SNMP traps and MIBs

The following tables describe the SNMP traps and MIB objects that you might encounter when using the SMC.

The SMC Appliance can be configured for SNMP access. The list of Net-SNMP common MIBs for the SMC Appliance can be found in the /usr/share/snmp/mibs directory. Visit http://⁠www.net-snmp.org for Net-SNMP MIB descriptions.

Firewall/VPN, IPS, and Layer 2 Firewall engines can send SNMP traps on system events. The traps are configured using SNMP Agent elements. Also, Tester entries can be configured to send SNMP traps. The SNMP traps are listed in the table.

Table 1. SNMP traps for Firewall/VPN, IPS, and Layer 2 Firewalls
Trap name Objects included Description
fwPolicyInstall fwSecurityPolicy (Firewall and Layer 2 Firewall) Policy was installed on the Firewall engine.
ipsPolicyInstall ipsSecurityPolicy (IPS) Policy was installed on the IPS engine.
nodeBoot - Node bootup complete.
nodeHwmon nodeHwmonEvent Hardware monitoring system has detected problems.
nodeOffline nodeOperState Node changed to offline or standby state.
nodeOnline nodeOperState Node changed to online state.
nodeShutdown - Node is shutting down.
nodeTestFailure nodeTestIdentity Test subsystem reported a test failure on the node.
nodeFailedUserLogin nodeLastLogin (Firewall and Layer 2 Firewall) Logon failed on the firewall engine's console or through SSH.
nodeUserLogin nodeLastLogin Log on initiated on the engine's console or through SSH.
nodeUserLogout nodeLastLogin (Firewall and Layer 2 Firewall) Log off on the firewall engine's console or through SSH.

The STONESOFT-SMI-MIB defines the top-level enterprise registrations for the Forcepoint NGFW products in the .iso.org.dod.internet.private.enterprises.stonesoft branch (OID .1.3.6.1.4.1.1369). The Forcepoint NGFW-specific MIB files can be downloaded at https://⁠support.forcepoint.com/Downloads.

The Forcepoint NGFW-specific MIBs are:
  • STONESOFT-FIREWALL-MIB
  • STONESOFT-IPS-MIB
  • STONESOFT-NETNODE-MIB

NGFW Engines in the Firewall/VPN and Layer 2 Firewall roles support objects in STONESOFT-FIREWALL-MIB. NGFW Engines in the IPS role support objects in STONESOFT-IPS-MIB. NGFW Engines in all roles support objects in STONESOFT-NETNODE-MIB.

NGFW Engines in the Firewall/VPN role also support objects in the following standard MIBs:
  • IF-MIB (RFC 2863 and RFC 2233)
  • IP-MIB (RFC 2011)
  • SNMP-USER-BASED-SM-MIB (RFC 3414)
  • SNMPv2 MIB (RFC 3418)
Table 2. STONESOFT-FIREWALL-MIB objects
Object name Object description in MIB
fwPolicyTime The time when the security policy was installed to the Firewall or Layer 2 Firewall
fwSecurityPolicy Name of the current security policy on the Firewall or Layer 2 Firewall
fwSoftwareVersion Version string of the Firewall or Layer 2 Firewall software
fwConnNumber Number of current connections
fwAccepted Number of accepted packets
fwDropped Number of dropped packets
fwLogged Number of logged packets
fwAccounted Number of accounted packets
fwRejected Number of rejected packets
fwIfTable This table contains an entry for each interface in system
fwIfStatsEntry Row for an interface
fwIfStatsIndex A unique value, greater than zero, for each interface or interface sublayer in the managed system
fwIfName Name of interface
fwIfAcceptedPkts Number of accepted packets by Firewall or Layer 2 Firewall rules
fwIfDroppedPkts Number of dropped packets by Firewall or Layer 2 Firewall rules
fwIfForwardedPkts Number of forwarded packets by Firewall or Layer 2 Firewall rules
fwIfLoggedPkts Number of logged packets by Firewall or Layer 2 Firewall rules
fwIfRejectedPkts Number of rejected packets by Firewall or Layer 2 Firewall rules
fwIfAccountedPkts Number of accounted packets by Firewall or Layer 2 Firewall rules
fwIfAcceptedBytes Number of accepted bytes by Firewall or Layer 2 Firewall rules
fwIfForwardedBytes Number of forwarded bytes by Firewall or Layer 2 Firewall rules
fwIfDroppedBytes Number of dropped bytes by Firewall or Layer 2 Firewall rules
fwIfLoggedBytes Number of logged bytes by Firewall or Layer 2 Firewall rules
fwIfRejectedBytes Number of rejected bytes by Firewall or Layer 2 Firewall rules
fwIfAccountedBytes Number of accounted bytes by Firewall or Layer 2 Firewall rules
fwCpuStatsTable This table contains an entry for each CPU in a system and total usage of all CPUs
fwCpuStatsId A unique value, greater than zero, for each CPU in the managed system. First element with Id '0' is designed for total values
fwCpuName Name of data current line concern
fwCpuTotal The total CPU load percentage
fwCpuUser The percentage of time the CPU has spent running users' processes that are not niced
fwCpuSystem The percentage of time the CPU has spent running the kernel and its processes
fwCpuNice The percentage of time the CPU has spent running user's processes that have been niced
fwCpuIdle The percentage of time the CPU was idle
fwCpuIoWait The percentage of time the CPU has been waiting for I/O to complete
fwCpuHwIrq The percentage of time the CPU has been servicing hardware interrupts
fwCpuSoftIrq The percentage of time the CPU has been servicing software interrupts
fwSwapBytesTotal Total swap space
fwSwapBytesUsed Used space of swap
fwSwapBytesUnused Amount of unused space of swap
fwMemBytesTotal Number of available bytes of physical memory
fwMemBytesUsed Amount of memory being in use
fwMemBytesUnused Number of unused bytes of physical memory
fwMemBytesBuffers Amount of memory used as buffers
fwMemBytesCached Amount of memory used as cache
fwDiskSpaceUsageTable Table contains an entry for each partition mounted in a system
fwDiskStats Row of information concerning one partition
fwPartitionIndex A unique value, greater than zero, for each partition
fwPartitionDevName A unique name of a device
fwMountPointName Name of a mount point
fwPartitionSize Total size of the partition
fwPartitionUsed Amount of used space of the partition (in kilobytes)
fwPartitionAvail Information about amount of free space on partition (in kilobytes)
fwVpnEp4Local Local IPv4 endpoint address
fwVpnEp4Remote Remote IPv4 endpoint address
fwVpnEp4RemoteType The type of remote VPN endpoint (static, dynamic, or mobile)
fwVpnEp4ReceivedBytes Number of received bytes between the endpoint pair
fwVpnEp4SentBytes Number of sent bytes between the endpoint pair
fwVpnEp4IpsecSa Number of currently established IPsec SAs between the endpoint pair
fwVpnEp6Local Local IPv6 endpoint address
fwVpnEp6Remote Remote IPv6 endpoint address
fwVpnEp6RemoteType The type of remote VPN endpoint (static, dynamic, or mobile)
fwVpnEp6ReceivedBytes Number of received bytes between the endpoint pair
fwVpnEp6SentBytes Number of sent bytes between the endpoint pair
fwVpnEp6IpsecSa Number of currently established IPsec SAs between the endpoint pair
adslModulation Modulation protocol
adslChannel Channel type
adslConnStatus The status of the DSL link or communication status with DSL modem in case of communication error
adslConnUptime Uptime of current ADSL connection
adslLineStatus Status of DSL line
adslInOctets Number of bytes received by ADSL interface
adslOutOctets Number of bytes transmitted by ADSL interface
adslSynchroSpeedUp The actual rate at which data is flowing upstream
adslSynchroSpeedDown The actual rate at which data is flowing downstream
adslAttenuationUp An estimate of the average loop attenuation upstream
adslAttenuationDown An estimate of the average loop attenuation downstream
adslNoiseMarginUp This is a signal-to-noise ratio (SNR) margin for traffic going upstream
adslNoiseMarginDown This is a signal-to-noise ratio (SNR) margin for traffic going downstream
adslHecErrorsUp The total number of header error checksum errors upstream
adslHecErrorsDown The total number of header error checksum errors downstream
adslOcdErrorsUp The number of out-of-cell delineation errors upstream
adslOcdErrorsDown The number of out-of-cell delineation errors downstream
adslLcdErrorsUp The total of lost-cell-delineation errors upstream
adslLcdErrorsDown The total of lost-cell-delineation errors downstream
adslBitErrorsUp The number of bit errors upstream
adslBitErrorsDown The number of bit errors downstream
Table 3. STONESOFT IPS-MIB objects
Object name Object description in MIB
ipsPolicyTime The time when the security policy was installed to the IPS engine
ipsSecurityPolicy Name of the current security policy on the IPS engine
ipsSoftwareVersion Version string of the IPS software
Table 4. STONESOFT-NETNODE-MIB objects
Object name Object description in MIB
nodeClusterId The identification number of the cluster this node belongs to
nodeCPULoad The CPU load percentage on the node
nodeHwmonEvent Reason for the hardware monitoring event
nodeLastLogin The most recent logon event on the node
nodeLastLoginTime Time stamp of the most recent logon event on the node
nodeMemberId Node's member identification within the cluster
nodeOperState The operative (clustering) state of the node
nodeTestIdentity Identification string of a nodeTest
nodeTestResult The most recent result of the nodeTest
nodeTestResultTime The time stamp of the most recent result of the nodeTest
Table 5. IF-MIB supported objects
Object name Object description in MIB
ifAdminStatus The state of the interface that the administrator wants. The testing(3) state indicates that no operational packets can be passed. When a managed system initializes, all interfaces start with ifAdminStatus in the down(2) state. As a result of either explicit management action or per configuration information retained by the managed system, ifAdminStatus is then changed to either the up(1) or testing(3) states (or remains in the down(2) state).
ifAlias This object is an 'alias' name for the interface as specified by a network manager, and provides a non-volatile 'handle' for the interface. On the first instantiation of an interface, the value of ifAlias associated with that interface is the zero-length string. As and when a value is written into an instance of ifAlias through a network management set operation, then the agent must retain the supplied value in the ifAlias instance associated with the same interface for as long as that interface remains instantiated, including across all reinitializations or reboots of the network management system, including those which result in a change of the interface's ifIndex value. An example of the value which a network manager might store in this object for a WAN interface is the (Telco's) circuit number or identifier of the interface. Some agents can support write-access only for interfaces having particular values of ifType. An agent which supports write access to this object is required to keep the value in non-volatile storage, but it can limit the length of new values depending on how much storage is already occupied by the current values for other interfaces.
ifDescr A textual string containing information about the interface. This string includes the name of the manufacturer, the product name, and the version of the interface hardware or software.
ifHCInMulticastPkts

The 64-bit wide number of packets, delivered by this sublayer to a higher (sub)layer, which were addressed to a multicast address at this sublayer. For a MAC layer protocol, this includes both Group and Functional addresses. This object is a 64-bit version of ifInMulticastPkts. Discontinuities in the value of this counter can occur at reinitialization of the network management system, and at other times as indicated by the value of ifCounterDiscontinuityTime.

The 32-bit ifInMulticastPkts reports the low 32-bits of this counter's value.

ifHCInOctets

The 64-bit wide total number of octets received on the interface, including framing characters. This object is a 64-bit version of ifInOctets. Discontinuities in the value of this counter can occur at reinitialization of the network management system, and at other times as indicated by the value of ifCounterDiscontinuityTime.

The 32-bit ifInOctets reports the low 32-bits of this counter's value.

ifHCInUcastPkts

The 64-bit wide number of packets, delivered by this sublayer to a higher (sub-)layer, which were not addressed to a multicast or broadcast address at this sublayer. This object is a 64-bit version of ifInUcastPkts. Discontinuities in the value of this counter can occur at reinitialization of the network management system, and at other times as indicated by the value of ifCounterDiscontinuityTime.

The 32-bit ifInUcastPkts reports the low 32-bits of this counter's value.

ifHCOutOctets

The 64-bit wide total number of octets transmitted out of the interface, including framing characters. This object is a 64-bit version of ifOutOctets. Discontinuities in the value of this counter can occur at reinitialization of the network management system, and at other times as indicated by the value of ifCounterDiscontinuityTime.

The 32-bit ifOutOctets reports the low 32-bits of this counter's value.

ifHCOutUcastPkts

The 64-bit wide total number of packets that higher-level protocols requested to be transmitted, and which were not addressed to a multicast or broadcast address at this sublayer, including those packets that were discarded or not sent. This object is a 64-bit version of ifOutUcastPkts. Discontinuities in the value of this counter can occur at reinitialization of the network management system, and at other times as indicated by the value of ifCounterDiscontinuityTime.

The 32-bit ifOutUcastPkts reports the low 32-bits of this counter's value.

ifHighSpeed An estimate of the interface's current bandwidth in units of 1,000,000 bits per second. If this object reports a value of 'n', then the speed of the interface is somewhere in the range of 'n-500,000' to 'n+499,999'. For interfaces which do not vary in bandwidth or for those where no accurate estimation can be made, this object contains the nominal bandwidth. For a sublayer which has no concept of bandwidth, this object must be zero.
ifIndex A unique value, greater than zero, for each interface. It is recommended that values are assigned contiguously starting from 1. The value for each interface sublayer must remain constant at least from one reinitialization of the entity's network management system to the next reinitialization.
ifInDiscards The number of inbound packets which were chosen to be discarded even though no errors had been detected to prevent their being deliverable to a higher-layer protocol. One possible reason for discarding such a packet could be to free up buffer space. Discontinuities in the value of this counter can occur at reinitialization of the network management system, and at other times as indicated by the value of ifCounterDiscontinuityTime.
ifInErrors For packet-oriented interfaces, the number of inbound packets that contained errors preventing them from being deliverable to a higher-layer protocol. For character- oriented or fixed-length interfaces, the number of inbound transmission units that contained errors preventing them from being deliverable to a higher-layer protocol. Discontinuities in the value of this counter can occur at reinitialization of the network management system, and at other times as indicated by the value of ifCounterDiscontinuityTime.
ifInMulticastPkts

The 32-bit wide number of packets, delivered by this sublayer to a higher (sub)layer, which were addressed to a multicast address at this sublayer. For a MAC layer protocol, this includes both Group and Functional addresses. Discontinuities in the value of this counter can occur at reinitialization of the network management system, and at other times as indicated by the value of ifCounterDiscontinuityTime.

This object reports the low 32-bits of the 64-bit ifHCInMulticastPkts counter's value.

ifInOctets

The 32-bit wide total number of octets received on the interface, including framing characters. Discontinuities in the value of this counter can occur at reinitialization of the network management system, and at other times as indicated by the value of ifCounterDiscontinuityTime.

This object reports the low 32-bits of the 64-bit ifHCInOctets counter's value.

ifInUcastPkts

The 32-bit wide number of packets, delivered by this sublayer to a higher (sub-)layer, which were not addressed to a multicast or broadcast address at this sublayer. Discontinuities in the value of this counter can occur at reinitialization of the network management system, and at other times as indicated by the value of ifCounterDiscontinuityTime.

This object reports the low 32-bits of the 64-bit ifHCInUcastPkts counter's value.

ifLastChange The value of sysUpTime at the time the interface entered its current operational state. If the current state was entered before the last reinitialization of the local network management subsystem, this object contains a zero value.
ifLinkUpDownTrapEnable Indicates whether linkUp or linkDown traps are generated for this interface. By default, this object must have the value enabled(1) for interfaces which do not operate on 'top' of any other interface (as defined in the ifStackTable), and disabled(2) otherwise.
ifMtu The size of the largest packet which can be sent or received on the interface, specified in octets. For interfaces that are used for transmitting network datagrams, this is the size of the largest network datagram that can be sent on the interface.
ifName The textual name of the interface. The value of this object must be the name of the interface as assigned by the local device. It must be suitable for use in commands entered at the device's 'console'. This name might be a text name, such as 'le0' or a simple port number, such as '1', depending on the interface naming syntax of the device. If several entries in the ifTable together represent a single interface as named by the device, each will have the same value of ifName. For an agent which responds to SNMP queries concerning an interface on some other (proxied) device, then the value of ifName for such an interface is the proxied device's local name for it. If there is no local name, or this object is otherwise not applicable, this object contains a zero-length string.
ifNumber The number of network interfaces (regardless of their current state) present on this system.
ifOperStatus The current operational state of the interface. The testing(3) state indicates that no operational packets can be passed. If ifAdminStatus is down(2), then ifOperStatus is down(2). If ifAdminStatus is changed to up(1), then ifOperStatus changes to up(1) if the interface is ready to transmit and receive network traffic; it changes to dormant(5) if the interface is waiting for external actions (such as a serial line waiting for an incoming connection); it remains in the down(2) state if and only if there is a fault that prevents it from going to the up(1) state; it remains in the notPresent(6) state if the interface has missing (typically, hardware) components.
ifOutDiscards The number of outbound packets which were chosen to be discarded even though no errors had been detected to prevent their being transmitted. One possible reason for discarding such a packet could be to free up buffer space. Discontinuities in the value of this counter can occur at reinitialization of the network management system, and at other times as indicated by the value of ifCounterDiscontinuityTime.
ifOutErrors For packet-oriented interfaces, the number of outbound packets that could not be transmitted because of errors. For character-oriented or fixed-length interfaces, the number of outbound transmission units that could not be transmitted because of errors. Discontinuities in the value of this counter can occur at reinitialization of the network management system, and at other times as indicated by the value of ifCounterDiscontinuityTime.
ifOutOctets

The 32-bit wide total number of octets transmitted out of the interface, including framing characters. Discontinuities in the value of this counter can occur at reinitialization of the network management system, and at other times as indicated by the value of ifCounterDiscontinuityTime.

This object reports the low 32-bits of the 64-bit ifHCOutOctets counter's value.

ifOutUcastPkts

The 32-bit wide total number of packets that higher-level protocols requested to be transmitted, and which were not addressed to a multicast or broadcast address at this sublayer, including the packets that were discarded or not sent. Discontinuities in the value of this counter can occur at reinitialization of the network management system, and at other times as indicated by the value of ifCounterDiscontinuityTime.

This object reports the low 32-bits of the 64-bit ifHCOutUcastPkts counter's value.

ifPhysAddress The interface's address at its protocol sublayer. For example, for an 802.x interface, this object normally contains a MAC address. The interface's media-specific MIB must define the bit and byte ordering and the format of the value of this object. For interfaces that do not have such an address (for example, a serial line), this object must contain an octet string of zero length.
ifPromiscuousMode This object has a value of false(2) if this interface only accepts packets or frames that are addressed to this station. This object has a value of true(1) when the station accepts all packets or frames transmitted on the media. The value true(1) is only legal on certain types of media. If legal, setting this object to a value of true(1) might require the interface to be reset before becoming effective. The value of ifPromiscuousMode does not affect the reception of broadcast and multicast packets or frames by the interface.
ifSpeed An estimate of the interface's current bandwidth in bits per second. For interfaces which do not vary in bandwidth or for those where no accurate estimation can be made, this object must contain the nominal bandwidth. If the bandwidth of the interface is greater than the maximum value reportable by this object, then this object must report its maximum value (4,294,967,295) and ifHighSpeed must be used to report the interface's speed. For a sublayer which has no concept of bandwidth, this object must be zero.
ifType The type of interface. Additional values for ifType are assigned by the Internet Assigned Numbers Authority (IANA), through updating the syntax of the IANAifType textual convention.
Table 6. SNMP-USER-BASED-SM-MIB objects
Object name Object description in MIB
usmStatsDecryptionErrors The total number of packets received by the SNMP engine which were dropped because they could not be decrypted.
usmStatsNotInTimeWindows The total number of packets received by the SNMP engine which were dropped because they appeared outside of the authoritative SNMP engine's window.
usmStatsUnknownEngineIDs The total number of packets received by the SNMP engine which were dropped because they referenced an snmpEngineID that was not known to the SNMP engine.
usmStatsUnknownUserNames The total number of packets received by the SNMP engine which were dropped because they referenced a user that was not known to the SNMP engine.
usmStatsUnsupportedSecLevels The total number of packets received by the SNMP engine which were dropped because they requested a security Level that was unknown to the SNMP engine or otherwise unavailable.
usmStatsWrongDigests The total number of packets received by the SNMP engine which were dropped because they did not contain the expected digest value.
usmUserSpinLock An advisory lock used to allow several cooperating Command Generator Applications to coordinate their use of facilities to change secrets in the usmUserTable.
usmUserStatus The status of this conceptual row. Until instances of all corresponding columns are appropriately configured, the value of the corresponding instance of the usmUserStatus column is 'notReady'. In particular, a newly created row for a user who employs authentication cannot be made active until the corresponding usmUserCloneFrom and usmUserAuthKeyChange have been set. Further, a newly created row for a user who also employs privacy cannot be made active until the usmUserPrivKeyChange has been set. The RowStatus TC [RFC2579] requires that this DESCRIPTION clause states under which circumstances other objects in this row can be edited: The value of this object has no effect on whether other objects in this conceptual row can be edited, except for usmUserOwnAuthKeyChange and usmUserOwnPrivKeyChange. For these 2 objects, the value of usmUserStatus MUST be active.
Table 7. SNMPv2-MIB supported objects
Object name Object description in MIB
snmpEnableAuthenTraps Indicates whether the SNMP entity is permitted to generate authenticationFailure traps. The value of this object overrides any configuration information; as such, it provides a means whereby all authenticationFailure traps can be disabled. It is recommended that this object is stored in non-volatile memory so that it remains constant across reinitializations of the network management system.
snmpInASNParseErrs The total number of ASN.1 or BER errors encountered by the SNMP entity when decoding received SNMP messages.
snmpInBadCommunityNames The total number of SNMP messages delivered to the SNMP entity which used an SNMP community name not known to said entity.
snmpInBadCommunityUses The total number of SNMP messages delivered to the SNMP entity which represented an SNMP operation which was not allowed by the SNMP community named in the message.
snmpInBadVersions The total number of SNMP messages which were delivered to the SNMP entity and were for an unsupported SNMP version.
snmpInPkts The total number of messages delivered to the SNMP entity from the transport service.
snmpProxyDrops The total number of GetRequest-PDUs, GetNextRequest-PDUs, GetBulkRequest-PDUs, SetRequest-PDUs, and InformRequest-PDUs delivered to the SNMP entity which were silently dropped because the transmission of the (possibly translated) message to a proxy target failed in a manner (other than a time-out) such that no Response-PDU could be returned.
snmpSetSerialNo An advisory lock used to allow several cooperating SNMPv2 entities, all acting in a manager role, to coordinate their use of the SNMPv2 set operation. This object is used for coarse-grain coordination. To achieve fine-grain coordination, one or more similar objects might be defined within each MIB group, as appropriate.
snmpSilentDrops The total number of GetRequest-PDUs, GetNextRequest-PDUs, GetBulkRequest-PDUs, SetRequest-PDUs, and InformRequest-PDUs delivered to the SNMP entity which were silently dropped because the size of a reply containing an alternate Response-PDU with an empty variable-bindings field was greater than either a local constraint or the maximum message size associated with the originator of the request.
sysContact The textual identification of the contact person for this managed node, together with information about how to contact this person. If no contact information is known, the value is the zero-length string.
sysDescr A textual description of the entity. This value must include the full name and version identification of the system's hardware type, software operating-system, and networking software.
sysLocation The physical location of this node (for example, 'telephone closet, 3rd floor'). If the location is unknown, the value is the zero-length string.
sysName An administratively assigned name for this managed node. By convention, this is the node's fully qualified domain name. If the name is unknown, the value is the zero-length string.
sysObjectID The vendor's authoritative identification of the network management subsystem contained in the entity. This value is allocated within the SMI enterprises subtree (1.3.6.1.4.1) and provides an easy and unambiguous means for determining 'what kind of box' is being managed. For example, if vendor 'Flintstones, Inc.' was assigned the subtree 1.3.6.1.4.1.4242, it could assign the identifier 1.3.6.1.4.1.4242.1.1 to its 'Fred Router'.
sysServices A value which indicates the set of services that this entity potentially offers. The value is a sum. This sum initially takes the value zero. Then, for each layer, L, in the range 1 through 7, that this node performs transactions for, 2 raised to (L - 1) is added to the sum. For example, a node which performs only routing functions would have a value of 4 (2^(3–1)). In contrast, a node which is a host offering application services would have a value of 72 (2^(4–1) + 2^(7–1)). In the context of the Internet suite of protocols, values must be calculated accordingly:
  • layer functionality 1 physical (for example, repeaters).
  • 2 datalink or subnetwork (for example, bridges).
  • 3 Internet (for example, supports IP).
  • 4 end-to-end (for example, supports TCP).
  • 7 applications (for example, supports SMTP).
  • For systems including OSI protocols, layers 5 and 6 can also be counted.
sysUpTime The time (in hundredths of a second) since the network management portion of the system was last reinitialized.