fw¶
Firewall
fw Specification¶
Type Intermediate Resource Element Name fw Element URI /axapi/v3/fw Element Attributes fw_attributes Schema fw schemaOperations Allowed:
| Operation | Method | URI | Payload | |
|---|---|---|---|---|
Get Object | GET | /axapi/v3/fw | fw_attributes |
fw attributes¶
active-rule-set
Description: active-rule-set is a JSON Block. Please see below for active-rule-set
Type: Object
Reference Object: /axapi/v3/fw/active-rule-set
alg
Description: alg is a JSON Block. Please see below for alg
Type: Object
Reference Object: /axapi/v3/fw/alg
app
Description: app is a JSON Block. Please see below for app
Type: Object
Reference Object: /axapi/v3/fw/app
apply-changes
Description: apply-changes is a JSON Block. Please see below for apply-changes
Type: Object
Reference Object: /axapi/v3/fw/apply-changes
clear-session-filter
Description: clear-session-filter is a JSON Block. Please see below for clear-session-filter
Type: Object
Reference Object: /axapi/v3/fw/clear-session-filter
full-cone-session
Description: full-cone-session is a JSON Block. Please see below for full-cone-session
Type: Object
Reference Object: /axapi/v3/fw/full-cone-session
global
Description: global is a JSON Block. Please see below for global
Type: Object
Reference Object: /axapi/v3/fw/global
gtp
Description: gtp is a JSON Block. Please see below for gtp
Type: Object
Reference Object: /axapi/v3/fw/gtp
gtp-in-gtp-filtering
Description: gtp-in-gtp-filtering is a JSON Block. Please see below for gtp-in-gtp-filtering
Type: Object
Reference Object: /axapi/v3/fw/gtp-in-gtp-filtering
gtp-v0
Description: gtp-v0 is a JSON Block. Please see below for gtp-v0
Type: Object
Reference Object: /axapi/v3/fw/gtp-v0
helper-sessions
Description: helper-sessions is a JSON Block. Please see below for helper-sessions
Type: Object
Reference Object: /axapi/v3/fw/helper-sessions
limit-entry
Description: limit-entry is a JSON Block. Please see below for limit-entry
Type: Object
Reference Object: /axapi/v3/fw/limit-entry
local-log
Description: local-log is a JSON Block. Please see below for local-log
Type: Object
Reference Object: /axapi/v3/fw/local-log
logging
Description: logging is a JSON Block. Please see below for logging
Type: Object
Reference Object: /axapi/v3/fw/logging
radius
Description: radius is a JSON Block. Please see below for radius
Type: Object
Reference Object: /axapi/v3/fw/radius
resource-usage
Description: resource-usage is a JSON Block. Please see below for resource-usage
Type: Object
Reference Object: /axapi/v3/fw/resource-usage
server-list
Type: List
Reference Object: /axapi/v3/fw/server/{name}
service-group-list
Type: List
Reference Object: /axapi/v3/fw/service-group/{name}
session-aging-list
Type: List
Reference Object: /axapi/v3/fw/session-aging/{name}
status
Description: status is a JSON Block. Please see below for status
Type: Object
Reference Object: /axapi/v3/fw/status
system-status
Description: system-status is a JSON Block. Please see below for system-status
Type: Object
Reference Object: /axapi/v3/fw/system-status
tap-monitor
Description: tap-monitor is a JSON Block. Please see below for tap-monitor
Type: Object
Reference Object: /axapi/v3/fw/tap-monitor
tcp
Description: tcp is a JSON Block. Please see below for tcp
Type: Object
Reference Object: /axapi/v3/fw/tcp
tcp-rst-close-immediate
Description: tcp-rst-close-immediate is a JSON Block. Please see below for tcp-rst-close-immediate
Type: Object
Reference Object: /axapi/v3/fw/tcp-rst-close-immediate
tcp-window-check
Description: tcp-window-check is a JSON Block. Please see below for tcp-window-check
Type: Object
Reference Object: /axapi/v3/fw/tcp-window-check
template
Description: template is a JSON Block. Please see below for template
Type: Object
Reference Object: /axapi/v3/fw/template
top-k-rules
Description: top-k-rules is a JSON Block. Please see below for top-k-rules
Type: Object
Reference Object: /axapi/v3/fw/top-k-rules
urpf
Description: urpf is a JSON Block. Please see below for urpf
Type: Object
Reference Object: /axapi/v3/fw/urpf
vrid
Description: vrid is a JSON Block. Please see below for vrid
Type: Object
Reference Object: /axapi/v3/fw/vrid
apply-changes¶
Specification Type object forced
Description Force recompile rule-set
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
alg¶
Specification Type object dns
Description: dns is a JSON Block. Please see below for alg_dns
Type: Object
Reference Object: /axapi/v3/fw/alg/dns
ftp
Description: ftp is a JSON Block. Please see below for alg_ftp
Type: Object
Reference Object: /axapi/v3/fw/alg/ftp
icmp
Description: icmp is a JSON Block. Please see below for alg_icmp
Type: Object
Reference Object: /axapi/v3/fw/alg/icmp
pptp
Description: pptp is a JSON Block. Please see below for alg_pptp
Type: Object
Reference Object: /axapi/v3/fw/alg/pptp
rtsp
Description: rtsp is a JSON Block. Please see below for alg_rtsp
Type: Object
Reference Object: /axapi/v3/fw/alg/rtsp
sip
Description: sip is a JSON Block. Please see below for alg_sip
Type: Object
Reference Object: /axapi/v3/fw/alg/sip
tftp
Description: tftp is a JSON Block. Please see below for alg_tftp
Type: Object
Reference Object: /axapi/v3/fw/alg/tftp
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
alg_ftp¶
Specification Type object default-port-disable
Description ‘default-port-disable’: Disable FTP ALG default port 21;
Type: string
Supported Values: default-port-disable
sampling-enable
Type: Listuuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
alg_ftp_sampling-enable¶
Specification Type list Block object keys counters1
Description ‘all’: all; ‘client-port-request’: PORT Requests From Client; ‘client-eprt-request’: EPRT Requests From Client; ‘server-pasv-reply’: PASV Replies From Server; ‘server-epsv-reply’: EPSV Replies From Server; ‘port-retransmits’: PORT Retransmits; ‘pasv-retransmits’: PASV Retransmits; ‘smp-app-type-mismatch’: SMP App Type Mismatch; ‘retransmit-sanity-check-failure’: Retransmit Sanity Check Failure; ‘smp-conn-alloc-failure’: SMP Helper Conn Alloc Failure; ‘port-helper-created’: PORT Helper Created; ‘pasv-helper-created’: PASV Helper Created; ‘port-helper-acquire-in-del-q’: PORT Helper Acquire In Del Queue; ‘port-helper-acquire-already-used’: PORT Helper Acquire Already Used; ‘pasv-helper-acquire-in-del-q’: PASV Helper Acquire In Del Queue; ‘pasv-helper-acquire-already-used’: PASV Helper Acquire Already Used; ‘port-helper-freed-used’: PORT Helper Freed Used; ‘port-helper-freed-unused’: PORT Helper Freed Unused; ‘pasv-helper-freed-used’: PASV Helper Freed Used; ‘pasv-helper-freed-unused’: PASV Helper Freed Unused;
Type: string
Supported Values: all, client-port-request, client-eprt-request, server-pasv-reply, server-epsv-reply, port-retransmits, pasv-retransmits, smp-app-type-mismatch, retransmit-sanity-check-failure, smp-conn-alloc-failure, port-helper-created, pasv-helper-created, port-helper-acquire-in-del-q, port-helper-acquire-already-used, pasv-helper-acquire-in-del-q, pasv-helper-acquire-already-used, port-helper-freed-used, port-helper-freed-unused, pasv-helper-freed-used, pasv-helper-freed-unused
alg_sip¶
Specification Type object default-port-disable
Description ‘default-port-disable’: Disable SIP ALG default port 5060;
Type: string
Supported Values: default-port-disable
sampling-enable
Type: Listuuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
alg_sip_sampling-enable¶
Specification Type list Block object keys counters1
Description ‘all’: all; ‘stat-request’: Request Received; ‘stat-response’: Response Received; ‘method-register’: Method REGISTER; ‘method-invite’: Method INVITE; ‘method-ack’: Method ACK; ‘method-cancel’: Method CANCEL; ‘method-bye’: Method BYE; ‘method-options’: Method OPTIONS; ‘method-prack’: Method PRACK; ‘method-subscribe’: Method SUBSCRIBE; ‘method-notify’: Method NOTIFY; ‘method-publish’: Method PUBLISH; ‘method-info’: Method INFO; ‘method-refer’: Method REFER; ‘method-message’: Method MESSAGE; ‘method-update’: Method UPDATE; ‘method-unknown’: Method Unknown; ‘parse-error’: Message Parse Error; ‘keep-alive’: Keep Alive; ‘contact-error’: Contact Process Error; ‘sdp-error’: SDP Process Error; ‘rtp-port-no-op’: RTP Port No Op; ‘rtp-rtcp-port-success’: RTP RTCP Port Success; ‘rtp-port-failure’: RTP Port Failure; ‘rtcp-port-failure’: RTCP Port Failure; ‘contact-port-no-op’: Contact Port No Op; ‘contact-port-success’: Contact Port Success; ‘contact-port-failure’: Contact Port Failure; ‘contact-new’: Contact Alloc; ‘contact-alloc-failure’: Contact Alloc Failure; ‘contact-eim’: Contact EIM; ‘contact-eim-set’: Contact EIM Set; ‘rtp-new’: RTP Alloc; ‘rtp-alloc-failure’: RTP Alloc Failure; ‘rtp-eim’: RTP EIM; ‘helper-found’: SMP Helper Conn Found; ‘helper-created’: SMP Helper Conn Created; ‘helper-deleted’: SMP Helper Conn Already Deleted; ‘helper-freed’: SMP Helper Conn Freed; ‘helper-failure’: SMP Helper Failure;
Type: string
Supported Values: all, stat-request, stat-response, method-register, method-invite, method-ack, method-cancel, method-bye, method-options, method-prack, method-subscribe, method-notify, method-publish, method-info, method-refer, method-message, method-update, method-unknown, parse-error, keep-alive, contact-error, sdp-error, rtp-port-no-op, rtp-rtcp-port-success, rtp-port-failure, rtcp-port-failure, contact-port-no-op, contact-port-success, contact-port-failure, contact-new, contact-alloc-failure, contact-eim, contact-eim-set, rtp-new, rtp-alloc-failure, rtp-eim, helper-found, helper-created, helper-deleted, helper-freed, helper-failure
alg_pptp¶
Specification Type object default-port-disable
Description ‘default-port-disable’: Disable PPTP ALG default port 1723;
Type: string
Supported Values: default-port-disable
sampling-enable
Type: Listuuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
alg_pptp_sampling-enable¶
Specification Type list Block object keys counters1
Description ‘all’: all; ‘calls-established’: Calls Established; ‘call-req-pns-call-id-mismatch’: Call ID Mismatch on Call Request; ‘call-reply-pns-call-id-mismatch’: Call ID Mismatch on Call Reply; ‘gre-session-created’: GRE Session Created; ‘gre-session-freed’: GRE Session Freed; ‘call-req-retransmit’: Call Request Retransmit; ‘call-req-new’: Call Request New; ‘call-req-ext-alloc-failure’: Call Request Ext Alloc Failure; ‘call-reply-call-id-unknown’: Call Reply Unknown Client Call ID; ‘call-reply-retransmit’: Call Reply Retransmit; ‘call-reply-ext-ext-alloc-failure’: Call Request Ext Alloc Failure; ‘smp-app-type-mismatch’: SMP App Type Mismatch; ‘smp-client-call-id-mismatch’: SMP Client Call ID Mismatch; ‘smp-sessions-created’: SMP Session Created; ‘smp-sessions-freed’: SMP Session Freed; ‘smp-alloc-failure’: SMP Session Alloc Failure; ‘gre-conn-creation-failure’: GRE Conn Alloc Failure; ‘gre-conn-ext-creation-failure’: GRE Conn Ext Alloc Failure; ‘gre-no-fwd-route’: GRE No Fwd Route; ‘gre-no-rev-route’: GRE No Rev Route; ‘gre-no-control-conn’: GRE No Control Conn; ‘gre-conn-already-exists’: GRE Conn Already Exists; ‘gre-free-no-ext’: GRE Free No Ext; ‘gre-free-no-smp’: GRE Free No SMP; ‘gre-free-smp-app-type-mismatch’: GRE Free SMP App Type Mismatch; ‘control-freed’: Control Session Freed; ‘control-free-no-ext’: Control Free No Ext; ‘control-free-no-smp’: Control Free No SMP; ‘control-free-smp-app-type-mismatch’: Control Free SMP App Type Mismatch;
Type: string
Supported Values: all, calls-established, call-req-pns-call-id-mismatch, call-reply-pns-call-id-mismatch, gre-session-created, gre-session-freed, call-req-retransmit, call-req-new, call-req-ext-alloc-failure, call-reply-call-id-unknown, call-reply-retransmit, call-reply-ext-ext-alloc-failure, smp-app-type-mismatch, smp-client-call-id-mismatch, smp-sessions-created, smp-sessions-freed, smp-alloc-failure, gre-conn-creation-failure, gre-conn-ext-creation-failure, gre-no-fwd-route, gre-no-rev-route, gre-no-control-conn, gre-conn-already-exists, gre-free-no-ext, gre-free-no-smp, gre-free-smp-app-type-mismatch, control-freed, control-free-no-ext, control-free-no-smp, control-free-smp-app-type-mismatch
alg_rtsp¶
Specification Type object default-port-disable
Description ‘default-port-disable’: Disable RTSP ALG default port 554;
Type: string
Supported Values: default-port-disable
sampling-enable
Type: Listuuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
alg_rtsp_sampling-enable¶
Specification Type list Block object keys counters1
Description ‘all’: all; ‘transport-inserted’: Transport Created; ‘transport-freed’: Transport Freed; ‘transport-alloc-failure’: Transport Alloc Failure; ‘data-session-created’: Data Session Created; ‘data-session-freed’: Data Session Freed; ‘ext-creation-failure’: Extension Creation Failure; ‘transport-add-to-ext’: Transport Added to Extension; ‘transport-removed-from-ext’: Transport Removed from Extension; ‘transport-too-many’: Too Many Transports for Control Conn; ‘transport-already-in-ext’: Transport Already in Extension; ‘transport-exists’: Transport Already Exists; ‘transport-link-ext-failure-control’: Transport Link to Extension Failure Control; ‘transport-link-ext-data’: Transport Link to Extension Data; ‘transport-link-ext-failure-data’: Transport Link to Extension Failure Data; ‘transport-inserted-shadow’: Transport Inserted Shadow; ‘transport-creation-race’: Transport Create Race; ‘transport-alloc-failure-shadow’: Transport Alloc Failure Shadow; ‘transport-put-in-del-q’: Transport Put in Delete Queue; ‘transport-freed-shadow’: Transport Freed Shadow; ‘transport-acquired-from-control’: Transport Acquired Control; ‘transport-found-from-prev-control’: Transport Found From Prev Control; ‘transport-acquire-failure-from-control’: Transport Acquire Failure Control; ‘transport-released-from-control’: Transport Released Control; ‘transport-double-release-from-control’: Transport Double Release Control; ‘transport-acquired-from-data’: Transport Acquired Data; ‘transport-acquire-failure-from-data’: Transport Acquire Failure Data; ‘transport-released-from-data’: Transport Released Data; ‘transport-double-release-from-data’: Transport Double Release Data; ‘transport-retry-lookup-on-data-free’: Transport Retry Lookup Data; ‘transport-not-found-on-data-free’: Transport Not Found Data; ‘data-session-created-shadow’: Data Session Created Shadow; ‘data-session-freed-shadow’: Data Session Freed Shadow; ‘ha-control-ext-creation-failure’: HA Control Extension Creation Failure; ‘ha-control-session-created’: HA Control Session Created; ‘ha-data-session-created’: HA Data Session Created;
Type: string
Supported Values: all, transport-inserted, transport-freed, transport-alloc-failure, data-session-created, data-session-freed, ext-creation-failure, transport-add-to-ext, transport-removed-from-ext, transport-too-many, transport-already-in-ext, transport-exists, transport-link-ext-failure-control, transport-link-ext-data, transport-link-ext-failure-data, transport-inserted-shadow, transport-creation-race, transport-alloc-failure-shadow, transport-put-in-del-q, transport-freed-shadow, transport-acquired-from-control, transport-found-from-prev-control, transport-acquire-failure-from-control, transport-released-from-control, transport-double-release-from-control, transport-acquired-from-data, transport-acquire-failure-from-data, transport-released-from-data, transport-double-release-from-data, transport-retry-lookup-on-data-free, transport-not-found-on-data-free, data-session-created-shadow, data-session-freed-shadow, ha-control-ext-creation-failure, ha-control-session-created, ha-data-session-created
alg_dns¶
Specification Type object default-port-disable
Description ‘default-port-disable’: Disable DNS ALG default port 53;
Type: string
Supported Values: default-port-disable
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
alg_tftp¶
Specification Type object default-port-disable
Description ‘default-port-disable’: Disable TFTP ALG default port 69;
Type: string
Supported Values: default-port-disable
sampling-enable
Type: Listuuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
alg_tftp_sampling-enable¶
Specification Type list Block object keys counters1
Description ‘all’: all; ‘session-created’: TFTP Client Sessions Created; ‘helper-created’: TFTP Helper Sessions created; ‘helper-freed’: TFTP Helper Sessions freed; ‘helper-freed-used’: TFTP Helper Sessions freed used; ‘helper-freed-unused’: TFTP Helper Sessions freed unused; ‘helper-already-used’: TFTP Helper Session already used; ‘helper-in-rml’: TFTP Helper Session in Remove List;
Type: string
Supported Values: all, session-created, helper-created, helper-freed, helper-freed-used, helper-freed-unused, helper-already-used, helper-in-rml
alg_icmp¶
Specification Type object disable
Description ‘disable’: Disable ICMP ALG which allows ICMP errors to pass the firewall;
Type: string
Supported Values: disable
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
app¶
Specification Type object sampling-enable
Type: Listuuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
app_sampling-enable¶
Specification Type list Block object keys counters1
Description ‘all’: all; ‘dummy’: Entry for a10countergen;
Type: string
Supported Values: all, dummy
global¶
Specification Type object alg-processing
Description ‘honor-rule-set’: Honors firewall rule-sets; ‘override-rule-set’: Override firewall rule-sets;
Type: string
Supported Values: honor-rule-set, override-rule-set
Default: honor-rule-set
disable-app-list
Type: Listdisable-ip-fw-sessions
Description disable create sessions for non TCP/UDP/ICMP
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
enable-application-metrics
Description Enable exporting application protocol/category statstics to Harmony
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
extended-matching
Description ‘disable’: Disable extended matching;
Type: string
Supported Values: disable
listen-on-port-timeout
Description STUN timeout (default: 2 minutes)
Type: number
Range: 0-60
Default: 2
natip-ddos-protection
Description ‘enable’: Enable; ‘disable’: Disable;
Type: string
Supported Values: enable, disable
Default: enable
permit-default-action
Description ‘forward’: Forward; ‘next-service-mode’: Service to be applied chosen based on configuration;
Type: string
Supported Values: forward, next-service-mode
respond-to-user-mac
Description Use the user’s source MAC for the next hop rather than the routing table (default: off)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sampling-enable
Type: Listuuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
global_sampling-enable¶
Specification Type list Block object keys counters1
Description ‘all’: all; ‘tcp_fullcone_created’: TCP Full-cone Created; ‘tcp_fullcone_freed’: TCP Full-cone Freed; ‘udp_fullcone_created’: UDP Full-cone Created; ‘udp_fullcone_freed’: UDP Full-cone Freed; ‘fullcone_creation_failure’: Full-Cone Creation Failure; ‘data_session_created’: Data Session Created; ‘data_session_freed’: Data Session Freed; ‘fullcone_in_del_q’: Full-cone session found in delete queue; ‘fullcone_retry_lookup’: Full-cone session retry look-up; ‘fullcone_not_found’: Full-cone session not found; ‘fullcone_overflow_eim’: Full-cone Session EIM Overflow; ‘fullcone_overflow_eif’: Full-cone Session EIF Overflow; ‘udp_fullcone_created_shadow’: Total UDP Full-cone sessions created; ‘tcp_fullcone_created_shadow’: Total TCP Full-cone sessions created; ‘udp_fullcone_freed_shadow’: Total UDP Full-cone sessions freed; ‘tcp_fullcone_freed_shadow’: Total TCP Full-cone sessions freed; ‘fullcone_created’: Total Full-cone sessions created; ‘fullcone_freed’: Total Full-cone sessions freed; ‘fullcone_ext_too_many’: Fullcone Extension Too Many; ‘fullcone_ext_mem_allocated’: Fullcone Extension Memory Allocated; ‘fullcone_ext_mem_alloc_failure’: Fullcone Extension Memory Allocate Failure; ‘fullcone_ext_mem_alloc_init_faulure’: Fullcone Extension Initialization Failure; ‘fullcone_ext_mem_freed’: Fullcone Extension Memory Freed; ‘fullcone_ext_added’: Fullcone Extension Added; ‘ha_fullcone_failure’: HA Full-cone Session Failure; ‘data_session_created_shadow’: Total Data Sessions Created; ‘data_session_freed_shadow’: Total Data Sessions Freed; ‘active_fullcone_session’: Total Active Full-cone sessions; ‘limit-entry-failure’: Limit Entry Creation Failure; ‘limit-entry-allocated’: Limit Entry Allocated; ‘limit-entry-mem-freed’: Limit Entry Freed; ‘limit-entry-created’: Limit Entry Created; ‘limit-entry-not-in-bucket’: Limit Entry Not in Bucket; ‘limit-entry-marked-deleted’: Limit Entry Marked Deleted; ‘invalid-lid-drop’: Invalid Lid Drop; ‘src-session-limit-exceeded’: Source Prefix Session Limit Exceeded; ‘limit-exceeded’: Per Second Limit Exceeded; ‘limit-entry-per-cpu-mem-allocated’: Limit Entry Memory Allocated; ‘limit-entry-per-cpu-mem-allocation-failed’: Limit Entry Memory Allocation Failed; ‘limit-entry-per-cpu-mem-freed’: Limit Entry Memory Freed; ‘alg_default_port_disable’: Total ALG packets matching Default Port Disable; ‘no_fwd_route’: No Forward Route; ‘no_rev_route’: No Reverse Route; ‘no_fwd_l2_dst’: No Forward Mac Entry; ‘no_rev_l2_dst’: No Reverse Mac Entry; ‘urpf_pkt_drop’: URPF check packet drop; ‘fwd_ingress_packets_tcp’: Forward Ingress Packets TCP; ‘fwd_egress_packets_tcp’: Forward Egress Packets TCP; ‘rev_ingress_packets_tcp’: Reverse Ingress Packets TCP; ‘rev_egress_packets_tcp’: Reverse Egress Packets TCP; ‘fwd_ingress_bytes_tcp’: Forward Ingress Bytes TCP; ‘fwd_egress_bytes_tcp’: Forward Egress Bytes TCP; ‘rev_ingress_bytes_tcp’: Reverse Ingress Bytes TCP; ‘rev_egress_bytes_tcp’: Reverse Egress Bytes TCP; ‘fwd_ingress_packets_udp’: Forward Ingress Packets UDP; ‘fwd_egress_packets_udp’: Forward Egress Packets UDP; ‘rev_ingress_packets_udp’: Reverse Ingress Packets UDP; ‘rev_egress_packets_udp’: Reverse Egress Packets UDP; ‘fwd_ingress_bytes_udp’: Forward Ingress Bytes UDP; ‘fwd_egress_bytes_udp’: Forward Egress Bytes UDP; ‘rev_ingress_bytes_udp’: Reverse Ingress Bytes UDP; ‘rev_egress_bytes_udp’: Reverse Egress Bytes UDP; ‘fwd_ingress_packets_icmp’: Forward Ingress Packets ICMP; ‘fwd_egress_packets_icmp’: Forward Egress Packets ICMP; ‘rev_ingress_packets_icmp’: Reverse Ingress Packets ICMP; ‘rev_egress_packets_icmp’: Reverse Egress Packets ICMP; ‘fwd_ingress_bytes_icmp’: Forward Ingress Bytes ICMP; ‘fwd_egress_bytes_icmp’: Forward Egress Bytes ICMP; ‘rev_ingress_bytes_icmp’: Reverse Ingress Bytes ICMP; ‘rev_egress_bytes_icmp’: Reverse Egress Bytes ICMP; ‘fwd_ingress_packets_others’: Forward Ingress Packets OTHERS; ‘fwd_egress_packets_others’: Forward Egress Packets OTHERS; ‘rev_ingress_packets_others’: Reverse Ingress Packets OTHERS; ‘rev_egress_packets_others’: Reverse Egress Packets OTHERS; ‘fwd_ingress_bytes_others’: Forward Ingress Bytes OTHERS; ‘fwd_egress_bytes_others’: Forward Egress Bytes OTHERS; ‘rev_ingress_bytes_others’: Reverse Ingress Bytes OTHERS; ‘rev_egress_bytes_others’: Reverse Egress Bytes OTHERS; ‘fwd_ingress_pkt_size_range1’: Forward Ingress Packet size between 0 and 200; ‘fwd_ingress_pkt_size_range2’: Forward Ingress Packet size between 201 and 800; ‘fwd_ingress_pkt_size_range3’: Forward Ingress Packet size between 801 and 1550; ‘fwd_ingress_pkt_size_range4’: Forward Ingress Packet size between 1551 and 9000; ‘fwd_egress_pkt_size_range1’: Forward Egress Packet size between 0 and 200; ‘fwd_egress_pkt_size_range2’: Forward Egress Packet size between 201 and 800; ‘fwd_egress_pkt_size_range3’: Forward Egress Packet size between 801 and 1550; ‘fwd_egress_pkt_size_range4’: Forward Egress Packet size between 1551 and 9000; ‘rev_ingress_pkt_size_range1’: Reverse Ingress Packet size between 0 and 200; ‘rev_ingress_pkt_size_range2’: Reverse Ingress Packet size between 201 and 800; ‘rev_ingress_pkt_size_range3’: Reverse Ingress Packet size between 801 and 1550; ‘rev_ingress_pkt_size_range4’: Reverse Ingress Packet size between 1551 and 9000; ‘rev_egress_pkt_size_range1’: Reverse Egress Packet size between 0 and 200; ‘rev_egress_pkt_size_range2’: Reverse Egress Packet size between 201 and 800; ‘rev_egress_pkt_size_range3’: Reverse Egress Packet size between 801 and 1550; ‘rev_egress_pkt_size_range4’: Reverse Egress Packet size between 1551 and 9000;
Type: string
Supported Values: all, tcp_fullcone_created, tcp_fullcone_freed, udp_fullcone_created, udp_fullcone_freed, fullcone_creation_failure, data_session_created, data_session_freed, fullcone_in_del_q, fullcone_retry_lookup, fullcone_not_found, fullcone_overflow_eim, fullcone_overflow_eif, udp_fullcone_created_shadow, tcp_fullcone_created_shadow, udp_fullcone_freed_shadow, tcp_fullcone_freed_shadow, fullcone_created, fullcone_freed, fullcone_ext_too_many, fullcone_ext_mem_allocated, fullcone_ext_mem_alloc_failure, fullcone_ext_mem_alloc_init_faulure, fullcone_ext_mem_freed, fullcone_ext_added, ha_fullcone_failure, data_session_created_shadow, data_session_freed_shadow, active_fullcone_session, limit-entry-failure, limit-entry-allocated, limit-entry-mem-freed, limit-entry-created, limit-entry-not-in-bucket, limit-entry-marked-deleted, invalid-lid-drop, src-session-limit-exceeded, limit-exceeded, limit-entry-per-cpu-mem-allocated, limit-entry-per-cpu-mem-allocation-failed, limit-entry-per-cpu-mem-freed, alg_default_port_disable, no_fwd_route, no_rev_route, no_fwd_l2_dst, no_rev_l2_dst, urpf_pkt_drop, fwd_ingress_packets_tcp, fwd_egress_packets_tcp, rev_ingress_packets_tcp, rev_egress_packets_tcp, fwd_ingress_bytes_tcp, fwd_egress_bytes_tcp, rev_ingress_bytes_tcp, rev_egress_bytes_tcp, fwd_ingress_packets_udp, fwd_egress_packets_udp, rev_ingress_packets_udp, rev_egress_packets_udp, fwd_ingress_bytes_udp, fwd_egress_bytes_udp, rev_ingress_bytes_udp, rev_egress_bytes_udp, fwd_ingress_packets_icmp, fwd_egress_packets_icmp, rev_ingress_packets_icmp, rev_egress_packets_icmp, fwd_ingress_bytes_icmp, fwd_egress_bytes_icmp, rev_ingress_bytes_icmp, rev_egress_bytes_icmp, fwd_ingress_packets_others, fwd_egress_packets_others, rev_ingress_packets_others, rev_egress_packets_others, fwd_ingress_bytes_others, fwd_egress_bytes_others, rev_ingress_bytes_others, rev_egress_bytes_others, fwd_ingress_pkt_size_range1, fwd_ingress_pkt_size_range2, fwd_ingress_pkt_size_range3, fwd_ingress_pkt_size_range4, fwd_egress_pkt_size_range1, fwd_egress_pkt_size_range2, fwd_egress_pkt_size_range3, fwd_egress_pkt_size_range4, rev_ingress_pkt_size_range1, rev_ingress_pkt_size_range2, rev_ingress_pkt_size_range3, rev_ingress_pkt_size_range4, rev_egress_pkt_size_range1, rev_egress_pkt_size_range2, rev_egress_pkt_size_range3, rev_egress_pkt_size_range4
global_disable-app-list¶
Specification Type list Block object keys disable-application-category
Description ‘aaa’: Protocol/application used for AAA (Authentification, Authorization and Accounting) purposes.; ‘adult-content’: Adult content protocol/application.; ‘advertising’: Advertising networks and applications.; ‘aetls’: Application known to enforce HSTS and thus use of TLS.; ‘analytics-and-statistics’: User analytics and statistics protocol/application.; ‘anonymizers-and-proxies’: Traffic-anonymization protocol/application.; ‘audio-chat’: Protocol/application used for Audio Chat.; ‘basic’: Covers all protocols required for basic classification, including most networking protocols as well as standard protocols like HTTP.; ‘blog’: Blogging platform protocol/application.; ‘cdn’: Protocol/application used for Content-Delivery Networks.; ‘certification-authority’: Certification Authority for SSL/TLS certificate.; ‘chat’: Protocol/application used for Text Chat.; ‘classified-ads’: Protocol/application used for Classified Advertisements.; ‘cloud-based-services’: SaaS and/or PaaS cloud based services.; ‘crowdfunding’: Service for funding a project or venture by raising small amounts of money from a large number of people, typically via the Internet.; ‘cryptocurrency’: Services for mining cryptocurrencies, for example a Crypto Web Browser (an application that mines crypto currency in the background while its user browses the web).; ‘database’: Database-specific protocols.; ‘disposable-email’: Service offering Disposable Email Accounts (DEA). DEA is a technique to share temporary email address between many users.; ‘ebook-reader’: Services for e-book readers, i.e. connected devices that display electronic books (typically using e-ink displays to reduce glare and eye strain).; ‘education’: Protocols offering education services and online courses.; ‘email’: Native email protocol.; ‘enterprise’: Protocol/application used in an enterprise network.; ‘file-management’: Protocol/application designed specifically for file management and exchange. This can include bona fide network protocols (like SMB) as well as web/cloud services (like Dropbox).; ‘file-transfer’: Protocol that offers file transferring as a secondary feature. This typically includes IM, WebMail, and other protocols that allow file transfers in addition to their principal function.; ‘forum’: Online forum protocol/application.; ‘gaming’: Protocol/application used by games.; ‘healthcare’: Protocols offering medical services, i.e protocols used in medical environment.; ‘instant-messaging-and-multimedia-conferencing’: Protocol/application used for Instant Messaging or Multi-Conferencing.; ‘internet-of-things’: Internet Of Things protocol/application.; ‘map-service’: Digital Maps service (web site and their related API).; ‘mobile’: Mobile-specific protocol/application.; ‘multimedia-streaming’: Protocol/application used for multimedia streaming.; ‘networking’: Protocol used for (inter) networking purpose.; ‘news-portal’: Protocol/application used for News Portals.; ‘payment-service’: Application offering online services for accepting electronic payments by a variety of payment methods (credit card, bank-based payments such as direct debit, bank transfer, etc).; ‘peer-to-peer’: Protocol/application used for Peer-to-peer purposes.; ‘remote-access’: Protocol/application used for remote access.; ‘scada’: SCADA (Supervisory control and data acquisition) protocols, all generations.; ‘social-networks’: Social networking application.; ‘software-update’: Auto-update protocol.; ‘speedtest’: Speedtest application allowing to access quality of Internet connection (upload, download, latency, etc).; ‘standards-based’: Protocol issued from standardized bodies such as IETF, ITU, IEEE, ETSI, OIF.; ‘transportation’: Transportation services, for example smartphone applications that allow users to hail a taxi.; ‘video-chat’: Protocol/application used for Video Chat.; ‘voip’: Application used for Voice-Over-IP.; ‘vpn-tunnels’: Protocol/application used for VPN or tunneling purposes.; ‘web’: Application based on HTTP/HTTPS.; ‘web-e-commerce’: Protocol/application used for E-commerce websites.; ‘web-search-engines’: Protocol/application used for Web search portals.; ‘web-websites’: Protocol/application used for Company Websites.; ‘webmails’: Web-based e-mail application.; ‘web-ext-adult’: Web Extension Adult; ‘web-ext-auctions’: Web Extension Auctions; ‘web-ext-blogs’: Web Extension Blogs; ‘web-ext-business-and-economy’: Web Extension Business and Economy; ‘web-ext-cdns’: Web Extension CDNs; ‘web-ext-collaboration’: Web Extension Collaboration; ‘web-ext-computer-and-internet-info’: Web Extension Computer and Internet Info; ‘web-ext-computer-and-internet-security’: Web Extension Computer and Internet Security; ‘web-ext-dating’: Web Extension Dating; ‘web-ext-educational-institutions’: Web Extension Educational Institutions; ‘web-ext-entertainment-and-arts’: Web Extension Entertainment and Arts; ‘web-ext-fashion-and-beauty’: Web Extension Fashion and Beauty; ‘web-ext-file-share’: Web Extension File Share; ‘web-ext-financial-services’: Web Extension Financial Services; ‘web-ext-gambling’: Web Extension Gambling; ‘web-ext-games’: Web Extension Games; ‘web-ext-government’: Web Extension Government; ‘web-ext-health-and-medicine’: Web Extension Health and Medicine; ‘web-ext-individual-stock-advice-and-tools’: Web Extension Individual Stock Advice and Tools; ‘web-ext-internet-portals’: Web Extension Internet Portals; ‘web-ext-job-search’: Web Extension Job Search; ‘web-ext-local-information’: Web Extension Local Information; ‘web-ext-malware’: Web Extension Malware; ‘web-ext-motor-vehicles’: Web Extension Motor Vehicles; ‘web-ext-music’: Web Extension Music; ‘web-ext-news’: Web Extension News; ‘web-ext-p2p’: Web Extension P2P; ‘web-ext-parked-sites’: Web Extension Parked Sites; ‘web-ext-proxy-avoid-and-anonymizers’: Web Extension Proxy Avoid and Anonymizers; ‘web-ext-real-estate’: Web Extension Real Estate; ‘web-ext-reference-and-research’: Web Extension Reference and Research; ‘web-ext-search-engines’: Web Extension Search Engines; ‘web-ext-shopping’: Web Extension Shopping; ‘web-ext-social-network’: Web Extension Social Network; ‘web-ext-society’: Web Extension Society; ‘web-ext-software’: Web Extension Software; ‘web-ext-sports’: Web Extension Sports; ‘web-ext-streaming-media’: Web Extension Streaming Media; ‘web-ext-training-and-tools’: Web Extension Training and Tools; ‘web-ext-translation’: Web Extension Translation; ‘web-ext-travel’: Web Extension Travel; ‘web-ext-web-advertisements’: Web Extension Web Advertisements; ‘web-ext-web-based-email’: Web Extension Web based Email; ‘web-ext-web-hosting’: Web Extension Web Hosting; ‘web-ext-web-service’: Web Extension Web Service;
Type: string
Supported Values: aaa, adult-content, advertising, aetls, analytics-and-statistics, anonymizers-and-proxies, audio-chat, basic, blog, cdn, certification-authority, chat, classified-ads, cloud-based-services, crowdfunding, cryptocurrency, database, disposable-email, ebook-reader, education, email, enterprise, file-management, file-transfer, forum, gaming, healthcare, instant-messaging-and-multimedia-conferencing, internet-of-things, map-service, mobile, multimedia-streaming, networking, news-portal, payment-service, peer-to-peer, remote-access, scada, social-networks, software-update, speedtest, standards-based, transportation, video-chat, voip, vpn-tunnels, web, web-e-commerce, web-search-engines, web-websites, webmails, web-ext-adult, web-ext-auctions, web-ext-blogs, web-ext-business-and-economy, web-ext-cdns, web-ext-collaboration, web-ext-computer-and-internet-info, web-ext-computer-and-internet-security, web-ext-dating, web-ext-educational-institutions, web-ext-entertainment-and-arts, web-ext-fashion-and-beauty, web-ext-file-share, web-ext-financial-services, web-ext-gambling, web-ext-games, web-ext-government, web-ext-health-and-medicine, web-ext-individual-stock-advice-and-tools, web-ext-internet-portals, web-ext-job-search, web-ext-local-information, web-ext-malware, web-ext-motor-vehicles, web-ext-music, web-ext-news, web-ext-p2p, web-ext-parked-sites, web-ext-proxy-avoid-and-anonymizers, web-ext-real-estate, web-ext-reference-and-research, web-ext-search-engines, web-ext-shopping, web-ext-social-network, web-ext-society, web-ext-software, web-ext-sports, web-ext-streaming-media, web-ext-training-and-tools, web-ext-translation, web-ext-travel, web-ext-web-advertisements, web-ext-web-based-email, web-ext-web-hosting, web-ext-web-service
disable-application-protocol
Description Disable specific application protocol
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
tcp-rst-close-immediate¶
Specification Type object status
Description ‘enable’: Enable TCP RST close immediate (default); ‘disable’: Disable TCP RST close immediate;
Type: string
Supported Values: enable, disable
Default: enable
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
tcp¶
Specification Type object mss-clamp
Description: mss-clamp is a JSON Block. Please see below for tcp_mss-clamp
Type: Object
Reference Object: /axapi/v3/fw/tcp/mss-clamp
reset-on-error
Description: reset-on-error is a JSON Block. Please see below for tcp_reset-on-error
Type: Object
Reference Object: /axapi/v3/fw/tcp/reset-on-error
tcp_mss-clamp¶
Specification Type object min
Description Specify the min value allowed for the TCP MSS (Specify the min value allowed for the TCP MSS (default: ((576 - 60 - 60))))
Type: number
Range: 0-1460
Default: 456
mss-clamp-type
Description ‘fixed’: Specify a fixed max value for the TCP MSS; ‘subtract’: Specify the value to subtract from the TCP MSS;
Type: string
Supported Values: fixed, subtract
mss-subtract
Description Specify the value to subtract from the TCP MSS (default: not configured)
Type: number
Range: 0-1460
mss-value
Description The max value allowed for the TCP MSS (default: not configured)}
Type: number
Range: 0-1460
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
tcp_reset-on-error¶
Specification Type object enable
Description Enable send TCP reset on error
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
outbound
Description ‘enable’: Enable send TCP reset on error;
Type: string
Supported Values: enable
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
radius¶
Specification Type object server
Description: server is a JSON Block. Please see below for radius_server
Type: Object
Reference Object: /axapi/v3/fw/radius/server
radius_server¶
Specification Type object accounting-interim-update
Description ‘ignore’: Ignore (default); ‘append-entry’: Append the AVPs to existing entry; ‘replace-entry’: Replace the AVPs of existing entry;
Type: string
Supported Values: ignore, append-entry, replace-entry
Default: ignore
accounting-on
Description ‘ignore’: Ignore (default); ‘delete-entries-using-attribute’: Delete entries matching attribute in RADIUS Table;
Type: string
Supported Values: ignore, delete-entries-using-attribute
Default: ignore
accounting-start
Description ‘ignore’: Ignore; ‘append-entry’: Append the AVPs to existing entry (default); ‘replace-entry’: Replace the AVPs of existing entry;
Type: string
Supported Values: ignore, append-entry, replace-entry
Default: append-entry
accounting-stop
Description ‘ignore’: Ignore; ‘delete-entry’: Delete the entry (default);
Type: string
Supported Values: ignore, delete-entry
Default: delete-entry
attribute
Type: Listattribute-name
Description ‘msisdn’: Clear using MSISDN; ‘imei’: Clear using IMEI; ‘imsi’: Clear using IMSI;
Type: string
Supported Values: msisdn, imei, imsi
Mutual Exclusion: attribute-name and custom-attribute-name are mutually exclusive
custom-attribute-name
Description Clear using customized attribute
Type: string
Maximum Length: 15 characters
Maximum Length: 1 characters
Mutual Exclusion: custom-attribute-name and attribute-name are mutually exclusive
encrypted
Description Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED secret string)listen-port
Description Configure the listen port of RADIUS server (Port number)
Type: number
Range: 1024-65535
remote
Description: remote is a JSON Block. Please see below for radius_server_remote
Type: Object
sampling-enable
Type: Listsecret
Description Configure shared secret
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
secret-string
Description The RADIUS secret
Type: string
Format: password
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
vrid
Description Join a VRRP-A failover group
Type: number
Range: 1-31
radius_server_remote¶
Specification Type object ip-list
Type: List
radius_server_remote_ip-list¶
Specification Type list Block object keys ip-list-encrypted
Description Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED secret string)ip-list-name
Description IP-list name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
ip-list-secret
Description Configure shared secret
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
ip-list-secret-string
Description The RADIUS secret
Type: string
Format: password
Maximum Length: 127 characters
Maximum Length: 1 characters
radius_server_sampling-enable¶
Specification Type list Block object keys counters1
Description ‘all’: all; ‘msisdn-received’: MSISDN Received; ‘imei-received’: IMEI Received; ‘imsi-received’: IMSI Received; ‘custom-received’: Custom attribute Received; ‘radius-request-received’: RADIUS Request Received; ‘radius-request-dropped’: RADIUS Request Dropped (Malformed Packet); ‘request-bad-secret-dropped’: RADIUS Request Bad Secret Dropped; ‘request-no-key-vap-dropped’: RADIUS Request No Key Attribute Dropped; ‘request-malformed-dropped’: RADIUS Request Malformed Dropped; ‘request-ignored’: RADIUS Request Table Full Dropped; ‘radius-table-full’: RADIUS Request Dropped (Table Full); ‘secret-not-configured-dropped’: RADIUS Secret Not Configured Dropped; ‘ha-standby-dropped’: HA Standby Dropped; ‘ipv6-prefix-length-mismatch’: Framed IPV6 Prefix Length Mismatch; ‘invalid-key’: Radius Request has Invalid Key Field; ‘smp-mem-allocated’: RADIUS SMP Memory Allocated; ‘smp-mem-alloc-failed’: RADIUS SMP Memory Allocation Failed; ‘smp-mem-freed’: RADIUS SMP Memory Freed; ‘smp-created’: RADIUS SMP Created; ‘smp-in-rml’: RADIUS SMP in RML; ‘smp-deleted’: RADIUS SMP Deleted; ‘mem-allocated’: RADIUS Memory Allocated; ‘mem-alloc-failed’: RADIUS Memory Allocation Failed; ‘mem-freed’: RADIUS Memory Freed; ‘ha-sync-create-sent’: HA Record Sync Create Sent; ‘ha-sync-delete-sent’: HA Record Sync Delete Sent; ‘ha-sync-create-recv’: HA Record Sync Create Received; ‘ha-sync-delete-recv’: HA Record Sync Delete Received; ‘acct-on-filters-full’: RADIUS Acct On Request Ignored(Filters Full); ‘acct-on-dup-request’: Duplicate RADIUS Acct On Request; ‘ip-mismatch-delete’: Radius Entry IP Mismatch Delete; ‘ip-add-race-drop’: Radius Entry IP Add Race Drop; ‘ha-sync-no-key-vap-dropped’: HA Record Sync No key dropped; ‘inter-card-msg-fail-drop’: Inter-Card Message Fail Drop; ‘radius-packets-redirected’: RADIUS packets redirected (SO); ‘radius-packets-redirect-fail-dropped’: RADIUS packets dropped due to redirect failure (SO); ‘radius-packets-process-local’: RADIUS packets processed locally without redirection (SO); ‘radius-packets-dropped-not-lo’: RADIUS packets dropped dest not loopback (SO);
Type: string
Supported Values: all, msisdn-received, imei-received, imsi-received, custom-received, radius-request-received, radius-request-dropped, request-bad-secret-dropped, request-no-key-vap-dropped, request-malformed-dropped, request-ignored, radius-table-full, secret-not-configured-dropped, ha-standby-dropped, ipv6-prefix-length-mismatch, invalid-key, smp-mem-allocated, smp-mem-alloc-failed, smp-mem-freed, smp-created, smp-in-rml, smp-deleted, mem-allocated, mem-alloc-failed, mem-freed, ha-sync-create-sent, ha-sync-delete-sent, ha-sync-create-recv, ha-sync-delete-recv, acct-on-filters-full, acct-on-dup-request, ip-mismatch-delete, ip-add-race-drop, ha-sync-no-key-vap-dropped, inter-card-msg-fail-drop, radius-packets-redirected, radius-packets-redirect-fail-dropped, radius-packets-process-local, radius-packets-dropped-not-lo
radius_server_attribute¶
Specification Type list Block object keys attribute-value
Description ‘inside-ipv6-prefix’: Framed IPv6 Prefix; ‘inside-ip’: Inside IP address; ‘inside-ipv6’: Inside IPv6 address; ‘imei’: International Mobile Equipment Identity (IMEI); ‘imsi’: International Mobile Subscriber Identity (IMSI); ‘msisdn’: Mobile Subscriber Integrated Services Digital Network-Number (MSISDN); ‘custom1’: Customized attribute 1; ‘custom2’: Customized attribute 2; ‘custom3’: Customized attribute 3;
Type: string
Supported Values: inside-ipv6-prefix, inside-ip, inside-ipv6, imei, imsi, msisdn, custom1, custom2, custom3
custom-number
Description RADIUS attribute number
Type: number
Range: 1-255
custom-vendor
Description RADIUS vendor attribute information (RADIUS vendor ID)
Type: number
Range: 1-65535
name
Description Customized attribute name
Type: string
Maximum Length: 15 characters
Maximum Length: 1 characters
number
Description RADIUS attribute number
Type: number
Range: 1-255
prefix-length
Description ‘32’: Prefix length 32; ‘48’: Prefix length 48; ‘64’: Prefix length 64; ‘80’: Prefix length 80; ‘96’: Prefix length 96; ‘112’: Prefix length 112;
Type: string
Supported Values: 32, 48, 64, 80, 96, 112
prefix-number
Description RADIUS attribute number
Type: number
Range: 1-255
prefix-vendor
Description RADIUS vendor attribute information (RADIUS vendor ID)
Type: number
Range: 1-65535
value
Description ‘hexadecimal’: Type of attribute value is hexadecimal;
Type: string
Supported Values: hexadecimal
vendor
Description RADIUS vendor attribute information (RADIUS vendor ID)
Type: number
Range: 1-65535
clear-session-filter¶
Specification Type object status
Description ‘disable’: Disable clear L4 session filter for fw (Default: disabled); ‘enable’: Enable clear L4 session filter for fw;
Type: string
Supported Values: disable, enable
Default: disable
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
system-status¶
Specification Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
vrid¶
Specification Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
vrid
Description Vrrp group (VRRP-A vrid)
Type: number
Range: 1-31
limit-entry¶
Specification Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
gtp¶
Specification Type object gtp-value
Description ‘enable’: Enable GTP Inspection;
Type: string
Supported Values: enable
sampling-enable
Type: Listuuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
gtp_sampling-enable¶
Specification Type list Block object keys counters1
Description ‘all’: all; ‘create-session-request’: Create Session Request; ‘create-session-response’: Create Session Response; ‘path-management-message’: Path Management Message; ‘delete-session-request’: Delete Session Request; ‘delete-session-response’: Delete Session Response; ‘reserved-field-set-drop’: Reserved field set drop; ‘tunnel-id-flag-drop’: Tunnel ID Flag Incorrect; ‘message-filtering-drop’: Message Filtering Drop; ‘reserved-information-element-drop’: Resevered Information Element Field Drop; ‘mandatory-information-element-drop’: Mandatory Information Element Field Drop; ‘filter-list-drop’: APN IMSI Information Filtering Drop; ‘invalid-teid-drop’: Invalid TEID Drop; ‘out-of-state-drop’: Out Of State Drop; ‘message-length-drop’: Message Length Exceeded; ‘unsupported-message-type-v2’: GTP v2 message type is not supported; ‘fast-conn-setup’: Fast Conn Setup Attempt; ‘out-of-session-memory’: Out of Session Memory; ‘no-fwd-route’: No Forward Route; ‘no-rev-route’: NO Reverse Route; ‘invalid-key’: Invalid TEID Field; ‘create-session-request-retransmit’: Retransmitted Create Session Request; ‘delete-session-request-retransmit’: Retransmitted Delete Session Request; ‘response-cause-not-accepted’: Response Cause indicates Request not Accepted; ‘invalid-imsi-len-drop’: Invalid IMSI Length Drop; ‘invalid-apn-len-drop’: Invalid APN Length Drop; ‘create-pdp-context-request-v1’: GTP v1 Create PDP Context Request; ‘create-pdp-context-response-v1’: GTP v1 Create PDP Context Response; ‘path-management-message-v1’: GTP v1 Path Management Message; ‘reserved-field-set-drop-v1’: GTP v1 Reserved field set drop; ‘message-filtering-drop-v1’: GTP v1 Message Filtering Drop; ‘reserved-information-element-drop-v1’: GTP v1 Reserved Information Element Field Drop; ‘mandatory-information-element-drop-v1’: GTP v1 Mandatory Information Element Field Drop; ‘filter-list-drop-v1’: GTP v1 APN IMSI Information Filtering Drop; ‘invalid-teid-drop-v1’: GTP v1 Invalid TEID Drop; ‘message-length-drop-v1’: GTP v1 Message Length Exceeded; ‘version-not-supported’: GTP version is not supported; ‘unsupported-message-type-v1’: GTP v1 message type is not supported; ‘delete-pdp-context-request-v1’: GTP v1 Delete Context PDP Request; ‘delete-pdp-context-response-v1’: GTP v1 Delete Context PDP Response; ‘create-pdp-context-request-v0’: GTP v0 Create PDP Context Request; ‘create-pdp-context-response-v0’: GTP v0 Create PDP Context Response; ‘delete-pdp-context-request-v0’: GTP v0 Delete Context PDP Request; ‘delete-pdp-context-response-v0’: GTP v0 Delete Context PDP Response; ‘path-management-message-v0’: GTP v0 Path Management Message; ‘message-filtering-drop-v0’: GTP v0 Message Filtering Drop; ‘unsupported-message-type-v0’: GTP v0 message type is not supported; ‘invalid-flow-label-drop-v0’: GTP v0 Invalid flow label drop; ‘invalid-tid-drop-v0’: GTP v0 Invalid tid drop; ‘message-length-drop-v0’: GTP v0 Message Length Exceeded; ‘mandatory-information-element-drop-v0’: GTP v0 Mandatory Information Element Field Drop; ‘filter-list-drop-v0’: GTP v0 APN IMSI Information Filtering Drop; ‘gtp-in-gtp-drop’: GTP in GTP Filtering Drop;
Type: string
Supported Values: all, create-session-request, create-session-response, path-management-message, delete-session-request, delete-session-response, reserved-field-set-drop, tunnel-id-flag-drop, message-filtering-drop, reserved-information-element-drop, mandatory-information-element-drop, filter-list-drop, invalid-teid-drop, out-of-state-drop, message-length-drop, unsupported-message-type-v2, fast-conn-setup, out-of-session-memory, no-fwd-route, no-rev-route, invalid-key, create-session-request-retransmit, delete-session-request-retransmit, response-cause-not-accepted, invalid-imsi-len-drop, invalid-apn-len-drop, create-pdp-context-request-v1, create-pdp-context-response-v1, path-management-message-v1, reserved-field-set-drop-v1, message-filtering-drop-v1, reserved-information-element-drop-v1, mandatory-information-element-drop-v1, filter-list-drop-v1, invalid-teid-drop-v1, message-length-drop-v1, version-not-supported, unsupported-message-type-v1, delete-pdp-context-request-v1, delete-pdp-context-response-v1, create-pdp-context-request-v0, create-pdp-context-response-v0, delete-pdp-context-request-v0, delete-pdp-context-response-v0, path-management-message-v0, message-filtering-drop-v0, unsupported-message-type-v0, invalid-flow-label-drop-v0, invalid-tid-drop-v0, message-length-drop-v0, mandatory-information-element-drop-v0, filter-list-drop-v0, gtp-in-gtp-drop
template¶
Specification Type object logging-list
Type: List
Reference Object: /axapi/v3/fw/template/logging/{name}
template_logging-list¶
Specification Type list Block object keys facility
Description ‘kernel’: 0: Kernel; ‘user’: 1: User-level; ‘mail’: 2: Mail; ‘daemon’: 3: System daemons; ‘security-authorization’: 4: Security/authorization; ‘syslog’: 5: Syslog internal; ‘line-printer’: 6: Line printer; ‘news’: 7: Network news; ‘uucp’: 8: UUCP subsystem; ‘cron’: 9: Time-related; ‘security-authorization-private’: 10: Private security/authorization; ‘ftp’: 11: FTP; ‘ntp’: 12: NTP; ‘audit’: 13: Audit; ‘alert’: 14: Alert; ‘clock’: 15: Clock-related; ‘local0’: 16: Local use 0; ‘local1’: 17: Local use 1; ‘local2’: 18: Local use 2; ‘local3’: 19: Local use 3; ‘local4’: 20: Local use 4; ‘local5’: 21: Local use 5; ‘local6’: 22: Local use 6; ‘local7’: 23: Local use 7;
Type: string
Supported Values: kernel, user, mail, daemon, security-authorization, syslog, line-printer, news, uucp, cron, security-authorization-private, ftp, ntp, audit, alert, clock, local0, local1, local2, local3, local4, local5, local6, local7
Default: local0
format
Description ‘ascii’: A10 Text logging format (ASCII); ‘cef’: Common Event Format for logging (default);
Type: string
Supported Values: ascii, cef
Default: cef
include-dest-fqdn
Description Include destination FQDN string
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
include-http
Description: include-http is a JSON Block. Please see below for template_logging-list_include-http
Type: Object
include-radius-attribute
Description: include-radius-attribute is a JSON Block. Please see below for template_logging-list_include-radius-attribute
Type: Object
log
Description: log is a JSON Block. Please see below for template_logging-list_log
Type: Object
merged-style
Description Merge creation and deletion of session logs to one
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
name
Description Logging Template Name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
resolution
Description ‘seconds’: Logging timestamp resolution in seconds (default); ‘10-milliseconds’: Logging timestamp resolution in 10s of milli-seconds;
Type: string
Supported Values: seconds, 10-milliseconds
Default: seconds
rule
Description: rule is a JSON Block. Please see below for template_logging-list_rule
Type: Object
service-group
Description Bind a Service Group to the logging template (Service Group Name)
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
severity
Description ‘emergency’: 0: Emergency; ‘alert’: 1: Alert; ‘critical’: 2: Critical; ‘error’: 3: Error; ‘warning’: 4: Warning; ‘notice’: 5: Notice; ‘informational’: 6: Informational; ‘debug’: 7: Debug;
Type: string
Supported Values: emergency, alert, critical, error, warning, notice, informational, debug
Default: informational
source-address
Description: source-address is a JSON Block. Please see below for template_logging-list_source-address
Type: Object
Reference Object: /axapi/v3/fw/template/logging/{name}/source-address
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
template_logging-list_source-address¶
Specification Type object ip
Description Specify source IP address
Type: string
Format: ipv4-address
ipv6
Description Specify source IPv6 address
Type: string
Format: ipv6-address
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
template_logging-list_include-radius-attribute¶
Specification Type object attr-cfg
Type: Listframed-ipv6-prefix
Description Include radius attributes for the prefix
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
insert-if-not-existing
Description Configure what string is to be inserted for custom RADIUS attributes
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
no-quote
Description No quotation marks for RADIUS attributes in logs
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
prefix-length
Description ‘32’: Prefix length 32; ‘48’: Prefix length 48; ‘64’: Prefix length 64; ‘80’: Prefix length 80; ‘96’: Prefix length 96; ‘112’: Prefix length 112;
Type: string
Supported Values: 32, 48, 64, 80, 96, 112
zero-in-custom-attr
Description Insert 0000 for standard and custom attributes in log string
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
template_logging-list_include-radius-attribute_attr-cfg¶
Specification Type list Block object keys attr
Description ‘imei’: Include IMEI; ‘imsi’: Include IMSI; ‘msisdn’: Include MSISDN; ‘custom1’: Customized attribute 1; ‘custom2’: Customized attribute 2; ‘custom3’: Customized attribute 3;
Type: string
Supported Values: imei, imsi, msisdn, custom1, custom2, custom3
attr-event
Description ‘http-requests’: Include in HTTP request logs; ‘sessions’: Include in session logs;
Type: string
Supported Values: http-requests, sessions
template_logging-list_rule¶
Specification Type object rule-http-requests
Description: rule-http-requests is a JSON Block. Please see below for template_logging-list_rule_rule-http-requests
Type: Object
template_logging-list_rule_rule-http-requests¶
Specification Type object dest-port
Type: Listdisable-sequence-check
Description Disable http packet sequence check and don’t drop out of order packets
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
include-all-headers
Description Include all configured headers despite of absence in HTTP request
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
log-every-http-request
Description Log every HTTP request in an HTTP 1.1 session (Default: Log the first HTTP request in a session)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
max-url-len
Description Max length of URL log (Max URL length (Default: 100 char))
Type: number
Range: 100-1000
Default: 100
template_logging-list_rule_rule-http-requests_dest-port¶
Specification Type list Block object keys dest-port-number
Description
Type: number
Range: 1-65535
include-byte-count
Description Include the byte count of HTTP Request/Response in FW session deletion logs
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
template_logging-list_include-http¶
Specification Type object file-extension
Description HTTP file extension
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
header-cfg
Type: Listl4-session-info
Description Log the L4 session information of the HTTP request
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
method
Description Log the HTTP Request Method
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
request-number
Description HTTP Request Number
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
template_logging-list_include-http_header-cfg¶
Specification Type list Block object keys custom-header-name
Description Header name
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
custom-max-length
Description Max length for a HTTP request log (Max header length (Default: 100 char))
Type: number
Range: 100-1000
Default: 100
http-header
Description ‘cookie’: Log HTTP Cookie Header; ‘referer’: Log HTTP Referer Header; ‘user-agent’: Log HTTP User-Agent Header; ‘header1’: Log HTTP Header 1; ‘header2’: Log HTTP Header 2; ‘header3’: Log HTTP Header 3;
Type: string
Supported Values: cookie, referer, user-agent, header1, header2, header3
max-length
Description Max length for a HTTP request log (Max header length (Default: 100 char))
Type: number
Range: 100-1000
Default: 100
template_logging-list_log¶
Specification Type object http-requests
Description ‘host’: Log the HTTP Host Header; ‘url’: Log the HTTP Request URL;
Type: string
Supported Values: host, url
status¶
Specification Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
resource-usage¶
Specification Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
full-cone-session¶
Specification Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
urpf¶
Specification Type object status
Description ‘loose’: Perform loose check; ‘strict’: Perform strict check; ‘disable’: Disable check;
Type: string
Supported Values: loose, strict, disable
Default: loose
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
gtp-v0¶
Specification Type object gtpv0-value
Description ‘enable’: Enable GTP v0 Inspection;
Type: string
Supported Values: enable
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
tap-monitor¶
Specification Type object status
Description ‘enable’: Enable tap monitor mode; ‘disable’: Disable tap monitor mode (Default:Disable);
Type: string
Supported Values: enable, disable
Default: disable
tap-port-cfg
Type: Listuuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
tap-monitor_tap-port-cfg¶
Specification Type list Block object keys tap-eth
Description Ethernet interface number
Type: number
Format: interface
Range: 2-112
tap-vlan
Description Vlan number
Type: number
Range: 2-4096
local-log¶
Specification Type object local-logging
Description Enable local logging
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
gtp-in-gtp-filtering¶
Specification Type object gtp-in-gtp-value
Description ‘disable’: Disable GTP in GTP filtering, (default:Enabled);
Type: string
Supported Values: disable
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
active-rule-set¶
Specification Type object name
Description Rule set name
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/rule-set
override-nat-aging
Description Override NAT idle-timeout
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
session-aging
Description Session Aging Template
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/fw/session-aging
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
logging¶
Specification Type object name
Description Logging Template Name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/fw/template/logging
sampling-enable
Type: Listuuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
logging_sampling-enable¶
Specification Type list Block object keys counters1
Description ‘all’: all; ‘log_message_sent’: Log Packet Sent; ‘log_type_reset’: Log Event Type Reset; ‘log_type_deny’: Log Event Type Deny; ‘log_type_session_closed’: Log Event Type Session Close; ‘log_type_session_opened’: Log Event Type Session Open; ‘rule_not_logged’: Firewall Rule Not Logged; ‘log-dropped’: Log Packets Dropped; ‘tcp-session-created’: TCP Session Created; ‘tcp-session-deleted’: TCP Session Deleted; ‘udp-session-created’: UDP Session Created; ‘udp-session-deleted’: UDP Session Deleted; ‘icmp-session-deleted’: ICMP Session Deleted; ‘icmp-session-created’: ICMP Session Created; ‘icmpv6-session-deleted’: ICMPV6 Session Deleted; ‘icmpv6-session-created’: ICMPV6 Session Created; ‘other-session-deleted’: Other Session Deleted; ‘other-session-created’: Other Session Created; ‘http-request-logged’: HTTP Request Logged; ‘http-logging-invalid-format’: HTTP Logging Invalid Format Error; ‘dcmsg_permit’: Dcmsg Permit; ‘alg_override_permit’: Alg Override Permit; ‘template_error’: Template Error; ‘ipv4-frag-applied’: IPv4 Fragmentation Applied; ‘ipv4-frag-failed’: IPv4 Fragmentation Failed; ‘ipv6-frag-applied’: IPv6 Fragmentation Applied; ‘ipv6-frag-failed’: IPv6 Fragmentation Failed; ‘out-of-buffers’: Out of Buffers; ‘add-msg-failed’: Add Message to Buffer Failed; ‘tcp-logging-conn-established’: TCP Logging Conn Established; ‘tcp-logging-conn-create-failed’: TCP Logging Conn Create Failed; ‘tcp-logging-conn-dropped’: TCP Logging Conn Dropped; ‘log-message-too-long’: Log message too long; ‘http-out-of-order-dropped’: HTTP out-of-order dropped; ‘http-alloc-failed’: HTTP Request Info Allocation Failed; ‘sctp-session-created’: SCTP Session Created; ‘sctp-session-deleted’: SCTP Session Deleted; ‘log_type_sctp_inner_proto_filter’: Log Event Type SCTP Inner Proto Filter; ‘log_type_gtp_message_filtering’: Log Event Type GTP Message Filtering; ‘log_type_gtp_apn_filtering’: Log Event Type GTP Apn Filtering; ‘tcp-logging-port-allocated’: TCP Logging Port Allocated; ‘tcp-logging-port-freed’: TCP Logging Port Freed; ‘tcp-logging-port-allocation-failed’: TCP Logging Port Allocation Failed; ‘log_type_gtp_invalid_teid’: Log Event Type GTP Invalid TEID; ‘log_gtp_type_reserved_ie_present’: Log Event Type GTP Reserved Information Element Present; ‘log_type_gtp_mandatory_ie_missing’: Log Event Type GTP Mandatory Information Element Missing;
Type: string
Supported Values: all, log_message_sent, log_type_reset, log_type_deny, log_type_session_closed, log_type_session_opened, rule_not_logged, log-dropped, tcp-session-created, tcp-session-deleted, udp-session-created, udp-session-deleted, icmp-session-deleted, icmp-session-created, icmpv6-session-deleted, icmpv6-session-created, other-session-deleted, other-session-created, http-request-logged, http-logging-invalid-format, dcmsg_permit, alg_override_permit, template_error, ipv4-frag-applied, ipv4-frag-failed, ipv6-frag-applied, ipv6-frag-failed, out-of-buffers, add-msg-failed, tcp-logging-conn-established, tcp-logging-conn-create-failed, tcp-logging-conn-dropped, log-message-too-long, http-out-of-order-dropped, http-alloc-failed, sctp-session-created, sctp-session-deleted, log_type_sctp_inner_proto_filter, log_type_gtp_message_filtering, log_type_gtp_apn_filtering, tcp-logging-port-allocated, tcp-logging-port-freed, tcp-logging-port-allocation-failed, log_type_gtp_invalid_teid, log_gtp_type_reserved_ie_present, log_type_gtp_mandatory_ie_missing
tcp-window-check¶
Specification Type object sampling-enable
Type: Liststatus
Description ‘enable’: Enable TCP window check (default); ‘disable’: Disable TCP window check;
Type: string
Supported Values: enable, disable
Default: enable
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
tcp-window-check_sampling-enable¶
Specification Type list Block object keys counters1
Description ‘all’: all; ‘outside-window’: packet dropped for outside of tcp window;
Type: string
Supported Values: all, outside-window
service-group-list¶
Specification Type list Block object keys health-check
Description Health Check (Monitor Name)
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/health/monitor
member-list
Type: List
Reference Object: /axapi/v3/fw/service-group/{name}/member/{name}+{port}
name
Description FW Service Name
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
protocol
Description ‘tcp’: TCP LB service; ‘udp’: UDP LB service;
Type: string
Supported Values: tcp, udp
sampling-enable
Type: Listtraffic-replication-mirror-ip-repl
Description Replaces IP with server-IP
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
service-group-list_sampling-enable¶
Specification Type list Block object keys counters1
Description ‘all’: all; ‘server_selection_fail_drop’: Service selection fail drop; ‘server_selection_fail_reset’: Service selection fail reset; ‘service_peak_conn’: Service peak connection;
Type: string
Supported Values: all, server_selection_fail_drop, server_selection_fail_reset, service_peak_conn
service-group-list_member-list¶
Specification Type list Block object keys name
Description Member name
Type: string
Format: comp-string
Maximum Length: 127 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/fw/server
port
sampling-enable
Type: Listuser-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
service-group-list_member-list_sampling-enable¶
Specification Type list Block object keys counters1
Description ‘all’: all; ‘curr_conn’: Current connections; ‘total_fwd_bytes’: Total forward bytes; ‘total_fwd_pkts’: Total forward packets; ‘total_rev_bytes’: Total reverse bytes; ‘total_rev_pkts’: Total reverse packets; ‘total_conn’: Total connections; ‘total_rev_pkts_inspected’: Total reverse packets inspected; ‘total_rev_pkts_inspected_status_code_2xx’: Total reverse packets inspected status code 2xx; ‘total_rev_pkts_inspected_status_code_non_5xx’: Total reverse packets inspected status code non 5xx; ‘curr_req’: Current requests; ‘total_req’: Total requests; ‘total_req_succ’: Total requests success; ‘peak_conn’: Peak connections; ‘response_time’: Response time; ‘fastest_rsp_time’: Fastest response time; ‘slowest_rsp_time’: Slowest response time;
Type: string
Supported Values: all, curr_conn, total_fwd_bytes, total_fwd_pkts, total_rev_bytes, total_rev_pkts, total_conn, total_rev_pkts_inspected, total_rev_pkts_inspected_status_code_2xx, total_rev_pkts_inspected_status_code_non_5xx, curr_req, total_req, total_req_succ, peak_conn, response_time, fastest_rsp_time, slowest_rsp_time
helper-sessions¶
Specification Type object idle-timeout
Description helper-sessions idle-timeout time (Idle-timeout in minutes (default: 1 minute))
Type: number
Range: 1-255
Default: 1
limit
Description Limit number of helper-sessions (Limit helper-sessions number)
Type: number
mode
Description ‘disable’: Disable helper-sessions;
Type: string
Supported Values: disable
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
server-list¶
Specification Type list Block object keys action
Description ‘enable’: Enable this Real Server; ‘disable’: Disable this Real Server;
Type: string
Supported Values: enable, disable
Default: enable
fqdn-name
Description Server hostname
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
health-check
Description Health Check Monitor (Health monitor name)
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: health-check and health-check-disable are mutually exclusive
Reference Object: /axapi/v3/health/monitor
health-check-disable
Description Disable configured health check configuration
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: health-check-disable and health-check are mutually exclusive
host
Description IP Address
Type: string
Format: ipv4-address
name
Description Server Name
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
port-list
Type: List
Reference Object: /axapi/v3/fw/server/{name}/port/{port-number}+{protocol}
resolve-as
Description ‘resolve-to-ipv4’: Use A Query only to resolve FQDN; ‘resolve-to-ipv6’: Use AAAA Query only to resolve FQDN; ‘resolve-to-ipv4-and-ipv6’: Use A as well as AAAA Query to resolve FQDN;
Type: string
Supported Values: resolve-to-ipv4, resolve-to-ipv6, resolve-to-ipv4-and-ipv6
Default: resolve-to-ipv4
sampling-enable
Type: Listserver-ipv6-addr
Description IPV6 address
Type: string
Format: ipv6-address
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
server-list_port-list¶
Specification Type list Block object keys action
Description ‘enable’: enable; ‘disable’: disable;
Type: string
Supported Values: enable, disable
Default: enable
health-check
Description Health Check (Monitor Name)
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: health-check and health-check-disable are mutually exclusive
Reference Object: /axapi/v3/health/monitor
health-check-disable
Description Disable health check
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: health-check-disable and health-check are mutually exclusive
port-number
Description Port Number
Type: number
Range: 1-65534
protocol
Description ‘tcp’: TCP Port; ‘udp’: UDP Port;
Type: string
Supported Values: tcp, udp
sampling-enable
Type: Listuser-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
server-list_port-list_sampling-enable¶
Specification Type list Block object keys counters1
Description ‘all’: all; ‘curr_conn’: Current connections; ‘curr_req’: Current requests; ‘total_req’: Total requests; ‘total_req_succ’: Total request success; ‘total_fwd_bytes’: Forward bytes; ‘total_fwd_pkts’: Forward packets; ‘total_rev_bytes’: Reverse bytes; ‘total_rev_pkts’: Reverse packets; ‘total_conn’: Total connections; ‘last_total_conn’: Last total connections; ‘peak_conn’: Peak connections; ‘es_resp_200’: Response status 200; ‘es_resp_300’: Response status 300; ‘es_resp_400’: Response status 400; ‘es_resp_500’: Response status 500; ‘es_resp_other’: Response status other; ‘es_req_count’: Total proxy request; ‘es_resp_count’: Total proxy Response; ‘es_resp_invalid_http’: Total non-http response; ‘total_rev_pkts_inspected’: Total reverse packets inspected; ‘total_rev_pkts_inspected_good_status_code’: Total reverse packets with good status code inspected; ‘response_time’: Response time; ‘fastest_rsp_time’: Fastest response time; ‘slowest_rsp_time’: Slowest response time;
Type: string
Supported Values: all, curr_conn, curr_req, total_req, total_req_succ, total_fwd_bytes, total_fwd_pkts, total_rev_bytes, total_rev_pkts, total_conn, last_total_conn, peak_conn, es_resp_200, es_resp_300, es_resp_400, es_resp_500, es_resp_other, es_req_count, es_resp_count, es_resp_invalid_http, total_rev_pkts_inspected, total_rev_pkts_inspected_good_status_code, response_time, fastest_rsp_time, slowest_rsp_time
server-list_sampling-enable¶
Specification Type list Block object keys counters1
Description ‘all’: all; ‘curr-conn’: Current connections; ‘total-conn’: Total connections; ‘fwd-pkt’: Forward packets; ‘rev-pkt’: Reverse Packets; ‘peak-conn’: Peak connections;
Type: string
Supported Values: all, curr-conn, total-conn, fwd-pkt, rev-pkt, peak-conn
session-aging-list¶
Specification Type list Block object keys icmp-idle-timeout
Description Idle Timeout value (default 2 seconds) (idle timeout in second, default 2)
Type: number
Range: 2-15000
Default: 2
ip-idle-timeout
Description Idle Timeout (sec), default is 30 (number)
Type: number
Range: 1-2097151
Default: 30
name
Description session-aging Template (session-aging Template name)
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
tcp
Description: tcp is a JSON Block. Please see below for session-aging-list_tcp
Type: Object
Reference Object: /axapi/v3/fw/session-aging/{name}/tcp
udp
Description: udp is a JSON Block. Please see below for session-aging-list_udp
Type: Object
Reference Object: /axapi/v3/fw/session-aging/{name}/udp
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
session-aging-list_udp¶
Specification Type object port-cfg
Type: Listudp-idle-timeout
Description Idle Timeout (sec), default is 120 (number)
Type: number
Range: 1-2097151
Default: 120
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
session-aging-list_udp_port-cfg¶
Specification Type list Block object keys udp-idle-timeout
Description Idle Timeout (sec), default is 120 (number)
Type: number
Range: 1-2097151
Default: 120
udp-port
Description
Type: number
Range: 1-65535
session-aging-list_tcp¶
Specification Type object force-delete-timeout
Description The maximum time that a session can stay in the system before being deleted, default is off (number (second))
Type: number
Range: 1-31
Mutual Exclusion: force-delete-timeout and force-delete-timeout-100ms are mutually exclusive
force-delete-timeout-100ms
Description The maximum time that a session can stay in the system before being deleted, default is off (number in 100ms)
Type: number
Range: 1-31
Mutual Exclusion: force-delete-timeout-100ms and force-delete-timeout are mutually exclusive
half-close-idle-timeout
Description TCP Half Close Idle Timeout (sec), default is off (number)
Type: number
Range: 60-120
half-open-idle-timeout
Description TCP Half Open Idle Timeout (sec), default is off (number)
Type: number
Range: 1-60
port-cfg
Type: Listtcp-idle-timeout
Description Idle Timeout (sec), default is 600 (number)
Type: number
Range: 1-2097151
Default: 600
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
session-aging-list_tcp_port-cfg¶
Specification Type list Block object keys force-delete-timeout
Description The maximum time that a session can stay in the system before being deleted, default is off (number (second))
Type: number
Range: 1-31
Mutual Exclusion: force-delete-timeout and force-delete-timeout-100ms are mutually exclusive
force-delete-timeout-100ms
Description The maximum time that a session can stay in the system before being deleted, default is off (number in 100ms)
Type: number
Range: 1-31
Mutual Exclusion: force-delete-timeout-100ms and force-delete-timeout are mutually exclusive
half-close-idle-timeout
Description TCP Half Close Idle Timeout (sec), default is off (number)
Type: number
Range: 60-120
half-open-idle-timeout
Description TCP Half Open Idle Timeout (sec), default is off (number)
Type: number
Range: 1-60
tcp-idle-timeout
Description Idle Timeout (sec), default is 600 (number)
Type: number
Range: 1-2097151
tcp-port
Description
Type: number
Range: 1-65535
top-k-rules¶
Specification Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters