M@ Pr0 Xperiences - K@rthik: 2011

Friday, December 30, 2011

F5 : Bigip Platform Naming Conversion

Supported platforms

This installation method is supported only on the following platforms:

BIG-IP 520 and 540 (D35)
BIG-IP 1000 (C36)
BIG-IP 1500 (C36)
BIG-IP 1600 (C102)
BIG-IP 2400 (D44)
BIG-IP 3400 (C62)
BIG-IP 3410 (C100)
BIG-IP 3600 (C103)
BIG-IP 3900 (C106)
BIG-IP 4100 (D46) (for standalone Application Security Manager installations)
BIG-IP 5100 and 5110 (D51)
BIG-IP 6400 (D63)
BIG-IP 6800 (D68)
BIG-IP 6900 (D68)
BIG-IP 8400 (D84)
BIG-IP 8800 (D88)
BIG-IP 8900 (D106)

If you are unsure which platform you have, look at the sticker on the back of the chassis to find the platform number

Wednesday, December 28, 2011

CIsco ASA - FW priority and state

It has been sometime since I posted something related to ASA :),

How to see the FW status in a cluster?

Defenitely you can see this by running "show failover" but what if you dont have enable access.. Infact no way (Both Name in ASA will be same by default)

But following command can help you,

conf t#

prompt hostname context priority state

Now you will see the priority and state of FW along with the name., no need to be in enable mode :)

Tuesday, December 27, 2011

Checkpoint : Connection / NAT Tables

NAT Cache Table
-------------------

[Expert@GEHfiSJPhino11]# fw tab -t fwx_cache -s
HOST NAME ID #VALS #PEAK #SLINKS
localhost fwx_cache 8116 7965 13295 0

NAT Table
-----------

[Expert@GEHfiSJPhino11]# fw tab -t fwx_alloc -s
HOST NAME ID #VALS #PEAK #SLINKS
localhost fwx_alloc 8187 72 3460 0

Connection Table
-------------------
[Expert@GEHfiSJPhino11]# fw tab -t connections -s
HOST NAME ID #VALS #PEAK #SLINKS
localhost connections 8158 14144 26665 56550

Wednesday, December 21, 2011

Checkpoint : SecureXL

When SecureXL is enabled, all traffic should be accelerated, except traffic that matches the following conditions:

The first packets of any new TCP session, unless a "template" exists.
The first packet of any new UDP session.
All traffic that matches a service that uses a Resource.
Certain traffic that matches a service that is inspected by a SmartDefence or Web Intelligence feature. For example, traffic on which SSH protections are activated is not accelerated. For more details, refer to sk42401: Factors that adversely affect performance in SecureXL.
All traffic that is supposed to be dropped or rejected, according to the rule base.
All traffic that matches a rule, whose source or destination is the Gateway itself.
All traffic that matches a rule with a Security Server.
All traffic that matches a rule with User Authentication or Session Authentication.
Non-TCP/UDP/GRE/ESP traffic.
All multicast traffic.
All fragmented traffic.
All traffic with IP options.
RST packets, when the "Spoofed Reset Protection" feature is activated.
When using ClusterXL in Load Sharing mode with 'Sticky Decision Function'.
Traffic that violates stateful inspection paradigm, or that is suspected to be spoofed.
IPv6 traffic

Connection establishment acceleration ("templates" mechanism)

In order to enhance connection establishment acceleration, a mechanism attempts to "group together" all connections that match a particular service and whose sole discriminating element is the Source Port. This type of "grouping" enables even the very first packets of a TCP handshake to be accelerated. This is very useful on short connections, in which the percentage of TCP handshake traffic is very high.

The very first packets of the first connection on the same service will be forwarded to the Security Gateway's kernel, which will then create a "template" of the connection and notify the SecureXL device. Any subsequent TCP establishments on the same service (where only the source port is different) will already be accelerated (as well as any other traffic, of course).

There are several conditions that will prevent a template from being created:

Connections that cannot be discriminated ONLY by the source port cannot be templated.
NATed traffic cannot be templated.
VPN traffic cannot be templated.
Complex connections (FTP, H323, etc.) cannot be templated.
Non-TCP/Non-UDP traffic cannot be templated.
The following rules will prevent a Connection Template from being created. All subsequent rules below such rules will not be templated as well, regardless of the rule. It is advised that all rules that can be templated, be placed at the top of the rule base (unless of course, this will violate other optimization considerations):
- Rule with service 'Any'
- Rule with a service that has a 'handler' (where a specific protocol is chosen in 'Protocol Type' field - instead of 'None' ; go to service object - right-click - Edit... - Advanced... - Protocol Type:).
- Rules with the following objects:
  - Time object
  - Port range object
  - Dynamic object
- Rules with "complex" services (i.e., services that have anything specified in the "Match" field, or "Enable reply from any port" of their "Advanced" section or Source Port is defined).
- Rules with RPC/DCOM/DCE-RPC services.
- Rules with Client Authentication or Session Authentication.
- When SYN Defender or Small PMTU features are activated in SmartDefense/IPS

Sunday, December 18, 2011

Checkpoint : Memory

hmem

failures mean that the hmem is full. This is not a real memory problem, but indicates a configuration problem. If low hmem limit was configured, it leads to improper usage of the OS memory.

Possible reasons for

smem failures are: smem reached its limit, exhausted the OS memory or large non-sleep allocations. This can indicate some memory shortage.

kmem

failed allocations means that some applications did not get memory. his is usually an indication for a memory problem. The most common memory problem is memory shortage. Memory shortage sometimes indicates a memory leak. In order to troubleshoot memory shortage, stop the load and let connections close.

In case memory consumption went back to normal, you are not dealing with a memory leak. Such shortage might happen when traffic volumes are too high for the device capacity. If the memory shortage happens after a change in the system or the environment, undo the change, and check whether kmem memory consumption goes down.

Checkpoint : Delete old log files on SPLAT machines

There is no way to configure your SPLAT box or UTM-1 appliance in a way, that only logs for the last X days were kept.

The only work-around would be to configure on the firewall object -> Logs and Masters -> Required Free Disc Space together with the option Do not delete log files from the last X days.

By configuring a very high value for required free disc space you could have the script run every day and with the other option prevent it from deleting the needed logs.

OR – you could implement a short script:

[Expert@fw1]# cat /usr/bin/del_logs.sh

#!/bin/bash

/usr/bin/find /var/log/opt/CPsuite-R65/fw1/*.log* -ctime +217 -print -exec rm -f {} \;

The parameter ctime is the amount of days for the logs to keep.

Run the script with cron:

[Expert@fw1]# crontab -l

# DO NOT EDIT THIS FILE - edit the master and reinstall.

# (/tmp/crontab.19431 installed on Mon May 10 10:21:33 2010)

# (Cron version -- $Id: crontab.c,v 2.13 1994/01/17 03:20:37 vixie Exp $)

42 11 * * * /usr/bin/del_logs.sh

50 2 * * 1,2,3,4,5,6,7 backup_util sched

Now you’re able to delete the old logs as you like. If you backup your firewall or SmartCenter to your local disc, maybe you want to do this with your backups, too?

Friday, December 16, 2011

Checkpoint - SecureXL

When SecureXL is enabled, all traffic that matches following conditions will not be accelerated:

* The first packets of any new TCP session, unless a "template" exists.
* The first packet of any new UDP session.
* All traffic that matches a service that uses a resource.
* All traffic that matches a service that is inspected by a SmartDefence or Web Intelligence feature.
* All traffic that is supposed to be dropped or rejected, according to the rule base.
* All traffic that matches a rule, whose source or destination is the gateway itself.
* All traffic that matches a rule with a security server.
* All traffic that matches a rule with user authentication or session authentication.
* Non-TCP/UDP/GRE/ESP trafic (e.g. ICMP, IGRP, etc.)
* All multicast traffic. **** Prior to IPSO-3.9. In IPSO-3.9 has support for Multicast PIM acceleration for IP225x. IPSO-4.2 supports Multicast PIM acceleration for all Nokia Platforms.
* All fragmented traffic.
* All traffic with IP options.
* RST packets, when the "Spoofed Reset Protection" feature is activated.
* Traffic that violates stateful inspection paradigm or that is suspected to be spoofed.
* Rules where the service has an INSPECT handler (e.g. FTP control connection)
* Rules with action "encrypt" with no VPN H/W Accelerator card.
* All VoIP traffic
* All VPN traffic with IP Compression enabled.
* All directed broadcast traff

Connection establishment acceleration ("templates" mechanism)

In order to enhance connection establishment acceleration, a mechanism attempts to "group together" all connections that match a particular service and whose sole discriminating element is the source port. This type of "grouping" enables even the very first packets of a TCP handshake to be accelerated. This is very useful on short connections, in which the percentage of TCP handshake traffic is very high.

The very first packets of the first connection on the same service will be forwarded to the security gateway, which will then create a "template" of the connection and notify the SecureXL device. Any subsequent TCP establishments on the same service (where only the source port is different) will already be accelerated (as well as any other traffic, of course).

Conditions that will prevent a template from being created:

* All connections that cannot be discriminated ONLY by the source port.
* Traffic subject to NAT.
* VPN traffic.
* Non-trivial TCP/UDP connections (FTP, H323, etc.).
* Non-TCP/UDP traffic.

Thursday, December 8, 2011

FTP : Active/Passive Modes

FTP
===

Two types - Active and Passive

Passive : Client will always intaiate connection
------------------------------------------------

1. Client:Hightport -> server:21
2. Server will reply with a hightend port (>1023) in PORT command
3. Client:Hightport -> Server : high port (which server replied with port command)
4. Server will ACK the 3rd step

Passive FTP :

command : client >1023 -> server 21
data : client >1023 -> server >1023

Active : Both Client and Server intaiates connection
----------------------------------------------------

1. Client:HighPOrt->Server:21 and issues port command with (Highport+1) say 1024+1=1025 to connect back
2. Server :21-> Client : Highport :- Server ACK the connection
3. Server : 20->Client:Hightport+1 (the one mentioned in the port command in step 2)
4. Client:Hightport+1->server: 20 :- Client Send ACK to Server

Active FTP :
command : client >1023 -> server 21
data : client >(1023+1) <- server 20

Tuesday, December 6, 2011

HP : ILO : CLI

ust ssh to the IP that you configured the iLO

admin@shellcore:~ $ ssh admin@192.168.50.118
admin@192.168.50.118′s password:
User: admin logged-in to ILO_TESTLABHP.(192.168.50.118)
iLO 2 Advanced Evaluation 1.81 at
Server Name: proliant_g5
Server Power: On

hpiLO->

Since I will access through a text terminal, Linux is configured to use the serial port (configured through the file /boot/grub/grub.conf)

hpiLO-> help
status=0
status_tag=COMMAND COMPLETED

DMTF SMASH CLP Commands:

help : Used to get context sensitive help.
show : Used to show values of a property or contents of a collection target.
create : Used to create new user account in the name space of the MAP.
Example: create /map1/accounts1 username= password=
name=
group=

delete : Used to delete user account in the name space of the MAP.
Example: delete /map1/accounts1/

load : Used to move a binary image from an URL to the MAP. The URL is
limited to 80 characters
Example : load -source http://192.168.1.1/images/fw/iLO2_130.bin

reset : Used to cause a target to cycle from enabled to disabled and back to
enabled.

set : Used to set a property or set of properties to a specific value.
start : Used to cause a target to change state to a higher run level.
stop : Used to cause a target to change state to a lower run level.
cd : Used to set the current default target.
Example: cd targetname

exit : Used to terminate the CLP session.
version : Used to query the version of the CLP implementation or other CLP
elements.

oemhp_ping : Used to determine if an IP address is reachable from this iLO 2.
Example : oemhp_ping 192.168.1.1 , where 192.168.1.1 is the IP address that you wish
to ping

oemhp_loadSSHKey : Used to authorize a SSH Key File from an URL The URL is
limited to 80 characters
Example : oemhp_loadSSHKey -source http://UserName:password@192.168.1.1/images/SSHkey1.ppk

HP CLI Commands:

POWER : Control server power.
UID : Control Unit-ID light.
NMI : Generate an NMI.
VM : Virtual media commands.
VSP : Invoke virtual serial port.

Type VSP and you’re in. To login as root you need to include the serial port (in this case ttyS1) on your /etc/securetty file or you will be given the error message that your user or password is wrong.

hpiLO-> VSP

Starting virtual serial port.
Press ‘ESC (‘ to return to the CLI Session.

hpiLO-> Virtual Serial Port active: IO=0x02F8 INT=3

login as:

To exit, press Esc and then ( – left parenthesis

Checkpoint : SNMP Support : cpsnmpd

urrently, cpsnmpd only support SNMP version 1. As shown in last line of /var/etc/snmpd.conf.

proxy -v 1 -p 260 -c public localhost .1.3.6.1.4.1.2620

Check Point snmp daemon (cpsnmpd) process is binded to port 260 (as opposed to the default port 161). cpsnmpd can be enabled via cpconfig [select 'SNMP Extensions'] or $FWDIR/bin/cpsnmpd -p 260 command. Since IPSO 3.1, IPSO is able to act as proxy to poll Checkpoint MIBs. I.e, user can poll Checkpoint MIB via port 161.

The following shows the output of snmp polling on port 260 using snmp version 1 & 2c. 'public' was used as snmp community name.

SNMP polling was successfully when SNMP version 1 was used

[root@linux root]# snmpwalk -v 1 -c public 10.58.18.70:260 -On .1.3.6.1.4.1.2620.1.1.25.1.0

.1.3.6.1.4.1.2620.1.1.25.1.0 = STRING: "Standard"

[root@linux root]#

SNMP polling failed when SNMP version 2c was used

[root@linux root]# snmpwalk -v 2c -c public 10.58.18.70:260 -On .1.3.6.1.4.1.2620.1.1.25.1.0

Timeout: No Response from 10.58.18.70:260

[root@linux root]#

SNMP polling using v2c without port 260 was successful

[root@linux root]# snmpwalk -v 2c -c public 10.58.18.70 .1.3.6.1.4.1.2620.1.1.25.1.0

SNMPv2-SMI::enterprises.2620.1.1.25.1.0 = STRING: "Standard"

[root@linux root]#

Monitoring Checkpoint Firewalls with SNMP

I've been doing some work for a client with Checkpoint Firewalls (running Secure Platform, or SPLAT), and wanted to monitor them using SNMP. The two main reasons being;

1. To graph Accepted/Dropped/Rejected packets over time and

2. To Poll the Firewalls for status using 3rd Party Management Tools like "Whats Up Gold" and "BMC Patrol".

So a brief summary of what I had to do to get it to work correctly:

1. Enable SNMPD

chkconfig snmpd on

service snmpd start

2. Edit /etc/snmp/snmpd.conf
Add "rocommunity NotPublicCommunityString 192.168.0.1"

Add "proxy -v1 -c public 127.0.0.1:260 .1.3.6.1.4.1.2620"

3. Edit $FWDIR/conf/snmp.C

Add :snmp_community (
:read (“public”)
:write(“private”)
)

4. Run cpconfig, and enable the cpsnmpd extension

5. Add required security rule to permit access to the firewall from the management server(s) (SNMP-UDP/161) (You don't need to permit access to cpsnmpd-UDP/260)

Following these changes you should be able to do a 'netstat -an' and see the cpsnmpd listening on :260, and perform a local snmp check:

snmpwalk -v1 -c public localhost 1.3.6.1.4.1.2620.1.6

Gotchas to note:

1. The local snmpwalk above uses the "public" string - the one in snmp.C - NOT the one in snmpd.conf

2. snmpwalk from a remote host uses the "NotPublicCommunityString" - not "public"

3. snmpwalk locally (and maybe remotely) using just the OID 1.3.6.1.4.1.2620 causes the cpsnmpd process to die (need to restart it using '$CPDIR/bin/cpsnmpd -p 260' or cpstop, cpstart)

Once the above are done the management servers can query the enforcement module for Checkpoint SNMP OIDs, such as accepted packets, dropped packets and Checkpoint OS OIDs like CPU usage (accurate), memory usage etc. These queries go to the Firewall on UDP/161 and internally the snmpd process proxies the snmp request for OID .1.3.6.1.4.1.2620 (checkpoint) to the cpsnmpd process on UDP/260.

This happens by default in Nokia IPSO, but not on SecurePlatform.

Some good OIDs to Graph:

Active Real Memory .1.3.6.1.4.1.2620.1.6.7.4.4.0
Total Real Memory .1.3.6.1.4.1.2620.1.6.7.4.3.0
Packets accepted .1.3.6.1.4.1.2620.1.1.4.0
Packets dropped .1.3.6.1.4.1.2620.1.1.6.0
Packets rejected .1.3.6.1.4.1.2620.1.1.5.0
Packets logged .1.3.6.1.4.1.2620.1.1.7.0
Current connections .1.3.6.1.4.1.2620.1.1.25.3.0
Processor (System) .1.3.6.1.4.1.2620.1.6.7.2.2.0
Processor (User) .1.3.6.1.4.1.2620.1.6.7.2.1.0

And good OIDs to monitor for status:
Firewall Module State (Installed) .1.3.6.1.4.1.2620.1.1.1.0
Processor Usage .1.3.6.1.4.1.2620.1.6.7.2.4.0

Useful Links:

Cacti - An excellent (+free) web front end to MRTG/RRD-Tool

Cacti Templates Index - Although the supplied Checkpoint/Nokia ones didnt work for me without customisation. I created some more graphs and data sources using the above OIDs.

What's Up Gold - The new version is very nice. Excellent Web based multi-user UI.

Checkpoint : SNMP OID

Object Name	Object Identifier
checkpoint	1.3.6.1.4.1.2620
products	1.3.6.1.4.1.2620.1
fw	1.3.6.1.4.1.2620.1.1
fwModuleState	1.3.6.1.4.1.2620.1.1.1
fwProduct	1.3.6.1.4.1.2620.1.1.10
fwEvent	1.3.6.1.4.1.2620.1.1.11
fwFilterName	1.3.6.1.4.1.2620.1.1.2
fwProdName	1.3.6.1.4.1.2620.1.1.21
fwVerMajor	1.3.6.1.4.1.2620.1.1.22
fwVerMinor	1.3.6.1.4.1.2620.1.1.23
fwKernelBuild	1.3.6.1.4.1.2620.1.1.24
fwPolicyStat	1.3.6.1.4.1.2620.1.1.25
fwPolicyName	1.3.6.1.4.1.2620.1.1.25.1
fwInstallTime	1.3.6.1.4.1.2620.1.1.25.2
fwNumConn	1.3.6.1.4.1.2620.1.1.25.3
fwPeakNumConn	1.3.6.1.4.1.2620.1.1.25.4
fwIfTable	1.3.6.1.4.1.2620.1.1.25.5
fwIfEntry	1.3.6.1.4.1.2620.1.1.25.5.1
fwIfIndex	1.3.6.1.4.1.2620.1.1.25.5.1.1
fwDropPcktsOut	1.3.6.1.4.1.2620.1.1.25.5.1.10
fwRejectPcktsIn	1.3.6.1.4.1.2620.1.1.25.5.1.11
fwRejectPcktsOut	1.3.6.1.4.1.2620.1.1.25.5.1.12
fwLogIn	1.3.6.1.4.1.2620.1.1.25.5.1.13
fwLogOut	1.3.6.1.4.1.2620.1.1.25.5.1.14
fwIfName	1.3.6.1.4.1.2620.1.1.25.5.1.2
fwAcceptPcktsIn	1.3.6.1.4.1.2620.1.1.25.5.1.5
fwAcceptPcktsOut	1.3.6.1.4.1.2620.1.1.25.5.1.6
fwAcceptBytesIn	1.3.6.1.4.1.2620.1.1.25.5.1.7
fwAcceptBytesOut	1.3.6.1.4.1.2620.1.1.25.5.1.8
fwDropPcktsIn	1.3.6.1.4.1.2620.1.1.25.5.1.9
fwPerfStat	1.3.6.1.4.1.2620.1.1.26
fwHmem	1.3.6.1.4.1.2620.1.1.26.1
fwHmem-block-size	1.3.6.1.4.1.2620.1.1.26.1.1
fwHmem-maximum-pools	1.3.6.1.4.1.2620.1.1.26.1.10
fwHmem-bytes-used	1.3.6.1.4.1.2620.1.1.26.1.11
fwHmem-blocks-used	1.3.6.1.4.1.2620.1.1.26.1.12
fwHmem-bytes-unused	1.3.6.1.4.1.2620.1.1.26.1.13
fwHmem-blocks-unused	1.3.6.1.4.1.2620.1.1.26.1.14
fwHmem-bytes-peak	1.3.6.1.4.1.2620.1.1.26.1.15
fwHmem-blocks-peak	1.3.6.1.4.1.2620.1.1.26.1.16
fwHmem-bytes-internal-use	1.3.6.1.4.1.2620.1.1.26.1.17
fwHmem-number-of-items	1.3.6.1.4.1.2620.1.1.26.1.18
fwHmem-alloc-operations	1.3.6.1.4.1.2620.1.1.26.1.19
fwHmem-requested-bytes	1.3.6.1.4.1.2620.1.1.26.1.2
fwHmem-free-operations	1.3.6.1.4.1.2620.1.1.26.1.20
fwHmem-failed-alloc	1.3.6.1.4.1.2620.1.1.26.1.21
fwHmem-failed-free	1.3.6.1.4.1.2620.1.1.26.1.22
fwHmem-initial-allocated-bytes	1.3.6.1.4.1.2620.1.1.26.1.3
fwHmem-initial-allocated-blocks	1.3.6.1.4.1.2620.1.1.26.1.4
fwHmem-initial-allocated-pools	1.3.6.1.4.1.2620.1.1.26.1.5
fwHmem-current-allocated-bytes	1.3.6.1.4.1.2620.1.1.26.1.6
fwHmem-current-allocated-blocks	1.3.6.1.4.1.2620.1.1.26.1.7
fwHmem-current-allocated-pools	1.3.6.1.4.1.2620.1.1.26.1.8
fwHmem-maximum-bytes	1.3.6.1.4.1.2620.1.1.26.1.9
fwKmem	1.3.6.1.4.1.2620.1.1.26.2
fwKmem-system-physical-mem	1.3.6.1.4.1.2620.1.1.26.2.1
fwKmem-non-blocking-bytes-peak	1.3.6.1.4.1.2620.1.1.26.2.10
fwKmem-bytes-internal-use	1.3.6.1.4.1.2620.1.1.26.2.11
fwKmem-number-of-items	1.3.6.1.4.1.2620.1.1.26.2.12
fwKmem-alloc-operations	1.3.6.1.4.1.2620.1.1.26.2.13
fwKmem-free-operations	1.3.6.1.4.1.2620.1.1.26.2.14
fwKmem-failed-alloc	1.3.6.1.4.1.2620.1.1.26.2.15
fwKmem-failed-free	1.3.6.1.4.1.2620.1.1.26.2.16
fwKmem-available-physical-mem	1.3.6.1.4.1.2620.1.1.26.2.2
fwKmem-aix-heap-size	1.3.6.1.4.1.2620.1.1.26.2.3
fwKmem-bytes-used	1.3.6.1.4.1.2620.1.1.26.2.4
fwKmem-blocking-bytes-used	1.3.6.1.4.1.2620.1.1.26.2.5
fwKmem-non-blocking-bytes-used	1.3.6.1.4.1.2620.1.1.26.2.6
fwKmem-bytes-unused	1.3.6.1.4.1.2620.1.1.26.2.7
fwKmem-bytes-peak	1.3.6.1.4.1.2620.1.1.26.2.8
fwKmem-blocking-bytes-peak	1.3.6.1.4.1.2620.1.1.26.2.9
fwInspect	1.3.6.1.4.1.2620.1.1.26.3
fwInspect-packets	1.3.6.1.4.1.2620.1.1.26.3.1
fwInspect-operations	1.3.6.1.4.1.2620.1.1.26.3.2
fwInspect-lookups	1.3.6.1.4.1.2620.1.1.26.3.3
fwInspect-record	1.3.6.1.4.1.2620.1.1.26.3.4
fwInspect-extract	1.3.6.1.4.1.2620.1.1.26.3.5
fwCookies	1.3.6.1.4.1.2620.1.1.26.4
fwCookies-total	1.3.6.1.4.1.2620.1.1.26.4.1
fwCookies-allocfwCookies-total	1.3.6.1.4.1.2620.1.1.26.4.2
fwCookies-freefwCookies-total	1.3.6.1.4.1.2620.1.1.26.4.3
fwCookies-dupfwCookies-total	1.3.6.1.4.1.2620.1.1.26.4.4
fwCookies-getfwCookies-total	1.3.6.1.4.1.2620.1.1.26.4.5
fwCookies-putfwCookies-total	1.3.6.1.4.1.2620.1.1.26.4.6
fwCookies-lenfwCookies-total	1.3.6.1.4.1.2620.1.1.26.4.7
fwChains	1.3.6.1.4.1.2620.1.1.26.5
fwChains-alloc	1.3.6.1.4.1.2620.1.1.26.5.1
fwChains-free	1.3.6.1.4.1.2620.1.1.26.5.2
fwFragments	1.3.6.1.4.1.2620.1.1.26.6
fwFrag-fragments	1.3.6.1.4.1.2620.1.1.26.6.1
fwFrag-expired	1.3.6.1.4.1.2620.1.1.26.6.2
fwFrag-packets	1.3.6.1.4.1.2620.1.1.26.6.3
fwUfp	1.3.6.1.4.1.2620.1.1.26.8
fwUfpHitRatio	1.3.6.1.4.1.2620.1.1.26.8.1
fwUfpInspected	1.3.6.1.4.1.2620.1.1.26.8.2
fwUfpHits	1.3.6.1.4.1.2620.1.1.26.8.3
fwSS	1.3.6.1.4.1.2620.1.1.26.9
fwSS-http	1.3.6.1.4.1.2620.1.1.26.9.1
fwSS-http-pid	1.3.6.1.4.1.2620.1.1.26.9.1.1
fwSS-http-sess-curr	1.3.6.1.4.1.2620.1.1.26.9.1.10
fwSS-http-sess-count	1.3.6.1.4.1.2620.1.1.26.9.1.11
fwSS-http-auth-sess-max	1.3.6.1.4.1.2620.1.1.26.9.1.12
fwSS-http-auth-sess-curr	1.3.6.1.4.1.2620.1.1.26.9.1.13
fwSS-http-auth-sess-count	1.3.6.1.4.1.2620.1.1.26.9.1.14
fwSS-http-accepted-sess	1.3.6.1.4.1.2620.1.1.26.9.1.15
fwSS-http-rejected-sess	1.3.6.1.4.1.2620.1.1.26.9.1.16
fwSS-http-auth-failures	1.3.6.1.4.1.2620.1.1.26.9.1.17
fwSS-http-ops-cvp-sess-max	1.3.6.1.4.1.2620.1.1.26.9.1.18
fwSS-http-ops-cvp-sess-curr	1.3.6.1.4.1.2620.1.1.26.9.1.19
fwSS-http-proto	1.3.6.1.4.1.2620.1.1.26.9.1.2
fwSS-http-ops-cvp-sess-count	1.3.6.1.4.1.2620.1.1.26.9.1.20
fwSS-http-ops-cvp-rej-sess	1.3.6.1.4.1.2620.1.1.26.9.1.21
fwSS-http-ssl-encryp-sess-max	1.3.6.1.4.1.2620.1.1.26.9.1.22
fwSS-http-ssl-encryp-sess-curr	1.3.6.1.4.1.2620.1.1.26.9.1.23
fwSS-http-ssl-encryp-sess-count	1.3.6.1.4.1.2620.1.1.26.9.1.24
fwSS-http-transp-sess-max	1.3.6.1.4.1.2620.1.1.26.9.1.25
fwSS-http-transp-sess-curr	1.3.6.1.4.1.2620.1.1.26.9.1.26
fwSS-http-transp-sess-count	1.3.6.1.4.1.2620.1.1.26.9.1.27
fwSS-http-proxied-sess-max	1.3.6.1.4.1.2620.1.1.26.9.1.28
fwSS-http-proxied-sess-curr	1.3.6.1.4.1.2620.1.1.26.9.1.29
fwSS-http-port	1.3.6.1.4.1.2620.1.1.26.9.1.3
fwSS-http-proxied-sess-count	1.3.6.1.4.1.2620.1.1.26.9.1.30
fwSS-http-tunneled-sess-max	1.3.6.1.4.1.2620.1.1.26.9.1.31
fwSS-http-tunneled-sess-curr	1.3.6.1.4.1.2620.1.1.26.9.1.32
fwSS-http-tunneled-sess-count	1.3.6.1.4.1.2620.1.1.26.9.1.33
fwSS-http-ftp-sess-max	1.3.6.1.4.1.2620.1.1.26.9.1.34
fwSS-http-ftp-sess-curr	1.3.6.1.4.1.2620.1.1.26.9.1.35
fwSS-http-ftp-sess-count	1.3.6.1.4.1.2620.1.1.26.9.1.36
fwSS-http-time-stamp	1.3.6.1.4.1.2620.1.1.26.9.1.37
fwSS-http-is-alive	1.3.6.1.4.1.2620.1.1.26.9.1.38
fwSS-http-logical-port	1.3.6.1.4.1.2620.1.1.26.9.1.4
fwSS-http-max-avail-socket	1.3.6.1.4.1.2620.1.1.26.9.1.5
fwSS-http-socket-in-use-max	1.3.6.1.4.1.2620.1.1.26.9.1.6
fwSS-http-socket-in-use-curr	1.3.6.1.4.1.2620.1.1.26.9.1.7
fwSS-http-socket-in-use-count	1.3.6.1.4.1.2620.1.1.26.9.1.8
fwSS-http-sess-max	1.3.6.1.4.1.2620.1.1.26.9.1.9
fwSS-ftp	1.3.6.1.4.1.2620.1.1.26.9.2
fwSS-ftp-pid	1.3.6.1.4.1.2620.1.1.26.9.2.1
fwSS-ftp-sess-curr	1.3.6.1.4.1.2620.1.1.26.9.2.10
fwSS-ftp-sess-count	1.3.6.1.4.1.2620.1.1.26.9.2.11
fwSS-ftp-auth-sess-max	1.3.6.1.4.1.2620.1.1.26.9.2.12
fwSS-ftp-auth-sess-curr	1.3.6.1.4.1.2620.1.1.26.9.2.13
fwSS-ftp-auth-sess-count	1.3.6.1.4.1.2620.1.1.26.9.2.14
fwSS-ftp-accepted-sess	1.3.6.1.4.1.2620.1.1.26.9.2.15
fwSS-ftp-rejected-sess	1.3.6.1.4.1.2620.1.1.26.9.2.16
fwSS-ftp-auth-failures	1.3.6.1.4.1.2620.1.1.26.9.2.17
fwSS-ftp-ops-cvp-sess-max	1.3.6.1.4.1.2620.1.1.26.9.2.18
fwSS-ftp-ops-cvp-sess-curr	1.3.6.1.4.1.2620.1.1.26.9.2.19
fwSS-ftp-proto	1.3.6.1.4.1.2620.1.1.26.9.2.2
fwSS-ftp-ops-cvp-sess-count	1.3.6.1.4.1.2620.1.1.26.9.2.20
fwSS-ftp-ops-cvp-rej-sess	1.3.6.1.4.1.2620.1.1.26.9.2.21
fwSS-ftp-time-stamp	1.3.6.1.4.1.2620.1.1.26.9.2.22
fwSS-ftp-is-alive	1.3.6.1.4.1.2620.1.1.26.9.2.23
fwSS-ftp-port	1.3.6.1.4.1.2620.1.1.26.9.2.3
fwSS-ftp-logical-port	1.3.6.1.4.1.2620.1.1.26.9.2.4
fwSS-ftp-max-avail-socket	1.3.6.1.4.1.2620.1.1.26.9.2.5
fwSS-ftp-socket-in-use-max	1.3.6.1.4.1.2620.1.1.26.9.2.6
fwSS-ftp-socket-in-use-curr	1.3.6.1.4.1.2620.1.1.26.9.2.7
fwSS-ftp-socket-in-use-count	1.3.6.1.4.1.2620.1.1.26.9.2.8
fwSS-ftp-sess-max	1.3.6.1.4.1.2620.1.1.26.9.2.9
fwSS-telnet	1.3.6.1.4.1.2620.1.1.26.9.3
fwSS-telnet-pid	1.3.6.1.4.1.2620.1.1.26.9.3.1
fwSS-telnet-sess-curr	1.3.6.1.4.1.2620.1.1.26.9.3.10
fwSS-telnet-sess-count	1.3.6.1.4.1.2620.1.1.26.9.3.11
fwSS-telnet-auth-sess-max	1.3.6.1.4.1.2620.1.1.26.9.3.12
fwSS-telnet-auth-sess-curr	1.3.6.1.4.1.2620.1.1.26.9.3.13
fwSS-telnet-auth-sess-count	1.3.6.1.4.1.2620.1.1.26.9.3.14
fwSS-telnet-accepted-sess	1.3.6.1.4.1.2620.1.1.26.9.3.15
fwSS-telnet-rejected-sess	1.3.6.1.4.1.2620.1.1.26.9.3.16
fwSS-telnet-auth-failures	1.3.6.1.4.1.2620.1.1.26.9.3.17
fwSS-telnet-time-stamp	1.3.6.1.4.1.2620.1.1.26.9.3.18
fwSS-telnet-is-alive	1.3.6.1.4.1.2620.1.1.26.9.3.19
fwSS-telnet-proto	1.3.6.1.4.1.2620.1.1.26.9.3.2
fwSS-telnet-port	1.3.6.1.4.1.2620.1.1.26.9.3.3
fwSS-telnet-logical-port	1.3.6.1.4.1.2620.1.1.26.9.3.4
fwSS-telnet-max-avail-socket	1.3.6.1.4.1.2620.1.1.26.9.3.5
fwSS-telnet-socket-in-use-max	1.3.6.1.4.1.2620.1.1.26.9.3.6
fwSS-telnet-socket-in-use-curr	1.3.6.1.4.1.2620.1.1.26.9.3.7
fwSS-telnet-socket-in-use-count	1.3.6.1.4.1.2620.1.1.26.9.3.8
fwSS-telnet-sess-max	1.3.6.1.4.1.2620.1.1.26.9.3.9
fwSS-rlogin	1.3.6.1.4.1.2620.1.1.26.9.4
fwSS-rlogin-pid	1.3.6.1.4.1.2620.1.1.26.9.4.1
fwSS-rlogin-sess-curr	1.3.6.1.4.1.2620.1.1.26.9.4.10
fwSS-rlogin-sess-count	1.3.6.1.4.1.2620.1.1.26.9.4.11
fwSS-rlogin-auth-sess-max	1.3.6.1.4.1.2620.1.1.26.9.4.12
fwSS-rlogin-auth-sess-curr	1.3.6.1.4.1.2620.1.1.26.9.4.13
fwSS-rlogin-auth-sess-count	1.3.6.1.4.1.2620.1.1.26.9.4.14
fwSS-rlogin-accepted-sess	1.3.6.1.4.1.2620.1.1.26.9.4.15
fwSS-rlogin-rejected-sess	1.3.6.1.4.1.2620.1.1.26.9.4.16
fwSS-rlogin-auth-failures	1.3.6.1.4.1.2620.1.1.26.9.4.17
fwSS-rlogin-time-stamp	1.3.6.1.4.1.2620.1.1.26.9.4.18
fwSS-rlogin-is-alive	1.3.6.1.4.1.2620.1.1.26.9.4.19
fwSS-rlogin-proto	1.3.6.1.4.1.2620.1.1.26.9.4.2
fwSS-rlogin-port	1.3.6.1.4.1.2620.1.1.26.9.4.3
fwSS-rlogin-logical-port	1.3.6.1.4.1.2620.1.1.26.9.4.4
fwSS-rlogin-max-avail-socket	1.3.6.1.4.1.2620.1.1.26.9.4.5
fwSS-rlogin-socket-in-use-max	1.3.6.1.4.1.2620.1.1.26.9.4.6
fwSS-rlogin-socket-in-use-curr	1.3.6.1.4.1.2620.1.1.26.9.4.7
fwSS-rlogin-socket-in-use-count	1.3.6.1.4.1.2620.1.1.26.9.4.8
fwSS-rlogin-sess-max	1.3.6.1.4.1.2620.1.1.26.9.4.9
fwSS-ufp	1.3.6.1.4.1.2620.1.1.26.9.5
fwSS-ufp-ops-ufp-sess-max	1.3.6.1.4.1.2620.1.1.26.9.5.1
fwSS-ufp-ops-ufp-sess-curr	1.3.6.1.4.1.2620.1.1.26.9.5.2
fwSS-ufp-ops-ufp-sess-count	1.3.6.1.4.1.2620.1.1.26.9.5.3
fwSS-ufp-ops-ufp-rej-sess	1.3.6.1.4.1.2620.1.1.26.9.5.4
fwSS-ufp-time-stamp	1.3.6.1.4.1.2620.1.1.26.9.5.5
fwSS-ufp-is-alive	1.3.6.1.4.1.2620.1.1.26.9.5.6
fwSS-smtp	1.3.6.1.4.1.2620.1.1.26.9.6
fwSS-smtp-pid	1.3.6.1.4.1.2620.1.1.26.9.6.1
fwSS-smtp-sess-curr	1.3.6.1.4.1.2620.1.1.26.9.6.10
fwSS-smtp-sess-count	1.3.6.1.4.1.2620.1.1.26.9.6.11
fwSS-smtp-auth-sess-max	1.3.6.1.4.1.2620.1.1.26.9.6.12
fwSS-smtp-auth-sess-curr	1.3.6.1.4.1.2620.1.1.26.9.6.13
fwSS-smtp-auth-sess-count	1.3.6.1.4.1.2620.1.1.26.9.6.14
fwSS-smtp-accepted-sess	1.3.6.1.4.1.2620.1.1.26.9.6.15
fwSS-smtp-rejected-sess	1.3.6.1.4.1.2620.1.1.26.9.6.16
fwSS-smtp-auth-failures	1.3.6.1.4.1.2620.1.1.26.9.6.17
fwSS-smtp-mail-max	1.3.6.1.4.1.2620.1.1.26.9.6.18
fwSS-smtp-mail-curr	1.3.6.1.4.1.2620.1.1.26.9.6.19
fwSS-smtp-proto	1.3.6.1.4.1.2620.1.1.26.9.6.2
fwSS-smtp-mail-count	1.3.6.1.4.1.2620.1.1.26.9.6.20
fwSS-smtp-outgoing-mail-max	1.3.6.1.4.1.2620.1.1.26.9.6.21
fwSS-smtp-outgoing-mail-curr	1.3.6.1.4.1.2620.1.1.26.9.6.22
fwSS-smtp-outgoing-mail-count	1.3.6.1.4.1.2620.1.1.26.9.6.23
fwSS-smtp-max-mail-on-conn	1.3.6.1.4.1.2620.1.1.26.9.6.24
fwSS-smtp-total-mails	1.3.6.1.4.1.2620.1.1.26.9.6.25
fwSS-smtp-time-stamp	1.3.6.1.4.1.2620.1.1.26.9.6.26
fwSS-smtp-is-alive	1.3.6.1.4.1.2620.1.1.26.9.6.27
fwSS-smtp-port	1.3.6.1.4.1.2620.1.1.26.9.6.3
fwSS-smtp-logical-port	1.3.6.1.4.1.2620.1.1.26.9.6.4
fwSS-smtp-max-avail-socket	1.3.6.1.4.1.2620.1.1.26.9.6.5
fwSS-smtp-socket-in-use-max	1.3.6.1.4.1.2620.1.1.26.9.6.6
fwSS-smtp-socket-in-use-curr	1.3.6.1.4.1.2620.1.1.26.9.6.7
fwSS-smtp-socket-in-use-count	1.3.6.1.4.1.2620.1.1.26.9.6.8
fwSS-smtp-sess-max	1.3.6.1.4.1.2620.1.1.26.9.6.9
fwFilterDate	1.3.6.1.4.1.2620.1.1.3
fwAccepted	1.3.6.1.4.1.2620.1.1.4
fwRejected	1.3.6.1.4.1.2620.1.1.5
fwDropped	1.3.6.1.4.1.2620.1.1.6
fwLogged	1.3.6.1.4.1.2620.1.1.7
fwMajor	1.3.6.1.4.1.2620.1.1.8
fwMinor	1.3.6.1.4.1.2620.1.1.9
ls	1.3.6.1.4.1.2620.1.11
lsProdName	1.3.6.1.4.1.2620.1.11.1
lsStatCode	1.3.6.1.4.1.2620.1.11.101
lsStatShortDescr	1.3.6.1.4.1.2620.1.11.102
lsStatLongDescr	1.3.6.1.4.1.2620.1.11.103
lsVerMajor	1.3.6.1.4.1.2620.1.11.2
lsVerMinor	1.3.6.1.4.1.2620.1.11.3
lsBuildNumber	1.3.6.1.4.1.2620.1.11.4
lsFwmIsAlive	1.3.6.1.4.1.2620.1.11.5
lsConnectedClientsTable	1.3.6.1.4.1.2620.1.11.7
lsConnectedClientsEntry	1.3.6.1.4.1.2620.1.11.7.1
lsIndex	1.3.6.1.4.1.2620.1.11.7.1.1
lsClientName	1.3.6.1.4.1.2620.1.11.7.1.2
lsClientHost	1.3.6.1.4.1.2620.1.11.7.1.3
lsClientDbLock	1.3.6.1.4.1.2620.1.11.7.1.4
lsApplicationType	1.3.6.1.4.1.2620.1.11.7.1.5
vpn	1.3.6.1.4.1.2620.1.2
cpvProdName	1.3.6.1.4.1.2620.1.2.1
cpvIPsec	1.3.6.1.4.1.2620.1.2.10
cpvTnlMon	1.3.6.1.4.1.2620.1.2.11
cpvTnlMonEntry	1.3.6.1.4.1.2620.1.2.11.1
cpvTnlMonAddr	1.3.6.1.4.1.2620.1.2.11.1.1
cpvTnlMonStatus	1.3.6.1.4.1.2620.1.2.11.1.2
cpvTnlMonCurrAddr	1.3.6.1.4.1.2620.1.2.11.1.3
cpvVerMajor	1.3.6.1.4.1.2620.1.2.2
cpvVerMinor	1.3.6.1.4.1.2620.1.2.3
cpvGeneral	1.3.6.1.4.1.2620.1.2.4
cpvStatistics	1.3.6.1.4.1.2620.1.2.4.1
cpvEncPackets	1.3.6.1.4.1.2620.1.2.4.1.1
cpvDecPackets	1.3.6.1.4.1.2620.1.2.4.1.2
cpvErrors	1.3.6.1.4.1.2620.1.2.4.2
cpvErrOut	1.3.6.1.4.1.2620.1.2.4.2.1
cpvErrIn	1.3.6.1.4.1.2620.1.2.4.2.2
cpvErrIke	1.3.6.1.4.1.2620.1.2.4.2.3
cpvErrPolicy	1.3.6.1.4.1.2620.1.2.4.2.4
cpvIpsec	1.3.6.1.4.1.2620.1.2.5
cpvIPsecNIC	1.3.6.1.4.1.2620.1.2.5.1
cpvIPsecNICsNum	1.3.6.1.4.1.2620.1.2.5.1.1
cpvIPsecNICTotalDownLoadedSAs	1.3.6.1.4.1.2620.1.2.5.1.2
cpvIPsecNICCurrDownLoadedSAs	1.3.6.1.4.1.2620.1.2.5.1.3
cpvIPsecNICDecrBytes	1.3.6.1.4.1.2620.1.2.5.1.4
cpvIPsecNICEncrBytes	1.3.6.1.4.1.2620.1.2.5.1.5
cpvIPsecNICDecrPackets	1.3.6.1.4.1.2620.1.2.5.1.6
cpvIPsecNICEncrPackets	1.3.6.1.4.1.2620.1.2.5.1.7
cpvSaStatistics	1.3.6.1.4.1.2620.1.2.5.2
cpvCurrEspSAsIn	1.3.6.1.4.1.2620.1.2.5.2.1
cpvMaxConncurEspSAsOut	1.3.6.1.4.1.2620.1.2.5.2.10
cpvMaxConncurAhSAsIn	1.3.6.1.4.1.2620.1.2.5.2.11
cpvMaxConncurAhSAsOut	1.3.6.1.4.1.2620.1.2.5.2.12
cpvTotalEspSAsIn	1.3.6.1.4.1.2620.1.2.5.2.2
cpvCurrEspSAsOut	1.3.6.1.4.1.2620.1.2.5.2.3
cpvTotalEspSAsOut	1.3.6.1.4.1.2620.1.2.5.2.4
cpvCurrAhSAsIn	1.3.6.1.4.1.2620.1.2.5.2.5
cpvTotalAhSAsIn	1.3.6.1.4.1.2620.1.2.5.2.6
cpvCurrAhSAsOut	1.3.6.1.4.1.2620.1.2.5.2.7
cpvTotalAhSAsOut	1.3.6.1.4.1.2620.1.2.5.2.8
cpvMaxConncurEspSAsIn	1.3.6.1.4.1.2620.1.2.5.2.9
cpvSaErrors	1.3.6.1.4.1.2620.1.2.5.3
cpvSaDecrErr	1.3.6.1.4.1.2620.1.2.5.3.1
cpvSaAuthErr	1.3.6.1.4.1.2620.1.2.5.3.2
cpvSaReplayErr	1.3.6.1.4.1.2620.1.2.5.3.3
cpvSaPolicyErr	1.3.6.1.4.1.2620.1.2.5.3.4
cpvSaOtherErrIn	1.3.6.1.4.1.2620.1.2.5.3.5
cpvSaOtherErrOut	1.3.6.1.4.1.2620.1.2.5.3.6
cpvSaUnknownSpiErr	1.3.6.1.4.1.2620.1.2.5.3.7
cpvIpsecStatistics	1.3.6.1.4.1.2620.1.2.5.4
cpvIpsecUdpEspEncPkts	1.3.6.1.4.1.2620.1.2.5.4.1
cpvIpsecDecomprPkts	1.3.6.1.4.1.2620.1.2.5.4.10
cpvIpsecDecomprErr	1.3.6.1.4.1.2620.1.2.5.4.11
cpvIpsecComprBytesBefore	1.3.6.1.4.1.2620.1.2.5.4.12
cpvIpsecComprBytesAfter	1.3.6.1.4.1.2620.1.2.5.4.13
cpvIpsecComprOverhead	1.3.6.1.4.1.2620.1.2.5.4.14
cpvIpsecNonCompressibleBytes	1.3.6.1.4.1.2620.1.2.5.4.15
cpvIpsecCompressiblePkts	1.3.6.1.4.1.2620.1.2.5.4.16
cpvIpsecNonCompressiblePkts	1.3.6.1.4.1.2620.1.2.5.4.17
cpvIpsecComprErrors	1.3.6.1.4.1.2620.1.2.5.4.18
cpvIpsecEspEncBytes	1.3.6.1.4.1.2620.1.2.5.4.19
cpvIpsecUdpEspDecPkts	1.3.6.1.4.1.2620.1.2.5.4.2
cpvIpsecEspDecBytes	1.3.6.1.4.1.2620.1.2.5.4.20
cpvIpsecAhEncPkts	1.3.6.1.4.1.2620.1.2.5.4.3
cpvIpsecAhDecPkts	1.3.6.1.4.1.2620.1.2.5.4.4
cpvIpsecEspEncPkts	1.3.6.1.4.1.2620.1.2.5.4.5
cpvIpsecEspDecPkts	1.3.6.1.4.1.2620.1.2.5.4.6
cpvIpsecDecomprBytesBefore	1.3.6.1.4.1.2620.1.2.5.4.7
cpvIpsecDecomprBytesAfter	1.3.6.1.4.1.2620.1.2.5.4.8
cpvIpsecDecomprOverhead	1.3.6.1.4.1.2620.1.2.5.4.9
cpvFwz	1.3.6.1.4.1.2620.1.2.6
cpvFwzStatistics	1.3.6.1.4.1.2620.1.2.6.1
cpvFwzEncapsEncPkts	1.3.6.1.4.1.2620.1.2.6.1.1
cpvFwzEncapsDecPkts	1.3.6.1.4.1.2620.1.2.6.1.2
cpvFwzEncPkts	1.3.6.1.4.1.2620.1.2.6.1.3
cpvFwzDecPkts	1.3.6.1.4.1.2620.1.2.6.1.4
cpvFwzErrors	1.3.6.1.4.1.2620.1.2.6.2
cpvFwzEncapsEncErrs	1.3.6.1.4.1.2620.1.2.6.2.1
cpvFwzEncapsDecErrs	1.3.6.1.4.1.2620.1.2.6.2.2
cpvFwzEncErrs	1.3.6.1.4.1.2620.1.2.6.2.3
cpvFwzDecErrs	1.3.6.1.4.1.2620.1.2.6.2.4
cpvAccelerator	1.3.6.1.4.1.2620.1.2.8
cpvHwAccelGeneral	1.3.6.1.4.1.2620.1.2.8.1
cpvHwAccelVendor	1.3.6.1.4.1.2620.1.2.8.1.1
cpvHwAccelStatus	1.3.6.1.4.1.2620.1.2.8.1.2
cpvHwAccelDriverMajorVer	1.3.6.1.4.1.2620.1.2.8.1.3
cpvHwAccelDriverMinorVer	1.3.6.1.4.1.2620.1.2.8.1.4
cpvHwAccelStatistics	1.3.6.1.4.1.2620.1.2.8.2
cpvHwAccelEspEncPkts	1.3.6.1.4.1.2620.1.2.8.2.1
cpvHwAccelEspDecPkts	1.3.6.1.4.1.2620.1.2.8.2.2
cpvHwAccelEspEncBytes	1.3.6.1.4.1.2620.1.2.8.2.3
cpvHwAccelEspDecBytes	1.3.6.1.4.1.2620.1.2.8.2.4
cpvHwAccelAhEncPkts	1.3.6.1.4.1.2620.1.2.8.2.5
cpvHwAccelAhDecPkts	1.3.6.1.4.1.2620.1.2.8.2.6
cpvHwAccelAhEncBytes	1.3.6.1.4.1.2620.1.2.8.2.7
cpvHwAccelAhDecBytes	1.3.6.1.4.1.2620.1.2.8.2.8
cpvIKE	1.3.6.1.4.1.2620.1.2.9
cpvIKEglobals	1.3.6.1.4.1.2620.1.2.9.1
cpvIKECurrSAs	1.3.6.1.4.1.2620.1.2.9.1.1
cpvIKEMaxConncurSAs	1.3.6.1.4.1.2620.1.2.9.1.10
cpvIKEMaxConncurInitSAs	1.3.6.1.4.1.2620.1.2.9.1.11
cpvIKEMaxConncurRespSAs	1.3.6.1.4.1.2620.1.2.9.1.12
cpvIKECurrInitSAs	1.3.6.1.4.1.2620.1.2.9.1.2
cpvIKECurrRespSAs	1.3.6.1.4.1.2620.1.2.9.1.3
cpvIKETotalSAs	1.3.6.1.4.1.2620.1.2.9.1.4
cpvIKETotalInitSAs	1.3.6.1.4.1.2620.1.2.9.1.5
cpvIKETotalRespSAs	1.3.6.1.4.1.2620.1.2.9.1.6
cpvIKETotalSAsAttempts	1.3.6.1.4.1.2620.1.2.9.1.7
cpvIKETotalSAsInitAttempts	1.3.6.1.4.1.2620.1.2.9.1.8
cpvIKETotalSAsRespAttempts	1.3.6.1.4.1.2620.1.2.9.1.9
cpvIKEerrors	1.3.6.1.4.1.2620.1.2.9.2
cpvIKETotalFailuresInit	1.3.6.1.4.1.2620.1.2.9.2.1
cpvIKENoResp	1.3.6.1.4.1.2620.1.2.9.2.2
cpvIKETotalFailuresResp	1.3.6.1.4.1.2620.1.2.9.2.3
fg	1.3.6.1.4.1.2620.1.3
fgProdName	1.3.6.1.4.1.2620.1.3.1
fgVerMajor	1.3.6.1.4.1.2620.1.3.2
fgVerMinor	1.3.6.1.4.1.2620.1.3.3
fgVersionString	1.3.6.1.4.1.2620.1.3.4
fgModuleKernelBuild	1.3.6.1.4.1.2620.1.3.5
fgStrPolicyName	1.3.6.1.4.1.2620.1.3.6
fgInstallTime	1.3.6.1.4.1.2620.1.3.7
fgNumInterfaces	1.3.6.1.4.1.2620.1.3.8
fgIfTable	1.3.6.1.4.1.2620.1.3.9
fgIfEntry	1.3.6.1.4.1.2620.1.3.9.1
fgIfIndex	1.3.6.1.4.1.2620.1.3.9.1.1
fgPendPcktsIn	1.3.6.1.4.1.2620.1.3.9.1.10
fgPendPcktsOut	1.3.6.1.4.1.2620.1.3.9.1.11
fgPendBytesIn	1.3.6.1.4.1.2620.1.3.9.1.12
fgPendBytesOut	1.3.6.1.4.1.2620.1.3.9.1.13
fgNumConnIn	1.3.6.1.4.1.2620.1.3.9.1.14
fgNumConnOut	1.3.6.1.4.1.2620.1.3.9.1.15
fgIfName	1.3.6.1.4.1.2620.1.3.9.1.2
fgPolicyName	1.3.6.1.4.1.2620.1.3.9.1.3
fgRateLimitIn	1.3.6.1.4.1.2620.1.3.9.1.4
fgRateLimitOut	1.3.6.1.4.1.2620.1.3.9.1.5
fgAvrRateIn	1.3.6.1.4.1.2620.1.3.9.1.6
fgAvrRateOut	1.3.6.1.4.1.2620.1.3.9.1.7
fgRetransPcktsIn	1.3.6.1.4.1.2620.1.3.9.1.8
fgRetransPcktsOut	1.3.6.1.4.1.2620.1.3.9.1.9
ha	1.3.6.1.4.1.2620.1.5
haProdName	1.3.6.1.4.1.2620.1.5.1
haProtoVersion	1.3.6.1.4.1.2620.1.5.10
haStatCode	1.3.6.1.4.1.2620.1.5.101
haStatShort	1.3.6.1.4.1.2620.1.5.102
haStatLong	1.3.6.1.4.1.2620.1.5.103
haWorkMode	1.3.6.1.4.1.2620.1.5.11
haIfTable	1.3.6.1.4.1.2620.1.5.12
haIfEntry	1.3.6.1.4.1.2620.1.5.12.1
haIfIndex	1.3.6.1.4.1.2620.1.5.12.1.1
haIfName	1.3.6.1.4.1.2620.1.5.12.1.2
haIP	1.3.6.1.4.1.2620.1.5.12.1.3
haStatus	1.3.6.1.4.1.2620.1.5.12.1.4
haVerified	1.3.6.1.4.1.2620.1.5.12.1.5
haTrusted	1.3.6.1.4.1.2620.1.5.12.1.6
haShared	1.3.6.1.4.1.2620.1.5.12.1.7
haProblemTable	1.3.6.1.4.1.2620.1.5.13
haProblemEntry	1.3.6.1.4.1.2620.1.5.13.1
haProblemIndex	1.3.6.1.4.1.2620.1.5.13.1.1
haProblemName	1.3.6.1.4.1.2620.1.5.13.1.2
haProblemStatus	1.3.6.1.4.1.2620.1.5.13.1.3
haProblemPriority	1.3.6.1.4.1.2620.1.5.13.1.4
haProblemVerified	1.3.6.1.4.1.2620.1.5.13.1.5
haProblemDescr	1.3.6.1.4.1.2620.1.5.13.1.6
haVersionSting	1.3.6.1.4.1.2620.1.5.14
haInstalled	1.3.6.1.4.1.2620.1.5.2
haVerMajor	1.3.6.1.4.1.2620.1.5.3
haVerMinor	1.3.6.1.4.1.2620.1.5.4
haStarted	1.3.6.1.4.1.2620.1.5.5
haState	1.3.6.1.4.1.2620.1.5.6
haBlockState	1.3.6.1.4.1.2620.1.5.7
haIdentifier	1.3.6.1.4.1.2620.1.5.8
haServicePack	1.3.6.1.4.1.2620.1.5.999
svn	1.3.6.1.4.1.2620.1.6
svnProdName	1.3.6.1.4.1.2620.1.6.1
svnStatCode	1.3.6.1.4.1.2620.1.6.101
svnStatShortDescr	1.3.6.1.4.1.2620.1.6.102
svnStatLongDescr	1.3.6.1.4.1.2620.1.6.103
svnProdVerMajor	1.3.6.1.4.1.2620.1.6.2
svnProdVerMinor	1.3.6.1.4.1.2620.1.6.3
svnInfo	1.3.6.1.4.1.2620.1.6.4
svnVersion	1.3.6.1.4.1.2620.1.6.4.1
svnBuild	1.3.6.1.4.1.2620.1.6.4.2
svnOSInfo	1.3.6.1.4.1.2620.1.6.5
osName	1.3.6.1.4.1.2620.1.6.5.1
osMajorVer	1.3.6.1.4.1.2620.1.6.5.2
osMinorVer	1.3.6.1.4.1.2620.1.6.5.3
osBuildNum	1.3.6.1.4.1.2620.1.6.5.4
osSPmajor	1.3.6.1.4.1.2620.1.6.5.5
osSPminor	1.3.6.1.4.1.2620.1.6.5.6
osVersionLevel	1.3.6.1.4.1.2620.1.6.5.7
routingTable	1.3.6.1.4.1.2620.1.6.6
routingEntry	1.3.6.1.4.1.2620.1.6.6.1
routingIndex	1.3.6.1.4.1.2620.1.6.6.1.1
routingDest	1.3.6.1.4.1.2620.1.6.6.1.2
routingMask	1.3.6.1.4.1.2620.1.6.6.1.3
routingGatweway	1.3.6.1.4.1.2620.1.6.6.1.4
routingIntrfName	1.3.6.1.4.1.2620.1.6.6.1.5
svnPerf	1.3.6.1.4.1.2620.1.6.7
svnMem	1.3.6.1.4.1.2620.1.6.7.1
memTotalVirtual	1.3.6.1.4.1.2620.1.6.7.1.1
memActiveVirtual	1.3.6.1.4.1.2620.1.6.7.1.2
memTotalReal	1.3.6.1.4.1.2620.1.6.7.1.3
memActiveReal	1.3.6.1.4.1.2620.1.6.7.1.4
memFreeReal	1.3.6.1.4.1.2620.1.6.7.1.5
memSwapsSec	1.3.6.1.4.1.2620.1.6.7.1.6
memDiskTransfers	1.3.6.1.4.1.2620.1.6.7.1.7
svnProc	1.3.6.1.4.1.2620.1.6.7.2
procUsrTime	1.3.6.1.4.1.2620.1.6.7.2.1
procSysTime	1.3.6.1.4.1.2620.1.6.7.2.2
procIdleTime	1.3.6.1.4.1.2620.1.6.7.2.3
procUsage	1.3.6.1.4.1.2620.1.6.7.2.4
procQueue	1.3.6.1.4.1.2620.1.6.7.2.5
procInterrupts	1.3.6.1.4.1.2620.1.6.7.2.6
procNum	1.3.6.1.4.1.2620.1.6.7.2.7
svnDisk	1.3.6.1.4.1.2620.1.6.7.3
diskTime	1.3.6.1.4.1.2620.1.6.7.3.1
diskQueue	1.3.6.1.4.1.2620.1.6.7.3.2
diskPercent	1.3.6.1.4.1.2620.1.6.7.3.3
diskFreeTotal	1.3.6.1.4.1.2620.1.6.7.3.4
diskFreeAvail	1.3.6.1.4.1.2620.1.6.7.3.5
diskTotal	1.3.6.1.4.1.2620.1.6.7.3.6
svnMem64	1.3.6.1.4.1.2620.1.6.7.4
memTotalVirtual64	1.3.6.1.4.1.2620.1.6.7.4.1
memActiveVirtual64	1.3.6.1.4.1.2620.1.6.7.4.2
memTotalReal64	1.3.6.1.4.1.2620.1.6.7.4.3
memActiveReal64	1.3.6.1.4.1.2620.1.6.7.4.4
memFreeReal64	1.3.6.1.4.1.2620.1.6.7.4.5
memSwapsSec64	1.3.6.1.4.1.2620.1.6.7.4.6
memDiskTransfers64	1.3.6.1.4.1.2620.1.6.7.4.7
svnServicePack	1.3.6.1.4.1.2620.1.6.999
mngmt	1.3.6.1.4.1.2620.1.7
mgProdName	1.3.6.1.4.1.2620.1.7.1
mgStatCode	1.3.6.1.4.1.2620.1.7.101
mgStatShortDescr	1.3.6.1.4.1.2620.1.7.102
mgStatLongDescr	1.3.6.1.4.1.2620.1.7.103
mgVerMajor	1.3.6.1.4.1.2620.1.7.2
mgVerMinor	1.3.6.1.4.1.2620.1.7.3
mgBuildNumber	1.3.6.1.4.1.2620.1.7.4
mgActiveStatus	1.3.6.1.4.1.2620.1.7.5
mgFwmIsAlive	1.3.6.1.4.1.2620.1.7.6
mgConnectedClientsTable	1.3.6.1.4.1.2620.1.7.7
mgConnectedClientsEntry	1.3.6.1.4.1.2620.1.7.7.1
mgIndex	1.3.6.1.4.1.2620.1.7.7.1.1
mgClientName	1.3.6.1.4.1.2620.1.7.7.1.2
mgClientHost	1.3.6.1.4.1.2620.1.7.7.1.3
mgClientDbLock	1.3.6.1.4.1.2620.1.7.7.1.4
mgApplicationType	1.3.6.1.4.1.2620.1.7.7.1.5
wam	1.3.6.1.4.1.2620.1.8
wamProdName	1.3.6.1.4.1.2620.1.8.1
wamStatCode	1.3.6.1.4.1.2620.1.8.101
wamStatShortDescr	1.3.6.1.4.1.2620.1.8.102
wamStatLongDescr	1.3.6.1.4.1.2620.1.8.103
wamVerMajor	1.3.6.1.4.1.2620.1.8.2
wamVerMinor	1.3.6.1.4.1.2620.1.8.3
wamState	1.3.6.1.4.1.2620.1.8.4
wamName	1.3.6.1.4.1.2620.1.8.5
wamPluginPerformance	1.3.6.1.4.1.2620.1.8.6
wamAcceptReq	1.3.6.1.4.1.2620.1.8.6.1
wamRejectReq	1.3.6.1.4.1.2620.1.8.6.2
wamPolicy	1.3.6.1.4.1.2620.1.8.7
wamPolicyName	1.3.6.1.4.1.2620.1.8.7.1
wamPolicyUpdate	1.3.6.1.4.1.2620.1.8.7.2
wamUagQueries	1.3.6.1.4.1.2620.1.8.8
wamUagHost	1.3.6.1.4.1.2620.1.8.8.1
wamUagIp	1.3.6.1.4.1.2620.1.8.8.2
wamUagPort	1.3.6.1.4.1.2620.1.8.8.3
wamUagNoQueries	1.3.6.1.4.1.2620.1.8.8.4
wamUagLastQuery	1.3.6.1.4.1.2620.1.8.8.5
wamGlobalPerformance	1.3.6.1.4.1.2620.1.8.9
wamOpenSessions	1.3.6.1.4.1.2620.1.8.9.1
wamLastSession	1.3.6.1.4.1.2620.1.8.9.2
dtps	1.3.6.1.4.1.2620.1.9
dtpsProdName	1.3.6.1.4.1.2620.1.9.1
dtpsStatCode	1.3.6.1.4.1.2620.1.9.101
dtpsStatShortDescr	1.3.6.1.4.1.2620.1.9.102
dtpsStatLongDescr	1.3.6.1.4.1.2620.1.9.103
dtpsVerMajor	1.3.6.1.4.1.2620.1.9.2
dtpsVerMinor	1.3.6.1.4.1.2620.1.9.3
dtpsLicensedUsers	1.3.6.1.4.1.2620.1.9.4
dtpsConnectedUsers	1.3.6.1.4.1.2620.1.9.5