Overview of Cisco Firewall MIB
==============================
This MIB Module models status and performance
statistics pertaining to the common features supported
by Cisco firewall implementations. For each firewall 
feature, capability (if applicable) and statistics are
defined. Supporting the configuration of firewall 
features is outside the scope of this MIB.
        
Following are the major firewall features:
        
1) 'Stateful Packet Filtering'
     Creating and maintaining the state of authorized 
     traffic flows dynamically to permit only
     flows authorized by the policy is a mandatory 
     function of a firewall.  
     This MIB instruments the activity and memory
     usage by this function.
        
2) 'Application Inspection'
     This refers to the function of inspecting the
     headers of layer 3 and layer 4 protocols and
     creating dynamic entries in the connection
     table for traffic flows spawned by an already
     established traffic flow.
        
     This MIB reflects the protocols that are being 
     inspected.
        
3) 'URL Filtering'
     This refers to the function of facilitating
     or restricting URL access requests through
     the firewall by consulting either local policy
     or that configured on a dedicated URL filtering
     server.
        
     This MIB instruments the URL filtering activity,
     the status and activity of distinct URL filtering
     servers configured on the firewall and the
     impact of the performance of the URL filtering
     servers on the latency and throughput of the
     firewall.
        
4) 'Proxy Authentication'
     This refers to the function of authenticating
     and/or authorizing users on behalf of servers
     on the secure side of the firewall. This operation
     could affect the throughput of the firewall.
        
     The MIB objects pertaining to Proxy Authentication
     will be defined in a subsequent revision of this
     MIB. 
        
        
5) 'Transparent Mode Operation'
     A firewall could operate as a bridge and yet
     filter traffic based on layer 3-layer 7 control
     and payload information. Operating in this mode
     makes it easy to implement a firewall without
     fragmenting existing subnets. Another advantage
     of this mode of operation is enhanced security.
        
     This MIB instruments the status, activity, 
     and performance of the firewall in this mode.
     Please note that to fully manage a firewall
     operating in this mode, the firewall must also
     support the bridge MIB (BRIDGE-MIB).
        
        
6) 'Advanced Application Inspection and Control'
     This function is also termed 'Application
     Firewall' and pertains to inspecting payload and
     headers of application traffic to make sure the
     traffic flows conform to the configured security
     policy.
        
     Monitoring this function entails identifying the
     security alerts generated by this function and 
     measuring the impact on firewall performance by
     this task. Application Firewall will be 
     instrumented in a separate MIB dedicated for the
     function.
        
7) 'Failover' or 'Redundancy'
     Redundancy configuration is essential for business
     critical firewalls.
        
     Instrumenting this function entails reflecting
     the configuration of redundancy and identifying
     failover events.
        
     The MIB objects pertaining to Proxy Authentication
     will be defined in a subsequent revision of this
     MIB. 
        
        
The management information for each firewall feature
is defined in a distinct module compliance unit. The 
compliance units corresponding to basic features of 
firewalls are defined as mandatory.
        
Acronyms
========
Following are definitions of some terms used in this
module. Please refer to the module conformance for a
glossary of feature-specific terms.
        
 `Firewall'
    A firewall is a set of related programs, 
    implemented on a host or a network device, that
    protects the resources of a private network from
    users from other networks. Common firewalling
    functions include stateful packet filtering,
    proxy authentication of users on behalf of 
    applications on the secure side of the firewall,
    URL access control, inspection of payload of 
    traffic streams to determine security threats.
        
 `Layer2 Firewall' or 'Transparent Firewall'
    A firewall device that operates as a bridge
    while performing firewalling function.
        
 `Connection'
    The record in the firewall of a traffic strean
    that has been authorized to flow through the 
    firewall.
        
 `Half Open Connection'
    For a connection oriented protocol: a connection
    that has not reached the established on both the
    sides of the connection.
    For a connection-less protocol: the connection
    corresponding to a traffic stream where traffic
    flow has occurred (since the establishment of the
    connection entry) only on one direction.
        
 `Embryonic Connection'
    The connection entry corresponding to an 
    application layer protocol in which the signaling
    channel has been established while the setup of
    the data channel is underway.
        
 `Policy'
    An element of firewall configuration that
    identifies the access rights to a resource by a
    traffic source. An example of a policy is an 
    Access Control Rule.
        
 `Policy Target'
    An entity to which a policy is applied so that 
    the action corresponding to the policy is taken
    only on traffic streams associated with the
    entity. An example of a policy target is an 
    interface.
        
 `URL Filtering Server'
    A server which is employed by the firewall to 
    enforce URL access policies.
        
 `Protocol Data Unit' or PDU
    An instance of the unit of information using which
    a protocol operates is called the Protocol Data
    Unit or the PDU of the protocol.
        
 `Deep Packet Inspection'
    The task of examining the contents of the payloads
    of one or more layer 7 application protocols 
    with a view to enforcing the local security
    policies termed 'Deep Packet Inspection'.
        
 `Advanced Application Inspection and Control'
    An entity that performs deep packet inspection
    of layer 7 application protocol data units is
    termed an 'Application Firewall'.