-- ****************************************************************************
-- ****************************************************************************
--             Copyright(c) 2004 Mediatrix Telecom, Inc.
--  NOTICE:
--   This document contains information that is confidential and proprietary
--   to Mediatrix Telecom, Inc.
--   Mediatrix Telecom, Inc. reserves all rights to this document as well as
--   to the Intellectual Property of the document and the technology and
--   know-how that it includes and represents.
--   This publication cannot be reproduced, neither in whole nor in part in
--   any form whatsoever without written prior approval by
--   Mediatrix Telecom, Inc.
--   Mediatrix Telecom, Inc. reserves the right to revise this publication
--   and make changes at any time and without the obligation to notify any
--   person and/or entity of such revisions and/or changes.
-- ****************************************************************************
-- ****************************************************************************

MX-FPU-MIB
DEFINITIONS ::= BEGIN

IMPORTS
        MODULE-IDENTITY,
        OBJECT-TYPE,
        Unsigned32,
        Integer32
    FROM SNMPv2-SMI
        MODULE-COMPLIANCE,
        OBJECT-GROUP
    FROM SNMPv2-CONF
        MxEnableState,
        MxActivationState,
        MxIpHostName,
        MxIpAddress,
        MxIpPort,
        MxAdvancedIpPort,
        MxIpSubnetMask,
        MxDigitMap
    FROM MX-TC
        MxUInt64,
        MxFloat32,
        MxIpHostNamePort,
        MxIpAddr,
        MxIpAddrPort,
        MxIpAddrMask,
        MxUri,
        MxUrl
    FROM MX-TC2
        mediatrixServices
    FROM MX-SMI2;

fpuMIB MODULE-IDENTITY
 LAST-UPDATED   "1910210000Z"
 ORGANIZATION " Mediatrix Telecom, Inc. "
 CONTACT-INFO " Mediatrix Telecom, Inc.
                4229, Garlock Street
                Sherbrooke (Quebec)
                Canada
                Phone: (819) 829-8749
                "
 DESCRIPTION  " Firmware Pack Updater

                The Firmware Pack Updater (FPU) service manages firmware
                upgrade, downgrade and rollback operations.
                "
 ::= { mediatrixServices 1300 }

fpuMIBObjects OBJECT IDENTIFIER ::= { fpuMIB 1 }

-- *****************************************************************************

-- Table:Installed MFPs

-- *****************************************************************************

mfpInstalledInfoTable OBJECT-TYPE
 SYNTAX        SEQUENCE OF MfpInstalledInfoEntry
 MAX-ACCESS    not-accessible
 STATUS        current
 DESCRIPTION " Installed MFPs

               List of Firmware Packs that are currently installed on the unit.
               "
 ::= { fpuMIBObjects 100 }
 mfpInstalledInfoEntry OBJECT-TYPE
  SYNTAX        MfpInstalledInfoEntry
  MAX-ACCESS    not-accessible
  STATUS        current
  DESCRIPTION " A row in table Installed MFPs. "
  INDEX         {
                  mfpInstalledInfoIndex
                }

  ::= { mfpInstalledInfoTable 1 }

 MfpInstalledInfoEntry ::= SEQUENCE
 {
   mfpInstalledInfoIndex          Unsigned32,
   mfpInstalledInfoMfpName        OCTET STRING,
   mfpInstalledInfoMfpVersion     OCTET STRING,
   mfpInstalledInfoMfpBank        INTEGER,
   mfpInstalledInfoMfpProfileName OCTET STRING
 }

 -- Columnar:Name

 mfpInstalledInfoMfpName OBJECT-TYPE
  SYNTAX         OCTET STRING
  MAX-ACCESS     read-only
  STATUS         current
  DESCRIPTION  " Name

                 Name of the MFP.
                 "
  ::= { mfpInstalledInfoEntry 100 }

 -- Columnar:Version

 mfpInstalledInfoMfpVersion OBJECT-TYPE
  SYNTAX        OCTET STRING
  MAX-ACCESS    read-only
  STATUS        current
  DESCRIPTION " Version

                Version of the MFP installed.
                "
  ::= { mfpInstalledInfoEntry 200 }

 -- Columnar:Bank

 mfpInstalledInfoMfpBank OBJECT-TYPE
  SYNTAX        INTEGER { none(100) , main(200) , recovery(300) , mainInUse
                (400) , recoveryInUse(500) }
  MAX-ACCESS    read-only
  STATUS        current
  DESCRIPTION " Bank

                Bank where the MFP is installed.
                "
  ::= { mfpInstalledInfoEntry 300 }

 -- Columnar:Profile Name

 mfpInstalledInfoMfpProfileName OBJECT-TYPE
  SYNTAX        OCTET STRING ( SIZE(0..255) )
  MAX-ACCESS    read-only
  STATUS        current
  DESCRIPTION " Profile Name

                Name of the profile.
                "
  ::= { mfpInstalledInfoEntry 400 }

 -- Index:MFPs Installed Info Index

 mfpInstalledInfoIndex OBJECT-TYPE
  SYNTAX        Unsigned32
  MAX-ACCESS    read-only
  STATUS        current
  DESCRIPTION " MFPs Installed Info Index

                Index of the currently installed MFPs.
                "
  ::= { mfpInstalledInfoEntry 50 }

-- End of table:Installed MFPs

-- Scalar:Status

status OBJECT-TYPE
 SYNTAX        INTEGER { waitingSystemReady(100) , idle(200) , updating(300) ,
               waitingManualRestart(400) , rollbacking(500) ,
               waitingForGracefulRestart(600) }
 MAX-ACCESS    read-only
 STATUS        current
 DESCRIPTION " Status

               Indicates the current status of the Firmware Pack Updater.

                 * WaitingSystemReady: Waiting for the system restart to
                   complete.
                 * Idle: Ready to process a command.
                 * Updating: Currently downloading and installing a firmware.
                 * WaitingManualRestart: Waiting for a manual restart to
                   complete a firmware update.
                 * WaitingForGracefulRestart: Waiting for graceful shutdown of
                   services before completing a firmware update.

               "
 ::= { fpuMIBObjects 110 }

-- Scalar:Last Result

mfpLastInstallationResult OBJECT-TYPE
 SYNTAX        INTEGER { none(100) , success(200) , fail(300) }
 MAX-ACCESS    read-only
 STATUS        current
 DESCRIPTION " Last Result

               Result of the last Install command.

                 * None: No installation result available.
                 * Success: The last installation succeeded.
                 * Fail: The last installation failed.

               "
 ::= { fpuMIBObjects 125 }

-- Scalar:Firmware Installation Date and Time

mfpLastInstallationDateTime OBJECT-TYPE
 SYNTAX        OCTET STRING ( SIZE(0..255) )
 MAX-ACCESS    read-only
 STATUS        current
 DESCRIPTION " Firmware Installation Date and Time

               Date and time when the firmware was installed.
               "
 ::= { fpuMIBObjects 150 }

-- Scalar:Rollback Available

mfpRollbackAvailable OBJECT-TYPE
 SYNTAX        INTEGER { no(0) , yes(100) }
 MAX-ACCESS    read-only
 STATUS        current
 DESCRIPTION " Rollback Available

               Indicates whether or not a MFP rollback operation is available.
               "
 ::= { fpuMIBObjects 175 }

-- ****************************************************************************

-- Group:MFP Repository

-- Configuration relative to the remote update tree, i.e., where to get update
-- files.
-- ****************************************************************************

mfpRepositoryGroup OBJECT IDENTIFIER
 ::= { fpuMIBObjects 400 }
 -- ***************************************************************************
 
 -- Group:File Transfer

 -- ***************************************************************************
 
 mfpTransferGroup OBJECT IDENTIFIER
  ::= { mfpRepositoryGroup 200 }
  -- Scalar:User Name

  mfpTransferUsername OBJECT-TYPE
   SYNTAX        OCTET STRING ( SIZE(0..63) )
   MAX-ACCESS    read-write
   STATUS        current
   DESCRIPTION " User Name

                 User name used for transfer authentication, if required.
                 "
   DEFVAL        { "" }
   ::= { mfpTransferGroup 200 }

  -- Scalar:Password

  mfpTransferPassword OBJECT-TYPE
   SYNTAX        OCTET STRING ( SIZE(0..63) )
   MAX-ACCESS    read-write
   STATUS        current
   DESCRIPTION " Password

                 Password used for transfer authentication, if required.
                 "
   DEFVAL        { "" }
   ::= { mfpTransferGroup 300 }

  -- Scalar:Level of security for HTTPS certificate validation.

  mfpTransferCertificateValidation OBJECT-TYPE
   SYNTAX        INTEGER { noValidation(100) , hostName(200) }
   MAX-ACCESS    read-write
   STATUS        current
   DESCRIPTION " Level of security for HTTPS certificate validation.

                 When downloading a MFP from an HTTPS server, this parameter
                 defines the level of security to use when validating the
                 server's certificate.

                   * NoValidation: Allow a connection to the server without
                     validating its certificate. The only condition is to
                     receive a certificate from the server. This option
                     provides partial security and should be selected with
                     care.
                   * HostName: Allow a connection to the server by validating
                     its certificate is trusted and valid. The validations
                     performed on the certificate include the expiration date
                     and that the Subject Alternate Name (SAN) or Common Name
                     (CN) matches the FQDN or IP address of the server.

                 "
   DEFVAL        { hostName }
   ::= { mfpTransferGroup 500 }

  -- Scalar:Certificate Trust Level for HTTPS connections

  mfpTransferCertificateTrustLevel OBJECT-TYPE
   SYNTAX        INTEGER { locallyTrusted(100) , ocspOptional(200) ,
                 ocspMandatory(300) }
   MAX-ACCESS    read-write
   STATUS        current
   DESCRIPTION " Certificate Trust Level for HTTPS connections

                 Define how a peer certificate is considered trusted for a
                 HTTPS connection.

                   * LocallyTrusted: A certificate is considered trusted when
                     the certificate authority (CA) that signed the peer
                     certificate is present in the Cert.OthersCertificatesInfo
                     table. The certificate revocation status is not verified.
                   * OcspOptional: A certificate is considered trusted when it
                     is locally trusted and is not revoked by its certificate
                     authority (CA). The certificate revocation status is
                     queried using the Online Certificate Status Protocol
                     (OCSP). If the OCSP server is not available or the
                     verification status is unknown, the certificate is
                     considered trusted.
                   * OcspMandatory: A certificate is considered trusted when it
                     is locally trusted and is not revoked by its certificate
                     authority (CA). The certificate revocation status is
                     queried using the Online Certificate Status Protocol
                     (OCSP). If the OCSP server is not available or the
                     verification status is unknown, the certificate is
                     considered not trusted.

                 "
   DEFVAL        { locallyTrusted }
   ::= { mfpTransferGroup 600 }

  -- Scalar:Mfp Transfer Cipher Suite

  mfpTransferCipherSuite OBJECT-TYPE
   SYNTAX        INTEGER { cS1(100) , cS2(200) , cS3(300) }
   MAX-ACCESS    read-write
   STATUS        current
   DESCRIPTION " Mfp Transfer Cipher Suite

                 Defines the allowed cipher suites for the network security
                 settings when using the HTTPS transfer protocol. When the
                 device initiates an HTTPS connection to a server it will
                 negotiate the cipher suite according to its configuration.

                   * CS1:
                       + TLS_DHE_RSA_WITH_AES_256_CBC_SHA
                       + TLS_DHE_DSS_WITH_AES_256_CBC_SHA
                       + TLS_RSA_WITH_AES_256_CBC_SHA
                       + TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
                       + TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
                       + TLS_RSA_WITH_3DES_EDE_CBC_SHA
                       + TLS_DHE_RSA_WITH_AES_128_CBC_SHA
                       + TLS_DHE_DSS_WITH_AES_128_CBC_SHA
                       + TLS_RSA_WITH_AES_128_CBC_SHA
                       + TLS_RSA_WITH_RC4_128_SHA
                       + TLS_RSA_WITH_RC4_128_MD5
                   * CS2:
                       + TLS_RSA_WITH_AES_128_CBC_SHA
                       + TLS_RSA_WITH_AES_256_CBC_SHA
                       + TLS_RSA_WITH_3DES_EDE_CBC_SHA
                       + TLS_DHE_RSA_WITH_AES_128_CBC_SHA
                       + TLS_DHE_RSA_WITH_AES_256_CBC_SHA
                       + TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
                   * CS3:
                       + TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
                       + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
                       + TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
                       + TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
                       + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
                       + TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
                       + TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
                       + TLS_RSA_WITH_AES_256_GCM_SHA384
                       + TLS_RSA_WITH_AES_256_CBC_SHA256
                       + TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
                       + TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
                       + TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
                       + TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
                       + TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
                       + TLS_RSA_WITH_AES_128_GCM_SHA256
                       + TLS_RSA_WITH_AES_128_CBC_SHA256

                 "
   DEFVAL        { cS1 }
   ::= { mfpTransferGroup 700 }

  -- Scalar:TLS Version

  mfpTransferTlsVersion OBJECT-TYPE
   SYNTAX        INTEGER { sSLv3(100) , tLSv1(200) , tLSv1-1(300) , tLSv1-2
                 (400) }
   MAX-ACCESS    read-write
   STATUS        current
   DESCRIPTION " TLS Version

                 Defines the allowed TLS versions for the network security
                 settings when using the HTTPS transfer protocol. When the
                 device initiates an HTTPS connection to a server it will
                 negotiate the TLS version according to its configuration.

                   * SSLv3: Allow SSL version 3 and all TLS versions.
                   * TLSv1: Allow TLS versions 1 and up.
                   * TLSv1_1: Allow TLS versions 1.1 and up.
                   * TLSv1_2: Allow TLS versions 1.2 and up.

                 The device will always send its highest supported TLS version
                 in the ClientHello message. The server will select the highest
                 supported TLS version it supports from the ClientHello
                 message. The device will then validate that the selected
                 version is allowed. If the version is not allowed the device
                 will close the connection.

                 "
   DEFVAL        { tLSv1 }
   ::= { mfpTransferGroup 800 }

 -- End of group:File Transfer

-- End of group:MFP Repository

-- Scalar:MFP URL

mfpUrl OBJECT-TYPE
 SYNTAX        OCTET STRING
 MAX-ACCESS    read-write
 STATUS        current
 DESCRIPTION " MFP URL

               URL of the MFP 'single file' to install. The supported transfer
               protocols are:

                 * HTTP
                 * HTTPS
                 * TFTP
                 * FTP

               Examples of valid URLs:

                 * http://www.myserver.com/myfile.bin
                 * tftp://myserver.com:69/myfolder/myfile.bin

               When the port is not included in the URL, the default port for
               the chosen protocol is used.

               For authentication, it is recommended to use the
               Fpu.MfpTransferUsername and Fpu.MfpTransferPassword parameters.
               The credentials may also be provisioned directly in the URL
               using the syntax protocol://[username[:password]@]hostname
               [:port]/[path/]filename with the following constraints:

                 * No '/', ':' and '@' characters should be present in username
                   or password.
                 * No percent escaping.
                 * The password will appear in clear in the URL field in the
                   Web page.

               If a username/password is specified both in the URL and in the
               provisioning parameters, values specified in the URL will have
               precedence over the ones specified in the parameters.

               This parameter may contain some macros that are substituted by
               the actual value at the moment of fetching the MFP file.

               The supported macros are:

                 * %mac% - the MAC address of the unit.
                 * %product% - the product name of the unit.
                 * %productseries% - the product series name of the unit.
                 * %serial% - the serial number of the unit.

               "
 DEFVAL        { "" }
 ::= { fpuMIBObjects 450 }

-- Scalar:Automatic Restart

automaticRestartEnable OBJECT-TYPE
 SYNTAX        MxEnableState
 MAX-ACCESS    read-write
 STATUS        current
 DESCRIPTION " Automatic Restart

               Enables the firmware pack updater to automatically restart the
               system when needed for completing a firmware update operation.

               Also see the AutomaticRestartGraceDelay parameter.

               "
 DEFVAL        { disable }
 ::= { fpuMIBObjects 500 }

-- Scalar:Automatic Restart Grace Delay

automaticRestartGraceDelay OBJECT-TYPE
 SYNTAX        Unsigned32 ( 0..10080 )
 MAX-ACCESS    read-write
 STATUS        current
 DESCRIPTION " Automatic Restart Grace Delay

               Configures the grace delay in minutes that the unit waits for
               all telephony calls to be terminated before the automatic
               restart can occur.

               This value is expressed in minutes. The maximum value is set to
               10080 minutes (7 days).

               Also see the AutomaticRestartEnable parameter.

               "
 DEFVAL        { 0 }
 ::= { fpuMIBObjects 600 }

-- Scalar:Default Settings On Firmware Installation.

defaultSettingsOnInstall OBJECT-TYPE
 SYNTAX        MxEnableState
 MAX-ACCESS    read-write
 STATUS        current
 DESCRIPTION " Default Settings On Firmware Installation.

               When set to 'Enable', the unit automatically executes a factory
               reset upon completion of a firmware installation.
               "
 DEFVAL        { disable }
 ::= { fpuMIBObjects 700 }

-- ****************************************************************************

-- Group:Notification Messages Configuration

-- ****************************************************************************

notificationsGroup OBJECT IDENTIFIER
 ::= { fpuMIBObjects 60010 }
 -- Scalar:Minimal Severity of Notification

 minSeverity OBJECT-TYPE
  SYNTAX        INTEGER { disable(0) , debug(100) , info(200) , warning(300) ,
                error(400) , critical (500) }
  MAX-ACCESS    read-write
  STATUS        current
  DESCRIPTION " Minimal Severity of Notification

                Sets the minimal severity to issue a notification message
                incoming from this service.

                  * Disable: No notification is issued.
                  * Debug: All notification messages are issued.
                  * Info: Notification messages with a 'Informational' and
                    higher severity are issued.
                  * Warning: Notification messages with a 'Warning' and higher
                    severity are issued.
                  * Error: Notification messages with an 'Error' and higher
                    severity are issued.
                  * Critical: Notification messages with a 'Critical' severity
                    are issued.

                "
  DEFVAL        { warning }
  ::= { notificationsGroup 100 }

-- End of group:Notification Messages Configuration

-- ****************************************************************************

-- Group:Configuration Settings

-- ****************************************************************************

configurationGroup OBJECT IDENTIFIER
 ::= { fpuMIBObjects 60020 }
 -- Scalar:Need Restart

 needRestartInfo OBJECT-TYPE
  SYNTAX        INTEGER { no(0) , yes(100) }
  MAX-ACCESS    read-only
  STATUS        current
  DESCRIPTION " Need Restart

                Indicates if the service needs to be restarted for the
                configuration to fully take effect.

                  * Yes: Service needs to be restarted.
                  * No: Service does not need to be restarted.

                Services can be restarted by using the
                Scm.ServiceCommands.Restart command.

                "
  ::= { configurationGroup 100 }

-- End of group:Configuration Settings

END
