a10_ddos_dst_zone_port_range
Synopsis
DDOS Port-Range & Protocol configuration
Parameters
Parameters |
Choices/Defaults |
Comment |
|
|---|---|---|---|
state str/required |
[‘noop’, ‘present’, ‘absent’] |
State of the object to be created. |
|
ansible_host str/required |
Host for AXAPI authentication |
||
ansible_username str/required |
Username for AXAPI authentication |
||
ansible_password str/required |
Password for AXAPI authentication |
||
ansible_port int/required |
Port for AXAPI authentication |
||
a10_device_context_id int |
[‘1-8’] |
Device ID for aVCS configuration |
|
a10_partition str |
Destination/target partition for object/command |
||
zone_name str/required |
Key to identify parent object |
||
port_range_start int/required |
Port-Range Start Port Number |
||
port_range_end int/required |
Port-Range End Port Number |
||
protocol str/required |
‘dns-tcp’= DNS-TCP Port; ‘dns-udp’= DNS-UDP Port; ‘http’= HTTP Port; ‘tcp’= TCP Port; ‘udp’= UDP Port; ‘ssl-l4’= SSL-L4 Port; ‘sip-udp’= SIP-UDP Port; ‘sip- tcp’= SIP-TCP Port; ‘quic’= QUIC Port; |
||
manual_mode_enable bool |
Toggle manual mode to use fix templates |
||
deny bool |
Blacklist and Drop all incoming packets for protocol |
||
glid_cfg dict |
Field glid_cfg |
||
glid str |
Global limit ID for the whole zone |
||
glid_action str |
‘drop’= Drop packets for glid exceed (Default if default-action-list is not configured); ‘ignore’= Do nothing for glid exceed; |
||
action_list str |
Configure action-list to take |
||
per_addr_glid str |
Global limit ID per address |
||
stateful bool |
Enable stateful tracking of sessions (Default is stateless) |
||
default_action_list str |
Configure default-action-list |
||
sflow_common bool |
Enable all sFlow polling options under this zone port |
||
sflow_packets bool |
Enable sFlow packet-level counter polling |
||
sflow_tcp dict |
Field sflow_tcp |
||
sflow_tcp_basic bool |
Enable sFlow basic TCP counter polling |
||
sflow_tcp_stateful bool |
Enable sFlow stateful TCP counter polling |
||
sflow_http bool |
Enable sFlow HTTP counter polling |
||
unlimited_dynamic_entry_count bool |
No limit for maximum dynamic src entry count |
||
max_dynamic_entry_count int |
Maximum count for dynamic source zone service entry |
||
apply_policy_on_overflow bool |
Enable this flag to apply overflow policy when dynamic entry count overflows |
||
enable_class_list_overflow bool |
Apply class-list overflow policy upon exceeding dynamic entry count specified under zone port or each class-list |
||
enable_top_k bool |
Enable ddos top-k source IP detection |
||
topk_num_records int |
Maximum number of records to show in topk |
||
enable_top_k_destination bool |
Enable ddos top-k destination IP detection |
||
topk_dst_num_records int |
Maximum number of records to show in topk |
||
set_counter_base_val int |
Set T2 counter value of current context to specified value |
||
age int |
Idle age for ip entry |
||
zone_template dict |
Field zone_template |
||
ips str |
IPS template |
||
outbound_only bool |
Only allow outbound traffic |
||
faster_de_escalation bool |
De-escalate faster in standalone mode |
||
uuid str |
uuid of the object |
||
user_tag str |
Customized tag |
||
pattern_recognition dict |
Field pattern_recognition |
||
algorithm str |
‘heuristic’= heuristic algorithm; |
||
mode str |
‘capture-never-expire’= War-time capture without rate exceeding and never expires; ‘manual’= Manual mode; |
||
sensitivity str |
‘high’= High Sensitivity; ‘medium’= Medium Sensitivity; ‘low’= Low Sensitivity; |
||
filter_threshold int |
Extracted filter threshold |
||
filter_inactive_threshold int |
Extracted filter inactive threshold |
||
triggered_by str |
‘zone-escalation’= Zone escalation trigger pattern recognition; ‘packet-rate- exceeds’= Packet rate limit exceeds trigger pattern recognition (default); |
||
capture_traffic str |
‘all’= Capture all packets; ‘dropped’= Capture dropped packets (default); |
||
app_payload_offset int |
Set offset of the payload, default 0 |
||
uuid str |
uuid of the object |
||
pattern_recognition_pu_details dict |
Field pattern_recognition_pu_details |
||
uuid str |
uuid of the object |
||
level_list list |
Field level_list |
||
level_num str |
‘0’= Default policy level; ‘1’= Policy level 1; ‘2’= Policy level 2; ‘3’= Policy level 3; ‘4’= Policy level 4; |
||
src_default_glid str |
Global limit ID |
||
glid_action str |
‘drop’= Drop packets for glid exceed (Default); ‘blacklist-src’= Blacklist-src for glid exceed; ‘ignore’= Do nothing for glid exceed; |
||
zone_escalation_score int |
Zone activation score of this level |
||
zone_violation_actions str |
Violation actions apply due to zone escalate from this level |
||
src_escalation_score int |
Source activation score of this level |
||
src_violation_actions str |
Violation actions apply due to source escalate from this level |
||
zone_template dict |
Field zone_template |
||
start_pattern_recognition bool |
Start pattern recognition from this level |
||
apply_extracted_filters bool |
Apply extracted filters from this level |
||
uuid str |
uuid of the object |
||
user_tag str |
Customized tag |
||
indicator_list list |
Field indicator_list |
||
manual_mode_list list |
Field manual_mode_list |
||
config str |
‘configuration’= Manual-mode configuration; |
||
src_default_glid str |
Global limit ID |
||
glid_action str |
‘drop’= Drop packets for glid exceed (Default); ‘blacklist-src’= Blacklist-src for glid exceed; ‘ignore’= Do nothing for glid exceed; |
||
zone_template dict |
Field zone_template |
||
uuid str |
uuid of the object |
||
user_tag str |
Customized tag |
||
ips dict |
Field ips |
||
uuid str |
uuid of the object |
||
sampling_enable list |
Field sampling_enable |
||
port_ind dict |
Field port_ind |
||
uuid str |
uuid of the object |
||
sampling_enable list |
Field sampling_enable |
||
topk_sources dict |
Field topk_sources |
||
uuid str |
uuid of the object |
||
topk_destinations dict |
Field topk_destinations |
||
uuid str |
uuid of the object |
||
progression_tracking dict |
Field progression_tracking |
||
uuid str |
uuid of the object |
||
src_based_policy_list list |
Field src_based_policy_list |
||
src_based_policy_name str |
Specify name of the policy |
||
uuid str |
uuid of the object |
||
user_tag str |
Customized tag |
||
policy_class_list_list list |
Field policy_class_list_list |
||
dynamic_entry_overflow_policy_list list |
Field dynamic_entry_overflow_policy_list |
||
dummy_name str |
‘configuration’= Configure overflow policy; |
||
glid str |
Global limit ID |
||
action str |
‘bypass’= Always permit for the Source to bypass all feature & limit checks; ‘deny’= Blacklist incoming packets for service; |
||
log_enable bool |
Enable logging |
||
log_periodic bool |
Enable log periodic |
||
zone_template dict |
Field zone_template |
||
uuid str |
uuid of the object |
||
user_tag str |
Customized tag |
||
oper dict |
Field oper |
||
ddos_entry_list list |
Field ddos_entry_list |
||
entry_displayed_count int |
Field entry_displayed_count |
||
service_displayed_count int |
Field service_displayed_count |
||
reporting_status int |
Field reporting_status |
||
sources bool |
Field sources |
||
overflow_policy bool |
Field overflow_policy |
||
sources_all_entries bool |
Field sources_all_entries |
||
class_list str |
Field class_list |
||
subnet_ip_addr str |
Field subnet_ip_addr |
||
subnet_ipv6_addr str |
Field subnet_ipv6_addr |
||
ipv6 str |
Field ipv6 |
||
exceeded bool |
Field exceeded |
||
black_listed bool |
Field black_listed |
||
white_listed bool |
Field white_listed |
||
authenticated bool |
Field authenticated |
||
level bool |
Field level |
||
app_stat bool |
Field app_stat |
||
indicators bool |
Field indicators |
||
indicator_detail bool |
Field indicator_detail |
||
l4_ext_rate bool |
Field l4_ext_rate |
||
hw_blacklisted bool |
Field hw_blacklisted |
||
suffix_request_rate bool |
Field suffix_request_rate |
||
domain_name str |
Field domain_name |
||
port_range_start int |
Port-Range Start Port Number |
||
port_range_end int |
Port-Range End Port Number |
||
protocol str |
‘dns-tcp’= DNS-TCP Port; ‘dns-udp’= DNS-UDP Port; ‘http’= HTTP Port; ‘tcp’= TCP Port; ‘udp’= UDP Port; ‘ssl-l4’= SSL-L4 Port; ‘sip-udp’= SIP-UDP Port; ‘sip- tcp’= SIP-TCP Port; ‘quic’= QUIC Port; |
||
pattern_recognition dict |
Field pattern_recognition |
||
pattern_recognition_pu_details dict |
Field pattern_recognition_pu_details |
||
ips dict |
Field ips |
||
port_ind dict |
Field port_ind |
||
topk_sources dict |
Field topk_sources |
||
topk_destinations dict |
Field topk_destinations |
||
progression_tracking dict |
Field progression_tracking |
||
Examples
Return Values
- modified_values (changed, dict, )
Values modified (or potential changes if using check_mode) as a result of task operation
- axapi_calls (always, list, )
Sequential list of AXAPI calls made by the task
- endpoint (, str, [‘/axapi/v3/slb/virtual_server’, ‘/axapi/v3/file/ssl-cert’])
The AXAPI endpoint being accessed.
- http_method (, str, [‘POST’, ‘GET’])
HTTP method being used by the primary task to interact with the AXAPI endpoint.
- request_body (, complex, )
Params used to query the AXAPI
- response_body (, complex, )
Response from the AXAPI
Status
This module is not guaranteed to have a backwards compatible interface. [preview]
This module is maintained by community.