ddos dst zone port zone-service-other

DDOS Port & Protocol configuration

zone-service-other Specification

   
Type Collection
Object Key(s) port-other, protocol
Collection Name zone-service-other-list
Collection URI /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other
Element Name zone-service-other
Element URI /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}
Element Attributes zone-service-other_attributes
Statistics Data URI /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}/stats
Operational Data URI /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}/oper
Schema zone-service-other schema

Operations Allowed:

OperationMethodURIPayload

Create Object

POST

/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other

zone-service-other attributes

Create List

POST

/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other

zone-service-other attributes

Get Object

GET

/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}

zone-service-other attributes

Get List

GET

/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other

zone-service-other-list

Modify Object

POST

/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}

zone-service-other attributes

Replace Object

PUT

/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}

zone-service-other attributes

Replace List

PUT

/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other

zone-service-other-list

Delete Object

DELETE

/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}

zone-service-other attributes

zone-service-other-list

zone-service-other-list is JSON List of zone-service-other attributes

zone-service-other-list : [

zone-service-other attributes

age

Description Idle age for ip entry

Type: number

Range: 2-1023

Default: 5

apply-policy-on-overflow

Description Enable this flag to apply overflow policy when dynamic entry count overflows

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

default-action-list

Description Configure default-action-list

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/ddos/action-list

deny

Description Blacklist and Drop all incoming packets for protocol

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dynamic-entry-overflow-policy-list

enable-class-list-overflow

Description Apply class-list overflow policy upon exceeding dynamic entry count specified for this zone port or each class-list

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

enable-top-k

Description Enable ddos top-k detection

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

glid-cfg

Description: glid-cfg is a JSON Block. Please see below for glid-cfg

Type: Object

level-list

manual-mode-enable

Description Toggle manual mode to use fix templates

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

manual-mode-list

max-dynamic-entry-count

Description Maximum count for dynamic source zone service entry

Type: number

Range: 0-2147483647

outbound-only

Description Only allow outbound traffic

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

pattern-recognition

Description: pattern-recognition is a JSON Block. Please see below for pattern-recognition

Type: Object

Refernce Object: /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}/pattern-recognition

port-ind

Description: port-ind is a JSON Block. Please see below for port-ind

Type: Object

Refernce Object: /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}/port-ind

port-other

Description ‘other’: other;

Type: string

Supported Values: other

protocol

Description ‘tcp’: TCP Port; ‘udp’: UDP Port;

Type: string

Supported Values: tcp, udp

sflow-common

Description Enable all sFlow polling options under this zone port

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: sflow-commonsflow-packets, sflow-tcp-basic and sflow-tcp-stateful are mutually exclusive

sflow-packets

Description Enable sFlow packet-level counter polling

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: sflow-packets and sflow-common are mutually exclusive

sflow-tcp

Description: sflow-tcp is a JSON Block. Please see below for sflow-tcp

Type: Object

src-based-policy-list

stateful

Description Enable stateful tracking of sessions (Default is stateless)

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

topk-sources

Description: topk-sources is a JSON Block. Please see below for topk-sources

Type: Object

Refernce Object: /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}/topk-sources

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

pattern-recognition

Specification  
Type object

algorithm

Description ‘heuristic’: heuristic algorithm;

Type: string

Supported Values: heuristic

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

dynamic-entry-overflow-policy-list

Specification  
Type list
Block object keys  

action

Description ‘bypass’: Always permit for the Source to bypass all feature & limit checks; ‘deny’: Blacklist incoming packets for service;

Type: string

Supported Values: bypass, deny

dummy-name

Description ‘configuration’: Configure overflow policy;

Type: string

Supported Values: configuration

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

log-enable

Description Enable logging

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

log-periodic

Description Enable log periodic

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

user-tag

Description Customized tag

Type: string

Format: string-rlx

Maximum Length: 127 characters

Maximum Length: 1 characters

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-template

Description: zone-template is a JSON Block. Please see below for dynamic-entry-overflow-policy-list_zone-template

Type: Object

dynamic-entry-overflow-policy-list_zone-template

Specification  
Type object

dns

Description DDOS dns template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

encap

Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

http

Description DDOS http template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

logging

Description DDOS logging template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

sip

Description DDOS sip template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

ssl-l4

Description DDOS ssl-l4 template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

tcp

Description DDOS tcp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

udp

Description DDOS udp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

glid-cfg

Specification  
Type object

action-list

Description Configure action-list to take

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/ddos/action-list

glid

Description Global limit ID for the whole zone

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

glid-action

Description ‘drop’: Drop packets for glid exceed (Default if default-action-list is not configured); ‘ignore’: Do nothing for glid exceed;

Type: string

Supported Values: drop, ignore

per-addr-glid

Description Global limit ID per address

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

level-list

Specification  
Type list
Block object keys  

apply-extracted-filters

Description Apply extracted filters from this level

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

glid-action

Description ‘drop’: Drop packets for glid exceed (Default); ‘blacklist-src’: Blacklist-src for glid exceed; ‘ignore’: Do nothing for glid exceed;

Type: string

Supported Values: drop, blacklist-src, ignore

indicator-list

level-num

Description ‘0’: Default policy level; ‘1’: Policy level 1; ‘2’: Policy level 2; ‘3’: Policy level 3; ‘4’: Policy level 4;

Type: string

Supported Values: 0, 1, 2, 3, 4

src-default-glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

src-escalation-score

Description Source activation score of this level

Type: number

Range: 1-1000000

src-violation-actions

Description Violation actions apply due to source escalate from this level

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/ddos/violation-actions

start-pattern-recognition

Description Start pattern recognition from this level

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

user-tag

Description Customized tag

Type: string

Format: string-rlx

Maximum Length: 127 characters

Maximum Length: 1 characters

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-escalation-score

Description Zone activation score of this level

Type: number

Range: 1-1000000

zone-template

Description: zone-template is a JSON Block. Please see below for level-list_zone-template

Type: Object

zone-violation-actions

Description Violation actions apply due to zone escalate from this level

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/ddos/violation-actions

level-list_zone-template

Specification  
Type object

encap

Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

tcp

Description DDOS tcp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

udp

Description DDOS udp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

level-list_indicator-list

Specification  
Type list
Block object keys  

data-packet-size

Description Expected minimal data size

Type: number

Range: 0-2147483647

score

Description Score corresponding to the indicator

Type: number

Range: 1-1000000

src-threshold-num

Description Indicator per-src threshold

Type: number

Range: 0-2147483647

src-threshold-str

Description Indicator per-src threshold

Type: string

Maximum Length: 128 characters

Maximum Length: 1 characters

src-violation-actions

Description Violation actions to use when this src indicator threshold reaches

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/ddos/violation-actions

tcp-window-size

Description Expected minimal window size

Type: number

Range: 0-2147483647

type

Description ‘pkt-rate’: rate of incoming packets; ‘pkt-drop-rate’: rate of packets got dropped; ‘pkt-drop-ratio’: ratio of incoming packet rate divided by the rate of dropping packets; ‘bytes-to-bytes-from-ratio’: ratio of incoming packet rate divided by the rate of outgoing packets; ‘concurrent-conns’: number of concurrent connections; ‘conn-miss-rate’: rate of incoming packets for which no previously established connection exists; ‘syn-rate’: rate on incoming SYN packets; ‘fin-rate’: rate on incoming FIN packets; ‘rst-rate’: rate of incoming RST packets; ‘small-window-ack-rate’: rate of small window advertisement; ‘empty-ack-rate’: rate of incoming packets which have no payload; ‘small-payload-rate’: rate of short payload packet; ‘syn-fin-ratio’: ratio of incoming SYN packet rate divided by the rate of incoming FIN packets; ‘cpu-utilization’: average data CPU utilization; ‘interface-utilization’: outside interface utilization;

Type: string

Supported Values: pkt-rate, pkt-drop-rate, pkt-drop-ratio, bytes-to-bytes-from-ratio, concurrent-conns, conn-miss-rate, syn-rate, fin-rate, rst-rate, small-window-ack-rate, empty-ack-rate, small-payload-rate, syn-fin-ratio, cpu-utilization, interface-utilization

user-tag

Description Customized tag

Type: string

Format: string-rlx

Maximum Length: 127 characters

Maximum Length: 1 characters

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-threshold-num

Description Threshold for the entire zone

Type: number

Range: 0-2147483647

zone-threshold-str

Description Threshold for the entire zone

Type: string

Maximum Length: 128 characters

Maximum Length: 1 characters

zone-violation-actions

Description Violation actions to use when this zone indicator threshold reaches

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/ddos/violation-actions

manual-mode-list

Specification  
Type list
Block object keys  

config

Description ‘configuration’: Manual-mode configuration;

Type: string

Supported Values: configuration

glid-action

Description ‘drop’: Drop packets for glid exceed (Default); ‘blacklist-src’: Blacklist-src for glid exceed; ‘ignore’: Do nothing for glid exceed;

Type: string

Supported Values: drop, blacklist-src, ignore

src-default-glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

user-tag

Description Customized tag

Type: string

Format: string-rlx

Maximum Length: 127 characters

Maximum Length: 1 characters

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-template

Description: zone-template is a JSON Block. Please see below for manual-mode-list_zone-template

Type: Object

manual-mode-list_zone-template

Specification  
Type object

encap

Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

tcp

Description DDOS tcp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

udp

Description DDOS udp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

src-based-policy-list

Specification  
Type list
Block object keys  

policy-class-list-list

src-based-policy-name

Description Specify name of the policy

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

user-tag

Description Customized tag

Type: string

Format: string-rlx

Maximum Length: 127 characters

Maximum Length: 1 characters

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

src-based-policy-list_policy-class-list-list

Specification  
Type list
Block object keys  

action

Description ‘bypass’: Always permit for the Source to bypass all feature & limit checks; ‘deny’: Blacklist incoming packets for service;

Type: string

Supported Values: bypass, deny

class-list-name

Description Class-list name

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

class-list-overflow-policy-list

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

glid-action

Description ‘drop’: Drop packets for glid exceed (Default); ‘blacklist-src’: Blacklist-src for glid exceed; ‘ignore’: Do nothing for glid exceed;

Type: string

Supported Values: drop, blacklist-src, ignore

max-dynamic-entry-count

Description Maximum count for dynamic source zone service entry allowed for this class-list

Type: number

Range: 0-2147483647

user-tag

Description Customized tag

Type: string

Format: string-rlx

Maximum Length: 127 characters

Maximum Length: 1 characters

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-template

Description: zone-template is a JSON Block. Please see below for src-based-policy-list_policy-class-list-list_zone-template

Type: Object

src-based-policy-list_policy-class-list-list_zone-template

Specification  
Type object

encap

Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

ips

Description IPS template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

logging

Description DDOS logging template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

tcp

Description DDOS tcp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

udp

Description DDOS udp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list

Specification  
Type list
Block object keys  

action

Description ‘bypass’: Always permit for the Source to bypass all feature & limit checks; ‘deny’: Blacklist incoming packets for service;

Type: string

Supported Values: bypass, deny

dummy-name

Description ‘configuration’: Configure overflow policy for class-list;

Type: string

Supported Values: configuration

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

log-enable

Description Enable logging

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

log-periodic

Description Enable log periodic

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

user-tag

Description Customized tag

Type: string

Format: string-rlx

Maximum Length: 127 characters

Maximum Length: 1 characters

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-template

Description: zone-template is a JSON Block. Please see below for src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list_zone-template

Type: Object

src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list_zone-template

Specification  
Type object

dns

Description DDOS dns template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

encap

Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

http

Description DDOS http template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

logging

Description DDOS logging template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

sip

Description DDOS sip template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

ssl-l4

Description DDOS ssl-l4 template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

tcp

Description DDOS tcp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

udp

Description DDOS udp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

port-ind

Specification  
Type object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

sflow-tcp

Specification  
Type object

sflow-tcp-basic

Description Enable sFlow basic TCP counter polling

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: sflow-tcp-basic and sflow-common are mutually exclusive

sflow-tcp-stateful

Description Enable sFlow stateful TCP counter polling

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: sflow-tcp-stateful and sflow-common are mutually exclusive

topk-sources

Specification  
Type object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

stats tcp-zone-port

  Counter Size Description
       
  src_ack_auth_fail 8 Src ACK Retry Dropped
  src_well_known_port 8 Src TCP SrcPort Wellknown
  tcp_rexmit_syn_limit_drop 8 TCP SYN Retransmit Exceed Drop
  secondary_port_kbit_rate_exceed_pkt 8 Per Addr-Port KiBit Rate Exceeded Count
  outbound_port_bytes_sent 8 Outbound Bytes Forwarded
  auth_drop 8 TCP Auth Dropped
  filter_total_not_match 8 Filter Not Matched on Pkt
  src_ack_retry_gap_drop 8 Src ACK Retry Retry-Gap Dropped
  filter4_match 8 Filter4 Match
  src_create_conn_non_syn_dropped 8 Src Create Conn with non-SYN Packets Dropped
  sess_aged 8 Sessions Aged Out
  pattern_filter4_match 8 Extracted Filter4 Match
  pattern_filter1_match 8 Extracted Filter1 Match
  conn_close 8 Connections Closed
  syn_auth_fail 8 SYN Auth Failed
  pattern_filter2_match 8 Extracted Filter2 Match
  syn_retry_init 8 SYN Retry Init
  secondary_port_kbit_rate_exceed 8 Per Addr-Port KiBit Rate Exceeded
  pattern_filter5_match 8 Extracted Filter5 Match
  secondary_port_hit 8 Per Addr-Port Hit
  wellknown_sport_drop 8 TCP SrcPort Wellknown
  src_filter_total_not_match 8 Src Filter Not Matched on Pkt
  port_syn_rate_exceed 8 TCP SYN Rate Exceeded
  conn_rexmit_rate_excd 8 TCP Conn Retransmit Rate Exceeded
  outbound_port_bytes 8 Outbound Bytes Received
  out_of_seq_excd 8 Out-Of-Seq Exceeded
  conn_close_w_rst 8 RST Connections Closed
  port_src_escalation 8 Src Escalation
  dst_hw_drop 8 Dst Hardware Packets Dropped
  filter_action_default_pass 8 Filter Action Default Pass
  src_ack_retry_rto_progress 8 Src ACK Retry RTO Progress
  src_filter_action_blacklist 8 Src Filter Action Blacklist
  src_retransmit_excd 8 Src Retransmit Exceeded
  pattern_filter3_match 8 Extracted Filter3 Match
  tcp_rexmit_syn_limit_bl 8 TCP SYN Retransmit Exceed Blacklist
  src_ack_retry_timeout 8 Src ACK Retry Timeout
  dst_hw_drop_removed 8 Dst Hardware Drop Rules Removed
  src_zone_service_entry_aged 8 SrcZoneService Entry Aged
  src_filter5_match 8 Src Filter5 Match
  outbound_port_drop 8 Outbound Packets Dropped
  sflow_external_packets_sent 8 Sflow External Packets Sent
  filter5_match 8 Filter5 Match
  secondary_port_conn_rate_exceed 8 Per Addr-Port Conn Rate Exceeded
  port_bytes 8 Inbound Bytes Received
  no_policy_class_list_match 8 No Policy Class-list Match
  src_filter_action_default_pass 8 Src Filter Action Default Pass
  syn_cookie_fail 8 SYN Cookie Failed
  src_syn_retry_rto_fail 8 Src SYN Retry RTO Dropped
  syn_retry_rto_progress 8 SYN Retry RTO Progress
  src_conn_rexmit_rate_excd 8 Src TCP Conn Retransmit Rate Exceeded
  src_out_of_seq_excd 8 Src Out-Of-Seq Exceeded
  rst_cookie_fail 8 RST Cookie Failed
  ack_retry_rto_fail 8 ACK Retry RTO Dropped
  sflow_internal_packets_sent 8 Sflow Internal Packets Sent
  frag_rcvd 8 Fragmented Packets Received
  src_syn_retry_init 8 Src SYN Retry Init
  outbound_port_bytes_drop 8 Outbound Bytes Dropped
  syn_retry_rto_pass 8 SYN Retry RTO Passed
  exceed_action_tunnel 8 Exceed Action: Tunnel
  bl 8 Dst Blacklisted
  filter1_match 8 Filter1 Match
  auth_resp 8 TCP Auth Responded
  sess_create_inbound 8 Inbound Sessions Created
  filter_auth_fail 8 Filter Auth Failed
  conn_create_from_syn 8 Connections Created From SYN
  exceed_drop_brate_src_pkt 8 Src KiBit Rate Exceeded Count
  secondary_port_conn_limm_exceed 8 Per Addr-Port Conn Limit Exceeded
  src_hw_drop_removed 8 Src Hardware Drop Rules Removed
  src_zero_window_excd 8 Src Zero-Window Exceeded
  ack_auth_fail 8 ACK Retry Dropped
  sflow_external_samples_packed 8 Sflow External Samples Packed
  src_drop 8 Src Packets Dropped
  syn_retry_blacklist 8 SYN Retry Timeout Blacklisted
  synack_reset_sent 8 SYNACK Reset Sent
  pattern_recognition_pattern_changed 8 Pattern Recognition: Pattern Change Detected
  src_conn_ofo_rate_excd 8 Src TCP Conn Out-Of-Seq Rate Exceeded
  syn_retry_gap_drop 8 SYN Retry-Gap Dropped
  conn_create_from_ack 8 Connections Created From ACK
  filter_none_match 8 Filter No Match
  src_filter3_match 8 Src Filter3 Match
  src_syn_retry_gap_drop 8 Src SYN Retry-Gap Dropped
  src_zone_service_entry_learned 8 SrcZoneService Entry Learned
  syn_drop 8 SYN Dropped
  src_filter1_match 8 Src Filter1 Match
  src_syn_rate_exceed 8 Src TCP SYN Rate Exceeded
  port_conn_rate_exceed 8 Conn Rate Exceeded
  src_syn_retry_timeout 8 Src SYN Retry Timeout
  src_filter_none_match 8 Src Filter No Match
  port_kbit_rate_exceed_pkt 8 KiBit Rate Exceeded Count
  dst_hw_drop_inserted 8 Dst Hardware Drop Rules Inserted
  unauth_drop 8 TCP Unauth Dropped
  src_syn_cookie_sent 8 Src SYN Cookie Sent
  port_bytes_sent 8 Inbound Bytes Forwarded
  exceed_drop_brate_src 8 Src KiBit Rate Exceeded
  ack_retry_timeout 8 ACK Retry Timeout
  src_frag_drop 8 Src Fragmented Packets Dropped
  syn_retry_timeout 8 SYN Retry Timeout
  syn_tfo_rcv 8 SYN TFO Received
  port_kbit_rate_exceed 8 KiBit Rate Exceeded
  src_unauth_drop 8 Src TCP Unauth Dropped
  filter_action_whitelist 8 Filter Action WL
  src_conn_pkt_rate_excd 8 Src TCP Conn Pkt Rate Exceeded
  port_src_bl 8 Src Blacklisted
  frag_timeout 8 Fragmented Packets Timeout
  outbound_port_pkt_sent 8 Outbound Packets Forwarded
  sess_create_outbound 8 Outbound Sessions Created
  pattern_filter_drop 8 Extracted Filter Drop
  conn_close_w_fin 8 FIN Connections Closed
  src_syn_retry_blacklist 8 Src SYN Retry Timeout Blacklisted
  src_ack_retry_rto_pass 8 Src ACK Retry RTO Passed
  src_conn_zwindow_rate_excd 8 Src TCP Conn Zero-Window Rate Exceeded
  src_ack_retry_init 8 Src ACK Retry Init
  ack_retry_blacklist 8 ACK Retry Timeout Blacklisted
  filter_action_blacklist 8 Filter Action Blacklist
  port_pkt_sent 8 Inbound Packets Forwarded
  syn_auth_pass 8 SYN Auth Passed
  syn_retry_rto_fail 8 SYN Retry RTO Dropped
  syn_cookie_sent 8 SYN Cookie Sent
  retransmit_excd 8 Retransmit Exceeded
  src_syn_auth_fail 8 Src SYN Auth Failed
  src_filter_action_whitelist 8 Src Filter Action WL
  zero_window_excd 8 Zero-Window Exceeded
  src_ack_retry_reset 8 Src ACK Retry Timeout Reset
  conn_ofo_rate_excd 8 TCP Conn Out-Of-Seq Rate Exceeded
  filter2_match 8 Filter2 Match
  src_ack_retry_blacklist 8 Src ACK Retry Timeout Blacklisted
  frag_drop 8 Fragmented Packets Dropped
  pattern_not_found 8 Pattern Recognition: Pattern Not Found
  syn_retry_reset 8 SYN Retry Timeout Reset
  port_conn_limm_exceed 8 Conn Limit Exceeded
  filter3_match 8 Filter3 Match
  exceed_drop_climit_src 8 Src Conn Limit Exceeded
  conn_close_w_idle 8 Idle Connections Closed
  secondary_port_pkt_rate_exceed 8 Per Addr-Port Packet Rate Exceeded
  src_filter2_match 8 Src Filter2 Match
  sess_create 8 Session Create
  port_bytes_drop 8 Inbound Bytes Dropped
  exceed_drop_prate_src 8 Src Pkt Rate Exceeded
  ack_retry_pass 8 ACK Retry Passed
  pattern_recognition_generic_error 8 Pattern Recognition: Exceptions
  ack_retry_reset 8 ACK Retry Timeout Reset
  src_syn_cookie_fail 8 Src SYN Cookie Failed
  syn_retry_failed 8 SYN Retry Dropped
  pattern_recognition_sampling_started 8 Pattern Recognition: Sampling Started
  ack_retry_init 8 ACK Retry Init
  src_filter4_match 8 Src Filter4 Match
  sflow_internal_samples_packed 8 Sflow Internal Samples Packed
  ack_retry_gap_drop 8 ACK Retry Retry-Gap Dropped
  create_conn_non_syn_dropped 8 Create Conn with non-SYN Packets Dropped
  syn_retry_pass 8 SYN Retry Passed
  current_es_level 8 Current Escalation Level
  src_syn_retry_failed 8 Src SYN Retry Dropped
  filter_action_drop 8 Filter Action Drop
  src_ack_retry_rto_fail 8 Src ACK Retry RTO Dropped
  conn_zwindow_rate_excd 8 TCP Conn Zero-Window Rate Exceeded
  ack_retry_rto_progress 8 ACK Retry RTO Progress
  port_pkt_rate_exceed 8 Packet Rate Exceeded
  pattern_recognition_proceeded 8 Pattern Recognition: Engine Started
  port_drop 8 Inbound Packets Dropped
  ack_retry_rto_pass 8 ACK Retry RTO Passed
  outbound_port_rcvd 8 Outbound Packets Received
  src_filter_auth_fail 8 Src Filter Auth Failed
  src_syn_retry_rto_pass 8 Src SYN Retry RTO Passed
  src_syn_retry_reset 8 Src SYN Retry Timeout Reset
  port_rcvd 8 Inbound Packets Received
  conn_close_half_open 8 Half Open Connections Closed
  src_hw_drop_inserted 8 Src Hardware Drop Rules Inserted
  synack_multiple_attempts_per_ip_detected 8 SYNACK Multiple Attempts Per IP Detected
  src_syn_retry_rto_progress 8 Src SYN Retry RTO Progress
  conn_prate_excd 8 TCP Conn Pkt Rate Exceeded
  exceed_drop_crate_src 8 Src Conn Rate Exceeded
  src_rst_cookie_fail 8 Src RST Cookie Failed
  src_auth_drop 8 Src TCP Auth Dropped
  src_filter_action_drop 8 Src Filter Action Drop

stats udp-zone-port

  Counter Size Description
       
  secondary_port_kbit_rate_exceed_pkt 8 Per Addr-Port KiBit Rate Exceeded Count
  pattern_filter5_match 8 Extracted Filter5 Match
  frag_drop 8 Fragmented Packets Dropped
  outbound_port_bytes_sent 8 Outbound Bytes Forwarded
  src_udp_retry_gap_drop 8 Src UDP Retry-Gap Dropped
  filter4_match 8 Filter4 Match
  spoof_detect_fail 8 UDP Retry Timeout
  sess_aged 8 Sessions Aged Out
  pattern_filter4_match 8 Extracted Filter4 Match
  pattern_filter1_match 8 Extracted Filter1 Match
  pattern_filter2_match 8 Extracted Filter2 Match
  secondary_port_kbit_rate_exceed 8 Per Addr-Port KiBit Rate Exceeded
  secondary_port_hit 8 Per Addr-Port Hit
  wellknown_sport_drop 8 UDP SrcPort Wellknown
  src_filter_total_not_match 8 Src Filter Not Matched on Pkt
  src_udp_retry_init 8 Src UDP Retry Init
  src_payload_too_small 8 Src UDP Payload Too Small
  src_udp_retry_pass 8 Src UDP Retry Passed
  udp_retry_init 8 UDP Retry Init
  outbound_port_bytes 8 Outbound Bytes Received
  src_filter5_match 8 Src Filter5 Match
  port_src_escalation 8 Src Escalation
  dst_hw_drop 8 Dst Hardware Packets Dropped
  port_bytes 8 Inbound Bytes Received
  frag_rcvd 8 Fragmented Packets Received
  src_filter_action_blacklist 8 Src Filter Action Blacklist
  pattern_filter3_match 8 Extracted Filter3 Match
  dst_hw_drop_removed 8 Dst Hardware Drop Rules Removed
  src_zone_service_entry_aged 8 SrcZoneService Entry Aged
  outbound_port_drop 8 Outbound Packets Dropped
  sflow_external_packets_sent 8 Sflow External Packets Sent
  filter5_match 8 Filter5 Match
  no_policy_class_list_match 8 No Policy Class-list Match
  src_filter_action_default_pass 8 Src Filter Action Default Pass
  zone_src_udp_retry_timeout_blacklist 8 Src UDP Retry Timeout Blacklisted
  filter_total_not_match 8 Filter Not Matched on Pkt
  sflow_internal_packets_sent 8 Sflow Internal Packets Sent
  payload_too_small 8 UDP Payload Too Small
  src_payload_too_big 8 Src UDP Payload Too Large
  outbound_port_bytes_drop 8 Outbound Bytes Dropped
  exceed_action_tunnel 8 Exceed Action: Tunnel
  bl 8 Dst Blacklisted
  filter1_match 8 Filter1 Match
  ntp_monlist_resp 8 NTP Monlist Response
  sess_create_inbound 8 Inbound Sessions Created
  filter_auth_fail 8 Filter Auth Failed
  exceed_drop_brate_src_pkt 8 Src KiBit Rate Exceeded Count
  src_filter1_match 8 Src Filter1 Match
  udp_retry_pass 8 UDP Retry Passed
  src_hw_drop_removed 8 Src Hardware Drop Rules Removed
  dst_udp_retry_timeout_blacklist 8 UDP Retry Timeout Blacklisted
  src_udp_auth_drop 8 Src UDP Auth Dropped
  sflow_external_samples_packed 8 Sflow External Samples Packed
  src_drop 8 Src Packets Dropped
  pattern_recognition_pattern_changed 8 Pattern Recognition: Pattern Change Detected
  port_drop 8 Inbound Packets Dropped
  filter_none_match 8 Filter No Match
  src_filter3_match 8 Src Filter3 Match
  ntp_monlist_req 8 NTP Monlist Request
  src_zone_service_entry_learned 8 SrcZoneService Entry Learned
  payload_too_big 8 UDP Payload Too Large
  port_conn_rate_exceed 8 Conn Rate Exceeded
  src_filter_none_match 8 Src Filter No Match
  port_kbit_rate_exceed_pkt 8 KiBit Rate Exceeded Count
  port_bytes_sent 8 Inbound Bytes Forwarded
  exceed_drop_brate_src 8 Src KiBit Rate Exceeded
  src_frag_drop 8 Src Fragmented Packets Dropped
  port_kbit_rate_exceed 8 KiBit Rate Exceeded
  udp_retry_gap_drop 8 UDP Retry-Gap Dropped
  filter_action_whitelist 8 Filter Action Whitelist
  src_conn_pkt_rate_excd 8 Src UDP Conn Pkt Rate Exceeded
  port_src_bl 8 Src Blacklisted
  outbound_port_rcvd 8 Outbound Packets Received
  outbound_port_pkt_sent 8 Outbound Packets Forwarded
  sess_create_outbound 8 Outbound Sessions Created
  pattern_filter_drop 8 Extracted Filter Drop
  pattern_recognition_proceeded 8 Pattern Recognition: Engine Started
  src_well_known_port 8 Src UDP SrcPort Wellknown
  filter_action_blacklist 8 Filter Action Blacklist
  port_pkt_sent 8 Inbound Packets Forwarded
  src_filter_action_whitelist 8 Src Filter Action Whitelist
  secondary_port_conn_rate_exceed 8 Per Addr-Port Conn Rate Exceeded
  dst_hw_drop_inserted 8 Dst Hardware Drop Rules Inserted
  filter2_match 8 Filter2 Match
  secondary_port_conn_limm_exceed 8 Per Addr-Port Conn Limit Exceeded
  pattern_not_found 8 Pattern Recognition: Pattern Not Found
  port_conn_limm_exceed 8 Conn Limit Exceeded
  filter3_match 8 Filter3 Match
  src_ntp_monlist_resp 8 Src NTP Monlist Response
  secondary_port_pkt_rate_exceed 8 Per Addr-Port Packet Rate Exceeded
  src_filter2_match 8 Src Filter2 Match
  sess_create 8 Session Create
  port_bytes_drop 8 Inbound Bytes Dropped
  exceed_drop_prate_src 8 Src Pkt Rate Exceeded
  exceed_drop_climit_src 8 Src Conn Limit Exceeded
  udp_auth_drop 8 UDP Auth Dropped
  pattern_recognition_generic_error 8 Pattern Recognition: Exceptions
  src_ntp_monlist_req 8 Src NTP Monlist Request
  pattern_recognition_sampling_started 8 Pattern Recognition: Sampling Started
  src_filter4_match 8 Src Filter4 Match
  sflow_internal_samples_packed 8 Sflow Internal Samples Packed
  filter_action_default_pass 8 Filter Action Default Pass
  current_es_level 8 Current Escalation Level
  filter_action_drop 8 Filter Action Drop
  port_pkt_rate_exceed 8 Packet Rate Exceeded
  frag_timeout 8 Fragmented Packets Timeout
  src_filter_auth_fail 8 Src Filter Auth Failed
  port_rcvd 8 Inbound Packets Received
  src_hw_drop_inserted 8 Src Hardware Drop Rules Inserted
  conn_prate_excd 8 UDP Conn Pkt Rate Exceeded
  exceed_drop_crate_src 8 Src Conn Rate Exceeded
  src_filter_action_drop 8 Src Filter Action Drop
  src_udp_auth_timeout 8 Src UDP Retry Timeout

operational data

  Counter Size Description
       
  app-stat flag app-stat
  black-listed flag black-listed
  authenticated flag authenticated
  l4-ext-rate flag l4-ext-rate
  overflow-policy flag overflow-policy
  class-list string class-list
  entry-displayed-count number entry-displayed-count
  subnet-ip-addr ipv4-cidr subnet-ip-addr
  exceeded flag exceeded
  ddos_entry_list   ddos_entry_list
  service-displayed-count number service-displayed-count
  white-listed flag white-listed
  sources flag sources
  hw-blacklisted flag hw-blacklisted
  ipv6 ipv6-address ipv6
  sources-all-entries flag sources-all-entries
  indicator-detail flag indicator-detail
  level flag level
  subnet-ipv6-addr ipv6-address-plen subnet-ipv6-addr
  indicators flag indicators