CM-SECURITY-MIB DEFINITIONS ::= BEGIN

IMPORTS
    MODULE-IDENTITY, OBJECT-TYPE, Integer32, IpAddress, Unsigned32
             FROM SNMPv2-SMI
    DateAndTime, DisplayString, TruthValue, RowStatus, StorageType, 
    TEXTUAL-CONVENTION, VariablePointer
             FROM SNMPv2-TC
    OBJECT-GROUP, MODULE-COMPLIANCE
             FROM SNMPv2-CONF
    fsp150cm
             FROM  ADVA-MIB
    IpVersion, UserInterfaceType
             FROM  CM-COMMON-MIB
    Ipv6Address
             FROM  IPV6-TC
    usmUserEntry
             FROM  SNMP-USER-BASED-SM-MIB
    SnmpAdminString
             FROM  SNMP-FRAMEWORK-MIB;

cmSecurityMIB MODULE-IDENTITY
    LAST-UPDATED    "202101280000Z"
    ORGANIZATION    "ADVA Optical Networking SE"
    CONTACT-INFO
        "Web URL: http://adva.com/
        E-mail:  support@adva.com
        Postal:  ADVA Optical Networking SE
             Campus Martinsried
             Fraunhoferstrasse 9a
             82152 Martinsried/Munich
             Germany
        Phone: +49 089 89 06 65 0
        Fax:  +49 089 89 06 65 199 "
    DESCRIPTION
            "This module defines the Security MIB definitions 
             used by the F3 (FSP150CM/CC) product lines.  These are used
             to manage the user/authentication for CLI/GUI sessions.
             Copyright (C) ADVA."
    REVISION        "202101280000Z"
    DESCRIPTION
             "Notes from release 202007270000Z:
              (1) Added new tables: f3CaProfileTable, f3CaTable.
              (2) Added new textual conventions: CaAction,
                  SslCertificatePrivateKeyPairAction, CertificateType,
                  CertificateStatus, AutoEnrollmentStatus, CaRootCertStatus.
              (3) Added new columns to f3SslCertificatePrivateKeyPairTable:
                  f3SslCertificatePrivateKeyPairRsaKeyPairName,
                  f3SslCertificatePrivateKeyPairCertificateType,
                  f3SslCertificatePrivateKeyPairCertificateStatus,
                  f3SslCertificatePrivateKeyPairAction.
              (4) Added new column to f3CertSigningRequestTable:
                  f3CertSigningRequestAutoEnrollmentStatus.
              (5) Added new scalar to f3SshCipherStrengthHighControl.

              Notes from release 202006180000Z:
              (1) Changed MAX-ACCESS for f3HttpsSslKeyPair from read-only to read-write
              
              Notes from release 201912010000Z
              (1) Added f3NasIpAddressType,
                  f3SslCertificateActionKeyName,
              
              Notes from release 201910010000Z
              (1) Added scalars f3HttpsSslCertExpNotifPeriod,
                  f3HttpsSslKeyPair,
                  f3SslCertificateAction,
                  f3SslCertificateActionPairName,
                  
                  Added f3SslCertificatePrivateKeyPairTable with columns:
                  f3SslCertificatePrivateKeyPairName,
                  f3SslCertificatePrivateKeyPairSslCertificate,
                  f3SslCertificatePrivateKeyPairPrivateKeyPresent

              Notes from release 201905280000Z
              (1) added cmSecurityUserSso2fa to cmSecurityUserTable
              (2) added scalar f3Sso2faControl

              Notes from release 201706270000Z
              (1) Added Object Identifier cmIcmpV4Objects with scalar objects:
                  icmpV4Filter, icmpV4DropEchoRequests
              (2) Added Object Identifier cmIcmpV6Objects with scalar objects:
                  icmpV6Filter, icmpV6DropEchoRequests, icmpV6DropNeighborSolicitation,
                  icmpV6DropRouterAdvertisement, icmpV6DropNeighborAdvertisement,
                  icmpV6DropRouterSolicitation
	      
	      Notes from release 201704030000Z
              (1) add f3RadiusSendVendorAvpEnabled and f3RadiusRealm to the MIB

              Notes from release 201606140000Z
              (1) added cmSecurityUserRemoteCryptoUser to cmSecurityUserTable

              Notes from release 201602080000Z
              (1)Added literal netconf to CmSecurityPrivLevel

              Notes from release 201509180000Z
              (1)Added cmSecurityCryptoPassword attribute to cmSecurityUserTable

              Note from release  201106270000Z,
              (1)Added f3TacacsPrivLevelControlEnabled, f3TacacsDefaultPrivLevel

              Note from release 201104140000Z,
              (1)Added cmSecurityUserAction to support remove-lockout

              Note from release 201101050000Z,
              (1)Added f3UsmUserTable - an augment to UsmUserTable

              Note from release 201002120000Z,
              (1)MIBs updated for supported functionality in R4.3CC and R4.1CM 
                 (a)cmRemoteAuthServerTable has new objects 
                    cmRemoteAuthServerAccountingPort to support RADIUS accounting
              
              Notes from release 200903190000Z,
             (1)MIB version ready for release FSP150CC GE101, GE206 devices
               (a)Added Textual convention CmSecurityPolicyStrength
               (b)Added MIB scalar cmSecurityPolicyStrength

             (2)Following changes are made to the cmSecurityUserTable,
                (a)cmSecurityUserPassword column to modify security user password
                (b)cmSecurityUserStorageType and cmSecurityUserRowStatus columns added 
                   thereby allowing creation/deletion of Security Users
                (c)cmSecurityUserComment, cmSecurityUserPrivLevel, 
                   cmSecurityUserLoginTimeout, cmSecurityUserNumFailedLoginAttempts, 
                   cmSecurityUserCliPagingEnable columns are now read-write
                   to allow write access. 

            Notes from release 200803030000Z,
             (1)MIB version ready for release FSP150CM 3.1." 
    ::= {fsp150cm 10}    

-- 
-- OID definitions
-- 
cmSecurityObjects           OBJECT IDENTIFIER ::= {cmSecurityMIB 1}
cmSecurityConformance       OBJECT IDENTIFIER ::= {cmSecurityMIB 2}
cmSecurityNotifications     OBJECT IDENTIFIER ::= {cmSecurityMIB 3}

cmIcmpV4Objects             OBJECT IDENTIFIER ::= { cmSecurityObjects 20 }
cmIcmpV6Objects             OBJECT IDENTIFIER ::= { cmSecurityObjects 21 }

f3FipsObjects               OBJECT IDENTIFIER ::= { cmSecurityObjects 23 }
f3SslCertificateObjects     OBJECT IDENTIFIER ::= { cmSecurityObjects 25 }

f3RsaKeyPairObjects          OBJECT IDENTIFIER ::= { cmSecurityObjects 26 }
f3CertSigningRequestObjects  OBJECT IDENTIFIER ::= { cmSecurityObjects 27 }

--
-- Textual conventions.
--
SecuritySelfTestResult ::= TEXTUAL-CONVENTION
    STATUS       current
    DESCRIPTION
        "Enumerations for Security Self Test Result 
          fail     - fail to pass the test, 
          success  - success to pass the test."
    SYNTAX       INTEGER {
                   notApplicable (0),
                   fail (1),
                   success (2)
                 }

SecuritySelfTestStatus ::= TEXTUAL-CONVENTION
    STATUS       current
    DESCRIPTION
        "Enumerations for Security Self Test Status 
          notStarted - test not started.
          inprogress - test is in progress.
          complete   - test has completed."
    SYNTAX       INTEGER {
                   notApplicable (0),
                   notStarted (1),
                   inprogress (2),
                   complete (3)
                 }

CmRemoteAuthProtocol ::= TEXTUAL-CONVENTION
    STATUS       current
    DESCRIPTION
        "Enumerations for remote authentication protocol.
          none   - No remote authentication protocol, 
          radius - RADIUS (Remote Authentication Dial-In User Service), 
          tacacs - TACACS+(Terminal Access Controller Access Control System)."
    SYNTAX       INTEGER {
                   none (1),
                   radius (2),
                   tacacs (3)
                 }

CmSecurityAccessOrder ::= TEXTUAL-CONVENTION
    STATUS       current
    DESCRIPTION
        "Enumerations for order for security access.
             local  - Local database for user/security validation, 
             remote - Remote protocol for user/security validation."
    SYNTAX       INTEGER {
                   local (1),
                   remote (2)
                 }

CmSecurityAuthType ::= TEXTUAL-CONVENTION
    STATUS       current
    DESCRIPTION
        "Enumerations for remote authentication protocol types.
             pap  - Password Authentication Protocol, 
             chap - Challenge-Handshake Authentication Protocol."
    SYNTAX       INTEGER {
                   pap (1),
                   chap (2),
                   ascii (3)
                 }

CmSecurityPrivLevel ::= TEXTUAL-CONVENTION
    STATUS       current
    DESCRIPTION
        "Enumerations for Security Privilege Level.
             retrieve         - Retrieve Privilege Level (can only 
                                VIEW management information), 
             maintenance      - Maintenance Privilege Level 
                                (can VIEW management, as well as perform 
                                maintenance operations such as loopbacks,
                                etherjack diagnosis etc.)
             provisioning     - Provisioning Privilege Level
                                (can perform Provisioning operations) 
             superuser        - Super User Privilege Level
                                (can perform all operations)
             testuser         - Retrieve Privilege Level
                                and some maintenance, 
                                provisioning operations.
             cryptouser       - Crypto User Privilege Level 
                                (can perform security operations)
             netconf          - NETCONF Privilege Level"
    SYNTAX       INTEGER {
                   not-applicable(0),
                   retrieve (1),
                   maintenance (2),
                   provisioning (3),
                   superuser (4),
                   testuser (5),
                   cryptouser (6),
                   netconf (7)
                 }

CmRemoteAuthOrder ::= TEXTUAL-CONVENTION
    STATUS       current
    DESCRIPTION
        "Enumerations for order for remote authentication access.
             first  - first to access the remote authentication, 
             second - second to access the remote authentication,
             third  - third to access the remote authentication."
    SYNTAX       INTEGER {
                   first (1),
                   second (2),
                   third (3)
                 }

CmSecurityPolicyStrength ::= TEXTUAL-CONVENTION
    STATUS       current
    DESCRIPTION
        "Enumerations for security policy strength 
             low  - Low Security Policy, 
             medium - Medium Security Policy,
             high  - High Security Policy."
    SYNTAX       INTEGER {
                   low (1),
                   medium (2),
                   high (3)
                 }

UsmUserAccessType ::= TEXTUAL-CONVENTION
    STATUS       current
    DESCRIPTION
        "Enumerations for type of USM User 
             read-only  - Read only, 
             read-write - Read write ,
             trap-only  - Trap Only."
    SYNTAX       INTEGER {
                   read-only (1),
                   read-write (2),
                   trap-only (3)
                 }


SecurityUserAction ::= TEXTUAL-CONVENTION
    STATUS       current
    DESCRIPTION
        "Provides ability to manage security users."
    SYNTAX       INTEGER {
                   not-applicable(0),
                   remove-lockout(1) -- removes the locked out condition on security user
                 }

SnmpSecurityTrapType ::= TEXTUAL-CONVENTION
    STATUS     current
    DESCRIPTION
            "Provides ability to manage security traps.
             all - trap is reported when user logs in, logs out or is locked out
             loginFailed  - trap is reported only when user failed to log in
             disabled  - security traps are disabled."

    SYNTAX     INTEGER {
                 all(1),
                 loginFailed(2),
                 disabled(3)
               }

PrivilegeRequestAction ::= TEXTUAL-CONVENTION
  STATUS        current
  DESCRIPTION
         "Privilege request action." 
  SYNTAX        INTEGER
                {
                  undefined(0),
                  none(1),
                  approve(2),
                  deny(3),
                  cancel(4)
                }

PrivilegeRequestState ::= TEXTUAL-CONVENTION
  STATUS        current
  DESCRIPTION
         "Privilege request state." 
  SYNTAX        INTEGER
                {
                  none(1),
                  requestSent(2),
                  requestCanceled(3),
                  requestApproved(4),
                  requestDenied(5),
                  requestTimeout(6),
                  accessExpired(7),
                  accessCanceled(8)
                }

RsaKeyLengthType ::= TEXTUAL-CONVENTION
    STATUS       current
    DESCRIPTION
        "RSA key length."
    SYNTAX       INTEGER {
                   rsaKeyLength2048 (1),
                   rsaKeyLength4096 (2)
                 }

ZeroizeKeysAction ::= TEXTUAL-CONVENTION
    STATUS       current
    DESCRIPTION
        "Zeroize Keys."
    SYNTAX       INTEGER {
                   notApplicable (0),
                   ZeroizeKeys (1)
                 }

RunSelfTestAction ::= TEXTUAL-CONVENTION
    STATUS       current
    DESCRIPTION
        "Run Self-Test."
    SYNTAX       INTEGER {
                   notApplicable (0),
                   RunSelfTest (1)
                 }
                 
SslCertificateAction ::= TEXTUAL-CONVENTION
    STATUS       current
    DESCRIPTION
        "Provides ability to manage SSL Certificate/Private Key pair.
         deleteSslKeyPair - delete SSL Certificate/Private Key pair
         setHttpsSslKeyPair - set SSL Certificate/Private Key pair used for HTTPS
         addRsaPrivateKey - add RSA Private Key to SSL Certificate/Private Key pair"
    SYNTAX  INTEGER {
                   notApplicable (0), 
                   deleteSslKeyPair (1),
                   setHttpsSslKeyPair (2),
                   addRsaPrivateKey (3)
                 }

RsaKeyPairAction ::= TEXTUAL-CONVENTION
    STATUS       current
    DESCRIPTION
        "generate or delete RSA key pair."
    SYNTAX  INTEGER {
                   notApplicable (0), 
                   genRsaKeyPair (1),
                   delRsaKeyPair (2)
                 }

CsrAction ::= TEXTUAL-CONVENTION
    STATUS       current
    DESCRIPTION
        "generate or delete CSR."
    SYNTAX  INTEGER {
                   notApplicable (0), 
                   genCsr (1),
                   delCsr (2)
                 }

NasIpAddressType ::= TEXTUAL-CONVENTION
    STATUS       current
    DESCRIPTION
        "Nas Ip Address Type."
    SYNTAX       INTEGER {
                   userDefined (1),
                   packetSourceIp (2)
                 }
                 
CertificateEnrollmentProtocol ::= TEXTUAL-CONVENTION
    STATUS       current
    DESCRIPTION
        "Protocol type used for automatic certificate enrollment."
    SYNTAX INTEGER {
             scep (1)
           }

CaAction ::= TEXTUAL-CONVENTION
    STATUS       current
    DESCRIPTION
        "Certificate authority action."
    SYNTAX       INTEGER {
                   none(1),
                   updateCACertificates(2),
                   startAutoEnrollment(3),
                   getCACertificates(4)
                 }

SslCertificatePrivateKeyPairAction ::= TEXTUAL-CONVENTION
    STATUS       current
    DESCRIPTION
        "SSL certificate/private key pair action."
    SYNTAX       INTEGER {
                   none(1),
                   trustRootCACertificate(2)
                 }

CertificateType ::= TEXTUAL-CONVENTION
    STATUS       current
    DESCRIPTION
        "Certificate type."
    SYNTAX       INTEGER {
                   root(1),
                   intermediate(2),
                   device(3)
                 }

CertificateStatus ::= TEXTUAL-CONVENTION
    STATUS       current
    DESCRIPTION
        "Certificate status."
    SYNTAX       INTEGER {
                   trusted(1),
                   untrusted(2),
                   valid(3),
                   invalid(4)
                 }

AutoEnrollmentStatus ::= TEXTUAL-CONVENTION
    STATUS       current
    DESCRIPTION
        "Auto enrollment status."
    SYNTAX       INTEGER {
                   none(1),
                   failure(2),
                   success(3),
                   pending(4),
                   aborted(5),
                   timedout(6)
                 }

CaRootCertStatus ::= TEXTUAL-CONVENTION
    STATUS       current
    DESCRIPTION
        "Certificate authority root certificate status."
    SYNTAX       INTEGER {
                   pending(1),
                   active(2),
                   failed(3),
                   renewing(4),
                   renewalFailed(5)
                 }


--
-- Scalar definitions.
--
cmAuthProtocol OBJECT-TYPE
    SYNTAX     CmRemoteAuthProtocol 
    MAX-ACCESS read-write
    STATUS     current
    DESCRIPTION
            "Remote user authentication protocol."
    ::= { cmSecurityObjects 1 }


cmAccessOrder OBJECT-TYPE
    SYNTAX     CmSecurityAccessOrder 
    MAX-ACCESS read-write
    STATUS     current
    DESCRIPTION
            "Order of access for security, i.e. try 'local' first or
             'remote' first."
    ::= { cmSecurityObjects 2 }

cmAuthType    OBJECT-TYPE
    SYNTAX     CmSecurityAuthType 
    MAX-ACCESS read-write
    STATUS     current
    DESCRIPTION
            "In case of remote authentication, the chosen protocol." 
    ::= { cmSecurityObjects 3 }

cmNASIpAddress    OBJECT-TYPE
    SYNTAX     IpAddress 
    MAX-ACCESS read-write
    STATUS     current
    DESCRIPTION
            "In case of remote authentication RADIUS, 
             the Network Access Server's IP Address." 
    ::= { cmSecurityObjects 4 }

-- cmSecurityUserTable is { cmSecurityObjects 5 } 
-- cmRemoteAuthServerTable is { cmSecurityObjects 6 } 

cmSecurityPolicyStrength OBJECT-TYPE
    SYNTAX     CmSecurityPolicyStrength 
    MAX-ACCESS read-write
    STATUS     current
    DESCRIPTION
            "This object represents the security policy
             strength of the system.  Based on this value,
             the system puts additional restrictions on
             the user id and password rules."
    ::= { cmSecurityObjects 7 }

cmRemoteAuthServerAccountingEnabled OBJECT-TYPE
    SYNTAX     TruthValue 
    MAX-ACCESS read-write
    STATUS     current
    DESCRIPTION
         "This object allows to enable/disable RADIUS/TACACS+ Accounting 
          on all authentication servers." 
     ::= { cmSecurityObjects 8 }

-- f3UsmUserTable is { cmSecurityObjects 9 } 

f3TacacsPrivLevelControlEnabled OBJECT-TYPE
    SYNTAX     TruthValue
    MAX-ACCESS read-write
    STATUS     current
    DESCRIPTION
         "This object allows to enable/disable the use of ENABLE authorization 
          control to determine
          the Privilege Level configured by the remote authentication server.
          This object is only valid for TACACS+. Default value of this object is
          TRUE."
     ::= { cmSecurityObjects 10 }

f3TacacsDefaultPrivLevel OBJECT-TYPE
    SYNTAX     CmSecurityPrivLevel
    MAX-ACCESS read-write
    STATUS     current
    DESCRIPTION
         "This object allows specification of the default privilege level of the
          TACACS+ user, when the use of  ENABLE authorization control is DISABLED, i.e.
          f3TacacsPrivLevelControlEnabled is set to FALSE."
     ::= { cmSecurityObjects 11 }

f3NasIpv6Addr OBJECT-TYPE
    SYNTAX     Ipv6Address
    MAX-ACCESS read-write
    STATUS     current
    DESCRIPTION
         "This object describe the ipv6 address."
     ::= { cmSecurityObjects 12 }

f3SecurityTrapType OBJECT-TYPE
    SYNTAX      SnmpSecurityTrapType
    MAX-ACCESS  read-write
    STATUS       current
    DESCRIPTION
         "This object provides ability to manage whether report security trap."
    ::= { cmSecurityObjects 13 }

f3SecurityTrapInfo OBJECT-TYPE
    SYNTAX      DisplayString
    MAX-ACCESS  read-only
    STATUS       current
    DESCRIPTION
         "This object is used to describe the security trap info.
          This object is used only in trap and GET operation on this object
          will return empty string."
    ::= { cmSecurityObjects 14 }

-- f3PrivilegeChangeTable is { CmSecurityObjects 15 }

f3UserPrivMgmtControl OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
         "This object is used to enable/disable User Privilege Management."
    ::= { cmSecurityObjects 16 }

f3UserPrivRspTimeout OBJECT-TYPE
    SYNTAX      Integer32 (1..60)
    UNITS       "minutes"
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
         "This object is used to set response timeout for user privilege
          upgrade request in minutes."
    ::= { cmSecurityObjects 17 }

f3RadiusSendVendorAvpEnabled OBJECT-TYPE
    SYNTAX     TruthValue 
    MAX-ACCESS read-write
    STATUS     current
    DESCRIPTION "If enabled, Vendor-ID AVP is sent in Access-Request Messages."
    ::= { cmSecurityObjects 18 }

f3RadiusRealm  OBJECT-TYPE
    SYNTAX     DisplayString 
    MAX-ACCESS read-write
    STATUS     current
    DESCRIPTION  "When the value of radiusRealm is not a null string, the system shall append an '@' 
                 character and the radiusRealm string to the User-Name attribute included in 
                 Access-Request Messages. "
 ::= { cmSecurityObjects 19 }
 
 -- cmIcmpV4Objects is { cmSecurityObjects 20 }
 -- cmIcmpV6Objects is { cmSecurityObjects 21 }
 
cmAnonymizeLogTimeInDays OBJECT-TYPE
    SYNTAX     Integer32 (0..1096) 
    MAX-ACCESS read-write
    STATUS     current
    DESCRIPTION
            "This object represents the logging anonymization interval in days. 
            After the configured number of days have passed, the system anonymizes the user names. 
            At midnight of that day, the system anonymizes all the log entries that precede the configured value.
            0 means NEVER anonymize."
    ::= { cmSecurityObjects 22 }
 
-- f3FipsObjects is { cmSecurityObjects 23 }

f3Sso2faControl OBJECT-TYPE
    SYNTAX TruthValue
    MAX-ACCESS read-write
    STATUS current
    DESCRIPTION "When enabled, the f3 device will allow the creation of a cmSecurityUserEntry with
    the cmSecurityUserSso2fa set to enabled."
    ::= { cmSecurityObjects 24 }
    
f3NasIpAddressType OBJECT-TYPE
    SYNTAX      NasIpAddressType
    MAX-ACCESS  read-write
    STATUS       current
    DESCRIPTION
         "TThis object describe the ip address type."
    ::= { cmSecurityObjects 28 }

f3SshCipherStrengthHighControl OBJECT-TYPE
    SYNTAX TruthValue
    MAX-ACCESS read-write
    STATUS current
    DESCRIPTION "When enabled, high cipher strength is enforced."
    ::= { cmSecurityObjects 31 }
    
-- 
-- Fips Objects 
--
f3FipsOperationMode  OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
         "Fips Operation Mode."
    ::= { f3FipsObjects 1 }
    
f3FipsSecuritySelfTestFailureCount  OBJECT-TYPE
    SYNTAX      Unsigned32
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
         "Fips Security Self Test Failure Count."
    ::= { f3FipsObjects 2 }
    
f3FipsSecuritySelfTestResult  OBJECT-TYPE
    SYNTAX      SecuritySelfTestResult
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
         "Fips Security Self Test Result."
    ::= { f3FipsObjects 3 }
    
f3FipsSecuritySelfTestStatus  OBJECT-TYPE
    SYNTAX      SecuritySelfTestStatus
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
         "Fips Security Self Test Status."
    ::= { f3FipsObjects 4 }

f3FipsAction  OBJECT-TYPE
    SYNTAX      INTEGER {
                 notApplicable(0),
                 zeroize(1),
                 startSecSelfTest(2)
               }
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
         "Fips Security Self Test Action."
    ::= { f3FipsObjects 5 }

--
-- cmIcmpV4Objects
--

icmpV4Filter OBJECT-TYPE
    SYNTAX      INTEGER { enabled(1), disabled(2) }
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
         "This object is used to enable/disable ICMP Filter. When disabled
          is set, all IcmpV4 dropping filters are not applied. 
          Only when enabled is set, IcmpV4 dropping filter can be set."
    ::= { cmIcmpV4Objects 1 }

icmpV4DropEchoRequests OBJECT-TYPE
    SYNTAX      INTEGER { enabled(1), disabled(2) }
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
         "This object is used to enable/disable Dropping Echo Requests."
    ::= { cmIcmpV4Objects 2 }

--
-- cmIcmpV6Objects
--

icmpV6Filter OBJECT-TYPE
    SYNTAX      INTEGER { enabled(1), disabled(2) }
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
         "This object is used to enable/disable ICMP Filter. When disabled
          is set, all IcmpV6 dropping filters are not applied. 
          Only when enabled is set, IcmpV6 dropping filters can be set
          individually."
    ::= { cmIcmpV6Objects 1 }

icmpV6DropEchoRequests OBJECT-TYPE
    SYNTAX      INTEGER { enabled(1), disabled(2) }
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
         "This object is used to enable/disable Dropping Echo Requests."
    ::= { cmIcmpV6Objects 2 }

icmpV6DropNeighborSolicitation OBJECT-TYPE
    SYNTAX      INTEGER { enabled(1), disabled(2) }
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
         "This object is used to enable/disable Dropping Neighbor Solicitation."
    ::= { cmIcmpV6Objects 3 }

icmpV6DropRouterAdvertisement OBJECT-TYPE
    SYNTAX      INTEGER { enabled(1), disabled(2) }
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
         "This object is used to enable/disable Dropping Router Advertisement."
    ::= { cmIcmpV6Objects 4 }

icmpV6DropNeighborAdvertisement OBJECT-TYPE
    SYNTAX      INTEGER { enabled(1), disabled(2) }
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
         "This object is used to enable/disable Dropping Neighbor Advertisement."
    ::= { cmIcmpV6Objects 5 }

icmpV6DropRouterSolicitation OBJECT-TYPE
    SYNTAX      INTEGER { enabled(1), disabled(2) }
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
         "This object is used to enable/disable Dropping Router Solicitation."
    ::= { cmIcmpV6Objects 6 }

-- 
-- Ssl Certificate Objects
--
f3HttpsSslCertExpNotifPeriod  OBJECT-TYPE
    SYNTAX      Unsigned32 (1..180)
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
         "Number of days prior to expiration of the HTTPS SSL Certificate 
          that the Expiry Notification Alarm will be raised."
    ::= { f3SslCertificateObjects 1 }
    
f3HttpsSslKeyPair  OBJECT-TYPE
    SYNTAX      DisplayString (SIZE (1..64))
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
         "This is the SSL certificate/private key pair used for HTTPS."
    ::= { f3SslCertificateObjects 2 }

f3SslCertificateAction  OBJECT-TYPE
    SYNTAX      SslCertificateAction
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
         "This is the action to take on SSL certificate objects."
    ::= { f3SslCertificateObjects 3 }

f3SslCertificateActionPairName  OBJECT-TYPE
    SYNTAX      DisplayString (SIZE (0..64))
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
         "This is the name of the SSL Certificate/Private Key pair to delete or set for HTTPS."
    ::= { f3SslCertificateObjects 4 }

f3SslCertificateActionKeyName  OBJECT-TYPE
    SYNTAX      DisplayString (SIZE (0..64))
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
         "This is the name of the Certificate/Private Key pair to add."
    ::= { f3SslCertificateObjects 6 }

--
--  SSL Certificate Private Key Pair Table
--
f3SslCertificatePrivateKeyPairTable  OBJECT-TYPE
    SYNTAX      SEQUENCE OF F3SslCertificatePrivateKeyPairEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
            "A list of entries for the SSL Certificate/Private Key Pairs."
    ::= { f3SslCertificateObjects 5 }   

f3SslCertificatePrivateKeyPairEntry  OBJECT-TYPE
    SYNTAX      F3SslCertificatePrivateKeyPairEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
            "A conceptual row in the f3SslCertificatePrivateKeyPairTable."
    INDEX { f3SslCertificatePrivateKeyPairName }
    ::= { f3SslCertificatePrivateKeyPairTable 1 }

F3SslCertificatePrivateKeyPairEntry ::= SEQUENCE {
    f3SslCertificatePrivateKeyPairName                  DisplayString,
    f3SslCertificatePrivateKeyPairSslCertificate        DisplayString,
    f3SslCertificatePrivateKeyPairPrivateKeyPresent     TruthValue,
    f3SslCertificatePrivateKeyPairRsaKeyPairName        DisplayString,
    f3SslCertificatePrivateKeyPairCertificateType       CertificateType,
    f3SslCertificatePrivateKeyPairCertificateStatus     CertificateStatus,
    f3SslCertificatePrivateKeyPairAction                SslCertificatePrivateKeyPairAction
}

f3SslCertificatePrivateKeyPairName OBJECT-TYPE
    SYNTAX      DisplayString (SIZE (1..64))
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
           "This is a unique name for the key pair."
    ::= { f3SslCertificatePrivateKeyPairEntry 1 }

f3SslCertificatePrivateKeyPairSslCertificate OBJECT-TYPE
    SYNTAX      DisplayString (SIZE (0..4096))
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
           "This is the contents of the SSL certificate."
    ::= { f3SslCertificatePrivateKeyPairEntry 2 }

f3SslCertificatePrivateKeyPairPrivateKeyPresent OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
           "This indicates that a private key is present in the key pair."
    ::= { f3SslCertificatePrivateKeyPairEntry 3 }

f3SslCertificatePrivateKeyPairRsaKeyPairName OBJECT-TYPE
    SYNTAX      DisplayString (SIZE (0..64))
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
           "This is the Rsa key of the SSL certificate."
    ::= { f3SslCertificatePrivateKeyPairEntry 4 }

f3SslCertificatePrivateKeyPairCertificateType OBJECT-TYPE
    SYNTAX      CertificateType
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
           "This is the SSL certificate type."
    ::= { f3SslCertificatePrivateKeyPairEntry 5 }

f3SslCertificatePrivateKeyPairCertificateStatus OBJECT-TYPE
    SYNTAX      CertificateStatus
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
           "This is the SSL certificate status."
    ::= { f3SslCertificatePrivateKeyPairEntry 6 }

f3SslCertificatePrivateKeyPairAction OBJECT-TYPE
    SYNTAX      SslCertificatePrivateKeyPairAction
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
           "This is the SSL Certificate/Private Key Pair Action."
    ::= { f3SslCertificatePrivateKeyPairEntry 7 }

-- 
-- RSA Key Pair Objects
--

f3RsaKeyPairAction  OBJECT-TYPE
    SYNTAX      RsaKeyPairAction
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
         "This is the action to RSA key pair."
    ::= { f3RsaKeyPairObjects 1 }

f3RsaKeyPairActionName  OBJECT-TYPE
    SYNTAX      DisplayString (SIZE (0..64))
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
         "This is the name of RSA key pair action."
    ::= { f3RsaKeyPairObjects 2 }

f3RsaKeyPairActionLength  OBJECT-TYPE
    SYNTAX      RsaKeyLengthType
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
         "This is the length of RSA key pair action."
    ::= { f3RsaKeyPairObjects 3 }

-- 
-- RSA Key Pair Table
--

f3RsaKeyPairTable  OBJECT-TYPE
    SYNTAX      SEQUENCE OF F3RsaKeyPairEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
            "A list of RSA key pairs."
    ::= { f3RsaKeyPairObjects 4 }

f3RsaKeyPairEntry  OBJECT-TYPE
    SYNTAX      F3RsaKeyPairEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
            "A conceptual row in the f3RsaKeyPairTable."
    INDEX { f3RsaKeyPairName }
    ::= { f3RsaKeyPairTable 1 }

F3RsaKeyPairEntry ::= SEQUENCE {
    f3RsaKeyPairName                  DisplayString,
    f3RsaKeyPairPublicKey             DisplayString
}

f3RsaKeyPairName OBJECT-TYPE
    SYNTAX      DisplayString (SIZE (1..64))
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
           "This is a unique name for the key pair."
    ::= { f3RsaKeyPairEntry 1 }

f3RsaKeyPairPublicKey OBJECT-TYPE
    SYNTAX      DisplayString (SIZE (1..4096))
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
           "This is a public key."
    ::= { f3RsaKeyPairEntry 2 }

-- 
-- CSR Objects
--

f3CsrAction  OBJECT-TYPE
    SYNTAX      CsrAction
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
         "This is the action to CSR."
    ::= { f3CertSigningRequestObjects 1 }

f3CsrActionCsrName  OBJECT-TYPE
    SYNTAX      DisplayString (SIZE (0..64))
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
         "This is the name of CSR action."
    ::= { f3CertSigningRequestObjects 2 }
    
f3CsrActionRsaKeyName  OBJECT-TYPE
    SYNTAX      DisplayString (SIZE (0..64))
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
         "This is the RSA key name of CSR action."
    ::= { f3CertSigningRequestObjects 3 }

f3CsrActionCountry  OBJECT-TYPE
    SYNTAX      DisplayString (SIZE (0..64))
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
         "This is the country of CSR action."
    ::= { f3CertSigningRequestObjects 4 }
    
f3CsrActionState  OBJECT-TYPE
    SYNTAX      DisplayString (SIZE (0..64))
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
         "This is the state of CSR action."
    ::= { f3CertSigningRequestObjects 5 }
    
f3CsrActionLocality  OBJECT-TYPE
    SYNTAX      DisplayString (SIZE (0..64))
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
         "This is the locality of CSR action."
    ::= { f3CertSigningRequestObjects 6 }
    
f3CsrActionOrganization  OBJECT-TYPE
    SYNTAX      DisplayString (SIZE (0..64))
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
         "This is the organization of CSR action."
    ::= { f3CertSigningRequestObjects 7 }
    
f3CsrActionOrganizationUnit  OBJECT-TYPE
    SYNTAX      DisplayString (SIZE (0..64))
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
         "This is the organization unit of CSR action."
    ::= { f3CertSigningRequestObjects 8 }

f3CsrActionCommonName  OBJECT-TYPE
    SYNTAX      DisplayString (SIZE (0..64))
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
         "This is the common name of CSR action."
    ::= { f3CertSigningRequestObjects 9 }
    
f3CsrActionEmail  OBJECT-TYPE
    SYNTAX      DisplayString (SIZE (0..64))
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
         "This is the email of CSR action."
    ::= { f3CertSigningRequestObjects 10 }
    
f3CsrActionSerialNumber  OBJECT-TYPE
    SYNTAX      DisplayString (SIZE (0..64))
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
         "This is the serial number of CSR action."
    ::= { f3CertSigningRequestObjects 11 }
    
f3CsrActionAlternativeName  OBJECT-TYPE
    SYNTAX      DisplayString (SIZE (0..256))
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
         "This is the alternative name of CSR action."
    ::= { f3CertSigningRequestObjects 12 }

-- 
-- CSR Table
--

f3CertSigningRequestTable  OBJECT-TYPE
    SYNTAX      SEQUENCE OF F3CertSigningRequestEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
            "A list of CSR."
    ::= { f3CertSigningRequestObjects 13 }

f3CertSigningRequestEntry  OBJECT-TYPE
    SYNTAX      F3CertSigningRequestEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
            "A conceptual row in the f3CertSigningRequestTable."
    INDEX { f3CertSigningRequestName }
    ::= { f3CertSigningRequestTable 1 }

F3CertSigningRequestEntry ::= SEQUENCE {
    f3CertSigningRequestName                  DisplayString,
    f3CertSigningRequestRsaKeyPairName        DisplayString,
    f3CertSigningRequestCsrData               DisplayString,
    f3CertSigningRequestAutoEnrollmentStatus  AutoEnrollmentStatus
}

f3CertSigningRequestName OBJECT-TYPE
    SYNTAX      DisplayString (SIZE (1..64))
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
           "This is a unique name for CSR."
    ::= { f3CertSigningRequestEntry 1 }

f3CertSigningRequestRsaKeyPairName OBJECT-TYPE
    SYNTAX      DisplayString (SIZE (1..64))
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
           "This is the Key pair name."
    ::= { f3CertSigningRequestEntry 2 }

f3CertSigningRequestCsrData OBJECT-TYPE
    SYNTAX      DisplayString (SIZE (1..4096))
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
           "This is the CSR data."
    ::= { f3CertSigningRequestEntry 3 }

f3CertSigningRequestAutoEnrollmentStatus OBJECT-TYPE
    SYNTAX      AutoEnrollmentStatus
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
           "This is the auto enrollment status."
    ::= { f3CertSigningRequestEntry 4 }


--
-- Table definitions.
--

--
-- Security User Table 
--
cmSecurityUserTable OBJECT-TYPE
    SYNTAX     SEQUENCE OF CmSecurityUserEntry
    MAX-ACCESS not-accessible
    STATUS     current
    DESCRIPTION
            "A list of entries corresponding to the security users. 
             Entries cannot be created in this table by management
             application action."
    ::= { cmSecurityObjects 5 }


cmSecurityUserEntry OBJECT-TYPE
    SYNTAX     CmSecurityUserEntry
    MAX-ACCESS not-accessible
    STATUS     current
    DESCRIPTION
            "An entry containing information applicable to a particular
             security user."
    INDEX { cmSecurityUserName, cmSecurityUserRemoteUser }
    ::= { cmSecurityUserTable 1 }


CmSecurityUserEntry ::= SEQUENCE {
    cmSecurityUserName                     DisplayString,
    cmSecurityUserComment                  DisplayString,
    cmSecurityUserPrivLevel                CmSecurityPrivLevel,
    cmSecurityUserLoginTimeout             Integer32,
    cmSecurityUserNumFailedLoginAttempts   Integer32,
    cmSecurityUserLastLoginTime            DateAndTime,
    cmSecurityUserLockedout                TruthValue,
    cmSecurityUserLastLockedoutTime        DateAndTime,
    cmSecurityUserCliPagingEnable          TruthValue,
    cmSecurityUserRemoteUser               TruthValue,
    cmSecurityUserPassword                 DisplayString,
    cmSecurityUserStorageType              StorageType,   
    cmSecurityUserRowStatus                RowStatus,
    cmSecurityUserAction                   SecurityUserAction,
    cmSecurityCryptoPassword               DisplayString,
    cmSecurityUserRemoteCryptoUser         TruthValue,
    cmSecurityUserSso2fa                   TruthValue
}

cmSecurityUserName OBJECT-TYPE
    SYNTAX  DisplayString (SIZE (1..32)) 
    MAX-ACCESS read-create
    STATUS     current
    DESCRIPTION
         "Security User Name."
     ::= { cmSecurityUserEntry 1 }

cmSecurityUserComment OBJECT-TYPE
    SYNTAX  DisplayString (SIZE (0..128)) 
    MAX-ACCESS read-create
    STATUS     current
    DESCRIPTION
         "Notes on Security User."
     ::= { cmSecurityUserEntry 2 }

cmSecurityUserPrivLevel OBJECT-TYPE
    SYNTAX     CmSecurityPrivLevel 
    MAX-ACCESS read-create
    STATUS     current
    DESCRIPTION
         "Security User Privilege Level."
     ::= { cmSecurityUserEntry 3 }

cmSecurityUserLoginTimeout OBJECT-TYPE
    SYNTAX     Integer32 
    MAX-ACCESS read-create
    STATUS     current
    DESCRIPTION
         "Security User Login Timeout."
     ::= { cmSecurityUserEntry 4 }

cmSecurityUserNumFailedLoginAttempts OBJECT-TYPE
    SYNTAX     Integer32 
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION
         "Security User Number of Failed Login Attempts."
     ::= { cmSecurityUserEntry 5 }

cmSecurityUserLastLoginTime OBJECT-TYPE
    SYNTAX     DateAndTime 
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION
         "Security User Last Login Time."
     ::= { cmSecurityUserEntry 6 }

cmSecurityUserLockedout OBJECT-TYPE
    SYNTAX     TruthValue 
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION
         "Whether the security user has been locked out."
     ::= { cmSecurityUserEntry 7 }

cmSecurityUserLastLockedoutTime OBJECT-TYPE
    SYNTAX     DateAndTime 
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION
         "Security User Last Locked out Time."
     ::= { cmSecurityUserEntry 8 }

cmSecurityUserCliPagingEnable OBJECT-TYPE
    SYNTAX     TruthValue 
    MAX-ACCESS read-create
    STATUS     current
    DESCRIPTION
         "Whether the security user has CLI paging enabled."
     ::= { cmSecurityUserEntry 9 }

cmSecurityUserRemoteUser OBJECT-TYPE
    SYNTAX     TruthValue 
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION
         "Whether the security user is a remote user."
     ::= { cmSecurityUserEntry 10 }

cmSecurityUserPassword OBJECT-TYPE
    SYNTAX     DisplayString (SIZE (0..32)) 
    MAX-ACCESS read-create 
    STATUS     current
    DESCRIPTION
         "Password of the security user. 
          Note that this attribute is a SET only attribute."
     ::= { cmSecurityUserEntry 11 }

cmSecurityUserStorageType OBJECT-TYPE
    SYNTAX     StorageType
    MAX-ACCESS read-create
    STATUS     current
    DESCRIPTION
            "The type of storage configured for this entry."
    ::= { cmSecurityUserEntry 12 }

cmSecurityUserRowStatus OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
            "The status of this row.
            An entry MUST NOT exist in the active state unless all
            objects in the entry have an appropriate value, as described
            in the description clause for each writable object.

            The values of cmSecurityUserRowStatus supported are
            createAndGo(4) and destroy(6).  All mandatory attributes
            must be specified in a single SNMP SET request with
            cmSecurityUserRowStatus value as createAndGo(4).
            Upon successful row creation, this object has a
            value of active(1).

            The cmSecurityUserRowStatus object may be modified if
            the associated instance of this object is equal to active(1)."
    ::= { cmSecurityUserEntry 13 }

cmSecurityUserAction OBJECT-TYPE
    SYNTAX     SecurityUserAction
    MAX-ACCESS read-write
    STATUS     current
    DESCRIPTION
            "This object provides ability to perform specific actions on security user.
                 remove-lockout - this removes the locked out condition on the security user
            ." 
    ::= { cmSecurityUserEntry 14 }

cmSecurityCryptoPassword OBJECT-TYPE
    SYNTAX     DisplayString (SIZE (0..32)) 
    MAX-ACCESS read-create 
    STATUS     current
    DESCRIPTION
         "Second level password used in connectguard configurations.
          This applies only to crypto users.
          Note that this attribute is a SET only attribute."
     ::= { cmSecurityUserEntry 15 }

cmSecurityUserRemoteCryptoUser OBJECT-TYPE
    SYNTAX     TruthValue 
    MAX-ACCESS read-create
    STATUS     current
    DESCRIPTION
         "Indicates if a security user is a remote crypto user."
     ::= { cmSecurityUserEntry 16 }

cmSecurityUserSso2fa OBJECT-TYPE
    SYNTAX     TruthValue 
    MAX-ACCESS read-create
    STATUS     current
    DESCRIPTION
         "If enabled, user can be used to bypass remote authentication if
          cmSso2faControl is enabled. This parameter can only be set on user creation"
     ::= { cmSecurityUserEntry 17 }

--
-- Remote Authentication Server Table 
--
cmRemoteAuthServerTable OBJECT-TYPE
    SYNTAX     SEQUENCE OF CmRemoteAuthServerEntry
    MAX-ACCESS not-accessible
    STATUS     current
    DESCRIPTION
            "A list of entries corresponding to the remote authentication 
             servers.
             Entries cannot be created in this table by management
             application action."
    ::= { cmSecurityObjects 6 }


cmRemoteAuthServerEntry OBJECT-TYPE
    SYNTAX     CmRemoteAuthServerEntry
    MAX-ACCESS not-accessible
    STATUS     current
    DESCRIPTION
            "An entry containing information applicable to a particular
             remote authentication server."
    INDEX { cmRemoteAuthServerIndex }
    ::= { cmRemoteAuthServerTable 1 }


CmRemoteAuthServerEntry ::= SEQUENCE {
    cmRemoteAuthServerIndex              Integer32,
    cmRemoteAuthServerEnabled            TruthValue,
    cmRemoteAuthServerOrder              CmRemoteAuthOrder,
    cmRemoteAuthServerIpAddress          IpAddress,
    cmRemoteAuthServerPort               Integer32,
    cmRemoteAuthServerNumRetries         Integer32,
    cmRemoteAuthServerTimeout            Integer32,
    cmRemoteAuthServerSecret             DisplayString,
    cmRemoteAuthServerAccountingPort     Integer32,
    cmRemoteAuthServerIpVersion          IpVersion,
    cmRemoteAuthServerIpv6Addr           Ipv6Address
}

cmRemoteAuthServerIndex OBJECT-TYPE
    SYNTAX     Integer32
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION
         "Unique index to address/configure a specific Remote 
          Authentication Server."
     ::= { cmRemoteAuthServerEntry 1 }

cmRemoteAuthServerEnabled OBJECT-TYPE
    SYNTAX     TruthValue 
    MAX-ACCESS read-write
    STATUS     current
    DESCRIPTION
         "This object allows enabling/disabling a Remote Authentication Server."
     ::= { cmRemoteAuthServerEntry 2 }

cmRemoteAuthServerOrder OBJECT-TYPE
    SYNTAX     CmRemoteAuthOrder 
    MAX-ACCESS read-write
    STATUS     current
    DESCRIPTION
         "This object determines the order in which the Remote 
          Authentication Servers are accessed for security information."
     ::= { cmRemoteAuthServerEntry 3 }

cmRemoteAuthServerIpAddress OBJECT-TYPE
    SYNTAX     IpAddress 
    MAX-ACCESS read-write
    STATUS     current
    DESCRIPTION
         "This object allows to specify an IP Address for the Remote
          Authentication Server."
     ::= { cmRemoteAuthServerEntry 4 }

cmRemoteAuthServerPort OBJECT-TYPE
    SYNTAX     Integer32 
    MAX-ACCESS read-write
    STATUS     current
    DESCRIPTION
         "This object allows to specify a Port for Remote Authentication
          Server."
     ::= { cmRemoteAuthServerEntry 5 }

cmRemoteAuthServerNumRetries OBJECT-TYPE
    SYNTAX     Integer32 
    MAX-ACCESS read-write
    STATUS     current
    DESCRIPTION
         "This object allows to specify the number of retries the Remote 
          Authentication Server must be tried for security access before
          giving up."
     ::= { cmRemoteAuthServerEntry 6 }

cmRemoteAuthServerTimeout OBJECT-TYPE
    SYNTAX     Integer32 
    MAX-ACCESS read-write
    STATUS     current
    DESCRIPTION
         "This object allows to specify the timeout period for timing
          out a security access request to the Remote Authentication Server."
     ::= { cmRemoteAuthServerEntry 7 }

cmRemoteAuthServerSecret OBJECT-TYPE
    SYNTAX  DisplayString (SIZE (0..128)) 
    MAX-ACCESS read-write
    STATUS     current
    DESCRIPTION
         "This allows configuration of secret password for Remote 
          Authentication Server request."
     ::= { cmRemoteAuthServerEntry 8 }

cmRemoteAuthServerAccountingPort OBJECT-TYPE
    SYNTAX     Integer32 
    MAX-ACCESS read-write
    STATUS     current
    DESCRIPTION
         "This object allows to specify a Port for RADIUS Accounting." 
     ::= { cmRemoteAuthServerEntry 9 }

cmRemoteAuthServerIpVersion OBJECT-TYPE
    SYNTAX     IpVersion 
    MAX-ACCESS read-write
    STATUS     current
    DESCRIPTION
         "This object describe the Ip Version." 
     ::= { cmRemoteAuthServerEntry 10 }

cmRemoteAuthServerIpv6Addr OBJECT-TYPE
    SYNTAX     Ipv6Address 
    MAX-ACCESS read-write
    STATUS     current
    DESCRIPTION
         "This object describe the Ipv6 Address." 
     ::= { cmRemoteAuthServerEntry 11 }

--
-- USM User Extension Table 
--
f3UsmUserTable OBJECT-TYPE
    SYNTAX     SEQUENCE OF F3UsmUserEntry
    MAX-ACCESS not-accessible
    STATUS     current
    DESCRIPTION
            "This table is the extension of the F3 USM User Table."
    ::= { cmSecurityObjects 9 }

f3UsmUserEntry OBJECT-TYPE
    SYNTAX     F3UsmUserEntry
    MAX-ACCESS not-accessible
    STATUS     current
    DESCRIPTION
            "An entry in the F3 USM User Table." 
    AUGMENTS { usmUserEntry }
    ::= { f3UsmUserTable 1 }

F3UsmUserEntry ::= SEQUENCE {
    f3UsmUserAccessType       UsmUserAccessType
}

f3UsmUserAccessType OBJECT-TYPE
    SYNTAX     UsmUserAccessType
    MAX-ACCESS read-only
    STATUS     current
    DESCRIPTION
         "This indicates the type of USM User, read-only, read-write, trap-only."
     ::= { f3UsmUserEntry 1 }

f3PrivilegeChangeTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF F3PrivilegeChangeEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION   "This table is used for Restricted User Login via NMS.
         This is for users with lower privileges to elevate them to higher ones for limited amount of time."
    ::=  { cmSecurityObjects 15 }

f3PrivilegeChangeEntry OBJECT-TYPE
    SYNTAX      F3PrivilegeChangeEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION   "Column for privilegeChangeTable."
    INDEX       { f3PrivilegeChangeId }
    ::=  { f3PrivilegeChangeTable 1 }

F3PrivilegeChangeEntry ::= SEQUENCE {
    f3PrivilegeChangeId                   Unsigned32,
    f3PrivilegeChangeUserName             SnmpAdminString,
    f3PrivilegeChangeIpv4Address          IpAddress,
    f3PrivilegeChangeIpv6Address          Ipv6Address,
    f3PrivilegeChangeTerminalIpv4Address  IpAddress,
    f3PrivilegeChangeTerminalIpv6Address  Ipv6Address,
    f3PrivilegeChangeInterface            UserInterfaceType,
    f3PrivilegeChangeCurrentPrivilege     CmSecurityPrivLevel,
    f3PrivilegeChangeRequestedPrivilege   CmSecurityPrivLevel,
    f3PrivilegeChangeDuration             Unsigned32,
    f3PrivilegeChangeAction               PrivilegeRequestAction,
    f3PrivilegeChangeState                PrivilegeRequestState,
    f3PrivilegeChangeRemainingTime        Unsigned32,
    f3PrivilegeChangeRemoteName           SnmpAdminString 
}

f3PrivilegeChangeId OBJECT-TYPE
    SYNTAX      Unsigned32 (1..4294967295)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION   "Unique index identifying a request."
    ::=  { f3PrivilegeChangeEntry 1 }

f3PrivilegeChangeUserName OBJECT-TYPE
    SYNTAX      SnmpAdminString
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The name string for user authentication purposes" 
    ::=  { f3PrivilegeChangeEntry 2 }

f3PrivilegeChangeIpv4Address OBJECT-TYPE
    SYNTAX      IpAddress
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "IPv4 address of interface to which user's terminal is connected."
    ::=  { f3PrivilegeChangeEntry 3 }

f3PrivilegeChangeIpv6Address OBJECT-TYPE
    SYNTAX      Ipv6Address
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "IPv6 address of interface to which user's terminal is connected."
    ::=  { f3PrivilegeChangeEntry 4 }

f3PrivilegeChangeTerminalIpv4Address OBJECT-TYPE
    SYNTAX      IpAddress
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Source IPv4 address of connected terminal."
    ::=  { f3PrivilegeChangeEntry 5 }

f3PrivilegeChangeTerminalIpv6Address OBJECT-TYPE
    SYNTAX      Ipv6Address
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Source IPv6 address of connected terminal."
    ::=  { f3PrivilegeChangeEntry 6 }

f3PrivilegeChangeInterface OBJECT-TYPE
    SYNTAX      UserInterfaceType
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Interface used by the user" 
    ::=  { f3PrivilegeChangeEntry 7 }

f3PrivilegeChangeCurrentPrivilege OBJECT-TYPE
    SYNTAX      CmSecurityPrivLevel
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Current privilege level of the user, who is requesting role upgrade." 
    ::=  { f3PrivilegeChangeEntry 8 }

f3PrivilegeChangeRequestedPrivilege OBJECT-TYPE
    SYNTAX      CmSecurityPrivLevel
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Privilege requested by user for session." 
    ::=  { f3PrivilegeChangeEntry 9 }

f3PrivilegeChangeDuration OBJECT-TYPE
    SYNTAX      Unsigned32 (1..480) 
    UNITS       "minutes"
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Requested time period by user (in minutes)."
    ::=  { f3PrivilegeChangeEntry 10 }

f3PrivilegeChangeAction OBJECT-TYPE
    SYNTAX      PrivilegeRequestAction
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "Privilege request action." 
    ::=  { f3PrivilegeChangeEntry 11 }

f3PrivilegeChangeState OBJECT-TYPE
    SYNTAX      PrivilegeRequestState
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Privilege request state." 
    ::=  { f3PrivilegeChangeEntry 12 }

f3PrivilegeChangeRemainingTime OBJECT-TYPE
    SYNTAX      Unsigned32 
    UNITS       "seconds"
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "Time remaining in session with upgrade user privilege (in seconds)." 
    ::=  { f3PrivilegeChangeEntry 13 }

f3PrivilegeChangeRemoteName OBJECT-TYPE
    SYNTAX      SnmpAdminString
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "The name string for Radius/Tacacs authentication purposes."
    ::=  { f3PrivilegeChangeEntry 14 }

-- 
-- CA Profile Table
--

f3CaProfileTable  OBJECT-TYPE
    SYNTAX      SEQUENCE OF F3CaProfileEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
            "A list of Certificate Authority Profiles."
    ::= { cmSecurityObjects 29 }

f3CaProfileEntry  OBJECT-TYPE
    SYNTAX      F3CaProfileEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
            "A conceptual row in the f3CaProfileTable."
    INDEX { f3CaProfileIndex }
    ::= { f3CaProfileTable 1 }

F3CaProfileEntry ::= SEQUENCE {
    f3CaProfileIndex                       Unsigned32,
    f3CaProfileName                        DisplayString,
    f3CaProfileEnrollmentProtocol          CertificateEnrollmentProtocol,
    f3CaProfileHttpPort                    Unsigned32,
    f3CaProfileAutoRenewalControl          TruthValue,
    f3CaProfileRenewalPercentLifetime      Unsigned32,
    f3CaProfileRenewalNewKeyPairGenControl TruthValue,
    f3CaProfileStorageType                 StorageType,
    f3CaProfileRowStatus                   RowStatus
}

f3CaProfileIndex OBJECT-TYPE
    SYNTAX      Unsigned32 (1..4)
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
           "An integer index used to identify this CA Profile."
    ::= { f3CaProfileEntry 1 }

f3CaProfileName OBJECT-TYPE
    SYNTAX      DisplayString (SIZE (0..64))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
           "This object provides name for this CA Profile."
    ::= { f3CaProfileEntry 2 }

f3CaProfileEnrollmentProtocol OBJECT-TYPE
    SYNTAX      CertificateEnrollmentProtocol
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
           "This object allows to specify type of protocol used for
            automatic certificate enrollment."
    DEFVAL { scep }
    ::= { f3CaProfileEntry 3 }

f3CaProfileHttpPort OBJECT-TYPE
    SYNTAX      Unsigned32 (1..65535)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
           "This obect allows to specify TCP port number used by 
            enrollment protocol."
    DEFVAL { 80 }
    ::= { f3CaProfileEntry 4 }

f3CaProfileAutoRenewalControl OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
           "This obect allows to specify whether the client 
            certificate is automatically renewed or re-enrolled."
    DEFVAL { true }
    ::= { f3CaProfileEntry 5 }

f3CaProfileRenewalPercentLifetime OBJECT-TYPE
    SYNTAX      Unsigned32 (1..100)
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
           "This obect allows to specify percentage of certificate 
            lifetime at which point the automatic certificate 
            renewal process begins."
    DEFVAL { 75 }
    ::= { f3CaProfileEntry 6 }

f3CaProfileRenewalNewKeyPairGenControl OBJECT-TYPE
    SYNTAX      TruthValue
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
           "This obect allows to specify if the RSA key pair is 
            regenerated prior to each certificate renewal."
    DEFVAL { false }
    ::= { f3CaProfileEntry 7 }

f3CaProfileStorageType OBJECT-TYPE
    SYNTAX      StorageType
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
           "The type of storage configured for this entry."
    ::= { f3CaProfileEntry 8 }
    
f3CaProfileRowStatus OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
           "The status of this row.
            An entry MUST NOT exist in the active state unless all
            objects in the entry have an appropriate value, as described
            in the description clause for each writable object.
        
            The values of f3CaProfileRowStatus supported are
            createAndGo(4) and destroy(6). All mandatory attributes
            must be specified in a single SNMP SET request with
            f3CaProfileRowStatus value as createAndGo(4).
            Upon successful row creation, this object has a
            value of active(1).
        
            The f3CaProfileRowStatus object may be modified if
            the associated instance of this object is equal to active(1)."
    ::= { f3CaProfileEntry 9 }


f3CaTable OBJECT-TYPE
    SYNTAX      SEQUENCE OF F3CaEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "A list of Certificate Authority object used for certificate 
         enrollment with CA."
   ::= { cmSecurityObjects 30 }

f3CaEntry OBJECT-TYPE
    SYNTAX      F3CaEntry
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "The conceptual row in f3CaTable."
    INDEX   { f3CaName }

   ::= { f3CaTable 1 }

F3CaEntry ::= SEQUENCE {
    f3CaName                    DisplayString,
    f3CaProfile                 VariablePointer,
    f3CaUrl                     DisplayString,
    f3CaCertList                DisplayString,
    f3CaRootCertStatus          CaRootCertStatus,
    f3CaLastCsr                 DisplayString,
    f3CaAction                  CaAction,
    f3CaActionCsrName           DisplayString,
    f3CaActionChallengePassword DisplayString,
    f3CaStorageType             StorageType,
    f3CaRowStatus               RowStatus
}

f3CaName OBJECT-TYPE
    SYNTAX      DisplayString (SIZE (1..64))
    MAX-ACCESS  not-accessible
    STATUS      current
    DESCRIPTION
        "Unique name used to identify this CA."
   ::= { f3CaEntry 1 }

f3CaProfile OBJECT-TYPE
    SYNTAX      VariablePointer
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "This object provides a pointer to CA Profile used for this CA."
   ::= { f3CaEntry 2 }

f3CaUrl OBJECT-TYPE
    SYNTAX      DisplayString (SIZE (1..256))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "This object provides the URL for certificate enrollment with CA."
   ::= { f3CaEntry 3 }

f3CaScepQueryMessage OBJECT-TYPE
    SYNTAX      DisplayString (SIZE (0..512))
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
        "This object provides the SCEP Query Message for certificate
         enrollment with CA."
   ::= { f3CaEntry 4 }

f3CaCertList OBJECT-TYPE
    SYNTAX      DisplayString (SIZE (0..256))
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "This object provides list of CA certificates sent by the CA as
         the chain of trust."
   ::= { f3CaEntry 5 }

f3CaRootCertStatus OBJECT-TYPE
    SYNTAX      CaRootCertStatus
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "This object provides CA root certificate status."
   ::= { f3CaEntry 6 }

f3CaLastCsr OBJECT-TYPE
    SYNTAX      DisplayString (SIZE (0..64))
    MAX-ACCESS  read-only
    STATUS      current
    DESCRIPTION
        "This object provides last CSR name in an enrollment process."
   ::= { f3CaEntry 7 }

f3CaAction OBJECT-TYPE
    SYNTAX      CaAction
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "This object specifies a CA Action."
   ::= { f3CaEntry 8 }

f3CaActionCsrName OBJECT-TYPE
    SYNTAX      DisplayString (SIZE (1..64))
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "This object specifies a CSR Name.
         Applicable to startAutoEnrollment action."
   ::= { f3CaEntry 9 }

f3CaActionChallengePassword OBJECT-TYPE
    SYNTAX      DisplayString (SIZE (0..64))
    MAX-ACCESS  read-write
    STATUS      current
    DESCRIPTION
        "This object specifies a challenge password.
         Applicable to startAutoEnrollment action."
   ::= { f3CaEntry 10 }

f3CaStorageType OBJECT-TYPE
    SYNTAX     StorageType
    MAX-ACCESS read-create
    STATUS     current
    DESCRIPTION
            "The type of storage configured for this entry."
    ::= { f3CaEntry 11 }

f3CaRowStatus OBJECT-TYPE
    SYNTAX      RowStatus
    MAX-ACCESS  read-create
    STATUS      current
    DESCRIPTION
            "The status of this row.
            An entry MUST NOT exist in the active state unless all
            objects in the entry have an appropriate value, as described
            in the description clause for each writable object.

            The values of f3CaRowStatus supported are
            createAndGo(4) and destroy(6).  All mandatory attributes
            must be specified in a single SNMP SET request with
            f3CaRowStatus value as createAndGo(4).
            Upon successful row creation, this variable has a
            value of active(1).

            The f3CaRowStatus object may be modified if
            the associated instance of this object is equal to active(1)."
    ::= { f3CaEntry 12 }


---
---Notifications
---
f3SecurityTrap NOTIFICATION-TYPE
    STATUS  current
    DESCRIPTION
            "This is security trap. Security traps are reported
             according to value of f3SecurityTrapType object."
  ::= { cmSecurityNotifications 1 }

f3PrivilegeChangeTrap NOTIFICATION-TYPE 
    OBJECTS     { f3PrivilegeChangeState,
                  f3PrivilegeChangeUserName,
                  f3PrivilegeChangeIpv4Address,
                  f3PrivilegeChangeIpv6Address,
                  f3PrivilegeChangeTerminalIpv4Address,
                  f3PrivilegeChangeTerminalIpv6Address,
                  f3PrivilegeChangeInterface,
                  f3PrivilegeChangeCurrentPrivilege,
                  f3PrivilegeChangeRequestedPrivilege,
                  f3PrivilegeChangeDuration
                } 
    STATUS      current
    DESCRIPTION   "This trap is sent every time a privilege change request is changed (added, modified, removed)."
    ::=  { cmSecurityNotifications 2 }
--
-- Conformance
--
cmSecurityCompliances OBJECT IDENTIFIER ::= {cmSecurityConformance 1}
cmSecurityGroups      OBJECT IDENTIFIER ::= {cmSecurityConformance 2}

cmSecurityCompliance MODULE-COMPLIANCE
    STATUS  current
    DESCRIPTION
            "Describes the requirements for conformance to the CM Security
             group."
    MODULE  -- this module
        MANDATORY-GROUPS {
              cmSecurityObjectGroup
        }
    ::= { cmSecurityCompliances 1 }

cmSecurityObjectGroup OBJECT-GROUP
    OBJECTS {
        cmAuthProtocol, cmAccessOrder, cmAuthType, cmNASIpAddress,
        cmSecurityPolicyStrength, cmRemoteAuthServerAccountingEnabled,
        cmAnonymizeLogTimeInDays, f3Sso2faControl, f3NasIpAddressType,
        f3SshCipherStrengthHighControl,

        f3TacacsPrivLevelControlEnabled, f3TacacsDefaultPrivLevel,
        f3NasIpv6Addr, f3SecurityTrapType, f3SecurityTrapInfo,

        cmSecurityUserName, cmSecurityUserComment, cmSecurityUserPrivLevel,
        cmSecurityUserLoginTimeout, cmSecurityUserNumFailedLoginAttempts,
        cmSecurityUserLastLoginTime, cmSecurityUserLockedout,
        cmSecurityUserLastLockedoutTime, cmSecurityUserCliPagingEnable,
        cmSecurityUserRemoteUser, cmSecurityUserPassword,
        cmSecurityUserStorageType, cmSecurityUserRowStatus, 
        cmSecurityUserAction, cmSecurityCryptoPassword,
        cmSecurityUserRemoteCryptoUser, cmSecurityUserSso2fa,

        cmRemoteAuthServerIndex, cmRemoteAuthServerEnabled,
        cmRemoteAuthServerOrder, cmRemoteAuthServerIpAddress,
        cmRemoteAuthServerPort, cmRemoteAuthServerNumRetries,
        cmRemoteAuthServerTimeout, cmRemoteAuthServerSecret,
        cmRemoteAuthServerAccountingPort, cmRemoteAuthServerIpVersion,
        cmRemoteAuthServerIpv6Addr,

        f3UsmUserAccessType,

        f3PrivilegeChangeUserName,
        f3PrivilegeChangeIpv4Address, f3PrivilegeChangeIpv6Address,
        f3PrivilegeChangeTerminalIpv4Address, f3PrivilegeChangeTerminalIpv6Address,
        f3PrivilegeChangeInterface, f3PrivilegeChangeCurrentPrivilege,
        f3PrivilegeChangeRequestedPrivilege, f3PrivilegeChangeDuration,
        f3PrivilegeChangeAction, f3PrivilegeChangeState, f3PrivilegeChangeRemainingTime,
        f3PrivilegeChangeRemoteName, f3RadiusSendVendorAvpEnabled, f3RadiusRealm,
        
        icmpV4Filter, icmpV4DropEchoRequests,
        icmpV6Filter, icmpV6DropEchoRequests, icmpV6DropNeighborSolicitation,
        icmpV6DropRouterAdvertisement, icmpV6DropNeighborAdvertisement, 
        icmpV6DropRouterSolicitation,        
        f3FipsOperationMode,
        f3FipsSecuritySelfTestFailureCount,
        f3FipsSecuritySelfTestResult,
        f3FipsSecuritySelfTestStatus,
        f3FipsAction,
        
        f3HttpsSslCertExpNotifPeriod,
        f3HttpsSslKeyPair,
        f3SslCertificateAction,
        f3SslCertificateActionPairName,
        f3SslCertificatePrivateKeyPairName,
        f3SslCertificatePrivateKeyPairSslCertificate,
        f3SslCertificatePrivateKeyPairPrivateKeyPresent,
        
        f3RsaKeyPairName, f3RsaKeyPairPublicKey,
        f3RsaKeyPairAction, f3RsaKeyPairActionName, f3RsaKeyPairActionLength,
        f3CsrAction, f3CsrActionCsrName, f3CsrActionRsaKeyName,
        f3CsrActionCountry, f3CsrActionState, f3CsrActionLocality,
        f3CsrActionOrganization, f3CsrActionOrganizationUnit,
        f3CsrActionCommonName, f3CsrActionEmail,
        f3CsrActionSerialNumber, f3CsrActionAlternativeName,
        f3CertSigningRequestName, f3CertSigningRequestRsaKeyPairName,
        f3CertSigningRequestCsrData, f3CertSigningRequestAutoEnrollmentStatus,
        f3SslCertificatePrivateKeyPairRsaKeyPairName,
        f3SslCertificatePrivateKeyPairCertificateType,
        f3SslCertificatePrivateKeyPairCertificateStatus,
        f3SslCertificatePrivateKeyPairAction,
        f3SslCertificateActionKeyName,
        
        f3CaProfileName, f3CaProfileEnrollmentProtocol, f3CaProfileHttpPort,
        f3CaProfileAutoRenewalControl, f3CaProfileRenewalPercentLifetime,
        f3CaProfileRenewalNewKeyPairGenControl,
        f3CaProfileStorageType, f3CaProfileRowStatus,
        f3CaProfile, f3CaScepQueryMessage, f3CaUrl, f3CaCertList, f3CaRootCertStatus,
        f3CaLastCsr, f3CaAction, f3CaActionCsrName, f3CaActionChallengePassword,
        f3CaStorageType, f3CaRowStatus
    }
    STATUS  current
    DESCRIPTION
            "A collection of objects used to manage the CM Security
             group."
    ::= { cmSecurityGroups 1 }

cmSecurityNotifGroup NOTIFICATION-GROUP
    NOTIFICATIONS {
        f3SecurityTrap
    }
    STATUS  current
    DESCRIPTION
            "A collection of notifications used in the CM Security
              group."
    ::= { cmSecurityGroups 2 }

END
