
-- *****************************************************************
-- MUSARUBRA CONFIDENTIAL
-- TRELLIX-SENSOR-CONF-MIB:
-- Trellix (Sensor Configuration MIB)
--
-- Copyright (c) 2022 MUSARUBRA US, LLC
-- All rights reserved.
--
-- *****************************************************************

TRELLIX-SENSOR-CONF-MIB DEFINITIONS ::= BEGIN

IMPORTS
	OBJECT-TYPE, MODULE-IDENTITY, Integer32, 
	IpAddress, TimeTicks, Unsigned32
		FROM SNMPv2-SMI
	TimeInterval, TruthValue, RowStatus, 
	MacAddress, DateAndTime, DisplayString
		FROM SNMPv2-TC
	Ipv6Address
		FROM IPV6-TC
	ivSensorConfiguration, respPortIndex, intfPortIndex, slotIndex, intfPhysicalPortIndex, ntpServerIndex, sslProbeIpv4Index, sslProbeIpv6Index, processorNumIndex, intfVirtualPortIndex, intfVirtualSlotIndex
		FROM TRELLIX-SENSOR-SMI
	TrellixFEType, TrellixIDSOperatingMode, TrellixIDSPortType, 
	TrellixIDSResponseMode, TrellixIDSActionResult, TrellixIDSActionStatus,
	TrellixIDSAction, TrellixIDSCardType, TrellixTFTPFileType,
	TrellixTFTPFailedResult, TrellixTFTPInProgressResult, TrellixTFTPStatus,
	TrellixTFTPAction, TrellixGEType,TrellixCUGEType, TrellixPortSpeed, TrellixPluggableModuleType,
	TrellixPortLinearIndex
		FROM TRELLIX-INTRUVERT-TC;

ivSensorConfigurationMIB MODULE-IDENTITY
LAST-UPDATED "200707090000Z"
ORGANIZATION 
"MUSARUBRA US LLC"
CONTACT-INFO 
"Trellix Customer Service Department

Postal: 6220 American Center Drive
        San Jose CA 95002-2563
      

Tel: +1 800 338 8754

E-mail: support@mcafee.com"
DESCRIPTION 
"The Configuration MIB for the Trellix IntruShield product.

They are furthur broken down into the following groups:
 systemGrp - configuration of the IntruShield node identification.
 emsGrp - configuration of possible EMSs identification
 chassisGrp - configuration of the chassis slots
 managementCardGrp - configuration of the management card(s)
 tftpGrp - configuration of TFTP based services
 sensorCardGp - configuration of the sensor anlysis card(s)
 interfacePortGrp - configuration of interface port(s)
 responsePortGrp - configuration of response port(s) 
 pktLogGrp - configuration of the Packet Logging Application
 sslGrp - SSL configuration 
"

REVISION "200706140000Z"
DESCRIPTION 
"Initial version of this MIB module."
::= { ivSensorConfiguration 1 }


--This group contains objects that identify the IntruShield network element.

systemGrp  OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 1 }


ivSysName  OBJECT-TYPE
	SYNTAX 	DisplayString (SIZE(0..80))
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"An administratively assigned name for this IntruShied node.  
		By convention, this is the node's fully-qualified domain name."
	::= { systemGrp 1 }

ivSysLocation  OBJECT-TYPE
	SYNTAX 	DisplayString (SIZE(0..255))
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"The physical location of this node (e.g., `Building 6, IS room 443, 3rd floor')."
	::= { systemGrp 2 }

ivSysContact  OBJECT-TYPE
	SYNTAX 	DisplayString (SIZE(0..255))
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"The textual identification of the contact person for this IntruShield node, 
		together with information on how to contact this person."
	::= { systemGrp 3 }

ivSysModel  OBJECT-TYPE
	SYNTAX 	DisplayString (SIZE(0..32))
	MAX-ACCESS  read-only
	STATUS	current
	DESCRIPTION 
		"This object is where the manufacturer specifies the model identification 
		(number or type) of the network element."
	::= { systemGrp 4 }

-- Support for ivSysSerialNumber is deprecated in V-series sensors(VmIPS).
ivSysSerialNumber  OBJECT-TYPE
	SYNTAX 	DisplayString (SIZE(1..80))
	MAX-ACCESS  read-only
	STATUS	current
	DESCRIPTION 
		"Manufacturer-provided serial number."
	::= { systemGrp 5 }

ivSysDescr  OBJECT-TYPE
	SYNTAX 	DisplayString (SIZE(0..255))
	MAX-ACCESS  read-only
	STATUS	current
	DESCRIPTION 
		"A textual description of the entity.  This value should include the full name and version
		identification of the system's hardware type, software operating system, and networking
		software.  It is current that this only contains printable ASCII characters."
	::= { systemGrp 6 }

ivSysObjectID  OBJECT-TYPE
	SYNTAX 	OBJECT IDENTIFIER
	MAX-ACCESS  read-only
	STATUS	current
	DESCRIPTION 
		"The vendor's authoritative identification of the
		network management subsystem contained in the
		entity.  This value is allocated within the SMI
		enterprises subtree (1.3.6.1.4.1) and provides an
		easy and unambiguous means for determining `what
		kind of box' is being managed.  For example, if
		vendor `Flintstones, Inc.' was assigned the
		subtree 1.3.6.1.4.1.4242, it could assign the
		identifier 1.3.6.1.4.1.4242.1.1 to its `Fred
		Router'."
	::= { systemGrp 7 }

ivSysUpTime  OBJECT-TYPE
	SYNTAX 	TimeTicks
	MAX-ACCESS  read-only
	STATUS	current
	DESCRIPTION 
		"The time (in hundredths of a second) since the network management portion of the system 
		was last re-initialized."
	::= { systemGrp 8 }

ivSysLastCfgTime  OBJECT-TYPE
	SYNTAX 	DateAndTime
	MAX-ACCESS  read-only
	STATUS	current
	DESCRIPTION 
		"Indicates time when configuration was changed last."
	::= { systemGrp 9 }

-- Support for ivSysDiskSpaceLeft is deprecated in V-series sensors(VmIPS).
ivSysDiskSpaceLeft  OBJECT-TYPE
	SYNTAX 	INTEGER
	MAX-ACCESS  read-only
	STATUS	current
	DESCRIPTION 
		"Returns the numbers of kbytes left on the disk."
	::= { systemGrp 10 }

ivSysAlertChannelStatus  OBJECT-TYPE
	SYNTAX 	INTEGER {
		down (0),
		up (1),
		errorInGetTimeFromManager (2),
		errorGeneratingCertificates (3),
		errorPersistingCertificates (4),
		errorConnectingToManager (5),
		errorInUntrustedConnectionSetup (6),
		errorInInstall (7),
		errorPersistingManagerPublicCertificate (8),
		errorInMutualTrustMatch (9),
		errorInSnmpKeyExchange (10),
		errorInInitialProtocolMessageExchange (11),
		sensorInstallInProgress (12),
		openingAlertChannelInProgress (13),
		errorInLinkHenceReopening (14),
		errorInChannelReopening (15),
		closingChannelInProgress (16),
		errorClosingChannel (17),
		sendAlertWarning (18),
		keepAliveWarning (19),
		errorDeletingCerts (20),
		errorCreatingSnmpUser (21),
		errorChangingSnmpUserKeys (22)
	}
	MAX-ACCESS  read-only
	STATUS	current
	DESCRIPTION 
		"Returns the status of the alert channel connection with
		EMS."
	::= { systemGrp 11 }

ivSysPacketLogChannelStatus  OBJECT-TYPE
	SYNTAX 	INTEGER {
                down (0),
                up (1),
		errorInGetTimeFromManager (2),
		errorGeneratingCertificates (3),
		errorPersistingCertificates (4),
		errorConnectingToManager (5),
		errorInUntrustedConnectionSetup (6),
		errorInInstall (7),
		errorPersistingManagerPublicCertificate (8),
		errorInMutualTrustMatch (9),
		errorInSnmpKeyExchange (10),
		errorInInitialProtocolMessageExchange (11),
		packetLogInstallInProgress (12),
		openingPacketLogInProgress (13),
		errorInLinkHenceReopening (14),
		errorInChannelReopening (15),
		closingChannelInProgress (16),
		errorClosingChannel (17),
		sendLogWarning (18),
		keepAliveWarning (19)
	}
	MAX-ACCESS  read-only
	STATUS	current
	DESCRIPTION 
		"Returns the status of the packet log channel connection with
		EMS."
	::= { systemGrp 12 }

ivSysHealth  OBJECT-TYPE
	SYNTAX 	INTEGER {
                bad (0),
                good (1),
                uninitialized (2)
	}
	MAX-ACCESS  read-only
	STATUS	current
	DESCRIPTION 
		"Returns the health of the sensor. uninitialized means
		that the sensor does not have signatures hence does not
		detect attacks"
	::= { systemGrp 13 }

ivSysResetPassword  OBJECT-TYPE
	SYNTAX 	INTEGER {
                not-applicable (0),
                resetPassword (1)
	}
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"This object is used to reset the password back to default
		value. Returns not-applicable(0) upon read."
	::= { systemGrp 14 }

ivSysDeleteSignatures  OBJECT-TYPE
	SYNTAX 	INTEGER {
                not-applicable (0),
                deleteSignatures (1)
	}
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"This object is used to delete the signatures on the sensor if present.
    This also reboots the sensor after deleting the signatures. Does nothing
    if signatures are not present. Returns not-applicable(0) upon read."
	::= { systemGrp 15 }

-- Support for ivSysSlaveSerialNumber is deprecated in V-series sensors(VmIPS).
ivSysSlaveSerialNumber  OBJECT-TYPE
	SYNTAX 	DisplayString (SIZE(1..80))
	MAX-ACCESS  read-only
	STATUS	current
	DESCRIPTION 
		"Manufacturer-provided slave serial number. This is the serial number
    for a cluster-slave in a palomar cluster"
	::= { systemGrp 16 }

ivSysUIDSeed  OBJECT-TYPE
	SYNTAX 	INTEGER (0..65535)
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"This object contains the portion of the seed value to be used for generating 
		 UIDs' for alerts and logs. In case there is a mismatch, the ISM would set the
		 right value, which would used by the sensor for new alerts and logs."
	::= { systemGrp 17 }

ivSysFipsMode OBJECT-TYPE
        SYNTAX INTEGER {
        enable (1),
        disable (2)
        }
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
                "This Object holds the status of the fips mode.If the sensor is operating in FIPS
                mode then this Object will have enable value or else disable value."
        ::= { systemGrp 18 }

 ivSysNumLbPorts OBJECT-TYPE
        SYNTAX Integer32
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
                 "This object is set by the NSM to inform the sensors connected to the Load Balancer(LB)
                 of the number of ports on the LB switch."
        ::= { systemGrp 19 }

ivSysUpTimeNew  OBJECT-TYPE
        SYNTAX Counter64
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
                "The time (in hundredths of a second) since the network management portion of the system
                was last re-initialized."
        ::= { systemGrp 20 }

ivSysCapacityMode OBJECT-TYPE
        SYNTAX Counter64
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
               "To push new license from NSM"
        ::= { systemGrp 21 }

ivSysCurrentCapacityMode OBJECT-TYPE
        SYNTAX Counter64
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
               "To get current license mode of sensor"
        ::= { systemGrp 22 }

ivSysDeviceMode OBJECT-TYPE
        SYNTAX Counter64
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
               "To get current device mode"
        ::= { systemGrp 23 }

ivSysConfDeviceMode OBJECT-TYPE
        SYNTAX Counter64
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
               "To get configured device mode"
        ::= { systemGrp 24 }

ivSysRebootStatus  OBJECT-TYPE
        SYNTAX Counter64
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
                "If a system reboot is required and Why
                REBOOT_DEFAULT_STATUS (0) // No Reboot Required
                REBOOT_UPGRADE_DOWNLOAD (1)
                REBOOT_SETUP_CHANGE (2)
                REBOOT_IPV6_CONFIG_CHANGE (3)
                REBOOT_SSL_MODE_CHANGE (4)
                REBOOT_JUMBOFRAMEPARSING_CONFIG_CHANGE (5)
                REBOOT_PREV_256BYTES_LOGGING_CONFIG_CHANGE (6)
                NMS_USERS_WRITE_ACCESS_CONFIG_CHANGE (7)
                REBOOT_LAYER7_DCAP_NUM_FLOWS_CHANGE (8)
                REBOOT_LAYER7_DCAP_BUFF_SIZE_CHANGE (9)
                REBOOT_LAYER7_DCAP_STATUS_CHANGE (10)
                REBOOT_SBC_CORE_INCREMENT_CONFIG_CHANGE (11)
                REBOOT_REQUIRED_MAX_SNMPD_RESTART_EXCEEDED (12)
                REBOOT_REQUIRED_SBC_TLV_ERROR (13)
                REBOOT_SNORT_CONFIG_CHANGE (15)
                REBOOT_CAPACITY_MODE_CHANGE (16)
                REBOOT_SSL_FLOWALLOC_CHANGE (17)
                "
        ::= { systemGrp 25 }

ivSysRebootReason OBJECT-TYPE
        SYNTAX  DisplayString (SIZE(0..255))
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
                "This object contains reason for the sensor reboot.
                 NULL is stored in the object if reboot is not required"
        ::= { systemGrp 26 }

--This group contains objects that identify the IP configuration information for the 
--IntruShield network element.
--

systemIPCfgGrp  OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 2 }

ivSysIPAddress  OBJECT-TYPE
	SYNTAX 	IpAddress
	MAX-ACCESS  read-only
	STATUS	current
	DESCRIPTION 
		"This object contains the IP Address of the management card on the IntruShield node,
		that interfaces with the EMS."
	::= { systemIPCfgGrp 1 }

ivSysMACAddress  OBJECT-TYPE
	SYNTAX 	MacAddress
	MAX-ACCESS  read-only
	STATUS	current
	DESCRIPTION 
		"This object contains the MAC address of the management card on the IntruShield node."
	::= { systemIPCfgGrp 2 }

ivSysSubnetMask  OBJECT-TYPE
	SYNTAX 	IpAddress
	MAX-ACCESS  read-only
	STATUS	current
	DESCRIPTION 
		"This object specifies the Subnet mask of the management card on the IntruShield node."
	::= { systemIPCfgGrp 3 }

ivSysGateway  OBJECT-TYPE
	SYNTAX 	IpAddress
	MAX-ACCESS  read-only
	STATUS	current
	DESCRIPTION 
		"This object specifies the gateway address of the management card on the IntruShield node."
	::= { systemIPCfgGrp 4 }

ivSysIPv6Address  OBJECT-TYPE
	SYNTAX 	Ipv6Address
	MAX-ACCESS  read-only
	STATUS	current
	DESCRIPTION 
		"This object contains the IPv6 Address of the management card on the IntruShield node,
		that interfaces with the EMS."
	::= { systemIPCfgGrp 5 }

ivSysIpv6SubnetMask  OBJECT-TYPE
	SYNTAX 	INTEGER (0..128)
	MAX-ACCESS  read-only
	STATUS	current
	DESCRIPTION 
		"This object specifies the number of bits that need to set to '1' from left to right,
		 int the Ipv6 address Subnet mask of the management card on the IntruShield node."
	::= { systemIPCfgGrp 6 }

ivSysIpv6Gateway  OBJECT-TYPE
	SYNTAX 	Ipv6Address
	MAX-ACCESS  read-only
	STATUS	current
	DESCRIPTION 
		"This object specifies the gateway Ipv6 address of the management card on the IntruShield node."
	::= { systemIPCfgGrp 7 }

ivSysVmHostIPAddress  OBJECT-TYPE
        SYNTAX  IpAddress
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
                "This object contains the IP Address of the Vm Host on which VIPS will be running.
		This mib object will be available only on V-series sensors."
        ::= { systemIPCfgGrp 8 }

ivSysVmHostIPv6Address  OBJECT-TYPE
        SYNTAX  Ipv6Address
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
                "This object contains the IP Address of the Vm Host on which VIPS will be running.
		This mib object will be available only on v-series sensors."
        ::= { systemIPCfgGrp 9 }

ivSysVmHostName  OBJECT-TYPE
        SYNTAX  DisplayString (SIZE(0..255)) 
        MAX-ACCESS  read-only 
        STATUS  current
        DESCRIPTION
                "This object contains the Vm Host name on which VIPS will be running.
                This mib object will be available only on V-series sensors."
        ::= { systemIPCfgGrp 10 }

ivSysVmMgmtAdditionalInfo  OBJECT-TYPE
        SYNTAX  DisplayString (SIZE(0..255))
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
                "A textual string containing additional information about the management interface.
                This mib object will be available only on v-series sensors."
        ::= { systemIPCfgGrp 11 }



--
-- System Failover Group
--
--This group contains objects that identify the failover configuration information for the 
--IntruShield network element.

systemFailoverGrp  OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 3 }

ivSysFailoverStatus  OBJECT-TYPE
	SYNTAX 	INTEGER {
		peer-up (1),
		peer-down (2),
		peer-incompatible (3)
	}
	MAX-ACCESS  read-only
	STATUS	current
	DESCRIPTION 
		"Indicates if IDS peer is in peer-down or peer-up mode. Default: peer-down (2)."
	::= { systemFailoverGrp 1 }

ivSysFailoverAction  OBJECT-TYPE
	SYNTAX 	INTEGER {
		on (1),
		off (2)
	}
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"This object is used to indicate if the sensor is in failover
		configuration or not. If the sensors are in failover
		configuration, then both sensors have to be set to on(1).
		Default: off(2)"
	::= { systemFailoverGrp 2 }

ivSysFailoverMode  OBJECT-TYPE
	SYNTAX 	INTEGER {
		standalone (0),
		primary (1),
		secondary (2)
	}
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"Added for the I-3000/I-4010 sensors.
                 This object is used to specify to the sensor if it is primary 
                 or secondary when failover is enabled.
                 This value ( 1 or 2) must be set on the sensor prior to 
                 enabling failover.
		 When failover is disabled, the sensor will automatically
                 update this object to standalone (0). 
                 The manager can opt to explicitly set this after disabling 
                 failover on the sensor, however it is not necessary.
		 Default: standalone(0), since failover is disabled"
	::= { systemFailoverGrp 3 }

ivSysFailopenAction  OBJECT-TYPE
	SYNTAX 	INTEGER {
		enable (1),
		disable (2)
	}
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"This object is used to indicate if the sensor should fail-open when
		 in failover mode.
		Default: disable(2)"
	::= { systemFailoverGrp 4 }


ivSysSTPForwardConfig  OBJECT-TYPE
	SYNTAX 	INTEGER {
		enable (1),
		disable (2)
	}
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"This object is used to indicate if the sensor should forward the STP traffic 
         through peer in failover mode.
		Default: disable(2)"
	::= { systemFailoverGrp 5 }

--
-- EmsGrp 
--
-- This group contians the <emsTable> that identifies two EMSs for this sensor
-- They are indexed by <emsIndex> and identified by their <emsIPAddress>. 
-- The only field that is writable for each EMS is the emsPriority.  All
-- the other fields are updated by the sensor itself.
--
-- An EMS can look at this emsTable to find out the status of sensors 
-- connection to EMSs.  Any changes at the EMS can be communicated to the sensor
-- using the emsChangeAction mib object.  
-- Under error scenarios like sensor getting out of sync with the EMS because it was 
-- offline when the change at EMS took place can also be corrected using the same
-- emsChangeAction mib object. 
--
--

emsGrp  OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 4 }

emsTable  OBJECT-TYPE
	SYNTAX SEQUENCE OF EmsEntry
	MAX-ACCESS  not-accessible
	STATUS	current
	DESCRIPTION 
		"This table comprises of exactly two possible EMS entries each defined by <emsEntry>.
		
		
		"
	::= { emsGrp 1 }

emsEntry  OBJECT-TYPE
	SYNTAX 	EmsEntry
	MAX-ACCESS  not-accessible
	STATUS	current
	DESCRIPTION 
		"Each entry specified is indexed by <emsIndex>. 
		Additonaly it contains the <emsIPAddress> and <emsPriority>
		"
	INDEX { emsIndex }
	::= { emsTable 1 }

EmsEntry ::= SEQUENCE {
	emsIndex
		Integer32,
	emsPriority
		INTEGER,
	emsIPAddress
		IpAddress,
	emsHAMode
		INTEGER,
	emsHAStatus
		INTEGER,
	emsAlertChannelStatus
		INTEGER,
	emsPacketLogChannelStatus
		INTEGER,
	emsIPv6Address
		Ipv6Address,
	emsIPAddressType
		INTEGER,
	emsAuthChannelStatus
		INTEGER
}


emsIndex  OBJECT-TYPE
	SYNTAX 	Integer32 (1..2)
	MAX-ACCESS  not-accessible
	STATUS	current
	DESCRIPTION 
		"Fixed index for the two EMS entries. Valid values are [1,2] only."
	::= { emsEntry 1 }


emsPriority  OBJECT-TYPE
	SYNTAX 	INTEGER {
		primary (1),
		secondary (2),
                standalone (3),
		unknown (4)
	}
	MAX-ACCESS  read-only 
	STATUS	current
	DESCRIPTION 
		"Identifies whether the EMS identifed by the IPAddress is the Primary or Secondary. This value
		is only informational from sensor point of view and is set by the EMS when we have established
		connection to it. Note that transition at EMS from Primary to Secondary or vice versa will have
		no effect on the sensor.  The only thing sensor needs to worry about while in MDR mode is the
		active/standby status.
		"
	::= { emsEntry 2 }


emsIPAddress  OBJECT-TYPE
	SYNTAX 	IpAddress
	MAX-ACCESS  read-only
	STATUS	current
	DESCRIPTION 
		"IP Address of a EMS (in this entry)."
	::= { emsEntry 3 }


emsHAMode  OBJECT-TYPE
	SYNTAX 	INTEGER {
		failover (1),
		standalone (2),
		unknown (3)
	}
	MAX-ACCESS  read-only
	STATUS	current
	DESCRIPTION 
		"Identifies the MDR mode of the EMS.  Initially when the system comes up this would be set to
		unknown till we contact the EMS and get its MDR status. This field also gets updated when a 
		MDR-to-Standalone or Standalone-to-MDR action is triggered.
		"
	::= { emsEntry 4 }

emsHAStatus  OBJECT-TYPE
	SYNTAX  INTEGER {
 		unknown(1),
		active (2),
		standby (3)
	}
	MAX-ACCESS  read-only
	STATUS  current
	DESCRIPTION
		"This object specifies if the EMS is an active or a standby when operating in failover mode"
	::= { emsEntry 5 }

emsAlertChannelStatus  OBJECT-TYPE
	SYNTAX 	INTEGER {
		down (0),
		up (1),
		errorInGetTimeFromManager (2),
		errorGeneratingCertificates (3),
		errorPersistingCertificates (4),
		errorConnectingToManager (5),
		errorInUntrustedConnectionSetup (6),
		errorInInstall (7),
		errorPersistingManagerPublicCertificate (8),
		errorInMutualTrustMatch (9),
		errorInSnmpKeyExchange (10),
		errorInInitialProtocolMessageExchange (11),
		sensorInstallInProgress (12),
		openingAlertChannelInProgress (13),
		errorInLinkHenceReopening (14),
		errorInChannelReopening (15),
		closingChannelInProgress (16),
		errorClosingChannel (17),
		sendAlertWarning (18),
		keepAliveWarning (19),
		errorDeletingCerts (20),
		errorCreatingSnmpUser (21),
		errorChangingSnmpUserKeys (22)
	}
	MAX-ACCESS  read-only
	STATUS	current
	DESCRIPTION 
		"Returns the status of the alert channel connection with
		EMS identifed by the emsIPAddress of this entry."
	::= {  emsEntry 6 }

emsPacketLogChannelStatus  OBJECT-TYPE
	SYNTAX 	INTEGER {
                down (0),
                up (1),
		errorInGetTimeFromManager (2),
		errorGeneratingCertificates (3),
		errorPersistingCertificates (4),
		errorConnectingToManager (5),
		errorInUntrustedConnectionSetup (6),
		errorInInstall (7),
		errorPersistingManagerPublicCertificate (8),
		errorInMutualTrustMatch (9),
		errorInSnmpKeyExchange (10),
		errorInInitialProtocolMessageExchange (11),
		packetLogInstallInProgress (12),
		openingPacketLogInProgress (13),
		errorInLinkHenceReopening (14),
		errorInChannelReopening (15),
		closingChannelInProgress (16),
		errorClosingChannel (17),
		sendLogWarning (18),
		keepAliveWarning (19)
	}
	MAX-ACCESS  read-only
	STATUS	current
	DESCRIPTION 
		"Returns the status of the packet log channel connection with
		EMS identified by the emsIPAddress of this entry."
	::= {  emsEntry 7 }

emsIPv6Address  OBJECT-TYPE
	SYNTAX 	Ipv6Address
	MAX-ACCESS  read-only
	STATUS	current
	DESCRIPTION 
		"IPv6 Address of a EMS (in this entry)."
	::= { emsEntry 8 }

emsIPAddressType OBJECT-TYPE
	SYNTAX 	INTEGER {
		ip-v4 (4),
		ip-v6 (6)
	}
	MAX-ACCESS  read-only 
	STATUS	current
	DESCRIPTION 
		"Identifies the type of EMS IPAddress. If set to ip-v4, then the emsIPAddress object
		 would be set else if this object is set to ip-v6, then the empIPv6Address object 
		 would be set.
		"
	::= { emsEntry 9 }

emsAuthChannelStatus OBJECT-TYPE
	SYNTAX 	INTEGER {
		down (0),
		up (1)
	}
	MAX-ACCESS  read-only 
	STATUS	current
	DESCRIPTION 
		"Returns the status of the authentication channel connection with 
      EMS identified by the emsIPAddress of this entry."
	::= { emsEntry 10 }

emsChangeAction  OBJECT-TYPE
	SYNTAX  INTEGER {
                other (0),
		standalone-to-ha (1),
		ha-to-standalone (2),
        	switchover (3),
        	add-ism-sec-ip (4)
	}
	MAX-ACCESS  read-write
	STATUS  current
	DESCRIPTION
		"This object is used to indicate to the sensor, changes in the EMS MDR operation mode."
	::= { emsGrp 2 }

emsParamIpAddress  OBJECT-TYPE
	SYNTAX IpAddress
	MAX-ACCESS  read-write
	STATUS  current
	DESCRIPTION
		"This object is one of the parameters that need to be set before emsChangeAction is triggered.
		If the action is Switchover this specifies the IP address of the Manager that the sensor should switch to.
		If the action is Standalone-to-MDR this specifies the Peer EMS IP address and this will result in using
		a free entry in the emsTable. 
		If the action  is MDR-to-Standalone this specifies the future Standalone EMS IP address which should be
        	one of the two EMSs specified in the emsTable. 
		The acutal swithover or change in MDR opearation mode will be done when indicated by the Manager through the 
		emsChangeAction object.
		Setting this object would reset the emsParamIpv6Address and emsParamAddIpv6Address objects.
        "
	::= { emsGrp 3 }

emsParamPriority  OBJECT-TYPE
	SYNTAX INTEGER {
                other (0),
		primary (1),
		secondary (2),
		standalone (3)
	}
	MAX-ACCESS  read-write
	STATUS  current
	DESCRIPTION
		" This object specifies the priority of the EMS setting the standalone-to-MDR change action."
	::= { emsGrp 4 }

emsParamAddIpAddress  OBJECT-TYPE
	SYNTAX IpAddress
	MAX-ACCESS  read-write
	STATUS  current
	DESCRIPTION
       " This object specifies the secondary IP address of the EMS while in MDR mode. If the emsChangeAction
        is standalone-to-MDR, this specifies the secondary IP address of the new peer Manager. If the 
         emsChangeAction is secondary NIC address, this specifies the secondary IP address of the EMS 
         identified by emsParamIpAddress.
	 Setting this object would reset the emsParamIpv6Address and emsParamAddIpv6Address objects."
	::= { emsGrp 5 }

emsParamIpv6Address  OBJECT-TYPE
	SYNTAX Ipv6Address
	MAX-ACCESS  read-write
	STATUS  current
	DESCRIPTION
		"This object is one of the parameters that need to be set before emsChangeAction is triggered.
		If the action is Switchover this specifies the IPv6 address of the Manager that the sensor should switch to.
		If the action is Standalone-to-MDR this specifies the Peer EMS IPv6 address and this will result in using
		a free entry in the emsTable. 
		If the action  is MDR-to-Standalone this specifies the future Standalone EMS IPv6 address which should be
        	one of the two EMSs specified in the emsTable. 
		The acutal swithover or change in MDR opearation mode will be done when indicated by the Manager through the 
		emsChangeAction object.
		Setting this object would reset the emsParamIpAddress and emsParamAddIpAddress objects.
        "
	::= { emsGrp 6 }

emsParamAddIpv6Address  OBJECT-TYPE
	SYNTAX Ipv6Address
	MAX-ACCESS  read-write
	STATUS  current
	DESCRIPTION
       " This object specifies the secondary IPv6 address of the EMS while in MDR mode. If the emsChangeAction
         is standalone-to-MDR, this specifies the secondary IPV6 address of the new peer Manager. If the 
         emsChangeAction is secondary NIC address, this specifies the secondary IPv6 address of the EMS 
         identified by emsParamIpAddress.
	 Setting this object would reset the emsParamIpAddress and emsParamAddIpAddress objects."
	::= { emsGrp 7 }

emsTenantId  OBJECT-TYPE
	SYNTAX OCTET STRING (SIZE(36))
	MAX-ACCESS  read-write
	STATUS  current
	DESCRIPTION
       " This object specifies the TenantId. which identifies unique customer in Trellix eco system"
	::= { emsGrp 8 }

emsPrimaryNSMGUID  OBJECT-TYPE
	SYNTAX OCTET STRING (SIZE(36))
	MAX-ACCESS  read-write
	STATUS  current
	DESCRIPTION
       " This object specifies the Primary NSM Server GUID. which identifies unique NSM in Trellix eco system"
	::= { emsGrp 9 }

emsSecondaryNSMGUID  OBJECT-TYPE
	SYNTAX OCTET STRING (SIZE(36))
	MAX-ACCESS  read-write
	STATUS  current
	DESCRIPTION
       " This object specifies the Secondary NSM Server GUID. which identifies unique NSM in Trellix eco system"
	::= { emsGrp 10 }

--This group contains MIB objects for the configuration of the TFTP service.

tftpGrp  OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 5 }

tftpKey  OBJECT-TYPE
	SYNTAX 	OCTET STRING (SIZE(128))
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"This specifies the tftp shared secret key between the IntruShield Sensor and EMS.
		Default: All 128 octets filled with '0'."
	::= { tftpGrp 1 }

tftpFileSize  OBJECT-TYPE
	SYNTAX 	Integer32 (0..134217727)
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"The size of the file in bytes. Default: 0 "
	::= { tftpGrp 2 }

tftpFileName  OBJECT-TYPE
	SYNTAX 	DisplayString (SIZE(0..128))
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"This specifies the name of the file to TFTP (with the source path)"
	::= { tftpGrp 3 }

tftpServerAddress  OBJECT-TYPE
	SYNTAX 	IpAddress
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"TFTP server IP address.
		Is the EMS address when downloading from EMS to management card.
		Setting this object would reset the tftpServerIpv6Address objects."
	::= { tftpGrp 4 }

tftpAction  OBJECT-TYPE
	SYNTAX 	TrellixTFTPAction
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"Invokes TFTP service using other (required) parameters defined in <tftpGrp>.
		 Valid values are : (0)-other, (1)-downloadimage, (2)-downloadsigfile, (3)-uploaddos,
				    (4)-uploadtrace, (5)-downloaddos, (6)-aborttransfer, (7)-downloadcertfile,
				    (8)-downloadimageandsigfile, (9)-downloadmperootcertfile,
				    (10)-download_sgap_ssl_cert, (11)-upload_sgap_ssl_csr,
				    (12)-upload_ibac_ad_file, (13)-download_ibac_ad_file,
				    (14)-upload_swh_learned_file,
				    (15)-downloadPacketCaptureFilterFile ,(16)-uploadPacketCaptureFilterFile,
				    (17)-downloadGeoLocationDatabase, (18)-uploadPacketCapturePCAPFile,
					(19)-download_usrid_acl_file,
                    (20)-download-bot-dat-file,
                    (21)-download-ntba-ssl-cert-file,(22)-upload-dev-prof-file,
                    (25)-download_matd_ssl_cert, (28)-download-ffp-bulk-file,
                    (33)-download_zcenter_ssl_cert, (34)-download-gti-private-cloud-cert-file,
                    (35)-upload_suricata_failed_rules, (36)-upload_ca_sensor_csr,
                    (37)-download_ca_sensor_cert, (38)-download_syslog_ssl_cert,
                    (39)-download_ca_cert_store"
	::= { tftpGrp 5 }

tftpActionStatus  OBJECT-TYPE
	SYNTAX 	TrellixTFTPStatus
	MAX-ACCESS  read-only
	STATUS	current
	DESCRIPTION 
		"The status of the current TFTP action"
	::= { tftpGrp 6 }

tftpActionInProgressResult  OBJECT-TYPE
	SYNTAX 	TrellixTFTPInProgressResult
	MAX-ACCESS  read-only
	STATUS	current
	DESCRIPTION 
		"Specifies TFTP service completion percentage.
		"
	::= { tftpGrp 7 }

tftpActionFailedResult  OBJECT-TYPE
	SYNTAX 	TrellixTFTPFailedResult
	MAX-ACCESS  read-only
	STATUS	current
	DESCRIPTION 
		"See TrellixTFTPFailedResult"
	::= { tftpGrp 8 }

tftpActionTransactionId  OBJECT-TYPE
	SYNTAX 	INTEGER 
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"Used to ensure single file transfer at a time. Default: 0."
	::= { tftpGrp 9 }

tftpServerIpv6Address  OBJECT-TYPE
	SYNTAX 	Ipv6Address
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"TFTP server IPv6 address.
		Is the EMS IPv6 address when downloading from EMS to management card. 
		Either one of the Ipv4 or Ipv6 address should be set by the ISM.
		Setting this object would reset the tftpServerIpAddress objects."
	::= { tftpGrp 10 }

tftpIVKey  OBJECT-TYPE
  SYNTAX  OCTET STRING (SIZE(128))
  MAX-ACCESS  read-write
  STATUS  current
  DESCRIPTION
    "This specifies the tftp Initialization Vector that is used for AES Decryption between the IntruShield Sensor and EMS.
    Default: All 128 octets filled with '0'."
  ::= { tftpGrp 11 }

--Trellix IntruShield chassis.
--The chassis may be a slim line enclosure with no explicit slot concept or a larger enclosure 
--with multiple slots. 
--
--This MIB does not differentiate between the two and models all it's cards 
--as entities that can be associated with a containing slot.
-- Support for chassisGrp is deprecated in V-series sensors(VmIPS).

chassisGrp  OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 7 }


temperatureStatus  OBJECT-TYPE
	SYNTAX 	INTEGER {
		normal (0),
		abnormal (1)
	}
	MAX-ACCESS  read-only
	STATUS	current
	DESCRIPTION 
		""
	::= { chassisGrp 1 }

fanStatus  OBJECT-TYPE
	SYNTAX 	INTEGER {
		normal (0),
		abnormal (1),
		removed (2)
	}
	MAX-ACCESS  read-only
	STATUS	current
	DESCRIPTION 
		""
	::= { chassisGrp 2 }

primaryPowerSupplyStatus  OBJECT-TYPE
	SYNTAX 	INTEGER {
		not-present (0),
		present-operational (1),
		present-nonoperational (2),
		error (3)
	}
	MAX-ACCESS  read-only
	STATUS	current
	DESCRIPTION 
		"This powerSupply MIB object gives the primary powerSupply status.
                   (0) - Primary PowerSupply Module is not present.
                   (1) - Primary PowerSupply Module is present and operational.
                   (2) - Primary PowerSupply Module is present and its not operational.
                   (3) - Error while retrieving the powerSupply status, please re-try after some time."
	::= { chassisGrp 3 }

secondaryPowerSupplyStatus  OBJECT-TYPE
	SYNTAX 	INTEGER {
		not-present (0),
		present-operational (1),
		present-nonoperational (2),
		error (3)
	}
	MAX-ACCESS  read-only
	STATUS	current
	DESCRIPTION 
		"This powerSupply MIB object gives the secondary powerSupply status.
                   (0) - Secondary PowerSupply Module is not present.
                   (1) - Secondary PowerSupply Module is present and operational.
                   (2) - Secondary PowerSupply Module is present and its not operational.
                   (3) - Error while retrieving the powerSupply status, please re-try after some time."
	::= { chassisGrp 4 }

pciLegacyErrorStatus OBJECT-TYPE
    SYNTAX  DisplayString (SIZE(0..512))
    MAX-ACCESS  read-only
    STATUS  current
    DESCRIPTION
        "BMC PCI Legacy Error (parity error (PERR) and system error (SERR))"
    ::= { chassisGrp 5 }

pciFatalError1Status OBJECT-TYPE
    SYNTAX  DisplayString (SIZE(0..512))
    MAX-ACCESS  read-only
    STATUS  current
    DESCRIPTION
        "BMC PCI Fatal Error1 Status"
    ::= { chassisGrp 6 }

pciFatalError2Status OBJECT-TYPE
    SYNTAX  DisplayString (SIZE(0..512))
    MAX-ACCESS  read-only
    STATUS  current
    DESCRIPTION
        "BMC PCI Fatal Error2 Status (Continuation of Fatat Error 1)"
    ::= { chassisGrp 7 }

systemEventLogStatus OBJECT-TYPE
    SYNTAX  DisplayString (SIZE(0..512))
    MAX-ACCESS  read-only
    STATUS  current
    DESCRIPTION
        "BMC System Event Log (SEL buffer) Status"
    ::= { chassisGrp 8 }

bmcWatchdogStatus OBJECT-TYPE
    SYNTAX  DisplayString (SIZE(0..512))
    MAX-ACCESS  read-only
    STATUS  current
    DESCRIPTION
        "BMC Watchdog Status"
    ::= { chassisGrp 9 }

processorStatusTable OBJECT-TYPE
    SYNTAX  SEQUENCE OF ProcessorStatusEntry
    MAX-ACCESS  not-accessible
    STATUS  current
    DESCRIPTION
        "This table contain list of processors"
    ::= { chassisGrp 10 }

processorStatusEntry OBJECT-TYPE
    SYNTAX ProcessorStatusEntry
    MAX-ACCESS  not-accessible
    STATUS  current
    DESCRIPTION
        "The table entries denotes various processor details for each index (processor) "
    INDEX { processorNumIndex }
    ::= { processorStatusTable 1 }

ProcessorStatusEntry ::= SEQUENCE{
    processorStatus
        DisplayString,
}

processorStatus OBJECT-TYPE
    SYNTAX DisplayString (SIZE(0..512))
    MAX-ACCESS read-only
    STATUS  current
    DESCRIPTION
        "Processor Presence Status"
    ::= { processorStatusEntry 1 }

memoryECCStatus OBJECT-TYPE
    SYNTAX  DisplayString (SIZE(0..512))
    MAX-ACCESS  read-only
    STATUS  current
    DESCRIPTION
        "Memory ECC Status"
    ::= { chassisGrp 11 }

postSysEventStatus OBJECT-TYPE
    SYNTAX  DisplayString (SIZE(0..512))
    MAX-ACCESS  read-only
    STATUS  current
    DESCRIPTION
        "POST Sys Event Status"
    ::= { chassisGrp 12 }

postErrorStatus OBJECT-TYPE
    SYNTAX  DisplayString (SIZE(0..512))
    MAX-ACCESS  read-only
    STATUS  current
    DESCRIPTION
        "POST Error Status"
    ::= { chassisGrp 13 }

--Trellix Sensor Slave chassis.

slave-ChassisGrp  OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 9 }

slaveTemperatureStatus  OBJECT-TYPE
        SYNTAX  INTEGER {
                normal (0),
                abnormal (1)
        }
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
                ""
        ::= { slave-ChassisGrp 1 }

slaveFanStatus  OBJECT-TYPE
        SYNTAX  INTEGER {
                normal (0),
                abnormal (1)
        }
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
                ""
        ::= { slave-ChassisGrp 2 }

slavePrimaryPowerSupplyStatus  OBJECT-TYPE
        SYNTAX  INTEGER {
                not-present (0),
                present-operational (1),
                present-nonoperational (2),
                error (3)
        }
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
                "This powerSupply MIB object gives the primary powerSupply status.
                   (0) - Slave Primary PowerSupply Module is not present.
                   (1) - Slave Primary PowerSupply Module is present and operational.
                   (2) - Slave Primary PowerSupply Module is present and its not operational.
                   (3) - Error while retrieving the powerSupply status, please re-try after some time."
        ::= { slave-ChassisGrp 3 }

slaveSecondaryPowerSupplyStatus  OBJECT-TYPE
        SYNTAX  INTEGER {
                not-present (0),
                present-operational (1),
                present-nonoperational (2),
                error (3)
        }
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
                "This powerSupply MIB object gives the secondary powerSupply status.
                   (0) - Slave Secondary PowerSupply Module is not present.
                   (1) - Slave Secondary PowerSupply Module is present and operational.
                   (2) - Slave Secondary PowerSupply Module is present and its not operational.
                   (3) - Error while retrieving the powerSupply status, please re-try after some time."
        ::= { slave-ChassisGrp 4 }

--This group conatins all MIB objects that specify the configuration of the
--Trellix IntrusShield management card.
--
--The object mgmtCardTable within this group suggest that each IntruShield chassis
--can contain more than one management card, only for standby purposes.

managementCardGrp  OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 8 }

mgmtCardTable  OBJECT-TYPE
	SYNTAX SEQUENCE OF MgmtCardEntry
	MAX-ACCESS  not-accessible
	STATUS	current
	DESCRIPTION 
		"This table contains entries, one per management card, indexed by the appropriate slotIndex."
	::= { managementCardGrp 1 }

mgmtCardEntry  OBJECT-TYPE
	SYNTAX 	MgmtCardEntry
	MAX-ACCESS  not-accessible
	STATUS	current
	DESCRIPTION 
		"This MIB object contains all the columnar objects, 
		that describe the contents of each management card within the IntruShield node.
		This entry is indexed by a fixed value slotIndex of 1 (one) for all models."
	INDEX { slotIndex }
	::= { mgmtCardTable 1 }

MgmtCardEntry ::= SEQUENCE {
	mcAction
		TrellixIDSAction,
	mcActionStatus
		TrellixIDSActionStatus,
	mcActionResult
		TrellixIDSActionResult,
	mcHwVersion
		DisplayString,
	mcCurrentSwVersion
		DisplayString,
	mcFutureSwFileName
		DisplayString,
	mcDateAndTime
		DateAndTime
}

mcAction  OBJECT-TYPE
	SYNTAX 	TrellixIDSAction
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"Actions applicable on this card, uses TC TrellixIDSAction.
		Default: other
		Only 'reset' and 'swupdate' action are supported."
	::= { mgmtCardEntry 1 }

mcActionStatus  OBJECT-TYPE
	SYNTAX 	TrellixIDSActionStatus
	MAX-ACCESS  read-only
	STATUS	current
	DESCRIPTION 
		"Outcome of a SNMP set on the mcAction object. Uses TC TrellixIDSActionStatus
		
		Default: other"
	::= { mgmtCardEntry 2 }

mcActionResult  OBJECT-TYPE
	SYNTAX 	TrellixIDSActionResult
	MAX-ACCESS  read-only
	STATUS	current
	DESCRIPTION 
		"Detail information when <mcAction> is set to 'reset', based on <mcActionStatus>
		
		Default: 0, details not defined."
	::= { mgmtCardEntry 3 }

-- Support for mcHwVersion is deprecated in V-series sensors(VmIPS).
mcHwVersion  OBJECT-TYPE
	SYNTAX 	DisplayString (SIZE(0..80))
	MAX-ACCESS  read-only
	STATUS	current
	DESCRIPTION 
		"The manufacturer specified hardware version information.
		Typically indicated major, minor, patch information for version."
	::= { mgmtCardEntry 4 }

mcCurrentSwVersion  OBJECT-TYPE
	SYNTAX 	DisplayString (SIZE(0..80))
	MAX-ACCESS  read-only
	STATUS	current
	DESCRIPTION 
		"The manufacturer specified software version information that is currently running.
		Typically indicated major, minor, patch information for version."
	::= { mgmtCardEntry 5 }

mcFutureSwFileName  OBJECT-TYPE
	SYNTAX 	DisplayString (SIZE(0..128))
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"The new software (image) file residing on flash."
	::= { mgmtCardEntry 6 }

mcDateAndTime  OBJECT-TYPE
	SYNTAX 	DateAndTime
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"System date and time set by EMS."
	::= { mgmtCardEntry 7 }

--This group conatins all MIB objects that specify the configuration of the
--Trellix IDS sensor (analysis) card.
--
--The object sensorCardTable within this group suggests that each Trellix IDS chassis
--may contain more than one sensor card.
--
--Support for each logical function is defined in its own table.
--Each table in this group contains entries, one per sensor card, indexed by <slotIndex>

sensorCardGrp  OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 10 }

sensorCardTable  OBJECT-TYPE
	SYNTAX SEQUENCE OF SensorCardEntry
	MAX-ACCESS  not-accessible
	STATUS	current
	DESCRIPTION 
		"This table contains entries, one per sensor card and indexed by the slotIndex.
		"
	::= { sensorCardGrp 1 }

sensorCardEntry  OBJECT-TYPE
	SYNTAX 	SensorCardEntry
	MAX-ACCESS  not-accessible
	STATUS	current
	DESCRIPTION 
		"This MIB object contains all the columnar objects, 
		that describe the contents of each sensor card within the Trellix IDS.
		This entry is indexed by a fixed value chassis slotIndex of 2 (two) for all models."
	INDEX { slotIndex }
	::= { sensorCardTable 1 }

SensorCardEntry ::= SEQUENCE {
	scAction
		TrellixIDSAction,
	scSigUpdateResult
		TrellixIDSActionResult,
	scHwVersion
		DisplayString,
	scCurrentSwVersion
		DisplayString,
	scFutureSwFileName
		DisplayString,
	scCurrentSigVersion
		DisplayString,
	scFutureSigFileName
		DisplayString,
	scMACAddress
		MacAddress,
        scCurrentBotDATVersion
		DisplayString
}

scAction  OBJECT-TYPE
	SYNTAX 	TrellixIDSAction
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"Actions on this card. See TrellixIDSAction
		Default: other
		Only reset and sigupdate are supported."
	::= { sensorCardEntry 1 }

scSigUpdateResult  OBJECT-TYPE
	SYNTAX 	TrellixIDSActionResult
	MAX-ACCESS  read-only
	STATUS	current
	DESCRIPTION 
		"Indicates detail results of scAction object.
		Default: 0
		
		"
	::= { sensorCardEntry 2 }

-- Support for scHwVersion is deprecated in V-series sensors(VmIPS).
scHwVersion  OBJECT-TYPE
	SYNTAX 	DisplayString (SIZE(0..80))
	MAX-ACCESS  read-only
	STATUS	current
	DESCRIPTION 
		"The manufacturer specified hardware version information.
		Typically indicated major, minor, patch information for version."
	::= { sensorCardEntry 3 }

scCurrentSwVersion  OBJECT-TYPE
	SYNTAX 	DisplayString (SIZE(0..80))
	MAX-ACCESS  read-only
	STATUS	current
	DESCRIPTION 
		"The manufacturer specified software version information that is currently running.
		Typically indicated major, minor, patch information for version."
	::= { sensorCardEntry 4 }

scFutureSwFileName  OBJECT-TYPE
	SYNTAX 	DisplayString (SIZE(0..80))
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"The new software (image) file residing on flash."
	::= { sensorCardEntry 5 }

scCurrentSigVersion  OBJECT-TYPE
	SYNTAX 	DisplayString (SIZE(0..80))
	MAX-ACCESS  read-only
	STATUS	current
	DESCRIPTION 
		"The manufacturer specified signature file version information that is currently running.
		Typically indicated major, minor, patch information for version."
	::= { sensorCardEntry 6 }

scFutureSigFileName  OBJECT-TYPE
	SYNTAX 	DisplayString (SIZE(0..80))
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"The new signature file residing on flash."
	::= { sensorCardEntry 7 }

scMACAddress  OBJECT-TYPE
	SYNTAX 	MacAddress
	MAX-ACCESS  read-only
	STATUS	current
	DESCRIPTION 
		"ReadOnly parameter, to allow SNMP manager to view the MAC address of this card."
	::= { sensorCardEntry 8 }

scCurrentBotDATVersion  OBJECT-TYPE
        SYNTAX  DisplayString (SIZE(0..80))
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
                "The manufacturer specified BotDAT file version information that is currently running."
        ::= { sensorCardEntry 9 }


--
-- IP table
--
ipTable  OBJECT-TYPE
	SYNTAX SEQUENCE OF IpEntry
	MAX-ACCESS  not-accessible
	STATUS	current
	DESCRIPTION 
		"This table contains entries that define the IP 
		configuration objects per sensor card."
	::= { sensorCardGrp 6 }

ipEntry  OBJECT-TYPE
	SYNTAX 	IpEntry
	MAX-ACCESS  not-accessible
	STATUS	current
	DESCRIPTION 
		"This table entry contains the sensor card specific ( <slotIndex> based) 
		IP configuration objects.
		This entry is indexed by a fixed value chassis slotIndex of 2 (two) for all models."
	INDEX { slotIndex }
	::= { ipTable 1 }

IpEntry ::= SEQUENCE {
	ipFragmentTimer
		INTEGER,
	ipOverlapOption
		INTEGER,
	ipTTLConfigMode
		INTEGER,
	ipTTLThreshold
		INTEGER,
	ipTTLResetValue
		INTEGER,
	ipSmallestFragmentSize
		INTEGER,
	ipSmallFragmentThreshold
		INTEGER,
	ipFragmentReassemblyOption
    		INTEGER,
  	ipv6OverlapOption
    		INTEGER,
  	ipv6SmallestFragmentSize
    		INTEGER,
  	ipv6SmallFragmentThreshold
    		INTEGER

}

ipFragmentTimer  OBJECT-TYPE
	SYNTAX 	INTEGER (3..180)
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"IP fragment reassembly timer 
		Default: 30 seconds

		"
	::= { ipEntry 1 }

ipOverlapOption OBJECT-TYPE
	SYNTAX 	INTEGER {
		oldData (1),
		newData (2)
	}
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"If set to oldData(1), ip reassembly module takes old data.
		Otherwise it takes new data.

		Default: oldData (1)"
	::= { ipEntry 2 }

ipTTLConfigMode OBJECT-TYPE
	SYNTAX 	INTEGER {
		noTTLChecking (1),
		checkThreshold (2),
		resetTTL (3)
	}
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"If set to noTTLChecking(1), the TTL in the packet is not
		checked. If set to checkThreshold(2), then TTL is checked
		against the value in ipTTLThreshold object. If set to
		resetTTL(3), the TTL value is reset to the value set by
		ipTTLResetValue object.

		Default: noTTLChecking (1)"
	::= { ipEntry 3 }

ipTTLThreshold OBJECT-TYPE
	SYNTAX 	INTEGER (1..255)
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"Specifies the minimum threshold for the TTL value. The TTL
		in the packet is checked against the value configured here.
		If TTL is less than the value configured here, an alert is
		raised.

		Default: 32"
	::= { ipEntry 4 }

ipTTLResetValue OBJECT-TYPE
	SYNTAX 	INTEGER (1..255)
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"Specifies the value that TTL should be reset to.

		Default: 32"
	::= { ipEntry 5 }

ipSmallestFragmentSize OBJECT-TYPE
	SYNTAX 	INTEGER (8..1480)
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"Specifies the smallest fragment size that is acceptable.
		Any fragments smaller than the size specified here (other
		than the last one) will be counted and an alert raised if
		exceeds the threshold configured. The size should be multiple
		of 8.

		Default: 256"
	::= { ipEntry 6 }

ipSmallFragmentThreshold OBJECT-TYPE
	SYNTAX 	INTEGER (100..100000)
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"Count of acceptable small fragments as specified by
		ipSmallestFragmentSize in 1 minute.

		Default: 10000"
	::= { ipEntry 7 }

ipFragmentReassemblyOption OBJECT-TYPE
	SYNTAX 	INTEGER{
		enable (0),
		disable (1)
	}
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"Flag to indicate if sensor should reassemble IP Framgments.  Default: enable"
	::= { ipEntry 8 }

ipv6OverlapOption OBJECT-TYPE
	SYNTAX 	INTEGER {
		oldData (1),
		newData (2),
		drop (3)
	}
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"If set to oldData(1), ipv6 reassembly module takes old data.
		Otherwise it takes new data.

		Default: oldData (1)"
	::= { ipEntry 9 }

ipv6SmallestFragmentSize OBJECT-TYPE
	SYNTAX 	INTEGER (40..1280)
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"Specifies the smallest ipv6 fragment size that is acceptable.
		Any fragments smaller than the size specified here (other
		than the last one) will be counted and an alert raised if
		exceeds the threshold configured. The size should be multiple
		of 8.

		Default: 48"
	::= { ipEntry 10 }

ipv6SmallFragmentThreshold OBJECT-TYPE
	SYNTAX 	INTEGER (100..100000)
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"Count of acceptable small fragments as specified by
		ipSmallestFragmentSize in 1 minute.

		Default: 10000"
	::= { ipEntry 11 }

--
-- TCP Table
--
tcpTable  OBJECT-TYPE
	SYNTAX SEQUENCE OF TcpEntry
	MAX-ACCESS  not-accessible
	STATUS	current
	DESCRIPTION 
		"This table contains entries that define the TCP configuration objects per sensor card."
	::= { sensorCardGrp 7 }

tcpEntry  OBJECT-TYPE
	SYNTAX 	TcpEntry
	MAX-ACCESS  not-accessible
	STATUS	current
	DESCRIPTION 
		"This table entry contains the sensor card specific ( <slotIndex> based) 
		TCP configuration objects.
		This entry is indexed by a fixed value chassis slotIndex of 2 (two) for all models."
	INDEX { slotIndex }
	::= { tcpTable 1 }

TcpEntry ::= SEQUENCE {
	supportedUDPFlows
		Integer32,
	tcbInactivityTimer
		INTEGER,
	tcpSegmentTimer
		INTEGER,
	tcp2MSLTimer
		INTEGER,
	inactiveFlowsRSTEnabled
		TruthValue,
	dropReTxTCPEnabled
		TruthValue,
	coldStartTime
		INTEGER,
	coldStartDropAction
		INTEGER,	
	normalizationOnOffOption
		INTEGER,
	tcpOverlapOption
		INTEGER,
	sAckPermittedOption
		INTEGER,
	tTCPOptionThreshold
		INTEGER,
	dropOnPAWSFail
		INTEGER,
	timestampEchoMatchFail
		INTEGER,
	dropMD5Option
		INTEGER,
	unsolicitedUDPPacketsTimeout
		INTEGER,
	synProxyEnable
		INTEGER,
	ackScanDiscardTime
		INTEGER,
	halfOpenConnectionResetEnable
		INTEGER,
	outOfContextTcpPktEnable
		INTEGER,
	synCookieConfig  
		INTEGER,
	synCookieInboundThreshold  
		INTEGER,
	synCookieOutboundThreshold  
		INTEGER,
	synCookieMss
		INTEGER,
        sinkHoleTimeToLive
                INTEGER,
        sinkHoleIpAddress
                IpAddress

}

supportedUDPFlows  OBJECT-TYPE
	SYNTAX 	Integer32 (8..1000000)
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"Number of UDP flows supported. 
		Deafult: 1 million, UDP and TCP combined.

		Default: 100000 for I4000, 25000 for I2600, 5000 for I1200, 10000 for I1400"
	::= { tcpEntry 1 }

tcbInactivityTimer	OBJECT-TYPE 
	SYNTAX 	INTEGER (3..1200)
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"TCB inactivity timeout  
		
		Default: 10 minutes"
	::= { tcpEntry 2 }

tcpSegmentTimer  OBJECT-TYPE
	SYNTAX 	INTEGER (10..120)
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"TCP segment reassembly timer.
		
		Default: 60 seconds
		"
	::= { tcpEntry 3 }

tcp2MSLTimer  OBJECT-TYPE
	SYNTAX 	INTEGER (3..120)
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"TCP 2MSL timer 
		
		Default: 10 seconds"
	::= { tcpEntry 4 }

inactiveFlowsRSTEnabled  OBJECT-TYPE
	SYNTAX 	TruthValue
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"Option to RST incative flows enabled (TRUE) or not (FALSE).

		Default: FALSE"
	::= { tcpEntry 5 }

dropReTxTCPEnabled  OBJECT-TYPE
	SYNTAX 	TruthValue
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"IntruShield may get TCP segments which have already been processed by it apriori
		(due to the segments being dropped in between it and the destination). 
		By default, forward it without any processing, but provide the user with an option 
		to drop such selectively retransmitted segments.
		
		This object enables the dropping of retransmitted TCP packets.
		
		Default: FALSE"
	::= { tcpEntry 6 }

coldStartTime OBJECT-TYPE
	SYNTAX 	INTEGER (0..10080)
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"When sensor powers up, it will treat the packets for flows 
		that did not exist without valid TCB as valid packets. After
		the time configured with this object, packets without valid
		flows are considered invalid packets.

		Default: 60min"
	::= { tcpEntry 7 }

coldStartDropAction OBJECT-TYPE
	SYNTAX 	INTEGER {
		dropFlows (1),
		forwardFlows (2)
	}
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"When this object is set to dropFlows(1), in inline mode
		sensor will drop the packets without valid TCB.

		When this object is set to forwardFlows(2), in inline mode
		sensor will forward the packets until coldStartTime. After
		that it will drop the packets without valid TCB.

		Default: forwardFlows(2)"
	::= { tcpEntry 8 }

normalizationOnOffOption OBJECT-TYPE
	SYNTAX 	INTEGER {
		on (1),
		off (2)
	}
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"Enable or Disable normalization

		Default: off(2)"
	::= { tcpEntry 9 }

tcpOverlapOption OBJECT-TYPE
	SYNTAX 	INTEGER {
		oldData (1),
		newData (2)
	}
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"If this object is set to oldData(1), tcp reassembly module
		will use the old data. Otherwise it will use the newer data.

		Default: newData(2)"
	::= { tcpEntry 10 }

sAckPermittedOption OBJECT-TYPE
	SYNTAX 	INTEGER {
		on (1),
		off (2)
	}
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"If set to on, removes in SYN and clears in further packets.
		This applies only in inline mode."
	::= { tcpEntry 11 }

tTCPOptionThreshold OBJECT-TYPE
	SYNTAX 	INTEGER
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"Generate alert if too many. TBD"
	::= { tcpEntry 12 }

dropOnPAWSFail OBJECT-TYPE
	SYNTAX 	INTEGER {
		enable (1),
		disable (2)
	}
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"If set to enable, drop if fails PAWS test. If set to disable
		always forward the packet."
	::= { tcpEntry 13 }

timestampEchoMatchFail OBJECT-TYPE
	SYNTAX 	INTEGER {
		enable (1),
		disable (2)
	}
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"If set to enable, drop if TS-echo was one not sent earlier.
		If set to disable always forward the packet."
	::= { tcpEntry 14 }

dropMD5Option OBJECT-TYPE
	SYNTAX 	INTEGER {
		enable (1),
		disable (2)
	}
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"If set to enable, drop packet if SYN=0 and it contains 
		no MD5 but MD5 was used at setup. If set to disable always 
		forward the packet."
	::= { tcpEntry 15 }

unsolicitedUDPPacketsTimeout OBJECT-TYPE
	SYNTAX 	INTEGER (10..3600)
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"If a UDP response packet is received without a request 
		packet, the packet will be dropped. This object configures 
		the acceptable request to response time.

		Default: 60"
	::= { tcpEntry 16 }

synProxyEnable OBJECT-TYPE
	SYNTAX 	INTEGER {
		enable (1),
		disable (2)
	}
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"If set to enable, sensor will do SYN proxy for every SYN
		request. SYN proxy is done only when TCP SYN flood is 
		detected."
	::= { tcpEntry 17 }

ackScanDiscardTime OBJECT-TYPE
        SYNTAX  INTEGER (0..1440)
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "The time in which ACK scan messages should be discarded.
		Default 15 minutes"
        ::= { tcpEntry 18 }

halfOpenConnectionResetEnable  OBJECT-TYPE
	SYNTAX 	INTEGER {
		resetDisable (1),
		resetAllUnfinished3WHConns (2),
		resetDosUnfinished3WHConns (3)
	}
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"Resets either all or only DOS packets whose 3 Way Handshake has not finished. Default: Disable(1). "
	::= { tcpEntry 19 }

outOfContextTcpPktEnable  OBJECT-TYPE
	SYNTAX 	INTEGER {
		enable (1),
		disable (2),
		permit-out-of-order (3),
		deny-no-tcb (4),
		stateless-inspection (5)
	}
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"Used to en/dis able processing of out of context TCP packets. Enable aka PERMIT, Disable aka DENY, PERMIT_OUT_OF_ORDER(3), DENY-NO-TCB (4) aka PERMIT-ACL-MODE, STATELESS_INSPECTION (5). Default: PERMIT(1)"
	::= { tcpEntry 20 }

synCookieConfig  OBJECT-TYPE
	SYNTAX INTEGER {
		disable (0),
		enable-inbound (1),
		enable-outbound (2),
		enable-in-out (3) 
	}
	MAX-ACCESS  read-write
	STATUS  current
	DESCRIPTION
		" This object specifies the directions in which to enable syn cookie when there is a
		SYN flood.  This option is valid only for monitoring ports operating in inline mode.
		Default: 0"
	::= { tcpEntry 21 }
    
synCookieInboundThreshold  OBJECT-TYPE
	SYNTAX INTEGER (0..420000)
 	MAX-ACCESS  read-write
	STATUS   current
	DESCRIPTION
		"This object specifies the threshold value for the number of incomplete SYNs from outside 
         network beyond which SYN cookie mechanism has to be enabled.
		Default: 4096" 
	::= { tcpEntry 22 }

synCookieOutboundThreshold  OBJECT-TYPE
	SYNTAX INTEGER (0..420000)
 	MAX-ACCESS  read-write
	STATUS   current
	DESCRIPTION
		"This object specifies the threshold value for the number of incomplete SYNs from inside
         network beyond which SYN cookie mechanism has to be enabled.
		Default: 4096" 
	::= { tcpEntry 23 }

synCookieMss OBJECT-TYPE
	SYNTAX INTEGER (536..1460)
 	MAX-ACCESS  read-write
	STATUS   current
	DESCRIPTION
		"This object specifies the maximum segment size to be sent in SYN Ack, with SYN cookie mechanism enabled.
		Default: 536" 
	::= { tcpEntry 24 }

sinkHoleTimeToLive OBJECT-TYPE
        SYNTAX INTEGER (6..18)
        MAX-ACCESS  read-write
        STATUS   current
        DESCRIPTION
                "This object specifies the TTL duration for sinkhole. TTL duration can range from 6 hours to 18 hours,
                Default: 12 hours"
        ::= { tcpEntry 25 }

sinkHoleIpAddress OBJECT-TYPE
        SYNTAX  IpAddress
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "This object is used to configure IPv4 address of sinkhole. It can be any valid ip address apart from 
                broadcast and multicast address.
                Default: 127.0.0.1"
        ::= { tcpEntry 26 }

--
-- TCP/UDP session reset and log table
--
sessionTable  OBJECT-TYPE
	SYNTAX SEQUENCE OF SessionEntry
	MAX-ACCESS  not-accessible
	STATUS	current
	DESCRIPTION 
		"Session table is used by user to configure TCP and UDP flows
		in the sensor."
	::= { sensorCardGrp 8 }

sessionEntry  OBJECT-TYPE
	SYNTAX 	SessionEntry
	MAX-ACCESS  not-accessible
	STATUS	current
	DESCRIPTION 
		"Indexed with 5-tuple flow parameters and VIDS identifier.
		This table is used only to send sets to the sensor. Doing
		GET on this table will not return any information."
	INDEX {sessionSrcIpAddress, sessionDestIpAddress,
		sessionSrcPortNo, sessionDestPortNo, sessionProtocol,
		sessionVIDSIdentifier }
	::= { sessionTable 1 }

SessionEntry ::= SEQUENCE {
	sessionSrcIpAddress
		IpAddress,
	sessionDestIpAddress
		IpAddress,
	sessionSrcPortNo
		INTEGER,
	sessionDestPortNo
		INTEGER,
	sessionProtocol
		INTEGER,
	sessionVIDSIdentifier
		INTEGER,
	sessionConfigAction
		INTEGER,
	sessionLogTime
		INTEGER,
	sessionIntfPortNo
		TrellixPortLinearIndex
}

sessionSrcIpAddress OBJECT-TYPE
	SYNTAX 	IpAddress
	MAX-ACCESS  not-accessible
	STATUS	current
	DESCRIPTION 
		"Source ip address."
	::= { sessionEntry 1 }

sessionDestIpAddress OBJECT-TYPE
	SYNTAX 	IpAddress
	MAX-ACCESS  not-accessible
	STATUS	current
	DESCRIPTION 
		"Destination ip address."
	::= { sessionEntry 2 }

sessionSrcPortNo OBJECT-TYPE
	SYNTAX 	INTEGER
	MAX-ACCESS  not-accessible
	STATUS	current
	DESCRIPTION 
		"Source port number."
	::= { sessionEntry 3 }

sessionDestPortNo OBJECT-TYPE
	SYNTAX INTEGER
	MAX-ACCESS  not-accessible
	STATUS	current
	DESCRIPTION 
		"Destination port number."
	::= { sessionEntry 4 }

sessionProtocol OBJECT-TYPE
	SYNTAX 	INTEGER {
		tcp (1),
		udp (2)
	}
	MAX-ACCESS  not-accessible
	STATUS	current
	DESCRIPTION 
		"Protocol type."
	::= { sessionEntry 5 }

sessionVIDSIdentifier OBJECT-TYPE
	SYNTAX 	INTEGER
	MAX-ACCESS  not-accessible
	STATUS	current
	DESCRIPTION 
		"VIDS identifier that owns this flow. If VIDS is not 
		enabled, this oject will be ignored."
	::= { sessionEntry 6 }

sessionConfigAction OBJECT-TYPE
	SYNTAX 	INTEGER {
		resetSession (1),
		logSession (2)
	}
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"Setting this object to resetSession(1) causes the flow
		to be reset.

		Setting this object to logSession(2) causes the flow to be
		logged for the time specified with sessionLogTime object."
	::= { sessionEntry 7 }

sessionLogTime OBJECT-TYPE
	SYNTAX 	INTEGER
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"The time for which the packet needs to be logged."
	::= { sessionEntry 8 }

sessionIntfPortNo OBJECT-TYPE
	SYNTAX 	TrellixPortLinearIndex
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"The sensor linear interface port index on which the attack has been detected. 
		This is mandatory when the sessionConfigAction is resetSession. "
	::= { sessionEntry 9 }


--
-- IPV6 TCP/UDP session reset and log table 
--

sessionV6Table  OBJECT-TYPE
	SYNTAX SEQUENCE OF SessionV6Entry
	MAX-ACCESS  not-accessible
	STATUS	current
	DESCRIPTION 
		"Session table v6 is used by user to configure TCP and UDP flows
		over Ipv6 in the sensor."
	::= { sensorCardGrp 9 }

sessionV6Entry  OBJECT-TYPE
	SYNTAX 	SessionV6Entry
	MAX-ACCESS  not-accessible
	STATUS	current
	DESCRIPTION 
		"Indexed with 5-tuple flow parameters and VIDS identifier.
		This table is used only to send sets to the sensor. Doing
		GET on this table will not return any information."
	INDEX {sessionSrcIpv6Address, sessionDestIpv6Address,
		sessionv6SrcPortNo, sessionv6DestPortNo, sessionv6Protocol,
		sessionv6VIDSIdentifier }
	::= { sessionV6Table 1 }

SessionV6Entry ::= SEQUENCE {
	sessionSrcIpv6Address
		Ipv6Address,
	sessionDestIpv6Address
		Ipv6Address,
	sessionv6SrcPortNo
		INTEGER,
	sessionv6DestPortNo
		INTEGER,
	sessionv6Protocol
		INTEGER,
	sessionv6VIDSIdentifier
		INTEGER,
	sessionv6ConfigAction
		INTEGER,
	sessionv6LogTime
		INTEGER,
	sessionv6IntfPortNo
		TrellixPortLinearIndex
}

sessionSrcIpv6Address OBJECT-TYPE
	SYNTAX 	Ipv6Address
	MAX-ACCESS  not-accessible
	STATUS	current
	DESCRIPTION 
		"Source ipv6 address."
	::= { sessionV6Entry 1 }

sessionDestIpv6Address OBJECT-TYPE
	SYNTAX 	Ipv6Address
	MAX-ACCESS  not-accessible
	STATUS	current
	DESCRIPTION 
		"Destination ipv6 address."
	::= { sessionV6Entry 2 }

sessionv6SrcPortNo OBJECT-TYPE
	SYNTAX 	INTEGER
	MAX-ACCESS  not-accessible
	STATUS	current
	DESCRIPTION 
		"Source port number."
	::= { sessionV6Entry 3 }

sessionv6DestPortNo OBJECT-TYPE
	SYNTAX INTEGER
	MAX-ACCESS  not-accessible
	STATUS	current
	DESCRIPTION 
		"Destination port number."
	::= { sessionV6Entry 4 }

sessionv6Protocol OBJECT-TYPE
	SYNTAX 	INTEGER {
		tcp (1),
		udp (2)
	}
	MAX-ACCESS  not-accessible
	STATUS	current
	DESCRIPTION 
		"Protocol type."
	::= { sessionV6Entry 5 }

sessionv6VIDSIdentifier OBJECT-TYPE
	SYNTAX 	INTEGER
	MAX-ACCESS  not-accessible
	STATUS	current
	DESCRIPTION 
		"VIDS identifier that owns this flow. If VIDS is not 
		enabled, this oject will be ignored."
	::= { sessionV6Entry 6 }

sessionv6ConfigAction OBJECT-TYPE
	SYNTAX 	INTEGER {
		resetSession (1),
		logSession (2)
	}
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"Setting this object to resetSession(1) causes the flow
		to be reset.

		Setting this object to logSession(2) causes the flow to be
		logged for the time specified with sessionLogTime object."
	::= { sessionV6Entry 7 }

sessionv6LogTime OBJECT-TYPE
	SYNTAX 	INTEGER
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"The time for which the packet needs to be logged."
	::= { sessionV6Entry 8 }

sessionv6IntfPortNo OBJECT-TYPE
	SYNTAX 	TrellixPortLinearIndex
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"The sensor linear interface port index on which  the attack has been detected. 
		This is mandatory when the sessionConfigAction is resetSession "
	::= { sessionV6Entry 9 }

pluggableModuleState  OBJECT-TYPE
	SYNTAX 	INTEGER
	MAX-ACCESS  read-only
	STATUS	current
	DESCRIPTION 
		"Indicates the state of the pluggable modules in the system. Applicable
    for Rubicon models only. 32 bit  starting from LSB, 4 bits for each 
    slot starting from 2, will contain the moduleSysType enum
    => 0000 0000 0000 0000 0000 <slot4> <slot3> 0000."
	::= { sensorCardGrp 10 }

-- This group conatins all MIB objects that specify the configuration of 
-- the IntruShield interface port.
--
-- The object intfPortTable within this group suggests that the MIB is 
-- designed to support sensor cards that can contain more than one interface 
-- port.
--

interfacePortGrp  OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 11 }

intfPortTable  OBJECT-TYPE
	SYNTAX SEQUENCE OF IntfPortEntry
	MAX-ACCESS  not-accessible
	STATUS	current
	DESCRIPTION 
		"Table containing entries for each interface port (indexed via intfPortIndex) 
		on each sensor card (indexed via appropriate slotIndex).
		
		This table contains Trellix specific configuration objects.
		Tables that contain MIB objects borrowed from MIB-II are in the 
		TRELLIX-SENSOR-PERF-MIB."
	::= { interfacePortGrp 1 }

intfPortEntry  OBJECT-TYPE
	SYNTAX 	IntfPortEntry
	MAX-ACCESS  not-accessible
	STATUS	current
	DESCRIPTION 
		"This MIB object contains all the columnar objects, 
		that describe the contents of each interface port on each IntruShield sensor card.
		Indexed by slotIndex/intfPortIndex"
	INDEX { slotIndex, 
		intfPortIndex }
	::= { intfPortTable 1 }

IntfPortEntry ::= SEQUENCE {
	intfPortIfDescr
		DisplayString,
	intfPortIfType
		TrellixIDSPortType,
	intfPortIfAdminStatus
		INTEGER,
	intfPortIfOperStatus
		INTEGER,
	intfPortOperatingMode
		TrellixIDSOperatingMode,
	intfPortEnableFullDuplex
		TruthValue,
	intfPortFullDuplexPeer
		Integer32,
	intfPortSpeed
		INTEGER,
	intfPortSpeedConfig
		TrellixPortSpeed, -- was TrellixFEType, now deprecated
	intfPortEnableInternalTap
		TruthValue,
	intfPortInOutType
		INTEGER,
	intfGEPortSpeedConfig
		INTEGER,
	intfFailOpenSwitchStatus
		INTEGER,
	intfFailOpenPortStatus
		INTEGER,
	intfPortEnableAntiSpoofing
		INTEGER,
	intfPortHostQRActionStatus
		INTEGER,
	intfPortMpeQRActionStatus
		INTEGER,
	intfPortAllowlistACLLookupStatus
		INTEGER,
        intfPortPeerDeviceAdvtStatus
                INTEGER,
        intfPortIsMcafeeConnector
                TruthValue,
        intfPortAllowAnyConnector
                TruthValue,
        intfPortCageType
                INTEGER,
        intfPortGetMediaType
                INTEGER,
        intfPortSetMediaType
                INTEGER,
        intfPortAdditionalInfo
                DisplayString,
	intfPortMonPortIpAddress
		IpAddress,
	intfPortMonPortNetMask
		IpAddress,
	intfPortGatewayIpAddress
		IpAddress,
	intfPortNbadConfigStatus
		TruthValue,
	intfPortVlanId
		Integer32,
	intfPortAppIdStatsConfigStatus
		TruthValue,
  	intfPortConnectorType
    		INTEGER,
	intfPortLinearIndex
		TrellixPortLinearIndex,
	intfPortFecConfig
		INTEGER,
	intfPortTranceiverSerialNumber
		DisplayString
}

intfPortIfDescr  OBJECT-TYPE
	SYNTAX 	DisplayString (SIZE(0..255))
	MAX-ACCESS  read-only
	STATUS	current
	DESCRIPTION 
		"A textual string containing information about the interface.  
		Returns the string that is printed on the box."
	::= { intfPortEntry 1 }

intfPortIfType  OBJECT-TYPE
	SYNTAX 	TrellixIDSPortType
	MAX-ACCESS  read-only
	STATUS	current
	DESCRIPTION 
		"The type of interface, distinguished according to the 
		physical/link protocol(s) immediately 'below' the network 
		layer in the protocol stack.
		
		For brevity, Trellix options are as specified by the TC, 
		TrellixIDSPortType.
		
		However, the SNMP MIB-II - Interfaces MIB specifies many more 
		valid options. See comments section for details.
		"
	::= { intfPortEntry 2 }

intfPortIfAdminStatus  OBJECT-TYPE
	SYNTAX 	INTEGER {
		up (1),
		down (2)
	}
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"The desired state of the interface.  
		The testing(3) state indicates that no operational packets 
		can be passed.

		Default: down"
	::= { intfPortEntry 3 }

intfPortIfOperStatus  OBJECT-TYPE
	SYNTAX 	INTEGER {
		up (1),
		down (2)
	}
	MAX-ACCESS  read-only
	STATUS	current
	DESCRIPTION 
		"The current operational state of the interface.
		The testing(3) state indicates that no operational packets 
		can be passed.
		
		Default: down"
	::= { intfPortEntry 4 }

intfPortOperatingMode  OBJECT-TYPE
	SYNTAX 	TrellixIDSOperatingMode
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"ReadWrite parameter specifies the operating mode for the 
                Trellix IDS sensor to be used. Different modes supported are
                inline-fo-passive(1), non-inline or tap(2), span(3) and
                inlne-fc(4), inline-fo-active kit(5 - available on M-series only).
		
		Default: non-inline"
	::= { intfPortEntry 5 }

-- Support for intfPortEnableFullDuplex is deprecated in V-series sensors(VmIPS).
intfPortEnableFullDuplex  OBJECT-TYPE
	SYNTAX 	TruthValue
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"True: Sets interface port to work as a full-duplex one. 
		Otherwise as half-duplex.
		
		Default: True"
	::= { intfPortEntry 6 }

-- Support for intfPortFullDuplexPeer is deprecated in V-series sensors(VmIPS).
intfPortFullDuplexPeer  OBJECT-TYPE
	SYNTAX 	Integer32 (1..32)
	MAX-ACCESS  read-only
	STATUS	current
	DESCRIPTION 
		"This MIB object returns the intfPortIndex value of the 
		interface port that is a peer. Used only when operating mode
		is inline(1) or monitor-dual-intf(2)."
	::= { intfPortEntry 7 }

-- Support for intfPortSpeed is deprecated in V-series sensors(VmIPS).
intfPortSpeed  OBJECT-TYPE
	SYNTAX 	INTEGER {
		other (0),
		ten-Mbps (1),
		hundred-Mbps (2),
		one-Gbps(3), -- renamed from gig-Mbps
		ten-Gbps(4),  -- support in M-series and R-series only
		forty-Gbps(5)  -- support in R-series only
	}

	MAX-ACCESS  read-only
	STATUS	current
	DESCRIPTION 
		"Get current speed/negotiation on the interface."
	::= { intfPortEntry 8 }

-- Support for intfPortSpeedConfig is deprecated in V-series sensors(VmIPS).
intfPortSpeedConfig  OBJECT-TYPE
	SYNTAX 	TrellixPortSpeed -- was TrellixFEType, now deprecated
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"Set desired speed/negotiation on the interface.
                 Default values are as follows: 
	I-Series -
		fixed-hundred-Mbps (infinity/hichborn/2x00(1a-3b)
		auto-gig-Mbps on 3000/4010/4000/2x00(4a,4b)
	M-Series -
		auto-ten-gig-Mbps on palomar/pyramid(1a-4b),auto-gig-Mbps(5a-8b)
		Default: see above"
	::= { intfPortEntry 9 }


intfPortEnableInternalTap  OBJECT-TYPE
	SYNTAX 	TruthValue
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"Set to TRUE to enable feature. Applies to Fast Ethernet (FE) 
		ports only (see TrellixIDSPortType).
		For non FE ports, set to 'FALSE' .
		Setting this to 'TRUE' requires that 
		<intfPortCurrentOperatingMode> is already set to 
		'monitor-dual-intf'
		Default: True"

	::= { intfPortEntry 10 }

intfPortInOutType  OBJECT-TYPE
	SYNTAX 	INTEGER {
		inside (1),
		outside (2),
		not-specified (3)
	}
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"This MIB object reflects the Input or Output labeling 
		of this interface port. Used only when operating mode
		is inline(1) or monitor-dual-intf(2). 

		Default: not-specified(3)"
	::= { intfPortEntry 11 }

-- Definition of intfGEPortSpeedConfig OID stays in the MIB
-- Support for intfGEPortSpeedConfig is deprecated in sensors using new MIB.
-- Support for intfGEPortSpeedConfig is deprecated in M-series sensors and V-series sensors(VmIPS).
intfGEPortSpeedConfig  OBJECT-TYPE
	SYNTAX 	TrellixGEType
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"Only applicable to gigabit-ethernet ports, to specify 
		whether auto or 1 Gbps
		See TrellixGEType
		
		Default: 'auto-negotiate'"
	::= { intfPortEntry 12 }

-- Support for intfFailOpenSwitchStatus is availble in V-series sensors(VmIPS)
-- only when port operting mode is inline-fo-active
intfFailOpenSwitchStatus  OBJECT-TYPE
	SYNTAX 	INTEGER {
		not-applicable(1),
		present(2),
		not-present(3)
	}
	MAX-ACCESS  read-only
	STATUS	current
	DESCRIPTION 
		"Returns the status of the external optical bypass switch
		status. For FE ports, this object will return 
		not-applicable(1). For GE ports, if external optical bypass 
		switch is connected to sensor ports, this will return 
		present(2). Otherwise, it will return not-present(3)."
	::= { intfPortEntry 13 }

-- Support for intfFailOpenPortStatus is availble in V-series sensors(VmIPS)
-- only when port operting mode is inline-fo-active
intfFailOpenPortStatus  OBJECT-TYPE
	SYNTAX 	INTEGER {
		not-applicable(1),
		inline-fail-open(2),
		bypass(3),
                tap (4),
                absent (5),
                unknown (6),
                layer2-bypass (7)
               
	}
	MAX-ACCESS  read-only
	STATUS	current
	DESCRIPTION 
		"Returns the packet forwarding status of the sensor ports connected to the optical bypass switch.
		If status is inline-fail-open(2), sensor is doing the
		forwarding. If status is bypass(3), the bypass switch is
		doing the forwarding and sensor will not process any
                traffic in this mode. Tap(4), absent(5) , unknown (6) and layer2-bypass(7)
                are available only in M-series for non RJ45(captive) ports
                when connected to active FO kit and sensor operating mode
                is inline-fail-open-active-kit.
                tap - operational status(up), kit(present), heart-beat(tap)
                absent - operational status(up), kit(absent), hear-beat(none)
                unknown - operational status(down), kit(absent), heart-beat(not available)."
	::= { intfPortEntry 14 }

intfPortEnableAntiSpoofing  OBJECT-TYPE
	SYNTAX 	INTEGER {
		disable-bothsides-spoof-detect (1),
		enable-inside-spoof-detect (2),
		enable-outside-spoof-detect (3),
		enable-bothsides-spoof-detect (4)
	}
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "spoofed packet detect rcvd on the both sides .

                Default: 'disable-bothsides-spoof-detect' (0) "
        ::= { intfPortEntry 15 }

-- unallocated   ::= { intfPortEntry 16 }
-- unallocated   ::= { intfPortEntry 17 }

intfPortHostQRActionStatus OBJECT-TYPE
	SYNTAX 	INTEGER {
		disabled(0),
		quarantine(1),
		remediate(2)
	}
	MAX-ACCESS  read-write
	STATUS	obsolete
	DESCRIPTION 
		"This object depicts the sensor level host quarantine and remediation action status 
		 for the specific interface port. The value 'quarantine' indicates just quarantine the host and
		 the value 'remediate' indicates both quarantining and remediating the host.		 
		Default: disabled"
	::= { intfPortEntry 18 }


intfPortMpeQRActionStatus OBJECT-TYPE
	SYNTAX 	INTEGER {
		disabled(0),
		mpeNotify(1),
		mpeQuarantine(2),
		mpeRemediate(3)
	}
	MAX-ACCESS  read-write
	STATUS	obsolete
	DESCRIPTION 
		"This object depicts the MPE respone based host quarantine and remediation action status for the 
		 specific interface port. The value 'mpeNotify' indicates just informing the MPE server
		 about the problem host; the value 'mpeQuarantine' indicates first informing the MPE server
		 about the problem host and then quarantine the host based on the response from the MPE-server
		 and the MPE based Quarantine and Remediation scope mib object value; and the value 'mpeRemediate' 
		 indicates first informing the MPE server about the problem host and then remediating the host 
		 based on the response from the MPE-server and the MPE based Quarantine and Remediation scope
		 mib object value.
		Default: disabled"
	::= { intfPortEntry 19 }

intfPortAllowlistACLLookupStatus OBJECT-TYPE
	SYNTAX 	INTEGER {
		disabled(0),
		enabled(1)
	}
	MAX-ACCESS  read-write
	STATUS	obsolete
	DESCRIPTION 
		"This object indicates the status of allowlist ACL lookup for this interface port.
		Default: disabled"
	::= { intfPortEntry 20 }

-- intfPortPeerDeviceAdvtStatus support in M-series sensor only
intfPortPeerDeviceAdvtStatus  OBJECT-TYPE
	SYNTAX 	INTEGER {
		other (0)            -- need to provide enum list
	}
	MAX-ACCESS  read-only
	STATUS	current
	DESCRIPTION 
		"Applicable if sensor port is set to auto-negotiate, else other(0). Specifies the advertised speed-duplex of the peer appliance port connected to this sensor port."
	::= { intfPortEntry 21 }

-- intfPortIsMcafeeConnector support in M-series sensor only
intfPortIsMcafeeConnector  OBJECT-TYPE
	SYNTAX 	TruthValue
	MAX-ACCESS  read-only
	STATUS	current
	DESCRIPTION 
		"True: connector is not inserted. 
		 True: connector is inserted in port and McAfee certified. 
                 False: connector is inserted and not McAfee certified.  "
	::= { intfPortEntry 22 }

-- intfPortAllowAnyConnector support in M-series sensor only
intfPortAllowAnyConnector  OBJECT-TYPE
	SYNTAX 	TruthValue
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"True: Permit usage of any connector for port. 
                 False: Restrict usage to McAfee certified connector only. 
		Default: False"
	::= { intfPortEntry 23 }

-- intfPortCageType support in M-series and R-series sensor only
intfPortCageType  OBJECT-TYPE
	SYNTAX 	INTEGER {
		other (0),
		rJ-45 (1),
		rJ-11 (2),
		gBIC (3),
		sFP (4),
		xFP (5),
    sFP-plus (6), -- support in R-series only
    qSFP (7), -- support in R-series only
    rJ-45-plus (8), -- support in R-series only
    sFP-plus-BPFO (9) -- support in R-series only
	}
	MAX-ACCESS  read-only
	STATUS	current
	DESCRIPTION 
		"Physical connector cage type on sensor chassis panel."
	::= { intfPortEntry 24 }

-- intfPortGetMediaType support in M-series sensor only
intfPortGetMediaType OBJECT-TYPE
	SYNTAX 	INTEGER {
		none (0),
		optical (1),
		electrical (2)
	}
	MAX-ACCESS  read-only
	STATUS	current
	DESCRIPTION 
		"Gets the media of the connector present in the port cage. None (0) if cage is empty."
	::= { intfPortEntry 25 }

-- intfPortSetMediaType support in M-series sensor only
intfPortSetMediaType OBJECT-TYPE
	SYNTAX 	INTEGER {
		optical(1),
		electrical (2)
	}
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"Sets the media of the connector the user desired for the port.
		Default: optical"
	::= { intfPortEntry 26 }

intfPortAdditionalInfo  OBJECT-TYPE
	SYNTAX 	DisplayString (SIZE(0..255))
	MAX-ACCESS  read-only
	STATUS	current
	DESCRIPTION 
		"A textual string containing information about the interface.  
		Typically returns connector specific information.
		For V-series sensors(vmips) this object will return monitoring ports label."
	::= { intfPortEntry 27 }

intfPortMonPortIpAddress OBJECT-TYPE
	SYNTAX 	IpAddress
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"This object is used to configure / retrieve the IPv4 address of the monitoring port.
		 Default: 0.0.0.0"
	::= { intfPortEntry 28 }

intfPortMonPortNetMask OBJECT-TYPE
	SYNTAX 	IpAddress
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"This object is used to configure / retrieve netmask for the IPv4 address of the monitoring port.
		 Default: 0.0.0.0"
	::= { intfPortEntry 29 }

intfPortGatewayIpAddress OBJECT-TYPE
	SYNTAX 	IpAddress
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"This object is used to configure / retrieve the IPv4 address of the gateway.
		 Default: 0.0.0.0"
	::= { intfPortEntry 30 }

intfPortNbadConfigStatus OBJECT-TYPE
	SYNTAX 	TruthValue
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"This object value if set to TRUE indicates that flow record generation
		 to be sent to the NBAD server, is enabled over this monitoring port.
		Default: False"
	::= { intfPortEntry 31 }

intfPortVlanId  OBJECT-TYPE
	SYNTAX 	Integer32 (0..2164326399)
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"This MIB object indicates the Vlan ID of the VLAN to which the monitoring 
		 port is connected."
	::= { intfPortEntry 32 }

intfPortAppIdStatsConfigStatus  OBJECT-TYPE
	SYNTAX 	TruthValue
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"This object value if set to TRUE indicates that the appId stats collection is enabled
         over this monitoring port.
		Default: True"
	::= { intfPortEntry 33 }

-- intfPortConnectorType support in R-series sensor only
intfPortConnectorType  OBJECT-TYPE
	SYNTAX 	INTEGER {
		other (0),
		qSFP (1),
		sFP-plus (2),
		sFP-fiber (3),
		sFP-copper (4)
	}
	MAX-ACCESS  read-only
	STATUS	current
	DESCRIPTION 
		"Physical connector type plugged into the port cage."
	::= { intfPortEntry 34 }

intfPortLinearIndex   OBJECT-TYPE
	SYNTAX 	TrellixPortLinearIndex
	MAX-ACCESS  read-only
	STATUS	current
	DESCRIPTION 
		"This MIB object indicates the Linear Index of the monitoring port. This index is 
		generated by the sensor appliance using the pair of slot index and the port index values.
		The other MIB tables would directly use this linear index, whereever applicable."
	::= { intfPortEntry 35 }

intfPortFecConfig  OBJECT-TYPE
        SYNTAX  INTEGER
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "This object is used to configure FEC"
        ::= { intfPortEntry 36 }

intfPortTranceiverSerialNumber  OBJECT-TYPE
        SYNTAX  DisplayString (SIZE(0..255))
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
                "A textual string containing information about the interface.
                Typically returns transceiver's serial number."
        ::= { intfPortEntry 37 }

-- Support for intfPortGBICHotSwapTime is deprecated in V-series sensors(VmIPS).
intfPortGBICHotSwapTime  OBJECT-TYPE
	SYNTAX 	DateAndTime
	MAX-ACCESS  read-only
	STATUS	current
	DESCRIPTION 
		"Indicates time when the front end GBIC for any port was hot swapped last."
	::= { interfacePortGrp 2 }

--This group contains all MIB objects that specify the configuration of the IntruShield 
--response port.
--
--The object respPortTable within this group suggests that the MIB is designed to support
--response cards that can contain more than one response port.

responsePortGrp  OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 12 }

respPortTable  OBJECT-TYPE
	SYNTAX SEQUENCE OF RespPortEntry
	MAX-ACCESS  not-accessible
	STATUS	current
	DESCRIPTION 
		"Table containing entries for each response port (indexed via respPortIndex) 
		on each sensor card (indexed via valid slotIndex).
		
		This table contains Trellix specific MIB objects.
		"
	::= { responsePortGrp 1 }

respPortEntry  OBJECT-TYPE
	SYNTAX 	RespPortEntry
	MAX-ACCESS  not-accessible
	STATUS	current
	DESCRIPTION 
		"This MIB object contains all the columnar objects, 
		that describe the contents of each response port within the Trellix IDS sensor card.
		Indexed by slotIndex/respPortIndex"
	INDEX { slotIndex, 
		respPortIndex }
	::= { respPortTable 1 }

RespPortEntry ::= SEQUENCE {
	respPortDescr
		DisplayString,
	respPortType
		TrellixIDSPortType,
	respPortAdminStatus
		INTEGER,
	respPortOperStatus
		INTEGER,
	respPortEnableFullDuplex
		TruthValue,
	respPortSpeed
		TrellixPortSpeed, -- was TrellixFEType,
	respPortPktDestination
		INTEGER,
	respPortMacAddress
		MacAddress,
	respCUGEPortSpeed
		TrellixCUGEType,
	respAdditionalInfo
		DisplayString
}

respPortDescr  OBJECT-TYPE
	SYNTAX 	DisplayString
	MAX-ACCESS  read-only
	STATUS	current
	DESCRIPTION 
		"A textual string containing information about the interface.  
		Returns the string that is printed on the box."
	::= { respPortEntry 1 }

respPortType  OBJECT-TYPE
	SYNTAX 	TrellixIDSPortType
	MAX-ACCESS  read-only
	STATUS	current
	DESCRIPTION 
		"The type of interface, distinguished according to the 
		physical/link protocol(s) immediately 'below' the network 
		layer in the protocol stack.
		
		See  TrellixIDSPortType.
		"
	::= { respPortEntry 2 }

respPortAdminStatus  OBJECT-TYPE
	SYNTAX 	INTEGER {
		up (1),
		down (2)
	}
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"The desired state of the interface.  
		
		Default: Up"
	::= { respPortEntry 3 }

respPortOperStatus  OBJECT-TYPE
	SYNTAX 	INTEGER {
		up (1),
		down (2)
	}
	MAX-ACCESS  read-only
	STATUS	current
	DESCRIPTION 
		"The current operational state of the interface.
		The testing(3) state indicates that no operational packets 
                can be passed."
	::= { respPortEntry 4 }

-- Support for respPortEnableFullDuplex is deprecated in V-series sensors(VmIPS).
respPortEnableFullDuplex  OBJECT-TYPE
	SYNTAX 	TruthValue
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"True: Sets response port to work as a full-duplex one. 
		otherwise as half-duplex.
		If True, respPortFullDuplexPeer must be specified.
		
		Default: False
		"
	::= { respPortEntry 5 }

-- Support for respPortSpeed is deprecated in V-series sensors(VmIPS).
respPortSpeed  OBJECT-TYPE
	SYNTAX 	TrellixPortSpeed
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"See TrellixPortSpeed

		Default: fixed-hundred-Mbps (2)"
	::= { respPortEntry 6 }

respPortPktDestination OBJECT-TYPE
	SYNTAX 	INTEGER {
		switch (1),
		router (2)
	}

	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"This object is used when response ports are chosen for
		sending response packets. When router mode is chosen,
		packets will be sent to router with destination MAC as
		defined in intfRespMacAddress.

		Default value is switch (1)."
	::= { respPortEntry 7 }

respPortMacAddress OBJECT-TYPE
	SYNTAX 	MacAddress
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"Specifies the macaddress of the router to which the response
		packets have to be sent to."
	::= { respPortEntry 8 }

-- Support for  respCUGEPortSpeed is deprecated in V-series sensors(VmIPS).
respCUGEPortSpeed  OBJECT-TYPE
	SYNTAX 	TrellixCUGEType
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION
		"Only applicable to copper-gigabit-ethernet ports, to specify whether
		10mbps or 100mbps or 1-gbps or auto-neg. See TrellixCUGEType

		Default: auto-negotiate"
	::= { respPortEntry 9 }


respAdditionalInfo  OBJECT-TYPE
        SYNTAX  DisplayString (SIZE(0..255))
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
                "A textual string containing additional information about the response interface.
                This mib object will be available only on V-series sensors."
        ::= { respPortEntry 11 }


-- respPortPktDestination OBJECT-TYPE
--
-- Interface Response Table
--
intfRespTable  OBJECT-TYPE
	SYNTAX SEQUENCE OF IntfRespEntry
	MAX-ACCESS  not-accessible
	STATUS	current
	DESCRIPTION 
		"Table containing entries for each interface port. The
		table describes how responses have to be sent in monitoring
		mode."
	::= { responsePortGrp 2 }

intfRespEntry  OBJECT-TYPE
	SYNTAX 	IntfRespEntry
	MAX-ACCESS  not-accessible
	STATUS	current
	DESCRIPTION 
		"Indexed by slotIndex/intfPortIndex"
	INDEX { slotIndex, intfPortIndex }
	::= { intfRespTable 1 }

IntfRespEntry ::= SEQUENCE {
	intfRespType
		INTEGER,
	intfRespPortNo
		INTEGER
}

intfRespType OBJECT-TYPE
	SYNTAX 	INTEGER {
		responsePort (1),
		inline (2)
	}

	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"Setting this object to responsePort (2) causes responses
		to be sent via the response port. The response port no that
		needs to be used is specified with intfRespPortNo object.

		Setting this object to inline (3) causes responses to be
		sent inline. Note that in monitoring mode, responses can
		only be sent inline when the monitoring port is in
		half-duplex mode.

		Default action will be responsePort (1)."
	::= { intfRespEntry 1 }

intfRespPortNo OBJECT-TYPE
	SYNTAX 	INTEGER
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"Specifies the response port number that needs to be used
		for this monitoring port. The response ports are configured
		by respPortTable."
	::= { intfRespEntry 2 }


--
-- DOS Configuration Group
--
dosConfigGrp OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 14 }

dosLearningModeAction OBJECT-TYPE
	SYNTAX 	INTEGER {
		forceDetection (1),
		learning (2),
		reloadProfile (3)
	}
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"This object can be used to switch the mode to DOS learning or
		force detection mode . 

		The saved profile can be reloaded by setting the object to
		reloadProfile(3).

		When set to forceDetection (1), user must be warned as follows,
                Warning: You are about to force the sensor into Detection Mode 
                         before the required 48-hour learning period. 
                         The traffic profile learned by the sensor may not be 
                         adequate for DOS attack detection and prevention. 
                         It is desirable to place the sensor in learning mode 
                         while receiving normal traffic for at least 48 hours.  
		"
	::= {dosConfigGrp  1 }

--
-- DOS Profile Table
-- 
-- This table will only support GET requests
--
dosProfileTable  OBJECT-TYPE
	SYNTAX SEQUENCE OF DosProfileEntry
	MAX-ACCESS  not-accessible
	STATUS	current
	DESCRIPTION 
		"Table defines profile data for each DOS VPT entry."
	::= { dosConfigGrp 2 }

dosProfileEntry  OBJECT-TYPE
	SYNTAX 	DosProfileEntry
	MAX-ACCESS  not-accessible
	STATUS	current
	DESCRIPTION 
		"Indexed by VIDS ID and Profile ID."
	INDEX { dosProfileVidsId, dosProfileId }
	::= { dosProfileTable 1 }

DosProfileEntry ::= SEQUENCE {
	dosProfileVidsId
		Unsigned32,
	dosProfileId
		Unsigned32,
	dosProfileStatus
		INTEGER,
	dosProfileLearningTime
		Unsigned32
}

dosProfileVidsId OBJECT-TYPE
	SYNTAX 	Unsigned32
	MAX-ACCESS  not-accessible
	STATUS	current
	DESCRIPTION 
		"The virtual admin domain identifier."
	::= { dosProfileEntry 1 }

dosProfileId OBJECT-TYPE
	SYNTAX 	Unsigned32
	MAX-ACCESS  not-accessible
	STATUS	current
	DESCRIPTION 
		"The identifier of the profile."
	::= { dosProfileEntry 2 }

dosProfileStatus OBJECT-TYPE
	SYNTAX 	INTEGER {
		learning(1),
		detection(2)
	}
	MAX-ACCESS  read-only
	STATUS	current
	DESCRIPTION 
		"The status of the profile entry."
	::= { dosProfileEntry 3 }

dosProfileLearningTime OBJECT-TYPE
	SYNTAX Unsigned32
	MAX-ACCESS  read-only
	STATUS	current
	DESCRIPTION 
		"The time (in hundredths of a second) since learning was started for the profile."
	::= { dosProfileEntry 4 }


--
-- DOS Profile Bulk Table
-- 
dosProfileBulkTable  OBJECT-TYPE
	SYNTAX SEQUENCE OF DosProfileBulkEntry
	MAX-ACCESS  not-accessible
	STATUS	current
	DESCRIPTION 
		"Table defines profile data for each DOS VPT entry. This table
		is primarily used to get the GETNEXT and GETBULK."
	::= { dosConfigGrp 3 }

dosProfileBulkEntry  OBJECT-TYPE
	SYNTAX 	DosProfileBulkEntry
	MAX-ACCESS  not-accessible
	STATUS	current
	DESCRIPTION 
		"Indexed by profile index."
	INDEX { dosProfileBulkIndex }
	::= { dosProfileBulkTable 1 }

DosProfileBulkEntry ::= SEQUENCE {
	dosProfileBulkIndex
		INTEGER,
	dosProfileBulkVidsId
		Unsigned32,
	dosProfileBulkId
		Unsigned32,
	dosProfileBulkStatus
		INTEGER,
	dosProfileBulkLearningTime
		Unsigned32
}

dosProfileBulkIndex OBJECT-TYPE
	SYNTAX 	INTEGER
	MAX-ACCESS  not-accessible
	STATUS	current
	DESCRIPTION 
		"The index of the profile table."
	::= { dosProfileBulkEntry 1 }

dosProfileBulkVidsId OBJECT-TYPE
	SYNTAX 	Unsigned32
	MAX-ACCESS  read-only
	STATUS	current
	DESCRIPTION 
		"The virtual admin domain identifier."
	::= { dosProfileBulkEntry 2 }

dosProfileBulkId OBJECT-TYPE
	SYNTAX 	Unsigned32
	MAX-ACCESS  read-only
	STATUS	current
	DESCRIPTION 
		"The identifier of the profile."
	::= { dosProfileBulkEntry 3 }

dosProfileBulkStatus OBJECT-TYPE
	SYNTAX 	INTEGER {
		learning(1),
		detection(2)
	}
	MAX-ACCESS  read-only
	STATUS	current
	DESCRIPTION 
		"The status of the profile entry."
	::= { dosProfileBulkEntry 4 }

dosProfileBulkLearningTime OBJECT-TYPE
	SYNTAX 	Unsigned32
	MAX-ACCESS  read-only
	STATUS	current
	DESCRIPTION 
		"The time (in hundredths of a second) since learning was started for the profile."
	::= { dosProfileBulkEntry 5 }


--
-- DOS ShortTerm LongTerm Profile Table
-- This table will onl support GET requests
-- 
dosProfileShortAndLongTermTable  OBJECT-TYPE
	SYNTAX SEQUENCE OF DosProfileShortAndLongTermEntry
	MAX-ACCESS  not-accessible
	STATUS	current
	DESCRIPTION 
		"Table defines short term and long term profile data per DOS measure per VPT. Each VPT is indexed by the global VIDSID, global NIId."
	::= { dosConfigGrp 4 }

dosProfileShortAndLongTermEntry  OBJECT-TYPE
	SYNTAX 	DosProfileShortAndLongTermEntry
	MAX-ACCESS  not-accessible
	STATUS	current
	DESCRIPTION 
		"Indexed by global VIDSIndex, global NIIndex & measureId."
	INDEX { dosProfileShortAndLongTermVIDSIndex, dosProfileShortAndLongTermNIIndex, dosProfileShortAndLongTermMeasureIndex }
	::= { dosProfileShortAndLongTermTable 1 }

DosProfileShortAndLongTermEntry ::= SEQUENCE {
	dosProfileShortAndLongTermVIDSIndex
		Unsigned32,
	dosProfileShortAndLongTermNIIndex
		Unsigned32,
	dosProfileShortAndLongTermMeasureIndex
		INTEGER,
	dosProfileShortAndLongTermBinCount
		INTEGER,
	dosProfileShortTermContent
		OCTET STRING,
	dosProfileLongTermContent
		OCTET STRING
}

dosProfileShortAndLongTermVIDSIndex OBJECT-TYPE
	SYNTAX 	Unsigned32
	MAX-ACCESS  not-accessible
	STATUS	current
	DESCRIPTION 
		"The VIDS id index."
	::= { dosProfileShortAndLongTermEntry 1 }

dosProfileShortAndLongTermNIIndex OBJECT-TYPE
	SYNTAX 	Unsigned32
	MAX-ACCESS  not-accessible
	STATUS	current
	DESCRIPTION 
		"The NI id index."
	::= { dosProfileShortAndLongTermEntry 2 }

dosProfileShortAndLongTermMeasureIndex OBJECT-TYPE
	SYNTAX 	INTEGER (1..10)
	MAX-ACCESS  not-accessible
	STATUS	current
	DESCRIPTION 
		"The measure id index."
	::= { dosProfileShortAndLongTermEntry 3 }

dosProfileShortAndLongTermBinCount OBJECT-TYPE
	SYNTAX 	INTEGER (1..32)
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
                "The count indicates the number of short or long term values to be interpreted in their respective content objects. Max value is 32. If the value is set to 10, then only the first 80 bytes in each of the strings have valid data. Note: that 256 octet strings can accomodate a max of 32 values (3 octects each) "
        ::= { dosProfileShortAndLongTermEntry 4 }

dosProfileShortTermContent  OBJECT-TYPE
	SYNTAX 	OCTET STRING (SIZE(256))
	MAX-ACCESS  read-only
	STATUS	current
	DESCRIPTION 
		"This specifies the short term profile data. 
		Default: All 256 octets filled with '0'."
	::= { dosProfileShortAndLongTermEntry 5 }

dosProfileLongTermContent  OBJECT-TYPE
	SYNTAX 	OCTET STRING (SIZE(256))
	MAX-ACCESS  read-only
	STATUS	current
	DESCRIPTION 
		"This specifies the long term profile data. 
		Default: All 256 octets filled with '0'."
	::= { dosProfileShortAndLongTermEntry 6 }

enableDosPktLogging OBJECT-TYPE
	SYNTAX 	INTEGER {
		enable (1),
		disable (2)
	}
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"This object can be used to turn on/off the logging od DOS packets. Default: disable (2)."
	::= { dosConfigGrp  6 }

--
-- Timed Drop DOS Pkt Table
-- This table does not support GET NEXT requests
--
timedDosPktDropTable  OBJECT-TYPE
        SYNTAX SEQUENCE OF TimedDosPktDropEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
                "Table defines action and duration to enable/disable/extend the duration for which DOS pkts are to be drpped. Also provides the absolute time remaining till when it the sensor will drop these packets. "
        ::= { dosConfigGrp 7 }

timedDosPktDropEntry  OBJECT-TYPE
        SYNTAX  TimedDosPktDropEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
                "Indexed by VIDS ID NI ID and MeasureId."
        INDEX { timedDosPktDropVidsIdIndex, timedDosPktDropNiIdIndex, timedDosPktDropMsrIdIndex }
        ::= { timedDosPktDropTable 1 }

TimedDosPktDropEntry ::= SEQUENCE {
        timedDosPktDropVidsIdIndex
                Unsigned32,
        timedDosPktDropNiIdIndex
                Unsigned32,
        timedDosPktDropMsrIdIndex
                INTEGER,
        timedDosPktDropAction
                INTEGER,
        timedDosPktDropDuration
                Unsigned32,
        timedDosPktDropEndTime
                Unsigned32
}

timedDosPktDropVidsIdIndex OBJECT-TYPE
        SYNTAX  Unsigned32
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
                "The Vids identifier."
        ::= { timedDosPktDropEntry 1 }

timedDosPktDropNiIdIndex OBJECT-TYPE
        SYNTAX  Unsigned32
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
                "The NI identifier."
        ::= { timedDosPktDropEntry 2 }

timedDosPktDropMsrIdIndex OBJECT-TYPE
        SYNTAX  INTEGER
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
                "The MeasureId identifier."
        ::= { timedDosPktDropEntry 3 }

timedDosPktDropAction OBJECT-TYPE
        SYNTAX  INTEGER {
                enable(1),
                disable(2),
                extend(3)
        }
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "The action tells the bulkTimedDosPktDropTable to add(enable the duration for), delete(disable), modify(extend the duration for) an entry."
 
        ::= { timedDosPktDropEntry 4 }

timedDosPktDropDuration OBJECT-TYPE
        SYNTAX  Unsigned32
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "The duration for which the DOS pkt drop has been enabled or extended."
        ::= { timedDosPktDropEntry 5 }

--
timedDosPktDropEndTime OBJECT-TYPE
        SYNTAX  Unsigned32
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
                "The absolute end time when the duration for intended action expires."
        ::= { timedDosPktDropEntry 6 }

--
-- Bulk Timed Drop DOS Pkt Table
--
bulkTimedDosPktDropTable  OBJECT-TYPE
        SYNTAX SEQUENCE OF BulkTimedDosPktDropEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
                "Table lists entries indexed by the bulkTimedDosPktDropIndex, each returns the corresponding VidsId, NiId, MeasureId and the EndTime value."
        ::= { dosConfigGrp 8 }

bulkTimedDosPktDropEntry  OBJECT-TYPE
        SYNTAX  BulkTimedDosPktDropEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
                "Indexed by bulk index."
        INDEX { bulkTimedDosPktDropIndex }
        ::= { bulkTimedDosPktDropTable 1 }

BulkTimedDosPktDropEntry ::= SEQUENCE {
        bulkTimedDosPktDropIndex
                INTEGER,
        bulkTimedDosPktDropVidsId
                Unsigned32,
        bulkTimedDosPktDropNiId
                Unsigned32,
        bulkTimedDosPktDropMsrId
                INTEGER,
        bulkTimedDosPktDropEndTime
                Unsigned32
}

bulkTimedDosPktDropIndex OBJECT-TYPE
        SYNTAX  INTEGER
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
                "The bulk index ."
        ::= { bulkTimedDosPktDropEntry 1 }

bulkTimedDosPktDropVidsId OBJECT-TYPE
        SYNTAX  Unsigned32
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
                "The Vids identifier."
        ::= { bulkTimedDosPktDropEntry 2 }

bulkTimedDosPktDropNiId OBJECT-TYPE
        SYNTAX  Unsigned32
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
                "The NI identifier."
        ::= { bulkTimedDosPktDropEntry 3 }

bulkTimedDosPktDropMsrId OBJECT-TYPE
        SYNTAX  INTEGER
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
                "The MeasureId identifier."
        ::= { bulkTimedDosPktDropEntry 4 }

bulkTimedDosPktDropEndTime OBJECT-TYPE
        SYNTAX  Unsigned32
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
                "The absolute end time when the duration for intended action expires."
        ::= { bulkTimedDosPktDropEntry 5 }

internalVLANId  OBJECT-TYPE
        SYNTAX  INTEGER (0..4095)
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "This object identifies the VLAN ID to be used by the sensor to tag 
                any untagged pkts on Rx, and untag them on Tx. It must not match any 
                other VLAN ID assigned for the customer network. Default: 4095 
                "
        ::= { dosConfigGrp 9 }

--This group contians MIB objects for configuration of packet logging.
--The <pktLogServerIPAddress> identifies the IP address of the server
--receiving packets that the Sensor logs when detecting attacks.
--The <pktLogServerPort> identifies the TCP port on this server
--that receives the logged packets.

pktLogGrp  OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 15 }

pktLogServerIPAddress  OBJECT-TYPE
	SYNTAX 	IpAddress
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"IP Address"
	::= { pktLogGrp 1 }

pktLogServerPort  OBJECT-TYPE
	SYNTAX 	Integer32 (1..10000)
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"TCP Port on which the pkt log server can receive packet 
                 logs from the IntruShield IDS."
	::= { pktLogGrp 2 }

pktLogMaxPacketsPerFlow  OBJECT-TYPE
	SYNTAX 	Integer32 (0..64000)
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"Number of packets per flow which need to be logged,
		 0 means log entire flow.
		 Default: 1000"
	::= { pktLogGrp 3 }

pktLogEncryptionEnable  OBJECT-TYPE
	SYNTAX INTEGER {
		enable (1)
	}
	MAX-ACCESS  read-write
	STATUS  current
	DESCRIPTION
		"This object can be used to enable encryption of packet log channel. 
		RC4 will be used for encryption.
		Default: enable (1)"
	::= { pktLogGrp 4 } 

pktLogServerIPv6Address  OBJECT-TYPE
	SYNTAX 	Ipv6Address
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"IPv6 Address of the ISM to which the logs need to be delivered. 
		 ISM should set either the Ipv4 or the Ipv6 address."
	::= { pktLogGrp 5 }

--This group contians MIB objects for configuration of alert throttling.

pktAlertThrottleGrp  OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 16 }

pktAlertThrottleGlobalThreshold OBJECT-TYPE
	SYNTAX 	INTEGER (1..32)
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"Once this threshold is exceeded, sensor will only send one
		summary alert for all addresses (srcip's and destip's) that 
		match the attackid/vidsid.

		Default: 10"
	::= { pktAlertThrottleGrp 1 }

pktAlertThrottleInterval  OBJECT-TYPE
	SYNTAX 	INTEGER (1..3600)
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"If the number of alerts exceeds the amount configured
		in pktAlertThrottleThreshold or 
		pktAlertThrottleGlobalThreshold in pktAlertThrottleInterval
		seconds, alerts will be throttled.

		Units are in seconds.

		Default: 120 seconds"
	::= { pktAlertThrottleGrp 2 }

pktAlertThrottleAction  OBJECT-TYPE
	SYNTAX 	INTEGER {
		enable (1),
		disable (2)
	}
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"This object can be used to enable and disable alert
		throttling.

		Default: enable(1)"
	::= { pktAlertThrottleGrp 3 }

pktAlertThrottleThreshold  OBJECT-TYPE
	SYNTAX 	INTEGER (1..25)
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"This object is used to configure the number of alerts that
		need to be sent before sensor starts to throttle the alerts.
		For example if this value is 10, it will send the first 10
		alerts with the following key: attackid/vidsid/srcip/destip.
		This parameters will use the pktAlertThrottleInterval as the
		interval.

		Default: 5"
	::= { pktAlertThrottleGrp 4 }

pktAlertCorrelationTime  OBJECT-TYPE
	SYNTAX 	INTEGER (1..20)
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"This object is used to configure the time that the sensor will
                correlate multiple signatures for a single attack and only send
                the signature with the lowest benign trigger probability.

		Default: 5 secs"
	::= { pktAlertThrottleGrp 5 }


sslConfigGrp  OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 17 }

sslSessionCacheLifetime OBJECT-TYPE
        SYNTAX  INTEGER (0..4294967296)
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "Duration in minutes for which the SSL Session is kept alive, inspite of no 
                SSL data transfer between the client/server .
                Default: 5"
        ::= { sslConfigGrp 1 }

sslSupportAction  OBJECT-TYPE
	SYNTAX 	INTEGER (0..100000)
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "This object can be used to enable support for specific ssl flow count (non 0) 
                and disable SSL (0) on sensor.  Sensor reboot is typically required to activate 
                support of requested flow count.
                EMS must check for max requested ssl flows based on product type:
                 I4000: 100K, I2600: 25K , I1200: not supported.
                Default: not supported (0)"
        ::= { sslConfigGrp 2 }

sslSupportStatus  OBJECT-TYPE
	SYNTAX 	INTEGER (0..100000)
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
                "This object can be used to get SSL support status on sensor. It will show 0 if disabled, or a non 0 value indicating the ssl flow count currently supported. User must reboot sensor to ensure that requested flow count is actually supported by sensor.
     EMS must check for max supported ssl flows based on product type:
                 I4000: 100K, I2600: 25K , I1200: not supported.
                Default: not supported (0)"
        ::= { sslConfigGrp 3 }

sslSessionRemoveCerts  OBJECT-TYPE
        SYNTAX  INTEGER {
                reset (0)
        }
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "Delete all ssl certs, thereby terminating decryption of related ssl traffic, but leave ssl support enabled within sensor."
        ::= { sslConfigGrp 4 }

sslPktLoggingEnable OBJECT-TYPE
        SYNTAX  INTEGER {
		enable (1),
		disable (2)
        }
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "Specifies if sensor should log decrypted SSL packets or not. 

                Default: 2, disabled"
        ::= { sslConfigGrp 5 }

sslModesofOperation OBJECT-TYPE
        SYNTAX  INTEGER{
               disable (0),
               inbound-known-key-only(1),
               outbound-proxy-only (2),
               inbound-proxy-only (3),
               inbound-and-outbound-proxy (4),
               inbound-known-key-and-outbound-proxy (5)
        }
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "Determines the SSL decryption direction and method.
                disable(0) - No SSL decryption performed for traffic.
                inbound known key only(1) - Only Inbound SSL decryption using RSA key exchange. 
                outbound proxy only(2) - Only Outbound SSL using MITM proxy
                inbound proxy only(3) - Only Inbound SSL using MITM Proxy
                inbound and outbound proxy(4) - Inbound and Outbound proxy using MITM Proxy
                inbound known key and outbound proxy(5) - Inbound using RSA key exchange and Outbound using MITM Proxy
                Default:  disable (0)"
        ::= { sslConfigGrp 6 }

sslSessionCacheLifetimeOutbound OBJECT-TYPE
        SYNTAX  INTEGER (0..4294967296)
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "Duration in minutes for which the SSL Session is kept alive, inspite of no
                SSL data transfer between the client/server. This setting will be applied for
                SSL traffic in Outbound direction.
                This is not applicable on I-series and M-series
                Default: 5"
        ::= { sslConfigGrp 7 }

sslPktLoggingOutboundEnable OBJECT-TYPE
        SYNTAX  INTEGER {
                enable (1),
                disable (2)
        }
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "Specifies if sensor should log decrypted SSL packets or not on the Outbound direction.
                This is not applicable on I-series and M-series
                Default: 2, disabled"
        ::= { sslConfigGrp 8 }

sslProxyOutboundUnknownServerCertificate OBJECT-TYPE
        SYNTAX  INTEGER {
                ignore (1),
                block (2),
                decrypt (3)
        }
        MAX-ACCESS read-write
        STATUS current
        DESCRIPTION
                "This object will be used to configure the action that the sensor will need to
                 take when the sensor is unable to verify the validaity of the certificate.
                 This is not applicable on I-series and M-series
                Default: decrypt(3)"
        ::= { sslConfigGrp 9 }


sslProxyOutboundUntrustedServerCertficate  OBJECT-TYPE
        SYNTAX  INTEGER {
                ignore (1),
                block (2),
                decrypt (3)
        }
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "This object will be used to configure the action that the sensor will need to take
                 when the sensor receives an untrusted certificate from the external server. This could
                 be either due to certificate not being trusted by any root CA, expired, revoked etc.
                 This is not applicable on I-series and M-series
                Default: decrypt (3)"
        ::= { sslConfigGrp 10 }

sslProxyOutboundUnsupportedCipherSuite  OBJECT-TYPE
        SYNTAX  INTEGER {
                ignore (1),
                block (2)
        }
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "This object will be used to configure the action that the sensor will need to take when an
                 internal client sends a list of ciphers and the sensor does not support any of the cipher suite
                 This is not applicable on I-series and M-series
                Default: ignore (1)"
        ::= { sslConfigGrp 11 }

sslProxyInboundUnsupportedCipherSuite  OBJECT-TYPE
        SYNTAX  INTEGER {
                ignore (1),
                block (2)
        }
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "This is reserved for future used. This object is not currently implemented.
                 This object will be used to configure the action that the sensor will need to take when an
                 external client sends a list of ciphers and the sensor does not support any of the cipher suite
                 This is not applicable on I-series and M-series
                Default: ignore (1)"
        ::= { sslConfigGrp 12 }

sslProxyOutboundUnsupportedServerCertificate  OBJECT-TYPE
        SYNTAX  INTEGER {
                ignore (1),
                block (2)
        }
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "This object will be used to configure the action that the sensor will need to take
                 when the sensor encounters an unsupported server certificate in an outbound direction.
                 This is not applicable on I-series and M-series
                Default: ignore (1)"
        ::= { sslConfigGrp 13 }

sslProxyInboundUnsupportedServerCertificate  OBJECT-TYPE
        SYNTAX  INTEGER {
                ignore (1),
                block (2)
        }
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "This is reserved for future used. This object is not currently implemented.
                This object will be used to configure the action that the sensor will need to take
                 when the sensor encounters an unsupported server certificate in an inbound direction.
                 This is not applicable on I-series and M-series
                Default: ignore (1)"
        ::= { sslConfigGrp 14 }

maxSslFlowSupportedInSslDisableMode OBJECT-TYPE
        SYNTAX  INTEGER (0..100000)
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
                "This object specifies the max number of SSL flows supported when SSL is disabled on the sensor."
        ::= { sslConfigGrp 15 }

maxFlowSupportedInSslDisableMode OBJECT-TYPE
        SYNTAX  INTEGER (0..100000)
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
                "This object specifies the max number of flows supported by sensor when SSL is disabled on the sensor."
        ::= { sslConfigGrp 16 }

maxSslFlowSupportedInSslInboundLegacyMode OBJECT-TYPE
        SYNTAX  INTEGER (0..100000)
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
                "This object specifies the max number of SSL flows supported when SSL is enabled in inbound legacy mode."
        ::= { sslConfigGrp 17 }

maxFlowSupportedInSslInboundLegacyMode OBJECT-TYPE
        SYNTAX  INTEGER (0..100000)
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
                "This object specifies the max number of flows supported by sensor when SSL is enabled in inbound legacy mode"
        ::= { sslConfigGrp 18 }

maxSslFlowSupportedInSslOutboundMode OBJECT-TYPE
        SYNTAX  INTEGER (0..100000)
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
                "This object specifies the max number of SSL flows supported when SSL is enabled in outbound mode."
        ::= { sslConfigGrp 19 }

maxFlowSupportedInSslOutboundMode OBJECT-TYPE
        SYNTAX  INTEGER (0..100000)
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
                "This object specifies the max number of flows supported by sensor when SSL is enabled in outbound mode"
        ::= { sslConfigGrp 20 }

sslModesofOperationStatus OBJECT-TYPE
        SYNTAX  INTEGER{
               disable (0),
               inbound-known-key-only(1),
               outbound-proxy-only (2),
               inbound-proxy-only (3),
               inbound-and-outbound-proxy (4),
               inbound-known-key-and-outbound-proxy (5)
        }
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
                "Provides current SSL decryption method used in Sensor for inbound traffic.
                disable(0) - No SSL decryption performed for traffic.
                inbound known key only(1) - Only Inbound SSL decryption using RSA key exchange.
                outbound proxy only(2) - Only Outbound SSL using MITM proxy
                inbound proxy only(3) - Only Inbound SSL using MITM Proxy
                inbound and outbound proxy(4) - Inbound and Outbound proxy using MITM Proxy
                inbound known key and outbound proxy(5) - Inbound using RSA key exchange and Outbound using MITM Proxy
                Default:  disable (0)"
         ::= { sslConfigGrp 21 }

sslProxyOutboundUnknownURLCategory  OBJECT-TYPE
        SYNTAX  INTEGER {
                ignore (1),
                decrypt (3)
        }
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "This object will be used to configure the action that the sensor will need to take
                 when the sensor identifies an unknown url category in the ssl packet. This configuration
                 is only supported in case of outbound ssl.
                 This is not applicable on I-series and M-series
                Default: ignore (1)"
        ::= { sslConfigGrp 22 }

sslShKeyDecryptEnable OBJECT-TYPE
        SYNTAX  INTEGER {
		enable (1),
		disable (2)
        }
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "Specifies if sensor should decrypt using shared keys from SSL probes. 
                Default: 2, disabled"
        ::= { sslConfigGrp 23 }

---
---
---


l2ConfigGrp  OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 18 }

l2ModeEnable OBJECT-TYPE
        SYNTAX  INTEGER {
		enable (1),
		disable (2)
        }
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "This specifies if sensor is configured to detect failure and go into L2 mode on exceeding cfg threshold within cfg duration.

                Default: 2, disabled"
        ::= { l2ConfigGrp 1 }

l2ModeStatus OBJECT-TYPE
        SYNTAX  INTEGER {
                layer2Mode(1),
                ipsMode(2)
        }
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
                "This object identifies the mode the sensor is currently in."

        ::= { l2ConfigGrp 2 }

l2ModeCfgDuration  OBJECT-TYPE
        SYNTAX  INTEGER (1..60)
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "This object specifies the time duration input criteria for enabling the sensor in layer2 mode.

                Default: 10 mins"
        ::= { l2ConfigGrp 3 }

l2ModeCfgThreshold  OBJECT-TYPE
        SYNTAX  INTEGER (1..10)
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "This object specifies the event frequency input criteria for enabling the sensor in layer2 mode.

                Default: 1"
        ::= { l2ConfigGrp 4 }

l2ModeOccCount  OBJECT-TYPE
        SYNTAX  INTEGER (0..10)
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
                "This object identifies the frequency of event occurence when ensor was last enabled in layer2 mode.

                "
        ::= { l2ConfigGrp 5 }

l2ModeReason  OBJECT-TYPE
        SYNTAX  DisplayString (SIZE(0..127))
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
                "This object contains reason for sensor to enter into Layer-2 mode."
        ::= { l2ConfigGrp 6 }


-- acl Logging support on the Sensor

aclLogAlertGrp	OBJECT IDENTIFIER ::=  { ivSensorConfigurationMIB 19 }

aclAlertLogging	OBJECT-TYPE
	SYNTAX	INTEGER {
		g-enable-dropped (1),
		g-enable-allowed (2),
		g-enable-all (3),
		enable-per-acl (4),
		disable (5)
	}
	MAX-ACCESS  read-write
	STATUS  current
	DESCRIPTION   
 		"This object specifies various ways to enable ACL Alert logging or disable it altogether.
		This is applicable on a sensor wide basis for all ports in inline mode.
		Default: disable (5)"
	::= { aclLogAlertGrp 1 }

aclAlertThrottleMaxIpPair OBJECT-TYPE
        SYNTAX  INTEGER (1..32)
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "Once this threshold is exceeded, sensor will only send one
                summary acl alert for all addresses (srcip's and destip's) that
                match the aclid/vidsid.

                Default: 10"
        ::= { aclLogAlertGrp 2 }

aclAlertThrottleInterval  OBJECT-TYPE
        SYNTAX  INTEGER (1..3600)
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "If the number of acl alerts exceeds the amount configured
                in aclAlertThrottleThreshold in aclAlertThrottleInterval
                seconds, alerts will be throttled.

                Units are in seconds.

                Default: 120 seconds"
        ::= { aclLogAlertGrp 3 }


aclAlertThrottleAction  OBJECT-TYPE
        SYNTAX  INTEGER {
                enable (1),
                disable (2)
        }
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "This object can be used to enable and disable acl alert
                throttling.

                Default: enable(1)"
        ::= { aclLogAlertGrp 4 }

aclAlertThrottleThreshold  OBJECT-TYPE
        SYNTAX  INTEGER (1..25)
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "This object is used to configure the number of alerts that
                need to be sent before sensor starts to throttle the alerts.
                For example if this value is 10, it will send the first 10
                alerts with the following key: aclid/vidsid/srcip/destip.
                This parameters will use the aclAlertThrottleInterval as the
                interval.

                Default: 5"
        ::= { aclLogAlertGrp 5 }

aclAlertDirectToSyslog  OBJECT-TYPE
        SYNTAX  INTEGER {
                sendViaNSM (1),
                sendDirect (2)
        }
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "This object can be used to enable sending acl logs directly to syslog viewer instead of sending it via NSM.
         Default: sendViaNSM (1)"
        ::= { aclLogAlertGrp 6 }

--User authentication using TACACS+ 

tacacsPlusAuthGrp  OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 20 }

enableTacacsPlusAuth  OBJECT-TYPE
	SYNTAX INTEGER {
		enable (1),
		disable (2)
	}
	MAX-ACCESS  read-write
	STATUS  current
	DESCRIPTION
		"This object can be used to enable or disable user authentication & accounting using TACACS+.
		Default: disable (2)"
	::= { tacacsPlusAuthGrp 1}

enableTacacsPlusTrafficEncr OBJECT-TYPE
	SYNTAX INTEGER {
		enable (1),
		disable	(2)
	}
	MAX-ACCESS  read-write
	STATUS  current
	DESCRIPTION
		"This object can be used to enable or disable encryption of  TACACS+ traffic.
		Default: disable (2)"
	::= { tacacsPlusAuthGrp 2}

tacacsPlusEncrSecret OBJECT-TYPE
	SYNTAX DisplayString (SIZE(0..64))
	MAX-ACCESS  read-write
	STATUS  current
	DESCRIPTION
		"This object specifies the secret to be used in generating the encrypted TACACS+ traffic"
	::= { tacacsPlusAuthGrp 3}


tacacsPlusServerIPTable  OBJECT-TYPE
	SYNTAX SEQUENCE OF TacacsPlusServerIPEntry
	MAX-ACCESS  not-accessible
	STATUS  current
	DESCRIPTION
		"This table contains entries that specifiy the IP addresses of the TACACS+ servers"
	::= { tacacsPlusAuthGrp 4}

tacacsPlusServerIPEntry  OBJECT-TYPE
	SYNTAX  TacacsPlusServerIPEntry
	MAX-ACCESS  not-accessible
	STATUS  current
	DESCRIPTION
	"This table entry specifies the IP address of the TACACS+ server"
	INDEX { tacIndex }
	 ::= { tacacsPlusServerIPTable 1 }


TacacsPlusServerIPEntry ::= SEQUENCE {
	tacIndex
		INTEGER,
	tacacsPlusServerIPAddr
		IpAddress
	}

tacIndex  OBJECT-TYPE
	SYNTAX  INTEGER
	MAX-ACCESS  not-accessible
	STATUS  current
	DESCRIPTION
		"Fixed index for the four TACACS+ Server entries. Valid values are [1,2,3,4] only."
	::= { tacacsPlusServerIPEntry 1 }

tacacsPlusServerIPAddr OBJECT-TYPE
	SYNTAX IpAddress
	MAX-ACCESS read-write
	STATUS  current
	DESCRIPTION
	"This object specifies the IP Address of the TACACS+ server"
	::= { tacacsPlusServerIPEntry 2 }

enableTacacsPlusAuthorization OBJECT-TYPE
    SYNTAX INTEGER
	MAX-ACCESS  read-write
	STATUS  current
	DESCRIPTION
	        "To enable TACACS Plus authorization"
	::= { tacacsPlusAuthGrp 5 }

-- ipV6  support on sensor 

ipV6ConfigGrp  OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 21 }

ipV6TrafficHandling OBJECT-TYPE
        SYNTAX INTEGER {
              dont-parse-block-inline (1),  
              dont-parse-allow-inline (2),   
              parse-and-detect-attacks (3)    
        }
        MAX-ACCESS  read-write
	  STATUS  current
        DESCRIPTION
             "This object can be used to specify how the IPv6 traffic is handled on all ports of a sensor.
              dont-parse-block-inline - Traffic will not be subjected to IPS/IDS.  On Inline ports, traffic will be blocked.
              dont-parse-allow-inline  -  Traffic will not be subjected to IPS/IDS.  On Inline ports , traffic wll be allowed to go through the sensor.
              parse-and-detect-attacks  - Parse and detect attacks in IPv6 traffic and pass the traffic on inline ports
              Default: dont-parse-allow-inline(2)"
                ::= { ipV6ConfigGrp 2}
                
-- Host Quarantine Config Group
--
hostQGrp  OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 22 }

--
-- Host Quarantine Config Table
--
-- This group conatins all MIB objects that specify the configuration for
-- reconfiguring the hostQ. 
--
hostQConfigGrp  OBJECT IDENTIFIER ::= { hostQGrp  1 }

hostQFilterTimeOut OBJECT-TYPE
	SYNTAX 	INTEGER (5..60)
	MAX-ACCESS  read-write
	STATUS	obsolete
	DESCRIPTION 
		"The number of minutes for which this entry should be in
		affect.

		Default: 5 minutes"
	::= { hostQConfigGrp 1 }

hostQDeleteAllFilters OBJECT-TYPE
	SYNTAX 	INTEGER {
		not-applicable(0),
		true(1)
	}
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"If set to not-applicable(0), applied filters are not 
		deleted. If set to true (1) all filters are deleted.

		Default: not-applicable (0)"
	::= { hostQConfigGrp 2 }

--
-- Host Quarantine Bulk IPV4 Filter table 
--
-- This group defines filter entries that have been applied on the sensor in
-- Inline mode. This table only supports GET-NEXT operations. All entries are
-- read-only. The table will have a maximum of 1000 entries.
--
hostQBulkFilterV4Table  OBJECT-TYPE
	SYNTAX SEQUENCE OF HostQBulkFilterV4Entry
	MAX-ACCESS  not-accessible
	STATUS	current
	DESCRIPTION 
		"Table containing entries for filters that are applied on the \
		 sensor  in Inline mode. This table supports only GET-NEXT operations"
	::= { hostQGrp  2 }

hostQBulkFilterV4Entry  OBJECT-TYPE
	SYNTAX 	HostQBulkFilterV4Entry
	MAX-ACCESS  not-accessible
	STATUS	current
	DESCRIPTION 
		"Indexed by sequence number."
	INDEX { hostQBulkFilterIndexV4 }
	::= { hostQBulkFilterV4Table 1 }

HostQBulkFilterV4Entry ::= SEQUENCE {
	hostQBulkFilterIndexV4
		INTEGER,
	hostQBulkFilterSrcIPAddrV4
		IpAddress,
	hostQBulkFilterVidsIdV4
		INTEGER,
	hostQBulkFilterAttackIdV4
		INTEGER,
	hostQBulkFilterEndTimeV4
		Unsigned32,
	hostQBulkFilterQRStatusV4
		INTEGER,
	hostQBulkFilterMPEReplyMsgV4
		INTEGER,
	hostQBulkFilterMonPortIdV4
		TrellixPortLinearIndex,
	hostQBulkFilterEZIdV4
		INTEGER
}

hostQBulkFilterIndexV4 OBJECT-TYPE
	SYNTAX 	INTEGER  
	MAX-ACCESS  read-only
	STATUS	current
	DESCRIPTION 
		"Index which uniquely identifies the V4 filter rule"
	::= { hostQBulkFilterV4Entry 1 }

hostQBulkFilterSrcIPAddrV4  OBJECT-TYPE
	SYNTAX 	IpAddress
	MAX-ACCESS  read-only
	STATUS	current
	DESCRIPTION 
		"Source IPV4 Address."
	::= { hostQBulkFilterV4Entry 2 }

hostQBulkFilterVidsIdV4  OBJECT-TYPE
   SYNTAX   INTEGER
   MAX-ACCESS  read-only
   STATUS   current
   DESCRIPTION
      "This objects returns the vids id for which this filter
      was applied."
   ::= { hostQBulkFilterV4Entry 3 }

hostQBulkFilterAttackIdV4  OBJECT-TYPE
   SYNTAX   INTEGER
   MAX-ACCESS  read-only
   STATUS   current
   DESCRIPTION
      "This objects returns the attack id for which this filter
      was applied."
   ::= { hostQBulkFilterV4Entry 4 }

hostQBulkFilterEndTimeV4  OBJECT-TYPE
	SYNTAX 	Unsigned32
	MAX-ACCESS  read-only
	STATUS	current
	DESCRIPTION 
		"This objects returns the filter expiry time in UTC format "
	::= { hostQBulkFilterV4Entry 5 }


hostQBulkFilterQRStatusV4 OBJECT-TYPE
	SYNTAX 	INTEGER {
		hostQuarantined-local(1),
		hostUnderRemediation-local(2),
		hostQuarantined-mpe(4),
		hostQuarantined-both(5),
		hostUnderRemediation-local-hostQuarantined-mpe(6),
		hostUnderRemediation-mpe(8),
		hostQuarantined-local-hostUnderRemediation-mpe(9),
		hostUnderRemediation-both(10)
	}
	MAX-ACCESS  read-only
	STATUS	current
	DESCRIPTION 
		"This objects returns the host quarantine and remediation action status."
	::= { hostQBulkFilterV4Entry 6 }

hostQBulkFilterMPEReplyMsgV4 OBJECT-TYPE
	SYNTAX 	INTEGER
	{
		notApplicable(0),
		managedHost(1),
		unmanagedHost(2)
	}
	MAX-ACCESS  read-only
	STATUS	current
	DESCRIPTION 
		"This objects returns the message returned by the MPE server."
	::= { hostQBulkFilterV4Entry 7 }

hostQBulkFilterMonPortIdV4  OBJECT-TYPE
   SYNTAX   TrellixPortLinearIndex
   MAX-ACCESS  read-only
   STATUS   current
   DESCRIPTION
      "This objects returns the monitoring linear port index on which the attack was detected for 
	the quarantined host."
   ::= { hostQBulkFilterV4Entry 8 }


hostQBulkFilterEZIdV4  OBJECT-TYPE
   SYNTAX   INTEGER
   MAX-ACCESS  read-only
   STATUS   current
   DESCRIPTION
      "This objects returns the applied NAZ Id for the quarantined host."
   ::= { hostQBulkFilterV4Entry 9 }

--
-- Host Quarantine Bulk IPV6 Filter table
--
-- This group defines filter entries that have been applied on the sensor in
-- Inline mode. This table only supports GET-NEXT operations. All entries are
-- read-only. The table will have a maximum of 1000 entries.
--

hostQBulkFilterV6Table  OBJECT-TYPE
	SYNTAX SEQUENCE OF HostQBulkFilterV6Entry
	MAX-ACCESS  not-accessible
	STATUS	current
	DESCRIPTION 
		"Table containing entries for IPv6 filters that are applied on the 
		 sensor  in Inline mode."
	::= { hostQGrp  3 }

hostQBulkFilterV6Entry  OBJECT-TYPE
	SYNTAX 	HostQBulkFilterV6Entry
	MAX-ACCESS  not-accessible
	STATUS	current
	DESCRIPTION 
		"Indexed by sequence number."
	INDEX { hostQBulkFilterIndexV6 }
	::= { hostQBulkFilterV6Table 1 }

HostQBulkFilterV6Entry ::= SEQUENCE {
	hostQBulkFilterIndexV6
		INTEGER,
	hostQBulkFilterSrcIPAddrV6
		Ipv6Address,
	hostQBulkFilterVidsIdV6
		INTEGER,
   	hostQBulkFilterAttackIdV6
      		INTEGER,
   	hostQBulkFilterEndTimeV6
      		Unsigned32,
	hostQBulkFilterQRStatusV6
		INTEGER,
	hostQBulkFilterMPEReplyMsgV6
		INTEGER,
	hostQBulkFilterMonPortIdV6
		TrellixPortLinearIndex
}

hostQBulkFilterIndexV6 OBJECT-TYPE
	SYNTAX 	INTEGER  
	MAX-ACCESS  read-only
	STATUS	current
	DESCRIPTION 
		"Index which uniquely identifies the IPv6 filter rule."
	::= { hostQBulkFilterV6Entry 1 }

hostQBulkFilterSrcIPAddrV6  OBJECT-TYPE
	SYNTAX 	Ipv6Address
	MAX-ACCESS  read-only
	STATUS	current
	DESCRIPTION 
		"Source IPV6 Address."
	::= { hostQBulkFilterV6Entry 2 }

hostQBulkFilterVidsIdV6  OBJECT-TYPE
   SYNTAX   INTEGER
   MAX-ACCESS  read-only
   STATUS   current
   DESCRIPTION
      "This objects returns the vids id for which this filter
      was applied."
   ::= { hostQBulkFilterV6Entry 3 }

hostQBulkFilterAttackIdV6  OBJECT-TYPE
   SYNTAX   INTEGER
   MAX-ACCESS  read-only
   STATUS   current
   DESCRIPTION
      "This objects returns the attack id for which this filter
      was applied."
   ::= { hostQBulkFilterV6Entry 4 }

hostQBulkFilterEndTimeV6  OBJECT-TYPE
	SYNTAX 	Unsigned32
	MAX-ACCESS  read-only
	STATUS	current
	DESCRIPTION 
		"This objects returns the filter expiry time in UTC format."
	::= { hostQBulkFilterV6Entry 5 }

hostQBulkFilterQRStatusV6  OBJECT-TYPE
	SYNTAX 	INTEGER {
		hostQuarantined-local(1),
		hostUnderRemediation-local(2),
		hostQuarantined-mpe(4),
		hostQuarantined-both(5),
		hostUnderRemediation-local-hostQuarantined-mpe(6),
		hostUnderRemediation-mpe(8),
		hostQuarantined-local-hostUnderRemediation-mpe(9),
		hostUnderRemediation-both(10)
	}
	MAX-ACCESS  read-only
	STATUS	current
	DESCRIPTION 
		"This objects returns the host quarantine and remediation action status."
	::= { hostQBulkFilterV6Entry 6 }

hostQBulkFilterMPEReplyMsgV6  OBJECT-TYPE
	SYNTAX 	INTEGER
	{
		notApplicable(0),
		managedHost(1),
		unmanagedHost(2)
	}
	MAX-ACCESS  read-only
	STATUS	current
	DESCRIPTION 
		"This objects returns the message returned by the MPE server."
	::= { hostQBulkFilterV6Entry 7 }

hostQBulkFilterMonPortIdV6  OBJECT-TYPE
   SYNTAX   TrellixPortLinearIndex
   MAX-ACCESS  read-only
   STATUS   current
   DESCRIPTION
      "This objects returns the monitoring linear port index on which the attack was detected for 
	the quarantined Ipv6 host."
   ::= { hostQBulkFilterV6Entry 8 }

--
-- Host Quarantine Never Deny V4 Table
--
hostQNeverDenyV4Table  OBJECT-TYPE
	SYNTAX SEQUENCE OF HostQNeverDenyV4Entry
	MAX-ACCESS  not-accessible
	STATUS	obsolete
	DESCRIPTION 
		"Table defines ipaddresses from which traffic is never
		blocked. Typically user will add all the critical network
		elements like routers, servers, etc."
	::= { hostQGrp 4 }

hostQNeverDenyV4Entry  OBJECT-TYPE
	SYNTAX 	HostQNeverDenyV4Entry
	MAX-ACCESS  not-accessible
	STATUS	obsolete
	DESCRIPTION 
		"Indexed by hostQNeverDenyIpAddress. Supports up to 100 entries."
	INDEX {hostQNeverDenyIpAddressV4  }
	::= { hostQNeverDenyV4Table 1 }

HostQNeverDenyV4Entry ::= SEQUENCE {
	hostQNeverDenyIpAddressV4
		IpAddress,
	hostQNeverDenyActionV4
		RowStatus
}

hostQNeverDenyIpAddressV4 OBJECT-TYPE
	SYNTAX 	IpAddress
	MAX-ACCESS  not-accessible
	STATUS	obsolete
	DESCRIPTION 
		"The ipV4 address from which traffic will never be blocked."
	::= { hostQNeverDenyV4Entry 1 }

hostQNeverDenyActionV4 OBJECT-TYPE
	SYNTAX 	RowStatus
	MAX-ACCESS  read-create
	STATUS	obsolete
	DESCRIPTION 
		"This object is to user to add and delete rows in to the
		table."
	::= { hostQNeverDenyV4Entry 2 }

--
-- Host Quarantine Never Deny V6 Table
--
hostQNeverDenyV6Table  OBJECT-TYPE
	SYNTAX SEQUENCE OF HostQNeverDenyV6Entry
	MAX-ACCESS  not-accessible
	STATUS	obsolete
	DESCRIPTION 
		"Table defines ipaddresses from which traffic is never
		blocked. Typically user will add all the critical network
		elements like routers, servers, etc."
	::= { hostQGrp 5 }

hostQNeverDenyV6Entry  OBJECT-TYPE
	SYNTAX 	HostQNeverDenyV6Entry
	MAX-ACCESS  not-accessible
	STATUS	obsolete
	DESCRIPTION 
		"Indexed by hostQNeverDenyIpAddress. Supports up to 100 entries."
	INDEX {hostQNeverDenyIpAddressV6  }
	::= { hostQNeverDenyV6Table 1 }

HostQNeverDenyV6Entry ::= SEQUENCE {
	hostQNeverDenyIpAddressV6
		Ipv6Address,
	hostQNeverDenyActionV6
		RowStatus
}

hostQNeverDenyIpAddressV6 OBJECT-TYPE
	SYNTAX 	Ipv6Address
	MAX-ACCESS  not-accessible
	STATUS	obsolete
	DESCRIPTION 
		"The ipV6 address from which traffic will never be blocked."
	::= { hostQNeverDenyV6Entry 1 }

hostQNeverDenyActionV6 OBJECT-TYPE
	SYNTAX 	RowStatus
	MAX-ACCESS  read-create
	STATUS	obsolete
	DESCRIPTION 
		"This object is to user to add and delete rows in to the
		table."
	::= { hostQNeverDenyV6Entry 2 }


--
-- Host Quarantine User Define V4 Filter Table (does not support GET-NEXT operations)
--

hostQUserDefFilterV4Table OBJECT-TYPE
	SYNTAX SEQUENCE OF HostQUserDefFilterV4Entry
	MAX-ACCESS  not-accessible
	STATUS	current
	DESCRIPTION 
		"Table is used to add/delete/extend IPv4 filters on the sensor"
	::= { hostQGrp 6 }

hostQUserDefFilterV4Entry  OBJECT-TYPE
	SYNTAX 	HostQUserDefFilterV4Entry
	MAX-ACCESS  not-accessible
	STATUS	current
	DESCRIPTION 
		""
	INDEX { hostQUserDefFilterSrcIpV4, hostQUserDefFilterVidsIdV4, hostQUserDefFilterAttackIdV4 }
	::= { hostQUserDefFilterV4Table 1 }

HostQUserDefFilterV4Entry ::= SEQUENCE {
	hostQUserDefFilterSrcIpV4
		IpAddress,
	hostQUserDefFilterVidsIdV4
		INTEGER,
	hostQUserDefFilterAttackIdV4
		INTEGER,
	hostQUserDefFilterDurationV4
		Unsigned32,
	hostQUserDefFilterActionV4
		INTEGER,
	hostQUserDefFilterRemediationV4
		TruthValue	
}

hostQUserDefFilterSrcIpV4 OBJECT-TYPE
	SYNTAX 	IpAddress
	MAX-ACCESS  not-accessible
	STATUS	current
	DESCRIPTION 
		"Source IPV4 address."
	::= { hostQUserDefFilterV4Entry 1 }

hostQUserDefFilterVidsIdV4 OBJECT-TYPE
	SYNTAX 	INTEGER
	MAX-ACCESS  not-accessible
	STATUS	current
	DESCRIPTION 
		"Vids ID."
	::= { hostQUserDefFilterV4Entry 2 }

hostQUserDefFilterAttackIdV4 OBJECT-TYPE
	SYNTAX 	INTEGER
	MAX-ACCESS not-accessible
	STATUS	current
	DESCRIPTION 
		"Attack ID."
	::= { hostQUserDefFilterV4Entry 3 }

hostQUserDefFilterDurationV4 OBJECT-TYPE
   SYNTAX  Unsigned32
   MAX-ACCESS  read-write
   STATUS   current
   DESCRIPTION
      "Filter duration"
   ::= { hostQUserDefFilterV4Entry 4 }

hostQUserDefFilterActionV4 OBJECT-TYPE
        SYNTAX  INTEGER {
                not-applicable (0),
                add (1),
					 delete (2)
        }
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
                "Setting this object to add(1) will add the entry."
	::= { hostQUserDefFilterV4Entry 5 }

hostQUserDefFilterRemediationV4 OBJECT-TYPE
        SYNTAX  TruthValue
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
                "Setting this object to TRUE, will enable host rememdiation for the user defined quarantine rule.
		 Default : FALSE"
	::= { hostQUserDefFilterV4Entry 6 }

--
-- Host Quarantine User Define V6 Filter Table
--

hostQUserDefFilterV6Table OBJECT-TYPE
	SYNTAX SEQUENCE OF HostQUserDefFilterV6Entry
	MAX-ACCESS  not-accessible
	STATUS	current
	DESCRIPTION 
		"Table is used to add/delete/extend IPv6 filters on the sensor" 
	::= { hostQGrp 7 }

hostQUserDefFilterV6Entry  OBJECT-TYPE
	SYNTAX 	HostQUserDefFilterV6Entry
	MAX-ACCESS  not-accessible
	STATUS	current
	DESCRIPTION 
		""
	INDEX {hostQUserDefFilterSrcIpV6, hostQUserDefFilterVidsIdV6, hostQUserDefFilterAttackIdV6 }
	::= { hostQUserDefFilterV6Table 1 }

HostQUserDefFilterV6Entry ::= SEQUENCE {
	hostQUserDefFilterSrcIpV6
		Ipv6Address,
	hostQUserDefFilterVidsIdV6
		INTEGER,
	hostQUserDefFilterAttackIdV6
		INTEGER,
	hostQUserDefFilterDurationV6
	      Unsigned32,
	hostQUserDefFilterActionV6
		INTEGER
}

hostQUserDefFilterSrcIpV6 OBJECT-TYPE
	SYNTAX 	Ipv6Address
	MAX-ACCESS  not-accessible
	STATUS	current
	DESCRIPTION 
		"Source IPV6 address."
	::= { hostQUserDefFilterV6Entry 1 }

hostQUserDefFilterVidsIdV6 OBJECT-TYPE
	SYNTAX 	INTEGER
	MAX-ACCESS  not-accessible
	STATUS	current
	DESCRIPTION 
		"Vids ID."
	::= { hostQUserDefFilterV6Entry 2 }

hostQUserDefFilterAttackIdV6 OBJECT-TYPE
	SYNTAX 	INTEGER
	MAX-ACCESS not-accessible
	STATUS	current
	DESCRIPTION 
		"Attack ID."
	::= { hostQUserDefFilterV6Entry 3 }

hostQUserDefFilterDurationV6 OBJECT-TYPE
   SYNTAX  Unsigned32
   MAX-ACCESS  read-write
   STATUS   current
   DESCRIPTION
      "Filter duration"
   ::= { hostQUserDefFilterV6Entry 4 }

hostQUserDefFilterActionV6 OBJECT-TYPE
        SYNTAX  INTEGER {
                not-applicable (0),
                add (1),
                delete(2)
        	}
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
                "Setting this object to add(1) will add the entry."
	::= { hostQUserDefFilterV6Entry 5 }

--
-- nmsGrp 
--

nmsGrp  OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 23 }

nmsUserGrp  OBJECT IDENTIFIER ::= { nmsGrp  1 }

nmsUserTable  OBJECT-TYPE
	SYNTAX SEQUENCE OF NMSUserEntry
	MAX-ACCESS  not-accessible
	STATUS	current
	DESCRIPTION 
		"
		
		"
	::= { nmsUserGrp 1 }

nmsUserEntry  OBJECT-TYPE
	SYNTAX 	NMSUserEntry
	MAX-ACCESS  not-accessible
	STATUS	current
	DESCRIPTION 
		"Each entry specified is indexed by <nmsUserIndex>. 
		Additonaly it contains the 
		"
	INDEX { nmsUserName }
	::= { nmsUserTable 1 }

NMSUserEntry ::= SEQUENCE {
	nmsUserName
		DisplayString,
	nmsAuthKey
		DisplayString,
	nmsEncrKey
		DisplayString,
	nmsUserChangeAction
		RowStatus
}

nmsUserName  OBJECT-TYPE
	SYNTAX DisplayString (SIZE(8..31))	
	MAX-ACCESS 	not-accessible 
	STATUS	current
	DESCRIPTION 
		"UserName nms (in this entry)."
	::= { nmsUserEntry 1 }

nmsAuthKey  OBJECT-TYPE
	SYNTAX DisplayString (SIZE(8..15))	
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"NMS Auth Key"
	::= { nmsUserEntry 2 }

nmsEncrKey  OBJECT-TYPE
	SYNTAX DisplayString (SIZE(8..15))	
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"NMS Encryption Key."
	::= { nmsUserEntry 3 }

nmsUserChangeAction  OBJECT-TYPE
	SYNTAX  RowStatus
	MAX-ACCESS  read-create
	STATUS  current
	DESCRIPTION
		"This object used for user to add and delete rows in to the table"
	::= { nmsUserEntry 4 }

nmsDeleteAllUsers OBJECT-TYPE
	SYNTAX 	INTEGER {
		true(1)
	}
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"This action object deletes all user entries in the nmsUserTable."
	::= { nmsUserGrp 2 }

nmsCommitUserEntryChanges OBJECT-TYPE
	SYNTAX 	INTEGER {
		true(1)
	}
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"This action object commits all the changes made to the user entries in the nmsUserTable."
	::= { nmsUserGrp 3 }


nmsIpGrp  OBJECT IDENTIFIER ::= { nmsGrp  2 }

nmsIpTable  OBJECT-TYPE
	SYNTAX SEQUENCE OF NMSIpEntry
	MAX-ACCESS  not-accessible
	STATUS	current
	DESCRIPTION 
		"
		
		"
	::= { nmsIpGrp 1 }

nmsIpEntry  OBJECT-TYPE
	SYNTAX 	NMSIpEntry
	MAX-ACCESS  not-accessible
	STATUS	current
	DESCRIPTION 
		"Each entry specified is indexed by <nmsIpIndex>. 
		Additonaly it contains the 
		"
	INDEX { nmsIpAddress }
	::= { nmsIpTable 1 }

NMSIpEntry ::= SEQUENCE {
	nmsIpAddress
		IpAddress,
	nmsIpChangeAction
		RowStatus	
}

nmsIpAddress  OBJECT-TYPE
	SYNTAX IpAddress	
	MAX-ACCESS	not-accessible 
	STATUS	current
	DESCRIPTION 
		"UserName nms (in this entry)."
	::= { nmsIpEntry 1 }

nmsIpChangeAction  OBJECT-TYPE
	SYNTAX 	RowStatus 
	MAX-ACCESS  read-create
	STATUS  current
	DESCRIPTION
		"This object used for user to add and delete rows in to the table."
	::= { nmsIpEntry 2 }

nmsIpv6Table  OBJECT-TYPE
	SYNTAX SEQUENCE OF NMSIpv6Entry
	MAX-ACCESS  not-accessible
	STATUS	current
	DESCRIPTION 
		"
		
		"
	::= { nmsIpGrp 2 }

nmsIpv6Entry  OBJECT-TYPE
	SYNTAX 	NMSIpv6Entry
	MAX-ACCESS  not-accessible
	STATUS	current
	DESCRIPTION 
		"Each entry specified is indexed by <nmsIpv6Index>. 
		"
	INDEX { nmsIpv6Address }
	::= { nmsIpv6Table 1 }

NMSIpv6Entry ::= SEQUENCE {
	nmsIpv6Address
		Ipv6Address,
	nmsIpv6ChangeAction
		RowStatus	
}

nmsIpv6Address  OBJECT-TYPE
	SYNTAX Ipv6Address	
	MAX-ACCESS	not-accessible 
	STATUS	current
	DESCRIPTION 
		"IPv6 address of the system having SNMP access to the sensor"
	::= { nmsIpv6Entry 1 }

nmsIpv6ChangeAction  OBJECT-TYPE
	SYNTAX 	RowStatus 
	MAX-ACCESS  read-create
	STATUS  current
	DESCRIPTION
		"This object used for user to add and delete rows in to the table."
	::= { nmsIpv6Entry 2 }

--
-- mpeGrp 
--

mpeGrp  OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 24 }

mpeConfigGrp  OBJECT IDENTIFIER ::= { mpeGrp  1 }

mpeQRScope  OBJECT-TYPE
	SYNTAX 	INTEGER {
		unmanaged-hosts(1),
		all-hosts(2)
	}
	MAX-ACCESS  read-write
	STATUS obsolete 
	DESCRIPTION
		"This object describes about the MPE Quarantine and Remediation scope.
		 The value 'unmanaged-hosts', indicates that the MPE interface port based
		 quarantine and remediation action is applicable only to the MPE server's
		 unmanaged host and the value 'all-hosts' indicate that the MPE interface
		 port based qarantine and remediation action is applicable to all the hosts,
		 independent of MPE server.
		 Default: unmanaged-hosts(1)
		 "
	::= { mpeConfigGrp 1 }

mpeThrottleTimeout OBJECT-TYPE
	SYNTAX 	INTEGER (5..300)
	MAX-ACCESS  read-write
	STATUS obsolete	
	DESCRIPTION 
		" This depicts the MPE throttling timeout in seconds.
		Default: 120"
	::= { mpeConfigGrp 2 }

mpeInstallConfigGrp  OBJECT IDENTIFIER ::= { mpeConfigGrp 3 }

mpeIpAddress  OBJECT-TYPE
	SYNTAX IpAddress	
	MAX-ACCESS  read-write 
	STATUS	current
	DESCRIPTION 
		"The ipaddress of the MPE server"
	::= { mpeInstallConfigGrp  1 }

mpeAnonymousPort OBJECT-TYPE
	SYNTAX INTEGER (1..65535)	
	MAX-ACCESS read-write 
	STATUS	current
	DESCRIPTION 
		"The Anonymous SSL port on MPE server
		 Default: 8443"
	::= { mpeInstallConfigGrp 2 }

mpeTrustedSSLPort OBJECT-TYPE
	SYNTAX INTEGER (1..65535)	
	MAX-ACCESS read-write 
	STATUS	current
	DESCRIPTION 
		"The Trusted SSL port on MPE server
		 Default: 8444"
	::= { mpeInstallConfigGrp 3 }

mpeePOCred  OBJECT-TYPE
	SYNTAX DisplayString (SIZE(3..100))	
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"ePO credentials in the form of username:password"
	::= { mpeInstallConfigGrp 4 }

mpeAnonymousURI  OBJECT-TYPE
	SYNTAX DisplayString (SIZE(10..255))	
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"URI of the MPE server which listens on Anonymous SSL port"
	::= { mpeInstallConfigGrp 5 }

mpeTrustedURI  OBJECT-TYPE
	SYNTAX DisplayString (SIZE(10..255))	
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"URI of the MPE server which listens on Trusted SSL port"
	::= { mpeInstallConfigGrp 6 }

mpeInstallConfigAction  OBJECT-TYPE
	SYNTAX 	INTEGER {
		install(1),
		deinstall(2)
	}
	MAX-ACCESS  read-write
	STATUS  current
	DESCRIPTION
		"This object describes about the possible MPE Install configuration actions."
	::= { mpeInstallConfigGrp 7 }

mpeInstallConfigStatus  OBJECT-TYPE
	SYNTAX 	INTEGER {
                installInProgress (1),
                installed (2),
		deinstallInProgress (3),
		deinstalled (4),
		certReqFailure(5),
		sSLError(6),
		httpRespError(7),
		mpeURIError(8),
		ePOCredError(9),
		mpeServerError(10),
		mpeTimeoutError(11)
	}
	MAX-ACCESS  read-only
	STATUS  current
	DESCRIPTION
		"This describes the possible MPE install configuration states.
		 Default : deinstalled (4)"
	::= { mpeInstallConfigGrp 8 }

mpeRootCertStatus OBJECT-TYPE
	SYNTAX 	INTEGER {
		not-found(0),
		found(1)
	}
	MAX-ACCESS  read-only
	STATUS	current
	DESCRIPTION 
		" This object informs whether the MPE Root Certificate file is present on the sensor."
	::= { mpeConfigGrp 4 }

mpeDeleteRootCert OBJECT-TYPE
	SYNTAX 	INTEGER {
		delete(1)
	}
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"This object is used to remove the MPE Root Certificate from the sensor. Deletion of the
		 MPE root certificate succeeds only when the MPE is not yet installed."
	::= { mpeConfigGrp 5 }

mnacHealthLevelListenPort OBJECT-TYPE
	SYNTAX INTEGER (1..65535)
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION
		"This object is used to configure/retrieve the trusted health level message listen port
		 on the sensor, on which MNAC communication happens asynchronously.
		 Default: 8445"
	::= { mpeConfigGrp 6 }

mnacConnectivityFailureTimeout OBJECT-TYPE
	SYNTAX INTEGER (30..120)
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION
		"This object is used to configure/retrieve the MNAC connectivity failure in seconds.
		Default: 32"
	::= { mpeConfigGrp 7 }

mnacAgentGUIDPort OBJECT-TYPE
	SYNTAX INTEGER
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION
		"This object is used to configure/retrieve the agent GUID request listen port on the 
		MNAC Agent, to which the intrushield sensor would send the agent GUID request.
		Default: 8444"
	::= { mpeConfigGrp 8 }

mpeExcludedMacTable  OBJECT-TYPE
	SYNTAX SEQUENCE OF MPEExcludedMacEntry
	MAX-ACCESS  not-accessible
	STATUS	obsolete
	DESCRIPTION 
		"
			
		"
	::= { mpeGrp 2 }

mpeExcludedMacEntry  OBJECT-TYPE
	SYNTAX 	MPEExcludedMacEntry
	MAX-ACCESS  not-accessible
	STATUS	obsolete
	DESCRIPTION 
		"Each entry specified is indexed by MAC Adress. 
		"
	INDEX { mpeMacAddress }
	::= { mpeExcludedMacTable 1 }

MPEExcludedMacEntry ::= SEQUENCE {
	mpeMacAddress
		MacAddress,
	mpeMacChangeAction
		RowStatus	
}

mpeMacAddress  OBJECT-TYPE
	SYNTAX MacAddress	
	MAX-ACCESS	not-accessible 
	STATUS	obsolete
	DESCRIPTION 
		"Mac address to be excluded from Mpe processing (Floater Mac)"
	::= { mpeExcludedMacEntry 1 }


mpeMacChangeAction  OBJECT-TYPE
	SYNTAX 	RowStatus 
	MAX-ACCESS  read-create
	STATUS  obsolete
	DESCRIPTION
		"This object used for user to add and delete rows in to the table."
	::= { mpeExcludedMacEntry 2 }

--
-- remediationGrp 
--

remediationGrp  OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 25 }

remediationConfigGrp  OBJECT IDENTIFIER ::= { remediationGrp  1 }

remediationTimeout OBJECT-TYPE
	SYNTAX 	INTEGER (15..60)
	MAX-ACCESS  read-write
	STATUS obsolete	
	DESCRIPTION 
		"Time in minutes for which the hosts needs to be quarantined so that it can be remediated.
		Default: 30"
	::= { remediationConfigGrp 2 }

-- ez (enforcement zone) Logging support on the Sensor

ezLogAlertGrp	OBJECT IDENTIFIER ::=  { ivSensorConfigurationMIB 26 }

ezAlertLogging	OBJECT-TYPE
	SYNTAX	INTEGER {
		g-enable-dropped (1),
		g-enable-allowed (2),
		g-enable-all (3),
		enable-per-acl (4),
		disable (5)
	}
	MAX-ACCESS  read-write
	STATUS  current
	DESCRIPTION   
 		"This object specifies various ways to enable EZ(enforcement zone) alert logging or disable it altogether.
		This is applicable on a sensor wide basis for all ports in inline mode.
		Default: disable (5)"
	::= { ezLogAlertGrp 1 }

ezAlertThrottleMaxIpPair OBJECT-TYPE
        SYNTAX  INTEGER (1..32)
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "Once this threshold is exceeded, sensor will only send one
                summary ez alert for all addresses (srcip's and destip's) that
                match the aclid/vidsid.
                Default: 10"
        ::= { ezLogAlertGrp 2 }

ezAlertThrottleInterval  OBJECT-TYPE
        SYNTAX  INTEGER (1..3600)
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "This object specifies the enforcement zone alert throttle interval.
                Default: 120 seconds"
        ::= { ezLogAlertGrp 3 }


ezAlertThrottleAction  OBJECT-TYPE
        SYNTAX  INTEGER {
                enable (1),
                disable (2)
        }
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "This object can be used to enable and disable ez alert throttling.
                Default: enable(1)"
        ::= { ezLogAlertGrp 4 }

ezAlertThrottleThreshold  OBJECT-TYPE
        SYNTAX  INTEGER (1..25)
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "This object is used to configure the number of alerts that
                need to be sent before sensor starts to throttle the ez alerts.
                For example if this value is 10, it will send the first 10
                ez alerts with the following key: aclid/vidsid/srcip/destip.
                This parameters will use the ezAlertThrottleInterval as the
                interval.
                Default: 5"
        ::= { ezLogAlertGrp 5 }

ezAlertDirectToSyslog  OBJECT-TYPE
        SYNTAX  INTEGER {
                sendViaNSM (1),
                sendDirect (2)
        }
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "This object can be used to enable sending EZ logs directly to syslog viewer instead of sending it via NSM.
         Default: sendViaNSM (1)"
        ::= { ezLogAlertGrp 6 }

nbadGrp  OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 27 }

nbadConfigGrp  OBJECT IDENTIFIER ::= { nbadGrp 1 }

nbadSensorIpAddress  OBJECT-TYPE
	SYNTAX IpAddress	
	MAX-ACCESS  read-write 
	STATUS	current
	DESCRIPTION 
		"The ipaddress of the NBAD server to which all the collected flowrecords would be sent."
	::= { nbadConfigGrp  1 }

nbadSensorPort OBJECT-TYPE
	SYNTAX INTEGER (1024..65535)	
	MAX-ACCESS read-write 
	STATUS	current
	DESCRIPTION 
		"The port on which the NBAD server is listening for flow records."
	::= { nbadConfigGrp 2 }

nbadIPSPriMonPortId OBJECT-TYPE
	SYNTAX TrellixPortLinearIndex
	MAX-ACCESS read-write 
	STATUS	current
	DESCRIPTION 
		"This object contains the primary IPS monitoring linear port index to be used 
		 to send flow records to the NBAD sensor."
	::= { nbadConfigGrp 3 }

nbadIPSSecMonPortId OBJECT-TYPE
	SYNTAX TrellixPortLinearIndex 	
	MAX-ACCESS read-write 
	STATUS	current
	DESCRIPTION 
		"This object contains the secondary IPS monitoring linear port index to be used 
		 to send flow records to the NBAD sensor. This monitoring port would be used
		 only when the configured primary monitoring port cannot be utilised to send
		 the flow records to the NBAD sensor."
	::= { nbadConfigGrp 4 }

nbadAppFingerPrintingEnabled OBJECT-TYPE
	SYNTAX 	TruthValue
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"This object value if set to TRUE indicates that application finger printing is enabled.
		Default: False"
	::= { nbadConfigGrp 5 }

nbadOSFingerPrintingEnabled OBJECT-TYPE
	SYNTAX 	TruthValue
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"This object value if set to TRUE indicates that OS finger printing is enabled.
		Default: False"
	::= { nbadConfigGrp 6 }

nbadSslFlowDataCaptureEnabled OBJECT-TYPE
	SYNTAX 	TruthValue
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"This object value if set to TRUE indicates that ssl flow data capture is enabled.
		Default: False"
	::= { nbadConfigGrp 7 }

nbadFlowProtocolId OBJECT-TYPE
	SYNTAX	INTEGER {
		netflow (1)
	}
	MAX-ACCESS  read-write
	STATUS  current
        DESCRIPTION
                "This object value set indicates the protocol type of the exported flow records.
                Default: netflow (1)"
        ::= { nbadConfigGrp 8 }

nbadFlowProtocolVersion OBJECT-TYPE
	SYNTAX	INTEGER {
		netFlowVersion9 (1)
	}

	MAX-ACCESS  read-write
	STATUS  current
        DESCRIPTION
                "This object value set indicates the protocol version of the exported flow records.
		Default: netFlowVersion9 (1)"
        ::= { nbadConfigGrp 9 }

nbadCaptureTCP OBJECT-TYPE
        SYNTAX  INTEGER {
                enable (1),
                disable (2)
        }

	MAX-ACCESS  read-write
	STATUS  current
        DESCRIPTION
                "This object value set indicates whether netflow capture for TCP flows is enabled or not.
                Default: enable (1)"
        ::= { nbadConfigGrp 10 }

nbadCaptureUDP OBJECT-TYPE
	SYNTAX	INTEGER {
		enable (1),
		disable (2)
	}

	MAX-ACCESS  read-write
	STATUS  current
        DESCRIPTION
                "This object value set indicates whether netflow capture for UDP flows is enabled or not.
                Default: enable (1)"
        ::= { nbadConfigGrp 11 }

nbadCaptureICMP OBJECT-TYPE
	SYNTAX	INTEGER {
		enable (1),
		disable (2)
	}

	MAX-ACCESS  read-write
	STATUS  current
        DESCRIPTION
                "This object value set indicates whether netflow capture for ICMP flows is enabled or not.
                Default: disable (2)"
        ::= { nbadConfigGrp 12 }

hostDataGrp  OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 28 }

hostDataTable  OBJECT-TYPE
	SYNTAX SEQUENCE OF HostDataEntry
	MAX-ACCESS  not-accessible
	STATUS	current
	DESCRIPTION 
		"Table containing entries for each discovered host. (indexed via hostDataIndex) 
		This table contains Trellix specific MIB objects.
		"
	::= { hostDataGrp 1 }

hostDataEntry  OBJECT-TYPE
	SYNTAX 	HostDataEntry
	MAX-ACCESS  not-accessible
	STATUS	current
	DESCRIPTION 
		"This MIB object contains all the columnar objects, 
		that describe the contents of each discovered host.
		Indexed by hostDataIndex"
	INDEX { hostDataIndex }
	::= { hostDataTable 1 }

HostDataEntry ::= SEQUENCE {
	hostDataIndex
		INTEGER,
	hostIPAddress
		IpAddress,
	hostMacAddress
		MacAddress,
    	hostDetectedDHCPMonPortId
        	TrellixPortLinearIndex,
	hostName
		DisplayString,
	hostUpdatedTimeStamp
		INTEGER,
	hostAgentGuid
		DisplayString,
	hostNACStatus
		INTEGER,
	hostState
		INTEGER,
	hostDeploymentMode
		INTEGER,
	hostHealthLevel
		INTEGER,
	hostEZId
		INTEGER,
	hostUserName	
		DisplayString,
	hostPolicyId
		INTEGER,
	hostDetectedTimeStamp
		INTEGER,
	hostOSInfo
		DisplayString,
	hostMNACAgentOSInfo
		DisplayString,
	hostActive
		TruthValue,
    	hostDetectedStdMonPortId
        	TrellixPortLinearIndex,
    	hostDetectionType
        	INTEGER,
	hostUserAuthProtocol
        	INTEGER,
	hostSwitchId
        	INTEGER,
	hostSwitchPortId
        	INTEGER,
	hostSwitchPortGroupId
        	INTEGER,
	hostQuarantineVlanId
        	INTEGER,
	hostProductionVlanId
        	INTEGER,
	nasIpAddress
		IpAddress,
	nasGroupObjectId
        	INTEGER,
	userGroupObjectId
        	INTEGER,
	deviceProfileString
		DisplayString,
	hostOperationalMode
        	INTEGER,
	hostEnforcementAction
        	INTEGER,
	flexiblePolicyRuleId
        	INTEGER
}

hostDataIndex OBJECT-TYPE
	SYNTAX INTEGER
	MAX-ACCESS read-only 
	STATUS	current
	DESCRIPTION 
		"The index of the Host Data Entry"
	::= { hostDataEntry 1 }

hostIPAddress  OBJECT-TYPE
	SYNTAX IpAddress	
	MAX-ACCESS  read-only 
	STATUS	current
	DESCRIPTION 
		"The ipaddress of the detected host."
	::= { hostDataEntry  2 }

hostMacAddress OBJECT-TYPE
	SYNTAX MacAddress	
	MAX-ACCESS  read-only 
	STATUS	current
	DESCRIPTION 
		"The MAC address of the detected host."
	::= { hostDataEntry  3 }

hostDetectedDHCPMonPortId OBJECT-TYPE
    	SYNTAX TrellixPortLinearIndex 
    	MAX-ACCESS read-only
    	STATUS  current
    	DESCRIPTION
        	"The monitoring interface linear port index over which the host was detected in DHCP mode."
    ::= { hostDataEntry 4 }

hostName OBJECT-TYPE
	SYNTAX DisplayString (SIZE(0..16))
	MAX-ACCESS read-only 
	STATUS	current
	DESCRIPTION 
		"The name of the detected host."
	::= { hostDataEntry 5 }

hostUpdatedTimeStamp OBJECT-TYPE
        SYNTAX  INTEGER (0..4294967295)
	MAX-ACCESS read-only 
	STATUS	current
	DESCRIPTION 
		"The time of the host getting updated last. This would be zero intilially 
		 at the time of host getting detected."
	::= { hostDataEntry 6 }

hostAgentGuid OBJECT-TYPE
	SYNTAX DisplayString (SIZE(0..16))
	MAX-ACCESS read-only 
	STATUS	current
	DESCRIPTION 
		"The agent GUID of the detected host."
	::= { hostDataEntry 7 }

hostNACStatus OBJECT-TYPE
	SYNTAX INTEGER {
                managed (1),
                unmanaged (2),
                unmanageable (3),
                unknown (4)
        }
	MAX-ACCESS read-only 
	STATUS	current
	DESCRIPTION 
		"The detected host NAC status."
	::= { hostDataEntry 8 }

hostState OBJECT-TYPE
        SYNTAX  INTEGER {
                preadmit-new (1),
                preadmit-sgap (2),
                preadmit-user-detect (3),
                preadmit-host-detect (4),
                preadmit-remediate (5),
                postadmit (6),
                postadmit-remediate (7),
                post-boot (8),
		ib-host-detect (9),
		ib-auth-wait (10),
		ib-host-sgap (11),
		ib-user-detect (12),
		ib-host-remediate (13),
		ib-host-admit (14),
		oob-host-admit (15),
		ib-host-offline (16)
        }
	MAX-ACCESS read-only 
	STATUS	current
	DESCRIPTION 
		"The state of the detected host entry."
	::= { hostDataEntry 9 }

hostDeploymentMode OBJECT-TYPE
        SYNTAX  INTEGER {
                dhcp (1),
                standard (2),
                hybrid (3),
		oob (4)
        }
    	MAX-ACCESS read-only
    	STATUS  current
    	DESCRIPTION
        	"The deployment mode of the detected host."
    ::= { hostDataEntry 10 }

hostHealthLevel OBJECT-TYPE
        SYNTAX  INTEGER (1..6)
	MAX-ACCESS read-only 
	STATUS	current
	DESCRIPTION 
		"The health level of the detected host."
	::= { hostDataEntry 11 }

hostEZId OBJECT-TYPE
        SYNTAX  INTEGER
	MAX-ACCESS read-only 
	STATUS	current
	DESCRIPTION 
		"The applied enforcement zone id for the detected host."
	::= { hostDataEntry 12 }
	
hostUserName OBJECT-TYPE
	SYNTAX DisplayString (SIZE(0..255))
	MAX-ACCESS read-only 
	STATUS	current
	DESCRIPTION 
		"The IBAC username of the detected host."
	::= { hostDataEntry 13 }

hostPolicyId OBJECT-TYPE
        SYNTAX  INTEGER
	MAX-ACCESS read-only 
	STATUS	current
	DESCRIPTION 
		"The IBAC policy id of the detected host."
	::= { hostDataEntry 14 }

hostDetectedTimeStamp OBJECT-TYPE
        SYNTAX  INTEGER (0..4294967295)
	MAX-ACCESS read-only 
	STATUS	current
	DESCRIPTION 
		"The time of the host getting detected."
	::= { hostDataEntry 15 }
		
hostOSInfo OBJECT-TYPE
	SYNTAX DisplayString
	MAX-ACCESS read-only 
	STATUS	current
	DESCRIPTION 
		"The Operation system information of the detected host."
	::= { hostDataEntry 16 }

hostMNACAgentOSInfo OBJECT-TYPE
	SYNTAX DisplayString (SIZE(0..8))
	MAX-ACCESS read-only 
	STATUS	current
	DESCRIPTION 
		"The OS information of the detected host provided by the MNAC agent."
	::= { hostDataEntry 17 }

hostActive OBJECT-TYPE
	SYNTAX 	TruthValue
	MAX-ACCESS  read-only
	STATUS	current
	DESCRIPTION 
		"Indicates whether the host is Active or not. If set to true, it indicates the host is active"
	::= { hostDataEntry 18 }

hostDetectedStdMonPortId OBJECT-TYPE
    	SYNTAX TrellixPortLinearIndex 
    	MAX-ACCESS read-only
    	STATUS  current
    	DESCRIPTION
        	"The monitoring interface linear port index over which the host was detected in Standard mode."
    ::= { hostDataEntry 19 }

hostDetectionType OBJECT-TYPE
        SYNTAX  INTEGER {
		other (0),
                l2 (1),
                l3 (2),
                vpn (3),
		snmp (4),
		radiusMac (5),
		radius8021x (6),
                l3-snmp(7),
                l3-radiusMac(8),
                l3-radius8021x(9)
        }
    	MAX-ACCESS read-only
    	STATUS  current
    	DESCRIPTION
        	"The detection type of the detected host. For OOB cases, this includes the discovery mechanism as well."
    ::= { hostDataEntry 20 }

hostUserAuthProtocol OBJECT-TYPE
        SYNTAX  INTEGER {
		authGuest (0),
                authRadius (1),
                authAD (2),
                authSelfReg (3),
		authADSGAP (4),
		auth8021xRadius (5)
        }
    	MAX-ACCESS read-only
    	STATUS  current
    	DESCRIPTION
        	"Authentication type of the logged in IBAC user."
    ::= { hostDataEntry 21 }

hostSwitchId OBJECT-TYPE
        SYNTAX  INTEGER
    	MAX-ACCESS read-only
    	STATUS  current
    	DESCRIPTION
        	"Switch instance ID on which host was detected in OOB mode."
    ::= { hostDataEntry 22 }

hostSwitchPortId OBJECT-TYPE
        SYNTAX  INTEGER
    	MAX-ACCESS read-only
    	STATUS  current
    	DESCRIPTION
        	"Switch port ID on which host was detected in OOB mode"
    ::= { hostDataEntry 23 }

hostSwitchPortGroupId OBJECT-TYPE
        SYNTAX  INTEGER
    	MAX-ACCESS read-only
    	STATUS  current
    	DESCRIPTION
        	"Switch port group ID on which host was detected in OOB mode"
    ::= { hostDataEntry 24 }

hostQuarantineVlanId OBJECT-TYPE
        SYNTAX  INTEGER
    	MAX-ACCESS read-only
    	STATUS  current
    	DESCRIPTION
		"Quarantine VLAN Id corresponding to the host which was detected in OOB mode."
    ::= { hostDataEntry 25 }

hostProductionVlanId OBJECT-TYPE
        SYNTAX  INTEGER
    	MAX-ACCESS read-only
    	STATUS  current
    	DESCRIPTION
        	"Production VLAN Id corresponding to the host which was detected in OOB mode."
    ::= { hostDataEntry 26 }

nasIpAddress  OBJECT-TYPE
	SYNTAX IpAddress	
	MAX-ACCESS  read-only 
	STATUS	current
	DESCRIPTION 
		"The Network Server Access Ipaddress of the switch where the host is connecting to."
	::= { hostDataEntry  27 }

nasGroupObjectId OBJECT-TYPE
        SYNTAX  INTEGER
    	MAX-ACCESS read-only
    	STATUS  current
    	DESCRIPTION
        	"Flexible policy Network Server Access Group Object Id for the host."
    ::= { hostDataEntry 28 }

userGroupObjectId OBJECT-TYPE
        SYNTAX  INTEGER
    	MAX-ACCESS read-only
    	STATUS  current
    	DESCRIPTION
        	"Flexible policy User Group Object Id for the host."
    ::= { hostDataEntry 29 }


deviceProfileString OBJECT-TYPE
	SYNTAX DisplayString (SIZE(0..128))
	MAX-ACCESS read-only 
	STATUS	current
	DESCRIPTION 
		"The device profile string provided by the third party device profiling ldap server for the host."
	::= { hostDataEntry 30 }

hostOperationalMode OBJECT-TYPE
        SYNTAX  INTEGER {
		enforcement (1),
                audit (2),
                simulation (3)
        }
    	MAX-ACCESS read-only
    	STATUS  current
    	DESCRIPTION
        	"This object indicates the operational mode for the host."
    ::= { hostDataEntry 31 }

hostEnforcementAction OBJECT-TYPE
        SYNTAX  INTEGER {
		deny (1),
                allow (2),
                custom-enforce (3)
        }
    	MAX-ACCESS read-only
    	STATUS  current
    	DESCRIPTION
        	"This object indicates the kind of enforcement done for the host."
    ::= { hostDataEntry 32 }

flexiblePolicyRuleId OBJECT-TYPE
        SYNTAX  INTEGER
    	MAX-ACCESS read-only
    	STATUS  current
    	DESCRIPTION
        	"This indicates the flexible policy rule for the host."
    ::= { hostDataEntry 33 }

hostConfigGrp OBJECT IDENTIFIER ::= {  hostDataGrp 2 }

hostEntryAttribute OBJECT-TYPE
        SYNTAX  INTEGER {
                ip (1),
                mac (2)
        }
	MAX-ACCESS read-write 
	STATUS	current
	DESCRIPTION 
		"Host entry attribute to be considered for config action."
	::= { hostConfigGrp 1 }

hostEntryIpAddress OBJECT-TYPE
	SYNTAX IpAddress	
	MAX-ACCESS read-write 
	STATUS	current
	DESCRIPTION 
		"Host entry Ip address to be considered for config action."
	::= { hostConfigGrp 2 }

hostEntryMac OBJECT-TYPE
	SYNTAX MacAddress	
	MAX-ACCESS read-write 
	STATUS	current
	DESCRIPTION 
		"Host entry Mac address to be considered for config action."
	::= { hostConfigGrp 3 }

hostEntryConfig OBJECT-TYPE
        SYNTAX  INTEGER {
                delete-host (1),
		modify-naz (2),
                revert-naz (3),
		host-oob-to-inline (4),
		host-inline-to-oob (5)
        }
	MAX-ACCESS read-write
	STATUS	current
	DESCRIPTION
		"Host entry config action."
	::= { hostConfigGrp 4 }

hostEntryEZId OBJECT-TYPE
        SYNTAX  INTEGER
	MAX-ACCESS read-write
	STATUS	current
	DESCRIPTION 
		"EZ-ID to be considered for modifying the NAZ of the given host entry."
	::= { hostConfigGrp 5 }

hostDataAvailabilityStatus OBJECT-TYPE
        SYNTAX  TruthValue
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
                "This object indicates the availability of the hostData through SNMP. This information
                 is useful immediately after the sensor reboot, as the Host Data even if
                 present on the sensor would be available through SNMP only after the
                 system health becomes GOOD, as the host data would be initialised only
                 during the initial sigfile processing.
                 True: Host Data available after the sensor initialisation or no persisted hostdata.
                 False: In other scenarios. "
        ::= { hostDataGrp 3 }
 
--This group contains MIB objects related to SGAP Configuration

sgapGrp  OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 29 }

sgapConfigGrp  OBJECT IDENTIFIER ::= { sgapGrp 1 }

sgapAuthTimeout OBJECT-TYPE
  SYNTAX  INTEGER (10..600)
  MAX-ACCESS  read-write
  STATUS  current
  DESCRIPTION
    "Authentication channel timeout in seconds.
    Default: 30"
  ::= { sgapConfigGrp 1 }

sgapCSRConfigGrp OBJECT IDENTIFIER ::= { sgapConfigGrp 2 }

sgapCSRCountryName  OBJECT-TYPE
	SYNTAX DisplayString (SIZE(1..255))	
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"Country name for generating the CSR. Use the two-letter code
		without punctuation for country like US or CA."
	::= { sgapCSRConfigGrp 1 }

sgapCSRStateProvince  OBJECT-TYPE
	SYNTAX DisplayString (SIZE(1..255))	
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"State or Province name for generating the CSR. Spell out the
		state completely."
	::= { sgapCSRConfigGrp 2 }

sgapCSRLocality  OBJECT-TYPE
	SYNTAX DisplayString (SIZE(1..255))	
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"City or town name for generating the CSR."
	::= { sgapCSRConfigGrp 3 }

sgapCSRCompany  OBJECT-TYPE
	SYNTAX DisplayString (SIZE(1..255))	
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"Company name for generating the CSR. If the company name has
		symbols, spell out the symbol or omit it to enroll."
	::= { sgapCSRConfigGrp 4 }

sgapCSROrganizationalUnit  OBJECT-TYPE
	SYNTAX DisplayString (SIZE(1..255))	
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"The organizational unit is the name of the department or organization unit
		making the request. This is an optional field"
	::= { sgapCSRConfigGrp 5 }

sgapCSRCommonName  OBJECT-TYPE
	SYNTAX DisplayString (SIZE(1..255))	
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"The common name is the host plus domain name. It looks like
		www.company.com or company.com."
	::= { sgapCSRConfigGrp 6 }

sgapCSRGenerateAction  OBJECT-TYPE
	SYNTAX 	INTEGER {
		other(0),
		generateCSR(1),
    generateSelfSigned(2)
	}
	MAX-ACCESS  read-write
	STATUS  current
	DESCRIPTION
		"This action is used to generate the CSR/self signed certificate.
		 Default : other (0)"
	::= { sgapCSRConfigGrp 7 }

sgapCSRGenerateStatus  OBJECT-TYPE
	SYNTAX 	INTEGER {
		    other (0),
                generationInProgress (1),
                generationComplete (2),
		    generationFailed (3)
	}
	MAX-ACCESS  read-only
	STATUS  current
	DESCRIPTION
		"This object describes the possible CSR generation states.
		 Default : other (0)"
	::= { sgapCSRConfigGrp 8 }

sgapCertStatus OBJECT-TYPE
	SYNTAX 	INTEGER {
		    other (0),
        certAbsent (1),
        defaultCert (2),
        selfsignedCert (3),
        casignedCert (4)
	}
  MAX-ACCESS  read-only
  STATUS  current
  DESCRIPTION
    "This object indicates the sgap cert status on the sensor.
    Default: 0"
  ::= { sgapConfigGrp 3 }

--
-- This group contains MIB objects related to threshold alarm and historical trends related configuration
--

alarmAndTrendsGrp  OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 30 }

sensorPerfAlertGrp  OBJECT IDENTIFIER ::= { alarmAndTrendsGrp  1 }

sensorPerfAlertEnable  OBJECT-TYPE
	SYNTAX 	TruthValue 
	MAX-ACCESS  read-write
	STATUS  current
	DESCRIPTION
		"This object is used to enable/disable generation of sensor performance alerts,
		for the purpose of historical trends.
                Default: false(2)"
	::= { sensorPerfAlertGrp 1 }

sensorPerfAlertDuration  OBJECT-TYPE
	SYNTAX INTEGER (1..60) 
	MAX-ACCESS read-write
	STATUS  current
	DESCRIPTION
		"This object is used to configure the duration of sensor performance alerts in minutes,
		for the purpose of historical trends.
                Default: 5"
	::= { sensorPerfAlertGrp 2 }

sensorPerfAlertParameters  OBJECT-TYPE
	SYNTAX OCTET STRING
	MAX-ACCESS read-write
	STATUS current
	DESCRIPTION
		"This object is used to configure the parameters of sensor performance alerts,
		for the purpose of historical trends. The parameter bit positions are as given below.
		msb-bit(1) : cpu-utilization,
		msb-bit(2) : tcpudp-flows,
		msb-bit(3) : sensor-throughput,
		msb-bit(4) : mon-port-data-rate,
                msb-bit(5) : reserved
                msb-bit(6) : reserved
                msb-bit(7) : system-memory,
                msb-bit(8) : packet-buffers,
                msb-bit(9) : decrypted-ssl-flows"
	::= { sensorPerfAlertGrp 3 }

alarmConfigGrp OBJECT IDENTIFIER ::= { alarmAndTrendsGrp  2 }

alarmStatus  OBJECT-TYPE
	SYNTAX 	TruthValue 
	MAX-ACCESS  read-write
	STATUS  current
	DESCRIPTION
		"This object is used to enable/disable generation of threshold based alarms.
                Default: false(2)"
	::= { alarmConfigGrp 1 }

alarmDeleteAllEntries OBJECT-TYPE
	SYNTAX 	INTEGER {
		true(1)
	}
	MAX-ACCESS  read-write
	STATUS  current
	DESCRIPTION
		"This object is used to delete all alarm entries in a single operation."
	::= { alarmConfigGrp 2 }

alarmDuration OBJECT-TYPE
	SYNTAX INTEGER (1..60)
	MAX-ACCESS read-write
	STATUS	current
	DESCRIPTION
		"This object indicates the duration in minutes, at which the sensor needs to perform
		threshold checks and if required generate the specific alarm.
		Default : 1"
	::= { alarmConfigGrp 3 }

alarmTable OBJECT-TYPE
	SYNTAX SEQUENCE OF AlarmEntry
	MAX-ACCESS  not-accessible
	STATUS	current
	DESCRIPTION 
		"Table containing entries for configured threshold based alarms. (indexed via alarmIndex) 
		This table contains Trellix specific MIB objects.
		"
	::= { alarmConfigGrp 4 }

alarmEntry  OBJECT-TYPE
	SYNTAX 	AlarmEntry
	MAX-ACCESS  not-accessible
	STATUS	current
	DESCRIPTION 
		"This MIB object contains all the columnar objects, 
		that describe the contents of each threshold based alarm.
		Indexed by alarmIndex"
	INDEX { alarmIndex }
	::= { alarmTable 1 }

AlarmEntry ::= SEQUENCE {
	alarmIndex
		INTEGER,
	alarmSampleType
		INTEGER,
	alarmSampleTypeIndexBitmap
		OCTET STRING,
	alarmSampleTypeDesc
		DisplayString,
    	alarmRaisingThreshold
        	Unsigned32,
	alarmFallingThreshold
		Unsigned32,
	alarmStartupType
		INTEGER,
	alarmEntryStatus
		RowStatus
}

alarmIndex OBJECT-TYPE
	SYNTAX INTEGER
	MAX-ACCESS not-accessible 
	STATUS	current
	DESCRIPTION 
		"The index of the threshold based alarm entry"
	::= { alarmEntry 1 }

alarmSampleType OBJECT-TYPE
	SYNTAX INTEGER
	{
		cpu-utilization-abs (0),
                tcpudp-flows (1),
		sensor-throughput-delta (2),
		mon-port-throughput-delta (3),
		sensor-l2-error-drop-delta (4),
		sensor-l3-l4-error-drop-delta (5),
                system-memory (6),
                packet-buffers (7),
                decrypted-ssl-flows (8)
	}
	MAX-ACCESS read-write
	STATUS current
	DESCRIPTION
		"This object indicates the alarm sample type for which the sensor needs to generate alarms
		based on alarm threshold settings. The threshold value range vary based on the sample types :
		cpu-utilization-abs : 0 - 100,
                tcpudp-flows : 0 - 100,
		sensor-throughput-delta : 0 - 100,
		mon-port-throughput-delta : 0 - 100, 
		l2-error-drop-delta : 0 - 4294967295,
		l3-l4-error-drop-delta : 0 - 4294967295,
                system-memory : 0 - 100,
                packet-buffers : 0 - 100,
                decrypted-ssl-flows : 0 - 100
 		"
	::= { alarmEntry 2 }

alarmSampleTypeIndexBitmap  OBJECT-TYPE
	SYNTAX OCTET STRING (SIZE (1..16))
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"This object provides the index bit map for the alarm sample type id. The bit
		setting would be similar to the BITS type and in network order. The bitmap would be as
		given below :
			cpu-utilization-abs - 0,
			sensor-throughput-delta - 0,
			mon-port-throughput-delta - Bit position indicates the <linear portIndex> 
			sensor-l2-error-drop-delta - 0,
			sensor-l3-l4-error-drop-delta - 0 
		"
	::= { alarmEntry 3 }

alarmSampleTypeDesc OBJECT-TYPE
	SYNTAX DisplayString (SIZE(1..32))
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"This object provides the alarm sample type description such as 'lower-band', 'higher-band', etc."
	::= { alarmEntry 4 }

alarmRaisingThreshold OBJECT-TYPE
	SYNTAX Unsigned32
	MAX-ACCESS read-write
	STATUS	current
	DESCRIPTION
		"This object indicates the raising threshold value. The sensor would generate raising
		threshold alarm when the sample type counter exceeds this value."
	::= { alarmEntry 5 }

alarmFallingThreshold OBJECT-TYPE
	SYNTAX Unsigned32
	MAX-ACCESS read-write
	STATUS	current
	DESCRIPTION
		"This object indicates the falling threshold value. The sensor would generate falling
		threshold alarm when the sample type counter reduces below this value."
	::= { alarmEntry 6 }

alarmStartupType OBJECT-TYPE
	SYNTAX INTEGER {
		raising (1),
                falling (2),
		both (3)
                }
	MAX-ACCESS read-write 
	STATUS	current
	DESCRIPTION 
		"This object indicates the first alarm type that the sensor must generate before 
		generating the other threshold based alarm. For eg; if the value is set to 'raising (1)',
		then the sensor has to first raise an alarm based on raising threshold value and only 
		then based on falling threshold value.
		Default : raising (1)"
	::= { alarmEntry 7 }

alarmEntryStatus OBJECT-TYPE
	SYNTAX RowStatus
	MAX-ACCESS read-write 
	STATUS	current
	DESCRIPTION 
		"This object is used to create a new threshold based alarm."
	::= { alarmEntry 8 }


bwSavingStatus OBJECT-TYPE
        SYNTAX  TruthValue
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "This object is used to enable/disable bandwidth saving.
                Default: false(2)"
        ::= { alarmConfigGrp 5 }
	

--
-- This group contains MIB objects applicable to NAC-only Appliances.
--

oobnacGrp  OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 31 }
-- Support for oobnacGrp is deprecated in V-series sensors(VmIPS).
-- This group consists of scalars for pre-discovery phase and swInstanceTable(based on switch ID).
oobnacSwDiscoveryGrp  OBJECT IDENTIFIER ::= { oobnacGrp 1 }

-- This table creates an entry for the switch (indexed based on switch id ).

swInstanceTable       OBJECT-TYPE
                      SYNTAX SEQUENCE OF SwInstanceEntry
                      MAX-ACCESS  not-accessible
                      STATUS  current
                      DESCRIPTION
                        "Table containing entries for each switch instance(indexed via switch id)."
                ::= { oobnacSwDiscoveryGrp 1 }

swInstanceEntry       OBJECT-TYPE
                      SYNTAX  SwInstanceEntry
                      MAX-ACCESS  not-accessible
                      STATUS  current
                      DESCRIPTION
                        "This MIB object contains all the attributes that are specific to the switch instance. Indexed by swIdIndex"
                      INDEX { swIdIndex }
                ::= { swInstanceTable 1 }

SwInstanceEntry ::= SEQUENCE {
                swIdIndex
                        INTEGER,
                swDetDesc
                        DisplayString,
                swProfileId
                        INTEGER,
                swIPAddress
                        IpAddress,
                swIPV6Address
                        Ipv6Address,
		swName
			DisplayString,
                swDesc
                        DisplayString,
                swEnable
                        TruthValue,
                swSNMPsupport
                        TruthValue,
                swSnmpVerSupport
                        INTEGER,
                swREADCommunityStr
                        DisplayString,
                swWRITECommunityStr
                        DisplayString,
                swTRAPCommunityStr
                        DisplayString,
                swSNMPPort
                        INTEGER,
                swV3UserName
                        DisplayString,
                swV3SecurityLevel
                        INTEGER,
                swV3AuthProtocol
                        INTEGER,
                swV3AuthKey
                        DisplayString,
                swV3EncrProtocol
                        INTEGER,
                swV3EncrKey
                        DisplayString,
                swCLIsupport
                        TruthValue,
                swCLINwProtocol
                        INTEGER,
                swCLIUserName
                        DisplayString,
                swCLIPwd
                        DisplayString,
                swCLIEnablePwd
                        DisplayString,
                swCLIAutoSaveConfig
                        TruthValue,
                swRadiusSupport
                        TruthValue,
                swRadiusSharedSecret
                        DisplayString,
                swPlaceHolderVlan
                        DisplayString,
                swUseDefaultQVlanPool
                        TruthValue,
                swQVlanPoolRange
                        DisplayString,
                swDiscoverAction
                        RowStatus,
		swCLILoginType
                        INTEGER,
	 	swAuthMacAddRadSrvOption
                        TruthValue,
                swActionStatus
                        INTEGER,
                swPortDefaultVlan
                        INTEGER,
                swActionStatusTime
                        INTEGER


}

swIdIndex             OBJECT-TYPE
                      SYNTAX     INTEGER
                      MAX-ACCESS not-accessible
                      STATUS     current
                      DESCRIPTION
                        "The index"
                ::= { swInstanceEntry 1 }

swDetDesc             OBJECT-TYPE
                      SYNTAX          DisplayString(SIZE(0..256))
                      MAX-ACCESS      read-write
                      STATUS          current
                      DESCRIPTION
                        "Description  returned by the switch. "
                ::= { swInstanceEntry 2 }

swProfileId           OBJECT-TYPE
                      SYNTAX          INTEGER
                      MAX-ACCESS      read-write
                      STATUS          current
                      DESCRIPTION
                        "switch profile id returned by the switch."
                ::= { swInstanceEntry 3 }

swIPAddress           OBJECT-TYPE
                      SYNTAX          IpAddress
                      MAX-ACCESS      read-write
                      STATUS          current
                      DESCRIPTION
                        "IP address of the switch instance sent down from ISM when a new switch is being added."
                ::= { swInstanceEntry 4 }

swIPV6Address         OBJECT-TYPE
                      SYNTAX          Ipv6Address
                      MAX-ACCESS      read-write
                      STATUS          current
                      DESCRIPTION
                        "IPV6 address of the switch instance sent down from ISM when a new switch is being added."
                ::= { swInstanceEntry 5 }

swName                OBJECT-TYPE
                      SYNTAX          DisplayString(SIZE(0..256))
                      MAX-ACCESS      read-write
                      STATUS          current
                      DESCRIPTION
                        "Switch name returned by the switch."
                  ::= { swInstanceEntry 6 }



swDesc                OBJECT-TYPE
                      SYNTAX          DisplayString(SIZE(0..256))
                      MAX-ACCESS      read-write
                      STATUS          current
                      DESCRIPTION
                        "Switch name returned by the switch. This can be modified by ISM."
                ::= { swInstanceEntry 7 }

swEnable              OBJECT-TYPE
                      SYNTAX          TruthValue
                      MAX-ACCESS      read-write
                      STATUS          current
                      DESCRIPTION
                        "Option to enable/disable the specific switch upon discovery. The default value is enable(1)."
                ::= { swInstanceEntry 8 }

swSNMPsupport         OBJECT-TYPE
                      SYNTAX          TruthValue
                      MAX-ACCESS      read-write
                      STATUS          current
                      DESCRIPTION
                        "Support for snmp communication between sensor and the switch.Currently the value always remains true."
                ::= { swInstanceEntry 9 }

swSnmpVerSupport      OBJECT-TYPE
                      SYNTAX         INTEGER {
                        snmpv1(1),
                        snmpv2(2),
                        snmpv3(3)
                      }
                      MAX-ACCESS     read-write
                      STATUS         current
                      DESCRIPTION
                        "snmp version supported by the switch. The default will be version 2."
                ::= { swInstanceEntry 10 }

swREADCommunityStr    OBJECT-TYPE
                      SYNTAX       DisplayString (SIZE(0..80))
                      MAX-ACCESS   read-write
                      STATUS       current
                      DESCRIPTION
                        "String used for all read-only snmp data communication between sensor and the switch. The default string is public."
                ::= { swInstanceEntry 11 }

swWRITECommunityStr   OBJECT-TYPE
                      SYNTAX       DisplayString (SIZE(0..80))
                      MAX-ACCESS   read-write
                      STATUS       current
                      DESCRIPTION
                        "String used for all read-write snmp data communication between sensor and the switch."
                ::= { swInstanceEntry 12 }

swTRAPCommunityStr    OBJECT-TYPE
                      SYNTAX          DisplayString (SIZE(0..80))
                      MAX-ACCESS      read-write
                      STATUS          current
                      DESCRIPTION
                        "community string used for the all the traps received from the switch."
                ::= { swInstanceEntry 13 }


swSNMPPort            OBJECT-TYPE
                      SYNTAX          INTEGER
                      MAX-ACCESS      read-write
                      STATUS          current
                      DESCRIPTION
                        "snmp port for snmp communication with the switch(161)."
                ::= { swInstanceEntry 14 }


swV3UserName          OBJECT-TYPE
                      SYNTAX          DisplayString (SIZE(0..31))
                      MAX-ACCESS      read-write
                      STATUS          current
                      DESCRIPTION
                        "User name for snmp v3 communication."
                ::= { swInstanceEntry 15 }

swV3SecurityLevel     OBJECT-TYPE
                      SYNTAX          INTEGER {
                                noAuthNoPriv(1),
                                authNoPriv(2),
                                authPriv(3)
                      }
                      MAX-ACCESS      read-write
                      STATUS          current
                      DESCRIPTION
                        "Level of security supported by the switch. The default value is authPriv(3)."
                ::= { swInstanceEntry 16 }

swV3AuthProtocol      OBJECT-TYPE
                      SYNTAX          INTEGER {
                                mD5(1),
                                sHA(2)
                      }
                      MAX-ACCESS      read-write
                      STATUS          current
                      DESCRIPTION
                        "protocol for authentication of the user. The default value is Md5(1)."
                ::= { swInstanceEntry 17 }

swV3AuthKey           OBJECT-TYPE
                      SYNTAX          DisplayString (SIZE(0..15))
                      MAX-ACCESS      read-write
                      STATUS          current
                      DESCRIPTION
                        "Key for authentication of the user."
                ::= { swInstanceEntry 18 }

swV3EncrProtocol      OBJECT-TYPE
                      SYNTAX          INTEGER {
                                dES(1),
                                aES(2)
                      }
                      MAX-ACCESS      read-write
                      STATUS          current
                      DESCRIPTION
                        "protocol for encryption of snmp communication messages. The default value is DES(1)."
                ::= { swInstanceEntry 19 }
swV3EncrKey           OBJECT-TYPE
                      SYNTAX          DisplayString (SIZE(0..15))
                      MAX-ACCESS      read-write
                      STATUS          current
                      DESCRIPTION
                        "key for encryting messages."
                ::= { swInstanceEntry 20 }

swCLIsupport          OBJECT-TYPE
                      SYNTAX          TruthValue
                      MAX-ACCESS      read-write
                      STATUS          current
                      DESCRIPTION
                        "Support for CLI communication between sensor and the switch."
                ::= { swInstanceEntry 21 }

swCLINwProtocol       OBJECT-TYPE
                      SYNTAX          INTEGER {
                                telnet(1),
                                ssh(2)
                      }
                      MAX-ACCESS      read-write
                      STATUS          current
                      DESCRIPTION
                        "support for a command line interfaces network protocol such as TELNET or ssh. Default value is telnet(1)."
                ::= { swInstanceEntry 22 }

swCLIUserName         OBJECT-TYPE
                      SYNTAX          DisplayString (SIZE(0..80))
                      MAX-ACCESS      read-write
                      STATUS          current
                      DESCRIPTION
                        "user name for CLI communication."
                ::= { swInstanceEntry 23 }

swCLIPwd              OBJECT-TYPE
                      SYNTAX          DisplayString (SIZE(0..80))
                      MAX-ACCESS      read-write
                      STATUS          current
                      DESCRIPTION
                        "password to authenticate CLI user."
                ::= { swInstanceEntry 24 }

swCLIEnablePwd        OBJECT-TYPE
                      SYNTAX          DisplayString (SIZE(0..80))
                      MAX-ACCESS      read-write
                      STATUS          current
                      DESCRIPTION
                        "Enable password to authenticate CLI user."
                ::= { swInstanceEntry 25 }

swCLIAutoSaveConfig   OBJECT-TYPE
                      SYNTAX  TruthValue
                      MAX-ACCESS      read-write
                      STATUS          current
                      DESCRIPTION
                            "If this option is enabled then auto save CLI  configuration changes to flash."
                ::= { swInstanceEntry 26 }

swRadiusSupport       OBJECT-TYPE
                      SYNTAX          TruthValue
                      MAX-ACCESS      read-write
                      STATUS          current
                      DESCRIPTION
                        "Support for radius communication between sensor and the switch. The default value is enable(1)."
                ::= { swInstanceEntry 27 }

swRadiusSharedSecret  OBJECT-TYPE
                      SYNTAX       DisplayString (SIZE(0..80))
                      MAX-ACCESS   read-write
                      STATUS       current
                      DESCRIPTION
                        "A case-sensitive text string used to validate communications between two radius devices."
                ::= { swInstanceEntry 28 }

swPlaceHolderVlan     OBJECT-TYPE
                      SYNTAX          DisplayString (SIZE(0..80))
                      MAX-ACCESS      read-write
                      STATUS          current
                      DESCRIPTION
                                "special vlan value used for assigning qvlan value to an empty port."
                ::= { swInstanceEntry 29 }

swUseDefaultQVlanPool OBJECT-TYPE
                      SYNTAX          TruthValue
                      MAX-ACCESS      read-write
                      STATUS          current
                      DESCRIPTION
                        "Option to use globally set qvlan pool range."
                ::= { swInstanceEntry 30 }

swQVlanPoolRange      OBJECT-TYPE
                      SYNTAX          DisplayString (SIZE(0..30))
                      MAX-ACCESS      read-write
                      STATUS          current
                      DESCRIPTION
                                "Qvlan pool range assigned for the switch instance."
                ::= { swInstanceEntry 31 }

swDiscoverAction      OBJECT-TYPE
                      SYNTAX  RowStatus
                      MAX-ACCESS      read-create
                      STATUS          current
                      DESCRIPTION
                                "This action data will add a switch entry in the table. Default action is createAndGo(4)."
                ::= { swInstanceEntry 32 }


swCLILoginType	      OBJECT-TYPE
                      SYNTAX          INTEGER {
                                userPwd(1),
                                pwdEnable(2),
                                userPwdEnable(3)
                      }
                      MAX-ACCESS      read-write
                      STATUS          current
                      DESCRIPTION
                        "Different login types supported for CLI. "
                ::= { swInstanceEntry 33 }

swAuthMacAddRadSrvOption       OBJECT-TYPE
                      SYNTAX          TruthValue
                      MAX-ACCESS      read-write
                      STATUS          current
                      DESCRIPTION
                        "Support for option to authenticate MAC addresses against radius server.Default option is to disabled(0)."
                ::= { swInstanceEntry 34 }


swActionStatus        OBJECT-TYPE
                      SYNTAX          INTEGER {
                                active(1),
                                inactive(2),
                                in-deletion-mode(3),
                                in-addition-mode(4)
                      }
                      MAX-ACCESS      read-only
                      STATUS          current
                      DESCRIPTION
                        "Variable to poll the status of the switch(in case sw goes down). "
                ::= { swInstanceEntry 35 }


swPortDefaultVlan     OBJECT-TYPE
                      SYNTAX          INTEGER
                      MAX-ACCESS      read-write
                      STATUS          current
                      DESCRIPTION
                        "Variable used for updating port default vlan for universal control point (UCP)switches. For non-ucp switches the value will default to zero."
                ::= { swInstanceEntry 36 }


swActionStatusTime    OBJECT-TYPE
                      SYNTAX  INTEGER (0..4294967295)
                      MAX-ACCESS  read-only
                      STATUS  current
                      DESCRIPTION
                        "Time when swActionStatus variable was updated."
                ::= { swInstanceEntry 37 }








--Scalar for the pre-discovery phase. No entry is created for the switch during this time.
-- Also scalars for switch snmp/cli test.

swIpAddress           OBJECT-TYPE
                      SYNTAX      IpAddress
                      MAX-ACCESS  read-write
                      STATUS      current
                      DESCRIPTION
                        "IP address of the switch instance sent down from ISM when a new switch is being added."
                ::= { oobnacSwDiscoveryGrp 2 }

swIpV6Address          OBJECT-TYPE
                      SYNTAX          Ipv6Address
                      MAX-ACCESS      read-write
                      STATUS          current
                      DESCRIPTION
                        "IPV6 address of the switch instance sent down from ISM when a new switch is being added."
                ::= { oobnacSwDiscoveryGrp 3 }

readCommunityString   OBJECT-TYPE
                      SYNTAX          DisplayString (SIZE(0..80))
                      MAX-ACCESS      read-write
                      STATUS          current
                      DESCRIPTION
                        "This string is used for all read-only snmp data communication between sensor and the switch. The default string is public."
                ::= { oobnacSwDiscoveryGrp 4 }

snmpPort              OBJECT-TYPE
                      SYNTAX          INTEGER
                      MAX-ACCESS      read-write
                      STATUS          current
                      DESCRIPTION
                        "The default port on which snmp runs(161)."
                ::= { oobnacSwDiscoveryGrp 5 }

snmpVerSupport        OBJECT-TYPE
                      SYNTAX         INTEGER {
                        snmpv1(1),
                        snmpv2(2),
                        snmpv3(3)
                      }
                      MAX-ACCESS     read-write
                      STATUS         current
                      DESCRIPTION
                        "snmp version supported by the switch. The default will be version 2."
                ::= { oobnacSwDiscoveryGrp 6 }

writeCommunityStr     OBJECT-TYPE
                      SYNTAX       DisplayString (SIZE(0..80))
                      MAX-ACCESS   read-write
                      STATUS       current
                      DESCRIPTION
                        "String used for all read-write snmp data communication between sensor and the switch."
                ::= { oobnacSwDiscoveryGrp 7 }

trapCommunityStr      OBJECT-TYPE
                      SYNTAX          DisplayString (SIZE(0..80))
                      MAX-ACCESS      read-write
                      STATUS          current
                      DESCRIPTION
                        "community string used for the all the traps received from the switch."
                ::= { oobnacSwDiscoveryGrp 8}


v3UserName            OBJECT-TYPE
                      SYNTAX          DisplayString (SIZE(0..31))
                      MAX-ACCESS      read-write
                      STATUS          current
                      DESCRIPTION
                        "User name for snmp v3 communication."
                ::= { oobnacSwDiscoveryGrp 9 }

v3SecurityLevel       OBJECT-TYPE
                      SYNTAX          INTEGER {
                                noAuthNoPriv(1),
                                authNoPriv(2),
                                authPriv(3)
                      }
                      MAX-ACCESS      read-write
                      STATUS          current
                      DESCRIPTION
                        "Level of security supported by the switch. The default value is authPriv(3)."
                ::= { oobnacSwDiscoveryGrp 10 }

v3AuthProtocol        OBJECT-TYPE
                      SYNTAX          INTEGER {
                                mD5(1),
                                sHA(2)
                      }
                      MAX-ACCESS      read-write
                      STATUS          current
                      DESCRIPTION
                        "protocol for authentication of the user. The default value is Md5(1)."
                ::= { oobnacSwDiscoveryGrp 11 }

v3AuthKey             OBJECT-TYPE
                      SYNTAX          DisplayString (SIZE(0..15))
                      MAX-ACCESS      read-write
                      STATUS          current
                      DESCRIPTION
                        "Key for authentication of the user."
                ::= { oobnacSwDiscoveryGrp 12 }

v3EncrProtocol        OBJECT-TYPE
                      SYNTAX          INTEGER {
                                dES(1),
                                aES(2)
                      }
                      MAX-ACCESS      read-write
                      STATUS          current
                      DESCRIPTION
                        "protocol for encryption of snmp communication messages. The default value is DES(1)."
                ::= { oobnacSwDiscoveryGrp 13 }

v3EncrKey             OBJECT-TYPE
                      SYNTAX          DisplayString (SIZE(0..15))
                      MAX-ACCESS      read-write
                      STATUS          current
                      DESCRIPTION
                        "key for encryting messages."
                ::= { oobnacSwDiscoveryGrp 14 }

cliNwProtocol         OBJECT-TYPE
                      SYNTAX          INTEGER {
                                telnet(1),
                                ssh(2)
                      }
                      MAX-ACCESS      read-write
                      STATUS          current
                      DESCRIPTION
                        "support for a command line interfaces network protocol such as TELNET or ssh. Default value is telnet(1)."
                ::= { oobnacSwDiscoveryGrp 15 }

cliUserName           OBJECT-TYPE
                      SYNTAX          DisplayString (SIZE(0..80))
                      MAX-ACCESS      read-write
                      STATUS          current
                      DESCRIPTION
                        "user name for CLI communication."
                ::= { oobnacSwDiscoveryGrp 16}


cliPwd                OBJECT-TYPE
                      SYNTAX          DisplayString (SIZE(0..80))
                      MAX-ACCESS      read-write
                      STATUS          current
                      DESCRIPTION
                        "password to authenticate CLI user."
                ::= { oobnacSwDiscoveryGrp 17 }

cliEnablePwd          OBJECT-TYPE
                      SYNTAX          DisplayString (SIZE(0..80))
                      MAX-ACCESS      read-write
                      STATUS          current
                      DESCRIPTION
                        "Enable password to authenticate CLI user."
                ::= { oobnacSwDiscoveryGrp 18 }

swQueryAction         OBJECT-TYPE
                      SYNTAX  INTEGER {
                          initialQuery(1),
                          testSnmp(2),
                          testCli(3),
                          deleteAllSwEntries(4),
                          reLearnSwitch(5)
                      }
                      MAX-ACCESS      read-write
                      STATUS          current
                      DESCRIPTION
                        "action to get preliminary data (like sys uptime, sys description etc) from the switch. also to test cli and snmp."
                ::= { oobnacSwDiscoveryGrp 19}


cliLoginType        OBJECT-TYPE
                      SYNTAX          INTEGER {
                                userPwd(1),
                                pwdEnable(2),
                                userPwdEnable(3)
                      }
                      MAX-ACCESS      read-write
                      STATUS          current
                      DESCRIPTION
                        "Different login types supported for CLI. "
                ::= { oobnacSwDiscoveryGrp 20 }

profileId             OBJECT-TYPE
                      SYNTAX          INTEGER
                      MAX-ACCESS      read-write
                      STATUS          current
                      DESCRIPTION
                        "switch profile id returned by the switch."
                ::= { oobnacSwDiscoveryGrp 21 }

switchId              OBJECT-TYPE
                      SYNTAX     INTEGER
                      MAX-ACCESS read-write
                      STATUS     current
                      DESCRIPTION
                        "The sw global id used to re-learn the switch."
                ::= { oobnacSwDiscoveryGrp 22 }









-- This group consists of scalars applicable to all switches.
oobnacAllSwitchesGrp  OBJECT IDENTIFIER ::= { oobnacGrp 2 }


oobnDefaultQvlanPool  OBJECT-TYPE
                      SYNTAX          DisplayString (SIZE(0..30))
                      MAX-ACCESS      read-write
                      STATUS          current
                      DESCRIPTION
                                "default qvlan pool range assigned for the all switches using default qvlan pool."

                ::= { oobnacAllSwitchesGrp 1 }


oobnacRadNumRetries   OBJECT-TYPE
                      SYNTAX          INTEGER
                      MAX-ACCESS      read-write
                      STATUS          current
                      DESCRIPTION
                        "The default number of retries(3) allowed for radius users."
                ::= { oobnacAllSwitchesGrp 2 }


oobnacRadRespTimeOut  OBJECT-TYPE
                      SYNTAX          INTEGER
                      MAX-ACCESS      read-write
                      STATUS          current
                      DESCRIPTION
                        "The default timeout value(3 seconds) for radius response timeout."
                ::= { oobnacAllSwitchesGrp 3 }



--
-- OOB NAC Failover Group
--
--This group contains objects that identify the OOB NAC failover configuration information 
--

oobnacFailoverGrp  OBJECT IDENTIFIER ::= { oobnacGrp 3 }

oobnacFloatingIpAddress  OBJECT-TYPE
	SYNTAX 	IpAddress
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"Floating Management Port IP Address."
	::= { oobnacFailoverGrp 1 }

oobnacFloatingIpv6Address  OBJECT-TYPE
	SYNTAX 	Ipv6Address
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"Floating Management Port IPv6 Address."
	::= { oobnacFailoverGrp 2 }

oobnacFloatingNetMask  OBJECT-TYPE
	SYNTAX 	INTEGER
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"Floating Management Port Network mask as a IPAddress prefix."
	::= { oobnacFailoverGrp 3 }

oobnacFloatingv6NetMask  OBJECT-TYPE
	SYNTAX 	INTEGER
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"Floating Management Port IPv6 Network mask as a IPAddress prefix."
	::= { oobnacFailoverGrp 4 }

oobnacFloatingGatewayIpAddress  OBJECT-TYPE
	SYNTAX 	IpAddress
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"Floating Management Port Gateway IP Address."
	::= { oobnacFailoverGrp 5 }

oobnacFloatingGatewayIpv6Address  OBJECT-TYPE
	SYNTAX 	Ipv6Address
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"Floating Management Port Gateway IP Address."
	::= { oobnacFailoverGrp 6 }

oobnacPeerIpAddress  OBJECT-TYPE
	SYNTAX 	IpAddress
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"Failover Peer Management Port IP Address."
	::= { oobnacFailoverGrp 7 }

oobnacPeerIpv6Address  OBJECT-TYPE
	SYNTAX 	Ipv6Address
	MAX-ACCESS  read-write  
	STATUS	current
	DESCRIPTION 
		"Failover Peer Management Port IPv6 Address."
	::= { oobnacFailoverGrp 8 }

oobnacFailoverSensorStatus  OBJECT-TYPE
	SYNTAX 	INTEGER {
		standalone (0),
		standby (1),
		active (2)
	}
	MAX-ACCESS  read-only
	STATUS	current
	DESCRIPTION 
		"Status of the sensor in OOBNac failover."
	::= { oobnacFailoverGrp 9 }

--
-- This group contains Malware related MIB objects. These are applicable to
-- all M-series except NAC-only appliances.
--


malwareGrp     OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 32 }

-- Support for malwarePriDNSServerIp is now deprecated in sensors using new MIB.
malwarePriDNSServerIp   OBJECT-TYPE
                        SYNTAX          IpAddress
                        MAX-ACCESS      read-write
                        STATUS          obsolete
                        DESCRIPTION
                                "IP address of the primary DNS server."
        ::= { malwareGrp 1 }

-- Support for malwareSecDNSServerIp is now deprecated in sensors using new MIB.
malwareSecDNSServerIp   OBJECT-TYPE
                        SYNTAX          IpAddress
                        MAX-ACCESS      read-write
                        STATUS          obsolete
                        DESCRIPTION
                                "IP address of the secondary DNS server."
        ::= { malwareGrp 2 }

-- Support for malwarePriDNSServerIpV6 is now deprecated in sensors using new MIB.
malwarePriDNSServerIpV6 OBJECT-TYPE
                        SYNTAX          Ipv6Address
                        MAX-ACCESS      read-write
                        STATUS          obsolete
                        DESCRIPTION
                                "IPV6 address of the primary DNS server."
        ::= { malwareGrp 3 }

-- Support for malwareSecDNSServerIpV6 is now deprecated in sensors using new MIB.
malwareSecDNSServerIpV6 OBJECT-TYPE
                        SYNTAX          Ipv6Address
                        MAX-ACCESS      read-write
                        STATUS          obsolete
                        DESCRIPTION
                                "IPV6 address of the secondary DNS server."
        ::= { malwareGrp 4 }

malwareRiskLevel        OBJECT-TYPE
                        SYNTAX          INTEGER {
                                veryLow(1),
                                low(2),
                                medium(3),
                                high(4),
                                veryHigh(5)
                        }
                        MAX-ACCESS      read-write
                        STATUS          current
                        DESCRIPTION
                                " Malware risk level threshold value set by the user. The default level is Very Low."
        ::= { malwareGrp 5 }

-- Support for malwareArtemisDetectionMode is deprecated in sensors using new MIB.
malwareArtemisDetectionMode    OBJECT-TYPE
                        SYNTAX          INTEGER {
                                alertOnly(1),
                                alertAndBlock(2),
				alertBlockAndTCP-Reset(3)
                        }
                        MAX-ACCESS      read-write
                        STATUS          current
                        DESCRIPTION
                                "artemis configuration to do either of the settings
                                 Alert only,
                                 Alert and Block or
                                 Alert, Block and TCP-Reset."
        ::= { malwareGrp 6 }


-- Support for malwareUDFDetectionMode is deprecated in sensors using new MIB.
malwareUDFDetectionMode    OBJECT-TYPE
                        SYNTAX          INTEGER {
                                alertOnly(1),
                                alertAndBlock(2),
				alertBlockAndTCP-Reset(3)
                        }
                        MAX-ACCESS      read-write
                        STATUS          current
                        DESCRIPTION
                                "user-defined configuration to do either of the settings
                                 Alert only,
                                 Alert and Block or
                                 Alert, Block and TCP-Reset."
        ::= { malwareGrp 7 }


gamEngSensorCfgGrp     OBJECT IDENTIFIER ::= { malwareGrp 8 }

gamEngSensorAutoUpdateConfig OBJECT-TYPE
	SYNTAX TruthValue
	MAX-ACCESS read-write
	STATUS current
	DESCRIPTION
	       "Enable / disable the Sensor auto update config.
                Default : True (Enable)"
	::= { gamEngSensorCfgGrp  1}

gamEngSensorAutoUpdateInterval OBJECT-TYPE
	SYNTAX INTEGER (90..1440)
	MAX-ACCESS read-write
	STATUS current
	DESCRIPTION
	       "Sets the Sensor auto update Interval in minutes.
                Default : 90"
	::= { gamEngSensorCfgGrp  2}

gamEngVer  OBJECT-TYPE 
        SYNTAX  DisplayString (SIZE(1..63))
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
               "Provides the current gam engine version available on sensor."
        ::= { gamEngSensorCfgGrp  3}

gamDatVer  OBJECT-TYPE 
        SYNTAX  DisplayString (SIZE(1..63))
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
               "Provides the current gam dat version available on sensor."
        ::= { gamEngSensorCfgGrp  4}

avEngVer  OBJECT-TYPE 
        SYNTAX  DisplayString (SIZE(1..63))
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
               "Provides the current AV engine version available on sensor."
        ::= { gamEngSensorCfgGrp  5 }

avDatVer  OBJECT-TYPE 
        SYNTAX  DisplayString (SIZE(1..63))
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
               "Provides the current AV dat version available on sensor."
        ::= { gamEngSensorCfgGrp  6}

gamEngUpdatedTime  OBJECT-TYPE 
        SYNTAX  Unsigned32
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
               "Provides the time in UTC format when sensor had updated GAM engine successfully."
        ::= { gamEngSensorCfgGrp  7}

gamManualFullUpdateFileUploadStatus OBJECT-TYPE
        SYNTAX INTEGER {
               readyForGAMUpdate (1),
               gAMUpdateTransferInProgress (2),
               gAMUpdateTransferError (3),
               gAMUpdateQueued (4),
               applyingGAMUpdate (5),
               gAMUpdateCompleted (6),
               gAMUpdateError (7)
        }
        MAX-ACCESS read-only
        STATUS current
        DESCRIPTION
               "Provides the current file upload status."
        ::= { gamEngSensorCfgGrp  8}

--This group contains MIB objects related to Miscellaneous Configuration Group
miscCfgGrp OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 33 }

jumboframeParsingConfig OBJECT-TYPE
                SYNTAX INTEGER {
                        enable (1),
                        disable (2)
                }
                MAX-ACCESS read-write
                STATUS current
                DESCRIPTION
                        "Configuration option to enable/disable jumboframe parsing.
                         The new setting would be effective only after a sensor reboot.
                         Default: disable"
                ::= {miscCfgGrp 1 }

currentJumboframeParsingStatus OBJECT-TYPE
                SYNTAX INTEGER
                MAX-ACCESS read-only
                STATUS current
                DESCRIPTION
                        "The current running jumboframe parsing status."
                ::= {miscCfgGrp 2 }

appIdStatsConfigStatus  OBJECT-TYPE
	SYNTAX 	TruthValue
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"This object value if set to TRUE indicates that the appId stats collection is enabled for the sensor.
		Default: False"
	::= { miscCfgGrp 3 }

hitlessRebootStatus OBJECT-TYPE
                SYNTAX INTEGER {
                        available (1),
                        notavailable (2)
                }
                MAX-ACCESS read-only
                STATUS current
                DESCRIPTION
                        "Status option to read whether hitless reboot is possible or not at this time."
                ::= {miscCfgGrp 4 }

existingGeoDBFilename OBJECT-TYPE
                SYNTAX OCTET STRING (SIZE(0..256))
                MAX-ACCESS read-only
                STATUS current
                DESCRIPTION
                        "This specifies the name of geo database file present in sensor. NULL would be returned
                         when there is no geo DB file on the sensor."
                ::= {miscCfgGrp 5 }

nsmTrackUserLoggingStatus OBJECT-TYPE
                SYNTAX INTEGER {
                        enable (1),
                        disable (2)
                }
                MAX-ACCESS read-write
                STATUS current
                DESCRIPTION
                        "Configuration option to enable/disable NSM audit logging.
                         Default: disable"
                ::= {miscCfgGrp 6 }

accelerateFTPInboundConfig OBJECT-TYPE
                SYNTAX TruthValue
                MAX-ACCESS read-write
                STATUS current
                DESCRIPTION
                        "Configuration option to enable/disable accelerate ftp in inbound direction 
                         Default: false (2)"
                ::= {miscCfgGrp 7 }
                

accelerateFTPOutboundConfig OBJECT-TYPE
                SYNTAX TruthValue
                MAX-ACCESS read-write
                STATUS current
                DESCRIPTION
                        "Configuration option to enable/disable accelerate ftp in outbound direction.
                         Default: false (2)"
                ::= {miscCfgGrp 8 }

parseTunnellingConfig OBJECT-TYPE
                 SYNTAX TruthValue
                 MAX-ACCESS read-write
                 STATUS current
                 DESCRIPTION
                         "Configuration option to enable/disable parsing of tunnelled packet.
                          Default: false (2)"
                 ::= {miscCfgGrp 9 }

prev256ByteLoggingConfig OBJECT-TYPE
                 SYNTAX TruthValue
                 MAX-ACCESS read-write
                 STATUS current
                 DESCRIPTION
                         "Configuration option to enable/disable prev 256 byte logging.
                          Default: false (2)"
                 ::= {miscCfgGrp 10 }

cliAuditLoggingConfig OBJECT-TYPE
                 SYNTAX TruthValue
                 MAX-ACCESS read-write
                 STATUS current
                 DESCRIPTION
                         "Configuration option to enable/disable cli audit logging through SNMP.
                          Default: false (2)"
                 ::= {miscCfgGrp 11 }

snortRuleEngineConfig OBJECT-TYPE
                SYNTAX INTEGER {
                        traditional (1),
                        nextGeneration (2)
                }
                MAX-ACCESS read-write
                STATUS current
                DESCRIPTION
                        "Configuration option to switch snort rule engine between traditional and next generation.
                         The new setting would be effective only after a sensor reboot.
                         Default: traditional"
                ::= {miscCfgGrp 12 }

currentSnortRuleEngineStatus OBJECT-TYPE
                SYNTAX INTEGER
                MAX-ACCESS read-only
                STATUS current
                DESCRIPTION
                        "The current running snort rule engine on sensor."
                ::= {miscCfgGrp 13 }

insightsTelemetryConfig OBJECT-TYPE
                SYNTAX  TruthValue
                MAX-ACCESS read-write
                STATUS current
                DESCRIPTION
                        "Configuration option to enable/disable usage of configured telemetry data for Insights"
                ::= {miscCfgGrp 14}

--
-- This group contains MIB objects applicable to Layer2 forwarding.
--

layer2FwdGrp  OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 34 }

-- This group consists of scalars for configuring layer2 fwd feature.

layer2FwdCfgGrp OBJECT IDENTIFIER ::= { layer2FwdGrp 1 }


layer2FwdType   OBJECT-TYPE
                SYNTAX INTEGER {
                        tcp (1),
                        udp (2),
                        vlan(3),
                        all (4),
                        ip  (5)
                }
                MAX-ACCESS read-write
                STATUS current
                DESCRIPTION
                        " Different modes for using layer2 forward feature."
                ::= { layer2FwdCfgGrp 1 }


layer2IntfPort OBJECT-TYPE
               SYNTAX     TrellixPortLinearIndex
               MAX-ACCESS read-write
               STATUS     current
               DESCRIPTION
                "The intf linear port index of the sensor for the mode chosen."
              ::= { layer2FwdCfgGrp 2 }


layer2FwdAction OBJECT-TYPE
                SYNTAX INTEGER {
                        enable (1),
                        disable (2),
                        clearAll(3)
                }
                MAX-ACCESS read-write
                STATUS current
                DESCRIPTION
                        " Action to take for the specified port(s)."
                ::= { layer2FwdCfgGrp 3 }

layer2FwdBeginId OBJECT-TYPE
                 SYNTAX INTEGER
                 MAX-ACCESS read-write
                 STATUS current
                 DESCRIPTION
                        " Start port id(range 1-65535) for the mode selected(tcp/udp/vlan)."
                ::= { layer2FwdCfgGrp 4 }


layer2FwdEndId   OBJECT-TYPE
                 SYNTAX INTEGER
                 MAX-ACCESS read-write
                 STATUS current
                 DESCRIPTION
                        " End port id(range 1-65535) for the mode selected(tcp/udp/vlan)."
                ::= { layer2FwdCfgGrp 5 }

layer2FwdConfig OBJECT-TYPE
                SYNTAX  INTEGER (0..7)
                MAX-ACCESS read-write
                STATUS current
                DESCRIPTION
                        " Layer2 forward configuration to enable or disable this feature. Each bit represents the
                          layer2 forward type. From the LSB the 1st bit for TCP, 2nd bit for UDP, 3rd bit for VLAN.
                          Default will be 7, indicating this feature is enable"
                ::= { layer2FwdCfgGrp 6 }

--
-- This table has entries for layer2Fwd TCP Table.
--

layer2FwdTCPTable OBJECT-TYPE
                  SYNTAX SEQUENCE OF Layer2FwdTCPEntry
                  MAX-ACCESS  not-accessible
                  STATUS  current
                  DESCRIPTION
                    "Table containing TCP port ranges configured for L2 forwarding.(indexed via intf port number and entry number)."
                  ::= { layer2FwdGrp 2 }


layer2FwdTCPEntry   OBJECT-TYPE
                    SYNTAX Layer2FwdTCPEntry
                    MAX-ACCESS  not-accessible
                    STATUS  current
                    DESCRIPTION
                      "This MIB object contains all the attributes that are specific to the L2 fwd entry for TCP table. Indexed by intfPortLinearIndex and entry number."
                      INDEX { tcpIntfPortIndex,
                              tcpEntryIndex }
                ::= { layer2FwdTCPTable 1 }

Layer2FwdTCPEntry ::= SEQUENCE {
                tcpIntfPortIndex
                        TrellixPortLinearIndex,
                tcpEntryIndex
                        INTEGER,
                tcpPortRange
                        DisplayString
                }

tcpIntfPortIndex OBJECT-TYPE
              SYNTAX     TrellixPortLinearIndex
              MAX-ACCESS not-accessible
              STATUS     current
              DESCRIPTION
                "The intfPort linear index"
              ::= { layer2FwdTCPEntry 1 }

tcpEntryIndex    OBJECT-TYPE
              SYNTAX     INTEGER
              MAX-ACCESS not-accessible
              STATUS     current
              DESCRIPTION
                "The index"
              ::= { layer2FwdTCPEntry 2 }

tcpPortRange     OBJECT-TYPE
              SYNTAX          DisplayString(SIZE(0..20))
              MAX-ACCESS      read-only
              STATUS          current
              DESCRIPTION
                "range for which L2 forwarding feature is enabled. "
             ::= { layer2FwdTCPEntry 3 }



--
-- This table has entries for layer2Fwd UDP Table.
--

layer2FwdUDPTable OBJECT-TYPE
                  SYNTAX SEQUENCE OF Layer2FwdUDPEntry
                  MAX-ACCESS  not-accessible
                  STATUS  current
                  DESCRIPTION
                    "Table containing UDP port ranges configured for L2 forwarding.(indexed via intfPortIndex and entry number)."
                  ::= { layer2FwdGrp 3 }


layer2FwdUDPEntry   OBJECT-TYPE
                    SYNTAX Layer2FwdUDPEntry
                    MAX-ACCESS  not-accessible
                    STATUS  current
                    DESCRIPTION
                      "This MIB object contains all the attributes that are specific to the L2 fwd entry for UDP table. Indexed by intfPortLinearIndex and entry number."
                      INDEX { udpIntfPortIndex,
                              udpEntryIndex }
                ::= { layer2FwdUDPTable 1 }


Layer2FwdUDPEntry ::= SEQUENCE {
                udpIntfPortIndex
                        TrellixPortLinearIndex,
                udpEntryIndex
                        INTEGER,
                udpPortRange
                        DisplayString
                }
udpIntfPortIndex OBJECT-TYPE
              SYNTAX     TrellixPortLinearIndex
              MAX-ACCESS not-accessible
              STATUS     current
              DESCRIPTION
                "The intfPort linear index"
              ::= { layer2FwdUDPEntry 1 }

udpEntryIndex    OBJECT-TYPE
              SYNTAX     INTEGER
              MAX-ACCESS not-accessible
              STATUS     current
              DESCRIPTION
                "The index"
              ::= { layer2FwdUDPEntry 2 }

udpPortRange     OBJECT-TYPE
              SYNTAX          DisplayString(SIZE(0..20))
              MAX-ACCESS      read-only
              STATUS          current
              DESCRIPTION
                "range for which L2 forwarding feature is enabled. "
             ::= { layer2FwdUDPEntry 3 }


--
-- This table has entries for layer2Fwd VLAN Table.
--

layer2FwdVLANTable OBJECT-TYPE
        SYNTAX SEQUENCE OF Layer2FwdVLANEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
                    "Table containing VLAN port ranges configured for L2 forwarding.(indexed via interface number and entry number)."
                  ::= { layer2FwdGrp 4 }


layer2FwdVLANEntry   OBJECT-TYPE
                    SYNTAX Layer2FwdVLANEntry
                    MAX-ACCESS  not-accessible
                    STATUS  current
                    DESCRIPTION
                      "This MIB object contains all the attributes that are specific to the
                       L2 fwd entry for VLAN table(indexed via intfPortLinearIndex and entry number)."
                INDEX { vlanIntfPortIndex,
                        vlanEntryIndex }
                ::= { layer2FwdVLANTable 1 }


Layer2FwdVLANEntry ::= SEQUENCE {
                vlanIntfPortIndex 
                        TrellixPortLinearIndex,
                vlanEntryIndex
                        INTEGER,
                vlanPortRange
                        DisplayString
                }

vlanIntfPortIndex OBJECT-TYPE
              SYNTAX     TrellixPortLinearIndex
              MAX-ACCESS not-accessible
              STATUS     current
              DESCRIPTION
                "The intfPort linear index"
              ::= { layer2FwdVLANEntry 1 }

vlanEntryIndex    OBJECT-TYPE
              SYNTAX     INTEGER
              MAX-ACCESS not-accessible
              STATUS     current
              DESCRIPTION
                "The entry index "
              ::= { layer2FwdVLANEntry 2 }

vlanPortRange OBJECT-TYPE
              SYNTAX          DisplayString(SIZE(0..20))
              MAX-ACCESS      read-only
              STATUS          current
              DESCRIPTION
                "range for which L2 forwarding feature is enabled. Maximum vlan range supported on each interface is 4k. "
             ::= { layer2FwdVLANEntry 3 }

layer2FwdIPTable OBJECT-TYPE
                  SYNTAX SEQUENCE OF Layer2FwdIPEntry
                  MAX-ACCESS not-accessible
                  STATUS current
                  DESCRIPTION
                    "Table containing IP protocol ranges configured for L2 forwarding.(indexed via intfPortIndex and entry number)."
                  ::= { layer2FwdGrp 5 }


layer2FwdIPEntry   OBJECT-TYPE
                    SYNTAX Layer2FwdIPEntry
                    MAX-ACCESS not-accessible
                    STATUS current
                    DESCRIPTION
                      "This MIB object contains all the attributes that are specific to the L2 fwd. entry for IP table. Indexed by intfPortLinearIndex and entry number."
                      INDEX { ipIntfPortIndex,
                              ipEntryIndex }
                ::= { layer2FwdIPTable 1 }


Layer2FwdIPEntry ::= SEQUENCE {
                ipIntfPortIndex
                        TrellixPortLinearIndex,
                ipEntryIndex
                        INTEGER,
                ipPortRange
                        DisplayString
                }
ipIntfPortIndex OBJECT-TYPE
              SYNTAX     TrellixPortLinearIndex
              MAX-ACCESS not-accessible
              STATUS     current
              DESCRIPTION
                "The intfPort linear index"
              ::= { layer2FwdIPEntry 1 }

ipEntryIndex    OBJECT-TYPE
              SYNTAX     INTEGER
              MAX-ACCESS not-accessible
              STATUS     current
              DESCRIPTION
                "The index"
              ::= { layer2FwdIPEntry 2 }

ipPortRange     OBJECT-TYPE
              SYNTAX          DisplayString(SIZE(0..20))
              MAX-ACCESS      read-only
              STATUS          current
              DESCRIPTION
                "range for which L2 forwarding feature is enabled. "
             ::= { layer2FwdIPEntry 3 }

--This group contains MIB objects related to ARP Configuration
arpCfgGrp OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 103 }

arpSDEnable     OBJECT-TYPE
                SYNTAX INTEGER {
                        enable (1),
                        disable (2)
                }
                MAX-ACCESS read-write
                STATUS current
                DESCRIPTION
                        "Option to enable/disable ARP Spoof Detection.
                         Default: enable"
                ::= {arpCfgGrp 1 }

--This group contains MIB objects related to ARP Configuration

--This group contains MIB objects related to Packet Capture Configuration

pktCapCfgGrp OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 35 }

pktCapMode     OBJECT-TYPE
                SYNTAX INTEGER {
                        disable (1),
                        portModeEnable (2),
                        fileModeEnable (3)
                        
                }
                MAX-ACCESS read-write
                STATUS current
                DESCRIPTION
                        "Option to select packet capture Mode.
                         File mode is not supported in 6.x release.
                         Default: disable"
                ::= {pktCapCfgGrp 1 }

pktCapDuration   OBJECT-TYPE
                 SYNTAX  INTEGER (0..315360000)
                 MAX-ACCESS  read-write
                 STATUS  current
                 DESCRIPTION
                 "The duration for which capture will be enabled..
                 Units are in seconds. Default: 120 seconds
                 duration value 0 indicate indefinite capture till the capture 
                 is stopped.
                 Default: 120"
                  ::= { pktCapCfgGrp 2 }

pktCapPmSpanPortForCapture  OBJECT-TYPE
               SYNTAX     TrellixPortLinearIndex 
               MAX-ACCESS  read-write
               STATUS  current
               DESCRIPTION
               "Span linear port index for the capture: 
                ISM also needs to verify that port should be configured 
                as Span port.
                Applicable only for port mode capture. Zero indicates no port assigned.
		Default: 0"
                ::= { pktCapCfgGrp 3 }


pktCapFmLocation  OBJECT-TYPE
                 SYNTAX INTEGER {
                        manager  (1),
                        tftpServer (2),
			scpServer (3)
                 }
                 MAX-ACCESS read-write
                 STATUS current
                 DESCRIPTION
                 "This will determine whether capture file is to be uploaded to manager, tftpServer or ScpServer.
                 Note :Applicable only for file mode capture
                 Default: manager"
                 ::= {pktCapCfgGrp 4 }

pktCapFmMaxSize  OBJECT-TYPE
                SYNTAX  INTEGER (1..100)
                MAX-ACCESS  read-write
                STATUS  current
                DESCRIPTION
                "The size of the maximum capture file. 
                 It will be configurable but to the maximum value
                 of sensor define limit.
                 Default: 100 MB for M8000, M6050, M4050, M3050
                           58 MB for N450, Wilson
			   40 MB for Eagle, Diablo
                 Note :Applicable only for file mode capture"
                 ::= { pktCapCfgGrp 5 }

pktCapFmFUServerAddress  OBJECT-TYPE
                 SYNTAX  OCTET STRING (SIZE(50))
                 MAX-ACCESS  read-write
                 STATUS  current
                 DESCRIPTION
                 "File Upload server IPv4 / IPv6 address.
                 Note :Applicable only for file mode capture"
                 ::= { pktCapCfgGrp 6 }


pktCapFmFUFileName     OBJECT-TYPE
                 SYNTAX  DisplayString (SIZE(0..128))
                 MAX-ACCESS  read-write
                 STATUS  current
                 DESCRIPTION
                 "This specifies the name of the file with the source path on the file upload server.
		  This is optional. If not set, the filename used will be of the format 
		  '%DEVICE_NAME%-PacketCapture-%TimeStamp%.
                  Note :Applicable only for file mode capture"
                 ::= { pktCapCfgGrp 7 }

pktCapFmFUSetting      OBJECT-TYPE
                 SYNTAX INTEGER {
                        manual    (1),
                        automatic (2)
                 }
                 MAX-ACCESS read-write
                 STATUS current
                 DESCRIPTION
                 " This option will determine whether user needs to
                  initiate the file upload or it will be done automatically.
                  Default: automatic
                  Note :Applicable only for file mode capture"
                 ::= {pktCapCfgGrp 8 }

pktCapFilterFileName     OBJECT-TYPE
                SYNTAX   DisplayString (SIZE(0..255)) 
                MAX-ACCESS read-only
                STATUS current
                DESCRIPTION
                        "Packet Capture Filter File Name send by NSM using secure TFTP channel"
               ::= {pktCapCfgGrp 9 }
               
               
pktCapFilterFileTimeStamp     OBJECT-TYPE
                SYNTAX   INTEGER (0..4294967295) 
                MAX-ACCESS read-only
                STATUS current
                DESCRIPTION
                        "Packet Capture FilterFile creationTimeStamp"
               ::= {pktCapCfgGrp 10 }

pktCapFmSCPUserName     OBJECT-TYPE
                SYNTAX   DisplayString (SIZE(0..128)) 
                MAX-ACCESS read-write
                STATUS current
                DESCRIPTION
                        "SCP Server Username.
			 Note :Applicable only for file mode capture and upload method is SCP"
               ::= {pktCapCfgGrp 12 }

pktCapFmSCPPassword     OBJECT-TYPE
                SYNTAX   DisplayString (SIZE(0..128)) 
                MAX-ACCESS read-write
                STATUS current
                DESCRIPTION
                        "SCP Server Password.
			 Note :Applicable only for file mode capture and upload method is SCP"
               ::= {pktCapCfgGrp 13 }

                        
pktCapCommandGrp  OBJECT IDENTIFIER ::= { pktCapCfgGrp 11 }

pktCapCmd     OBJECT-TYPE
                SYNTAX INTEGER {
                        start (1),
                        stop (2),
                        delete-filter-file(3),
                        cancel(4),
                        delete-pcap-file(5)
                }
                MAX-ACCESS read-write
                STATUS current
                DESCRIPTION
                        "Option to start/stop packet capture feature and also
                         to delete filter file.
                         Default:  stop"
               ::= {pktCapCommandGrp 1 }

pktCapStatus     OBJECT-TYPE
                SYNTAX INTEGER {
                        running (1),
                        not-running (2)
                      }
                MAX-ACCESS read-only
                STATUS current
                DESCRIPTION
                        "Option to access packet capture Status.
                         Default:  idle"
               ::= {pktCapCommandGrp 2 }

packetCaptureFmFUControl    OBJECT-TYPE
                SYNTAX INTEGER {
                        start (1),
                        stop (2),
			upload-to-NSM (3)
                }
                MAX-ACCESS read-write
                STATUS current
                DESCRIPTION
                        "Option to control manual upload of the file.
                         Note :Applicable only for file mode capture
                         Default:  stop"
               ::= {pktCapCommandGrp 3 }

packetCaptureFmFileStatus     OBJECT-TYPE
                SYNTAX INTEGER {
                        fileUploadInProgress (1),
                        fileExistNotUploaded (2),
                        fileNotExist (3),
			fileUploadFailed (4),
			fileUploadDone (5),
			fileUploadNotStarted (6)
                        }
                MAX-ACCESS read-only
                STATUS current
                DESCRIPTION
                        "Packet Capture File status.
                        Note :Applicable only for file mode capture
			Default : fileUploadNotStarted"
                        ::= {pktCapCommandGrp 4 }

packetCaptureFmTest    OBJECT-TYPE
                SYNTAX INTEGER {
                        start (1),
                        stop (2)
                }
                MAX-ACCESS read-write
                STATUS current
                DESCRIPTION
                        "Option to test packet capture file upload function.
                         Note :Applicable only for file mode capture
                         Default:  stop"
               ::= {pktCapCommandGrp 5 }

packetCaptureFmTestStatus     OBJECT-TYPE
                SYNTAX INTEGER {
                        success (1),
                        failure (2),
                        resultNotValid (3),
			fileUploadServerConnectFailure (4),
			fileUploadServerConnectTimeout (5),
			fileUploadServerAuthenticationFailure (6),
                        fileUploadInProgress (7)
                        }
                MAX-ACCESS read-only
                STATUS current
                DESCRIPTION
                        "Packet Capture File upload test status.
                        Note :Applicable only for file mode capture
			Default : resultNotValid"
                        ::= {pktCapCommandGrp 6 }

dnsCfgGrp OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 36 }

priDNSServerIp   OBJECT-TYPE
                        SYNTAX          IpAddress
                        MAX-ACCESS      read-write
                        STATUS          current
                        DESCRIPTION
                                "IP address of the primary DNS server."
        ::= { dnsCfgGrp 1 }

secDNSServerIp   OBJECT-TYPE
                        SYNTAX          IpAddress
                        MAX-ACCESS      read-write
                        STATUS          current
                        DESCRIPTION
                                "IP address of the secondary DNS server."
        ::= { dnsCfgGrp 2 }

priDNSServerIpV6 OBJECT-TYPE
                        SYNTAX          Ipv6Address
                        MAX-ACCESS      read-write
                        STATUS          current
                        DESCRIPTION
                                "IPV6 address of the primary DNS server."
        ::= { dnsCfgGrp 3 }

secDNSServerIpV6 OBJECT-TYPE
                        SYNTAX          Ipv6Address
                        MAX-ACCESS      read-write
                        STATUS          current
                        DESCRIPTION
                                "IPV6 address of the secondary DNS server."
        ::= { dnsCfgGrp 4 }

dnsSearchList OBJECT-TYPE
                        SYNTAX          OCTET STRING (SIZE(0..1024))
                        MAX-ACCESS      read-write
                        STATUS          current
                        DESCRIPTION
                                "This specifies the space separated list of search suffix for DNS lookup"
        ::= { dnsCfgGrp 5 }





--
-- This table has entries for layer7DCap Table.
--

layer7DCapConfigGrp OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 37 }

layer7DCapPercentageOfFlows  OBJECT-TYPE
        SYNTAX  INTEGER (1..100)
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "This object specifies percentage of flows allocated for L7 Dcap when
                 layer7 DCap feature is enabled."
        ::= { layer7DCapConfigGrp 1 }

layer7DCapBuffSize  OBJECT-TYPE
        SYNTAX  INTEGER (128..1500)
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "This object specifies the size of the buffer to be captured when L7 Dap feature is enabled .
.                Default: 1500"
        ::= { layer7DCapConfigGrp 2 }


layer7DCapMaxSupportedFlows  OBJECT-TYPE
        SYNTAX  INTEGER (1..4294967295)
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
                "This object specifies maximum number of flows supported for L7 Dcap when L7 Dap feature is enabled ."
        ::= { layer7DCapConfigGrp 3 }


 interfacePhysicalPortGrp  OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 38 }

 intfPhysicalPortTable  OBJECT-TYPE
   SYNTAX SEQUENCE OF IntfPhysicalPortEntry
   MAX-ACCESS  not-accessible
   STATUS  current
   DESCRIPTION
       "Table containing entries for each interface physical port (indexed via intfPhysicalPortIndex)
       on each sensor card (indexed via appropriate slotIndex).

       This table contains Trellix specific configuration objects.
       Tables that contain MIB objects borrowed from MIB-II are in the
       TRELLIX-SENSOR-PERF-MIB."
   ::= { interfacePhysicalPortGrp 1 }

 intfPhysicalPortEntry  OBJECT-TYPE
   SYNTAX  IntfPhysicalPortEntry
   MAX-ACCESS  not-accessible
   STATUS  current
   DESCRIPTION
       "This MIB object contains all the columnar objects,
       that describe the contents of each interface physical port on each IntruShield sensor card.
       Indexed by slotIndex/intfPhysicalPortIndex"
   INDEX { slotIndex,
       intfPhysicalPortIndex }
   ::= { intfPhysicalPortTable 1 }

 IntfPhysicalPortEntry ::= SEQUENCE {
   intfPhysicalPortIfDescr
       DisplayString,
   intfPhysicalPortIfType
       TrellixIDSPortType,
   intfPhysicalPortIfAdminStatus
       INTEGER,
   intfPhysicalPortIfOperStatus
       INTEGER,
   intfPhysicalPortEnableFullDuplex
       TruthValue,
   intfPhysicalPortSpeed
       INTEGER,
   intfPhysicalPortSpeedConfig
       TrellixPortSpeed, -- was TrellixFEType, now deprecated
   intfPhysicalPortIsMcafeeConnector
         TruthValue,
     intfPhysicalPortAllowAnyConnector
         TruthValue,
     intfPhysicalPortCageType
         INTEGER,
     intfPhysicalPortGetMediaType
         INTEGER,
     intfPhysicalPortSetMediaType
         INTEGER,
   intfPhysicalPortMonPortIpAddress
       IpAddress,
   intfPhysicalPortMonPortNetMask
       IpAddress,
   intfPhysicalPortGatewayIpAddress
       IpAddress,
   intfPhysicalPortNbadConfigStatus
       TruthValue,
   intfPhysicalPortVlanId
       Integer32,
     intfPhysicalPortLBSerialNumber
         DisplayString,
     intfPhysicalPortLBPortNumber
         Integer32,
     intfPhysicalPortConnectorType
         INTEGER,
     intfPhysicalPortLinearIndex
         TrellixPortLinearIndex
 }
intfPhysicalPortIfDescr  OBJECT-TYPE
    SYNTAX  DisplayString (SIZE(0..255))
    MAX-ACCESS  read-only
    STATUS  current
    DESCRIPTION
        "A textual string containing information about the interface.
        Returns the string that is printed on the box."
    ::= { intfPhysicalPortEntry 1 }

intfPhysicalPortIfType  OBJECT-TYPE
    SYNTAX  TrellixIDSPortType
    MAX-ACCESS  read-only
    STATUS  current
    DESCRIPTION
        "The type of interface, distinguished according to the
        physical/link protocol(s) immediately 'below' the network
        layer in the protocol stack.

        For brevity, Trellix options are as specified by the TC,
        TrellixIDSPortType.

        However, the SNMP MIB-II - Interfaces MIB specifies many more
        valid options. See comments section for details.
        "
    ::= { intfPhysicalPortEntry 2 }

intfPhysicalPortIfAdminStatus  OBJECT-TYPE
    SYNTAX  INTEGER {
        up (1),
        down (2)
    }
    MAX-ACCESS  read-write
    STATUS  current
    DESCRIPTION
        "The desired state of the interface.
        The testing(3) state indicates that no operational packets
        can be passed.

        Default: down"
    ::= { intfPhysicalPortEntry 3 }
intfPhysicalPortIfOperStatus  OBJECT-TYPE
    SYNTAX  INTEGER {
        up (1),
        down (2)
    }
    MAX-ACCESS  read-only
    STATUS  current
    DESCRIPTION
        "The current operational state of the interface.
        The testing(3) state indicates that no operational packets
        can be passed.

        Default: down"
    ::= { intfPhysicalPortEntry 4 }

intfPhysicalPortEnableFullDuplex  OBJECT-TYPE
    SYNTAX  TruthValue
    MAX-ACCESS  read-write
    STATUS  current
    DESCRIPTION
        "True: Sets interface port to work as a full-duplex one.
        Otherwise as half-duplex.

        Default: True"
    ::= { intfPhysicalPortEntry 5 }

intfPhysicalPortSpeed  OBJECT-TYPE
    SYNTAX  INTEGER {
        other (0),
        ten-Mbps (1),
        hundred-Mbps (2),
        one-Gbps(3), -- renamed from gig-Mbps
        ten-Gbps(4)  -- support in M-series only
    }

    MAX-ACCESS  read-only
    STATUS  current
    DESCRIPTION
        "Get current speed/negotiation on the interface."
    ::= { intfPhysicalPortEntry 6 }
intfPhysicalPortSpeedConfig  OBJECT-TYPE
    SYNTAX  TrellixPortSpeed -- was TrellixFEType, now deprecated
    MAX-ACCESS  read-write
    STATUS  current
    DESCRIPTION
        "Set desired speed/negotiation on the interface.
                 Default values are as follows:
    I-Series -
        fixed-hundred-Mbps (infinity/hichborn/2x00(1a-3b)
        auto-gig-Mbps on 3000/4010/4000/2x00(4a,4b)
    M-Series -
        auto-ten-gig-Mbps on palomar/pyramid(1a-4b),auto-gig-Mbps(5a-8b)
        Default: see above"
    ::= { intfPhysicalPortEntry 7 }

-- intfPhysicalPortIsMcafeeConnector support in M-series sensor only
intfPhysicalPortIsMcafeeConnector  OBJECT-TYPE
    SYNTAX  TruthValue
    MAX-ACCESS  read-only
    STATUS  current
    DESCRIPTION
        "True: connector is not inserted.
         True: connector is inserted in port and McAfee certified.
                 False: connector is inserted and not McAfee certified.  "
    ::= { intfPhysicalPortEntry 8 }

-- intfPhysicalPortAllowAnyConnector support in M-series sensor only
intfPhysicalPortAllowAnyConnector  OBJECT-TYPE
    SYNTAX  TruthValue
    MAX-ACCESS  read-write
    STATUS  current
    DESCRIPTION
        "True: Permit usage of any connector for port.
                 False: Restrict usage to McAfee certified connector only.
        Default: False"
    ::= { intfPhysicalPortEntry 9 }
-- intfPhysicalPortCageType support in M-series sensor only
intfPhysicalPortCageType  OBJECT-TYPE
    SYNTAX  INTEGER {
        other (0),
        rJ-45 (1),
        rJ-11 (2),
        gBIC (3),
        sFP (4),
        xFP (5)
    }
    MAX-ACCESS  read-only
    STATUS  current
    DESCRIPTION
        "Physical connector cage type on sensor chassis panel."
    ::= { intfPhysicalPortEntry 10 }

-- intfPhysicalPortGetMediaType support in M-series sensor only
intfPhysicalPortGetMediaType OBJECT-TYPE
    SYNTAX  INTEGER {
        none (0),
        optical (1),
        electrical (2)
    }
    MAX-ACCESS  read-only
    STATUS  current
    DESCRIPTION
        "Gets the media of the connector present in the port cage. None (0) if cage is empty."
    ::= { intfPhysicalPortEntry 11 }

-- intfPhysicalPortSetMediaType support in M-series sensor only
intfPhysicalPortSetMediaType OBJECT-TYPE
    SYNTAX  INTEGER {
        optical(1),
        electrical (2)
    }
    MAX-ACCESS  read-write
    STATUS  current
    DESCRIPTION
        "Sets the media of the connector the user desired for the port.
        Default: optical"
    ::= { intfPhysicalPortEntry 12 }
intfPhysicalPortMonPortIpAddress OBJECT-TYPE
    SYNTAX  IpAddress
    MAX-ACCESS  read-write
    STATUS  current
    DESCRIPTION
        "This object is used to configure / retrieve the IPv4 address of the monitoring port.
         Default: 0.0.0.0"
    ::= { intfPhysicalPortEntry 13 }

intfPhysicalPortMonPortNetMask OBJECT-TYPE
    SYNTAX  IpAddress
    MAX-ACCESS  read-write
    STATUS  current
    DESCRIPTION
        "This object is used to configure / retrieve netmask for the IPv4 address of the monitoring port.
         Default: 0.0.0.0"
    ::= { intfPhysicalPortEntry 14 }

intfPhysicalPortGatewayIpAddress OBJECT-TYPE
    SYNTAX  IpAddress
    MAX-ACCESS  read-write
    STATUS  current
    DESCRIPTION
        "This object is used to configure / retrieve the IPv4 address of the gateway.
         Default: 0.0.0.0"
    ::= { intfPhysicalPortEntry 15 }

intfPhysicalPortNbadConfigStatus OBJECT-TYPE
    SYNTAX  TruthValue
    MAX-ACCESS  read-write
    STATUS  current
    DESCRIPTION
        "This object value if set to TRUE indicates that flow record generation
         to be sent to the NBAD server, is enabled over this monitoring port.
        Default: False"
    ::= { intfPhysicalPortEntry 16 }
intfPhysicalPortVlanId  OBJECT-TYPE
    SYNTAX  Integer32 (0..2164326399)
    MAX-ACCESS  read-write
    STATUS  current
    DESCRIPTION
        "This MIB object indicates the Vlan ID of the VLAN to which the monitoring
         port is connected."
    ::= { intfPhysicalPortEntry 17 }

intfPhysicalPortLBSerialNumber OBJECT-TYPE
    SYNTAX  DisplayString (SIZE(1..80))
    MAX-ACCESS  read-only
    STATUS  current
    DESCRIPTION
             "This MIB object indicates the manufacturer provided serial number of
              the Load Balancer switch to which the sensor port is connected."
    ::= { intfPhysicalPortEntry 18 }


intfPhysicalPortLBPortNumber OBJECT-TYPE
    SYNTAX Integer32 (1..16)
    MAX-ACCESS  read-only
    STATUS  current
    DESCRIPTION
             "This MIB object returns the port number on the Load Balancer switch to
              which the sensor port is connected."
    ::= { intfPhysicalPortEntry 19 }

-- intfPhysicalPortConnectorType support in R-series sensor only
intfPhysicalPortConnectorType  OBJECT-TYPE
        SYNTAX  INTEGER {
                other (0),
                qSFP (1),
                sFP-plus (2),
                sFP-fiber (3),
                sFP-copper (4)
        }
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
                "Physical connector type plugged into the port cage."
        ::= { intfPhysicalPortEntry 20 }

intfPhysicalPortLinearIndex   OBJECT-TYPE
        SYNTAX  TrellixPortLinearIndex
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
                "This MIB object indicates the Linear Index of the monitoring port. This index is
                generated by the sensor appliance using the pair of slot index and the port index values.
                The other MIB tables would directly use this linear index, whereever applicable."
        ::= { intfPhysicalPortEntry 21 }

--
-- This group has entries for GTI configuration.
--

gtiConfigGrp OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 39 }

gtiProxyServerName  OBJECT-TYPE
	SYNTAX DisplayString (SIZE(1..80))	
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"The proxy server name is the domain name of the HTTP proxy
         server in front of the sensor. It looks like www.company.com.
         It can also be the IP address of the HTTP proxy server.
         0.0.0.0 is the default value"
	::= { gtiConfigGrp 1 }

gtiProxyPort  OBJECT-TYPE
	SYNTAX Integer32 (0..10000)
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"TCP Port on which the HTTP proxy server is listening. 
    0 is the default value"
	::= { gtiConfigGrp 2 }

gtiProxyUsername  OBJECT-TYPE
	SYNTAX DisplayString (SIZE(0..80))	
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"The username to be used to connect to the HTTP proxy server."
	::= { gtiConfigGrp 3 }

gtiProxyPassword  OBJECT-TYPE
	SYNTAX DisplayString (SIZE(0..128))	
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"The password to be used to connect to the HTTP proxy server."
	::= { gtiConfigGrp 4 }

gtiConfigPrivateCloudGrp  OBJECT IDENTIFIER ::= { gtiConfigGrp 5 }

gtiPrivateCloudServerIPAddressType OBJECT-TYPE
        SYNTAX  INTEGER {
                ip-v4 (4),
                ip-v6 (6)
        }
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "Identifies the type of GTI Private Cloud Server IP Address. If set to ip-v4, then the
                gtiPrivateCloudServerIPv4Address object would be set else if this object is set to ip-v6, then
                the gtiPrivateCloudServerIPv6Address object would be set. "
        ::= { gtiConfigPrivateCloudGrp 1 }

gtiPrivateCloudServerIPv4Address  OBJECT-TYPE
        SYNTAX IpAddress
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "This object is used to configure the IPv4 address of the GTI Private Cloud server.
                 The gtiPrivateCloudServerIPv6Address would be zero if the current object is initialized."
        ::= { gtiConfigPrivateCloudGrp 2 }

gtiPrivateCloudServerIPv6Address  OBJECT-TYPE
        SYNTAX  Ipv6Address
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "This object is used to configure the IPv6 address of the GTI Private Cloud server.
                 The gtiPrivateCloudServerIPv4Address would be zero if the current object is initialized."
        ::= { gtiConfigPrivateCloudGrp 3 }

gtiPrivateCloudServerConnectionConfig OBJECT-TYPE
        SYNTAX  INTEGER {
                enable (1),
                disable (2),
		reconnect (3)
        }
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "This object is used to enable or disable or reconnect the Connection with
                 the GTI Private Cloud Server.
                 Default: 2, disable"
        ::= { gtiConfigPrivateCloudGrp 4 }

gtiPrivateCloudServerDeleteCertificate  OBJECT-TYPE
        SYNTAX  INTEGER {
                delete (1),
                dont-delete (2)
        }
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
             "This object is used to delete the GTI Private Cloud Server Certificate at the sensor.
              For deleting this certificate, the gtiPrivateCloudServerConnectionConfig should be
              disabled.  DEFAULT: 2, dont-delete"
        ::= { gtiConfigPrivateCloudGrp 5 }

gtiPrivateCloudServerCertificateStatus  OBJECT-TYPE
        SYNTAX  INTEGER {
                present (1),
                not-Present (2)
        }
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
                "This object is used to indicate the GTI Private Cloud server
                 certificate status at the sensor"
        ::= { gtiConfigPrivateCloudGrp 6 }

gtiPrivateCloudChannelStatus  OBJECT-TYPE
        SYNTAX  INTEGER {
                gtiPrivateCloud-TrustedSource-Channel-Down (0),
                gtiPrivateCloud-TrustedSource-Channel-InProgress (1),
                gtiPrivateCloud-TrustedSource-Channel-Established (2),
                gtiPrivateCloud-TrustedSource-Channel-Status-Unknown (3),
                gtiPrivateCloud-TrustedSource-Channel-Down-Error-In-Cert-ret(4),
                gtiPrivateCloud-Network-Issue (5)
        }
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
                "This object is used to indicate the gtiPrivateCloud channel status at
                 the sensor"
        ::= { gtiConfigPrivateCloudGrp 7 }

gtiUnifiedConfigGrp OBJECT IDENTIFIER ::= { gtiConfigGrp 6 }

gtiFileRESTGTIType OBJECT-TYPE
        SYNTAX  INTEGER {
                private-gti-server (1),
                public-gti-server (2)
        }
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
             "This object is used to send type of GTI server to use for file reputation feature.
              DEFAULT: 2, public-gti-server"
        ::= { gtiUnifiedConfigGrp 1 }

gtiFileRESTPublicGTIFQDN OBJECT-TYPE
        SYNTAX  DisplayString (SIZE(1..80))
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
             "This object is used to send Name Server or FQDN of File Rep GTI server.
              Default value is NULL"
        ::= { gtiUnifiedConfigGrp 2 }

gtiFileRESTUsername OBJECT-TYPE
        SYNTAX  DisplayString (SIZE(1..80))
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
             "This object is used to send username for configured GTI server.
              It should be sent in both cases, public server and private server.
              Default value is NULL"
        ::= { gtiUnifiedConfigGrp 3 }

gtiFileRESTPassword OBJECT-TYPE
        SYNTAX  DisplayString (SIZE(1..80))
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
             "This object is used to send password for configured GTI server.
              It should be sent in both cases, public server and private server.
              Default value is NULL"
        ::= { gtiUnifiedConfigGrp 4 }

gtiFileRESTConnectionConfig OBJECT-TYPE
        SYNTAX  INTEGER {
                connect-private-gti-server (1),
                connect-public-gti-server (2),
                reconnect-private-gti-server (3)
        }
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
             "This object is used to send action to take with the recieved config.
              Value 1 will be sent when config is changed to private GTI server first time.
              Value 2 will be sent when config is changed to public GTI server.
              Value 3 will be sent when private GTI server config is changed, given that
              private GTI server is enabled already. Default value: 2"
        ::= { gtiUnifiedConfigGrp 5 }

gtiFileRESTPvtGTIIPType OBJECT-TYPE
        SYNTAX  INTEGER {
                fqdn (1),
                ipv4 (4),
                ipv6 (6)
        }
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
             "This object is used to send address type of configured GTI server.
              Default value: 4, IPv4"
        ::= { gtiUnifiedConfigGrp 6 }

gtiFileRESTPvtGTIIPv4Address OBJECT-TYPE
        SYNTAX IpAddress
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "This object is used to configure the IPv4 address of the GTI File-Rep REST Cloud server.
                 The gtiFileRESTPvtGTIIPV6Address would be zero if the current object is initialized.
                 Default Value: NULL"
        ::= { gtiUnifiedConfigGrp 7 }

gtiFileRESTPvtGTIIPV6Address OBJECT-TYPE
        SYNTAX  Ipv6Address
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "This object is used to configure the IPv6 address of the GTI File-Rep REST Cloud server.
                 The gtiFileRESTPvtGTIIPv4Address would be zero if the current object is initialized.
                 Default Value: NULL"
        ::= { gtiUnifiedConfigGrp 8 }

 ntpConfigGrp  OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 40 }
 ntpConfigTable  OBJECT-TYPE
   SYNTAX SEQUENCE OF NtpConfigEntry
   MAX-ACCESS  not-accessible
   STATUS  current
   DESCRIPTION
       "Table containing entries for each NTP(Network Time Protocol) server that is specified (indexed via ntpServerIndex).
	A maximum of two entries will be supported. Valid ntpServerIndex values are 1 and 2."
   ::= { ntpConfigGrp 1 }

 ntpConfigEntry  OBJECT-TYPE
   SYNTAX  NtpConfigEntry
   MAX-ACCESS  not-accessible
   STATUS  current
   DESCRIPTION
       "Each entry comprises the ntp client side configuration for each of the ntp servers specified."
   INDEX { ntpServerIndex }
   ::= { ntpConfigTable 1 }

 NtpConfigEntry ::= SEQUENCE {
   ntpConfigServerIPv4
       IpAddress,
   ntpConfigServerIPv6
       Ipv6Address,
   ntpConfigPollInterval
       INTEGER,
   ntpConfigAuthenticationEnable
       TruthValue,
   ntpConfigKeyId
       Integer32,
   ntpConfigKeyType
       INTEGER,
   ntpConfigKeyValue
        OCTET STRING
 }
ntpConfigServerIPv4 OBJECT-TYPE
    SYNTAX  IpAddress
    MAX-ACCESS  read-write
    STATUS  current
    DESCRIPTION
        "This object is used to specify the IPv4 address of the remote NTP server.
         Default: 0.0.0.0"
    ::= { ntpConfigEntry 1 }

ntpConfigServerIPv6  OBJECT-TYPE
        SYNTAX  Ipv6Address
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
             "This object is used to specify the IPv6 address of the remote NTP server."
        ::= { ntpConfigEntry 2 }

ntpConfigPollInterval  OBJECT-TYPE
    SYNTAX  INTEGER (3..17)       
    MAX-ACCESS  read-write
    STATUS  current
    DESCRIPTION
        "This object specifies the minimum poll interval. 
	 The value which is received represents the exponent of 2. If the received value is
	 x then NTPD daemon process will calculate the min poll as 2^x seconds.  
         Default: 6"

    ::= { ntpConfigEntry 3 }

ntpConfigAuthenticationEnable  OBJECT-TYPE
    SYNTAX  TruthValue
    MAX-ACCESS  read-write
    STATUS  current
    DESCRIPTION
        "This object specifies if ntp server authentication is enabled or not for the specified
         ntp server.
	 False : Authentication Disable
	 True  : Authentication Enable
         Default: False"

    ::= { ntpConfigEntry 4 }

ntpConfigKeyId OBJECT-TYPE
    SYNTAX Integer32 (1..65534)
    MAX-ACCESS  read-write
    STATUS  current
    DESCRIPTION
        "This MIB object specifies the key id for the corresponding association between an 
	 ntp server and ntp client. This object is used only if ntp server authentication is enabled. 
	 Default: 1"
    ::= { ntpConfigEntry 5 }

ntpConfigKeyType OBJECT-TYPE
    SYNTAX  INTEGER {
        md5 (1),
        sha (2),
	    sha1 (3),
		not-supported (4)
    }
    MAX-ACCESS  read-write
    STATUS  current
    DESCRIPTION
        "This object specifies the key type for the corresponding key id. This object is used 
         only if ntp server authentication is enabled.	
         Default: MD5(1)"
    ::= { ntpConfigEntry 6 }

ntpConfigKeyValue  OBJECT-TYPE
    SYNTAX  OCTET STRING (SIZE(0..128))
    MAX-ACCESS  read-write
    STATUS  current
    DESCRIPTION
        "This object specifies the symmetric key value for the corresponding key id. This object
	 is used only if ntp server authentication is enabled."
    ::= { ntpConfigEntry 7 }

ntpConfigFileCreate  OBJECT-TYPE
        SYNTAX  INTEGER {
                stop-ntpd (0),
                start-ntpd (1)
        }
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "This object is used to (create ntp.conf file and start)/(stop) ntpd process.
		 Default: stop-ntpd (0)"
        ::= { ntpConfigGrp 2 }

-- This group conatins all MIB objects that specify the configuration of 
-- the IntruShield pluggable modules.
--
-- The object pluggableModuleTable within this group suggests that the MIB is 
-- designed to support pluggable modules that can contain more than one interface 
-- port.
--
-- Support for pluggableModuleGrp is deprecated in V-series sensors(VmIPS).
pluggableModuleGrp  OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 41 }

pluggableModuleTable  OBJECT-TYPE
  SYNTAX SEQUENCE OF PluggableModuleEntry
  MAX-ACCESS  not-accessible
  STATUS  current
  DESCRIPTION
    "Table containing entries for each pluggable Module (indexed via slotIndex)."
    ::= { pluggableModuleGrp 1 }

pluggableModuleEntry  OBJECT-TYPE
  SYNTAX  PluggableModuleEntry
  MAX-ACCESS  not-accessible
  STATUS  current
  DESCRIPTION
    "This MIB object contains all the columnar objects,
     that describe the contents of each pluggable module on each IntruShield sensor
     card. Indexed by slotIndex"
     INDEX { slotIndex }
     ::= { pluggableModuleTable 1 }

PluggableModuleEntry ::= SEQUENCE {
  moduleSerialNumber
   DisplayString,
  moduleSysType
   TrellixPluggableModuleType,
  modulePresent
   TruthValue,
  moduleNumPorts
   INTEGER,
  moduleRebootRequired
	 TruthValue
}

moduleSerialNumber  OBJECT-TYPE
  SYNTAX  DisplayString (SIZE(0..255))
  MAX-ACCESS  read-only
  STATUS  current
  DESCRIPTION
		"This object describes the Manufacturer-provided serial number 
		 of the pluggable module."
  ::= { pluggableModuleEntry 1 }

moduleSysType  OBJECT-TYPE
  SYNTAX  TrellixPluggableModuleType
  MAX-ACCESS  read-only
  STATUS  current
  DESCRIPTION
    "This object describes the type of the module plugged in."
  ::= { pluggableModuleEntry 2 }

modulePresent  OBJECT-TYPE
  SYNTAX  TruthValue
  MAX-ACCESS  read-only
  STATUS  current
  DESCRIPTION
    "True: Indicates the module is present.
     Otherwise not present.
     Default: False"
  ::= { pluggableModuleEntry 3}

moduleNumPorts  OBJECT-TYPE
  SYNTAX  INTEGER (0..12)
  MAX-ACCESS  read-only
  STATUS  current
  DESCRIPTION
    "This MIB object returns the number of ports in this module."
  ::= { pluggableModuleEntry 4 }

moduleRebootRequired  OBJECT-TYPE
	SYNTAX 	TruthValue
  MAX-ACCESS  read-only
  STATUS  current
  DESCRIPTION
    "This MIB object returns whether a reboot is needed to apply the module.
		Default: False"
  ::= { pluggableModuleEntry 5 }


--
-- insightixNetworkGrp
--

insightixNetworkGrp  OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 42 }

insightixCfgGrp  OBJECT IDENTIFIER ::= { insightixNetworkGrp 1 }

ldapServerIPAddressType OBJECT-TYPE
        SYNTAX  INTEGER {
                ip-v4 (4),
                ip-v6 (6)
        }
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
                "Identifies the type of  Insightix LDAP server IPAddress. If set to ip-v4, then the
                ldapServerIpv4Address object would be set else if this object is set to ip-v6, then
                the ldapServerIpv6Address object would be set. "
        ::= { insightixCfgGrp 1 }

ldapServerIPv4Address  OBJECT-TYPE
        SYNTAX IpAddress
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "The IPv4 address of the Insightix LDAP server"
        ::= { insightixCfgGrp 2 }

ldapServerIPv6Address  OBJECT-TYPE
        SYNTAX  Ipv6Address
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "IPv6 Address of the Insightix LDAP server."
        ::= { insightixCfgGrp 3 }

ldapServerPort OBJECT-TYPE
        SYNTAX INTEGER (1..65535)
        MAX-ACCESS read-write
        STATUS  current
        DESCRIPTION
                "The ldap server listener port on the insightix server. If SSL is enabled, the standard portnum is 636,
                else if ssl is disabled, the standard portnum is 389.
                 Default: 636"
        ::= { insightixCfgGrp 4 }

ldapServerSSLConfig OBJECT-TYPE
        SYNTAX  INTEGER {
		enable (1),
		disable (2)
        }
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "Specifies if SSL is enabled for insightix ldap server. 
                Default: 1, enable"
        ::= { insightixCfgGrp 5 }

ldapServerBaseDN  OBJECT-TYPE
	SYNTAX DisplayString (SIZE(3..255))	
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"Base Distinguished Name to be used for retrieving device profile information from the Insightix ldap server.
		Default : dc=insightix"
	::= { insightixCfgGrp 6 }

ldapServerUserName  OBJECT-TYPE
	SYNTAX DisplayString (SIZE(3..255))	
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"UserName to be used for authenticating to the Insightix ldap server."
	::= { insightixCfgGrp 7 }

ldapServerPassword  OBJECT-TYPE
	SYNTAX DisplayString (SIZE(3..255))	
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
		"Password to be used for authenticating to the Insightix ldap server."
	::= { insightixCfgGrp 8 }

ldapServerConfigAction  OBJECT-TYPE
	SYNTAX 	INTEGER {
		enable(1),
		disable(2)
	}
	MAX-ACCESS  read-write
	STATUS  current
	DESCRIPTION
		"This object describes about the sensor's possible configuration actions with the insightix ldap server.
		Default: 2, disable"
	::= { insightixCfgGrp 9 }

ldapServerConfigStatus  OBJECT-TYPE
	SYNTAX 	INTEGER {
		disConnected (1),
                inProgress (2),
                connected (3),
		sslError(4),
		baseDNError(5),
		credError(6),
		ldapServerError(7),
		ldapServerTimeoutError(8),
		ldapServerConnectionError(9)
	}
	MAX-ACCESS  read-only
	STATUS  current
	DESCRIPTION
		"This describes the sensor's possible insightix ldap server configuration states.
		 Default : deinstalled (4)"
	::= { insightixCfgGrp 10 }

--------------------------------------------------

--
-- ntbaChannelCfgGrp 
--

ntbaChannelCfgGrp  OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 43 }

ntbaServerIPAddressType OBJECT-TYPE
	SYNTAX 	INTEGER {
		ip-v4 (4),
		ip-v6 (6)
	}
	MAX-ACCESS  read-write 
	STATUS	current
	DESCRIPTION 
                "This object is used to configure the IP address type of the
                 mgmt port at the NTBA end"
	::= { ntbaChannelCfgGrp 1 }

ntbaServerIPv4Address  OBJECT-TYPE
	SYNTAX IpAddress	
	MAX-ACCESS  read-write 
	STATUS	current
	DESCRIPTION 
		"This object is used to configure the IPv4 address of the NTBA server.
                 The ntbaServerIPv6Address would be zero if the current object is initialized"
	::= { ntbaChannelCfgGrp 2 }

ntbaServerIPv6Address  OBJECT-TYPE
	SYNTAX 	Ipv6Address
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
                "This object is used to configure the IPv6 address of the NTBA server.
                 The ntbaServerIPv4Address would be zero if the current object is initialized"
	::= { ntbaChannelCfgGrp 3 }

ntbaServerPort OBJECT-TYPE
	SYNTAX INTEGER (1..65535)	
	MAX-ACCESS read-write 
	STATUS	current
	DESCRIPTION 
		"This object is used to configure the NTBA Server Listening TCP port
                 Default: 8505" 
	::= { ntbaChannelCfgGrp 4 }

ntbaServerConnectionConfig OBJECT-TYPE
        SYNTAX  INTEGER {
		enable (1),
		disable (2)
        }
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "This object is used to enable or disable the TCP Connection with
                 the NTBA server 
                Default: 2, disable"
        ::= { ntbaChannelCfgGrp 5 }

ntbaServerDeleteCertificate  OBJECT-TYPE
        SYNTAX  INTEGER {
                    delete (1),
                    dont-delete (2)
        }
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION 
             "This object is used to delete the ntba Server Certificate at the sensor.
              For deleting this certificate, the ntbaServerConnectionConfig should be
              disabled.  DEFAULT: 2, dont-delete"
	::= { ntbaChannelCfgGrp 6 }

ntbaServerCertificateStatus  OBJECT-TYPE
        SYNTAX  INTEGER {
                     present (1),
                     not-present (2)
        }
	MAX-ACCESS  read-only
	STATUS	current
	DESCRIPTION 
		"This object is used to indicate the NTBA server certificate status at
                 the sensor"
	::= { ntbaChannelCfgGrp 7 }

ntbaShdKeySHAValue  OBJECT-TYPE
        SYNTAX OCTET STRING (SIZE(128))
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "This object contains the SHA1 hashed value of sensor name and sensormodel from NSM"
        ::= { ntbaChannelCfgGrp 8 }

ntbaChannelStatus  OBJECT-TYPE
        SYNTAX  INTEGER {
                     ntba-Channel-Down (0),
                     ntba-Channel-InProgress (1),
                     ntba-Channel-Established (2),
                     ntba-Channel-Status-Unknown (3),
                     ntba-Cert-Mismatch (4),
                     ntba-Hash-Mismatch (5),
                     ntba-Network-Issue (6)
        }
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
                "This object is used to indicate the NTBA SSL channel status at
                 the sensor"
        ::= { ntbaChannelCfgGrp 9 }

--------------------------------------------------

--
-- validEdgeChannelCfgGrp
--

validEdgeChannelCfgGrp  OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 44 }

validEdgeServerIPAddressType OBJECT-TYPE
        SYNTAX  INTEGER {
                ip-v4 (4),
                ip-v6 (6)
        }
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "This object is used to configure the IP address type of the
                 mgmt port at the validEdge end"
        ::= { validEdgeChannelCfgGrp 1 }

validEdgeServerIPv4Address  OBJECT-TYPE
        SYNTAX IpAddress
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "This object is used to configure the IPv4 address of the validEdge server.
                 The validEdgeServerIPv6Address would be zero if the current object is initialized"
        ::= { validEdgeChannelCfgGrp 2 }

validEdgeServerIPv6Address  OBJECT-TYPE
        SYNTAX  Ipv6Address
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "This object is used to configure the IPv6 address of the validEdge server.
                 The validEdgeServerIPv4Address would be zero if the current object is initialized"
        ::= { validEdgeChannelCfgGrp 3 }

validEdgeServerPort OBJECT-TYPE
        SYNTAX INTEGER (1..65535)
        MAX-ACCESS read-write
        STATUS  current
        DESCRIPTION
                "This object is used to configure the validEdge Server Listening TCP port
                 Default: 8505"
        ::= { validEdgeChannelCfgGrp 4 }

validEdgeServerConnectionConfig OBJECT-TYPE
        SYNTAX  INTEGER {
                enable (1),
                disable (2)
        }
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "This object is used to enable or disable the TCP Connection with
                 the validEdge server
                Default: 2, disable"
        ::= { validEdgeChannelCfgGrp 5 }

validEdgeServerDeleteCertificate  OBJECT-TYPE
        SYNTAX  INTEGER {
                    delete (1),
                    dont-delete (2)
        }
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
             "This object is used to delete the validEdge Server Certificate at the sensor.
              For deleting this certificate, the validEdgeServerConnectionConfig should be
              disabled.  DEFAULT: 2, dont-delete"
        ::= { validEdgeChannelCfgGrp 6 }

validEdgeServerCertificateStatus  OBJECT-TYPE
        SYNTAX  INTEGER {
                     present (1),
                     not-present (2)
        }
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
                "This object is used to indicate the validEdge server certificate status at
                 the sensor"
        ::= { validEdgeChannelCfgGrp 7 }

validEdgeShdKeySHAValue  OBJECT-TYPE
        SYNTAX OCTET STRING (SIZE(128))
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "This object contains the SHA1 hashed value of sensor name and sensormodel from NSM"
        ::= { validEdgeChannelCfgGrp 8 }

validEdgeChannelStatus  OBJECT-TYPE
        SYNTAX  INTEGER {
                     validEdge-Channel-Down (0),
                     validEdge-Channel-InProgress (1),
                     validEdge-Channel-Established (2),
                     validEdge-Channel-Status-Unknown (3),
                     validEdge-Cert-Mismatch (4),
                     validEdge-Hash-Mismatch (5),
                     validEdge-Network-Issue (6),
                     validEdge-Channel-Down-Error-In-Cert-ret(7),
                     validEdge-Channel-Down-No-Config(8),
                     validEdge-Channel-Down-Wrong-Config(9),
                     validEdge-Channel-Down-Cert-Absent(10),
                     validEdge-Channel-SSL-HandShake-Fail(11),
                     validEdge-Channel-Down-Reason-Unknown(12),
                     validEdge-Channel-Down-Config-Disable(13),
                     validEdge-Channel-Down-Closed-By-NTBA(14),
                     validEdge-Channel-Down-Large-Pkt-From-NTBA(15),
                     validEdge-Channel-Down-Missed-KeepAlives(16),
                     validEdge-Channel-Up-No-Reason(17)
        }
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
                "This object is used to indicate the validEdge SSL channel status at
                 the sensor"
        ::= { validEdgeChannelCfgGrp 9 }

validEdgeChannelGlobalUserId  OBJECT-TYPE
        SYNTAX  INTEGER 
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "This object is used to configure  global matd user id/profile id assigned to a sensor."
        ::= { validEdgeChannelCfgGrp 10 }


validEdgeChannelGlobalUserName OBJECT-TYPE
        SYNTAX OCTET STRING (SIZE(32))
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                " This object is used to configure global matd user name/profile name assigned to a sensor."
        ::= { validEdgeChannelCfgGrp 11 }


--------------------------------------------------

--
-- dxlCfgGrp
--

dxlCfgGrp  OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 45 }

dxlConfig  OBJECT-TYPE
        SYNTAX TruthValue
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "Option to enable(1) or dissable(2) the DXL on Sensor."
        ::= {dxlCfgGrp 1 }

epoCfgGrp  OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 46 }

epoIPAddressType OBJECT-TYPE
        SYNTAX  INTEGER {
                ip-v4 (4),
                ip-v6 (6)
        }
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
                "Identifies the type of EPO IPAddress. If set to ip-v4, then the epoIPAddress object
                 would be set else if this object is set to ip-v6, then the epoIPv6Address object
                 would be set."
        ::= { epoCfgGrp 1 }

epoIpAddress  OBJECT-TYPE
        SYNTAX IpAddress
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "The IPv4 Address of the EPO Server"
        ::= { epoCfgGrp 2 }

epoIPv6Address  OBJECT-TYPE
        SYNTAX  Ipv6Address
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
                "IPv6 Address of a EPO Server"
        ::= { epoCfgGrp 3 }
                                
epoPort OBJECT-TYPE
        SYNTAX INTEGER (1..65535)
        MAX-ACCESS read-write
        STATUS  current
        DESCRIPTION
                "The EPO port through which MA connects to EPO Server Default: 8443"
        ::= { epoCfgGrp 4 }

epoCredUsername  OBJECT-TYPE
        SYNTAX DisplayString (SIZE(3..100))
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "EPO server :username"
        ::= { epoCfgGrp 5 }

epoCredPasswd  OBJECT-TYPE
        SYNTAX DisplayString (SIZE(3..100))
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "EPO server :Password"
        ::= { epoCfgGrp  6 }
                                
epoAction OBJECT-TYPE
        SYNTAX INTEGER {
                    connect (1),
                    disconnect (2),
                    reconnect (3)
        }
        MAX-ACCESS read-write
        STATUS  current
        DESCRIPTION
                "This config object indicates the epo action (1-Connect, 2-Disconnect, 3-Reconnect) to be taken 
                                                                by all the dependent modules in the sensor."
        ::= { epoCfgGrp 7 }

--User authentication using RADIUS

radiusAuthGrp  OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 47 }

radiusAuthConfig  OBJECT-TYPE
        SYNTAX INTEGER {
               enable (1),
               disable (2)
        }
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
        "This action object can be used to enable/re-init or disable user authentication using RADIUS.
         The value of 'True/Enable' would be interpreted as 're-init', when the configuration is already set to True/Enable.
        Default: False (2)"
        ::= { radiusAuthGrp 1}

radiusPrimaryServerIPAddrType OBJECT-TYPE
        SYNTAX  INTEGER {
                ip-v4 (4),
                ip-v6 (6)
        }
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "Identifies the type of IPAddress of the Primary Radius Server. If set to ip-v4, then the radiusPrimaryServerIPAddr object
                 would be set else if this object is set to ip-v6, then the radiusPrimaryServerIPv6Addr object
                 would be set."
        ::= { radiusAuthGrp 2 }

radiusPrimaryServerIPAddr OBJECT-TYPE
        SYNTAX IpAddress
        MAX-ACCESS read-write
        STATUS  current
        DESCRIPTION
        "This object specifies the IPv4 Address of the Primary RADIUS server"
        ::= { radiusAuthGrp 3 }

radiusPrimaryServerIPv6Addr OBJECT-TYPE
        SYNTAX  Ipv6Address
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "This object specifies the IPv6 Address of the Primary RADIUS Server"
        ::= { radiusAuthGrp 4 }


radiusPrimaryServerEncrSecret OBJECT-TYPE
        SYNTAX DisplayString (SIZE(0..64))
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "This object specifies the secret to be used in generating the encrypted RADIUS traffic between the client and Primary Radius Server"
        ::= { radiusAuthGrp 5}

radiusPriServerAuthPort OBJECT-TYPE
        SYNTAX INTEGER (1..65535)
        MAX-ACCESS read-write
        STATUS  current
        DESCRIPTION
                "This object specifies the port on which Primary RADIUS Server is listening for authentication requests.
                 Default: 1812"
        ::= { radiusAuthGrp 6}

radiusPriServerAccConfig OBJECT-TYPE
	SYNTAX TruthValue
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
        "This object specifies whether accounting has to be enabled on the Primary Radius Server or not.
        Default: True (1)"
        ::= { radiusAuthGrp 7}

radiusPriServerAccPort OBJECT-TYPE
        SYNTAX INTEGER (1..65535)
        MAX-ACCESS read-write
        STATUS  current
        DESCRIPTION
                "This object specifies the port on which Primary RADIUS Server is listening for accounting requests.
                 Default: 1813"
        ::= { radiusAuthGrp 8}

radiusPriServerConnTimeOut OBJECT-TYPE
        SYNTAX INTEGER (1..60)
        MAX-ACCESS read-write
        STATUS  current
        DESCRIPTION
           "This object specifies the time in seconds the client  has to wait before it can contact the Backup RADIUS Server in case the Primary RADIUS Server fails.
            Default: 6"
        ::= { radiusAuthGrp 9}

radiusBackupServerIPAddrType OBJECT-TYPE
        SYNTAX  INTEGER {
                ip-v4 (4),
                ip-v6 (6)
        }
        MAX-ACCESS read-write
        STATUS  current
        DESCRIPTION
        "This object specifies the IP Address Type of the Backup RADIUS server"
        ::= { radiusAuthGrp 10 }


radiusBackupServerIPAddr OBJECT-TYPE
        SYNTAX IpAddress
        MAX-ACCESS read-write
        STATUS  current
        DESCRIPTION
        "This object specifies the IPv4 Address of the Backup RADIUS server"
        ::= { radiusAuthGrp 11 }

radiusBackupServerIPv6Addr OBJECT-TYPE
        SYNTAX  Ipv6Address
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "This object specifies the IPv6 Address of the Backup RADIUS Server"
        ::= { radiusAuthGrp 12 }

radiusBackupServerEncrSecret OBJECT-TYPE
        SYNTAX DisplayString (SIZE(0..256))
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "This object specifies the secret to be used in generating the encrypted RADIUS traffic between the client and Backup Radius Server"
        ::= { radiusAuthGrp 13 }

radiusBackupServerAuthPort OBJECT-TYPE
	SYNTAX INTEGER (1..65535)
        MAX-ACCESS read-write
        STATUS  current
        DESCRIPTION
                "This object specifies the port on which Backup RADIUS Server is listening for authentication requests.
                 Default: 1812"
        ::= { radiusAuthGrp 14}

radiusBackupServerAccConfig OBJECT-TYPE
        SYNTAX TruthValue
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
        "This object specifies whether accounting has to be enabled on the Backup Radius Server or not.
        Default: True (1)"
        ::= { radiusAuthGrp 15}

radiusBackupServerAccPort OBJECT-TYPE
       SYNTAX INTEGER (1..65535)
        MAX-ACCESS read-write
        STATUS  current
        DESCRIPTION
                "This object specifies the port on which Backup RADIUS Server is listening for accounting requests.
                 Default: 1813"
        ::= { radiusAuthGrp 16}

radiusBackupServerConnTimeOut OBJECT-TYPE
        SYNTAX INTEGER (1..60)
        MAX-ACCESS read-write
        STATUS  current
        DESCRIPTION
           "This object specifies the time in seconds before which the the sensor decides that the Backup server is not responding.
            Default: 6"
        ::= { radiusAuthGrp 17}


sshAccessGrp OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 48 }

sshAccessCfgGrp  OBJECT IDENTIFIER ::= { sshAccessGrp  1 }

sshAccessControlStatus OBJECT-TYPE
                 SYNTAX TruthValue
                 MAX-ACCESS read-write
                 STATUS current
                 DESCRIPTION
                         "Configuration option to enable/disable ssh access control list for ipv4.
                          Default: false (2)"
                 ::= {sshAccessCfgGrp 1 }

sshAccessControlResetIpv4 OBJECT-TYPE
                 SYNTAX TruthValue
                 MAX-ACCESS read-write
                 STATUS current
                 DESCRIPTION
                         "Configuration option to to delete/reset the ssh access ipv4 contol list.
                          Default: false (2)"
                 ::= {sshAccessCfgGrp 2 }

sshAccessLogSupport OBJECT-TYPE
                 SYNTAX TruthValue
                 MAX-ACCESS read-write
                 STATUS current
                 DESCRIPTION
                         "Configuration option to enable/disable ssh access messages logging support.
                          Default: false (2)"
                 ::= {sshAccessCfgGrp 3 }

sshAccessControlResetIpv6 OBJECT-TYPE
                 SYNTAX TruthValue
                 MAX-ACCESS read-write
                 STATUS current
                 DESCRIPTION
                         "Configuration option to delete/reset ssh access control list for ipv6.
                          Default: false (2)"
                 ::= {sshAccessCfgGrp 4 }

sshAccessNumIpv4Entries  OBJECT-TYPE
        SYNTAX INTEGER (0..100)
        MAX-ACCESS read-only
        STATUS  current
        DESCRIPTION
            "This object ranges from 1 to 100, as only a maximum of 100 entries are supported."
        ::= { sshAccessGrp 2 }


sshAccessIpTable  OBJECT-TYPE
        SYNTAX SEQUENCE OF SSHAccessIpEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
        "

        "
        ::= { sshAccessGrp 3 }

sshAccessIpEntry  OBJECT-TYPE
        SYNTAX  SSHAccessIpEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
            "Each entry specified is indexed by <sshIpv4Index>. "
        INDEX { sshIpv4Index }
        ::= { sshAccessIpTable 1 }

SSHAccessIpEntry ::= SEQUENCE {
        sshIpv4Index
            INTEGER,
        sshIpAddress
            IpAddress,
        sshMaskIpv4
            INTEGER,
        sshAccessIpConfig
            RowStatus
}

sshIpv4Index  OBJECT-TYPE
        SYNTAX INTEGER
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
            "This object sshIpv4Index ranges from 1 to 100, It support only 100 entries."
        ::= { sshAccessIpEntry 1 }

sshIpAddress  OBJECT-TYPE
        SYNTAX IpAddress
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
            "IP Address of a SSH Access Control(ipv4)."
        ::= { sshAccessIpEntry 2 }

sshMaskIpv4  OBJECT-TYPE
        SYNTAX INTEGER (1..32)
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
            "Mask of a SSH Access Control(ipv4)."
        ::= { sshAccessIpEntry 3 }

sshAccessIpConfig  OBJECT-TYPE
    SYNTAX  RowStatus
    MAX-ACCESS  read-create
    STATUS  current
    DESCRIPTION
        "This object used for user to add and delete rows in to the table."
    ::= { sshAccessIpEntry 4 }

sshAccessNumIpv6Entries  OBJECT-TYPE
        SYNTAX INTEGER (0..100)
        MAX-ACCESS read-only
        STATUS  current
        DESCRIPTION
            "This object ranges from 1 to 100, as only a maximum of 100 entries are supported."
        ::= { sshAccessGrp 4 }

sshAccessIpv6Table  OBJECT-TYPE
        SYNTAX SEQUENCE OF SSHAccessIpv6Entry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
        "

        "
        ::= { sshAccessGrp 5 }

sshAccessIpv6Entry  OBJECT-TYPE
        SYNTAX  SSHAccessIpv6Entry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
        "Each entry specified is indexed by <sshIpv6Index>.
        "
        INDEX { sshIpv6Index  }
        ::= { sshAccessIpv6Table  1}

SSHAccessIpv6Entry ::= SEQUENCE {
        sshIpv6Index
            INTEGER,
        sshAccessIpv6Address
            Ipv6Address,
        sshAccessIpv6Mask
            INTEGER,
        sshAccessIpv6Config
            RowStatus
}

sshIpv6Index  OBJECT-TYPE
        SYNTAX INTEGER
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
        "This object sshIpv6Index range from 1 to 100, It support max
100 entries"
        ::= { sshAccessIpv6Entry 1 }


sshAccessIpv6Address  OBJECT-TYPE
        SYNTAX Ipv6Address
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
        "IPv6 address for the ssh access control list"
        ::= { sshAccessIpv6Entry 2 }

sshAccessIpv6Mask  OBJECT-TYPE
        SYNTAX INTEGER (1..128)
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
        "IPv6 Mask for the ssh access control list"
        ::= { sshAccessIpv6Entry 3 }

sshAccessIpv6Config  OBJECT-TYPE
    SYNTAX  RowStatus
    MAX-ACCESS  read-create
    STATUS  current
    DESCRIPTION
        "This object used for user to add and delete rows in to the table."
    ::= { sshAccessIpv6Entry 4 }

--------------------------------------------------
-- This group contains all MIB objects that specify the configuration of
-- pluggable modules for the VSS Switch Load Balancer to be used in conjunction with
-- existing MIB interfacePortGrp  OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 11 } which will be used as virtual interface port group of VSS switch.

virtualPluggableModuleGrp  OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 49 }

moduleOneNumPorts OBJECT-TYPE
  SYNTAX  INTEGER (0..16)
  MAX-ACCESS  read-write
  STATUS  current
  DESCRIPTION
    "This MIB object returns the number of ports in the first module of VSS Box.
     To be used in conjunction with interfacePortGrp of { ivSensorConfigurationMIB 11 } to represent attributes of VSS switch virtual ports.
     Default: 0 (If the module is not inserted)"
  ::= { virtualPluggableModuleGrp 1 }

moduleTwoNumPorts OBJECT-TYPE
  SYNTAX  INTEGER (0..16)
  MAX-ACCESS  read-write
  STATUS  current
  DESCRIPTION
    "This MIB object returns the number of ports in the first module of VSS Box.
     To be used in conjunction with interfacePortGrp of { ivSensorConfigurationMIB 11 } to represent attributes of VSS switch virtual ports.
     Default: 0 (If the module is not inserted)"
  ::= { virtualPluggableModuleGrp 2 }

--------------------------------------------------
--
-- sslProbeAccessGrp
--

sslProbeAccessGrp OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 51 }

sslProbeAccessCfgGrp  OBJECT IDENTIFIER ::= { sslProbeAccessGrp  1 }

sslProbeAccessMaxAgentConn OBJECT-TYPE
		SYNTAX  INTEGER (1..1024)
		MAX-ACCESS  read-write
		STATUS  current
		DESCRIPTION
             "Configuration option to restrict the total number of  connections
			 that the sensor can handle from the SSL Probes.
                	Default: 1024"
		::= {sslProbeAccessCfgGrp 1 }

sslProbeAccessNumIpv4Entries  OBJECT-TYPE
        SYNTAX INTEGER (0..64)
        MAX-ACCESS read-only
        STATUS  current
        DESCRIPTION
            "This object ranges from 1 to 64, as only a maximum of 64 entries are supported."
        ::= { sslProbeAccessGrp 2 }


sslProbeAccessIpTable  OBJECT-TYPE
        SYNTAX SEQUENCE OF SSLProbeAccessIpEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
        "

        "
        ::= { sslProbeAccessGrp 3 }

sslProbeAccessIpEntry  OBJECT-TYPE
        SYNTAX  SSLProbeAccessIpEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
            "Each entry specified is indexed by <sslProbeIpv4Index>. "
        INDEX { sslProbeIpv4Index }
        ::= { sslProbeAccessIpTable 1 }

SSLProbeAccessIpEntry ::= SEQUENCE {
        sslProbeIpAddress
            IpAddress,
        sslProbeMaskIpv4
            INTEGER,
        sslProbeAccessIpConfig
            RowStatus
}

sslProbeIpAddress  OBJECT-TYPE
        SYNTAX IpAddress
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
            "IP Address of a SSL Probe Access Control(ipv4)."
        ::= { sslProbeAccessIpEntry 1 }

sslProbeMaskIpv4  OBJECT-TYPE
        SYNTAX INTEGER (1..32)
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
            "Mask of a SSL Probe Access Control(ipv4)."
        ::= { sslProbeAccessIpEntry 2 }

sslProbeAccessIpConfig  OBJECT-TYPE
    SYNTAX  RowStatus
    MAX-ACCESS  read-create
    STATUS  current
    DESCRIPTION
        "This object used for user to add and delete rows in to the table."
    ::= { sslProbeAccessIpEntry 3 }

sslProbeAccessNumIpv6Entries  OBJECT-TYPE
        SYNTAX INTEGER (0..64)
        MAX-ACCESS read-only
        STATUS  current
        DESCRIPTION
            "This object ranges from 1 to 64, as only a maximum of 64 entries are supported."
        ::= { sslProbeAccessGrp 4 }

sslProbeAccessIpv6Table  OBJECT-TYPE
        SYNTAX SEQUENCE OF SSLProbeAccessIpv6Entry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
        "

        "
        ::= { sslProbeAccessGrp 5 }

sslProbeAccessIpv6Entry  OBJECT-TYPE
        SYNTAX  SSLProbeAccessIpv6Entry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
        "Each entry specified is indexed by <sslProbeIpv6Index>.
        "
        INDEX { sslProbeIpv6Index  }
        ::= { sslProbeAccessIpv6Table  1}

SSLProbeAccessIpv6Entry ::= SEQUENCE {
        sslProbeAccessIpv6Address
            Ipv6Address,
        sslProbeAccessIpv6Mask
            INTEGER,
        sslProbeAccessIpv6Config
            RowStatus
}

sslProbeAccessIpv6Address  OBJECT-TYPE
        SYNTAX Ipv6Address
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
        "IPv6 address for the sslProbe access control list"
        ::= { sslProbeAccessIpv6Entry 1 }

sslProbeAccessIpv6Mask  OBJECT-TYPE
        SYNTAX INTEGER (1..128)
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
        "IPv6 Mask for the sslProbe access control list"
        ::= { sslProbeAccessIpv6Entry 2 }

sslProbeAccessIpv6Config  OBJECT-TYPE
    SYNTAX  RowStatus
    MAX-ACCESS  read-create
    STATUS  current
    DESCRIPTION
        "This object used for user to add and delete rows in to the table."
    ::= { sslProbeAccessIpv6Entry 3 }

--------------------------------------------------

--This group contains MIB objects related to Sensor Certificate Configuration

sensorCertificateGroup  OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 52 }

sensorCertificateConfigGrp  OBJECT IDENTIFIER ::= { sensorCertificateGroup 1 }

sensorCertificateCSRConfigGrp OBJECT IDENTIFIER ::= { sensorCertificateConfigGrp 1 }

sensorCertificateCSRCountryName  OBJECT-TYPE
        SYNTAX DisplayString (SIZE(1..255))
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "Country name for generating the CSR. Use the two-letter code
                without punctuation for country like US or CA."
        ::= { sensorCertificateCSRConfigGrp 1 }

sensorCertificateCSRStateProvince  OBJECT-TYPE
        SYNTAX DisplayString (SIZE(1..255))
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "State or Province name for generating the CSR. Spell out the
                state completely."
        ::= { sensorCertificateCSRConfigGrp 2 }

sensorCertificateCSRLocality  OBJECT-TYPE
        SYNTAX DisplayString (SIZE(1..255))
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "City or town name for generating the CSR."
        ::= { sensorCertificateCSRConfigGrp 3 }

sensorCertificateCSRCompany  OBJECT-TYPE
        SYNTAX DisplayString (SIZE(1..255))
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "Company name for generating the CSR. If the company name has
                symbols, spell out the symbol or omit it to enroll."
        ::= { sensorCertificateCSRConfigGrp 4 }

sensorCertificateCSROrganizationalUnit  OBJECT-TYPE
        SYNTAX DisplayString (SIZE(1..255))
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "The organizational unit is the name of the department or organization unit
                making the request. This is an optional field"
        ::= { sensorCertificateCSRConfigGrp 5 }

sensorCertificateCSRCommonName  OBJECT-TYPE
        SYNTAX DisplayString (SIZE(1..255))
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "The common name is the host plus domain name. It looks like
                www.company.com or company.com."
        ::= { sensorCertificateCSRConfigGrp 6 }

sensorCertificateCSRGenerateAction  OBJECT-TYPE
        SYNTAX  INTEGER {
                other(0),
                generateCSR(1),
    generateSelfSigned(2)
        }
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "This action is used to generate the CSR/self signed certificate.
                 Default : other (0)"
        ::= { sensorCertificateCSRConfigGrp 7 }

sensorCertificateCSRGenerateStatus  OBJECT-TYPE
        SYNTAX  INTEGER {
                    other (0),
                generationInProgress (1),
                generationComplete (2),
                    generationFailed (3)
        }
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
                "This object describes the possible CSR generation states.
                 Default : other (0)"
        ::= { sensorCertificateCSRConfigGrp 8 }

sensorCertSubAltName OBJECT-TYPE
        SYNTAX  INTEGER
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "To push sensorCert subject alternative name"
        ::= { sensorCertificateCSRConfigGrp 9 }

sensorCertificateStatus OBJECT-TYPE
        SYNTAX  INTEGER {
                    other (0),
        certAbsent (1),
        defaultCert (2),
        selfsignedCert (3),
        casignedCert (4)
        }
  MAX-ACCESS  read-only
  STATUS  current
  DESCRIPTION
    "This object indicates the cert status on the sensor.
    Default: 0"
  ::= { sensorCertificateConfigGrp 2 }

sensorCertMigrateAction OBJECT-TYPE
        SYNTAX  INTEGER
  MAX-ACCESS  read-write
  STATUS  current
  DESCRIPTION
    "To push request for sensor cert migration"
  ::= { sensorCertificateConfigGrp 3 }

--------------------------------------------------

sensorStackGrp  OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 53 }

stackName  OBJECT-TYPE
        SYNTAX DisplayString (SIZE(1..80))
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
                "Stack Name"
        ::= { sensorStackGrp 1 }

stackNodeId OBJECT-TYPE
        SYNTAX  INTEGER (1..16)
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
                "ID of stackNode."
        ::= { sensorStackGrp 2 }

stackNodeLeftNeighbour OBJECT-TYPE
        SYNTAX  INTEGER (1..16)
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
                "Node id of Left Neighbour, configured in stack"
        ::= { sensorStackGrp 3 }

stackNodeRightNeighbour OBJECT-TYPE
        SYNTAX  INTEGER (1..16)
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
                "Node id of Right Neighbour, configured in stack"
        ::= { sensorStackGrp 4 }


interfaceVirtualPortGrp  OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 54 }

intfVirtualPortTable  OBJECT-TYPE
        SYNTAX SEQUENCE OF IntfVirtualPortEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
                "Table containing entries for each interface port (indexed via intfPortIndex)
                on each sensor card (indexed via appropriate slotIndex).

                This table contains Trellix specific configuration objects.
                Tables that contain MIB objects borrowed from MIB-II are in the
                TRELLIX-SENSOR-PERF-MIB."
        ::= { interfaceVirtualPortGrp 1 }

intfVirtualPortEntry  OBJECT-TYPE
        SYNTAX  IntfVirtualPortEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
                "This MIB object contains all the columnar objects,
                that describe the contents of each interface port on each IntruShield sensor card.
                Indexed by slotIndex/intfPortIndex"
        INDEX { intfVirtualSlotIndex,
                intfVirtualPortIndex }
        ::= { intfVirtualPortTable 1 }

IntfVirtualPortEntry ::= SEQUENCE {
        intfVirtualPortIfDescr
                DisplayString,
        intfVirtualPortIfType
                TrellixIDSPortType,
        intfVirtualPortIfAdminStatus
                INTEGER,
        intfVirtualPortOperatingMode
                TrellixIDSOperatingMode,
        intfVirtualPortEnableFullDuplex
                TruthValue,
        intfVirtualPortSpeedConfig
                TrellixPortSpeed,
        intfVirtualPortEnableInternalTap
                TruthValue,
        intfVirtualPortInOutType
                INTEGER,
        intfVirtualFailOpenSwitchStatus
                INTEGER,
        intfVirtualFailOpenPortStatus
                INTEGER,
        intfVirtualPortEnableAntiSpoofing
                INTEGER,
        intfVirtualPortAllowAnyConnector
                TruthValue,
        intfVirtualPortCageType
                INTEGER,
        intfVirtualPortSetMediaType
                INTEGER,
        intfVirtualPortMonPortIpAddress
                IpAddress,
        intfVirtualPortMonPortNetMask
                IpAddress,
        intfVirtualPortGatewayIpAddress
                IpAddress,
        intfVirtualPortNbadConfigStatus
                TruthValue,
        intfVirtualPortVlanId
                Integer32,
        intfVirtualPortAppIdStatsConfigStatus
                TruthValue,
        intfVirtualPortLinearIndex
                TrellixPortLinearIndex,
        intfVirtualPortFECConfig
                TruthValue
}

intfVirtualPortIfDescr  OBJECT-TYPE
        SYNTAX  DisplayString (SIZE(0..255))
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
                "A textual string containing information about the interface.
                Returns the string that is printed on the box."
        ::= { intfVirtualPortEntry 1 }

intfVirtualPortIfType  OBJECT-TYPE
        SYNTAX  TrellixIDSPortType
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "The type of interface, distinguished according to the
                physical/link protocol(s) immediately 'below' the network
                layer in the protocol stack.

                For brevity, Trellix options are as specified by the TC,
                TrellixIDSPortType.

                However, the SNMP MIB-II - Interfaces MIB specifies many more
                valid options. See comments section for details.
                "
        ::= { intfVirtualPortEntry 2 }

intfVirtualPortIfAdminStatus  OBJECT-TYPE
        SYNTAX  INTEGER {
                up (1),
                down (2)
        }
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "The desired state of the interface.
                The testing(3) state indicates that no operational packets
                can be passed.

                Default: down"
        ::= { intfVirtualPortEntry 3 }

intfVirtualPortOperatingMode  OBJECT-TYPE
        SYNTAX  TrellixIDSOperatingMode
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "ReadWrite parameter specifies the operating mode for the
                Trellix IDS sensor to be used. Different modes supported are
                inline-fo-passive(1), non-inline or tap(2), span(3) and
                inlne-fc(4), inline-fo-active kit(5 - available on M-series only).

                Default: non-inline"
        ::= { intfVirtualPortEntry 4 }

intfVirtualPortEnableFullDuplex  OBJECT-TYPE
        SYNTAX  TruthValue
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "True: Sets interface port to work as a full-duplex one.
                Otherwise as half-duplex.

                Default: True"
        ::= { intfVirtualPortEntry 5 }

intfVirtualPortSpeedConfig  OBJECT-TYPE
        SYNTAX  TrellixPortSpeed -- was TrellixFEType, now deprecated
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "Set desired speed/negotiation on the interface."
        ::= { intfVirtualPortEntry 6 }

intfVirtualPortEnableInternalTap  OBJECT-TYPE
        SYNTAX  TruthValue
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "Set to TRUE to enable feature. Applies to Fast Ethernet (FE)
                ports only (see TrellixIDSPortType).
                For non FE ports, set to 'FALSE' .
                Setting this to 'TRUE' requires that
                <intfPortCurrentOperatingMode> is already set to
                'monitor-dual-intf'
                Default: True"

        ::= { intfVirtualPortEntry 7 }

intfVirtualPortInOutType  OBJECT-TYPE
        SYNTAX  INTEGER {
                inside (1),
                outside (2),
                not-specified (3)
        }
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "This MIB object reflects the Input or Output labeling
                of this interface port. Used only when operating mode
                is inline(1) or monitor-dual-intf(2).

                Default: not-specified(3)"
        ::= { intfVirtualPortEntry 8 }

intfVirtualFailOpenSwitchStatus  OBJECT-TYPE
        SYNTAX  INTEGER {
                not-applicable(1),
                present(2),
                not-present(3)
        }
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "Returns the status of the external optical bypass switch
                status. For FE ports, this object will return
                not-applicable(1). For GE ports, if external optical bypass
                switch is connected to sensor ports, this will return
                present(2). Otherwise, it will return not-present(3)."
        ::= { intfVirtualPortEntry 9 }

intfVirtualFailOpenPortStatus  OBJECT-TYPE
        SYNTAX  INTEGER {
                not-applicable(1),
                inline-fail-open(2),
                bypass(3),
                tap (4),
                absent (5),
                unknown (6),
                layer2-bypass (7)

        }
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "Returns the packet forwarding status of the sensor ports connected to the optical bypass switch.
                If status is inline-fail-open(2), sensor is doing the
                forwarding. If status is bypass(3), the bypass switch is
                doing the forwarding and sensor will not process any
                traffic in this mode. Tap(4), absent(5) , unknown (6) and layer2-bypass(7)
                are available only in M-series for non RJ45(captive) ports
                when connected to active FO kit and sensor operating mode
                is inline-fail-open-active-kit.
                tap - operational status(up), kit(present), heart-beat(tap)
                absent - operational status(up), kit(absent), hear-beat(none)
                unknown - operational status(down), kit(absent), heart-beat(not available)."
        ::= { intfVirtualPortEntry 10 }

intfVirtualPortEnableAntiSpoofing  OBJECT-TYPE
        SYNTAX  INTEGER {
                disable-bothsides-spoof-detect (1),
                enable-inside-spoof-detect (2),
                enable-outside-spoof-detect (3),
                enable-bothsides-spoof-detect (4)
        }
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "spoofed packet detect rcvd on the both sides .

                Default: 'disable-bothsides-spoof-detect' (0) "
        ::= { intfVirtualPortEntry 11 }

intfVirtualPortAllowAnyConnector  OBJECT-TYPE
        SYNTAX  TruthValue
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "True: Permit usage of any connector for port.
                 False: Restrict usage to McAfee certified connector only.
                Default: False"
        ::= { intfVirtualPortEntry 12 }

intfVirtualPortCageType  OBJECT-TYPE
        SYNTAX  INTEGER {
                other (0),
                rJ-45 (1),
                rJ-11 (2),
                gBIC (3),
                sFP (4),
                xFP (5),
                sFP-plus (6), -- support in R-series only
                qSFP (7), -- support in R-series only
                rJ-45-plus (8), --  support in R-series only
                sFP-plus-BPFO (9) --  support in R-series only
        }
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "Physical connector cage type on sensor chassis panel."
        ::= { intfVirtualPortEntry 13 }

intfVirtualPortSetMediaType OBJECT-TYPE
        SYNTAX  INTEGER {
                optical(1),
                electrical (2)
        }
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "Sets the media of the connector the user desired for the port.
                Default: optical"
        ::= { intfVirtualPortEntry 14 }

intfVirtualPortMonPortIpAddress OBJECT-TYPE
        SYNTAX  IpAddress
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "This object is used to configure / retrieve the IPv4 address of the monitoring port.
                 Default: 0.0.0.0"
        ::= { intfVirtualPortEntry 15 }

intfVirtualPortMonPortNetMask OBJECT-TYPE
        SYNTAX  IpAddress
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "This object is used to configure / retrieve netmask for the IPv4 address of the monitoring port.
                 Default: 0.0.0.0"
        ::= { intfVirtualPortEntry 16 }

intfVirtualPortGatewayIpAddress OBJECT-TYPE
        SYNTAX  IpAddress
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "This object is used to configure / retrieve the IPv4 address of the gateway.
                 Default: 0.0.0.0"
        ::= { intfVirtualPortEntry 17 }

intfVirtualPortNbadConfigStatus OBJECT-TYPE
        SYNTAX  TruthValue
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "This object value if set to TRUE indicates that flow record generation
                 to be sent to the NBAD server, is enabled over this monitoring port.
                Default: False"
        ::= { intfVirtualPortEntry 18 }

intfVirtualPortVlanId  OBJECT-TYPE
        SYNTAX  Integer32 (0..2164326399)
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "This MIB object indicates the Vlan ID of the VLAN to which the monitoring
                 port is connected."
        ::= { intfVirtualPortEntry 19 }

intfVirtualPortAppIdStatsConfigStatus  OBJECT-TYPE
        SYNTAX  TruthValue
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "This object value if set to TRUE indicates that the appId stats collection is enabled
         over this monitoring port.
                Default: True"
        ::= { intfVirtualPortEntry 20 }


intfVirtualPortLinearIndex   OBJECT-TYPE
        SYNTAX  TrellixPortLinearIndex
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
                "This MIB object indicates the Linear Index of the monitoring port. This index is
                generated by the sensor appliance using the pair of slot index and the port index values.
                The other MIB tables would directly use this linear index, whereever applicable."
        ::= { intfVirtualPortEntry 21 }

intfVirtualPortFECConfig OBJECT-TYPE
        SYNTAX  TruthValue
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "This object value if set to TRUE indicates that FEC is enabled, FALSE for FEC disbaled
                Default: False"
        ::= { intfVirtualPortEntry 22 }

-- responseVirtualPortGrp 'ivSensorConfigurationMIB 55' is not supported currently, reserved for future use
responseVirtualPortGrp  OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 55 }

respVirtualPortTable  OBJECT-TYPE
        SYNTAX SEQUENCE OF RespVirtualPortEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
                "Table containing entries for each response port (indexed via respPortIndex)
                on each sensor card (indexed via valid slotIndex).

                This table contains Trellix specific MIB objects.
                "
        ::= { responseVirtualPortGrp 1 }

respVirtualPortEntry  OBJECT-TYPE
        SYNTAX  RespVirtualPortEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
                "This MIB object contains all the columnar objects,
                that describe the contents of each response port within the Trellix IDS sensor card.
                Indexed by slotIndex/respPortIndex"
        INDEX { slotIndex,
                respPortIndex }
        ::= { respVirtualPortTable 1 }

RespVirtualPortEntry ::= SEQUENCE {
        respVirtualPortDescr
                DisplayString,
        respVirtualPortType
                TrellixIDSPortType,
        respVirtualPortAdminStatus
                INTEGER,
        respVirtualPortOperStatus
                INTEGER,
        respVirtualPortEnableFullDuplex
                TruthValue,
        respVirtualPortSpeed
                TrellixPortSpeed, -- was TrellixFEType,
        respVirtualPortPktDestination
                INTEGER,
        respVirtualPortMacAddress
                MacAddress,
        respVirtualCUGEPortSpeed
                TrellixCUGEType,
        respVirtualAdditionalInfo
                DisplayString

}

respVirtualPortDescr  OBJECT-TYPE
        SYNTAX  DisplayString
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
                "A textual string containing information about the interface.
                Returns the string that is printed on the box."
        ::= { respVirtualPortEntry 1 }

respVirtualPortType  OBJECT-TYPE
        SYNTAX  TrellixIDSPortType
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
                "The type of interface, distinguished according to the
                physical/link protocol(s) immediately 'below' the network
                layer in the protocol stack.
                See  TrellixIDSPortType.
                "
        ::= { respVirtualPortEntry 2 }

respVirtualPortAdminStatus  OBJECT-TYPE
        SYNTAX  INTEGER {
                up (1),
                down (2)
        }
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "The desired state of the interface.
                Default: Up"
        ::= { respVirtualPortEntry 3 }

respVirtualPortOperStatus  OBJECT-TYPE
        SYNTAX  INTEGER {
                up (1),
                down (2)
        }
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
                "The current operational state of the interface.
                The testing(3) state indicates that no operational packets
                can be passed."
        ::= { respVirtualPortEntry 4 }

respVirtualPortEnableFullDuplex  OBJECT-TYPE
        SYNTAX  TruthValue
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "True: Sets response port to work as a full-duplex one.
                otherwise as half-duplex.
                If True, respPortFullDuplexPeer must be specified.

                Default: False
                "
        ::= { respVirtualPortEntry 5 }

-- Support for respPortSpeed is deprecated in V-series sensors(VmIPS).
respVirtualPortSpeed  OBJECT-TYPE
        SYNTAX  TrellixPortSpeed
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "See TrellixPortSpeed

                Default: fixed-hundred-Mbps (2)"
        ::= { respVirtualPortEntry 6 }

respVirtualPortPktDestination OBJECT-TYPE
        SYNTAX  INTEGER {
                switch (1),
                router (2)
        }

        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "This object is used when response ports are chosen for
                sending response packets. When router mode is chosen,
                packets will be sent to router with destination MAC as
                defined in intfRespMacAddress.

                Default value is switch (1)."
        ::= { respVirtualPortEntry 7 }

respVirtualPortMacAddress OBJECT-TYPE
        SYNTAX  MacAddress
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "Specifies the macaddress of the router to which the response
                packets have to be sent to."
        ::= { respVirtualPortEntry 8 }

-- Support for  respCUGEPortSpeed is deprecated in V-series sensors(VmIPS).
respVirtualCUGEPortSpeed  OBJECT-TYPE
        SYNTAX  TrellixCUGEType
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "Only applicable to copper-gigabit-ethernet ports, to specify whether
                10mbps or 100mbps or 1-gbps or auto-neg. See TrellixCUGEType

                Default: auto-negotiate"
        ::= { respVirtualPortEntry 9 }

respVirtualAdditionalInfo  OBJECT-TYPE
        SYNTAX  DisplayString (SIZE(0..255))
        MAX-ACCESS  read-only
        STATUS  current
        DESCRIPTION
                "A textual string containing additional information about the response interface.
                This mib object will be available only on V-series sensors."
        ::= { respVirtualPortEntry 11 }


--
-- Interface Virtual Response Table
--
intfVirtualRespTable  OBJECT-TYPE
        SYNTAX SEQUENCE OF IntfVirtualRespEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
                "Table containing entries for each interface port. The
                table describes how responses have to be sent in monitoring
                mode."
        ::= { responseVirtualPortGrp 2 }

intfVirtualRespEntry  OBJECT-TYPE
        SYNTAX  IntfVirtualRespEntry
        MAX-ACCESS  not-accessible
        STATUS  current
        DESCRIPTION
                "Indexed by slotIndex/intfPortIndex"
        INDEX { slotIndex, intfPortIndex }
        ::= { intfVirtualRespTable 1 }

IntfVirtualRespEntry ::= SEQUENCE {
        intfVirtualRespType
                INTEGER,
        intfVirtualRespPortNo
                INTEGER
}

intfVirtualRespType OBJECT-TYPE
        SYNTAX  INTEGER {
                responsePort (1),
                inline (2)
        }

        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "Setting this object to responsePort (2) causes responses
                to be sent via the response port. The response port no that
                needs to be used is specified with intfRespPortNo object.

                Setting this object to inline (3) causes responses to be
                sent inline. Note that in monitoring mode, responses can
                only be sent inline when the monitoring port is in
                half-duplex mode.

                Default action will be responsePort (1)."
        ::= { intfVirtualRespEntry 1 }

intfVirtualRespPortNo OBJECT-TYPE
        SYNTAX  INTEGER
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "Specifies the response port number that needs to be used
                for this monitoring port. The response ports are configured
                by respPortTable."
        ::= { intfVirtualRespEntry 2 }



--------------------------------------------------

--
-- mvxCfgGrp
--

mvxCfgGrp OBJECT IDENTIFIER ::= { ivSensorConfigurationMIB 56 }

mvxConnectionConfig OBJECT-TYPE
        SYNTAX  INTEGER {
                enable (1),
                disable (2)
        }
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "This object is used to enable or disable the MVX integration
                Default: 2, disable"
        ::= { mvxCfgGrp 1 }


mvxIPAddressType OBJECT-TYPE
        SYNTAX  INTEGER {
                ip-v4 (4),
                ip-v6 (6)
        }
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "This object is used to configure the IP address type of the
                 mgmt port at the MVX engine end"
        ::= { mvxCfgGrp 2 }

mvxBrokerIPv4Address  OBJECT-TYPE
        SYNTAX IpAddress
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "This object is used to configure the IPv4 address of the MVX engine.
                 The mvxBrokerIPv4Address would be zero if the current object is initialized"
        ::= { mvxCfgGrp 3 }

mvxBrokerIPv6Address  OBJECT-TYPE
        SYNTAX  Ipv6Address
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "This object is used to configure the IPv6 address of the MVX engine.
                 The mvxBrokerIPv6Address would be zero if the current object is initialized"
        ::= { mvxCfgGrp 4 }

mvxUserName OBJECT-TYPE
        SYNTAX  DisplayString (SIZE(1..80))
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
             "This object is used to send username for configured MVX engine.
              Default value is NULL"
        ::= { mvxCfgGrp 5 }

mvxPassword OBJECT-TYPE
        SYNTAX  DisplayString (SIZE(1..80))
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
             "This object is used to send password for configured MVX engine.
              Default value is NULL"
        ::= { mvxCfgGrp 6 }

mvxCertificateValidation  OBJECT-TYPE
        SYNTAX  INTEGER {
                     enable (1),
                     disable (2)
        }
        MAX-ACCESS  read-write
        STATUS  current
        DESCRIPTION
                "This object is used to indicate the MVX server certificate flag at
                 the sensor"
        ::= { mvxCfgGrp 7 }

mvxAuthStatus OBJECT-TYPE
	SYNTAX 	INTEGER {
		down(2),
		up (1)
	}
	MAX-ACCESS  read-only
	STATUS	current
	DESCRIPTION
		"This object is used to indicate the authentication status between
                 sensor and MVX engine "
	::= { mvxCfgGrp 8 }

mvxUseProxy OBJECT-TYPE
       SYNTAX 	INTEGER {
		disable(2),
		enable(1)
	}
	MAX-ACCESS  read-write
	STATUS	current
	DESCRIPTION
		"This object is used to indicate the configured proxy is used by the MVX engine or not "
	::= { mvxCfgGrp 9 }


--------------------------------------------------

END
