{ "id":"/axapi/v3/ddos/dst/zone/{zone-name}", "type":"object", "node-type":"list", "title":"zone", "partition-visibility":"shared", "description":"Configure a static zone entry", "properties":{ "zone-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "optional":false }, "operational-mode":{ "type":"string", "format":"enum", "default":"idle", "partition-visibility":"shared", "description":"'idle': Idle mode; 'monitor': Monitor mode; 'learning': Learning mode; ", "enum":[ "idle", "monitor", "learning" ], "optional":true }, "continuous-learning":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Continuous learning of detection", "optional":true }, "traffic-distribution-mode":{ "type":"string", "format":"enum", "plat-pos-list":["chassis-duo"], "plat-neg-list":["softax-ddet"], "default":"default", "partition-visibility":"shared", "description":"'default': Distribute traffic to one slot using default distribution mechanism; 'source-ip-based': Distribute traffic between slots, based on source ip; ", "enum":[ "default", "source-ip-based" ], "optional":true }, "ip":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "ip-addr":{ "type":"string", "format":"ipv4-address", "partition-visibility":"shared", "description":"Specify IP address" }, "subnet-ip-addr":{ "type":"string", "format":"ipv4-cidr", "partition-visibility":"shared", "description":"IP Subnet" }, "expand-ip-subnet":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Expand this subnet to individual IP address" }, "expand-ip-subnet-mode":{ "type":"string", "format":"enum", "plat-neg-list":["softax-ddet"], "default":"default", "partition-visibility":"shared", "description":"'default': Default learning mechanism (Default: Dynamic); 'dynamic': Dynamic learning; 'static': Static learning; ", "enum":[ "default", "dynamic", "static" ] }, "optional":true } } ] }, "ipv6":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "ip6-addr":{ "type":"string", "format":"ipv6-address", "partition-visibility":"shared", "description":"Specify IPv6 address" }, "subnet-ipv6-addr":{ "type":"string", "format":"ipv6-address-plen", "partition-visibility":"shared", "description":"IPV6 Subnet" }, "expand-ipv6-subnet":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Expand this subnet to individual IPv6 address" }, "expand-ipv6-subnet-mode":{ "type":"string", "format":"enum", "plat-neg-list":["softax-ddet"], "default":"default", "partition-visibility":"shared", "description":"'default': Default learning mechanism (Default: Dynamic); 'dynamic': Dynamic learning; 'static': Static learning; ", "enum":[ "default", "dynamic", "static" ] }, "optional":true } } ] }, "description":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Description for this Destination Zone", "optional":true }, "zone-profile":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/zone-profile", "description":"Apply threshold profile", "optional":true }, "enable-top-k":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "topk-type":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'destination': Topk destination IP; ", "enum":[ "destination" ] }, "topk-num-records":{ "type":"number", "format":"number", "minimum":1, "maximum":100, "default":20, "partition-visibility":"shared", "description":"Maximum number of records to show in topk" }, "topk-sort-key":{ "type":"string", "format":"enum", "default":"avg", "partition-visibility":"shared", "description":"'avg': window average; 'max-peak': max peak; ", "enum":[ "avg", "max-peak" ] }, "optional":true } } ] }, "glid":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID for the whole zone", "optional":true }, "action-list":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "description":"Configure action-list to take", "optional":true }, "per-addr-glid":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID per address", "optional":true }, "dest-nat-ip":{ "type":"string", "format":"ipv4-address", "plat-neg-list":["softax-ddet"], "partition-visibility":"shared", "description":"Destination NAT IP address", "optional":true }, "dest-nat-ipv6":{ "type":"string", "format":"ipv6-address", "plat-neg-list":["softax-ddet"], "partition-visibility":"shared", "description":"Destination NAT IPv6 address", "optional":true }, "source-nat-pool":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Configure source NAT", "optional":true }, "drop-frag-pkt":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Drop fragmented packets", "optional":true }, "sflow-common":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "not-list":[ "sflow-packets", "sflow-layer-4", "sflow-tcp-basic", "sflow-tcp-stateful", "sflow-http" ], "description":"Enable sFlow counter polling packets, tcp-basic, tcp-stateful and http. WARNING: Zone level Sflow polling might induce heavy CP", "optional":true }, "sflow-packets":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "not":"sflow-common", "description":"Enable sFlow packet-level counter polling. WARNING: Zone level Sflow polling might induce heavy CPU load depending on the total", "optional":true }, "sflow-layer-4":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "not":"sflow-common", "description":"Enable sFlow Layer 4 counter polling. WARNING: Zone level Sflow polling might induce heavy CPU load depending on the number of ", "optional":true }, "sflow-tcp":{ "type":"object", "properties":{ "sflow-tcp-basic":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "not":"sflow-common", "description":"Enable sFlow basic TCP counter polling. WARNING: Zone level Sflow polling might induce heavy CPU load depending on the total nu" }, "sflow-tcp-stateful":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "not":"sflow-common", "description":"Enable sFlow stateful TCP counter polling. WARNING: Zone level Sflow polling might induce heavy CPU load depending on the total" } } }, "sflow-http":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "not":"sflow-common", "description":"Enable sFlow HTTP counter polling. WARNING: Zone level Sflow polling might induce heavy CPU load depending on the total number ", "optional":true }, "advertised-enable":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"BGP advertised", "optional":true }, "telemetry-enable":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Enable from-l3-peer flag for the zone, thus all the ip entries in the zone will be dynamically created/deleted based on the BGP", "optional":true }, "zone-template":{ "type":"object", "properties":{ "logging":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS logging template" } } }, "inbound-forward-dscp":{ "type":"number", "format":"number", "plat-neg-list":["softax-ddet"], "minimum":1, "maximum":63, "partition-visibility":"shared", "description":"To set dscp value for inbound packets (DSCP Value for the clear traffic marking)", "optional":true }, "outbound-forward-dscp":{ "type":"number", "format":"number", "plat-neg-list":["softax-ddet"], "minimum":1, "maximum":63, "partition-visibility":"shared", "description":"To set dscp value for outbound", "optional":true }, "reporting-disabled":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Disable Reporting", "optional":true }, "log-enable":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Enable logging", "optional":true }, "log-periodic":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Enable log periodic", "optional":true }, "log-high-frequency":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Enable High frequency logging for non-event logs per zone", "optional":true }, "rate-limit":{ "type":"number", "format":"number", "plat-neg-list":["softax-ddet"], "minimum":1, "maximum":1000, "default":1, "partition-visibility":"shared", "description":"Rate limit per second per zone(Default : 1 per second)", "optional":true }, "pattern-recognition-hw-filter-enable":{ "type":"number", "format":"flag", "plat-neg-list":["non-fpga, softax-ddet", "softax-ddet"], "default":0, "partition-visibility":"shared", "description":"to enable pattern recognition hardware filter", "optional":true }, "collector":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "sflow-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "$ref":"/axapi/v3/sflow/collector/custom", "description":"Name of configured custom sFlow collector" }, "optional":true } } ] }, "src-prefix-len":{ "type":"number", "format":"number", "minimum":32, "maximum":127, "partition-visibility":"shared", "description":"Specify src prefix length for IPv6 (default: not set)", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "detection":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/detection", "properties":{ "settings":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'settings': settings; ", "enum":[ "settings" ] }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" }, "notification":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/detection/notification", "properties":{ "configuration":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'configuration': configuration; ", "enum":[ "configuration" ] }, "notification":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "notification-template-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/notification-template", "description":"Specify the notification template name" }, "optional":true } } ] }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "outbound-detection":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/detection/outbound-detection", "properties":{ "configuration":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'configuration': configuration; ", "enum":[ "configuration" ] }, "toggle":{ "type":"string", "format":"enum", "default":"disable", "partition-visibility":"shared", "description":"'enable': Enable outbound detection; 'disable': Disable outbound detection; ", "enum":[ "enable", "disable" ] }, "discovery-method":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'asn': Autonomous Systems number; 'country': Country; ", "enum":[ "asn", "country" ] }, "discovery-record":{ "type":"number", "format":"number", "minimum":1, "maximum":100, "default":10, "partition-visibility":"shared", "description":"Maximum number of top locations" }, "enable-top-k":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "topk-type":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'source-subnet': Topk source subnet; ", "enum":[ "source-subnet" ] }, "topk-netmask":{ "type":"number", "format":"number", "minimum":1, "maximum":128, "default":128, "partition-visibility":"shared", "description":"Subnet mask. The value should be less than or equal to the minimum zone subnet mask + 8 (IPv6 Subnet mask)" }, "topk-num-records":{ "type":"number", "format":"number", "minimum":1, "maximum":100, "default":20, "partition-visibility":"shared", "description":"Maximum number of records to show in topk" }, "optional":true } } ] }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" }, "indicator-list":{ "type":"array", "minItems":1, "items":{ "type":"indicator" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/detection/outbound-detection/indicator/{type}", "array":[ { "properties":{ "type":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'pkt-rate': rate of incoming packets; 'pkt-drop-rate': rate of packets got dropped; 'bit-rate': rate of incoming bits; 'pkt-drop-ratio': ratio of incoming packet rate divided by the rate of dropping packets; 'bytes-to-bytes-from-ratio': ratio of incoming packet rate divided by the rate of outgoing packets; 'syn-rate': rate on incoming SYN packets; 'fin-rate': rate on incoming FIN packets; 'rst-rate': rate of incoming RST packets; 'small-window-ack-rate': rate of small window advertisement; 'empty-ack-rate': rate of incoming packets which have no payload; 'small-payload-rate': rate of short payload packet; 'syn-fin-ratio': ratio of incoming SYN packet rate divided by the rate of incoming FIN packets; ", "enum":[ "pkt-rate", "pkt-drop-rate", "bit-rate", "pkt-drop-ratio", "bytes-to-bytes-from-ratio", "syn-rate", "fin-rate", "rst-rate", "small-window-ack-rate", "empty-ack-rate", "small-payload-rate", "syn-fin-ratio" ], "optional":false }, "tcp-window-size":{ "type":"number", "format":"number", "minimum":1, "maximum":500, "partition-visibility":"shared", "description":"Expected minimal window size", "optional":true }, "data-packet-size":{ "type":"number", "format":"number", "minimum":1, "maximum":1500, "partition-visibility":"shared", "description":"Expected minimal data size", "optional":true }, "threshold-num":{ "type":"number", "format":"number", "minimum":1, "maximum":2147483647, "partition-visibility":"shared", "description":"Threshold for each geo-location", "optional":true }, "threshold-large-num":{ "type":"number", "format":"number", "minimum":1, "maximum":10995116277760, "partition-visibility":"shared", "description":"Threshold for each geo-location", "optional":true }, "threshold-str":{ "type":"string", "format":"string", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"Threshold for each geo-location (Non-zero floating point)", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "type" ] } ] }, "topk-source-subnet":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/detection/outbound-detection/topk-source-subnet", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } } } }, "service-discovery":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/detection/service-discovery", "properties":{ "configuration":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'configuration': configuration; ", "enum":[ "configuration" ] }, "toggle":{ "type":"string", "format":"enum", "default":"disable", "partition-visibility":"shared", "description":"'enable': Enable service discovery; 'disable': Disable service discovery; ", "enum":[ "enable", "disable" ] }, "pkt-rate-threshold":{ "type":"number", "format":"number", "minimum":1, "maximum":255, "default":10, "partition-visibility":"shared", "description":"packet rate threshold for discovery (default 10 packets per second)" }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "packet-anomaly-detection":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/detection/packet-anomaly-detection", "properties":{ "configuration":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'configuration': configuration; ", "enum":[ "configuration" ] }, "toggle":{ "type":"string", "format":"enum", "default":"enable", "partition-visibility":"shared", "description":"'enable': Enable packet anomaly; 'disable': Disable packet anomaly; ", "enum":[ "enable", "disable" ] }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" }, "indicator-list":{ "type":"array", "minItems":1, "items":{ "type":"indicator" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/detection/packet-anomaly-detection/indicator/{type}", "array":[ { "properties":{ "type":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'port-zero-pkt-rate': Port Zero Packet Rate (default 100 packet per second); ", "enum":[ "port-zero-pkt-rate" ], "optional":false }, "threshold-num":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "default":100, "partition-visibility":"shared", "description":"Threshold for each indicator", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "type" ] } ] } } } } }, "packet-anomaly-detection":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/packet-anomaly-detection", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "outbound-policy":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/outbound-policy", "properties":{ "name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/outbound-policy", "description":"Specify name of the outbound policy" }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "capture-config-list":{ "type":"array", "minItems":1, "items":{ "type":"capture-config" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/capture-config/{name}", "array":[ { "properties":{ "name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "$ref":"/axapi/v3/capture-config", "description":"Capture-config name", "optional":false }, "mode":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'drop': Apply capture-config to dropped packets; 'forward': Apply capture-config to forwarded packets; 'all': Apply capture-config to both dropped and forwarded packets; ", "enum":[ "drop", "forward", "all" ], "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true } }, "required":[ "name" ] } ] }, "hw-blacklist-blocking":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/hw-blacklist-blocking", "properties":{ "dst-enable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable Dst side hardware blocking" }, "src-enable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable Src side hardware blocking" }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "topk-destinations":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/topk-destinations", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "src-port-range-list":{ "type":"array", "minItems":1, "items":{ "type":"src-port-range" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/src-port-range/{src-port-range-start}+{src-port-range-end}+{protocol}", "array":[ { "properties":{ "src-port-range-start":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Src Port-Range Start Port Number", "optional":false }, "src-port-range-end":{ "type":"number", "format":"number", "minimum":2, "maximum":65535, "partition-visibility":"shared", "description":"Src Port-Range End Port Number", "optional":false }, "protocol":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'udp': UDP port; 'tcp': TCP Port; ", "enum":[ "udp", "tcp" ], "optional":false }, "deny":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Blacklist and Drop all incoming packets for protocol", "optional":true }, "glid-cfg":{ "type":"object", "properties":{ "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID" }, "glid-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'drop': Drop packets for glid exceed (Default); 'ignore': Do nothing for glid exceed; ", "enum":[ "drop", "ignore" ] } } }, "zone-template":{ "type":"object", "properties":{ "src-udp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS udp src template" }, "src-tcp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS tcp src template" } } }, "default-action-list":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "description":"Configure default-action-list", "optional":true }, "capture-config":{ "type":"object", "properties":{ "capture-config-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"Capture-config name" }, "capture-config-mode":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'drop': Apply capture-config to dropped packets; 'forward': Apply capture-config to forwarded packets; 'all': Apply capture-config to both dropped and forwarded packets; ", "enum":[ "drop", "forward", "all" ] } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "port-ind":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/src-port-range/{src-port-range-start}+{src-port-range-end}+{protocol}/port-ind", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "level-list":{ "type":"array", "minItems":1, "items":{ "type":"level" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/src-port-range/{src-port-range-start}+{src-port-range-end}+{protocol}/level/{level-num}", "array":[ { "properties":{ "level-num":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'0': Default policy level; '1': Policy level 1; ", "enum":[ "0", "1" ], "optional":false }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "indicator-list":{ "type":"array", "minItems":1, "items":{ "type":"indicator" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/src-port-range/{src-port-range-start}+{src-port-range-end}+{protocol}/level/{level-num}/indicator/{type}", "array":[ { "properties":{ "type":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'pkt-rate': rate of incoming packets; 'bit-rate': rate of incoming bits; ", "enum":[ "pkt-rate", "bit-rate" ], "optional":false }, "zone-threshold-num":{ "type":"number", "format":"number", "minimum":1, "maximum":2147483647, "partition-visibility":"shared", "description":"Threshold of the entire zone for the port-range", "optional":true }, "zone-threshold-large-num":{ "type":"number", "format":"number", "minimum":1, "maximum":10995116277760, "partition-visibility":"shared", "description":"Threshold of the entire zone for the port-range", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "type" ] } ] } }, "required":[ "level-num" ] } ] } }, "required":[ "src-port-range-start", "src-port-range-end", "protocol" ] } ] }, "src-port":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/src-port", "properties":{ "zone-src-port-list":{ "type":"array", "minItems":1, "items":{ "type":"zone-src-port" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/src-port/zone-src-port/{port-num}+{protocol}", "array":[ { "properties":{ "port-num":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Source Port Number", "optional":false }, "protocol":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'dns-udp': DNS-UDP Port; 'dns-tcp': DNS-TCP Port; 'udp': UDP port; 'tcp': TCP Port; ", "enum":[ "dns-udp", "dns-tcp", "udp", "tcp" ], "optional":false }, "deny":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Blacklist and Drop all incoming packets for protocol", "optional":true }, "glid-cfg":{ "type":"object", "properties":{ "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID" }, "glid-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'drop': Drop packets for glid exceed (Default); 'ignore': Do nothing for glid exceed; ", "enum":[ "drop", "ignore" ] } } }, "outbound-src-tracking":{ "type":"string", "format":"enum", "default":"disable", "partition-visibility":"shared", "description":"'enable': enable; 'disable': disable; ", "enum":[ "enable", "disable" ], "optional":true }, "zone-template":{ "type":"object", "properties":{ "src-udp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS udp src template" }, "src-tcp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS tcp src template" }, "src-dns":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS dns src template" } } }, "default-action-list":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "description":"Configure default-action-list", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "port-ind":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/src-port/zone-src-port/{port-num}+{protocol}/port-ind", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "level-list":{ "type":"array", "minItems":1, "items":{ "type":"level" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/src-port/zone-src-port/{port-num}+{protocol}/level/{level-num}", "array":[ { "properties":{ "level-num":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'0': Default policy level; '1': Policy level 1; ", "enum":[ "0", "1" ], "optional":false }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "indicator-list":{ "type":"array", "minItems":1, "items":{ "type":"indicator" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/src-port/zone-src-port/{port-num}+{protocol}/level/{level-num}/indicator/{type}", "array":[ { "properties":{ "type":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'pkt-rate': rate of incoming packets; 'bit-rate': rate of incoming bits; ", "enum":[ "pkt-rate", "bit-rate" ], "optional":false }, "zone-threshold-num":{ "type":"number", "format":"number", "minimum":1, "maximum":2147483647, "partition-visibility":"shared", "description":"Threshold of the entire zone for the src-port", "optional":true }, "zone-threshold-large-num":{ "type":"number", "format":"number", "minimum":1, "maximum":10995116277760, "partition-visibility":"shared", "description":"Threshold of the entire zone for the src-port", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "type" ] } ] } }, "required":[ "level-num" ] } ] } }, "required":[ "port-num", "protocol" ] } ] }, "zone-src-port-other-list":{ "type":"array", "minItems":1, "items":{ "type":"zone-src-port-other" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/src-port/zone-src-port-other/{port-other}+{protocol}", "array":[ { "properties":{ "port-other":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'other': other; ", "enum":[ "other" ], "optional":false }, "protocol":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'udp': UDP port; 'tcp': TCP Port; ", "enum":[ "udp", "tcp" ], "optional":false }, "deny":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Blacklist and Drop all incoming packets for protocol", "optional":true }, "glid-cfg":{ "type":"object", "properties":{ "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID" }, "glid-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'drop': Drop packets for glid exceed (Default); 'ignore': Do nothing for glid exceed; ", "enum":[ "drop", "ignore" ] } } }, "zone-template":{ "type":"object", "properties":{ "src-udp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS udp src template" }, "src-tcp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS tcp src template" } } }, "default-action-list":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "description":"Configure default-action-list", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "port-ind":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/src-port/zone-src-port-other/{port-other}+{protocol}/port-ind", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "level-list":{ "type":"array", "minItems":1, "items":{ "type":"level" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/src-port/zone-src-port-other/{port-other}+{protocol}/level/{level-num}", "array":[ { "properties":{ "level-num":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'0': Default policy level; '1': Policy level 1; ", "enum":[ "0", "1" ], "optional":false }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "indicator-list":{ "type":"array", "minItems":1, "items":{ "type":"indicator" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/src-port/zone-src-port-other/{port-other}+{protocol}/level/{level-num}/indicator/{type}", "array":[ { "properties":{ "type":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'pkt-rate': rate of incoming packets; 'bit-rate': rate of incoming bits; ", "enum":[ "pkt-rate", "bit-rate" ], "optional":false }, "zone-threshold-num":{ "type":"number", "format":"number", "minimum":1, "maximum":2147483647, "partition-visibility":"shared", "description":"Threshold of the entire zone for the src-port", "optional":true }, "zone-threshold-large-num":{ "type":"number", "format":"number", "minimum":1, "maximum":10995116277760, "partition-visibility":"shared", "description":"Threshold of the entire zone for the src-port", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "type" ] } ] } }, "required":[ "level-num" ] } ] } }, "required":[ "port-other", "protocol" ] } ] } } }, "ip-proto":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto", "properties":{ "proto-number-list":{ "type":"array", "minItems":1, "items":{ "type":"proto-number" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}", "array":[ { "properties":{ "protocol-num":{ "type":"number", "format":"number", "minimum":0, "maximum":255, "partition-visibility":"shared", "description":"Protocol Number", "optional":false }, "manual-mode-enable":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Toggle manual mode to use fix templates", "optional":true }, "deny":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Blacklist and Drop all incoming packets for this ip-proto", "optional":true }, "esp-inspect":{ "type":"object", "properties":{ "auth-algorithm":{ "type":"string", "format":"enum", "plat-neg-list":["softax-ddet"], "partition-visibility":"shared", "description":"'AUTH_NULL': No Integrity Check Value; 'HMAC-SHA-1-96': 96 bit Auth Algo; 'HMAC-SHA-256-96': 96 bit Auth Algo; 'HMAC-SHA-256-128': 128 bit Auth Algo; 'HMAC-SHA-384-192': 192 bit Auth Algo; 'HMAC-SHA-512-256': 256 bit Auth Algo; 'HMAC-MD5-96': 96 bit Auth Algo; 'MAC-RIPEMD-160-96': 96 bit Auth Algo; ", "enum":[ "AUTH_NULL", "HMAC-SHA-1-96", "HMAC-SHA-256-96", "HMAC-SHA-256-128", "HMAC-SHA-384-192", "HMAC-SHA-512-256", "HMAC-MD5-96", "MAC-RIPEMD-160-96" ] }, "encrypt-algorithm":{ "type":"string", "format":"enum", "plat-neg-list":["softax-ddet"], "partition-visibility":"shared", "description":"'NULL': Null Encryption Algorithm; ", "enum":[ "NULL" ] }, "mode":{ "type":"string", "format":"enum", "plat-neg-list":["softax-ddet"], "partition-visibility":"shared", "description":"'transport': Transport mode; ", "enum":[ "transport" ] } } }, "glid-cfg":{ "type":"object", "properties":{ "glid":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID for the whole zone" }, "glid-action":{ "type":"string", "format":"enum", "plat-neg-list":["softax-ddet"], "partition-visibility":"shared", "not":"action-list", "description":"'drop': Drop packets for glid exceed (Default); 'ignore': Do nothing for glid exceed; ", "enum":[ "drop", "ignore" ] }, "action-list":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"glid-action", "description":"Configure action-list to take" }, "per-addr-glid":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID per address" } } }, "drop-frag-pkt":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Drop fragmented packets", "optional":true }, "max-dynamic-entry-count":{ "type":"number", "format":"number", "plat-neg-list":["softax-ddet"], "minimum":0, "maximum":2147483647, "partition-visibility":"shared", "description":"Maximum count for dynamic source zone service entry", "optional":true }, "dynamic-entry-count-warn-threshold":{ "type":"number", "format":"number", "minimum":1, "maximum":100, "partition-visibility":"shared", "description":"Set threshold percentage of \"max-src-dst-entry\" for generating warning logs. Including start and end.", "optional":true }, "apply-policy-on-overflow":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Enable this flag to apply overflow policy when dynamic entry count overflows", "optional":true }, "enable-top-k":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable ddos top-k source IP detection", "optional":true }, "topk-num-records":{ "type":"number", "format":"number", "minimum":1, "maximum":100, "default":20, "partition-visibility":"shared", "description":"Maximum number of records to show in topk", "optional":true }, "topk-sort-key":{ "type":"string", "format":"enum", "default":"avg", "partition-visibility":"shared", "description":"'avg': window average; 'max-peak': max peak; ", "enum":[ "avg", "max-peak" ], "optional":true }, "enable-top-k-destination":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable ddos top-k destination IP detection", "optional":true }, "topk-dst-num-records":{ "type":"number", "format":"number", "minimum":1, "maximum":100, "default":20, "partition-visibility":"shared", "description":"Maximum number of records to show in topk", "optional":true }, "topk-dst-sort-key":{ "type":"string", "format":"enum", "default":"avg", "partition-visibility":"shared", "description":"'avg': window average; 'max-peak': max peak; ", "enum":[ "avg", "max-peak" ], "optional":true }, "age":{ "type":"number", "format":"number", "minimum":2, "maximum":1023, "default":5, "partition-visibility":"shared", "description":"Idle age for ip entry", "optional":true }, "enable-class-list-overflow":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Apply class-list overflow policy upon exceeding dynamic entry count specified for zone-port or class-list", "optional":true }, "faster-de-escalation":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"De-escalate faster in standalone mode", "optional":true }, "ip-filtering-policy":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/ip-filtering-policy", "description":"Configure IP Filter", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "ip-filtering-policy-statistics":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}/ip-filtering-policy-statistics", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "src-based-policy-list":{ "type":"array", "minItems":1, "items":{ "type":"src-based-policy" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}/src-based-policy/{src-based-policy-name}", "array":[ { "properties":{ "src-based-policy-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Specify name of the policy", "optional":false }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "policy-class-list-list":{ "type":"array", "minItems":1, "items":{ "type":"policy-class-list" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}/src-based-policy/{src-based-policy-name}/policy-class-list/{class-list-name}", "array":[ { "properties":{ "class-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Class-list name", "optional":false }, "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "glid-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'drop': Drop packets for glid exceed (Default); 'blacklist-src': Blacklist-src for glid exceed; 'ignore': Do nothing for glid exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ], "optional":true }, "action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'bypass': Always permit for the Source to bypass all feature & limit checks; 'deny': Blacklist incoming packets for service; ", "enum":[ "bypass", "deny" ], "optional":true }, "log-enable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable logging", "optional":true }, "log-periodic":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable log periodic", "optional":true }, "max-dynamic-entry-count":{ "type":"number", "format":"number", "minimum":0, "maximum":2147483647, "partition-visibility":"shared", "description":"Maximum count for dynamic source zone service entry allowed for this class-list", "optional":true }, "dynamic-entry-count-warn-threshold":{ "type":"number", "format":"number", "minimum":1, "maximum":100, "partition-visibility":"shared", "description":"Set threshold percentage of \"max-src-dst-entry\" for generating warning logs. Including start and end.", "optional":true }, "zone-template":{ "type":"object", "properties":{ "logging":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS logging template" }, "ip-proto":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS ip-proto template" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "class-list-overflow-policy-list":{ "type":"array", "minItems":1, "items":{ "type":"class-list-overflow-policy" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}/src-based-policy/{src-based-policy-name}/policy-class-list/{class-list-name}/class-list-overflow-policy/{dummy-name}", "array":[ { "properties":{ "dummy-name":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'configuration': Configure overflow policy for class-list; ", "enum":[ "configuration" ], "optional":false }, "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'bypass': Always permit for the Source to bypass all feature & limit checks; 'deny': Blacklist incoming packets for service; ", "enum":[ "bypass", "deny" ], "optional":true }, "log-enable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable logging", "optional":true }, "log-periodic":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable log periodic", "optional":true }, "zone-template":{ "type":"object", "properties":{ "ip-proto":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS ip-proto template" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "dummy-name" ] } ] } }, "required":[ "class-list-name" ] } ] } }, "required":[ "src-based-policy-name" ] } ] }, "dynamic-entry-overflow-policy-list":{ "type":"array", "minItems":1, "items":{ "type":"dynamic-entry-overflow-policy" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}/dynamic-entry-overflow-policy/{dummy-name}", "array":[ { "properties":{ "dummy-name":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'configuration': Configure overflow policy; ", "enum":[ "configuration" ], "optional":false }, "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'bypass': Always permit for the Source to bypass all feature & limit checks; 'deny': Blacklist incoming packets for service; ", "enum":[ "bypass", "deny" ], "optional":true }, "zone-template":{ "type":"object", "properties":{ "ip-proto":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS ip-proto template" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "dummy-name" ] } ] }, "level-list":{ "type":"array", "minItems":1, "items":{ "type":"level" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}/level/{level-num}", "array":[ { "properties":{ "level-num":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'0': Default policy level; '1': Policy level 1; '2': Policy level 2; '3': Policy level 3; '4': Policy level 4; ", "enum":[ "0", "1", "2", "3", "4" ], "optional":false }, "src-default-glid":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "glid-action":{ "type":"string", "format":"enum", "plat-neg-list":["softax-ddet"], "partition-visibility":"shared", "description":"'drop': Drop packets for glid exceed (Default); 'blacklist-src': Blacklist-src for glid exceed; 'ignore': Do nothing for glid exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ], "optional":true }, "zone-escalation-score":{ "type":"number", "format":"number", "minimum":1, "maximum":1000000, "partition-visibility":"shared", "description":"Zone activation score of this level", "optional":true }, "zone-violation-actions":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/violation-actions", "description":"Violation actions apply due to zone escalate from this level", "optional":true }, "src-escalation-score":{ "type":"number", "format":"number", "minimum":1, "maximum":1000000, "partition-visibility":"shared", "description":"Source activation score of this level", "optional":true }, "src-violation-actions":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/violation-actions", "description":"Violation actions apply due to source escalate from this level", "optional":true }, "zone-template":{ "type":"object", "properties":{ "ip-proto":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS ip-proto template" }, "encap":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "indicator-list":{ "type":"array", "minItems":1, "items":{ "type":"indicator" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}/level/{level-num}/indicator/{type}", "array":[ { "properties":{ "type":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'pkt-rate': rate of incoming packets; 'pkt-drop-rate': rate of packets got dropped; 'bit-rate': rate of incoming bits; 'pkt-drop-ratio': ratio of incoming packet rate divided by the rate of dropping packets; 'bytes-to-bytes-from-ratio': ratio of incoming packet rate divided by the rate of outgoing packets; 'frag-rate': rate of incoming fragmented packets; 'cpu-utilization': average data CPU utilization; 'interface-utilization': outside interface utilization; 'learnt-sources': learnt sources; ", "enum":[ "pkt-rate", "pkt-drop-rate", "bit-rate", "pkt-drop-ratio", "bytes-to-bytes-from-ratio", "frag-rate", "cpu-utilization", "interface-utilization", "learnt-sources" ], "optional":false }, "data-packet-size":{ "type":"number", "format":"number", "minimum":1, "maximum":1500, "partition-visibility":"shared", "description":"Expected minimal data size", "optional":true }, "score":{ "type":"number", "format":"number", "minimum":1, "maximum":1000000, "partition-visibility":"shared", "description":"Score corresponding to the indicator", "optional":true }, "src-threshold-num":{ "type":"number", "format":"number", "minimum":1, "maximum":2147483647, "partition-visibility":"shared", "description":"Indicator per-src threshold", "optional":true }, "src-threshold-large-num":{ "type":"number", "format":"number", "minimum":1, "maximum":10995116277760, "partition-visibility":"shared", "description":"Indicator per-src threshold", "optional":true }, "src-threshold-str":{ "type":"string", "format":"string", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"Indicator per-src threshold (Non-zero floating point)", "optional":true }, "src-violation-actions":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/violation-actions", "description":"Violation actions to use when this src indicator threshold reaches", "optional":true }, "zone-threshold-num":{ "type":"number", "format":"number", "minimum":1, "maximum":2147483647, "partition-visibility":"shared", "description":"Threshold for the entire zone", "optional":true }, "zone-threshold-large-num":{ "type":"number", "format":"number", "minimum":1, "maximum":10995116277760, "partition-visibility":"shared", "description":"Threshold for the entire zone", "optional":true }, "zone-threshold-str":{ "type":"string", "format":"string", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"Threshold for the entire zone (Non-zero floating point)", "optional":true }, "zone-violation-actions":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/violation-actions", "description":"Violation actions to use when this zone indicator threshold reaches", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "type" ] } ] } }, "required":[ "level-num" ] } ] }, "manual-mode-list":{ "type":"array", "minItems":1, "items":{ "type":"manual-mode" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}/manual-mode/{config}", "array":[ { "properties":{ "config":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'configuration': Manual-mode configuration; ", "enum":[ "configuration" ], "optional":false }, "src-default-glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "glid-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'drop': Drop packets for glid exceed (Default); 'blacklist-src': Blacklist-src for glid exceed; 'ignore': Do nothing for glid exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ], "optional":true }, "zone-template":{ "type":"object", "properties":{ "ip-proto":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS ip-proto template" }, "encap":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "config" ] } ] }, "port-ind":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}/port-ind", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "topk-sources":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}/topk-sources", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "topk-destinations":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}/topk-destinations", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } } }, "required":[ "protocol-num" ] } ] }, "proto-tcp-udp-list":{ "type":"array", "minItems":1, "items":{ "type":"proto-tcp-udp" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-tcp-udp/{protocol}", "array":[ { "properties":{ "protocol":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'tcp': ip-proto tcp; 'udp': ip-proto udp; ", "enum":[ "tcp", "udp" ], "optional":false }, "deny":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Blacklist and Drop all incoming packets for this ip-proto", "optional":true }, "glid-cfg":{ "type":"object", "properties":{ "glid":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID for the whole zone" }, "glid-action":{ "type":"string", "format":"enum", "plat-neg-list":["softax-ddet"], "partition-visibility":"shared", "not":"action-list", "description":"'drop': Drop packets for glid exceed (Default); 'ignore': Do nothing for glid exceed; ", "enum":[ "drop", "ignore" ] }, "per-addr-glid":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID per address" }, "action-list":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"glid-action", "description":"Configure action-list to take" } } }, "drop-frag-pkt":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Drop fragmented packets", "optional":true }, "ip-filtering-policy":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/ip-filtering-policy", "description":"Configure IP Filter", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "ip-filtering-policy-statistics":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-tcp-udp/{protocol}/ip-filtering-policy-statistics", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } } }, "required":[ "protocol" ] } ] }, "proto-name-list":{ "type":"array", "minItems":1, "items":{ "type":"proto-name" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol}", "array":[ { "properties":{ "protocol":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'icmp-v4': ip-proto icmp-v4; 'icmp-v6': ip-proto icmp-v6; 'other': ip-proto other; 'gre': ip-proto gre; 'ipv4-encap': ip-proto IPv4 Encapsulation; 'ipv6-encap': ip-proto IPv6 Encapsulation; ", "enum":[ "icmp-v4", "icmp-v6", "other", "gre", "ipv4-encap", "ipv6-encap" ], "optional":false }, "manual-mode-enable":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Toggle manual mode to use fix templates", "optional":true }, "deny":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Blacklist and Drop all incoming packets for ip-proto icmp-v4", "optional":true }, "glid-cfg":{ "type":"object", "properties":{ "glid":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID for the whole zone" }, "glid-action":{ "type":"string", "format":"enum", "plat-neg-list":["softax-ddet"], "partition-visibility":"shared", "not":"action-list", "description":"'drop': Drop packets for glid exceed (Default); 'ignore': Do nothing for glid exceed; ", "enum":[ "drop", "ignore" ] }, "action-list":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"glid-action", "description":"Configure action-list to take" }, "per-addr-glid":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID per address" } } }, "tunnel-decap":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Enable tunnel decapsulation", "optional":true }, "key-cfg":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "key":{ "type":"string", "format":"string", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":10, "partition-visibility":"shared", "description":"Only decapsulate GRE packet with this key (Hexadecimal 0x0-0xFFFFFFFF,decimal 0-4294967295)" }, "optional":true } } ] }, "tunnel-rate-limit":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Enable DDOS-protection on tunnel traffic", "optional":true }, "drop-frag-pkt":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Drop fragmented packets", "optional":true }, "max-dynamic-entry-count":{ "type":"number", "format":"number", "plat-neg-list":["softax-ddet"], "minimum":0, "maximum":2147483647, "partition-visibility":"shared", "description":"Maximum count for dynamic source zone service entry", "optional":true }, "dynamic-entry-count-warn-threshold":{ "type":"number", "format":"number", "minimum":1, "maximum":100, "partition-visibility":"shared", "description":"Set threshold percentage of \"max-src-dst-entry\" for generating warning logs. Including start and end.", "optional":true }, "apply-policy-on-overflow":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Enable this flag to apply overflow policy when dynamic entry count overflows", "optional":true }, "enable-top-k":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable ddos top-k source IP detection", "optional":true }, "topk-num-records":{ "type":"number", "format":"number", "minimum":1, "maximum":100, "default":20, "partition-visibility":"shared", "description":"Maximum number of records to show in topk", "optional":true }, "topk-sort-key":{ "type":"string", "format":"enum", "default":"avg", "partition-visibility":"shared", "description":"'avg': window average; 'max-peak': max peak; ", "enum":[ "avg", "max-peak" ], "optional":true }, "enable-top-k-destination":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable ddos top-k destination IP detection", "optional":true }, "topk-dst-num-records":{ "type":"number", "format":"number", "minimum":1, "maximum":100, "default":20, "partition-visibility":"shared", "description":"Maximum number of records to show in topk", "optional":true }, "topk-dst-sort-key":{ "type":"string", "format":"enum", "default":"avg", "partition-visibility":"shared", "description":"'avg': window average; 'max-peak': max peak; ", "enum":[ "avg", "max-peak" ], "optional":true }, "age":{ "type":"number", "format":"number", "minimum":2, "maximum":1023, "default":5, "partition-visibility":"shared", "description":"Idle age for ip entry", "optional":true }, "enable-class-list-overflow":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Apply class-list overflow policy upon exceeding dynamic entry count specified for zone-port or class-list", "optional":true }, "faster-de-escalation":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"De-escalate faster in standalone mode", "optional":true }, "ip-filtering-policy":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/ip-filtering-policy", "description":"Configure IP Filter", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "ip-filtering-policy-statistics":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol}/ip-filtering-policy-statistics", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "level-list":{ "type":"array", "minItems":1, "items":{ "type":"level" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol}/level/{level-num}", "array":[ { "properties":{ "level-num":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'0': Default policy level; '1': Policy level 1; '2': Policy level 2; '3': Policy level 3; '4': Policy level 4; ", "enum":[ "0", "1", "2", "3", "4" ], "optional":false }, "src-default-glid":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "glid-action":{ "type":"string", "format":"enum", "plat-neg-list":["softax-ddet"], "partition-visibility":"shared", "description":"'drop': Drop packets for glid exceed (Default); 'blacklist-src': Blacklist-src for glid exceed; 'ignore': Do nothing for glid exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ], "optional":true }, "zone-escalation-score":{ "type":"number", "format":"number", "minimum":1, "maximum":1000000, "partition-visibility":"shared", "description":"Zone activation score of this level", "optional":true }, "zone-violation-actions":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/violation-actions", "description":"Violation actions apply due to zone escalate from this level", "optional":true }, "src-escalation-score":{ "type":"number", "format":"number", "minimum":1, "maximum":1000000, "partition-visibility":"shared", "description":"Source activation score of this level", "optional":true }, "src-violation-actions":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/violation-actions", "description":"Violation actions apply due to source escalate from this level", "optional":true }, "zone-template":{ "type":"object", "properties":{ "icmp-v4":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS icmp-v4 template" }, "icmp-v6":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS icmp-v6 template" }, "ip-proto":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS ip-proto template" }, "encap":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "indicator-list":{ "type":"array", "minItems":1, "items":{ "type":"indicator" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol}/level/{level-num}/indicator/{type}", "array":[ { "properties":{ "type":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'pkt-rate': rate of incoming packets; 'pkt-drop-rate': rate of packets got dropped; 'bit-rate': rate of incoming bits; 'pkt-drop-ratio': ratio of incoming packet rate divided by the rate of dropping packets; 'bytes-to-bytes-from-ratio': ratio of incoming packet rate divided by the rate of outgoing packets; 'frag-rate': rate of incoming fragmented packets; 'cpu-utilization': average data CPU utilization; 'interface-utilization': outside interface utilization; 'learnt-sources': learnt sources; ", "enum":[ "pkt-rate", "pkt-drop-rate", "bit-rate", "pkt-drop-ratio", "bytes-to-bytes-from-ratio", "frag-rate", "cpu-utilization", "interface-utilization", "learnt-sources" ], "optional":false }, "data-packet-size":{ "type":"number", "format":"number", "minimum":1, "maximum":1500, "partition-visibility":"shared", "description":"Expected minimal data size", "optional":true }, "score":{ "type":"number", "format":"number", "minimum":1, "maximum":1000000, "partition-visibility":"shared", "description":"Score corresponding to the indicator", "optional":true }, "src-threshold-num":{ "type":"number", "format":"number", "minimum":1, "maximum":2147483647, "partition-visibility":"shared", "description":"Indicator per-src threshold", "optional":true }, "src-threshold-large-num":{ "type":"number", "format":"number", "minimum":1, "maximum":10995116277760, "partition-visibility":"shared", "description":"Indicator per-src threshold", "optional":true }, "src-threshold-str":{ "type":"string", "format":"string", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"Indicator per-src threshold (Non-zero floating point)", "optional":true }, "src-violation-actions":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/violation-actions", "description":"Violation actions to use when this src indicator threshold reaches", "optional":true }, "zone-threshold-num":{ "type":"number", "format":"number", "minimum":1, "maximum":2147483647, "partition-visibility":"shared", "description":"Threshold for the entire zone", "optional":true }, "zone-threshold-large-num":{ "type":"number", "format":"number", "minimum":1, "maximum":10995116277760, "partition-visibility":"shared", "description":"Threshold for the entire zone", "optional":true }, "zone-threshold-str":{ "type":"string", "format":"string", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"Threshold for the entire zone (Non-zero floating point)", "optional":true }, "zone-violation-actions":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/violation-actions", "description":"Violation actions to use when this zone indicator threshold reaches", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "type" ] } ] } }, "required":[ "level-num" ] } ] }, "manual-mode-list":{ "type":"array", "minItems":1, "items":{ "type":"manual-mode" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol}/manual-mode/{config}", "array":[ { "properties":{ "config":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'configuration': Manual-mode configuration; ", "enum":[ "configuration" ], "optional":false }, "src-default-glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "glid-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'drop': Drop packets for glid exceed (Default); 'blacklist-src': Blacklist-src for glid exceed; 'ignore': Do nothing for glid exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ], "optional":true }, "zone-template":{ "type":"object", "properties":{ "icmp-v4":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS icmp-v4 template" }, "icmp-v6":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS icmp-v6 template" }, "ip-proto":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS ip-proto template" }, "encap":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "config" ] } ] }, "src-based-policy-list":{ "type":"array", "minItems":1, "items":{ "type":"src-based-policy" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol}/src-based-policy/{src-based-policy-name}", "array":[ { "properties":{ "src-based-policy-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Specify name of the policy", "optional":false }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "policy-class-list-list":{ "type":"array", "minItems":1, "items":{ "type":"policy-class-list" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol}/src-based-policy/{src-based-policy-name}/policy-class-list/{class-list-name}", "array":[ { "properties":{ "class-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Class-list name", "optional":false }, "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "glid-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'drop': Drop packets for glid exceed (Default); 'blacklist-src': Blacklist-src for glid exceed; 'ignore': Do nothing for glid exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ], "optional":true }, "action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'bypass': Always permit for the Source to bypass all feature & limit checks; 'deny': Blacklist incoming packets for service; ", "enum":[ "bypass", "deny" ], "optional":true }, "log-enable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable logging", "optional":true }, "log-periodic":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable log periodic", "optional":true }, "max-dynamic-entry-count":{ "type":"number", "format":"number", "minimum":0, "maximum":2147483647, "partition-visibility":"shared", "description":"Maximum count for dynamic source zone service entry allowed for this class-list", "optional":true }, "dynamic-entry-count-warn-threshold":{ "type":"number", "format":"number", "minimum":1, "maximum":100, "partition-visibility":"shared", "description":"Set threshold percentage of \"max-src-dst-entry\" for generating warning logs. Including start and end.", "optional":true }, "zone-template":{ "type":"object", "properties":{ "logging":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS logging template" }, "icmp-v4":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS icmp-v4 template" }, "icmp-v6":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS icmp-v6 template" }, "ip-proto":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS ip-proto template" }, "encap":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "class-list-overflow-policy-list":{ "type":"array", "minItems":1, "items":{ "type":"class-list-overflow-policy" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol}/src-based-policy/{src-based-policy-name}/policy-class-list/{class-list-name}/class-list-overflow-policy/{dummy-name}", "array":[ { "properties":{ "dummy-name":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'configuration': Configure overflow policy for class-list; ", "enum":[ "configuration" ], "optional":false }, "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'bypass': Always permit for the Source to bypass all feature & limit checks; 'deny': Blacklist incoming packets for service; ", "enum":[ "bypass", "deny" ], "optional":true }, "log-enable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable logging", "optional":true }, "log-periodic":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable log periodic", "optional":true }, "zone-template":{ "type":"object", "properties":{ "icmp-v4":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS icmp-v4 template" }, "icmp-v6":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS icmp-v6 template" }, "ip-proto":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS ip-proto template" }, "encap":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "dummy-name" ] } ] } }, "required":[ "class-list-name" ] } ] } }, "required":[ "src-based-policy-name" ] } ] }, "dynamic-entry-overflow-policy-list":{ "type":"array", "minItems":1, "items":{ "type":"dynamic-entry-overflow-policy" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol}/dynamic-entry-overflow-policy/{dummy-name}", "array":[ { "properties":{ "dummy-name":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'configuration': Configure overflow policy; ", "enum":[ "configuration" ], "optional":false }, "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'bypass': Always permit for the Source to bypass all feature & limit checks; 'deny': Blacklist incoming packets for service; ", "enum":[ "bypass", "deny" ], "optional":true }, "zone-template":{ "type":"object", "properties":{ "icmp-v4":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS icmp-v4 template" }, "icmp-v6":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS icmp-v6 template" }, "ip-proto":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS ip-proto template" }, "encap":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "dummy-name" ] } ] }, "port-ind":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol}/port-ind", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "topk-sources":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol}/topk-sources", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "topk-destinations":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol}/topk-destinations", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } } }, "required":[ "protocol" ] } ] } } }, "port":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port", "properties":{ "zone-service-list":{ "type":"array", "minItems":1, "items":{ "type":"zone-service" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}", "array":[ { "properties":{ "port-num":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Port Number", "optional":false }, "protocol":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'dns-tcp': DNS-TCP Port; 'dns-udp': DNS-UDP Port; 'http': HTTP Port; 'tcp': TCP Port; 'udp': UDP Port; 'ssl-l4': SSL-L4 Port; 'sip-udp': SIP-UDP Port; 'sip-tcp': SIP-TCP Port; 'quic': QUIC Port; ", "enum":[ "dns-tcp", "dns-udp", "http", "tcp", "udp", "ssl-l4", "sip-udp", "sip-tcp", "quic" ], "optional":false }, "manual-mode-enable":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Toggle manual mode to use fix templates", "optional":true }, "deny":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Blacklist and Drop all incoming packets for protocol", "optional":true }, "glid-cfg":{ "type":"object", "properties":{ "glid":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID for the whole zone" }, "glid-action":{ "type":"string", "format":"enum", "plat-neg-list":["softax-ddet"], "partition-visibility":"shared", "not":"action-list", "description":"'drop': Drop packets for glid exceed (Default if default-action-list is not configured); 'ignore': Do nothing for glid exceed; ", "enum":[ "drop", "ignore" ] }, "action-list":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"glid-action", "description":"Configure action-list to take" }, "per-addr-glid":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID per address" } } }, "stateful":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Enable stateful tracking of sessions (Default is stateless)", "optional":true }, "default-action-list":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "description":"Configure default-action-list", "optional":true }, "sflow-common":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "not-list":[ "sflow-packets", "sflow-tcp-basic", "sflow-tcp-stateful", "sflow-http" ], "description":"Enable all sFlow polling options under this zone port", "optional":true }, "sflow-packets":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "not":"sflow-common", "description":"Enable sFlow packet-level counter polling", "optional":true }, "sflow-tcp":{ "type":"object", "properties":{ "sflow-tcp-basic":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "not":"sflow-common", "description":"Enable sFlow basic TCP counter polling" }, "sflow-tcp-stateful":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "not":"sflow-common", "description":"Enable sFlow stateful TCP counter polling" } } }, "sflow-http":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "not":"sflow-common", "description":"Enable sFlow HTTP counter polling", "optional":true }, "max-dynamic-entry-count":{ "type":"number", "format":"number", "plat-neg-list":["softax-ddet"], "minimum":0, "maximum":2147483647, "partition-visibility":"shared", "description":"Maximum count for dynamic source zone service entry", "optional":true }, "dynamic-entry-count-warn-threshold":{ "type":"number", "format":"number", "minimum":1, "maximum":100, "partition-visibility":"shared", "description":"Set threshold percentage of \"max-src-dst-entry\" for generating warning logs. Including start and end.", "optional":true }, "apply-policy-on-overflow":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Enable this flag to apply overflow policy when dynamic entry count overflows", "optional":true }, "enable-class-list-overflow":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Apply class-list overflow policy upon exceeding dynamic entry count specified for zone-port or class-list", "optional":true }, "age":{ "type":"number", "format":"number", "minimum":2, "maximum":1023, "default":5, "partition-visibility":"shared", "description":"Idle age for ip entry", "optional":true }, "enable-top-k":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable ddos top-k source IP detection", "optional":true }, "topk-num-records":{ "type":"number", "format":"number", "minimum":1, "maximum":100, "default":20, "partition-visibility":"shared", "description":"Maximum number of records to show in topk", "optional":true }, "topk-sort-key":{ "type":"string", "format":"enum", "default":"avg", "partition-visibility":"shared", "description":"'avg': window average; 'max-peak': max peak; ", "enum":[ "avg", "max-peak" ], "optional":true }, "enable-top-k-destination":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable ddos top-k destination IP detection", "optional":true }, "topk-dst-num-records":{ "type":"number", "format":"number", "minimum":1, "maximum":100, "default":20, "partition-visibility":"shared", "description":"Maximum number of records to show in topk", "optional":true }, "topk-dst-sort-key":{ "type":"string", "format":"enum", "default":"avg", "partition-visibility":"shared", "description":"'avg': window average; 'max-peak': max peak; ", "enum":[ "avg", "max-peak" ], "optional":true }, "capture-config":{ "type":"object", "properties":{ "capture-config-name":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"Capture-config name" }, "capture-config-mode":{ "type":"string", "format":"enum", "plat-neg-list":["softax-ddet"], "partition-visibility":"shared", "description":"'drop': Apply capture-config to dropped packets; 'forward': Apply capture-config to forwarded packets; 'all': Apply capture-config to both dropped and forwarded packets; ", "enum":[ "drop", "forward", "all" ] } } }, "outbound-only":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Only allow outbound traffic", "optional":true }, "faster-de-escalation":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"De-escalate faster in standalone mode", "optional":true }, "ip-filtering-policy":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/ip-filtering-policy", "description":"Configure IP Filter", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "signature-extraction":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/signature-extraction", "properties":{ "algorithm":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'heuristic': heuristic algorithm; ", "enum":[ "heuristic" ] }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "pattern-recognition":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/pattern-recognition", "properties":{ "algorithm":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'heuristic': heuristic algorithm; ", "enum":[ "heuristic" ] }, "triggered-by":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'zone-escalation': Zone escalation trigger pattern recognition; 'packet-rate-exceeds': Packet rate limit exceeds trigger pattern recognition (default); ", "enum":[ "zone-escalation", "packet-rate-exceeds" ] }, "capture-traffic":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'all': Capture all packets; 'dropped': Capture dropped packets (default); ", "enum":[ "all", "dropped" ] }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "pattern-recognition-pu-details":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/pattern-recognition-pu-details", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "ip-filtering-policy-statistics":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/ip-filtering-policy-statistics", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "level-list":{ "type":"array", "minItems":1, "items":{ "type":"level" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/level/{level-num}", "array":[ { "properties":{ "level-num":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'0': Default policy level; '1': Policy level 1; '2': Policy level 2; '3': Policy level 3; '4': Policy level 4; ", "enum":[ "0", "1", "2", "3", "4" ], "optional":false }, "src-default-glid":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "glid-action":{ "type":"string", "format":"enum", "plat-neg-list":["softax-ddet"], "partition-visibility":"shared", "description":"'drop': Drop packets for glid exceed (Default); 'blacklist-src': Blacklist-src for glid exceed; 'ignore': Do nothing for glid exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ], "optional":true }, "zone-escalation-score":{ "type":"number", "format":"number", "minimum":1, "maximum":1000000, "partition-visibility":"shared", "description":"Zone activation score of this level", "optional":true }, "zone-violation-actions":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/violation-actions", "description":"Violation actions apply due to zone escalate from this level", "optional":true }, "src-escalation-score":{ "type":"number", "format":"number", "minimum":1, "maximum":1000000, "partition-visibility":"shared", "description":"Source activation score of this level", "optional":true }, "src-violation-actions":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/violation-actions", "description":"Violation actions apply due to source escalate from this level", "optional":true }, "zone-template":{ "type":"object", "properties":{ "quic":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS quic template" }, "dns":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS dns template" }, "http":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS http template" }, "ssl-l4":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS ssl-l4 template" }, "sip":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS sip template" }, "tcp":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS tcp template" }, "udp":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS udp template" }, "encap":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)" } } }, "close-sessions-for-unauth-sources":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Close session for unauthenticated sources", "optional":true }, "close-sessions-for-all-sources":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Close session for all sources", "optional":true }, "clear-sources-upon-deescalation":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Clear sources upon de-escalation from level 1 to 0 or manual to 0", "optional":true }, "start-pattern-recognition":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Start pattern recognition from this level", "optional":true }, "apply-extracted-filters":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Apply extracted filters from this level", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "indicator-list":{ "type":"array", "minItems":1, "items":{ "type":"indicator" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/level/{level-num}/indicator/{type}", "array":[ { "properties":{ "type":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'pkt-rate': rate of incoming packets; 'pkt-drop-rate': rate of packets got dropped; 'bit-rate': rate of incoming bits; 'pkt-drop-ratio': ratio of incoming packet rate divided by the rate of dropping packets; 'bytes-to-bytes-from-ratio': ratio of incoming packet rate divided by the rate of outgoing packets; 'concurrent-conns': number of concurrent connections; 'conn-miss-rate': rate of incoming packets for which no previously established connection exists; 'syn-rate': rate on incoming SYN packets; 'fin-rate': rate on incoming FIN packets; 'rst-rate': rate of incoming RST packets; 'small-window-ack-rate': rate of small window advertisement; 'empty-ack-rate': rate of incoming packets which have no payload; 'small-payload-rate': rate of short payload packet; 'syn-fin-ratio': ratio of incoming SYN packet rate divided by the rate of incoming FIN packets; 'cpu-utilization': average data CPU utilization; 'interface-utilization': outside interface utilization; 'learnt-sources': learnt sources; ", "enum":[ "pkt-rate", "pkt-drop-rate", "bit-rate", "pkt-drop-ratio", "bytes-to-bytes-from-ratio", "concurrent-conns", "conn-miss-rate", "syn-rate", "fin-rate", "rst-rate", "small-window-ack-rate", "empty-ack-rate", "small-payload-rate", "syn-fin-ratio", "cpu-utilization", "interface-utilization", "learnt-sources" ], "optional":false }, "tcp-window-size":{ "type":"number", "format":"number", "minimum":1, "maximum":500, "partition-visibility":"shared", "description":"Expected minimal window size", "optional":true }, "data-packet-size":{ "type":"number", "format":"number", "minimum":1, "maximum":1500, "partition-visibility":"shared", "description":"Expected minimal data size", "optional":true }, "score":{ "type":"number", "format":"number", "minimum":1, "maximum":1000000, "partition-visibility":"shared", "description":"Score corresponding to the indicator", "optional":true }, "src-threshold-num":{ "type":"number", "format":"number", "minimum":1, "maximum":2147483647, "partition-visibility":"shared", "description":"Indicator per-src threshold", "optional":true }, "src-threshold-large-num":{ "type":"number", "format":"number", "minimum":1, "maximum":10995116277760, "partition-visibility":"shared", "description":"Indicator per-src threshold", "optional":true }, "src-threshold-str":{ "type":"string", "format":"string", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"Indicator per-src threshold (Non-zero floating point)", "optional":true }, "src-violation-actions":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/violation-actions", "description":"Violation actions to use when this src indicator threshold reaches", "optional":true }, "zone-threshold-large-num":{ "type":"number", "format":"number", "minimum":1, "maximum":10995116277760, "partition-visibility":"shared", "description":"Threshold for the entire zone", "optional":true }, "zone-threshold-num":{ "type":"number", "format":"number", "minimum":1, "maximum":2147483647, "partition-visibility":"shared", "description":"Threshold for the entire zone", "optional":true }, "zone-threshold-str":{ "type":"string", "format":"string", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"Threshold for the entire zone (Non-zero floating point)", "optional":true }, "zone-violation-actions":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/violation-actions", "description":"Violation actions to use when this zone indicator threshold reaches", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "type" ] } ] } }, "required":[ "level-num" ] } ] }, "manual-mode-list":{ "type":"array", "minItems":1, "items":{ "type":"manual-mode" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/manual-mode/{config}", "array":[ { "properties":{ "config":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'configuration': Manual-mode configuration; ", "enum":[ "configuration" ], "optional":false }, "src-default-glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "glid-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'drop': Drop packets for glid exceed (Default); 'blacklist-src': Blacklist-src for glid exceed; 'ignore': Do nothing for glid exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ], "optional":true }, "zone-template":{ "type":"object", "properties":{ "quic":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS quic template" }, "dns":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS dns template" }, "http":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS http template" }, "ssl-l4":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS ssl-l4 template" }, "sip":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS sip template" }, "tcp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS tcp template" }, "udp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS udp template" }, "encap":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)" } } }, "close-sessions-for-all-sources":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Close session for all sources", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "config" ] } ] }, "port-ind":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/port-ind", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "topk-sources":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/topk-sources", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "topk-destinations":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/topk-destinations", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "src-based-policy-list":{ "type":"array", "minItems":1, "items":{ "type":"src-based-policy" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/src-based-policy/{src-based-policy-name}", "array":[ { "properties":{ "src-based-policy-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Specify name of the policy", "optional":false }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "policy-class-list-list":{ "type":"array", "minItems":1, "items":{ "type":"policy-class-list" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/src-based-policy/{src-based-policy-name}/policy-class-list/{class-list-name}", "array":[ { "properties":{ "class-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Class-list name", "optional":false }, "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "glid-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'drop': Drop packets for glid exceed (Default); 'blacklist-src': Blacklist-src for glid exceed; 'ignore': Do nothing for glid exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ], "optional":true }, "action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'bypass': Always permit for the Source to bypass all feature & limit checks; 'deny': Blacklist incoming packets for service; ", "enum":[ "bypass", "deny" ], "optional":true }, "log-enable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable logging", "optional":true }, "log-periodic":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable log periodic", "optional":true }, "max-dynamic-entry-count":{ "type":"number", "format":"number", "minimum":0, "maximum":2147483647, "partition-visibility":"shared", "description":"Maximum count for dynamic source zone service entry allowed for this class-list", "optional":true }, "dynamic-entry-count-warn-threshold":{ "type":"number", "format":"number", "minimum":1, "maximum":100, "partition-visibility":"shared", "description":"Set threshold percentage of \"max-src-dst-entry\" for generating warning logs. Including start and end.", "optional":true }, "zone-template":{ "type":"object", "properties":{ "quic":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS quic template" }, "dns":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS dns template" }, "http":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS http template" }, "ssl-l4":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS ssl-l4 template" }, "sip":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS sip template" }, "tcp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS tcp template" }, "udp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS udp template" }, "encap":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)" }, "logging":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS logging template" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "class-list-overflow-policy-list":{ "type":"array", "minItems":1, "items":{ "type":"class-list-overflow-policy" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/src-based-policy/{src-based-policy-name}/policy-class-list/{class-list-name}/class-list-overflow-policy/{dummy-name}", "array":[ { "properties":{ "dummy-name":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'configuration': Configure overflow policy for class-list; ", "enum":[ "configuration" ], "optional":false }, "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'bypass': Always permit for the Source to bypass all feature & limit checks; 'deny': Blacklist incoming packets for service; ", "enum":[ "bypass", "deny" ], "optional":true }, "log-enable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable logging", "optional":true }, "log-periodic":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable log periodic", "optional":true }, "zone-template":{ "type":"object", "properties":{ "quic":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS quic template" }, "dns":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS dns template" }, "http":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS http template" }, "ssl-l4":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS ssl-l4 template" }, "sip":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS sip template" }, "tcp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS tcp template" }, "udp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS udp template" }, "encap":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)" }, "logging":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS logging template" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "dummy-name" ] } ] } }, "required":[ "class-list-name" ] } ] } }, "required":[ "src-based-policy-name" ] } ] }, "dynamic-entry-overflow-policy-list":{ "type":"array", "minItems":1, "items":{ "type":"dynamic-entry-overflow-policy" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/dynamic-entry-overflow-policy/{dummy-name}", "array":[ { "properties":{ "dummy-name":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'configuration': Configure overflow policy; ", "enum":[ "configuration" ], "optional":false }, "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'bypass': Always permit for the Source to bypass all feature & limit checks; 'deny': Blacklist incoming packets for service; ", "enum":[ "bypass", "deny" ], "optional":true }, "log-enable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable logging", "optional":true }, "log-periodic":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable log periodic", "optional":true }, "zone-template":{ "type":"object", "properties":{ "quic":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS quic template" }, "dns":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS dns template" }, "http":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS http template" }, "ssl-l4":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS ssl-l4 template" }, "sip":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS sip template" }, "tcp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS tcp template" }, "udp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS udp template" }, "encap":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)" }, "logging":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS logging template" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "dummy-name" ] } ] }, "virtualhosts":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/virtualhosts", "properties":{ "vhosts-config":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'configuration': configure virtualhost based mitigation for ssl services; ", "enum":[ "configuration" ] }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" }, "virtualhost-list":{ "type":"array", "minItems":1, "items":{ "type":"virtualhost" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/virtualhosts/virtualhost/{vhost}", "array":[ { "properties":{ "vhost":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"name for virtualhost", "optional":false }, "servername":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "match-type":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'contains': match servername extension when contains this string; 'ends-with': match servername extension when ends with this string; 'equals': match servername extension when equals this string; 'starts-with': match servername extension when starts with this string; ", "enum":[ "contains", "ends-with", "equals", "starts-with" ] }, "host-match-string":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"SNI String" }, "optional":true } } ] }, "servername-list":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Class List to match servername (AC type Class List Name)", "optional":true }, "servername-match-any":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Match any SNI extension", "optional":true }, "servername-no-sni":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Match when there is no SNI extension found", "optional":true }, "glid-cfg":{ "type":"object", "properties":{ "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID" }, "glid-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'drop': Drop packets for glid exceed; 'ignore': Do nothing for glid exceed; ", "enum":[ "drop", "ignore" ] } } }, "deny":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Blacklist and Drop all incoming packets for protocol", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "level-list":{ "type":"array", "minItems":1, "items":{ "type":"level" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/virtualhosts/virtualhost/{vhost}/level/{level-num}", "array":[ { "properties":{ "level-num":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'0': Default policy level; ", "enum":[ "0" ], "optional":false }, "src-default-glid":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "glid-action":{ "type":"string", "format":"enum", "plat-neg-list":["softax-ddet"], "partition-visibility":"shared", "description":"'drop': Drop packets for glid exceed (Default); 'blacklist-src': Blacklist-src for glid exceed; 'ignore': Do nothing for glid exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ], "optional":true }, "zone-template":{ "type":"object", "properties":{ "ssl-l4":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS ssl-l4 template" }, "tcp":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS tcp template" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "level-num" ] } ] } }, "required":[ "vhost" ] } ] } } } }, "required":[ "port-num", "protocol" ] } ] }, "zone-service-other-list":{ "type":"array", "minItems":1, "items":{ "type":"zone-service-other" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}", "array":[ { "properties":{ "port-other":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'other': other; ", "enum":[ "other" ], "optional":false }, "protocol":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'tcp': TCP Port; 'udp': UDP Port; ", "enum":[ "tcp", "udp" ], "optional":false }, "manual-mode-enable":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Toggle manual mode to use fix templates", "optional":true }, "enable-top-k":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable ddos top-k source IP detection", "optional":true }, "topk-num-records":{ "type":"number", "format":"number", "minimum":1, "maximum":100, "default":20, "partition-visibility":"shared", "description":"Maximum number of records to show in topk", "optional":true }, "topk-sort-key":{ "type":"string", "format":"enum", "default":"avg", "partition-visibility":"shared", "description":"'avg': window average; 'max-peak': max peak; ", "enum":[ "avg", "max-peak" ], "optional":true }, "enable-top-k-destination":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable ddos top-k destination IP detection", "optional":true }, "topk-dst-num-records":{ "type":"number", "format":"number", "minimum":1, "maximum":100, "default":20, "partition-visibility":"shared", "description":"Maximum number of records to show in topk", "optional":true }, "topk-dst-sort-key":{ "type":"string", "format":"enum", "default":"avg", "partition-visibility":"shared", "description":"'avg': window average; 'max-peak': max peak; ", "enum":[ "avg", "max-peak" ], "optional":true }, "deny":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Blacklist and Drop all incoming packets for protocol", "optional":true }, "glid-cfg":{ "type":"object", "properties":{ "glid":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID for the whole zone" }, "glid-action":{ "type":"string", "format":"enum", "plat-neg-list":["softax-ddet"], "partition-visibility":"shared", "not":"action-list", "description":"'drop': Drop packets for glid exceed (Default if default-action-list is not configured); 'ignore': Do nothing for glid exceed; ", "enum":[ "drop", "ignore" ] }, "action-list":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"glid-action", "description":"Configure action-list to take" }, "per-addr-glid":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID per address" } } }, "stateful":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Enable stateful tracking of sessions (Default is stateless)", "optional":true }, "default-action-list":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "description":"Configure default-action-list", "optional":true }, "sflow-common":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "not-list":[ "sflow-packets", "sflow-tcp-basic", "sflow-tcp-stateful" ], "description":"Enable all sFlow polling options under this zone port", "optional":true }, "sflow-packets":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "not":"sflow-common", "description":"Enable sFlow packet-level counter polling", "optional":true }, "sflow-tcp":{ "type":"object", "properties":{ "sflow-tcp-basic":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "not":"sflow-common", "description":"Enable sFlow basic TCP counter polling" }, "sflow-tcp-stateful":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "not":"sflow-common", "description":"Enable sFlow stateful TCP counter polling" } } }, "max-dynamic-entry-count":{ "type":"number", "format":"number", "plat-neg-list":["softax-ddet"], "minimum":0, "maximum":2147483647, "partition-visibility":"shared", "description":"Maximum count for dynamic source zone service entry", "optional":true }, "dynamic-entry-count-warn-threshold":{ "type":"number", "format":"number", "minimum":1, "maximum":100, "partition-visibility":"shared", "description":"Set threshold percentage of \"max-src-dst-entry\" for generating warning logs. Including start and end.", "optional":true }, "apply-policy-on-overflow":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Enable this flag to apply overflow policy when dynamic entry count overflows", "optional":true }, "enable-class-list-overflow":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Apply class-list overflow policy upon exceeding dynamic entry count specified for this zone port or each class-list", "optional":true }, "age":{ "type":"number", "format":"number", "minimum":2, "maximum":1023, "default":5, "partition-visibility":"shared", "description":"Idle age for ip entry", "optional":true }, "outbound-only":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Only allow outbound traffic", "optional":true }, "faster-de-escalation":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"De-escalate faster in standalone mode", "optional":true }, "ip-filtering-policy":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/ip-filtering-policy", "description":"Configure IP Filter", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "ip-filtering-policy-statistics":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}/ip-filtering-policy-statistics", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "pattern-recognition":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}/pattern-recognition", "properties":{ "algorithm":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'heuristic': heuristic algorithm; ", "enum":[ "heuristic" ] }, "triggered-by":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'zone-escalation': Zone escalation trigger pattern recognition; 'packet-rate-exceeds': Packet rate limit exceeds trigger pattern recognition (default); ", "enum":[ "zone-escalation", "packet-rate-exceeds" ] }, "capture-traffic":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'all': Capture all packets; 'dropped': Capture dropped packets (default); ", "enum":[ "all", "dropped" ] }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "pattern-recognition-pu-details":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}/pattern-recognition-pu-details", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "level-list":{ "type":"array", "minItems":1, "items":{ "type":"level" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}/level/{level-num}", "array":[ { "properties":{ "level-num":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'0': Default policy level; '1': Policy level 1; '2': Policy level 2; '3': Policy level 3; '4': Policy level 4; ", "enum":[ "0", "1", "2", "3", "4" ], "optional":false }, "src-default-glid":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "glid-action":{ "type":"string", "format":"enum", "plat-neg-list":["softax-ddet"], "partition-visibility":"shared", "description":"'drop': Drop packets for glid exceed (Default); 'blacklist-src': Blacklist-src for glid exceed; 'ignore': Do nothing for glid exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ], "optional":true }, "zone-escalation-score":{ "type":"number", "format":"number", "minimum":1, "maximum":1000000, "partition-visibility":"shared", "description":"Zone activation score of this level", "optional":true }, "zone-violation-actions":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/violation-actions", "description":"Violation actions apply due to zone escalate from this level", "optional":true }, "src-escalation-score":{ "type":"number", "format":"number", "minimum":1, "maximum":1000000, "partition-visibility":"shared", "description":"Source activation score of this level", "optional":true }, "src-violation-actions":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/violation-actions", "description":"Violation actions apply due to source escalate from this level", "optional":true }, "zone-template":{ "type":"object", "properties":{ "tcp":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS tcp template" }, "udp":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS udp template" }, "encap":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)" } } }, "close-sessions-for-unauth-sources":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Close session for unauthenticated sources", "optional":true }, "close-sessions-for-all-sources":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Close session for all sources", "optional":true }, "clear-sources-upon-deescalation":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Clear sources upon de-escalation from level 1 to 0 or manual to 0", "optional":true }, "start-pattern-recognition":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Start pattern recognition from this level", "optional":true }, "apply-extracted-filters":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Apply extracted filters from this level", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "indicator-list":{ "type":"array", "minItems":1, "items":{ "type":"indicator" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}/level/{level-num}/indicator/{type}", "array":[ { "properties":{ "type":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'pkt-rate': rate of incoming packets; 'pkt-drop-rate': rate of packets got dropped; 'bit-rate': rate of incoming bits; 'pkt-drop-ratio': ratio of incoming packet rate divided by the rate of dropping packets; 'bytes-to-bytes-from-ratio': ratio of incoming packet rate divided by the rate of outgoing packets; 'concurrent-conns': number of concurrent connections; 'conn-miss-rate': rate of incoming packets for which no previously established connection exists; 'syn-rate': rate on incoming SYN packets; 'fin-rate': rate on incoming FIN packets; 'rst-rate': rate of incoming RST packets; 'small-window-ack-rate': rate of small window advertisement; 'empty-ack-rate': rate of incoming packets which have no payload; 'small-payload-rate': rate of short payload packet; 'syn-fin-ratio': ratio of incoming SYN packet rate divided by the rate of incoming FIN packets; 'cpu-utilization': average data CPU utilization; 'interface-utilization': outside interface utilization; 'learnt-sources': learnt sources; ", "enum":[ "pkt-rate", "pkt-drop-rate", "bit-rate", "pkt-drop-ratio", "bytes-to-bytes-from-ratio", "concurrent-conns", "conn-miss-rate", "syn-rate", "fin-rate", "rst-rate", "small-window-ack-rate", "empty-ack-rate", "small-payload-rate", "syn-fin-ratio", "cpu-utilization", "interface-utilization", "learnt-sources" ], "optional":false }, "tcp-window-size":{ "type":"number", "format":"number", "minimum":1, "maximum":500, "partition-visibility":"shared", "description":"Expected minimal window size", "optional":true }, "data-packet-size":{ "type":"number", "format":"number", "minimum":1, "maximum":1500, "partition-visibility":"shared", "description":"Expected minimal data size", "optional":true }, "score":{ "type":"number", "format":"number", "minimum":1, "maximum":1000000, "partition-visibility":"shared", "description":"Score corresponding to the indicator", "optional":true }, "src-threshold-num":{ "type":"number", "format":"number", "minimum":1, "maximum":2147483647, "partition-visibility":"shared", "description":"Indicator per-src threshold", "optional":true }, "src-threshold-large-num":{ "type":"number", "format":"number", "minimum":1, "maximum":10995116277760, "partition-visibility":"shared", "description":"Indicator per-src threshold", "optional":true }, "src-threshold-str":{ "type":"string", "format":"string", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"Indicator per-src threshold (Non-zero floating point)", "optional":true }, "src-violation-actions":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/violation-actions", "description":"Violation actions to use when this src indicator threshold reaches", "optional":true }, "zone-threshold-num":{ "type":"number", "format":"number", "minimum":1, "maximum":2147483647, "partition-visibility":"shared", "description":"Threshold for the entire zone", "optional":true }, "zone-threshold-large-num":{ "type":"number", "format":"number", "minimum":1, "maximum":10995116277760, "partition-visibility":"shared", "description":"Threshold for the entire zone", "optional":true }, "zone-threshold-str":{ "type":"string", "format":"string", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"Threshold for the entire zone (Non-zero floating point)", "optional":true }, "zone-violation-actions":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/violation-actions", "description":"Violation actions to use when this zone indicator threshold reaches", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "type" ] } ] } }, "required":[ "level-num" ] } ] }, "manual-mode-list":{ "type":"array", "minItems":1, "items":{ "type":"manual-mode" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}/manual-mode/{config}", "array":[ { "properties":{ "config":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'configuration': Manual-mode configuration; ", "enum":[ "configuration" ], "optional":false }, "src-default-glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "glid-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'drop': Drop packets for glid exceed (Default); 'blacklist-src': Blacklist-src for glid exceed; 'ignore': Do nothing for glid exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ], "optional":true }, "zone-template":{ "type":"object", "properties":{ "tcp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS tcp template" }, "udp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS udp template" }, "encap":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)" } } }, "close-sessions-for-all-sources":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Close session for all sources", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "config" ] } ] }, "port-ind":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}/port-ind", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "topk-sources":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}/topk-sources", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "topk-destinations":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}/topk-destinations", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "src-based-policy-list":{ "type":"array", "minItems":1, "items":{ "type":"src-based-policy" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}/src-based-policy/{src-based-policy-name}", "array":[ { "properties":{ "src-based-policy-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Specify name of the policy", "optional":false }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "policy-class-list-list":{ "type":"array", "minItems":1, "items":{ "type":"policy-class-list" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}/src-based-policy/{src-based-policy-name}/policy-class-list/{class-list-name}", "array":[ { "properties":{ "class-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Class-list name", "optional":false }, "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "glid-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'drop': Drop packets for glid exceed (Default); 'blacklist-src': Blacklist-src for glid exceed; 'ignore': Do nothing for glid exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ], "optional":true }, "action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'bypass': Always permit for the Source to bypass all feature & limit checks; 'deny': Blacklist incoming packets for service; ", "enum":[ "bypass", "deny" ], "optional":true }, "max-dynamic-entry-count":{ "type":"number", "format":"number", "minimum":0, "maximum":2147483647, "partition-visibility":"shared", "description":"Maximum count for dynamic source zone service entry allowed for this class-list", "optional":true }, "dynamic-entry-count-warn-threshold":{ "type":"number", "format":"number", "minimum":1, "maximum":100, "partition-visibility":"shared", "description":"Set threshold percentage of \"max-src-dst-entry\" for generating warning logs. Including start and end.", "optional":true }, "zone-template":{ "type":"object", "properties":{ "tcp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS tcp template" }, "udp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS udp template" }, "encap":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)" }, "logging":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS logging template" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "class-list-overflow-policy-list":{ "type":"array", "minItems":1, "items":{ "type":"class-list-overflow-policy" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}/src-based-policy/{src-based-policy-name}/policy-class-list/{class-list-name}/class-list-overflow-policy/{dummy-name}", "array":[ { "properties":{ "dummy-name":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'configuration': Configure overflow policy for class-list; ", "enum":[ "configuration" ], "optional":false }, "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'bypass': Always permit for the Source to bypass all feature & limit checks; 'deny': Blacklist incoming packets for service; ", "enum":[ "bypass", "deny" ], "optional":true }, "log-enable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable logging", "optional":true }, "log-periodic":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable log periodic", "optional":true }, "zone-template":{ "type":"object", "properties":{ "dns":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS dns template" }, "http":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS http template" }, "ssl-l4":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS ssl-l4 template" }, "sip":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS sip template" }, "tcp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS tcp template" }, "udp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS udp template" }, "encap":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)" }, "logging":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS logging template" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "dummy-name" ] } ] } }, "required":[ "class-list-name" ] } ] } }, "required":[ "src-based-policy-name" ] } ] }, "dynamic-entry-overflow-policy-list":{ "type":"array", "minItems":1, "items":{ "type":"dynamic-entry-overflow-policy" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}/dynamic-entry-overflow-policy/{dummy-name}", "array":[ { "properties":{ "dummy-name":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'configuration': Configure overflow policy; ", "enum":[ "configuration" ], "optional":false }, "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'bypass': Always permit for the Source to bypass all feature & limit checks; 'deny': Blacklist incoming packets for service; ", "enum":[ "bypass", "deny" ], "optional":true }, "log-enable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable logging", "optional":true }, "log-periodic":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable log periodic", "optional":true }, "zone-template":{ "type":"object", "properties":{ "dns":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS dns template" }, "http":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS http template" }, "ssl-l4":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS ssl-l4 template" }, "sip":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS sip template" }, "tcp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS tcp template" }, "udp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS udp template" }, "encap":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)" }, "logging":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS logging template" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "dummy-name" ] } ] } }, "required":[ "port-other", "protocol" ] } ] } } }, "port-range-list":{ "type":"array", "minItems":1, "items":{ "type":"port-range" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}", "array":[ { "properties":{ "port-range-start":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Port-Range Start Port Number", "optional":false }, "port-range-end":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Port-Range End Port Number", "optional":false }, "protocol":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'dns-tcp': DNS-TCP Port; 'dns-udp': DNS-UDP Port; 'http': HTTP Port; 'tcp': TCP Port; 'udp': UDP Port; 'ssl-l4': SSL-L4 Port; 'sip-udp': SIP-UDP Port; 'sip-tcp': SIP-TCP Port; 'quic': QUIC Port; ", "enum":[ "dns-tcp", "dns-udp", "http", "tcp", "udp", "ssl-l4", "sip-udp", "sip-tcp", "quic" ], "optional":false }, "manual-mode-enable":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Toggle manual mode to use fix templates", "optional":true }, "deny":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Blacklist and Drop all incoming packets for protocol", "optional":true }, "glid-cfg":{ "type":"object", "properties":{ "glid":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID for the whole zone" }, "glid-action":{ "type":"string", "format":"enum", "plat-neg-list":["softax-ddet"], "partition-visibility":"shared", "not":"action-list", "description":"'drop': Drop packets for glid exceed (Default if default-action-list is not configured); 'ignore': Do nothing for glid exceed; ", "enum":[ "drop", "ignore" ] }, "action-list":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"glid-action", "description":"Configure action-list to take" }, "per-addr-glid":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID per address" } } }, "stateful":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Enable stateful tracking of sessions (Default is stateless)", "optional":true }, "default-action-list":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "description":"Configure default-action-list", "optional":true }, "sflow-common":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "not-list":[ "sflow-packets", "sflow-tcp-basic", "sflow-tcp-stateful", "sflow-http" ], "description":"Enable all sFlow polling options under this zone port", "optional":true }, "sflow-packets":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "not":"sflow-common", "description":"Enable sFlow packet-level counter polling", "optional":true }, "sflow-tcp":{ "type":"object", "properties":{ "sflow-tcp-basic":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "not":"sflow-common", "description":"Enable sFlow basic TCP counter polling" }, "sflow-tcp-stateful":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "not":"sflow-common", "description":"Enable sFlow stateful TCP counter polling" } } }, "sflow-http":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "not":"sflow-common", "description":"Enable sFlow HTTP counter polling", "optional":true }, "max-dynamic-entry-count":{ "type":"number", "format":"number", "plat-neg-list":["softax-ddet"], "minimum":0, "maximum":2147483647, "partition-visibility":"shared", "description":"Maximum count for dynamic source zone service entry", "optional":true }, "dynamic-entry-count-warn-threshold":{ "type":"number", "format":"number", "minimum":1, "maximum":100, "partition-visibility":"shared", "description":"Set threshold percentage of \"max-src-dst-entry\" for generating warning logs. Including start and end.", "optional":true }, "apply-policy-on-overflow":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Enable this flag to apply overflow policy when dynamic entry count overflows", "optional":true }, "enable-class-list-overflow":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Apply class-list overflow policy upon exceeding dynamic entry count specified under zone port or each class-list", "optional":true }, "enable-top-k":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable ddos top-k source IP detection", "optional":true }, "topk-num-records":{ "type":"number", "format":"number", "minimum":1, "maximum":100, "default":20, "partition-visibility":"shared", "description":"Maximum number of records to show in topk", "optional":true }, "topk-sort-key":{ "type":"string", "format":"enum", "default":"avg", "partition-visibility":"shared", "description":"'avg': window average; 'max-peak': max peak; ", "enum":[ "avg", "max-peak" ], "optional":true }, "enable-top-k-destination":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable ddos top-k destination IP detection", "optional":true }, "topk-dst-num-records":{ "type":"number", "format":"number", "minimum":1, "maximum":100, "default":20, "partition-visibility":"shared", "description":"Maximum number of records to show in topk", "optional":true }, "topk-dst-sort-key":{ "type":"string", "format":"enum", "default":"avg", "partition-visibility":"shared", "description":"'avg': window average; 'max-peak': max peak; ", "enum":[ "avg", "max-peak" ], "optional":true }, "age":{ "type":"number", "format":"number", "minimum":2, "maximum":1023, "default":5, "partition-visibility":"shared", "description":"Idle age for ip entry", "optional":true }, "outbound-only":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Only allow outbound traffic", "optional":true }, "faster-de-escalation":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"De-escalate faster in standalone mode", "optional":true }, "capture-config":{ "type":"object", "properties":{ "capture-config-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"Capture-config name" }, "capture-config-mode":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'drop': Apply capture-config to dropped packets; 'forward': Apply capture-config to forwarded packets; 'all': Apply capture-config to both dropped and forwarded packets; ", "enum":[ "drop", "forward", "all" ] } } }, "ip-filtering-policy":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/ip-filtering-policy", "description":"Configure IP Filter", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "ip-filtering-policy-statistics":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/ip-filtering-policy-statistics", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "pattern-recognition":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/pattern-recognition", "properties":{ "algorithm":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'heuristic': heuristic algorithm; ", "enum":[ "heuristic" ] }, "triggered-by":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'zone-escalation': Zone escalation trigger pattern recognition; 'packet-rate-exceeds': Packet rate limit exceeds trigger pattern recognition (default); ", "enum":[ "zone-escalation", "packet-rate-exceeds" ] }, "capture-traffic":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'all': Capture all packets; 'dropped': Capture dropped packets (default); ", "enum":[ "all", "dropped" ] }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "pattern-recognition-pu-details":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/pattern-recognition-pu-details", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "level-list":{ "type":"array", "minItems":1, "items":{ "type":"level" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/level/{level-num}", "array":[ { "properties":{ "level-num":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'0': Default policy level; '1': Policy level 1; '2': Policy level 2; '3': Policy level 3; '4': Policy level 4; ", "enum":[ "0", "1", "2", "3", "4" ], "optional":false }, "src-default-glid":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "glid-action":{ "type":"string", "format":"enum", "plat-neg-list":["softax-ddet"], "partition-visibility":"shared", "description":"'drop': Drop packets for glid exceed (Default); 'blacklist-src': Blacklist-src for glid exceed; 'ignore': Do nothing for glid exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ], "optional":true }, "zone-escalation-score":{ "type":"number", "format":"number", "minimum":1, "maximum":1000000, "partition-visibility":"shared", "description":"Zone activation score of this level", "optional":true }, "zone-violation-actions":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/violation-actions", "description":"Violation actions apply due to zone escalate from this level", "optional":true }, "src-escalation-score":{ "type":"number", "format":"number", "minimum":1, "maximum":1000000, "partition-visibility":"shared", "description":"Source activation score of this level", "optional":true }, "src-violation-actions":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/violation-actions", "description":"Violation actions apply due to source escalate from this level", "optional":true }, "zone-template":{ "type":"object", "properties":{ "quic":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS quic template" }, "dns":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS dns template" }, "http":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS http template" }, "ssl-l4":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS ssl-l4 template" }, "sip":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS sip template" }, "tcp":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS tcp template" }, "udp":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS udp template" }, "encap":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)" } } }, "close-sessions-for-unauth-sources":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Close session for unauthenticated sources", "optional":true }, "close-sessions-for-all-sources":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Close session for all sources", "optional":true }, "clear-sources-upon-deescalation":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Clear sources upon de-escalation from level 1 to 0 or manual to 0", "optional":true }, "start-pattern-recognition":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Start pattern recognition from this level", "optional":true }, "apply-extracted-filters":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Apply extracted filters from this level", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "indicator-list":{ "type":"array", "minItems":1, "items":{ "type":"indicator" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/level/{level-num}/indicator/{type}", "array":[ { "properties":{ "type":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'pkt-rate': rate of incoming packets; 'pkt-drop-rate': rate of packets got dropped; 'bit-rate': rate of incoming bits; 'pkt-drop-ratio': ratio of incoming packet rate divided by the rate of dropping packets; 'bytes-to-bytes-from-ratio': ratio of incoming packet rate divided by the rate of outgoing packets; 'concurrent-conns': number of concurrent connections; 'conn-miss-rate': rate of incoming packets for which no previously established connection exists; 'syn-rate': rate on incoming SYN packets; 'fin-rate': rate on incoming FIN packets; 'rst-rate': rate of incoming RST packets; 'small-window-ack-rate': rate of small window advertisement; 'empty-ack-rate': rate of incoming packets which have no payload; 'small-payload-rate': rate of short payload packet; 'syn-fin-ratio': ratio of incoming SYN packet rate divided by the rate of incoming FIN packets; 'cpu-utilization': average data CPU utilization; 'interface-utilization': outside interface utilization; 'learnt-sources': learnt sources; ", "enum":[ "pkt-rate", "pkt-drop-rate", "bit-rate", "pkt-drop-ratio", "bytes-to-bytes-from-ratio", "concurrent-conns", "conn-miss-rate", "syn-rate", "fin-rate", "rst-rate", "small-window-ack-rate", "empty-ack-rate", "small-payload-rate", "syn-fin-ratio", "cpu-utilization", "interface-utilization", "learnt-sources" ], "optional":false }, "tcp-window-size":{ "type":"number", "format":"number", "minimum":1, "maximum":500, "partition-visibility":"shared", "description":"Expected minimal window size", "optional":true }, "data-packet-size":{ "type":"number", "format":"number", "minimum":1, "maximum":1500, "partition-visibility":"shared", "description":"Expected minimal data size", "optional":true }, "score":{ "type":"number", "format":"number", "minimum":1, "maximum":1000000, "partition-visibility":"shared", "description":"Score corresponding to the indicator", "optional":true }, "src-threshold-num":{ "type":"number", "format":"number", "minimum":1, "maximum":2147483647, "partition-visibility":"shared", "description":"Indicator per-src threshold", "optional":true }, "src-threshold-large-num":{ "type":"number", "format":"number", "minimum":1, "maximum":10995116277760, "partition-visibility":"shared", "description":"Indicator per-src threshold", "optional":true }, "src-threshold-str":{ "type":"string", "format":"string", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"Indicator per-src threshold (Non-zero floating point)", "optional":true }, "src-violation-actions":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/violation-actions", "description":"Violation actions to use when this src indicator threshold reaches", "optional":true }, "zone-threshold-num":{ "type":"number", "format":"number", "minimum":1, "maximum":2147483647, "partition-visibility":"shared", "description":"Threshold for the entire zone", "optional":true }, "zone-threshold-large-num":{ "type":"number", "format":"number", "minimum":1, "maximum":10995116277760, "partition-visibility":"shared", "description":"Threshold for the entire zone", "optional":true }, "zone-threshold-str":{ "type":"string", "format":"string", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"Threshold for the entire zone (Non-zero floating point)", "optional":true }, "zone-violation-actions":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/violation-actions", "description":"Violation actions to use when this zone indicator threshold reaches", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "type" ] } ] } }, "required":[ "level-num" ] } ] }, "manual-mode-list":{ "type":"array", "minItems":1, "items":{ "type":"manual-mode" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/manual-mode/{config}", "array":[ { "properties":{ "config":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'configuration': Manual-mode configuration; ", "enum":[ "configuration" ], "optional":false }, "src-default-glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "glid-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'drop': Drop packets for glid exceed (Default); 'blacklist-src': Blacklist-src for glid exceed; 'ignore': Do nothing for glid exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ], "optional":true }, "zone-template":{ "type":"object", "properties":{ "quic":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS quic template" }, "dns":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS dns template" }, "http":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS http template" }, "ssl-l4":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS ssl-l4 template" }, "sip":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS sip template" }, "tcp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS tcp template" }, "udp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS udp template" }, "encap":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)" } } }, "close-sessions-for-all-sources":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Close session for all sources", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "config" ] } ] }, "port-ind":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/port-ind", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "topk-sources":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/topk-sources", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "topk-destinations":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/topk-destinations", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "src-based-policy-list":{ "type":"array", "minItems":1, "items":{ "type":"src-based-policy" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/src-based-policy/{src-based-policy-name}", "array":[ { "properties":{ "src-based-policy-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Specify name of the policy", "optional":false }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "policy-class-list-list":{ "type":"array", "minItems":1, "items":{ "type":"policy-class-list" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/src-based-policy/{src-based-policy-name}/policy-class-list/{class-list-name}", "array":[ { "properties":{ "class-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Class-list name", "optional":false }, "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "glid-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'drop': Drop packets for glid exceed (Default); 'blacklist-src': Blacklist-src for glid exceed; 'ignore': Do nothing for glid exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ], "optional":true }, "action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'bypass': Always permit for the Source to bypass all feature & limit checks; 'deny': Blacklist incoming packets for service; ", "enum":[ "bypass", "deny" ], "optional":true }, "max-dynamic-entry-count":{ "type":"number", "format":"number", "minimum":0, "maximum":2147483647, "partition-visibility":"shared", "description":"Maximum count for dynamic source zone service entry allowed for this class-list", "optional":true }, "dynamic-entry-count-warn-threshold":{ "type":"number", "format":"number", "minimum":1, "maximum":100, "partition-visibility":"shared", "description":"Set threshold percentage of \"max-src-dst-entry\" for generating warning logs. Including start and end.", "optional":true }, "zone-template":{ "type":"object", "properties":{ "quic":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS quic template" }, "dns":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS dns template" }, "http":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS http template" }, "ssl-l4":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS ssl-l4 template" }, "sip":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS sip template" }, "tcp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS tcp template" }, "udp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS udp template" }, "encap":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)" }, "ips":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"IPS template" }, "logging":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS logging template" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "class-list-overflow-policy-list":{ "type":"array", "minItems":1, "items":{ "type":"class-list-overflow-policy" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/src-based-policy/{src-based-policy-name}/policy-class-list/{class-list-name}/class-list-overflow-policy/{dummy-name}", "array":[ { "properties":{ "dummy-name":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'configuration': Configure overflow policy for class-list; ", "enum":[ "configuration" ], "optional":false }, "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'bypass': Always permit for the Source to bypass all feature & limit checks; 'deny': Blacklist incoming packets for service; ", "enum":[ "bypass", "deny" ], "optional":true }, "log-enable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable logging", "optional":true }, "log-periodic":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable log periodic", "optional":true }, "zone-template":{ "type":"object", "properties":{ "quic":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS quic template" }, "dns":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS dns template" }, "http":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS http template" }, "ssl-l4":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS ssl-l4 template" }, "sip":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS sip template" }, "tcp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS tcp template" }, "udp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS udp template" }, "encap":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)" }, "logging":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS logging template" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "dummy-name" ] } ] } }, "required":[ "class-list-name" ] } ] } }, "required":[ "src-based-policy-name" ] } ] }, "dynamic-entry-overflow-policy-list":{ "type":"array", "minItems":1, "items":{ "type":"dynamic-entry-overflow-policy" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/dynamic-entry-overflow-policy/{dummy-name}", "array":[ { "properties":{ "dummy-name":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'configuration': Configure overflow policy; ", "enum":[ "configuration" ], "optional":false }, "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'bypass': Always permit for the Source to bypass all feature & limit checks; 'deny': Blacklist incoming packets for service; ", "enum":[ "bypass", "deny" ], "optional":true }, "log-enable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable logging", "optional":true }, "log-periodic":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable log periodic", "optional":true }, "zone-template":{ "type":"object", "properties":{ "quic":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS quic template" }, "dns":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS dns template" }, "http":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS http template" }, "ssl-l4":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS ssl-l4 template" }, "sip":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS sip template" }, "tcp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS tcp template" }, "udp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS udp template" }, "encap":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)" }, "logging":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS logging template" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "dummy-name" ] } ] }, "virtualhosts":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/virtualhosts", "properties":{ "vhosts-config":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'configuration': configure virtualhost based mitigation for ssl services; ", "enum":[ "configuration" ] }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" }, "virtualhost-list":{ "type":"array", "minItems":1, "items":{ "type":"virtualhost" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/virtualhosts/virtualhost/{vhost}", "array":[ { "properties":{ "vhost":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"name for virtualhost", "optional":false }, "servername":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "match-type":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'contains': match servername extension when contains this string; 'ends-with': match servername extension when ends with this string; 'equals': match servername extension when equals this string; 'starts-with': match servername extension when starts with this string; ", "enum":[ "contains", "ends-with", "equals", "starts-with" ] }, "host-match-string":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"SNI String" }, "optional":true } } ] }, "servername-list":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Class List to match servername (Class List Name)", "optional":true }, "servername-match-any":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Match when there is no SNI or other servernames are not matched", "optional":true }, "glid-cfg":{ "type":"object", "properties":{ "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID" }, "glid-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'drop': Drop packets for glid exceed (Default); 'ignore': Do nothing for glid exceed; ", "enum":[ "drop", "ignore" ] } } }, "deny":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Blacklist and Drop all incoming packets for protocol", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "level-list":{ "type":"array", "minItems":1, "items":{ "type":"level" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/virtualhosts/virtualhost/{vhost}/level/{level-num}", "array":[ { "properties":{ "level-num":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'0': Default policy level; ", "enum":[ "0" ], "optional":false }, "src-default-glid":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "glid-action":{ "type":"string", "format":"enum", "plat-neg-list":["softax-ddet"], "partition-visibility":"shared", "description":"'drop': Drop packets for glid exceed (Default); 'blacklist-src': Blacklist-src for glid exceed; 'ignore': Do nothing for glid exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ], "optional":true }, "zone-template":{ "type":"object", "properties":{ "ssl-l4":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS ssl-l4 template" }, "tcp":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS tcp template" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "level-num" ] } ] } }, "required":[ "vhost" ] } ] } } } }, "required":[ "port-range-start", "port-range-end", "protocol" ] } ] }, "web-gui":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/web-gui", "properties":{ "status":{ "type":"string", "format":"enum", "default":"newly", "partition-visibility":"shared", "description":"'newly': newly; 'learning': learning; 'learned': learned; 'activated': activated; ", "enum":[ "newly", "learning", "learned", "activated" ] }, "activated-after-learning":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Activate it after learning" }, "create-time":{ "type":"string", "format":"string", "minLength":1, "maxLength":13, "partition-visibility":"shared", "description":"Configure create time" }, "modify-time":{ "type":"string", "format":"string", "minLength":1, "maxLength":13, "partition-visibility":"shared", "description":"Configure modify time" }, "sensitivity":{ "type":"string", "format":"enum", "default":"3", "partition-visibility":"shared", "description":"'5': Low; '3': Medium; '1.5': High; ", "enum":[ "5", "3", "1.5" ] }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" }, "learning":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/web-gui/learning", "properties":{ "duration":{ "type":"string", "format":"enum", "default":"6hour", "partition-visibility":"shared", "description":"'1minute': 1 minute; '6hour': 6 hours; '12hour': 12 hours; '24hour': 24 hours; '7day': 7 days; ", "enum":[ "1minute", "6hour", "12hour", "24hour", "7day" ] }, "starting-time":{ "type":"string", "format":"string", "minLength":1, "maxLength":13, "partition-visibility":"shared", "description":"Configure learning starting time" }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "protection":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/web-gui/protection", "properties":{ "port":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/web-gui/protection/port", "properties":{ "zone-service-list":{ "type":"array", "minItems":1, "items":{ "type":"zone-service" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/web-gui/protection/port/zone-service/{port-num}+{protocol}", "array":[ { "properties":{ "port-num":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Port Number", "optional":false }, "protocol":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'dns-tcp': DNS-TCP Port; 'dns-udp': DNS-UDP Port; 'http': HTTP Port; 'tcp': TCP Port; 'udp': UDP Port; 'ssl-l4': SSL-L4 Port; ", "enum":[ "dns-tcp", "dns-udp", "http", "tcp", "udp", "ssl-l4" ], "optional":false }, "pbe":{ "type":"string", "format":"string", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"Peak Bandwidth Expected", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true } }, "required":[ "port-num", "protocol" ] } ] }, "zone-service-other-list":{ "type":"array", "minItems":1, "items":{ "type":"zone-service-other" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/web-gui/protection/port/zone-service-other/{port-other}+{protocol}", "array":[ { "properties":{ "port-other":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'other': other; ", "enum":[ "other" ], "optional":false }, "protocol":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'tcp': TCP Port; 'udp': UDP Port; ", "enum":[ "tcp", "udp" ], "optional":false }, "pbe":{ "type":"string", "format":"string", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"Peak Bandwidth Expected", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true } }, "required":[ "port-other", "protocol" ] } ] } } }, "ip-proto":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/web-gui/protection/ip-proto", "properties":{ "proto-name-list":{ "type":"array", "minItems":1, "items":{ "type":"proto-name" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/web-gui/protection/ip-proto/proto-name/{protocol}", "array":[ { "properties":{ "protocol":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'icmp-v4': ip-proto icmp-v4; 'icmp-v6': ip-proto icmp-v6; ", "enum":[ "icmp-v4", "icmp-v6" ], "optional":false }, "pbe":{ "type":"string", "format":"string", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"Peak Bandwidth Expected", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "protocol" ] } ] } } }, "port-range-list":{ "type":"array", "minItems":1, "items":{ "type":"port-range" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/web-gui/protection/port-range/{port-range-start}+{port-range-end}+{protocol}", "array":[ { "properties":{ "port-range-start":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Port-Range Start Port Number", "optional":false }, "port-range-end":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Port-Range End Port Number", "optional":false }, "protocol":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'dns-tcp': DNS-TCP Port; 'dns-udp': DNS-UDP Port; 'http': HTTP Port; 'tcp': TCP Port; 'udp': UDP Port; 'ssl-l4': SSL-L4 Port; ", "enum":[ "dns-tcp", "dns-udp", "http", "tcp", "udp", "ssl-l4" ], "optional":false }, "pbe":{ "type":"string", "format":"string", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"Peak Bandwidth Expected", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "port-range-start", "port-range-end", "protocol" ] } ] } } } } } }, "object-keys":[ "zone-name" ], "required":[ "zone-name" ] }