This MIB module is for managing a Secure Socket Layer
(SSL) Proxy device which terminates and accelarates
SSL and Transport Layer Security (TLS) transactions.
The proxy device can act as a SSL server or a SSL client
depending on the configuration and the application.
In one application, the device acts as a proxy SSL
server. It terminates SSL handshakes and TCP connections
initiated by SSL clients. The device is configured with
a key and a certificate bearing the identity of the SSL
server. The device uses this identity to establish the
SSL session on behalf of the server, offloading the key
establishment and data encryption and decryption work.
After the SSL session has been successfully established
between the client and the proxy device, the device
starts to receive and decrypt the encrypted data sent
from the client and forward to the server. The device
forwards the clear data to the server on a backend
connection. Clear data sent from the server is encrypted
by the proxy device before it is forwarded to the SSL
client.
Optionally, the proxy device is configured to reencrypt
the decrypted data sent from the client to the server.
The proxy device acts as a SSL client to initiate a SSL
session to the server. The decrypted data is encrypted
within this SSL session to be forwarded to the server.
The encrypted data sent from the server to the device
is decrypted and then reencrypted before it is
forwarded to the client.
In another application, the proxy device forwards data
generated by one or more sources to the destination
via a SSL session. The proxy device acts as a SSL
client and intiates a SSL session to the next hop
device. When data is received from the source, the
proxy device forwards the data to the next hop using
the SSL session. The next hop can continue to forward
the data if it is not the destination.
The proxy device supports a number of proxy services.
Each proxy service defines the role of the proxy device,
whether it acts as a SSL server or a SSL client. The
rest of the configuration include cryptographic and
protocol parameters.
This MIB is used for monitoring the configuration,
statuses and statistics of the proxy services and
the protocols including TCP, SSL and TLS.
service operation status change notification.
When the Operation Status of a proxy service changes,
and cspGcNotifyProxyServOperStatus is 'true',
a notification will be issued. The notification
contains the current operation status and the down
reason of the proxy service.
cspServCertExpiring
.1.3.6.1.4.1.9.9.370.0.2
service certificate expiring notification.
If the time interval cspGcPSCertExpireInterval is
positive, and cspGcNotifyPSCertExpiring is 'true', a
notification will be issued for every proxy service
certificate that will be expiring within this time
interval.
This notification is issued only once for each of
these certificates. If the interval is changed from a
positive value to 0, the proxy device will clear its
memory of notification issued in the past, and stop
issuing new notification.
The notification contains the subject name, the
serial number and the issuer name of the certificate,
the serial number of the issuer's certificate,
and the end date on the certificate.
cspSSLResourceLimitReached
.1.3.6.1.4.1.9.9.370.0.3
ication is issued on the following scenarios:
1) When the value of cpsSslActiveConnPcnt exceeds the value of
cspSslConfigHighConnPcnt
2) When the value of cpsSslActiveConn falls below the
watermark value represented by cspSslConfigWatermarkPcnt.