a10_fw_ddos_protection
Synopsis
Configure FW DDoS Protection
Parameters
Parameters |
Choices/Defaults |
Comment |
|
|---|---|---|---|
state str/required |
[‘noop’, ‘present’, ‘absent’] |
State of the object to be created. |
|
ansible_host str/required |
Host for AXAPI authentication |
||
ansible_username str/required |
Username for AXAPI authentication |
||
ansible_password str/required |
Password for AXAPI authentication |
||
ansible_port int/required |
Port for AXAPI authentication |
||
a10_device_context_id int |
[‘1-8’] |
Device ID for aVCS configuration |
|
a10_partition str |
Destination/target partition for object/command |
||
dynamic_blacklist dict |
Field dynamic_blacklist |
||
dynamic_blacklist_action str |
‘enable’= Enable protection against volumetric attacks using dynamic blacklist; ‘disable’= Disable protection against volumetric attacks using dynamic blacklist; |
||
dir str |
‘inbound’= enable in inbound direction; ‘outbound’= enable in outbound direction; ‘both’= enable in both directions; |
||
timeout int |
Timeout value (in seconds) for dynamic blacklist (Timeout value (in seconds) for dynamic blacklist(default is 5 seconds)) |
||
cpu_threshold int |
Core-level CPU usage threshold for dynamic blacklist creation (Core-level CPU usage threshold for dynamic blacklist creation (default is 60)) |
||
logging dict |
Field logging |
||
logging_action str |
‘enable’= enable FW DDoS protection logging; ‘disable’= Disable both local & remote FW DDoS protection logging; |
||
enable_action str |
‘local’= Enable local logs only; ‘remote’= Enable logging to remote server & IPFIX; ‘both’= Enable both local & remote logs; |
||
action dict |
Field action |
||
action_type str |
‘drop’= Log, and drop all packets (default); ‘redistribute-route’= Log, Notify upstream router to reroute the packets. Drop all packets by default.; |
||
route_map str |
Route map name |
||
expiration int |
To specify time in minutes to revert the action (Expiration time, in minutes (default is 5 mins)) |
||
expiration_route int |
To specify time in minutes to revert the action (Expiration time, in minutes (default is 60 mins)) |
||
timer_multiply_max int |
To specify max value of timer multiplier for attacks lasted long time (Max value of timer multiplier (default is 6)) |
||
remove_wait_timer int |
Max time to wait before removing IP from blackhole (Max value in seconds (default 300)) |
||
forward bool |
Forward traffic with rate-limiting |
||
uuid str |
uuid of the object |
||
sampling_enable list |
Field sampling_enable |
||
counters1 str |
‘all’= all; ‘ddos_entries_too_many’= Too many DDOS entries; ‘ddos_entry_added’= DDOS entry added; ‘ddos_entry_removed’= DDOS entry removed; ‘ddos_entry_added_to_bgp’= DDoS Entry added to BGP; ‘ddos_entry_removed_from_bgp’= DDoS Entry Removed from BGP; ‘ddos_entry_add_to_bgp_failure’= DDoS Entry BGP add failures; ‘ddos_entry_remove_from_bgp_failure’= DDOS entry BGP remove failures; ‘ddos_packet_dropped’= DDOS Packet Drop; |
||
oper dict |
Field oper |
||
entries_list list |
Field entries_list |
||
details bool |
Field details |
||
v4_address str |
Field v4_address |
||
v4_netmask str |
Field v4_netmask |
||
v6_prefix str |
Field v6_prefix |
||
stats dict |
Field stats |
||
ddos_entries_too_many str |
Too many DDOS entries |
||
ddos_entry_added str |
DDOS entry added |
||
ddos_entry_removed str |
DDOS entry removed |
||
ddos_entry_added_to_bgp str |
DDoS Entry added to BGP |
||
ddos_entry_removed_from_bgp str |
DDoS Entry Removed from BGP |
||
ddos_entry_add_to_bgp_failure str |
DDoS Entry BGP add failures |
||
ddos_entry_remove_from_bgp_failure str |
DDOS entry BGP remove failures |
||
ddos_packet_dropped str |
DDOS Packet Drop |
||
Examples
Return Values
- modified_values (changed, dict, )
Values modified (or potential changes if using check_mode) as a result of task operation
- axapi_calls (always, list, )
Sequential list of AXAPI calls made by the task
- endpoint (, str, [‘/axapi/v3/slb/virtual_server’, ‘/axapi/v3/file/ssl-cert’])
The AXAPI endpoint being accessed.
- http_method (, str, [‘POST’, ‘GET’])
HTTP method being used by the primary task to interact with the AXAPI endpoint.
- request_body (, complex, )
Params used to query the AXAPI
- response_body (, complex, )
Response from the AXAPI
Status
This module is not guaranteed to have a backwards compatible interface. [preview]
This module is maintained by community.