- Enterasys Security Router User's Guide
Firewall MIB Tables
XSR User’s Guide B-9
Firewall MIB Tables
The firewall MIB contains the following tables, most of which are detailed in this section: Firewall
on Interface Group, Interface to Policy Group, Group Policy, Policy Rule Definition,
Authentication Group, Network in Network Group, Network Group, Network, Compound Filter,
Sub Filter, IP Header Filter, Offset Filter, IP Options Header Filter, Data Filter, Policy Rule True,
Session Totals, IP Session, Auth Address Group, and DOS Blocked Group.
Global Interface Operations
Some configurable items affect all interfaces on the XSR. For each of these operations, a pointer is
created to the firewall configuration object when the SNMP/FW command dispatcher determines
the type of operation. This object maintains the current state of each of the global interface
operations.
The following objects take immediate action on the firewall engine.
Note: The XSR supports only SNMP gets for these objects.
Table B-19 Configuration Objects
Field Description
etsysFWFirewallEnabled The current state of the firewall is returned when this value is read. The value read
may be different than the last value set if the state is changed by a means other than
this MIB. This is a read-write field. Setting the value to true causes the firewall to start
inspecting packets while setting it to false causes the firewall to stop inspecting
packets.
etsysFWTcpTimeout The current value of the TCP timer (for all interfaces) is returned from the firewall
configuration object on read. During a set operation, the value of the TCP timer (for all
interfaces) is updated in the firewall configuration object.
etsysFWUdpTimeout The current value of the UDP timer (for all interfaces) is returned from the firewall
configuration object on read. During a set operation, the value of the UDP timer (for
all interfaces) is updated in the firewall configuration object.
etsysFWIcmpTimeout The current value of the ICMP timer (for all interfaces) is returned from the firewall
configuration object on read. During a set operation, the value of the ICMP timer (for
all interfaces) is updated in the firewall configuration object.
etsysFWAuthTimeout The current value of the Auth timer (for all interfaces) is returned from the firewall
configuration object on read. During a set operation, the value of the Auth timer (for all
interfaces) is updated in the firewall configuration object.
etsysFWAuthPort The current value of the Auth Port (for all interfaces) is returned from the firewall
configuration object on read. During a set operation, the value of the Auth Port (for all
interfaces) is updated in the firewall configuration object.
etsysFWLoggingThreshold The current value of the Logging Threshold (for all interfaces) is returned from the
firewall configuration object on read. During a set operation, the value of the Logging
Threshold (for all interfaces) is updated in the firewall configuration object. There are
eight event levels in the firewall and four on the XSR. Levels 0-3 constitute the High
XSR logging threshold, Levels 4 and 5 are Medium, Level 6 is Low and Level 7 is
Debug.