACCESS		 read-write
			STATUS			 current
			DESCRIPTION
                 "Passthorugh DHCP (no DHCP server on the EAGLE) 
                 frames in Transparent Mode."
		    DEFVAL  { disable }                
			::= { hmSec2NetTransparentGroup 10 }
                        
--
-- Network 
--

	hmSec2NetIPInterfaceTable OBJECT-TYPE
		SYNTAX		SEQUENCE OF HmSec2NetIPInterfaceEntry
		MAX-ACCESS		not-accessible
		STATUS			current
		DESCRIPTION
			"This table contains the IP Configuration table for
			the IP interfaces."
		::= { hmSec2NetRouterGroup 1 }

	hmSec2NetIPInterfaceEntry OBJECT-TYPE
		SYNTAX		HmSec2NetIPInterfaceEntry
		MAX-ACCESS		not-accessible
		STATUS			current         
		DESCRIPTION
			"This table contains the IP Configuration table for
			the internal interface."
		INDEX		{ hmSec2NetIPIfIndex }
		::= { hmSec2NetIPInterfaceTable 1 }
    
	HmSec2NetIPInterfaceEntry ::= SEQUENCE {
		hmSec2NetIPIfIndex Integer32,
		hmSec2NetIPIfAddr IpAddress,
		hmSec2NetIPIfMask IpAddress,
		hmSec2NetIPIfUseVLAN INTEGER,
		hmSec2NetIPIfVLANID Integer32,
		hmSec2NetIPIfNetProto INTEGER
		}
    
	hmSec2NetIPIfIndex	 	OBJECT-TYPE
			 SYNTAX 		 Integer32
			 MAX-ACCESS 	 read-only
			 STATUS 		 current
			 DESCRIPTION
				 "Index of IP interface in the table."
			 ::= { hmSec2NetIPInterfaceEntry 1 }

	hmSec2NetIPIfAddr	OBJECT-TYPE
			 SYNTAX 		 IpAddress
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "Internal IP address."
			 ::= { hmSec2NetIPInterfaceEntry 2 }


	hmSec2NetIPIfMask	OBJECT-TYPE
			 SYNTAX 		 IpAddress
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "Subnet mask."
			 ::= { hmSec2NetIPInterfaceEntry 3 }

	hmSec2NetIPIfUseVLAN	OBJECT-TYPE
		   	 SYNTAX			 INTEGER {
							 enable(1),
							 disable(2)
					  }
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "Use VLAN Tag and Management VLAN ID."
			 DEFVAL  { disable }                
			 ::= { hmSec2NetIPInterfaceEntry 4 }

 	hmSec2NetIPIfVLANID	OBJECT-TYPE
		   	 SYNTAX			 Integer32 (1..4094)
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "Management VLAN ID."
			 DEFVAL  { 1 }                
			 ::= { hmSec2NetIPInterfaceEntry 5 }

	hmSec2NetIPIfNetProto OBJECT-TYPE
			SYNTAX			 INTEGER {
							 none  (1),
							 dhcp (2)
							 }
			MAX-ACCESS		 read-write
			STATUS			 current
			DESCRIPTION
                 "Network Protocol to obtain IP configuration. 
                 (1) none means use fix configuration, (2) DHCP means 
                 using DHCP on this interface to obtain a IP address from server."
			::= { hmSec2NetIPInterfaceEntry 6 }


--
-- Additional IP Addresses for the interfaces table
--
	hmSec2NetIPAliasesTable OBJECT-TYPE
		SYNTAX		SEQUENCE OF HmSec2NetIPAliasesEntry
		MAX-ACCESS		not-accessible
		STATUS			current
		DESCRIPTION
			"This table contains additional IP Configuration for
			the IP interfaces."
		::= { hmSec2NetRouterGroup 2 }

	hmSec2NetIPAliasesEntry OBJECT-TYPE
		SYNTAX		HmSec2NetIPAliasesEntry
		MAX-ACCESS		not-accessible
		STATUS			current         
		DESCRIPTION
			"This table contains additional IP Configuration for
			the IP interfaces."
		INDEX		{ hmSec2NetIPAliasIfIndex, hmSec2NetIPAliasAddr }
		::= { hmSec2NetIPAliasesTable 1 }
    
	HmSec2NetIPAliasesEntry ::= SEQUENCE {
		hmSec2NetIPAliasIfIndex Integer32,
		hmSec2NetIPAliasAddr IpAddress,
		hmSec2NetIPAliasMask IpAddress,
		hmSec2NetIPAliasUseVLAN INTEGER,
		hmSec2NetIPAliasVLANID Integer32,
		hmSec2NetIPAliasRowStatus RowStatus
		}
    
	hmSec2NetIPAliasIfIndex	 	OBJECT-TYPE
			 SYNTAX 		 Integer32
			 MAX-ACCESS 	 read-only
			 STATUS 		 current
			 DESCRIPTION
				 "Index of IP interface in the table."
			 ::= { hmSec2NetIPAliasesEntry 1 }

	hmSec2NetIPAliasAddr	OBJECT-TYPE
			 SYNTAX 		 IpAddress
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "Internal IP address."
			 ::= { hmSec2NetIPAliasesEntry 2 }


	hmSec2NetIPAliasMask	OBJECT-TYPE
			 SYNTAX 		 IpAddress
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "Subnet mask."
			 ::= { hmSec2NetIPAliasesEntry 3 }

	hmSec2NetIPAliasUseVLAN	OBJECT-TYPE
		   	 SYNTAX			 INTEGER {
							 enable(1),
							 disable(2)
					  }
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "Use VLAN Tag and Management VLAN ID."
			 DEFVAL  { disable }                
			 ::= { hmSec2NetIPAliasesEntry 4 }

 	hmSec2NetIPAliasVLANID	OBJECT-TYPE
		   	 SYNTAX			 Integer32 (1..4094)
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "Management VLAN ID."
			 DEFVAL  { 1 }                
			 ::= { hmSec2NetIPAliasesEntry 5 }

	hmSec2NetIPAliasRowStatus   OBJECT-TYPE
			 SYNTAX 		 RowStatus
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "The row status for the table entry
				  The configuration is been taken,
				  when the row status is set to active."
			 ::= { hmSec2NetIPAliasesEntry 6 }



--
-- Some more Network Variables for the external interface                        
--               
	hmSec2NetRouterExternalGroup	 OBJECT IDENTIFIER ::= { hmSec2NetRouterGroup 3 }
               
	hmSec2NetRtrExternalGateway	 OBJECT-TYPE
			 SYNTAX 		 IpAddress
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "IP address of the default gateway for the external interface.
				 Changing this value will take effect after activating with hmNetAction."
			 DEFVAL  { '00000000'H } -- 0.0.0.0
			 ::= { hmSec2NetRouterExternalGroup 1 }

	hmSec2NetRtrExtTrapAddr	OBJECT-TYPE
		   	 SYNTAX			 INTEGER {
							 enable(1),
							 disable(2)
					  }
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "Use the external router IP address as agent address
				  for sending SNMP v1 traps."
			 DEFVAL  { disable }                
			 ::= { hmSec2NetRouterExternalGroup 2 }

--
-- Additional Routing entries for the system routing table
--
	hmSec2NetIPRouteTable OBJECT-TYPE
			SYNTAX			SEQUENCE OF HmSec2NetIPRouteEntry
			MAX-ACCESS		not-accessible
			STATUS			current
			DESCRIPTION
				"This table contains additional Routing Configuration for
				the IP interfaces."
			::= { hmSec2NetRouterGroup 4 }

	hmSec2NetIPRouteEntry OBJECT-TYPE
			SYNTAX			HmSec2NetIPRouteEntry
			MAX-ACCESS		not-accessible
			STATUS			current         
			DESCRIPTION
				"This table contains additional IP Configuration for
				the IP interfaces."
			INDEX		{ hmSec2NetIPRouteIfIndex, hmSec2NetIPRouteAddr, hmSec2NetIPRouteMask }
			::= { hmSec2NetIPRouteTable 1 }
    
	HmSec2NetIPRouteEntry ::= SEQUENCE {
			hmSec2NetIPRouteIfIndex 	Integer32,
			hmSec2NetIPRouteAddr 		IpAddress,
			hmSec2NetIPRouteMask 		IpAddress,
			hmSec2NetIPRouteGateway 	IpAddress,
			hmSec2NetIPRouteRowStatus 	RowStatus
			}
    
	hmSec2NetIPRouteIfIndex	 	OBJECT-TYPE
			 SYNTAX 		Integer32
			 MAX-ACCESS 	read-only
			 STATUS 		current
			 DESCRIPTION
				 "Index of IP interface in the table."
			 ::= { hmSec2NetIPRouteEntry 1 }

	hmSec2NetIPRouteAddr	OBJECT-TYPE
			 SYNTAX 		IpAddress
			 MAX-ACCESS 	read-write
			 STATUS 		current
			 DESCRIPTION
				 "Network IP address."
			 ::= { hmSec2NetIPRouteEntry 2 }


	hmSec2NetIPRouteMask	OBJECT-TYPE
			 SYNTAX 		 IpAddress
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "Network subnet mask."
			 ::= { hmSec2NetIPRouteEntry 3 }

	hmSec2NetIPRouteGateway	OBJECT-TYPE
			 SYNTAX 		 IpAddress
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "Gateway to be used for this network."
			 ::= { hmSec2NetIPRouteEntry 4 }

	hmSec2NetIPRouteRowStatus   OBJECT-TYPE
			 SYNTAX 		 RowStatus
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "The row status for the table entry.
				  The configuration is been taken,
				  when the row status is set to active."
			 ::= { hmSec2NetIPRouteEntry 5 }


--
-- PPPoE configuration 
--
    hmSec2PPPoEUsername OBJECT-TYPE
			 SYNTAX 		DisplayString (SIZE (0..128))
			 MAX-ACCESS 	read-write
		     STATUS 		current
		     DESCRIPTION
        		"PPPoE login configuration user name"
   			 ::= { hmSec2NetPPPoEGroup 1 }

    hmSec2PPPoEPassword OBJECT-TYPE
			 SYNTAX 		DisplayString (SIZE (0..32))
			 MAX-ACCESS 	read-write
		     STATUS 		current
		     DESCRIPTION
        		"PPPoE login configuration password"
   			 ::= { hmSec2NetPPPoEGroup 2 }

    hmSec2PPPoEMTU OBJECT-TYPE
			 SYNTAX 		INTEGER (60..1500)
			 MAX-ACCESS 	read-write
		     STATUS 		current
		     DESCRIPTION
        		"PPPoE Interface MTU preconfigured value."
			 DEFVAL  		{ 1492 }
   			 ::= { hmSec2NetPPPoEGroup 3 }

	hmSec2PPPoEIfAddr	OBJECT-TYPE
			 SYNTAX 		 IpAddress
			 MAX-ACCESS 	 read-only
			 STATUS 		 current
			 DESCRIPTION
				 "Provider assigned IP address on PPPoE interface."
			 ::= { hmSec2NetPPPoEGroup 4 }

	hmSec2PPPoEIfMask	OBJECT-TYPE
			 SYNTAX 		 IpAddress
			 MAX-ACCESS 	 read-only
			 STATUS 		 current
			 DESCRIPTION
				 "Provider assigned subnet mask."
			 ::= { hmSec2NetPPPoEGroup 5 }

	hmSec2PPPoEGateway	OBJECT-TYPE
			 SYNTAX 		 IpAddress
			 MAX-ACCESS 	 read-only
			 STATUS 		 current
			 DESCRIPTION
				 "Provider assigned gateway address."
			 ::= { hmSec2NetPPPoEGroup 6 }

	hmSec2PPPoEStatus	OBJECT-TYPE
			 SYNTAX 		 DisplayString (SIZE (0..128))
			 MAX-ACCESS 	 read-only
			 STATUS 		 current
			 DESCRIPTION
				 "Current state of PPPoE interface."
			 ::= { hmSec2NetPPPoEGroup 7 }

	hmSec2PPPoEDisconAdminState  OBJECT-TYPE
		   	 SYNTAX			 INTEGER {
							 enable(1),
							 disable(2)
					  }
			 MAX-ACCESS 	read-write
		     STATUS 		current
		     DESCRIPTION
        		"PPPoE automatic disconnect admin state.
        		 When enabled an automatic disconnect will be performed every
        		 day at the specified hour (if PPPoE connection is up only)."
			 DEFVAL  		{ disable }
			 ::= { hmSec2NetPPPoEGroup 8 }

	hmSec2PPPoEDisconHour OBJECT-TYPE
			 SYNTAX 		INTEGER (0..23)
			 MAX-ACCESS 	read-write
		     STATUS 		current
		     DESCRIPTION
        		"PPPoE automatic disconnect hour setting."
			 DEFVAL  		{ 0 }
			 ::= { hmSec2NetPPPoEGroup 9 }

--
-- PPP configuration 
--
    hmSec2PPPUsername OBJECT-TYPE
			 SYNTAX 		DisplayString (SIZE (0..128))
			 MAX-ACCESS 	read-write
		     STATUS 		current
		     DESCRIPTION
        		"PPP login configuration user name"
   			 ::= { hmSec2NetPPPGroup 1 }

    hmSec2PPPPassword OBJECT-TYPE
			 SYNTAX 		DisplayString (SIZE (0..32))
			 MAX-ACCESS 	read-write
		     STATUS 		current
		     DESCRIPTION
        		"PPP login configuration password"
    		 ::= { hmSec2NetPPPGroup 2 }

	hmSec2PPPLocalIPAddress	OBJECT-TYPE
			 SYNTAX 		 IpAddress
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "Local IP address for PPP configuration."
			 DEFVAL  { 'C0A80201'H } -- 192.168.2.1
   			 ::= { hmSec2NetPPPGroup 3 }

	hmSec2PPPRemoteIPAddress	OBJECT-TYPE
			 SYNTAX 		 IpAddress
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "Remote IP address for PPP configuration."
			 DEFVAL  { 'C0A80202'H } -- 192.168.2.2
    		 ::= { hmSec2NetPPPGroup 4 }

	hmSec2PPPModemAdminState	OBJECT-TYPE
		   	 SYNTAX			 INTEGER {
							 enable(1),
							 disable(2)
					  }
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "Allow Modem on serial interface or not.
				  The  configuration will be taken, when
				  hmSec2NetAction variable is set to
				  activate."
			 DEFVAL  { disable }                
			 ::= { hmSec2NetPPPGroup 5 }

	hmSec2PPPModemBaudRate	OBJECT-TYPE
		   	 SYNTAX			 INTEGER {
							 b19200(1),
							 b38400(2),
							 b57600(3)
					  }
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "Modem speed on serial connection to be used."
			 DEFVAL  { b57600 }                
			 ::= { hmSec2NetPPPGroup 6 }

    hmSec2PPPMTU OBJECT-TYPE
			 SYNTAX 		INTEGER (60..1500)
			 MAX-ACCESS 	read-write
		     STATUS 		current
		     DESCRIPTION
        		"PPP Interface MTU preconfigured value."
			 DEFVAL  		{ 1500 }
   			 ::= { hmSec2NetPPPGroup 7 }

	hmSec2PPPStatus	OBJECT-TYPE
			 SYNTAX 		 DisplayString (SIZE (0..128))
			 MAX-ACCESS 	 read-only
			 STATUS 		 current
			 DESCRIPTION
				 "Current state of PPP interface."
			 ::= { hmSec2NetPPPGroup 8 }

	hmSec2PPPModemFlowControl	OBJECT-TYPE
		   	 SYNTAX			 INTEGER {
							 off(1),
							 rtscts(2)
					  }
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "Modem flow control on serial connection to be used.
				  Off disable all flow control options.
				  RTS/CTS means hardware flow control."
			 DEFVAL  { off }                
			 ::= { hmSec2NetPPPGroup 9 }

--
-- DNS Client Definitions --
--

	hmSec2DNSClientServer1	 	OBJECT-TYPE
			SYNTAX 		 	IpAddress
			MAX-ACCESS 	 	read-write
			STATUS 		 	current
			DESCRIPTION
				"The first DNS Server to use."
			DEFVAL  { '00000000'H } -- 0.0.0.0
			::= { hmSec2NetDNSClientGroup 1 }
	
	hmSec2DNSClientServer2	 	OBJECT-TYPE
			SYNTAX 		 	IpAddress
			MAX-ACCESS 	 	read-write
			STATUS 		 	current
			DESCRIPTION
				"The second DNS Server to use."
			DEFVAL  { '00000000'H } -- 0.0.0.0
			::= { hmSec2NetDNSClientGroup 2 }
	
	hmSec2DNSClientServer3	 	OBJECT-TYPE
			SYNTAX 		 	IpAddress
			MAX-ACCESS 	 	read-write
			STATUS 		 	current
			DESCRIPTION
				"The third DNS Server to use."
			DEFVAL  { '00000000'H } -- 0.0.0.0
			::= { hmSec2NetDNSClientGroup 3 }
	
	hmSec2DNSClientServer4	 	OBJECT-TYPE
			SYNTAX 		 	IpAddress
			MAX-ACCESS 	 	read-write
			STATUS 		 	current
			DESCRIPTION
				"The fourth DNS Server to use."
			DEFVAL  { '00000000'H } -- 0.0.0.0
			::= { hmSec2NetDNSClientGroup 4 }

	hmSec2DNSClientConfigSource 	OBJECT-TYPE
			SYNTAX 		 	INTEGER {
							user(1),
							provider(2)
							}
			MAX-ACCESS 	 	read-write
			STATUS 		 	current
			DESCRIPTION
				"DNS Client configuration source.
				 If the value is set to user(1), 
				 then the variables hmSec2DNSClientServer1
				 to hmSec2DNSClientServer4 will be used.
				 If the value is set to provider(2), then
				 the DNS configuration comes from the
				 access protocol like PPP or PPPoE.
				 The  configuration will be taken, when
				 hmSec2NetAction variable is set to
				 activate."
			DEFVAL { provider }
			::= { hmSec2NetDNSClientGroup 5 }
	
--
-- DynDNS configuration 
--
	hmSec2DynDNSProvider 	OBJECT-TYPE
			 SYNTAX			 INTEGER {
							 dyndns-org  (1),
							 other  (2)
							 }
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
                 "Type of DynDNS provider to be used."
			 DEFVAL  { dyndns-org }                
			 ::= { hmSec2NetDynDNSGroup 1 }

	hmSec2DynDNSRegister 	OBJECT-TYPE
		   	 SYNTAX			 INTEGER {
							 enable(1),
							 disable(2)
					  }
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "Enables or disables the DynDNS service. When enabled 
				 the host is registered at the DynDNS server.
				 "
			 DEFVAL  { disable }                
			 ::= { hmSec2NetDynDNSGroup 2 }

	hmSec2DynDNSServer	 	OBJECT-TYPE
			 SYNTAX 		 DisplayString (SIZE (0..128))
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "The DynDNS server which provides the service to register
				  the IP address of this host."
			 ::= { hmSec2NetDynDNSGroup 3 }

	hmSec2DynDNSLogin 		OBJECT-TYPE
			 SYNTAX 		 DisplayString (SIZE (0..128))
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "The DynDNS server login name for the registration to
				  the DynDNS service."
			 ::= { hmSec2NetDynDNSGroup 4 }

	hmSec2DynDNSPassword 	OBJECT-TYPE
			 SYNTAX 		 DisplayString (SIZE (0..128))
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "The DynDNS server password for the registration to
				  the DynDNS service."
			 ::= { hmSec2NetDynDNSGroup 5 }

	hmSec2DynDNSHostname 	OBJECT-TYPE
			 SYNTAX 		 DisplayString (SIZE (0..128))
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "The DynDNS host name to be registered with the IP address
				  to the DynDNS service."
			 ::= { hmSec2NetDynDNSGroup 6 }

	hmSec2DynDNSRefresh 	OBJECT-TYPE
			 SYNTAX			 Integer32 (1..6000)
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
                 "Refresh interval for checking the IP address.
				 The refresh interval is counted in minutes."
             DEFVAL  		 { 10 }
			 ::= { hmSec2NetDynDNSGroup 7 }

	hmSec2DynDNSStatus	 	OBJECT-TYPE
			 SYNTAX 		 DisplayString (SIZE (0..128))
			 MAX-ACCESS 	 read-only
			 STATUS 		 current
			 DESCRIPTION
				 "The DynDNS registration status."
			 ::= { hmSec2NetDynDNSGroup 8 }

	hmSec2DynDNSCheckIPServer OBJECT-TYPE
			 SYNTAX 		 DisplayString (SIZE (0..128))
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "The CheckIP server which provides the service to detect
				  the IP address of this host seen from the outside."
			 ::= { hmSec2NetDynDNSGroup 9 }

--
-- ping functionality 
--
	hmSec2NetPingSourceAddr 	OBJECT-TYPE
			SYNTAX 		 	IpAddress
			MAX-ACCESS 	 	read-write
			STATUS 		 	current
			DESCRIPTION
				"Source IP address for ping command.
				 0.0.0.0 means no source address given."
			DEFVAL  { '00000000'H } -- 0.0.0.0
			::= { hmSec2NetPingGroup 1 }

	hmSec2NetPingDestAddr 	OBJECT-TYPE
			SYNTAX 		 	IpAddress
			MAX-ACCESS 	 	read-write
			STATUS 		 	current
			DESCRIPTION
				"Destination IP address for ping command."
			DEFVAL  { '00000000'H } -- 0.0.0.0
			::= { hmSec2NetPingGroup 2 }

	hmSec2NetPingAction 	OBJECT-TYPE
			SYNTAX 		INTEGER {
							other (1),
			 				activate (2)
							}
			MAX-ACCESS 	read-write
			STATUS 		current
			DESCRIPTION
				 "If set to activate(2), the ping will be started.
				 When read, this variable returns always other(1)."
			DEFVAL  { other }				 
			::= { hmSec2NetPingGroup 3 }

	hmSec2NetPingActionStatus 	OBJECT-TYPE
			SYNTAX 		INTEGER {
							idle (1),
			 				pinging (2)
							}
			MAX-ACCESS 	read-only
			STATUS 		current
			DESCRIPTION
				 "Returns, if a ping command is running at the monent 
				  (pinging) or if the ping functionality is not running (idle)."
			::= { hmSec2NetPingGroup 4 }

	hmSec2NetPingResult 	OBJECT-TYPE
			SYNTAX 		INTEGER {
							init (1),
							reachable (2),
							unreachable (3),
							pinging (4)
							}
			MAX-ACCESS 	read-only
			STATUS 		current
			DESCRIPTION
				 "Returns the result of the last ping operation.
				  If the ping has been successful
				  (host is reachable through ping) or ping has failed
				  (host is not reachable through ping)."
			::= { hmSec2NetPingGroup 5 }

	hmSec2NetPingResultText 	OBJECT-TYPE
			SYNTAX 		 DisplayString (SIZE (0..128))
			MAX-ACCESS 	read-only
			STATUS 		current
			DESCRIPTION
				 "Returns the result of the last ping operation as text."
			::= { hmSec2NetPingGroup 6 }

--
-- VPN Definitions --
--
	hmSec2VpnGroup OBJECT IDENTIFIER ::= { hmSec2Vpn 1 }
	hmSec2VpnGeneralGroup OBJECT IDENTIFIER ::= { hmSec2VpnGroup 1 }
	hmSec2VpnConnGroup OBJECT IDENTIFIER ::= { hmSec2VpnGroup 2 }
	hmSec2VpnTrafficSelGroup OBJECT IDENTIFIER ::= { hmSec2VpnGroup 3 }
	hmSec2VpnCertificateGroup OBJECT IDENTIFIER ::= { hmSec2VpnGroup 4 }
--
-- VPN general group
--

	hmSec2VpnRemoteCtlPwd  	 OBJECT-TYPE
			 SYNTAX 		 DisplayString (SIZE(0..32))
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
					"VPN Remote Control Password.  
                     This object will always return '********' even if a password is set.
                     Setting this object to a 'zero' string deactivates the remote control
                     function."
			 ::= { hmSec2VpnGeneralGroup 1 }

	hmSec2VpnLEDIndication 	 OBJECT-TYPE
		   	 SYNTAX			 INTEGER {
							 enable(1),
							 disable(2)
					  }
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
					"LED indication for VPN connection active.  
                     If at least one VPN connection is active und up,
                     the EAGLE will signalize this with its STATUS LED
                     blinking yellow and green when the feature is enabled."
			 ::= { hmSec2VpnGeneralGroup 2 }

	hmSec2VpnModeConfigPool  	 OBJECT-TYPE
			 SYNTAX 		 DisplayString (SIZE(0..20))
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
					""
			 ::= { hmSec2VpnGeneralGroup 3 }

	hmSec2VpnInputServiceMode  	 OBJECT-TYPE
		   	 SYNTAX			 INTEGER {
							 powersupply(1),
                             digitalinput-low(2),
                             digitalinput-high(3)
					  }
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
					"Select the source which shall be used to activate VPN 
					 service mode connections.
					 Redundant power supply (power off -> service mode active),
					 low level on digital input (set to 0 -> service mode active)
					 or high level on digital input (set to 1 -> service mode active)."
			DEFVAL  { powersupply }				 
			 ::= { hmSec2VpnGeneralGroup 4 }

			 
--
-- VPN traffic selector group
--

hmSec2VpnTrafficSelTable        OBJECT-TYPE
                         SYNTAX SEQUENCE OF HmSec2VpnTrafficSelEntry
                         MAX-ACCESS not-accessible
                         STATUS current
                         DESCRIPTION
                             "A list of traffic selectors. For details on the
                              role of traffic selectors in IPsec protocol see
                              RFC 2409, section 5.5 and RFC 4306, section 2.9."
                         ::= { hmSec2VpnTrafficSelGroup 1 }

hmSec2VpnTrafficSelEntry   OBJECT-TYPE
                         SYNTAX HmSec2VpnTrafficSelEntry
                         MAX-ACCESS not-accessible
                         STATUS current
                         DESCRIPTION
                             "A traffic selector entry. A traffic selector
                              defines the subnet/host addresses for which
                              this IPSec connection (SA) is responsible."
                         INDEX { hmSec2VpnConnIndex, hmSec2VpnTrafficSelIndex }
                         ::= { hmSec2VpnTrafficSelTable 1 }
 
HmSec2VpnTrafficSelEntry ::= SEQUENCE {
                         hmSec2VpnTrafficSelIndex       INTEGER,
                         hmSec2VpnTrafficSelSrcAddr     DisplayString,
                         hmSec2VpnTrafficSelDstAddr     DisplayString,
                         hmSec2VpnTrafficSelSrcPort     DisplayString,
                         hmSec2VpnTrafficSelDstPort     DisplayString,
                         hmSec2VpnTrafficSelProto       DisplayString,
                         hmSec2VpnTrafficSelPolicy		DisplayString,
                         hmSec2VpnTrafficSelDesc        DisplayString,
                         hmSec2VpnTrafficSelRowStatus   RowStatus,
                         hmSec2VpnTrafficSelSrcMapping  DisplayString,
                         hmSec2VpnTrafficSelDstMapping  DisplayString
                         }

hmSec2VpnTrafficSelIndex   OBJECT-TYPE
                         SYNTAX                  INTEGER
                         MAX-ACCESS              read-only
                         STATUS                  current
                         DESCRIPTION
                                 "An index that (together with the connection
                                  index hmSec2VpnConnIndex) identifies the entry
                                  in the traffic selector table. This index can
                                  be choosen freely, but must be greater than 0."
                         ::= { hmSec2VpnTrafficSelEntry 1 }


hmSec2VpnTrafficSelSrcAddr   OBJECT-TYPE
                         SYNTAX                  DisplayString (SIZE (0..20))
                         MAX-ACCESS              read-write
                         STATUS                  current
                         DESCRIPTION
                             "Host or subnet address in CIDR notation (a.b.c.d/n)
                              for which this traffic descriptor (and the
                              associated VPN connection) is responsible. This
                              address is compared to the source address of
                              IP packets sent, when determining the associated
                              IPsec and IKE-SA. The special keyword 'any' means
                              that the address comparision always matches."
                         DEFVAL  { "any" }
                         ::= { hmSec2VpnTrafficSelEntry 3 }


hmSec2VpnTrafficSelDstAddr   OBJECT-TYPE
                         SYNTAX                  DisplayString (SIZE (0..20))
                         MAX-ACCESS              read-write
                         STATUS                  current
                         DESCRIPTION
                             "Host or subnet address in CIDR notation (a.b.c.d/n)
                              for which this traffic descriptor (and the
                              associated VPN connection) is responsible. This
                              address is compared to the destination address of
                              IP packets sent, when determining the associated
                              IPsec and IKE-SA. The special keyword 'any' means
                              that the address comparision always matches."
                         DEFVAL  { "any" }
                         ::= { hmSec2VpnTrafficSelEntry 4 }


hmSec2VpnTrafficSelSrcPort   OBJECT-TYPE
			 SYNTAX 		 DisplayString (SIZE (0..20))
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
                 "The source port as a decimal number in range 1 - 65535, the
                  keyword 'any' for a port-independent policy (equivalent to
                  port number 0), or one of the following aliases:
                  o  tcp/udp: echo (7)
                  o  tcp/udp: discard, sink, null (9)
                  o  tcp: ftp-data (20)
                  o  tcp: ftp (21)
                  o  tcp/udp: ssh (22)
                  o  tcp: telnet (23)
                  o  tcp/udp: domain, nameserver (53)
                  o  tcp/udp: bootps (67)
                  o  tcp/udp: bootpc (68)
                  o  udp: tftp (69)
                  o  tcp/udp: www, http (80)
                  o  tcp/udp: kerberos, krb5 (88)
                  o  tcp: sftp (115)
                  o  tcp/udp: ntp (123)
                  o  udp: snmp (161)
                  o  udp: snmp-trap, snmptrap (162)
                  o  tcp/udp: bgp (179)
                  o  tcp/udp: ldap (389)
                  o  tcp/udp: https (443)"
			 DEFVAL  { "any" }                
			 ::= { hmSec2VpnTrafficSelEntry 5 }


hmSec2VpnTrafficSelDstPort   OBJECT-TYPE
			 SYNTAX 		 DisplayString (SIZE (0..20))
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
                 "The destination port as a decimal number in range 0 - 65535,
                  the keyword 'any' for a port-independent policy (equivalent to
                  port number 0), or one of the following aliases:
                  o  tcp/udp: echo (7)
                  o  tcp/udp: discard, sink, null (9)
                  o  tcp: ftp-data (20)
                  o  tcp: ftp (21)
                  o  tcp/udp: ssh (22)
                  o  tcp: telnet (23)
                  o  tcp/udp: domain, nameserver (53)
                  o  tcp/udp: bootps (67)
                  o  tcp/udp: bootpc (68)
                  o  udp: tftp (69)
                  o  tcp/udp: www, http (80)
                  o  tcp/udp: kerberos, krb5 (88)
                  o  tcp: sftp (115)
                  o  tcp/udp: ntp (123)
                  o  udp: snmp (161)
                  o  udp: snmp-trap, snmptrap (162)
                  o  tcp/udp: bgp (179)
                  o  tcp/udp: ldap (389)
                  o  tcp/udp: https (443)"
			 DEFVAL  { "any" }                
			 ::= { hmSec2VpnTrafficSelEntry 6 }


hmSec2VpnTrafficSelProto   OBJECT-TYPE
		   	 SYNTAX			 DisplayString (SIZE (0..10))
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "The IP protocol (RFC 791) as a decimal number in range 0 - 255
                  or a hexadecimal number in range 0x00 - 0xff, a protocol name
                  or the keyword 'any' for a protocol-independent policy. The
                  following protocol names are currently supported:
                  o  'icmp': internet control message protocol (RFC 792)
                  o  'tcp': transmission control protocol (RFC 793)
                  o  'udp': user datagram protocol (RFC 768)
                  o  'icmpv6': internet control message protocol for IPv6"
			 DEFVAL  { "any" }
			 ::= { hmSec2VpnTrafficSelEntry 7 }


hmSec2VpnTrafficSelPolicy   OBJECT-TYPE
		   	 SYNTAX			 DisplayString (SIZE (0..10))
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "Policy to apply to the matching traffic.
				  The following policies are currently supported:
                  o  'require': require encryption of the traffic. If the tunnel or
                                traffic selector is down the traffic will discarded.
                  o  'use': use encryption if possible else route the traffic unencrypted."
			 DEFVAL  { "require" }
			 ::= { hmSec2VpnTrafficSelEntry 8 }


hmSec2VpnTrafficSelDesc   OBJECT-TYPE
                         SYNTAX                  DisplayString (SIZE (0..128))
                         MAX-ACCESS              read-write
                         STATUS                  current
                         DESCRIPTION
                                 "User defined text."
                         DEFVAL  { "" }                
                         ::= { hmSec2VpnTrafficSelEntry 9 }


hmSec2VpnTrafficSelRowStatus   OBJECT-TYPE
                         SYNTAX                  RowStatus
                         MAX-ACCESS              read-write
                         STATUS                  current
                         DESCRIPTION
                             "The row status of this table entry. Only traffic
                              selector entries with an 'active' row status will
                              be considered if the connections row status is set
                              'active'. Independent of that dependency any value
                              in this entry can be changed only if the row
                              status is not 'active'."
                         ::= { hmSec2VpnTrafficSelEntry 10 }


hmSec2VpnTrafficSelSrcMapping   OBJECT-TYPE
                         SYNTAX                  DisplayString (SIZE (0..20))
                         MAX-ACCESS              read-write
                         STATUS                  current
                         DESCRIPTION
                             "Optional mapping for the source address in CIDR
                              notation (a.b.c.d/n) for a given traffic descriptor.
                              If set, the IP source address of outgoing packets
                              will be replaced according to this MIB object.
                              For incoming packets the mapping will be reversed.
                              Default is a string of size 0, i.e. mapping disabled."
                         DEFVAL  { "" }
                         ::= { hmSec2VpnTrafficSelEntry 11 }


hmSec2VpnTrafficSelDstMapping   OBJECT-TYPE
                         SYNTAX                  DisplayString (SIZE (0..20))
                         MAX-ACCESS              read-write
                         STATUS                  current
                         DESCRIPTION
                             "Optional mapping for the destination address in CIDR
                              notation (a.b.c.d/n) for a given traffic descriptor.
                              If set, the IP destination address of outgoing packets
                              will be replaced according to this MIB object.
                              For incoming packets the mapping will be reversed.
                              Default is a string of size 0, i.e. mapping disabled."
                         DEFVAL  { "" }
                         ::= { hmSec2VpnTrafficSelEntry 12 }


--
-- VPN connection group
--
hmSec2VpnConnMax OBJECT-TYPE
                         SYNTAX                  INTEGER
                         MAX-ACCESS              read-only
                         STATUS                  current
                         DESCRIPTION
                             "Maximum number of VPN connections
                              supported. Notice that the maximum number of
                              active and up VPN connections is limited
                              to 64."
                         DEFVAL  { 256 }
                         ::= { hmSec2VpnConnGroup 1 }


hmSec2VpnConnNext OBJECT-TYPE
                         SYNTAX                  INTEGER (0..256)
                         MAX-ACCESS              read-only
                         STATUS                  current
                         DESCRIPTION
                             "This object always holds an appropriate value to be
                              used for hmSec2VpnConnIndex when creating entries
                              in the hmSec2VpnConnTable. The value 0 indicates
                              that no unassigned entries are available. To
                              obtain the hmSec2VpnConnIndex value for a new
                              entry, the management station issues a SNMP
                              retrieval operation to obtain the current value of
                              this object. After each row creation or deletion
                              the agent modifies the value to the next
                              unassigned index."
                          ::= { hmSec2VpnConnGroup 2 }


hmSec2VpnConnTable      OBJECT-TYPE
                         SYNTAX SEQUENCE OF HmSec2VpnConnEntry
                         MAX-ACCESS not-accessible
                         STATUS current
                         DESCRIPTION
                             "A list of VPN connections."
                         ::= { hmSec2VpnConnGroup 3 }

hmSec2VpnConnEntry   OBJECT-TYPE
                         SYNTAX HmSec2VpnConnEntry
                         MAX-ACCESS not-accessible
                         STATUS current
                         DESCRIPTION
                             "A VPN connection entry."
                         INDEX { hmSec2VpnConnIndex }
                         ::= { hmSec2VpnConnTable 1 }
 
HmSec2VpnConnEntry ::= SEQUENCE {
                         hmSec2VpnConnIndex     INTEGER,
                         hmSec2VpnConnIkeVersion INTEGER,
                         hmSec2VpnConnIkeStartup INTEGER,
                         hmSec2VpnConnIkeCompat INTEGER,
                         hmSec2VpnConnIkeLifetime INTEGER,
                         hmSec2VpnConnIkeDpdTimeout INTEGER,
                         hmSec2VpnConnIkeLocalAddr DisplayString,
                         hmSec2VpnConnIkeRemoteAddr DisplayString,
                         hmSec2VpnConnIkeAuthType INTEGER,
                         hmSec2VpnConnIkeAuthMode INTEGER,
                         hmSec2VpnConnIkeAuthCertCA OCTET STRING,
                         hmSec2VpnConnIkeAuthCertRemote OCTET STRING,
                         hmSec2VpnConnIkeAuthCertLocal OCTET STRING,
                         hmSec2VpnConnIkeAuthPrivKey OCTET STRING,
                         hmSec2VpnConnIkeAuthPasswd DisplayString, -- never saved
                         hmSec2VpnConnIkeAuthPsk DisplayString,
                         hmSec2VpnConnIkeAuthLocId DisplayString,
                         hmSec2VpnConnIkeAuthLocType INTEGER,
                         hmSec2VpnConnIkeAuthRemId DisplayString,
                         hmSec2VpnConnIkeAuthRemType INTEGER,
                         hmSec2VpnConnIkeAlgDh INTEGER,
                         hmSec2VpnConnIkeAlgHash INTEGER,
                         hmSec2VpnConnIkeAlgMac INTEGER,
                         hmSec2VpnConnIkeAlgEncr INTEGER,
                         hmSec2VpnConnIpsecMode INTEGER,
                         hmSec2VpnConnIpsecNatTraversal INTEGER,
                         hmSec2VpnConnIpsecLifetime INTEGER,
                         hmSec2VpnConnIpsecAlgDh INTEGER,
                         hmSec2VpnConnIpsecAlgMac INTEGER,
                         hmSec2VpnConnIpsecAlgEncr INTEGER,
                         hmSec2VpnConnOperStatus INTEGER,
                         hmSec2VpnConnDesc DisplayString,
                         hmSec2VpnConnRowStatus RowStatus,
                         hmSec2VpnConnServiceMode INTEGER
                         }

hmSec2VpnConnIndex   OBJECT-TYPE
                         SYNTAX                  INTEGER (1..256)
                         MAX-ACCESS              read-only
                         STATUS                  current
                         DESCRIPTION
                             "An index that uniquely identifies the entry in the
                              table."
                         ::= { hmSec2VpnConnEntry 1 }


hmSec2VpnConnIkeVersion   OBJECT-TYPE
                        SYNTAX           INTEGER {
                                                        auto(1),
                                                        v1(2),
                                                        v2(3)
                                                 }
                         MAX-ACCESS              read-write
                         STATUS                  current
                         DESCRIPTION
                             "Version of the IKE protocol:
                              o auto: accept IKEv1/v2 as responder, start with IKEv1 as initiator
                              o v1: used protocol is IKE version 1 (ISAKMP)
                              o v2: used protocol is IKE version 2"
                         DEFVAL  { auto }
                         ::= { hmSec2VpnConnEntry 2 }


hmSec2VpnConnIkeStartup   OBJECT-TYPE
                        SYNTAX           INTEGER {
                                                        initiator(1),
                                                        responder(2)
                                                 }
                         MAX-ACCESS              read-write
                         STATUS                  current
                         DESCRIPTION
                             "If this host acts as a responder it does not
                              initiate a key exchange (IKE) nor connection
                              parameters negotiation. Otherwise, this host acts
                              as an initiator - then it initiates an IKE
                              actively."
                         DEFVAL  { responder }
                         ::= { hmSec2VpnConnEntry 3 }


hmSec2VpnConnIkeCompat   OBJECT-TYPE
                        SYNTAX           INTEGER {
                                                        on(1),
                                                        off(2)
                                                 }
                         MAX-ACCESS              read-write
                         STATUS                  current
                         DESCRIPTION
                             "Compatibility mode for older IPsec clients."
                         DEFVAL  { off }
                         ::= { hmSec2VpnConnEntry 4 }


hmSec2VpnConnIkeLifetime   OBJECT-TYPE
                         SYNTAX                  INTEGER ( 1..86400)
                         MAX-ACCESS              read-write
                         STATUS                  current
                         DESCRIPTION
                             "Lifetime of IKE security association in seconds.
                              The maximum value is 24 hours (86400 seconds)."
                         DEFVAL  { 28800 } -- 8 hours
                         ::= { hmSec2VpnConnEntry 5 }


hmSec2VpnConnIkeDpdTimeout   OBJECT-TYPE
                         SYNTAX                  INTEGER ( 0..86400) -- max. 24 hours
                         MAX-ACCESS              read-write
                         STATUS                  current
                         DESCRIPTION
                             "If greater than zero, the local peer sends Dead
                              Peer Detection (DPD) messages (according to RFC
                              3706) to the remote peer. This value specifies
                              the timeout in seconds, the remote peer is
                              declared dead, if not responding. The value 0
                              disables this feature."
                         DEFVAL  { 120 }
                         ::= { hmSec2VpnConnEntry 6 }


hmSec2VpnConnIkeLocalAddr   OBJECT-TYPE
                         SYNTAX                  DisplayString (SIZE (0..255))
                         MAX-ACCESS              read-write
                         STATUS                  current
                         DESCRIPTION
                             "Hostname (FQDN) or IP address of local
                              security gateway. If the value is 'any', then the
                              primary IP address of external interface is
                              used. In the case that this address is assigned
                              dynamically by a DHCP server, the setup of the VPN
                              connection is delayed until a valid IP address is
                              assigned. Establishing the connection may also be
                              delayed until the hostname (if specified) can be
                              resolved."
                         DEFVAL  { "any" }
                         ::= { hmSec2VpnConnEntry 7 }


hmSec2VpnConnIkeRemoteAddr   OBJECT-TYPE
                         SYNTAX                  DisplayString (SIZE (0..255))
                         MAX-ACCESS              read-write
                         STATUS                  current
                         DESCRIPTION
                             "Typically the hostname (FQDN) or IP address of
                              remote security gateway. If this value is 'any',
                              then any IP address is accepted when establishing
                              an IKE-SA as responder. Also a network in CIDR
                              notation, to be accepted when establishing the
                              IKE-SA, is allowed as responder. As initiator
                              such values are not allowed. Establishing the VPN
                              connection may be delayed until the hostname (if
                              specified) can be resolved."
                         DEFVAL  { "any" }
                         ::= { hmSec2VpnConnEntry 8 }


hmSec2VpnConnIkeAuthType   OBJECT-TYPE
                        SYNTAX           INTEGER {
                                                        psk(1),
                                                        x509rsa(2)
                                                 }
                         MAX-ACCESS              read-write
                         STATUS                  current
                         DESCRIPTION
                             "Type of authentication to be used (X.509 RSA
                              certificates or pre-shared key)."
                         DEFVAL  { psk }
                         ::= { hmSec2VpnConnEntry 9 }
                         

hmSec2VpnConnIkeAuthMode   OBJECT-TYPE
                        SYNTAX           INTEGER {
                                                        mainaggressive(1),
                                                        main(2),
                                                        aggressive(3)
                                                 }
                         MAX-ACCESS              read-write
                         STATUS                  current
                         DESCRIPTION
                             "The phase 1 exchange mode to be used."
                         DEFVAL  { mainaggressive }
                         ::= { hmSec2VpnConnEntry 10 }


hmSec2VpnConnIkeAuthCertCA   OBJECT-TYPE
                         SYNTAX                  OCTET STRING (SIZE (0..6144))
                         MAX-ACCESS              read-write
                         STATUS                  current
                         DESCRIPTION
                             "PEM encoded X.509 certificate (RFC 1422),
                              if authentication type in 'hmSec2VpnConnIkeAuthType'
                              is 'x509rsa'. This certificate is used for RSA based
                              signature verification in local and remote
                              certificates."
                         DEFVAL  { "" }
                         ::= { hmSec2VpnConnEntry 11 }


hmSec2VpnConnIkeAuthCertRemote   OBJECT-TYPE
                         SYNTAX                  OCTET STRING (SIZE (0..6144))
                         MAX-ACCESS              read-write
                         STATUS                  current
                         DESCRIPTION
                             "PEM encoded X.509 certificate (RFC 1422),
                              if authentication type in 'hmSec2VpnConnIkeAuthType'
                              is 'x509rsa'. This certificate is used for RSA based
                              authentication of remote peer at the local side.
                              This certificate binds the identity of remote peer
                              to it's public key. It is optional because typically
                              send by the remote peer while negotiating an
                              ISAKMP/IKE security association."
                         DEFVAL  { "" }
                         ::= { hmSec2VpnConnEntry 12 }


hmSec2VpnConnIkeAuthCertLocal   OBJECT-TYPE
                         SYNTAX                  OCTET STRING (SIZE (0..6144))
                         MAX-ACCESS              read-write
                         STATUS                  current
                         DESCRIPTION
                             "PEM encoded X.509 certificate (RFC 1422)
                              to be used, if authentication type in
                              'hmSec2VpnConnIkeAuthType' is 'x509rsa'. This
                              certificate is used for RSA based authentication
                              of local peer at the remote side.  The
                              certificate binds the identity of local peer to
                              it's public key, signed by the certification
                              authority (CA) from 'hmSec2VpnConnIkeAuthCertCA'."
                         DEFVAL  { "" }
                         ::= { hmSec2VpnConnEntry 13 }


hmSec2VpnConnIkeAuthPrivKey   OBJECT-TYPE
                         SYNTAX                  OCTET STRING (SIZE (0..6144))
                         MAX-ACCESS              read-write
                         STATUS                  current
                         DESCRIPTION
                             "PEM encoded RSA private key (PKCS 1) to be used, if
                              authentication type in 'hmSec2VpnConnIkeAuthType' is
                              'x509rsa'. Notice that this object is write-only
                              and encrypted with 'hmSec2VpnConnIkeAuthPasswd'."
                         DEFVAL  { "" }
                         ::= { hmSec2VpnConnEntry 14 }

hmSec2VpnConnIkeAuthPasswd   OBJECT-TYPE
                         SYNTAX                  DisplayString (SIZE (0..128))
                         MAX-ACCESS              read-write
                         STATUS                  current
                         DESCRIPTION
                             "Passphrase to be used for decryption of private key
                              from 'hmSec2VpnConnIkeAuthPrivKey'. The passphrase must
                              be set before the private key is set, else the SNMP
                              operation fails."
                         DEFVAL  { "" }
                         ::= { hmSec2VpnConnEntry 15 }


hmSec2VpnConnIkeAuthPsk   OBJECT-TYPE
                         SYNTAX                  DisplayString (SIZE (0..128))
                         MAX-ACCESS              read-write
                         STATUS                  current
                         DESCRIPTION
                             "Preshared key (passphrase) to be used if
                              authentication type in 'hmSec2VpnConnIkeAuthType'
                              is 'psk'."
                         DEFVAL  { "" }
                         ::= { hmSec2VpnConnEntry 16 }


hmSec2VpnConnIkeAuthLocId   OBJECT-TYPE
                         SYNTAX                  DisplayString (SIZE (0..255))
                         MAX-ACCESS              read-write
                         STATUS                  current
                         DESCRIPTION
                             "Local peer identifier to be sent within ID
                              payload during negotiation. The ID payload is
                              used to identify the initiator of the security
                              association. The identity is used by the
                              responder to determine the correct host system
                              security policy requirement for the association
                              (see RFC 2407, section 4.6.2 for details when
                              using IKEv1 and RFC 4306, section 3.5 for IKEv2).
                              Allowed formats for this object depend on
                              'hmSec2VpnConnIkeAuthLocType':
                              o  default: don't care
                              o  ipaddr: IPv4 address
                              o  keyid: key identifier
                              o  fqdn: fully qualified domain name
                              o  email: fully qualified RFC 822 email address
                              o  asn1dn: X.500 distinguished name (DN)

                              If 'hmSec2VpnConnIkeAuthLocType' is 'asn1dn':
                              o and 'hmSec2VpnConnIkeAuthLocId' a character
                                string, then a typical X.500 distinguished name
                                syntax has to be used, e.g. CN=XY-D,C=DE,L=NT,
                                ST=BW,O=COMPANY,OU=DEV,E=testuser@company.com);
                              o and 'hmSec2VpnConnIkeAuthLocId' is a hex string with prefix,
                                then the associated distinguished name must be
                                DER encoded (see RFC 2459);
                              o and 'hmSec2VpnConnIkeAuthLocId' is empty, then
                                the distinguished name from the certificate in
                                'hmSec2VpnConnIkeAuthCertLocal' is used here."
                         DEFVAL  { "" }
                         ::= { hmSec2VpnConnEntry 17 }


hmSec2VpnConnIkeAuthLocType   OBJECT-TYPE
                        SYNTAX           INTEGER {
                                                        default(1),
                                                        ipaddr(2),
                                                        keyid(3),
                                                        fqdn(4),
                                                        email(5),
                                                        asn1dn(6)
                                                 }
                         MAX-ACCESS              read-write
                         STATUS                  current
                         DESCRIPTION
                             "Type of local peer identifier in 'hmSec2VpnConnIkeAuthLocId':
                                 o  default: If 'hmSec2VpnConnIkeAuthType' is 'psk' then
                                             use the IP address from 'hmSec2VpnConnIkeLocalAddr'
                                             as local identifier. In case of 'x509rsa' use the
                                             DN from local certificate in 'hmSec2VpnConnIkeAuthCertLocal'.
                                 o  ipaddr: IPv4 address
                                 o  keyid: key identifier
                                 o  fqdn: fully qualified domain name
                                 o  email: fully qualified RFC 822 email address
                                 o  asn1dn: X.500 distinguished name (DN).

                             For further information see RFC 2407, section 4.6.2"
                         DEFVAL  { default }
                         ::= { hmSec2VpnConnEntry 18 }


hmSec2VpnConnIkeAuthRemId   OBJECT-TYPE
                         SYNTAX                  DisplayString (SIZE (0..255))
                         MAX-ACCESS              read-write
                         STATUS                  current
                         DESCRIPTION
                             "Remote peer identifier to be compared with ID
                              payload during negotiation. The ID payload is
                              used to identify the initiator of the security
                              association. The identity is used by the
                              responder to determine the correct host system
                              security policy requirement for the association
                              (see RFC 2407, section 4.6.2 for details when
                              using IKEv1 and RFC 4306, section 3.5 for IKEv2).
                              Allowed formats for this entry depend on
                              'hmSec2VpnConnIkeAuthRemType':
                              o  any: don't care
                              o  ipaddr: IPv4 address
                              o  keyid: key identifier
                              o  fqdn: fully qualified domain name
                              o  email: fully qualified RFC 822 email address
                              o  asn1dn: X.500 distinguished name (DN)

                              If 'hmSec2VpnConnIkeAuthRemType' is 'asn1dn':
                              o and 'hmSec2VpnConnIkeAuthRemId' a character
                                string, then a typical X.500 distinguished name
                                syntax has to be used, e.g. CN=XY-D,C=DE,L=NT,
                                ST=BW,O=COMPANY,OU=DEV,E=testuser@company.com);
                              o and 'hmSec2VpnConnIkeAuthRemId' is a hex string with prefix 0x,
                                then the associated distinguished name must be
                                DER encoded (see RFC 2459);
                              o and 'hmSec2VpnConnIkeAuthRemId' is empty, then
                                the distinguished name from the certificate in
                                'hmSec2VpnConnIkeAuthCertRemote' is used here;
                              o then the subject from received certificate (remote
                                peer distinguished name) is compared against this
                                value."
                         DEFVAL  { "" }
                         ::= { hmSec2VpnConnEntry 19 }


hmSec2VpnConnIkeAuthRemType   OBJECT-TYPE
                        SYNTAX           INTEGER {
                                                        any(1),
                                                        ipaddr(2),
                                                        keyid(3),
                                                        fqdn(4),
                                                        email(5),
                                                        asn1dn(6)
                                                 }
                         MAX-ACCESS              read-write
                         STATUS                  current
                         DESCRIPTION
                             "Type of remote peer identifier in hmSec2VpnConnIkeAuthRemId:
                              o  any: received remote identifier is not checked
                              o  ipaddr: IPv4 address
                              o  keyid: key identifier
                              o  fqdn: fully qualified domain name
                              o  email: fully qualified RFC 822 email address
                              o  asn1dn: X.500 distinguished name (DN).

                             For further information see RFC 2407, section 4.6.2"
                         DEFVAL  { any }
                         ::= { hmSec2VpnConnEntry 20 }


hmSec2VpnConnIkeAlgDh   OBJECT-TYPE
                        SYNTAX           INTEGER {
                                                        any(1),
                                                        modp768(2),
                                                        modp1024(3),
                                                        modp1536(4),
                                                        modp2048(5),
                                                        modp3072(6),
                                                        modp4096(7)
                                                 }
                         MAX-ACCESS              read-write
                         STATUS                  current
                         DESCRIPTION
                             "Diffie-Hellman key agreement algorithm to be used
                              for establishment of IKE-SA:
                              o  any: accept all algorithms as responder, use default as initiator
                              o  modp768: RSA with 768 bits modulus
                              o  modp1024: RSA with 1024 bits modulus
                              o  modp1536: RSA with 1536 bits modulus
                              o  modp2048: RSA with 2048 bits modulus
                              o  modp3072: RSA with 3072 bits modulus
                              o  modp4096: RSA with 4096 bits modulus"
                         DEFVAL  { modp1024 }
                         ::= { hmSec2VpnConnEntry 21 }


hmSec2VpnConnIkeAlgHash   OBJECT-TYPE
                        SYNTAX           INTEGER {
                                                        any(1),
                                                        md5(2),
                                                        sha1(3)
                                                 }
                         MAX-ACCESS              read-write
                         STATUS                  current
                         DESCRIPTION
                             "Hash algorithm to be used in IKE:
                              o  any: accept all algorithms as responder, use all
                                      as IKEv2 initiator (not allowed as IKEv1 initiator)
                              o  md5: MD5
                              o  sha1: SHA-1"
                         DEFVAL  { sha1 }
                         ::= { hmSec2VpnConnEntry 22 }


hmSec2VpnConnIkeAlgMac   OBJECT-TYPE
                        SYNTAX           INTEGER {
                                                        any(1),
                                                        hmacmd5(2),
                                                        hmacsha1(3)
                                                 }
                         MAX-ACCESS              read-write
                         STATUS                  current
                         DESCRIPTION
                             "Integrity (MAC) algorithm to be used in IKEv2:
                              o  any: accept all algorithms as responder, use all
                                      as IKEv2 initiator (not allowed as IKEv1 initiator)
                              o  hmacmd5: HMAC-MD5
                              o  hmacsha1: HMAC-SHA1"
                         DEFVAL  { hmacsha1 }

                         ::= { hmSec2VpnConnEntry 23 }


hmSec2VpnConnIkeAlgEncr   OBJECT-TYPE
                        SYNTAX           INTEGER {
                                                        any(1),
                                                        des(2),
                                                        des3(3),
                                                        aes128(4),
                                                        aes192(5),
                                                        aes256(6)
                                                 }
                         MAX-ACCESS              read-write
                         STATUS                  current
                         DESCRIPTION
                             "Encryption algorithm to be used in IKE:
                              o  any: accept all algorithms as responder, use all
                                      as IKEv2 initiator (not allowed as IKEv1 initiator)
                              o  des: DES
                              o  des3: Triple-DES
                              o  aes128: AES with 128 key bits
                              o  aes192: AES with 192 key bits
                              o  aes256: AES with 256 key bits"
                         DEFVAL  { aes128 }
                         ::= { hmSec2VpnConnEntry 24 }


hmSec2VpnConnIpsecMode   OBJECT-TYPE
                        SYNTAX           INTEGER {
                                                        transport(1),
                                                        tunnel(2)
                                                 }
                         MAX-ACCESS              read-write
                         STATUS                  current
                         DESCRIPTION
                             "IPsec encapsulation mode."
                         DEFVAL  { tunnel }
                         ::= { hmSec2VpnConnEntry 25 }


hmSec2VpnConnIpsecNatTraversal   OBJECT-TYPE
                        SYNTAX           INTEGER {
                                                        on(1),
                                                        off(2)
                                                 }
                         MAX-ACCESS              read-write
                         STATUS                  current
                         DESCRIPTION
                             "If 'on', then it forces UDP encapsulation of ESP
                              payloads (NAT traversal). When 'off', then the
                              remote peer is allowed to negotiate normal ESP
                              encapsulation or UDP encapsulation via port
                              4500. A typical scenario is to turn this switch
                              'on' if it is a priori known, that the local peer
                              resides behind a NAT gateway (else turn it 'off')."
                         DEFVAL  { off }
                         ::= { hmSec2VpnConnEntry 26 }


hmSec2VpnConnIpsecLifetime   OBJECT-TYPE
                         SYNTAX                  INTEGER ( 1..28800)
                         MAX-ACCESS              read-write
                         STATUS                  current
                         DESCRIPTION
                             "Lifetime of IPsec security association in seconds.
                              The maximum value is 8 hours (28800 seconds)."
                         DEFVAL  { 3600 } -- 1 hour
                         ::= { hmSec2VpnConnEntry 27 }


hmSec2VpnConnIpsecAlgDh   OBJECT-TYPE
                        SYNTAX           INTEGER {
                                                        any(1),
                                                        modp768(2),
                                                        modp1024(3),
                                                        modp1536(4),
                                                        modp2048(5),
                                                        modp3072(6),
                                                        modp4096(7),
                                                        none(8)
                                                 }
                         MAX-ACCESS              read-write
                         STATUS                  current
                         DESCRIPTION
                             "Diffie-Hellman key agreement algorithm to be used
                              for IPsec-SA session key establishment:
                              o  any: accept all algorithms as responder, use all
                                      as IKEv2 initiator (not allowed as IKEv1 initiator)
                              o  modp768: RSA with 768 bits modulus
                              o  modp1024: RSA with 1024 bits modulus
                              o  modp1536: RSA with 1536 bits modulus
                              o  modp2048: RSA with 2048 bits modulus
                              o  modp3072: RSA with 3072 bits modulus
                              o  modp4096: RSA with 4096 bits modulus
                              o  none: no Perfect Forward Secrecy (PFS)"
                          DEFVAL { modp1024 }
                          ::= { hmSec2VpnConnEntry 28 }


hmSec2VpnConnIpsecAlgMac   OBJECT-TYPE
                        SYNTAX           INTEGER {
                                                        any(1),
                                                        hmacmd5(2),
                                                        hmacsha1(3)
                                                 }
                         MAX-ACCESS              read-write
                         STATUS                  current
                         DESCRIPTION
                             "Integrity (MAC) algorithm to be used in IPsec:
                              o  any: accept all algorithms as responder, use all
                                      as IKEv2 initiator (not allowed as IKEv1 initiator)
                              o  hmacmd5: HMAC-MD5
                              o  hmacsha1: HMAC-SHA1"
                         DEFVAL  { hmacsha1 }
                         ::= { hmSec2VpnConnEntry 29 }


hmSec2VpnConnIpsecAlgEncr   OBJECT-TYPE
                        SYNTAX          INTEGER {
                                        	any(1),
                                        	des(2),
                                        	des3(3),
                                        	aes128(4),
                                         	aes192(5),
                                        	aes256(6)
                                        	}
                         MAX-ACCESS     read-write
                         STATUS       	current
                         DESCRIPTION
                             "Encryption algorithm to be used for payload
                              encryption in IPsec:
                              o  any: accept all algorithms as responder, use all
                                      as IKEv2 initiator (not allowed as IKEv1 initiator)
                              o  des: DES
                              o  des3: Triple-DES
                              o  aes128: AES with 128 key bits
                              o  aes192: AES with 192 key bits
                              o  aes256: AES with 256 key bits"
                         DEFVAL  { aes128 }
                         ::= { hmSec2VpnConnEntry 30 }


hmSec2VpnConnOperStatus   OBJECT-TYPE
                        SYNTAX           INTEGER {
                                                 up (1),
                                                 down (2),
                                                 negotiation (3),
                                                 constructing (4),
                                                 dormant (5),
                                                 servicemode-up (6)
                                                 }
                         MAX-ACCESS     read-only
                         STATUS         current
                         DESCRIPTION
                             "The current operational status of the VPN
                              connection:
                              o 'up': the IKE-SA and all IPsec SAs are up;
                              o 'down': the IKE-SA and all IPsec SAs are down;
                              o 'negotiation': key exchange and algorithm
                                negotiation is in progress (or, as responder,
                                waiting to be contacted for that purpose);
                              o 'constructing': the IKE-SA is up, but at least one
                                IPsec-SA is not established so far;
                              o 'dormant': waiting for a precondition
                                to be fulfilled before connection setup, e.g.:
                                - a dynamically assigned IP address;
                                - successful hostname resolution;
                                - assignment of a valid system time.
                              o 'servicemode-up': the IKE-SA and all IPsec SAs are up in service mode;"
                         ::= { hmSec2VpnConnEntry 31 }


hmSec2VpnConnDesc   OBJECT-TYPE
                         SYNTAX                  DisplayString (SIZE (0..128))
                         MAX-ACCESS              read-write
                         STATUS                  current
                         DESCRIPTION
                                 "User defined text."
                         DEFVAL  { "" }                
                         ::= { hmSec2VpnConnEntry 32 }


hmSec2VpnConnRowStatus   OBJECT-TYPE
                         SYNTAX                  RowStatus
                         MAX-ACCESS              read-write
                         STATUS                  current
                         DESCRIPTION
                             "The row status of this table entry. If the row
                              status is 'active' then it is not allowed to
                              change any value (this applies also to active
                              traffic selectors). The maximum number of active
                              VPN connections is limited to 256. The maximum 
                              number of up VPN connections is limited to 64."
                         ::= { hmSec2VpnConnEntry 33 }

hmSec2VpnConnServiceMode 	OBJECT-TYPE
						 SYNTAX			INTEGER {
											enable(1),
											disable(2)
										}
						 MAX-ACCESS				read-write
						 STATUS					current
                         DESCRIPTION
                             "The service mode can be enabled for connections 
                              which shall be established only, when the device
                              enters service mode 
                              (redundant power supply not connected). 
                              The connection is down, when the device is not 
                              in service mode (redundant power suply connected).
                              When the value is set to disable, 
                              the functionality is independant of the service mode."
                         DEFVAL  { disable }
                         ::= { hmSec2VpnConnEntry 34 }

--
-- VPN certificate group
--

hmSec2VpnCertificateValidation	OBJECT-TYPE
				SYNTAX		INTEGER {
							enable(1),
							disable(2)
						}
				MAX-ACCESS	read-write
				STATUS		current
				DESCRIPTION
				"Validation of certificates globally enabled or disabled.
				This allows to use certificates even the system time is not set.
				"
		 ::= { hmSec2VpnCertificateGroup 4 }


--
-- Redundancy group
--
    hmSec2RedRouterGroup OBJECT IDENTIFIER ::= { hmSec2Redundancy 1 }
    hmSec2HostCheckGroup OBJECT IDENTIFIER ::= { hmSec2Redundancy 2 }
    hmSec2RedLayer2Group OBJECT IDENTIFIER ::= { hmSec2Redundancy 3 }
    hmSec2RedTransparentGroup OBJECT IDENTIFIER ::= { hmSec2Redundancy 4 }

	hmSec2RedAdminState	OBJECT-TYPE
		   	 SYNTAX			 INTEGER {
							 enable(1),
							 disable(2)
					  }
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "Redundancy admin state (switch redundancy globally off or on).
				  The redundancy is a router redundancy using VRRP for 
				  synchronising both devices (master and backup) and on all
				  interfaces. Thus the virtual router redundancy can be 
				  used in router mode only. It defines a virtual IP address
				  for each interface."
			 DEFVAL  { disable }                
			 ::= { hmSec2RedRouterGroup 1 }

	hmSec2RedStartupState	OBJECT-TYPE
		   	 SYNTAX			 INTEGER {
							 master(1),
							 backup(2)
					  }
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "Redundancy function of the device used at startup.
				  The device can be master or backup system."
			 DEFVAL  { master }                
			 ::= { hmSec2RedRouterGroup 2 }

	hmSec2RedPriority	OBJECT-TYPE
		   	 SYNTAX			 INTEGER ( 1..254 )
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "Redundancy device priority as defined by VRRP."
			 DEFVAL  { 100 }                
			 ::= { hmSec2RedRouterGroup 3 }

	hmSec2RedOperState	OBJECT-TYPE
		   	 SYNTAX			 INTEGER {
							 master(1),
							 backup(2),
							 outofservice(3)
					  }
			 MAX-ACCESS 	 read-only
			 STATUS 		 current
			 DESCRIPTION
				 "Actual redundancy function of the device.
				  The device can be master or backup system, if it is in service."
			 DEFVAL  { outofservice }                
			 ::= { hmSec2RedRouterGroup 4 }

	hmSec2RedOperInfo	OBJECT-TYPE
             SYNTAX          DisplayString (SIZE (0..128))
			 MAX-ACCESS 	 read-only
			 STATUS 		 current
			 DESCRIPTION
				 "Additional redundancy function information."
			 ::= { hmSec2RedRouterGroup 5 }

	hmSec2RedIfaceTable OBJECT-TYPE
			SYNTAX			SEQUENCE OF HmSec2RedIfaceEntry
			MAX-ACCESS		not-accessible
			STATUS			current
			DESCRIPTION
				"This table contains additional Routing Configuration for
				the IP interfaces."
			::= { hmSec2RedRouterGroup 6 }

	hmSec2RedSwitchCounter	OBJECT-TYPE
		   	 SYNTAX			 Integer32
			 MAX-ACCESS 	 read-only
			 STATUS 		 current
			 DESCRIPTION
				 "Counter that counts the number of redundancy switches from
				  master to backup system and vice versa."
			 ::= { hmSec2RedRouterGroup 7 }

	hmSec2RedIfaceEntry OBJECT-TYPE
			SYNTAX			HmSec2RedIfaceEntry
			MAX-ACCESS		not-accessible
			STATUS			current         
			DESCRIPTION
				"This table contains the per interface redundancy configuration."
			INDEX		{ hmSec2RedIfIndex }
			::= { hmSec2RedIfaceTable 1 }

	HmSec2RedIfaceEntry ::= SEQUENCE {
			hmSec2RedIfIndex 			Integer32,
			hmSec2RedVirtualAddr 		IpAddress,
			hmSec2RedVRID 				INTEGER,
			hmSec2RedRemoteIPAddr 		IpAddress
			}

	hmSec2RedIfIndex	 	OBJECT-TYPE
			 SYNTAX 		Integer32
			 MAX-ACCESS 	read-only
			 STATUS 		current
			 DESCRIPTION
				 "Index of IP interface in the table."
			 ::= { hmSec2RedIfaceEntry 1 }

	hmSec2RedVirtualAddr	 	OBJECT-TYPE
			 SYNTAX 		IpAddress
			 MAX-ACCESS 	read-write
			 STATUS 		current
			 DESCRIPTION
				 "Virtual IP address to be used for this Router IP interface."
			 ::= { hmSec2RedIfaceEntry 2 }

	hmSec2RedVRID	 	OBJECT-TYPE
			 SYNTAX 		INTEGER ( 1..255 )
			 MAX-ACCESS 	read-write
			 STATUS 		current
			 DESCRIPTION
				 "Virtual Router ID used on this network interface.
				  The VRIDs have to be different on all network
				  interfaces. There is no default value."
			 ::= { hmSec2RedIfaceEntry 3 }

	hmSec2RedRemoteIPAddr	 	OBJECT-TYPE
			 SYNTAX 		IpAddress
			 MAX-ACCESS 	read-write
			 STATUS 		current
			 DESCRIPTION
				 "IP address of the remote system on this network
				  interface. On the master system the IP address of
				  the backup system and vice versa. The virtual IP
				  address must not be used here."
			 ::= { hmSec2RedIfaceEntry 4 }

	hmSec2HostCheckAdminState	OBJECT-TYPE
		   	 SYNTAX			 INTEGER {
							 enable(1),
							 disable(2)
					  }
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "Redundancy ICMP host check (ping of host) admin state.
				  The host check function tries to find the configured
				  hosts in case of a network error (communication loss)
				  of the both redundancy systems."
			 DEFVAL  { disable }                
			 ::= { hmSec2HostCheckGroup 1 }

	hmSec2HostCheckNumAddrs	OBJECT-TYPE
             SYNTAX          Integer32
			 MAX-ACCESS 	 read-only
			 STATUS 		 current
			 DESCRIPTION
				 "Additional host check function information.
				  Shows the number of configured addresses."
			 ::= { hmSec2HostCheckGroup 2 }

	hmSec2HostCheckOperState	OBJECT-TYPE
		   	 SYNTAX			 INTEGER {
							 running(1),
							 notchecking(2),
							 outofservice(3)
					  }
			 MAX-ACCESS 	 read-only
			 STATUS 		 current
			 DESCRIPTION
				 "Actual redundancy host check function of the device.
				  The host check function is only running when packets
				  of the redundancy application have been lost."
			 DEFVAL  { outofservice }                
			 ::= { hmSec2HostCheckGroup 3 }

	hmSec2HostCheckOperInfo	OBJECT-TYPE
             SYNTAX          DisplayString (SIZE (0..128))
			 MAX-ACCESS 	 read-only
			 STATUS 		 current
			 DESCRIPTION
				 "Additional host check function information."
			 ::= { hmSec2HostCheckGroup 4 }

	hmSec2HostCheckTable OBJECT-TYPE
			SYNTAX			SEQUENCE OF HmSec2HostCheckEntry
			MAX-ACCESS		not-accessible
			STATUS			current
			DESCRIPTION
				"This table contains the hosts to be checked on 
				network errors by the redundancy application.
				The order in the table is important for the host check algorithm."
			::= { hmSec2HostCheckGroup 5 }

	hmSec2HostCheckEntry OBJECT-TYPE
			SYNTAX			HmSec2HostCheckEntry
			MAX-ACCESS		not-accessible
			STATUS			current         
			DESCRIPTION
				"This table contains the per interface redundancy configuration.
				 The order in the table is important for the host check algorithm.
				 The table has a maximum of configurable hosts."
			INDEX		{ hmSec2HostCheckIfIndex, hmSec2HostCheckTableIndex }
			::= { hmSec2HostCheckTable 1 }
    
	HmSec2HostCheckEntry ::= SEQUENCE {
			hmSec2HostCheckIfIndex		Integer32,
			hmSec2HostCheckTableIndex	Integer32,
			hmSec2HostCheckAddr 		IpAddress,
			hmSec2HostCheckRowStatus	RowStatus
			}
    
	hmSec2HostCheckIfIndex	 	OBJECT-TYPE
			 SYNTAX 		Integer32
			 MAX-ACCESS 	read-only
			 STATUS 		current
			 DESCRIPTION
				 "Index of IP interface in the table."
			 ::= { hmSec2HostCheckEntry 1 }

	hmSec2HostCheckTableIndex	 	OBJECT-TYPE
			 SYNTAX 		Integer32
			 MAX-ACCESS 	read-only
			 STATUS 		current
			 DESCRIPTION
				 "Index of entry in the table."
			 ::= { hmSec2HostCheckEntry 2 }

	hmSec2HostCheckAddr	 	OBJECT-TYPE
			 SYNTAX 		IpAddress
			 MAX-ACCESS 	read-write
			 STATUS 		current
			 DESCRIPTION
				 "Host IP address to be used for ICMP checks (pings)
				  in case of network errors (communication losses)."
			 ::= { hmSec2HostCheckEntry 3 }

	hmSec2HostCheckRowStatus   OBJECT-TYPE
			 SYNTAX 		 RowStatus
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "the row status for the table entry"
			 ::= { hmSec2HostCheckEntry 4 }

	hmSec2RedLayer2AdminState	OBJECT-TYPE
		   	 SYNTAX			 INTEGER {
							 enable(1),
							 disable(2)
					  }
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "Redundancy Layer2 admin state (enable/disable Layer2 redundancy support).
				  The redundancy takes down the physical link automatically
				  when the Link on the non-redundancy port is lost."
			 DEFVAL  { disable }                
			 ::= { hmSec2RedLayer2Group 1 }

	hmSec2RedLayer2IfIndex	 	OBJECT-TYPE
			 SYNTAX 		Integer32
			 MAX-ACCESS 	read-write
			 STATUS 		current
			 DESCRIPTION
				 "Index of the physical interface where the Layer2 redundancy
				  is connected to."
			 ::= { hmSec2RedLayer2Group 2 }

	hmSec2RedLayer2Packetcounter	 	OBJECT-TYPE
			 SYNTAX 		Integer32
			 MAX-ACCESS 	read-only
			 STATUS 		current
			 DESCRIPTION
				 "Number of redundancy Layer 2 Ethernet packets sent 
				  through the system and have been passed to the other port."
			 ::= { hmSec2RedLayer2Group 3 }

	hmSec2RedTPRemoteIPAddr	 	OBJECT-TYPE
			 SYNTAX 		IpAddress
			 MAX-ACCESS 	read-write
			 STATUS 		current
			 DESCRIPTION
				 "IP address of the remote system in the transparent mode. 
				  On the master system the IP address of
				  the backup system and vice versa.
				  This IP address is used to synchronize the
				  Firewall/NAT state tables of the system.
				  If the address is not set (set to 0.0.0.0)
				  the system disables Firewall/NAT synchronization."
			 ::= { hmSec2RedTransparentGroup 1 }

	hmSec2RedTPOperState	OBJECT-TYPE
		   	 SYNTAX			 INTEGER {
							 master(1),
							 backup(2),
							 outofservice(3)
					  }
			 MAX-ACCESS 	 read-only
			 STATUS 		 current
			 DESCRIPTION
				 "Actual redundancy transparent mode Firewall/NAT table
				  synchronization operation state."
			 DEFVAL  { outofservice }                
			 ::= { hmSec2RedTransparentGroup 2 }

	hmSec2RedTPOperInfo	OBJECT-TYPE
             SYNTAX          DisplayString (SIZE (0..128))
			 MAX-ACCESS 	 read-only
			 STATUS 		 current
			 DESCRIPTION
				 "Actual redundancy transparent mode Firewall/NAT table
				  synchronization operation state information."
			 ::= { hmSec2RedTransparentGroup 3 }

	hmSec2RedTPCommunicationState	OBJECT-TYPE
		   	 SYNTAX			 INTEGER {
							 active(1),
							 inactive(2)
					  }
			 MAX-ACCESS 	 read-only
			 STATUS 		 current
			 DESCRIPTION
				 "Actual redundancy transparent mode Firewall/NAT table
				  synchronization communication state.
				  Inactive communication may indicate that the system
				  can not communicate or the nothing has to be exchanged.
				  Active communication shows that the system is operating 
				  properly."
			 DEFVAL  { inactive }                
			 ::= { hmSec2RedTransparentGroup 4 }

--
-- NAT definitions --
--

	hmSec2NatGeneralGroup OBJECT IDENTIFIER ::= { hmSec2Nat 1 }
	hmSec2NatRulesGroup OBJECT IDENTIFIER ::= { hmSec2Nat 2 }


--
-- NAT general group --
--

	hmSec2NatMappingMax	OBJECT-TYPE
			SYNTAX			Integer32 (0..4096)
			MAX-ACCESS		read-write
			STATUS			current
			DESCRIPTION		"Maximum number of simultaneous NAT mappings."
			DEFVAL			{ 1024 }
			::= { hmSec2NatGeneralGroup 1 }

	hmSec2NatTimeoutEstablished	OBJECT-TYPE
			SYNTAX			Integer32 (0..2147483647)
			MAX-ACCESS		read-write
			STATUS			current
			DESCRIPTION		"Timeout in the NAT mapping table for
							 established TCP connections."
			DEFVAL			{ 432000 }
			::= { hmSec2NatGeneralGroup 2 }

	hmSec2NatAllowOutputSameIface	OBJECT-TYPE
		   	 SYNTAX			 INTEGER {
							 enable(1),
							 disable(2)
					  }
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "If this value is enabled, the NAT component
				  checks the NAT rules on outgoing packets also 
				  if the outgoing interface and the incoming 
				  interface is the same.
				  Per default this is disabled."
			 DEFVAL  { disable }                
			::= { hmSec2NatGeneralGroup 3 }

	hmSec2NatAutoDuplicateInvert	OBJECT-TYPE
		   	 SYNTAX			 INTEGER {
							 enable(1),
							 disable(2)
					  }
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "Internal usage only."
			 DEFVAL  { disable }                
			::= { hmSec2NatGeneralGroup 4 }

	hmSec2NatDisallowVRRPAddrs	OBJECT-TYPE
		   	 SYNTAX			 INTEGER {
							 enable(1),
							 disable(2)
					  }
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "Internal usage only."
			 DEFVAL  { disable }                
			::= { hmSec2NatGeneralGroup 5 }

--
-- NAT rules group --
--


--
-- NAPT rules table --
--

	hmSec2NatTable	OBJECT-TYPE
			SYNTAX SEQUENCE OF HmSec2NatEntry
			MAX-ACCESS		not-accessible
			STATUS			current
			DESCRIPTION		"A list of NAPT rules."
			::= { hmSec2NatRulesGroup 1 }

	hmSec2NatEntry	OBJECT-TYPE
			SYNTAX			HmSec2NatEntry
			MAX-ACCESS		not-accessible
			STATUS			current
			DESCRIPTION		""
			INDEX			{ hmSec2NatIndex }
			::= { hmSec2NatTable 1 }
 
	HmSec2NatEntry ::= SEQUENCE {
			hmSec2NatIndex			Integer32,
			hmSec2NatSrcNet			DisplayString,
			hmSec2NatAlg			BITS,
			hmSec2NatDesc			DisplayString,
			hmSec2NatErrorText		DisplayString,
			hmSec2NatRowStatus		RowStatus
			}

	hmSec2NatIndex	OBJECT-TYPE
			SYNTAX			Integer32
			MAX-ACCESS		read-only
			STATUS			current
			DESCRIPTION		"An index that uniquely identifies the entry in the table. The
							 index must be choosen in ascending and compact order. It may
							 change if a rule (not the last in list) is deleted or a new
							 row is inserted."
			::= { hmSec2NatEntry 1 }

	hmSec2NatSrcNet	OBJECT-TYPE
			SYNTAX			DisplayString (SIZE (0..20))
			MAX-ACCESS		read-write
			STATUS			current
			DESCRIPTION		"Network for NAPT transactions on local interface
							 in CIDR notation (a.b.c.d/n)"
			DEFVAL			{ "192.168.1.0/24" }
			::= { hmSec2NatEntry 2 }

	hmSec2NatAlg	OBJECT-TYPE
			SYNTAX			BITS {
									ftp(0)
								 }
			MAX-ACCESS		read-write
			STATUS			current
			DESCRIPTION		"Bitmask for application level gateway selections in this rule"
			DEFVAL			{ {} }
			::= { hmSec2NatEntry 3 }

	hmSec2NatDesc	OBJECT-TYPE
			SYNTAX			DisplayString (SIZE (0..128))
			MAX-ACCESS		read-write
			STATUS			current
			DESCRIPTION		"User defined text."
			DEFVAL			{ "" }
			::= { hmSec2NatEntry 4 }

	hmSec2NatErrorText	OBJECT-TYPE
			SYNTAX			DisplayString (SIZE (0..128))
			MAX-ACCESS		read-only
			STATUS			current
			DESCRIPTION		"Error text"
			DEFVAL			{ "" }
			::= { hmSec2NatEntry 5 }

	hmSec2NatRowStatus	OBJECT-TYPE
			SYNTAX			RowStatus
			MAX-ACCESS		read-write
			STATUS			current
			DESCRIPTION		"The row status of this table entry."
			::= { hmSec2NatEntry 6 }


--
-- 1:1 NAT rules table --
--

	hmSec2Nat1To1Table	OBJECT-TYPE
			SYNTAX SEQUENCE OF HmSec2Nat1To1Entry
			MAX-ACCESS 		not-accessible
			STATUS 			current
			DESCRIPTION		"A list of 1:1 NAT rules."
			::= { hmSec2NatRulesGroup 2 }

	hmSec2Nat1To1Entry	OBJECT-TYPE
			SYNTAX			HmSec2Nat1To1Entry
			MAX-ACCESS		not-accessible
			STATUS			current
			DESCRIPTION		""
			INDEX			{ hmSec2Nat1To1Index }
			::= { hmSec2Nat1To1Table 1 }
 
	HmSec2Nat1To1Entry ::= SEQUENCE {
			hmSec2Nat1To1Index		Integer32,
			hmSec2Nat1To1SrcNet		DisplayString,
			hmSec2Nat1To1DstNet		DisplayString,
			hmSec2Nat1To1NetMask	Integer32,
			hmSec2Nat1To1Desc		DisplayString,
			hmSec2Nat1To1ErrorText	DisplayString,
			hmSec2Nat1To1RowStatus	RowStatus,
			hmSec2Nat1To1Alg		BITS,
			hmSec2Nat1To1DoOutput	INTEGER,
			hmSec2Nat1To1InvertDirection INTEGER
			}

	hmSec2Nat1To1Index	OBJECT-TYPE
			SYNTAX			Integer32
			MAX-ACCESS		read-only
			STATUS			current
			DESCRIPTION		"An index that uniquely identifies the entry in the table. The
							 index must be choosen in ascending and compact order. It may
							 change if a rule (not the last in list) is deleted or a new
							 row is inserted."
			::= { hmSec2Nat1To1Entry 1 }

	hmSec2Nat1To1SrcNet	OBJECT-TYPE
			SYNTAX			DisplayString (SIZE (0..20))
			MAX-ACCESS		read-write
			STATUS			current
			DESCRIPTION		"Network for 1:1 NAT on internal interface."
			DEFVAL			{ "192.168.1.1" }
			::= { hmSec2Nat1To1Entry 2 }

	hmSec2Nat1To1DstNet		OBJECT-TYPE
			SYNTAX			DisplayString (SIZE (0..20))
			MAX-ACCESS		read-write
			STATUS			current
			DESCRIPTION		"Network for 1:1 NAT on external interface."
			DEFVAL			{ "10.0.1.1" }
			::= { hmSec2Nat1To1Entry 3 }

	hmSec2Nat1To1NetMask	OBJECT-TYPE
			SYNTAX			Integer32 (0..32)
			MAX-ACCESS		read-write
			STATUS			current
			DESCRIPTION		"Netmask for 1:1 NAT"
			DEFVAL			{ 32 }
			::= { hmSec2Nat1To1Entry 4 }

	hmSec2Nat1To1Desc	OBJECT-TYPE
			SYNTAX			DisplayString (SIZE (0..128))
			MAX-ACCESS		read-write
			STATUS			current
			DESCRIPTION		"User defined text."
			DEFVAL			{ "" }
			::= { hmSec2Nat1To1Entry 5 }

	hmSec2Nat1To1ErrorText	OBJECT-TYPE
			SYNTAX			DisplayString (SIZE (0..128))
			MAX-ACCESS		read-only
			STATUS			current
			DESCRIPTION		"Error text"
			DEFVAL			{ "" }
			::= { hmSec2Nat1To1Entry 6 }

	hmSec2Nat1To1RowStatus	OBJECT-TYPE
			SYNTAX			RowStatus
			MAX-ACCESS		read-write
			STATUS			current
			DESCRIPTION		"The row status of this table entry."
			::= { hmSec2Nat1To1Entry 7 }

	hmSec2Nat1To1Alg	OBJECT-TYPE
			SYNTAX			BITS {
									ftp(0)
								 }
			MAX-ACCESS		read-write
			STATUS			current
			DESCRIPTION		"Bitmask for application level gateway selections in this rule"
			DEFVAL			{ {} }
			::= { hmSec2Nat1To1Entry 8 }

	hmSec2Nat1To1DoOutput	OBJECT-TYPE
		   	 SYNTAX			 INTEGER {
							 enable(1),
							 disable(2)
					  }
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "If this value is enabled, the 1:1 NAT does
				  the NAT operation also when sending the packet.
				  This means a twice NAT or destination NAT operation 
				  will be additionally performaned. 
				  This feature shall be used in special
				  cases only."
			 DEFVAL  { disable }                
			::= { hmSec2Nat1To1Entry 9 }

	hmSec2Nat1To1InvertDirection	OBJECT-TYPE
		   	 SYNTAX			 INTEGER {
							 enable(1),
							 disable(2)
					  }
			 MAX-ACCESS 	 read-write
			 STATUS 		 current
			 DESCRIPTION
				 "If this value is enabled, the 1:1 NAT does
				  the NAT operation in the opposite direction.
				  This means the NAT operation is done from 
				  the view of the external interface, when
				  devices on the external side shall be 
				  mapped to the internal side.
				  This feature shall be used in special
				  cases only."
			 DEFVAL  { disable }                
			::= { hmSec2Nat1To1Entry 10 }

--
-- Port forwarding rules table --
--

	hmSec2NatPortFwdTable	OBJECT-TYPE
			SYNTAX SEQUENCE OF HmSec2NatPortFwdEntry
			MAX-ACCESS		not-accessible
			STATUS			current
			DESCRIPTION		"A list of port forwarding rules."
			::= { hmSec2NatRulesGroup 3 }

	hmSec2NatPortFwdEntry	OBJECT-TYPE
			SYNTAX			HmSec2NatPortFwdEntry
			MAX-ACCESS		not-accessible
			STATUS			current
			DESCRIPTION		""
			INDEX			{ hmSec2NatPortFwdIndex }
			::= { hmSec2NatPortFwdTable 1 }
 
	HmSec2NatPortFwdEntry ::= SEQUENCE {
			hmSec2NatPortFwdIndex		Integer32,
			hmSec2NatPortFwdSrcNet		DisplayString,
			hmSec2NatPortFwdSrcPort		DisplayString,
			hmSec2NatPortFwdDstNet		DisplayString,
			hmSec2NatPortFwdDstPort		DisplayString,
			hmSec2NatPortFwdFwdNet		DisplayString,
			hmSec2NatPortFwdFwdPort		DisplayString,
			hmSec2NatPortFwdProto		DisplayString,
			hmSec2NatPortFwdLog			INTEGER,
			hmSec2NatPortFwdDesc		DisplayString,
			hmSec2NatPortFwdErrorText	DisplayString,			
			hmSec2NatPortFwdRowStatus	RowStatus
			}

	hmSec2NatPortFwdIndex	OBJECT-TYPE
			SYNTAX			Integer32
			MAX-ACCESS		read-only
			STATUS			current
			DESCRIPTION		"An index that uniquely identifies the entry in the table. The
							 index must be choosen in ascending and compact order. It may
							 change if a rule (not the last in list) is deleted or a new
							 row is inserted."
			::= { hmSec2NatPortFwdEntry 1 }

	hmSec2NatPortFwdSrcNet	OBJECT-TYPE
			SYNTAX			DisplayString (SIZE (0..20))
			MAX-ACCESS		read-write
			STATUS			current
			DESCRIPTION		"Source network in CIDR notation (a.b.c.d/n) thats allowed to
							 be forwarded by this rule or the keyword 'any'."
			DEFVAL			{ "any" }
			::= { hmSec2NatPortFwdEntry 2 }

	hmSec2NatPortFwdSrcPort	OBJECT-TYPE
			SYNTAX			DisplayString (SIZE (0..20))
			MAX-ACCESS		read-write
			STATUS			current
			DESCRIPTION		"Source port expression or the keyword 'any'. A port expressions is
							structured as 'op port' or 'port1 op port2', where 'op' is a
							mathematical operator for:
								o  equal					=
								o  unequal					!=
								o  less than				<
								o  less than or equal		<=
								o  greater than				>
								o  greater than or equal to	>=
								o  outside range			<>
								o  inside range				><
							The port must be specified as a decimal number or one of the
							aliases:
								o  tcp/udp: echo (7)
								o  tcp/udp: discard, sink, null (9)
								o  tcp: ftp-data (20)
								o  tcp: ftp (21)
								o  tcp/udp: ssh (22)
								o  tcp: telnet (23)
								o  tcp/udp: domain, nameserver (53)
								o  tcp/udp: bootps (67)
								o  tcp/udp: bootpc (68)
								o  udp: tftp (69)
								o  tcp/udp: www, http (80)
								o  tcp/udp: kerberos, krb5 (88)
								o  tcp: sftp (115)
								o  tcp/udp: ntp (123)
								o  udp: snmp (161)
								o  udp: snmp-trap, snmptrap (162)
								o  tcp/udp: bgp (179)
								o  tcp/udp: ldap (389)
								o  tcp/udp: https (443)"
			DEFVAL			{ "any" }
			::= { hmSec2NatPortFwdEntry 3 }

	hmSec2NatPortFwdDstNet	OBJECT-TYPE
			SYNTAX			DisplayString (SIZE (0..20))
			MAX-ACCESS		read-write
			STATUS			current
			DESCRIPTION		"Destination IP address to be forwarded or the keyword '%extern'.
							 This keyword stands for the first external IP address."
			DEFVAL			{ "%extern" }
			::= { hmSec2NatPortFwdEntry 4 }

	hmSec2NatPortFwdDstPort	OBJECT-TYPE
			SYNTAX			DisplayString (SIZE (0..20))
			MAX-ACCESS		read-write
			STATUS			current
			DESCRIPTION		"Destination port expression in the form '= port'. 
							The port must be specified as a decimal number or one of the
							aliases:
								o  tcp/udp: echo (7)
								o  tcp/udp: discard, sink, null (9)
								o  tcp: ftp-data (20)
								o  tcp: ftp (21)
								o  tcp/udp: ssh (22)
								o  tcp: telnet (23)
								o  tcp/udp: domain, nameserver (53)
								o  tcp/udp: bootps (67)
								o  tcp/udp: bootpc (68)
								o  udp: tftp (69)
								o  tcp/udp: www, http (80)
								o  tcp/udp: kerberos, krb5 (88)
								o  tcp: sftp (115)
								o  tcp/udp: ntp (123)
								o  udp: snmp (161)
								o  udp: snmp-trap, snmptrap (162)
								o  tcp/udp: bgp (179)
								o  tcp/udp: ldap (389)
								o  tcp/udp: https (443)"			
			DEFVAL			{ "= 80" }
			::= { hmSec2NatPortFwdEntry 5 }

	hmSec2NatPortFwdFwdNet	OBJECT-TYPE
			SYNTAX			DisplayString (SIZE (0..20))
			MAX-ACCESS		read-write
			STATUS			current
			DESCRIPTION		"Redirect IP address."
			DEFVAL			{ "127.0.0.1" }
			::= { hmSec2NatPortFwdEntry 6 }

	hmSec2NatPortFwdFwdPort	OBJECT-TYPE
			SYNTAX			DisplayString (SIZE (0..20))
			MAX-ACCESS		read-write
			STATUS			current
			DESCRIPTION		"Redirect port expression in the form '= port'. 
							The port must be specified as a decimal number or one of the
							aliases:
								o  tcp/udp: echo (7)
								o  tcp/udp: discard, sink, null (9)
								o  tcp: ftp-data (20)
								o  tcp: ftp (21)
								o  tcp/udp: ssh (22)
								o  tcp: telnet (23)
								o  tcp/udp: domain, nameserver (53)
								o  tcp/udp: bootps (67)
								o  tcp/udp: bootpc (68)
								o  udp: tftp (69)
								o  tcp/udp: www, http (80)
								o  tcp/udp: kerberos, krb5 (88)
								o  tcp: sftp (115)
								o  tcp/udp: ntp (123)
								o  udp: snmp (161)
								o  udp: snmp-trap, snmptrap (162)
								o  tcp/udp: bgp (179)
								o  tcp/udp: ldap (389)
								o  tcp/udp: https (443)"	
			DEFVAL			{ "= 80" }
			::= { hmSec2NatPortFwdEntry 7 }

	hmSec2NatPortFwdProto	OBJECT-TYPE
			SYNTAX			DisplayString (SIZE (0..20))
			MAX-ACCESS		read-write
			STATUS			current
			DESCRIPTION		"The protocol as a decimal number (in range 1 -
							 255) or a name. The following protocol names are currently
							 supported:
							 o  'icmp': internet control message protocol (RFC 792)
							 o  'igmp': internet group management protocol
							 o  'ip': internet protocol (RFC 791)
							 o  'tcp': transmission control protocol (RFC 793)
							 o  'udp': user datagram protocol (RFC 768)
							 o  'esp': IPsec encapsulated security payload (RFC 2406)
							 o  'ah': IPsec authentication header (RFC 2402)"
			DEFVAL			{ "tcp" }
			::= { hmSec2NatPortFwdEntry 8 }

	hmSec2NatPortFwdLog		OBJECT-TYPE
			SYNTAX			INTEGER {
								enable(1),
								disable(2)
							}
			MAX-ACCESS		read-write
			STATUS			current
			DESCRIPTION		"Enables or disables logging for this port forwarding rule."
			DEFVAL			{ disable }
			::= { hmSec2NatPortFwdEntry 9 }

	hmSec2NatPortFwdDesc	OBJECT-TYPE
			SYNTAX			DisplayString (SIZE (0..128))
			MAX-ACCESS		read-write
			STATUS			current
			DESCRIPTION		"User defined text."
			DEFVAL			{ "" }
			::= { hmSec2NatPortFwdEntry 10 }

	hmSec2NatPortFwdErrorText	OBJECT-TYPE
			SYNTAX			DisplayString (SIZE (0..128))
			MAX-ACCESS		read-only
			STATUS			current
			DESCRIPTION		"Error text"
			DEFVAL			{ "" }
			::= { hmSec2NatPortFwdEntry 11 }

	hmSec2NatPortFwdRowStatus	OBJECT-TYPE
			SYNTAX			RowStatus
			MAX-ACCESS		read-write
			STATUS			current
			DESCRIPTION		"The row status of this table entry."
			::= { hmSec2NatPortFwdEntry 12 }


--
-- General info
--

   hmSec2DHCPLastAccessMAC OBJECT-TYPE
    SYNTAX MacAddress
    MAX-ACCESS read-only
    STATUS obsolete
    DESCRIPTION
       "MAC Address returns always 0:0:0:0:0:0."
   ::= { hmSec2Info 1 }
   
hmSec2MiscTrapText OBJECT-TYPE
    SYNTAX DisplayString
    MAX-ACCESS read-only
    STATUS current
    DESCRIPTION
       "MIB object to include a text message in a trap.
        When read, it will always return an empty string."
    ::= { hmSec2Info 2 }


-- **************************************************************************
-- *																		*
-- *	Notifications (Traps)												*
-- *																		*
-- **************************************************************************
-- *																		*
-- * Following Notifications are supported with enterprise = hmSecurity2   	*
-- * hmSec2DHCPNewClientTrap	     (1)                                    *
-- * hmSec2RedundSwitchTrap	     	 (2)                                    *
-- * hmSec2VpnDownTrap	     	 	 (3)                                    *
-- * hmSec2VpnUpTrap		     	 (4)                                    *
-- * hmSec2UsrFwLogInTrap	     	 (10)                                   *
-- * hmSec2UsrFwLogOutTrap	     	 (11)                                   *
-- *                                                                        *
-- **************************************************************************

hmSecurity2Event  OBJECT-IDENTITY
    STATUS  current
    DESCRIPTION "The events of hmSecurity2."
    ::= { hmSecurity2 0 }

--
-- Notifications (Traps) with enterprise = hmSecurity2
--

hmSec2DHCPNewClientTrap NOTIFICATION-TYPE
	OBJECTS	{ hmSec2DHCPLastAccessMAC }
	STATUS  current	
	DESCRIPTION "This trap is sent when a DHCP request was received from an unknown
			     client using DHCP."
	::= { hmSecurity2Event 1 }


--
-- Notifications (Traps) for Redundancy application
--

hmSec2RedundSwitchTrap NOTIFICATION-TYPE
	OBJECTS	{ hmSec2RedOperState }
	STATUS  current	
	DESCRIPTION "This trap is sent when the redundancy state changes 
			     on the device (Master <-> Backup)."
	::= { hmSecurity2Event 2 }


hmSec2VpnDownTrap NOTIFICATION-TYPE
    OBJECTS { hmSec2VpnConnOperStatus }
    STATUS  current
    DESCRIPTION
        "A hmSec2VpnDown trap signals that a VPN connection
        is about to enter the down state from some other state
        (see 'hmSec2VpnConnOperStatus')."
    ::= { hmSecurity2Event 3 }


hmSec2VpnUpTrap NOTIFICATION-TYPE
    OBJECTS { hmSec2VpnConnOperStatus }
    STATUS  current
    DESCRIPTION
        "A hmSec2VpnUp trap signals that a VPN connection
        is about to enter the up state from some other state
        (see 'hmSec2VpnConnOperStatus')."
    ::= { hmSecurity2Event 4 }

hmSec2LoginSuccessTrap NOTIFICATION-TYPE
	OBJECTS	{ hmLastLoginUserName, hmLastIpAddr }
	STATUS  current
	DESCRIPTION "This trap is sent if a user successfully grants access via telnet, ssh 
				or serial connection to the device. hmLastIpAddr contains the IP address
				of the login request. The value is 0.0.0.0, if the access was via serial
				connection. hmLastLoginUserName contains the user name the user logged in  
				into the device."
	::= { hmSecurity2Event 5 }
	
hmSec2LoginFailedTrap NOTIFICATION-TYPE
	OBJECTS	{ hmLastLoginUserName, hmLastIpAddr }
	STATUS  current
	DESCRIPTION "This trap is sent if a user tried to grant access via telnet, ssh 
				or serial connection to the device. hmLastIpAddr contains the IP address
				of the login request. The value is 0.0.0.0, if the access was via serial
				connection. hmLastLoginUserName contains the user name the user tried to 
				log in into the device."
	::= { hmSecurity2Event 6 }


--
-- Notifications (Traps) for User Firewall
--

hmSec2UsrFwLogInTrap NOTIFICATION-TYPE
    OBJECTS { hmSec2UsrFwUserName, hmSec2UsrFwUserLoginAddr }
    STATUS  current
    DESCRIPTION
        "A hmSec2UsrFwLogInTrap trap signals that a firewal user
        is logged in (see 'hmSec2UsrFwUserName', 'hmSec2UsrFwUserLoginAddr')."
    ::= { hmSecurity2Event 10 }

hmSec2UsrFwLogOutTrap NOTIFICATION-TYPE
    OBJECTS { hmSec2UsrFwUserName, hmSec2UsrFwUserLoginAddr }
    STATUS  current
    DESCRIPTION
        "A hmSec2UsrFwLogInTrap trap signals that a firewal user
        is logged out (see 'hmSec2UsrFwUserName', 'hmSec2UsrFwUserLoginAddr')."
    ::= { hmSecurity2Event 11 }

hmSec2UsrFwLogErrTrap NOTIFICATION-TYPE
    OBJECTS { hmSec2UsrFwUserName, hmSec2UsrFwUserLoginAddr }
    STATUS  current
    DESCRIPTION
        "A hmSec2UsrFwLogInTrap trap signals that a firewal user
        login is failed (see 'hmSec2UsrFwUserName', 'hmSec2UsrFwUserLoginAddr')."
    ::= { hmSecurity2Event 12 }


--
-- Notification (Trap) for Firewall
--

hmSec2FirewallLogTrap NOTIFICATION-TYPE
    OBJECTS { hmSec2MiscTrapText }
    STATUS  current
    DESCRIPTION
        "This trap is sent if the 'Log' object of a firewall rule has been set
         to 'logAndTrap', and the rule matches. 'hmSec2MiscTrapText' is a copy
         of the log message written to the system log."
    ::= { hmSecurity2Event 15 }

END
