-- -- MODULE-IDENTITY -- OrgName -- Fortinet, Inc. -- ContactInfo -- Technical Support -- e-mail: support@fortinet.com -- http://www.fortinet.com -- FORTINET-FORTIDDOS-MIB DEFINITIONS ::= BEGIN IMPORTS InetAddress, InetAddressPrefixLength, InetAddressType, InetAddressIPv4 , InetAddressIPv6 FROM INET-ADDRESS-MIB MODULE-COMPLIANCE, NOTIFICATION-GROUP, OBJECT-GROUP FROM SNMPv2-CONF DisplayString, TimeStamp, TEXTUAL-CONVENTION FROM SNMPv2-TC MODULE-IDENTITY, OBJECT-TYPE, NOTIFICATION-TYPE, Integer32, Gauge32, IpAddress, Counter64, Unsigned32 FROM SNMPv2-SMI ifIndex FROM IF-MIB FnBoolState, FnIndex, FnSessionProto, fortinet FROM FORTINET-CORE-MIB; fnFortiDDoSMib MODULE-IDENTITY LAST-UPDATED "202407230000Z" ORGANIZATION "Fortinet Technologies, Inc." CONTACT-INFO "Technical Support email: support@fortinet.com http://www.fortinet.com " DESCRIPTION "Added Global and SPP drops and ongoing attack flag " REVISION "202407230000Z" DESCRIPTION "Added spp operating mode " REVISION "201906100000Z" DESCRIPTION "Added 5.2.0 related descriptions" REVISION "201904190000Z" DESCRIPTION "Added 4.3.0 related descriptions" REVISION "201506120000Z" DESCRIPTION "Added fddtrap 105: fddTrapAttackEvent and fix validation errors" REVISION "201506110000Z" DESCRIPTION "Added subnet name and subnet comment for Fortinet FortiDDoS events entry" REVISION "201502270000Z" DESCRIPTION "MIB module for Fortinet FortiDDoS devices" REVISION "201401150000Z" DESCRIPTION "Inherit FORTINET-CORE-MIB, combine FortiDDoS traps" REVISION "200910220000Z" DESCRIPTION "MIB module for FortiDDoS devices." ::= { fortinet 111 } -- -- Textual conventions -- -- FddSysEventCodeVal ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "enumerated type for System component events." SYNTAX INTEGER { systemHalt (1), systemReboot (2), systemReload (3), systemUpgrade (4), guiUpgrade (5), logdiskFormat (6) } FddHAEventIdVal ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "enumerated type for HA events." SYNTAX INTEGER { masterUnitSwitch (1), slaveUnitSwitch (2), unitShutdown (3) } FddHAModeVal ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "enumerated type for HA mode." SYNTAX INTEGER { off (0), slave (1), master (2), configMaster (3), configSlave (4), failed (5), holdoff (6) } FddPortLinkStatusVal ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "enumerated type for port link status." SYNTAX INTEGER { down (0), up (1) } FddPortLinkSpeedVal ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "enumerated type for port link speed." SYNTAX INTEGER { auto (0), 10half (1), 10full (2), 100half (3), 100full (4), 1000half (5), 1000full (6), 10g (7), 40g (8), 100g (9) } FddPortLinkAutoNegVal ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "enumerated type for port link auto negotiation status." SYNTAX INTEGER { disabled (0), enabled (1) } FddPortMediumVal ::= TEXTUAL-CONVENTION STATUS current DESCRIPTION "enumerated type for port link medium." SYNTAX INTEGER { copper (1), fiber (2) } -- -- -- fddSystem OBJECT IDENTIFIER ::= { fnFortiDDoSMib 1 } fddMIBConformance OBJECT IDENTIFIER ::= { fnFortiDDoSMib 2 } fddTraps OBJECT IDENTIFIER ::= { fnFortiDDoSMib 3 } fddSysParams OBJECT IDENTIFIER ::= { fddSystem 1 } fddSysOptions OBJECT IDENTIFIER ::= { fddSystem 2 } fddSysHA OBJECT IDENTIFIER ::= { fddSystem 3 } fddPorts OBJECT IDENTIFIER ::= { fddSystem 4 } fddConnections OBJECT IDENTIFIER ::= { fddSystem 5 } fddSPPs OBJECT IDENTIFIER ::= { fddSystem 6 } -- fddSubnets OBJECT IDENTIFIER ::= { fddSystem 6 } -- -- fnFortiDDoSMib.fddSystem -- fddSysModel OBJECT-TYPE SYNTAX DisplayString ( SIZE ( 0 .. 64 ) ) MAX-ACCESS read-only STATUS current DESCRIPTION "System model string" ::= { fddSysParams 1 } fddSysSerial OBJECT-TYPE SYNTAX DisplayString ( SIZE ( 0 .. 32 ) ) MAX-ACCESS read-only STATUS current DESCRIPTION "Device serial number" ::= { fddSysParams 2 } fddSysVersion OBJECT-TYPE SYNTAX DisplayString ( SIZE ( 0 .. 128 ) ) MAX-ACCESS read-only STATUS current DESCRIPTION "Device firmware version" ::= { fddSysParams 3 } fddSysCpuUsage OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "Instantaneous CPU usage" ::= { fddSysParams 4 } fddSysMemUsage OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "Instantaneous memory utilization" ::= { fddSysParams 5 } fddSysLogDiskUsage OBJECT-TYPE SYNTAX Gauge32 MAX-ACCESS read-only STATUS current DESCRIPTION "Instantaneous log disk usage" ::= { fddSysParams 6 } -- -- fnFortiDDoSMib.fddSystem.fddSysOptions -- fddSysOptIdleTimeout OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "Idle period after which the administrator is automatically logged out off the system" ::= { fddSysOptions 1 } -- -- fnFortiDDoSMib.fddSystem.fddSysHA -- fddHAMode OBJECT-TYPE SYNTAX FddHAModeVal MAX-ACCESS read-only STATUS current DESCRIPTION "Configured HA mode" ::= { fddSysHA 1 } fddHAEffectiveMode OBJECT-TYPE SYNTAX FddHAModeVal MAX-ACCESS read-only STATUS current DESCRIPTION "Effective HA mode" ::= { fddSysHA 2 } -- -- fnFortiDDoSMib.fddPorts -- fddPortCount OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "The count of ports in the appliance " ::= { fddPorts 1 } fddPortsTable OBJECT-TYPE SYNTAX SEQUENCE OF FddPortEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table of ports on the device." ::= { fddPorts 2 } fddPortEntry OBJECT-TYPE SYNTAX FddPortEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry containing information applicable to a port" INDEX { fddPortIndex } ::= { fddPortsTable 1 } FddPortEntry ::= SEQUENCE { fddPortIndex Integer32, fddPortIngress Counter64, fddPortEgress Counter64, fddPortIngressPPS Counter64, fddPortEgressPPS Counter64, fddPortIngressBPS Counter64, fddPortEgressBPS Counter64, fddPortLinkStatus FddPortLinkStatusVal, fddPortLinkSpeed FddPortLinkSpeedVal, fddPortLinkAutoNeg FddPortLinkAutoNegVal, fddPortMedium FddPortMediumVal } fddPortIndex OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "An index uniquely defining a port within the fddPortsTable" ::= { fddPortEntry 1 } fddPortIngress OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS not-accessible STATUS current DESCRIPTION "Packets Ingress on the Port " ::= { fddPortEntry 2 } fddPortEgress OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS not-accessible STATUS current DESCRIPTION "Packets Egress on the Port " ::= { fddPortEntry 3 } fddPortIngressPPS OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS not-accessible STATUS current DESCRIPTION "Packets Ingress PPS on the Port " ::= { fddPortEntry 4 } fddPortEgressPPS OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS not-accessible STATUS current DESCRIPTION "Packets Egress PPS on the Port " ::= { fddPortEntry 5 } fddPortIngressBPS OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS not-accessible STATUS current DESCRIPTION "Packets Ingress BPS on the Port " ::= { fddPortEntry 6 } fddPortEgressBPS OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS not-accessible STATUS current DESCRIPTION "Packets Egress BPS on the Port " ::= { fddPortEntry 7 } fddPortLinkStatus OBJECT-TYPE SYNTAX FddPortLinkStatusVal MAX-ACCESS not-accessible STATUS current DESCRIPTION "Link status of the port" ::= { fddPortEntry 8 } fddPortLinkSpeed OBJECT-TYPE SYNTAX FddPortLinkSpeedVal MAX-ACCESS not-accessible STATUS current DESCRIPTION "Link speed of the port" ::= { fddPortEntry 9 } fddPortLinkAutoNeg OBJECT-TYPE SYNTAX FddPortLinkAutoNegVal MAX-ACCESS not-accessible STATUS current DESCRIPTION "Link auto negotiation status of the port" ::= { fddPortEntry 10 } fddPortMedium OBJECT-TYPE SYNTAX FddPortMediumVal MAX-ACCESS not-accessible STATUS current DESCRIPTION "medium used in the port" ::= { fddPortEntry 11 } -- -- fnFortiDDoSMib.fddSPPs -- fddSPPsCount OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "The count of SPPs in the appliance " ::= { fddSPPs 1 } fddSPPTable OBJECT-TYPE SYNTAX SEQUENCE OF FddSPPEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table of SPPs on the device." ::= { fddSPPs 2 } fddSPPEntry OBJECT-TYPE SYNTAX FddSPPEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry containing information applicable to a SPP" INDEX { fddSPPsIndex } ::= { fddSPPTable 1 } FddSPPEntry ::= SEQUENCE { fddSPPsIndex Integer32, fddSPPInboundIngressPPS Counter64, fddSPPInboundEgressPPS Counter64, fddSPPInboundIngressBPS Counter64, fddSPPInboundEgressBPS Counter64, fddSPPOutboundIngressPPS Counter64, fddSPPOutboundEgressPPS Counter64, fddSPPOutboundIngressBPS Counter64, fddSPPOutboundEgressBPS Counter64, fddSPPInboundDrops Counter64, fddSPPOutboundDrops Counter64, fddSPPAttackFlag INTEGER } fddSPPsIndex OBJECT-TYPE SYNTAX Integer32 (1..2147483647) MAX-ACCESS not-accessible STATUS current DESCRIPTION "An index uniquely defining a spp within the fddSPPTable" ::= { fddSPPEntry 1 } fddSPPInboundIngressPPS OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS not-accessible STATUS current DESCRIPTION "Packets Inbound Ingress PPS on the SPP " ::= { fddSPPEntry 2 } fddSPPInboundEgressPPS OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS not-accessible STATUS current DESCRIPTION "Packets Inbound Egress PPS on the SPP " ::= { fddSPPEntry 3 } fddSPPInboundIngressBPS OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS not-accessible STATUS current DESCRIPTION "Packets Inbound Ingress BPS on the SPP " ::= { fddSPPEntry 4 } fddSPPInboundEgressBPS OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS not-accessible STATUS current DESCRIPTION "Packets Inbound Egress BPS on the SPP " ::= { fddSPPEntry 5 } fddSPPOutboundIngressPPS OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS not-accessible STATUS current DESCRIPTION "Packets Outbound Ingress PPS on the SPP " ::= { fddSPPEntry 6 } fddSPPOutboundEgressPPS OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS not-accessible STATUS current DESCRIPTION "Packets Outbound Egress PPS on the SPP " ::= { fddSPPEntry 7 } fddSPPOutboundIngressBPS OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS not-accessible STATUS current DESCRIPTION "Packets Outbound Ingress BPS on the SPP " ::= { fddSPPEntry 8 } fddSPPOutboundEgressBPS OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS not-accessible STATUS current DESCRIPTION "Packets Outbound Egress BPS on the SPP " ::= { fddSPPEntry 9 } fddSPPInboundDrops OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS not-accessible STATUS current DESCRIPTION "Inbound Drops on the SPP " ::= { fddSPPEntry 10 } fddSPPOutboundDrops OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS not-accessible STATUS current DESCRIPTION "Outbound Drops on the SPP " ::= { fddSPPEntry 11 } fddSPPAttackFlag OBJECT-TYPE SYNTAX INTEGER { noattack(0), underattack(1) } MAX-ACCESS not-accessible STATUS current DESCRIPTION "Flag is set if drops are over the configured value" ::= { fddSPPEntry 12 } fddGlobalInboundDrops OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS not-accessible STATUS current DESCRIPTION "Global Inbound Drops" ::= { fddSPPs 3 } fddGlobalOutboundDrops OBJECT-TYPE SYNTAX Counter64 MAX-ACCESS not-accessible STATUS current DESCRIPTION "Global Outbound Drops" ::= { fddSPPs 4 } fddGlobalAttackFlag OBJECT-TYPE SYNTAX INTEGER { noattack(0), underattack(1) } MAX-ACCESS not-accessible STATUS current DESCRIPTION "Flag is set if drops are over the configured value" ::= { fddSPPs 5 } -- -- fnFortiDDoSMib.fddConnections -- fddSPPCount OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "The Count of SPPs configured in the appliance " ::= { fddConnections 1 } fddConnectionsTable OBJECT-TYPE SYNTAX SEQUENCE OF FddConnectionEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "A table of ports on the device." ::= { fddConnections 2 } fddConnectionEntry OBJECT-TYPE SYNTAX FddConnectionEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "An entry containing information applicable to a service protection profile" INDEX { fddSPPIndex } ::= { fddConnectionsTable 1 } FddConnectionEntry ::= SEQUENCE { fddSPPIndex Integer32, fddTotalConnections Integer32, fddTotalEstablished Integer32 } fddSPPIndex OBJECT-TYPE SYNTAX Integer32 (1..8) MAX-ACCESS not-accessible STATUS current DESCRIPTION "An index uniquely defining a spp within the fddPortsTable" ::= { fddConnectionEntry 1 } fddTotalConnections OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "Total Connections in the SPP " ::= { fddConnectionEntry 2 } fddTotalEstablished OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS not-accessible STATUS current DESCRIPTION "Total Established Connections in the SPP" ::= { fddConnectionEntry 3 } -- -- fnFortiDDoSMib.fddSubnets -- -- fddSubnetCount OBJECT-TYPE -- SYNTAX Integer32 -- MAX-ACCESS read-only -- STATUS current -- DESCRIPTION -- "The Count of Subnets configured in the appliance " -- ::= { fddSubnets 1 } -- -- fddSubnetsTable OBJECT-TYPE -- SYNTAX SEQUENCE OF FddSubnetEntry -- MAX-ACCESS not-accessible -- STATUS current -- DESCRIPTION -- "A table of ports on the device." -- ::= { fddSubnets 2 } -- -- fddSubnetEntry OBJECT-TYPE -- SYNTAX FddSubnetEntry -- MAX-ACCESS not-accessible -- STATUS current -- DESCRIPTION -- "An entry containing information applicable to a service protection profile" -- INDEX { fddSubnetIndex } -- ::= { fddSubnetsTable 1 } -- -- FddSubnetEntry ::= SEQUENCE { -- fddSubnetIndex Integer32, -- fddReceivedPackets Counter64, -- fddAllowedPackets Counter64, -- fddDroppedPackets Counter64, -- fddReceivedBytes Counter64, -- fddAllowedBytes Counter64, -- fddDroppedBytes Counter64 -- } -- fddSubnetIndex OBJECT-TYPE -- SYNTAX Integer32 (1..512) -- MAX-ACCESS not-accessible -- STATUS current -- DESCRIPTION -- "An index uniquely defining a spp within the fddPortsTable" -- ::= { fddSubnetEntry 1 } -- -- fddReceivedPackets OBJECT-TYPE -- SYNTAX Counter64 -- MAX-ACCESS not-accessible -- STATUS current -- DESCRIPTION -- "Total received packets in the subnet " -- ::= { fddSubnetEntry 2 } -- -- fddAllowedPackets OBJECT-TYPE -- SYNTAX Counter64 -- MAX-ACCESS not-accessible -- STATUS current -- DESCRIPTION -- "Total Allowed Packets in the Subnet" -- ::= { fddSubnetEntry 3 } -- fddDroppedPackets OBJECT-TYPE -- SYNTAX Counter64 -- MAX-ACCESS not-accessible -- STATUS current -- DESCRIPTION -- "Total Dropped Packets in the Subnet" -- ::= { fddSubnetEntry 4 } -- fddReceivedBytes OBJECT-TYPE -- SYNTAX Counter64 -- MAX-ACCESS not-accessible -- STATUS current -- DESCRIPTION -- "Total Received Bytes in the Subnet" -- ::= { fddSubnetEntry 5 } -- fddAllowedBytes OBJECT-TYPE -- SYNTAX Counter64 -- MAX-ACCESS not-accessible -- STATUS current -- DESCRIPTION -- "Total Allowed Bytes in the Subnet" -- ::= { fddSubnetEntry 6 } -- fddDroppedBytes OBJECT-TYPE -- SYNTAX Counter64 -- MAX-ACCESS not-accessible -- STATUS current -- DESCRIPTION -- "Total Dropped Bytes in the Subnet" -- ::= { fddSubnetEntry 7 } -- -- fnFortiDDoSMib.fddTraps -- fddTrapCpuHighThreshold NOTIFICATION-TYPE OBJECTS { fddSysSerial } STATUS current DESCRIPTION "Trap being sent if CPU usage becomes too high, which is defined in FORTINET-CORE-MIB" ::= { fddTraps 101 } fddTrapMemLowThreshold NOTIFICATION-TYPE OBJECTS { fddSysSerial } STATUS current DESCRIPTION "Trap being sent if memory usage becomes too high, which is defined in FORTINET-CORE-MIB" ::= { fddTraps 102 } fddTrapLogDiskHighThreshold NOTIFICATION-TYPE OBJECTS { fddSysSerial } STATUS current DESCRIPTION "Trap being sent if Log disk usage becomes too high, which is defined in FORTINET-CORE-MIB" ::= { fddTraps 103 } fddTrapCardFailure NOTIFICATION-TYPE OBJECTS { fddSysSerial } STATUS current DESCRIPTION "Trap being sent if there is a card failure" ::= { fddTraps 106 } fddTrapGracefulRecovery NOTIFICATION-TYPE OBJECTS { fddSysSerial } STATUS current DESCRIPTION "Trap being sent if there is a graceful recovery" ::= { fddTraps 107 } fddEventsTable OBJECT-TYPE SYNTAX SEQUENCE OF FddEventsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Desc." ::= { fddTraps 104 } fddEventsEntry OBJECT-TYPE SYNTAX FddEventsEntry MAX-ACCESS not-accessible STATUS current DESCRIPTION "Desc." INDEX { fddEventIndex } ::= { fddEventsTable 1 } FddEventsEntry ::= SEQUENCE { fddEventIndex Unsigned32, fddEventDirection INTEGER, fddEventType INTEGER, fddEventTimeStamp TimeStamp, fddEventSPP Integer32, fddEventSrcIPType InetAddressType, fddEventSrcIPv4 InetAddressIPv4, fddEventSrcIPv6 InetAddressIPv6, fddEventDestIPType InetAddressType, fddEventDestIPv4 InetAddressIPv4, fddEventDestIPv6 InetAddressIPv6, fddEventL3Protocol Integer32, fddEventSrcPort Integer32, fddEventDestPort Integer32, fddEventICMPType Integer32, fddEventICMPCode Integer32, fddEventDetail DisplayString, fddEventDropCount Integer32, fddEventSubnetName DisplayString, fddEventSubnetComment DisplayString, fddSPPOperatingMode INTEGER, fddSPPID Integer32, fddDropThreshold Integer32, fddTotal5minDrops DisplayString, fddTableName DisplayString } fddEventIndex OBJECT-TYPE SYNTAX Unsigned32 (1..4294967296) MAX-ACCESS read-only STATUS current DESCRIPTION "Desc." ::= { fddEventsEntry 1 } fddEventDirection OBJECT-TYPE SYNTAX INTEGER { global(-1), outbound(0), inbound(1) } MAX-ACCESS read-only STATUS current DESCRIPTION "The port for the event. 0 indicates inbound and 1 is outbound. -1 indicates its a global event." ::= { fddEventsEntry 2 } fddEventType OBJECT-TYPE SYNTAX INTEGER { protocolflood(1000), otherprotocolsfragmentflood(1001), sourcefloodstart(1005), sthashattack(1006), stoutofmemory(1007), sourceflood(1008), destinationflood(1009), dthashattack(1010), dtoutofmemory(1011), destinationflood(1012), distributedsourceattack(1013), ipheaderchecksumerror(1014), sourceipeqdestip(1015), sourcedestipeqlocalhost(1016), l3anomalies(1017), iptunnelingattacks(1018), darkaddressscan(1022), tcpfragmentflood(1023), udpfragmentflood(1024), protocoldenied(1050), otherprotocolsfragmentdenied(1054), sourcedenied(1055), destinationdenied(1056), mostactivesource(1057), mostactivedestination(1058), deniedgeolocation(1059), deniedipaddress(1060), deniedipsectunnel(1065), deniedipreputation(1061), deniedantispoof(1062), deniedipmulticast(1063), deniedprivateip(1064), tcpfragmentdenied(1071), udpfragmentdenied(1072), distressacldenied(1073), udpfragmentperdstflood(1074), ipsecespperdstflood(1075), synflood(2000), globalruleacl(2002), nolegitimateip(2005), stateanomaliesforeignpacketoutofstate(2006), stateanomaliesoutsidewindowoutbound(2007), stateanomaliesoutsidewindowinbound(2008), tcpsmhashattack(2010), tcpsmoutofmemory(2011), stateanomaliesstatetransitionerror(2012), sppruleacl(2013), tcpzombieflood(2016), tcpportflood(2017), udpportflood(2018), icmpflood(2019), foreignpacketsaggressiveagingandslowconnections(2020), slowconnectionsourceflood(2022), possibleudpreflectionflood(2023), tcpchecksumerror(2024), udpchecksumerror(2025), icmpchecksumerror(2026), tcpinvalidflagcombination(2027), l4anomalies(2028), excessiveopentcpsessions(2029), udpreflectionflood(2030), tcpsynwithpayload(2031), tcpportdenied(2052), udpportdenied(2053), icmptypecodedenied(2054), synfloodfromsourcestart(2055), synfloodfromsource(2056), mostactivesynsource(2057), aggrageconcurrentconnectionspersourceflood(2058), excessiveconcurrentconnectionspersourceflood(2061), excessivetcppacketsperdestinationflood(2062), synackfloodinasym(2063), synackperdstfloodinasym(2064), httpsipurlsourceflood(2080), dnsqueryfloodfromsource(2082), dnspackettrackfloodfromsource(2083), invalidicmptypecode(2086), httpmethodfloodfromsource(2087), greheaderchecksumerror(2088), gtpuheaderanomaly(2089), udpdstport53perdstflood(2090), udpsrcport53perdstflood(2091), sppswitchingtoalternativespp(3008), sppswitchingtooriginalspp(3009), cannotsendattacksignal(3010), someboardsnotwork(3011), receiveattacksignal(3012), cannotcreatepolicyonattacksignal(3013), sendoutattacksignal(3014), httpmethodflood(4000), undefinedhttpmethodanomaly(4001), httpversionanomaly(4002), urldenied(4003), urlflood(4004), invalidhttpmethodanomaly(4005), httpl7hostflood(4006), httpl7hostdeny(4007), httpl7refererflood(4008), httpl7refererdeny(4009), httpl7cookieflood(4010), httpl7cookiedeny(4011), httpl7useragentflood(4012), httpl7useragentdeny(4013), urlscanstart(4014), sipinvitepersrc(4034), sipregisterpersrc(4035), sipconcurrentinvitepersrc(4036), dnsfragmentdeny(4037), dnsmailbdeny(4038), dnsalldeny(4039), dnsqtypedeny(4040), dnsrcodeflood(4041), dnsheaderanomalyinvalidopcode(4042), dnsheaderanomalyillegalflagcombination(4043), dnsheaderanomalysamesourcedestinationport(4044), dnsrequestanomalyquerybitset(4045), dnsrequestanomalyrabitset(4046), dnsrequestanomalynullquery(4047), dnsrequestanomalyqdcountnot1inquery(4048), dnsreplyanomalyqclassinreply(4050), dnsreplyanomalyqtypeinreply(4051), dnsreplyanomalyquerybitnotset(4052), dnsreplyanomalyqdcountnot1inresponse(4053), dnsbufferoverflowanomalymessagetoolong(4054), dnsbufferoverflowanomalynametoolong(4055), dnsbufferoverflowanomalylabellengthtoolarge(4056), dnsexploitanomalypointerloop(4057), dnsexploitanomalyzonetransfer(4058), dnsexploitanomalyclassisnotin(4059), dnsexploitanomalyemptyudpmessage(4060), dnsexploitanomalymessageendsprematurely(4061), dnsexploitanomalytcpbufferunderflow(4062), dnsinfoanomalydnstypeallused(4063), dnsdataanomalyinvalidtypeclass(4064), dnsdataanomalyextraneousdata(4065), dnsdataanomalyttltoolong(4066), dnsdataanomalynamelengthtooshort(4067), dnsudpunsolicitedresponse(4068), dnstcpunsolicitedresponse(4069), dnsdqrmhorizontallinklimitcrossed(4070), dnsdqrmoutofmemory(4071), dnsudpresponsesamedirection(4072), dnstcpresponsesamedirection(4073), dnslqudpqueryflood(4074), dnslqudpquestionflood(4075), dnslqudpqtypeallflood(4076), dnslqudpqtypezonetransferflood(4077), dnslqudpqtypemxflood(4078), dnslqudpqueryfloodduetonegativeresponse(4080), dnsttludpqueryflood(4081), dnsttludpquestionflood(4082), dnsttludpqtypeallflood(4083), dnsttludpqtypezonetransferflood(4084), dnsttludpqtypemxflood(4085), dnsspoofedipudpqueryflooddropduringforcetcpcheck(4087), dnsspoofedipudpquestionflooddropduringforcetcpcheck(4088), dnsspoofedipudpqtypeallflooddropduringforcetcpcheck(4089), dnsspoofedipudpqtypezonetransferflooddropduringforcetcpcheck(4090), dnsspoofedipudpqtypemxflooddropduringforcetcpcheck(4091), dnsspoofedipudpqueryflooddropduringretransmissioncheck(4093), dnsspoofedipudpquestionflooddropduringretransmissioncheck(4094), dnsspoofedipudpqtypeallflooddropduringretransmissioncheck(4095), dnsspoofedipudpqtypezonetransferflooddropduringretransmissioncheck(4096), dnsspoofedipudpqtypemxflooddropduringretransmissioncheck(4097), dnscacheudpqueryflooddropduetoresponsefromcache(4099), dnscacheudpquestionflooddropduetoresponsefromcache(4100), dnscacheudpqtypeallflooddropduetoresponsefromcache(4101), dnscacheudpqtypezonetransferflooddropduetoresponsefromcache(4102), dnscacheudpqtypemxflooddropduetoresponsefromcache(4103), dnscacheudpqueryflooddropduetonoresponsefromcache(4105), dnscacheudpquestionflooddropduetonoresponsefromcache(4106), dnscacheudpqtypeallflooddropduetonoresponsefromcache(4107), dnscacheudpqtypezonetransferflooddropduetonoresponsefromcache(4108), dnscacheudpqtypemxflooddropduetonoresponsefromcache(4109), dnstcpqueryflood(4111), dnstcpquestionflood(4112), dnstcpfragmentflood(4113), dnstcpzonetransferflood(4114), dnstcpmxflood(4115), dnstcpallflood(4116), dnsudpunexpectedquerybeforeresponse(4117), dnstcpunexpectedquerybeforeresponse(4118), dnsqueryrestrictedtospecificsubnet(4119), dnsqueryblockedduetoblocklisteddomains(4120), dnsresourcerecordtypedeny(4121), dnsudpquerysessionreuseanomaly(4122), dnsqueryblockedduetodomainreputation(4123), dnslqtcpqueryflood(4124), dnslqtcpquestionflood(4125), dnslqtcpqtypeallflood(4126), dnslqtcpqtypezonetransferflood(4127), dnslqtcpqtypemxflood(4128), dnslqtcpqueryfloodduetonegativeresponse(4129), httpheaderrangepresentanomaly(4201), httpheaderrangecountanomaly(4202), incompletehttprequest(4203), sslrenegotiation(4204), ntprequestflood(4205), ntpresponseflood(4206), ntpbroadcastflood(4207), ntpmonlistdeny(4208), ntpversionanomaly(4209), ntpstratumanomaly(4210), ntpdatalengthanomaly(4211), ntpcontrolheaderanomaly(4212), ntpduplicaterequestbeforeresponse(4213), ntpunsolictedresponse(4214), ntpsequencemismatch(4215), ntphorizontallinklimitcrossed(4216), ntpoutofmemory(4217), ntpmodemismatch(4218), ntpresponseperdestination(4219), ssltlsprotoanomaly(4224), ssltlsversionanomaly(4225), ssltlscipheranoamly(4226), ssltlsincompleterequest(4227), ssltlsincompleterequestsrc(4228), dtlsclienthellopersrc(4232), dtlsserverhellopersrc(4233), dtlsserverhelloperdst(4234), dtlsserverprotoanom(4235), dtlsreflectiondeny(4236), dnsqueryrestricteddomains(4239), dnsudpquerysppblocklisted(4240), dnstcpquerysppblocklisted(4241), dnssecasymrespsrcflood(4242), dnssecasymrespflood(4243), dnssecasymrespdstflood(4244), dnssecudpmissingheaderanomaly(4245), dnssectcpmissingheaderanomaly(4246), dnsudpedns0multiopterranomaly(4247), dnstcpedns0multiopterrnaomaly(4248), dnssecrespanytypedeny(4249), dnssecudpunsolicitedresp(4250), dnssectcpunsolicitedresp(4251), dnssecdeny(4252), quicservrreflectdeny(4253), quicvernegdeny(4254), quicstrictanomalies(4255), quicinitialpktsizeanomaly(4256), quicveranomaly(4257), quicsessoutofmem(4258), quicreqinitialpkt(4259), quicreqinitialpktpersrc(4260), quicrespinitialpktperdst(4261), dnsquerytranspproxycheck(4262), dnsquestiontranspproxycheck(4263), dnsqtypealltransparentproxycheck(4264), dnsqtypexfrtransparentproxycheck(4265), dnsqtypemxtransparentproxycheck(4266), dnsheaderanomalyudpknownopcode(4267), dnsheaderanomalytcpknownopcode(4268), zoomudpstrictanomalies(4269), zoomudpflood(4270), dnsudpquerysppdropallownomatch(4271), dnstcpquerysppdropallownomatch(4272), ikestrictanomalies(4273), ikepktsizeanomaly(4274), ikeveranomaly(4275), ikepayloadtypeanomaly(4276), ikeexchangeanomaly(4277), ikesainitiatorpktpersrc(4278), ikesaresponderpktpersrc(4279), dnsfqdnflood(4280), dnsrcode0perdstflood(4281), dnstcpqueryperdstflood(4282), dnslqtcpqueryperdstflood(4283), dnsquerytkeyflood(4284), dnsfragdeny(4285), packetlengthdeny(5001) } MAX-ACCESS read-only STATUS current DESCRIPTION "Desc." ::= { fddEventsEntry 3 } fddEventTimeStamp OBJECT-TYPE SYNTAX TimeStamp MAX-ACCESS read-only STATUS current DESCRIPTION "Desc." ::= { fddEventsEntry 4 } fddEventSPP OBJECT-TYPE SYNTAX Integer32 (0..16) MAX-ACCESS read-only STATUS current DESCRIPTION "The VID of the event (0-8). 0 indicates its a global event." ::= { fddEventsEntry 5 } fddEventSrcIPType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-only STATUS current DESCRIPTION "This value will be unknown(0) if this event does not have a source IP." ::= { fddEventsEntry 8 } fddEventSrcIPv4 OBJECT-TYPE SYNTAX InetAddressIPv4 MAX-ACCESS read-only STATUS current DESCRIPTION "This value will be a zero length string if this event does not have a source IP." ::= { fddEventsEntry 9 } fddEventSrcIPv6 OBJECT-TYPE SYNTAX InetAddressIPv6 MAX-ACCESS read-only STATUS current DESCRIPTION "This value will be a zero length string if this event does not have a source IP." ::= { fddEventsEntry 10 } fddEventDestIPType OBJECT-TYPE SYNTAX InetAddressType MAX-ACCESS read-only STATUS current DESCRIPTION "This value will be unknown(0) if this event does not have a destination IP." ::= { fddEventsEntry 11 } fddEventDestIPv4 OBJECT-TYPE SYNTAX InetAddressIPv4 MAX-ACCESS read-only STATUS current DESCRIPTION "This value will be a zero length string if this event does not have a dest IP." ::= { fddEventsEntry 12 } fddEventDestIPv6 OBJECT-TYPE SYNTAX InetAddressIPv6 MAX-ACCESS read-only STATUS current DESCRIPTION "This value will be a zero length string if this event does not have a dest IP." ::= { fddEventsEntry 13 } fddEventL3Protocol OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "-1 indicates protocol not present for this event." ::= { fddEventsEntry 14 } fddEventSrcPort OBJECT-TYPE SYNTAX Integer32 (-1..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "-1 indicates source port not present for this event." ::= { fddEventsEntry 15 } fddEventDestPort OBJECT-TYPE SYNTAX Integer32 (-1..65535) MAX-ACCESS read-only STATUS current DESCRIPTION "-1 indicates destination port not present for this event." ::= { fddEventsEntry 16 } fddEventICMPType OBJECT-TYPE SYNTAX Integer32 (-1..255) MAX-ACCESS read-only STATUS current DESCRIPTION "-1 indicates ICMP type not present for this event." ::= { fddEventsEntry 17 } fddEventICMPCode OBJECT-TYPE SYNTAX Integer32 (-1..255) MAX-ACCESS read-only STATUS current DESCRIPTION "-1 indicates ICMP code not present for this event." ::= { fddEventsEntry 18 } fddEventDetail OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "Desc." ::= { fddEventsEntry 19 } fddEventDropCount OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "Desc." ::= { fddEventsEntry 20 } fddEventSubnetName OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "Desc." ::= { fddEventsEntry 21 } fddEventSubnetComment OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "Desc." ::= { fddEventsEntry 22 } fddSPPOperatingMode OBJECT-TYPE SYNTAX INTEGER { detection(0), prevention(1) } MAX-ACCESS read-only STATUS current DESCRIPTION "The operating mode for the SPP for the event. 0 indicates detection and 1 indicates prevention." ::= { fddEventsEntry 23 } fddSPPID OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "Desc." ::= { fddEventsEntry 24 } fddDropThreshold OBJECT-TYPE SYNTAX Integer32 MAX-ACCESS read-only STATUS current DESCRIPTION "Desc." ::= { fddEventsEntry 25 } fddTotal5minDrops OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "Desc." ::= { fddEventsEntry 26 } fddTableName OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "Name of the data path table that crossed threshold" ::= { fddEventsEntry 27 } fddTrapAttackEvent NOTIFICATION-TYPE OBJECTS { fddEventIndex, fddEventDirection, fddEventType, fddEventTimeStamp, fddEventSPP, fddEventSrcIPType, fddEventSrcIPv4, fddEventSrcIPv6, fddEventDestIPType, fddEventDestIPv4, fddEventDestIPv6, fddEventL3Protocol, fddEventSrcPort, fddEventDestPort, fddEventICMPType, fddEventICMPCode, fddEventDetail, fddEventDropCount, fddEventSubnetName, fddEventSubnetComment, fddSPPOperatingMode } STATUS current DESCRIPTION "Trap being sent if attacks happen" ::= { fddTraps 105 } fddTrapDropThresholdViolation NOTIFICATION-TYPE OBJECTS { fddSPPID, fddDropThreshold, fddTotal5minDrops } STATUS current DESCRIPTION "Trap being sent on drop threshold violation" ::= { fddTraps 108 } fddTrapDPThresholdViolation NOTIFICATION-TYPE OBJECTS { fddTableName } STATUS current DESCRIPTION "Trap being sent on data path resource threshold violation" ::= { fddTraps 109 } -- -- fnFortiDDoSMib.fddMIBConformance -- fddSystemConformanceGroup OBJECT-GROUP OBJECTS { fddSysModel, fddSysSerial, fddSysVersion, fddSysCpuUsage, fddSysMemUsage, fddSysLogDiskUsage } STATUS current DESCRIPTION "object related to fortiddos system." ::= { fddMIBConformance 1 } fddSysOptionsConformanceGroup OBJECT-GROUP OBJECTS { fddSysOptIdleTimeout } STATUS current DESCRIPTION "object related to fortiddos system option." ::= { fddMIBConformance 2 } fddHAModeConformanceGroup OBJECT-GROUP OBJECTS { fddHAMode, fddHAEffectiveMode } STATUS current DESCRIPTION "object related to fortiddos HA mode." ::= { fddMIBConformance 4 } fddObsoleteTrapsComplianceGroup NOTIFICATION-GROUP NOTIFICATIONS { fddTrapCpuHighThreshold, fddTrapMemLowThreshold, fddTrapLogDiskHighThreshold } STATUS obsolete DESCRIPTION "Event notifications, items in this group are defined in FORTINET-CORE-MIB" ::= { fddMIBConformance 5 } fddMIBCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "the compliance statement for the application MIB." MODULE -- this module GROUP fddSystemConformanceGroup DESCRIPTION "this group is mandatory for all Fortiddos appliances supporting this MIB." GROUP fddSysOptionsConformanceGroup DESCRIPTION "this group is mandatory for all Fortiddos appliances supporting this MIB." GROUP fddHAModeConformanceGroup DESCRIPTION "this group is mandatory for all Fortiddos appliances supporting this MIB." ::= { fddMIBConformance 100 } fddObsoleteMIBCompliance MODULE-COMPLIANCE STATUS obsolete DESCRIPTION "the obsolete compliance statement for the application MIB." MODULE GROUP fddObsoleteTrapsComplianceGroup DESCRIPTION "items in this group are defined in FORTINET-CORE-MIB." ::= { fddMIBConformance 101 } fddPortsConformanceGroup OBJECT-GROUP OBJECTS { fddPortCount, fddPortIngress, fddPortEgress } STATUS current DESCRIPTION "object related to fortiddos ports ." ::= { fddMIBConformance 300 } fddConnectionsConformanceGroup OBJECT-GROUP OBJECTS { fddSPPCount, fddTotalConnections, fddTotalEstablished } STATUS current DESCRIPTION "object related to fortiddos connections ." ::= { fddMIBConformance 400 } -- fddSubnetsConformanceGroup OBJECT-GROUP -- OBJECTS { fddSubnetCount, -- fddReceivedPackets, -- fddReceivedBytes , -- fddAllowedPackets, -- fddAllowedBytes, -- fddDroppedPackets, -- fddDroppedBytes } -- STATUS current -- DESCRIPTION -- "object related to fortiddos connections." -- ::= { fddMIBConformance 500 } END