ddos dst entry¶
Configure IP/IPv6 static entry
entry Specification¶
Type
Collection
Object Key(s)
dst-entry-name
Collection Name
Collection URI
/axapi/v3/ddos/dst/entry
Element Name
entry
Element URI
/axapi/v3/ddos/dst/entry/{dst-entry-name}
Element Attributes
entry_attributes
Statistics Data URI
/axapi/v3/ddos/dst/entry/{dst-entry-name}/stats
Operational Data URI
/axapi/v3/ddos/dst/entry/{dst-entry-name}/oper
Schema
Operations Allowed:
| Operation | Method | URI | Payload | |
|---|---|---|---|---|
Create Object | POST | /axapi/v3/ddos/dst/entry | ||
Create List | POST | /axapi/v3/ddos/dst/entry | ||
Get Object | GET | /axapi/v3/ddos/dst/entry/{dst-entry-name} | ||
Get List | GET | /axapi/v3/ddos/dst/entry | ||
Modify Object | POST | /axapi/v3/ddos/dst/entry/{dst-entry-name} | ||
Replace Object | PUT | /axapi/v3/ddos/dst/entry/{dst-entry-name} | ||
Replace List | PUT | /axapi/v3/ddos/dst/entry | ||
Delete Object | DELETE | /axapi/v3/ddos/dst/entry/{dst-entry-name} |
entry-list¶
entry-list is JSON List of entry attributes
entry-list : [
]
entry attributes¶
advertised-enable
Description BGP advertised
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
blackhole-on-glid-exceed
Description Blackhole destination entry for X minutes upon glid limit exceeded
Type: number
Range: 1-30
capture-config-list
Type: List
Refernce Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/capture-config/{name}
description
Description Description for this Destination Entry
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
dest-nat-ip
Description Destination NAT IP address
Type: string
Format: ipv4-address
dest-nat-ipv6
Description Destination NAT IPv6 address
Type: string
Format: ipv6-address
drop-disable
Description Disable certain drops during packet processing
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
drop-disable-fwd-immediate
Description Immediately forward L4 drops
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
drop-frag-pkt
Description Drop fragmented packets
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
drop-on-no-src-dst-default
Description Drop if no match with src-based-policy class-list, and default is not configured
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dst-entry-name
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
dynamic-entry-overflow-policy-list
Type: List
Refernce Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/dynamic-entry-overflow-policy/{dummy-name}
enable-top-k
Type: List
exceed-log-cfg
Description: exceed-log-cfg is a JSON Block. Please see below for exceed-log-cfg
Type: Object
exceed-log-dep-cfg
Description: exceed-log-dep-cfg is a JSON Block. Please see below for exceed-log-dep-cfg
Type: Object
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/glid
glid-exceed-action
Description: glid-exceed-action is a JSON Block. Please see below for glid-exceed-action
Type: Object
hw-blacklist-blocking
Description: hw-blacklist-blocking is a JSON Block. Please see below for hw-blacklist-blocking
Type: Object
Refernce Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/hw-blacklist-blocking
inbound-forward-dscp
Description To set dscp value for inbound packets (DSCP Value for the clear traffic marking)
Type: number
Range: 1-63
ip-addr
Description
Type: string
Format: ipv4-address
ip-proto-list
Type: List
Refernce Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/ip-proto/{port-num}
ipv6-addr
Description
Type: string
Format: ipv6-address
l4-type-list
Type: List
Refernce Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/l4-type/{protocol}
log-periodic
Description Enable periodic log while event is continuing
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
operational-mode
Description ‘protection’: Protection mode; ‘bypass’: Bypass mode;
Type: string
Supported Values: protection, bypass
Default: protection
outbound-forward-dscp
Description To set dscp value for outbound
Type: number
Range: 1-63
pattern-recognition-hw-filter-enable
Description to enable pattern recognition hardware filter
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
pattern-recognition-sensitivity
Description ‘high’: High sensitive pattern recognition; ‘medium’: Medium sensitive pattern recognition; ‘low’: Low sensitive pattern recognition;
Type: string
Supported Values: high, medium, low
port-list
Type: List
Refernce Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/port/{port-num}+{protocol}
port-range-list
Type: List
Refernce Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/port-range/{port-range-start}+{port-range-end}+{protocol}
reporting-disabled
Description Disable Reporting
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
set-counter-base-val
Description Set T2 counter value of current context to specified value
Type: number
Range: 1-4294967295
sflow
Description: sflow is a JSON Block. Please see below for sflow
Type: Object
source-nat-pool
Description Configure source NAT
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
src-dst-pair
Description: src-dst-pair is a JSON Block. Please see below for src-dst-pair
Type: Object
Refernce Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair
src-dst-pair-class-list-list
Type: List
Refernce Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair-class-list/{class-list-name}
src-dst-pair-policy-list
Type: List
Refernce Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair-policy/{src-based-policy-name}
src-dst-pair-settings-list
Type: List
Refernce Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair-settings/{all-types}
src-port-list
Type: List
Refernce Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/src-port/{port-num}+{protocol}
src-port-range-list
Type: List
Refernce Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/src-port-range/{src-port-range-start}+{src-port-range-end}+{protocol}
subnet-ip-addr
Description IP Subnet
Type: string
Format: ipv4-cidr
subnet-ipv6-addr
Description IPV6 Subnet
Type: string
Format: ipv6-address-plen
template
Description: template is a JSON Block. Please see below for template
Type: Object
topk-destinations
Description: topk-destinations is a JSON Block. Please see below for topk-destinations
Type: Object
Refernce Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/topk-destinations
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
port-list¶
Specification
Type
list
Block object keys
capture-config
Description: capture-config is a JSON Block. Please see below for port-list_capture-config
Type: Object
deny
Description Blacklist and Drop all incoming packets for protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
detection-enable
Description Enable ddos detection
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dns-cache
Description DNS Cache Instance
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/ddos/dns-cache
enable-top-k
Description Enable ddos top-k entries
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/glid
glid-exceed-action
Description: glid-exceed-action is a JSON Block. Please see below for port-list_glid-exceed-action
Type: Object
pattern-recognition
Description: pattern-recognition is a JSON Block. Please see below for port-list_pattern-recognition
Type: Object
Refernce Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/port/{port-num}+{protocol}/pattern-recognition
pattern-recognition-pu-details
Description: pattern-recognition-pu-details is a JSON Block. Please see below for port-list_pattern-recognition-pu-details
Type: Object
Refernce Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/port/{port-num}+{protocol}/pattern-recognition-pu-details
port-ind
Description: port-ind is a JSON Block. Please see below for port-list_port-ind
Type: Object
Refernce Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/port/{port-num}+{protocol}/port-ind
port-num
Description Port Number
Type: number
Range: 0-65535
protocol
Description ‘dns-tcp’: DNS-TCP Port; ‘dns-udp’: DNS-UDP Port; ‘http’: HTTP Port; ‘tcp’: TCP Port; ‘udp’: UDP Port; ‘ssl-l4’: SSL-L4 Port; ‘sip-udp’: SIP-UDP Port; ‘sip-tcp’: SIP-TCP Port;
Type: string
Supported Values: dns-tcp, dns-udp, http, tcp, udp, ssl-l4, sip-udp, sip-tcp
set-counter-base-val
Description Set T2 counter value of current context to specified value
Type: number
Range: 1-4294967295
sflow
Description: sflow is a JSON Block. Please see below for port-list_sflow
Type: Object
signature-extraction
Description: signature-extraction is a JSON Block. Please see below for port-list_signature-extraction
Type: Object
Refernce Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/port/{port-num}+{protocol}/signature-extraction
template
Description: template is a JSON Block. Please see below for port-list_template
Type: Object
topk-num-records
Description Maximum number of records to show in topk
Type: number
Range: 1-100
Default: 20
topk-sources
Description: topk-sources is a JSON Block. Please see below for port-list_topk-sources
Type: Object
Refernce Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/port/{port-num}+{protocol}/topk-sources
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
port-list_pattern-recognition¶
Specification
Type
object
algorithm
Description ‘heuristic’: heuristic algorithm;
Type: string
Supported Values: heuristic
filter-inactive-threshold
Description Extracted filter inactive threshold
Type: number
Range: 5-255
filter-threshold
Description Extracted filter threshold
Type: number
Range: 0-100
mode
Description ‘capture-never-expire’: War-time capture without rate exceeding and never expires; ‘manual’: Manual mode;
Type: string
Supported Values: capture-never-expire, manual
sensitivity
Description ‘high’: High Sensitivity; ‘medium’: Medium Sensitivity; ‘low’: Low Sensitivity;
Type: string
Supported Values: high, medium, low
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
port-list_sflow¶
Specification
Type
object
polling
Description: polling is a JSON Block. Please see below for port-list_sflow_polling
Type: Object
port-list_sflow_polling¶
Specification
Type
object
sflow-http
Description Enable sFlow HTTP counter polling
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sflow-packets
Description Enable sFlow packet-level counter polling
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sflow-tcp
Description: sflow-tcp is a JSON Block. Please see below for port-list_sflow_polling_sflow-tcp
Type: Object
port-list_sflow_polling_sflow-tcp¶
Specification
Type
object
sflow-tcp-basic
Description Enable sFlow basic TCP counter polling
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sflow-tcp-stateful
Description Enable sFlow stateful TCP counter polling
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
port-list_capture-config¶
Specification
Type
object
capture-config-mode
Description ‘drop’: Apply capture-config to dropped packets; ‘forward’: Apply capture-config to forwarded packets; ‘all’: Apply capture-config to both dropped and forwarded packets;
Type: string
Supported Values: drop, forward, all
capture-config-name
Description Capture-config name
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
port-list_pattern-recognition-pu-details¶
Specification
Type
object
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
port-list_port-ind¶
Specification
Type
object
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
port-list_signature-extraction¶
Specification
Type
object
algorithm
Description ‘heuristic’: heuristic algorithm;
Type: string
Supported Values: heuristic
manual-mode
Description Enable manual mode
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
port-list_template¶
Specification
Type
object
dns
Description DDOS dns template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
http
Description DDOS http template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
sip
Description DDOS sip template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
ssl-l4
Description DDOS SSL-L4 template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
tcp
Description DDOS tcp template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
udp
Description DDOS udp template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
port-list_glid-exceed-action¶
Specification
Type
object
stateless-encap-action-cfg
Description: stateless-encap-action-cfg is a JSON Block. Please see below for port-list_glid-exceed-action_stateless-encap-action-cfg
Type: Object
port-list_glid-exceed-action_stateless-encap-action-cfg¶
Specification
Type
object
encap-template
Description Apply legacy encap template for encap action
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/ddos/template/encap
stateless-encap-action
Description ‘stateless-tunnel-encap’: Encapsulate all packets; ‘stateless-tunnel-encap-scrubbed’: Encapsulate all packets and allow packets to go through other DDoS checks before sent (conn-limit exceeded packet can not be scrubbed, it will default to stateless-tunnel-encap);
Type: string
Supported Values: stateless-tunnel-encap, stateless-tunnel-encap-scrubbed
port-list_topk-sources¶
Specification
Type
object
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
capture-config-list¶
Specification
Type
list
Block object keys
mode
Description ‘drop’: Apply capture-config to dropped packets; ‘forward’: Apply capture-config to forwarded packets; ‘all’: Apply capture-config to both dropped and forwarded packets;
Type: string
Supported Values: drop, forward, all
name
Description Capture-config name
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/capture-config
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dynamic-entry-overflow-policy-list¶
Specification
Type
list
Block object keys
app-type-src-dst-list
Type: List
Refernce Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/dynamic-entry-overflow-policy/{dummy-name}/app-type-src-dst/{protocol}
bypass
Description Always permit for the Source to bypass all feature & limit checks
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dummy-name
Description ‘configuration’: Configure src dst dynamic entry count overflow policy;
Type: string
Supported Values: configuration
exceed-log-cfg
Description: exceed-log-cfg is a JSON Block. Please see below for dynamic-entry-overflow-policy-list_exceed-log-cfg
Type: Object
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/glid
l4-type-src-dst-list
Type: List
Refernce Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/dynamic-entry-overflow-policy/{dummy-name}/l4-type-src-dst/{protocol}
log-periodic
Description Enable periodic log while event is continuing
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
template
Description: template is a JSON Block. Please see below for dynamic-entry-overflow-policy-list_template
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dynamic-entry-overflow-policy-list_template¶
Specification
Type
object
logging
Description DDOS logging template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
dynamic-entry-overflow-policy-list_app-type-src-dst-list¶
Specification
Type
list
Block object keys
protocol
Description ‘dns’: dns; ‘http’: http; ‘ssl-l4’: ssl-l4; ‘sip’: sip;
Type: string
Supported Values: dns, http, ssl-l4, sip
template
Description: template is a JSON Block. Please see below for dynamic-entry-overflow-policy-list_app-type-src-dst-list_template
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dynamic-entry-overflow-policy-list_app-type-src-dst-list_template¶
Specification
Type
object
dns
Description DDOS dns template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
http
Description DDOS http template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
sip
Description DDOS sip template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
ssl-l4
Description DDOS SSL-L4 template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
dynamic-entry-overflow-policy-list_l4-type-src-dst-list¶
Specification
Type
list
Block object keys
deny
Description Blacklist and Drop all incoming packets for protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/glid
protocol
Description ‘tcp’: tcp; ‘udp’: udp; ‘icmp’: icmp; ‘other’: other;
Type: string
Supported Values: tcp, udp, icmp, other
template
Description: template is a JSON Block. Please see below for dynamic-entry-overflow-policy-list_l4-type-src-dst-list_template
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dynamic-entry-overflow-policy-list_l4-type-src-dst-list_template¶
Specification
Type
object
other
Description DDOS OTHER template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
tcp
Description DDOS TCP template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
template-icmp-v4
Description DDOS icmp-v4 template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
template-icmp-v6
Description DDOS icmp-v6 template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
udp
Description DDOS UDP template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
dynamic-entry-overflow-policy-list_exceed-log-cfg¶
Specification
Type
object
log-enable
Description Enable logging of limit exceed drop’s
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
port-range-list¶
Specification
Type
list
Block object keys
capture-config
Description: capture-config is a JSON Block. Please see below for port-range-list_capture-config
Type: Object
deny
Description Blacklist and Drop all incoming packets for protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
detection-enable
Description Enable ddos detection
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
enable-top-k
Description Enable ddos top-k entries
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/glid
glid-exceed-action
Description: glid-exceed-action is a JSON Block. Please see below for port-range-list_glid-exceed-action
Type: Object
pattern-recognition
Description: pattern-recognition is a JSON Block. Please see below for port-range-list_pattern-recognition
Type: Object
Refernce Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/pattern-recognition
pattern-recognition-pu-details
Description: pattern-recognition-pu-details is a JSON Block. Please see below for port-range-list_pattern-recognition-pu-details
Type: Object
Refernce Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/pattern-recognition-pu-details
port-ind
Description: port-ind is a JSON Block. Please see below for port-range-list_port-ind
Type: Object
Refernce Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/port-ind
port-range-end
Description Port-Range End Port Number
Type: number
Range: 1-65535
port-range-start
Description Port-Range Start Port Number
Type: number
Range: 1-65535
protocol
Description ‘dns-tcp’: DNS-TCP Port; ‘dns-udp’: DNS-UDP Port; ‘http’: HTTP Port; ‘tcp’: TCP Port; ‘udp’: UDP Port; ‘ssl-l4’: SSL-L4 Port; ‘sip-udp’: SIP-UDP Port; ‘sip-tcp’: SIP-TCP Port;
Type: string
Supported Values: dns-tcp, dns-udp, http, tcp, udp, ssl-l4, sip-udp, sip-tcp
set-counter-base-val
Description Set T2 counter value of current context to specified value
Type: number
Range: 1-4294967295
sflow
Description: sflow is a JSON Block. Please see below for port-range-list_sflow
Type: Object
template
Description: template is a JSON Block. Please see below for port-range-list_template
Type: Object
topk-num-records
Description Maximum number of records to show in topk
Type: number
Range: 1-100
Default: 20
topk-sources
Description: topk-sources is a JSON Block. Please see below for port-range-list_topk-sources
Type: Object
Refernce Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/topk-sources
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
port-range-list_pattern-recognition¶
Specification
Type
object
algorithm
Description ‘heuristic’: heuristic algorithm;
Type: string
Supported Values: heuristic
filter-inactive-threshold
Description Extracted filter inactive threshold
Type: number
Range: 5-255
filter-threshold
Description Extracted filter threshold
Type: number
Range: 0-100
mode
Description ‘capture-never-expire’: War-time capture without rate exceeding and never expires; ‘manual’: Manual mode;
Type: string
Supported Values: capture-never-expire, manual
sensitivity
Description ‘high’: High Sensitivity; ‘medium’: Medium Sensitivity; ‘low’: Low Sensitivity;
Type: string
Supported Values: high, medium, low
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
port-range-list_pattern-recognition-pu-details¶
Specification
Type
object
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
port-range-list_capture-config¶
Specification
Type
object
capture-config-mode
Description ‘drop’: Apply capture-config to dropped packets; ‘forward’: Apply capture-config to forwarded packets; ‘all’: Apply capture-config to both dropped and forwarded packets;
Type: string
Supported Values: drop, forward, all
capture-config-name
Description Capture-config name
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
port-range-list_sflow¶
Specification
Type
object
polling
Description: polling is a JSON Block. Please see below for port-range-list_sflow_polling
Type: Object
port-range-list_sflow_polling¶
Specification
Type
object
sflow-http
Description Enable sFlow HTTP counter polling
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sflow-packets
Description Enable sFlow packet-level counter polling
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sflow-tcp
Description: sflow-tcp is a JSON Block. Please see below for port-range-list_sflow_polling_sflow-tcp
Type: Object
port-range-list_sflow_polling_sflow-tcp¶
Specification
Type
object
sflow-tcp-basic
Description Enable sFlow basic TCP counter polling
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sflow-tcp-stateful
Description Enable sFlow stateful TCP counter polling
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
port-range-list_port-ind¶
Specification
Type
object
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
port-range-list_template¶
Specification
Type
object
dns
Description DDOS dns template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
http
Description DDOS http template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
sip
Description DDOS sip template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
ssl-l4
Description DDOS SSL-L4 template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
tcp
Description DDOS tcp template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
udp
Description DDOS udp template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
port-range-list_glid-exceed-action¶
Specification
Type
object
stateless-encap-action-cfg
Description: stateless-encap-action-cfg is a JSON Block. Please see below for port-range-list_glid-exceed-action_stateless-encap-action-cfg
Type: Object
port-range-list_glid-exceed-action_stateless-encap-action-cfg¶
Specification
Type
object
encap-template
Description Apply legacy encap template for encap action
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/ddos/template/encap
stateless-encap-action
Description ‘stateless-tunnel-encap’: Encapsulate all packets; ‘stateless-tunnel-encap-scrubbed’: Encapsulate all packets and allow packets to go through other DDoS checks before sent (conn-limit exceeded packet can not be scrubbed, it will default to stateless-tunnel-encap);
Type: string
Supported Values: stateless-tunnel-encap, stateless-tunnel-encap-scrubbed
port-range-list_topk-sources¶
Specification
Type
object
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
hw-blacklist-blocking¶
Specification
Type
object
dst-enable
Description Enable Dst side hardware blocking
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
src-enable
Description Enable Src side hardware blocking
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
src-dst-pair-class-list-list¶
Specification
Type
list
Block object keys
app-type-src-dst-list
Type: List
Refernce Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair-class-list/{class-list-name}/app-type-src-dst/{protocol}
cid-list
Type: List
Refernce Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair-class-list/{class-list-name}/cid/{cid-num}
class-list-name
Description Class-list name
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
exceed-log-cfg
Description: exceed-log-cfg is a JSON Block. Please see below for src-dst-pair-class-list-list_exceed-log-cfg
Type: Object
l4-type-src-dst-list
Type: List
Refernce Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair-class-list/{class-list-name}/l4-type-src-dst/{protocol}
log-periodic
Description Enable periodic log while event is continuing
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
src-dst-pair-class-list-list_cid-list¶
Specification
Type
list
Block object keys
app-type-src-dst-cid-list
cid-num
Description Class-list id
Type: number
Range: 1-32
exceed-log-cfg
Description: exceed-log-cfg is a JSON Block. Please see below for src-dst-pair-class-list-list_cid-list_exceed-log-cfg
Type: Object
l4-type-src-dst-cid-list
log-periodic
Description Enable periodic log while event is continuing
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
src-dst-pair-class-list-list_cid-list_app-type-src-dst-cid-list¶
Specification
Type
list
Block object keys
protocol
Description ‘dns’: dns; ‘http’: http; ‘ssl-l4’: ssl-l4; ‘sip’: sip;
Type: string
Supported Values: dns, http, ssl-l4, sip
template
Description: template is a JSON Block. Please see below for src-dst-pair-class-list-list_cid-list_app-type-src-dst-cid-list_template
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
src-dst-pair-class-list-list_cid-list_app-type-src-dst-cid-list_template¶
Specification
Type
object
dns
Description DDOS dns template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
http
Description DDOS http template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
sip
Description DDOS sip template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
ssl-l4
Description DDOS SSL-L4 template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
src-dst-pair-class-list-list_cid-list_l4-type-src-dst-cid-list¶
Specification
Type
list
Block object keys
deny
Description Blacklist and Drop all incoming packets for protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/glid
protocol
Description ‘tcp’: tcp; ‘udp’: udp; ‘icmp’: icmp; ‘other’: other;
Type: string
Supported Values: tcp, udp, icmp, other
template
Description: template is a JSON Block. Please see below for src-dst-pair-class-list-list_cid-list_l4-type-src-dst-cid-list_template
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
src-dst-pair-class-list-list_cid-list_l4-type-src-dst-cid-list_template¶
Specification
Type
object
other
Description DDOS OTHER template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
tcp
Description DDOS TCP template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
template-icmp-v4
Description DDOS icmp-v4 template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
template-icmp-v6
Description DDOS icmp-v6 template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
udp
Description DDOS UDP template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
src-dst-pair-class-list-list_cid-list_exceed-log-cfg¶
Specification
Type
object
log-enable
Description Enable logging of limit exceed drop’s
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
src-dst-pair-class-list-list_app-type-src-dst-list¶
Specification
Type
list
Block object keys
protocol
Description ‘dns’: dns; ‘http’: http; ‘ssl-l4’: ssl-l4; ‘sip’: sip;
Type: string
Supported Values: dns, http, ssl-l4, sip
template
Description: template is a JSON Block. Please see below for src-dst-pair-class-list-list_app-type-src-dst-list_template
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
src-dst-pair-class-list-list_app-type-src-dst-list_template¶
Specification
Type
object
dns
Description DDOS dns template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
http
Description DDOS http template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
sip
Description DDOS sip template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
ssl-l4
Description DDOS SSL-L4 template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
src-dst-pair-class-list-list_l4-type-src-dst-list¶
Specification
Type
list
Block object keys
deny
Description Blacklist and Drop all incoming packets for protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/glid
protocol
Description ‘tcp’: tcp; ‘udp’: udp; ‘icmp’: icmp; ‘other’: other;
Type: string
Supported Values: tcp, udp, icmp, other
template
Description: template is a JSON Block. Please see below for src-dst-pair-class-list-list_l4-type-src-dst-list_template
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
src-dst-pair-class-list-list_l4-type-src-dst-list_template¶
Specification
Type
object
other
Description DDOS OTHER template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
tcp
Description DDOS TCP template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
template-icmp-v4
Description DDOS icmp-v4 template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
template-icmp-v6
Description DDOS icmp-v6 template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
udp
Description DDOS UDP template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
src-dst-pair-class-list-list_exceed-log-cfg¶
Specification
Type
object
log-enable
Description Enable logging of limit exceed drop’s
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
template¶
Specification
Type
object
logging
Description DDOS logging template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
glid-exceed-action¶
Specification
Type
object
stateless-encap-action-cfg
Description: stateless-encap-action-cfg is a JSON Block. Please see below for glid-exceed-action_stateless-encap-action-cfg
Type: Object
glid-exceed-action_stateless-encap-action-cfg¶
Specification
Type
object
encap-template
Description Apply legacy encap template for encap action
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/ddos/template/encap
stateless-encap-action
Description ‘stateless-tunnel-encap’: Encapsulate all packets; ‘stateless-tunnel-encap-scrubbed’: Encapsulate all packets and allow packets to go through other DDoS checks before sent (conn-limit exceeded packet can not be scrubbed, it will default to stateless-tunnel-encap);
Type: string
Supported Values: stateless-tunnel-encap, stateless-tunnel-encap-scrubbed
l4-type-list¶
Specification
Type
list
Block object keys
deny
Description Blacklist and Drop all incoming packets for protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
detection-enable
Description Enable ddos detection
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
disable-syn-auth
Description Disable TCP SYN Authentication
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
drop-frag-pkt
Description Drop fragmented packets
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
drop-on-no-port-match
Description ‘disable’: disable; ‘enable’: enable;
Type: string
Supported Values: disable, enable
Default: enable
enable-top-k
Description Enable ddos top-k entries
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/glid
glid-exceed-action
Description: glid-exceed-action is a JSON Block. Please see below for l4-type-list_glid-exceed-action
Type: Object
max-rexmit-syn-per-flow
Description Maximum number of re-transmit SYN per flow
Type: number
Range: 1-6
max-rexmit-syn-per-flow-exceed-action
Description ‘drop’: Drop the packet; ‘black-list’: Add the source IP into black list;
Type: string
Supported Values: drop, black-list
port-ind
Description: port-ind is a JSON Block. Please see below for l4-type-list_port-ind
Type: Object
Refernce Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/l4-type/{protocol}/port-ind
protocol
Description ‘tcp’: L4-Type TCP; ‘udp’: L4-Type UDP; ‘icmp’: L4-Type ICMP; ‘other’: L4-Type OTHER;
Type: string
Supported Values: tcp, udp, icmp, other
set-counter-base-val
Description Set T2 counter value of current context to specified value
Type: number
Range: 1-4294967295
stateful
Description Enable stateful tracking of sessions (Default is stateless)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
syn-auth
Description ‘send-rst’: Send RST to client upon client ACK; ‘force-rst-by-ack’: Force client RST via the use of ACK; ‘force-rst-by-synack’: Force client RST via the use of bad SYN|ACK; ‘disable’: Disable TCP SYN Authentication;
Type: string
Supported Values: send-rst, force-rst-by-ack, force-rst-by-synack, disable
Default: send-rst
syn-cookie
Description Enable SYN Cookie
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
tcp-reset-client
Description Send reset to client when rate exceeds or session ages out
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
tcp-reset-server
Description Send reset to server when rate exceeds or session ages out
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
template
Description: template is a JSON Block. Please see below for l4-type-list_template
Type: Object
topk-num-records
Description Maximum number of records to show in topk
Type: number
Range: 1-100
Default: 20
topk-sources
Description: topk-sources is a JSON Block. Please see below for l4-type-list_topk-sources
Type: Object
Refernce Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/l4-type/{protocol}/topk-sources
tunnel-decap
Description: tunnel-decap is a JSON Block. Please see below for l4-type-list_tunnel-decap
Type: Object
tunnel-rate-limit
Description: tunnel-rate-limit is a JSON Block. Please see below for l4-type-list_tunnel-rate-limit
Type: Object
undefined-port-hit-statistics
Description: undefined-port-hit-statistics is a JSON Block. Please see below for l4-type-list_undefined-port-hit-statistics
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
l4-type-list_undefined-port-hit-statistics¶
Specification
Type
object
reset-interval
Description Configure port scanning counter reset interval (minutes), Default 60 mins
Type: number
Range: 1-64000
Default: 60
undefined-port-hit-statistics
Description Enable port scanning statistics
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
l4-type-list_template¶
Specification
Type
object
template-icmp-v4
Description DDOS icmp-v4 template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
template-icmp-v6
Description DDOS icmp-v6 template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
l4-type-list_glid-exceed-action¶
Specification
Type
object
stateless-encap-action-cfg
Description: stateless-encap-action-cfg is a JSON Block. Please see below for l4-type-list_glid-exceed-action_stateless-encap-action-cfg
Type: Object
l4-type-list_glid-exceed-action_stateless-encap-action-cfg¶
Specification
Type
object
encap-template
Description Apply legacy encap template for encap action
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/ddos/template/encap
stateless-encap-action
Description ‘stateless-tunnel-encap’: Encapsulate all packets; ‘stateless-tunnel-encap-scrubbed’: Encapsulate all packets and allow packets to go through other DDoS checks before sent (conn-limit exceeded packet can not be scrubbed, it will default to stateless-tunnel-encap);
Type: string
Supported Values: stateless-tunnel-encap, stateless-tunnel-encap-scrubbed
l4-type-list_tunnel-decap¶
Specification
Type
object
gre-decap
Description Enable GRE Tunnel decapsulation
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
ip-decap
Description Enable IP Tunnel decapsulation
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
key-cfg
Type: List
l4-type-list_tunnel-decap_key-cfg¶
Specification
Type
list
Block object keys
key
Description Only decapsulate GRE packet with this key (Hexadecimal 0x0-0xFFFFFFFF,decimal 0-4294967295)
Type: string
Maximum Length: 10 characters
Maximum Length: 1 characters
l4-type-list_port-ind¶
Specification
Type
object
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
l4-type-list_topk-sources¶
Specification
Type
object
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
l4-type-list_tunnel-rate-limit¶
Specification
Type
object
gre-rate-limit
Description Enable inner IP rate limiting on GRE traffic
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
ip-rate-limit
Description Enable inner IP rate limiting on IPinIP traffic
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
topk-destinations¶
Specification
Type
object
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
src-dst-pair-settings-list¶
Specification
Type
list
Block object keys
age
Description Idle age for ip entry
Type: number
Range: 2-1023
Default: 5
all-types
Description ‘all-types’: Settings for all types (default or class-list);
Type: string
Supported Values: all-types
apply-policy-on-overflow
Description Enable this flag to apply overflow policy when dynamic entry count overflows
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
enable-class-list-overflow
Description Apply class-list overflow policy upon exceeding dynamic entry count specified for DST entry or each class-list
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
l4-type-src-dst-list
Type: List
Refernce Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair-settings/{all-types}/l4-type-src-dst/{protocol}
max-dynamic-entry-count
Description Maximum count for dynamic src-dst entry
Type: number
Range: 0-2147483647
src-prefix-len
Description Specify src prefix length for IPv6 (default: not set)
Type: number
Range: 32-127
unlimited-dynamic-entry-count
Description No limit for maximum dynamic src entry count
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
src-dst-pair-settings-list_l4-type-src-dst-list¶
Specification
Type
list
Block object keys
apply-policy-on-overflow
Description Enable this flag to apply overflow policy when dynamic entry count overflows
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
max-dynamic-entry-count
Description Maximum count for dynamic src-dst entry
Type: number
Range: 0-2147483647
protocol
Description ‘tcp’: tcp; ‘udp’: udp; ‘icmp’: icmp; ‘other’: other;
Type: string
Supported Values: tcp, udp, icmp, other
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
src-port-range-list¶
Specification
Type
list
Block object keys
deny
Description Blacklist and Drop all incoming packets for protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/glid
protocol
Description ‘udp’: UDP Port; ‘tcp’: TCP Port;
Type: string
Supported Values: udp, tcp
set-counter-base-val
Description Set T2 counter value of current context to specified value
Type: number
Range: 1-4294967295
src-port-range-end
Description Src Port-Range End Port Number
Type: number
Range: 2-65535
src-port-range-start
Description Src Port-Range Start Port Number
Type: number
Range: 1-65535
template
Description: template is a JSON Block. Please see below for src-port-range-list_template
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
src-port-range-list_template¶
Specification
Type
object
src-tcp
Description DDOS tcp src template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
src-udp
Description DDOS udp src template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
ip-proto-list¶
Specification
Type
list
Block object keys
deny
Description Blacklist and Drop all incoming packets for protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
esp-inspect
Description: esp-inspect is a JSON Block. Please see below for ip-proto-list_esp-inspect
Type: Object
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/glid
glid-exceed-action
Description: glid-exceed-action is a JSON Block. Please see below for ip-proto-list_glid-exceed-action
Type: Object
port-num
Description Protocol Number
Type: number
Range: 0-255
set-counter-base-val
Description Set T2 counter value of current context to specified value
Type: number
Range: 1-4294967295
template
Description: template is a JSON Block. Please see below for ip-proto-list_template
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
ip-proto-list_esp-inspect¶
Specification
Type
object
auth-algorithm
Description ‘AUTH_NULL’: No Integrity Check Value; ‘HMAC-SHA-1-96’: 96 bit Auth Algo; ‘HMAC-SHA-256-96’: 96 bit Auth Algo; ‘HMAC-SHA-256-128’: 128 bit Auth Algo; ‘HMAC-SHA-384-192’: 192 bit Auth Algo; ‘HMAC-SHA-512-256’: 256 bit Auth Algo; ‘HMAC-MD5-96’: 96 bit Auth Algo; ‘MAC-RIPEMD-160-96’: 96 bit Auth Algo;
Type: string
Supported Values: AUTH_NULL, HMAC-SHA-1-96, HMAC-SHA-256-96, HMAC-SHA-256-128, HMAC-SHA-384-192, HMAC-SHA-512-256, HMAC-MD5-96, MAC-RIPEMD-160-96
encrypt-algorithm
Description ‘NULL’: Null Encryption Algorithm;
Type: string
Supported Values: NULL
mode
Description ‘transport’: Transport mode;
Type: string
Supported Values: transport
ip-proto-list_template¶
Specification
Type
object
other
Description DDOS other template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
ip-proto-list_glid-exceed-action¶
Specification
Type
object
stateless-encap-action-cfg
Description: stateless-encap-action-cfg is a JSON Block. Please see below for ip-proto-list_glid-exceed-action_stateless-encap-action-cfg
Type: Object
ip-proto-list_glid-exceed-action_stateless-encap-action-cfg¶
Specification
Type
object
encap-template
Description Apply legacy encap template for encap action
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/ddos/template/encap
stateless-encap-action
Description ‘stateless-tunnel-encap’: Encapsulate all packets; ‘stateless-tunnel-encap-scrubbed’: Encapsulate all packets and allow packets to go through other DDoS checks before sent (conn-limit exceeded packet can not be scrubbed, it will default to stateless-tunnel-encap);
Type: string
Supported Values: stateless-tunnel-encap, stateless-tunnel-encap-scrubbed
src-port-list¶
Specification
Type
list
Block object keys
deny
Description Blacklist and Drop all incoming packets for protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/glid
outbound-src-tracking
Description ‘enable’: enable; ‘disable’: disable;
Type: string
Supported Values: enable, disable
Default: disable
port-num
Description Port Number
Type: number
Range: 0-65535
protocol
Description ‘dns-udp’: DNS-UDP Port; ‘dns-tcp’: DNS-TCP Port; ‘udp’: UDP Port; ‘tcp’: TCP Port;
Type: string
Supported Values: dns-udp, dns-tcp, udp, tcp
set-counter-base-val
Description Set T2 counter value of current context to specified value
Type: number
Range: 1-4294967295
template
Description: template is a JSON Block. Please see below for src-port-list_template
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
src-port-list_template¶
Specification
Type
object
src-dns
Description DDOS dns src template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
src-tcp
Description DDOS tcp src template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
src-udp
Description DDOS udp src template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
exceed-log-cfg¶
Specification
Type
object
log-enable
Description Enable logging of limit exceed drop’s
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
log-high-frequency
Description Enable High frequency logging for non-event logs per entry
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
log-with-sflow
Description Turn on sflow sample with log
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
rate-limit
Description Rate limit per second per entry(Default : 1 per second)
Type: number
Range: 1-1000
Default: 1
sflow¶
Specification
Type
object
polling
Description: polling is a JSON Block. Please see below for sflow_polling
Type: Object
sflow_polling¶
Specification
Type
object
sflow-http
Description Enable sFlow HTTP counter polling. WARNING: Entry level Sflow polling might induce heavy CPU load depending on the total number
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sflow-layer-4
Description Enable sFlow Layer 4 counter polling. WARNING: Entry level Sflow polling might induce heavy CPU load depending on the total num
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sflow-packets
Description Enable sFlow packet-level counter polling. WARNING: Entry level Sflow polling might induce heavy CPU load depending on the tota
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sflow-tcp
Description: sflow-tcp is a JSON Block. Please see below for sflow_polling_sflow-tcp
Type: Object
sflow-undef-port-hit-stats
Description Enable sFlow undefined-port-hit-statistics polling
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sflow-undef-port-hit-stats-brief
Description Enable sFlow undefined-port-hit-statistics polling in brief mode
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sflow_polling_sflow-tcp¶
Specification
Type
object
sflow-tcp-basic
Description Enable sFlow basic TCP counter polling. WARNING: Entry level Sflow polling might induce heavy CPU load depending on the total n
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sflow-tcp-stateful
Description Enable sFlow stateful TCP counter polling. WARNING: Entry level Sflow polling might induce heavy CPU load depending on the tota
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
src-dst-pair¶
Specification
Type
object
app-type-src-dst-list
Type: List
Refernce Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair/app-type-src-dst/{protocol}
bypass
Description Always permit for the Source to bypass all feature & limit checks
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
default
Description Configure default
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exceed-log-cfg
Description: exceed-log-cfg is a JSON Block. Please see below for src-dst-pair_exceed-log-cfg
Type: Object
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/glid
l4-type-src-dst-list
Type: List
Refernce Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair/l4-type-src-dst/{protocol}
log-periodic
Description Enable periodic log while event is continuing
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
template
Description: template is a JSON Block. Please see below for src-dst-pair_template
Type: Object
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
src-dst-pair_template¶
Specification
Type
object
logging
Description DDOS logging template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
src-dst-pair_app-type-src-dst-list¶
Specification
Type
list
Block object keys
protocol
Description ‘dns’: dns; ‘http’: http; ‘ssl-l4’: ssl-l4; ‘sip’: sip;
Type: string
Supported Values: dns, http, ssl-l4, sip
template
Description: template is a JSON Block. Please see below for src-dst-pair_app-type-src-dst-list_template
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
src-dst-pair_app-type-src-dst-list_template¶
Specification
Type
object
dns
Description DDOS dns template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
http
Description DDOS http template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
sip
Description DDOS sip template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
ssl-l4
Description DDOS SSL-L4 template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
src-dst-pair_l4-type-src-dst-list¶
Specification
Type
list
Block object keys
deny
Description Blacklist and Drop all incoming packets for protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/glid
protocol
Description ‘tcp’: tcp; ‘udp’: udp; ‘icmp’: icmp; ‘other’: other;
Type: string
Supported Values: tcp, udp, icmp, other
template
Description: template is a JSON Block. Please see below for src-dst-pair_l4-type-src-dst-list_template
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
src-dst-pair_l4-type-src-dst-list_template¶
Specification
Type
object
other
Description DDOS OTHER template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
tcp
Description DDOS TCP template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
template-icmp-v4
Description DDOS icmp-v4 template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
template-icmp-v6
Description DDOS icmp-v6 template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
udp
Description DDOS UDP template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
src-dst-pair_exceed-log-cfg¶
Specification
Type
object
log-enable
Description Enable logging of limit exceed drop’s
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
src-dst-pair-policy-list¶
Specification
Type
list
Block object keys
policy-class-list-list
src-based-policy-name
Description Src-based-policy name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
src-dst-pair-policy-list_policy-class-list-list¶
Specification
Type
list
Block object keys
app-type-src-dst-list
bypass
Description Always permit for the Source to bypass all feature & limit checks
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
class-list-name
Description Class-list name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
class-list-overflow-policy-list
exceed-log-cfg
Description: exceed-log-cfg is a JSON Block. Please see below for src-dst-pair-policy-list_policy-class-list-list_exceed-log-cfg
Type: Object
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/glid
l4-type-src-dst-list
log-periodic
Description Enable periodic log while event is continuing
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
max-dynamic-entry-count
Description Maximum count for dynamic src-dst entry under class-list
Type: number
Range: 0-2147483647
template
Description: template is a JSON Block. Please see below for src-dst-pair-policy-list_policy-class-list-list_template
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
src-dst-pair-policy-list_policy-class-list-list_template¶
Specification
Type
object
logging
Description DDOS logging template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
src-dst-pair-policy-list_policy-class-list-list_app-type-src-dst-list¶
Specification
Type
list
Block object keys
protocol
Description ‘dns’: dns; ‘http’: http; ‘ssl-l4’: ssl-l4; ‘sip’: sip;
Type: string
Supported Values: dns, http, ssl-l4, sip
template
Description: template is a JSON Block. Please see below for src-dst-pair-policy-list_policy-class-list-list_app-type-src-dst-list_template
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
src-dst-pair-policy-list_policy-class-list-list_app-type-src-dst-list_template¶
Specification
Type
object
dns
Description DDOS dns template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
http
Description DDOS http template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
sip
Description DDOS sip template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
ssl-l4
Description DDOS SSL-L4 template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
src-dst-pair-policy-list_policy-class-list-list_l4-type-src-dst-list¶
Specification
Type
list
Block object keys
deny
Description Blacklist and Drop all incoming packets for protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/glid
protocol
Description ‘tcp’: tcp; ‘udp’: udp; ‘icmp’: icmp; ‘other’: other;
Type: string
Supported Values: tcp, udp, icmp, other
template
Description: template is a JSON Block. Please see below for src-dst-pair-policy-list_policy-class-list-list_l4-type-src-dst-list_template
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
src-dst-pair-policy-list_policy-class-list-list_l4-type-src-dst-list_template¶
Specification
Type
object
other
Description DDOS OTHER template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
tcp
Description DDOS TCP template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
template-icmp-v4
Description DDOS icmp-v4 template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
template-icmp-v6
Description DDOS icmp-v6 template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
udp
Description DDOS UDP template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list¶
Specification
Type
list
Block object keys
app-type-src-dst-overflow-list
bypass
Description Always permit for the Source to bypass all feature & limit checks
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dummy-name
Description ‘configuration’: Configure src dst dynamic entry count overflow policy for class-list;
Type: string
Supported Values: configuration
exceed-log-cfg
Description: exceed-log-cfg is a JSON Block. Please see below for src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list_exceed-log-cfg
Type: Object
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/glid
l4-type-src-dst-overflow-list
log-periodic
Description Enable periodic log while event is continuing
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
template
Description: template is a JSON Block. Please see below for src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list_template
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list_template¶
Specification
Type
object
logging
Description DDOS logging template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list_l4-type-src-dst-overflow-list¶
Specification
Type
list
Block object keys
deny
Description Blacklist and Drop all incoming packets for protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/glid
protocol
Description ‘tcp’: tcp; ‘udp’: udp; ‘icmp’: icmp; ‘other’: other;
Type: string
Supported Values: tcp, udp, icmp, other
template
Description: template is a JSON Block. Please see below for src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list_l4-type-src-dst-overflow-list_template
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list_l4-type-src-dst-overflow-list_template¶
Specification
Type
object
other
Description DDOS OTHER template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
tcp
Description DDOS TCP template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
template-icmp-v4
Description DDOS icmp-v4 template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
template-icmp-v6
Description DDOS icmp-v6 template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
udp
Description DDOS UDP template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list_app-type-src-dst-overflow-list¶
Specification
Type
list
Block object keys
protocol
Description ‘dns’: dns; ‘http’: http; ‘ssl-l4’: ssl-l4; ‘sip’: sip;
Type: string
Supported Values: dns, http, ssl-l4, sip
template
Description: template is a JSON Block. Please see below for src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list_app-type-src-dst-overflow-list_template
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list_app-type-src-dst-overflow-list_template¶
Specification
Type
object
dns
Description DDOS dns template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
http
Description DDOS http template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
sip
Description DDOS sip template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
ssl-l4
Description DDOS SSL-L4 template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list_exceed-log-cfg¶
Specification
Type
object
log-enable
Description Enable logging of limit exceed drop’s
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
src-dst-pair-policy-list_policy-class-list-list_exceed-log-cfg¶
Specification
Type
object
log-enable
Description Enable logging of limit exceed drop’s
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
enable-top-k¶
Specification
Type
list
Block object keys
topk-num-records
Description Maximum number of records to show in topk
Type: number
Range: 1-100
Default: 20
topk-type
Description ‘destination’: Topk destination IP;
Type: string
Supported Values: destination
exceed-log-dep-cfg¶
Specification
Type
object
exceed-log-enable
Description (Deprecated)Enable logging of limit exceed drop’s
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
log-with-sflow-dep
Description Turn on sflow sample with log
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
stats data¶
Counter |
Size |
Description |
|
|---|---|---|---|
dst_entry_conn_limit_exceed |
8 |
Entry Limit: Conn Exceeded |
|
egress_bytes |
8 |
Outbound: Bytes Received |
|
dst_udp_wellknown_sport_drop |
8 |
UDP SrcPort Wellknown |
|
dst_pkt_sent |
8 |
Inbound: Packets Forwarded |
|
dst_udp_any_exceed |
8 |
UDP Dst L4-Type Rate: Total Exceeded |
|
sflow_external_packets_sent |
8 |
Sflow External Packets Sent |
|
dst_tcp_auth_drop |
8 |
TCP Auth: Dropped |
|
dst_tcp_session_created |
8 |
TCP Sessions Created |
|
dst_tcp_drop |
8 |
TCP Total Packets Dropped |
|
src_tcp_unauth_drop |
8 |
Src TCP Auth: Unauth Dropped |
|
src_udp_retry_gap_drop |
8 |
Src UDP Auth: Retry-Gap Dropped |
|
dst_other_bytes_rcv |
8 |
OTHER Total Bytes Received |
|
tcp_syn_rcvd |
8 |
TCP Inbound SYN Received |
|
src_tcp_action_on_ack_blacklist |
8 |
Src TCP Auth: ACK Retry Timeout Blacklisted |
|
prog_first_req_time_exceed |
8 |
Req-Resp: First Request Time Exceed |
|
dst_src_port_conn_rate_exceed |
8 |
SrcPort Rate: Conn Exceeded |
|
tcp_syn_cookie_fail |
8 |
TCP Auth: SYN Cookie Failed |
|
dst_tcp_action_on_ack_pass |
8 |
TCP Auth: ACK Retry Passed |
|
prog_conn_exceed_bl |
8 |
Connection: Violation Exceed Blacklisted |
|
src_udp_filter_action_drop |
8 |
Src UDP Filter Action Drop |
|
dst_tcp_action_on_syn_gap_drop |
8 |
TCP Auth: SYN Retry-Gap Dropped |
|
src_udp_ntp_monlist_req |
8 |
Src UDP NTP Monlist Request |
|
sflow_internal_packets_sent |
8 |
Sflow Internal Packets Sent |
|
src_dst_pair_entry_tcp |
8 |
Src-Dst Pair Entry TCP Count |
|
dst_tcp_src_drop |
8 |
TCP Src Packets Dropped |
|
src_tcp_action_on_syn_fail |
8 |
Src TCP Auth: SYN Retry Dropped |
|
dst_other_src_drop |
8 |
OTHER Src Packets Dropped |
|
dst_tcp_action_on_syn_fail |
8 |
TCP Auth: SYN Retry Dropped |
|
dst_udp_session_aged |
8 |
UDP Sessions Aged |
|
tcp_rexmit_syn_limit_drop |
8 |
TCP SYN Retransmit Exceeded Drop |
|
dst_other_bytes_sent |
8 |
OTHER Total Bytes Forwarded |
|
dst_tcp_unauth_drop |
8 |
TCP Auth: Unauth Dropped |
|
dst_tcp_action_on_syn_reset |
8 |
TCP Auth: SYN Retry Timeout Reset |
|
udp_payload_too_big |
8 |
UDP Payload Too Large |
|
src_tcp_syn_cookie_sent |
8 |
Src TCP Auth: SYN Cookie Sent |
|
dst_port_kbit_rate_exceed |
8 |
Port Rate: KiBit Exceeded |
|
dns_outbound_query_resp_chk_reset_sent |
8 |
DNS Outbound Query Resp Check RESET Sent |
|
dst_udp_auth_drop |
8 |
UDP Auth: Dropped |
|
dst_udp_frag_src_rate_drop |
8 |
UDP Src Rate: Frag Exceeded |
|
dst_other_filter_match |
8 |
OTHER Filter Match |
|
dst_hw_drop_rule_remove |
8 |
Dst Hardware Drop Rules Removed |
|
dst_l4_tcp_auth |
8 |
TCP Dst L4-Type Auth: SYN Cookie Sent |
|
src_l4_icmp_blacklist_drop |
8 |
Src L4-type ICMP Blacklist Dropped |
|
dst_blackhole_inject |
8 |
Dst Blackhole Inject |
|
dst_udp_retry_fail |
8 |
UDP Auth: Retry Timeout |
|
dst_udp_frag_pkt_rate_exceed |
8 |
UDP Dst L4-Type Rate: Frag Exceeded |
|
dst_exceed_action_tunnel |
8 |
Entry Exceed Action: Tunnel |
|
dst_port_conn_limit_exceed |
8 |
Port Limit: Conn Exceeded |
|
prog_win_rcvd_exceed |
8 |
Time Window: Received Exceed |
|
src_udp_retry_pass |
8 |
Src UDP Retry Passed |
|
dst_l4_udp_blacklist_drop |
8 |
Dst L4-type UDP Blacklist Dropped |
|
prog_win_rcvd_sent_ratio_exceed |
8 |
Time Window: Received to Sent Exceed |
|
dst_clist_overflow_policy_at_learning |
8 |
Dst Src-Based Overflow Policy Hit |
|
dst_tcp_filter_not_match |
8 |
TCP Filter Not Matched on Pkt |
|
src_tcp_action_on_syn_gap_drop |
8 |
Src TCP Auth: SYN Retry-Gap Dropped |
|
src_tcp_out_of_seq_excd |
8 |
Src TCP Out-Of-Seq Exceeded |
|
dst_other_bytes_drop |
8 |
OTHER Total Bytes Dropped |
|
src_dst_pair_entry_total |
8 |
Src-Dst Pair Entry Total Count |
|
dst_icmp_src_drop |
8 |
ICMP Src Packets Dropped |
|
outbound_bytes_sent |
8 |
Outbound: Bytes Forwarded |
|
src_tcp_rst_cookie_fail |
8 |
Src TCP Auth: RST Cookie Failed |
|
dst_icmp_drop |
8 |
ICMP Total Packets Dropped |
|
inbound_pkt_drop |
8 |
Inbound: Packets Dropped |
|
dst_tcp_filter_action_blacklist |
8 |
TCP Filter Action Blacklist |
|
dst_l4_icmp_blacklist_drop |
8 |
Dst L4-type ICMP Blacklist Dropped |
|
dst_udp_retry_init |
8 |
UDP Auth: Retry Init |
|
dst_tcp_pkt_rate_exceed |
8 |
TCP Dst L4-Type Rate: Packet Exceeded |
|
dst_icmp_bytes_sent |
8 |
ICMP Total Bytes Forwarded |
|
dst_tcp_kibit_rate_drop |
8 |
TCP Dst L4-Type Rate: KiBit Exceeded |
|
src_tcp_action_on_ack_timeout |
8 |
Src TCP Auth: ACK Retry Timeout |
|
dst_udp_pkt_rcvd |
8 |
UDP Total Packets Received |
|
dst_tcp_conn_close_half_open |
8 |
TCP Half Open Connections Closed |
|
dst_entry_conn_rate_exceed |
8 |
Entry Rate: Conn Exceeded |
|
dns_outbound_query_resp_chk_no_resp_sent |
8 |
DNS Outbound Query Resp Check No Response Sent |
|
dst_src_port_conn_limit_exceed |
8 |
SrcPort Limit: Conn Exceeded |
|
dst_icmp_frag_src_rate_drop |
8 |
ICMP Src Rate: Frag Exceeded |
|
dst_src_port_pkt_rate_exceed |
8 |
SrcPort Rate: Packet Exceeded |
|
prog_win_sent_exceed |
8 |
Time Window: Sent Exceed |
|
prog_conn_rcvd_exceed |
8 |
Connection: Received Exceed |
|
dst_tcp_action_on_syn_init |
8 |
TCP Auth: SYN Retry Init |
|
dst_udp_conn_rate_exceed |
8 |
UDP Dst L4-Type Rate: Conn Exceeded |
|
prog_response_len_exceed |
8 |
Req-Resp: Response Length Exceed |
|
outbound_bytes_drop |
8 |
Outbound: Bytes Dropped |
|
dst_udp_retry_pass |
8 |
UDP Auth: Retry Passed |
|
dst_udp_ntp_monlist_resp |
8 |
UDP NTP Monlist Response |
|
src_tcp_filter_action_blacklist |
8 |
Src TCP Filter Action Blacklist |
|
dst_tcp_action_on_ack_gap_drop |
8 |
TCP Auth: ACK Retry Retry-Gap Dropped |
|
no_policy_class_list_match |
8 |
No Policy Class-list Match |
|
dst_tcp_retransmit_excd |
8 |
TCP Retransmit Exceeded |
|
dst_tcp_frag_src_rate_drop |
8 |
TCP Src Rate: Frag Exceeded |
|
src_tcp_conn_prate_excd |
8 |
Src TCP Rate: Conn Pkt Exceeded |
|
tcp_l4_rst_cookie_fail |
8 |
TCP Dst L4-Type Auth: RST Cookie Failed |
|
dst_other_any_exceed |
8 |
OTHER Rate: Total Exceed |
|
tcp_rst_rcvd |
8 |
TCP RST Received |
|
prog_request_len_exceed |
8 |
Req-Resp: Request Length Exceed |
|
dst_udp_filter_action_blacklist |
8 |
UDP Filter Action Blacklist |
|
icmp_fwd_recv |
8 |
ICMP Inbound Packets Received |
|
src_udp_filter_action_whitelist |
8 |
Src UDP Filter Action WL |
|
src_dst_pair_entry_udp |
8 |
Src-Dst Pair Entry UDP Count |
|
src_udp_filter_action_blacklist |
8 |
Src UDP Filter Action Blacklist |
|
udp_payload_too_small |
8 |
UDP Payload Too Small |
|
dst_icmp_any_exceed |
8 |
ICMP Rate: Total Exceed |
|
src_dst_pair_entry_icmp |
8 |
Src-Dst Pair Entry ICMP Count |
|
ingress_packets |
8 |
Inbound: Packets Received |
|
dst_udp_pkt_rate_exceed |
8 |
UDP Dst L4-Type Rate: Packet Exceeded |
|
src_udp_retry_init |
8 |
Src UDP Auth: Retry Init |
|
src_l4_udp_blacklist_drop |
8 |
Src L4-type UDP Blacklist Dropped |
|
dst_tcp_auth_pass |
8 |
TCP Auth: SYN Auth Passed |
|
dst_entry_frag_pkt_rate_exceed |
8 |
Entry Rate: Frag Packet Exceeded |
|
dst_icmp_kibit_rate_drop |
8 |
ICMP Dst Rate: KiBit Exceeded |
|
dst_tcp_auth_resp |
8 |
TCP Auth: Responded |
|
dst_tcp_port_any_exceed |
8 |
TCP Port Rate: Total Exceed |
|
dst_tcp_conn_close_w_rst |
8 |
TCP RST Connections Closed |
|
src_tcp_wellknown_sport_drop |
8 |
Src TCP SrcPort Wellknown |
|
dst_udp_session_created |
8 |
UDP Sessions Created |
|
dst_udp_filter_action_whitelist |
8 |
UDP Filter Action WL |
|
outbound_pkt_sent |
8 |
Outbound: Packets Forwarded |
|
src_tcp_action_on_ack_init |
8 |
Src TCP Auth: ACK Retry Init |
|
dst_icmp_pkt_sent |
8 |
ICMP Total Packets Forwarded |
|
src_tcp_retransmit_excd |
8 |
Src TCP Retransmit Exceeded |
|
dns_outbound_total_query |
8 |
DNS Outbound Total Query |
|
prog_resp_req_ratio_exceed |
8 |
Req-Resp: Response to Request Ratio Exceed |
|
src_tcp_action_on_syn_blacklist |
8 |
Src TCP Auth: SYN Retry Timeout Blacklisted |
|
src_udp_min_payload |
8 |
Src UDP Payload Too Small |
|
dst_other_drop |
8 |
OTHER Total Packets Dropped |
|
src_udp_conn_prate_excd |
8 |
Src UDP Rate: Conn Pkt Exceeded |
|
dst_tcp_conn_close_w_fin |
8 |
TCP FIN Connections Closed |
|
dst_other_kibit_rate_drop |
8 |
OTHER Dst L4-Type Rate: KiBit Exceeded |
|
dst_src_port_kbit_rate_exceed |
8 |
SrcPort Rate: KiBit Exceeded |
|
tcp_rexmit_syn_limit_bl |
8 |
TCP SYN Retransmit Exceeded Blacklist |
|
dst_tcp_auth |
8 |
TCP Auth: SYN Cookie Sent |
|
sflow_external_samples_packed |
8 |
Sflow External Samples Packed |
|
prog_exceed_drop |
8 |
Req-Resp: Violation Exceed Dropped |
|
dst_other_src_rate_drop |
8 |
OTHER Src Rate: Total Exceeded |
|
dst_other_pkt_rate_exceed |
8 |
OTHER Dst L4-Type Rate: Packet Exceeded |
|
dst_tcp_bytes_rcv |
8 |
TCP Total Bytes Received |
|
dst_tcp_filter_action_whitelist |
8 |
TCP Filter Action WL |
|
src_dst_pair_entry_other |
8 |
Src-Dst Pair Entry OTHER Count |
|
dst_frag_rcvd |
8 |
Fragmented Packets Received |
|
dst_tcp_action_on_ack_fail |
8 |
TCP Auth: ACK Retry Dropped |
|
dst_tcp_frag_pkt_rate_exceed |
8 |
TCP Dst L4-Type Rate: Frag Exceeded |
|
prog_resp_req_time_exceed |
8 |
Req-Resp: Response to Request Time Exceed |
|
src_l4_tcp_blacklist_drop |
8 |
Src L4-type TCP Blacklist Dropped |
|
src_tcp_action_on_syn_timeout |
8 |
Src TCP Auth: SYN Retry Timeout |
|
dst_tcp_wellknown_sport_drop |
8 |
TCP SrcPort Wellknown |
|
dst_tcp_conn_close |
8 |
TCP Connections Closed |
|
dst_l4_other_blacklist_drop |
8 |
Dst L4-type OTHER Blacklist Dropped |
|
src_tcp_action_on_syn_reset |
8 |
Src TCP Auth: SYN Retry Timeout Reset |
|
src_tcp_syn_auth_fail |
8 |
Src TCP Auth: SYN Auth Failed |
|
dst_tcp_syn |
8 |
TCP Total SYN Received |
|
dst_ip_proto_kbit_rate_exceed |
8 |
IP-Proto Rate: KiBit Exceeded |
|
inbound_bytes_sent |
8 |
Inbound: Bytes Forwarded |
|
dst_other_frag_pkt_rate_exceed |
8 |
OTHER Dst L4-Type Rate: Frag Exceeded |
|
prog_win_exceed_drop |
8 |
Time Window: Violation Exceed Dropped |
|
dst_tcp_any_exceed |
8 |
TCP Dst L4-Type Rate: Total Exceeded |
|
dst_udp_filter_not_match |
8 |
UDP Filter Not Matched on Pkt |
|
dst_other_filter_action_whitelist |
8 |
OTHER Filter Action WL |
|
prog_conn_sent_exceed |
8 |
Connection: Sent Exceed |
|
dst_udp_kibit_rate_drop |
8 |
UDP Dst L4-Type Rate: KiBit Exceeded |
|
src_frag_drop |
8 |
Src Fragmented Packets Dropped |
|
dst_tcp_action_on_ack_blacklist |
8 |
TCP Auth: ACK Retry Timeout Blacklisted |
|
prog_win_exceed_bl |
8 |
Time Window: Violation Exceed Blacklisted |
|
dst_port_conn_rate_exceed |
8 |
Port Rate: Conn Exceeded |
|
src_tcp_action_on_ack_reset |
8 |
Src TCP Auth: ACK Retry Timeout Reset |
|
dst_udp_ntp_monlist_req |
8 |
UDP NTP Monlist Request |
|
dst_tcp_session_aged |
8 |
TCP Sessions Aged |
|
dst_other_frag_src_rate_drop |
8 |
OTHER Src Rate: Frag Exceeded |
|
src_tcp_syn_cookie_fail |
8 |
Src TCP Auth: SYN Cookie Failed |
|
dst_udp_filter_match |
8 |
UDP Filter Match |
|
dst_port_kbit_rate_exceed_pkt |
8 |
Port Rate: KiBit Pkt Exceeded |
|
dst_udp_src_drop |
8 |
UDP Src Packets Dropped |
|
dst_tcp_action_on_syn_timeout |
8 |
TCP Auth: SYN Retry Timeout |
|
dst_tcp_filter_action_default_pass |
8 |
TCP Filter Action Default Pass |
|
dst_other_filter_action_default_pass |
8 |
OTHER Filter Action Default Pass |
|
inbound_bytes_drop |
8 |
Inbound: Bytes Dropped |
|
dst_icmp_bytes_rcv |
8 |
ICMP Total Bytes Received |
|
src_tcp_action_on_ack_gap_drop |
8 |
Src TCP Auth: ACK Retry Retry-Gap Dropped |
|
dns_outbound_query_resp_chk_failed |
8 |
DNS Outbound Query Resp Check Failed |
|
dst_tcp_zero_window_excd |
8 |
TCP Zero-Window Exceeded |
|
dst_udp_bytes_sent |
8 |
UDP Total Bytes Forwarded |
|
dst_tcp_pkt_sent |
8 |
TCP Total Packets Forwarded |
|
dst_tcp_action_on_ack_init |
8 |
TCP Auth: ACK Retry Init |
|
dst_udp_pkt_sent |
8 |
UDP Total Packets Forwarded |
|
dns_outbound_query_resp_chk_blacklisted |
8 |
DNS Outbound Query Resp Check Blacklisted |
|
dst_out_no_route |
8 |
Dst IPv4/v6 Out No Route |
|
tcp_l4_unauth_drop |
8 |
TCP Dst L4-Type Auth: Unauth Dropped |
|
dst_tcp_filter_action_drop |
8 |
TCP Filter Action Drop |
|
dst_tcp_rst_cookie_fail |
8 |
TCP Auth: RST Cookie Failed |
|
dst_tcp_conn_create_from_ack |
8 |
TCP Connections Created From ACK |
|
dst_blackhole_withdraw |
8 |
Dst Blackhole Withdraw |
|
dst_tcp_action_on_ack_reset |
8 |
TCP Auth: ACK Retry Timeout Reset |
|
dst_tcp_bytes_sent |
8 |
TCP Total Bytes Forwarded |
|
dst_tcp_action_on_syn_pass |
8 |
TCP Auth: SYN Retry Passed |
|
prog_req_resp_time_exceed |
8 |
Req-Resp: Request to Response Time Exceed |
|
tcp_ack_rcvd |
8 |
TCP ACK Received |
|
dst_src_port_bl |
8 |
Dst SrcPort Blacklist Packets Dropped |
|
dst_icmp_pkt_rate_exceed |
8 |
ICMP Dst Rate: Packet Exceeded |
|
prog_conn_time_exceed |
8 |
Connection: Time Exceed |
|
dst_tcp_conn_close_w_idle |
8 |
TCP Idle Connections Closed |
|
src_tcp_filter_action_whitelist |
8 |
Src TCP Filter Action WL |
|
dst_icmp_bytes_drop |
8 |
ICMP Total Bytes Dropped |
|
dst_udp_filter_action_default_pass |
8 |
UDP Filter Action Default Pass |
|
src_hw_drop_rule_insert |
8 |
Src Hardware Drop Rules Inserted |
|
src_other_filter_action_blacklist |
8 |
Src OTHER Filter Action Blacklist |
|
dns_outbound_query_resp_size_exceed |
8 |
DNS Outbound Query Response Size Exceed |
|
dst_tcp_out_of_seq_excd |
8 |
TCP Out-Of-Seq Exceeded |
|
dst_port_pkt_rate_exceed |
8 |
Port Rate: Packet Exceeded |
|
udp_fwd_recv |
8 |
UDP Inbound Packets Received |
|
src_tcp_filter_action_drop |
8 |
Src TCP Filter Action Drop |
|
tcp_invalid_syn |
8 |
TCP Invalid SYN Received |
|
src_hw_drop_rule_remove |
8 |
Src Hardware Drop Rules Removed |
|
prog_exceed_bl |
8 |
Req-Resp: Violation Exceed Blacklisted |
|
dst_entry_kbit_rate_exceed_count |
8 |
Entry Rate: KiBit Exceeded Count |
|
dst_udp_bytes_rcv |
8 |
UDP Total Bytes Received |
|
egress_packets |
8 |
Outbound: Packets Received |
|
dst_tcp_pkt_rcvd |
8 |
TCP Total Packets Received |
|
dst_l4_tcp_blacklist_drop |
8 |
Dst L4-type TCP Blacklist Dropped |
|
src_other_filter_action_whitelist |
8 |
Src OTHER Filter Action WL |
|
dst_udp_src_rate_drop |
8 |
UDP Src Rate: Total Exceeded |
|
src_tcp_filter_action_default_pass |
8 |
Src TCP Filter Action Default Pass |
|
dst_tcp_conn_create_from_syn |
8 |
TCP Connections Created From SYN |
|
entry_sync_message_sent |
8 |
Entry Sync Message Sent |
|
dst_tcp_bytes_drop |
8 |
TCP Total Bytes Dropped |
|
outbound_pkt_drop |
8 |
Outbound: Packets Dropped |
|
dst_tcp_conn_limit_exceed |
8 |
TCP Dst L4-Type Limit: Conn Exceeded |
|
dst_udp_filter_action_drop |
8 |
UDP Filter Action Drop |
|
dst_udp_conn_limit_exceed |
8 |
UDP Dst L4-Type Limit: Conn Exceeded |
|
src_l4_other_blacklist_drop |
8 |
Src L4-type OTHER Blacklist Dropped |
|
dst_tcp_filter_match |
8 |
TCP Filter Match |
|
dst_icmp_src_rate_drop |
8 |
ICMP Src Rate: Total Exceeded |
|
dst_entry_kbit_rate_exceed |
8 |
Entry Rate: KiBit Exceeded |
|
src_other_filter_action_default_pass |
8 |
Src OTHER Filter Action Default Pass |
|
dst_other_filter_not_match |
8 |
OTHER Filter Not Matched on Pkt |
|
dst_tcp_conn_prate_excd |
8 |
TCP Rate: Conn Pkt Exceeded |
|
src_tcp_action_on_ack_fail |
8 |
Src TCP Auth: ACK Retry Dropped |
|
src_tcp_zero_window_excd |
8 |
Src TCP Zero-Window Exceeded |
|
dst_other_pkt_rcvd |
8 |
OTHER Total Packets Received |
|
dst_entry_pkt_rate_exceed |
8 |
Entry Rate: Packet Exceeded |
|
src_udp_max_payload |
8 |
Src UDP Payload Too Large |
|
entry_sync_message_received |
8 |
Entry Sync Message Received |
|
prog_conn_rcvd_sent_ratio_exceed |
8 |
Connection: Reveived to Sent Ratio Exceed |
|
ingress_bytes |
8 |
Inbound: Bytes Received |
|
dst_udp_bytes_drop |
8 |
UDP Total Bytes Dropped |
|
dns_outbound_query_sess_timed_out |
8 |
DNS Outbound Query Session Timed Out |
|
sflow_internal_samples_packed |
8 |
Sflow Internal Samples Packed |
|
dst_tcp_conn_rate_exceed |
8 |
TCP Dst L4-Type Rate: Conn Exceeded |
|
dst_tcp_syn_drop |
8 |
TCP SYN Packets Dropped |
|
dst_icmp_pkt_rcvd |
8 |
ICMP Total Packets Received |
|
tcp_fin_rcvd |
8 |
TCP FIN Received |
|
dst_udp_retry_gap_drop |
8 |
UDP Auth: Retry-Gap Dropped |
|
dst_ip_proto_pkt_rate_exceed |
8 |
IP-Proto Rate: Packet Exceeded |
|
src_tcp_action_on_syn_init |
8 |
Src TCP Auth: SYN Retry Init |
|
src_udp_ntp_monlist_resp |
8 |
Src UDP NTP Monlist Response |
|
tcp_syn_ack_rcvd |
8 |
TCP SYN ACK Received |
|
src_udp_wellknown_sport_drop |
8 |
Src UDP SrcPort Wellknown |
|
dst_tcp_src_rate_drop |
8 |
TCP Src Rate: Total Exceeded |
|
dst_port_undef_hit |
8 |
Dst Port Undefined Hit |
|
dst_hw_drop_rule_insert |
8 |
Dst Hardware Drop Rules Inserted |
|
src_udp_filter_action_default_pass |
8 |
Src UDP Filter Action Default Pass |
|
dst_frag_drop |
8 |
Fragmented Packets Dropped |
|
dst_udp_port_any_exceed |
8 |
UDP Port Rate: Total Exceed |
|
dst_udp_conn_prate_excd |
8 |
UDP Rate: Conn Pkt Exceeded |
|
dst_other_filter_action_blacklist |
8 |
OTHER Filter Action Blacklist |
|
dst_port_bl |
8 |
Dst Port Blacklist Packets Dropped |
|
dst_udp_drop |
8 |
UDP Total Packets Dropped |
|
dst_other_pkt_sent |
8 |
OTHER Total Packets Forwarded |
|
dst_tcp_action_on_syn_blacklist |
8 |
TCP Auth: SYN Retry Timeout Blacklisted |
|
src_other_filter_action_drop |
8 |
Src OTHER Filter Action Drop |
|
dns_outbound_query_resp_chk_refused_sent |
8 |
DNS Outbound Query Resp Check REFUSED Sent |
|
dst_port_undef_drop |
8 |
Dst Port Undefined Dropped |
|
dst_icmp_frag_pkt_rate_exceed |
8 |
ICMP Dst L4-Type Rate: Frag Exceeded |
|
prog_conn_exceed_drop |
8 |
Connection: Violation Exceed Dropped |
|
dst_tcp_action_on_ack_timeout |
8 |
TCP Auth: ACK Retry Timeout |
|
dns_outbound_query_malformed |
8 |
DNS Outbound Query Malformed |
|
dst_other_filter_action_drop |
8 |
OTHER Filter Action Drop |
|
tcp_l4_syn_cookie_fail |
8 |
TCP Dst L4-Type Auth: SYN Cookie Failed |
|
tcp_fwd_recv |
8 |
TCP Inbound Packets Received |
|
src_udp_auth_timeout |
8 |
Src UDP Auth: Retry Timeout |
operational data¶
Counter |
Size |
Description |
|
|---|---|---|---|
dst-all-entries |
flag |
dst-all-entries |
|
protocol |
string |
protocol |
|
all-src-ports |
flag |
all-src-ports |
|
source-entry-limit |
string-rlx |
source-entry-limit |
|
entry-displayed-count |
number |
entry-displayed-count |
|
all-l4-types |
flag |
all-l4-types |
|
subnet-ip-addr |
ipv4-cidr |
subnet-ip-addr |
|
src-port-range-end |
number |
src-port-range-end |
|
white-listed |
flag |
white-listed |
|
sources |
flag |
sources |
|
no-t2-idx-port-count |
number |
no-t2-idx-port-count |
|
exceeded |
flag |
exceeded |
|
opt-protocol |
string |
opt-protocol |
|
tcp-dynamic-entry-limit |
string |
tcp-dynamic-entry-limit |
|
ip-proto-num |
number |
ip-proto-num |
|
src-port-num |
number |
src-port-num |
|
traffic-distribution-status |
traffic-distribution-status |
||
entry-status |
flag |
entry-status |
|
authenticated |
flag |
authenticated |
|
all-ip-protos |
flag |
all-ip-protos |
|
overflow-policy |
flag |
overflow-policy |
|
source-entry-remain |
string-rlx |
source-entry-remain |
|
app-type |
string |
app-type |
|
hw-blacklisted |
string |
hw-blacklisted |
|
ipv6 |
ipv6-address |
ipv6 |
|
l4-ext-rate |
flag |
l4-ext-rate |
|
black-holed |
flag |
black-holed |
|
subnet-ipv6-addr |
ipv6-address-plen |
subnet-ipv6-addr |
|
resource-usage |
flag |
resource-usage |
|
entry-count |
flag |
entry-count |
|
port-num |
number |
port-num |
|
class-list |
string |
class-list |
|
opt-sport-protocol |
string |
opt-sport-protocol |
|
dst-service-remain |
string-rlx |
dst-service-remain |
|
port-app-stat |
flag |
port-app-stat |
|
sources-all-entries |
flag |
sources-all-entries |
|
port-range-start |
number |
port-range-start |
|
operational-mode |
string |
operational-mode |
|
sport-protocol |
string |
sport-protocol |
|
l4-type-str |
string |
l4-type-str |
|
dst-service-alloc |
string-rlx |
dst-service-alloc |
|
all-ports |
flag |
all-ports |
|
dst-entry-name |
string-rlx |
dst-entry-name |
|
other-dynamic-entry-count |
string |
other-dynamic-entry-count |
|
udp-dynamic-entry-count |
string |
udp-dynamic-entry-count |
|
app-stat |
flag |
app-stat |
|
black-listed |
flag |
black-listed |
|
total-dynamic-entry-limit |
string |
total-dynamic-entry-limit |
|
total-dynamic-entry-count |
string |
total-dynamic-entry-count |
|
udp-dynamic-entry-limit |
string |
udp-dynamic-entry-limit |
|
icmp-dynamic-entry-count |
string |
icmp-dynamic-entry-count |
|
tcp-dynamic-entry-count |
string |
tcp-dynamic-entry-count |
|
ddos_entry_list |
ddos_entry_list |
||
service-displayed-count |
number |
service-displayed-count |
|
src-port-range-start |
number |
src-port-range-start |
|
dst-service-limit |
string-rlx |
dst-service-limit |
|
icmp-dynamic-entry-limit |
string |
icmp-dynamic-entry-limit |
|
display-traffic-distribution-status |
flag |
display-traffic-distribution-status |
|
entry-address-str |
string-rlx |
entry-address-str |
|
sflow-source-id |
flag |
sflow-source-id |
|
source-entry-alloc |
string-rlx |
source-entry-alloc |
|
other-dynamic-entry-limit |
string |
other-dynamic-entry-limit |
|
port-range-end |
number |
port-range-end |