.. _fw_global: fw global ========= Configure firewall parameters global Specification -------------------- ===================================== ================================================== ===================================== ================================================== **Type** *Configuration Resource* **Element Name** global **Element URI** /axapi/v3/fw/global **Element Attributes** global_attributes **Statistics Data URI** /axapi/v3/fw/global/stats **Schema** :download:`global schema ` ===================================== ================================================== **Operations Allowed:** .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html
OperationMethodURIPayload
Create Object .. raw:: html POST .. raw:: html /axapi/v3/fw/global .. raw:: html :ref:`864_global_attributes` .. raw:: html
Get Object .. raw:: html GET .. raw:: html /axapi/v3/fw/global .. raw:: html :ref:`864_global_attributes` .. raw:: html
Modify Object .. raw:: html POST .. raw:: html /axapi/v3/fw/global .. raw:: html :ref:`864_global_attributes` .. raw:: html
Replace Object .. raw:: html PUT .. raw:: html /axapi/v3/fw/global .. raw:: html :ref:`864_global_attributes` .. raw:: html
Delete Object .. raw:: html DELETE .. raw:: html /axapi/v3/fw/global .. raw:: html :ref:`864_global_attributes` .. raw:: html
.. _864_global_attributes: global attributes ----------------- **alg-processing** **Description** 'honor-rule-set': Honors firewall rule-sets (Default); 'override-rule-set': Override firewall rule-sets; **Type:** string **Supported Values:** honor-rule-set, override-rule-set **Default:** honor-rule-set **disable-app-list** **Type:** List **disable-application-metrics** **Description** Disable exporting application protocol/category statistics to Harmony Controller **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **disable-ip-fw-sessions** **Description** disable create sessions for non TCP/UDP/ICMP **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **extended-matching** **Description** 'disable': Disable extended matching; **Type:** string **Supported Values:** disable **listen-on-port-timeout** **Description** STUN timeout (default: 2 minutes) **Type:** number **Range:** 0-60 **Default:** 2 **natip-ddos-protection** **Description** 'enable': Enable; 'disable': Disable; **Type:** string **Supported Values:** enable, disable **Default:** enable **permit-default-action** **Description** 'forward': Forward; 'next-service-mode': Service to be applied chosen based on configuration; **Type:** string **Supported Values:** forward, next-service-mode **respond-to-user-mac** **Description** Use the user's source MAC for the next hop rather than the routing table (default: off) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _864_disable-app-list: disable-app-list ^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **disable-application-category** **Description** 'aaa': Protocol/application used for AAA (Authentification, Authorization and Accounting) purposes.; 'adult-content': Adult content protocol/application.; 'advertising': Advertising networks and applications.; 'aetls': Application known to enforce HSTS and thus use of TLS.; 'analytics-and-statistics': User analytics and statistics protocol/application.; 'anonymizers-and-proxies': Traffic-anonymization protocol/application.; 'audio-chat': Protocol/application used for Audio Chat.; 'basic': Covers all protocols required for basic classification, including most networking protocols as well as standard protocols like HTTP.; 'blog': Blogging platform protocol/application.; 'cdn': Protocol/application used for Content-Delivery Networks.; 'certification-authority': Certification Authority for SSL/TLS certificate.; 'chat': Protocol/application used for Text Chat.; 'classified-ads': Protocol/application used for Classified Advertisements.; 'cloud-based-services': SaaS and/or PaaS cloud based services.; 'crowdfunding': Service for funding a project or venture by raising small amounts of money from a large number of people, typically via the Internet.; 'cryptocurrency': Services for mining cryptocurrencies, for example a Crypto Web Browser (an application that mines crypto currency in the background while its user browses the web).; 'database': Database-specific protocols.; 'disposable-email': Service offering Disposable Email Accounts (DEA). DEA is a technique to share temporary email address between many users.; 'ebook-reader': Services for e-book readers, i.e. connected devices that display electronic books (typically using e-ink displays to reduce glare and eye strain).; 'education': Protocols offering education services and online courses.; 'email': Native email protocol.; 'enterprise': Protocol/application used in an enterprise network.; 'file-management': Protocol/application designed specifically for file management and exchange. This can include bona fide network protocols (like SMB) as well as web/cloud services (like Dropbox).; 'file-transfer': Protocol that offers file transferring as a secondary feature. This typically includes IM, WebMail, and other protocols that allow file transfers in addition to their principal function.; 'forum': Online forum protocol/application.; 'gaming': Protocol/application used by games.; 'healthcare': Protocols offering medical services, i.e protocols used in medical environment.; 'instant-messaging-and-multimedia-conferencing': Protocol/application used for Instant Messaging or Multi-Conferencing.; 'internet-of-things': Internet Of Things protocol/application.; 'map-service': Digital Maps service (web site and their related API).; 'mobile': Mobile-specific protocol/application.; 'multimedia-streaming': Protocol/application used for multimedia streaming.; 'networking': Protocol used for (inter) networking purpose.; 'news-portal': Protocol/application used for News Portals.; 'payment-service': Application offering online services for accepting electronic payments by a variety of payment methods (credit card, bank-based payments such as direct debit, bank transfer, etc).; 'peer-to-peer': Protocol/application used for Peer-to-peer purposes.; 'remote-access': Protocol/application used for remote access.; 'scada': SCADA (Supervisory control and data acquisition) protocols, all generations.; 'social-networks': Social networking application.; 'software-update': Auto-update protocol.; 'speedtest': Speedtest application allowing to access quality of Internet connection (upload, download, latency, etc).; 'standards-based': Protocol issued from standardized bodies such as IETF, ITU, IEEE, ETSI, OIF.; 'transportation': Transportation services, for example smartphone applications that allow users to hail a taxi.; 'video-chat': Protocol/application used for Video Chat.; 'voip': Application used for Voice-Over-IP.; 'vpn-tunnels': Protocol/application used for VPN or tunneling purposes.; 'web': Application based on HTTP/HTTPS.; 'web-e-commerce': Protocol/application used for E-commerce websites.; 'web-search-engines': Protocol/application used for Web search portals.; 'web-websites': Protocol/application used for Company Websites.; 'webmails': Web-based e-mail application.; 'web-ext-adult': Web Extension Adult; 'web-ext-auctions': Web Extension Auctions; 'web-ext-blogs': Web Extension Blogs; 'web-ext-business-and-economy': Web Extension Business and Economy; 'web-ext-cdns': Web Extension CDNs; 'web-ext-collaboration': Web Extension Collaboration; 'web-ext-computer-and-internet-info': Web Extension Computer and Internet Info; 'web-ext-computer-and-internet-security': Web Extension Computer and Internet Security; 'web-ext-dating': Web Extension Dating; 'web-ext-educational-institutions': Web Extension Educational Institutions; 'web-ext-entertainment-and-arts': Web Extension Entertainment and Arts; 'web-ext-fashion-and-beauty': Web Extension Fashion and Beauty; 'web-ext-file-share': Web Extension File Share; 'web-ext-financial-services': Web Extension Financial Services; 'web-ext-gambling': Web Extension Gambling; 'web-ext-games': Web Extension Games; 'web-ext-government': Web Extension Government; 'web-ext-health-and-medicine': Web Extension Health and Medicine; 'web-ext-individual-stock-advice-and-tools': Web Extension Individual Stock Advice and Tools; 'web-ext-internet-portals': Web Extension Internet Portals; 'web-ext-job-search': Web Extension Job Search; 'web-ext-local-information': Web Extension Local Information; 'web-ext-malware': Web Extension Malware; 'web-ext-motor-vehicles': Web Extension Motor Vehicles; 'web-ext-music': Web Extension Music; 'web-ext-news': Web Extension News; 'web-ext-p2p': Web Extension P2P; 'web-ext-parked-sites': Web Extension Parked Sites; 'web-ext-proxy-avoid-and-anonymizers': Web Extension Proxy Avoid and Anonymizers; 'web-ext-real-estate': Web Extension Real Estate; 'web-ext-reference-and-research': Web Extension Reference and Research; 'web-ext-search-engines': Web Extension Search Engines; 'web-ext-shopping': Web Extension Shopping; 'web-ext-social-network': Web Extension Social Network; 'web-ext-society': Web Extension Society; 'web-ext-software': Web Extension Software; 'web-ext-sports': Web Extension Sports; 'web-ext-streaming-media': Web Extension Streaming Media; 'web-ext-training-and-tools': Web Extension Training and Tools; 'web-ext-translation': Web Extension Translation; 'web-ext-travel': Web Extension Travel; 'web-ext-web-advertisements': Web Extension Web Advertisements; 'web-ext-web-based-email': Web Extension Web based Email; 'web-ext-web-hosting': Web Extension Web Hosting; 'web-ext-web-service': Web Extension Web Service; **Type:** string **Supported Values:** aaa, adult-content, advertising, aetls, analytics-and-statistics, anonymizers-and-proxies, audio-chat, basic, blog, cdn, certification-authority, chat, classified-ads, cloud-based-services, crowdfunding, cryptocurrency, database, disposable-email, ebook-reader, education, email, enterprise, file-management, file-transfer, forum, gaming, healthcare, instant-messaging-and-multimedia-conferencing, internet-of-things, map-service, mobile, multimedia-streaming, networking, news-portal, payment-service, peer-to-peer, remote-access, scada, social-networks, software-update, speedtest, standards-based, transportation, video-chat, voip, vpn-tunnels, web, web-e-commerce, web-search-engines, web-websites, webmails, web-ext-adult, web-ext-auctions, web-ext-blogs, web-ext-business-and-economy, web-ext-cdns, web-ext-collaboration, web-ext-computer-and-internet-info, web-ext-computer-and-internet-security, web-ext-dating, web-ext-educational-institutions, web-ext-entertainment-and-arts, web-ext-fashion-and-beauty, web-ext-file-share, web-ext-financial-services, web-ext-gambling, web-ext-games, web-ext-government, web-ext-health-and-medicine, web-ext-individual-stock-advice-and-tools, web-ext-internet-portals, web-ext-job-search, web-ext-local-information, web-ext-malware, web-ext-motor-vehicles, web-ext-music, web-ext-news, web-ext-p2p, web-ext-parked-sites, web-ext-proxy-avoid-and-anonymizers, web-ext-real-estate, web-ext-reference-and-research, web-ext-search-engines, web-ext-shopping, web-ext-social-network, web-ext-society, web-ext-software, web-ext-sports, web-ext-streaming-media, web-ext-training-and-tools, web-ext-translation, web-ext-travel, web-ext-web-advertisements, web-ext-web-based-email, web-ext-web-hosting, web-ext-web-service **disable-application-protocol** **Description** Disable specific application protocol **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _864_stats_data: stats data ---------- .. list-table:: :widths: 10 20 30 80 :header-rows: 2 :stub-columns: 1 * - - Counter - Size - Description * - - - - * - - data_session_freed - 8 - Data Session Freed * - - fwd_ingress_packets_others - 8 - Forward Ingress Packets OTHERS * - - fwd_ingress_bytes_udp - 8 - Forward Ingress Bytes UDP * - - udp_fullcone_freed - 8 - UDP Full-cone Freed * - - fwd_ingress_bytes_others - 8 - Forward Ingress Bytes OTHERS * - - rev_egress_pkt_size_range1 - 8 - Reverse Egress Packet size between 0 and 200 * - - tcp_fullcone_created - 8 - TCP Full-cone Created * - - fwd_ingress_packets_udp - 8 - Forward Ingress Packets UDP * - - rev_egress_packets_tcp - 8 - Reverse Egress Packets TCP * - - fwd_egress_packets_others - 8 - Forward Egress Packets OTHERS * - - fwd_ingress_bytes_tcp - 8 - Forward Ingress Bytes TCP * - - fwd_egress_packets_tcp - 8 - Forward Egress Packets TCP * - - fullcone_creation_failure - 8 - Full-Cone Creation Failure * - - rev_egress_bytes_tcp - 8 - Reverse Egress Bytes TCP * - - fwd_egress_bytes_others - 8 - Forward Egress Bytes OTHERS * - - fwd_egress_bytes_udp - 8 - Forward Egress Bytes UDP * - - rev_egress_bytes_others - 8 - Reverse Egress Bytes OTHERS * - - udp_fullcone_created - 8 - UDP Full-cone Created * - - active_fullcone_session - 8 - Total Active Full-cone sessions * - - rev_ingress_bytes_icmp - 8 - Reverse Ingress Bytes ICMP * - - fwd_egress_bytes_icmp - 8 - Forward Egress Bytes ICMP * - - rev_ingress_pkt_size_range4 - 8 - Reverse Ingress Packet size between 1551 and 9000 * - - rev_ingress_packets_udp - 8 - Reverse Ingress Packets UDP * - - rev_egress_bytes_icmp - 8 - Reverse Egress Bytes ICMP * - - fwd_egress_pkt_size_range4 - 8 - Forward Egress Packet size between 1551 and 9000 * - - rev_egress_pkt_size_range4 - 8 - Reverse Egress Packet size between 1551 and 9000 * - - rev_egress_bytes_udp - 8 - Reverse Egress Bytes UDP * - - fwd_ingress_bytes_icmp - 8 - Forward Ingress Bytes ICMP * - - fwd_ingress_pkt_size_range4 - 8 - Forward Ingress Packet size between 1551 and 9000 * - - rev_ingress_packets_icmp - 8 - Reverse Ingress Packets ICMP * - - rev_ingress_packets_others - 8 - Reverse Ingress Packets OTHERS * - - fwd_egress_pkt_size_range3 - 8 - Forward Egress Packet size between 801 and 1550 * - - fwd_egress_pkt_size_range2 - 8 - Forward Egress Packet size between 201 and 800 * - - fwd_egress_pkt_size_range1 - 8 - Forward Egress Packet size between 0 and 200 * - - fwd_egress_packets_icmp - 8 - Forward Egress Packets ICMP * - - limit-entry-created - 8 - Limit Entry Created * - - fwd_ingress_packets_tcp - 8 - Forward Ingress Packets TCP * - - rev_egress_packets_udp - 8 - Reverse Egress Packets UDP * - - rev_egress_packets_icmp - 8 - Reverse Egress Packets ICMP * - - fwd_ingress_pkt_size_range3 - 8 - Forward Ingress Packet size between 801 and 1550 * - - fwd_ingress_pkt_size_range1 - 8 - Forward Ingress Packet size between 0 and 200 * - - rev_egress_pkt_size_range3 - 8 - Reverse Egress Packet size between 801 and 1550 * - - rev_egress_pkt_size_range2 - 8 - Reverse Egress Packet size between 201 and 800 * - - data_session_freed_local - 8 - Data Session Freed Local * - - fwd_egress_packets_udp - 8 - Forward Egress Packets UDP * - - fwd_egress_bytes_tcp - 8 - Forward Egress Bytes TCP * - - rev_egress_packets_others - 8 - Reverse Egress Packets OTHERS * - - fwd_ingress_pkt_size_range2 - 8 - Forward Ingress Packet size between 201 and 800 * - - data_session_created_local - 8 - Data Session Created Local * - - data_session_created - 8 - Data Session Created * - - rev_ingress_bytes_udp - 8 - Reverse Ingress Bytes UDP * - - rev_ingress_packets_tcp - 8 - Reverse Ingress Packets TCP * - - tcp_fullcone_freed - 8 - TCP Full-cone Freed * - - rev_ingress_pkt_size_range2 - 8 - Reverse Ingress Packet size between 201 and 800 * - - rev_ingress_pkt_size_range3 - 8 - Reverse Ingress Packet size between 801 and 1550 * - - rev_ingress_pkt_size_range1 - 8 - Reverse Ingress Packet size between 0 and 200 * - - limit-entry-marked-deleted - 8 - Limit Entry Marked Deleted * - - rev_ingress_bytes_tcp - 8 - Reverse Ingress Bytes TCP * - - fwd_ingress_packets_icmp - 8 - Forward Ingress Packets ICMP * - - rev_ingress_bytes_others - 8 - Reverse Ingress Bytes OTHERS