ddos dst zone port zone-service-other¶
DDOS Port & Protocol configuration
zone-service-other Specification¶
Type Collection Object Key(s) port-other, protocol Collection Name zone-service-other-list Collection URI /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other Element Name zone-service-other Element URI /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol} Element Attributes zone-service-other_attributes Statistics Data URI /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}/stats Operational Data URI /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}/oper Schema zone-service-other schema
Operations Allowed:
Operation | Method | URI | Payload | |
---|---|---|---|---|
Create Object | POST | /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other | ||
Create List | POST | /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other | ||
Get Object | GET | /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol} | ||
Get List | GET | /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other | ||
Modify Object | POST | /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol} | ||
Replace Object | PUT | /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol} | ||
Replace List | PUT | /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other | ||
Delete Object | DELETE | /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol} |
zone-service-other-list¶
zone-service-other-list is JSON List of zone-service-other attributes
zone-service-other-list : [
]
zone-service-other attributes¶
age
Description Idle age for ip entry
Type: number
Range: 2-1023
Default: 5
apply-policy-on-overflow
Description Enable this flag to apply overflow policy when dynamic entry count overflows
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
default-action-list
Description Configure default-action-list
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/ddos/action-list
deny
Description Blacklist and Drop all incoming packets for protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dynamic-entry-overflow-policy-list
enable-class-list-overflow
Description Apply class-list overflow policy upon exceeding dynamic entry count specified for this zone port or each class-list
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
enable-top-k
Description Enable ddos top-k detection
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid-cfg
Description: glid-cfg is a JSON Block. Please see below for glid-cfg
Type: Object
level-list
Type: List
Refernce Object: /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}/level/{level-num}
manual-mode-enable
Description Toggle manual mode to use fix templates
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
manual-mode-list
Type: List
Refernce Object: /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}/manual-mode/{config}
max-dynamic-entry-count
Description Maximum count for dynamic source zone service entry
Type: number
Range: 0-2147483647
outbound-only
Description Only allow outbound traffic
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
pattern-recognition
Description: pattern-recognition is a JSON Block. Please see below for pattern-recognition
Type: Object
Refernce Object: /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}/pattern-recognition
port-ind
Description: port-ind is a JSON Block. Please see below for port-ind
Type: Object
Refernce Object: /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}/port-ind
port-other
Description ‘other’: other;
Type: string
Supported Values: other
protocol
Description ‘tcp’: TCP Port; ‘udp’: UDP Port;
Type: string
Supported Values: tcp, udp
sflow-common
Description Enable all sFlow polling options under this zone port
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: sflow-commonsflow-packets, sflow-tcp-basic and sflow-tcp-stateful are mutually exclusive
sflow-packets
Description Enable sFlow packet-level counter polling
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: sflow-packets and sflow-common are mutually exclusive
sflow-tcp
Description: sflow-tcp is a JSON Block. Please see below for sflow-tcp
Type: Object
src-based-policy-list
stateful
Description Enable stateful tracking of sessions (Default is stateless)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
topk-sources
Description: topk-sources is a JSON Block. Please see below for topk-sources
Type: Object
Refernce Object: /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}/topk-sources
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
pattern-recognition¶
Specification Type object algorithm
Description ‘heuristic’: heuristic algorithm;
Type: string
Supported Values: heuristic
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dynamic-entry-overflow-policy-list¶
Specification Type list Block object keys action
Description ‘bypass’: Always permit for the Source to bypass all feature & limit checks; ‘deny’: Blacklist incoming packets for service;
Type: string
Supported Values: bypass, deny
dummy-name
Description ‘configuration’: Configure overflow policy;
Type: string
Supported Values: configuration
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/glid
log-enable
Description Enable logging
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
log-periodic
Description Enable log periodic
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template
Description: zone-template is a JSON Block. Please see below for dynamic-entry-overflow-policy-list_zone-template
Type: Object
dynamic-entry-overflow-policy-list_zone-template¶
Specification Type object dns
Description DDOS dns template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
encap
Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
http
Description DDOS http template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
logging
Description DDOS logging template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
sip
Description DDOS sip template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
ssl-l4
Description DDOS ssl-l4 template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
tcp
Description DDOS tcp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
udp
Description DDOS udp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
glid-cfg¶
Specification Type object action-list
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/ddos/action-list
glid
Description Global limit ID for the whole zone
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/glid
glid-action
Description ‘drop’: Drop packets for glid exceed (Default if default-action-list is not configured); ‘ignore’: Do nothing for glid exceed;
Type: string
Supported Values: drop, ignore
per-addr-glid
Description Global limit ID per address
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/glid
level-list¶
Specification Type list Block object keys apply-extracted-filters
Description Apply extracted filters from this level
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid-action
Description ‘drop’: Drop packets for glid exceed (Default); ‘blacklist-src’: Blacklist-src for glid exceed; ‘ignore’: Do nothing for glid exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
indicator-list
level-num
Description ‘0’: Default policy level; ‘1’: Policy level 1; ‘2’: Policy level 2; ‘3’: Policy level 3; ‘4’: Policy level 4;
Type: string
Supported Values: 0, 1, 2, 3, 4
src-default-glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/glid
src-escalation-score
Description Source activation score of this level
Type: number
Range: 1-1000000
src-violation-actions
Description Violation actions apply due to source escalate from this level
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/ddos/violation-actions
start-pattern-recognition
Description Start pattern recognition from this level
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-escalation-score
Description Zone activation score of this level
Type: number
Range: 1-1000000
zone-template
Description: zone-template is a JSON Block. Please see below for level-list_zone-template
Type: Object
zone-violation-actions
Description Violation actions apply due to zone escalate from this level
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/ddos/violation-actions
level-list_zone-template¶
Specification Type object encap
Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
tcp
Description DDOS tcp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
udp
Description DDOS udp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
level-list_indicator-list¶
Specification Type list Block object keys data-packet-size
Description Expected minimal data size
Type: number
Range: 0-2147483647
score
Description Score corresponding to the indicator
Type: number
Range: 1-1000000
src-threshold-num
Description Indicator per-src threshold
Type: number
Range: 0-2147483647
src-threshold-str
Description Indicator per-src threshold
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
src-violation-actions
Description Violation actions to use when this src indicator threshold reaches
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/ddos/violation-actions
tcp-window-size
Description Expected minimal window size
Type: number
Range: 0-2147483647
type
Description ‘pkt-rate’: rate of incoming packets; ‘pkt-drop-rate’: rate of packets got dropped; ‘pkt-drop-ratio’: ratio of incoming packet rate divided by the rate of dropping packets; ‘bytes-to-bytes-from-ratio’: ratio of incoming packet rate divided by the rate of outgoing packets; ‘concurrent-conns’: number of concurrent connections; ‘conn-miss-rate’: rate of incoming packets for which no previously established connection exists; ‘syn-rate’: rate on incoming SYN packets; ‘fin-rate’: rate on incoming FIN packets; ‘rst-rate’: rate of incoming RST packets; ‘small-window-ack-rate’: rate of small window advertisement; ‘empty-ack-rate’: rate of incoming packets which have no payload; ‘small-payload-rate’: rate of short payload packet; ‘syn-fin-ratio’: ratio of incoming SYN packet rate divided by the rate of incoming FIN packets; ‘cpu-utilization’: average data CPU utilization; ‘interface-utilization’: outside interface utilization;
Type: string
Supported Values: pkt-rate, pkt-drop-rate, pkt-drop-ratio, bytes-to-bytes-from-ratio, concurrent-conns, conn-miss-rate, syn-rate, fin-rate, rst-rate, small-window-ack-rate, empty-ack-rate, small-payload-rate, syn-fin-ratio, cpu-utilization, interface-utilization
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-threshold-num
Description Threshold for the entire zone
Type: number
Range: 0-2147483647
zone-threshold-str
Description Threshold for the entire zone
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
zone-violation-actions
Description Violation actions to use when this zone indicator threshold reaches
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/ddos/violation-actions
manual-mode-list¶
Specification Type list Block object keys config
Description ‘configuration’: Manual-mode configuration;
Type: string
Supported Values: configuration
glid-action
Description ‘drop’: Drop packets for glid exceed (Default); ‘blacklist-src’: Blacklist-src for glid exceed; ‘ignore’: Do nothing for glid exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
src-default-glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/glid
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template
Description: zone-template is a JSON Block. Please see below for manual-mode-list_zone-template
Type: Object
manual-mode-list_zone-template¶
Specification Type object encap
Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
tcp
Description DDOS tcp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
udp
Description DDOS udp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
src-based-policy-list¶
Specification Type list Block object keys policy-class-list-list
src-based-policy-name
Description Specify name of the policy
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
src-based-policy-list_policy-class-list-list¶
Specification Type list Block object keys action
Description ‘bypass’: Always permit for the Source to bypass all feature & limit checks; ‘deny’: Blacklist incoming packets for service;
Type: string
Supported Values: bypass, deny
class-list-name
Description Class-list name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
class-list-overflow-policy-list
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/glid
glid-action
Description ‘drop’: Drop packets for glid exceed (Default); ‘blacklist-src’: Blacklist-src for glid exceed; ‘ignore’: Do nothing for glid exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
max-dynamic-entry-count
Description Maximum count for dynamic source zone service entry allowed for this class-list
Type: number
Range: 0-2147483647
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template
Description: zone-template is a JSON Block. Please see below for src-based-policy-list_policy-class-list-list_zone-template
Type: Object
src-based-policy-list_policy-class-list-list_zone-template¶
Specification Type object encap
Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
ips
Description IPS template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
logging
Description DDOS logging template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
tcp
Description DDOS tcp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
udp
Description DDOS udp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list¶
Specification Type list Block object keys action
Description ‘bypass’: Always permit for the Source to bypass all feature & limit checks; ‘deny’: Blacklist incoming packets for service;
Type: string
Supported Values: bypass, deny
dummy-name
Description ‘configuration’: Configure overflow policy for class-list;
Type: string
Supported Values: configuration
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/glid
log-enable
Description Enable logging
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
log-periodic
Description Enable log periodic
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template
Description: zone-template is a JSON Block. Please see below for src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list_zone-template
Type: Object
src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list_zone-template¶
Specification Type object dns
Description DDOS dns template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
encap
Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
http
Description DDOS http template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
logging
Description DDOS logging template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
sip
Description DDOS sip template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
ssl-l4
Description DDOS ssl-l4 template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
tcp
Description DDOS tcp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
udp
Description DDOS udp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
port-ind¶
Specification Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
sflow-tcp¶
Specification Type object sflow-tcp-basic
Description Enable sFlow basic TCP counter polling
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: sflow-tcp-basic and sflow-common are mutually exclusive
sflow-tcp-stateful
Description Enable sFlow stateful TCP counter polling
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: sflow-tcp-stateful and sflow-common are mutually exclusive
topk-sources¶
Specification Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
stats tcp-zone-port¶
Counter | Size | Description | |
---|---|---|---|
src_ack_auth_fail | 8 | Src ACK Retry Dropped | |
src_well_known_port | 8 | Src TCP SrcPort Wellknown | |
tcp_rexmit_syn_limit_drop | 8 | TCP SYN Retransmit Exceed Drop | |
secondary_port_kbit_rate_exceed_pkt | 8 | Per Addr-Port KiBit Rate Exceeded Count | |
outbound_port_bytes_sent | 8 | Outbound Bytes Forwarded | |
auth_drop | 8 | TCP Auth Dropped | |
filter_total_not_match | 8 | Filter Not Matched on Pkt | |
src_ack_retry_gap_drop | 8 | Src ACK Retry Retry-Gap Dropped | |
filter4_match | 8 | Filter4 Match | |
src_create_conn_non_syn_dropped | 8 | Src Create Conn with non-SYN Packets Dropped | |
sess_aged | 8 | Sessions Aged Out | |
pattern_filter4_match | 8 | Extracted Filter4 Match | |
pattern_filter1_match | 8 | Extracted Filter1 Match | |
conn_close | 8 | Connections Closed | |
syn_auth_fail | 8 | SYN Auth Failed | |
pattern_filter2_match | 8 | Extracted Filter2 Match | |
syn_retry_init | 8 | SYN Retry Init | |
secondary_port_kbit_rate_exceed | 8 | Per Addr-Port KiBit Rate Exceeded | |
pattern_filter5_match | 8 | Extracted Filter5 Match | |
secondary_port_hit | 8 | Per Addr-Port Hit | |
wellknown_sport_drop | 8 | TCP SrcPort Wellknown | |
src_filter_total_not_match | 8 | Src Filter Not Matched on Pkt | |
port_syn_rate_exceed | 8 | TCP SYN Rate Exceeded | |
conn_rexmit_rate_excd | 8 | TCP Conn Retransmit Rate Exceeded | |
outbound_port_bytes | 8 | Outbound Bytes Received | |
out_of_seq_excd | 8 | Out-Of-Seq Exceeded | |
conn_close_w_rst | 8 | RST Connections Closed | |
port_src_escalation | 8 | Src Escalation | |
dst_hw_drop | 8 | Dst Hardware Packets Dropped | |
filter_action_default_pass | 8 | Filter Action Default Pass | |
src_ack_retry_rto_progress | 8 | Src ACK Retry RTO Progress | |
src_filter_action_blacklist | 8 | Src Filter Action Blacklist | |
src_retransmit_excd | 8 | Src Retransmit Exceeded | |
pattern_filter3_match | 8 | Extracted Filter3 Match | |
tcp_rexmit_syn_limit_bl | 8 | TCP SYN Retransmit Exceed Blacklist | |
src_ack_retry_timeout | 8 | Src ACK Retry Timeout | |
dst_hw_drop_removed | 8 | Dst Hardware Drop Rules Removed | |
src_zone_service_entry_aged | 8 | SrcZoneService Entry Aged | |
src_filter5_match | 8 | Src Filter5 Match | |
outbound_port_drop | 8 | Outbound Packets Dropped | |
sflow_external_packets_sent | 8 | Sflow External Packets Sent | |
filter5_match | 8 | Filter5 Match | |
secondary_port_conn_rate_exceed | 8 | Per Addr-Port Conn Rate Exceeded | |
port_bytes | 8 | Inbound Bytes Received | |
no_policy_class_list_match | 8 | No Policy Class-list Match | |
src_filter_action_default_pass | 8 | Src Filter Action Default Pass | |
syn_cookie_fail | 8 | SYN Cookie Failed | |
src_syn_retry_rto_fail | 8 | Src SYN Retry RTO Dropped | |
syn_retry_rto_progress | 8 | SYN Retry RTO Progress | |
src_conn_rexmit_rate_excd | 8 | Src TCP Conn Retransmit Rate Exceeded | |
src_out_of_seq_excd | 8 | Src Out-Of-Seq Exceeded | |
rst_cookie_fail | 8 | RST Cookie Failed | |
ack_retry_rto_fail | 8 | ACK Retry RTO Dropped | |
sflow_internal_packets_sent | 8 | Sflow Internal Packets Sent | |
frag_rcvd | 8 | Fragmented Packets Received | |
src_syn_retry_init | 8 | Src SYN Retry Init | |
outbound_port_bytes_drop | 8 | Outbound Bytes Dropped | |
syn_retry_rto_pass | 8 | SYN Retry RTO Passed | |
exceed_action_tunnel | 8 | Exceed Action: Tunnel | |
bl | 8 | Dst Blacklisted | |
filter1_match | 8 | Filter1 Match | |
auth_resp | 8 | TCP Auth Responded | |
sess_create_inbound | 8 | Inbound Sessions Created | |
filter_auth_fail | 8 | Filter Auth Failed | |
conn_create_from_syn | 8 | Connections Created From SYN | |
exceed_drop_brate_src_pkt | 8 | Src KiBit Rate Exceeded Count | |
secondary_port_conn_limm_exceed | 8 | Per Addr-Port Conn Limit Exceeded | |
src_hw_drop_removed | 8 | Src Hardware Drop Rules Removed | |
src_zero_window_excd | 8 | Src Zero-Window Exceeded | |
ack_auth_fail | 8 | ACK Retry Dropped | |
sflow_external_samples_packed | 8 | Sflow External Samples Packed | |
src_drop | 8 | Src Packets Dropped | |
syn_retry_blacklist | 8 | SYN Retry Timeout Blacklisted | |
synack_reset_sent | 8 | SYNACK Reset Sent | |
pattern_recognition_pattern_changed | 8 | Pattern Recognition: Pattern Change Detected | |
src_conn_ofo_rate_excd | 8 | Src TCP Conn Out-Of-Seq Rate Exceeded | |
syn_retry_gap_drop | 8 | SYN Retry-Gap Dropped | |
conn_create_from_ack | 8 | Connections Created From ACK | |
filter_none_match | 8 | Filter No Match | |
src_filter3_match | 8 | Src Filter3 Match | |
src_syn_retry_gap_drop | 8 | Src SYN Retry-Gap Dropped | |
src_zone_service_entry_learned | 8 | SrcZoneService Entry Learned | |
syn_drop | 8 | SYN Dropped | |
src_filter1_match | 8 | Src Filter1 Match | |
src_syn_rate_exceed | 8 | Src TCP SYN Rate Exceeded | |
port_conn_rate_exceed | 8 | Conn Rate Exceeded | |
src_syn_retry_timeout | 8 | Src SYN Retry Timeout | |
src_filter_none_match | 8 | Src Filter No Match | |
port_kbit_rate_exceed_pkt | 8 | KiBit Rate Exceeded Count | |
dst_hw_drop_inserted | 8 | Dst Hardware Drop Rules Inserted | |
unauth_drop | 8 | TCP Unauth Dropped | |
src_syn_cookie_sent | 8 | Src SYN Cookie Sent | |
port_bytes_sent | 8 | Inbound Bytes Forwarded | |
exceed_drop_brate_src | 8 | Src KiBit Rate Exceeded | |
ack_retry_timeout | 8 | ACK Retry Timeout | |
src_frag_drop | 8 | Src Fragmented Packets Dropped | |
syn_retry_timeout | 8 | SYN Retry Timeout | |
syn_tfo_rcv | 8 | SYN TFO Received | |
port_kbit_rate_exceed | 8 | KiBit Rate Exceeded | |
src_unauth_drop | 8 | Src TCP Unauth Dropped | |
filter_action_whitelist | 8 | Filter Action WL | |
src_conn_pkt_rate_excd | 8 | Src TCP Conn Pkt Rate Exceeded | |
port_src_bl | 8 | Src Blacklisted | |
frag_timeout | 8 | Fragmented Packets Timeout | |
outbound_port_pkt_sent | 8 | Outbound Packets Forwarded | |
sess_create_outbound | 8 | Outbound Sessions Created | |
pattern_filter_drop | 8 | Extracted Filter Drop | |
conn_close_w_fin | 8 | FIN Connections Closed | |
src_syn_retry_blacklist | 8 | Src SYN Retry Timeout Blacklisted | |
src_ack_retry_rto_pass | 8 | Src ACK Retry RTO Passed | |
src_conn_zwindow_rate_excd | 8 | Src TCP Conn Zero-Window Rate Exceeded | |
src_ack_retry_init | 8 | Src ACK Retry Init | |
ack_retry_blacklist | 8 | ACK Retry Timeout Blacklisted | |
filter_action_blacklist | 8 | Filter Action Blacklist | |
port_pkt_sent | 8 | Inbound Packets Forwarded | |
syn_auth_pass | 8 | SYN Auth Passed | |
syn_retry_rto_fail | 8 | SYN Retry RTO Dropped | |
syn_cookie_sent | 8 | SYN Cookie Sent | |
retransmit_excd | 8 | Retransmit Exceeded | |
src_syn_auth_fail | 8 | Src SYN Auth Failed | |
src_filter_action_whitelist | 8 | Src Filter Action WL | |
zero_window_excd | 8 | Zero-Window Exceeded | |
src_ack_retry_reset | 8 | Src ACK Retry Timeout Reset | |
conn_ofo_rate_excd | 8 | TCP Conn Out-Of-Seq Rate Exceeded | |
filter2_match | 8 | Filter2 Match | |
src_ack_retry_blacklist | 8 | Src ACK Retry Timeout Blacklisted | |
frag_drop | 8 | Fragmented Packets Dropped | |
pattern_not_found | 8 | Pattern Recognition: Pattern Not Found | |
syn_retry_reset | 8 | SYN Retry Timeout Reset | |
port_conn_limm_exceed | 8 | Conn Limit Exceeded | |
filter3_match | 8 | Filter3 Match | |
exceed_drop_climit_src | 8 | Src Conn Limit Exceeded | |
conn_close_w_idle | 8 | Idle Connections Closed | |
secondary_port_pkt_rate_exceed | 8 | Per Addr-Port Packet Rate Exceeded | |
src_filter2_match | 8 | Src Filter2 Match | |
sess_create | 8 | Session Create | |
port_bytes_drop | 8 | Inbound Bytes Dropped | |
exceed_drop_prate_src | 8 | Src Pkt Rate Exceeded | |
ack_retry_pass | 8 | ACK Retry Passed | |
pattern_recognition_generic_error | 8 | Pattern Recognition: Exceptions | |
ack_retry_reset | 8 | ACK Retry Timeout Reset | |
src_syn_cookie_fail | 8 | Src SYN Cookie Failed | |
syn_retry_failed | 8 | SYN Retry Dropped | |
pattern_recognition_sampling_started | 8 | Pattern Recognition: Sampling Started | |
ack_retry_init | 8 | ACK Retry Init | |
src_filter4_match | 8 | Src Filter4 Match | |
sflow_internal_samples_packed | 8 | Sflow Internal Samples Packed | |
ack_retry_gap_drop | 8 | ACK Retry Retry-Gap Dropped | |
create_conn_non_syn_dropped | 8 | Create Conn with non-SYN Packets Dropped | |
syn_retry_pass | 8 | SYN Retry Passed | |
current_es_level | 8 | Current Escalation Level | |
src_syn_retry_failed | 8 | Src SYN Retry Dropped | |
filter_action_drop | 8 | Filter Action Drop | |
src_ack_retry_rto_fail | 8 | Src ACK Retry RTO Dropped | |
conn_zwindow_rate_excd | 8 | TCP Conn Zero-Window Rate Exceeded | |
ack_retry_rto_progress | 8 | ACK Retry RTO Progress | |
port_pkt_rate_exceed | 8 | Packet Rate Exceeded | |
pattern_recognition_proceeded | 8 | Pattern Recognition: Engine Started | |
port_drop | 8 | Inbound Packets Dropped | |
ack_retry_rto_pass | 8 | ACK Retry RTO Passed | |
outbound_port_rcvd | 8 | Outbound Packets Received | |
src_filter_auth_fail | 8 | Src Filter Auth Failed | |
src_syn_retry_rto_pass | 8 | Src SYN Retry RTO Passed | |
src_syn_retry_reset | 8 | Src SYN Retry Timeout Reset | |
port_rcvd | 8 | Inbound Packets Received | |
conn_close_half_open | 8 | Half Open Connections Closed | |
src_hw_drop_inserted | 8 | Src Hardware Drop Rules Inserted | |
synack_multiple_attempts_per_ip_detected | 8 | SYNACK Multiple Attempts Per IP Detected | |
src_syn_retry_rto_progress | 8 | Src SYN Retry RTO Progress | |
conn_prate_excd | 8 | TCP Conn Pkt Rate Exceeded | |
exceed_drop_crate_src | 8 | Src Conn Rate Exceeded | |
src_rst_cookie_fail | 8 | Src RST Cookie Failed | |
src_auth_drop | 8 | Src TCP Auth Dropped | |
src_filter_action_drop | 8 | Src Filter Action Drop |
stats udp-zone-port¶
Counter | Size | Description | |
---|---|---|---|
secondary_port_kbit_rate_exceed_pkt | 8 | Per Addr-Port KiBit Rate Exceeded Count | |
pattern_filter5_match | 8 | Extracted Filter5 Match | |
frag_drop | 8 | Fragmented Packets Dropped | |
outbound_port_bytes_sent | 8 | Outbound Bytes Forwarded | |
src_udp_retry_gap_drop | 8 | Src UDP Retry-Gap Dropped | |
filter4_match | 8 | Filter4 Match | |
spoof_detect_fail | 8 | UDP Retry Timeout | |
sess_aged | 8 | Sessions Aged Out | |
pattern_filter4_match | 8 | Extracted Filter4 Match | |
pattern_filter1_match | 8 | Extracted Filter1 Match | |
pattern_filter2_match | 8 | Extracted Filter2 Match | |
secondary_port_kbit_rate_exceed | 8 | Per Addr-Port KiBit Rate Exceeded | |
secondary_port_hit | 8 | Per Addr-Port Hit | |
wellknown_sport_drop | 8 | UDP SrcPort Wellknown | |
src_filter_total_not_match | 8 | Src Filter Not Matched on Pkt | |
src_udp_retry_init | 8 | Src UDP Retry Init | |
src_payload_too_small | 8 | Src UDP Payload Too Small | |
src_udp_retry_pass | 8 | Src UDP Retry Passed | |
udp_retry_init | 8 | UDP Retry Init | |
outbound_port_bytes | 8 | Outbound Bytes Received | |
src_filter5_match | 8 | Src Filter5 Match | |
port_src_escalation | 8 | Src Escalation | |
dst_hw_drop | 8 | Dst Hardware Packets Dropped | |
port_bytes | 8 | Inbound Bytes Received | |
frag_rcvd | 8 | Fragmented Packets Received | |
src_filter_action_blacklist | 8 | Src Filter Action Blacklist | |
pattern_filter3_match | 8 | Extracted Filter3 Match | |
dst_hw_drop_removed | 8 | Dst Hardware Drop Rules Removed | |
src_zone_service_entry_aged | 8 | SrcZoneService Entry Aged | |
outbound_port_drop | 8 | Outbound Packets Dropped | |
sflow_external_packets_sent | 8 | Sflow External Packets Sent | |
filter5_match | 8 | Filter5 Match | |
no_policy_class_list_match | 8 | No Policy Class-list Match | |
src_filter_action_default_pass | 8 | Src Filter Action Default Pass | |
zone_src_udp_retry_timeout_blacklist | 8 | Src UDP Retry Timeout Blacklisted | |
filter_total_not_match | 8 | Filter Not Matched on Pkt | |
sflow_internal_packets_sent | 8 | Sflow Internal Packets Sent | |
payload_too_small | 8 | UDP Payload Too Small | |
src_payload_too_big | 8 | Src UDP Payload Too Large | |
outbound_port_bytes_drop | 8 | Outbound Bytes Dropped | |
exceed_action_tunnel | 8 | Exceed Action: Tunnel | |
bl | 8 | Dst Blacklisted | |
filter1_match | 8 | Filter1 Match | |
ntp_monlist_resp | 8 | NTP Monlist Response | |
sess_create_inbound | 8 | Inbound Sessions Created | |
filter_auth_fail | 8 | Filter Auth Failed | |
exceed_drop_brate_src_pkt | 8 | Src KiBit Rate Exceeded Count | |
src_filter1_match | 8 | Src Filter1 Match | |
udp_retry_pass | 8 | UDP Retry Passed | |
src_hw_drop_removed | 8 | Src Hardware Drop Rules Removed | |
dst_udp_retry_timeout_blacklist | 8 | UDP Retry Timeout Blacklisted | |
src_udp_auth_drop | 8 | Src UDP Auth Dropped | |
sflow_external_samples_packed | 8 | Sflow External Samples Packed | |
src_drop | 8 | Src Packets Dropped | |
pattern_recognition_pattern_changed | 8 | Pattern Recognition: Pattern Change Detected | |
port_drop | 8 | Inbound Packets Dropped | |
filter_none_match | 8 | Filter No Match | |
src_filter3_match | 8 | Src Filter3 Match | |
ntp_monlist_req | 8 | NTP Monlist Request | |
src_zone_service_entry_learned | 8 | SrcZoneService Entry Learned | |
payload_too_big | 8 | UDP Payload Too Large | |
port_conn_rate_exceed | 8 | Conn Rate Exceeded | |
src_filter_none_match | 8 | Src Filter No Match | |
port_kbit_rate_exceed_pkt | 8 | KiBit Rate Exceeded Count | |
port_bytes_sent | 8 | Inbound Bytes Forwarded | |
exceed_drop_brate_src | 8 | Src KiBit Rate Exceeded | |
src_frag_drop | 8 | Src Fragmented Packets Dropped | |
port_kbit_rate_exceed | 8 | KiBit Rate Exceeded | |
udp_retry_gap_drop | 8 | UDP Retry-Gap Dropped | |
filter_action_whitelist | 8 | Filter Action Whitelist | |
src_conn_pkt_rate_excd | 8 | Src UDP Conn Pkt Rate Exceeded | |
port_src_bl | 8 | Src Blacklisted | |
outbound_port_rcvd | 8 | Outbound Packets Received | |
outbound_port_pkt_sent | 8 | Outbound Packets Forwarded | |
sess_create_outbound | 8 | Outbound Sessions Created | |
pattern_filter_drop | 8 | Extracted Filter Drop | |
pattern_recognition_proceeded | 8 | Pattern Recognition: Engine Started | |
src_well_known_port | 8 | Src UDP SrcPort Wellknown | |
filter_action_blacklist | 8 | Filter Action Blacklist | |
port_pkt_sent | 8 | Inbound Packets Forwarded | |
src_filter_action_whitelist | 8 | Src Filter Action Whitelist | |
secondary_port_conn_rate_exceed | 8 | Per Addr-Port Conn Rate Exceeded | |
dst_hw_drop_inserted | 8 | Dst Hardware Drop Rules Inserted | |
filter2_match | 8 | Filter2 Match | |
secondary_port_conn_limm_exceed | 8 | Per Addr-Port Conn Limit Exceeded | |
pattern_not_found | 8 | Pattern Recognition: Pattern Not Found | |
port_conn_limm_exceed | 8 | Conn Limit Exceeded | |
filter3_match | 8 | Filter3 Match | |
src_ntp_monlist_resp | 8 | Src NTP Monlist Response | |
secondary_port_pkt_rate_exceed | 8 | Per Addr-Port Packet Rate Exceeded | |
src_filter2_match | 8 | Src Filter2 Match | |
sess_create | 8 | Session Create | |
port_bytes_drop | 8 | Inbound Bytes Dropped | |
exceed_drop_prate_src | 8 | Src Pkt Rate Exceeded | |
exceed_drop_climit_src | 8 | Src Conn Limit Exceeded | |
udp_auth_drop | 8 | UDP Auth Dropped | |
pattern_recognition_generic_error | 8 | Pattern Recognition: Exceptions | |
src_ntp_monlist_req | 8 | Src NTP Monlist Request | |
pattern_recognition_sampling_started | 8 | Pattern Recognition: Sampling Started | |
src_filter4_match | 8 | Src Filter4 Match | |
sflow_internal_samples_packed | 8 | Sflow Internal Samples Packed | |
filter_action_default_pass | 8 | Filter Action Default Pass | |
current_es_level | 8 | Current Escalation Level | |
filter_action_drop | 8 | Filter Action Drop | |
port_pkt_rate_exceed | 8 | Packet Rate Exceeded | |
frag_timeout | 8 | Fragmented Packets Timeout | |
src_filter_auth_fail | 8 | Src Filter Auth Failed | |
port_rcvd | 8 | Inbound Packets Received | |
src_hw_drop_inserted | 8 | Src Hardware Drop Rules Inserted | |
conn_prate_excd | 8 | UDP Conn Pkt Rate Exceeded | |
exceed_drop_crate_src | 8 | Src Conn Rate Exceeded | |
src_filter_action_drop | 8 | Src Filter Action Drop | |
src_udp_auth_timeout | 8 | Src UDP Retry Timeout |
operational data¶
Counter | Size | Description | |
---|---|---|---|
app-stat | flag | app-stat | |
black-listed | flag | black-listed | |
authenticated | flag | authenticated | |
l4-ext-rate | flag | l4-ext-rate | |
overflow-policy | flag | overflow-policy | |
class-list | string | class-list | |
entry-displayed-count | number | entry-displayed-count | |
subnet-ip-addr | ipv4-cidr | subnet-ip-addr | |
exceeded | flag | exceeded | |
ddos_entry_list | ddos_entry_list | ||
service-displayed-count | number | service-displayed-count | |
white-listed | flag | white-listed | |
sources | flag | sources | |
hw-blacklisted | flag | hw-blacklisted | |
ipv6 | ipv6-address | ipv6 | |
sources-all-entries | flag | sources-all-entries | |
indicator-detail | flag | indicator-detail | |
level | flag | level | |
subnet-ipv6-addr | ipv6-address-plen | subnet-ipv6-addr | |
indicators | flag | indicators |