a10_fw_global

Synopsis

Configure firewall parameters

Parameters

Parameters

Choices/Defaults

Comment

state

str/required

[‘noop’, ‘present’, ‘absent’]

State of the object to be created.

ansible_host

str/required

Host for AXAPI authentication

ansible_username

str/required

Username for AXAPI authentication

ansible_password

str/required

Password for AXAPI authentication

ansible_port

int/required

Port for AXAPI authentication

a10_device_context_id

int

[‘1-8’]

Device ID for aVCS configuration

a10_partition

str

Destination/target partition for object/command

disable_ip_fw_sessions

bool

disable create sessions for non TCP/UDP/ICMP

alg_processing

str

‘honor-rule-set’= Honors firewall rule-sets (Default); ‘override-rule-set’= Override firewall rule-sets;

extended_matching

str

‘disable’= Disable extended matching;

permit_default_action

str

‘forward’= Forward; ‘next-service-mode’= Service to be applied chosen based on configuration;

natip_ddos_protection

str

‘enable’= Enable; ‘disable’= Disable;

listen_on_port_timeout

int

STUN timeout (default= 2 minutes)

respond_to_user_mac

bool

Use the user’s source MAC for the next hop rather than the routing table (default= off)

disable_app_list

list

Field disable_app_list

disable_application_protocol

str

Disable specific application protocol

disable_application_category

str

‘aaa’= Protocol/application used for AAA (Authentification, Authorization and Accounting) purposes.; ‘adult-content’= Adult content.; ‘advertising’= Advertising networks and applications.; ‘analytics-and-statistics’= user- analytics and statistics.; ‘anonymizers-and-proxies’= Traffic-anonymization protocol/application.; ‘audio-chat’= Protocol/application used for Audio Chat.; ‘basic’= Protocols required for basic classification, e.g., ARP, HTTP; ‘blog’= Blogging platform.; ‘cdn’= Protocol/application used for Content-Delivery Networks.; ‘chat’= Protocol/application used for Text Chat.; ‘classified-ads’= Protocol/application used for Classified ads.; ‘cloud-based-services’= SaaS and/or PaaS cloud based services.; ‘crowdfunding’= Service for funding a project or venture by raising small amounts of money from a large number of people.; ‘cryptocurrency’= Cryptocurrency.; ‘database’= Database-specific protocols.; ‘disposable-email’= Disposable email accounts.; ‘ebook-reader’= Services for e-book readers.; ‘email’= Native email protocol.; ‘enterprise’= Protocol/application used in an enterprise network.; ‘file-management’= Protocol/application designed specifically for file management and exchange, e.g., Dropbox, SMB; ‘file-transfer’= Protocol that offers file transferring as a functionality as a secondary feature. e.g., Skype, Whatsapp; ‘forum’= Online forum.; ‘gaming’= Protocol/application used by games.; ‘instant-messaging-and- multimedia-conferencing’= Protocol/application used for Instant messaging or multiconferencing.; ‘internet-of-things’= Internet Of Things protocol/application.; ‘mobile’= Mobile-specific protocol/application.; ‘map- service’= Digital Maps service.; ‘multimedia-streaming’= Protocol/application used for multimedia streaming.; ‘networking’= Protocol used for (inter) networking purpose.; ‘news-portal’= Protocol/application used for News Portals.; ‘peer-to-peer’= Protocol/application used for Peer-to-peer purposes.; ‘remote-access’= Protocol/application used for remote access.; ‘scada’= SCADA (Supervisory control and data acquisition) protocols, all generations.; ‘social-networks’= Social networking application.; ‘software-update’= Auto- update protocol.; ‘standards-based’= Protocol issued from standardized bodies such as IETF, ITU, IEEE, ETSI, OIF.; ‘transportation’= Transportation.; ‘video- chat’= Protocol/application used for Video Chat.; ‘voip’= Application used for Voice over IP.; ‘vpn-tunnels’= Protocol/application used for VPN or tunneling purposes.; ‘web’= Application based on HTTP/HTTPS.; ‘web-e-commerce’= Protocol/application used for E-commerce websites.; ‘web-search-engines’= Protocol/application used for Web search portals.; ‘web-websites’= Protocol/application used for Company Websites.; ‘webmails’= Web email application.; ‘web-ext-adult’= Web Extension Adult; ‘web-ext-auctions’= Web Extension Auctions; ‘web-ext-blogs’= Web Extension Blogs; ‘web-ext-business- and-economy’= Web Extension Business and Economy; ‘web-ext-cdns’= Web Extension CDNs; ‘web-ext-collaboration’= Web Extension Collaboration; ‘web-ext-computer- and-internet-info’= Web Extension Computer and Internet Info; ‘web-ext- computer-and-internet-security’= Web Extension Computer and Internet Security; ‘web-ext-dating’= Web Extension Dating; ‘web-ext-educational-institutions’= Web Extension Educational Institutions; ‘web-ext-entertainment-and-arts’= Web Extension Entertainment and Arts; ‘web-ext-fashion-and-beauty’= Web Extension Fashion and Beauty; ‘web-ext-file-share’= Web Extension File Share; ‘web-ext- financial-services’= Web Extension Financial Services; ‘web-ext-gambling’= Web Extension Gambling; ‘web-ext-games’= Web Extension Games; ‘web-ext-government’= Web Extension Government; ‘web-ext-health-and-medicine’= Web Extension Health and Medicine; ‘web-ext-individual-stock-advice-and-tools’= Web Extension Individual Stock Advice and Tools; ‘web-ext-internet-portals’= Web Extension Internet Portals; ‘web-ext-job-search’= Web Extension Job Search; ‘web-ext- local-information’= Web Extension Local Information; ‘web-ext-malware’= Web Extension Malware; ‘web-ext-motor-vehicles’= Web Extension Motor Vehicles; ‘web-ext-music’= Web Extension Music; ‘web-ext-news’= Web Extension News; ‘web- ext-p2p’= Web Extension P2P; ‘web-ext-parked-sites’= Web Extension Parked Sites; ‘web-ext-proxy-avoid-and-anonymizers’= Web Extension Proxy Avoid and Anonymizers; ‘web-ext-real-estate’= Web Extension Real Estate; ‘web-ext- reference-and-research’= Web Extension Reference and Research; ‘web-ext-search- engines’= Web Extension Search Engines; ‘web-ext-shopping’= Web Extension Shopping; ‘web-ext-social-network’= Web Extension Social Network; ‘web-ext- society’= Web Extension Society; ‘web-ext-software’= Web Extension Software; ‘web-ext-sports’= Web Extension Sports; ‘web-ext-streaming-media’= Web Extension Streaming Media; ‘web-ext-training-and-tools’= Web Extension Training and Tools; ‘web-ext-translation’= Web Extension Translation; ‘web-ext-travel’= Web Extension Travel; ‘web-ext-web-advertisements’= Web Extension Web Advertisements; ‘web-ext-web-based-email’= Web Extension Web based Email; ‘web- ext-web-hosting’= Web Extension Web Hosting; ‘web-ext-web-service’= Web Extension Web Service;

uuid

str

uuid of the object

sampling_enable

list

Field sampling_enable

counters1

str

‘all’= all; ‘tcp_fullcone_created’= TCP Full-cone Created; ‘tcp_fullcone_freed’= TCP Full-cone Freed; ‘udp_fullcone_created’= UDP Full- cone Created; ‘udp_fullcone_freed’= UDP Full-cone Freed; ‘fullcone_creation_failure’= Full-Cone Creation Failure; ‘data_session_created’= Data Session Created; ‘data_session_freed’= Data Session Freed; ‘fullcone_in_del_q’= Full-cone session found in delete queue; ‘fullcone_retry_lookup’= Full-cone session retry look-up; ‘fullcone_not_found’= Full-cone session not found; ‘fullcone_overflow_eim’= Full-cone Session EIM Overflow; ‘fullcone_overflow_eif’= Full-cone Session EIF Overflow; ‘udp_fullcone_created_shadow’= Total UDP Full-cone sessions created; ‘tcp_fullcone_created_shadow’= Total TCP Full-cone sessions created; ‘udp_fullcone_freed_shadow’= Total UDP Full-cone sessions freed; ‘tcp_fullcone_freed_shadow’= Total TCP Full-cone sessions freed; ‘fullcone_created’= Total Full-cone sessions created; ‘fullcone_freed’= Total Full-cone sessions freed; ‘fullcone_ext_too_many’= Fullcone Extension Too Many; ‘fullcone_ext_mem_allocated’= Fullcone Extension Memory Allocated; ‘fullcone_ext_mem_alloc_failure’= Fullcone Extension Memory Allocate Failure; ‘fullcone_ext_mem_alloc_init_faulure’= Fullcone Extension Initialization Failure; ‘fullcone_ext_mem_freed’= Fullcone Extension Memory Freed; ‘fullcone_ext_added’= Fullcone Extension Added; ‘ha_fullcone_failure’= HA Full- cone Session Failure; ‘data_session_created_shadow’= Total Data Sessions Created; ‘data_session_freed_shadow’= Total Data Sessions Freed; ‘active_fullcone_session’= Total Active Full-cone sessions; ‘limit-entry- failure’= Limit Entry Creation Failure; ‘limit-entry-allocated’= Limit Entry Allocated; ‘limit-entry-mem-freed’= Limit Entry Freed; ‘limit-entry-created’= Limit Entry Created; ‘limit-entry-not-in-bucket’= Limit Entry Not in Bucket; ‘limit-entry-marked-deleted’= Limit Entry Marked Deleted; ‘invalid-lid-drop’= Invalid Lid Drop; ‘src-session-limit-exceeded’= Source Prefix Session Limit Exceeded; ‘limit-exceeded’= Per Second Limit Exceeded; ‘limit-entry-per-cpu- mem-allocated’= Limit Entry Memory Allocated; ‘limit-entry-per-cpu-mem- allocation-failed’= Limit Entry Memory Allocation Failed; ‘limit-entry-per-cpu- mem-freed’= Limit Entry Memory Freed; ‘alg_default_port_disable’= Total ALG packets matching Default Port Disable; ‘no_fwd_route’= No Forward Route; ‘no_rev_route’= No Reverse Route; ‘no_fwd_l2_dst’= No Forward Mac Entry; ‘no_rev_l2_dst’= No Reverse Mac Entry; ‘urpf_pkt_drop’= URPF check packet drop; ‘fwd_ingress_packets_tcp’= Forward Ingress Packets TCP; ‘fwd_egress_packets_tcp’= Forward Egress Packets TCP; ‘rev_ingress_packets_tcp’= Reverse Ingress Packets TCP; ‘rev_egress_packets_tcp’= Reverse Egress Packets TCP; ‘fwd_ingress_bytes_tcp’= Forward Ingress Bytes TCP; ‘fwd_egress_bytes_tcp’= Forward Egress Bytes TCP; ‘rev_ingress_bytes_tcp’= Reverse Ingress Bytes TCP; ‘rev_egress_bytes_tcp’= Reverse Egress Bytes TCP; ‘fwd_ingress_packets_udp’= Forward Ingress Packets UDP; ‘fwd_egress_packets_udp’= Forward Egress Packets UDP; ‘rev_ingress_packets_udp’= Reverse Ingress Packets UDP; ‘rev_egress_packets_udp’= Reverse Egress Packets UDP; ‘fwd_ingress_bytes_udp’= Forward Ingress Bytes UDP; ‘fwd_egress_bytes_udp’= Forward Egress Bytes UDP; ‘rev_ingress_bytes_udp’= Reverse Ingress Bytes UDP; ‘rev_egress_bytes_udp’= Reverse Egress Bytes UDP; ‘fwd_ingress_packets_icmp’= Forward Ingress Packets ICMP; ‘fwd_egress_packets_icmp’= Forward Egress Packets ICMP; ‘rev_ingress_packets_icmp’= Reverse Ingress Packets ICMP; ‘rev_egress_packets_icmp’= Reverse Egress Packets ICMP; ‘fwd_ingress_bytes_icmp’= Forward Ingress Bytes ICMP; ‘fwd_egress_bytes_icmp’= Forward Egress Bytes ICMP; ‘rev_ingress_bytes_icmp’= Reverse Ingress Bytes ICMP; ‘rev_egress_bytes_icmp’= Reverse Egress Bytes ICMP; ‘fwd_ingress_packets_others’= Forward Ingress Packets OTHERS; ‘fwd_egress_packets_others’= Forward Egress Packets OTHERS; ‘rev_ingress_packets_others’= Reverse Ingress Packets OTHERS; ‘rev_egress_packets_others’= Reverse Egress Packets OTHERS; ‘fwd_ingress_bytes_others’= Forward Ingress Bytes OTHERS; ‘fwd_egress_bytes_others’= Forward Egress Bytes OTHERS; ‘rev_ingress_bytes_others’= Reverse Ingress Bytes OTHERS; ‘rev_egress_bytes_others’= Reverse Egress Bytes OTHERS; ‘fwd_ingress_pkt_size_range1’= Forward Ingress Packet size between 0 and 200; ‘fwd_ingress_pkt_size_range2’= Forward Ingress Packet size between 201 and 800; ‘fwd_ingress_pkt_size_range3’= Forward Ingress Packet size between 801 and 1550; ‘fwd_ingress_pkt_size_range4’= Forward Ingress Packet size between 1551 and 9000; ‘fwd_egress_pkt_size_range1’= Forward Egress Packet size between 0 and 200; ‘fwd_egress_pkt_size_range2’= Forward Egress Packet size between 201 and 800; ‘fwd_egress_pkt_size_range3’= Forward Egress Packet size between 801 and 1550; ‘fwd_egress_pkt_size_range4’= Forward Egress Packet size between 1551 and 9000; ‘rev_ingress_pkt_size_range1’= Reverse Ingress Packet size between 0 and 200; ‘rev_ingress_pkt_size_range2’= Reverse Ingress Packet size between 201 and 800; ‘rev_ingress_pkt_size_range3’= Reverse Ingress Packet size between 801 and 1550; ‘rev_ingress_pkt_size_range4’= Reverse Ingress Packet size between 1551 and 9000; ‘rev_egress_pkt_size_range1’= Reverse Egress Packet size between 0 and 200; ‘rev_egress_pkt_size_range2’= Reverse Egress Packet size between 201 and 800; ‘rev_egress_pkt_size_range3’= Reverse Egress Packet size between 801 and 1550; ‘rev_egress_pkt_size_range4’= Reverse Egress Packet size between 1551 and 9000;

stats

dict

Field stats

tcp_fullcone_created

str

TCP Full-cone Created

tcp_fullcone_freed

str

TCP Full-cone Freed

udp_fullcone_created

str

UDP Full-cone Created

udp_fullcone_freed

str

UDP Full-cone Freed

fullcone_creation_failure

str

Full-Cone Creation Failure

data_session_created

str

Data Session Created

data_session_freed

str

Data Session Freed

active_fullcone_session

str

Total Active Full-cone sessions

limit_entry_created

str

Limit Entry Created

limit_entry_marked_deleted

str

Limit Entry Marked Deleted

fwd_ingress_packets_tcp

str

Forward Ingress Packets TCP

fwd_egress_packets_tcp

str

Forward Egress Packets TCP

rev_ingress_packets_tcp

str

Reverse Ingress Packets TCP

rev_egress_packets_tcp

str

Reverse Egress Packets TCP

fwd_ingress_bytes_tcp

str

Forward Ingress Bytes TCP

fwd_egress_bytes_tcp

str

Forward Egress Bytes TCP

rev_ingress_bytes_tcp

str

Reverse Ingress Bytes TCP

rev_egress_bytes_tcp

str

Reverse Egress Bytes TCP

fwd_ingress_packets_udp

str

Forward Ingress Packets UDP

fwd_egress_packets_udp

str

Forward Egress Packets UDP

rev_ingress_packets_udp

str

Reverse Ingress Packets UDP

rev_egress_packets_udp

str

Reverse Egress Packets UDP

fwd_ingress_bytes_udp

str

Forward Ingress Bytes UDP

fwd_egress_bytes_udp

str

Forward Egress Bytes UDP

rev_ingress_bytes_udp

str

Reverse Ingress Bytes UDP

rev_egress_bytes_udp

str

Reverse Egress Bytes UDP

fwd_ingress_packets_icmp

str

Forward Ingress Packets ICMP

fwd_egress_packets_icmp

str

Forward Egress Packets ICMP

rev_ingress_packets_icmp

str

Reverse Ingress Packets ICMP

rev_egress_packets_icmp

str

Reverse Egress Packets ICMP

fwd_ingress_bytes_icmp

str

Forward Ingress Bytes ICMP

fwd_egress_bytes_icmp

str

Forward Egress Bytes ICMP

rev_ingress_bytes_icmp

str

Reverse Ingress Bytes ICMP

rev_egress_bytes_icmp

str

Reverse Egress Bytes ICMP

fwd_ingress_packets_others

str

Forward Ingress Packets OTHERS

fwd_egress_packets_others

str

Forward Egress Packets OTHERS

rev_ingress_packets_others

str

Reverse Ingress Packets OTHERS

rev_egress_packets_others

str

Reverse Egress Packets OTHERS

fwd_ingress_bytes_others

str

Forward Ingress Bytes OTHERS

fwd_egress_bytes_others

str

Forward Egress Bytes OTHERS

rev_ingress_bytes_others

str

Reverse Ingress Bytes OTHERS

rev_egress_bytes_others

str

Reverse Egress Bytes OTHERS

fwd_ingress_pkt_size_range1

str

Forward Ingress Packet size between 0 and 200

fwd_ingress_pkt_size_range2

str

Forward Ingress Packet size between 201 and 800

fwd_ingress_pkt_size_range3

str

Forward Ingress Packet size between 801 and 1550

fwd_ingress_pkt_size_range4

str

Forward Ingress Packet size between 1551 and 9000

fwd_egress_pkt_size_range1

str

Forward Egress Packet size between 0 and 200

fwd_egress_pkt_size_range2

str

Forward Egress Packet size between 201 and 800

fwd_egress_pkt_size_range3

str

Forward Egress Packet size between 801 and 1550

fwd_egress_pkt_size_range4

str

Forward Egress Packet size between 1551 and 9000

rev_ingress_pkt_size_range1

str

Reverse Ingress Packet size between 0 and 200

rev_ingress_pkt_size_range2

str

Reverse Ingress Packet size between 201 and 800

rev_ingress_pkt_size_range3

str

Reverse Ingress Packet size between 801 and 1550

rev_ingress_pkt_size_range4

str

Reverse Ingress Packet size between 1551 and 9000

rev_egress_pkt_size_range1

str

Reverse Egress Packet size between 0 and 200

rev_egress_pkt_size_range2

str

Reverse Egress Packet size between 201 and 800

rev_egress_pkt_size_range3

str

Reverse Egress Packet size between 801 and 1550

rev_egress_pkt_size_range4

str

Reverse Egress Packet size between 1551 and 9000

Status

  • This module is not guaranteed to have a backwards compatible interface. [preview]

  • This module is maintained by community.

Authors

  • A10 Networks 2021