<?xml version="1.0" encoding="utf-8" ?>
<configSchema name="SecBase" version="dfl.2.00.00">
	
	<class name="Node">
		<property name="GUID" type="string">
			<maxLength value="36"/>
			<unique value="class"/>
			<system/>
		</property>
		<property name="Parent">
			<system/>
			<reference class="Node"/>
			<allowNull/>
		</property>
		<property name="Version" type="integer">
			<system/>
			<min value="1"/>
			<default value="1"/>
		</property>
		<property name="CreatedBy">
			<system/>
			<reference class="User"/>
			<allowNull/>
		</property>
		<property name="CreatedDate" type="dateTime">
			<system/>
		</property>
		<property name="ModifiedBy">
			<system/>
			<reference class="User"/>
			<allowNull/>
		</property>
		<property name="ModifiedDate" type="dateTime">
			<system/>
		</property>
		<property name="Owner">
			<system/>
			<reference class="User"/>
			<allowNull/>
		</property>
		<property name="Flags" type="string">
			<system/>
			<allowNull/>
		</property>
		<property name="InheritPerms" type="boolean">
			<system/>
			<default value="true"/>
			<allowNull/>
		</property>
		<property name="Tag" type="string">
			<system/>
			<maxLength value="256"/>
			<allowNull/>
		</property>
		<property name="GeneratedBy">
			<system/>
			<reference class="Node" />
			<allowNull/>
		</property>
		<property name="Comments" type="string">
			<allowNull/>
		</property>
	</class>
	
	<class name="SchemaContext">
		<property name="SchemaName" type="string" />
		<property name="SchemaVersion" type="string" />
	</class>
	
	
	<class name="User" extends="Node">
		<property name="Name" type="string">
			<maxLength value="64"/>
			<unique value="local"/>
			<restrictChars value="[a-zA-Z][a-zA-Z0-9_-]*"/>
		</property>
		<property name="Password" type="string">
			<maxLength value="256" />
		</property>
		<property name="Groups" type="string">
			<maxLength value="4096" />
			<allowNull />
		</property>
		<property name="IPPool">
			<reference class="IP4Address" condition="Address.eval(ishost)" />
			<allowNull />
      <addByRef />
		</property>
		<property name="AutoAddRouteNet">
			<reference class="IP4" condition="!eval(isUA)" />
			<allowNull />
      <addByRef />
		</property>
		<property name="AutoAddRouteMetric" type="integer">
			<min value="0" />
			<allowNull />
		</property>
		<description value="User credentials may be used in User Authentication Rules, which in turn are used in e.g. PPP, IPsec XAuth, Web Authentication, etc." />
	</class>
	
	<class name="AddressBook" extends="Node">
		<child class="IP4Address" maxOccurs="unbounded" />
		<child class="IP4Group" maxOccurs="unbounded" />
		<child class="EthernetAddress" maxOccurs="unbounded" />
		<child class="EthernetAddressGroup" maxOccurs="unbounded" />
		<child class="AddressFolder" maxOccurs="unbounded" />
		<description value="The Address Book contains symbolic names for various types of addresses, including IP networks and Ethernet MAC addresses." />
  </class>
	<viewTemplate name="WebUI.AddressBook">
		<column name="Name" />
		<column name="Address" />
		<column name="UserAuthGroups" />
		<column name="Comments" />
	</viewTemplate>	
	<viewTemplate name="WebUI.ComboBox.AddressBook">
		<column name="Name" />
		<column name="Address" />
	</viewTemplate>	
	
	<class name="AddressFolder" extends="Node">
		<property name="Name" type="string">
			<maxLength value="64"/>
			<unique value="local"/>
		    <restrictChars value="[a-zA-Z][a-zA-Z0-9_-]*"/>
		</property>
		<child class="IP4Address" maxOccurs="unbounded" />
		<child class="IP4Group" maxOccurs="unbounded" />
    <child class="EthernetAddress" maxOccurs="unbounded" />
    <child class="EthernetAddressGroup" maxOccurs="unbounded" />
		<child class="AddressFolder" maxOccurs="unbounded" />
		<description value="Use an Address Folder to group related address objects for a better overview." />
	</class>
	<viewTemplate name="WebUI.AddressFolder">
		<column name="Name" />
		<column name="Address" />
		<column name="UserAuthGroups" />
		<column name="Comments" />
	</viewTemplate>	
	
	<class name="Address" extends="Node">
		<property name="Name" type="string">
			<maxLength value="64"/>
			<unique value="class"/>
      <restrictChars value="[a-zA-Z][a-zA-Z0-9_-]*"/>
		</property>
		<property name="UserAuthGroups" type="string">
			<condition expr="NoDefinedCredentials==false" />
			<allowNull />
		</property>
		<property name="NoDefinedCredentials" type="boolean">
			<default value="false" />
			<allowNull />
		</property>
	</class>
	
	<class name="EthernetAddressBase" extends="Address">
	</class>
	
	
	<class name="EthernetAddress" extends="EthernetAddressBase">
		<property name="Address" type="ethernet" >
  		<defaultProperty />
    </property>
		<description value="Use an Ethernet Address item to define a symbolic name for an Ethernet MAC address." />
	</class>
	
	<class name="EthernetAddressGroup" extends="EthernetAddressBase">
		<property name="Members">
			<reference class="EthernetAddress" />
			<maxOccurs value="256" />
			<defaultProperty />
		</property>
	    <description value="An Ethernet Address Group is used for combining several Ethernet Address objects for simplified management." />
	</class>
	
	<class name="IP4" extends="Address">
	</class>
	
	<class name="IP4Address" extends="IP4">
		<property name="Address" type="ip4">
			<defaultProperty />
			
		</property>
	    <description value="Use an IP4 Address item to define a name for a specific IP4 host, network or range." />
	</class>
	
	<class name="IP4Group" extends="IP4">
		<property name="Members">
			<reference class="IP4"/>
			<maxOccurs value="256"/>
			<defaultProperty />
		</property>
	    <description value="An IP4 Address Group is used for combining several IP4 Address objects for simplified management." />
	</class>
  
	<class name="IP4HAAddress" extends="IP4">
		<property name="Address" type="ip4">
			<defaultProperty />
			<instances value="2" />
		</property>
	    <description value="Use a HA IP4 Address item to define a name for a pair of private IP4 addresses." />
	</class>
	
	<class name="ALGFolder" extends="Node">
		<staticName value="ALG" />
		<child class="ALG_FTP" maxOccurs="unbounded" />
		<child class="ALG_HTTP" maxOccurs="unbounded" />
		<child class="ALG_H323" maxOccurs="unbounded" />
	    <description value="Application Layer Gateways (ALGs) are protocol helpers that can parse complex protocols, such as HTTP and H.323." />
	</class>
	
	<viewTemplate name="WebUI.ALGFolder"> 
		<column name="Name" /> 
		<column name="Type" /> 
		<column name="Parameters" />
		<column name="Comments" />
	</viewTemplate>
	<viewTemplate name="WebUI.ComboBox.ALGFolder"> 
		<column name="Name" /> 
		<column name="Type" />        
		<column name="Comments" />
	</viewTemplate>
	
	
	<class name="ALG" extends="Node">
		<property name="Name" type="string">
			<maxLength value="64"/>
			<unique value="class"/>
			<restrictChars value="[a-zA-Z][a-zA-Z0-9_-]*"/>
		</property>
	</class>
	
	
	<class name="ALG_FTP" extends="ALG">
		<property name="AllowServerPassive" type="boolean">
			<default value="false" />
		</property>
		<property name="ServerPorts" type="integerRange">
			<min value="0" />
			<max value="65535" />
			<default value="1024-65535" />
			<condition expr="AllowServerPassive==true" />
		</property>
		<property name="AllowClientActive" type="boolean">
			<default value="false" />
		</property>
		<property name="ClientPorts" type="integerRange">
			<min value="0" />
			<max value="65535" />
			<default value="1024-65535" />
			<condition expr="AllowClientActive==true" />
		</property>
		<property name="AllowUnknownCommands" type="boolean">
			<default value="false" />
		</property>
		<property name="AllowSITEEXEC" type="boolean">
			<default value="false" />
		</property>
		<property name="MaxLineLength" type="integer">
			<min value="0" />
			<default value="256" />
		</property>
		<property name="MaxCommandRate" type="integer">
			<min value="0" />
			<default value="20" />
		</property>
		<property name="Allow8BitStrings" type="boolean">
			<default value="true" />
		</property>
		<description value="Use an FTP Application Layer Gateway to manage FTP traffic through the system." />
	</class>
	
	<class name="ALG_HTTP" extends="ALG">
    <showInTree value="never" />
		<property name="RemoveCookies" type="boolean">
			<default value="false" />
		</property>
		<property name="RemoveScripts" type="boolean">
			<default value="false" />
		</property>
		<property name="RemoveApplets" type="boolean">
			<default value="false" />
		</property>
		<property name="RemoveActiveX" type="boolean">
			<default value="false" />
		</property>								
    <property name="VerifyUTF8URL" type="boolean">
			<default value="false" />
		</property>								
		<property name="BlackURLDisplayReason" type="string">
			<allowNull />
		</property>
		<child class="ALG_HTTP_URL" maxOccurs="unbounded" />
		<description value="Use an HTTP Application Layer Gateway to filter HTTP traffic." />
	</class>
	
	<class name="ALG_HTTP_URL" extends="Node">
		<property name="Action" type="string">
			<enumeration value="Whitelist" />
			<enumeration value="Blacklist" />			
      <default value="Blacklist" />
		</property>
		<property name="URL" type="string">			
		</property>
	</class>	
	
	<viewTemplate name="WebUI.ALG_HTTP_URL"> 
		<column name="Action" /> 
		<column name="URL" />        		
		<column name="Comments" />
	</viewTemplate>
	
	
	<class name="ALG_H323" extends="ALG">
		<property name="AllowTCPDataChannels" type="boolean">
			<default value="true" />
		</property>
		<property name="MaxTCPDataChannels" type="integer">
			<min value="0" />
			<default value="10" />
			<condition expr="AllowTCPDataChannels==true" />
		</property>
		<property name="TranslateAddresses" type="string">
			<enumeration value="Automatic" />
			<enumeration value="Specific" />
			<default value="Automatic" />
		</property>
		
	
		<property name="TranslateLogicalChannelAddresses" type="boolean">
			<default value="true" />
			<condition expr="TranslateAddresses==Specific" />
		</property>
		<property name="MaxGKRegLifeTime" type="integer">
			<min value="0" />
			<default value="1800" />
		</property>
		<description value="Use an H.323 Application Layer Gateway to manage H.323 multimedia traffic." />
	</class>
	
	<class name="ProtocolFolder" extends="Node">
		<staticName value="Protocols"/>
    <showInTree value="never" />
		<child class="EthernetTypeFolder" instantiate="static" />
		<child class="ServiceFolder" instantiate="static" />
		<description value="Add, remove and configure definitions of different network protocols." />
	</class>
	
	<class name="EthernetTypeFolder" extends="Node">
		<staticName value="EthernetTypes" />
    <showInTree value="never" />
		<child class="EthernetType" maxOccurs="unbounded" />
		<description value="Define symbolic names for the various Ethernet protocols, such as IP, IPX etc." />
	</class>
	<viewTemplate name="WebUI.EthernetTypeFolder">
		<column name="Name" />
		<column name="TypeCode" />
		<column name="Comments" />
	</viewTemplate>	
	
	<class name="EthernetType" extends="Node">
		<property name="Name" type="string">
			<maxLength value="64"/>
			<unique value="class"/>
			<restrictChars value="[a-zA-Z][a-zA-Z0-9_-]*"/>
		</property>
		<property name="TypeCode" type="integer">		
			<min value="0" />
		</property>
		<description value="An Ethernet Type is used to define a symbolic name for an Ethernet protocol, such as IP, IPX etc." />
	</class>
	
	<class name="ServiceFolder" extends="Node">
		<staticName value="Services"/>
		<child class="ServiceTCPUDP" maxOccurs="unbounded"/>
		<child class="ServiceICMP" maxOccurs="unbounded"/>
		<child class="ServiceIPProto" maxOccurs="unbounded"/>
		<child class="ServiceGroup" maxOccurs="unbounded"/>
		<description value="Services are pre-defined or user-defined objects representing various IP protocols, such as HTTP, FTP and Telnet." />
	</class>
	<viewTemplate name="WebUI.ServiceFolder">
		<column name="Name" />
		<column name="Type" />
		<column name="Parameters" />
		<column name="Comments" />
	</viewTemplate>
	<viewTemplate name="WebUI.ComboBox.ServiceFolder">
		<column name="Name" />
		<column name="Type" />
		<column name="Parameters" />
		<column name="Comments" />
	</viewTemplate>
	
	<class name="Service" extends="Node">
		<property name="Name" type="string">
			<maxLength value="64"/>
			<unique value="class"/>
		    <restrictChars value="[a-zA-Z][a-zA-Z0-9_-]*"/>
		</property>
	</class>
	
	
	<class name="ServiceEx" extends="Service">
		<property name="PassICMPReturn" type="boolean">
			<default value="false"/>
		</property>
		<property name="ALG">
			<reference class="ALG"/>
			<allowNull/>
		</property>
		<property name="MaxSessions" type="integer">
			<default value="200"/>
			<min value="0" />
			
		</property>
	</class>
	
	<class name="ServiceTCPUDP" extends="ServiceEx">
		<property name="Type" type="string">
			<enumeration value="TCP" />
			<enumeration value="UDP" />
			<enumeration value="TCPUDP" />
			<default value="TCP" />
		</property>
		<property name="SourcePorts" type="integerRange">		
			<default value="0-65535" />
			<min value="0" />
			<max value="65535" />
			<maxOccurs value="unbounded" />
		</property>
		<property name="DestinationPorts" type="integerRange">		
			<defaultProperty />
			<min value="0" />
			<max value="65535" />
			<maxOccurs value="unbounded" />
		</property>
		<property name="SYNRelay" type="boolean">
			<default value="false" />
			<condition expr="Type==TCP" />
		</property>
	    <description value="A TCP/UDP Service is a definition of an TCP or UDP protocol with specific parameters." />
	</class>
	
	<class name="ServiceICMP" extends="ServiceEx">
		<property name="MessageTypes" type="string">
			<enumeration value="All" />
			<enumeration value="Specific" />
			<default value="All" />
		</property>
		<property name="EchoRequest" type="boolean">
			<default value="false"/>
			<condition expr="MessageTypes==Specific" />
		</property>
		<property name="EchoRequestCodes" type="integerRange">
			<default value="0-255"/>
			<min value="0" />
			<max value="255" />
			<maxOccurs value="unbounded" />
			<condition expr="MessageTypes==Specific&amp;&amp;EchoRequest==true" />
		</property>
		<property name="DestinationUnreachable" type="boolean">
			<default value="false"/>
			<condition expr="MessageTypes==Specific" />
		</property>
		<property name="DestinationUnreachableCodes" type="integerRange">
			<default value="0-255"/>
			<min value="0" />
			<max value="255" />
			<maxOccurs value="unbounded" />
			<condition expr="MessageTypes==Specific&amp;&amp;DestinationUnreachable==true" />
		</property>
		<property name="Redirect" type="boolean">
			<default value="false"/>
			<condition expr="MessageTypes==Specific&amp;&amp;MessageTypes==Specific" />
		</property>
		<property name="RedirectCodes" type="integerRange">
			<default value="0-255"/>
			<min value="0" />
			<max value="255" />
			<maxOccurs value="unbounded" />
			<condition expr="MessageTypes==Specific&amp;&amp;Redirect==true" />
		</property>
		<property name="ParameterProblem" type="boolean">
			<default value="false"/>
			<condition expr="MessageTypes==Specific" />
		</property>
		<property name="ParameterProblemCodes" type="integerRange">
			<default value="0-255"/>
			<min value="0" />
			<max value="255" />
			<maxOccurs value="unbounded" />
			<condition expr="MessageTypes==Specific&amp;&amp;ParameterProblem==true" />
		</property>
		<property name="EchoReply" type="boolean">
			<default value="false"/>
			<condition expr="MessageTypes==Specific" />
		</property>
		<property name="EchoReplyCodes" type="integerRange">
			<default value="0-255"/>
			<min value="0" />
			<max value="255" />
			<maxOccurs value="unbounded" />
			<condition expr="MessageTypes==Specific&amp;&amp;EchoReply==true" />
		</property>
		<property name="SourceQuenching" type="boolean">
			<default value="false"/>
			<condition expr="MessageTypes==Specific" />
		</property>
		<property name="SourceQuenchingCodes" type="integerRange">
			<default value="0-255"/>
			<min value="0" />
			<max value="255" />
			<maxOccurs value="unbounded" />
			<condition expr="MessageTypes==Specific&amp;&amp;SourceQuenching==true" />
		</property>
		<property name="TimeExceeded" type="boolean">
			<default value="false"/>
			<condition expr="MessageTypes==Specific" />
		</property>
		<property name="TimeExceededCodes" type="integerRange">
			<default value="0-255"/>
			<min value="0" />
			<max value="255" />
			<maxOccurs value="unbounded" />
			<condition expr="MessageTypes==Specific&amp;&amp;TimeExceeded==true" />
		</property>
		<description value="An ICMP Service is an object definition representing ICMP traffic with specific parameters." />
	</class>
	
	<class name="ServiceIPProto" extends="ServiceEx">
		
		<property name="IPProto" type="integerRange">		
			<default value="0-255"/>
			<min value="0" />
			<max value="255" />
			<maxOccurs value="unbounded" />
		</property>
		<description value="An IP Protocol Service is a definition of an IP protocol with specific parameters." />
	</class>
	
	<class name="ServiceGroup" extends="Service">
		<property name="Members">
			<reference class="Service" />
			<maxOccurs value="unbounded" />
			<defaultProperty />
		</property>
		<description value="A Service Group is a collection of service objects, which can then be used by different policies in the system." />
	</class>
	
	<class name="ScheduleProfileFolder" extends="Node">
		<staticName value="Schedules"/>
		<child class="ScheduleProfile" maxOccurs="unbounded"/>
		<description value="Schedules may be used to control when certain policies in the system are active." />
	</class>
	<viewTemplate name="WebUI.ScheduleProfileFolder"> 
        <column name="Name" /> 
        <column name="Days" />  
        <column name="StartDate" />
        <column name="EndDate" />
        <column name="Comments" />
	</viewTemplate>	
	<viewTemplate name="WebUI.ComboBox.ScheduleProfileFolder"> 
        <column name="Name" /> 
        <column name="Comments" />
	</viewTemplate>	
	
	<class name="ScheduleProfile" extends="Node">
		<property name="Name" type="string">
			<maxLength value="64"/>
			<unique value="class"/>
      <restrictChars value="[a-zA-Z][a-zA-Z0-9_-]*"/>
		</property>
		<property name="Mon" type="string">
			<allowNull />
		</property>
		<property name="Tue" type="string">
			<allowNull />
		</property>
		<property name="Wed" type="string">
			<allowNull />
		</property>
		<property name="Thu" type="string">
			<allowNull />
		</property>
		<property name="Fri" type="string">
			<allowNull />
		</property>
		<property name="Sat" type="string">
			<allowNull />
		</property>
		<property name="Sun" type="string">
			<allowNull />
		</property>
		<property name="StartDate" type="dateTime">
			<allowNull />
		</property>
		<property name="EndDate" type="dateTime">
			<allowNull />
		</property>
		<description value="A Schedule Profile defines days and dates and are then used by the various policies in the system." />
	</class>
	
	<class name="CertificateFolder" extends="Node">
		<staticName value="Certificates"/>
		<child class="Certificate" maxOccurs="unbounded"/>
		<description value="Manage the X.509 certificates used by various components for authentication purposes." />
	</class>
	<viewTemplate name="WebUI.CertificateFolder"> 
        <column name="Name" /> 
        <column name="Type" /> 
        <column name="Comments" />
	</viewTemplate>	
	
	<viewTemplate name="WebUI.ComboBox.CertificateFolder"> 
        <column name="Name" /> 
        <column name="Type" />         
	</viewTemplate>	
	
	<class name="Certificate" extends="Node">
		<property name="Name" type="string">
			<maxLength value="64"/>
			<unique value="class"/>
      <restrictChars value="[a-zA-Z][a-zA-Z0-9_-]*"/>
		</property>
		<property name="Type" type="string">
			<enumeration value="Local" />
			<enumeration value="Remote" />
			<enumeration value="Request" />
		</property>						
		<property name="CertificateData" type="base64binary">
		</property>
		<property name="PrivateKey" type="base64binary">
			<condition expr="Type!=Remote" />
		</property>
	    <description value="An X. 509 certificate is used to authenticate a VPN client or gateway when establishing an IPSec tunnel." />
	</class>
	
	<class name="VPNObjectFolder" extends="Node">
		<staticName value="VPNObjects"/>
		<child class="PSKFolder" instantiate="static"/>
		<child class="LDAPFolder" instantiate="static"/>
		<child class="IDListFolder" instantiate="static"/>
		<child class="IKEAlgorithmsFolder" instantiate="static"/>
		<child class="IPSecAlgorithmsFolder" instantiate="static"/>
    <description value="Configure objects and settings related to Virtual Private Networking (VPN)." />
	</class>
	
	<class name="IKEAlgorithmsFolder" extends="Node">
		<staticName value="IKEAlgorithms"/>
		<child class="IKEAlgorithms" maxOccurs="unbounded"/>
    <description value="Configure algorithms which are used in the IKE phase of an IPSec session." />
	</class>
	
	<viewTemplate name="WebUI.IKEAlgorithmsFolder"> 
        <column name="Name" /> 
        <column name="Algorithms" />
        <column name="Comments" />
	</viewTemplate>	
	
	<viewTemplate name="WebUI.ComboBox.IKEAlgorithmsFolder"> 
        <column name="Name" /> 	                
	</viewTemplate>	
	
	
	<class name="IKEAlgorithms" extends="Node">
		<property name="Name" type="string">
			<maxLength value="64"/>
			<unique value="class"/>		
		</property>							
		<property name="NULLEnabled" type="boolean">
		</property>			
		<property name="DESEnabled" type="boolean">
		</property>
		<property name="DES3Enabled" type="boolean">
		</property>
		<property name="AESEnabled" type="boolean">
		</property>		
		<property name="BlowfishEnabled" type="boolean">
		</property>
		<property name="TwofishEnabled" type="boolean">
		</property>
		<property name="CAST128Enabled" type="boolean">
		</property>		
		<property name="AESKeySize" type="integer">
			<enumeration value="128" />
			<enumeration value="192" />
			<enumeration value="256" />
			<default value="128" />
		</property>
		<property name="BlowfishKeySize" type="integer">						
			<min value="48"/>
			<max value="448"/>
			<default value="128" />
		</property>
		<property name="TwofishKeySize" type="integer">						
			<min value="0"/>
			<max value="256"/>
			<default value="128" />
		</property>				
		<property name="MD5Enabled" type="boolean">
		</property>
		<property name="SHA1Enabled" type="boolean">
		</property>		
    <description value="Configure algorithms which are used in the IKE phase of an IPSec session." />
	</class>
	
	
	<class name="IPSecAlgorithmsFolder" extends="Node">
		<staticName value="IPSecAlgorithms"/>
		<child class="IPSecAlgorithms" maxOccurs="unbounded"/>
    <description value="Configure algorithms which are used in the IPSec phase of an IPSec session." />
	</class>
	
	<viewTemplate name="WebUI.IPSecAlgorithmsFolder"> 
        <column name="Name" /> 
        <column name="Algorithms" />
        <column name="Comments" />
	</viewTemplate>	
	
	<viewTemplate name="WebUI.ComboBox.IPSecAlgorithmsFolder"> 
        <column name="Name" />         
	</viewTemplate>	
	
	
	<class name="IPSecAlgorithms" extends="Node">
		<property name="Name" type="string">
			<maxLength value="64"/>
			<unique value="class"/>
		</property>				
		<property name="NULLEnabled" type="boolean">
		</property>			
		<property name="DESEnabled" type="boolean">
		</property>
		<property name="DES3Enabled" type="boolean">
		</property>
		<property name="AESEnabled" type="boolean">
		</property>		
		<property name="BlowfishEnabled" type="boolean">
		</property>
		<property name="TwofishEnabled" type="boolean">
		</property>
		<property name="CAST128Enabled" type="boolean">
		</property>		
		<property name="AESKeySize" type="integer">
			<enumeration value="128" />
			<enumeration value="192" />
			<enumeration value="256" />
			<default value="128" />
		</property>
		<property name="BlowfishKeySize" type="integer">						
			<min value="48"/>
			<max value="448"/>
			<default value="128" />
		</property>
		<property name="TwofishKeySize" type="integer">						
			<min value="0"/>
			<max value="256"/>
			<default value="128" />
		</property>				
		<property name="MD5Enabled" type="boolean">
		</property>
		<property name="SHA1Enabled" type="boolean">
		</property>
    <description value="Configure algorithms which are used in the IPSec phase of an IPSec session." />		
	</class>
	
	<class name="PSKFolder" extends="Node">
		<staticName value="PSK"/>
		<child class="PSK" maxOccurs="unbounded"/>
		<description value="Add, remove and modify Pre-Shared Keys, which are used for IPSec authentication purposes." />
	</class>
	<viewTemplate name="WebUI.PSKFolder"> 
        <column name="Name" /> 
        <column name="Type" />
        <column name="Comments" />
	</viewTemplate>
  <viewTemplate name="WebUI.ComboBox.PSKFolder"> 
        <column name="Name" /> 
        <column name="Type" />
	</viewTemplate>	
	
	<class name="PSK" extends="Node">
		<property name="Name" type="string">			
			<maxLength value="64"/>
			<unique value="class"/>
      <restrictChars value="[a-zA-Z][a-zA-Z0-9_-]*"/>
		</property>	
		<property name="Type" type="string">
			<enumeration value="ASCII" />
			<enumeration value="HEX" />			
			<default value="HEX" />			
		</property>
		<property name="PSKAscii" type="string">
			<minLength value="4"/>
			<condition expr="Type==ASCII" />			
		</property>
		<property name="PSKHex" type="string">
			<minLength value="4"/>
			<condition expr="Type==HEX" />
		</property>
		
	    <description value="PSK (Pre-Shared Key) authentication is based on a shared secret that is known only by the parties involved." />
	</class>
	
	<class name="LDAPFolder" extends="Node">
		<staticName value="LDAP"/>
		<child class="LDAPServer" maxOccurs="unbounded"/>
	    <description value="LDAP servers are used as a central repositories of certificates and CRLs that the firewall can download when neccessary." />
	</class>
	<viewTemplate name="WebUI.LDAPFolder"> 
        <column name="Host" /> 
        <column name="Username" />        
        <column name="Port" />
        <column name="Comments" />
	</viewTemplate>	
	
	<class name="LDAPServer" extends="Node">
		<property name="Host">
			<reference class="IP4Address" condition="Address.eval(ishost)" />
		</property>
		<property name="Username" type="string">
			<allowNull />
		</property>
		<property name="Password" type="string">
			<allowNull />
		</property>
		<property name="Port" type="integer">
			<default value="389" />
			<min value="0"/>
			<max value="65535"/>
			<allowNull />
		</property>
	    <description value="An LDAP server is Used as a central repository of certificates and CRLs that the firewall can download when neccessary." />
	</class>
	
	
	<class name="IDListFolder" extends="Node">
		<staticName value="IDLists"/>
		<child class="IDList" maxOccurs="unbounded"/>
	    <description value="ID lists contains IDs, which are used within the authentication process when establishing an IPSec tunnel." />
	</class>
	<viewTemplate name="WebUI.IDListFolder"> 
		<column name="Name" /> 
		<column name="Comments" /> 
	</viewTemplate>	
	
	<class name="IDList" extends="Node">
		<property name="Name" type="string">
			<maxLength value="64"/>
			<unique value="class"/>
		    <restrictChars value="[a-zA-Z][a-zA-Z0-9_-]*"/>
		</property>	
		<child class="ID" maxOccurs="unbounded"/>
	    <description value="An ID list contains IDs, which are used within the authentication process when establishing an IPSec tunnel." />
	</class>
	<viewTemplate name="WebUI.IDList"> 
        <column name="Name" />
        <column name="Type" />
        <column name="Value" />         
        <column name="Comments" />
	</viewTemplate>	
	
	<class name="ID" extends="Node">
		<property name="Name" type="string">
			<maxLength value="64"/>
			<unique value="class"/>
      <restrictChars value="[a-zA-Z][a-zA-Z0-9_-]*"/>
		</property>
		<property name="Type" type="string">
			<enumeration value="IP" />
			<enumeration value="DNS" />
			<enumeration value="E-Mail" />
			<enumeration value="DistinguishedName" />
			<default value="IP" />
		</property>
		<property name="IP" type="ip4">
			<condition expr="Type=='IP'" />
		</property>
		<property name="Hostname" type="string">
			<condition expr="Type==DNS" />
		</property>
		<property name="CommonName" type="string">
			<allowNull />
			<condition expr="Type==DistinguishedName" />
		</property>
		<property name="OrganizationName" type="string">
			<allowNull />
			<condition expr="Type==DistinguishedName" />
		</property>
		<property name="OrganizationalUnit" type="string">
			<allowNull />
			<condition expr="Type==DistinguishedName" />
		</property>
		<property name="Country" type="string">
			<allowNull />
			<condition expr="Type==DistinguishedName" />
		</property>
		<property name="LocalityName" type="string">
			<allowNull/>
			<condition expr="Type==DistinguishedName" />
		</property>
		<property name="EMailAddress" type="string">
			<allowNull />
			<condition expr="Type==E-Mail || Type==DistinguishedName"/>
		</property>
	    <description value="An ID is used to define parameters that are matched against the subject field in an X.509 certificate when establishing an IPSec tunnel." />
	</class>
</configSchema>
