Class CIM_IPSOFilterEntry
extends CIM_FilterEntryBase

An IPSOFilterEntry is used to match traffic based on the IP Security Options header values (ClassificationLevel and ProtectionAuthority) as defined in RFC1108. This type of FilterEntry is used to adjust the IPsec encryption level according to the IPSO classification of the traffic (e.g., secret, confidential, restricted, etc.).

Table of Contents
Hierarchy
Direct Known Subclasses
Class Qualifiers
Class Properties
Class Methods


Class Hierarchy

CIM_ManagedElement
   |
   +--CIM_ManagedSystemElement
   |
   +--CIM_LogicalElement
   |
   +--CIM_FilterEntryBase
   |
   +--CIM_IPSOFilterEntry

Direct Known Subclasses

Class Qualifiers

NameData TypeValue
DescriptionstringAn IPSOFilterEntry is used to match traffic based on the IP Security Options header values (ClassificationLevel and ProtectionAuthority) as defined in RFC1108. This type of FilterEntry is used to adjust the IPsec encryption level according to the IPSO classification of the traffic (e.g., secret, confidential, restricted, etc.).
MappingStringsstringIPSP Policy Model.IETF|IPSOFilterEntry
UMLPackagePathstringCIM::Network::Filtering
Versionstring2.8.0

Class Properties

Local Class Properties

NameData TypeDefault ValueQualifiers
NameData TypeValue
ClassificationLeveluint16
DescriptionstringThis is the value to be matched when MatchConditionType is 1 or 3 - meaning that "Classification Level" should be filtered. In RFC1108, the following semantics are specified: TopSecret, Secret, Confidential, and Unclassified. Note that this enumeration's values are different than the RFC list and the IETF's IPSP Policy Model since those lists are simply bit maps, and do not include specific values for "Other" or "No Filtering".
MappingStringsstringIPSP Policy Model.IETF|IPSOFilterEntry.MatchConditionValue, RFC1108.IETF|Section 2.3
ModelCorrespondencestringCIM_IPSOFilterEntry.MatchConditionType, CIM_IPSOFilterEntry.OtherClassificationLevel
Requiredbooleantrue
ValueMapstring1, 2, 3, 4, 5, 6, .., 0x8000..
ValuesstringOther, No Filtering on Classification Level, Top Secret, Secret, Confidential, Unclassified, DMTF Reserved, Vendor Reserved
MatchConditionTypeuint16
DescriptionstringMatchConditionType specifies whether to match based on traffic classification level, protection authority or both. Note that this enumeration is modified from its definition in the IETF's IPSP Policy Model to allow for both classification level and protection authority checking, and to allow the enumerated value, "Other", to be added in the future.
MappingStringsstringIPSP Policy Model.IETF|IPSOFilterEntry.MatchConditionType
ModelCorrespondencestringCIM_IPSOFilterEntry.ClassificationLevel, CIM_IPSOFilterEntry.ProtectionAuthorities
Requiredbooleantrue
ValueMapstring2, 3, 4
ValuesstringClassification Level, Protection Authority, Both Classification Level and Protection Authority
OtherClassificationLevelstring
DescriptionstringDescription of the level when the value 1 ("Other") is specified for the property, ClassificationLevel.
ModelCorrespondencestringCIM_IPSOFilterEntry.ClassificationLevel
OtherProtectionAuthoritiesstring[]
DescriptionstringDescription of the authority when the value 1 ("Other") is specified for the property, ProtectionAuthorities.
ModelCorrespondencestringCIM_IPSOFilterEntry.ProtectionAuthorities
ProtectionAuthoritiesuint16[]
DescriptionstringThese are the values to be matched when MatchConditionType is 2 or 3 - meaning that "Protection Authority" should be filtered. In RFC1108, the following authorities are specified: GENSER, SIOP-ESI, SCI, NSA and DOE. Note that multiple authorities may be specified. This enumeration is modified from its definition in the RFC and IETF's IPSP Policy Model. Those lists are simply bit maps, and do not include specific values for "Other" or "No Filtering".
MappingStringsstringIPSP Policy Model.IETF|IPSOFilterEntry.MatchConditionValue, RFC1108.IETF|Section 2.4
ModelCorrespondencestringCIM_IPSOFilterEntry.MatchConditionType, CIM_IPSOFilterEntry.OtherProtectionAuthorities
Requiredbooleantrue
ValueMapstring1, 2, 3, 4, 5, 6, 7, .., 0x8000..
ValuesstringOther, No Filtering on Protection Authority, GENSER, SIOP-ESI, SCI, NSA, DOE, DMTF Reserved, Vendor Reserved

Inherited Properties

NameData Type
Captionstring
CommunicationStatusuint16
CreationClassNamestring
Descriptionstring
DetailedStatusuint16
ElementNamestring
Generationuint64
HealthStateuint16
InstallDatedatetime
InstanceIDstring
IsNegatedboolean
Namestring
OperatingStatusuint16
PrimaryStatusuint16
Statusstring
SystemCreationClassNamestring
SystemNamestring
OperationalStatusuint16[]
StatusDescriptionsstring[]

Class Methods