-- *****************************************************************
-- QTECH-SECZONE-MIB.mib:  Qtech security zone MIB file
--
-- March 2009, rendh
--
-- Copyright (c) 2009 by Qtech Networks Co.,Ltd.
-- All rights reserved.
-- 
-- *****************************************************************
--
QTECH-SECZONE-MIB DEFINITIONS ::= BEGIN

IMPORTS
    MODULE-IDENTITY,
    OBJECT-TYPE,
    NOTIFICATION-TYPE,
    IpAddress,
    Integer32
            FROM SNMPv2-SMI
    DisplayString,
    RowStatus
            FROM SNMPv2-TC
    MODULE-COMPLIANCE,
    OBJECT-GROUP,
    NOTIFICATION-GROUP
            FROM SNMPv2-CONF
    ConfigStatus
            FROM QTECH-TC
    qtechMgmt
            FROM QTECH-SMI;

qtechSecZoneMIB MODULE-IDENTITY
    LAST-UPDATED "200908110000Z"
    ORGANIZATION "Qtech Networks Co.,Ltd."
    CONTACT-INFO
            " 
            Tel: 4008-111-000 

            E-mail: service@qtech.com.cn"
    DESCRIPTION
            "This module defines my Security Zone mibs."
    REVISION      "200908110000Z"
    DESCRIPTION
            "Initial version of this MIB module."
    ::= { qtechMgmt 54}
    
qtechSecZoneMIBObjects OBJECT IDENTIFIER ::= { qtechSecZoneMIB 1 }


-- *****************************************************************************************
--     define Security  Zone chain
-- *****************************************************************************************
qtechSecZoneChainTable OBJECT-TYPE
        SYNTAX SEQUENCE OF QtechSecZoneChainEntry
        MAX-ACCESS not-accessible
        STATUS current
        DESCRIPTION
               "A table of Security Zone Chain entries."
        ::= { qtechSecZoneMIBObjects 1 }
    
qtechSecZoneChainEntry OBJECT-TYPE
        SYNTAX QtechSecZoneChainEntry
        MAX-ACCESS not-accessible
        STATUS current
        DESCRIPTION
                "Entry contains chain name and level."  
        INDEX { qtechSecZoneChainName }
        ::= { qtechSecZoneChainTable 1 }
        
QtechSecZoneChainEntry ::= 
        SEQUENCE {
                qtechSecZoneChainName DisplayString,
                qtechSecZoneLevel INTEGER,
                qtechSecZoneAclName DisplayString,
                qtechSecZoneViolationNotifyThresh  INTEGER,
                qtechSecZoneViolationNotifyAction  INTEGER,
                qtechSecZoneViolationBlockThresh   INTEGER,
                qtechSecZoneViolationBlockAction   INTEGER,
                qtechSecZoneViolationBlockTimeout  INTEGER,
                qtechSecZoneChainEntryStatus RowStatus
        } 

qtechSecZoneChainName OBJECT-TYPE
        SYNTAX DisplayString(SIZE (1..32))
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "security zone chain name of this entry.This value is unique for every entry
            When this string be used as an index,Value of a sub-identifier equal 
            ASCII value of corresponding character(first sub-identifier corresponds
            first character of string). The number of sub-identifiers of this string
            must be 32,If length of string is less than 32 the sub-identifier(0x0) 
            will be filled in tail."
        ::= { qtechSecZoneChainEntry  1 }

qtechSecZoneLevel OBJECT-TYPE
       SYNTAX  INTEGER(0..100)
       MAX-ACCESS read-write
       STATUS current
        DESCRIPTION
               " Config level of this Seczone"
        ::= { qtechSecZoneChainEntry 2 } 
        
qtechSecZoneAclName   OBJECT-TYPE
        SYNTAX DisplayString(SIZE (1..32))
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
            "Access list name of security zone belong to.
            When this string be used as an index,Value of a sub-identifier equal 
            ASCII value of corresponding character(first sub-identifier corresponds
            first character of string). The number of sub-identifiers of this string
            must be 32,If length of string is less than 32 the sub-identifier(0x0) 
            will be filled in tail."
        ::= { qtechSecZoneChainEntry  3 }
        
qtechSecZoneViolationNotifyThresh   OBJECT-TYPE
      SYNTAX  INTEGER(0..65535)
      MAX-ACCESS read-write
      STATUS current
      DESCRIPTION 
        "Threshold of security zone access violation . value 0 means no notify."
      ::= {qtechSecZoneChainEntry  4  }  

qtechSecZoneViolationNotifyAction   OBJECT-TYPE
      SYNTAX  INTEGER{
               log(1),
               trap(2), 
               logtrap(3)
      }         
      MAX-ACCESS read-write
      STATUS current
      DESCRIPTION 
        "Action of security zone access violation Notify:log (1), trap (2) , log and trap(3)."
      ::= {qtechSecZoneChainEntry  5  }  

qtechSecZoneViolationBlockThresh   OBJECT-TYPE
      SYNTAX  INTEGER(0..65535)
      MAX-ACCESS read-write
      STATUS current
      DESCRIPTION 
        "Threshold of security zone access violation Blocking. value 0 means no block."
      ::= {qtechSecZoneChainEntry  6  }               
      
qtechSecZoneViolationBlockAction   OBJECT-TYPE
      SYNTAX  INTEGER{
              globalblock (1),
              zoneblock(2) 
      }         
      MAX-ACCESS read-write
      STATUS current
      DESCRIPTION 
        "Action of security zone access violation Blocking:globalblock(1),zoneblock(2) ."
      ::= {qtechSecZoneChainEntry  7  }             

qtechSecZoneViolationBlockTimeout    OBJECT-TYPE
      SYNTAX  INTEGER (0..3600)
      MAX-ACCESS read-write
      STATUS current
      DESCRIPTION 
        "Timeout of security zone access violation Blocking . value 0 means block permanently"
      ::= {qtechSecZoneChainEntry  8  }   
        
qtechSecZoneChainEntryStatus  OBJECT-TYPE
        SYNTAX RowStatus
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
            "Status of this entry, set its value to invalid will delete this entry.
            set its value to valid has no effect."
        ::= { qtechSecZoneChainEntry 9 }

-- *****************************************************************************************
-- define zone to zone policy
-- *****************************************************************************************


qtechSecZone2ZoneTable OBJECT-TYPE
        SYNTAX SEQUENCE OF QtechSecZone2ZoneEntry
        MAX-ACCESS not-accessible
        STATUS current
        DESCRIPTION
               "A table of Two Security Zone entries."
        ::= { qtechSecZoneMIBObjects 2 }

qtechSecZone2ZoneEntry OBJECT-TYPE
        SYNTAX QtechSecZone2ZoneEntry
        MAX-ACCESS not-accessible
        STATUS current
        DESCRIPTION
                "Entry contains policy from one Zone to another Zone ."  
        INDEX { qtechZoneFirstName ,qtechZoneSecondName,qtechZone2ZoneAclName }
        ::= { qtechSecZone2ZoneTable 1 }        
        
QtechSecZone2ZoneEntry ::= 
        SEQUENCE {
                qtechZoneFirstName DisplayString,
                qtechZoneSecondName   DisplayString,
                qtechZone2ZoneAclName DisplayString,
                qtechZone2ZoneEntryStauts RowStatus
        }         

qtechZoneFirstName OBJECT-TYPE
        SYNTAX DisplayString(SIZE (1..32))
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "First zone name of this entry.This value is unique for every entry
            When this string be used as an index,Value of a sub-identifier equal 
            ASCII value of corresponding character(first sub-identifier corresponds
            first character of string). The number of sub-identifiers of this string
            must be 32,If length of string is less than 32 the sub-identifier(0x0) 
            will be filled in tail."
        ::= { qtechSecZone2ZoneEntry  1 }                

qtechZoneSecondName OBJECT-TYPE
        SYNTAX DisplayString(SIZE (1..32))
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "Second zone name  of this entry.This value is unique for every entry
            When this string be used as an index,Value of a sub-identifier equal 
            ASCII value of corresponding character(first sub-identifier corresponds
            first character of string). The number of sub-identifiers of this string
            must be 32,If length of string is less than 32 the sub-identifier(0x0) 
            will be filled in tail."
        ::= { qtechSecZone2ZoneEntry  2 }                       

qtechZone2ZoneAclName OBJECT-TYPE
        SYNTAX DisplayString(SIZE (1..32))
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
            "Key chain name of this entry.This value is unique for every entry
            When this string be used as an index,Value of a sub-identifier equal 
            ASCII value of corresponding character(first sub-identifier corresponds
            first character of string). The number of sub-identifiers of this string
            must be 32,If length of string is less than 32 the sub-identifier(0x0) 
            will be filled in tail."
        ::= { qtechSecZone2ZoneEntry  3 }                              
        
qtechZone2ZoneEntryStauts OBJECT-TYPE
        SYNTAX RowStatus
        MAX-ACCESS read-create
        STATUS current
        DESCRIPTION
            "entry status for this list."      
       ::= { qtechSecZone2ZoneEntry  4 }   

-- *****************************************************************************************       
-- blocking ip table
-- *****************************************************************************************       

qtechSecZoneBlockingTable OBJECT-TYPE
      SYNTAX SEQUENCE OF QtechSecZoneBlockingEntry
      MAX-ACCESS not-accessible
      STATUS current
      DESCRIPTION
               "A table of IP blocking entries."
      ::= { qtechSecZoneMIBObjects 3 }
      
qtechSecZoneBlockingEntry OBJECT-TYPE      
      SYNTAX QtechSecZoneBlockingEntry
      MAX-ACCESS not-accessible
      STATUS current
      DESCRIPTION
                "Entry contains blocking IP .value 0 mean all block IP for deleting all blocking IP"  
      INDEX { qtechBockingIP }
      ::= { qtechSecZoneBlockingTable 1 } 
      
QtechSecZoneBlockingEntry ::= 
      SEQUENCE {
                qtechBockingIP  IpAddress  ,
                qtechBockingCurrentStatus INTEGER ,
                qtechBockingTryAccessZoneName DisplayString,
                qtechBockingEntryStatus ConfigStatus
      }               
      
qtechBockingIP    OBJECT-TYPE
   SYNTAX IpAddress
   MAX-ACCESS read-only
   STATUS current
   DESCRIPTION
            "ip address of Blocking table. "
        ::= { qtechSecZoneBlockingEntry 1 }

qtechBockingCurrentStatus  OBJECT-TYPE
  SYNTAX INTEGER{
              globalblock (1),
              zoneblock(2) 
      }         
   MAX-ACCESS read-only
   STATUS current
   DESCRIPTION
            "status of security zone access violation Blocking:globalblock(1),zoneblock(2)."
        ::= { qtechSecZoneBlockingEntry 2 }   
        
qtechBockingTryAccessZoneName  OBJECT-TYPE
   SYNTAX   DisplayString(SIZE (0..32))     
   MAX-ACCESS read-only
   STATUS current
   DESCRIPTION
         "Try access Zone name of blocking IP.It indicate that 
         this  doesn't match any Zone if this string is null"
        ::= { qtechSecZoneBlockingEntry 3 }   
        
qtechBockingEntryStatus  OBJECT-TYPE
   SYNTAX ConfigStatus
   MAX-ACCESS read-write
   STATUS current
   DESCRIPTION
            "Status of this entry, set its value to invalid (2)will delete this entry.
            set its value to valid(1)has no effect."
   ::= { qtechSecZoneBlockingEntry 4 }        
   
-- *****************************************************************************************               
--     define Global Violation policy parameter
-- *****************************************************************************************               


qtechGlobalViolationNotifyThresh   OBJECT-TYPE
      SYNTAX  INTEGER(0..65535)
      MAX-ACCESS read-write
      STATUS current
      DESCRIPTION 
        "Threshold of Global parameter access violation . value 0 means no notify."
      ::= { qtechSecZoneMIBObjects 4   }  

qtechGlobalViolationNotifyAction   OBJECT-TYPE
      SYNTAX  INTEGER{
               log(1),
               trap(2), 
               logtrap(3)
      }         
      MAX-ACCESS read-write
      STATUS current
      DESCRIPTION 
        "Action of Global parameter access violation Notify:log (1), trap (2) , log and trap(3)."
      ::= { qtechSecZoneMIBObjects 5 }  

qtechGlobalViolationBlockThresh   OBJECT-TYPE
      SYNTAX  INTEGER(0..65535)
      MAX-ACCESS read-write
      STATUS current
      DESCRIPTION 
        "Threshold of Global parameter access violation Blocking. value 0 means no block."
      ::= {qtechSecZoneMIBObjects 6  }               
      
qtechGlobalViolationBlockAction   OBJECT-TYPE
      SYNTAX  INTEGER{
              globalblock (1),
              zoneblock(2) 
      }         
      MAX-ACCESS read-write
      STATUS current
      DESCRIPTION 
        "Action of Global parameter access violation Blocking:globalblock(1),zoneblock(2) ."
      ::= {qtechSecZoneMIBObjects 7  }             

qtechGlobalViolationBlockTimeout    OBJECT-TYPE
      SYNTAX  INTEGER (0..3600)
      MAX-ACCESS read-write
      STATUS current
      DESCRIPTION 
        "Timeout of Global parameter access violation Blocking . value 0 means block permanently"
      ::= {qtechSecZoneMIBObjects 8  }   


-- *****************************************************************************************               
-- trap define 
-- *****************************************************************************************               

qtechSecZoneMIBTraps OBJECT IDENTIFIER ::= { qtechSecZoneMIB 2 }      

violationTime OBJECT-TYPE 
     SYNTAX       DisplayString 
     MAX-ACCESS   accessible-for-notify
     STATUS       current
     DESCRIPTION
         "The time of  packet violation. Used by trap."
     ::= { qtechSecZoneMIBObjects 9  }
                
violationSrcIP OBJECT-TYPE 
     SYNTAX       IpAddress
     MAX-ACCESS   accessible-for-notify
     STATUS       current
     DESCRIPTION
         "The source IP address of packet violation. Used by trap."
     ::= { qtechSecZoneMIBObjects 10  }

violationDestIP OBJECT-TYPE 
     SYNTAX       IpAddress
     MAX-ACCESS   accessible-for-notify
     STATUS       current
     DESCRIPTION
         "The dest IP address of packet violation. Used by trap."
     ::= { qtechSecZoneMIBObjects 11 }     
     
violationProtocol OBJECT-TYPE 
     SYNTAX       Integer32
     MAX-ACCESS   accessible-for-notify
     STATUS       current
     DESCRIPTION
         "The protocol of packet violation. Used by trap."
     ::= { qtechSecZoneMIBObjects 12 }      

violationL4Key OBJECT-TYPE 
     SYNTAX       Integer32
     MAX-ACCESS   accessible-for-notify
     STATUS       current
     DESCRIPTION
         "The tcp/udp port or icmp type&code of packet violation. Used by trap."
     ::= { qtechSecZoneMIBObjects 13 }           
             
qtechSecZoneViolationTrap NOTIFICATION-TYPE
    OBJECTS   {  violationTime,  
                 violationSrcIP, 
                 violationDestIP,
                 violationProtocol,      
                 violationL4Key, 
                 qtechZoneFirstName,
                 qtechZoneSecondName
    }
    STATUS     current
    DESCRIPTION
            "Security zone access Violation trap."
    ::= { qtechSecZoneMIBTraps 1 }                    
    
-- *****************************************************************************************                   


qtechSecZoneMIBConformance OBJECT IDENTIFIER ::= { qtechSecZoneMIB 3 }
qtechSecZoneMIBCompliances OBJECT IDENTIFIER ::= { qtechSecZoneMIBConformance 1 }
qtechSecZoneMIBGroups      OBJECT IDENTIFIER ::= { qtechSecZoneMIBConformance 2 }


-- compliance statements

qtechSecZoneMIBCompliance MODULE-COMPLIANCE
        STATUS  current
        DESCRIPTION
                "The compliance statement for entities which implement
                the Qtech SecZone MIB"
        MODULE  -- this module
                MANDATORY-GROUPS { 
                        qtechSecZoneMIBGroup,
                        qtechSecZoneNotifObjectsGroup,
                        qtechSecZoneNotificationsGroup
                 }         
 
         ::= { qtechSecZoneMIBCompliances 1 }
         
-- units of conformance

qtechSecZoneMIBGroup OBJECT-GROUP
        OBJECTS {
              qtechSecZoneChainName,
              qtechSecZoneLevel,
              qtechSecZoneAclName,
              qtechSecZoneViolationNotifyThresh,
              qtechSecZoneViolationNotifyAction,
              qtechSecZoneViolationBlockThresh,
              qtechSecZoneViolationBlockAction,
              qtechSecZoneViolationBlockTimeout,
              qtechSecZoneChainEntryStatus,
              qtechZoneFirstName,
              qtechZoneSecondName,
              qtechZone2ZoneAclName,
              qtechZone2ZoneEntryStauts,
              qtechBockingIP,
              qtechBockingCurrentStatus,
              qtechBockingTryAccessZoneName,
              qtechBockingEntryStatus,
              qtechGlobalViolationNotifyThresh,
              qtechGlobalViolationNotifyAction,
              qtechGlobalViolationBlockThresh,
              qtechGlobalViolationBlockAction,
              qtechGlobalViolationBlockTimeout
        }
        STATUS  current
        DESCRIPTION
                "A collection of objects providing seczone managment."
        ::= { qtechSecZoneMIBGroups 1 }
     
qtechSecZoneNotifObjectsGroup OBJECT-GROUP
        OBJECTS {
              violationTime,
              violationSrcIP,
              violationDestIP,
              violationProtocol,
              violationL4Key
        }
        STATUS  current
        DESCRIPTION
                "A collection of objects that specify information for
                 TRIP notifications."
        ::= { qtechSecZoneMIBGroups 2 }
           
qtechSecZoneNotificationsGroup NOTIFICATION-GROUP
        NOTIFICATIONS {
               qtechSecZoneViolationTrap     
        }
        STATUS        current
        DESCRIPTION
              "A collection of security zone access Violation traps."
      ::= { qtechSecZoneMIBGroups 3 }
END    
