.. _ddos_dst_zone: ddos dst zone ============= Configure a static zone entry zone Specification ------------------ ===================================== ================================================================== ===================================== ================================================================== **Type** *Collection* **Object Key(s)** *zone-name* **Collection Name** :ref:`817_zone_list` **Collection URI** /axapi/v3/ddos/dst/zone **Element Name** zone **Element URI** /axapi/v3/ddos/dst/zone/{zone-name} **Element Attributes** zone_attributes **Statistics Data URI** /axapi/v3/ddos/dst/zone/{zone-name}/stats **Operational Data URI** /axapi/v3/ddos/dst/zone/{zone-name}/oper **Schema** :download:`zone schema ` ===================================== ================================================================== **Operations Allowed:** .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html
OperationMethodURIPayload
Create Object .. raw:: html POST .. raw:: html /axapi/v3/ddos/dst/zone .. raw:: html :ref:`817_zone_attributes` .. raw:: html
Create List .. raw:: html POST .. raw:: html /axapi/v3/ddos/dst/zone .. raw:: html :ref:`817_zone_attributes` .. raw:: html
Get Object .. raw:: html GET .. raw:: html /axapi/v3/ddos/dst/zone/{zone-name} .. raw:: html :ref:`817_zone_attributes` .. raw:: html
Get List .. raw:: html GET .. raw:: html /axapi/v3/ddos/dst/zone .. raw:: html :ref:`817_zone_list` .. raw:: html
Modify Object .. raw:: html POST .. raw:: html /axapi/v3/ddos/dst/zone/{zone-name} .. raw:: html :ref:`817_zone_attributes` .. raw:: html
Replace Object .. raw:: html PUT .. raw:: html /axapi/v3/ddos/dst/zone/{zone-name} .. raw:: html :ref:`817_zone_attributes` .. raw:: html
Replace List .. raw:: html PUT .. raw:: html /axapi/v3/ddos/dst/zone .. raw:: html :ref:`817_zone_list` .. raw:: html
Delete Object .. raw:: html DELETE .. raw:: html /axapi/v3/ddos/dst/zone/{zone-name} .. raw:: html :ref:`817_zone_attributes` .. raw:: html
.. _817_zone_list: zone-list --------- zone-list is **JSON List** of :ref:`817_zone_attributes` zone-list : [ { :ref:`817_zone_attributes` }, { :ref:`817_zone_attributes` }, ... ] .. _817_zone_attributes: zone attributes --------------- **action-list** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/ddos/action-list ` **advertised-enable** **Description** BGP advertised **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **capture-config-list** **Type:** List **Refernce Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/capture-config/{name} ` **description** **Description** Description for this Destination Zone **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **dest-nat-ip** **Description** Destination NAT IP address **Type:** string **Format:** ipv4-address **dest-nat-ipv6** **Description** Destination NAT IPv6 address **Type:** string **Format:** ipv6-address **drop-frag-pkt** **Description** Drop fragmented packets **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **force-operational-mode** **Description** Force configure operational mode **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid** **Description** Global limit ID for the whole zone **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/glid ` **hw-blacklist-blocking** **Description:** hw-blacklist-blocking is a **JSON Block**. Please see below for :ref:`817_hw-blacklist-blocking` **Type:** Object **Refernce Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/hw-blacklist-blocking ` **inbound-forward-dscp** **Description** To set dscp value for inbound packets (DSCP Value for the clear traffic marking) **Type:** number **Range:** 1-63 **ip** **Type:** List **ip-proto** **Description:** ip-proto is a **JSON Block**. Please see below for :ref:`817_ip-proto` **Type:** Object **Refernce Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto ` **ipv6** **Type:** List **log-enable** **Description** Enable logging **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **log-high-frequency** **Description** Enable High frequency logging for non-event logs per zone **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **log-periodic** **Description** Enable log periodic **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **operational-mode** **Description** 'idle': Idle mode; 'monitor': Monitor mode; 'learning': Learning mode; **Type:** string **Supported Values:** idle, monitor, learning **Default:** idle **outbound-forward-dscp** **Description** To set dscp value for outbound **Type:** number **Range:** 1-63 **outbound-policy** **Description:** outbound-policy is a **JSON Block**. Please see below for :ref:`817_outbound-policy` **Type:** Object **Refernce Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/outbound-policy ` **pattern-recognition-hw-filter-enable** **Description** to enable pattern recognition hardware filter **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **per-addr-glid** **Description** Global limit ID per address **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/glid ` **port** **Description:** port is a **JSON Block**. Please see below for :ref:`817_port` **Type:** Object **Refernce Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port ` **port-range-list** **Type:** List **Refernce Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol} ` **rate-limit** **Description** Rate limit per second per zone(Default : 1 per second) **Type:** number **Range:** 1-1000 **Default:** 1 **reporting-disabled** **Description** Disable Reporting **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **sflow-common** **Description** Enable sFlow counter polling packets, tcp-basic, tcp-stateful and http. WARNING: Zone level Sflow polling might induce heavy CP **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** sflow-commonsflow-packets, sflow-layer-4, sflow-tcp-basic, sflow-tcp-stateful and sflow-http are mutually exclusive **sflow-http** **Description** Enable sFlow HTTP counter polling. WARNING: Zone level Sflow polling might induce heavy CPU load depending on the total number **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** sflow-http and sflow-common are mutually exclusive **sflow-layer-4** **Description** Enable sFlow Layer 4 counter polling. WARNING: Zone level Sflow polling might induce heavy CPU load depending on the number of **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** sflow-layer-4 and sflow-common are mutually exclusive **sflow-packets** **Description** Enable sFlow packet-level counter polling. WARNING: Zone level Sflow polling might induce heavy CPU load depending on the total **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** sflow-packets and sflow-common are mutually exclusive **sflow-tcp** **Description:** sflow-tcp is a **JSON Block**. Please see below for :ref:`817_sflow-tcp` **Type:** Object **slot-number** **Description** Slot number **Type:** number **Range:** 1-2 **source-nat-pool** **Description** Configure source NAT **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **src-port** **Description:** src-port is a **JSON Block**. Please see below for :ref:`817_src-port` **Type:** Object **Refernce Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/src-port ` **src-port-range-list** **Type:** List **Refernce Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/src-port-range/{src-port-range-start}+{src-port-range-end}+{protocol} ` **telemetry-enable** **Description** Enable from-l3-peer flag for the zone, thus all the ip entries in the zone will be dynamically created/deleted based on the BGP **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **traffic-distribution-mode** **Description** 'default': Distribute traffic to one slot using default distribution mechanism; 'source-ip-based': Distribute traffic between slots, based on source ip; 'slot': Assign traffic to a specific slot; **Type:** string **Supported Values:** default, source-ip-based, slot **Default:** default **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **web-gui** **Description:** web-gui is a **JSON Block**. Please see below for :ref:`817_web-gui` **Type:** Object **Refernce Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/web-gui ` **zone-name** **Description** **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **zone-profile** **Description** Apply threshold profile **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/ddos/zone-profile ` **zone-template** **Description:** zone-template is a **JSON Block**. Please see below for :ref:`817_zone-template` **Type:** Object .. _817_outbound-policy: outbound-policy ^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **name** **Description** Specify name of the outbound policy **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/ddos/outbound-policy ` **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _817_ip: ip ^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **expand-ip-subnet** **Description** Expand this subnet to individual IP address **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **expand-ip-subnet-mode** **Description** 'default': Default learning mechanism (Default: Dynamic); 'dynamic': Dynamic learning; 'static': Static learning; **Type:** string **Supported Values:** default, dynamic, static **Default:** default **ip-addr** **Description** Specify IP address **Type:** string **Format:** ipv4-address **subnet-ip-addr** **Description** IP Subnet **Type:** string **Format:** ipv4-cidr .. _817_ip-proto: ip-proto ^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **proto-name-list** **Type:** List **Refernce Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol} ` **proto-number-list** **Type:** List **Refernce Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num} ` **proto-tcp-udp-list** **Type:** List **Refernce Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-tcp-udp/{protocol} ` .. _817_ip-proto_proto-number-list: ip-proto_proto-number-list ^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **age** **Description** Idle age for ip entry **Type:** number **Range:** 2-1023 **Default:** 5 **apply-policy-on-overflow** **Description** Enable this flag to apply overflow policy when dynamic entry count overflows **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **deny** **Description** Blacklist and Drop all incoming packets for this ip-proto **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **drop-frag-pkt** **Description** Drop fragmented packets **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dynamic-entry-overflow-policy-list** **Type:** List **Refernce Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}/dynamic-entry-overflow-policy/{dummy-name} ` **enable-class-list-overflow** **Description** Apply class-list overflow policy upon exceeding dynamic entry count specified for zone-port or class-list **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **enable-top-k** **Description** Enable ddos top-k detection **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **esp-inspect** **Description:** esp-inspect is a **JSON Block**. Please see below for :ref:`817_ip-proto_proto-number-list_esp-inspect` **Type:** Object **glid-cfg** **Description:** glid-cfg is a **JSON Block**. Please see below for :ref:`817_ip-proto_proto-number-list_glid-cfg` **Type:** Object **level-list** **Type:** List **Refernce Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}/level/{level-num} ` **manual-mode-enable** **Description** Toggle manual mode to use fix templates **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **manual-mode-list** **Type:** List **Refernce Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}/manual-mode/{config} ` **max-dynamic-entry-count** **Description** Maximum count for dynamic source zone service entry **Type:** number **Range:** 0-2147483647 **port-ind** **Description:** port-ind is a **JSON Block**. Please see below for :ref:`817_ip-proto_proto-number-list_port-ind` **Type:** Object **Refernce Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}/port-ind ` **protocol-num** **Description** Protocol Number **Type:** number **Range:** 0-255 **src-based-policy-list** **Type:** List **Refernce Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}/src-based-policy/{src-based-policy-name} ` **topk-sources** **Description:** topk-sources is a **JSON Block**. Please see below for :ref:`817_ip-proto_proto-number-list_topk-sources` **Type:** Object **Refernce Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}/topk-sources ` **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _817_ip-proto_proto-number-list_src-based-policy-list: ip-proto_proto-number-list_src-based-policy-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **policy-class-list-list** **Type:** List **Refernce Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}/src-based-policy/{src-based-policy-name}/policy-class-list/{class-list-name} ` **src-based-policy-name** **Description** Specify name of the policy **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _817_ip-proto_proto-number-list_src-based-policy-list_policy-class-list-list: ip-proto_proto-number-list_src-based-policy-list_policy-class-list-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **action** **Description** 'bypass': Always permit for the Source to bypass all feature & limit checks; 'deny': Blacklist incoming packets for service; **Type:** string **Supported Values:** bypass, deny **class-list-name** **Description** Class-list name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **class-list-overflow-policy-list** **Type:** List **Refernce Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}/src-based-policy/{src-based-policy-name}/policy-class-list/{class-list-name}/class-list-overflow-policy/{dummy-name} ` **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/glid ` **glid-action** **Description** 'drop': Drop packets for glid exceed (Default); 'blacklist-src': Blacklist-src for glid exceed; 'ignore': Do nothing for glid exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **log-enable** **Description** Enable logging **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **log-periodic** **Description** Enable log periodic **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **max-dynamic-entry-count** **Description** Maximum count for dynamic source zone service entry allowed for this class-list **Type:** number **Range:** 0-2147483647 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-template** **Description:** zone-template is a **JSON Block**. Please see below for :ref:`817_ip-proto_proto-number-list_src-based-policy-list_policy-class-list-list_zone-template` **Type:** Object .. _817_ip-proto_proto-number-list_src-based-policy-list_policy-class-list-list_zone-template: ip-proto_proto-number-list_src-based-policy-list_policy-class-list-list_zone-template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **encap** **Description** DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **ip-proto** **Description** DDOS ip-proto template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **logging** **Description** DDOS logging template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _817_ip-proto_proto-number-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list: ip-proto_proto-number-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **action** **Description** 'bypass': Always permit for the Source to bypass all feature & limit checks; 'deny': Blacklist incoming packets for service; **Type:** string **Supported Values:** bypass, deny **dummy-name** **Description** 'configuration': Configure overflow policy for class-list; **Type:** string **Supported Values:** configuration **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/glid ` **log-enable** **Description** Enable logging **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **log-periodic** **Description** Enable log periodic **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-template** **Description:** zone-template is a **JSON Block**. Please see below for :ref:`817_ip-proto_proto-number-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list_zone-template` **Type:** Object .. _817_ip-proto_proto-number-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list_zone-template: ip-proto_proto-number-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list_zone-template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **ip-proto** **Description** DDOS ip-proto template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _817_ip-proto_proto-number-list_esp-inspect: ip-proto_proto-number-list_esp-inspect ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **auth-algorithm** **Description** 'AUTH_NULL': No Integrity Check Value; 'HMAC-SHA-1-96': 96 bit Auth Algo; 'HMAC-SHA-256-96': 96 bit Auth Algo; 'HMAC-SHA-256-128': 128 bit Auth Algo; 'HMAC-SHA-384-192': 192 bit Auth Algo; 'HMAC-SHA-512-256': 256 bit Auth Algo; 'HMAC-MD5-96': 96 bit Auth Algo; 'MAC-RIPEMD-160-96': 96 bit Auth Algo; **Type:** string **Supported Values:** AUTH_NULL, HMAC-SHA-1-96, HMAC-SHA-256-96, HMAC-SHA-256-128, HMAC-SHA-384-192, HMAC-SHA-512-256, HMAC-MD5-96, MAC-RIPEMD-160-96 **encrypt-algorithm** **Description** 'NULL': Null Encryption Algorithm; **Type:** string **Supported Values:** NULL **mode** **Description** 'transport': Transport mode; **Type:** string **Supported Values:** transport .. _817_ip-proto_proto-number-list_port-ind: ip-proto_proto-number-list_port-ind ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _817_ip-proto_proto-number-list_dynamic-entry-overflow-policy-list: ip-proto_proto-number-list_dynamic-entry-overflow-policy-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **action** **Description** 'bypass': Always permit for the Source to bypass all feature & limit checks; 'deny': Blacklist incoming packets for service; **Type:** string **Supported Values:** bypass, deny **dummy-name** **Description** 'configuration': Configure overflow policy; **Type:** string **Supported Values:** configuration **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/glid ` **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-template** **Description:** zone-template is a **JSON Block**. Please see below for :ref:`817_ip-proto_proto-number-list_dynamic-entry-overflow-policy-list_zone-template` **Type:** Object .. _817_ip-proto_proto-number-list_dynamic-entry-overflow-policy-list_zone-template: ip-proto_proto-number-list_dynamic-entry-overflow-policy-list_zone-template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **ip-proto** **Description** DDOS ip-proto template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _817_ip-proto_proto-number-list_topk-sources: ip-proto_proto-number-list_topk-sources ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _817_ip-proto_proto-number-list_level-list: ip-proto_proto-number-list_level-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **glid-action** **Description** 'drop': Drop packets for glid exceed (Default); 'blacklist-src': Blacklist-src for glid exceed; 'ignore': Do nothing for glid exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **indicator-list** **Type:** List **Refernce Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}/level/{level-num}/indicator/{type} ` **level-num** **Description** '0': Default policy level; '1': Policy level 1; '2': Policy level 2; '3': Policy level 3; '4': Policy level 4; **Type:** string **Supported Values:** 0, 1, 2, 3, 4 **src-default-glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/glid ` **src-escalation-score** **Description** Source activation score of this level **Type:** number **Range:** 1-1000000 **src-violation-actions** **Description** Violation actions apply due to source escalate from this level **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/ddos/violation-actions ` **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-escalation-score** **Description** Zone activation score of this level **Type:** number **Range:** 1-1000000 **zone-template** **Description:** zone-template is a **JSON Block**. Please see below for :ref:`817_ip-proto_proto-number-list_level-list_zone-template` **Type:** Object **zone-violation-actions** **Description** Violation actions apply due to zone escalate from this level **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/ddos/violation-actions ` .. _817_ip-proto_proto-number-list_level-list_zone-template: ip-proto_proto-number-list_level-list_zone-template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **encap** **Description** DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **ip-proto** **Description** DDOS ip-proto template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _817_ip-proto_proto-number-list_level-list_indicator-list: ip-proto_proto-number-list_level-list_indicator-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **data-packet-size** **Description** Expected minimal data size **Type:** number **Range:** 0-2147483647 **score** **Description** Score corresponding to the indicator **Type:** number **Range:** 1-1000000 **src-threshold-num** **Description** Indicator per-src threshold **Type:** number **Range:** 0-2147483647 **src-threshold-str** **Description** Indicator per-src threshold **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters **src-violation-actions** **Description** Violation actions to use when this src indicator threshold reaches **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/ddos/violation-actions ` **type** **Description** 'pkt-rate': rate of incoming packets; 'pkt-drop-rate': rate of packets got dropped; 'pkt-drop-ratio': ratio of incoming packet rate divided by the rate of dropping packets; 'bytes-to-bytes-from-ratio': ratio of incoming packet rate divided by the rate of outgoing packets; 'frag-rate': rate of incoming fragmented packets; 'cpu-utilization': average data CPU utilization; 'interface-utilization': outside interface utilization; **Type:** string **Supported Values:** pkt-rate, pkt-drop-rate, pkt-drop-ratio, bytes-to-bytes-from-ratio, frag-rate, cpu-utilization, interface-utilization **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-threshold-num** **Description** Threshold for the entire zone **Type:** number **Range:** 0-2147483647 **zone-threshold-str** **Description** Threshold for the entire zone **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters **zone-violation-actions** **Description** Violation actions to use when this zone indicator threshold reaches **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/ddos/violation-actions ` .. _817_ip-proto_proto-number-list_glid-cfg: ip-proto_proto-number-list_glid-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **action-list** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/ddos/action-list ` **glid** **Description** Global limit ID for the whole zone **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/glid ` **glid-action** **Description** 'drop': Drop packets for glid exceed (Default); 'ignore': Do nothing for glid exceed; **Type:** string **Supported Values:** drop, ignore **per-addr-glid** **Description** Global limit ID per address **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/glid ` .. _817_ip-proto_proto-number-list_manual-mode-list: ip-proto_proto-number-list_manual-mode-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **config** **Description** 'configuration': Manual-mode configuration; **Type:** string **Supported Values:** configuration **glid-action** **Description** 'drop': Drop packets for glid exceed (Default); 'blacklist-src': Blacklist-src for glid exceed; 'ignore': Do nothing for glid exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **src-default-glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/glid ` **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-template** **Description:** zone-template is a **JSON Block**. Please see below for :ref:`817_ip-proto_proto-number-list_manual-mode-list_zone-template` **Type:** Object .. _817_ip-proto_proto-number-list_manual-mode-list_zone-template: ip-proto_proto-number-list_manual-mode-list_zone-template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **encap** **Description** DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **ip-proto** **Description** DDOS ip-proto template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _817_ip-proto_proto-name-list: ip-proto_proto-name-list ^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **age** **Description** Idle age for ip entry **Type:** number **Range:** 2-1023 **Default:** 5 **apply-policy-on-overflow** **Description** Enable this flag to apply overflow policy when dynamic entry count overflows **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **deny** **Description** Blacklist and Drop all incoming packets for ip-proto icmp-v4 **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **drop-frag-pkt** **Description** Drop fragmented packets **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dynamic-entry-overflow-policy-list** **Type:** List **Refernce Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol}/dynamic-entry-overflow-policy/{dummy-name} ` **enable-class-list-overflow** **Description** Apply class-list overflow policy upon exceeding dynamic entry count specified for zone-port or class-list **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **enable-top-k** **Description** Enable ddos top-k detection **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid-cfg** **Description:** glid-cfg is a **JSON Block**. Please see below for :ref:`817_ip-proto_proto-name-list_glid-cfg` **Type:** Object **key-cfg** **Type:** List **level-list** **Type:** List **Refernce Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol}/level/{level-num} ` **manual-mode-enable** **Description** Toggle manual mode to use fix templates **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **manual-mode-list** **Type:** List **Refernce Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol}/manual-mode/{config} ` **max-dynamic-entry-count** **Description** Maximum count for dynamic source zone service entry **Type:** number **Range:** 0-2147483647 **port-ind** **Description:** port-ind is a **JSON Block**. Please see below for :ref:`817_ip-proto_proto-name-list_port-ind` **Type:** Object **Refernce Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol}/port-ind ` **protocol** **Description** 'icmp-v4': ip-proto icmp-v4; 'icmp-v6': ip-proto icmp-v6; 'other': ip-proto other; 'gre': ip-proto gre; 'ipv4-encap': ip-proto IPv4 Encapsulation; 'ipv6-encap': ip-proto IPv6 Encapsulation; **Type:** string **Supported Values:** icmp-v4, icmp-v6, other, gre, ipv4-encap, ipv6-encap **src-based-policy-list** **Type:** List **Refernce Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol}/src-based-policy/{src-based-policy-name} ` **topk-sources** **Description:** topk-sources is a **JSON Block**. Please see below for :ref:`817_ip-proto_proto-name-list_topk-sources` **Type:** Object **Refernce Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol}/topk-sources ` **tunnel-decap** **Description** Enable tunnel decapsulation **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **tunnel-rate-limit** **Description** Enable DDOS-protection on tunnel traffic **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _817_ip-proto_proto-name-list_src-based-policy-list: ip-proto_proto-name-list_src-based-policy-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **policy-class-list-list** **Type:** List **Refernce Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol}/src-based-policy/{src-based-policy-name}/policy-class-list/{class-list-name} ` **src-based-policy-name** **Description** Specify name of the policy **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _817_ip-proto_proto-name-list_src-based-policy-list_policy-class-list-list: ip-proto_proto-name-list_src-based-policy-list_policy-class-list-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **action** **Description** 'bypass': Always permit for the Source to bypass all feature & limit checks; 'deny': Blacklist incoming packets for service; **Type:** string **Supported Values:** bypass, deny **class-list-name** **Description** Class-list name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **class-list-overflow-policy-list** **Type:** List **Refernce Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol}/src-based-policy/{src-based-policy-name}/policy-class-list/{class-list-name}/class-list-overflow-policy/{dummy-name} ` **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/glid ` **glid-action** **Description** 'drop': Drop packets for glid exceed (Default); 'blacklist-src': Blacklist-src for glid exceed; 'ignore': Do nothing for glid exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **log-enable** **Description** Enable logging **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **log-periodic** **Description** Enable log periodic **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **max-dynamic-entry-count** **Description** Maximum count for dynamic source zone service entry allowed for this class-list **Type:** number **Range:** 0-2147483647 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-template** **Description:** zone-template is a **JSON Block**. Please see below for :ref:`817_ip-proto_proto-name-list_src-based-policy-list_policy-class-list-list_zone-template` **Type:** Object .. _817_ip-proto_proto-name-list_src-based-policy-list_policy-class-list-list_zone-template: ip-proto_proto-name-list_src-based-policy-list_policy-class-list-list_zone-template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **encap** **Description** DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **icmp-v4** **Description** DDOS icmp-v4 template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **icmp-v6** **Description** DDOS icmp-v6 template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **ip-proto** **Description** DDOS ip-proto template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **logging** **Description** DDOS logging template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _817_ip-proto_proto-name-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list: ip-proto_proto-name-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **action** **Description** 'bypass': Always permit for the Source to bypass all feature & limit checks; 'deny': Blacklist incoming packets for service; **Type:** string **Supported Values:** bypass, deny **dummy-name** **Description** 'configuration': Configure overflow policy for class-list; **Type:** string **Supported Values:** configuration **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/glid ` **log-enable** **Description** Enable logging **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **log-periodic** **Description** Enable log periodic **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-template** **Description:** zone-template is a **JSON Block**. Please see below for :ref:`817_ip-proto_proto-name-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list_zone-template` **Type:** Object .. _817_ip-proto_proto-name-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list_zone-template: ip-proto_proto-name-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list_zone-template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **encap** **Description** DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **icmp-v4** **Description** DDOS icmp-v4 template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **icmp-v6** **Description** DDOS icmp-v6 template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **ip-proto** **Description** DDOS ip-proto template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _817_ip-proto_proto-name-list_port-ind: ip-proto_proto-name-list_port-ind ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _817_ip-proto_proto-name-list_key-cfg: ip-proto_proto-name-list_key-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **key** **Description** Only decapsulate GRE packet with this key (Hexadecimal 0x0-0xFFFFFFFF,decimal 0-4294967295) **Type:** string **Maximum Length:** 10 characters **Maximum Length:** 1 characters .. _817_ip-proto_proto-name-list_glid-cfg: ip-proto_proto-name-list_glid-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **action-list** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/ddos/action-list ` **glid** **Description** Global limit ID for the whole zone **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/glid ` **glid-action** **Description** 'drop': Drop packets for glid exceed (Default); 'ignore': Do nothing for glid exceed; **Type:** string **Supported Values:** drop, ignore **per-addr-glid** **Description** Global limit ID per address **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/glid ` .. _817_ip-proto_proto-name-list_dynamic-entry-overflow-policy-list: ip-proto_proto-name-list_dynamic-entry-overflow-policy-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **action** **Description** 'bypass': Always permit for the Source to bypass all feature & limit checks; 'deny': Blacklist incoming packets for service; **Type:** string **Supported Values:** bypass, deny **dummy-name** **Description** 'configuration': Configure overflow policy; **Type:** string **Supported Values:** configuration **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/glid ` **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-template** **Description:** zone-template is a **JSON Block**. Please see below for :ref:`817_ip-proto_proto-name-list_dynamic-entry-overflow-policy-list_zone-template` **Type:** Object .. _817_ip-proto_proto-name-list_dynamic-entry-overflow-policy-list_zone-template: ip-proto_proto-name-list_dynamic-entry-overflow-policy-list_zone-template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **encap** **Description** DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **icmp-v4** **Description** DDOS icmp-v4 template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **icmp-v6** **Description** DDOS icmp-v6 template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **ip-proto** **Description** DDOS ip-proto template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _817_ip-proto_proto-name-list_level-list: ip-proto_proto-name-list_level-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **glid-action** **Description** 'drop': Drop packets for glid exceed (Default); 'blacklist-src': Blacklist-src for glid exceed; 'ignore': Do nothing for glid exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **indicator-list** **Type:** List **Refernce Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol}/level/{level-num}/indicator/{type} ` **level-num** **Description** '0': Default policy level; '1': Policy level 1; '2': Policy level 2; '3': Policy level 3; '4': Policy level 4; **Type:** string **Supported Values:** 0, 1, 2, 3, 4 **src-default-glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/glid ` **src-escalation-score** **Description** Source activation score of this level **Type:** number **Range:** 1-1000000 **src-violation-actions** **Description** Violation actions apply due to source escalate from this level **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/ddos/violation-actions ` **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-escalation-score** **Description** Zone activation score of this level **Type:** number **Range:** 1-1000000 **zone-template** **Description:** zone-template is a **JSON Block**. Please see below for :ref:`817_ip-proto_proto-name-list_level-list_zone-template` **Type:** Object **zone-violation-actions** **Description** Violation actions apply due to zone escalate from this level **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/ddos/violation-actions ` .. _817_ip-proto_proto-name-list_level-list_zone-template: ip-proto_proto-name-list_level-list_zone-template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **encap** **Description** DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **icmp-v4** **Description** DDOS icmp-v4 template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **icmp-v6** **Description** DDOS icmp-v6 template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **ip-proto** **Description** DDOS ip-proto template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _817_ip-proto_proto-name-list_level-list_indicator-list: ip-proto_proto-name-list_level-list_indicator-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **data-packet-size** **Description** Expected minimal data size **Type:** number **Range:** 0-2147483647 **score** **Description** Score corresponding to the indicator **Type:** number **Range:** 1-1000000 **src-threshold-num** **Description** Indicator per-src threshold **Type:** number **Range:** 0-2147483647 **src-threshold-str** **Description** Indicator per-src threshold **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters **src-violation-actions** **Description** Violation actions to use when this src indicator threshold reaches **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/ddos/violation-actions ` **type** **Description** 'pkt-rate': rate of incoming packets; 'pkt-drop-rate': rate of packets got dropped; 'pkt-drop-ratio': ratio of incoming packet rate divided by the rate of dropping packets; 'bytes-to-bytes-from-ratio': ratio of incoming packet rate divided by the rate of outgoing packets; 'frag-rate': rate of incoming fragmented packets; 'cpu-utilization': average data CPU utilization; 'interface-utilization': outside interface utilization; **Type:** string **Supported Values:** pkt-rate, pkt-drop-rate, pkt-drop-ratio, bytes-to-bytes-from-ratio, frag-rate, cpu-utilization, interface-utilization **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-threshold-num** **Description** Threshold for the entire zone **Type:** number **Range:** 0-2147483647 **zone-threshold-str** **Description** Threshold for the entire zone **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters **zone-violation-actions** **Description** Violation actions to use when this zone indicator threshold reaches **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/ddos/violation-actions ` .. _817_ip-proto_proto-name-list_topk-sources: ip-proto_proto-name-list_topk-sources ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _817_ip-proto_proto-name-list_manual-mode-list: ip-proto_proto-name-list_manual-mode-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **config** **Description** 'configuration': Manual-mode configuration; **Type:** string **Supported Values:** configuration **glid-action** **Description** 'drop': Drop packets for glid exceed (Default); 'blacklist-src': Blacklist-src for glid exceed; 'ignore': Do nothing for glid exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **src-default-glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/glid ` **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-template** **Description:** zone-template is a **JSON Block**. Please see below for :ref:`817_ip-proto_proto-name-list_manual-mode-list_zone-template` **Type:** Object .. _817_ip-proto_proto-name-list_manual-mode-list_zone-template: ip-proto_proto-name-list_manual-mode-list_zone-template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **encap** **Description** DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **icmp-v4** **Description** DDOS icmp-v4 template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **icmp-v6** **Description** DDOS icmp-v6 template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **ip-proto** **Description** DDOS ip-proto template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _817_ip-proto_proto-tcp-udp-list: ip-proto_proto-tcp-udp-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **deny** **Description** Blacklist and Drop all incoming packets for this ip-proto **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **drop-frag-pkt** **Description** Drop fragmented packets **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid-cfg** **Description:** glid-cfg is a **JSON Block**. Please see below for :ref:`817_ip-proto_proto-tcp-udp-list_glid-cfg` **Type:** Object **protocol** **Description** 'tcp': ip-proto tcp; 'udp': ip-proto udp; **Type:** string **Supported Values:** tcp, udp **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _817_ip-proto_proto-tcp-udp-list_glid-cfg: ip-proto_proto-tcp-udp-list_glid-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **action-list** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/ddos/action-list ` **glid** **Description** Global limit ID for the whole zone **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/glid ` **glid-action** **Description** 'drop': Drop packets for glid exceed (Default); 'ignore': Do nothing for glid exceed; **Type:** string **Supported Values:** drop, ignore **per-addr-glid** **Description** Global limit ID per address **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/glid ` .. _817_port-range-list: port-range-list ^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **age** **Description** Idle age for ip entry **Type:** number **Range:** 2-1023 **Default:** 5 **apply-policy-on-overflow** **Description** Enable this flag to apply overflow policy when dynamic entry count overflows **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **default-action-list** **Description** Configure default-action-list **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/ddos/action-list ` **deny** **Description** Blacklist and Drop all incoming packets for protocol **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dynamic-entry-overflow-policy-list** **Type:** List **Refernce Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/dynamic-entry-overflow-policy/{dummy-name} ` **enable-class-list-overflow** **Description** Apply class-list overflow policy upon exceeding dynamic entry count specified under zone port or each class-list **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **enable-top-k** **Description** Enable ddos top-k detection **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid-cfg** **Description:** glid-cfg is a **JSON Block**. Please see below for :ref:`817_port-range-list_glid-cfg` **Type:** Object **ips** **Description:** ips is a **JSON Block**. Please see below for :ref:`817_port-range-list_ips` **Type:** Object **Refernce Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/ips ` **level-list** **Type:** List **Refernce Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/level/{level-num} ` **manual-mode-enable** **Description** Toggle manual mode to use fix templates **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **manual-mode-list** **Type:** List **Refernce Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/manual-mode/{config} ` **max-dynamic-entry-count** **Description** Maximum count for dynamic source zone service entry **Type:** number **Range:** 0-2147483647 **outbound-only** **Description** Only allow outbound traffic **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **pattern-recognition** **Description:** pattern-recognition is a **JSON Block**. Please see below for :ref:`817_port-range-list_pattern-recognition` **Type:** Object **Refernce Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/pattern-recognition ` **port-ind** **Description:** port-ind is a **JSON Block**. Please see below for :ref:`817_port-range-list_port-ind` **Type:** Object **Refernce Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/port-ind ` **port-range-end** **Description** Port-Range End Port Number **Type:** number **Range:** 1-65535 **port-range-start** **Description** Port-Range Start Port Number **Type:** number **Range:** 1-65535 **protocol** **Description** 'dns-tcp': DNS-TCP Port; 'dns-udp': DNS-UDP Port; 'http': HTTP Port; 'tcp': TCP Port; 'udp': UDP Port; 'ssl-l4': SSL-L4 Port; 'sip-udp': SIP-UDP Port; 'sip-tcp': SIP-TCP Port; **Type:** string **Supported Values:** dns-tcp, dns-udp, http, tcp, udp, ssl-l4, sip-udp, sip-tcp, quic **sflow-common** **Description** Enable all sFlow polling options under this zone port **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** sflow-commonsflow-packets, sflow-tcp-basic, sflow-tcp-stateful and sflow-http are mutually exclusive **sflow-http** **Description** Enable sFlow HTTP counter polling **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** sflow-http and sflow-common are mutually exclusive **sflow-packets** **Description** Enable sFlow packet-level counter polling **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** sflow-packets and sflow-common are mutually exclusive **sflow-tcp** **Description:** sflow-tcp is a **JSON Block**. Please see below for :ref:`817_port-range-list_sflow-tcp` **Type:** Object **src-based-policy-list** **Type:** List **Refernce Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/src-based-policy/{src-based-policy-name} ` **stateful** **Description** Enable stateful tracking of sessions (Default is stateless) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **topk-sources** **Description:** topk-sources is a **JSON Block**. Please see below for :ref:`817_port-range-list_topk-sources` **Type:** Object **Refernce Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/topk-sources ` **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-template** **Description:** zone-template is a **JSON Block**. Please see below for :ref:`817_port-range-list_zone-template` **Type:** Object .. _817_port-range-list_pattern-recognition: port-range-list_pattern-recognition ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **algorithm** **Description** 'heuristic': heuristic algorithm; **Type:** string **Supported Values:** heuristic **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _817_port-range-list_ips: port-range-list_ips ^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _817_port-range-list_glid-cfg: port-range-list_glid-cfg ^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **action-list** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/ddos/action-list ` **glid** **Description** Global limit ID for the whole zone **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/glid ` **glid-action** **Description** 'drop': Drop packets for glid exceed (Default if default-action-list is not configured); 'ignore': Do nothing for glid exceed; **Type:** string **Supported Values:** drop, ignore **per-addr-glid** **Description** Global limit ID per address **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/glid ` .. _817_port-range-list_zone-template: port-range-list_zone-template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **ips** **Description** IPS template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _817_port-range-list_level-list: port-range-list_level-list ^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **apply-extracted-filters** **Description** Apply extracted filters from this level **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid-action** **Description** 'drop': Drop packets for glid exceed (Default); 'blacklist-src': Blacklist-src for glid exceed; 'ignore': Do nothing for glid exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **indicator-list** **Type:** List **Refernce Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/level/{level-num}/indicator/{type} ` **level-num** **Description** '0': Default policy level; '1': Policy level 1; '2': Policy level 2; '3': Policy level 3; '4': Policy level 4; **Type:** string **Supported Values:** 0, 1, 2, 3, 4 **src-default-glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/glid ` **src-escalation-score** **Description** Source activation score of this level **Type:** number **Range:** 1-1000000 **src-violation-actions** **Description** Violation actions apply due to source escalate from this level **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/ddos/violation-actions ` **start-pattern-recognition** **Description** Start pattern recognition from this level **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-escalation-score** **Description** Zone activation score of this level **Type:** number **Range:** 1-1000000 **zone-template** **Description:** zone-template is a **JSON Block**. Please see below for :ref:`817_port-range-list_level-list_zone-template` **Type:** Object **zone-violation-actions** **Description** Violation actions apply due to zone escalate from this level **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/ddos/violation-actions ` .. _817_port-range-list_level-list_zone-template: port-range-list_level-list_zone-template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **dns** **Description** DDOS dns template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **encap** **Description** DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **http** **Description** DDOS http template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **quic** **Description** DDOS quic template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **sip** **Description** DDOS sip template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **ssl-l4** **Description** DDOS ssl-l4 template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **tcp** **Description** DDOS tcp template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **udp** **Description** DDOS udp template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _817_port-range-list_level-list_indicator-list: port-range-list_level-list_indicator-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **data-packet-size** **Description** Expected minimal data size **Type:** number **Range:** 0-2147483647 **score** **Description** Score corresponding to the indicator **Type:** number **Range:** 1-1000000 **src-threshold-num** **Description** Indicator per-src threshold **Type:** number **Range:** 0-2147483647 **src-threshold-str** **Description** Indicator per-src threshold **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters **src-violation-actions** **Description** Violation actions to use when this src indicator threshold reaches **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/ddos/violation-actions ` **tcp-window-size** **Description** Expected minimal window size **Type:** number **Range:** 0-2147483647 **type** **Description** 'pkt-rate': rate of incoming packets; 'pkt-drop-rate': rate of packets got dropped; 'pkt-drop-ratio': ratio of incoming packet rate divided by the rate of dropping packets; 'bytes-to-bytes-from-ratio': ratio of incoming packet rate divided by the rate of outgoing packets; 'concurrent-conns': number of concurrent connections; 'conn-miss-rate': rate of incoming packets for which no previously established connection exists; 'syn-rate': rate on incoming SYN packets; 'fin-rate': rate on incoming FIN packets; 'rst-rate': rate of incoming RST packets; 'small-window-ack-rate': rate of small window advertisement; 'empty-ack-rate': rate of incoming packets which have no payload; 'small-payload-rate': rate of short payload packet; 'syn-fin-ratio': ratio of incoming SYN packet rate divided by the rate of incoming FIN packets; 'cpu-utilization': average data CPU utilization; 'interface-utilization': outside interface utilization; **Type:** string **Supported Values:** pkt-rate, pkt-drop-rate, pkt-drop-ratio, bytes-to-bytes-from-ratio, concurrent-conns, conn-miss-rate, syn-rate, fin-rate, rst-rate, small-window-ack-rate, empty-ack-rate, small-payload-rate, syn-fin-ratio, cpu-utilization, interface-utilization **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-threshold-num** **Description** Threshold for the entire zone **Type:** number **Range:** 0-2147483647 **zone-threshold-str** **Description** Threshold for the entire zone **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters **zone-violation-actions** **Description** Violation actions to use when this zone indicator threshold reaches **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/ddos/violation-actions ` .. _817_port-range-list_manual-mode-list: port-range-list_manual-mode-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **config** **Description** 'configuration': Manual-mode configuration; **Type:** string **Supported Values:** configuration **glid-action** **Description** 'drop': Drop packets for glid exceed (Default); 'blacklist-src': Blacklist-src for glid exceed; 'ignore': Do nothing for glid exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **src-default-glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/glid ` **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-template** **Description:** zone-template is a **JSON Block**. Please see below for :ref:`817_port-range-list_manual-mode-list_zone-template` **Type:** Object .. _817_port-range-list_manual-mode-list_zone-template: port-range-list_manual-mode-list_zone-template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **dns** **Description** DDOS dns template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **encap** **Description** DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **http** **Description** DDOS http template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **quic** **Description** DDOS quic template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **sip** **Description** DDOS sip template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **ssl-l4** **Description** DDOS ssl-l4 template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **tcp** **Description** DDOS tcp template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **udp** **Description** DDOS udp template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _817_port-range-list_src-based-policy-list: port-range-list_src-based-policy-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **policy-class-list-list** **Type:** List **Refernce Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/src-based-policy/{src-based-policy-name}/policy-class-list/{class-list-name} ` **src-based-policy-name** **Description** Specify name of the policy **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _817_port-range-list_src-based-policy-list_policy-class-list-list: port-range-list_src-based-policy-list_policy-class-list-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **action** **Description** 'bypass': Always permit for the Source to bypass all feature & limit checks; 'deny': Blacklist incoming packets for service; **Type:** string **Supported Values:** bypass, deny **class-list-name** **Description** Class-list name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **class-list-overflow-policy-list** **Type:** List **Refernce Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/src-based-policy/{src-based-policy-name}/policy-class-list/{class-list-name}/class-list-overflow-policy/{dummy-name} ` **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/glid ` **glid-action** **Description** 'drop': Drop packets for glid exceed (Default); 'blacklist-src': Blacklist-src for glid exceed; 'ignore': Do nothing for glid exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **max-dynamic-entry-count** **Description** Maximum count for dynamic source zone service entry allowed for this class-list **Type:** number **Range:** 0-2147483647 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-template** **Description:** zone-template is a **JSON Block**. Please see below for :ref:`817_port-range-list_src-based-policy-list_policy-class-list-list_zone-template` **Type:** Object .. _817_port-range-list_src-based-policy-list_policy-class-list-list_zone-template: port-range-list_src-based-policy-list_policy-class-list-list_zone-template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **dns** **Description** DDOS dns template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **encap** **Description** DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **http** **Description** DDOS http template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **ips** **Description** IPS template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **logging** **Description** DDOS logging template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **quic** **Description** DDOS quic template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **sip** **Description** DDOS sip template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **ssl-l4** **Description** DDOS ssl-l4 template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **tcp** **Description** DDOS tcp template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **udp** **Description** DDOS udp template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _817_port-range-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list: port-range-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **action** **Description** 'bypass': Always permit for the Source to bypass all feature & limit checks; 'deny': Blacklist incoming packets for service; **Type:** string **Supported Values:** bypass, deny **dummy-name** **Description** 'configuration': Configure overflow policy for class-list; **Type:** string **Supported Values:** configuration **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/glid ` **log-enable** **Description** Enable logging **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **log-periodic** **Description** Enable log periodic **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-template** **Description:** zone-template is a **JSON Block**. Please see below for :ref:`817_port-range-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list_zone-template` **Type:** Object .. _817_port-range-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list_zone-template: port-range-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list_zone-template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **dns** **Description** DDOS dns template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **encap** **Description** DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **http** **Description** DDOS http template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **logging** **Description** DDOS logging template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **quic** **Description** DDOS quic template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **sip** **Description** DDOS sip template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **ssl-l4** **Description** DDOS ssl-l4 template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **tcp** **Description** DDOS tcp template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **udp** **Description** DDOS udp template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _817_port-range-list_port-ind: port-range-list_port-ind ^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _817_port-range-list_sflow-tcp: port-range-list_sflow-tcp ^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **sflow-tcp-basic** **Description** Enable sFlow basic TCP counter polling **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** sflow-tcp-basic and sflow-common are mutually exclusive **sflow-tcp-stateful** **Description** Enable sFlow stateful TCP counter polling **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** sflow-tcp-stateful and sflow-common are mutually exclusive .. _817_port-range-list_topk-sources: port-range-list_topk-sources ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _817_port-range-list_dynamic-entry-overflow-policy-list: port-range-list_dynamic-entry-overflow-policy-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **action** **Description** 'bypass': Always permit for the Source to bypass all feature & limit checks; 'deny': Blacklist incoming packets for service; **Type:** string **Supported Values:** bypass, deny **dummy-name** **Description** 'configuration': Configure overflow policy; **Type:** string **Supported Values:** configuration **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/glid ` **log-enable** **Description** Enable logging **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **log-periodic** **Description** Enable log periodic **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-template** **Description:** zone-template is a **JSON Block**. Please see below for :ref:`817_port-range-list_dynamic-entry-overflow-policy-list_zone-template` **Type:** Object .. _817_port-range-list_dynamic-entry-overflow-policy-list_zone-template: port-range-list_dynamic-entry-overflow-policy-list_zone-template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **dns** **Description** DDOS dns template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **encap** **Description** DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **http** **Description** DDOS http template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **logging** **Description** DDOS logging template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **quic** **Description** DDOS quic template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **sip** **Description** DDOS sip template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **ssl-l4** **Description** DDOS ssl-l4 template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **tcp** **Description** DDOS tcp template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **udp** **Description** DDOS udp template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _817_port: port ^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **zone-service-list** **Type:** List **Refernce Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol} ` **zone-service-other-list** **Type:** List **Refernce Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol} ` .. _817_port_zone-service-list: port_zone-service-list ^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **apply-policy-on-overflow** **Description** Enable this flag to apply overflow policy when dynamic entry count overflows **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **capture-config** **Description:** capture-config is a **JSON Block**. Please see below for :ref:`817_port_zone-service-list_capture-config` **Type:** Object **default-action-list** **Description** Configure default-action-list **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/ddos/action-list ` **deny** **Description** Blacklist and Drop all incoming packets for protocol **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dynamic-entry-overflow-policy-list** **Type:** List **Refernce Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/dynamic-entry-overflow-policy/{dummy-name} ` **enable-class-list-overflow** **Description** Apply class-list overflow policy upon exceeding dynamic entry count specified for zone-port or class-list **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **enable-top-k** **Description** Enable ddos top-k detection **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid-cfg** **Description:** glid-cfg is a **JSON Block**. Please see below for :ref:`817_port_zone-service-list_glid-cfg` **Type:** Object **ips** **Description:** ips is a **JSON Block**. Please see below for :ref:`817_port_zone-service-list_ips` **Type:** Object **Refernce Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/ips ` **level-list** **Type:** List **Refernce Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/level/{level-num} ` **manual-mode-enable** **Description** Toggle manual mode to use fix templates **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **manual-mode-list** **Type:** List **Refernce Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/manual-mode/{config} ` **max-dynamic-entry-count** **Description** Maximum count for dynamic source zone service entry **Type:** number **Range:** 0-2147483647 **outbound-only** **Description** Only allow outbound traffic **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **pattern-recognition** **Description:** pattern-recognition is a **JSON Block**. Please see below for :ref:`817_port_zone-service-list_pattern-recognition` **Type:** Object **Refernce Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/pattern-recognition ` **port-ind** **Description:** port-ind is a **JSON Block**. Please see below for :ref:`817_port_zone-service-list_port-ind` **Type:** Object **Refernce Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/port-ind ` **port-num** **Description** Port Number **Type:** number **Range:** 1-65535 **protocol** **Description** 'dns-tcp': DNS-TCP Port; 'dns-udp': DNS-UDP Port; 'http': HTTP Port; 'tcp': TCP Port; 'udp': UDP Port; 'ssl-l4': SSL-L4 Port; 'sip-udp': SIP-UDP Port; 'sip-tcp': SIP-TCP Port; **Type:** string **Supported Values:** dns-tcp, dns-udp, http, tcp, udp, ssl-l4, sip-udp, sip-tcp, quic **sflow-common** **Description** Enable all sFlow polling options under this zone port **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** sflow-commonsflow-packets, sflow-tcp-basic, sflow-tcp-stateful and sflow-http are mutually exclusive **sflow-http** **Description** Enable sFlow HTTP counter polling **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** sflow-http and sflow-common are mutually exclusive **sflow-packets** **Description** Enable sFlow packet-level counter polling **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** sflow-packets and sflow-common are mutually exclusive **sflow-tcp** **Description:** sflow-tcp is a **JSON Block**. Please see below for :ref:`817_port_zone-service-list_sflow-tcp` **Type:** Object **signature-extraction** **Description:** signature-extraction is a **JSON Block**. Please see below for :ref:`817_port_zone-service-list_signature-extraction` **Type:** Object **Refernce Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/signature-extraction ` **src-based-policy-list** **Type:** List **Refernce Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/src-based-policy/{src-based-policy-name} ` **stateful** **Description** Enable stateful tracking of sessions (Default is stateless) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **topk-sources** **Description:** topk-sources is a **JSON Block**. Please see below for :ref:`817_port_zone-service-list_topk-sources` **Type:** Object **Refernce Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/topk-sources ` **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-template** **Description:** zone-template is a **JSON Block**. Please see below for :ref:`817_port_zone-service-list_zone-template` **Type:** Object .. _817_port_zone-service-list_pattern-recognition: port_zone-service-list_pattern-recognition ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **algorithm** **Description** 'heuristic': heuristic algorithm; **Type:** string **Supported Values:** heuristic **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _817_port_zone-service-list_ips: port_zone-service-list_ips ^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _817_port_zone-service-list_glid-cfg: port_zone-service-list_glid-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **action-list** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/ddos/action-list ` **glid** **Description** Global limit ID for the whole zone **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/glid ` **glid-action** **Description** 'drop': Drop packets for glid exceed (Default if default-action-list is not configured); 'ignore': Do nothing for glid exceed; **Type:** string **Supported Values:** drop, ignore **per-addr-glid** **Description** Global limit ID per address **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/glid ` .. _817_port_zone-service-list_zone-template: port_zone-service-list_zone-template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **ips** **Description** IPS template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _817_port_zone-service-list_signature-extraction: port_zone-service-list_signature-extraction ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **algorithm** **Description** 'heuristic': heuristic algorithm; **Type:** string **Supported Values:** heuristic **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _817_port_zone-service-list_level-list: port_zone-service-list_level-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **apply-extracted-filters** **Description** Apply extracted filters from this level **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid-action** **Description** 'drop': Drop packets for glid exceed (Default); 'blacklist-src': Blacklist-src for glid exceed; 'ignore': Do nothing for glid exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **indicator-list** **Type:** List **Refernce Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/level/{level-num}/indicator/{type} ` **level-num** **Description** '0': Default policy level; '1': Policy level 1; '2': Policy level 2; '3': Policy level 3; '4': Policy level 4; **Type:** string **Supported Values:** 0, 1, 2, 3, 4 **src-default-glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/glid ` **src-escalation-score** **Description** Source activation score of this level **Type:** number **Range:** 1-1000000 **src-violation-actions** **Description** Violation actions apply due to source escalate from this level **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/ddos/violation-actions ` **start-pattern-recognition** **Description** Start pattern recognition from this level **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-escalation-score** **Description** Zone activation score of this level **Type:** number **Range:** 1-1000000 **zone-template** **Description:** zone-template is a **JSON Block**. Please see below for :ref:`817_port_zone-service-list_level-list_zone-template` **Type:** Object **zone-violation-actions** **Description** Violation actions apply due to zone escalate from this level **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/ddos/violation-actions ` .. _817_port_zone-service-list_level-list_zone-template: port_zone-service-list_level-list_zone-template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **dns** **Description** DDOS dns template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **encap** **Description** DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **http** **Description** DDOS http template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **quic** **Description** DDOS quic template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **sip** **Description** DDOS sip template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **ssl-l4** **Description** DDOS ssl-l4 template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **tcp** **Description** DDOS tcp template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **udp** **Description** DDOS udp template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _817_port_zone-service-list_level-list_indicator-list: port_zone-service-list_level-list_indicator-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **data-packet-size** **Description** Expected minimal data size **Type:** number **Range:** 0-2147483647 **score** **Description** Score corresponding to the indicator **Type:** number **Range:** 1-1000000 **src-threshold-num** **Description** Indicator per-src threshold **Type:** number **Range:** 0-2147483647 **src-threshold-str** **Description** Indicator per-src threshold **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters **src-violation-actions** **Description** Violation actions to use when this src indicator threshold reaches **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/ddos/violation-actions ` **tcp-window-size** **Description** Expected minimal window size **Type:** number **Range:** 0-2147483647 **type** **Description** 'pkt-rate': rate of incoming packets; 'pkt-drop-rate': rate of packets got dropped; 'pkt-drop-ratio': ratio of incoming packet rate divided by the rate of dropping packets; 'bytes-to-bytes-from-ratio': ratio of incoming packet rate divided by the rate of outgoing packets; 'concurrent-conns': number of concurrent connections; 'conn-miss-rate': rate of incoming packets for which no previously established connection exists; 'syn-rate': rate on incoming SYN packets; 'fin-rate': rate on incoming FIN packets; 'rst-rate': rate of incoming RST packets; 'small-window-ack-rate': rate of small window advertisement; 'empty-ack-rate': rate of incoming packets which have no payload; 'small-payload-rate': rate of short payload packet; 'syn-fin-ratio': ratio of incoming SYN packet rate divided by the rate of incoming FIN packets; 'cpu-utilization': average data CPU utilization; 'interface-utilization': outside interface utilization; **Type:** string **Supported Values:** pkt-rate, pkt-drop-rate, pkt-drop-ratio, bytes-to-bytes-from-ratio, concurrent-conns, conn-miss-rate, syn-rate, fin-rate, rst-rate, small-window-ack-rate, empty-ack-rate, small-payload-rate, syn-fin-ratio, cpu-utilization, interface-utilization **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-threshold-num** **Description** Threshold for the entire zone **Type:** number **Range:** 0-2147483647 **zone-threshold-str** **Description** Threshold for the entire zone **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters **zone-violation-actions** **Description** Violation actions to use when this zone indicator threshold reaches **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/ddos/violation-actions ` .. _817_port_zone-service-list_manual-mode-list: port_zone-service-list_manual-mode-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **config** **Description** 'configuration': Manual-mode configuration; **Type:** string **Supported Values:** configuration **glid-action** **Description** 'drop': Drop packets for glid exceed (Default); 'blacklist-src': Blacklist-src for glid exceed; 'ignore': Do nothing for glid exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **src-default-glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/glid ` **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-template** **Description:** zone-template is a **JSON Block**. Please see below for :ref:`817_port_zone-service-list_manual-mode-list_zone-template` **Type:** Object .. _817_port_zone-service-list_manual-mode-list_zone-template: port_zone-service-list_manual-mode-list_zone-template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **dns** **Description** DDOS dns template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **encap** **Description** DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **http** **Description** DDOS http template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **quic** **Description** DDOS quic template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **sip** **Description** DDOS sip template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **ssl-l4** **Description** DDOS ssl-l4 template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **tcp** **Description** DDOS tcp template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **udp** **Description** DDOS udp template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _817_port_zone-service-list_src-based-policy-list: port_zone-service-list_src-based-policy-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **policy-class-list-list** **Type:** List **Refernce Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/src-based-policy/{src-based-policy-name}/policy-class-list/{class-list-name} ` **src-based-policy-name** **Description** Specify name of the policy **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _817_port_zone-service-list_src-based-policy-list_policy-class-list-list: port_zone-service-list_src-based-policy-list_policy-class-list-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **action** **Description** 'bypass': Always permit for the Source to bypass all feature & limit checks; 'deny': Blacklist incoming packets for service; **Type:** string **Supported Values:** bypass, deny **class-list-name** **Description** Class-list name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **class-list-overflow-policy-list** **Type:** List **Refernce Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/src-based-policy/{src-based-policy-name}/policy-class-list/{class-list-name}/class-list-overflow-policy/{dummy-name} ` **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/glid ` **glid-action** **Description** 'drop': Drop packets for glid exceed (Default); 'blacklist-src': Blacklist-src for glid exceed; 'ignore': Do nothing for glid exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **log-enable** **Description** Enable logging **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **log-periodic** **Description** Enable log periodic **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **max-dynamic-entry-count** **Description** Maximum count for dynamic source zone service entry allowed for this class-list **Type:** number **Range:** 0-2147483647 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-template** **Description:** zone-template is a **JSON Block**. Please see below for :ref:`817_port_zone-service-list_src-based-policy-list_policy-class-list-list_zone-template` **Type:** Object .. _817_port_zone-service-list_src-based-policy-list_policy-class-list-list_zone-template: port_zone-service-list_src-based-policy-list_policy-class-list-list_zone-template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **dns** **Description** DDOS dns template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **encap** **Description** DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **http** **Description** DDOS http template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **ips** **Description** IPS template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **logging** **Description** DDOS logging template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **quic** **Description** DDOS quic template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **sip** **Description** DDOS sip template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **ssl-l4** **Description** DDOS ssl-l4 template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **tcp** **Description** DDOS tcp template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **udp** **Description** DDOS udp template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _817_port_zone-service-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list: port_zone-service-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **action** **Description** 'bypass': Always permit for the Source to bypass all feature & limit checks; 'deny': Blacklist incoming packets for service; **Type:** string **Supported Values:** bypass, deny **dummy-name** **Description** 'configuration': Configure overflow policy for class-list; **Type:** string **Supported Values:** configuration **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/glid ` **log-enable** **Description** Enable logging **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **log-periodic** **Description** Enable log periodic **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-template** **Description:** zone-template is a **JSON Block**. Please see below for :ref:`817_port_zone-service-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list_zone-template` **Type:** Object .. _817_port_zone-service-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list_zone-template: port_zone-service-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list_zone-template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **dns** **Description** DDOS dns template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **encap** **Description** DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **http** **Description** DDOS http template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **logging** **Description** DDOS logging template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **quic** **Description** DDOS quic template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **sip** **Description** DDOS sip template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **ssl-l4** **Description** DDOS ssl-l4 template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **tcp** **Description** DDOS tcp template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **udp** **Description** DDOS udp template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _817_port_zone-service-list_port-ind: port_zone-service-list_port-ind ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _817_port_zone-service-list_sflow-tcp: port_zone-service-list_sflow-tcp ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **sflow-tcp-basic** **Description** Enable sFlow basic TCP counter polling **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** sflow-tcp-basic and sflow-common are mutually exclusive **sflow-tcp-stateful** **Description** Enable sFlow stateful TCP counter polling **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** sflow-tcp-stateful and sflow-common are mutually exclusive .. _817_port_zone-service-list_topk-sources: port_zone-service-list_topk-sources ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _817_port_zone-service-list_dynamic-entry-overflow-policy-list: port_zone-service-list_dynamic-entry-overflow-policy-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **action** **Description** 'bypass': Always permit for the Source to bypass all feature & limit checks; 'deny': Blacklist incoming packets for service; **Type:** string **Supported Values:** bypass, deny **dummy-name** **Description** 'configuration': Configure overflow policy; **Type:** string **Supported Values:** configuration **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/glid ` **log-enable** **Description** Enable logging **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **log-periodic** **Description** Enable log periodic **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-template** **Description:** zone-template is a **JSON Block**. Please see below for :ref:`817_port_zone-service-list_dynamic-entry-overflow-policy-list_zone-template` **Type:** Object .. _817_port_zone-service-list_dynamic-entry-overflow-policy-list_zone-template: port_zone-service-list_dynamic-entry-overflow-policy-list_zone-template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **dns** **Description** DDOS dns template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **encap** **Description** DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **http** **Description** DDOS http template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **logging** **Description** DDOS logging template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **quic** **Description** DDOS quic template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **sip** **Description** DDOS sip template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **ssl-l4** **Description** DDOS ssl-l4 template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **tcp** **Description** DDOS tcp template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **udp** **Description** DDOS udp template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _817_port_zone-service-list_capture-config: port_zone-service-list_capture-config ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **capture-config-mode** **Description** 'drop': Apply capture-config to dropped packets; 'forward': Apply capture-config to forwarded packets; 'all': Apply capture-config to both dropped and forwarded packets; **Type:** string **Supported Values:** drop, forward, all **capture-config-name** **Description** Capture-config name **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _817_port_zone-service-other-list: port_zone-service-other-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **age** **Description** Idle age for ip entry **Type:** number **Range:** 2-1023 **Default:** 5 **apply-policy-on-overflow** **Description** Enable this flag to apply overflow policy when dynamic entry count overflows **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **default-action-list** **Description** Configure default-action-list **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/ddos/action-list ` **deny** **Description** Blacklist and Drop all incoming packets for protocol **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dynamic-entry-overflow-policy-list** **Type:** List **Refernce Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}/dynamic-entry-overflow-policy/{dummy-name} ` **enable-class-list-overflow** **Description** Apply class-list overflow policy upon exceeding dynamic entry count specified for this zone port or each class-list **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **enable-top-k** **Description** Enable ddos top-k detection **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid-cfg** **Description:** glid-cfg is a **JSON Block**. Please see below for :ref:`817_port_zone-service-other-list_glid-cfg` **Type:** Object **level-list** **Type:** List **Refernce Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}/level/{level-num} ` **manual-mode-enable** **Description** Toggle manual mode to use fix templates **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **manual-mode-list** **Type:** List **Refernce Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}/manual-mode/{config} ` **max-dynamic-entry-count** **Description** Maximum count for dynamic source zone service entry **Type:** number **Range:** 0-2147483647 **outbound-only** **Description** Only allow outbound traffic **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **pattern-recognition** **Description:** pattern-recognition is a **JSON Block**. Please see below for :ref:`817_port_zone-service-other-list_pattern-recognition` **Type:** Object **Refernce Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}/pattern-recognition ` **port-ind** **Description:** port-ind is a **JSON Block**. Please see below for :ref:`817_port_zone-service-other-list_port-ind` **Type:** Object **Refernce Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}/port-ind ` **port-other** **Description** 'other': other; **Type:** string **Supported Values:** other **protocol** **Description** 'tcp': TCP Port; 'udp': UDP Port; **Type:** string **Supported Values:** tcp, udp **sflow-common** **Description** Enable all sFlow polling options under this zone port **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** sflow-commonsflow-packets, sflow-tcp-basic and sflow-tcp-stateful are mutually exclusive **sflow-packets** **Description** Enable sFlow packet-level counter polling **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** sflow-packets and sflow-common are mutually exclusive **sflow-tcp** **Description:** sflow-tcp is a **JSON Block**. Please see below for :ref:`817_port_zone-service-other-list_sflow-tcp` **Type:** Object **src-based-policy-list** **Type:** List **Refernce Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}/src-based-policy/{src-based-policy-name} ` **stateful** **Description** Enable stateful tracking of sessions (Default is stateless) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **topk-sources** **Description:** topk-sources is a **JSON Block**. Please see below for :ref:`817_port_zone-service-other-list_topk-sources` **Type:** Object **Refernce Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}/topk-sources ` **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _817_port_zone-service-other-list_pattern-recognition: port_zone-service-other-list_pattern-recognition ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **algorithm** **Description** 'heuristic': heuristic algorithm; **Type:** string **Supported Values:** heuristic **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _817_port_zone-service-other-list_dynamic-entry-overflow-policy-list: port_zone-service-other-list_dynamic-entry-overflow-policy-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **action** **Description** 'bypass': Always permit for the Source to bypass all feature & limit checks; 'deny': Blacklist incoming packets for service; **Type:** string **Supported Values:** bypass, deny **dummy-name** **Description** 'configuration': Configure overflow policy; **Type:** string **Supported Values:** configuration **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/glid ` **log-enable** **Description** Enable logging **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **log-periodic** **Description** Enable log periodic **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-template** **Description:** zone-template is a **JSON Block**. Please see below for :ref:`817_port_zone-service-other-list_dynamic-entry-overflow-policy-list_zone-template` **Type:** Object .. _817_port_zone-service-other-list_dynamic-entry-overflow-policy-list_zone-template: port_zone-service-other-list_dynamic-entry-overflow-policy-list_zone-template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **dns** **Description** DDOS dns template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **encap** **Description** DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **http** **Description** DDOS http template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **logging** **Description** DDOS logging template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **sip** **Description** DDOS sip template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **ssl-l4** **Description** DDOS ssl-l4 template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **tcp** **Description** DDOS tcp template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **udp** **Description** DDOS udp template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _817_port_zone-service-other-list_glid-cfg: port_zone-service-other-list_glid-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **action-list** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/ddos/action-list ` **glid** **Description** Global limit ID for the whole zone **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/glid ` **glid-action** **Description** 'drop': Drop packets for glid exceed (Default if default-action-list is not configured); 'ignore': Do nothing for glid exceed; **Type:** string **Supported Values:** drop, ignore **per-addr-glid** **Description** Global limit ID per address **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/glid ` .. _817_port_zone-service-other-list_level-list: port_zone-service-other-list_level-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **apply-extracted-filters** **Description** Apply extracted filters from this level **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid-action** **Description** 'drop': Drop packets for glid exceed (Default); 'blacklist-src': Blacklist-src for glid exceed; 'ignore': Do nothing for glid exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **indicator-list** **Type:** List **Refernce Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}/level/{level-num}/indicator/{type} ` **level-num** **Description** '0': Default policy level; '1': Policy level 1; '2': Policy level 2; '3': Policy level 3; '4': Policy level 4; **Type:** string **Supported Values:** 0, 1, 2, 3, 4 **src-default-glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/glid ` **src-escalation-score** **Description** Source activation score of this level **Type:** number **Range:** 1-1000000 **src-violation-actions** **Description** Violation actions apply due to source escalate from this level **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/ddos/violation-actions ` **start-pattern-recognition** **Description** Start pattern recognition from this level **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-escalation-score** **Description** Zone activation score of this level **Type:** number **Range:** 1-1000000 **zone-template** **Description:** zone-template is a **JSON Block**. Please see below for :ref:`817_port_zone-service-other-list_level-list_zone-template` **Type:** Object **zone-violation-actions** **Description** Violation actions apply due to zone escalate from this level **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/ddos/violation-actions ` .. _817_port_zone-service-other-list_level-list_zone-template: port_zone-service-other-list_level-list_zone-template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **encap** **Description** DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **tcp** **Description** DDOS tcp template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **udp** **Description** DDOS udp template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _817_port_zone-service-other-list_level-list_indicator-list: port_zone-service-other-list_level-list_indicator-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **data-packet-size** **Description** Expected minimal data size **Type:** number **Range:** 0-2147483647 **score** **Description** Score corresponding to the indicator **Type:** number **Range:** 1-1000000 **src-threshold-num** **Description** Indicator per-src threshold **Type:** number **Range:** 0-2147483647 **src-threshold-str** **Description** Indicator per-src threshold **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters **src-violation-actions** **Description** Violation actions to use when this src indicator threshold reaches **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/ddos/violation-actions ` **tcp-window-size** **Description** Expected minimal window size **Type:** number **Range:** 0-2147483647 **type** **Description** 'pkt-rate': rate of incoming packets; 'pkt-drop-rate': rate of packets got dropped; 'pkt-drop-ratio': ratio of incoming packet rate divided by the rate of dropping packets; 'bytes-to-bytes-from-ratio': ratio of incoming packet rate divided by the rate of outgoing packets; 'concurrent-conns': number of concurrent connections; 'conn-miss-rate': rate of incoming packets for which no previously established connection exists; 'syn-rate': rate on incoming SYN packets; 'fin-rate': rate on incoming FIN packets; 'rst-rate': rate of incoming RST packets; 'small-window-ack-rate': rate of small window advertisement; 'empty-ack-rate': rate of incoming packets which have no payload; 'small-payload-rate': rate of short payload packet; 'syn-fin-ratio': ratio of incoming SYN packet rate divided by the rate of incoming FIN packets; 'cpu-utilization': average data CPU utilization; 'interface-utilization': outside interface utilization; **Type:** string **Supported Values:** pkt-rate, pkt-drop-rate, pkt-drop-ratio, bytes-to-bytes-from-ratio, concurrent-conns, conn-miss-rate, syn-rate, fin-rate, rst-rate, small-window-ack-rate, empty-ack-rate, small-payload-rate, syn-fin-ratio, cpu-utilization, interface-utilization **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-threshold-num** **Description** Threshold for the entire zone **Type:** number **Range:** 0-2147483647 **zone-threshold-str** **Description** Threshold for the entire zone **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters **zone-violation-actions** **Description** Violation actions to use when this zone indicator threshold reaches **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/ddos/violation-actions ` .. _817_port_zone-service-other-list_manual-mode-list: port_zone-service-other-list_manual-mode-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **config** **Description** 'configuration': Manual-mode configuration; **Type:** string **Supported Values:** configuration **glid-action** **Description** 'drop': Drop packets for glid exceed (Default); 'blacklist-src': Blacklist-src for glid exceed; 'ignore': Do nothing for glid exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **src-default-glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/glid ` **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-template** **Description:** zone-template is a **JSON Block**. Please see below for :ref:`817_port_zone-service-other-list_manual-mode-list_zone-template` **Type:** Object .. _817_port_zone-service-other-list_manual-mode-list_zone-template: port_zone-service-other-list_manual-mode-list_zone-template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **encap** **Description** DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **tcp** **Description** DDOS tcp template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **udp** **Description** DDOS udp template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _817_port_zone-service-other-list_src-based-policy-list: port_zone-service-other-list_src-based-policy-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **policy-class-list-list** **Type:** List **Refernce Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}/src-based-policy/{src-based-policy-name}/policy-class-list/{class-list-name} ` **src-based-policy-name** **Description** Specify name of the policy **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _817_port_zone-service-other-list_src-based-policy-list_policy-class-list-list: port_zone-service-other-list_src-based-policy-list_policy-class-list-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **action** **Description** 'bypass': Always permit for the Source to bypass all feature & limit checks; 'deny': Blacklist incoming packets for service; **Type:** string **Supported Values:** bypass, deny **class-list-name** **Description** Class-list name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **class-list-overflow-policy-list** **Type:** List **Refernce Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}/src-based-policy/{src-based-policy-name}/policy-class-list/{class-list-name}/class-list-overflow-policy/{dummy-name} ` **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/glid ` **glid-action** **Description** 'drop': Drop packets for glid exceed (Default); 'blacklist-src': Blacklist-src for glid exceed; 'ignore': Do nothing for glid exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **max-dynamic-entry-count** **Description** Maximum count for dynamic source zone service entry allowed for this class-list **Type:** number **Range:** 0-2147483647 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-template** **Description:** zone-template is a **JSON Block**. Please see below for :ref:`817_port_zone-service-other-list_src-based-policy-list_policy-class-list-list_zone-template` **Type:** Object .. _817_port_zone-service-other-list_src-based-policy-list_policy-class-list-list_zone-template: port_zone-service-other-list_src-based-policy-list_policy-class-list-list_zone-template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **encap** **Description** DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **ips** **Description** IPS template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **logging** **Description** DDOS logging template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **tcp** **Description** DDOS tcp template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **udp** **Description** DDOS udp template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _817_port_zone-service-other-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list: port_zone-service-other-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **action** **Description** 'bypass': Always permit for the Source to bypass all feature & limit checks; 'deny': Blacklist incoming packets for service; **Type:** string **Supported Values:** bypass, deny **dummy-name** **Description** 'configuration': Configure overflow policy for class-list; **Type:** string **Supported Values:** configuration **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/glid ` **log-enable** **Description** Enable logging **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **log-periodic** **Description** Enable log periodic **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-template** **Description:** zone-template is a **JSON Block**. Please see below for :ref:`817_port_zone-service-other-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list_zone-template` **Type:** Object .. _817_port_zone-service-other-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list_zone-template: port_zone-service-other-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list_zone-template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **dns** **Description** DDOS dns template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **encap** **Description** DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **http** **Description** DDOS http template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **logging** **Description** DDOS logging template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **sip** **Description** DDOS sip template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **ssl-l4** **Description** DDOS ssl-l4 template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **tcp** **Description** DDOS tcp template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **udp** **Description** DDOS udp template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _817_port_zone-service-other-list_port-ind: port_zone-service-other-list_port-ind ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _817_port_zone-service-other-list_sflow-tcp: port_zone-service-other-list_sflow-tcp ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **sflow-tcp-basic** **Description** Enable sFlow basic TCP counter polling **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** sflow-tcp-basic and sflow-common are mutually exclusive **sflow-tcp-stateful** **Description** Enable sFlow stateful TCP counter polling **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** sflow-tcp-stateful and sflow-common are mutually exclusive .. _817_port_zone-service-other-list_topk-sources: port_zone-service-other-list_topk-sources ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _817_capture-config-list: capture-config-list ^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **mode** **Description** 'drop': Apply capture-config to dropped packets; 'forward': Apply capture-config to forwarded packets; 'all': Apply capture-config to both dropped and forwarded packets; **Type:** string **Supported Values:** drop, forward, all **name** **Description** Capture-config name **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/capture-config ` **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _817_zone-template: zone-template ^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **logging** **Description** DDOS logging template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _817_web-gui: web-gui ^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **activated-after-learning** **Description** Activate it after learning **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **create-time** **Description** Configure create time **Type:** string **Maximum Length:** 13 characters **Maximum Length:** 1 characters **learning** **Description:** learning is a **JSON Block**. Please see below for :ref:`817_web-gui_learning` **Type:** Object **Refernce Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/web-gui/learning ` **modify-time** **Description** Configure modify time **Type:** string **Maximum Length:** 13 characters **Maximum Length:** 1 characters **protection** **Description:** protection is a **JSON Block**. Please see below for :ref:`817_web-gui_protection` **Type:** Object **Refernce Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/web-gui/protection ` **sensitivity** **Description** '5': Low; '3': Medium; '1.5': High; **Type:** string **Supported Values:** 5, 3, 1.5 **Default:** 3 **status** **Description** 'newly': newly; 'learning': learning; 'learned': learned; 'activated': activated; **Type:** string **Supported Values:** newly, learning, learned, activated **Default:** newly **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _817_web-gui_protection: web-gui_protection ^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **ip-proto** **Description:** ip-proto is a **JSON Block**. Please see below for :ref:`817_web-gui_protection_ip-proto` **Type:** Object **Refernce Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/web-gui/protection/ip-proto ` **port** **Description:** port is a **JSON Block**. Please see below for :ref:`817_web-gui_protection_port` **Type:** Object **Refernce Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/web-gui/protection/port ` **port-range-list** **Type:** List **Refernce Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/web-gui/protection/port-range/{port-range-start}+{port-range-end}+{protocol} ` .. _817_web-gui_protection_port-range-list: web-gui_protection_port-range-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **pbe** **Description** Peak Bandwidth Expected **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters **port-range-end** **Description** Port-Range End Port Number **Type:** number **Range:** 1-65535 **port-range-start** **Description** Port-Range Start Port Number **Type:** number **Range:** 1-65535 **protocol** **Description** 'dns-tcp': DNS-TCP Port; 'dns-udp': DNS-UDP Port; 'http': HTTP Port; 'tcp': TCP Port; 'udp': UDP Port; 'ssl-l4': SSL-L4 Port; **Type:** string **Supported Values:** dns-tcp, dns-udp, http, tcp, udp, ssl-l4 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _817_web-gui_protection_port: web-gui_protection_port ^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **zone-service-list** **Type:** List **Refernce Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/web-gui/protection/port/zone-service/{port-num}+{protocol} ` **zone-service-other-list** **Type:** List **Refernce Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/web-gui/protection/port/zone-service-other/{port-other}+{protocol} ` .. _817_web-gui_protection_port_zone-service-list: web-gui_protection_port_zone-service-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **pbe** **Description** Peak Bandwidth Expected **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters **port-num** **Description** Port Number **Type:** number **Range:** 1-65535 **protocol** **Description** 'dns-tcp': DNS-TCP Port; 'dns-udp': DNS-UDP Port; 'http': HTTP Port; 'tcp': TCP Port; 'udp': UDP Port; 'ssl-l4': SSL-L4 Port; **Type:** string **Supported Values:** dns-tcp, dns-udp, http, tcp, udp, ssl-l4 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _817_web-gui_protection_port_zone-service-other-list: web-gui_protection_port_zone-service-other-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **pbe** **Description** Peak Bandwidth Expected **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters **port-other** **Description** 'other': other; **Type:** string **Supported Values:** other **protocol** **Description** 'tcp': TCP Port; 'udp': UDP Port; **Type:** string **Supported Values:** tcp, udp **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _817_web-gui_protection_ip-proto: web-gui_protection_ip-proto ^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **proto-name-list** **Type:** List **Refernce Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/web-gui/protection/ip-proto/proto-name/{protocol} ` .. _817_web-gui_protection_ip-proto_proto-name-list: web-gui_protection_ip-proto_proto-name-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **pbe** **Description** Peak Bandwidth Expected **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters **protocol** **Description** 'icmp-v4': ip-proto icmp-v4; 'icmp-v6': ip-proto icmp-v6; **Type:** string **Supported Values:** icmp-v4, icmp-v6 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _817_web-gui_learning: web-gui_learning ^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **duration** **Description** '1minute': 1 minute; '6hour': 6 hours; '12hour': 12 hours; '24hour': 24 hours; '7day': 7 days; **Type:** string **Supported Values:** 1minute, 6hour, 12hour, 24hour, 7day **Default:** 6hour **starting-time** **Description** Configure learning starting time **Type:** string **Maximum Length:** 13 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _817_hw-blacklist-blocking: hw-blacklist-blocking ^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **dst-enable** **Description** Enable Dst side hardware blocking **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **src-enable** **Description** Enable Src side hardware blocking **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _817_ipv6: ipv6 ^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **expand-ipv6-subnet** **Description** Expand this subnet to individual IPv6 address **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **expand-ipv6-subnet-mode** **Description** 'default': Default learning mechanism (Default: Dynamic); 'dynamic': Dynamic learning; 'static': Static learning; **Type:** string **Supported Values:** default, dynamic, static **Default:** default **ip6-addr** **Description** Specify IPv6 address **Type:** string **Format:** ipv6-address **subnet-ipv6-addr** **Description** IPV6 Subnet **Type:** string **Format:** ipv6-address-plen .. _817_src-port-range-list: src-port-range-list ^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **capture-config** **Description:** capture-config is a **JSON Block**. Please see below for :ref:`817_src-port-range-list_capture-config` **Type:** Object **default-action-list** **Description** Configure default-action-list **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/ddos/action-list ` **deny** **Description** Blacklist and Drop all incoming packets for protocol **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid-cfg** **Description:** glid-cfg is a **JSON Block**. Please see below for :ref:`817_src-port-range-list_glid-cfg` **Type:** Object **protocol** **Description** 'udp': UDP port; 'tcp': TCP Port; **Type:** string **Supported Values:** udp, tcp **src-port-range-end** **Description** Src Port-Range End Port Number **Type:** number **Range:** 2-65535 **src-port-range-start** **Description** Src Port-Range Start Port Number **Type:** number **Range:** 1-65535 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-template** **Description:** zone-template is a **JSON Block**. Please see below for :ref:`817_src-port-range-list_zone-template` **Type:** Object .. _817_src-port-range-list_capture-config: src-port-range-list_capture-config ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **capture-config-mode** **Description** 'drop': Apply capture-config to dropped packets; 'forward': Apply capture-config to forwarded packets; 'all': Apply capture-config to both dropped and forwarded packets; **Type:** string **Supported Values:** drop, forward, all **capture-config-name** **Description** Capture-config name **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _817_src-port-range-list_glid-cfg: src-port-range-list_glid-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/glid ` **glid-action** **Description** 'drop': Drop packets for glid exceed (Default); 'ignore': Do nothing for glid exceed; **Type:** string **Supported Values:** drop, ignore .. _817_src-port-range-list_zone-template: src-port-range-list_zone-template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **src-tcp** **Description** DDOS tcp src template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **src-udp** **Description** DDOS udp src template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _817_sflow-tcp: sflow-tcp ^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **sflow-tcp-basic** **Description** Enable sFlow basic TCP counter polling. WARNING: Zone level Sflow polling might induce heavy CPU load depending on the total nu **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** sflow-tcp-basic and sflow-common are mutually exclusive **sflow-tcp-stateful** **Description** Enable sFlow stateful TCP counter polling. WARNING: Zone level Sflow polling might induce heavy CPU load depending on the total **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** sflow-tcp-stateful and sflow-common are mutually exclusive .. _817_src-port: src-port ^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **zone-src-port-list** **Type:** List **Refernce Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/src-port/zone-src-port/{port-num}+{protocol} ` **zone-src-port-other-list** **Type:** List **Refernce Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/src-port/zone-src-port-other/{port-other}+{protocol} ` .. _817_src-port_zone-src-port-list: src-port_zone-src-port-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **default-action-list** **Description** Configure default-action-list **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/ddos/action-list ` **deny** **Description** Blacklist and Drop all incoming packets for protocol **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid-cfg** **Description:** glid-cfg is a **JSON Block**. Please see below for :ref:`817_src-port_zone-src-port-list_glid-cfg` **Type:** Object **outbound-src-tracking** **Description** 'enable': enable; 'disable': disable; **Type:** string **Supported Values:** enable, disable **Default:** disable **port-num** **Description** Source Port Number **Type:** number **Range:** 1-65535 **protocol** **Description** 'dns-udp': DNS-UDP Port; 'dns-tcp': DNS-TCP Port; 'udp': UDP port; 'tcp': TCP Port; **Type:** string **Supported Values:** dns-udp, dns-tcp, udp, tcp **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-template** **Description:** zone-template is a **JSON Block**. Please see below for :ref:`817_src-port_zone-src-port-list_zone-template` **Type:** Object .. _817_src-port_zone-src-port-list_glid-cfg: src-port_zone-src-port-list_glid-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/glid ` **glid-action** **Description** 'drop': Drop packets for glid exceed (Default); 'ignore': Do nothing for glid exceed; **Type:** string **Supported Values:** drop, ignore .. _817_src-port_zone-src-port-list_zone-template: src-port_zone-src-port-list_zone-template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **src-dns** **Description** DDOS dns src template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **src-tcp** **Description** DDOS tcp src template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **src-udp** **Description** DDOS udp src template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _817_src-port_zone-src-port-other-list: src-port_zone-src-port-other-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **default-action-list** **Description** Configure default-action-list **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/ddos/action-list ` **deny** **Description** Blacklist and Drop all incoming packets for protocol **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid-cfg** **Description:** glid-cfg is a **JSON Block**. Please see below for :ref:`817_src-port_zone-src-port-other-list_glid-cfg` **Type:** Object **port-other** **Description** 'other': other; **Type:** string **Supported Values:** other **protocol** **Description** 'udp': UDP port; 'tcp': TCP Port; **Type:** string **Supported Values:** udp, tcp **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-template** **Description:** zone-template is a **JSON Block**. Please see below for :ref:`817_src-port_zone-src-port-other-list_zone-template` **Type:** Object .. _817_src-port_zone-src-port-other-list_glid-cfg: src-port_zone-src-port-other-list_glid-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Refernce Object:** :doc:`/axapi/v3/glid ` **glid-action** **Description** 'drop': Drop packets for glid exceed (Default); 'ignore': Do nothing for glid exceed; **Type:** string **Supported Values:** drop, ignore .. _817_src-port_zone-src-port-other-list_zone-template: src-port_zone-src-port-other-list_zone-template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *object* =============================== =================================================== **src-tcp** **Description** DDOS tcp src template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **src-udp** **Description** DDOS udp src template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _817_stats_data: stats data ---------- .. list-table:: :widths: 10 20 30 80 :header-rows: 2 :stub-columns: 1 * - - Counter - Size - Description * - - - - * - - zone_src_udp_retry_timeout_blacklist - 8 - Src UDP Auth: Retry Timeout Blacklisted * - - dst_entry_conn_limit_exceed - 8 - Entry Limit: Conn Exceeded * - - egress_bytes - 8 - Outbound: Bytes Received * - - zone_other_drop - 8 - OTHER Total Packets Dropped * - - dst_drop - 8 - Inbound: Packets Dropped * - - zone_payload_too_big - 8 - UDP Payload Too Large * - - zone_src_port_conn_limit_exceed - 8 - SrcPort Limit: Conn Exceeded * - - zone_udp_filter_action_default_pass - 8 - UDP Filter Action Default Pass * - - src_tcp_unauth_drop - 8 - Src TCP Auth: Unauth Dropped * - - src_udp_retry_gap_drop - 8 - Src UDP Auth: Retry-Gap Dropped * - - dst_other_bytes_rcv - 8 - OTHER Total Bytes Received * - - zone_udp_pkt_sent - 8 - UDP Total Packets Forwarded * - - src_tcp_action_on_ack_blacklist - 8 - Src TCP Auth: ACK Retry Timeout Blacklisted * - - zone_tcp_action_on_syn_blacklist - 8 - TCP Auth: SYN Retry Timeout Blacklisted * - - secondary_entry_learning_thre_exceed - 8 - Per Addr Entry Count Overflow * - - src_tcp_retransmit_excd - 8 - Src TCP Retransmit Exceeded * - - tcp_syn_cookie_fail - 8 - TCP Auth: SYN Cookie Failed * - - dst_entry_outbound_kbit_rate_exceed - 8 - Outbound Rate: KiBit Exceeded * - - src_udp_filter_action_drop - 8 - Src UDP Filter Action Drop * - - zone_tcp_filter_action_drop - 8 - TCP Filter Action Drop * - - src_udp_ntp_monlist_req - 8 - Src UDP NTP Monlist Request * - - zone_other_src_rate_drop - 8 - OTHER Src Rate: Total Exceeded * - - zone_pkt_sent - 8 - Inbound: Packets Forwarded * - - dst_tcp_conn_close_w_idle - 8 - TCP Idle Connections Closed * - - secondary_dst_entry_conn_limit_exceed - 8 - Per Addr Limit: Conn Exceeded * - - dst_udp_session_aged - 8 - UDP Sessions Aged * - - tcp_rexmit_syn_limit_drop - 8 - TCP SYN Retransmit Exceeded Drop * - - zone_other_kibit_rate_drop - 8 - OTHER Dst IP-Proto Rate: KiBit Exceeded * - - src_other_filter_action_blacklist - 8 - Src OTHER Filter Action Blacklist * - - src_tcp_zero_window_excd - 8 - Src TCP Zero-Window Exceeded * - - src_tcp_syn_cookie_sent - 8 - Src TCP Auth: SYN Cookie Sent * - - zone_udp_pkt_rate_exceed - 8 - UDP Dst IP-Proto Rate: Packet Exceeded * - - zone_tcp_action_on_syn_reset - 8 - TCP Auth: SYN Retry Timeout Reset * - - source_entry_total - 8 - Source Entry Total Count * - - zone_udp_frag_src_rate_drop - 8 - UDP Src Rate: Frag Exceeded * - - src_tcp_action_on_syn_reset - 8 - Src TCP Auth: SYN Retry Timeout Reset * - - src_udp_retry_init - 8 - Src UDP Auth: Retry Init * - - zone_udp_conn_rate_exceed - 8 - UDP Dst IP-Proto Rate: Conn Exceeded * - - zone_tcp_any_exceed - 8 - TCP Dst IP-Proto Rate: Total Exceeded * - - zone_tcp_action_on_syn_timeout - 8 - TCP Auth: SYN Retry Timeout * - - secondary_dst_entry_kbit_rate_exceed - 8 - Per Addr Rate: KiBit Exceeded * - - zone_tcp_frag_src_rate_drop - 8 - TCP Src Rate: Frag Exceeded * - - zone_port_pkt_rate_exceed - 8 - Port Rate: Packet Exceeded * - - dst_udp_retry_fail - 8 - UDP Auth: Retry Timeout * - - dst_exceed_action_tunnel - 8 - Entry Exceed Action: Tunnel * - - zone_tcp_syn_drop - 8 - TCP SYN Packets Dropped * - - src_tcp_action_on_syn_fail - 8 - Src TCP Auth: SYN Retry Dropped * - - src_udp_retry_pass - 8 - Src UDP Retry Passed * - - zone_tcp_action_on_ack_pass - 8 - TCP Auth: ACK Retry Passed * - - dst_l4_udp_blacklist_drop - 8 - Dst UDP IP-Proto Blacklist Dropped * - - zone_udp_filter_action_drop - 8 - UDP Filter Action Drop * - - src_udp_filter_action_default_pass - 8 - Src UDP Filter Action Default Pass * - - dst_clist_overflow_policy_at_learning - 8 - Dst Src-Based Overflow Policy Hit * - - src_tcp_action_on_syn_gap_drop - 8 - Src TCP Auth: SYN Retry-Gap Dropped * - - src_tcp_out_of_seq_excd - 8 - Src TCP Out-Of-Seq Exceeded * - - dst_entry_outbound_conn_rate_exceed - 8 - Outbound Rate: Conn Exceeded * - - zone_tcp_pkt_rate_exceed - 8 - TCP Dst IP-Proto Rate: Packet Exceeded * - - outbound_bytes_sent - 8 - Outbound: Bytes Forwarded * - - src_tcp_rst_cookie_fail - 8 - Src TCP Auth: RST Cookie Failed * - - zone_icmp_src_rate_drop - 8 - ICMP Src Rate: Total Exceeded * - - tcp_rexmit_syn_limit_bl - 8 - TCP SYN Retransmit Exceeded Blacklist * - - dst_l4_icmp_blacklist_drop - 8 - Dst ICMP IP-Proto Blacklist Dropped * - - zone_port_conn_rate_exceed - 8 - Port Rate: Conn Exceeded * - - source_entry_other - 8 - Source Entry OTHER Count * - - zone_icmp_pkt_rate_exceed - 8 - ICMP Dst Rate: Packet Exceeded * - - zone_tcp_bytes_drop - 8 - TCP Total Bytes Dropped * - - src_tcp_action_on_ack_timeout - 8 - Src TCP Auth: ACK Retry Timeout * - - dst_tcp_conn_close_half_open - 8 - TCP Half Open Connections Closed * - - source_entry_udp - 8 - Source Entry UDP Count * - - dst_entry_conn_rate_exceed - 8 - Entry Rate: Conn Exceeded * - - zone_port_undef_drop - 8 - Dst Port Undefined Dropped * - - sflow_external_packets_sent - 8 - Sflow External Packets Sent * - - zone_tcp_filter_action_blacklist - 8 - TCP Filter Action Blacklist * - - secondary_entry_learn - 8 - Per Addr Entry Learned * - - zone_tcp_filter_action_whitelist - 8 - TCP Filter Action WL * - - dst_other_any_exceed - 8 - OTHER Rate: Total Exceed * - - src_tcp_filter_action_default_pass - 8 - Src TCP Filter Action Default Pass * - - tcp_invalid_syn - 8 - TCP Invalid SYN Received * - - outbound_bytes_drop - 8 - Outbound: Bytes Dropped * - - zone_tcp_action_on_syn_pass - 8 - TCP Auth: SYN Retry Passed * - - dst_other_bytes_sent - 8 - OTHER Total Bytes Forwarded * - - zone_tcp_src_rate_drop - 8 - TCP Src Rate: Total Exceeded * - - src_udp_max_payload - 8 - Src UDP Payload Too Large * - - zone_tcp_action_on_ack_timeout - 8 - TCP Auth: ACK Retry Timeout * - - src_tcp_conn_prate_excd - 8 - Src TCP Rate: Conn Pkt Exceeded * - - zone_udp_retry_pass - 8 - UDP Auth: Retry Passed * - - tcp_rst_rcvd - 8 - TCP RST Received * - - dns_outbound_query_resp_chk_blacklisted - 8 - DNS Outbound Query Resp Check Blacklisted * - - icmp_fwd_recv - 8 - ICMP Inbound Packets Received * - - src_udp_filter_action_whitelist - 8 - Src UDP Filter Action WL * - - zone_tcp_action_on_syn_gap_drop - 8 - TCP Auth: SYN Retry-Gap Dropped * - - src_udp_filter_action_blacklist - 8 - Src UDP Filter Action Blacklist * - - zone_other_pkt_sent - 8 - OTHER Total Packets Forwarded * - - secondary_dst_entry_frag_pkt_rate_exceed - 8 - Per Addr Rate: Frag Packet Exceeded * - - sflow_internal_packets_sent - 8 - Sflow Internal Packets Sent * - - ingress_packets - 8 - Inbound: Packets Received * - - tcp_syn_rcvd - 8 - TCP Inbound SYN Received * - - zone_tcp_filter_not_match - 8 - TCP Filter Not Matched on Pkt * - - zone_tcp_rst_cookie_fail - 8 - TCP Auth: RST Cookie Failed * - - src_other_filter_action_whitelist - 8 - Src OTHER Filter Action WL * - - dst_entry_frag_pkt_rate_exceed - 8 - Entry Rate: Frag Packet Exceeded * - - zone_other_frag_pkt_rate_exceed - 8 - OTHER Dst IP-Proto Rate: Frag Exceeded * - - zone_src_port_kbit_rate_exceed - 8 - SrcPort Rate: KiBit Exceeded * - - secondary_port_learn - 8 - Per Addr Port Learned * - - zone_udp_bytes_drop - 8 - UDP Total Bytes Dropped * - - dst_tcp_conn_close_w_rst - 8 - TCP RST Connections Closed * - - src_tcp_wellknown_sport_drop - 8 - Src TCP SrcPort Wellknown * - - src_tcp_action_on_ack_init - 8 - Src TCP Auth: ACK Retry Init * - - outbound_pkt_sent - 8 - Outbound: Packets Forwarded * - - zone_tcp_action_on_ack_blacklist - 8 - TCP Auth: ACK Retry Timeout Blacklisted * - - zone_other_filter_action_whitelist - 8 - OTHER Filter Action WL * - - dst_entry_outbound_tcp_session_aged - 8 - Outbound: TCP Sessions Aged * - - zone_tcp_syn - 8 - TCP Total SYN Received * - - zone_other_filter_action_default_pass - 8 - OTHER Filter Action Default Pass * - - zone_other_pkt_rate_exceed - 8 - OTHER Dst IP-Proto Rate: Packet Exceeded * - - zone_udp_src_rate_drop - 8 - UDP Src Rate: Total Exceeded * - - src_tcp_action_on_syn_blacklist - 8 - Src TCP Auth: SYN Retry Timeout Blacklisted * - - zone_tcp_pkt_sent - 8 - TCP Total Packets Forwarded * - - zone_tcp_action_on_ack_gap_drop - 8 - TCP Auth: ACK Retry Retry-Gap Dropped * - - zone_tcp_filter_match - 8 - TCP Filter Match * - - dst_udp_retry_timeout_blacklist - 8 - UDP Auth: Retry Timeout Blacklisted * - - src_udp_conn_prate_excd - 8 - Src UDP Rate: Conn Pkt Exceeded * - - dst_tcp_conn_close_w_fin - 8 - TCP FIN Connections Closed * - - src_tcp_action_on_ack_gap_drop - 8 - Src TCP Auth: ACK Retry Retry-Gap Dropped * - - secondary_entry_aged - 8 - Per Addr Entry Aged * - - src_tcp_filter_action_drop - 8 - Src TCP Filter Action Drop * - - sflow_external_samples_packed - 8 - Sflow External Samples Packed * - - zone_tcp_conn_prate_excd - 8 - TCP Rate: Conn Pkt Exceeded * - - zone_tcp_src_drop - 8 - TCP Src Packets Dropped * - - src_udp_min_payload - 8 - Src UDP Payload Too Small * - - dst_tcp_bytes_rcv - 8 - TCP Total Bytes Received * - - dst_entry_outbound_conn_limit_exceed - 8 - Outbound Limit: Conn Exceeded * - - zone_other_filter_action_blacklist - 8 - OTHER Filter Action Blacklist * - - zone_udp_filter_not_match - 8 - UDP Filter Not Matched on Pkt * - - secondary_port_aged - 8 - Per Addr Port Aged * - - zone_port_bl - 8 - Dst Port Blacklist Packets Dropped * - - secondary_entry_hit - 8 - Per Addr Entry Hit * - - zone_src_port_conn_rate_exceed - 8 - SrcPort Rate: Conn Exceeded * - - zone_port_undef_hit - 8 - Dst Port undefined Hit * - - zone_icmp_frag_src_rate_drop - 8 - ICMP Src Rate: Frag Exceeded * - - zone_tcp_action_on_syn_init - 8 - TCP Auth: SYN Retry Init * - - dst_tcp_conn_close - 8 - TCP Connections Closed * - - zone_udp_ntp_monlist_resp - 8 - UDP NTP Monlist Response * - - zone_other_bytes_drop - 8 - OTHER Total Bytes Dropped * - - zone_udp_wellknown_sport_drop - 8 - UDP SrcPort Wellknown * - - dst_entry_outbound_kbit_rate_exceed_count - 8 - Outbound Rate: KiBit Exceeded Count * - - zone_frag_rcvd - 8 - Fragmented Packets Received * - - zone_port_kbit_rate_exceed - 8 - Port Rate: KiBit Exceeded * - - zone_icmp_bytes_drop - 8 - ICMP Total Bytes Dropped * - - zone_tcp_action_on_ack_init - 8 - TCP Auth: ACK Retry Init * - - src_tcp_syn_auth_fail - 8 - Src TCP Auth: SYN Auth Failed * - - zone_tcp_conn_rate_exceed - 8 - TCP Dst IP-Proto Rate: Conn Exceeded * - - dst_icmp_bytes_sent - 8 - ICMP Total Bytes Forwarded * - - source_entry_icmp - 8 - Source Entry ICMP Count * - - inbound_bytes_sent - 8 - Inbound: Bytes Forwarded * - - src_tcp_action_on_syn_timeout - 8 - Src TCP Auth: SYN Retry Timeout * - - zone_src_port_pkt_rate_exceed - 8 - SrcPort Rate: Packet Exceeded * - - zone_tcp_frag_pkt_rate_exceed - 8 - TCP Dst IP-Proto Rate: Frag Exceeded * - - secondary_entry_miss - 8 - Per Addr Entry Missed * - - dns_outbound_total_query - 8 - DNS Outbound Total Query * - - zone_tcp_pkt_rcvd - 8 - TCP Total Packets Received * - - zone_udp_filter_match - 8 - UDP Filter Match * - - dst_entry_outbound_frag_pkt_rate_exceed - 8 - Outbound Rate: Frag Packet Exceeded * - - zone_ip_proto_kbit_rate_exceed - 8 - IP-Proto Rate: KiBit Exceeded * - - dst_entry_outbound_udp_session_created - 8 - Outbound: UDP Sessions Created * - - src_frag_drop - 8 - Src Fragmented Packets Dropped * - - zone_udp_conn_prate_excd - 8 - UDP Rate: Conn Pkt Exceeded * - - zone_udp_src_drop - 8 - UDP Src Packets Dropped * - - src_tcp_action_on_ack_reset - 8 - Src TCP Auth: ACK Retry Timeout Reset * - - dst_tcp_session_aged - 8 - TCP Sessions Aged * - - zone_other_frag_src_rate_drop - 8 - OTHER Src Rate: Frag Exceeded * - - zone_icmp_pkt_rcvd - 8 - ICMP Total Packets Received * - - src_tcp_syn_cookie_fail - 8 - Src TCP Auth: SYN Cookie Failed * - - zone_other_filter_action_drop - 8 - OTHER Filter Action Drop * - - dns_outbound_query_resp_size_exceed - 8 - DNS Outbound Query Response Size Exceed * - - zone_udp_kibit_rate_drop - 8 - UDP Dst IP-Proto Rate: KiBit Exceeded * - - zone_other_filter_not_match - 8 - OTHER Filter Not Matched on Pkt * - - zone_tcp_auth - 8 - TCP Auth: SYN Cookie Sent * - - dst_tcp_conn_create_from_syn - 8 - TCP Connections Created From SYN * - - dns_outbound_query_resp_chk_failed - 8 - DNS Outbound Query Resp Check Failed * - - zone_blackhole_inject - 8 - Dst Blackhole Inject * - - dst_udp_bytes_sent - 8 - UDP Total Bytes Forwarded * - - dns_outbound_query_resp_chk_no_resp_sent - 8 - DNS Outbound Query Resp Check No Response Sent * - - secondary_dst_entry_pkt_rate_exceed - 8 - Per Addr Rate: Packet Exceeded * - - zone_tcp_drop - 8 - TCP Total Packets Dropped * - - zone_tcp_unauth_drop - 8 - TCP Auth: Unauth Dropped * - - dst_tcp_conn_create_from_ack - 8 - TCP Connections Created From ACK * - - zone_udp_pkt_rcvd - 8 - UDP Total Packets Received * - - dst_tcp_bytes_sent - 8 - TCP Total Bytes Forwarded * - - zone_icmp_kibit_rate_drop - 8 - ICMP Dst Rate: KiBit Exceeded * - - tcp_ack_rcvd - 8 - TCP ACK Received * - - zone_frag_drop - 8 - Fragmented Packets Dropped * - - zone_tcp_retransmit_excd - 8 - TCP Retransmit Exceeded * - - src_tcp_filter_action_whitelist - 8 - Src TCP Filter Action WL * - - zone_tcp_session_created - 8 - TCP Sessions Created * - - src_tcp_filter_action_blacklist - 8 - Src TCP Filter Action Blacklist * - - zone_tcp_conn_limit_exceed - 8 - TCP Dst IP-Proto Limit: Conn Exceeded * - - zone_udp_drop - 8 - UDP Total Packets Dropped * - - zone_ip_proto_pkt_rate_exceed - 8 - IP-Proto Rate: Packet Exceeded * - - source_entry_tcp - 8 - Source Entry TCP Count * - - udp_fwd_recv - 8 - UDP Inbound Packets Received * - - dst_icmp_bytes_rcv - 8 - ICMP Total Bytes Received * - - zone_udp_ntp_monlist_req - 8 - UDP NTP Monlist Request * - - zone_icmp_pkt_sent - 8 - ICMP Total Packets Forwarded * - - dst_entry_kbit_rate_exceed_count - 8 - Entry Rate: KiBit Exceeded Count * - - dst_udp_bytes_rcv - 8 - UDP Total Bytes Received * - - egress_packets - 8 - Outbound: Packets Received * - - zone_tcp_zero_window_excd - 8 - TCP Zero-Window Exceeded * - - zone_port_conn_limit_exceed - 8 - Port Limit: Conn Exceeded * - - src_udp_auth_timeout - 8 - Src UDP Auth: Retry Timeout * - - inbound_bytes_drop - 8 - Inbound: Bytes Dropped * - - zone_tcp_port_any_exceed - 8 - TCP Port Rate: Total Exceed * - - dst_l4_tcp_blacklist_drop - 8 - Dst TCP IP-Proto Blacklist Dropped * - - zone_payload_too_small - 8 - UDP Payload Too Small * - - dst_entry_outbound_udp_session_aged - 8 - Outbound: UDP Sessions Aged * - - zone_udp_any_exceed - 8 - UDP Dst IP-Proto Rate: Total Exceeded * - - dst_udp_auth_drop - 8 - UDP Auth: Dropped * - - src_other_filter_action_default_pass - 8 - Src OTHER Filter Action Default Pass * - - zone_other_src_drop - 8 - OTHER Src Packets Dropped * - - zone_tcp_action_on_syn_fail - 8 - TCP Auth: SYN Retry Dropped * - - zone_other_filter_match - 8 - OTHER Filter Match * - - dst_tcp_auth_drop - 8 - TCP Auth: Dropped * - - zone_port_kbit_rate_exceed_pkt - 8 - Port Rate: KiBit Pkt Exceeded * - - src_tcp_action_on_ack_fail - 8 - Src TCP Auth: ACK Retry Dropped * - - dst_entry_pkt_rate_exceed - 8 - Entry Rate: Packet Exceeded * - - zone_udp_session_created - 8 - UDP Sessions Created * - - dst_entry_outbound_tcp_session_created - 8 - Outbound: TCP Sessions Created * - - zone_udp_conn_limit_exceed - 8 - UDP Dst IP-Proto Limit: Conn Exceeded * - - ingress_bytes - 8 - Inbound: Bytes Received * - - dns_outbound_query_sess_timed_out - 8 - DNS Outbound Query Session Timed Out * - - sflow_internal_samples_packed - 8 - Sflow Internal Samples Packed * - - zone_out_no_route - 8 - Dst IPv4/v6 Out No Route * - - dst_tcp_auth_resp - 8 - TCP Auth: Responded * - - zone_tcp_out_of_seq_excd - 8 - TCP Out-Of-Seq Exceeded * - - zone_tcp_kibit_rate_drop - 8 - TCP Dst IP-Proto Rate: KiBit Exceeded * - - tcp_fin_rcvd - 8 - TCP FIN Received * - - dst_udp_retry_gap_drop - 8 - UDP Auth: Retry-Gap Dropped * - - zone_udp_frag_pkt_rate_exceed - 8 - UDP Dst IP-Proto Rate: Frag Exceeded * - - src_tcp_action_on_syn_init - 8 - Src TCP Auth: SYN Retry Init * - - src_udp_ntp_monlist_resp - 8 - Src UDP NTP Monlist Response * - - tcp_syn_ack_rcvd - 8 - TCP SYN ACK Received * - - zone_tcp_wellknown_sport_drop - 8 - TCP SrcPort Wellknown * - - src_udp_wellknown_sport_drop - 8 - Src UDP SrcPort Wellknown * - - zone_udp_port_any_exceed - 8 - UDP Port Rate: Total Exceed * - - zone_tcp_action_on_ack_reset - 8 - TCP Auth: ACK Retry Timeout Reset * - - zone_udp_filter_action_blacklist - 8 - UDP Filter Action Blacklist * - - zone_udp_filter_action_whitelist - 8 - UDP Filter Action WL * - - zone_icmp_drop - 8 - ICMP Total Packets Dropped * - - zone_tcp_filter_action_default_pass - 8 - TCP Filter Action Default Pass * - - zone_udp_retry_init - 8 - UDP Auth: Retry Init * - - dst_entry_kbit_rate_exceed - 8 - Entry Rate: KiBit Exceeded * - - secondary_dst_entry_conn_rate_exceed - 8 - Per Addr Rate: Conn Exceeded * - - zone_icmp_src_drop - 8 - ICMP Src Packets Dropped * - - dns_outbound_query_malformed - 8 - DNS Outbound Query Malformed * - - zone_other_pkt_rcvd - 8 - OTHER Total Packets Received * - - zone_tcp_action_on_ack_fail - 8 - TCP Auth: ACK Retry Dropped * - - outbound_drop - 8 - Outbound: Packets Dropped * - - dns_outbound_query_resp_chk_reset_sent - 8 - DNS Outbound Query Resp Check RESET Sent * - - dst_l4_other_blacklist_drop - 8 - Dst OTHER IP-Proto Blacklist Dropped * - - dns_outbound_query_resp_chk_refused_sent - 8 - DNS Outbound Query Resp Check REFUSED Sent * - - dst_icmp_any_exceed - 8 - ICMP Rate: Total Exceed * - - tcp_fwd_recv - 8 - TCP Inbound Packets Received * - - dst_entry_outbound_pkt_rate_exceed - 8 - Outbound Rate: Packet Exceeded * - - zone_blackhole_withdraw - 8 - Dst Blackhole Withdraw * - - zone_icmp_frag_pkt_rate_exceed - 8 - ICMP Dst IP-Proto Rate: Frag Exceeded * - - src_other_filter_action_drop - 8 - Src OTHER Filter Action Drop * - - zone_src_port_bl - 8 - Dst SrcPort Blacklist Packets Dropped * - - zone_tcp_auth_pass - 8 - TCP Auth: SYN Auth Passed .. _817_oper_data: operational data ---------------- .. list-table:: :widths: 10 20 30 80 :header-rows: 2 :stub-columns: 1 * - - Counter - Size - Description * - - - - * - - traffic-distribution-status - string - traffic-distribution-status * - - subnet-ip-addr - ipv4-cidr - subnet-ip-addr * - - protocol - string - protocol * - - addresses - flag - addresses * - - total-dynamic-entry-count - string - total-dynamic-entry-count * - - port-range-end - number - port-range-end * - - entry-displayed-count - number - entry-displayed-count * - - icmp-dynamic-entry-count - string - icmp-dynamic-entry-count * - - tcp-dynamic-entry-count - string - tcp-dynamic-entry-count * - - ddos_entry_list - - ddos_entry_list * - - service-displayed-count - number - service-displayed-count * - - ip-proto-num - number - ip-proto-num * - - all-ports - flag - all-ports * - - port-range-start - number - port-range-start * - - dynamic-expand-subnet - flag - dynamic-expand-subnet * - - port-num - number - port-num * - - all-addresses - flag - all-addresses * - - all-ip-protos - flag - all-ip-protos * - - subnet-ipv6-addr - ipv6-address-plen - subnet-ipv6-addr * - - other-dynamic-entry-count - string - other-dynamic-entry-count * - - udp-dynamic-entry-count - string - udp-dynamic-entry-count