配置和管理基础 > 关于 SNMP > XTM 设备的企业 MIB 文件详细信息

XTM 设备的企业 MIB 文件详细信息

在管理计算机上安装 Fireware XTM OS 时,受支持的企业 MIB 将安装在下列位置:

Windows 8、Windows 7、Windows Server 2008 和 Windows Vista

C:\Users\Public\Shared WatchGuard\SNMP

Windows XP

C:\Documents and Settings\All Users\Shared WatchGuard\SNMP

有关 Fireware XTM 上支持的 MIB 的详细信息,请参阅关于管理信息库 (MIB)

本主题包含所有最新 XTM 设备型号的可用企业 MIB 文件的摘要信息。 本主题的末尾还包含 MIB 文件中的文本,位于来自 Fireware XTM Enterprise MIB 文件的文本部分。

企业 MIB 文件摘要

下面的表格包含 Fireware XTM 企业 MIB 文件中包括的对象列表,以及每个对象的说明。 有关每个企业 MIB 文件的完整文本,请参阅来自 Fireware XTM Enterprise MIB 文件的文本部分中的相应文件。

系统统计信息

文件名 — WATCHGUARD-SYSTEM-STATISTICS-MIB

对象 说明
wgSystemStatisticsMIB 所有系统相关统计计数器的基本系统信息
wgSystemCpuUtil 系统在过去 5 秒内的 CPU 利用率。 值的计量单位为 0.01%。 例如,如果值为 234,则 CPU 利用率为 2.34%。
wgSystemTotalSendBytes 系统自上次启动以来发送的总字节数。 此数字包含直通流量和主机流量。
wgSystemTotalRecvBytes 系统自上次启动以来接收的总字节数。 此数字包含直通流量和主机流量。
wgSystemTotalSendPackets 系统自上次启动以来发送的总数据包数。 此数字包含直通流量和主机流量。
wgSystemTotalRecvPackets 系统自上次启动以来接收的总数据包数。 此数字包含直通流量和主机流量。
wgSystemStreamReqTotal 系统自上次启动以来的总连接请求数。
wgSystemStreamReqDrop 系统自上次启动以来丢弃的总连接请求数。
wgSystemCpuUtil1 系统在过去 1 分钟内的 CPU 利用率。 值的计量单位为 0.01%。 例如,如果值为 234,则 CPU 利用率为 2.34%。
wgSystemCpuUtil5 系统在过去 5 分钟内的 CPU 利用率。 值的计量单位为 0.01%。 例如,如果值为 234,则 CPU 利用率为 2.34%。
wgSystemCpuUtil15 系统在过去 15 分钟内的 CPU 利用率。 值的计量单位为 0.01%。 例如,如果值为 234,则 CPU 利用率为 2.34%。
wgSystemCurrActiveConns 系统当前的总活动连接数。

系统配置

文件名 — WATCHGUARD-SYSTEM-CONFIG-MIB

对象 定义
wgSysTraps 此实体中的系统级陷阱的基础对象。
wgSysTrapObjects 用作陷阱组成部分的对象的基础对象。
wgSysTrapControl 作为实体陷阱控件的所有对象的基础对象标识符。
wgSysTraps 在陷阱报告中使用的对象。
wgAlarmId 生成陷阱的警报的 ID。
wgAlarmLabel 生成陷阱的警报的名称。
wgAlarmTime 生成陷阱的警报的日期和时间。
wgAlarmLevel 警报的级别。
wgAlarmHostname 发生警报的系统的主机名。
wgAlarmMsg 描述警报性质的消息。
wgAlarmTrapEnable 指示是否应生成 wgAlarmTrap 陷阱。
wgSysTrapsPrefix  
wgAlarmTrap 由此 WatchGuard 设备的监视代理引发的警报。
wgSnmpShutdown 当 SNMP 陷阱终止时发送的陷阱。
wgSnmpStart 当 SNMP 陷阱启动时发送的陷阱。

SMI

文件名 — WATCHGUARD-SMI

对象 说明
wgProducts WatchGuard 产品 OID 的根对象标识符。
wgSystemConfigMIB WatchGuard XTM 设备系统配置的根对象标识符。

策略

文件名 — WATCHGUARD-POLICY-MIB

对象 说明
wgPolicyToTunnel 这是所有策略相关隧道信息的基础对象标识符。
wgPolicyStatistics 这是所有策略相关统计计数器的基础对象标识符。
wgPolicyToTunnelNum policytotunnel 表中的隧道总数。
wgPolicyToTunnelTable 这是所有策略的 policytotunnel 表。
wgPolicyToTunnelEntry 包含隧道相关信息的条目(概念行)。
wgPolicyToTunnelPolicyID 此实体的策略标识符。
wgPolicyToTunnelTunnelID 此实体的隧道标识符。
wgPolicyTableNum 策略表中的策略总数。
wgPolicyTable 这是策略的 policytotunnel 表。
wgPolicyEntry 包含策略相关信息的条目(概念行)。
wgPolicyID 此策略的策略标识符。
wgPolicyName 此策略的名称。
wgPolicyBytes 自此策略建立以来的总流量(字节)。
wgPolicyPackets 自此策略建立以来的总流量(数据包)。
wgPolicyIpsecDecryptErr 自此策略建立以来由于解密错误丢弃的总数据包数。
wgPolicyIpsecAuthErr 自此策略建立以来由于认证错误丢弃的总数据包数。
wgPolicyIpsecReplayErr 自此策略建立以来由于重播错误丢弃的总数据包数。
wgPolicyIpsecPadErr 自此策略建立以来由于填充值错误丢弃的总数据包数。
wgPolicyIpsecPolicyErr 自此策略建立以来由于策略错误丢弃的总数据包数。
wgPolicyFwDisc 自此策略建立以来由防火墙策略丢弃的总数据包数。
wgPolicyOtherDisc 自此策略建立以来由于防火墙错误以外的错误(例如 IPSec 错误)丢弃的总数据包数。
wgPolicyActiveStreams 自此策略建立以来的总活动连接数。
wgPolicyIpsecDisc 自此策略建立以来由于 IPSec 错误(解密错误、认证错误、重播错误)丢弃的总数据包数。
wgPolicyDisc 自此策略建立以来丢弃的总数据包数。
wgPolicyNumTunl 此策略的隧道总数。
wgPolicySingleCntrNum 由此策略处理的单计数器总数。
wgPolicyLogging 指示是否为此策略启用了日志记录。
wgPolicyCurrActiveConns 当前此策略的总活动连接数。

IPSec 隧道

文件名 — WATCHGUARD-IPSEC-TUNNEL-MIB

对象 说明
wgIpsecTunnelMIB 这是所有隧道分支的基础对象标识符。
wgIpsecTunnel 这是所有隧道信息的基础对象标识符。
wgIpsecTunnelNum wgIpsecTunnelTable 中的条目总数。
wgIpsecTunnelTable 这是描述此设备的所有当前隧道的连接表。
wgIpsecTunnelEntry 包含两个安全网关之间的隧道相关信息的条目(概念行)。
wgIpsecTunnelID 此隧道的运行索引。
wgIpsecTunnelLocalAddr 当前隧道的本地 IP 地址。
wgIpsecTunnelPeerAddr 当前隧道的远程 IP 地址。
wgIpsecTunnelInSpi 此隧道的入站隧道端点 (SA) 的安全参数索引。
wgIpsecTunnelOutSpi 此隧道的出站隧道端点 (SA) 的安全参数索引。
wgIpsecTunnelCreateTime 创建隧道的日期和时间。
wgIpsecTunnelDeviceID 隧道端点所在的目标设备的标识符。
wgIpsecTunnelEspEncryptAlg 隧道中使用的加密算法。 如果未使用 ESP,则算法值为 0。
wgIpsecTunnelEspAuthAlg 隧道中使用的认证算法。 如果未使用 ESP,则算法值为 0。
wgIpsecTunnelAhAuthAlg 隧道中使用的 AH 认证算法。 如果未使用 AH,则算法值为 0。
wgIpsecTunnelMode 隧道的隧道模式/传输模式。
wgIpsecTunnelKeyMode 隧道的密钥模式。
wgIpsecTunnelLifeTime 隧道的有效期(以百分之一秒为单位)
wgIpsecTunnelLifeLength 隧道支持的最大流量(字节)
wgIpsecTunnelInSaBytes 隧道的当前活动入站隧道端点字节数。
wgIpsecTunnelOutSaBytes 隧道的当前活动出站隧道端点字节数。
wgIpsecTunnelAccSecs 隧道已存在的秒数。
wgIpsecTunnelSelectorProtocol 此本地远程隧道端点承载的 IP 协议号。 如果它承载任何协议,则值为 0。
wgIpsecTunnelSelectorRemoteIPType 本地远程隧道端点的远程 IP 地址类型。
wgIpsecTunnelSelectorRemoteIPOne

本地远程隧道端点的第一个远程 IP 地址。
如果该端点的本地 IP 地址只有一个 IP 地址,则该 IP 地址将用作此 IP 地址。
如果该端点的本地 IP 地址是 IP 地址子网,则该子网的 IP 地址将用作此 IP 地址。
如果该端点的本地 IP 地址包含 IP 地址范围,则该范围中的第一个 IP 地址将用作此 IP 地址。

wgIpsecTunnelSelectorRemoteIPTwo

本地远程隧道端点的第二个远程 IP 地址。
如果此端点的远程 IP 地址只包含一个 IP 地址,则值为 0。
如果此端点的远程 IP 地址是 IP 地址子网,则子网的网络掩码将用作此 IP 地址。
如果此端点的远程 IP 地址包含地址范围,则范围中的最后一个 IP 地址将用作此 IP 地址。

wgIpsecTunnelSelectorRemotePort 此本地远程隧道端点所使用的远程端口。
wgIpsecTunnelSelectorLocalIPType 本地远程隧道端点的本地 IP 地址类型。
wgIpsecTunnelSelectorLocalIPOne

本地远程隧道端点的第一个本地 IP 地址。
如果该端点的本地 IP 地址只有一个 IP 地址,则该 IP 地址将用作实体的 IP 地址。
如果该端点的本地 IP 地址是 IP 地址子网,则该子网的 IP 地址将用作实体的 IP 地址。
如果该端点的本地 IP 地址包含 IP 地址范围,则该范围中的第一个 IP 地址将用作实体的 IP 地址。

wgIpsecTunnelSelectorLocalIPTwo

本地远程隧道端点的第二个本地 IP 地址。
如果此端点的远程 IP 地址只包含一个 IP 地址,则值为 0。
如果此端点的远程 IP 地址是 IP 地址子网,则子网的网络掩码将用作此 IP 地址。
如果此端点的远程 IP 地址包含地址范围,则范围中的最后一个 IP 地址将用作此 IP 地址。

wgIpsecTunnelSelectorLocalPort 此端点所使用的本地端口。
wgIpsecTunnelNumRekey 隧道重新生成的密钥数。
wgIpsecTunnelInKbytes 自此隧道建立以来的总入站流量 (KB)
wgIpsecTunnelOutKbytes 自此连接建立以来的总出站流量 (KB)
wgIpsecTunnelInPackets 自此连接建立以来的总入站数据包数。
wgIpsecTunnelOutPackets 自此连接建立以来的总出站数据包数。
wgIpsecTunnelInDecryptErrors 自此连接建立以来由于解密错误丢弃的总数据包数。
wgIpsecTunnelInAuthErrors 自此连接建立以来由于认证错误丢弃的总数据包数。
wgIpsecTunnelInReplayErrors 自此连接建立以来由于重播错误丢弃的总数据包数。
wgIpsecTunnelInOtherErrors 由于除解密、认证或重播以外的其他错误丢弃的数据包数。 其中可能包括由于缺少接收缓冲区和解密元件拥堵导致丢弃的数据包。
wgIpsecTunnelOutDecryptErrors 自此连接建立以来由于解密错误丢弃的总数据包数。
wgIpsecTunnelOutAuthErrors 自此连接建立以来由于认证错误丢弃的总数据包数。
wgIpsecTunnelOutReplayErrors 自此连接建立以来由于重播错误丢弃的总数据包数。
wgIpsecTunnelOutOtherErrors 由于除解密、认证或重播以外的其他错误丢弃的数据包数。 其中可能包括由于缺少接收缓冲区和解密元件拥堵导致丢弃的数据包。
wgIpsecTunnelUdpEncap 指示是否已启用 UDP 封装的 IPSec。
wgIpsecTunnelPeerUdpPort 当启用 UDP 封装的 IPSec 时,当前隧道对等方的 UDP 端口。
wgIpsecTunnelOrigPeerAddr 当启用 UDP 封装的 IPSec 时,当前隧道的原始对等方的 IP 地址。

IPSec SA Monitor

文件名 — WATCHGUARD-IPSEC-SA-MON-MIB-EXT

对象 说明
IpsecSaCreatorIdent 此值指示隧道端点的创建方式。
IpsecIpv6Address 此数据类型用于规范 IPv6 地址前缀。 这是以网络字节顺序排列的包含 16 个八进制位组的二进制字符串。
wgIpsecSaMonitorMIB 这是所有 IPSec 分支的基础对象标识符。
wgSaTables 这是所有隧道端点表的基础对象标识符。
wgSaStatistics 这是作为 IPSec 安全关联全局计数器的所有对象的基础对象标识符。
wgSaErrors 这是作为 IPSec 安全关联全局错误计数器的所有对象的基础对象标识符。
wgIpsecSaEspInTable 包含 IPSec 入站 ESP 隧道端点相关信息的(概念)表。 实体中存在的每个入站 ESP 安全关联都应有一个对应的行。 最大行数与实施相关。
wgIpsecSaEspInEntry 包含特定 IPSec 入站 ESP 隧道端点相关信息的条目(概念行)。 此表中的行不能由针对表列的 SNMP 操作创建或删除。

IPSec 端点对

文件名 — WATCHGUARD-IPSEC-ENDPOINT-PAIR-MIB

对象 说明
wgIpsecEndpointPairMIB 这是所有 IPSec 隧道分支的基础对象标识符。
wgIpsecEndpointPair 这是所有 IPSec 隧道信息的基础对象标识符。
wgIpsecEndpointPairStatistics 这是作为 IPSec 隧道全局计数器的所有对象的基础对象标识符。
wgIpsecEndpointPairNum wgIpsecEndpointPairTable 中的条目总数。
wgIpsecEndpointPairTable 描述所有当前 IPSec 隧道的连接表。
wgIpsecEndpointPairEntry 包含两个 IPSec 安全网关之间的 IPSec 隧道相关信息的条目(概念行)。
wgIpsecEndpointPairIndex 此 IPSec 端点对的运行索引。
wgIpsecEndpointPairLocalAddr 当前 IPSec 端点对的本地 IP 地址。
wgIpsecEndpointPairPeerAddr 当前 IPSec 端点对的远程 IP 地址。
wgIpsecEndpointPairInSAs 此 IPSec 端点对中的入站 IPSec 隧道路由的数目。
wgIpsecEndpointPairOutSAs 此 IPSec 端点对中的出站 IPSec 隧道路由的数目。
wgIpsecEndpointPairInAccKbytes 自此连接建立以来的总入站流量 (KB)
wgIpsecEndpointPairOutAccKbytes 自此连接建立以来的总出站流量 (KB)。
wgIpsecEndpointPairInPackets 自此连接建立以来的总入站数据包数。
wgIpsecEndpointPairOutPackets 自此连接建立以来的总出站数据包数。
wgIpsecEndpointPairDecryptErrors 自此连接建立以来由于解密错误丢弃的总数据包数。
wgIpsecEndpointPairAuthErrors 自此连接建立以来由于认证错误丢弃的总数据包数。
wgIpsecEndpointPairReplayErrors 自此连接建立以来由于重播错误丢弃的总数据包数。
wgIpsecEndpointPairPolicyErrors 自此连接建立以来由于策略错误丢弃的总数据包数。
wgIpsecEndpointPairPadErrors 自此连接建立以来由于填充值错误丢弃的总数据包数。
wgIpsecEndpointPairOtherReceiveErrors 由于除解密、认证或重播以外的其他错误丢弃的数据包数。 其中可能包括由于缺少接收缓冲区和解密元件拥堵导致丢弃的数据包。
wgIpsecEndpointPairSendErrors 由于任意错误丢弃的数据包数。 其中可能包括由于缺少传输缓冲区导致的错误。
wgIpsecEndpointPairTotalInSAs 活动入站隧道路由的总数。
wgIpsecEndpointPairTotalOutSAs 活动出站隧道路由的总数。
wgIpsecEndpointPairTotalInAccKbytes 入站 IPSec 总流量。
wgIpsecEndpointPairTotalOutAccKbytes 出站 IPSec 总流量。
wgIpsecEndpointPairTotalInPackets 入站 IPSec 总数据包数。
wgIpsecEndpointPairTotalOutPackets 出站 IPSec 总数据包数。
wgIpsecEndpointPairTotalDecryptErrors 由于加密错误丢弃的总数据包数。
wgIpsecEndpointPairTotalAuthErrors 由于认证错误丢弃的总数据包数。
wgIpsecEndpointPairTotalReplayErrors 由于重播错误丢弃的总数据包数。
wgIpsecEndpointPairTotalPolicyErrors 由于策略错误丢弃的总数据包数。
wgIpsecEndpointPairTotalPadErrors 此实体由于填充值错误丢弃的总数据包数。
wgIpsecEndpointPairTotalOtherReceiveErrors 此实体由于除解密、认证或重播以外的其他错误丢弃的总数据包数。 其中可能包括由于缺少接收缓冲区和解密元件拥堵导致丢弃的数据包。
wgIpsecEndpointPairTotalSendErrors 由于任意错误丢弃的总数据包数。
wgIpsecEndpointPairPeerIPToTunnel 这是关于所有策略的隧道信息的基础对象标识符。
wgIpsecEndpointPairPeerIPToTunnelNum peeriptotunnel 表中的总隧道数。
wgIpsecEndpointPairPeerIPToTunnelTable endpointpair MIB 中的 peeriptotunnel 表。
wgIpsecEndpointPairPeerIPToTunnelEntry 包含对等方 IP 地址和隧道信息的条目(概念行)。
wgIpsecEndpointPairPeerIPToTunnelPeerIP peeriptotunnel 表的对等方 IP 地址。
wgIpsecEndpointPairPeerIPToTunnelTunnelID peeriptotunnel 表的隧道 ID。

IPSec ISAKMP IKE DOI 文本约定

文件名 — IPSEC-ISAKMP-IKE-DOI-TC

对象 说明
IpsecDoiSecProtocolId 这些是 ISAKMP 建议载荷以及所有通知载荷中的 Protocol-Id 字段的 IPSEC DOI 值。 它们也用作通知载荷和删除载荷中的 Protocol-ID。 值 249-255 保留供协作系统之间专用。
IpsecDoiTransformIdent IPSEC DOI ISAKMP 转换标识符是 8 位值,标识用于协商的密钥交换协议。 它用于 IKE 第一阶段转换载荷的 Transform-Id 字段。 值 249-255 保留供协作系统之间专用。
IpsecDoiAhTransform IPSEC DOI AH 转换标识符是 8 位值,标识用于为 AH 提供完整性保护的特定算法。 它用于 IPSEC DOI 的 ISAKMP 转换载荷的 Tranform-ID 字段(当相关建议载荷的 Protocol-Id 为 2 (AH) 时)。 值 249-255 保留供协作系统之间专用。
IpsecDoiEspTransform IPSEC DOI ESP 转换标识符是 8 位值,标识用于为 ESP 提供加密保护的特定算法。 它用于 IPSEC DOI 的 ISAKMP 转换载荷的 Transform-ID 字段(当相关建议载荷的 Protocol-Id 为 2 (AH)、3 (ESP) 和 4 (IPCOMP) 时)。 值 249-255 保留供协作系统之间专用。
IpsecDoiAuthAlgorithm IPSEC DOI 中使用的 ESP 认证算法,作为 IKE 协商第二阶段的转换载荷中的 SA 属性定义。 当相关建议载荷的 Protocol-ID 为 2 (AH) 时,这组值定义 AH 认证算法。 当相关建议载荷的 Protocol-ID 为 3 (ESP) 时,这组值定义 ESP 认证算法。 值 5-61439 为 IANA 保留。 值 61440-65535 供专用。 在 MIB 中,值 0 表示 ESP 在没有认证的情况下完成协商。
IpsecDoiIpcompTransform IPSEC DOI IPCOMP 转换标识符是 8 位值,标识用于在 ESP 之前提供 IP 级压缩的特定算法。 它用于 IPSEC DOI 的 ISAKMP 转换载荷的 Transform-ID 字段(当相关建议载荷的 Protocol-Id 为 4 (IPCOMP) 时)。 值 1-47 保留用于经过 RFC 批准发布的算法。 值 48-63 保留供协作系统之间专用。 值 64-255 保留用于将来扩展。
IpsecDoiEncapsulationMode 在第二阶段 IKE 协商的转换载荷中用作 IPSEC DOI SA 属性定义的封装模式。 当相关建议载荷的 Protocol-ID 为 3 (ESP) 时,这组值定义用于 AH、ESP 和 IPCOMP 的封装模式。 值 3-61439 为 IANA 保留。 值 61440-65535 供专用。
IpsecDoiIdentType IPSEC DOI 标识类型是 8 位值,在 ID Type 字段中用作解释可变长度标识载荷的鉴别器。 值 249-255 保留供协作系统之间专用。
IsakmpDOI 这些是 ISAKMP 协议的解释域的值。 它们是 32 位值,用于安全关联载荷的 Domain of Interpretation 字段。 值 2-4294967295 为 IANA 保留。
IsakmpCertificateEncoding 这些值是证书载荷的 Certificate Data 字段中包含的证书相关信息的类型。 它们用于证书载荷的 Cert Encoding 字段。 值 11-255 保留。
IsakmpExchangeType 这些值用于 ISAKMP 头中的交换类型。 31 以下的值保留,供将来分配给 ISAKMP(与 DOI 无关)。 值 240-255 保留供协作系统之间专用。
IsakmpNotifyMessageType 这些值表示通知消息的类型。 它们用于通知载荷中的 Notify Message Type 字段。 此文本约定合并了错误类型(位于范围 1-16386)和通知类型(位于范围 16384-65535)。 值 16001-16383 保留用作协作系统之间的专用错误类型。 值 24576-32767 保留供每个 DOI 使用。 每个 DOI 应具有此文本约定的克隆(添加本地值)。 值 32768-40958 保留用作协作系统之间的专用通知类型。
IkeExchangeType 这些值用于 ISAKMP 头中的交换类型。 值 32-239 特定于 DOI,这些值供 IKE 用于 IPSec DOI。 值 240-255 保留供协作系统之间专用。
IkeEncryptionAlgorithm IKE 在第一阶段为 ISAKMP SA 协商的加密算法值。这些值用于 SA 属性类型 Encryption Algorithm (1)。 Values 7-65000 are reserved to IANA. 值 65001-65535 供相互认同方专用。
IkeHashAlgorithm IKE 在第一阶段为 ISAKMP SA 协商的哈希算法值。这些值用于 SA 属性类型 Hash Algorithm (2)。 Values 4-65000 are reserved to IANA. 值 65001-65535 供相互认同方专用。
IkeAuthMethod IKE 在第一阶段为 ISAKMP SA 协商的认证方法的值。这些值用于 SA 属性类型 Authentication Method (3)。 Values 6-65000 are reserved to IANA. 值 65001-65535 供相互认同方专用。
IkeGroupDescription IKE 在第一阶段为 ISAKMP SA 协商的 Diffie-Hellman 交换 Oakley 密钥计算组的值。当使用 Perfect Forward Secrecy 时,它们也用于第二阶段。 这些值用于 SA 属性类型 Group Description (4)。
IkeGroupType IKE 在第一阶段为 ISAKMP SA 协商的 Oakley 密钥计算组类型的值。当使用 Perfect Forward Secrecy 时,它们也用于第二阶段。 这些值用于 SA 属性类型 Group Type (5)。
IkePrf IKE 在第一阶段为 ISAKMP SA 协商的与哈希算法配合使用的伪随机函数的值。目前未定义伪随机函数,始终使用默认 HMAC。 这些值用于 SA 属性类型 PRF (13)。 Values 1-65000 are reserved to IANA. 值 65001-65535 供相互认同方专用。
IkeNotifyMessageType 这些值表示通知消息的类型。 它们用于通知载荷中的 Notify Message Type 字段。 此文本约定合并了错误类型(位于范围 1-16386)和通知类型(位于范围 16384-65535)。 此文本约定合并了 ISAKMP 定义的值和 IPSEC DOI 中定义的附加值。 值 16001-16383 保留用作协作系统之间的专用错误类型。 值 32001-32767 保留用作协作系统之间的专用通知类型。

常规系统信息

文件名 — WATCHGUARD-INFO-SYSTEM-MIB

对象 说明
wgInfoSystem 这是所有 wg 客户端分支的基本系统信息。
wgInfoSystemCurrentTime 管理计算机上的本地日期和时间。

客户端 MIB

文件名 — WATCHGUARD-CLIENT-MIB

对象 说明
wgClientMIB 这是 DHCP 服务器、DHCP 客户端和 PPPoE 客户端的基础对象标识符。
wgClientDHCPServer 这是所有 DHCP 服务器相关信息的基础对象标识符。
wgClientDHCPClient 这是所有 DHCP 客户端相关信息的基础对象标识符。
wgClientPPPoEClient 这是所有 PPPoE 客户端相关信息的基础对象标识符。
wgClientDHCPServerEnable 指示是否已启用 DHCP 服务器。
wgClientDHCPServerStartIpAddress DHCP 服务器出租的 IP 地址范围的起始 IP 地址。
wgClientDHCPServerEndIpAddress DHCP 服务器出租的 IP 地址范围的截止 IP 地址。
wgClientDHCPServerLeaseTime 分配给 DHCP 客户端的地址的租用时间。
wgClientDHCPServerNum wgClientDHCPServerTable 中的条目总数。
wgClientDHCPServerConnTable 这是 DHCP 服务器的客户端租用表。
wgClientDHCPServerRelayServer 向其中继 DHCP 请求的远程 DHCP 服务器的 IP 地址。
wgClientDHCPServerConnEntry 包含由 DHCP 服务器分配的地址租用信息的条目(概念行)。
wgClientDHCPServerConnClientHostName 客户端的主机名。
wgClientDHCPServerConnIPAddr 分配给客户端的 IP 地址。
wgClientDHCPServerConnMACAddr 客户端的 MAC 地址。
wgClientDHCPServerConnLeaseTimeStart 租用的起始日期和时间。
wgClientDHCPServerConnLeaseTimeEnd 租用的截止日期和时间。
wgClientDHCPClientEnable 指示接口 1(公共)是否配置为通过 DHCP 获取 IP 地址。
wgClientDHCPClientDomainName DHCP 客户端的域名。
wgClientDHCPClientDefaultGateway DHCP 客户端的默认网关的 IP 地址。
wgClientDHCPClientDNSOne DHCP 客户端的主 DNS 服务器的 IP 地址。
wgClientDHCPClientDNSTwo DHCP 客户端的次 DNS 服务器的 IP 地址。
wgClientPPPoEClientEnable 指示接口 1(公共)是否配置为使用 PPPoE。
wgClientPPPoEClientADSLStatus PPPoE 客户端的当前 ADSL 状态。
wgClientPPPoEClientLocalIPAddr PPPoE 客户端的 IP 地址。
wgClientPPPoEClientRemoteIPAddr 此 PPPoE 客户端所连接的 PPP 服务器的 IP 地址。
wgClientPPPoEClientNetMask PPPoE 客户端的子网掩码。
wgClientPPPoEClientDNSOne 主 DNS 服务器的 IP 地址。
wgClientPPPoEClientDNSTwo 次 DNS 服务器的 IP 地址。
wgClientPPPoEADSLPeerMACAddr 此客户端所连接的 PPP 服务器的 MAC 地址。
wgClientPPPoEClientConnTime PPPoE 连接的连接时间。

来自 Fireware XTM Enterprise MIB 文件的文本

为了便于查看每个 MIB 文件中包含的 MIB 的层次结构,我们建议使用 MIB 浏览器打开和查看 MIB 文件。 每种 MIB 浏览器会以不同方式呈现 MIB 中的信息,而下面的文件详细信息是您在简单文本编辑器中打开 MIB 文件时看到的内容。 无论您使用哪种工具打开文件,其所有信息都是相同的,但不同 MIB 浏览器工具所呈现的文本外观可能存在差异。

系统统计信息

文件名 — WATCHGUARD-SYSTEM-STATISTICS-MIB

WATCHGUARD-SYSTEM-STATISTICS-MIB DEFINITIONS ::= BEGIN
 IMPORTS
 MODULE-IDENTITY, OBJECT-TYPE, Counter64,
 OBJECT-IDENTITY, enterprises,
 IpAddress, TimeTicks FROM SNMPv2-SMI
 watchguard FROM WATCHGUARD-SMI;
 
 wgInfoModule MODULE-IDENTITY
 LAST-UPDATED "200701251200Z"
 ORGANIZATION "WatchGuard Technologies, Inc."
 CONTACT-INFO
 " Ella Yu
 WatchGuard Technologies, Inc.
 1841 Zanker Road
 San Jose, CA 95112
 USA
			408-519-4888
 ella.yu@watchguard.com "
 
 DESCRIPTION
 "The MIB module describes various system statistics information
 of WatchGuard system."
	
 
 REVISION "200701251200Z"
 DESCRIPTION
 "Initial revision."
 ::= { watchguard 6 }
 
 
 wgSystemStatisticsMIB OBJECT-IDENTITY
 STATUS current
 DESCRIPTION
 "This is the base system information for all system related
 statistical counters."
 ::= { wgInfoModule 3 }
 
 wgSystemCpuUtil OBJECT-TYPE
 SYNTAX Counter64
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "CPU utilization of the system in last 5 seconds. The value
 is measured in 0.01%. For example, if the value is 234,
 then CPU utilization is 2.34%."
 ::= { wgSystemStatisticsMIB 4 }
 
 wgSystemTotalSendBytes OBJECT-TYPE
 SYNTAX Counter64
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The total number of bytes sent since system is up. This
 number includes both cut through traffic and host traffic."
 ::= { wgSystemStatisticsMIB 8 }
 
 wgSystemTotalRecvBytes OBJECT-TYPE
 SYNTAX Counter64
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The total number of bytes received since system is up. This
 number includes both cut through traffic and host traffic."
 ::= { wgSystemStatisticsMIB 9 }
 
 wgSystemTotalSendPackets OBJECT-TYPE
 SYNTAX Counter64
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The total number of the packets sent since system is up. This
 number includes both cut through traffic and host traffic."
 ::= { wgSystemStatisticsMIB 10 }
 
 wgSystemTotalRecvPackets OBJECT-TYPE
 SYNTAX Counter64
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The total number of the packets received since system is up.
 The number includes both cut through traffic and host traffic."
 ::= { wgSystemStatisticsMIB 11 }
 
 wgSystemStreamReqTotal OBJECT-TYPE
 SYNTAX Counter64
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The total number of the connection requests since system is up."
 ::= { wgSystemStatisticsMIB 30 }
 
 wgSystemStreamReqDrop OBJECT-TYPE
 SYNTAX Counter64
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The total number of the connection requests being dropped since system is up."
 ::= { wgSystemStatisticsMIB 34 }
 
 wgSystemCpuUtil1 OBJECT-TYPE
 SYNTAX Counter64
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "CPU utilization of the system in last 1 minute. The value
 is measured in 0.01%. For example, if the value is 234,
 then CPU utilization is 2.34%."
 ::= { wgSystemStatisticsMIB 77 }
 
 wgSystemCpuUtil5 OBJECT-TYPE
 SYNTAX Counter64
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "CPU utilization of the system in last 5 minutes. The value
 is measured in 0.01%. For example, if the value is 234,
 then CPU utilization is 2.34%."
 ::= { wgSystemStatisticsMIB 78 }
 
 wgSystemCpuUtil15 OBJECT-TYPE
 SYNTAX Counter64
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "CPU utilization of the system in last 15 minutes. The value
 is measured in 0.01%. For example, if the value is 234,
 then CPU utilization is 2.34%."
 ::= { wgSystemStatisticsMIB 79 }
 
 wgSystemCurrActiveConns OBJECT-TYPE
 SYNTAX Counter64
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "Total number of currently active connections of the system."
 ::= { wgSystemStatisticsMIB 80 }
END

系统配置

文件名 — WATCHGUARD-SYSTEM-CONFIG-MIB

WATCHGUARD-SYSTEM-CONFIG-MIB DEFINITIONS ::= BEGIN
 
IMPORTS
 MODULE-IDENTITY, OBJECT-TYPE, Counter32,
 Integer32, Unsigned32, IpAddress, Gauge32,
 enterprises, NOTIFICATION-TYPE FROM SNMPv2-SMI
 watchguard FROM WATCHGUARD-SMI;
 
 
wgSystemConfigMIB MODULE-IDENTITY
 LAST-UPDATED "200811100000Z"
 ORGANIZATION "WatchGuard Technologies, Inc."
 CONTACT-INFO
 " Ella Yu
 WatchGuard Technologies, Inc.
 15901 Red Hill Avenue, Suite 202
 Tustin, CA 92780
 USA
 
		714-258-4598
 ella.yu@watchguard.com "
 
 DESCRIPTION
 "This MIB module defines WatchGuard Firebox system
 configuration."
 REVISION "200701251200Z"
 DESCRIPTION
 "Initial revision."
 REVISION "200811100000Z"
 DESCRIPTION
 "Updated CONTACT-INFO."
 ::= { watchguard 2 }
 
-- significant branches
 
wgSysTraps OBJECT-IDENTITY
 STATUS current
 DESCRIPTION
 "This is the base object for system wide traps
 in this entity."
 ::= { wgSystemConfigMIB 3 }
 
wgSysTrapObjects OBJECT-IDENTITY
 STATUS current
 DESCRIPTION
 "This is the base object for objects which are used
 as part of traps."
 ::= { wgSystemConfigMIB 4 }
 
wgSysTrapControl OBJECT-IDENTITY
 STATUS current
 DESCRIPTION
 "This is the base object identifier for all objects
 which are trap control for the entity."
 ::= { wgSystemConfigMIB 5 }
 
--
-- wgSysTraps
--
-- object used in trap reporting
 
wgAlarmId OBJECT-TYPE
 SYNTAX Integer32
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The id of the alarm that generates a trap."
 ::= { wgSysTrapObjects 1 }
 
wgAlarmLabel OBJECT-TYPE
 SYNTAX OCTET STRING (SIZE(0..64))
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The name of the alarm that generates a trap."
 ::= { wgSysTrapObjects 2 }
 
wgAlarmTime OBJECT-TYPE
 SYNTAX OCTET STRING
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The date and time of the alarm that generates a trap."
 ::= { wgSysTrapObjects 3 }
 
wgAlarmLevel OBJECT-TYPE
 SYNTAX INTEGER {
 normal(4),
 warning(3),
 error(2),
 critical(1)
	}
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The level of an alarm generated."
 ::= { wgSysTrapObjects 4 }
 
wgAlarmHostname OBJECT-TYPE
 SYNTAX OCTET STRING (SIZE(0..64))
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The host name of the system where alarm occurred"
 ::= { wgSysTrapObjects 5 }
 
wgAlarmMsg OBJECT-TYPE
 SYNTAX OCTET STRING
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The message describing the nature of this alarm."
 ::= { wgSysTrapObjects 6 }
 
--
-- trap control
--
 
wgAlarmTrapEnable OBJECT-TYPE
 SYNTAX INTEGER {
 false(0),
 true(1)
	}
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "Indicates whether wgAlarmTrap trap should be generated."
 DEFVAL { true }
 ::= { wgSysTrapControl 1 }
 
--
-- traps themselves
--
 
wgSysTrapsPrefix OBJECT-IDENTITY
 STATUS current
 DESCRIPTION ""
 ::= { wgSysTraps 0 }
 
wgAlarmTrap NOTIFICATION-TYPE
 OBJECTS {
 wgAlarmId,
 wgAlarmLabel,
 wgAlarmTime,
 wgAlarmLevel,
 wgAlarmHostname,
 wgAlarmMsg
	}
 STATUS current
 DESCRIPTION
 "An alarm was raised by Monitoring Agent of this
 WatchGuard entity."
 ::= { wgSysTrapsPrefix 1 }
 
wgSnmpShutdown NOTIFICATION-TYPE
 STATUS current
 DESCRIPTION
 "This trap is sent when the snmp terminates."
 ::= { wgSysTrapsPrefix 2 }
 
wgSnmpStart NOTIFICATION-TYPE
 STATUS current
 DESCRIPTION
 "This trap is sent when the snmp starts."
 ::= { wgSysTrapsPrefix 3 }
END

SMI 定义

文件名 — WATCHGUARD-SMI

WATCHGUARD-SMI DEFINITIONS ::= BEGIN
 
IMPORTS
 MODULE-IDENTITY, OBJECT-IDENTITY, enterprises
 FROM SNMPv2-SMI;
 
 
watchguard MODULE-IDENTITY
 LAST-UPDATED "200811100000Z"
 ORGANIZATION "WatchGuard Technologies, Inc."
 CONTACT-INFO
 " Ella Yu
 WatchGuard Technologies, Inc.
 15901 Red Hill Avenue, Suite 202
 Tustin, CA 92780
 USA
 
		714-258-4598
 ella.yu@watchguard.com "
 
 DESCRIPTION
 "The Structure of Management Information for
 the WatchGuard enterprise."
 REVISION "200811100000Z"
 DESCRIPTION
 "Initial version."
 ::= { enterprises 3097 }
 
wgProducts OBJECT-IDENTITY
 STATUS current
 DESCRIPTION
 "wgProducts is the root OBJECT IDENTIFIER of
 WatchGuard Product OIDs."
 ::= { watchguard 1 }
 
wgSystemConfigMIB OBJECT-IDENTITY
 STATUS current
 DESCRIPTION
 "wgSystemConfig is the root OBJECT IDENTIFIER of
 WatchGuard Firebox system configurations."
 ::= { watchguard 2 }
 
END

WatchGuard 产品的 MIB 定义

文件名 — WATCHGUARD-PRODUCTS-MIB

WATCHGUARD-PRODUCTS-MIB DEFINITIONS ::= BEGIN
 
IMPORTS
 MODULE-IDENTITY FROM SNMPv2-SMI
 watchguard FROM WATCHGUARD-SMI;
 
wgProducts MODULE-IDENTITY
 LAST-UPDATED "200811100000Z"
 ORGANIZATION "WatchGuard Technologies, Inc."
 CONTACT-INFO
 " Ella Yu
 WatchGuard Technologies, Inc.
 15901 Red Hill Avenue, Suite 202
 Tustin, CA 92780
 USA
 
		714-258-4598
 ella.yu@watchguard.com
	"
 DESCRIPTION
 "This MIB module definesthe object identifiers
 for WatchGuard Technologies Products."
 REVISION
 "200811100000Z"
 DESCRIPTION
 "Initial version."
 ::= { watchguard 1 }
 
fbXSeries OBJECT IDENTIFIER ::= { wgProducts 4 }
xtmSeries OBJECT IDENTIFIER ::= { wgProducts 5 }
 
-- fbX series
fbX500 OBJECT IDENTIFIER ::= { fbXSeries 1 }
fbX550e OBJECT IDENTIFIER ::= { fbXSeries 2 }
fbX700 OBJECT IDENTIFIER ::= { fbXSeries 3 }
fbX750e OBJECT IDENTIFIER ::= { fbXSeries 4 }
fbX750e-4 OBJECT IDENTIFIER ::= { fbXSeries 5 }
fbX1000 OBJECT IDENTIFIER ::= { fbXSeries 6 }
fbX1250e OBJECT IDENTIFIER ::= { fbXSeries 7 }
fbX1250e-4 OBJECT IDENTIFIER ::= { fbXSeries 8 }
fbX2500 OBJECT IDENTIFIER ::= { fbXSeries 9 }
fbX5000 OBJECT IDENTIFIER ::= { fbXSeries 10 }
fbX5500e OBJECT IDENTIFIER ::= { fbXSeries 11 }
fbX6000 OBJECT IDENTIFIER ::= { fbXSeries 12 }
fbX6500e OBJECT IDENTIFIER ::= { fbXSeries 13 }
fbX8000 OBJECT IDENTIFIER ::= { fbXSeries 14 }
fbX8500e OBJECT IDENTIFIER ::= { fbXSeries 15 }
fbX8500e-F OBJECT IDENTIFIER ::= { fbXSeries 16 }
fbX10e OBJECT IDENTIFIER ::= { fbXSeries 17 }
fbX10e-W OBJECT IDENTIFIER ::= { fbXSeries 18 }
fbX20e OBJECT IDENTIFIER ::= { fbXSeries 19 }
fbX20e-W OBJECT IDENTIFIER ::= { fbXSeries 20 }
fbX55e OBJECT IDENTIFIER ::= { fbXSeries 21 }
fbX55e-W OBJECT IDENTIFIER ::= { fbXSeries 22 }
 
-- xtm series
xtm1050 OBJECT IDENTIFIER ::= { xtmSeries 1 }
xtm1050-F OBJECT IDENTIFIER ::= { xtmSeries 2 }
xtm830-F OBJECT IDENTIFIER ::= { xtmSeries 3 }
xtm830 OBJECT IDENTIFIER ::= { xtmSeries 4 }
xtm820 OBJECT IDENTIFIER ::= { xtmSeries 5 }
xtm810 OBJECT IDENTIFIER ::= { xtmSeries 6 }
xtm530 OBJECT IDENTIFIER ::= { xtmSeries 7 }
xtm520 OBJECT IDENTIFIER ::= { xtmSeries 8 }
xtm510 OBJECT IDENTIFIER ::= { xtmSeries 9 }
xtm23 OBJECT IDENTIFIER ::= { xtmSeries 10 }
xtm22 OBJECT IDENTIFIER ::= { xtmSeries 11 }
xtm21 OBJECT IDENTIFIER ::= { xtmSeries 12 }
xtm23-W OBJECT IDENTIFIER ::= { xtmSeries 13 }
xtm22-W OBJECT IDENTIFIER ::= { xtmSeries 14 }
xtm21-W OBJECT IDENTIFIER ::= { xtmSeries 15 }
 
END

策略 MIB

文件名 — WATCHGUARD-POLICY-MIB

WATCHGUARD-POLICY-MIB DEFINITIONS ::= BEGIN
 
 IMPORTS
 MODULE-IDENTITY, OBJECT-TYPE, Unsigned32, Counter64,
 OBJECT-IDENTITY, enterprises,
 IpAddress, TimeTicks FROM SNMPv2-SMI
 DateAndTime FROM SNMPv2-TC
 watchguard FROM WATCHGUARD-SMI;
 
 wgPolicyMIB MODULE-IDENTITY
 LAST-UPDATED "200701251200Z"
 ORGANIZATION "WatchGuard Technologies, Inc."
 CONTACT-INFO
 " Ella Yu
 WatchGuard Technologies, Inc.
 1841 Zanker Road
 San Jose, CA 95112
 USA
			408-519-4888
 ella.yu@watchguard.com "
 DESCRIPTION
 "The MIB module describes various policy objects
 of WatchGuard system."
 REVISION "200701251200Z"
 DESCRIPTION
 "Initial revision."
 ::= { watchguard 4 }
 
 wgPolicyToTunnel OBJECT-IDENTITY
 STATUS current
 DESCRIPTION
 "This is the base object identifier for all tunnels
 information of the policies."
 ::= {wgPolicyMIB 1}
 
 wgPolicyStatistics OBJECT-IDENTITY
 STATUS current
 DESCRIPTION
 "This is the base object identifier for all policy related
 statistical counters."
 ::= { wgPolicyMIB 2 }
 
 wgPolicyToTunnelNum OBJECT-TYPE
 SYNTAX Unsigned32
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The total number of tunnels in the policytotunnel table. "
 ::= { wgPolicyToTunnel 1 }
 
 wgPolicyToTunnelTable OBJECT-TYPE
 SYNTAX SEQUENCE OF WGPolicyToTunnelEntry
 MAX-ACCESS not-accessible
 STATUS current
 DESCRIPTION
 "This is the policytotunnel table of all the policies."
 ::= { wgPolicyToTunnel 2 }
 
 wgPolicyToTunnelEntry OBJECT-TYPE
 SYNTAX WGPolicyToTunnelEntry
 MAX-ACCESS not-accessible
 STATUS current
 DESCRIPTION
 "An entry (conceptual row) containing the tunnels
 information."
 INDEX {
 wgPolicyToTunnelPolicyID,
 wgPolicyToTunnelTunnelID
		}
 ::= { wgPolicyToTunnelTable 1 }
 
 WGPolicyToTunnelEntry ::= SEQUENCE {
 
 wgPolicyToTunnelPolicyID Integer32,
 wgPolicyToTunnelTunnelID Integer32
	}
 
 wgPolicyToTunnelPolicyID OBJECT-TYPE
 SYNTAX Integer32
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The policy identifier of this entity."
 ::= {wgPolicyToTunnelEntry 1}
 
 wgPolicyToTunnelTunnelID OBJECT-TYPE
 SYNTAX Integer32
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The tunnel identifier of this entity."
 ::= {wgPolicyToTunnelEntry 2}
 
-- counter ID
-- per policy counter
-- 1-24 is reserved
 
 wgPolicyTableNum OBJECT-TYPE
 SYNTAX Unsigned32
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The total number of policies in the policy table. "
 ::= { wgPolicyStatistics 1 }
 
 wgPolicyTable OBJECT-TYPE
 SYNTAX SEQUENCE OF WGPolicyEntry
 MAX-ACCESS not-accessible
 STATUS current
 DESCRIPTION
 "This is the policytotunnel table of the policies."
 ::= { wgPolicyStatistics 2 }
 
 wgPolicyEntry OBJECT-TYPE
 SYNTAX WGPolicyEntry
 MAX-ACCESS not-accessible
 STATUS current
 DESCRIPTION
 "An entry (conceptual row) containing the policy
 information."
 INDEX{
 wgPolicyID
		}
 ::= { wgPolicyTable 1 }
 
 WGPolicyEntry ::= SEQUENCE {
	
 wgPolicyID Integer32,
 wgPolicyName OCTET STRING (SIZE(32)),
 wgPolicyBytes Counter64,
 wgPolicyPackets Counter64,
 wgPolicyIpsecDecryptErr Counter64,
 wgPolicyIpsecAuthErr Counter64,
 wgPolicyIpsecReplayErr Counter64,
 wgPolicyIpsecPadErr Counter64,
 wgPolicyIpsecPolicyErr Counter64,
 wgPolicyFwDisc Counter64,
 wgPolicyOtherDisc Counter64,
 wgPolicyActiveStreams Counter64,
 wgPolicyIpsecDisc Counter64,
 wgPolicyDisc Counter64,
 wgPolicyNumTunl Counter64,
 wgPolicySingleCntrNum Counter64,
 wgPolicyLogging INTEGER,
 wgPolicyCurrActiveConns Counter64
	}
 
 
 wgPolicyID OBJECT-TYPE
 SYNTAX Integer32
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The policy identifier of this policy."
 ::= {wgPolicyEntry 1}
 
 wgPolicyName OBJECT-TYPE
 SYNTAX OCTET STRING (SIZE(32))
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The policy name of this policy"
 ::= {wgPolicyEntry 2}
 
 wgPolicyBytes OBJECT-TYPE
 SYNTAX Counter64
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "Total traffic in bytes since setting up this policy."
 ::= {wgPolicyEntry 3}
 
 wgPolicyPackets OBJECT-TYPE
 SYNTAX Counter64
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "Total traffic in packets since setting up this policy."
 ::= {wgPolicyEntry 4}
 
 wgPolicyIpsecDecryptErr OBJECT-TYPE
 SYNTAX Counter64
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "Total number of packets discarded due to decryption
 errors since setting up this policy."
 ::= {wgPolicyEntry 5}
 
 wgPolicyIpsecAuthErr OBJECT-TYPE
 SYNTAX Counter64
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "Total number of packets discarded due to authentication
 errors since setting up this policy."
 ::= {wgPolicyEntry 6}
 
 wgPolicyIpsecReplayErr OBJECT-TYPE
 SYNTAX Counter64
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "Total number of packets discarded due to replay
 errors since setting up this policy."
 ::= {wgPolicyEntry 7}
 
 wgPolicyIpsecPadErr OBJECT-TYPE
 SYNTAX Counter64
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "Total number of packets discarded due to pad value
 errors since setting up this policy."
 ::= {wgPolicyEntry 8}
 
 wgPolicyIpsecPolicyErr OBJECT-TYPE
 SYNTAX Counter64
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "Total number of packets discarded due to policy
 errors since setting up this policy."
 ::= {wgPolicyEntry 9}
 
 wgPolicyFwDisc OBJECT-TYPE
 SYNTAX Counter64
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "Total number of packets discarded by firewall policies
 since setting up this policy."
 ::= {wgPolicyEntry 10}
 
 wgPolicyOtherDisc OBJECT-TYPE
 SYNTAX Counter64
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "Total number of packets discarded due to errors
 other than firewall errors, ipsec errors since setting up
 this policy."
 ::= {wgPolicyEntry 11}
 
 wgPolicyActiveStreams OBJECT-TYPE
 SYNTAX Counter64
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "Total number of the active connections since setting
 up this policy."
 ::= {wgPolicyEntry 12}
 
 wgPolicyIpsecDisc OBJECT-TYPE
 SYNTAX Counter64
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "Total number of packets discarded by IPSEC errors
 (decryption error, authentication error, replay error)
 since setting up this policy."
 ::= {wgPolicyEntry 13}
 
 wgPolicyDisc OBJECT-TYPE
 SYNTAX Counter64
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "Total number of packets discarded since setting up
 this policy."
 ::= {wgPolicyEntry 14}
 
 wgPolicyNumTunl OBJECT-TYPE
 SYNTAX Counter64
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "Total number of tunnels belong to this policy"
 ::= {wgPolicyEntry 15}
 
 wgPolicySingleCntrNum OBJECT-TYPE
 SYNTAX Counter64
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "Total number of single counters handled by this policy."
 ::= {wgPolicyEntry 16}
 
 wgPolicyLogging OBJECT-TYPE
 SYNTAX INTEGER {
 disabled(0),
 enabled(1)
		}
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "Indicates whether if the logging of this policy has been enabled. "
 ::= { wgPolicyEntry 17 }
 
 wgPolicyCurrActiveConns OBJECT-TYPE
 SYNTAX Counter64
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "Total number of currently active connections for this policy."
 ::= {wgPolicyEntry 18}
END

IPSec 隧道 MIB 定义

文件名 — WATCHGUARD-IPSEC-TUNNEL-MIB

WATCHGUARD-IPSEC-TUNNEL-MIB DEFINITIONS ::= BEGIN

 IMPORTS
 MODULE-IDENTITY, OBJECT-TYPE, Unsigned32, Counter64, 
 OBJECT-IDENTITY, enterprises, 
 IpAddress, TimeTicks FROM SNMPv2-SMI
 DateAndTime FROM SNMPv2-TC
 watchguard FROM WATCHGUARD-SMI;
        
 wgInfoModule MODULE-IDENTITY
 LAST-UPDATED "200701251200Z"
 ORGANIZATION "WatchGuard Technologies, Inc."
 CONTACT-INFO
 " Ella Yu
 WatchGuard Technologies, Inc.
 1841 Zanker Road
 San Jose, CA 95112
 USA

                      408-519-4888
 ella.yu@watchguard.com "

 DESCRIPTION
 "The MIB module describes various tunnel objects
 of WatchGuard system."


 REVISION "200701251200Z"
 DESCRIPTION
 "Initial revision."
 ::= { watchguard 6 }

 wgIpsecTunnelMIB OBJECT-IDENTITY
 STATUS current
 DESCRIPTION
 "This is the base object identifier for all tunnel
 branches."
 ::= { wgInfoModule 5 }

 wgIpsecTunnel OBJECT-IDENTITY
 STATUS current
 DESCRIPTION
 "This is the base object identifier for all 
 tunnel information."
 ::= { wgIpsecTunnelMIB 1 }

 wgIpsecTunnelNum OBJECT-TYPE
 SYNTAX Unsigned32
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The total number of entries in the wgIpsecTunnelTable. "
 ::= { wgIpsecTunnel 1 }

 wgIpsecTunnelTable OBJECT-TYPE
 SYNTAX SEQUENCE OF WGIpsecTunnelEntry
 MAX-ACCESS not-accessible
 STATUS current
 DESCRIPTION
 "This is the connection table describing all current
 tunnels exist on this entity."
 ::= { wgIpsecTunnel 2 }


 wgIpsecTunnelEntry OBJECT-TYPE
 SYNTAX WGIpsecTunnelEntry
 MAX-ACCESS not-accessible
 STATUS current
 DESCRIPTION
 "An entry (conceptual row) containing the information on a
 tunnel between two security gateways."
 INDEX{ wgIpsecTunnelID }
 ::= { wgIpsecTunnelTable 1 }

 WGIpsecTunnelEntry ::= SEQUENCE {

 wgIpsecTunnelID Integer32,

 wgIpsecTunnelLocalAddr IpAddress,
 wgIpsecTunnelPeerAddr IpAddress,


 wgIpsecTunnelInSpi Integer32,
 wgIpsecTunnelOutSpi Integer32,
 wgIpsecTunnelCreateTime DateAndTime,
 wgIpsecTunnelDeviceID Unsigned32,
 wgIpsecTunnelEspEncryptAlg INTEGER,
 wgIpsecTunnelEspAuthAlg INTEGER,
 wgIpsecTunnelAhAuthAlg INTEGER,
 wgIpsecTunnelMode INTEGER,
 wgIpsecTunnelKeyMode INTEGER,
 wgIpsecTunnelLifeTime TimeTicks,
 wgIpsecTunnelLifeLength Counter32,
 wgIpsecTunnelInSaBytes Counter32,
 wgIpsecTunnelOutSaBytes Counter32,
 wgIpsecTunnelAccSecs Counter32,
 wgIpsecTunnelSelectorProtocol INTEGER,
 wgIpsecTunnelSelectorRemoteIPType INTEGER,
 wgIpsecTunnelSelectorRemoteIPOne IpAddress,
 wgIpsecTunnelSelectorRemoteIPTwo IpAddress,
 wgIpsecTunnelSelectorRemotePort INTEGER,
 wgIpsecTunnelSelectorLocalIPType INTEGER,
 wgIpsecTunnelSelectorLocalIPOne IpAddress,
 wgIpsecTunnelSelectorLocalIPTwo IpAddress,
 wgIpsecTunnelSelectorLocalPort INTEGER,
 wgIpsecTunnelNumRekey Counter32,
 wgIpsecTunnelInKbytes Counter32,
 wgIpsecTunnelOutKbytes Counter32,
 wgIpsecTunnelInPackets Counter32,
 wgIpsecTunnelInPackets Counter32,
 wgIpsecTunnelInDecryptErrors Counter32,
 wgIpsecTunnelInAuthErrors Counter32,
 wgIpsecTunnelInReplayErrors Counter32,
 wgIpsecTunnelInOtherErrors Counter32,
 wgIpsecTunnelOutDecryptErrors Counter32,
 wgIpsecTunnelOutAuthErrors Counter32,
 wgIpsecTunnelOutReplayErrors Counter32,
 wgIpsecTunnelOutOtherErrors Counter32,
 wgIpsecTunnelUdpEncap INTEGER,
 wgIpsecTunnelPeerUdpPort INTEGER,
 wgIpsecTunnelOrigPeerAddr IpAddress
    }

 wgIpsecTunnelID OBJECT-TYPE
 SYNTAX Integer32
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The running index of this tunnel."
 ::= { wgIpsecTunnelEntry 1 }

 wgIpsecTunnelLocalAddr OBJECT-TYPE
 SYNTAX IpAddress
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The local IP address of the current tunnel."
 ::= { wgIpsecTunnelEntry 2 }

 wgIpsecTunnelPeerAddr OBJECT-TYPE
 SYNTAX IpAddress
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The remote IP address of the current tunnel."
 ::= { wgIpsecTunnelEntry 3 }

 wgIpsecTunnelInSpi OBJECT-TYPE
 SYNTAX Integer32
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The security parameters index of inbound SA's within this 
 tunnel."
 ::= { wgIpsecTunnelEntry 4 }

 wgIpsecTunnelOutSpi OBJECT-TYPE
 SYNTAX Integer32
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The security parameters index of outbound SA's within this 
 tunnel."
 ::= { wgIpsecTunnelEntry 5 }

 wgIpsecTunnelCreateTime OBJECT-TYPE
 SYNTAX DateAndTime
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The date and time when the tunnel is created."
 ::= { wgIpsecTunnelEntry 6 }

 wgIpsecTunnelDeviceID OBJECT-TYPE
 SYNTAX Unsigned32
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The identifier of target device where the SA resides."
 ::= { wgIpsecTunnelEntry 7 }

 wgIpsecTunnelEspEncryptAlg OBJECT-TYPE
 SYNTAX INTEGER {
 unknown(0),
 des(2),
 three-des(3),
 aes(4)
                    }
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The encryption algorithm used in the tunnel. It's 0
 if ESP is not used."
 ::= { wgIpsecTunnelEntry 8 }

 wgIpsecTunnelEspAuthAlg OBJECT-TYPE
 SYNTAX INTEGER {
 unknown(0),
 md5(2),
 sha(3)
                    }
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The authentication algorithm used in the tunnel. It's
 0 if ESP is not used."
 ::= { wgIpsecTunnelEntry 9 }

 wgIpsecTunnelAhAuthAlg OBJECT-TYPE
 SYNTAX INTEGER {
 unknown(0),
 md5(2),
 sha(3)
                    }
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The AH authentication algorithm used in the tunnel.
 It's 0 if AH is not used."
 ::= { wgIpsecTunnelEntry 10 }
        
 wgIpsecTunnelMode OBJECT-TYPE
 SYNTAX INTEGER {
 unknown(0),
 tunnel(1),
 transport(2)
                    }
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The tunnel/transport mode of the tunnel."
 ::= { wgIpsecTunnelEntry 11 }

 wgIpsecTunnelKeyMode OBJECT-TYPE
 SYNTAX INTEGER {
 unknown(0),
 manual(1),
 auto-ike(2),
 other(3)
                    }
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The key mode of the tunnel."
 ::= { wgIpsecTunnelEntry 12 }

 wgIpsecTunnelLifeTime OBJECT-TYPE
 SYNTAX TimeTicks
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The life time (in hundredths of a second) of the tunnel."
 ::= { wgIpsecTunnelEntry 13 }

 wgIpsecTunnelLifeLength OBJECT-TYPE
 SYNTAX Counter32
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The maximum traffic in bytes that the tunnel is allowed to support."
 ::= { wgIpsecTunnelEntry 14 }

 wgIpsecTunnelInSaBytes OBJECT-TYPE
 SYNTAX Counter32
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "Current active inbound SA bytes of the tunnel."
 ::= { wgIpsecTunnelEntry 15 }
        
 wgIpsecTunnelOutSaBytes OBJECT-TYPE
 SYNTAX Counter32
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "Current active outbound SA bytes of the tunnel."
 ::= { wgIpsecTunnelEntry 16 }
        
 wgIpsecTunnelAccSecs OBJECT-TYPE
 SYNTAX Counter32
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The number of seconds that the tunnel has existed."
 ::= { wgIpsecTunnelEntry 17 }
        
 wgIpsecTunnelSelectorProtocol OBJECT-TYPE
 SYNTAX INTEGER {
 any(0),
 icmp(1),
 igmp(2),
 ipip(4),
 tcp(6),
 egp(8),
 pup(12),
 udp(17),
 idp(22),
 tp(29),
 ipv6(41),
 ipv6-routing(43),
 ipv6-fragmentation(44),
 rsvp(46),
 gre(47),
 esp(50),
 ah(51),
 icmpv6(58),
 none(59),
 dstopts(60),
 mtp(92),
 encap(98),
 pim(103),
 raw(255)
                    }
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The ip protocol number that this SA selector carries, or
 0 if it carries any protocol."
 ::= { wgIpsecTunnelEntry 18 }
        
 wgIpsecTunnelSelectorRemoteIPType OBJECT-TYPE
 SYNTAX INTEGER {
 ip-addr-single(1),
 ip-addr-subnet(2),
 ip-addr-range(3)
                    }
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The type of remote IP address of the SA selector in 
 the entity."
 ::= { wgIpsecTunnelEntry 19 }

 wgIpsecTunnelSelectorRemoteIPOne OBJECT-TYPE
 SYNTAX IpAddress
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The first remote IP address of the SA selector in the entity.
 It's IP address if remote IP of this selector only has one address.
 It's IP address of subnet if the remote IP of this selector is IP subnet.
 It's the start IP address if the remote IP of this selector 
 has a range of addresses."
 ::= { wgIpsecTunnelEntry 20 }
        
 wgIpsecTunnelSelectorRemoteIPTwo OBJECT-TYPE
 SYNTAX IpAddress
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The second remote IP address of the SA selector in the entity.
 It's 0 if remote IP of this selector only has one address.
 It's netmask of subnet if the remote IP of this selector is IP subnet.
 It's the end IP address if the remote IP of this selector 
 has a range of addresses."
 ::= { wgIpsecTunnelEntry 21 }

 wgIpsecTunnelSelectorRemotePort OBJECT-TYPE
 SYNTAX INTEGER (0..65535)
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The remote port used by this selector in the entity."
 ::= { wgIpsecTunnelEntry 22 }

 wgIpsecTunnelSelectorLocalIPType OBJECT-TYPE
 SYNTAX INTEGER {
 ip-addr-single(1),
 ip-addr-subnet(2),
 ip-addr-range(3)
                           }
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The type of local IP address of the SA selector in 
 the entity."
 ::= { wgIpsecTunnelEntry 23 }

 wgIpsecTunnelSelectorLocalIPOne OBJECT-TYPE
 SYNTAX IpAddress
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The first local IP address of the SA selector in the entity.
 It's IP address if local IP of this selector only has one address.
 It's IP address of subnet if the local IP of this selector is IP subnet.
 It's the start IP address if the local IP of this selector 
 has a range of IP addresses."
 ::= { wgIpsecTunnelEntry 24 }
        
 wgIpsecTunnelSelectorLocalIPTwo OBJECT-TYPE
 SYNTAX IpAddress
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The second local IP address of the SA selector in the entity.
 It's 0 if local IP of this selector only has one address.
 It's netmask of subnet if the local IP of this selector is IP subnet.
 It's the end IP address if the local IP of this selector 
 has a range of IP addresses."
 ::= { wgIpsecTunnelEntry 25 }

 wgIpsecTunnelSelectorLocalPort OBJECT-TYPE
 SYNTAX INTEGER (0..65535)
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The local port used by this selector in the entity."
 ::= { wgIpsecTunnelEntry 26 }
        
 wgIpsecTunnelNumRekey OBJECT-TYPE
 SYNTAX Counter32
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The number of rekeys of the tunnel."
 ::= { wgIpsecTunnelEntry 27 }
        
 wgIpsecTunnelInKbytes OBJECT-TYPE
 SYNTAX Counter32
 UNITS "Kbytes"
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "Total inbound traffic in Kbytes since the establish of
 this tunnel."
 ::= { wgIpsecTunnelEntry 28 }

 wgIpsecTunnelOutKbytes OBJECT-TYPE
 SYNTAX Counter32
 UNITS "Kbytes"
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "Total outound traffic in Kbytes since the establish of
 this connection."
 ::= { wgIpsecTunnelEntry 29 }

 wgIpsecTunnelInPackets OBJECT-TYPE
 SYNTAX Counter32
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "Total number of inbound packets since the establish of
 this connection."
 ::= { wgIpsecTunnelEntry 30 }

 wgIpsecTunnelOutPackets OBJECT-TYPE
 SYNTAX Counter32
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "Total number of outound packets since the establish of
 this connection."
 ::= { wgIpsecTunnelEntry 31 }

 wgIpsecTunnelInDecryptErrors OBJECT-TYPE
 SYNTAX Counter32
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "Total number of packets discarded due to decryption
 error since the establish of this connection."
 ::= { wgIpsecTunnelEntry 32 }

 wgIpsecTunnelInAuthErrors OBJECT-TYPE
 SYNTAX Counter32
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "Total number of packets discarded due to authentication
 error since the establish of this connection."
 ::= { wgIpsecTunnelEntry 33 }

 wgIpsecTunnelInReplayErrors OBJECT-TYPE
 SYNTAX Counter32
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "Total number of packets discarded due to replay
 error since the establish of this connection."
 ::= { wgIpsecTunnelEntry 34}

 wgIpsecTunnelInOtherErrors OBJECT-TYPE
 SYNTAX Counter32
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The number of packets discarded due to errors
 other than decryption, authentication or replay errors. This
 may include packets dropped due to a lack of receive
 buffers, and may include packets dropped due to congestion
 at the decryption element."
 ::= { wgIpsecTunnelEntry 35 }

 wgIpsecTunnelOutDecryptErrors OBJECT-TYPE
 SYNTAX Counter32
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "Total number of packets discarded due to decryption
 error since the establish of this connection."
 ::= { wgIpsecTunnelEntry 36 }

 wgIpsecTunnelOutAuthErrors OBJECT-TYPE
 SYNTAX Counter32
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "Total number of packets discarded due to authentication
 error since the establish of this connection."
 ::= { wgIpsecTunnelEntry 37 }

 wgIpsecTunnelOutReplayErrors OBJECT-TYPE
 SYNTAX Counter32
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "Total number of packets discarded due to replay
 error since the establish of this connection."
 ::= { wgIpsecTunnelEntry 38 } 

 wgIpsecTunnelOutOtherErrors OBJECT-TYPE
 SYNTAX Counter32
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The number of packets discarded due to errors
 other than decryption, authentication or replay errors. This
 may include packets dropped due to a lack of receive
 buffers, and may include packets dropped due to congestion
 at the decryption element."
 ::= { wgIpsecTunnelEntry 39 }

 wgIpsecTunnelUdpEncap OBJECT-TYPE
 SYNTAX INTEGER {
 disabled(0),
 enabled(1)
                    }
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "Indicates whether if UDP encapsulated IPSec has been enabled."
 ::= { wgIpsecTunnelEntry 40 }

 wgIpsecTunnelPeerUdpPort OBJECT-TYPE
 SYNTAX INTEGER (0..65535)
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The peer's UDP port of current tunnel when UDP encapsulated IPSec
 is enabled."
 ::= { wgIpsecTunnelEntry 41 }

 wgIpsecTunnelOrigPeerAddr OBJECT-TYPE
 SYNTAX IpAddress
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The original peer ip address of current tunnel when UDP encapsulated
 IPSec is enabled"
 ::= { wgIpsecTunnelEntry 42 }

END

IPSec SA Monitor MIB 扩展定义

文件名 — WATCHGUARD-IPSEC-SA-MON-MIB-EXT

WATCHGUARD-IPSEC-SA-MON-MIB-EXT DEFINITIONS ::= BEGIN

 IMPORTS
 MODULE-IDENTITY, OBJECT-TYPE, Counter32, Gauge32,
 Integer32, Integer32, NOTIFICATION-TYPE,
 OBJECT-IDENTITY, enterprises 
 FROM SNMPv2-SMI
 TEXTUAL-CONVENTION, TruthValue
 FROM SNMPv2-TC
 ifIndex FROM RFC1213-MIB
 IpsecDoiIdentType,
 IpsecDoiEncapsulationMode,
 IpsecDoiEspTransform,
 IpsecDoiAhTransform,
 IpsecDoiAuthAlgorithm,
 IpsecDoiIpcompTransform,
 IpsecDoiSecProtocolId
 FROM IPSEC-ISAKMP-IKE-DOI-TC
 watchguard
 FROM WATCHGUARD-SMI;

 wgIpsecSaMonModule MODULE-IDENTITY
 LAST-UPDATED "200701251200Z"
 ORGANIZATION "WatchGuard Technologies, Inc."
 CONTACT-INFO
 " Ella Yu
 WatchGuard Technologies, Inc.
 1841 Zanker Road
 San Jose, CA 95112
 USA

                      408-519-4888
 ella.yu@watchguard.com "

 DESCRIPTION
 "The MIB module describes generic IPSec objects
 defined in IETF working draft 
 'draft-ieft-ipsec-monitor-mib-01' and WatchGuard's
 extension."
 REVISION "200701251200Z"
 DESCRIPTION
 "Initial revision."
 ::= { watchguard 3 }

 IpsecSaCreatorIdent ::= TEXTUAL-CONVENTION
 DISPLAY-HINT "d"
 STATUS current
 DESCRIPTION
 "A value indicating how an SA was created."
 SYNTAX INTEGER {
 unknown(0),
 static(1), -- statically created
 ike(2), -- IKE
 other(3)
                    }

 IpsecIpv6Address ::= TEXTUAL-CONVENTION
 DISPLAY-HINT "2x:2x:2x:2x:2x:2x:1d.1d.1d.1d"
 STATUS current
 DESCRIPTION
 "This data type is used to model IPv6 address prefixes. This
 is a binary string of 16 octets in network byte-order."
 SYNTAX OCTET STRING (SIZE (16))

 wgIpsecSaMonitorMIB OBJECT-IDENTITY
 STATUS current
 DESCRIPTION
 "This is the base object identifier for all IPSec branches."
 ::= { wgIpsecSaMonModule 1 }

 -- significant branches

 wgSaTables OBJECT-IDENTITY
 STATUS current
 DESCRIPTION
 "This is the base object identifier for all SA tables."
 ::= { wgIpsecSaMonitorMIB 1 }

 wgSaStatistics OBJECT-IDENTITY
 STATUS current
 DESCRIPTION
 "This is the base object identifier for all objects which
 are global counters for IPSec security associations."
 ::= { wgIpsecSaMonitorMIB 2 }

 wgSaErrors OBJECT-IDENTITY
 STATUS current
 DESCRIPTION
 "This is the base object identifier for all objects which
 are global error counters for IPSec security associations."
 ::= { wgIpsecSaMonitorMIB 3 }

 -- the IPSec Inbound ESP MIB-Group
    --
 -- a collection of objects providing information about
 -- IPSec Inbound ESP SAs

 wgIpsecSaEspInTable OBJECT-TYPE
 SYNTAX SEQUENCE OF WGIpsecSaEspInEntry
 MAX-ACCESS not-accessible
 STATUS current
 DESCRIPTION
 "The (conceptual) table containing information on IPSec
 inbound ESP SAs.

 There should be one row for every inbound ESP security
 association that exists in the entity. The maximum number of
 rows is implementation dependent."
 ::= { wgSaTables 1 }

 wgIpsecSaEspInEntry OBJECT-TYPE
 SYNTAX WGIpsecSaEspInEntry
 MAX-ACCESS not-accessible
 STATUS current
 DESCRIPTION
 "An entry (conceptual row) containing the information on a
 particular IPSec inbound ESP SA.

 A row in this table cannot be created or deleted by SNMP
 operations on columns of the table."
 INDEX{ wgIpsecSaEspInAddress, wgIpsecSaEspInSpi }
 ::= { wgIpsecSaEspInTable 1 }

 WGIpsecSaEspInEntry ::= SEQUENCE {

 wgIpsecSaEspInAddress IpAddress,
 wgIpsecSaEspInSpi Integer32,

 wgIpsecSaEspInDestId OCTET STRING,
 wgIpsecSaEspInDestIdType IpsecDoiIdentType,
 wgIpsecSaEspInSourceId OCTET STRING,
 wgIpsecSaEspInSourceIdType IpsecDoiIdentType,
 wgIpsecSaEspInProtocol Integer32,
 wgIpsecSaEspInDestPort Integer32,
 wgIpsecSaEspInSourcePort Integer32,

 wgIpsecSaEspInCreator IpsecSaCreatorIdent,

 wgIpsecSaEspInEncapsulation IpsecDoiEncapsulationMode,
 wgIpsecSaEspInEncAlg IpsecDoiEspTransform,
 wgIpsecSaEspInEncKeyLength Integer32,
 wgIpsecSaEspInAuthAlg IpsecDoiAuthAlgorithm,

 wgIpsecSaEspInLimitSeconds Integer32,
 wgIpsecSaEspInLimitKbytes Integer32,

 wgIpsecSaEspInAccSeconds Counter32,
 wgIpsecSaEspInAccKbytes Counter32,
 wgIpsecSaEspInUserOctets Counter32,
 wgIpsecSaEspInPackets Counter32,

 wgIpsecSaEspInDecryptErrors Counter32,
 wgIpsecSaEspInAuthErrors Counter32,
 wgIpsecSaEspInReplayErrors Counter32,
 wgIpsecSaEspInPolicyErrors Counter32,
 wgIpsecSaEspInPadErrors Counter32,
 wgIpsecSaEspInOtherReceiveErrors Counter32

    
    }

 wgIpsecSaEspInAddress OBJECT-TYPE
 SYNTAX IpAddress
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The destination address of the SA.

 For implementations that do not support IPv6, this address
 should appear as one of the IPv4-mapped IPv6 addresses as
 defined in Section 2.5.4 of [IPV6AA].

 Specifically, the prefix '0000:0000:0000:0000:0000:FFFF:' is
 used for IPv4 only nodes, while the prefix
 '0000:0000:0000:0000:0000:0000:' is used for bi-lingual
 nodes."
 ::= { wgIpsecSaEspInEntry 1 }

 wgIpsecSaEspInSpi OBJECT-TYPE
 SYNTAX Integer32
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The security parameters index of the SA."
 REFERENCE "RFC 2406 Section 2.1"
 ::= { wgIpsecSaEspInEntry 2 }

 wgIpsecSaEspInDestId OBJECT-TYPE
 SYNTAX OCTET STRING (SIZE (1..255))
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The destination identifier of the SA, or 0 if unknown or if
 the SA uses transport mode encapsulation.

 This value is taken directly from the optional ID payloads
 that are exchanged during SA creation negotiation."
 ::= { wgIpsecSaEspInEntry 3 }

 wgIpsecSaEspInDestIdType OBJECT-TYPE
 SYNTAX IpsecDoiIdentType
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The type of identifier presented by 'wgIpsecSaEspInDestId',
 or 0 if unknown or if the SA uses transport mode
 encapsulation."
 ::= { wgIpsecSaEspInEntry 4 }

 wgIpsecSaEspInSourceId OBJECT-TYPE
 SYNTAX OCTET STRING (SIZE (1..255))
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The source identifier of the SA, or 0 if unknown or if the
 SA uses transport mode encapsulation.

 This value is taken directly from the optional ID payloads
 that are exchange during SA creation negotiation."
 ::= { wgIpsecSaEspInEntry 5 }

 wgIpsecSaEspInSourceIdType OBJECT-TYPE
 SYNTAX IpsecDoiIdentType
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The type of identifier presented by 'wgIpsecSaEspInSourceId',
 or 0 if unknown or if the SA uses transport mode
 encapsulation."
 ::= { wgIpsecSaEspInEntry 6 }

 wgIpsecSaEspInProtocol OBJECT-TYPE
 SYNTAX Integer32 (0..255)
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The transport-layer protocol number that this SA carries,
 or 0 if it carries any protocol."
 REFERENCE "RFC2401 section 4.4.2"
 ::= { wgIpsecSaEspInEntry 7 }

 wgIpsecSaEspInDestPort OBJECT-TYPE
 SYNTAX Integer32 (0.. 65535)
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The destination port number of the protocol that this SA
 carries, or 0 if it carries any port number."
 REFERENCE "RFC2401 section 4.4.2"
 ::= { wgIpsecSaEspInEntry 8 }

 wgIpsecSaEspInSourcePort OBJECT-TYPE
 SYNTAX Integer32 (0.. 65535)
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The source port number of the protocol that this SA
 carries, or 0 if it carries any port number."
 REFERENCE "RFC2401 section 4.4.2"
 ::= { wgIpsecSaEspInEntry 9 }

 wgIpsecSaEspInCreator OBJECT-TYPE
 SYNTAX IpsecSaCreatorIdent
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The creator of this SA.

 This MIB makes no assumptions about how the SAs are created.
 They may be created statically, or by a key exchange
 protocol such as IKE, or by some other method."
 ::= { wgIpsecSaEspInEntry 10 }

 wgIpsecSaEspInEncapsulation OBJECT-TYPE
 SYNTAX IpsecDoiEncapsulationMode
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The type of encapsulation used by this SA."
 ::= { wgIpsecSaEspInEntry 11 }

 wgIpsecSaEspInEncAlg OBJECT-TYPE
 SYNTAX IpsecDoiEspTransform
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "A unique value representing the encryption algorithm
 applied to traffic or 0 if there is no encryption used."
 ::= { wgIpsecSaEspInEntry 12 }

 wgIpsecSaEspInEncKeyLength OBJECT-TYPE
 SYNTAX Integer32 (0..65531)
 UNITS "bits"
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The length of the encryption key in bits used for the
 algorithm specified in the 'wgIpsecSaEspInEncAlg' object, or 0
 if the key length is implicit in the specified algorithm or
 there is no encryption specified."
 ::= { wgIpsecSaEspInEntry 13 }

 wgIpsecSaEspInAuthAlg OBJECT-TYPE
 SYNTAX IpsecDoiAuthAlgorithm
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "A unique value representing the hash algorithm applied to
 traffic or 0 if there is no authentication used."
 ::= { wgIpsecSaEspInEntry 14 }

 wgIpsecSaEspInLimitSeconds OBJECT-TYPE
 SYNTAX Integer32
 UNITS "seconds"
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The maximum lifetime in seconds of the SA, or 0 if there is
 no time constraint on its expiration.
 The display value is limited to 4294967295 seconds (more
 than 136 years); values greater than that value will be
 truncated."
 ::= { wgIpsecSaEspInEntry 15 }

 wgIpsecSaEspInLimitKbytes OBJECT-TYPE
 SYNTAX Integer32
 UNITS "kilobytes"
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The maximum traffic in kilobytes that the SA is allowed to
 support, or 0 if there is no traffic constraint on its
 expiration.

 The display value is limited to 4294967295 kilobytes; values
 greater than that value will be truncated."
 ::= { wgIpsecSaEspInEntry 16 }

 wgIpsecSaEspInAccSeconds OBJECT-TYPE
 SYNTAX Counter32
 UNITS "seconds"
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The number of seconds accumulated against the SA's
 expiration by time.

 This is also the number of seconds that the SA has existed."
 ::= { wgIpsecSaEspInEntry 17 }

 wgIpsecSaEspInAccKbytes OBJECT-TYPE
 SYNTAX Counter32
 UNITS "kilobytes"
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The amount of traffic accumulated that counts against the
 SA's expiration by traffic limitation, measured in Kbytes.

 This value may be 0 if the SA does not expire based on
 traffic."
 ::= { wgIpsecSaEspInEntry 18 }

 wgIpsecSaEspInUserOctets OBJECT-TYPE
 SYNTAX Counter32
 UNITS "bytes"
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The amount of user level traffic measured in bytes handled
 by the SA.

 This is not necessarily the same as the amount of traffic
 applied against the traffic expiration limit."
 ::= { wgIpsecSaEspInEntry 19 }

 wgIpsecSaEspInPackets OBJECT-TYPE
 SYNTAX Counter32
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The number of packets handled by the SA."
 ::= { wgIpsecSaEspInEntry 20 }

 wgIpsecSaEspInDecryptErrors OBJECT-TYPE
 SYNTAX Counter32
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The number of packets discarded by the SA due to decryption
 errors."
 ::= { wgIpsecSaEspInEntry 21 }

 wgIpsecSaEspInAuthErrors OBJECT-TYPE
 SYNTAX Counter32
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The number of packets discarded by the SA due to
 authentication errors."
 ::= { wgIpsecSaEspInEntry 22 }

 wgIpsecSaEspInReplayErrors OBJECT-TYPE
 SYNTAX Counter32
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The number of packets discarded by the SA due to replay
 errors."
 ::= { wgIpsecSaEspInEntry 23 }

 wgIpsecSaEspInPolicyErrors OBJECT-TYPE
 SYNTAX Counter32
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The number of packets discarded by the SA due to policy
 errors. This includes packets where the next protocol is
 invalid."
 ::= { wgIpsecSaEspInEntry 24 }

 wgIpsecSaEspInPadErrors OBJECT-TYPE
 SYNTAX Counter32
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The number of packets discarded by the SA due to pad value
 errors.

 Implementations that do not check this must not support this
 object."
 REFERENCE "RFC 2406 section 2.4"
 ::= { wgIpsecSaEspInEntry 25 }

 wgIpsecSaEspInOtherReceiveErrors OBJECT-TYPE
 SYNTAX Counter32
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The number of packets discarded by the SA due to errors
 other than decryption, authentication or replay errors. This
 may include packets dropped due to a lack of receive
 buffers, and may include packets dropped due to congestion
 at the decryption element."
 ::= { wgIpsecSaEspInEntry 26 }

 -- the IPSec Inbound AH MIB-Group
   --
 -- a collection of objects providing information about
 -- IPSec Inbound AH SAs

 wgIpsecSaAhInTable OBJECT-TYPE
 SYNTAX SEQUENCE OF WGIpsecSaAhInEntry
 MAX-ACCESS not-accessible
 STATUS current
 DESCRIPTION
 "The (conceptual) table containing information on IPSec
 inbound AH SAs.
 There should be one row for every inbound AH security
 association that exists in the entity. The maximum number of
 rows is implementation dependent."
 ::= { wgSaTables 2 }

 wgIpsecSaAhInEntry OBJECT-TYPE
 SYNTAX WGIpsecSaAhInEntry
 MAX-ACCESS not-accessible
 STATUS current
 DESCRIPTION
 "An entry (conceptual row) containing the information on a
 particular IPSec inbound AH SA.

 A row in this table cannot be created or deleted by SNMP
 operations on columns of the table."
 INDEX{ wgIpsecSaAhInAddress, wgIpsecSaAhInSpi }
 ::= { wgIpsecSaAhInTable 1 }

 WGIpsecSaAhInEntry ::= SEQUENCE {

 wgIpsecSaAhInAddress IpAddress,
 wgIpsecSaAhInSpi Integer32,

 wgIpsecSaAhInDestId OCTET STRING,
 wgIpsecSaAhInDestIdType IpsecDoiIdentType,
 wgIpsecSaAhInSourceId OCTET STRING,
 wgIpsecSaAhInSourceIdType IpsecDoiIdentType,
 wgIpsecSaAhInProtocol Integer32,
 wgIpsecSaAhInDestPort Integer32,
 wgIpsecSaAhInSourcePort Integer32,

 wgIpsecSaAhInCreator IpsecSaCreatorIdent,

 wgIpsecSaAhInEncapsulation IpsecDoiEncapsulationMode,
 wgIpsecSaAhInAuthAlg IpsecDoiAhTransform,

 wgIpsecSaAhInLimitSeconds Integer32,
 wgIpsecSaAhInLimitKbytes Integer32,

 wgIpsecSaAhInAccSeconds Counter32,
 wgIpsecSaAhInAccKbytes Counter32,
 wgIpsecSaAhInUserOctets Counter32,
 wgIpsecSaAhInPackets Counter32,

 -- error statistics
 wgIpsecSaAhInAuthErrors Counter32,
 wgIpsecSaAhInReplayErrors Counter32,
 wgIpsecSaAhInPolicyErrors Counter32,
 wgIpsecSaAhInOtherReceiveErrors Counter32
    }

 wgIpsecSaAhInAddress OBJECT-TYPE
 SYNTAX IpAddress
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The destination address of the SA.

 For implementations that do not support IPv6, this address
 should appear as one of the IPv4-mapped IPv6 addresses as
 defined in Section 2.5.4 of [IPV6AA].

 Specifically, the prefix '0000:0000:0000:0000:0000:FFFF:' is
 used for IPv4 only nodes, while the prefix
 '0000:0000:0000:0000:0000:0000:' is used for bi-lingual
 nodes."
 ::= { wgIpsecSaAhInEntry 1 }

 wgIpsecSaAhInSpi OBJECT-TYPE
 SYNTAX Integer32
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The security parameters index of the SA."
 REFERENCE "RFC 2402 Section 2.4"
 ::= { wgIpsecSaAhInEntry 2 }

 wgIpsecSaAhInDestId OBJECT-TYPE
 SYNTAX OCTET STRING (SIZE (1..255))
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The destination identifier of the SA, or 0 if unknown or if
 the SA uses transport mode encapsulation.

 This value is taken directly from the optional ID payloads
 that are exchange during SA creation negotiation."
 ::= { wgIpsecSaAhInEntry 3 }

 wgIpsecSaAhInDestIdType OBJECT-TYPE
 SYNTAX IpsecDoiIdentType
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The type of identifier presented by 'wgIpsecSaAhInDestId', or
 0 if unknown or if the SA uses transport mode
 encapsulation."
 ::= { wgIpsecSaAhInEntry 4 }

 wgIpsecSaAhInSourceId OBJECT-TYPE
 SYNTAX OCTET STRING (SIZE (1..255))
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The source identifier of the SA, or 0 if unknown or if the
 SA uses transport mode encapsulation.

 This value is taken directly from the optional ID payloads
 that are exchange during SA creation negotiation."
 ::= { wgIpsecSaAhInEntry 5 }

 wgIpsecSaAhInSourceIdType OBJECT-TYPE
 SYNTAX IpsecDoiIdentType
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The type of identifier presented by 'wgIpsecSaAhInSourceId',
 or 0 if unknown or if the SA uses transport mode
 encapsulation."
 ::= { wgIpsecSaAhInEntry 6 }

 wgIpsecSaAhInProtocol OBJECT-TYPE
 SYNTAX Integer32 (0..255)
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The transport-layer protocol number that this SA carries,
 or 0 if it carries any protocol."
 REFERENCE "RFC2401 section 4.4.2"
 ::= { wgIpsecSaAhInEntry 7 }

 wgIpsecSaAhInDestPort OBJECT-TYPE
 SYNTAX Integer32 (0.. 65535)
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The destination port number of the protocol that this SA
 carries, or 0 if it carries any port number."
 REFERENCE "RFC2401 section 4.4.2"
 ::= { wgIpsecSaAhInEntry 8 }

 wgIpsecSaAhInSourcePort OBJECT-TYPE
 SYNTAX Integer32 (0.. 65535)
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The source port number of the protocol that this SA
 carries, or 0 if it carries any port number."
 REFERENCE "RFC2401 section 4.4.2"
 ::= { wgIpsecSaAhInEntry 9 }

 wgIpsecSaAhInCreator OBJECT-TYPE
 SYNTAX IpsecSaCreatorIdent
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The creator of this SA.

 This MIB makes no assumptions about how the SAs are created.
 They may be created statically, or by a key exchange
 protocol such as IKE, or by some other method."
 ::= { wgIpsecSaAhInEntry 10 }

 wgIpsecSaAhInEncapsulation OBJECT-TYPE
 SYNTAX IpsecDoiEncapsulationMode
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The type of encapsulation used by this SA."
 ::= { wgIpsecSaAhInEntry 11 }

 wgIpsecSaAhInAuthAlg OBJECT-TYPE
 SYNTAX IpsecDoiAhTransform
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "A unique value representing the hash algorithm applied to
 traffic carried by this SA if it uses ESP or 0 if there is
 no authentication applied by ESP."
 ::= { wgIpsecSaAhInEntry 12 }

 wgIpsecSaAhInLimitSeconds OBJECT-TYPE
 SYNTAX Integer32
 UNITS "seconds"
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The maximum lifetime in seconds of the SA, or 0 if there is
 no time constraint on its expiration.

 The display value is limited to 4294967295 seconds (more
 than 136 years); values greater than that value will be
 truncated."
 ::= { wgIpsecSaAhInEntry 13 }

 wgIpsecSaAhInLimitKbytes OBJECT-TYPE
 SYNTAX Integer32
 UNITS "kilobytes"
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The maximum traffic in Kbytes that the SA is allowed to
 support, or 0 if there is no traffic constraint on its
 expiration.

 The display value is limited to 4294967295 kilobytes; values
 greater than that value will be truncated."
 ::= { wgIpsecSaAhInEntry 14 }

 wgIpsecSaAhInAccSeconds OBJECT-TYPE
 SYNTAX Counter32
 UNITS "seconds"
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The number of seconds accumulated against the SA's
 expiration by time.

 This is also the number of seconds that the SA has existed."
 ::= { wgIpsecSaAhInEntry 15 }

 wgIpsecSaAhInAccKbytes OBJECT-TYPE
 SYNTAX Counter32
 UNITS "kilobytes"
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The amount of traffic accumulated that counts against the
 SA's expiration by traffic limitation, measured in Kbytes.
 This value may be 0 if the SA does not expire based on
 traffic."
 ::= { wgIpsecSaAhInEntry 16 }

 wgIpsecSaAhInUserOctets OBJECT-TYPE
 SYNTAX Counter32
 UNITS "bytes"
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The amount of user level traffic measured in bytes handled
 by the SA.

 This is not necessarily the same as the amount of traffic
 applied against the traffic expiration limit."
 ::= { wgIpsecSaAhInEntry 17 }

 wgIpsecSaAhInPackets OBJECT-TYPE
 SYNTAX Counter32
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The number of packets handled by the SA."
 ::= { wgIpsecSaAhInEntry 18 }

 wgIpsecSaAhInAuthErrors OBJECT-TYPE
 SYNTAX Counter32
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The number of packets discarded by the SA due to
 authentication errors."
 ::= { wgIpsecSaAhInEntry 19 }

 wgIpsecSaAhInReplayErrors OBJECT-TYPE
 SYNTAX Counter32
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The number of packets discarded by the SA due to replay
 errors."
 ::= { wgIpsecSaAhInEntry 20 }

 wgIpsecSaAhInPolicyErrors OBJECT-TYPE
 SYNTAX Counter32
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The number of packets discarded by the SA due to policy
 errors. This includes packets where the next protocol is
 invalid."
 ::= { wgIpsecSaAhInEntry 21 }

 wgIpsecSaAhInOtherReceiveErrors OBJECT-TYPE
 SYNTAX Counter32
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The number of packets discarded by the SA due to errors
 other than decryption, authentication or replay errors. This
 may include packets dropped due to a lack of receive
 buffers, and may include packets dropped due to congestion
 at the authentication element."
 ::= { wgIpsecSaAhInEntry 22 }


 -- the IPSec Inbound IPCOMP MIB-Group
    --
 -- a collection of objects providing information about
 -- IPSec Inbound IPCOMP SAs

 wgIpsecSaIpcompInTable OBJECT-TYPE
 SYNTAX SEQUENCE OF WGIpsecSaIpcompInEntry
 MAX-ACCESS not-accessible
 STATUS current
 DESCRIPTION
 "The (conceptual) table containing information on IPSec
 inbound IPCOMP SAs.

 There should be one row for every inbound IPCOMP (security)
 association that exists in the entity. The maximum number of
 rows is implementation dependent."
 ::= { wgSaTables 3 }

 wgIpsecSaIpcompInEntry OBJECT-TYPE
 SYNTAX WGIpsecSaIpcompInEntry
 MAX-ACCESS not-accessible
 STATUS current
 DESCRIPTION
 "An entry (conceptual row) containing the information on a
 particular IPSec inbound IPCOMP SA.
 A row in this table cannot be created or deleted by SNMP
 operations on columns of the table."
 INDEX{ wgIpsecSaIpcompInAddress, wgIpsecSaIpcompInCpi }
 ::= { wgIpsecSaIpcompInTable 1 }

 WGIpsecSaIpcompInEntry ::= SEQUENCE {

 wgIpsecSaIpcompInAddress IpAddress,
 wgIpsecSaIpcompInCpi IpsecDoiIpcompTransform,

 wgIpsecSaIpcompInDestId OCTET STRING,
 wgIpsecSaIpcompInDestIdType IpsecDoiIdentType,
 wgIpsecSaIpcompInSourceId OCTET STRING,
 wgIpsecSaIpcompInSourceIdType IpsecDoiIdentType,
 wgIpsecSaIpcompInProtocol Integer32,
 wgIpsecSaIpcompInDestPort Integer32,
 wgIpsecSaIpcompInSourcePort Integer32,

 wgIpsecSaIpcompInCreator IpsecSaCreatorIdent,

 wgIpsecSaIpcompInEncapsulation IpsecDoiEncapsulationMode,
 wgIpsecSaIpcompInDecompAlg IpsecDoiIpcompTransform,

 wgIpsecSaIpcompInSeconds Counter32,
 wgIpsecSaIpcompInUserOctets Counter32,
 wgIpsecSaIpcompInPackets Counter32,

 wgIpsecSaIpcompInDecompErrors Counter32,
 wgIpsecSaIpcompInOtherReceiveErrors Counter32
    }

 wgIpsecSaIpcompInAddress OBJECT-TYPE
 SYNTAX IpAddress
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The destination address of the SA.

 For implementations that do not support IPv6, this address
 should appear as one of the IPv4-mapped IPv6 addresses as
 defined in Section 2.5.4 of [IPV6AA].
 Specifically, the prefix '0000:0000:0000:0000:0000:FFFF:' is
 used for IPv4 only nodes, while the prefix
 '0000:0000:0000:0000:0000:0000:' is used for bi-lingual
 nodes."
 ::= { wgIpsecSaIpcompInEntry 1 }

 wgIpsecSaIpcompInCpi OBJECT-TYPE
 SYNTAX IpsecDoiIpcompTransform
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The CPI of the SA. Since the lower values of CPIs are
 reserved to be the same as the algorithm, the syntax for
 this object is the same as the transform."
 REFERENCE "RFC 2393 Section 3.3"
 ::= { wgIpsecSaIpcompInEntry 2 }

 wgIpsecSaIpcompInDestId OBJECT-TYPE
 SYNTAX OCTET STRING (SIZE (1..255))
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The destination identifier of the SA, or 0 if unknown or if
 the SA uses transport mode, or 0 if this SA is used with
 multiple SAs in protection suites.

 This value, if non-zero, is taken directly from the optional
 ID payloads that are exchange during SA creation
 negotiation."
 ::= { wgIpsecSaIpcompInEntry 3 }

 wgIpsecSaIpcompInDestIdType OBJECT-TYPE
 SYNTAX IpsecDoiIdentType
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The type of identifier presented by
 'wgIpsecSaIpcompInDestId', or 0 if unknown or if the SA uses
 transport mode, or 0 if this SA is used with multiple SAs in
 protection suites."
 ::= { wgIpsecSaIpcompInEntry 4 }

 wgIpsecSaIpcompInSourceId OBJECT-TYPE
 SYNTAX OCTET STRING (SIZE (1..255))
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The source identifier of the SA, or 0 if unknown or if the
 SA uses transport mode encapsulation, or 0 if this SA is
 used with multiple SAs in protection suites.

 This value, if non-zero, is taken directly from the optional
 ID payloads that are exchange during SA creation
 negotiation."
 ::= { wgIpsecSaIpcompInEntry 5 }

 wgIpsecSaIpcompInSourceIdType OBJECT-TYPE
 SYNTAX IpsecDoiIdentType
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The type of identifier presented by
 'wgIpsecSaIpcompInSourceId', or 0 if unknown or if the SA uses
 transport mode encapsulation, or 0 if this SA is used with
 multiple SAs in protection suites."
 ::= { wgIpsecSaIpcompInEntry 6 }

 wgIpsecSaIpcompInProtocol OBJECT-TYPE
 SYNTAX Integer32 (0..255)
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The transport-layer protocol number that this SA carries,
 or 0 if it carries any protocol."
 REFERENCE "RFC2401 section 4.4.2"
 ::= { wgIpsecSaIpcompInEntry 7 }

 wgIpsecSaIpcompInDestPort OBJECT-TYPE
 SYNTAX Integer32 (0.. 65535)
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The destination port number of the protocol that this SA
 carries, or 0 if it carries any port number."
 REFERENCE "RFC2401 section 4.4.2"
 ::= { wgIpsecSaIpcompInEntry 8 }

 wgIpsecSaIpcompInSourcePort OBJECT-TYPE
 SYNTAX Integer32 (0.. 65535)
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The source port number of the protocol that this SA
 carries, or 0 if it carries any port number."
 REFERENCE "RFC2401 section 4.4.2"
 ::= { wgIpsecSaIpcompInEntry 9 }

 wgIpsecSaIpcompInCreator OBJECT-TYPE
 SYNTAX IpsecSaCreatorIdent
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The creator of this SA.

 This MIB makes no assumptions about how the SAs are created.
 They may be created statically, or by a key exchange
 protocol such as IKE, or by some other method."
 ::= { wgIpsecSaIpcompInEntry 10 }

 wgIpsecSaIpcompInEncapsulation OBJECT-TYPE
 SYNTAX IpsecDoiEncapsulationMode
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The type of encapsulation used by this SA."
 ::= { wgIpsecSaIpcompInEntry 11 }

 wgIpsecSaIpcompInDecompAlg OBJECT-TYPE
 SYNTAX IpsecDoiIpcompTransform
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "A unique value representing the decompression algorithm
 applied to traffic."
 ::= { wgIpsecSaIpcompInEntry 12 }

 wgIpsecSaIpcompInSeconds OBJECT-TYPE
 SYNTAX Counter32
 UNITS "seconds"
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The number of seconds that the SA has existed."
 ::= { wgIpsecSaIpcompInEntry 13 }

 wgIpsecSaIpcompInUserOctets OBJECT-TYPE
 SYNTAX Counter32
 UNITS "bytes"
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The amount of user level traffic measured in bytes handled
 by the SA."
 ::= { wgIpsecSaIpcompInEntry 14 }

 wgIpsecSaIpcompInPackets OBJECT-TYPE
 SYNTAX Counter32
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The number of packets handled by the SA."
 ::= { wgIpsecSaIpcompInEntry 15 }

 wgIpsecSaIpcompInDecompErrors OBJECT-TYPE
 SYNTAX Counter32
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The number of packets discarded by the SA due to
 decompression errors."
 ::= { wgIpsecSaIpcompInEntry 16 }

 wgIpsecSaIpcompInOtherReceiveErrors OBJECT-TYPE
 SYNTAX Counter32
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The number of packets discarded by the SA due to errors
 other than decompression errors. This may include packets
 dropped due to a lack of receive buffers, and packets
 dropped due to congestion at the decompression element."
 ::= { wgIpsecSaIpcompInEntry 17 }


 -- the IPSec Outbound ESP MIB-Group
    --
 -- a collection of objects providing information about
 -- IPSec Outbound ESP SAs

 wgIpsecSaEspOutTable OBJECT-TYPE
 SYNTAX SEQUENCE OF WGIpsecSaEspOutEntry
 MAX-ACCESS not-accessible
 STATUS current
 DESCRIPTION
 "The (conceptual) table containing information on IPSec
 Outbound ESP SAs.

 There should be one row for every outbound ESP security
 association that exists in the entity. The maximum number of
 rows is implementation dependent."
 ::= { wgSaTables 4 }

 wgIpsecSaEspOutEntry OBJECT-TYPE
 SYNTAX WGIpsecSaEspOutEntry
 MAX-ACCESS not-accessible
 STATUS current
 DESCRIPTION
 "An entry (conceptual row) containing the information on a
 particular IPSec Outbound ESP SA.

 A row in this table cannot be created or deleted by SNMP
 operations on columns of the table."
 INDEX{ wgIpsecSaEspOutAddress, wgIpsecSaEspOutSpi }
 ::= { wgIpsecSaEspOutTable 1 }

 WGIpsecSaEspOutEntry ::= SEQUENCE {

 wgIpsecSaEspOutAddress IpAddress,
 wgIpsecSaEspOutSpi Integer32,

 wgIpsecSaEspOutSourceId OCTET STRING,
 wgIpsecSaEspOutSourceIdType IpsecDoiIdentType,
 wgIpsecSaEspOutDestId OCTET STRING,
 wgIpsecSaEspOutDestIdType IpsecDoiIdentType,
 wgIpsecSaEspOutProtocol Integer32,
 wgIpsecSaEspOutSourcePort Integer32,
 wgIpsecSaEspOutDestPort Integer32,

 wgIpsecSaEspOutCreator IpsecSaCreatorIdent,

 wgIpsecSaEspOutEncapsulation IpsecDoiEncapsulationMode,
 wgIpsecSaEspOutEncAlg IpsecDoiEspTransform,
 wgIpsecSaEspOutEncKeyLength Integer32,
 wgIpsecSaEspOutAuthAlg IpsecDoiAuthAlgorithm,

 wgIpsecSaEspOutLimitSeconds Integer32,
 wgIpsecSaEspOutLimitKbytes Integer32,

 wgIpsecSaEspOutAccSeconds Counter32,
 wgIpsecSaEspOutAccKbytes Counter32,
 wgIpsecSaEspOutUserOctets Counter32,
 wgIpsecSaEspOutPackets Counter32,

 wgIpsecSaEspOutSendErrors Counter32
    }


 wgIpsecSaEspOutAddress OBJECT-TYPE
 SYNTAX IpAddress
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The destination address of the SA.

 For implementations that do not support IPv6, this address
 should appear as one of the IPv4-mapped IPv6 addresses as
 defined in Section 2.5.4 of [IPV6AA].

 Specifically, the prefix '0000:0000:0000:0000:0000:FFFF:' is
 used for IPv4 only nodes, while the prefix
 '0000:0000:0000:0000:0000:0000:' is used for bi-lingual
 nodes."
 ::= { wgIpsecSaEspOutEntry 1 }

 wgIpsecSaEspOutSpi OBJECT-TYPE
 SYNTAX Integer32
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The security parameters index of the SA."
 REFERENCE "RFC 2406 Section 2.1"
 ::= { wgIpsecSaEspOutEntry 2 }

 wgIpsecSaEspOutSourceId OBJECT-TYPE
 SYNTAX OCTET STRING (SIZE (4..255))
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The source identifier of the SA, or 0 if unknown or if the
 SA uses transport mode encapsulation.

 This value is taken directly from the optional ID payloads
 that are exchange during phase 2 negotiations."
 ::= { wgIpsecSaEspOutEntry 3 }

 wgIpsecSaEspOutSourceIdType OBJECT-TYPE
 SYNTAX IpsecDoiIdentType
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The type of identifier presented by
 'wgIpsecSaEspOutSourceId', or 0 if unknown or if the SA uses
 transport mode encapsulation."
 ::= { wgIpsecSaEspOutEntry 4 }

 wgIpsecSaEspOutDestId OBJECT-TYPE
 SYNTAX OCTET STRING (SIZE (4..255))
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The destination identifier of the SA, or 0 if unknown or if
 the SA uses transport mode encapsulation.

 This value is taken directly from the optional ID payloads
 that are exchange during phase 2 negotiations."
 ::= { wgIpsecSaEspOutEntry 5 }

 wgIpsecSaEspOutDestIdType OBJECT-TYPE
 SYNTAX IpsecDoiIdentType
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The type of identifier presented by 'wgIpsecSaEspOutDestId',
 or 0 if unknown or if the SA uses transport mode
 encapsulation."
 ::= { wgIpsecSaEspOutEntry 6 }

 wgIpsecSaEspOutProtocol OBJECT-TYPE
 SYNTAX Integer32 (0..255)
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The transport-layer protocol number that this SA carries,
 or 0 if it carries any protocol."
 REFERENCE "RFC2401 section 4.4.2"
 ::= { wgIpsecSaEspOutEntry 7 }

 wgIpsecSaEspOutSourcePort OBJECT-TYPE
 SYNTAX Integer32 (0.. 65535)
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The source port number of the protocol that this SA
 carries, or 0 if it carries any port number."
 REFERENCE "RFC2401 section 4.4.2"
 ::= { wgIpsecSaEspOutEntry 8 }

 wgIpsecSaEspOutDestPort OBJECT-TYPE
 SYNTAX Integer32 (0.. 65535)
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The destination port number of the protocol that this SA
 carries, or 0 if it carries any port number."
 REFERENCE "RFC2401 section 4.4.2"
 ::= { wgIpsecSaEspOutEntry 9 }

 wgIpsecSaEspOutCreator OBJECT-TYPE
 SYNTAX IpsecSaCreatorIdent
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The creator of this SA.

 This MIB makes no assumptions about how the SAs are created.
 They may be created statically, or by a key exchange
 protocol such as IKE, or by some other method."
 ::= { wgIpsecSaEspOutEntry 10 }

 wgIpsecSaEspOutEncapsulation OBJECT-TYPE
 SYNTAX IpsecDoiEncapsulationMode
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The type of encapsulation used by this SA."
 ::= { wgIpsecSaEspOutEntry 11 }

 wgIpsecSaEspOutEncAlg OBJECT-TYPE
 SYNTAX IpsecDoiEspTransform
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "A unique value representing the encryption algorithm
 applied to traffic or 0 if there is no encryption used."
 ::= { wgIpsecSaEspOutEntry 12 }

 wgIpsecSaEspOutEncKeyLength OBJECT-TYPE
 SYNTAX Integer32 (0..65531)
 UNITS "bits"
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The length of the encryption key in bits used for the
 algorithm specified in the 'wgIpsecSaEspOutEncAlg' object, or
 0 if the key length is implicit in the specified algorithm
 or there is no encryption specified."
 ::= { wgIpsecSaEspOutEntry 13 }

 wgIpsecSaEspOutAuthAlg OBJECT-TYPE
 SYNTAX IpsecDoiAuthAlgorithm
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "A unique value representing the hash algorithm applied to
 traffic or 0 if there is no authentication used."
 ::= { wgIpsecSaEspOutEntry 14 }

 wgIpsecSaEspOutLimitSeconds OBJECT-TYPE
 SYNTAX Integer32
 UNITS "seconds"
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The maximum lifetime in seconds of the SA, or 0 if there is
 no time constraint on its expiration.

 The display value is limited to 4294967295 seconds (more
 than 136 years); values greater than that value will be
 truncated."
 ::= { wgIpsecSaEspOutEntry 15 }

 wgIpsecSaEspOutLimitKbytes OBJECT-TYPE
 SYNTAX Integer32
 UNITS "kilobytes"
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The maximum traffic in kbytes that the SA is allowed to
 support, or 0 if there is no traffic constraint on its
 expiration.

 The display value is limited to 4294967295 kilobytes; values
 greater than that value will be truncated."
 ::= { wgIpsecSaEspOutEntry 16 }

 wgIpsecSaEspOutAccSeconds OBJECT-TYPE
 SYNTAX Counter32
 UNITS "seconds"
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The number of seconds accumulated against the SA's
 expiration by time.

 This is also the number of seconds that the SA has existed."
 ::= { wgIpsecSaEspOutEntry 17 }

 wgIpsecSaEspOutAccKbytes OBJECT-TYPE
 SYNTAX Counter32
 UNITS "kilobytes"
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The amount of traffic accumulated that counts against the
 SA's expiration by traffic limitation, measured in Kbytes.

 This value may be 0 if the SA does not expire based on
 traffic."
 ::= { wgIpsecSaEspOutEntry 18 }

 wgIpsecSaEspOutUserOctets OBJECT-TYPE
 SYNTAX Counter32
 UNITS "bytes"
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The amount of user level traffic measured in bytes handled
 by the SA.

 This is not necessarily the same as the amount of traffic
 applied against the traffic expiration limit."
 ::= { wgIpsecSaEspOutEntry 19 }

 wgIpsecSaEspOutPackets OBJECT-TYPE
 SYNTAX Counter32
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The number of packets handled by the SA."
 ::= { wgIpsecSaEspOutEntry 20 }

 wgIpsecSaEspOutSendErrors OBJECT-TYPE
 SYNTAX Counter32
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The number of packets discarded by the SA due to any error.
 This may include errors due to a lack of transmit buffers."
 ::= { wgIpsecSaEspOutEntry 21 }


 -- the IPSec Outbound AH MIB-Group
    --
 -- a collection of objects providing information about
 -- IPSec Outbound AH SAs

 wgIpsecSaAhOutTable OBJECT-TYPE
 SYNTAX SEQUENCE OF WGIpsecSaAhOutEntry
 MAX-ACCESS not-accessible
 STATUS current
 DESCRIPTION
 "The (conceptual) table containing information on IPSec
 Outbound AH SAs.

 There should be one row for every outbound AH security
 association that exists in the entity. The maximum number of
 rows is implementation dependent."
 ::= { wgSaTables 5 }

 wgIpsecSaAhOutEntry OBJECT-TYPE
 SYNTAX WGIpsecSaAhOutEntry
 MAX-ACCESS not-accessible
 STATUS current
 DESCRIPTION
 "An entry (conceptual row) containing the information on a
 particular IPSec Outbound AH SA.

 A row in this table cannot be created or deleted by SNMP
 operations on columns of the table."
 INDEX{ wgIpsecSaAhOutAddress, wgIpsecSaAhOutSpi }
 ::= { wgIpsecSaAhOutTable 1 }

 WGIpsecSaAhOutEntry ::= SEQUENCE {

 wgIpsecSaAhOutAddress IpAddress,
 wgIpsecSaAhOutSpi Integer32,

 wgIpsecSaAhOutSourceId OCTET STRING,
 wgIpsecSaAhOutSourceIdType IpsecDoiIdentType,
 wgIpsecSaAhOutDestId OCTET STRING,
 wgIpsecSaAhOutDestIdType IpsecDoiIdentType,
 wgIpsecSaAhOutProtocol Integer32,
 wgIpsecSaAhOutSourcePort Integer32,
 wgIpsecSaAhOutDestPort Integer32,

 wgIpsecSaAhOutCreator IpsecSaCreatorIdent,

 wgIpsecSaAhOutEncapsulation IpsecDoiEncapsulationMode,
 wgIpsecSaAhOutAuthAlg IpsecDoiAhTransform,

 wgIpsecSaAhOutLimitSeconds Integer32,
 wgIpsecSaAhOutLimitKbytes Integer32,

 wgIpsecSaAhOutAccSeconds Counter32,
 wgIpsecSaAhOutAccKbytes Counter32,
 wgIpsecSaAhOutUserOctets Counter32,
 wgIpsecSaAhOutPackets Counter32,

 wgIpsecSaAhOutSendErrors Counter32
    }


 wgIpsecSaAhOutAddress OBJECT-TYPE
 SYNTAX IpAddress
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The destination address of the SA.

 For implementations that do not support IPv6, this address
 should appear as one of the IPv4-mapped IPv6 addresses as
 defined in Section 2.5.4 of [IPV6AA].

 Specifically, the prefix '0000:0000:0000:0000:0000:FFFF:' is
 used for IPv4 only nodes, while the prefix
 '0000:0000:0000:0000:0000:0000:' is used for bi-lingual
 nodes."
 ::= { wgIpsecSaAhOutEntry 1 }

 wgIpsecSaAhOutSpi OBJECT-TYPE
 SYNTAX Integer32
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The security parameters index of the SA."
 REFERENCE "RFC 2402 Section 2.4"
 ::= { wgIpsecSaAhOutEntry 2 }

 wgIpsecSaAhOutSourceId OBJECT-TYPE
 SYNTAX OCTET STRING (SIZE (4..255))
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The source identifier of the SA, or 0 if unknown or if the
 SA uses transport mode encapsulation.

 This value is taken directly from the optional ID payloads
 that are exchange during phase 2 negotiations."
 ::= { wgIpsecSaAhOutEntry 3 }

 wgIpsecSaAhOutSourceIdType OBJECT-TYPE
 SYNTAX IpsecDoiIdentType
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The type of identifier presented by 'wgIpsecSaAhOutSourceId',
 or 0 if unknown or if the SA uses transport mode
 encapsulation."
 ::= { wgIpsecSaAhOutEntry 4 }

 wgIpsecSaAhOutDestId OBJECT-TYPE
 SYNTAX OCTET STRING (SIZE (4..255))
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The destination identifier of the SA, or 0 if unknown or if
 the SA uses transport mode encapsulation.

 This value is taken directly from the optional ID payloads
 that are exchange during phase 2 negotiations."
 ::= { wgIpsecSaAhOutEntry 5 }

 wgIpsecSaAhOutDestIdType OBJECT-TYPE
 SYNTAX IpsecDoiIdentType
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The type of identifier presented by 'wgIpsecSaAhOutDestId',
 or 0 if unknown or if the SA uses transport mode
 encapsulation."
 ::= { wgIpsecSaAhOutEntry 6 }

 wgIpsecSaAhOutProtocol OBJECT-TYPE
 SYNTAX Integer32 (0..255)
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The transport-layer protocol number that this SA carries,
 or 0 if it carries any protocol."
 REFERENCE "RFC2401 section 4.4.2"
 ::= { wgIpsecSaAhOutEntry 7 }

 wgIpsecSaAhOutSourcePort OBJECT-TYPE
 SYNTAX Integer32 (0.. 65535)
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The source port number of the protocol that this SA
 carries, or 0 if it carries any port number."
 REFERENCE "RFC2401 section 4.4.2"
 ::= { wgIpsecSaAhOutEntry 8 }

 wgIpsecSaAhOutDestPort OBJECT-TYPE
 SYNTAX Integer32 (0.. 65535)
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The destination port number of the protocol that this SA
 carries, or 0 if it carries any port number."
 REFERENCE "RFC2401 section 4.4.2"
 ::= { wgIpsecSaAhOutEntry 9 }

 wgIpsecSaAhOutCreator OBJECT-TYPE
 SYNTAX IpsecSaCreatorIdent
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The creator of this SA.

 This MIB makes no assumptions about how the SAs are created.
 They may be created statically, or by a key exchange
 protocol such as IKE, or by some other method."
 ::= { wgIpsecSaAhOutEntry 10 }

 wgIpsecSaAhOutEncapsulation OBJECT-TYPE
 SYNTAX IpsecDoiEncapsulationMode
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The type of encapsulation used by this SA."
 ::= { wgIpsecSaAhOutEntry 11 }

 wgIpsecSaAhOutAuthAlg OBJECT-TYPE
 SYNTAX IpsecDoiAhTransform
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "A unique value representing the hash algorithm applied to
 traffic or 0 if there is no authentication used."
 ::= { wgIpsecSaAhOutEntry 12 }

 wgIpsecSaAhOutLimitSeconds OBJECT-TYPE
 SYNTAX Integer32
 UNITS "seconds"
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The maximum lifetime in seconds of the SA, or 0 if there is
 no time constraint on its expiration.

 The display value is limited to 4294967295 seconds (more
 than 136 years); values greater than that value will be
 truncated."
 ::= { wgIpsecSaAhOutEntry 13 }

 wgIpsecSaAhOutLimitKbytes OBJECT-TYPE
 SYNTAX Integer32
 UNITS "kilobytes"
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The maximum traffic in Kbytes that the SA is allowed to
 support, or 0 if there is no traffic constraint on its
 expiration.

 The display value is limited to 4294967295 kilobytes; values
 greater than that value will be truncated."
 ::= { wgIpsecSaAhOutEntry 14 }

 wgIpsecSaAhOutAccSeconds OBJECT-TYPE
 SYNTAX Counter32
 UNITS "seconds"
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The number of seconds accumulated against the SA's
 expiration by time.

 This is also the number of seconds that the SA has existed."
 ::= { wgIpsecSaAhOutEntry 15 }

 wgIpsecSaAhOutAccKbytes OBJECT-TYPE
 SYNTAX Counter32
 UNITS "kilobytes"
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The amount of traffic accumulated that counts against the
 SA's expiration by traffic limitation, measured in Kbytes.

 This value may be 0 if the SA does not expire based on
 traffic."
 ::= { wgIpsecSaAhOutEntry 16 }

 wgIpsecSaAhOutUserOctets OBJECT-TYPE
 SYNTAX Counter32
 UNITS "bytes"
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The amount of user level traffic measured in bytes handled
 by the SA.

 This is not necessarily the same as the amount of traffic
 applied against the traffic expiration limit."
 ::= { wgIpsecSaAhOutEntry 17 }

 wgIpsecSaAhOutPackets OBJECT-TYPE
 SYNTAX Counter32
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The number of packets handled by the SA."
 ::= { wgIpsecSaAhOutEntry 18 }

 wgIpsecSaAhOutSendErrors OBJECT-TYPE
 SYNTAX Counter32
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The number of packets discarded by the SA due to any error.
 This may include errors due to a lack of transmit buffers."
 ::= { wgIpsecSaAhOutEntry 19 }


 -- the IPSec Outbound IPCOMP MIB-Group
    --
 -- a collection of objects providing information about
 -- IPSec Outbound IPCOMP SAs

 wgIpsecSaIpcompOutTable OBJECT-TYPE
 SYNTAX SEQUENCE OF WGIpsecSaIpcompOutEntry
 MAX-ACCESS not-accessible
 STATUS current
 DESCRIPTION
 "The (conceptual) table containing information on IPSec
 Outbound IPCOMP SAs.

 There should be one row for every outbound IPCOMP (security)
 association that exists in the entity. The maximum number of
 rows is implementation dependent."
 ::= { wgSaTables 6 }

 wgIpsecSaIpcompOutEntry OBJECT-TYPE
 SYNTAX WGIpsecSaIpcompOutEntry
 MAX-ACCESS not-accessible
 STATUS current
 DESCRIPTION
 "An entry (conceptual row) containing the information on a
 particular IPSec Outbound IPCOMP SA.

 A row in this table cannot be created or deleted by SNMP
 operations on columns of the table."
 INDEX{ wgIpsecSaIpcompOutAddress, wgIpsecSaIpcompOutCpi }
 ::= { wgIpsecSaIpcompOutTable 1 }

 WGIpsecSaIpcompOutEntry ::= SEQUENCE {

 wgIpsecSaIpcompOutAddress IpAddress,
 wgIpsecSaIpcompOutCpi IpsecDoiIpcompTransform,

 wgIpsecSaIpcompOutSourceId OCTET STRING,
 wgIpsecSaIpcompOutSourceIdType IpsecDoiIdentType,
 wgIpsecSaIpcompOutDestId OCTET STRING,
 wgIpsecSaIpcompOutDestIdType IpsecDoiIdentType,
 wgIpsecSaIpcompOutProtocol Integer32,
 wgIpsecSaIpcompOutSourcePort Integer32,
 wgIpsecSaIpcompOutDestPort Integer32,

 wgIpsecSaIpcompOutCreator IpsecSaCreatorIdent,

 wgIpsecSaIpcompOutEncapsulation IpsecDoiEncapsulationMode,
 wgIpsecSaIpcompOutCompAlg IpsecDoiIpcompTransform,

 wgIpsecSaIpcompOutSeconds Counter32,
 wgIpsecSaIpcompOutUserOctets Counter32,
 wgIpsecSaIpcompOutPackets Counter32
    }

 wgIpsecSaIpcompOutAddress OBJECT-TYPE
 SYNTAX IpAddress
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The destination address of the SA.

 If the IPCOMP SA is shared across multiple SAs in protection
 suites, this value may be 0.

 For implementations that do not support IPv6, this address
 should appear as one of the IPv4-mapped IPv6 addresses as
 defined in Section 2.5.4 of [IPV6AA].

 Specifically, the prefix '0000:0000:0000:0000:0000:FFFF:' is
 used for IPv4 only nodes, while the prefix
 '0000:0000:0000:0000:0000:0000:' is used for bi-lingual
 nodes."
 ::= { wgIpsecSaIpcompOutEntry 1 }

 wgIpsecSaIpcompOutCpi OBJECT-TYPE
 SYNTAX IpsecDoiIpcompTransform
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The CPI of the SA. Since the lower values of CPIs are
 reserved to be the same as the algorithm, the syntax for
 this object is the same as the transform."
 REFERENCE "RFC 2393 Section 3.3"
 ::= { wgIpsecSaIpcompOutEntry 2 }

 wgIpsecSaIpcompOutSourceId OBJECT-TYPE
 SYNTAX OCTET STRING (SIZE (4..255))
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The source identifier of the SA, or 0 if unknown or if the
 SA uses transport mode encapsulation, or 0 if this SA is
 used with multiple SAs in protection suites.

 This value, if non-zero, is taken directly from the optional
 ID payloads that are exchange during phase 2 negotiations."
 ::= { wgIpsecSaIpcompOutEntry 3 }

 wgIpsecSaIpcompOutSourceIdType OBJECT-TYPE
 SYNTAX IpsecDoiIdentType
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The type of identifier presented by
 'wgIpsecSaIpcompOutSourceId', or 0 if unknown or if the SA
 uses transport mode encapsulation, or 0 if this SA is used
 with multiple SAs in protection suites."
 ::= { wgIpsecSaIpcompOutEntry 4 }

 wgIpsecSaIpcompOutDestId OBJECT-TYPE
 SYNTAX OCTET STRING (SIZE (4..255))
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The destination identifier of the SA, or 0 if unknown or if
 the SA uses transport mode encapsulation, or 0 if this SA is
 used with multiple SAs in protection suites.

 This value, if non-zero, is taken directly from the optional
 ID payloads that are exchange during phase 2 negotiations."
 ::= { wgIpsecSaIpcompOutEntry 5 }

 wgIpsecSaIpcompOutDestIdType OBJECT-TYPE
 SYNTAX IpsecDoiIdentType
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The type of identifier presented by
 'wgIpsecSaIpcompOutDestId', or 0 if unknown or if the SA uses
 transport mode encapsulation, or 0 if this SA is used with
 multiple SAs in protection suites."
 ::= { wgIpsecSaIpcompOutEntry 6 }

 wgIpsecSaIpcompOutProtocol OBJECT-TYPE
 SYNTAX Integer32 (0..255)
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The transport-layer protocol number that this SA carries,
 or 0 if it carries any protocol."
 REFERENCE "RFC2401 section 4.4.2"
 ::= { wgIpsecSaIpcompOutEntry 7 }

 wgIpsecSaIpcompOutSourcePort OBJECT-TYPE
 SYNTAX Integer32 (0.. 65535)
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The source port number of the protocol that this SA
 carries, or 0 if it carries any port number."
 REFERENCE "RFC2401 section 4.4.2"
 ::= { wgIpsecSaIpcompOutEntry 8 }

 wgIpsecSaIpcompOutDestPort OBJECT-TYPE
 SYNTAX Integer32 (0.. 65535)
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The destination port number of the protocol that this SA
 carries, or 0 if it carries any port number."
 REFERENCE "RFC2401 section 4.4.2"
 ::= { wgIpsecSaIpcompOutEntry 9 }

 wgIpsecSaIpcompOutCreator OBJECT-TYPE
 SYNTAX IpsecSaCreatorIdent
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The creator of this SA.

 This MIB makes no assumptions about how the SAs are created.
 They may be created statically, or by a key exchange
 protocol such as IKE, or by some other method."
 ::= { wgIpsecSaIpcompOutEntry 10 }

 wgIpsecSaIpcompOutEncapsulation OBJECT-TYPE
 SYNTAX IpsecDoiEncapsulationMode
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The type of encapsulation used by this SA."
 ::= { wgIpsecSaIpcompOutEntry 11 }

 wgIpsecSaIpcompOutCompAlg OBJECT-TYPE
 SYNTAX IpsecDoiIpcompTransform
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "A unique value representing the compression algorithm
 applied to traffic."
 ::= { wgIpsecSaIpcompOutEntry 12 }

 wgIpsecSaIpcompOutSeconds OBJECT-TYPE
 SYNTAX Counter32
 UNITS "seconds"
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The number of seconds that the SA has existed."
 ::= { wgIpsecSaIpcompOutEntry 13 }

 wgIpsecSaIpcompOutUserOctets OBJECT-TYPE
 SYNTAX Counter32
 UNITS "bytes"
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The amount of user level traffic measured in bytes handled
 by the SA.

 This is not necessarily the same as the amount of traffic
 applied against the traffic expiration limit."
 ::= { wgIpsecSaIpcompOutEntry 14 }

 wgIpsecSaIpcompOutPackets OBJECT-TYPE
 SYNTAX Counter32
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The number of packets handled by the SA."
 ::= { wgIpsecSaIpcompOutEntry 15 }


    --
 -- entity IPSec statistics
    --
 wgIpsecEspCurrentInboundSAs OBJECT-TYPE
 SYNTAX Gauge32
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The current number of inbound ESP SAs in the entity."
 ::= { wgSaStatistics 1 }

 wgIpsecEspTotalInboundSAs OBJECT-TYPE
 SYNTAX Counter32
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The total number of inbound ESP SAs created in the entity
 since boot time."
 ::= { wgSaStatistics 2 }

 wgIpsecEspCurrentOutboundSAs OBJECT-TYPE
 SYNTAX Gauge32
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The current number of outbound ESP SAs in the entity."
 ::= { wgSaStatistics 3 }

 wgIpsecEspTotalOutboundSAs OBJECT-TYPE
 SYNTAX Counter32
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The total number of outbound ESP SAs created in the entity
 since boot time."
 ::= { wgSaStatistics 4 }

 wgIpsecAhCurrentInboundSAs OBJECT-TYPE
 SYNTAX Gauge32
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The current number of inbound AH SAs in the entity."
 ::= { wgSaStatistics 5 }

 wgIpsecAhTotalInboundSAs OBJECT-TYPE
 SYNTAX Counter32
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The total number of inbound AH SAs created in the entity
 since boot time."
 ::= { wgSaStatistics 6 }

 wgIpsecAhCurrentOutboundSAs OBJECT-TYPE
 SYNTAX Gauge32
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The current number of outbound AH SAs in the entity."
 ::= { wgSaStatistics 7 }

 wgIpsecAhTotalOutboundSAs OBJECT-TYPE
 SYNTAX Counter32
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The total number of outbound AH SAs created in the entity
 since boot time."
 ::= { wgSaStatistics 8 }

 wgIpsecIpcompCurrentInboundSAs OBJECT-TYPE
 SYNTAX Gauge32
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The current number of inbound IPCOMP SAs in the entity."
 ::= { wgSaStatistics 9 }

 wgIpsecIpcompTotalInboundSAs OBJECT-TYPE
 SYNTAX Counter32
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The total number of inbound IPCOMP SAs created in the
 entity since boot time."
 ::= { wgSaStatistics 10 }

 wgIpsecIpcompCurrentOutboundSAs OBJECT-TYPE
 SYNTAX Gauge32
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The current number of outbound IPCOMP SAs in the entity."
 ::= { wgSaStatistics 11 }

 wgIpsecIpcompTotalOutboundSAs OBJECT-TYPE
 SYNTAX Counter32
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The total number of outbound IPCOMP SAs created in the
 entity since boot time."
 ::= { wgSaStatistics 12 }


    --
 -- IPSec error counts
    --

 wgIpsecDecryptionErrors OBJECT-TYPE
 SYNTAX Counter32
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The total number of packets received by the entity in SAs
 since boot time with decryption errors."
 ::= { wgSaErrors 1 }

 wgIpsecAuthenticationErrors OBJECT-TYPE
 SYNTAX Counter32
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The total number of packets received by the entity in SAs
 since boot time with authentication errors.

 This includes all packets in which the hash value is
 determined to be invalid, for both ESP and AH SAs."
 ::= { wgSaErrors 2 }

 wgIpsecReplayErrors OBJECT-TYPE
 SYNTAX Counter32
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The total number of packets received by the entity in SAs
 since boot time with replay errors."
 ::= { wgSaErrors 3 }

 wgIpsecPolicyErrors OBJECT-TYPE
 SYNTAX Counter32
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The total number of packets received by the entity in SAs
 since boot time and discarded due to policy errors. This
 includes packets that had selectors that were invalid for
 the SA that carried them."
 ::= { wgSaErrors 4 }

 wgIpsecOtherReceiveErrors OBJECT-TYPE
 SYNTAX Counter32
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The total number of packets received by the entity in SAs
 since boot time and discarded due to errors not due to
 decryption, authentication, replay or policy."
 ::= { wgSaErrors 5 }

 wgIpsecSendErrors OBJECT-TYPE
 SYNTAX Counter32
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The total number of packets to be sent by the entity in SAs
 since boot time and discarded due to errors."
 ::= { wgSaErrors 6 }

 wgIpsecUnknownSpiErrors OBJECT-TYPE
 SYNTAX Counter32
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The total number of packets received by the entity since
 boot time with SPIs or CPIs that were not valid."
 ::= { wgSaErrors 7 }

END

IPSec 端点对 MIB 定义

文件名 — WATCHGUARD-IPSEC-ENDPOINT-PAIR-MIB

WATCHGUARD-IPSEC-ENDPOINT-PAIR-MIB DEFINITIONS ::= BEGIN

 IMPORTS
 MODULE-IDENTITY, OBJECT-TYPE, Unsigned32, Gauge32,
 OBJECT-IDENTITY, enterprises,
 IpAddress FROM SNMPv2-SMI
 watchguard FROM WATCHGUARD-SMI;

 wgIpsecEndpointPairModule MODULE-IDENTITY
 LAST-UPDATED "200701251200Z"
 ORGANIZATION "WatchGuard Technologies, Inc."
 CONTACT-INFO
 " Ella Yu
 WatchGuard Technologies, Inc.
 1841 Zanker Road
 San Jose, CA 95112
 USA

                      408-519-4888
 ella.yu@watchguard.com "

 DESCRIPTION
 "The MIB module describes generic Ipsec Endpoint Pair information
 of WatchGuard system. Mainly, the information 
 obtained from this MIB is used to constructed topological
 view of IPSec security gateways that are connected by
 IPSec tunnels. 
               
 An IPSec Endpoint Pair is a pair of security gateways that
 are connected with 0 or more IPSec SA's in tunnel mode. 
 It contains information of aggregated information 
 of tunnel mode SA's between two security gateways.

 An IPSec Endpoint Pair is identified by a pair of IP addresses.
 Therefore, if an IPSec security gateway X has 2 external
 IP addresses while IPsec secruity gateway Y has 3 external
 IP addresses, there are potentially 6 IPsec Endpoint Pairs
 between X and Y."


 REVISION "200701251200Z"
 DESCRIPTION
 "Initial revision."
 ::= { watchguard 5 }


 wgIpsecEndpointPairMIB OBJECT-IDENTITY
 STATUS current
 DESCRIPTION
 "This is the base object identifier for all IPSec tunnel
 branches."
 ::= { wgIpsecEndpointPairModule 1 }

 wgIpsecEndpointPair OBJECT-IDENTITY
 STATUS current
 DESCRIPTION
 "This is the base object identifier for all IPSec
 tunnel information."
 ::= { wgIpsecEndpointPairMIB 1 }

 wgIpsecEndpointPairStatistics OBJECT-IDENTITY
 STATUS current
 DESCRIPTION
 "This is the base object identifier for all objects which
 are global counters for IPSec tunnels."
 ::= { wgIpsecEndpointPairMIB 2 }


 wgIpsecEndpointPairNum OBJECT-TYPE
 SYNTAX Unsigned32
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The total number of entries in the wgIpsecEndpointPairTable. "
 ::= { wgIpsecEndpointPair 1 }

 wgIpsecEndpointPairTable OBJECT-TYPE
 SYNTAX SEQUENCE OF WGIpsecEndpointPairEntry
 MAX-ACCESS not-accessible
 STATUS current
 DESCRIPTION
 "This is the connection table describing all current
 IPSec tunnels exist on this entity."
 ::= { wgIpsecEndpointPair 2 }


 wgIpsecEndpointPairEntry OBJECT-TYPE
 SYNTAX WGIpsecEndpointPairEntry
 MAX-ACCESS not-accessible
 STATUS current
 DESCRIPTION
 "An entry (conceptual row) containing the information on a
 IPSec tunnel between two IPSec security gateways."
 INDEX{ wgIpsecEndpointPairIndex }
 ::= { wgIpsecEndpointPairTable 1 }

 WGIpsecEndpointPairEntry ::= SEQUENCE {

 wgIpsecEndpointPairIndex Integer32,

 wgIpsecEndpointPairLocalAddr IpAddress,
 wgIpsecEndpointPairPeerAddr IpAddress,


 wgIpsecEndpointPairInSAs Unsigned32,
 wgIpsecEndpointPairOutSAs Unsigned32,
 wgIpsecEndpointPairInAccKbytes Counter32,
 wgIpsecEndpointPairOutAccKbytes Counter32,
 wgIpsecEndpointPairInPackets Counter32,
 wgIpsecEndpointPairOutPackets Counter32,
 wgIpsecEndpointPairDecryptErrors Counter32,
 wgIpsecEndpointPairAuthErrors Counter32,
 wgIpsecEndpointPairReplayErrors Counter32,
 wgIpsecEndpointPairPolicyErrors Counter32,
 wgIpsecEndpointPairPadErrors Counter32,
 wgIpsecEndpointPairOtherReceiveErrors Counter32,
 wgIpsecEndpointPairSendErrors Counter32

    }

 wgIpsecEndpointPairIndex OBJECT-TYPE
 SYNTAX Integer32
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The running index of this IPSec endpoint pair."
 ::= { wgIpsecEndpointPairEntry 1 }

 wgIpsecEndpointPairLocalAddr OBJECT-TYPE
 SYNTAX IpAddress
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The local IP address of the current IPSec ednpoint pair."
 ::= { wgIpsecEndpointPairEntry 2 }

 wgIpsecEndpointPairPeerAddr OBJECT-TYPE
 SYNTAX IpAddress
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The remote IP address of the current IPSec endpoint pair."
 ::= { wgIpsecEndpointPairEntry 3 }


 wgIpsecEndpointPairInSAs OBJECT-TYPE
 SYNTAX Unsigned32
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The number of inbound IPSEC SA's within this
 IPSec endpoint pair."
 ::= { wgIpsecEndpointPairEntry 4 }

 wgIpsecEndpointPairOutSAs OBJECT-TYPE
 SYNTAX Unsigned32
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The number of outbound IPSEC SA's within this
 IPSec endpoint pair."
 ::= { wgIpsecEndpointPairEntry 5 }

 wgIpsecEndpointPairInAccKbytes OBJECT-TYPE
 SYNTAX Counter32
 UNITS "Kbytes"
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "Total inbound traffic in Kbytes since the establish of
 this connection."
 ::= { wgIpsecEndpointPairEntry 6 }

 wgIpsecEndpointPairOutAccKbytes OBJECT-TYPE
 SYNTAX Counter32
 UNITS "Kbytes"
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "Total outound traffic in Kbytes since the establish of
 this connection."
 ::= { wgIpsecEndpointPairEntry 7 }

 wgIpsecEndpointPairInPackets OBJECT-TYPE
 SYNTAX Counter32
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "Total number of inbound packets since the establish of
 this connection."
 ::= { wgIpsecEndpointPairEntry 8 }

 wgIpsecEndpointPairOutPackets OBJECT-TYPE
 SYNTAX Counter32
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "Total number of outound packets since the establish of
 this connection."
 ::= { wgIpsecEndpointPairEntry 9 }

 wgIpsecEndpointPairDecryptErrors OBJECT-TYPE
 SYNTAX Counter32
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "Total number of packets discarded due to decryption
 error since the establish of this connection."
 ::= { wgIpsecEndpointPairEntry 10 }

 wgIpsecEndpointPairAuthErrors OBJECT-TYPE
 SYNTAX Counter32
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "Total number of packets discarded due to authentication
 error since the establish of this connection."
 ::= { wgIpsecEndpointPairEntry 11 }

 wgIpsecEndpointPairReplayErrors OBJECT-TYPE
 SYNTAX Counter32
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "Total number of packets discarded due to replay
 error since the establish of this connection."
 ::= { wgIpsecEndpointPairEntry 12}

 wgIpsecEndpointPairPolicyErrors OBJECT-TYPE
 SYNTAX Counter32
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "Total number of packets discarded due to policy
 error since the establish of this connection."
 ::= { wgIpsecEndpointPairEntry 13 }

 wgIpsecEndpointPairPadErrors OBJECT-TYPE
 SYNTAX Counter32
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "Total number of packets discarded due to pad value
 error since the establish of this connection."
 ::= { wgIpsecEndpointPairEntry 14 }

 wgIpsecEndpointPairOtherReceiveErrors OBJECT-TYPE
 SYNTAX Counter32
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The number of packets discarded due to errors
 other than decryption, authentication or replay errors. This
 may include packets dropped due to a lack of receive
 buffers, and may include packets dropped due to congestion
 at the decryption element."
 ::= { wgIpsecEndpointPairEntry 15 }

 wgIpsecEndpointPairSendErrors OBJECT-TYPE
 SYNTAX Counter32
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The number of packets discarded due to any error.
 This may include errors due to a lack of transmit buffers."
 ::= { wgIpsecEndpointPairEntry 16 }


 -- global statistics

 wgIpsecEndpointPairTotalInSAs OBJECT-TYPE
 SYNTAX Gauge32
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The total number of active inbound SA's in the entity."
 ::= { wgIpsecEndpointPairStatistics 1 }

 wgIpsecEndpointPairTotalOutSAs OBJECT-TYPE
 SYNTAX Gauge32
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The total number of active outbound SA's in the entity."
 ::= { wgIpsecEndpointPairStatistics 2 }

 wgIpsecEndpointPairTotalInAccKbytes OBJECT-TYPE
 SYNTAX Counter32
 UNITS "Kbytes"
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The total inbound IPsec traffic of this entity."
 ::= { wgIpsecEndpointPairStatistics 3 }

 wgIpsecEndpointPairTotalOutAccKbytes OBJECT-TYPE
 SYNTAX Counter32
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The total outbound IPsec traffic of this entity."
 ::= { wgIpsecEndpointPairStatistics 4 }

 wgIpsecEndpointPairTotalInPackets OBJECT-TYPE
 SYNTAX Counter32
 UNITS "Kbytes"
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The total inbound IPsec packets of this entity."
 ::= { wgIpsecEndpointPairStatistics 5 }

 wgIpsecEndpointPairTotalOutPackets OBJECT-TYPE
 SYNTAX Counter32
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The total outbound IPsec packets of this entity."
 ::= { wgIpsecEndpointPairStatistics 6 }


 wgIpsecEndpointPairTotalDecryptErrors OBJECT-TYPE
 SYNTAX Counter32
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "Total number of packets on this entity discarded due to encryption
 error."
 ::= { wgIpsecEndpointPairStatistics 7 }

 wgIpsecEndpointPairTotalAuthErrors OBJECT-TYPE
 SYNTAX Counter32
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "Total number of packets on this entity discarded 
 due to authentication errors."
 ::= { wgIpsecEndpointPairStatistics 8 }

 wgIpsecEndpointPairTotalReplayErrors OBJECT-TYPE
 SYNTAX Counter32
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "Total number of packets discarded due to replay
 errors on this entity."
 ::= { wgIpsecEndpointPairStatistics 9 }

 wgIpsecEndpointPairTotalPolicyErrors OBJECT-TYPE
 SYNTAX Counter32
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "Total number of packets discarded due to policy
 errors on this entity."
 ::= { wgIpsecEndpointPairStatistics 10 }

 wgIpsecEndpointPairTotalPadErrors OBJECT-TYPE
 SYNTAX Counter32
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "Total number of packets on this entity discarded due to pad value
 error."
 ::= { wgIpsecEndpointPairStatistics 11 }

 wgIpsecEndpointPairTotalOtherReceiveErrors OBJECT-TYPE
 SYNTAX Counter32
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The total number of packets on this entity discarded due to errors
 other than decryption, authentication or replay errors. This
 may include packets dropped due to a lack of receive
 buffers, and may include packets dropped due to congestion
 at the decryption element."
 ::= { wgIpsecEndpointPairStatistics 12 }

 wgIpsecEndpointPairTotalSendErrors OBJECT-TYPE
 SYNTAX Counter32
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The total number of packets discarded due to any error on
 this entity."

 ::= { wgIpsecEndpointPairStatistics 13 }

 wgIpsecEndpointPairPeerIPToTunnel OBJECT-IDENTITY
 STATUS current
 DESCRIPTION
 "This is the base object identifier for all tunnels
 information of the policies."
 ::= {wgIpsecEndpointPairMIB 3}

 wgIpsecEndpointPairPeerIPToTunnelNum OBJECT-TYPE
 SYNTAX Unsigned32
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The total number of tunnels in the peeriptotunnel table. "
 ::= { wgIpsecEndpointPairPeerIPToTunnel 1 }

 wgIpsecEndpointPairPeerIPToTunnelTable OBJECT-TYPE
 SYNTAX SEQUENCE OF WGIpsecEndpointPairPeerIPToTunnelEntry
 MAX-ACCESS not-accessible
 STATUS current
 DESCRIPTION
 "The peeriptotunnel table in the endpointpair mib."
 ::= { wgIpsecEndpointPairPeerIPToTunnel 2 }

 wgIpsecEndpointPairPeerIPToTunnelEntry OBJECT-TYPE
 SYNTAX WGIpsecEndpointPairPeerIPToTunnelEntry
 MAX-ACCESS not-accessible
 STATUS current
 DESCRIPTION
 "An entry (conceptual row) containing the peer ip and tunnel
 information."
 INDEX {
 wgIpsecEndpointPairPeerIPToTunnelPeerIP,
 wgIpsecEndpointPairPeerIPToTunnelTunnelID
        }
 ::= { wgIpsecEndpointPairPeerIPToTunnelTable 1 }

 WGIpsecEndpointPairPeerIPToTunnelEntry ::= SEQUENCE {

 wgIpsecEndpointPairPeerIPToTunnelPeerIP IpAddress,
 wgIpsecEndpointPairPeerIPToTunnelTunnelID Integer32
    }
    
 wgIpsecEndpointPairPeerIPToTunnelPeerIP OBJECT-TYPE
 SYNTAX IpAddress
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The peer ip of the peeriptotunnel table."
 ::= {wgIpsecEndpointPairPeerIPToTunnelEntry 1}
            
 wgIpsecEndpointPairPeerIPToTunnelTunnelID OBJECT-TYPE
 SYNTAX Integer32
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The tunnel id of the peeriptotunnel table."
 ::= {wgIpsecEndpointPairPeerIPToTunnelEntry 2}
        
END

IPSec ISAKMP IKE DOI 文本约定定义

文件名 — IPSEC-ISAKMP-IKE-DOI-TC

IPSEC-ISAKMP-IKE-DOI-TC DEFINITIONS ::= BEGIN

 IMPORTS
 -- make this mib a temporary watchguard extension before it becomes RFC
 watchguard 
 FROM WATCHGUARD-SMI
 -- delete next line before release
 experimental,
 MODULE-IDENTITY, Unsigned32 FROM SNMPv2-SMI
 -- uncomment next line before release
 mib-2 FROM RFC1213-MIB
 TEXTUAL-CONVENTION FROM SNMPv2-TC;

 ipsecIsakmpIkeDoiTC MODULE-IDENTITY
 LAST-UPDATED "9907132145Z"
 ORGANIZATION "Shiva"
 CONTACT-INFO "John Shriver
 Intel Corporation
 28 Crosby Drive
 Bedford, MA 01730

 Phone:
                   +1-781-687-1329

 E-mail:
 John.Shriver@intel.com"

 DESCRIPTION "The MIB module which defines the textual conventions
 used in IPSEC MIBs. This includes Internet DOI
 numbers defined in RFC 2407, ISAKMP numbers defined
 in RFC 2408, and IKE numbers defined in RFC 2409.

 These Textual Conventions are defined in a seperate
 MIB module since they are protocol numbers managed
 by the IANA. Revision control after publication
 will be under the authority of the IANA."
 REVISION "9902181705Z"
 DESCRIPTION "Added IsakmpDOI TEXTUAL-CONVENTION."
 REVISION "9903051545Z"
 DESCRIPTION "Changed CONTACT-INFO."
 REVISION "9907132145Z"
 DESCRIPTION "Put in real experimental branch number for module."
 REVISION "9910051705Z"
 DESCRIPTION "Added exchange types, tracked IKE standard. Split
 IkeNotifyMessageType off of IsakmpNotifyMessageType."
 REVISION "9910151950Z"
 DESCRIPTION "Removed stray comma in IsakmpNotifyMessageType."

 -- replace xxx in next line before release, uncomment before release
 -- ::= { mib-2 xxx }
 -- delete next line before release
 -- ::= { experimental 100 }
 ::= { watchguard 100 }
 -- The first group of textual conventions are based on definitions
 -- in the IPSEC DOI, RFC 2407.

 IpsecDoiSituation ::= TEXTUAL-CONVENTION
 DISPLAY-HINT "x"
 STATUS current
 DESCRIPTION "The IPSEC DOI Situation provides information that
 can be used by the responder to make a policy
 determination about how to process the incoming
 Security Association request.

 It is a four (4) octet bitmask, with the following
 values:

 sitIdentityOnly 0x01
 sitSecrecy 0x02
 sitIntegrity 0x04

 The upper two bits (0x80000000 and 0x40000000) are
 reserved for private use amongst cooperating
 systems."
 REFERENCE "RFC 2407 sections 4.2 and 6.2"
 SYNTAX Unsigned32 (0..4294967295)
 -- The syntax is not BITS, because we want the representation
 -- to be the same here as it is in the ISAKMP/IKE protocols.


 IpsecDoiSecProtocolId ::= TEXTUAL-CONVENTION
 DISPLAY-HINT "d"
 STATUS current
 DESCRIPTION "These are the IPSEC DOI values for the Protocol-Id
 field in an ISAKMP Proposal Payload, and in all
 Notification Payloads.

 They are also used as the Protocol-ID In the
 Notification Payload and the Delete Payload.

 The values 249-255 are reserved for private use
 amongst cooperating systems."
 REFERENCE "RFC 2407 section 4.4.1"
 SYNTAX INTEGER {
 reserved(0), -- reserved in DOI
 protoIsakmp(1), -- message protection
 -- required during Phase I
 -- of the IKE protocol
 protoIpsecAh(2), -- IP packet authentication
 -- via Authentication Header
 protoIpsecEsp(3), -- IP packet confidentiality
 -- via Encapsulating
 -- Security Payload
 protoIpcomp(4) -- IP payload compression
                   }

 IpsecDoiTransformIdent ::= TEXTUAL-CONVENTION
 DISPLAY-HINT "d"
 STATUS current
 DESCRIPTION "The IPSEC DOI ISAKMP Transform Identifier is an
 8-bit value which identifies a key exchange protocol
 to be used for the negotiation. It is used in the
 Transform-Id field of an IKE Phase I Transform
 Payload.

 The values 249-255 are reserved for private use
 amongst cooperating systems."
 REFERENCE "RFC 2407 sections 4.4.2 and 6.3"
 SYNTAX INTEGER {
 reserved(0), -- reserved in DOI
 keyIke(1) -- the hybrid ISAKMP/Oakley
 -- Diffie-Hellman key
 -- exchange
                   }

 IpsecDoiAhTransform ::= TEXTUAL-CONVENTION
 DISPLAY-HINT "d"
 STATUS current
 DESCRIPTION "The IPSEC DOI AH Transform Identifier is an 8-bit
 value which identifies a particular algorithm to be
 used to provide integrity protection for AH. It is
 used in the Tranform-ID field of a ISAKMP Transform
 Payload for the IPSEC DOI, when the Protocol-Id of
 the associated Proposal Payload is 2 (AH).

 The values 249-255 are reserved for private use
 amongst cooperating systems."
 REFERENCE "RFC 2407 sections 4.4.3 and 6.4"
 SYNTAX INTEGER {
 reserved(0), -- reserved in DOI
 reserved1(1), -- reserved
 ahMd5(2), -- generic AH transform
 -- using MD5
 ahSha(3), -- generic AH transform
 -- using SHA-1
 ahDes(4) -- generic AH transform
 -- using DES
                   }

 IpsecDoiEspTransform ::= TEXTUAL-CONVENTION
 DISPLAY-HINT "d"
 STATUS current
 DESCRIPTION "The IPSEC DOI ESP Transform Identifier is an 8-bit
 value which identifies a particular algorithm to be
 used to provide secrecy protection for ESP. It is
 used in the Tranform-ID field of a ISAKMP Transform
 Payload for the IPSEC DOI, when the Protocol-Id of
 the associated Proposal Payload is 2 (AH), 3 (ESP),
 and 4 (IPCOMP).

 The values 249-255 are reserved for private use
 amongst cooperating systems."
 REFERENCE "RFC 2407 sections 4.4.4 and 6.5"
 SYNTAX INTEGER {
 reserved(0), -- reserved in DOI
 espDesIv64(1), -- DES-CBC transform defined
 -- in RFC 1827 and RFC 1829
 -- using a 64-bit IV
 espDes(2), -- generic DES transform
 -- using DES-CBC
 esp3Des(3), -- generic triple-DES
 -- transform
 espRc5(4), -- RC5 transform
 espIdea(5), -- IDEA transform
 espCast(6), -- CAST transform
 espBlowfish(7), -- BLOWFISH transform
 esp3Idea(8), -- reserved for triple-IDEA
 espDesIv32(9), -- DES-CBC transform defined
 -- in RFC 1827 and RFC 1829
 -- using a 32-bit IV
 espRc4(10), -- reserved for RC4
 espNull(11) -- no confidentiality
 -- provided by ESP
                   }

 IpsecDoiAuthAlgorithm ::= TEXTUAL-CONVENTION
 DISPLAY-HINT "d"
 STATUS current
 DESCRIPTION "The ESP Authentication Algorithm used in the IPSEC
 DOI as a SA Attributes definition in the Transform
 Payload of Phase II of an IKE negotiation. This
 set of values defines the AH authentication
 algorithm, when the associated Proposal Payload has
 a Protocol-ID of 2 (AH). This set of values
 defines the ESP authentication algorithm, when the
 associated Proposal Payload has a Protocol-ID
 of 3 (ESP).

 Values 5-61439 are reserved to IANA.

 Values 61440-65535 are for private use.

 In a MIB, a value of 0 indicates that ESP
 has been negotiated without authentication."
 REFERENCE "RFC 2407 section 4.5"
 SYNTAX INTEGER {
 reserved(0), -- reserved in DOI
 hmacMd5(1),
 hmacSha(2),
 desMac(3),
 kpdk(4)
                   }

 IpsecDoiIpcompTransform ::= TEXTUAL-CONVENTION
 DISPLAY-HINT "d"
 STATUS current
 DESCRIPTION "The IPSEC DOI IPCOMP Transform Identifier is an
 8-bit value which identifies a particular algorithm
 to be used to provide IP-level compression before
 ESP. It is used in the Tranform-ID field of a ISAKMP
 Transform Payload for the IPSEC DOI, when the
 Protocol-Id of the associated Proposal Payload
 is 4 (IPCOMP).

 The values 1-47 are reserved for algorithms for which
 an RFC has been approved for publication.

 The values 48-63 are reserved for private use amongst
 cooperating systems.

 The values 64-255 are reserved for future expansion."
 REFERENCE "RFC 2407 sections 4.4.5 and 6.6"
 SYNTAX INTEGER {
 reserved(0), -- reserved in DOI
 ipcompOui(1), -- proprietary compression
 -- transform
 ipcompDeflate(2), -- "zlib" deflate algorithm
 ipcompLzs(3) -- Stac Electronics LZS
                   }

 IpsecDoiEncapsulationMode ::= TEXTUAL-CONVENTION
 DISPLAY-HINT "d"
 STATUS current
 DESCRIPTION "The Encapsulation Mode used as an IPSEC DOI
 SA Attributes definition in the Transform Payload
 of a Phase II IKE negotiation. This set of
 values defines encapsulation modes used for AH,
 ESP, and IPCOMP when the associated Proposal Payload
 has a Protocol-ID of 3 (ESP).

 Values 3-61439 are reserved to IANA.

 Values 61440-65535 are for private use."
 SYNTAX INTEGER {
 reserved(0), -- reserved in DOI
 tunnel(1),
 transport(2)
                   }

 IpsecDoiIdentType ::= TEXTUAL-CONVENTION
 DISPLAY-HINT "d"
 STATUS current
 DESCRIPTION "The IPSEC DOI Identification Type is an 8-bit value
 which is used in the ID Type field as a discriminant
 for interpretation of the variable-length
 Identification Payload.

 The values 249-255 are reserved for private use
 amongst cooperating systems."
 REFERENCE "RFC 2407 sections 4.4.5, 4.6.2.1, and 6.9"
 SYNTAX INTEGER {
 reserved(0), -- reserved in DOI
 idIpv4Addr(1), -- a single four (4) octet
 -- IPv4 address
 idFqdn(2), -- fully-qualified domain
 -- name string
 idUserFqdn(3), -- fully-qualified username
 -- string
 idIpv4AddrSubnet(4),
 -- a range of IPv4 addresses,
 -- represented by two
 -- four (4) octet values,
 -- where the first is an
 -- address and the second
 -- is a mask
 idIpv6Addr(5), -- a single sixteen (16)
 -- octet IPv6 address
 idIpv6AddrSubnet(6),
 -- a range of IPv6 addresses,
 -- represented by two
 -- sixteen (16) octet values,
 -- where the first is an
 -- address and the second
 -- is a mask
 idIpv4AddrRange(7), -- a range of IPv4 addresses,
 -- represented by two
 -- four (4) octet values,
 -- where the first is the
 -- beginning IPv4 address
 -- and the second is the
 -- ending IPv4 address
 idIpv6AddrRange(8), -- a range of IPv6 addresses,
 -- represented by two
 -- sixteen (16) octet values,
 -- where the first is the
 -- beginning IPv6 address
 -- and the second is the
 -- ending IPv6 address
 idDerAsn1Dn(9), -- the binary DER encoding of
 -- ASN1 X.500
 -- DistinguishedName
 idDerAsn1Gn(10), -- the binary DER encoding of
 -- ASN1 X.500 GeneralName
 idKeyId(11) -- opaque byte stream which
 -- may be used to pass
 -- vendor-specific
 -- information
                   }

 -- The second group of textual conventions are based on defintions
 -- the ISAKMP protocol, RFC 2408.

 IsakmpDOI ::= TEXTUAL-CONVENTION
 DISPLAY-HINT "d"
 STATUS current
 DESCRIPTION "These are the domain of interpretation values for
 the ISAKMP Protocol. They are a 32-bit value
 used in the Domain of Interpretation field of the
 Security Association Payload.
 Values 2-4294967295 are reserved to the IANA."
 REFERENCE "RFC 2048 section 3.4."
 SYNTAX INTEGER {
 isakmp(0), -- generic ISAKMP SA in
 -- Phase 1, which can be
 -- used for any protocol
 -- in Phase 2
 ipsecDOI(1) -- the IPsec DOI as
 -- specified in RFC 2407
                   }

 IsakmpCertificateEncoding ::= TEXTUAL-CONVENTION
 DISPLAY-HINT "d"
 STATUS current
 DESCRIPTION "These are the values for the types of
 certificate-related information contained in the
 Certificate Data field of a Certificate Payload.
 They are used in the Cert Encoding field of the
 Certificate Payload.

 Values 11-255 are reserved."
 REFERENCE "RFC 2408 section 3.9"
 SYNTAX INTEGER {
 pkcs7(1), -- PKCS #7 wrapped
 -- X.509 certificate
 pgp(2), -- PGP Certificate
 dnsSignedKey(3), -- DNS Signed Key
 x509Signature(4), -- X.509 Certificate:
 -- Signature
 x509KeyExchange(5), -- X.509 Certificate:
 -- Key Exchange
 kerberosTokens(6), -- Kerberos Tokens
 crl(7), -- Certificate Revocation
 -- List (CRL)
 arl(8), -- Authority Revocation
 -- List (ARL)
 spki(9), -- SPKI Certificate
 x509Attribute(10) -- X.509 Certificate:
 -- Attribute
                   }

 IsakmpExchangeType ::= TEXTUAL-CONVENTION
       --
 -- When revising IsakmpExchangeType, consider revising
 -- IkeExchangeType as well.
       --
 DISPLAY-HINT "d"
 STATUS current
 DESCRIPTION "These are the values used for the exchange types in
 the ISAKMP header.

 Values up to 31 are reserved for future
 DOI-independent assignment for ISAKMP.

 The values 240-255 are reserved for private use
 amongst cooperating systems."
 REFERENCE "RFC 2408 section 3.1"
 SYNTAX INTEGER {
 reserved(0),
 base(1), -- base mode
 identityProtect(2), -- identity protection
 authOnly(3), -- authentication only
 aggressive(4), -- aggressive mode
 informational(5) -- informational
                   }

 IsakmpNotifyMessageType ::= TEXTUAL-CONVENTION
       --
 -- If you change this, you probably want to
 -- change IkeNotifyMessageType.
       --
 DISPLAY-HINT "d"
 STATUS current
 DESCRIPTION "These are the values for the types of notification
 messages. They are used as the Notify Message Type
 field in the Notification Payload.

 This textual convention merges the types
 for error types (in the range 1-16386) and for
 notification types (in the range 16384-65535).

 The values 16001-16383 are reserved for private use
 as error types amongst cooperating systems.

 The values 24576-32767 are reserved for use in
 each DOI. Each DOI should have a clone of this
 textual convention adding local values.

 The values 32768-40958 are reserved for private use
 as notification types amongst cooperating systems."
 REFERENCE "RFC 2408 section 3.14.1"
 SYNTAX INTEGER {

 -- Values defined for errors in ISAKMP
                       --
 reserved(0), -- reserved in DOI
 invalidPayloadType(1),
 doiNotSupported(2),
 situationNotSupported(3),
 invalidCookie(4),
 invalidMajorVersion(5),
 invalidMinorVersion(6),
 invalidExchangeType(7),
 invalidFlags(8),
 invalidMessageId(9),
 invalidProtocolId(10),
 invalidSpi(11),
 invalidTransformId(12),
 attributesNotSupported(13),
 noProposalChosen(14),
 badProposalSyntax(15),
 payloadMalformed(16),
 invalidKeyInformation(17),
 invalidIdInformation(18),
 invalidCertEncoding(19),
 invalidCertificate(20),
 certTypeUnsupported(21),
 invalidCertAuthority(22),
 invalidHashInformation(23),
 authenticationFailed(24),
 invalidSignature(25),
 addressNotification(26),
 notifySaLifetime(27),
 certificateUnavailable(28),
 unsupportedExchangeType(29),
 unequalPayloadLengths(30)

 -- values defined for errors in IPSEC DOI
 -- (none)

 -- values defined for notification in ISAKMP
 -- (none)

 -- values defined for notification in
 -- each DOI (clone this TC)
                   }


 -- The third group of textual conventions are based on defintions
 -- the IKE key exchange protocol, RFC 2409.

 IkeExchangeType ::= TEXTUAL-CONVENTION
 DISPLAY-HINT "d"
 STATUS current
 DESCRIPTION "These are the values used for the exchange types in
 the ISAKMP header.

 The values 32-239 are DOI-specific, these values are
 for the IPSec DOI used by IKE.

 The values 240-255 are reserved for private use
 amongst cooperating systems."
 REFERENCE "RFC 2409 Appendix A,
 draft-ietf-ipsec-ike-01.txt appendix A"
 SYNTAX INTEGER {
 reserved(0),
 base(1), -- base mode
 mainMode(2), -- main mode
 authOnly(3), -- authentication only
 aggressive(4), -- aggressive mode
 informational(5), -- informational
 quickMode(32), -- quick mode
 newGroupMode(33), -- new group mode
 acknowledgedInfo(34)
 -- acknowledged informational
                   }

 IkeEncryptionAlgorithm ::= TEXTUAL-CONVENTION
 DISPLAY-HINT "d"
 STATUS current
 DESCRIPTION "Values for encryption algorithms negotiated
 for the ISAKMP SA by IKE in Phase I. These are
 values for SA Attrbute type Encryption
 Algorithm (1).

 Values 7-65000 are reserved to IANA.

 Values 65001-65535 are for private use among
 mutually consenting parties."
 REFERENCE "RFC 2409 appendix A"
 SYNTAX INTEGER {
 reserved(0), -- reserved in IKE
 desCbc(1), -- RFC 2405
 ideaCbc(2),
 blowfishCbc(3),
 rc5R16B64Cbc(4), -- RC5 R16 B64 CBC
 tripleDesCbc(5), -- 3DES CBC
 castCbc(6)
                   }

 IkeHashAlgorithm ::= TEXTUAL-CONVENTION
 DISPLAY-HINT "d"
 STATUS current
 DESCRIPTION "Values for hash algorithms negotiated
 for the ISAKMP SA by IKE in Phase I. These are
 values for SA Attrbute type Hash Algorithm (2).

 Values 4-65000 are reserved to IANA.

 Values 65001-65535 are for private use among
 mutually consenting parties."
 REFERENCE "RFC 2409 appendix A"
 SYNTAX INTEGER {
 reserved(0), -- reserved in IKE
 md5(1), -- RFC 1321
 sha(2), -- FIPS 180-1
 tiger(3)
                   }

 IkeAuthMethod ::= TEXTUAL-CONVENTION
 DISPLAY-HINT "d"
 STATUS current
 DESCRIPTION "Values for authentication methods negotiated
 for the ISAKMP SA by IKE in Phase I. These are
 values for SA Attrbute type Authentication
 Method (3).

 Values 6-65000 are reserved to IANA.

 Values 65001-65535 are for private use among
 mutually consenting parties."
 REFERENCE "RFC 2409 appendix A,
 draft-ietf-ipsec-ike-01.txt appendix A"
 SYNTAX INTEGER {
 reserved(0), -- reserved in IKE
 preSharedKey(1),
 dssSignatures(2),
 rsaSignatures(3),
 encryptionWithRsa(4),
 revisedEncryptionWithRsa(5),
 encryptionWithElGamal(6),
 revisedEncryptionWithElGamal(7)
                   }

 IkeGroupDescription ::= TEXTUAL-CONVENTION
 DISPLAY-HINT "d"
 STATUS current
 DESCRIPTION "Values for Oakley key computation groups for
 Diffie-Hellman exchange negotiated for the ISAKMP
 SA by IKE in Phase I. They are also used in Phase II
 when perfect forward secrecy is in use. These are
 values for SA Attrbute type Group Description (4)."
 REFERENCE "RFC 2409 appendix A,
 draft-ietf-ipsec-ike-01.txt appendix A"
 SYNTAX INTEGER {
 reserved(0), -- reserved in IKE
 modp768(1), -- default 768-bit MODP group
 modp1024(2), -- alternate 1024-bit MODP
 -- group
 ec2nGalois2P155(3), -- EC2N group on Galois
 -- Field GF[2^155]
 ec2nGalois2P185(4), -- EC2N group on Galois
 -- Field GF[2^185]
 modp1536(5) -- alternate 1536-bit MODP
 -- group
                   }

 IkeGroupType ::= TEXTUAL-CONVENTION
 DISPLAY-HINT "d"
 STATUS current
 DESCRIPTION "Values for Oakley key computation group types
 negotiated for the ISAKMP SA by IKE in Phase I.
 They are also used in Phase II when perfect forward
 secrecy is in use. These are values for SA Attribute
 type Group Type (5)."
 REFERENCE "RFC 2409 appendix A"
 SYNTAX INTEGER {
 reserved(0), -- reserved in IKE
 modp(1), -- modular eponentiation

 -- group
 ecp(2), -- elliptic curve group over
 -- Galois Field GF[P]
 ec2n(3) -- elliptic curve group over
 -- Galois Field GF[2^N]
                   }

 IkePrf ::= TEXTUAL-CONVENTION
 DISPLAY-HINT "d"
 STATUS current
 DESCRIPTION "Values for Pseudo-Random Functions used with
 with the hash algorithm negotiated for the ISAKMP SA
 by IKE in Phase I. There are currently no
 pseudo-random functions defined, the default HMAC is
 always used. These are values for SA Attribute type
 PRF (13).

 Values 1-65000 are reserved to IANA.

 Values 65001-65535 are for private use among
 mutually consenting parties."
 REFERENCE "RFC 2409 appendix A"
 SYNTAX Unsigned32 (0..65535)

 IkeNotifyMessageType ::= TEXTUAL-CONVENTION
 DISPLAY-HINT "d"
 STATUS current
 DESCRIPTION "These are the values for the types of notification
 messages. They are used as the Notify Message Type
 field in the Notification Payload.

 This textual convention merges the types
 for error types (in the range 1-16386) and for
 notification types (in the range 16384-65535).

 This textual convention is a merge of values
 defined by ISAKMP with the additional values
 defined in the IPSEC DOI.

 The values 16001-16383 are reserved for private use
 as error types amongst cooperating systems.

 The values 32001-32767 are reserved for private use
 as notification types amongst cooperating systems."
 REFERENCE "RFC 2408 section 3.14.1 and RFC 2407 sections 4.6.3
 and 6.10"
 SYNTAX INTEGER {

 -- Values defined for errors in ISAKMP
                       --
 reserved(0), -- reserved in DOI
 invalidPayloadType(1),
 doiNotSupported(2),
 situationNotSupported(3),
 invalidCookie(4),
 invalidMajorVersion(5),
 invalidMinorVersion(6),
 invalidExchangeType(7),
 invalidFlags(8),
 invalidMessageId(9),
 invalidProtocolId(10),
 invalidSpi(11),
 invalidTransformId(12),
 attributesNotSupported(13),
 noProposalChosen(14),
 badProposalSyntax(15),
 payloadMalformed(16),
 invalidKeyInformation(17),
 invalidIdInformation(18),
 invalidCertEncoding(19),
 invalidCertificate(20),
 certTypeUnsupported(21),
 invalidCertAuthority(22),
 invalidHashInformation(23),
 authenticationFailed(24),
 invalidSignature(25),
 addressNotification(26),
 notifySaLifetime(27),
 certificateUnavailable(28),
 unsupportedExchangeType(29),
 unequalPayloadLengths(30),

 -- values defined for errors in IPSEC DOI
 -- (none)

 -- values defined for notification in ISAKMP
 -- (none)

 -- values defined for notification in IPSEC
 -- DOI
 responderLifetime(24576),
 -- used to communicate IPSEC
 -- SA lifetime chosen by the
 -- responder

 replayStatus(24577),
 -- used for positive
 -- confirmation of the
 -- responder's election on
 -- whether or not he is to
 -- perform anti-replay
 -- detection

 initialContact(24578)
 -- used when one side wishes
 -- to inform the other that
 -- this is the first SA being
 -- established with the
 -- remote system
                   }
END


常规系统信息 MIB 定义

文件名 — WATCHGUARD-INFO-SYSTEM-MIB

WATCHGUARD-INFO-SYSTEM-MIB DEFINITIONS ::= BEGIN

 IMPORTS
 MODULE-IDENTITY, OBJECT-TYPE, 
 OBJECT-IDENTITY, enterprises FROM SNMPv2-SMI
 DateAndTime FROM SNMPv2-TC
 watchguard FROM WATCHGUARD-SMI;
        
 wgInfoModule MODULE-IDENTITY
 LAST-UPDATED "200701251200Z"
 ORGANIZATION "WatchGuard Technologies, Inc."
 CONTACT-INFO
 " Ella Yu
 WatchGuard Technologies, Inc.
 1841 Zanker Road
 San Jose, CA 95112
 USA

                      408-519-4888
 ella.yu@watchguard.com "

 DESCRIPTION
 "The MIB module describes general information
 of WatchGuard system. Mainly, the information 
 obtained from this MIB is used by wgInfoSystemMIB,
 wgClientMIB, wgSystemStatisticsMIB, wgIpsecTunnelMIB."


 REVISION "200701251200Z"
 DESCRIPTION
 "Initial revision."
 ::= { watchguard 6 }


 wgInfoSystem OBJECT-IDENTITY
 STATUS current
 DESCRIPTION
 "This is the base system information for all wg Client
 branches."
 ::= { wgInfoModule 1 }

 wgInfoSystemCurrentTime OBJECT-TYPE
 SYNTAX DateAndTime
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The host's notion of the local date and time of day." 
 ::= {wgInfoSystem 1}

END

客户端 MIB 定义

文件名 — WATCHGUARD-CLIENT-MIB

WATCHGUARD-CLIENT-MIB DEFINITIONS ::= BEGIN

 IMPORTS
 MODULE-IDENTITY, OBJECT-TYPE, 
 OBJECT-IDENTITY, enterprises, 
 IpAddress, Unsigned32, TimeTicks FROM SNMPv2-SMI
 DateAndTime FROM SNMPv2-TC
 watchguard FROM WATCHGUARD-SMI;
        
 wgInfoModule MODULE-IDENTITY
 LAST-UPDATED "200701251200Z"
 ORGANIZATION "WatchGuard Technologies, Inc."
 CONTACT-INFO
 " Ella Yu
 WatchGuard Technologies, Inc.
 1841 Zanker Road
 San Jose, CA 95112
 USA

                      408-519-4888
 ella.yu@watchguard.com "

 DESCRIPTION
 "The MIB module describes client information
 of WatchGuard system."

 REVISION "200701251200Z"
 DESCRIPTION
 "Initial revision."
 ::= { watchguard 6 }

 wgClientMIB OBJECT-IDENTITY
 STATUS current
 DESCRIPTION
 "This is the base object identifier for DHCP Server, DHCP Client
 and PPPoE Client"
 ::= { wgInfoModule 2 }

 wgClientDHCPServer OBJECT-IDENTITY
 STATUS current
 DESCRIPTION 
 "This is the base object identifier for all DHCP server related information."
 ::= { wgClientMIB 1 }

 wgClientDHCPClient OBJECT-IDENTITY
 STATUS current
 DESCRIPTION 
 "This is the base object identifier for all DHCP client related information."
 ::= { wgClientMIB 2 }

 wgClientPPPoEClient OBJECT-IDENTITY
 STATUS current
 DESCRIPTION
 "This is the base object identifier for all PPPoE client related information."
 ::= { wgClientMIB 3 }

 wgClientDHCPServerEnable OBJECT-TYPE
 SYNTAX INTEGER {
 disabled(0),
 enabled(1),
 relay(2)
                    }
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "Indicates whether if DHCP Server has been enabled. "
 ::= { wgClientDHCPServer 1 }

 wgClientDHCPServerStartIpAddress OBJECT-TYPE
 SYNTAX IpAddress
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The starting IP address of the range of IP addresses leased by the DHCP server."
 ::= { wgClientDHCPServer 2 }

 wgClientDHCPServerEndIpAddress OBJECT-TYPE
 SYNTAX IpAddress
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The last IP address of the range of IP addresses leased by the DHCP Server. "
 ::= { wgClientDHCPServer 3 }

 wgClientDHCPServerLeaseTime OBJECT-TYPE
 SYNTAX TimeTicks
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The lease time of an address assigned to a DHCP client. "
 ::= { wgClientDHCPServer 4 }

 wgClientDHCPServerNum OBJECT-TYPE
 SYNTAX Unsigned32
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The total number of entries in the wgClientDHCPServerTable. "
 ::= { wgClientDHCPServer 5 }

 wgClientDHCPServerConnTable OBJECT-TYPE
 SYNTAX SEQUENCE OF WGClientDHCPServerConnEntry
 MAX-ACCESS not-accessible
 STATUS current
 DESCRIPTION
 "This is the client lease table of the DHCP Server."
 ::= { wgClientDHCPServer 6 }

 wgClientDHCPServerRelayServer OBJECT-TYPE
 SYNTAX IpAddress
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The IP address of remote DHCP server to which
 DHCP requests should be relayed."
 ::= { wgClientDHCPServer 7 }

 wgClientDHCPServerConnEntry OBJECT-TYPE
 SYNTAX WGClientDHCPServerConnEntry
 MAX-ACCESS not-accessible
 STATUS current
 DESCRIPTION
 "An entry (conceptual row) containing the leasing
 information of an assigned address by the DHCP Server."
 INDEX {
 wgClientDHCPServerConnIPAddr
        }
 ::= { wgClientDHCPServerConnTable 1 }

 WGClientDHCPServerConnEntry ::= SEQUENCE {

 wgClientDHCPServerConnIPAddr IpAddress,

 wgClientDHCPServerConnClientHostName OCTET STRING,
 wgClientDHCPServerConnMACAddr OCTET STRING (SIZE(6)),
 wgClientDHCPServerConnLeaseTimeStart DateAndTime,
 wgClientDHCPServerConnLeaseTimeEnd DateAndTime
    
    }

 wgClientDHCPServerConnClientHostName OBJECT-TYPE
 SYNTAX OCTET STRING
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The hostname of the client."
 ::= { wgClientDHCPServerConnEntry 1 }

 wgClientDHCPServerConnIPAddr OBJECT-TYPE
 SYNTAX IpAddress
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The IP address assigned to the client."
 ::= { wgClientDHCPServerConnEntry 2 }

 wgClientDHCPServerConnMACAddr OBJECT-TYPE
 SYNTAX OCTET STRING (SIZE(6))
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The MAC address of the client."
 ::= { wgClientDHCPServerConnEntry 3 }


 wgClientDHCPServerConnLeaseTimeStart OBJECT-TYPE
 SYNTAX DateAndTime
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The date and time when the lease starts." 
 ::= { wgClientDHCPServerConnEntry 4 }

 wgClientDHCPServerConnLeaseTimeEnd OBJECT-TYPE
 SYNTAX DateAndTime
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The date and time when the lease ends." 
 ::= { wgClientDHCPServerConnEntry 5 }

 -- DHCP Client information

 wgClientDHCPClientEnable OBJECT-TYPE
 SYNTAX INTEGER {
 disabled(0),
 enabled(1)
                    }
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "Indicates whether interface 1 (public) is configured to obtain IP address through DHCP."
 ::= { wgClientDHCPClient 1 }

 wgClientDHCPClientDomainName OBJECT-TYPE
 SYNTAX OCTET STRING
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The domain name of the DHCP Client."
 ::= { wgClientDHCPClient 2 }

 wgClientDHCPClientDefaultGateway OBJECT-TYPE
 SYNTAX IpAddress
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The IP address of the default gateway obtained by the DHCP client."
 ::= { wgClientDHCPClient 3 }

 wgClientDHCPClientDNSOne OBJECT-TYPE
 SYNTAX IpAddress
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The IP address of the primary DNS server obtained by the DHCP client."
 ::= { wgClientDHCPClient 4 }

 wgClientDHCPClientDNSTwo OBJECT-TYPE
 SYNTAX IpAddress
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The IP address of the secondary DNS server obtained by the DHCP client."
 ::= { wgClientDHCPClient 5 }


 -- PPPoE Client information

 wgClientPPPoEClientEnable OBJECT-TYPE
 SYNTAX INTEGER {
 disabled(0),
 enabled(1)
                    }
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "Indicates whether the interface 1 (public) is configured to use PPPoE."
 ::= { wgClientPPPoEClient 1 }

 wgClientPPPoEClientADSLStatus OBJECT-TYPE
 SYNTAX INTEGER {
 disconnect(0), -- ADSL is disconnected
 initialize(1), -- ADSL is initializing
 establish(2), -- ASDL is established
 authenticate(3), -- ASDL is authenticated
 network(4),
 running(5) -- ASDL is running
                }
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The current ADSL status of the PPPoE Client. "
 ::= { wgClientPPPoEClient 2 }
 
 wgClientPPPoEClientLocalIPAddr OBJECT-TYPE
 SYNTAX IpAddress
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The IP address obtained by the PPPoE Client."
 ::= { wgClientPPPoEClient 3 }

 wgClientPPPoEClientRemoteIPAddr OBJECT-TYPE
 SYNTAX IpAddress
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The IP Address of the PPP server this PPPoE client connects to."
 ::= { wgClientPPPoEClient 4 }

 wgClientPPPoEClientNetMask OBJECT-TYPE
 SYNTAX IpAddress
 MAX-ACCESS read-only
 STATUS current

 DESCRIPTION
 "The subnet mask of the PPPoE client." 
 ::= { wgClientPPPoEClient 5 }

 wgClientPPPoEClientDNSOne OBJECT-TYPE
 SYNTAX IpAddress
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The IP address of the primary DNS server obtained."
 ::= { wgClientPPPoEClient 6 }

 wgClientPPPoEClientDNSTwo OBJECT-TYPE
 SYNTAX IpAddress
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The IP address of the secondary DNS server obtained."
 ::= { wgClientPPPoEClient 7 }

 wgClientPPPoEADSLPeerMACAddr OBJECT-TYPE
 SYNTAX OCTET STRING (SIZE(6))
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The MAC Address of the PPP server this client connects to."
 ::= { wgClientPPPoEClient 8 }

 wgClientPPPoEClientConnTime OBJECT-TYPE
 SYNTAX TimeTicks
 MAX-ACCESS read-only
 STATUS current
 DESCRIPTION
 "The connection time of the PPPoE connection."
 ::= { wgClientPPPoEClient 9 }

END

请参阅

关于管理信息库 (MIB)

关于 SNMP

启用 SNMP 轮询

启用 SNMP 管理工作站和陷阱

提供反馈  •   获得支持  •   全部产品文件  •   知识库