CISCO-SSL-PROXY-MIB -- ***************************************************************** -- CISCO-SSL-PROXY-MIB.my: Cisco Secure Socket Layer Proxy MIB file -- -- June 2003, Fatima Yu -- -- Copyright (c) 2003 by cisco Systems, Inc. -- All rights reserved. -- ***************************************************************** -- CISCO-SSL-PROXY-MIB DEFINITIONS ::= BEGIN IMPORTS MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE, Counter32, Gauge32, Integer32 FROM SNMPv2-SMI NOTIFICATION-GROUP, MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF SnmpAdminString FROM SNMP-FRAMEWORK-MIB CiscoPort FROM CISCO-TC TimeStamp, RowStatus, TruthValue FROM SNMPv2-TC ciscoMgmt FROM CISCO-SMI InetAddressType, InetAddress FROM INET-ADDRESS-MIB; ciscoSslProxyMIB MODULE-IDENTITY LAST-UPDATED "200310270000Z" ORGANIZATION "Cisco Systems, Inc." CONTACT-INFO " Cisco Systems Customer Service Postal: 170 W Tasman Drive San Jose, CA 95134 USA Tel: +1 800 553-NETS E-mail: cs-ssl@cisco.com" DESCRIPTION "This MIB module is for managing a Secure Socket Layer (SSL) Proxy device which terminates and accelarates SSL and Transport Layer Security (TLS) transactions. The proxy device can act as a SSL server or a SSL client depending on the configuration and the application. In one application, the device acts as a proxy SSL server. It terminates SSL handshakes and TCP connections initiated by SSL clients. The device is configured with a key and a certificate bearing the identity of the SSL server. The device uses this identity to establish the SSL session on behalf of the server, offloading the key establishment and data encryption and decryption work. After the SSL session has been successfully established between the client and the proxy device, the device starts to receive and decrypt the encrypted data sent from the client and forward to the server. The device forwards the clear data to the server on a backend connection. Clear data sent from the server is encrypted by the proxy device before it is forwarded to the SSL client. Optionally, the proxy device is configured to reencrypt the decrypted data sent from the client to the server. The proxy device acts as a SSL client to initiate a SSL session to the server. The decrypted data is encrypted within this SSL session to be forwarded to the server. The encrypted data sent from the server to the device is decrypted and then reencrypted before it is forwarded to the client. In another application, the proxy device forwards data generated by one or more sources to the destination via a SSL session. The proxy device acts as a SSL client and intiates a SSL session to the next hop device. When data is received from the source, the proxy device forwards the data to the next hop using the SSL session. The next hop can continue to forward the data if it is not the destination. The proxy device supports a number of proxy services. Each proxy service defines the role of the proxy device, whether it acts as a SSL server or a SSL client. The rest of the configuration include cryptographic and protocol parameters. This MIB is used for monitoring the configuration, statuses and statistics of the proxy services and the protocols including TCP, SSL and TLS." REVISION "200310270000Z" DESCRIPTION "Initial version of this MIB module." ::= { ciscoMgmt 370 } -- -- Objects and groups in CISCO-SSL-PROXY-MIB -- cspMIBNotifications OBJECT IDENTIFIER ::= { ciscoSslProxyMIB 0 } cspMIBObjects OBJECT IDENTIFIER ::= { ciscoSslProxyMIB 1 } cspMIBConformance OBJECT IDENTIFIER ::= { ciscoSslProxyMIB 2 } -- -- Objects and groups in cspMIBObjects -- cspGlobalConfig OBJECT IDENTIFIER ::= { cspMIBObjects 1 } cspPsConfig OBJECT IDENTIFIER ::= { cspMIBObjects 2 } cspPsPolicyConfig OBJECT IDENTIFIER ::= { cspMIBObjects 3 } cspPsKeyCertConfig OBJECT IDENTIFIER ::= { cspMIBObjects 4 } cspTcpPolicyConfig OBJECT IDENTIFIER ::= { cspMIBObjects 5 } cspSslPolicyConfig OBJECT IDENTIFIER ::= { cspMIBObjects 6 } cspTcpCountersInfo OBJECT IDENTIFIER ::= { cspMIBObjects 7 } cspTcpCounters OBJECT IDENTIFIER ::= { cspMIBObjects 8 } cspSslCountersInfo OBJECT IDENTIFIER ::= { cspMIBObjects 9 } cspSslCounters OBJECT IDENTIFIER ::= { cspMIBObjects 10} cspSsl3Counters OBJECT IDENTIFIER ::= { cspMIBObjects 11} cspTls1Counters OBJECT IDENTIFIER ::= { cspMIBObjects 12 } cspSslCryptoCounters OBJECT IDENTIFIER ::= { cspMIBObjects 13 } cspSslErrorCounters OBJECT IDENTIFIER ::= { cspMIBObjects 14 } cspPsCounters OBJECT IDENTIFIER ::= { cspMIBObjects 15 } cspPsSsl3Counters OBJECT IDENTIFIER ::= { cspMIBObjects 16 } cspPsTls1Counters OBJECT IDENTIFIER ::= { cspMIBObjects 17 } cspCpuStatusInfo OBJECT IDENTIFIER ::= { cspMIBObjects 18 } -- -- The Global Configuration group -- This group contains general configuration information -- for the SSL proxy device -- cspGcVersion OBJECT-TYPE SYNTAX SnmpAdminString (SIZE(1..255)) MAX-ACCESS read-only STATUS current DESCRIPTION "The version information of the SSL proxy device, for display only." ::= { cspGlobalConfig 1 } cspGcFIPSMode OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "An indication of whether or not the proxy device is operating in FIPS (Federal Information Processing Standards) approved mode. If 'true', the proxy device is operating in FIPS mode. When the device operates in FIPS mode, only approved cryptographic algorithms and key strengths are enabled. Authentication and other security requirements of FIPS will also be enforced in this mode." REFERENCE "Federal Information Processing Standards Publication 140-2, Security Requirements for Cryptographic Modules." ::= { cspGlobalConfig 2 } cspGcRSArc4128md5 OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "An indication of whether or not the proxy device supports the cipher suite RSA_WITH_RC4_128_MD5. If 'true', the cipher suite is supported." REFERENCE "1. RFC 2246, The TLS Protocol Version 1.0, A.5. 2. IETF Draft , The SSL Protocol Version 3.0, Appendix C." ::= { cspGlobalConfig 3 } cspGcRSArc4128sha OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "An indication of whether or not the proxy device supports the cipher suite RSA_WITH_RC4_128_SHA. If 'true', the cipher suite is supported." REFERENCE "1. RFC 2246, The TLS Protocol Version 1.0, A.5. 2. IETF Draft , The SSL Protocol Version 3.0, Appendix C." ::= { cspGlobalConfig 4 } cspGcRSAdescbcsha OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "An indication of whether or not the proxy device supports the cipher suite RSA_WITH_DES_CBC_SHA. If 'true', the cipher suite is supported." REFERENCE "1. RFC 2246, The TLS Protocol Version 1.0, A.5. 2. IETF Draft , The SSL Protocol Version 3.0, Appendix C." ::= { cspGlobalConfig 5 } cspGcRSA3descbcsha OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-only STATUS current DESCRIPTION "An indication of whether or not the proxy device supports the cipher suite RSA_WITH_3DES_EDE_CBC_SHA. If 'true', the cipher suite is supported." REFERENCE "1. RFC 2246, The TLS Protocol Version 1.0, A.5. 2. IETF Draft , The SSL Protocol Version 3.0, Appendix C." ::= { cspGlobalConfig 6 } cspGcNotifyProxyServOperStatus OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "An indication of whether or not a cspServOperStatus notification should be issued when the operation status of proxy services changes. If such a notification is desired, it is the responsibility of the management entity to ensure that the SNMP administrative model is configured in such a way as to allow the notification to be delivered." DEFVAL { false } ::= { cspGlobalConfig 7 } cspGcNotifyPSCertExpiring OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-write STATUS current DESCRIPTION "An indication of whether or not a cspServCertExpiring notification should be issued when a proxy service certificate will be expiring in the configured time interval cspGcPSCertExpireInterval. If such a notification is desired, it is the responsibility of the management entity to ensure that the SNMP administrative model is configured in such a way as to allow the notification to be delivered." DEFVAL { false } ::= { cspGlobalConfig 8 } cspGcPSCertExpireInterval OBJECT-TYPE SYNTAX Integer32 (0..720) UNITS "hours" MAX-ACCESS read-write STATUS current DESCRIPTION "The proxy service certificate expiration time interval, used to determine when the cspServCertExpiring notification should be issued if cspGcNotifyPSCertExpiring is 'true'. If this time interval is 0, no proxy service certification expiration will be checked." DEFVAL { 0 } ::= { cspGlobalConfig 9 } -- -- The Proxy Service configuration entries -- cspPsTable OBJECT-TYPE SYNTAX SEQUENCE OF CspPsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of proxy service configuration entries." ::= { cspPsConfig 1 } cspPsEntry OBJECT-TYPE SYNTAX CspPsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The proxy service configuration entry. Each entry indicates the name and the index of a proxy service, and a set of configuration parameters to be applied on this proxy service. A unique name can be assigned to each proxy service. Optionally, multiple proxy services can be grouped into a proxy list. All the services in a list have the same name, and each service is assigned a unique index within the list. Each proxy service has a virtual and a server address. This entry reports the address and port configuration, and the administrative and operational statuses of each proxy service. If a service is not operational, the reason for its being 'down' is also reported." INDEX { cspPsName, cspPsListIndex } ::= { cspPsTable 1 } CspPsEntry ::= SEQUENCE { cspPsName SnmpAdminString, cspPsListIndex Integer32, cspPsServiceType INTEGER, cspPsVirtualAddressType InetAddressType, cspPsVirtualAddress InetAddress, cspPsVirtualPort CiscoPort, cspPsServerAddressType InetAddressType, cspPsServerAddress InetAddress, cspPsServerPort CiscoPort, cspPsAdminStatus INTEGER, cspPsOperStatus INTEGER, cspPsOperDownReason INTEGER, cspPsConfigRowStatus RowStatus } cspPsName OBJECT-TYPE SYNTAX SnmpAdminString (SIZE (1..50)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The name of a proxy service. A unique name string can be assigned to one proxy service or a list of proxy services. When the name is assigned to a list of proxy services, each proxy service is identified by a unique index within the list." ::= { cspPsEntry 1 } cspPsListIndex OBJECT-TYPE SYNTAX Integer32 (0..256) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The unique index of a proxy service within a list. If the cspPsName string is assigned to a list of proxy services, this index is used to identify a proxy service within the list. If the cspPsName string is unique per proxy service, this index is not used, and the value shall be 0." ::= { cspPsEntry 2 } cspPsServiceType OBJECT-TYPE SYNTAX INTEGER { server(1), -- Proxy is acting as SSL server client(2) -- Proxy is acting as SSL client } MAX-ACCESS read-create STATUS current DESCRIPTION "The type of proxy service: 'server(1)' or 'client(2)'. When servicing a 'server' type proxy service, the proxy device acts as a SSL server. It terminates the SSL handshake initiated by a SSL client, and forwards the data sent from the client to the destination. When servicing a 'client' type proxy service, the proxy device acts as a SSL client. It initiates a SSL handshake to a SSL server, and forwards data sent from one or more data sources to the SSL server." DEFVAL { server } ::= { cspPsEntry 3 } cspPsVirtualAddressType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-create STATUS current DESCRIPTION "An indication of the type of address contained in cspPsVirtualAddress." DEFVAL { ipv4 } ::= { cspPsEntry 4 } cspPsVirtualAddress OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-create STATUS current DESCRIPTION "The virtual address. This address is used by the data source to send data that can be received by the proxy device and forwarded to the destination." ::= { cspPsEntry 5 } cspPsVirtualPort OBJECT-TYPE SYNTAX CiscoPort MAX-ACCESS read-create STATUS current DESCRIPTION "The virtual TCP port number. This port number is used by the data source to send data that can be received by the proxy device and forwarded to the destination." ::= { cspPsEntry 6 } cspPsServerAddressType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-create STATUS current DESCRIPTION "An indication of the type of address contained in cspPsServerAddress." DEFVAL { ipv4 } ::= { cspPsEntry 7 } cspPsServerAddress OBJECT-TYPE SYNTAX InetAddress MAX-ACCESS read-create STATUS current DESCRIPTION "The server address. This address is used by the proxy device to send or forward data to the destination." ::= { cspPsEntry 8 } cspPsServerPort OBJECT-TYPE SYNTAX CiscoPort MAX-ACCESS read-create STATUS current DESCRIPTION "The server TCP port number. This port number is used by the proxy device to send or forward data to the destination." ::= { cspPsEntry 9 } cspPsAdminStatus OBJECT-TYPE SYNTAX INTEGER { up(1), down(2) } MAX-ACCESS read-create STATUS current DESCRIPTION "The administrative status of the proxy service. Each proxy service can be configured to be administratively 'up' or 'down'. If the Adminstrative Status is 'down', the service will not be operational." DEFVAL { down } ::= { cspPsEntry 10 } cspPsOperStatus OBJECT-TYPE SYNTAX INTEGER { up(1), down(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "The operational status of a proxy service. For a proxy service to be operational, its administrative status needs to be 'up'. If the administrative status is 'up', the operational status will be changed from 'down' to 'up' automatically once all the required configuration parameters and resources, including necessary keys and certificates, become available. If one or more required resources are removed (e.g. the certificate has expired), the operational status will be changed to 'down' automatically." ::= { cspPsEntry 11 } cspPsOperDownReason OBJECT-TYPE SYNTAX INTEGER { other(1), -- Other reason notApplicable(2), -- Not applicable noConnectivity(3), -- No Connectivity noVirtualAddr(4), -- No Virtual Address noServerAddr(5), -- No Server Address noCert(6), -- NO Certificate certNotConfigured(7) -- Certificate Not -- Configured } MAX-ACCESS read-only STATUS current DESCRIPTION "The reason for the operational status to be 'down'. Possible values are: other(1) : Unknown or undefined reason, notApplicable(2) : Administratively 'down', noConnectivity(3) : No Connectivity to the client, the server, or the gateway, noVirtualAddr(4) : Virtual Address not configured, noServerAddr(5) : Server Address not configured, noCert(6) : Certificate configured, but invalid or missing, certNotConfigured(7): Certificate not configured." ::= { cspPsEntry 12 } cspPsConfigRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The conceptual row status of the proxy service configuration entry. An entry cannot have the status 'active' until values have been assigned to the following objects: cspPsVirtualAddress, cspPsVirtualPort, cspPsServerAddress and cspPsServerPort. This entry can be modified when the status is 'active'." ::= { cspPsEntry 13 } -- -- The Proxy Service Policy configuration entries -- cspPsPolicyTable OBJECT-TYPE SYNTAX SEQUENCE OF CspPsPolicyEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of proxy service policy configuration entries." ::= { cspPsPolicyConfig 1 } cspPsPolicyEntry OBJECT-TYPE SYNTAX CspPsPolicyEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The proxy service policy entry. Each proxy service policy entry contains the name of each type of policy configured for the proxy service. A policy is a set of configuration parameters and rules to observe for implementing a protocol or an operation. One or more of the following policies can be configured for a proxy service: TCP protocol policy for virtual connections, TCP protocol policy for server connections, SSL protocol policy, HTTP header insertion policy, and URL rewrite policy." AUGMENTS { cspPsEntry } ::= { cspPsPolicyTable 1 } CspPsPolicyEntry ::= SEQUENCE { cspPspVirTcpPolicyName SnmpAdminString, cspPspSerTcpPolicyName SnmpAdminString, cspPspSslPolicyName SnmpAdminString, cspPspHttpHdrPolicyName SnmpAdminString, cspPspUrlRewritePolicyName SnmpAdminString } cspPspVirTcpPolicyName OBJECT-TYPE SYNTAX SnmpAdminString (SIZE (0..255)) MAX-ACCESS read-create STATUS current DESCRIPTION "The name of the TCP protocol policy configured for the virtual side connections. If no TCP policy is configured, the name will be a NULL string." ::= { cspPsPolicyEntry 1 } cspPspSerTcpPolicyName OBJECT-TYPE SYNTAX SnmpAdminString (SIZE (0..255)) MAX-ACCESS read-create STATUS current DESCRIPTION "The name of the TCP protocol policy configured for the server side connections. If no TCP policy is configured, the name will be a NULL string." ::= { cspPsPolicyEntry 2 } cspPspSslPolicyName OBJECT-TYPE SYNTAX SnmpAdminString (SIZE (0..255)) MAX-ACCESS read-create STATUS current DESCRIPTION "The name of the SSL protocol policy configured for the SSL handshake and data encryption and decryption. If no SSL policy is configured, the name will be a NULL string." ::= { cspPsPolicyEntry 3 } cspPspHttpHdrPolicyName OBJECT-TYPE SYNTAX SnmpAdminString (SIZE (0..255)) MAX-ACCESS read-create STATUS current DESCRIPTION "The name of the HTTP header insertion policy. A number of fields can be inserted into the HTTP headers when the proxy service is forwarding data. The policy specifies the header insertion parameters. If no policy is configured, the name will be a NULL string." ::= { cspPsPolicyEntry 4 } cspPspUrlRewritePolicyName OBJECT-TYPE SYNTAX SnmpAdminString (SIZE (0..255)) MAX-ACCESS read-create STATUS current DESCRIPTION "The name of the URL rewrite policy. The policy specifies configuration parameters for rewriting URLs in HTTP headers and payload. If no policy is configured, the name will be a NULL string." ::= { cspPsPolicyEntry 5 } -- -- The Proxy Service Key and Certificate configuration entries -- cspPsKeyCertTable OBJECT-TYPE SYNTAX SEQUENCE OF CspPsKeyCertEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of proxy service key and certificate configuration entries." ::= { cspPsKeyCertConfig 1 } cspPsKeyCertEntry OBJECT-TYPE SYNTAX CspPsKeyCertEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The proxy service key and certificate configuration entry. This entry specifies the key usage, optionally the trust point name, the certificate and the key file names, the key size and time of generation or import, and some important attributes of the certificate." INDEX { cspPsName, cspPsListIndex, cspPskcKeyUsage } ::= { cspPsKeyCertTable 1 } CspPsKeyCertEntry ::= SEQUENCE { cspPskcKeyUsage INTEGER, cspPskcTrustPointName SnmpAdminString, cspPskcCertFileName SnmpAdminString, cspPskcKeyName SnmpAdminString, cspPskcKeyFileName SnmpAdminString, cspPskcKeySize INTEGER, cspPskcKeyTime SnmpAdminString, cspPskcCertStatus INTEGER, cspPskcCertSubjName SnmpAdminString, cspPskcCertSerialNum SnmpAdminString, cspPskcIssuerName SnmpAdminString, cspPskcIssuerCertSerialNum SnmpAdminString, cspPskcCertStartDate SnmpAdminString, cspPskcCertEndDate SnmpAdminString, cspPskcConfigRowStatus RowStatus } cspPskcKeyUsage OBJECT-TYPE SYNTAX INTEGER { rsaSigning(1), -- For signing only rsaEncryption(2), -- For encryption only rsaGeneralPurpose(3) -- For general purpose } MAX-ACCESS not-accessible STATUS current DESCRIPTION "An indication of the usage of a key assigned to a proxy service. Each proxy service can be assigned one or more keys. The key can be used for signing only, for data encryption and decryption only, or for general purpose (that is, it can be used for both signing and data encryption and decryption). The following values are defined: rsaSigning(1) : RSA key used for signing only, rsaEncryption(2) : RSA key used for data encryption and decryption only, rsaGeneralPurpose(3): RSA key used for both signing and data encryption and decryption." ::= { cspPsKeyCertEntry 1 } cspPskcTrustPointName OBJECT-TYPE SYNTAX SnmpAdminString (SIZE (0..255)) MAX-ACCESS read-create STATUS current DESCRIPTION "The name of a trust point assigned to the proxy service. The trust point contains information that can be used for certificate enrollment or for importing keys and certificates. A trust point may also contain identifying information about keys and certificates, and the path and the protocol to be used for the proxy device to communicate with a Certificate Authority which issues certificates for the proxy service. If no trust point is assigned to the proxy service, the name will be a NULL string." ::= { cspPsKeyCertEntry 2 } cspPskcCertFileName OBJECT-TYPE SYNTAX SnmpAdminString (SIZE (0..255)) MAX-ACCESS read-create STATUS current DESCRIPTION "The name of the file storing the certificate. If there is no such file, the name will be a NULL string." ::= { cspPsKeyCertEntry 3 } cspPskcKeyName OBJECT-TYPE SYNTAX SnmpAdminString (SIZE (0..255)) MAX-ACCESS read-create STATUS current DESCRIPTION "The name of a key assigned to the proxy service. If there is no key assigned, the name will be a NULL string. If the key is stored in a file, the file name may be used to identify the key, and this name will be a NULL string." ::= { cspPsKeyCertEntry 4 } cspPskcKeyFileName OBJECT-TYPE SYNTAX SnmpAdminString (SIZE (0..255)) MAX-ACCESS read-create STATUS current DESCRIPTION "The name of the file storing the key. If there is no such file, the name will be a NULL string." ::= { cspPsKeyCertEntry 5 } cspPskcKeySize OBJECT-TYPE SYNTAX INTEGER { other(1), -- unspecified key size rsa512(2), -- 512-bit RSA key rsa768(3), -- 768-bit RSA key rsa1024(4), -- 1024-bit RSA key rsa1536(5), -- 1536-bit RSA key rsa2048(6) -- 2048-bit RSA key } MAX-ACCESS read-only STATUS current DESCRIPTION "The size of the key. The following modulus sizes are defined for RSA keys: 512-bit, 768-bit, 1024-bit, 1536-bit and 2048-bit." ::= { cspPsKeyCertEntry 6 } cspPskcKeyTime OBJECT-TYPE SYNTAX SnmpAdminString (SIZE (0..32)) MAX-ACCESS read-only STATUS current DESCRIPTION "The time of generation of the key, if known. If the key is imported to the proxy device, this time can indicate the time of import if the time of generation is unknown. If the time is not known, this will be a NULL string." ::= { cspPsKeyCertEntry 7 } cspPskcCertStatus OBJECT-TYPE SYNTAX INTEGER { valid(1), -- within valid period expired(2), -- has passed the end date rollover(3) -- being renewed } MAX-ACCESS read-only STATUS current DESCRIPTION "The status of the certificate that is used to publish the public key. The following values are defined: Valid(1) : Certificate is valid, Expired(2) : Certificate has expired, Rolling Over(3): Certificate is being renewed. Whether or not an expired certificate can be used for the proxy service is implementation specific." REFERENCE "RFC 2459, Internet X.509 Public Key Infrastructure Certificate and CRL Profile, Section 4.1.2.5 about validity and Section 10 about key rollover" ::= { cspPsKeyCertEntry 8 } cspPskcCertSubjName OBJECT-TYPE SYNTAX SnmpAdminString (SIZE (0..255)) MAX-ACCESS read-only STATUS current DESCRIPTION "The subject name of the certificate assigned to the proxy service. If there is no subject name on the certificate, this will be a NULL string." REFERENCE "RFC 2459, Internet X.509 Public Key Infrastructure Certificate and CRL Profile, Section 4.1.2.6" ::= { cspPsKeyCertEntry 9 } cspPskcCertSerialNum OBJECT-TYPE SYNTAX SnmpAdminString (SIZE (0..255)) MAX-ACCESS read-only STATUS current DESCRIPTION "The serial number of the certificate assigned to the proxy service. If there is no serial number on the certificate, this will be a NULL string." REFERENCE "RFC 2459, Internet X.509 Public Key Infrastructure Certificate and CRL Profile, Section 4.1.2.2" ::= { cspPsKeyCertEntry 10 } cspPskcIssuerName OBJECT-TYPE SYNTAX SnmpAdminString (SIZE (0..255)) MAX-ACCESS read-only STATUS current DESCRIPTION "The issuer name of the certificate assigned to the proxy service. If the issuer name of the certificate is not known, this will be a NULL string." REFERENCE "RFC 2459, Internet X.509 Public Key Infrastructure Certificate and CRL Profile, Section 5.1.2.3" ::= { cspPsKeyCertEntry 11 } cspPskcIssuerCertSerialNum OBJECT-TYPE SYNTAX SnmpAdminString (SIZE (0..255)) MAX-ACCESS read-only STATUS current DESCRIPTION "The serial number of the issuer's certificate. If the serial number of the issuer's certificate is not known, this will be a NULL string." REFERENCE "RFC 2459, Internet X.509 Public Key Infrastructure Certificate and CRL Profile, Section 4.1.2.2 and Section 4.1.2.4" ::= { cspPsKeyCertEntry 12 } cspPskcCertStartDate OBJECT-TYPE SYNTAX SnmpAdminString (SIZE (0..32)) MAX-ACCESS read-only STATUS current DESCRIPTION "The time when the certificate starts to be valid, corresponding to the notBefore time on the certificate." REFERENCE "RFC 2459, Internet X.509 Public Key Infrastructure Certificate and CRL Profile, Section 4.1.2.5" ::= { cspPsKeyCertEntry 13 } cspPskcCertEndDate OBJECT-TYPE SYNTAX SnmpAdminString (SIZE (0..32)) MAX-ACCESS read-only STATUS current DESCRIPTION "The time when the certificate validity ends, corresponding to the notAfter time on the certificate." REFERENCE "RFC 2459, Internet X.509 Public Key Infrastructure Certificate and CRL Profile, Section 4.1.2.5" ::= { cspPsKeyCertEntry 14 } cspPskcConfigRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The conceptual row status of the proxy service key and certificate configuration entry. This entry can be modified when the status is 'active'." ::= { cspPsKeyCertEntry 15 } -- -- The TCP Policy configuration entries -- cspTcpPolicyTable OBJECT-TYPE SYNTAX SEQUENCE OF CspTcpPolicyEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of TCP Policy entries" ::= { cspTcpPolicyConfig 1 } cspTcpPolicyEntry OBJECT-TYPE SYNTAX CspTcpPolicyEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "TCP Policy configuration entry. Each entry defines a set of TCP protocol parameters. A policy can be applied to one or more proxy services." INDEX { cspTpPolicyName } ::= { cspTcpPolicyTable 1 } CspTcpPolicyEntry ::= SEQUENCE { cspTpPolicyName SnmpAdminString, cspTpSynTimeOut Integer32, cspTpInActivityTimeOut Integer32, cspTpNagleAlgo TruthValue, cspTpFinWaitTimeOut Integer32, cspTpReassemTimeOut Integer32, cspTpRcvBufShrLim Integer32, cspTpTransBufShrLim Integer32, cspTpMss Integer32, cspTpPathMtuDisc TruthValue, cspTpConfigRowStatus RowStatus } cspTpPolicyName OBJECT-TYPE SYNTAX SnmpAdminString (SIZE (1..255)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The unique name of a TCP policy." ::= { cspTcpPolicyEntry 1 } cspTpSynTimeOut OBJECT-TYPE SYNTAX Integer32 (0..3600) UNITS "seconds" MAX-ACCESS read-create STATUS current DESCRIPTION "The TCP connection SYN timeout value. This is the amount of time the SSL proxy waits before failing the connection establishment attempt." DEFVAL { 75 } ::= { cspTcpPolicyEntry 2 } cspTpInActivityTimeOut OBJECT-TYPE SYNTAX Integer32 (0..3600) UNITS "seconds" MAX-ACCESS read-create STATUS current DESCRIPTION "The TCP connection inactivity timeout value. This is the amount of time the SSL proxy waits for the next packet to arrive on a TCP connection, if no packet is received within this period then the connection is considered to be inactive and aborted." DEFVAL { 600 } ::= { cspTcpPolicyEntry 3 } cspTpNagleAlgo OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "If 'true', the Nagle Algorithm is enabled during the SSL or TLS data phase to concatenate a number of small messages to avoid sending small messages into the network." REFERENCE "RFC 896, Congestion Control in IP/TCP Internetworks" ::= { cspTcpPolicyEntry 4 } cspTpFinWaitTimeOut OBJECT-TYPE SYNTAX Integer32 (0..3600) UNITS "seconds" MAX-ACCESS read-create STATUS current DESCRIPTION "The TCP connection FIN-WAIT2 state timeout value. This is the amount of time the SSL proxy waits for a FIN from the peer after it has initiated close and is in FIN-WAIT2 state." DEFVAL { 75 } ::= { cspTcpPolicyEntry 5 } cspTpReassemTimeOut OBJECT-TYPE SYNTAX Integer32 (0..3600) UNITS "seconds" MAX-ACCESS read-create STATUS current DESCRIPTION "The TCP connection reassembly timeout value. This is the amount of time the SSL proxy waits during the TCP out of order traffic reassembly process for the next expected in sequence segment to arrive." DEFVAL { 600 } ::= { cspTcpPolicyEntry 6 } cspTpRcvBufShrLim OBJECT-TYPE SYNTAX Integer32 (8192..262144) UNITS "bytes" MAX-ACCESS read-create STATUS current DESCRIPTION "The receive buffer share limit per connection. This is used by SSL proxy to calculate the maximum window to advertise during the 3 way handshake, and is also the maximum share of the receive buffer pool that would be allocated for this connection." DEFVAL { 32768 } ::= { cspTcpPolicyEntry 7 } cspTpTransBufShrLim OBJECT-TYPE SYNTAX Integer32 (8192..262144) UNITS "bytes" MAX-ACCESS read-create STATUS current DESCRIPTION "The transmit buffer share limit per connection. This is the maximum share of the send buffer pool that would be allocated for this connection." DEFVAL { 32768 } ::= { cspTcpPolicyEntry 8 } cspTpMss OBJECT-TYPE SYNTAX Integer32 (256..1460) UNITS "bytes" MAX-ACCESS read-create STATUS current DESCRIPTION "The TCP maximum segment size. This is the MSS value offered by the SSL proxy during 3-way handshake" DEFVAL { 1460 } ::= { cspTcpPolicyEntry 9 } cspTpPathMtuDisc OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "If 'true', the Path MTU Discovery algorithm is enabled." ::= { cspTcpPolicyEntry 10 } cspTpConfigRowStatus OBJECT-TYPE SYNTAX RowStatus MAX-ACCESS read-create STATUS current DESCRIPTION "The conceptual row status of the TCP policy configuration entry. This entry can be modified when the status is 'active'." ::= { cspTcpPolicyEntry 11 } -- -- The SSL Policy configuration entries -- cspSslPolicyTable OBJECT-TYPE SYNTAX SEQUENCE OF CspSslPolicyEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of SSL protocol policy configuration entries." ::= { cspSslPolicyConfig 1 } cspSslPolicyEntry OBJECT-TYPE SYNTAX CspSslPolicyEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A SSL policy defines a set of cipher suites to be supported, and the SSL or TLS protocol parameters. Each policy can be assigned to one or more proxy services. If no SSL policy is assigned to a proxy service, all supported cipher suites and all protocol versions will be enabled by default." INDEX { cspSpPolicyName } ::= { cspSslPolicyTable 1 } CspSslPolicyEntry ::= SEQUENCE { cspSpPolicyName SnmpAdminString, cspSpRSArc4128md5 TruthValue, cspSpRSArc4128sha TruthValue, cspSpRSAdescbcsha TruthValue, cspSpRSA3descbcsha TruthValue, cspSpProtocol INTEGER, cspSpCloseProtocol TruthValue, cspSpSessionCache Integer32, cspSpSessionTimeOut Integer32, cspSpConfigRowStatus RowStatus } cspSpPolicyName OBJECT-TYPE SYNTAX SnmpAdminString (SIZE (1..255)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The unique name of a SSL protocol policy." ::= { cspSslPolicyEntry 1 } cspSpRSArc4128md5 OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "An indication of whether or not the cipher suite RSA_WITH_RC4_128_MD5 is configured. If 'true', the cipher suite is configured." ::= { cspSslPolicyEntry 2 } cspSpRSArc4128sha OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "An indication of whether or not the cipher suite RSA_WITH_RC4_128_SHA is configured. If 'true', the cipher suite is configured." ::= { cspSslPolicyEntry 3 } cspSpRSAdescbcsha OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "An indication of whether or not the cipher suite RSA_WITH_DES_CBC_SHA is configured. If 'true', the cipher suite is configured." ::= { cspSslPolicyEntry 4 } cspSpRSA3descbcsha OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "An indication of whether or not the cipher suite RSA_WITH_3DES_EDE_CBC_SHA is configured. If 'true', the cipher suite is configured." ::= { cspSslPolicyEntry 5 } cspSpProtocol OBJECT-TYPE SYNTAX INTEGER { other(1), -- Other protocol ssl3(2), -- SSL 3.0 protocol tls1(3), -- TLS 1.0 protocol ssl3AndTls1(4) -- SSL 3.0 and TLS 1.0 protocols } MAX-ACCESS read-create STATUS current DESCRIPTION "The set of SSL and TLS protocols to be supported. The following values are defined: other(1) : An unspecified protocol, SSL 3.0(2) : Support SSL 3.0 protocol only, TLS 1.0(3) : Support TLS 1.0 protocol only, ssl3AndTls1(3) : Support both SSL 3.0 and TLS 1.0" REFERENCE "1. RFC 2246, The TLS Protocol Version 1.0. 2. IETF Draft , The SSL Protocol Version 3.0" ::= { cspSslPolicyEntry 6 } cspSpCloseProtocol OBJECT-TYPE SYNTAX TruthValue MAX-ACCESS read-create STATUS current DESCRIPTION "An indication of whether or not the SSL close protocol is enforced. If 'true', the close protocol is enforced. A close-notify alert message is sent to the peer, and a close-notify alert message is expected from the peer. If 'false', the close protocol is not enforced. The proxy service sends a close-notify alert message to the peer; however, the proxy service does not expect a close-notify alert from the peer before tearing down the session." DEFVAL { false } ::= { cspSslPolicyEntry 7} cspSpSessionCache OBJECT-TYPE SYNTAX Integer32 (1..262143) UNITS "bytes" MAX-ACCESS read-create STATUS current DESCRIPTION "The SSL session cache size. The session cache is used to store a number of most recently used session identifiers. Session identifiers can be reused if a new connection requests to use a session identifier that is found in the cache. This object specifies the maximum size of the cache." ::= { cspSslPolicyEntry 8 } cspSpSessionTimeOut OBJECT-TYPE SYNTAX Integer32 (0..72000) UNITS "seconds" MAX-ACCESS read-create STATUS current DESCRIPTION "The SSL session timeout value. The session entry will be removed from the session cache after the configured timeout. Once the session entry is removed, subsequent connections cannot reuse the session. If this timeout value is 0, entries in the session cache will not timeout." DEFVAL { 0 } ::= { cspSslPolicyEntry 9 } cspSpConfigRowStatus OBJECT-TYPE SYNTAX RowStatus UNITS "seconds" MAX-ACCESS read-create STATUS current DESCRIPTION "The row status of the SSL policy configuration entry. This entry can be modified when the status is 'active'." ::= { cspSslPolicyEntry 10 } -- -- The TCP Counters -- cspTcpCountersClearTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The last time when the TCP counters were cleared. If the proxy device does not allow these counters to be cleared, the timestamp should have a value of zero." ::= { cspTcpCountersInfo 1 } -- The TCP Global Counter group cspTcConnInit OBJECT-TYPE SYNTAX Counter32 UNITS "number of connections" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of TCP connections initiated by the proxy device." ::= { cspTcpCounters 1 } cspTcConnAccept OBJECT-TYPE SYNTAX Counter32 UNITS "number of connections" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of TCP connections accepted by the proxy device." ::= { cspTcpCounters 2 } cspTcConnEstab OBJECT-TYPE SYNTAX Counter32 UNITS "number of connections" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of TCP connections established." ::= { cspTcpCounters 3 } cspTcConnDrop OBJECT-TYPE SYNTAX Counter32 UNITS "number of connections" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of TCP connections dropped." ::= { cspTcpCounters 4 } cspTcConnClosed OBJECT-TYPE SYNTAX Counter32 UNITS "number of connections" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of TCP connections closed." ::= { cspTcpCounters 5 } cspTcSynTimeOuts OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of SYN timeouts." ::= { cspTcpCounters 6 } cspTcIdleTimeOuts OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of idle timeouts." ::= { cspTcpCounters 7 } cspTcTotalPktSent OBJECT-TYPE SYNTAX Counter32 UNITS "number of packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of TCP packets sent." ::= { cspTcpCounters 8 } cspTcDataPktSent OBJECT-TYPE SYNTAX Counter32 UNITS "number of packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of TCP data packets sent." ::= { cspTcpCounters 9 } cspTcDataByteSent OBJECT-TYPE SYNTAX Counter32 UNITS "bytes" MAX-ACCESS read-only STATUS current DESCRIPTION "The total amount of data sent." ::= { cspTcpCounters 10 } cspTcTotalPktRcv OBJECT-TYPE SYNTAX Counter32 UNITS "number of packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of TCP packets received." ::= { cspTcpCounters 11 } cspTcPktRcvSeq OBJECT-TYPE SYNTAX Counter32 UNITS "number of packets" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of TCP data packets received in sequence." ::= { cspTcpCounters 12 } cspTcByteRcvSeq OBJECT-TYPE SYNTAX Counter32 UNITS "bytes" MAX-ACCESS read-only STATUS current DESCRIPTION "The total amount of data received in sequence." ::= { cspTcpCounters 13 } -- -- The SSL Counters -- -- Last time the SSL counters were cleared cspSslCountersClearTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The last time when the SSL counters were cleared. If the proxy device does not allow these counters to be cleared, the timestamp should have a value of zero." ::= { cspSslCountersInfo 1 } -- The SSL Global Counters group cspScConnAttempt OBJECT-TYPE SYNTAX Counter32 UNITS "number of connections" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of SSL connections attempted." ::= { cspSslCounters 1 } cspScConnComplete OBJECT-TYPE SYNTAX Counter32 UNITS "number of connections" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of SSL connections completed." ::= { cspSslCounters 2 } cspScConnInHandShake OBJECT-TYPE SYNTAX Gauge32 UNITS "number of connections" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of SSL connections currently in handshake phase." ::= { cspSslCounters 3 } cspScConnInDataPhase OBJECT-TYPE SYNTAX Gauge32 UNITS "number of connections" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of SSL connections currently in data phase." ::= { cspSslCounters 4 } cspScRenegAttempt OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of SSL renegotiations attempted." ::= { cspSslCounters 5 } cspScConnInReneg OBJECT-TYPE SYNTAX Gauge32 UNITS "number of connections" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of SSL connections currently in renegotiation phase" ::= { cspSslCounters 6 } cspScActiveSessions OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of active SSL sessions. This number indicates the number of valid session entries in the session cache." ::= { cspSslCounters 7 } cspScMaxHandShakeConns OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "This indicates the maximum number of connections present in handshake phase at any point of time" ::= { cspSslCounters 8 } cspScCurrDeviceQLen OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The current device queue length. Indicates the number of requests pending with the device." ::= { cspSslCounters 9 } cspScMaxDeviceQLen OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "The maximum device queue length recorded. Indicates the maximum number of requests queued to the device at any point of time." ::= { cspSslCounters 10 } cspScSessionReuses OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The number of session reuses. Indicates the number of times the sessions got reused before the session timer expired." ::= { cspSslCounters 11 } -- The SSL 3.0 Protocol Counters group cspS3cFullHandShake OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of full SSL 3.0 handshakes completed." ::= { cspSsl3Counters 1 } cspS3cResumedHandShake OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of SSL 3.0 resumed handshakes completed." ::= { cspSsl3Counters 2 } cspS3cHandShakeFailed OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of SSL 3.0 connections failed in handshake phase." ::= { cspSsl3Counters 3 } cspS3cDataFailed OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of SSL 3.0 sessions failed in data phase." ::= { cspSsl3Counters 4 } cspS3cBadMacRcvd OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of received SSL 3.0 records which have bad MAC (Message Authentication Code)." ::= { cspSsl3Counters 5 } cspS3cPadErrors OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of received SSL 3.0 records which have pad errors." ::= { cspSsl3Counters 6 } cspS3cRSArc4128md5 OBJECT-TYPE SYNTAX Counter32 UNITS "number of connections" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of SSL 3.0 connections which used cipher suite RSA_WITH_RC4_128_MD5." ::= { cspSsl3Counters 7 } cspS3cRSArc4128sha OBJECT-TYPE SYNTAX Counter32 UNITS "number of connections" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of SSL 3.0 connections which used cipher suite RSA_WITH_RC4_128_SHA." ::= { cspSsl3Counters 8 } cspS3cRSAdescbcsha OBJECT-TYPE SYNTAX Counter32 UNITS "number of connections" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of SSL 3.0 connections which used cipher suite RSA_WITH_DES_CBC_SHA." ::= { cspSsl3Counters 9 } cspS3cRSA3desedecbcsha OBJECT-TYPE SYNTAX Counter32 UNITS "number of connections" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of SSL 3.0 connections which used cipher suite RSA_WITH_3DES_EDE_CBC_SHA." ::= { cspSsl3Counters 10 } -- The TLS 1.0 Protocol Counters group cspTlcFullHandShake OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of full TLS 1.0 handshakes completed." ::= { cspTls1Counters 1 } cspTlcResumedHandShake OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of resumed TLS 1.0 handshakes completed." ::= { cspTls1Counters 2 } cspTlcHandShakeFailed OBJECT-TYPE SYNTAX Counter32 UNITS "number of connections" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of TLS 1.0 connections failed in handshake phase." ::= { cspTls1Counters 3 } cspTlcDataFailed OBJECT-TYPE SYNTAX Counter32 UNITS "number of connections" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of TLS 1.0 connections failed in data phase." ::= { cspTls1Counters 4 } cspTlcBadMacRcvd OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of received TLS 1.0 records which have bad MAC (Message Authentication Code." ::= { cspTls1Counters 5 } cspTlcPadErrors OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of received TLS 1.0 records which have pad errors." ::= { cspTls1Counters 6 } cspTlcRSArc4128md5 OBJECT-TYPE SYNTAX Counter32 UNITS "number of connections" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of TLS 1.0 connections which used the cipher suite RSA_WITH_RC4_128_MD5." ::= { cspTls1Counters 7 } cspTlcRSArc4128sha OBJECT-TYPE SYNTAX Counter32 UNITS "number of connections" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of TLS 1.0 connections which used the cipher suite RSA_WITH_RC4_128_SHA." ::= { cspTls1Counters 8 } cspTlcRSAdescbcsha OBJECT-TYPE SYNTAX Counter32 UNITS "number of connections" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of TLS 1.0 connections which used the cipher suite RSA_WITH_DES_CBC_SHA." ::= { cspTls1Counters 9 } cspTlcRSA3desedecbcsha OBJECT-TYPE SYNTAX Counter32 UNITS "number of connections" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of TLS 1.0 connections which used the cipher suite RSA_WITH_3DES_EDE_CBC_SHA." ::= { cspTls1Counters 10 } -- The SSL Cryptographic Operations Counters group cspSccBlksEncrypted OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of data blocks that got encrypted." ::= { cspSslCryptoCounters 1 } cspSccBlksDecrypted OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of data blocks that got decrypted." ::= { cspSslCryptoCounters 2 } cspSccBytesEncrypted OBJECT-TYPE SYNTAX Counter32 UNITS "bytes" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of bytes that got encrypted." ::= { cspSslCryptoCounters 3 } cspSccBytesDecrypted OBJECT-TYPE SYNTAX Counter32 UNITS "bytes" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of bytes that got decrypted." ::= { cspSslCryptoCounters 4 } cspSccPublicKeyOpers OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of RSA public key operations performed." ::= { cspSslCryptoCounters 5 } cspSccPrivateKeyOpers OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of RSA private key operations performed." ::= { cspSslCryptoCounters 6 } cspSccCryptoFails OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of failed cryptographic operations." ::= { cspSslCryptoCounters 7 } cspSccDmaErrors OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of cryptographic device DMA errors." ::= { cspSslCryptoCounters 8 } -- The SSL Error Counters group cspSecSessAllocFailed OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of times SSL session could not be allocated." ::= { cspSslErrorCounters 1 } cspSecSessLimitExceed OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of times configured SSL session limit got exceeded. The new connections will be rejected if the session limit is exceeded." ::= { cspSslErrorCounters 2 } cspSecHShakeInitFailed OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of times SSL connections failed even before the handshake phase got started. This typically indicates that there is some connectivity problem with the server." ::= { cspSslErrorCounters 3 } cspSecRenegFailed OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of times SSL renegotiation failed." ::= { cspSslErrorCounters 4 } cspSecFatalAlertsRcvd OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of fatal alerts received." REFERENCE "1. RFC 2246, The TLS Protocol Version 1.0, A.3. 2. IETF Draft , The SSL Protocol Version 3.0, A.3." ::= { cspSslErrorCounters 5 } cspSecFatalAlertsSent OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of fatal alerts sent." REFERENCE "1. RFC 2246, The TLS Protocol Version 1.0, A.3. 2. IETF Draft , The SSL Protocol Version 3.0, A.3." ::= { cspSslErrorCounters 6 } cspSecNoCipherAlerts OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of ALERT_HANDSHAKE_FAIL alerts sent due to unsupported cipher suites." REFERENCE "1. RFC 2246, The TLS Protocol Version 1.0, A.3. 2. IETF Draft , The SSL Protocol Version 3.0, A.3." ::= { cspSslErrorCounters 7 } cspSecVerMismatchAlerts OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of ALERT_PROTOCOL_VERSION alerts sent due to unsupported version number." REFERENCE "1. RFC 2246, The TLS Protocol Version 1.0, A.3. 2. IETF Draft , The SSL Protocol Version 3.0, A.3." ::= { cspSslErrorCounters 8 } cspSecNoComprsnAlerts OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of ALERT_HANDSHAKE_FAIL alerts sent due to unsupported compression scheme." REFERENCE "1. RFC 2246, The TLS Protocol Version 1.0, A.3. 2. IETF Draft , The SSL Protocol Version 3.0, A.3." ::= { cspSslErrorCounters 9 } cspSecHShakeHndleMemFail OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of handshake handle memory allocation failure." ::= { cspSslErrorCounters 10 } cspSecStalePakDrop OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of stale packets dropped. Indicates the number of packets received after the SSL connection is torn down." ::= { cspSslErrorCounters 11 } cspSecServiceIdDiscard OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of connections rejected because of invalid service identifiers." ::= { cspSslErrorCounters 12 } cspSecHShakeLimitExceed OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of times simultaneous handshake connection exceeded the capacity. The new connections will be rejected if the total number of simultaneous handshake connections exceeds the limit." ::= { cspSslErrorCounters 13 } cspSecDevConnCtxtFail OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of times device context could not be allocated." ::= { cspSslErrorCounters 14 } cspSecMemAllocFailed OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of times memory allocation failed." ::= { cspSslErrorCounters 15 } cspSecBuffAllocFailed OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of times buffer allocation failed." ::= { cspSslErrorCounters 16 } cspSecAlertSendFailed OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of failure to send alerts. This is typically because of the memory allocation failure." ::= { cspSslErrorCounters 17 } cspSecOverloadDropped OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of connections rejected because of overload conditions. This indicates that the incoming rate is higher than what can be handled." ::= { cspSslErrorCounters 18 } cspSecConnAborted OBJECT-TYPE SYNTAX Counter32 UNITS "number of connections" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of SSL connections aborted." ::= { cspSslErrorCounters 19 } -- -- The Proxy Service Counters -- -- The Proxy Service Global Counter table cspPsCountersTable OBJECT-TYPE SYNTAX SEQUENCE OF CspPsCounterEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of proxy service global counter entries" ::= { cspPsCounters 1 } cspPsCounterEntry OBJECT-TYPE SYNTAX CspPsCounterEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The proxy service global counter entry. Each entry displays the global SSL counters collected for a proxy service." INDEX { cspPsName, cspPsListIndex } ::= { cspPsCountersTable 1 } CspPsCounterEntry ::= SEQUENCE { cspPscClearTime TimeStamp, cspPscConnAttempt Counter32, cspPscConnComplete Counter32, cspPscFullHandShake Counter32, cspPscResumedHandShake Counter32, cspPscConnInHandShake Gauge32, cspPscConnInDataPhase Gauge32, cspPscRenegAttempt Counter32, cspPscConnInReneg Gauge32, cspPscBlksEncrypted Counter32, cspPscBlksDecrypted Counter32, cspPscBytesEncrypted Counter32, cspPscBytesDecrypted Counter32, cspPscValidSessions Counter32, cspPscSessLimitExceed Counter32, cspPscHandShakeFailed Counter32, cspPscDataFailed Counter32, cspPscFatalAlertsRcvd Counter32, cspPscFatalAlertsSent Counter32, cspPscBadMacRcvd Counter32, cspPscPadErrors Counter32, cspPscNoCipherAlerts Counter32, cspPscNoComprsnAlerts Counter32, cspPscVerMismatchAlerts Counter32 } cspPscClearTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The last time when counters in this entry were cleared. If the proxy device does not allow these counters to be cleared, the timestamp should have a value of zero." ::= { cspPsCounterEntry 1 } cspPscConnAttempt OBJECT-TYPE SYNTAX Counter32 UNITS "number of connections" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of SSL connections attempted." ::= { cspPsCounterEntry 2 } cspPscConnComplete OBJECT-TYPE SYNTAX Counter32 UNITS "number of connections" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of SSL connections completed." ::= { cspPsCounterEntry 3 } cspPscFullHandShake OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of full handshakes completed." ::= { cspPsCounterEntry 4 } cspPscResumedHandShake OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of resumed handshakes completed." ::= { cspPsCounterEntry 5 } cspPscConnInHandShake OBJECT-TYPE SYNTAX Gauge32 UNITS "number of connections" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of connections currently in handshake phase." ::= { cspPsCounterEntry 6 } cspPscConnInDataPhase OBJECT-TYPE SYNTAX Gauge32 UNITS "number of connections" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of connections currently in data phase." ::= { cspPsCounterEntry 7 } cspPscRenegAttempt OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of SSL renegotiations attempted." ::= { cspPsCounterEntry 8 } cspPscConnInReneg OBJECT-TYPE SYNTAX Gauge32 UNITS "number of connections" MAX-ACCESS read-only STATUS current DESCRIPTION "The number of connections currently in renegotiation phase." ::= { cspPsCounterEntry 9 } cspPscBlksEncrypted OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of data blocks that got encrypted." ::= { cspPsCounterEntry 10 } cspPscBlksDecrypted OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of data blocks that got decrypted." ::= { cspPsCounterEntry 11 } cspPscBytesEncrypted OBJECT-TYPE SYNTAX Counter32 UNITS "bytes" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of bytes that got encrypted." ::= { cspPsCounterEntry 12 } cspPscBytesDecrypted OBJECT-TYPE SYNTAX Counter32 UNITS "bytes" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of bytes that got decrypted." ::= { cspPsCounterEntry 13 } cspPscValidSessions OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of current valid sessions in the session cache." ::= { cspPsCounterEntry 14 } cspPscSessLimitExceed OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of times configured SSL session limit got exceeded. The new connections will be rejected if the session limit is exceeded." ::= { cspPsCounterEntry 15 } cspPscHandShakeFailed OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of times SSL connections failed in handshake phase." ::= { cspPsCounterEntry 16 } cspPscDataFailed OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of times SSL connections failed in data phase." ::= { cspPsCounterEntry 17 } cspPscFatalAlertsRcvd OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of fatal alerts received." ::= { cspPsCounterEntry 18 } cspPscFatalAlertsSent OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of fatal alerts sent." ::= { cspPsCounterEntry 19 } cspPscBadMacRcvd OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of received SSL records which have bad MAC (Message Authentication Code)." ::= { cspPsCounterEntry 20 } cspPscPadErrors OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of received SSL records which have pad errors." ::= { cspPsCounterEntry 21 } cspPscNoCipherAlerts OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of alerts sent due to unsupported cipher suites." ::= { cspPsCounterEntry 22 } cspPscNoComprsnAlerts OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of alerts sent due to unsupported compression scheme." ::= { cspPsCounterEntry 23 } cspPscVerMismatchAlerts OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of alerts sent due to unsupported SSL or TLS version." ::= { cspPsCounterEntry 24 } -- The Proxy Service SSL 3.0 Protocol Counters cspPsSsl3CountersTable OBJECT-TYPE SYNTAX SEQUENCE OF CspPsSsl3CounterEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of proxy service SSL 3.0 counter entries." ::= { cspPsSsl3Counters 1 } cspPsSsl3CounterEntry OBJECT-TYPE SYNTAX CspPsSsl3CounterEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The proxy service SSL 3.0 counter entry. This entry reports the counters collected about the SSL 3.0 protocol for each proxy service." INDEX { cspPsName, cspPsListIndex } ::= { cspPsSsl3CountersTable 1 } CspPsSsl3CounterEntry ::= SEQUENCE { cspPs3cClearTime TimeStamp, cspPs3cFullHandShake Counter32, cspPs3cResumedHandShake Counter32, cspPs3cHandShakeFailed Counter32, cspPs3cDataFailed Counter32, cspPs3cBadMacRcvd Counter32, cspPs3cPadErrors Counter32, cspPs3cRSArc4128md5 Counter32, cspPs3cRSArc4128sha Counter32, cspPs3cRSAdescbcsha Counter32, cspPs3cRSA3desedecbcsha Counter32 } cspPs3cClearTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The last time when counters in this entry were cleared. If the proxy device does not allow these counters to be cleared, the timestamp should have the value of zero." ::= { cspPsSsl3CounterEntry 1 } cspPs3cFullHandShake OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of SSL 3.0 full handshakes completed." ::= { cspPsSsl3CounterEntry 2 } cspPs3cResumedHandShake OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of SSL 3.0 resumed handshakes completed." ::= { cspPsSsl3CounterEntry 3 } cspPs3cHandShakeFailed OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of SSL 3.0 connections failed in handshake phase." ::= { cspPsSsl3CounterEntry 4 } cspPs3cDataFailed OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of SSL 3.0 connections failed in data phase." ::= { cspPsSsl3CounterEntry 5 } cspPs3cBadMacRcvd OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of received SSL 3.0 records which have bad MAC (Message Authentication Code)." ::= { cspPsSsl3CounterEntry 6 } cspPs3cPadErrors OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of received SSL 3.0 records which have pad errors." ::= { cspPsSsl3CounterEntry 7 } cspPs3cRSArc4128md5 OBJECT-TYPE SYNTAX Counter32 UNITS "number of connections" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of SSL 3.0 connections that used the cipher suite RSA_WITH_RC4_128_MD5." ::= { cspPsSsl3CounterEntry 8 } cspPs3cRSArc4128sha OBJECT-TYPE SYNTAX Counter32 UNITS "number of connections" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of SSL 3.0 connections that used the cipher suite RSA_WITH_RC4_128_SHA." ::= { cspPsSsl3CounterEntry 9 } cspPs3cRSAdescbcsha OBJECT-TYPE SYNTAX Counter32 UNITS "number of connections" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of SSL 3.0 connections that used the cipher suite RSA_WITH_DES_CBC_SHA." ::= { cspPsSsl3CounterEntry 10 } cspPs3cRSA3desedecbcsha OBJECT-TYPE SYNTAX Counter32 UNITS "number of connections" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of SSL 3.0 connections that used the cipher suite RSA_WITH_3DES_EDE_CBC_SHA." ::= { cspPsSsl3CounterEntry 11 } -- The Proxy Service TLS 1.0 Protocol Counters cspPsTls1CountersTable OBJECT-TYPE SYNTAX SEQUENCE OF CspPsTls1CounterEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of proxy service TLS 1.0 counter entries." ::= { cspPsTls1Counters 1 } cspPsTls1CounterEntry OBJECT-TYPE SYNTAX CspPsTls1CounterEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The proxy service TLS 1.0 counter entry. This entry displays counters collected about the TLS 1.0 protocol for each proxy service." INDEX { cspPsName, cspPsListIndex } ::= { cspPsTls1CountersTable 1 } CspPsTls1CounterEntry ::= SEQUENCE { cspPt1cClearTime TimeStamp, cspPt1cFullHandShake Counter32, cspPt1cResumedHandShake Counter32, cspPt1cHandShakeFailed Counter32, cspPt1cDataFailed Counter32, cspPt1cBadMacRcvd Counter32, cspPt1cPadErrors Counter32, cspPt1cRSArc4128md5 Counter32, cspPt1cRSArc4128sha Counter32, cspPt1cRSAdescbcsha Counter32, cspPt1cRSA3desedecbcsha Counter32 } cspPt1cClearTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The last time when counters in this entry were cleared. If the proxy device does not allow these counters to be cleared, the timestamp should have a value of zero." ::= { cspPsTls1CounterEntry 1 } cspPt1cFullHandShake OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of TLS 1.0 full handshakes completed." ::= { cspPsTls1CounterEntry 2 } cspPt1cResumedHandShake OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of TLS 1.0 resumed handshakes completed." ::= { cspPsTls1CounterEntry 3 } cspPt1cHandShakeFailed OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of TLS 1.0 connections failed in handshake phase." ::= { cspPsTls1CounterEntry 4 } cspPt1cDataFailed OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of TLS 1.0 connections failed in data phase." ::= { cspPsTls1CounterEntry 5 } cspPt1cBadMacRcvd OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of received TLS 1.0 records which have bad MAC (Message Authentication Code)." ::= { cspPsTls1CounterEntry 6 } cspPt1cPadErrors OBJECT-TYPE SYNTAX Counter32 MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of received TLS 1.0 records which have pad errors." ::= { cspPsTls1CounterEntry 7 } cspPt1cRSArc4128md5 OBJECT-TYPE SYNTAX Counter32 UNITS "number of connections" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of TLS 1.0 connections that used the cipher suite RSA_WITH_RC4_128_MD5." ::= { cspPsTls1CounterEntry 8 } cspPt1cRSArc4128sha OBJECT-TYPE SYNTAX Counter32 UNITS "number of connections" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of TLS 1.0 connections that used the cipher suite RSA_WITH_RC4_128_SHA." ::= { cspPsTls1CounterEntry 9 } cspPt1cRSAdescbcsha OBJECT-TYPE SYNTAX Counter32 UNITS "number of connections" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of TLS 1.0 connections that used the cipher suite RSA_WITH_DES_CBC_SHA." ::= { cspPsTls1CounterEntry 10 } cspPt1cRSA3desedecbcsha OBJECT-TYPE SYNTAX Counter32 UNITS "number of connections" MAX-ACCESS read-only STATUS current DESCRIPTION "The total number of TLS 1.0 connections that used the cipher suite RSA_WITH_3DES_EDE_CBC_SHA." ::= { cspPsTls1CounterEntry 11 } -- -- The CPU Status Information -- cspCpuStatusTable OBJECT-TYPE SYNTAX SEQUENCE OF CspCpuStatusEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A list of CPU status information entries." ::= { cspCpuStatusInfo 1 } cspCpuStatusEntry OBJECT-TYPE SYNTAX CspCpuStatusEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "The CPU status information entry. Each entry displays the operational status and usage information about one CPU on the proxy device. A proxy device can have one or more CPU's." INDEX { cspCpuName } ::= { cspCpuStatusTable 1 } CspCpuStatusEntry ::= SEQUENCE { cspCpuName SnmpAdminString, cspCpuStatus INTEGER, cspCpuClearTime TimeStamp, cspCpuProcessUtil Gauge32, cspCpuInterruptUtil Gauge32, cspCpuProcessUtilIn5Sec Gauge32, cspCpuProcessUtilIn1Min Gauge32, cspCpuProcessUtilIn5Min Gauge32, cspCpuInterruptUtilIn5Sec Gauge32, cspCpuInterruptUtilIn1Min Gauge32, cspCpuInterruptUtilIn5Min Gauge32 } cspCpuName OBJECT-TYPE SYNTAX SnmpAdminString (SIZE(1..20)) MAX-ACCESS not-accessible STATUS current DESCRIPTION "The unique name of a CPU on the proxy device." ::= { cspCpuStatusEntry 1 } cspCpuStatus OBJECT-TYPE SYNTAX INTEGER { up(1), down(2) } MAX-ACCESS read-only STATUS current DESCRIPTION "The operational status of the CPU." ::= { cspCpuStatusEntry 2 } cspCpuClearTime OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "The last time when the CPU counters were cleared. If the proxy device does not allow these counters to be cleared, the timestamp should have a value of zero." ::= { cspCpuStatusEntry 3 } cspCpuProcessUtil OBJECT-TYPE SYNTAX Gauge32 UNITS "percentage" MAX-ACCESS read-only STATUS current DESCRIPTION "The percentage of CPU time utilized at process level." ::= { cspCpuStatusEntry 4 } cspCpuInterruptUtil OBJECT-TYPE SYNTAX Gauge32 UNITS "percentage" MAX-ACCESS read-only STATUS current DESCRIPTION "The percentage of CPU time utilized at interrupt level." ::= { cspCpuStatusEntry 5 } cspCpuProcessUtilIn5Sec OBJECT-TYPE SYNTAX Gauge32 UNITS "percentage" MAX-ACCESS read-only STATUS current DESCRIPTION "The percentage of CPU time utilized at process level within the past five seconds." ::= { cspCpuStatusEntry 6 } cspCpuProcessUtilIn1Min OBJECT-TYPE SYNTAX Gauge32 UNITS "percentage" MAX-ACCESS read-only STATUS current DESCRIPTION "The percentage of CPU time utilized at process level within the past minute." ::= { cspCpuStatusEntry 7 } cspCpuProcessUtilIn5Min OBJECT-TYPE SYNTAX Gauge32 UNITS "percentage" MAX-ACCESS read-only STATUS current DESCRIPTION "The percentage of CPU time utilized at process level within the past five minutes." ::= { cspCpuStatusEntry 8 } cspCpuInterruptUtilIn5Sec OBJECT-TYPE SYNTAX Gauge32 UNITS "percentage" MAX-ACCESS read-only STATUS current DESCRIPTION "The percentage of CPU time utilized at interrupt level within the past five seconds." ::= { cspCpuStatusEntry 9 } cspCpuInterruptUtilIn1Min OBJECT-TYPE SYNTAX Gauge32 UNITS "percentage" MAX-ACCESS read-only STATUS current DESCRIPTION "The percentage of CPU time utilized at interrupt level within the past minute." ::= { cspCpuStatusEntry 10 } cspCpuInterruptUtilIn5Min OBJECT-TYPE SYNTAX Gauge32 UNITS "percentage" MAX-ACCESS read-only STATUS current DESCRIPTION "The percentage of CPU time utilized at interrupt level within the past five minutes." ::= { cspCpuStatusEntry 11 } -- -- Notification Group -- cspServOperStatus NOTIFICATION-TYPE OBJECTS { cspPsOperStatus, cspPsOperDownReason } STATUS current DESCRIPTION "The proxy service operation status change notification. When the Operation Status of a proxy service changes, and cspGcNotifyProxyServOperStatus is 'true', a notification will be issued. The notification contains the current operation status and the down reason of the proxy service." ::= { cspMIBNotifications 1 } cspServCertExpiring NOTIFICATION-TYPE OBJECTS { cspPskcCertSubjName, cspPskcCertSerialNum, cspPskcIssuerName, cspPskcIssuerCertSerialNum, cspPskcCertEndDate } STATUS current DESCRIPTION "The proxy service certificate expiring notification. If the time interval cspGcPSCertExpireInterval is positive, and cspGcNotifyPSCertExpiring is 'true', a notification will be issued for every proxy service certificate that will be expiring within this time interval. This notification is issued only once for each of these certificates. If the interval is changed from a positive value to 0, the proxy device will clear its memory of notification issued in the past, and stop issuing new notification. The notification contains the subject name, the serial number and the issuer name of the certificate, the serial number of the issuer's certificate, and the end date on the certificate." ::= { cspMIBNotifications 2 } -- -- Conformance Group -- cspMIBCompliances OBJECT IDENTIFIER ::= { cspMIBConformance 1 } cspMIBGroups OBJECT IDENTIFIER ::= { cspMIBConformance 2 } cspMIBCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for entities which implement the Cisco SSL Proxy MIB." MODULE MANDATORY-GROUPS { cspGlobalConfigGroup, cspProxyServiceConfigGroup, cspSslGroup, cspSsl3Group, cspTls1Group } GROUP cspPolicyConfigGroup DESCRIPTION "This group is not mandatory." GROUP cspTcpGroup DESCRIPTION "This group is not mandatory." GROUP cspSslCryptoGroup DESCRIPTION "This group is not mandatory." GROUP cspSslErrorGroup DESCRIPTION "This group is not mandatory." GROUP cspProxyServiceStatsGroup DESCRIPTION "This group is not mandatory." GROUP cspProxyServiceSsl3Group DESCRIPTION "This group is not mandatory." GROUP cspProxyServiceTls1Group DESCRIPTION "This group is not mandatory." GROUP cspCpuStatusGroup DESCRIPTION "This group is not mandatory." GROUP cspProxyServiceNotificationGroup DESCRIPTION "This group is not mandatory." OBJECT cspGcFIPSMode MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cspGcNotifyProxyServOperStatus MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cspGcNotifyPSCertExpiring MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cspGcPSCertExpireInterval MIN-ACCESS read-only DESCRIPTION "Write access is not required." OBJECT cspPsServiceType MIN-ACCESS read-only DESCRIPTION "Create/Write access is not required." OBJECT cspPsVirtualAddressType MIN-ACCESS read-only DESCRIPTION "Create/Write access is not required." OBJECT cspPsVirtualAddress MIN-ACCESS read-only DESCRIPTION "Create/Write access is not required." OBJECT cspPsVirtualPort MIN-ACCESS read-only DESCRIPTION "Create/Write access is not required." OBJECT cspPsServerAddressType MIN-ACCESS read-only DESCRIPTION "Create/Write access is not required." OBJECT cspPsServerAddress MIN-ACCESS read-only DESCRIPTION "Create/Write access is not required." OBJECT cspPsServerPort MIN-ACCESS read-only DESCRIPTION "Create/Write access is not required." OBJECT cspPsAdminStatus MIN-ACCESS read-only DESCRIPTION "Create/Write access is not required." OBJECT cspPsConfigRowStatus MIN-ACCESS read-only DESCRIPTION "Create/Write access is not required." OBJECT cspPspVirTcpPolicyName MIN-ACCESS read-only DESCRIPTION "Create/Write access is not required." OBJECT cspPspSerTcpPolicyName MIN-ACCESS read-only DESCRIPTION "Create/Write access is not required." OBJECT cspPspSslPolicyName MIN-ACCESS read-only DESCRIPTION "Create/Write access is not required." OBJECT cspPspHttpHdrPolicyName MIN-ACCESS read-only DESCRIPTION "Create/Write access is not required." OBJECT cspPspUrlRewritePolicyName MIN-ACCESS read-only DESCRIPTION "Create/Write access is not required." OBJECT cspPskcTrustPointName MIN-ACCESS read-only DESCRIPTION "Create/Write access is not required." OBJECT cspPskcCertFileName MIN-ACCESS read-only DESCRIPTION "Create/Write access is not required." OBJECT cspPskcKeyName MIN-ACCESS read-only DESCRIPTION "Create/Write access is not required." OBJECT cspPskcKeyFileName MIN-ACCESS read-only DESCRIPTION "Create/Write access is not required." OBJECT cspPskcConfigRowStatus MIN-ACCESS read-only DESCRIPTION "Create/Write access is not required." OBJECT cspTpSynTimeOut MIN-ACCESS read-only DESCRIPTION "Create/Write access is not required." OBJECT cspTpInActivityTimeOut MIN-ACCESS read-only DESCRIPTION "Create/Write access is not required." OBJECT cspTpNagleAlgo MIN-ACCESS read-only DESCRIPTION "Create/Write access is not required." OBJECT cspTpFinWaitTimeOut MIN-ACCESS read-only DESCRIPTION "Create/Write access is not required." OBJECT cspTpReassemTimeOut MIN-ACCESS read-only DESCRIPTION "Create/Write access is not required." OBJECT cspTpRcvBufShrLim MIN-ACCESS read-only DESCRIPTION "Create/Write access is not required." OBJECT cspTpTransBufShrLim MIN-ACCESS read-only DESCRIPTION "Create/Write access is not required." OBJECT cspTpMss MIN-ACCESS read-only DESCRIPTION "Create/Write access is not required." OBJECT cspTpPathMtuDisc MIN-ACCESS read-only DESCRIPTION "Create/Write access is not required." OBJECT cspTpConfigRowStatus MIN-ACCESS read-only DESCRIPTION "Create/Write access is not required." OBJECT cspSpRSArc4128md5 MIN-ACCESS read-only DESCRIPTION "Create/Write access is not required." OBJECT cspSpRSArc4128sha MIN-ACCESS read-only DESCRIPTION "Create/Write access is not required." OBJECT cspSpRSAdescbcsha MIN-ACCESS read-only DESCRIPTION "Create/Write access is not required." OBJECT cspSpRSA3descbcsha MIN-ACCESS read-only DESCRIPTION "Create/Write access is not required." OBJECT cspSpProtocol MIN-ACCESS read-only DESCRIPTION "Create/Write access is not required." OBJECT cspSpCloseProtocol MIN-ACCESS read-only DESCRIPTION "Create/Write access is not required." OBJECT cspSpSessionCache MIN-ACCESS read-only DESCRIPTION "Create/Write access is not required." OBJECT cspSpSessionTimeOut MIN-ACCESS read-only DESCRIPTION "Create/Write access is not required." OBJECT cspSpConfigRowStatus MIN-ACCESS read-only DESCRIPTION "Create/Write access is not required." ::= { cspMIBCompliances 1 } -- Units of Conformance cspGlobalConfigGroup OBJECT-GROUP OBJECTS { cspGcVersion, cspGcFIPSMode, cspGcRSArc4128md5, cspGcRSArc4128sha, cspGcRSAdescbcsha, cspGcRSA3descbcsha, cspGcNotifyProxyServOperStatus, cspGcNotifyPSCertExpiring, cspGcPSCertExpireInterval } STATUS current DESCRIPTION "A collection of global configuration objects." ::= { cspMIBGroups 1 } cspProxyServiceConfigGroup OBJECT-GROUP OBJECTS { -- cspPsEntry cspPsServiceType, cspPsVirtualAddressType, cspPsVirtualAddress, cspPsVirtualPort, cspPsServerAddressType, cspPsServerAddress, cspPsServerPort, cspPsAdminStatus, cspPsOperStatus, cspPsOperDownReason, cspPsConfigRowStatus, -- cspPsPolicyEntry cspPspVirTcpPolicyName, cspPspSerTcpPolicyName, cspPspSslPolicyName, cspPspHttpHdrPolicyName, cspPspUrlRewritePolicyName, -- cspPsKeyCertEntry cspPskcTrustPointName, cspPskcCertFileName, cspPskcKeyName, cspPskcKeyFileName, cspPskcKeySize, cspPskcKeyTime, cspPskcCertStatus, cspPskcCertSubjName, cspPskcCertSerialNum, cspPskcIssuerName, cspPskcIssuerCertSerialNum, cspPskcCertStartDate, cspPskcCertEndDate, cspPskcConfigRowStatus } STATUS current DESCRIPTION "A collection of configuration objects for a proxy service." ::= { cspMIBGroups 2 } cspPolicyConfigGroup OBJECT-GROUP OBJECTS { -- cspTcpPolicyEntry cspTpSynTimeOut, cspTpInActivityTimeOut, cspTpNagleAlgo, cspTpFinWaitTimeOut, cspTpReassemTimeOut, cspTpRcvBufShrLim, cspTpTransBufShrLim, cspTpMss, cspTpPathMtuDisc, cspTpConfigRowStatus, -- cspSslPolicyEntry cspSpRSArc4128md5, cspSpRSArc4128sha, cspSpRSAdescbcsha, cspSpRSA3descbcsha, cspSpProtocol, cspSpCloseProtocol, cspSpSessionCache, cspSpSessionTimeOut, cspSpConfigRowStatus } STATUS current DESCRIPTION "A collection of configuration objects for a policy." ::= { cspMIBGroups 3 } cspTcpGroup OBJECT-GROUP OBJECTS { cspTcpCountersClearTime, -- cspTcpCounters cspTcConnInit, cspTcConnAccept, cspTcConnEstab, cspTcConnDrop, cspTcConnClosed, cspTcSynTimeOuts, cspTcIdleTimeOuts, cspTcTotalPktSent, cspTcDataPktSent, cspTcDataByteSent, cspTcTotalPktRcv, cspTcPktRcvSeq, cspTcByteRcvSeq } STATUS current DESCRIPTION "A collection of TCP protocol objects." ::= { cspMIBGroups 4 } cspSslGroup OBJECT-GROUP OBJECTS { cspSslCountersClearTime, -- cspSslCounters cspScConnAttempt, cspScConnComplete, cspScConnInHandShake, cspScConnInDataPhase, cspScRenegAttempt, cspScConnInReneg, cspScActiveSessions, cspScMaxHandShakeConns, cspScCurrDeviceQLen, cspScMaxDeviceQLen, cspScSessionReuses } STATUS current DESCRIPTION "A collection of SSL handshake protocol statistics." ::= { cspMIBGroups 5 } cspSsl3Group OBJECT-GROUP OBJECTS { -- cspSsl3Counters cspS3cFullHandShake, cspS3cResumedHandShake, cspS3cHandShakeFailed, cspS3cDataFailed, cspS3cBadMacRcvd, cspS3cPadErrors, cspS3cRSArc4128md5, cspS3cRSArc4128sha, cspS3cRSAdescbcsha, cspS3cRSA3desedecbcsha } STATUS current DESCRIPTION "A collection of SSL 3.0 protocol statistics." ::= { cspMIBGroups 6 } cspTls1Group OBJECT-GROUP OBJECTS { -- cspTls1Counters cspTlcFullHandShake, cspTlcResumedHandShake, cspTlcHandShakeFailed, cspTlcDataFailed, cspTlcBadMacRcvd, cspTlcPadErrors, cspTlcRSArc4128md5, cspTlcRSArc4128sha, cspTlcRSAdescbcsha, cspTlcRSA3desedecbcsha } STATUS current DESCRIPTION "A collection of TLS 1.0 protocol statistics." ::= { cspMIBGroups 7 } cspSslCryptoGroup OBJECT-GROUP OBJECTS { -- cspSslCryptoCounters cspSccBlksEncrypted, cspSccBlksDecrypted, cspSccBytesEncrypted, cspSccBytesDecrypted, cspSccPublicKeyOpers, cspSccPrivateKeyOpers, cspSccCryptoFails, cspSccDmaErrors } STATUS current DESCRIPTION "A collection of cryptographic statistics." ::= { cspMIBGroups 8 } cspSslErrorGroup OBJECT-GROUP OBJECTS { -- cspSslErrorCounters cspSecSessAllocFailed, cspSecSessLimitExceed, cspSecHShakeInitFailed, cspSecRenegFailed, cspSecFatalAlertsRcvd, cspSecFatalAlertsSent, cspSecNoCipherAlerts, cspSecVerMismatchAlerts, cspSecNoComprsnAlerts, cspSecHShakeHndleMemFail, cspSecStalePakDrop, cspSecServiceIdDiscard, cspSecHShakeLimitExceed, cspSecDevConnCtxtFail, cspSecMemAllocFailed, cspSecBuffAllocFailed, cspSecAlertSendFailed, cspSecOverloadDropped, cspSecConnAborted } STATUS current DESCRIPTION "A collection of SSL protocol error counters." ::= { cspMIBGroups 9 } cspProxyServiceStatsGroup OBJECT-GROUP OBJECTS { -- cspPsCounterEntry cspPscClearTime, cspPscConnAttempt, cspPscConnComplete, cspPscFullHandShake, cspPscResumedHandShake, cspPscConnInHandShake, cspPscConnInDataPhase, cspPscRenegAttempt, cspPscConnInReneg, cspPscBlksEncrypted, cspPscBlksDecrypted, cspPscBytesEncrypted, cspPscBytesDecrypted, cspPscValidSessions, cspPscSessLimitExceed, cspPscHandShakeFailed, cspPscDataFailed, cspPscFatalAlertsRcvd, cspPscFatalAlertsSent, cspPscBadMacRcvd, cspPscPadErrors, cspPscNoCipherAlerts, cspPscNoComprsnAlerts, cspPscVerMismatchAlerts } STATUS current DESCRIPTION "A collection of proxy service statistics." ::= { cspMIBGroups 10 } cspProxyServiceSsl3Group OBJECT-GROUP OBJECTS { -- cspPsSsl3CounterEntry cspPs3cClearTime, cspPs3cFullHandShake, cspPs3cResumedHandShake, cspPs3cHandShakeFailed, cspPs3cDataFailed, cspPs3cBadMacRcvd, cspPs3cPadErrors, cspPs3cRSArc4128md5, cspPs3cRSArc4128sha, cspPs3cRSAdescbcsha, cspPs3cRSA3desedecbcsha } STATUS current DESCRIPTION "A collection of SSL 3.0 statistics for a proxy service." ::= { cspMIBGroups 11 } cspProxyServiceTls1Group OBJECT-GROUP OBJECTS { -- cspPsTls1CounterEntry cspPt1cClearTime, cspPt1cFullHandShake, cspPt1cResumedHandShake, cspPt1cHandShakeFailed, cspPt1cDataFailed, cspPt1cBadMacRcvd, cspPt1cPadErrors, cspPt1cRSArc4128md5, cspPt1cRSArc4128sha, cspPt1cRSAdescbcsha, cspPt1cRSA3desedecbcsha } STATUS current DESCRIPTION "A collection of TLS 1.0 statistics for a proxy service." ::= { cspMIBGroups 12 } cspCpuStatusGroup OBJECT-GROUP OBJECTS { -- cspCpuStatusEntry cspCpuStatus, cspCpuClearTime, cspCpuProcessUtil, cspCpuInterruptUtil, cspCpuProcessUtilIn5Sec, cspCpuProcessUtilIn1Min, cspCpuProcessUtilIn5Min, cspCpuInterruptUtilIn5Sec, cspCpuInterruptUtilIn1Min, cspCpuInterruptUtilIn5Min } STATUS current DESCRIPTION "A collection of statuses and usage information about each CPU on the SSL proxy device." ::= { cspMIBGroups 13 } cspProxyServiceNotificationGroup NOTIFICATION-GROUP NOTIFICATIONS { cspServOperStatus, cspServCertExpiring } STATUS current DESCRIPTION "A collection of notifications for signaling important proxy service events." ::= { cspMIBGroups 14 } END