ddos dst¶
Create dest-ip limit entry
dst Specification¶
Parameter Value Type Intermediate Resource Element Name dst Element URI /axapi/v3/ddos/dst Element Attributes dst_attributes Partition Visibility shared Schema dst schemaOperations Allowed:
| Operation | Method | URI | Payload | |
|---|---|---|---|---|
Get Object | GET | /axapi/v3/ddos/dst | dst_attributes |
dst attributes¶
default-list
Type: List
Reference Object: /axapi/v3/ddos/dst/default/{default-address-type}
dynamic-entries-resource-usage
Description: dynamic-entries-resource-usage is a JSON Block. Please see below for dynamic-entries-resource-usage
Type: Object
Reference Object: /axapi/v3/ddos/dst/dynamic-entries-resource-usage
dynamic-entry
Description: dynamic-entry is a JSON Block. Please see below for dynamic-entry
Type: Object
Reference Object: /axapi/v3/ddos/dst/dynamic-entry
dynamic-entry-overflow-policy-list
Type: List
Reference Object: /axapi/v3/ddos/dst/dynamic-entry-overflow-policy/{default-address-type}
entry-list
Type: List
Reference Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}
interface-ip-list
Type: List
Reference Object: /axapi/v3/ddos/dst/interface-ip/{addr}
interface-ipv6-list
Type: List
Reference Object: /axapi/v3/ddos/dst/interface-ipv6/{addr}
zone-list
Type: List
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}
interface-ip-list¶
Specification Value Type list Block object keys addr
Description IP address of interface
Type: string
Format: ipv4-address
ip-proto-list
Type: List
Reference Object: /axapi/v3/ddos/dst/interface-ip/{addr}/ip-proto/{port-num}
l4-type-list
Type: List
Reference Object: /axapi/v3/ddos/dst/interface-ip/{addr}/l4-type/{protocol}
log-enable
Description Enable logging of limit exceed drops
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
log-periodic
Description Enable periodic log while event is continuing
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
port-list
Type: List
Reference Object: /axapi/v3/ddos/dst/interface-ip/{addr}/port/{port-num}+{protocol}
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
interface-ip-list_port-list¶
Specification Value Type list Block object keys deny
Description Blacklist and Drop all incoming packets for protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
port-num
Description Port Number
Type: number
Range: 1-65535
protocol
Description ‘tcp’: tcp; ‘udp’: udp;
Type: string
Supported Values: tcp, udp
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
interface-ip-list_ip-proto-list¶
Specification Value Type list Block object keys deny
Description Blacklist and Drop all incoming packets for protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
port-num
Description IP protocol number
Type: number
Range: 0-255
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
interface-ip-list_l4-type-list¶
Specification Value Type list Block object keys deny
Description Blacklist and Drop all incoming packets for protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
drop-frag-pkt
Description Drop fragmented packets
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
protocol
Description ‘tcp’: tcp; ‘udp’: udp; ‘icmp’: icmp; ‘other’: other;
Type: string
Supported Values: tcp, udp, icmp, other
tunnel-decap
Description: tunnel-decap is a JSON Block. Please see below for interface-ip-list_l4-type-list_tunnel-decap
Type: Object
tunnel-rate-limit
Description: tunnel-rate-limit is a JSON Block. Please see below for interface-ip-list_l4-type-list_tunnel-rate-limit
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
interface-ip-list_l4-type-list_tunnel-decap¶
Specification Value Type object gre-decap
Description Enable GRE Tunnel decapsulation
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
ip-decap
Description Enable IP Tunnel decapsulation
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
key-cfg
Type: List
interface-ip-list_l4-type-list_tunnel-decap_key-cfg¶
Specification Value Type list Block object keys key
Description Only decapsulate GRE packet with this key (Hexadecimal 0x0-0xFFFFFFFF,decimal 0-4294967295)
Type: string
Maximum Length: 10 characters
Maximum Length: 1 characters
interface-ip-list_l4-type-list_tunnel-rate-limit¶
Specification Value Type object gre-rate-limit
Description Enable inner IP rate limiting on GRE traffic
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
ip-rate-limit
Description Enable inner IP rate limiting on IPinIP traffic
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
default-list¶
Specification Value Type list Block object keys age
Description Idle age for ip entry
Type: number
Range: 5-1023
apply-policy-on-overflow
Description Enable this flag to apply overflow policy when dynamic entry count overflows
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
default-address-type
Description ‘ip’: ip; ‘ipv6’: ipv6;
Type: string
Supported Values: ip, ipv6
deny
Description Blacklist and Drop all incoming packets
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
disable
Description Disable
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
drop-disable
Description Disable certain drops during packet processing
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
drop-disable-fwd-immediate
Description Immediately forward L4 drops
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
drop-frag-pkt
Description Drop fragmented packets
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exceed-log-cfg
Description: exceed-log-cfg is a JSON Block. Please see below for default-list_exceed-log-cfg
Type: Object
exceed-log-dep-cfg
Description: exceed-log-dep-cfg is a JSON Block. Please see below for default-list_exceed-log-dep-cfg
Type: Object
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
inbound-forward-dscp
Description To set dscp value for inbound packets (DSCP Value for the clear traffic marking)
Type: number
Range: 1-63
ip-proto-list
Type: List
Reference Object: /axapi/v3/ddos/dst/default/{default-address-type}/ip-proto/{port-num}
l4-type-list
Type: List
Reference Object: /axapi/v3/ddos/dst/default/{default-address-type}/l4-type/{protocol}
log-periodic
Description Enable periodic log while event is continuing
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
max-dynamic-entry-count
Description Maximum count for dynamic dst entry
Type: number
Range: 0-2147483647
outbound-forward-dscp
Description To set dscp value for outbound
Type: number
Range: 1-63
port-list
Type: List
Reference Object: /axapi/v3/ddos/dst/default/{default-address-type}/port/{port-num}+{protocol}
src-port-list
Type: List
Reference Object: /axapi/v3/ddos/dst/default/{default-address-type}/src-port/{port-num}+{protocol}
template
Description: template is a JSON Block. Please see below for default-list_template
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
default-list_port-list¶
Specification Value Type list Block object keys deny
Description Blacklist and Drop all incoming packets for protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
port-num
Description Port Number
Type: number
Range: 0-65535
protocol
Description ‘dns-tcp’: dns-tcp; ‘dns-udp’: dns-udp; ‘http’: http; ‘tcp’: tcp; ‘udp’: udp; ‘ssl-l4’: ssl-l4; ‘sip-udp’: sip-udp; ‘sip-tcp’: sip-tcp;
Type: string
Supported Values: dns-tcp, dns-udp, http, tcp, udp, ssl-l4, sip-udp, sip-tcp
template
Description: template is a JSON Block. Please see below for default-list_port-list_template
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
default-list_port-list_template¶
Specification Value Type object dns
Description DDOS dns template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
http
Description DDOS http template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
sip
Description DDOS sip template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
ssl-l4
Description DDOS ssl-l4 template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
tcp
Description DDOS tcp template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
udp
Description DDOS udp template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
default-list_template¶
Specification Value Type object logging
Description DDOS logging template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
default-list_l4-type-list¶
Specification Value Type list Block object keys deny
Description Blacklist and Drop all incoming packets for protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
drop-frag-pkt
Description Drop fragmented packets
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
drop-on-no-port-match
Description ‘disable’: disable; ‘enable’: enable;
Type: string
Supported Values: disable, enable
Default: enable
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
max-rexmit-syn-per-flow
Description Maximum number of re-transmit SYN per flow. Exceed action set to Drop
Type: number
Range: 1-6
protocol
Description ‘tcp’: tcp; ‘udp’: udp; ‘icmp’: icmp; ‘other’: other;
Type: string
Supported Values: tcp, udp, icmp, other
stateful
Description Enable stateful tracking of sessions (Default is stateless)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
syn-auth
Description ‘send-rst’: Send RST to client upon client ACK; ‘force-rst-by-ack’: Force client RST via the use of ACK; ‘force-rst-by-synack’: Force client RST via the use of bad SYN|ACK; ‘disable’: Disable TCP SYN Authentication;
Type: string
Supported Values: send-rst, force-rst-by-ack, force-rst-by-synack, disable
Default: send-rst
syn-cookie
Description Enable SYN Cookie
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
tcp-reset-client
Description Send reset to client when rate exceeds or session ages out
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
tcp-reset-server
Description Send reset to server when rate exceeds or session ages out
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
tunnel-decap
Description: tunnel-decap is a JSON Block. Please see below for default-list_l4-type-list_tunnel-decap
Type: Object
tunnel-rate-limit
Description: tunnel-rate-limit is a JSON Block. Please see below for default-list_l4-type-list_tunnel-rate-limit
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
default-list_l4-type-list_tunnel-rate-limit¶
Specification Value Type object gre-rate-limit
Description Enable inner IP rate limiting on GRE traffic
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
ip-rate-limit
Description Enable inner IP rate limiting on IPinIP traffic
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
default-list_l4-type-list_tunnel-decap¶
Specification Value Type object gre-decap
Description Enable GRE Tunnel decapsulation
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
ip-decap
Description Enable IP Tunnel decapsulation
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
key-cfg
Type: List
default-list_l4-type-list_tunnel-decap_key-cfg¶
Specification Value Type list Block object keys key
Description Only decapsulate GRE packet with this key (Hexadecimal 0x0-0xFFFFFFFF,decimal 0-4294967295)
Type: string
Maximum Length: 10 characters
Maximum Length: 1 characters
default-list_src-port-list¶
Specification Value Type list Block object keys deny
Description Blacklist and Drop all incoming packets for protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
port-num
Description Port Number
Type: number
Range: 0-65535
protocol
Description ‘udp’: udp; ‘tcp’: tcp;
Type: string
Supported Values: udp, tcp
template
Description: template is a JSON Block. Please see below for default-list_src-port-list_template
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
default-list_src-port-list_template¶
Specification Value Type object src-tcp
Description DDOS tcp src template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
src-udp
Description DDOS udp src template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
default-list_ip-proto-list¶
Specification Value Type list Block object keys deny
Description Blacklist and Drop all incoming packets for protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
port-num
Description Protocol Number
Type: number
Range: 0-255
template
Description: template is a JSON Block. Please see below for default-list_ip-proto-list_template
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
default-list_ip-proto-list_template¶
Specification Value Type object other
Description DDOS other template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
default-list_exceed-log-cfg¶
Specification Value Type object log-enable
Description Enable logging of limit exceed drop’s
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
with-sflow-sample
Description Turn on sflow sample with log
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
default-list_exceed-log-dep-cfg¶
Specification Value Type object exceed-log-enable
Description (Deprecated)Enable logging of limit exceed drop’s
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
log-with-sflow-dep
Description Turn on sflow sample with log
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dynamic-entries-resource-usage¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
interface-ipv6-list¶
Specification Value Type list Block object keys addr
Description IPv6 address of interface
Type: string
Format: ipv6-address
ip-proto-list
Type: List
Reference Object: /axapi/v3/ddos/dst/interface-ipv6/{addr}/ip-proto/{port-num}
l4-type-list
Type: List
Reference Object: /axapi/v3/ddos/dst/interface-ipv6/{addr}/l4-type/{protocol}
log-enable
Description Enable logging of limit exceed drops
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
port-list
Type: List
Reference Object: /axapi/v3/ddos/dst/interface-ipv6/{addr}/port/{port-num}+{protocol}
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
interface-ipv6-list_port-list¶
Specification Value Type list Block object keys deny
Description Blacklist and Drop all incoming packets for protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
port-num
Description Port Number
Type: number
Range: 1-65535
protocol
Description ‘tcp’: tcp; ‘udp’: udp;
Type: string
Supported Values: tcp, udp
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
interface-ipv6-list_ip-proto-list¶
Specification Value Type list Block object keys deny
Description Blacklist and Drop all incoming packets for protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
port-num
Description IP protocol number
Type: number
Range: 0-255
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
interface-ipv6-list_l4-type-list¶
Specification Value Type list Block object keys deny
Description Blacklist and Drop all incoming packets for protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
drop-frag-pkt
Description Drop fragmented packets
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
protocol
Description ‘tcp’: tcp; ‘udp’: udp; ‘icmp’: icmp; ‘other’: other;
Type: string
Supported Values: tcp, udp, icmp, other
tunnel-decap
Description: tunnel-decap is a JSON Block. Please see below for interface-ipv6-list_l4-type-list_tunnel-decap
Type: Object
tunnel-rate-limit
Description: tunnel-rate-limit is a JSON Block. Please see below for interface-ipv6-list_l4-type-list_tunnel-rate-limit
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
interface-ipv6-list_l4-type-list_tunnel-decap¶
Specification Value Type object gre-decap
Description Enable GRE Tunnel decapsulation
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
ip-decap
Description Enable IP Tunnel decapsulation
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
key-cfg
Type: List
interface-ipv6-list_l4-type-list_tunnel-decap_key-cfg¶
Specification Value Type list Block object keys key
Description Only decapsulate GRE packet with this key (Hexadecimal 0x0-0xFFFFFFFF,decimal 0-4294967295)
Type: string
Maximum Length: 10 characters
Maximum Length: 1 characters
interface-ipv6-list_l4-type-list_tunnel-rate-limit¶
Specification Value Type object gre-rate-limit
Description Enable inner IP rate limiting on GRE traffic
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
ip-rate-limit
Description Enable inner IP rate limiting on IPinIP traffic
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
entry-list¶
Specification Value Type list Block object keys advertised-enable
Description BGP advertised
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
blackhole-on-glid-exceed
Description Blackhole destination entry for X minutes upon glid limit exceeded
Type: number
Range: 1-30
capture-config-list
Type: List
Reference Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/capture-config/{name}
description
Description Description for this Destination Entry
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
dest-nat-ip
Description Destination NAT IP address
Type: string
Format: ipv4-address
dest-nat-ipv6
Description Destination NAT IPv6 address
Type: string
Format: ipv6-address
drop-disable
Description Disable certain drops during packet processing
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
drop-disable-fwd-immediate
Description Immediately forward L4 drops
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
drop-frag-pkt
Description Drop fragmented packets
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
drop-on-no-src-dst-default
Description Drop if no match with src-based-policy class-list, and default is not configured
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dst-entry-name
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
dynamic-entry-overflow-policy-list
Type: List
Reference Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/dynamic-entry-overflow-policy/{dummy-name}
enable-top-k
Type: Listexceed-log-cfg
Description: exceed-log-cfg is a JSON Block. Please see below for entry-list_exceed-log-cfg
Type: Object
exceed-log-dep-cfg
Description: exceed-log-dep-cfg is a JSON Block. Please see below for entry-list_exceed-log-dep-cfg
Type: Object
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
glid-exceed-action
Description: glid-exceed-action is a JSON Block. Please see below for entry-list_glid-exceed-action
Type: Object
hw-blacklist-blocking
Description: hw-blacklist-blocking is a JSON Block. Please see below for entry-list_hw-blacklist-blocking
Type: Object
Reference Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/hw-blacklist-blocking
inbound-forward-dscp
Description To set dscp value for inbound packets (DSCP Value for the clear traffic marking)
Type: number
Range: 1-63
ip-addr
Description
Type: string
Format: ipv4-address
ip-proto-list
Type: List
Reference Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/ip-proto/{port-num}
ipv6-addr
Description
Type: string
Format: ipv6-address
l4-type-list
Type: List
Reference Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/l4-type/{protocol}
log-periodic
Description Enable periodic log while event is continuing
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
operational-mode
Description ‘protection’: Protection mode; ‘bypass’: Bypass mode;
Type: string
Supported Values: protection, bypass
Default: protection
outbound-forward-dscp
Description To set dscp value for outbound
Type: number
Range: 1-63
pattern-recognition-hw-filter-enable
Description to enable pattern recognition hardware filter
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
port-list
Type: List
Reference Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/port/{port-num}+{protocol}
port-range-list
Type: List
Reference Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/port-range/{port-range-start}+{port-range-end}+{protocol}
reporting-disabled
Description Disable Reporting
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sflow
Description: sflow is a JSON Block. Please see below for entry-list_sflow
Type: Object
source-nat-pool
Description Configure source NAT
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
src-dst-pair
Description: src-dst-pair is a JSON Block. Please see below for entry-list_src-dst-pair
Type: Object
Reference Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair
src-dst-pair-class-list-list
Type: List
Reference Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair-class-list/{class-list-name}
src-dst-pair-policy-list
Type: List
Reference Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair-policy/{src-based-policy-name}
src-dst-pair-settings-list
Type: List
Reference Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair-settings/{all-types}
src-port-list
Type: List
Reference Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/src-port/{port-num}+{protocol}
src-port-range-list
Type: List
Reference Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/src-port-range/{src-port-range-start}+{src-port-range-end}+{protocol}
subnet-ip-addr
Description IP Subnet
Type: string
Format: ipv4-cidr
subnet-ipv6-addr
Description IPV6 Subnet
Type: string
Format: ipv6-address-plen
template
Description: template is a JSON Block. Please see below for entry-list_template
Type: Object
topk-destinations
Description: topk-destinations is a JSON Block. Please see below for entry-list_topk-destinations
Type: Object
Reference Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/topk-destinations
traffic-distribution-mode
Description ‘default’: Distribute traffic to one slot using default distribution mechanism; ‘source-ip-based’: Distribute traffic between slots, based on source ip;
Type: string
Supported Values: default, source-ip-based
Default: default
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
entry-list_port-list¶
Specification Value Type list Block object keys capture-config
Description: capture-config is a JSON Block. Please see below for entry-list_port-list_capture-config
Type: Object
deny
Description Blacklist and Drop all incoming packets for protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
detection-enable
Description Enable ddos detection
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dns-cache
Description DNS Cache Instance
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/dns-cache
enable-top-k
Description Enable ddos top-k entries
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
glid-exceed-action
Description: glid-exceed-action is a JSON Block. Please see below for entry-list_port-list_glid-exceed-action
Type: Object
pattern-recognition
Description: pattern-recognition is a JSON Block. Please see below for entry-list_port-list_pattern-recognition
Type: Object
Reference Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/port/{port-num}+{protocol}/pattern-recognition
pattern-recognition-pu-details
Description: pattern-recognition-pu-details is a JSON Block. Please see below for entry-list_port-list_pattern-recognition-pu-details
Type: Object
Reference Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/port/{port-num}+{protocol}/pattern-recognition-pu-details
port-ind
Description: port-ind is a JSON Block. Please see below for entry-list_port-list_port-ind
Type: Object
Reference Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/port/{port-num}+{protocol}/port-ind
port-num
Description Port Number
Type: number
Range: 0-65535
protocol
Description ‘dns-tcp’: DNS-TCP Port; ‘dns-udp’: DNS-UDP Port; ‘http’: HTTP Port; ‘tcp’: TCP Port; ‘udp’: UDP Port; ‘ssl-l4’: SSL-L4 Port; ‘sip-udp’: SIP-UDP Port; ‘sip-tcp’: SIP-TCP Port;
Type: string
Supported Values: dns-tcp, dns-udp, http, tcp, udp, ssl-l4, sip-udp, sip-tcp
sflow
Description: sflow is a JSON Block. Please see below for entry-list_port-list_sflow
Type: Object
signature-extraction
Description: signature-extraction is a JSON Block. Please see below for entry-list_port-list_signature-extraction
Type: Object
Reference Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/port/{port-num}+{protocol}/signature-extraction
template
Description: template is a JSON Block. Please see below for entry-list_port-list_template
Type: Object
topk-num-records
Description Maximum number of records to show in topk
Type: number
Range: 1-100
Default: 20
topk-sort-key
Description ‘avg’: window average; ‘max-peak’: max peak;
Type: string
Supported Values: avg, max-peak
Default: avg
topk-sources
Description: topk-sources is a JSON Block. Please see below for entry-list_port-list_topk-sources
Type: Object
Reference Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/port/{port-num}+{protocol}/topk-sources
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
entry-list_port-list_pattern-recognition¶
Specification Value Type object algorithm
Description ‘heuristic’: heuristic algorithm;
Type: string
Supported Values: heuristic
mode
Description ‘capture-never-expire’: War-time capture without rate exceeding and never expires; ‘manual’: Manual mode;
Type: string
Supported Values: capture-never-expire, manual
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
entry-list_port-list_sflow¶
Specification Value Type object polling
Description: polling is a JSON Block. Please see below for entry-list_port-list_sflow_polling
Type: Object
entry-list_port-list_sflow_polling¶
Specification Value Type object sflow-http
Description Enable sFlow HTTP counter polling
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sflow-packets
Description Enable sFlow packet-level counter polling
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sflow-tcp
Description: sflow-tcp is a JSON Block. Please see below for entry-list_port-list_sflow_polling_sflow-tcp
Type: Object
entry-list_port-list_sflow_polling_sflow-tcp¶
Specification Value Type object sflow-tcp-basic
Description Enable sFlow basic TCP counter polling
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sflow-tcp-stateful
Description Enable sFlow stateful TCP counter polling
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
entry-list_port-list_capture-config¶
Specification Value Type object capture-config-mode
Description ‘drop’: Apply capture-config to dropped packets; ‘forward’: Apply capture-config to forwarded packets; ‘all’: Apply capture-config to both dropped and forwarded packets;
Type: string
Supported Values: drop, forward, all
capture-config-name
Description Capture-config name
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
entry-list_port-list_pattern-recognition-pu-details¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
entry-list_port-list_port-ind¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
entry-list_port-list_signature-extraction¶
Specification Value Type object algorithm
Description ‘heuristic’: heuristic algorithm;
Type: string
Supported Values: heuristic
manual-mode
Description Enable manual mode
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
entry-list_port-list_template¶
Specification Value Type object dns
Description DDOS dns template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
http
Description DDOS http template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
sip
Description DDOS sip template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
ssl-l4
Description DDOS SSL-L4 template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
tcp
Description DDOS tcp template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
udp
Description DDOS udp template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
entry-list_port-list_glid-exceed-action¶
Specification Value Type object stateless-encap-action-cfg
Description: stateless-encap-action-cfg is a JSON Block. Please see below for entry-list_port-list_glid-exceed-action_stateless-encap-action-cfg
Type: Object
entry-list_port-list_glid-exceed-action_stateless-encap-action-cfg¶
Specification Value Type object encap-template
Description Apply legacy encap template for encap action
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/template/encap
stateless-encap-action
Description ‘stateless-tunnel-encap’: Encapsulate all packets; ‘stateless-tunnel-encap-scrubbed’: Encapsulate all packets and allow packets to go through other DDoS checks before sent (conn-limit exceeded packet can not be scrubbed, it will default to stateless-tunnel-encap);
Type: string
Supported Values: stateless-tunnel-encap, stateless-tunnel-encap-scrubbed
entry-list_port-list_topk-sources¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
entry-list_capture-config-list¶
Specification Value Type list Block object keys mode
Description ‘drop’: Apply capture-config to dropped packets; ‘forward’: Apply capture-config to forwarded packets; ‘all’: Apply capture-config to both dropped and forwarded packets;
Type: string
Supported Values: drop, forward, all
name
Description Capture-config name
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/capture-config
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
entry-list_dynamic-entry-overflow-policy-list¶
Specification Value Type list Block object keys app-type-src-dst-list
Type: List
Reference Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/dynamic-entry-overflow-policy/{dummy-name}/app-type-src-dst/{protocol}
bypass
Description Always permit for the Source to bypass all feature & limit checks
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dummy-name
Description ‘configuration’: Configure src dst dynamic entry count overflow policy;
Type: string
Supported Values: configuration
exceed-log-cfg
Description: exceed-log-cfg is a JSON Block. Please see below for entry-list_dynamic-entry-overflow-policy-list_exceed-log-cfg
Type: Object
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
l4-type-src-dst-list
Type: List
Reference Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/dynamic-entry-overflow-policy/{dummy-name}/l4-type-src-dst/{protocol}
log-periodic
Description Enable periodic log while event is continuing
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
template
Description: template is a JSON Block. Please see below for entry-list_dynamic-entry-overflow-policy-list_template
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
entry-list_dynamic-entry-overflow-policy-list_template¶
Specification Value Type object logging
Description DDOS logging template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
entry-list_dynamic-entry-overflow-policy-list_app-type-src-dst-list¶
Specification Value Type list Block object keys protocol
Description ‘dns’: dns; ‘http’: http; ‘ssl-l4’: ssl-l4; ‘sip’: sip;
Type: string
Supported Values: dns, http, ssl-l4, sip
template
Description: template is a JSON Block. Please see below for entry-list_dynamic-entry-overflow-policy-list_app-type-src-dst-list_template
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
entry-list_dynamic-entry-overflow-policy-list_app-type-src-dst-list_template¶
Specification Value Type object dns
Description DDOS dns template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
http
Description DDOS http template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
sip
Description DDOS sip template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
ssl-l4
Description DDOS SSL-L4 template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
entry-list_dynamic-entry-overflow-policy-list_l4-type-src-dst-list¶
Specification Value Type list Block object keys deny
Description Blacklist and Drop all incoming packets for protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
protocol
Description ‘tcp’: tcp; ‘udp’: udp; ‘icmp’: icmp; ‘other’: other;
Type: string
Supported Values: tcp, udp, icmp, other
template
Description: template is a JSON Block. Please see below for entry-list_dynamic-entry-overflow-policy-list_l4-type-src-dst-list_template
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
entry-list_dynamic-entry-overflow-policy-list_l4-type-src-dst-list_template¶
Specification Value Type object other
Description DDOS OTHER template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
tcp
Description DDOS TCP template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
template-icmp-v4
Description DDOS icmp-v4 template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
Mutual Exclusion: template-icmp-v4 and template-icmp-v6 are mutually exclusive
template-icmp-v6
Description DDOS icmp-v6 template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
Mutual Exclusion: template-icmp-v6 and template-icmp-v4 are mutually exclusive
udp
Description DDOS UDP template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
entry-list_dynamic-entry-overflow-policy-list_exceed-log-cfg¶
Specification Value Type object log-enable
Description Enable logging of limit exceed drop’s
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
entry-list_port-range-list¶
Specification Value Type list Block object keys capture-config
Description: capture-config is a JSON Block. Please see below for entry-list_port-range-list_capture-config
Type: Object
deny
Description Blacklist and Drop all incoming packets for protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
detection-enable
Description Enable ddos detection
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
enable-top-k
Description Enable ddos top-k entries
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
glid-exceed-action
Description: glid-exceed-action is a JSON Block. Please see below for entry-list_port-range-list_glid-exceed-action
Type: Object
ip-filtering-policy
Description Configure IP Filter
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/ip-filtering-policy
pattern-recognition
Description: pattern-recognition is a JSON Block. Please see below for entry-list_port-range-list_pattern-recognition
Type: Object
Reference Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/pattern-recognition
pattern-recognition-pu-details
Description: pattern-recognition-pu-details is a JSON Block. Please see below for entry-list_port-range-list_pattern-recognition-pu-details
Type: Object
Reference Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/pattern-recognition-pu-details
port-ind
Description: port-ind is a JSON Block. Please see below for entry-list_port-range-list_port-ind
Type: Object
Reference Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/port-ind
port-range-end
Description Port-Range End Port Number
Type: number
Range: 1-65535
port-range-start
Description Port-Range Start Port Number
Type: number
Range: 1-65535
protocol
Description ‘dns-tcp’: DNS-TCP Port; ‘dns-udp’: DNS-UDP Port; ‘http’: HTTP Port; ‘tcp’: TCP Port; ‘udp’: UDP Port; ‘ssl-l4’: SSL-L4 Port; ‘sip-udp’: SIP-UDP Port; ‘sip-tcp’: SIP-TCP Port;
Type: string
Supported Values: dns-tcp, dns-udp, http, tcp, udp, ssl-l4, sip-udp, sip-tcp
sflow
Description: sflow is a JSON Block. Please see below for entry-list_port-range-list_sflow
Type: Object
template
Description: template is a JSON Block. Please see below for entry-list_port-range-list_template
Type: Object
topk-num-records
Description Maximum number of records to show in topk
Type: number
Range: 1-100
Default: 20
topk-sort-key
Description ‘avg’: window average; ‘max-peak’: max peak;
Type: string
Supported Values: avg, max-peak
Default: avg
topk-sources
Description: topk-sources is a JSON Block. Please see below for entry-list_port-range-list_topk-sources
Type: Object
Reference Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/topk-sources
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
entry-list_port-range-list_pattern-recognition¶
Specification Value Type object algorithm
Description ‘heuristic’: heuristic algorithm;
Type: string
Supported Values: heuristic
mode
Description ‘capture-never-expire’: War-time capture without rate exceeding and never expires; ‘manual’: Manual mode;
Type: string
Supported Values: capture-never-expire, manual
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
entry-list_port-range-list_pattern-recognition-pu-details¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
entry-list_port-range-list_capture-config¶
Specification Value Type object capture-config-mode
Description ‘drop’: Apply capture-config to dropped packets; ‘forward’: Apply capture-config to forwarded packets; ‘all’: Apply capture-config to both dropped and forwarded packets;
Type: string
Supported Values: drop, forward, all
capture-config-name
Description Capture-config name
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
entry-list_port-range-list_sflow¶
Specification Value Type object polling
Description: polling is a JSON Block. Please see below for entry-list_port-range-list_sflow_polling
Type: Object
entry-list_port-range-list_sflow_polling¶
Specification Value Type object sflow-http
Description Enable sFlow HTTP counter polling
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sflow-packets
Description Enable sFlow packet-level counter polling
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sflow-tcp
Description: sflow-tcp is a JSON Block. Please see below for entry-list_port-range-list_sflow_polling_sflow-tcp
Type: Object
entry-list_port-range-list_sflow_polling_sflow-tcp¶
Specification Value Type object sflow-tcp-basic
Description Enable sFlow basic TCP counter polling
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sflow-tcp-stateful
Description Enable sFlow stateful TCP counter polling
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
entry-list_port-range-list_port-ind¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
entry-list_port-range-list_template¶
Specification Value Type object dns
Description DDOS dns template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
http
Description DDOS http template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
sip
Description DDOS sip template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
ssl-l4
Description DDOS SSL-L4 template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
tcp
Description DDOS tcp template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
udp
Description DDOS udp template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
entry-list_port-range-list_glid-exceed-action¶
Specification Value Type object stateless-encap-action-cfg
Description: stateless-encap-action-cfg is a JSON Block. Please see below for entry-list_port-range-list_glid-exceed-action_stateless-encap-action-cfg
Type: Object
entry-list_port-range-list_glid-exceed-action_stateless-encap-action-cfg¶
Specification Value Type object encap-template
Description Apply legacy encap template for encap action
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/template/encap
stateless-encap-action
Description ‘stateless-tunnel-encap’: Encapsulate all packets; ‘stateless-tunnel-encap-scrubbed’: Encapsulate all packets and allow packets to go through other DDoS checks before sent (conn-limit exceeded packet can not be scrubbed, it will default to stateless-tunnel-encap);
Type: string
Supported Values: stateless-tunnel-encap, stateless-tunnel-encap-scrubbed
entry-list_port-range-list_topk-sources¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
entry-list_hw-blacklist-blocking¶
Specification Value Type object dst-enable
Description Enable Dst side hardware blocking
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
src-enable
Description Enable Src side hardware blocking
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
entry-list_src-dst-pair-class-list-list¶
Specification Value Type list Block object keys app-type-src-dst-list
Type: List
Reference Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair-class-list/{class-list-name}/app-type-src-dst/{protocol}
cid-list
Type: List
Reference Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair-class-list/{class-list-name}/cid/{cid-num}
class-list-name
Description Class-list name
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
exceed-log-cfg
Description: exceed-log-cfg is a JSON Block. Please see below for entry-list_src-dst-pair-class-list-list_exceed-log-cfg
Type: Object
l4-type-src-dst-list
Type: List
Reference Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair-class-list/{class-list-name}/l4-type-src-dst/{protocol}
log-periodic
Description Enable periodic log while event is continuing
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
entry-list_src-dst-pair-class-list-list_cid-list¶
Specification Value Type list Block object keys app-type-src-dst-cid-list
cid-num
Description Class-list id
Type: number
Range: 1-32
exceed-log-cfg
Description: exceed-log-cfg is a JSON Block. Please see below for entry-list_src-dst-pair-class-list-list_cid-list_exceed-log-cfg
Type: Object
l4-type-src-dst-cid-list
log-periodic
Description Enable periodic log while event is continuing
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
entry-list_src-dst-pair-class-list-list_cid-list_app-type-src-dst-cid-list¶
Specification Value Type list Block object keys protocol
Description ‘dns’: dns; ‘http’: http; ‘ssl-l4’: ssl-l4; ‘sip’: sip;
Type: string
Supported Values: dns, http, ssl-l4, sip
template
Description: template is a JSON Block. Please see below for entry-list_src-dst-pair-class-list-list_cid-list_app-type-src-dst-cid-list_template
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
entry-list_src-dst-pair-class-list-list_cid-list_app-type-src-dst-cid-list_template¶
Specification Value Type object dns
Description DDOS dns template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
http
Description DDOS http template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
sip
Description DDOS sip template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
ssl-l4
Description DDOS SSL-L4 template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
entry-list_src-dst-pair-class-list-list_cid-list_l4-type-src-dst-cid-list¶
Specification Value Type list Block object keys deny
Description Blacklist and Drop all incoming packets for protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
protocol
Description ‘tcp’: tcp; ‘udp’: udp; ‘icmp’: icmp; ‘other’: other;
Type: string
Supported Values: tcp, udp, icmp, other
template
Description: template is a JSON Block. Please see below for entry-list_src-dst-pair-class-list-list_cid-list_l4-type-src-dst-cid-list_template
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
entry-list_src-dst-pair-class-list-list_cid-list_l4-type-src-dst-cid-list_template¶
Specification Value Type object other
Description DDOS OTHER template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
tcp
Description DDOS TCP template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
template-icmp-v4
Description DDOS icmp-v4 template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
Mutual Exclusion: template-icmp-v4 and template-icmp-v6 are mutually exclusive
template-icmp-v6
Description DDOS icmp-v6 template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
Mutual Exclusion: template-icmp-v6 and template-icmp-v4 are mutually exclusive
udp
Description DDOS UDP template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
entry-list_src-dst-pair-class-list-list_cid-list_exceed-log-cfg¶
Specification Value Type object log-enable
Description Enable logging of limit exceed drop’s
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
entry-list_src-dst-pair-class-list-list_app-type-src-dst-list¶
Specification Value Type list Block object keys protocol
Description ‘dns’: dns; ‘http’: http; ‘ssl-l4’: ssl-l4; ‘sip’: sip;
Type: string
Supported Values: dns, http, ssl-l4, sip
template
Description: template is a JSON Block. Please see below for entry-list_src-dst-pair-class-list-list_app-type-src-dst-list_template
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
entry-list_src-dst-pair-class-list-list_app-type-src-dst-list_template¶
Specification Value Type object dns
Description DDOS dns template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
http
Description DDOS http template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
sip
Description DDOS sip template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
ssl-l4
Description DDOS SSL-L4 template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
entry-list_src-dst-pair-class-list-list_l4-type-src-dst-list¶
Specification Value Type list Block object keys deny
Description Blacklist and Drop all incoming packets for protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
protocol
Description ‘tcp’: tcp; ‘udp’: udp; ‘icmp’: icmp; ‘other’: other;
Type: string
Supported Values: tcp, udp, icmp, other
template
Description: template is a JSON Block. Please see below for entry-list_src-dst-pair-class-list-list_l4-type-src-dst-list_template
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
entry-list_src-dst-pair-class-list-list_l4-type-src-dst-list_template¶
Specification Value Type object other
Description DDOS OTHER template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
tcp
Description DDOS TCP template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
template-icmp-v4
Description DDOS icmp-v4 template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
Mutual Exclusion: template-icmp-v4 and template-icmp-v6 are mutually exclusive
template-icmp-v6
Description DDOS icmp-v6 template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
Mutual Exclusion: template-icmp-v6 and template-icmp-v4 are mutually exclusive
udp
Description DDOS UDP template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
entry-list_src-dst-pair-class-list-list_exceed-log-cfg¶
Specification Value Type object log-enable
Description Enable logging of limit exceed drop’s
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
entry-list_template¶
Specification Value Type object logging
Description DDOS logging template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
entry-list_glid-exceed-action¶
Specification Value Type object stateless-encap-action-cfg
Description: stateless-encap-action-cfg is a JSON Block. Please see below for entry-list_glid-exceed-action_stateless-encap-action-cfg
Type: Object
entry-list_glid-exceed-action_stateless-encap-action-cfg¶
Specification Value Type object encap-template
Description Apply legacy encap template for encap action
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/template/encap
stateless-encap-action
Description ‘stateless-tunnel-encap’: Encapsulate all packets; ‘stateless-tunnel-encap-scrubbed’: Encapsulate all packets and allow packets to go through other DDoS checks before sent (conn-limit exceeded packet can not be scrubbed, it will default to stateless-tunnel-encap);
Type: string
Supported Values: stateless-tunnel-encap, stateless-tunnel-encap-scrubbed
entry-list_l4-type-list¶
Specification Value Type list Block object keys deny
Description Blacklist and Drop all incoming packets for protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
detection-enable
Description Enable ddos detection
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
drop-frag-pkt
Description Drop fragmented packets
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
drop-on-no-port-match
Description ‘disable’: disable; ‘enable’: enable;
Type: string
Supported Values: disable, enable
Default: enable
enable-top-k
Description Enable ddos top-k entries
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
glid-exceed-action
Description: glid-exceed-action is a JSON Block. Please see below for entry-list_l4-type-list_glid-exceed-action
Type: Object
max-rexmit-syn-per-flow
Description Maximum number of re-transmit SYN per flow
Type: number
Range: 1-6
max-rexmit-syn-per-flow-exceed-action
Description ‘drop’: Drop the packet; ‘black-list’: Add the source IP into black list;
Type: string
Supported Values: drop, black-list
port-ind
Description: port-ind is a JSON Block. Please see below for entry-list_l4-type-list_port-ind
Type: Object
Reference Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/l4-type/{protocol}/port-ind
protocol
Description ‘tcp’: L4-Type TCP; ‘udp’: L4-Type UDP; ‘icmp’: L4-Type ICMP; ‘other’: L4-Type OTHER;
Type: string
Supported Values: tcp, udp, icmp, other
stateful
Description Enable stateful tracking of sessions (Default is stateless)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
syn-auth
Description ‘send-rst’: Send RST to client upon client ACK; ‘force-rst-by-ack’: Force client RST via the use of ACK; ‘force-rst-by-synack’: Force client RST via the use of bad SYN|ACK; ‘disable’: Disable TCP SYN Authentication;
Type: string
Supported Values: send-rst, force-rst-by-ack, force-rst-by-synack, disable
Default: send-rst
syn-cookie
Description Enable SYN Cookie
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
tcp-reset-client
Description Send reset to client when rate exceeds or session ages out
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
tcp-reset-server
Description Send reset to server when rate exceeds or session ages out
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
template
Description: template is a JSON Block. Please see below for entry-list_l4-type-list_template
Type: Object
topk-num-records
Description Maximum number of records to show in topk
Type: number
Range: 1-100
Default: 20
topk-sort-key
Description ‘avg’: window average; ‘max-peak’: max peak;
Type: string
Supported Values: avg, max-peak
Default: avg
topk-sources
Description: topk-sources is a JSON Block. Please see below for entry-list_l4-type-list_topk-sources
Type: Object
Reference Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/l4-type/{protocol}/topk-sources
tunnel-decap
Description: tunnel-decap is a JSON Block. Please see below for entry-list_l4-type-list_tunnel-decap
Type: Object
tunnel-rate-limit
Description: tunnel-rate-limit is a JSON Block. Please see below for entry-list_l4-type-list_tunnel-rate-limit
Type: Object
undefined-port-hit-statistics
Description: undefined-port-hit-statistics is a JSON Block. Please see below for entry-list_l4-type-list_undefined-port-hit-statistics
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
entry-list_l4-type-list_undefined-port-hit-statistics¶
Specification Value Type object reset-interval
Description Configure port scanning counter reset interval (minutes), Default 60 mins
Type: number
Range: 1-64000
Default: 60
undefined-port-hit-statistics
Description Enable port scanning statistics
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
entry-list_l4-type-list_template¶
Specification Value Type object template-icmp-v4
Description DDOS icmp-v4 template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
Mutual Exclusion: template-icmp-v4 and template-icmp-v6 are mutually exclusive
template-icmp-v6
Description DDOS icmp-v6 template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
Mutual Exclusion: template-icmp-v6 and template-icmp-v4 are mutually exclusive
entry-list_l4-type-list_glid-exceed-action¶
Specification Value Type object stateless-encap-action-cfg
Description: stateless-encap-action-cfg is a JSON Block. Please see below for entry-list_l4-type-list_glid-exceed-action_stateless-encap-action-cfg
Type: Object
entry-list_l4-type-list_glid-exceed-action_stateless-encap-action-cfg¶
Specification Value Type object encap-template
Description Apply legacy encap template for encap action
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/template/encap
stateless-encap-action
Description ‘stateless-tunnel-encap’: Encapsulate all packets; ‘stateless-tunnel-encap-scrubbed’: Encapsulate all packets and allow packets to go through other DDoS checks before sent (conn-limit exceeded packet can not be scrubbed, it will default to stateless-tunnel-encap);
Type: string
Supported Values: stateless-tunnel-encap, stateless-tunnel-encap-scrubbed
entry-list_l4-type-list_tunnel-decap¶
Specification Value Type object gre-decap
Description Enable GRE Tunnel decapsulation
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
ip-decap
Description Enable IP Tunnel decapsulation
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
key-cfg
Type: List
entry-list_l4-type-list_tunnel-decap_key-cfg¶
Specification Value Type list Block object keys key
Description Only decapsulate GRE packet with this key (Hexadecimal 0x0-0xFFFFFFFF,decimal 0-4294967295)
Type: string
Maximum Length: 10 characters
Maximum Length: 1 characters
entry-list_l4-type-list_port-ind¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
entry-list_l4-type-list_topk-sources¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
entry-list_l4-type-list_tunnel-rate-limit¶
Specification Value Type object gre-rate-limit
Description Enable inner IP rate limiting on GRE traffic
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
ip-rate-limit
Description Enable inner IP rate limiting on IPinIP traffic
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
entry-list_topk-destinations¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
entry-list_src-dst-pair-settings-list¶
Specification Value Type list Block object keys age
Description Idle age for ip entry
Type: number
Range: 2-1023
Default: 5
all-types
Description ‘all-types’: Settings for all types (default or class-list);
Type: string
Supported Values: all-types
apply-policy-on-overflow
Description Enable this flag to apply overflow policy when dynamic entry count overflows
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
enable-class-list-overflow
Description Apply class-list overflow policy upon exceeding dynamic entry count specified for DST entry or each class-list
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
l4-type-src-dst-list
Type: List
Reference Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair-settings/{all-types}/l4-type-src-dst/{protocol}
max-dynamic-entry-count
Description Maximum count for dynamic src-dst entry
Type: number
Range: 0-2147483647
src-prefix-len
Description Specify src prefix length for IPv6 (default: not set)
Type: number
Range: 32-127
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
entry-list_src-dst-pair-settings-list_l4-type-src-dst-list¶
Specification Value Type list Block object keys apply-policy-on-overflow
Description Enable this flag to apply overflow policy when dynamic entry count overflows
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
max-dynamic-entry-count
Description Maximum count for dynamic src-dst entry
Type: number
Range: 0-2147483647
protocol
Description ‘tcp’: tcp; ‘udp’: udp; ‘icmp’: icmp; ‘other’: other;
Type: string
Supported Values: tcp, udp, icmp, other
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
entry-list_src-port-range-list¶
Specification Value Type list Block object keys deny
Description Blacklist and Drop all incoming packets for protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
protocol
Description ‘udp’: UDP Port; ‘tcp’: TCP Port;
Type: string
Supported Values: udp, tcp
src-port-range-end
Description Src Port-Range End Port Number
Type: number
Range: 2-65535
src-port-range-start
Description Src Port-Range Start Port Number
Type: number
Range: 1-65535
template
Description: template is a JSON Block. Please see below for entry-list_src-port-range-list_template
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
entry-list_src-port-range-list_template¶
Specification Value Type object src-tcp
Description DDOS tcp src template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
src-udp
Description DDOS udp src template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
entry-list_ip-proto-list¶
Specification Value Type list Block object keys deny
Description Blacklist and Drop all incoming packets for protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
esp-inspect
Description: esp-inspect is a JSON Block. Please see below for entry-list_ip-proto-list_esp-inspect
Type: Object
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
glid-exceed-action
Description: glid-exceed-action is a JSON Block. Please see below for entry-list_ip-proto-list_glid-exceed-action
Type: Object
ip-filtering-policy
Description Configure IP Filter
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/ip-filtering-policy
port-num
Description Protocol Number
Type: number
Range: 0-255
template
Description: template is a JSON Block. Please see below for entry-list_ip-proto-list_template
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
entry-list_ip-proto-list_esp-inspect¶
Specification Value Type object auth-algorithm
Description ‘AUTH_NULL’: No Integrity Check Value; ‘HMAC-SHA-1-96’: 96 bit Auth Algo; ‘HMAC-SHA-256-96’: 96 bit Auth Algo; ‘HMAC-SHA-256-128’: 128 bit Auth Algo; ‘HMAC-SHA-384-192’: 192 bit Auth Algo; ‘HMAC-SHA-512-256’: 256 bit Auth Algo; ‘HMAC-MD5-96’: 96 bit Auth Algo; ‘MAC-RIPEMD-160-96’: 96 bit Auth Algo;
Type: string
Supported Values: AUTH_NULL, HMAC-SHA-1-96, HMAC-SHA-256-96, HMAC-SHA-256-128, HMAC-SHA-384-192, HMAC-SHA-512-256, HMAC-MD5-96, MAC-RIPEMD-160-96
encrypt-algorithm
Description ‘NULL’: Null Encryption Algorithm;
Type: string
Supported Values: NULL
mode
Description ‘transport’: Transport mode;
Type: string
Supported Values: transport
entry-list_ip-proto-list_template¶
Specification Value Type object other
Description DDOS other template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
entry-list_ip-proto-list_glid-exceed-action¶
Specification Value Type object stateless-encap-action-cfg
Description: stateless-encap-action-cfg is a JSON Block. Please see below for entry-list_ip-proto-list_glid-exceed-action_stateless-encap-action-cfg
Type: Object
entry-list_ip-proto-list_glid-exceed-action_stateless-encap-action-cfg¶
Specification Value Type object encap-template
Description Apply legacy encap template for encap action
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/template/encap
stateless-encap-action
Description ‘stateless-tunnel-encap’: Encapsulate all packets; ‘stateless-tunnel-encap-scrubbed’: Encapsulate all packets and allow packets to go through other DDoS checks before sent (conn-limit exceeded packet can not be scrubbed, it will default to stateless-tunnel-encap);
Type: string
Supported Values: stateless-tunnel-encap, stateless-tunnel-encap-scrubbed
entry-list_src-port-list¶
Specification Value Type list Block object keys deny
Description Blacklist and Drop all incoming packets for protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
outbound-src-tracking
Description ‘enable’: enable; ‘disable’: disable;
Type: string
Supported Values: enable, disable
Default: disable
port-num
Description Port Number
Type: number
Range: 0-65535
protocol
Description ‘dns-udp’: DNS-UDP Port; ‘dns-tcp’: DNS-TCP Port; ‘udp’: UDP Port; ‘tcp’: TCP Port;
Type: string
Supported Values: dns-udp, dns-tcp, udp, tcp
template
Description: template is a JSON Block. Please see below for entry-list_src-port-list_template
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
entry-list_src-port-list_template¶
Specification Value Type object src-dns
Description DDOS dns src template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
src-tcp
Description DDOS tcp src template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
src-udp
Description DDOS udp src template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
entry-list_exceed-log-cfg¶
Specification Value Type object log-enable
Description Enable logging of limit exceed drop’s
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
log-high-frequency
Description Enable High frequency logging for non-event logs per entry
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
log-with-sflow
Description Turn on sflow sample with log
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
rate-limit
Description Rate limit per second per entry(Default : 1 per second)
Type: number
Range: 1-1000
Default: 1
entry-list_sflow¶
Specification Value Type object collector
Type: Listpolling
Description: polling is a JSON Block. Please see below for entry-list_sflow_polling
Type: Object
entry-list_sflow_collector¶
Specification Value Type list Block object keys sflow-name
Description Name of configured custom sFlow collector
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/sflow/collector/custom
entry-list_sflow_polling¶
Specification Value Type object sflow-http
Description Enable sFlow HTTP counter polling. WARNING: Entry level Sflow polling might induce heavy CPU load depending on the total number
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sflow-layer-4
Description Enable sFlow Layer 4 counter polling. WARNING: Entry level Sflow polling might induce heavy CPU load depending on the total num
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sflow-packets
Description Enable sFlow packet-level counter polling. WARNING: Entry level Sflow polling might induce heavy CPU load depending on the tota
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sflow-tcp
Description: sflow-tcp is a JSON Block. Please see below for entry-list_sflow_polling_sflow-tcp
Type: Object
sflow-undef-port-hit-stats
Description Enable sFlow undefined-port-hit-statistics polling
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sflow-undef-port-hit-stats-brief
Description Enable sFlow undefined-port-hit-statistics polling in brief mode
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
entry-list_sflow_polling_sflow-tcp¶
Specification Value Type object sflow-tcp-basic
Description Enable sFlow basic TCP counter polling. WARNING: Entry level Sflow polling might induce heavy CPU load depending on the total n
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sflow-tcp-stateful
Description Enable sFlow stateful TCP counter polling. WARNING: Entry level Sflow polling might induce heavy CPU load depending on the tota
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
entry-list_src-dst-pair¶
Specification Value Type object app-type-src-dst-list
Type: List
Reference Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair/app-type-src-dst/{protocol}
bypass
Description Always permit for the Source to bypass all feature & limit checks
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
default
Description Configure default
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exceed-log-cfg
Description: exceed-log-cfg is a JSON Block. Please see below for entry-list_src-dst-pair_exceed-log-cfg
Type: Object
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
l4-type-src-dst-list
Type: List
Reference Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair/l4-type-src-dst/{protocol}
log-periodic
Description Enable periodic log while event is continuing
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
template
Description: template is a JSON Block. Please see below for entry-list_src-dst-pair_template
Type: Object
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
entry-list_src-dst-pair_template¶
Specification Value Type object logging
Description DDOS logging template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
entry-list_src-dst-pair_app-type-src-dst-list¶
Specification Value Type list Block object keys protocol
Description ‘dns’: dns; ‘http’: http; ‘ssl-l4’: ssl-l4; ‘sip’: sip;
Type: string
Supported Values: dns, http, ssl-l4, sip
template
Description: template is a JSON Block. Please see below for entry-list_src-dst-pair_app-type-src-dst-list_template
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
entry-list_src-dst-pair_app-type-src-dst-list_template¶
Specification Value Type object dns
Description DDOS dns template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
http
Description DDOS http template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
sip
Description DDOS sip template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
ssl-l4
Description DDOS SSL-L4 template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
entry-list_src-dst-pair_l4-type-src-dst-list¶
Specification Value Type list Block object keys deny
Description Blacklist and Drop all incoming packets for protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
protocol
Description ‘tcp’: tcp; ‘udp’: udp; ‘icmp’: icmp; ‘other’: other;
Type: string
Supported Values: tcp, udp, icmp, other
template
Description: template is a JSON Block. Please see below for entry-list_src-dst-pair_l4-type-src-dst-list_template
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
entry-list_src-dst-pair_l4-type-src-dst-list_template¶
Specification Value Type object other
Description DDOS OTHER template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
tcp
Description DDOS TCP template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
template-icmp-v4
Description DDOS icmp-v4 template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
Mutual Exclusion: template-icmp-v4 and template-icmp-v6 are mutually exclusive
template-icmp-v6
Description DDOS icmp-v6 template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
Mutual Exclusion: template-icmp-v6 and template-icmp-v4 are mutually exclusive
udp
Description DDOS UDP template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
entry-list_src-dst-pair_exceed-log-cfg¶
Specification Value Type object log-enable
Description Enable logging of limit exceed drop’s
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
entry-list_src-dst-pair-policy-list¶
Specification Value Type list Block object keys policy-class-list-list
src-based-policy-name
Description Src-based-policy name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
entry-list_src-dst-pair-policy-list_policy-class-list-list¶
Specification Value Type list Block object keys app-type-src-dst-list
bypass
Description Always permit for the Source to bypass all feature & limit checks
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
class-list-name
Description Class-list name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
class-list-overflow-policy-list
exceed-log-cfg
Description: exceed-log-cfg is a JSON Block. Please see below for entry-list_src-dst-pair-policy-list_policy-class-list-list_exceed-log-cfg
Type: Object
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
l4-type-src-dst-list
log-periodic
Description Enable periodic log while event is continuing
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
max-dynamic-entry-count
Description Maximum count for dynamic src-dst entry under class-list
Type: number
Range: 0-2147483647
template
Description: template is a JSON Block. Please see below for entry-list_src-dst-pair-policy-list_policy-class-list-list_template
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
entry-list_src-dst-pair-policy-list_policy-class-list-list_template¶
Specification Value Type object logging
Description DDOS logging template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
entry-list_src-dst-pair-policy-list_policy-class-list-list_app-type-src-dst-list¶
Specification Value Type list Block object keys protocol
Description ‘dns’: dns; ‘http’: http; ‘ssl-l4’: ssl-l4; ‘sip’: sip;
Type: string
Supported Values: dns, http, ssl-l4, sip
template
Description: template is a JSON Block. Please see below for entry-list_src-dst-pair-policy-list_policy-class-list-list_app-type-src-dst-list_template
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
entry-list_src-dst-pair-policy-list_policy-class-list-list_app-type-src-dst-list_template¶
Specification Value Type object dns
Description DDOS dns template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
http
Description DDOS http template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
sip
Description DDOS sip template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
ssl-l4
Description DDOS SSL-L4 template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
entry-list_src-dst-pair-policy-list_policy-class-list-list_l4-type-src-dst-list¶
Specification Value Type list Block object keys deny
Description Blacklist and Drop all incoming packets for protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
protocol
Description ‘tcp’: tcp; ‘udp’: udp; ‘icmp’: icmp; ‘other’: other;
Type: string
Supported Values: tcp, udp, icmp, other
template
Description: template is a JSON Block. Please see below for entry-list_src-dst-pair-policy-list_policy-class-list-list_l4-type-src-dst-list_template
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
entry-list_src-dst-pair-policy-list_policy-class-list-list_l4-type-src-dst-list_template¶
Specification Value Type object other
Description DDOS OTHER template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
tcp
Description DDOS TCP template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
template-icmp-v4
Description DDOS icmp-v4 template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
Mutual Exclusion: template-icmp-v4 and template-icmp-v6 are mutually exclusive
template-icmp-v6
Description DDOS icmp-v6 template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
Mutual Exclusion: template-icmp-v6 and template-icmp-v4 are mutually exclusive
udp
Description DDOS UDP template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
entry-list_src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list¶
Specification Value Type list Block object keys app-type-src-dst-overflow-list
bypass
Description Always permit for the Source to bypass all feature & limit checks
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dummy-name
Description ‘configuration’: Configure src dst dynamic entry count overflow policy for class-list;
Type: string
Supported Values: configuration
exceed-log-cfg
Description: exceed-log-cfg is a JSON Block. Please see below for entry-list_src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list_exceed-log-cfg
Type: Object
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
l4-type-src-dst-overflow-list
log-periodic
Description Enable periodic log while event is continuing
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
template
Description: template is a JSON Block. Please see below for entry-list_src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list_template
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
entry-list_src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list_template¶
Specification Value Type object logging
Description DDOS logging template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
entry-list_src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list_l4-type-src-dst-overflow-list¶
Specification Value Type list Block object keys deny
Description Blacklist and Drop all incoming packets for protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
protocol
Description ‘tcp’: tcp; ‘udp’: udp; ‘icmp’: icmp; ‘other’: other;
Type: string
Supported Values: tcp, udp, icmp, other
template
Description: template is a JSON Block. Please see below for entry-list_src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list_l4-type-src-dst-overflow-list_template
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
entry-list_src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list_l4-type-src-dst-overflow-list_template¶
Specification Value Type object other
Description DDOS OTHER template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
tcp
Description DDOS TCP template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
template-icmp-v4
Description DDOS icmp-v4 template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
Mutual Exclusion: template-icmp-v4 and template-icmp-v6 are mutually exclusive
template-icmp-v6
Description DDOS icmp-v6 template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
Mutual Exclusion: template-icmp-v6 and template-icmp-v4 are mutually exclusive
udp
Description DDOS UDP template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
entry-list_src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list_app-type-src-dst-overflow-list¶
Specification Value Type list Block object keys protocol
Description ‘dns’: dns; ‘http’: http; ‘ssl-l4’: ssl-l4; ‘sip’: sip;
Type: string
Supported Values: dns, http, ssl-l4, sip
template
Description: template is a JSON Block. Please see below for entry-list_src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list_app-type-src-dst-overflow-list_template
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
entry-list_src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list_app-type-src-dst-overflow-list_template¶
Specification Value Type object dns
Description DDOS dns template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
http
Description DDOS http template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
sip
Description DDOS sip template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
ssl-l4
Description DDOS SSL-L4 template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
entry-list_src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list_exceed-log-cfg¶
Specification Value Type object log-enable
Description Enable logging of limit exceed drop’s
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
entry-list_src-dst-pair-policy-list_policy-class-list-list_exceed-log-cfg¶
Specification Value Type object log-enable
Description Enable logging of limit exceed drop’s
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
entry-list_enable-top-k¶
Specification Value Type list Block object keys topk-num-records
Description Maximum number of records to show in topk
Type: number
Range: 1-100
Default: 20
topk-sort-key
Description ‘avg’: window average; ‘max-peak’: max peak;
Type: string
Supported Values: avg, max-peak
Default: avg
topk-type
Description ‘destination’: Topk destination IP;
Type: string
Supported Values: destination
entry-list_exceed-log-dep-cfg¶
Specification Value Type object exceed-log-enable
Description (Deprecated)Enable logging of limit exceed drop’s
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
log-with-sflow-dep
Description Turn on sflow sample with log
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dynamic-entry-overflow-policy-list¶
Specification Value Type list Block object keys default-address-type
Description ‘ip’: ip; ‘ipv6’: ipv6;
Type: string
Supported Values: ip, ipv6
drop-disable
Description Disable certain drops during packet processing
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
drop-disable-fwd-immediate
Description Immediately forward L4 drops
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exceed-log-cfg
Description: exceed-log-cfg is a JSON Block. Please see below for dynamic-entry-overflow-policy-list_exceed-log-cfg
Type: Object
exceed-log-dep-cfg
Description: exceed-log-dep-cfg is a JSON Block. Please see below for dynamic-entry-overflow-policy-list_exceed-log-dep-cfg
Type: Object
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
inbound-forward-dscp
Description To set dscp value for inbound packets (DSCP Value for the clear traffic marking)
Type: number
Range: 1-63
ip-proto-list
Type: List
Reference Object: /axapi/v3/ddos/dst/dynamic-entry-overflow-policy/{default-address-type}/ip-proto/{port-num}
l4-type-list
Type: List
Reference Object: /axapi/v3/ddos/dst/dynamic-entry-overflow-policy/{default-address-type}/l4-type/{protocol}
log-periodic
Description Enable periodic log while event is continuing
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
outbound-forward-dscp
Description To set dscp value for outbound
Type: number
Range: 1-63
port-list
Type: List
Reference Object: /axapi/v3/ddos/dst/dynamic-entry-overflow-policy/{default-address-type}/port/{port-num}+{protocol}
src-port-list
Type: List
Reference Object: /axapi/v3/ddos/dst/dynamic-entry-overflow-policy/{default-address-type}/src-port/{port-num}+{protocol}
template
Description: template is a JSON Block. Please see below for dynamic-entry-overflow-policy-list_template
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dynamic-entry-overflow-policy-list_port-list¶
Specification Value Type list Block object keys deny
Description Blacklist and Drop all incoming packets for protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
port-num
Description Port Number
Type: number
Range: 0-65535
protocol
Description ‘dns-tcp’: dns-tcp; ‘dns-udp’: dns-udp; ‘http’: http; ‘tcp’: tcp; ‘udp’: udp; ‘ssl-l4’: ssl-l4; ‘sip-udp’: sip-udp; ‘sip-tcp’: sip-tcp;
Type: string
Supported Values: dns-tcp, dns-udp, http, tcp, udp, ssl-l4, sip-udp, sip-tcp
template
Description: template is a JSON Block. Please see below for dynamic-entry-overflow-policy-list_port-list_template
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dynamic-entry-overflow-policy-list_port-list_template¶
Specification Value Type object dns
Description DDOS dns template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
http
Description DDOS http template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
sip
Description DDOS sip template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
ssl-l4
Description DDOS ssl-l4 template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
tcp
Description DDOS tcp template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
udp
Description DDOS udp template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
dynamic-entry-overflow-policy-list_template¶
Specification Value Type object logging
Description DDOS logging template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
dynamic-entry-overflow-policy-list_ip-proto-list¶
Specification Value Type list Block object keys deny
Description Blacklist and Drop all incoming packets for protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
port-num
Description Protocol Number
Type: number
Range: 0-255
template
Description: template is a JSON Block. Please see below for dynamic-entry-overflow-policy-list_ip-proto-list_template
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dynamic-entry-overflow-policy-list_ip-proto-list_template¶
Specification Value Type object other
Description DDOS other template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
dynamic-entry-overflow-policy-list_exceed-log-cfg¶
Specification Value Type object log-enable
Description Enable logging of limit exceed drop’s
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
with-sflow-sample
Description Turn on sflow sample with log
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dynamic-entry-overflow-policy-list_exceed-log-dep-cfg¶
Specification Value Type object exceed-log-enable
Description (Deprecated)Enable logging of limit exceed drop’s
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
log-with-sflow-dep
Description Turn on sflow sample with log
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dynamic-entry-overflow-policy-list_src-port-list¶
Specification Value Type list Block object keys deny
Description Blacklist and Drop all incoming packets for protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
port-num
Description Port Number
Type: number
Range: 0-65535
protocol
Description ‘udp’: udp; ‘tcp’: tcp;
Type: string
Supported Values: udp, tcp
template
Description: template is a JSON Block. Please see below for dynamic-entry-overflow-policy-list_src-port-list_template
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dynamic-entry-overflow-policy-list_src-port-list_template¶
Specification Value Type object src-tcp
Description DDOS tcp src template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
src-udp
Description DDOS udp src template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
dynamic-entry-overflow-policy-list_l4-type-list¶
Specification Value Type list Block object keys deny
Description Blacklist and Drop all incoming packets for protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
drop-frag-pkt
Description Drop fragmented packets
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
drop-on-no-port-match
Description ‘disable’: disable; ‘enable’: enable;
Type: string
Supported Values: disable, enable
Default: enable
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
max-rexmit-syn-per-flow
Description Maximum number of re-transmit SYN per flow. Exceed action set to Drop
Type: number
Range: 1-6
protocol
Description ‘tcp’: tcp; ‘udp’: udp; ‘icmp’: icmp; ‘other’: other;
Type: string
Supported Values: tcp, udp, icmp, other
stateful
Description Enable stateful tracking of sessions (Default is stateless)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
syn-auth
Description ‘send-rst’: Send RST to client upon client ACK; ‘force-rst-by-ack’: Force client RST via the use of ACK; ‘force-rst-by-synack’: Force client RST via the use of bad SYN|ACK; ‘disable’: Disable TCP SYN Authentication;
Type: string
Supported Values: send-rst, force-rst-by-ack, force-rst-by-synack, disable
Default: send-rst
syn-cookie
Description Enable SYN Cookie
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
tcp-reset-client
Description Send reset to client when rate exceeds or session ages out
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
tcp-reset-server
Description Send reset to server when rate exceeds or session ages out
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
tunnel-decap
Description: tunnel-decap is a JSON Block. Please see below for dynamic-entry-overflow-policy-list_l4-type-list_tunnel-decap
Type: Object
tunnel-rate-limit
Description: tunnel-rate-limit is a JSON Block. Please see below for dynamic-entry-overflow-policy-list_l4-type-list_tunnel-rate-limit
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dynamic-entry-overflow-policy-list_l4-type-list_tunnel-rate-limit¶
Specification Value Type object gre-rate-limit
Description Enable inner IP rate limiting on GRE traffic
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
ip-rate-limit
Description Enable inner IP rate limiting on IPinIP traffic
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dynamic-entry-overflow-policy-list_l4-type-list_tunnel-decap¶
Specification Value Type object gre-decap
Description Enable GRE Tunnel decapsulation
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
ip-decap
Description Enable IP Tunnel decapsulation
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
key-cfg
Type: List
dynamic-entry-overflow-policy-list_l4-type-list_tunnel-decap_key-cfg¶
Specification Value Type list Block object keys key
Description Only decapsulate GRE packet with this key (Hexadecimal 0x0-0xFFFFFFFF,decimal 0-4294967295)
Type: string
Maximum Length: 10 characters
Maximum Length: 1 characters
dynamic-entry¶
Specification Value Type object all-entries
Description: all-entries is a JSON Block. Please see below for dynamic-entry_all-entries
Type: Object
Reference Object: /axapi/v3/ddos/dst/dynamic-entry/all-entries
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dynamic-entry_all-entries¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-list¶
Specification Value Type list Block object keys action-list
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/action-list
advertised-enable
Description BGP advertised
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
capture-config-list
Type: List
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/capture-config/{name}
collector
Type: Listcontinuous-learning
Description Continuous learning of detection
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
description
Description Description for this Destination Zone
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
dest-nat-ip
Description Destination NAT IP address
Type: string
Format: ipv4-address
dest-nat-ipv6
Description Destination NAT IPv6 address
Type: string
Format: ipv6-address
detection
Description: detection is a JSON Block. Please see below for zone-list_detection
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/detection
drop-frag-pkt
Description Drop fragmented packets
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
enable-top-k
Type: Listglid
Description Global limit ID for the whole zone
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
hw-blacklist-blocking
Description: hw-blacklist-blocking is a JSON Block. Please see below for zone-list_hw-blacklist-blocking
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/hw-blacklist-blocking
inbound-forward-dscp
Description To set dscp value for inbound packets (DSCP Value for the clear traffic marking)
Type: number
Range: 1-63
ip
Type: Listip-proto
Description: ip-proto is a JSON Block. Please see below for zone-list_ip-proto
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/ip-proto
ipv6
Type: Listlog-enable
Description Enable logging
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
log-high-frequency
Description Enable High frequency logging for non-event logs per zone
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
log-periodic
Description Enable log periodic
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
operational-mode
Description ‘idle’: Idle mode; ‘monitor’: Monitor mode; ‘learning’: Learning mode;
Type: string
Supported Values: idle, monitor, learning
Default: idle
outbound-forward-dscp
Description To set dscp value for outbound
Type: number
Range: 1-63
outbound-policy
Description: outbound-policy is a JSON Block. Please see below for zone-list_outbound-policy
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/outbound-policy
packet-anomaly-detection
Description: packet-anomaly-detection is a JSON Block. Please see below for zone-list_packet-anomaly-detection
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/packet-anomaly-detection
pattern-recognition-hw-filter-enable
Description to enable pattern recognition hardware filter
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
per-addr-glid
Description Global limit ID per address
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
port
Description: port is a JSON Block. Please see below for zone-list_port
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/port
port-range-list
Type: List
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}
rate-limit
Description Rate limit per second per zone(Default : 1 per second)
Type: number
Range: 1-1000
Default: 1
reporting-disabled
Description Disable Reporting
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sflow-common
Description Enable sFlow counter polling packets, tcp-basic, tcp-stateful and http. WARNING: Zone level Sflow polling might induce heavy CP
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: sflow-common,sflow-packets, sflow-layer-4, sflow-tcp-basic, sflow-tcp-stateful, and sflow-http are mutually exclusive
sflow-http
Description Enable sFlow HTTP counter polling. WARNING: Zone level Sflow polling might induce heavy CPU load depending on the total number
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: sflow-http and sflow-common are mutually exclusive
sflow-layer-4
Description Enable sFlow Layer 4 counter polling. WARNING: Zone level Sflow polling might induce heavy CPU load depending on the number of
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: sflow-layer-4 and sflow-common are mutually exclusive
sflow-packets
Description Enable sFlow packet-level counter polling. WARNING: Zone level Sflow polling might induce heavy CPU load depending on the total
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: sflow-packets and sflow-common are mutually exclusive
sflow-tcp
Description: sflow-tcp is a JSON Block. Please see below for zone-list_sflow-tcp
Type: Object
source-nat-pool
Description Configure source NAT
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
src-port
Description: src-port is a JSON Block. Please see below for zone-list_src-port
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/src-port
src-port-range-list
Type: List
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/src-port-range/{src-port-range-start}+{src-port-range-end}+{protocol}
src-prefix-len
Description Specify src prefix length for IPv6 (default: not set)
Type: number
Range: 32-127
telemetry-enable
Description Enable from-l3-peer flag for the zone, thus all the ip entries in the zone will be dynamically created/deleted based on the BGP
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
topk-destinations
Description: topk-destinations is a JSON Block. Please see below for zone-list_topk-destinations
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/topk-destinations
traffic-distribution-mode
Description ‘default’: Distribute traffic to one slot using default distribution mechanism; ‘source-ip-based’: Distribute traffic between slots, based on source ip; ‘slot’: Assign traffic to a specific slot;
Type: string
Supported Values: default, source-ip-based
Default: default
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
web-gui
Description: web-gui is a JSON Block. Please see below for zone-list_web-gui
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/web-gui
zone-name
Description
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
zone-profile
Description Apply threshold profile
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/zone-profile
zone-template
Description: zone-template is a JSON Block. Please see below for zone-list_zone-template
Type: Object
zone-list_outbound-policy¶
Specification Value Type object name
Description Specify name of the outbound policy
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/outbound-policy
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-list_ip¶
Specification Value Type list Block object keys expand-ip-subnet
Description Expand this subnet to individual IP address
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
expand-ip-subnet-mode
Description ‘default’: Default learning mechanism (Default: Dynamic); ‘dynamic’: Dynamic learning; ‘static’: Static learning;
Type: string
Supported Values: default, dynamic, static
Default: default
ip-addr
Description Specify IP address
Type: string
Format: ipv4-address
subnet-ip-addr
Description IP Subnet
Type: string
Format: ipv4-cidr
zone-list_detection¶
Specification Value Type object notification
Description: notification is a JSON Block. Please see below for zone-list_detection_notification
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/detection/notification
outbound-detection
Description: outbound-detection is a JSON Block. Please see below for zone-list_detection_outbound-detection
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/detection/outbound-detection
packet-anomaly-detection
Description: packet-anomaly-detection is a JSON Block. Please see below for zone-list_detection_packet-anomaly-detection
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/detection/packet-anomaly-detection
service-discovery
Description: service-discovery is a JSON Block. Please see below for zone-list_detection_service-discovery
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/detection/service-discovery
settings
Description ‘settings’: settings;
Type: string
Supported Values: settings
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-list_detection_packet-anomaly-detection¶
Specification Value Type object configuration
Description ‘configuration’: configuration;
Type: string
Supported Values: configuration
indicator-list
Type: List
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/detection/packet-anomaly-detection/indicator/{type}
toggle
Description ‘enable’: Enable packet anomaly; ‘disable’: Disable packet anomaly;
Type: string
Supported Values: enable, disable
Default: enable
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-list_detection_packet-anomaly-detection_indicator-list¶
Specification Value Type list Block object keys threshold-num
Description Threshold for each indicator
Type: number
Range: 1-65535
Default: 100
type
Description ‘port-zero-pkt-rate’: Port Zero Packet Rate (default 100 packet per second);
Type: string
Supported Values: port-zero-pkt-rate
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-list_detection_notification¶
Specification Value Type object configuration
Description ‘configuration’: configuration;
Type: string
Supported Values: configuration
notification
Type: Listuuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-list_detection_notification_notification¶
Specification Value Type list Block object keys notification-template-name
Description Specify the notification template name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/notification-template
zone-list_detection_service-discovery¶
Specification Value Type object configuration
Description ‘configuration’: configuration;
Type: string
Supported Values: configuration
pkt-rate-threshold
Description packet rate threshold for discovery (default 10 packets per second)
Type: number
Range: 1-255
Default: 10
toggle
Description ‘enable’: Enable service discovery; ‘disable’: Disable service discovery;
Type: string
Supported Values: enable, disable
Default: disable
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-list_detection_outbound-detection¶
Specification Value Type object configuration
Description ‘configuration’: configuration;
Type: string
Supported Values: configuration
discovery-method
Description ‘asn’: Autonomous Systems number; ‘country’: Country;
Type: string
Supported Values: asn, country
discovery-record
Description Maximum number of top locations
Type: number
Range: 1-100
Default: 10
enable-top-k
Type: Listindicator-list
Type: List
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/detection/outbound-detection/indicator/{type}
toggle
Description ‘enable’: Enable outbound detection; ‘disable’: Disable outbound detection;
Type: string
Supported Values: enable, disable
Default: disable
topk-source-subnet
Description: topk-source-subnet is a JSON Block. Please see below for zone-list_detection_outbound-detection_topk-source-subnet
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/detection/outbound-detection/topk-source-subnet
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-list_detection_outbound-detection_topk-source-subnet¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-list_detection_outbound-detection_enable-top-k¶
Specification Value Type list Block object keys topk-netmask
Description Subnet mask. The value should be less than or equal to the minimum zone subnet mask + 8 (IPv6 Subnet mask)
Type: number
Range: 1-128
Default: 128
topk-num-records
Description Maximum number of records to show in topk
Type: number
Range: 1-100
Default: 20
topk-type
Description ‘source-subnet’: Topk source subnet;
Type: string
Supported Values: source-subnet
zone-list_detection_outbound-detection_indicator-list¶
Specification Value Type list Block object keys data-packet-size
Description Expected minimal data size
Type: number
Range: 1-1500
tcp-window-size
Description Expected minimal window size
Type: number
Range: 1-500
threshold-large-num
Description Threshold for each geo-location
Type: number
Range: 1-10995116277760
threshold-num
Description Threshold for each geo-location
Type: number
Range: 1-2147483647
threshold-str
Description Threshold for each geo-location (Non-zero floating point)
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
type
Description ‘pkt-rate’: rate of incoming packets; ‘pkt-drop-rate’: rate of packets got dropped; ‘bit-rate’: rate of incoming bits; ‘pkt-drop-ratio’: ratio of incoming packet rate divided by the rate of dropping packets; ‘bytes-to-bytes-from-ratio’: ratio of incoming packet rate divided by the rate of outgoing packets; ‘syn-rate’: rate on incoming SYN packets; ‘fin-rate’: rate on incoming FIN packets; ‘rst-rate’: rate of incoming RST packets; ‘small-window-ack-rate’: rate of small window advertisement; ‘empty-ack-rate’: rate of incoming packets which have no payload; ‘small-payload-rate’: rate of short payload packet; ‘syn-fin-ratio’: ratio of incoming SYN packet rate divided by the rate of incoming FIN packets;
Type: string
Supported Values: pkt-rate, pkt-drop-rate, bit-rate, pkt-drop-ratio, bytes-to-bytes-from-ratio, syn-rate, fin-rate, rst-rate, small-window-ack-rate, empty-ack-rate, small-payload-rate, syn-fin-ratio
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-list_packet-anomaly-detection¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-list_ip-proto¶
Specification Value Type object proto-name-list
Type: List
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol}
proto-number-list
Type: List
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}
proto-tcp-udp-list
Type: List
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-tcp-udp/{protocol}
zone-list_ip-proto_proto-number-list¶
Specification Value Type list Block object keys age
Description Idle age for ip entry
Type: number
Range: 2-1023
Default: 5
apply-policy-on-overflow
Description Enable this flag to apply overflow policy when dynamic entry count overflows
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
deny
Description Blacklist and Drop all incoming packets for this ip-proto
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
drop-frag-pkt
Description Drop fragmented packets
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dynamic-entry-count-warn-threshold
Description Set threshold percentage of “max-src-dst-entry” for generating warning logs. Including start and end.
Type: number
Range: 1-100
dynamic-entry-overflow-policy-list
Type: List
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}/dynamic-entry-overflow-policy/{dummy-name}
enable-class-list-overflow
Description Apply class-list overflow policy upon exceeding dynamic entry count specified for zone-port or class-list
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
enable-top-k
Description Enable ddos top-k detection
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
enable-top-k-destination
Description Enable ddos top-k destination IP detection
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
esp-inspect
Description: esp-inspect is a JSON Block. Please see below for zone-list_ip-proto_proto-number-list_esp-inspect
Type: Object
faster-de-escalation
Description De-escalate faster in standalone mode
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid-cfg
Description: glid-cfg is a JSON Block. Please see below for zone-list_ip-proto_proto-number-list_glid-cfg
Type: Object
ip-filtering-policy
Description Configure IP Filter
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/ip-filtering-policy
ip-filtering-policy-statistics
Description: ip-filtering-policy-statistics is a JSON Block. Please see below for zone-list_ip-proto_proto-number-list_ip-filtering-policy-statistics
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}/ip-filtering-policy-statistics
level-list
Type: List
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}/level/{level-num}
manual-mode-enable
Description Toggle manual mode to use fix templates
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
manual-mode-list
Type: List
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}/manual-mode/{config}
max-dynamic-entry-count
Description Maximum count for dynamic source zone service entry
Type: number
Range: 0-2147483647
port-ind
Description: port-ind is a JSON Block. Please see below for zone-list_ip-proto_proto-number-list_port-ind
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}/port-ind
protocol-num
Description Protocol Number
Type: number
Range: 0-255
src-based-policy-list
Type: List
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}/src-based-policy/{src-based-policy-name}
topk-destinations
Description: topk-destinations is a JSON Block. Please see below for zone-list_ip-proto_proto-number-list_topk-destinations
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}/topk-destinations
topk-dst-num-records
Description Maximum number of records to show in topk
Type: number
Range: 1-100
Default: 20
topk-dst-sort-key
Description ‘avg’: window average; ‘max-peak’: max peak;
Type: string
Supported Values: avg, max-peak
Default: avg
topk-num-records
Description Maximum number of records to show in topk
Type: number
Range: 1-100
Default: 20
topk-sort-key
Description ‘avg’: window average; ‘max-peak’: max peak;
Type: string
Supported Values: avg, max-peak
Default: avg
topk-sources
Description: topk-sources is a JSON Block. Please see below for zone-list_ip-proto_proto-number-list_topk-sources
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}/topk-sources
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-list_ip-proto_proto-number-list_dynamic-entry-overflow-policy-list¶
Specification Value Type list Block object keys action
Description ‘bypass’: Always permit for the Source to bypass all feature & limit checks; ‘deny’: Blacklist incoming packets for service;
Type: string
Supported Values: bypass, deny
dummy-name
Description ‘configuration’: Configure overflow policy;
Type: string
Supported Values: configuration
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template
Description: zone-template is a JSON Block. Please see below for zone-list_ip-proto_proto-number-list_dynamic-entry-overflow-policy-list_zone-template
Type: Object
zone-list_ip-proto_proto-number-list_dynamic-entry-overflow-policy-list_zone-template¶
Specification Value Type object ip-proto
Description DDOS ip-proto template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
zone-list_ip-proto_proto-number-list_glid-cfg¶
Specification Value Type object action-list
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: action-list and glid-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
glid
Description Global limit ID for the whole zone
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
glid-action
Description ‘drop’: Drop packets for glid exceed (Default); ‘ignore’: Do nothing for glid exceed;
Type: string
Supported Values: drop, ignore
Mutual Exclusion: glid-action and action-list are mutually exclusive
per-addr-glid
Description Global limit ID per address
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
zone-list_ip-proto_proto-number-list_level-list¶
Specification Value Type list Block object keys glid-action
Description ‘drop’: Drop packets for glid exceed (Default); ‘blacklist-src’: Blacklist-src for glid exceed; ‘ignore’: Do nothing for glid exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
indicator-list
Type: List
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}/level/{level-num}/indicator/{type}
level-num
Description ‘0’: Default policy level; ‘1’: Policy level 1; ‘2’: Policy level 2; ‘3’: Policy level 3; ‘4’: Policy level 4;
Type: string
Supported Values: 0, 1, 2, 3, 4
src-default-glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
src-escalation-score
Description Source activation score of this level
Type: number
Range: 1-1000000
src-violation-actions
Description Violation actions apply due to source escalate from this level
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/violation-actions
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-escalation-score
Description Zone activation score of this level
Type: number
Range: 1-1000000
zone-template
Description: zone-template is a JSON Block. Please see below for zone-list_ip-proto_proto-number-list_level-list_zone-template
Type: Object
zone-violation-actions
Description Violation actions apply due to zone escalate from this level
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/violation-actions
zone-list_ip-proto_proto-number-list_level-list_zone-template¶
Specification Value Type object encap
Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
ip-proto
Description DDOS ip-proto template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
zone-list_ip-proto_proto-number-list_level-list_indicator-list¶
Specification Value Type list Block object keys data-packet-size
Description Expected minimal data size
Type: number
Range: 1-1500
score
Description Score corresponding to the indicator
Type: number
Range: 1-1000000
src-threshold-large-num
Description Indicator per-src threshold
Type: number
Range: 1-10995116277760
src-threshold-num
Description Indicator per-src threshold
Type: number
Range: 1-2147483647
src-threshold-str
Description Indicator per-src threshold
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
src-violation-actions
Description Violation actions to use when this src indicator threshold reaches
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/violation-actions
type
Description ‘pkt-rate’: rate of incoming packets; ‘pkt-drop-rate’: rate of packets got dropped; ‘pkt-drop-ratio’: ratio of incoming packet rate divided by the rate of dropping packets; ‘bytes-to-bytes-from-ratio’: ratio of incoming packet rate divided by the rate of outgoing packets; ‘frag-rate’: rate of incoming fragmented packets; ‘cpu-utilization’: average data CPU utilization; ‘interface-utilization’: outside interface utilization;
Type: string
Supported Values: pkt-rate, pkt-drop-rate, bit-rate, pkt-drop-ratio, bytes-to-bytes-from-ratio, frag-rate, cpu-utilization, interface-utilization, learnt-sources
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-threshold-large-num
Description Threshold for the entire zone
Type: number
Range: 1-10995116277760
zone-threshold-num
Description Threshold for the entire zone
Type: number
Range: 1-2147483647
zone-threshold-str
Description Threshold for the entire zone
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
zone-violation-actions
Description Violation actions to use when this zone indicator threshold reaches
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/violation-actions
zone-list_ip-proto_proto-number-list_manual-mode-list¶
Specification Value Type list Block object keys config
Description ‘configuration’: Manual-mode configuration;
Type: string
Supported Values: configuration
glid-action
Description ‘drop’: Drop packets for glid exceed (Default); ‘blacklist-src’: Blacklist-src for glid exceed; ‘ignore’: Do nothing for glid exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
src-default-glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template
Description: zone-template is a JSON Block. Please see below for zone-list_ip-proto_proto-number-list_manual-mode-list_zone-template
Type: Object
zone-list_ip-proto_proto-number-list_manual-mode-list_zone-template¶
Specification Value Type object encap
Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
ip-proto
Description DDOS ip-proto template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
zone-list_ip-proto_proto-number-list_src-based-policy-list¶
Specification Value Type list Block object keys policy-class-list-list
src-based-policy-name
Description Specify name of the policy
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-list_ip-proto_proto-number-list_src-based-policy-list_policy-class-list-list¶
Specification Value Type list Block object keys action
Description ‘bypass’: Always permit for the Source to bypass all feature & limit checks; ‘deny’: Blacklist incoming packets for service;
Type: string
Supported Values: bypass, deny
class-list-name
Description Class-list name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
class-list-overflow-policy-list
dynamic-entry-count-warn-threshold
Description Set threshold percentage of “max-src-dst-entry” for generating warning logs. Including start and end.
Type: number
Range: 1-100
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
glid-action
Description ‘drop’: Drop packets for glid exceed (Default); ‘blacklist-src’: Blacklist-src for glid exceed; ‘ignore’: Do nothing for glid exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
log-enable
Description Enable logging
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
log-periodic
Description Enable log periodic
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
max-dynamic-entry-count
Description Maximum count for dynamic source zone service entry allowed for this class-list
Type: number
Range: 0-2147483647
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template
Description: zone-template is a JSON Block. Please see below for zone-list_ip-proto_proto-number-list_src-based-policy-list_policy-class-list-list_zone-template
Type: Object
zone-list_ip-proto_proto-number-list_src-based-policy-list_policy-class-list-list_zone-template¶
Specification Value Type object ip-proto
Description DDOS ip-proto template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
logging
Description DDOS logging template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
zone-list_ip-proto_proto-number-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list¶
Specification Value Type list Block object keys action
Description ‘bypass’: Always permit for the Source to bypass all feature & limit checks; ‘deny’: Blacklist incoming packets for service;
Type: string
Supported Values: bypass, deny
dummy-name
Description ‘configuration’: Configure overflow policy for class-list;
Type: string
Supported Values: configuration
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
log-enable
Description Enable logging
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
log-periodic
Description Enable log periodic
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template
Description: zone-template is a JSON Block. Please see below for zone-list_ip-proto_proto-number-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list_zone-template
Type: Object
zone-list_ip-proto_proto-number-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list_zone-template¶
Specification Value Type object ip-proto
Description DDOS ip-proto template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
zone-list_ip-proto_proto-number-list_port-ind¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-list_ip-proto_proto-number-list_ip-filtering-policy-statistics¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-list_ip-proto_proto-number-list_topk-sources¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-list_ip-proto_proto-number-list_esp-inspect¶
Specification Value Type object auth-algorithm
Description ‘AUTH_NULL’: No Integrity Check Value; ‘HMAC-SHA-1-96’: 96 bit Auth Algo; ‘HMAC-SHA-256-96’: 96 bit Auth Algo; ‘HMAC-SHA-256-128’: 128 bit Auth Algo; ‘HMAC-SHA-384-192’: 192 bit Auth Algo; ‘HMAC-SHA-512-256’: 256 bit Auth Algo; ‘HMAC-MD5-96’: 96 bit Auth Algo; ‘MAC-RIPEMD-160-96’: 96 bit Auth Algo;
Type: string
Supported Values: AUTH_NULL, HMAC-SHA-1-96, HMAC-SHA-256-96, HMAC-SHA-256-128, HMAC-SHA-384-192, HMAC-SHA-512-256, HMAC-MD5-96, MAC-RIPEMD-160-96
encrypt-algorithm
Description ‘NULL’: Null Encryption Algorithm;
Type: string
Supported Values: NULL
mode
Description ‘transport’: Transport mode;
Type: string
Supported Values: transport
zone-list_ip-proto_proto-number-list_topk-destinations¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-list_ip-proto_proto-name-list¶
Specification Value Type list Block object keys age
Description Idle age for ip entry
Type: number
Range: 2-1023
Default: 5
apply-policy-on-overflow
Description Enable this flag to apply overflow policy when dynamic entry count overflows
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
deny
Description Blacklist and Drop all incoming packets for ip-proto icmp-v4
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
drop-frag-pkt
Description Drop fragmented packets
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dynamic-entry-count-warn-threshold
Description Set threshold percentage of “max-src-dst-entry” for generating warning logs. Including start and end.
Type: number
Range: 1-100
dynamic-entry-overflow-policy-list
Type: List
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol}/dynamic-entry-overflow-policy/{dummy-name}
enable-class-list-overflow
Description Apply class-list overflow policy upon exceeding dynamic entry count specified for zone-port or class-list
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
enable-top-k
Description Enable ddos top-k detection
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
enable-top-k-destination
Description Enable ddos top-k destination IP detection
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
faster-de-escalation
Description De-escalate faster in standalone mode
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid-cfg
Description: glid-cfg is a JSON Block. Please see below for zone-list_ip-proto_proto-name-list_glid-cfg
Type: Object
ip-filtering-policy
Description Configure IP Filter
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/ip-filtering-policy
ip-filtering-policy-statistics
Description: ip-filtering-policy-statistics is a JSON Block. Please see below for zone-list_ip-proto_proto-name-list_ip-filtering-policy-statistics
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol}/ip-filtering-policy-statistics
key-cfg
Type: Listlevel-list
Type: List
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol}/level/{level-num}
manual-mode-enable
Description Toggle manual mode to use fix templates
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
manual-mode-list
Type: List
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol}/manual-mode/{config}
max-dynamic-entry-count
Description Maximum count for dynamic source zone service entry
Type: number
Range: 0-2147483647
port-ind
Description: port-ind is a JSON Block. Please see below for zone-list_ip-proto_proto-name-list_port-ind
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol}/port-ind
protocol
Description ‘icmp-v4’: ip-proto icmp-v4; ‘icmp-v6’: ip-proto icmp-v6; ‘other’: ip-proto other; ‘gre’: ip-proto gre; ‘ipv4-encap’: ip-proto IPv4 Encapsulation; ‘ipv6-encap’: ip-proto IPv6 Encapsulation;
Type: string
Supported Values: icmp-v4, icmp-v6, other, gre, ipv4-encap, ipv6-encap
src-based-policy-list
Type: List
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol}/src-based-policy/{src-based-policy-name}
topk-destinations
Description: topk-destinations is a JSON Block. Please see below for zone-list_ip-proto_proto-name-list_topk-destinations
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol}/topk-destinations
topk-dst-num-records
Description Maximum number of records to show in topk
Type: number
Range: 1-100
Default: 20
topk-dst-sort-key
Description ‘avg’: window average; ‘max-peak’: max peak;
Type: string
Supported Values: avg, max-peak
Default: avg
topk-num-records
Description Maximum number of records to show in topk
Type: number
Range: 1-100
Default: 20
topk-sort-key
Description ‘avg’: window average; ‘max-peak’: max peak;
Type: string
Supported Values: avg, max-peak
Default: avg
topk-sources
Description: topk-sources is a JSON Block. Please see below for zone-list_ip-proto_proto-name-list_topk-sources
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol}/topk-sources
tunnel-decap
Description Enable tunnel decapsulation
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
tunnel-rate-limit
Description Enable DDOS-protection on tunnel traffic
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-list_ip-proto_proto-name-list_dynamic-entry-overflow-policy-list¶
Specification Value Type list Block object keys action
Description ‘bypass’: Always permit for the Source to bypass all feature & limit checks; ‘deny’: Blacklist incoming packets for service;
Type: string
Supported Values: bypass, deny
dummy-name
Description ‘configuration’: Configure overflow policy;
Type: string
Supported Values: configuration
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template
Description: zone-template is a JSON Block. Please see below for zone-list_ip-proto_proto-name-list_dynamic-entry-overflow-policy-list_zone-template
Type: Object
zone-list_ip-proto_proto-name-list_dynamic-entry-overflow-policy-list_zone-template¶
Specification Value Type object encap
Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
icmp-v4
Description DDOS icmp-v4 template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
icmp-v6
Description DDOS icmp-v6 template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
ip-proto
Description DDOS ip-proto template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
zone-list_ip-proto_proto-name-list_key-cfg¶
Specification Value Type list Block object keys key
Description Only decapsulate GRE packet with this key (Hexadecimal 0x0-0xFFFFFFFF,decimal 0-4294967295)
Type: string
Maximum Length: 10 characters
Maximum Length: 1 characters
zone-list_ip-proto_proto-name-list_glid-cfg¶
Specification Value Type object action-list
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: action-list and glid-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
glid
Description Global limit ID for the whole zone
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
glid-action
Description ‘drop’: Drop packets for glid exceed (Default); ‘ignore’: Do nothing for glid exceed;
Type: string
Supported Values: drop, ignore
Mutual Exclusion: glid-action and action-list are mutually exclusive
per-addr-glid
Description Global limit ID per address
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
zone-list_ip-proto_proto-name-list_level-list¶
Specification Value Type list Block object keys glid-action
Description ‘drop’: Drop packets for glid exceed (Default); ‘blacklist-src’: Blacklist-src for glid exceed; ‘ignore’: Do nothing for glid exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
indicator-list
Type: List
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol}/level/{level-num}/indicator/{type}
level-num
Description ‘0’: Default policy level; ‘1’: Policy level 1; ‘2’: Policy level 2; ‘3’: Policy level 3; ‘4’: Policy level 4;
Type: string
Supported Values: 0, 1, 2, 3, 4
src-default-glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
src-escalation-score
Description Source activation score of this level
Type: number
Range: 1-1000000
src-violation-actions
Description Violation actions apply due to source escalate from this level
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/violation-actions
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-escalation-score
Description Zone activation score of this level
Type: number
Range: 1-1000000
zone-template
Description: zone-template is a JSON Block. Please see below for zone-list_ip-proto_proto-name-list_level-list_zone-template
Type: Object
zone-violation-actions
Description Violation actions apply due to zone escalate from this level
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/violation-actions
zone-list_ip-proto_proto-name-list_level-list_zone-template¶
Specification Value Type object encap
Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
icmp-v4
Description DDOS icmp-v4 template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
icmp-v6
Description DDOS icmp-v6 template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
ip-proto
Description DDOS ip-proto template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
zone-list_ip-proto_proto-name-list_level-list_indicator-list¶
Specification Value Type list Block object keys data-packet-size
Description Expected minimal data size
Type: number
Range: 1-1500
score
Description Score corresponding to the indicator
Type: number
Range: 1-1000000
src-threshold-large-num
Description Indicator per-src threshold
Type: number
Range: 1-10995116277760
src-threshold-num
Description Indicator per-src threshold
Type: number
Range: 1-2147483647
src-threshold-str
Description Indicator per-src threshold
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
src-violation-actions
Description Violation actions to use when this src indicator threshold reaches
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/violation-actions
type
Description ‘pkt-rate’: rate of incoming packets; ‘pkt-drop-rate’: rate of packets got dropped; ‘pkt-drop-ratio’: ratio of incoming packet rate divided by the rate of dropping packets; ‘bytes-to-bytes-from-ratio’: ratio of incoming packet rate divided by the rate of outgoing packets; ‘frag-rate’: rate of incoming fragmented packets; ‘cpu-utilization’: average data CPU utilization; ‘interface-utilization’: outside interface utilization;
Type: string
Supported Values: pkt-rate, pkt-drop-rate, bit-rate, pkt-drop-ratio, bytes-to-bytes-from-ratio, frag-rate, cpu-utilization, interface-utilization, learnt-sources
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-threshold-large-num
Description Threshold for the entire zone
Type: number
Range: 1-10995116277760
zone-threshold-num
Description Threshold for the entire zone
Type: number
Range: 1-2147483647
zone-threshold-str
Description Threshold for the entire zone
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
zone-violation-actions
Description Violation actions to use when this zone indicator threshold reaches
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/violation-actions
zone-list_ip-proto_proto-name-list_manual-mode-list¶
Specification Value Type list Block object keys config
Description ‘configuration’: Manual-mode configuration;
Type: string
Supported Values: configuration
glid-action
Description ‘drop’: Drop packets for glid exceed (Default); ‘blacklist-src’: Blacklist-src for glid exceed; ‘ignore’: Do nothing for glid exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
src-default-glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template
Description: zone-template is a JSON Block. Please see below for zone-list_ip-proto_proto-name-list_manual-mode-list_zone-template
Type: Object
zone-list_ip-proto_proto-name-list_manual-mode-list_zone-template¶
Specification Value Type object encap
Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
icmp-v4
Description DDOS icmp-v4 template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
icmp-v6
Description DDOS icmp-v6 template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
ip-proto
Description DDOS ip-proto template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
zone-list_ip-proto_proto-name-list_src-based-policy-list¶
Specification Value Type list Block object keys policy-class-list-list
src-based-policy-name
Description Specify name of the policy
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-list_ip-proto_proto-name-list_src-based-policy-list_policy-class-list-list¶
Specification Value Type list Block object keys action
Description ‘bypass’: Always permit for the Source to bypass all feature & limit checks; ‘deny’: Blacklist incoming packets for service;
Type: string
Supported Values: bypass, deny
class-list-name
Description Class-list name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
class-list-overflow-policy-list
dynamic-entry-count-warn-threshold
Description Set threshold percentage of “max-src-dst-entry” for generating warning logs. Including start and end.
Type: number
Range: 1-100
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
glid-action
Description ‘drop’: Drop packets for glid exceed (Default); ‘blacklist-src’: Blacklist-src for glid exceed; ‘ignore’: Do nothing for glid exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
log-enable
Description Enable logging
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
log-periodic
Description Enable log periodic
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
max-dynamic-entry-count
Description Maximum count for dynamic source zone service entry allowed for this class-list
Type: number
Range: 0-2147483647
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template
Description: zone-template is a JSON Block. Please see below for zone-list_ip-proto_proto-name-list_src-based-policy-list_policy-class-list-list_zone-template
Type: Object
zone-list_ip-proto_proto-name-list_src-based-policy-list_policy-class-list-list_zone-template¶
Specification Value Type object encap
Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
icmp-v4
Description DDOS icmp-v4 template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
icmp-v6
Description DDOS icmp-v6 template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
ip-proto
Description DDOS ip-proto template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
logging
Description DDOS logging template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
zone-list_ip-proto_proto-name-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list¶
Specification Value Type list Block object keys action
Description ‘bypass’: Always permit for the Source to bypass all feature & limit checks; ‘deny’: Blacklist incoming packets for service;
Type: string
Supported Values: bypass, deny
dummy-name
Description ‘configuration’: Configure overflow policy for class-list;
Type: string
Supported Values: configuration
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
log-enable
Description Enable logging
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
log-periodic
Description Enable log periodic
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template
Description: zone-template is a JSON Block. Please see below for zone-list_ip-proto_proto-name-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list_zone-template
Type: Object
zone-list_ip-proto_proto-name-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list_zone-template¶
Specification Value Type object encap
Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
icmp-v4
Description DDOS icmp-v4 template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
icmp-v6
Description DDOS icmp-v6 template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
ip-proto
Description DDOS ip-proto template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
zone-list_ip-proto_proto-name-list_port-ind¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-list_ip-proto_proto-name-list_ip-filtering-policy-statistics¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-list_ip-proto_proto-name-list_topk-sources¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-list_ip-proto_proto-name-list_topk-destinations¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-list_ip-proto_proto-tcp-udp-list¶
Specification Value Type list Block object keys deny
Description Blacklist and Drop all incoming packets for this ip-proto
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
drop-frag-pkt
Description Drop fragmented packets
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid-cfg
Description: glid-cfg is a JSON Block. Please see below for zone-list_ip-proto_proto-tcp-udp-list_glid-cfg
Type: Object
ip-filtering-policy
Description Configure IP Filter
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/ip-filtering-policy
ip-filtering-policy-statistics
Description: ip-filtering-policy-statistics is a JSON Block. Please see below for zone-list_ip-proto_proto-tcp-udp-list_ip-filtering-policy-statistics
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-tcp-udp/{protocol}/ip-filtering-policy-statistics
protocol
Description ‘tcp’: ip-proto tcp; ‘udp’: ip-proto udp;
Type: string
Supported Values: tcp, udp
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-list_ip-proto_proto-tcp-udp-list_ip-filtering-policy-statistics¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-list_ip-proto_proto-tcp-udp-list_glid-cfg¶
Specification Value Type object action-list
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: action-list and glid-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
glid
Description Global limit ID for the whole zone
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
glid-action
Description ‘drop’: Drop packets for glid exceed (Default); ‘ignore’: Do nothing for glid exceed;
Type: string
Supported Values: drop, ignore
Mutual Exclusion: glid-action and action-list are mutually exclusive
per-addr-glid
Description Global limit ID per address
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
zone-list_port-range-list¶
Specification Value Type list Block object keys age
Description Idle age for ip entry
Type: number
Range: 2-1023
Default: 5
apply-policy-on-overflow
Description Enable this flag to apply overflow policy when dynamic entry count overflows
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
capture-config
Description: capture-config is a JSON Block. Please see below for zone-list_port-range-list_capture-config
Type: Object
default-action-list
Description Configure default-action-list
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/action-list
deny
Description Blacklist and Drop all incoming packets for protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dynamic-entry-count-warn-threshold
Description Set threshold percentage of “max-src-dst-entry” for generating warning logs. Including start and end.
Type: number
Range: 1-100
dynamic-entry-overflow-policy-list
enable-class-list-overflow
Description Apply class-list overflow policy upon exceeding dynamic entry count specified under zone port or each class-list
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
enable-top-k
Description Enable ddos top-k detection
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
enable-top-k-destination
Description Enable ddos top-k destination IP detection
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
faster-de-escalation
Description De-escalate faster in standalone mode
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid-cfg
Description: glid-cfg is a JSON Block. Please see below for zone-list_port-range-list_glid-cfg
Type: Object
ip-filtering-policy
Description Configure IP Filter
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/ip-filtering-policy
ip-filtering-policy-statistics
Description: ip-filtering-policy-statistics is a JSON Block. Please see below for zone-list_port-range-list_ip-filtering-policy-statistics
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/ip-filtering-policy-statistics
level-list
Type: List
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/level/{level-num}
manual-mode-enable
Description Toggle manual mode to use fix templates
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
manual-mode-list
Type: List
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/manual-mode/{config}
max-dynamic-entry-count
Description Maximum count for dynamic source zone service entry
Type: number
Range: 0-2147483647
outbound-only
Description Only allow outbound traffic
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
pattern-recognition
Description: pattern-recognition is a JSON Block. Please see below for zone-list_port-range-list_pattern-recognition
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/pattern-recognition
pattern-recognition-pu-details
Description: pattern-recognition-pu-details is a JSON Block. Please see below for zone-list_port-range-list_pattern-recognition-pu-details
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/pattern-recognition-pu-details
port-ind
Description: port-ind is a JSON Block. Please see below for zone-list_port-range-list_port-ind
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/port-ind
port-range-end
Description Port-Range End Port Number
Type: number
Range: 1-65535
port-range-start
Description Port-Range Start Port Number
Type: number
Range: 1-65535
protocol
Description ‘dns-tcp’: DNS-TCP Port; ‘dns-udp’: DNS-UDP Port; ‘http’: HTTP Port; ‘tcp’: TCP Port; ‘udp’: UDP Port; ‘ssl-l4’: SSL-L4 Port; ‘sip-udp’: SIP-UDP Port; ‘sip-tcp’: SIP-TCP Port; ‘quic’: QUIC Port;
Type: string
Supported Values: dns-tcp, dns-udp, http, tcp, udp, ssl-l4, sip-udp, sip-tcp, quic
sflow-common
Description Enable all sFlow polling options under this zone port
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: sflow-common,sflow-packets, sflow-tcp-basic, sflow-tcp-stateful, and sflow-http are mutually exclusive
sflow-http
Description Enable sFlow HTTP counter polling
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: sflow-http and sflow-common are mutually exclusive
sflow-packets
Description Enable sFlow packet-level counter polling
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: sflow-packets and sflow-common are mutually exclusive
sflow-tcp
Description: sflow-tcp is a JSON Block. Please see below for zone-list_port-range-list_sflow-tcp
Type: Object
src-based-policy-list
stateful
Description Enable stateful tracking of sessions (Default is stateless)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
topk-destinations
Description: topk-destinations is a JSON Block. Please see below for zone-list_port-range-list_topk-destinations
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/topk-destinations
topk-dst-num-records
Description Maximum number of records to show in topk
Type: number
Range: 1-100
Default: 20
topk-dst-sort-key
Description ‘avg’: window average; ‘max-peak’: max peak;
Type: string
Supported Values: avg, max-peak
Default: avg
topk-num-records
Description Maximum number of records to show in topk
Type: number
Range: 1-100
Default: 20
topk-sort-key
Description ‘avg’: window average; ‘max-peak’: max peak;
Type: string
Supported Values: avg, max-peak
Default: avg
topk-sources
Description: topk-sources is a JSON Block. Please see below for zone-list_port-range-list_topk-sources
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/topk-sources
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
virtualhosts
Description: virtualhosts is a JSON Block. Please see below for zone-list_port-range-list_virtualhosts
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/virtualhosts
zone-list_port-range-list_pattern-recognition¶
Specification Value Type object algorithm
Description ‘heuristic’: heuristic algorithm;
Type: string
Supported Values: heuristic
capture-traffic
Description ‘all’: Capture all packets; ‘dropped’: Capture dropped packets (default);
Type: string
Supported Values: all, dropped
triggered-by
Description ‘zone-escalation’: Zone escalation trigger pattern recognition; ‘packet-rate-exceeds’: Packet rate limit exceeds trigger pattern recognition (default);
Type: string
Supported Values: zone-escalation, packet-rate-exceeds
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-list_port-range-list_dynamic-entry-overflow-policy-list¶
Specification Value Type list Block object keys action
Description ‘bypass’: Always permit for the Source to bypass all feature & limit checks; ‘deny’: Blacklist incoming packets for service;
Type: string
Supported Values: bypass, deny
dummy-name
Description ‘configuration’: Configure overflow policy;
Type: string
Supported Values: configuration
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
log-enable
Description Enable logging
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
log-periodic
Description Enable log periodic
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template
Description: zone-template is a JSON Block. Please see below for zone-list_port-range-list_dynamic-entry-overflow-policy-list_zone-template
Type: Object
zone-list_port-range-list_dynamic-entry-overflow-policy-list_zone-template¶
Specification Value Type object dns
Description DDOS dns template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
encap
Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
http
Description DDOS http template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
logging
Description DDOS logging template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
quic
Description DDOS quic template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
sip
Description DDOS sip template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
ssl-l4
Description DDOS ssl-l4 template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
tcp
Description DDOS tcp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
udp
Description DDOS udp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
zone-list_port-range-list_glid-cfg¶
Specification Value Type object action-list
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: action-list and glid-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
glid
Description Global limit ID for the whole zone
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
glid-action
Description ‘drop’: Drop packets for glid exceed (Default if default-action-list is not configured); ‘ignore’: Do nothing for glid exceed;
Type: string
Supported Values: drop, ignore
Mutual Exclusion: glid-action and action-list are mutually exclusive
per-addr-glid
Description Global limit ID per address
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
zone-list_port-range-list_level-list¶
Specification Value Type list Block object keys apply-extracted-filters
Description Apply extracted filters from this level
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
clear-sources-upon-deescalation
Description Clear sources upon de-escalation from level 1 to 0 or manual to 0
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
close-sessions-for-all-sources
Description Close session for all sources
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
close-sessions-for-unauth-sources
Description Close session for unauthenticated sources
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid-action
Description ‘drop’: Drop packets for glid exceed (Default); ‘blacklist-src’: Blacklist-src for glid exceed; ‘ignore’: Do nothing for glid exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
indicator-list
level-num
Description ‘0’: Default policy level; ‘1’: Policy level 1; ‘2’: Policy level 2; ‘3’: Policy level 3; ‘4’: Policy level 4;
Type: string
Supported Values: 0, 1, 2, 3, 4
src-default-glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
src-escalation-score
Description Source activation score of this level
Type: number
Range: 1-1000000
src-violation-actions
Description Violation actions apply due to source escalate from this level
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/violation-actions
start-pattern-recognition
Description Start pattern recognition from this level
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-escalation-score
Description Zone activation score of this level
Type: number
Range: 1-1000000
zone-template
Description: zone-template is a JSON Block. Please see below for zone-list_port-range-list_level-list_zone-template
Type: Object
zone-violation-actions
Description Violation actions apply due to zone escalate from this level
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/violation-actions
zone-list_port-range-list_level-list_zone-template¶
Specification Value Type object dns
Description DDOS dns template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
encap
Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
http
Description DDOS http template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
quic
Description DDOS quic template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
sip
Description DDOS sip template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
ssl-l4
Description DDOS ssl-l4 template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
tcp
Description DDOS tcp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
udp
Description DDOS udp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
zone-list_port-range-list_level-list_indicator-list¶
Specification Value Type list Block object keys data-packet-size
Description Expected minimal data size
Type: number
Range: 1-1500
score
Description Score corresponding to the indicator
Type: number
Range: 1-1000000
src-threshold-large-num
Description Indicator per-src threshold
Type: number
Range: 1-10995116277760
src-threshold-num
Description Indicator per-src threshold
Type: number
Range: 1-2147483647
src-threshold-str
Description Indicator per-src threshold
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
src-violation-actions
Description Violation actions to use when this src indicator threshold reaches
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/violation-actions
tcp-window-size
Description Expected minimal window size
Type: number
Range: 1-500
type
Description ‘pkt-rate’: rate of incoming packets; ‘pkt-drop-rate’: rate of packets got dropped; ‘pkt-drop-ratio’: ratio of incoming packet rate divided by the rate of dropping packets; ‘bytes-to-bytes-from-ratio’: ratio of incoming packet rate divided by the rate of outgoing packets; ‘concurrent-conns’: number of concurrent connections; ‘conn-miss-rate’: rate of incoming packets for which no previously established connection exists; ‘syn-rate’: rate on incoming SYN packets; ‘fin-rate’: rate on incoming FIN packets; ‘rst-rate’: rate of incoming RST packets; ‘small-window-ack-rate’: rate of small window advertisement; ‘empty-ack-rate’: rate of incoming packets which have no payload; ‘small-payload-rate’: rate of short payload packet; ‘syn-fin-ratio’: ratio of incoming SYN packet rate divided by the rate of incoming FIN packets; ‘cpu-utilization’: average data CPU utilization; ‘interface-utilization’: outside interface utilization;
Type: string
Supported Values: pkt-rate, pkt-drop-rate, bit-rate, pkt-drop-ratio, bytes-to-bytes-from-ratio, concurrent-conns, conn-miss-rate, syn-rate, fin-rate, rst-rate, small-window-ack-rate, empty-ack-rate, small-payload-rate, syn-fin-ratio, cpu-utilization, interface-utilization, learnt-sources
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-threshold-large-num
Description Threshold for the entire zone
Type: number
Range: 1-10995116277760
zone-threshold-num
Description Threshold for the entire zone
Type: number
Range: 1-2147483647
zone-threshold-str
Description Threshold for the entire zone
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
zone-violation-actions
Description Violation actions to use when this zone indicator threshold reaches
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/violation-actions
zone-list_port-range-list_virtualhosts¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
vhosts-config
Description ‘configuration’: configure virtualhost based mitigation for ssl services;
Type: string
Supported Values: configuration
virtualhost-list
zone-list_port-range-list_virtualhosts_virtualhost-list¶
Specification Value Type list Block object keys deny
Description Blacklist and Drop all incoming packets for protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid-cfg
Description: glid-cfg is a JSON Block. Please see below for zone-list_port-range-list_virtualhosts_virtualhost-list_glid-cfg
Type: Object
level-list
servername
Type: Listservername-list
Description Class List to match servername (Class List Name)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
servername-match-any
Description Match when there is no SNI or other servernames are not matched
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
vhost
Description name for virtualhost
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
zone-list_port-range-list_virtualhosts_virtualhost-list_servername¶
Specification Value Type list Block object keys host-match-string
Description SNI String
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
match-type
Description ‘contains’: match servername extension when contains this string; ‘ends-with’: match servername extension when ends with this string; ‘equals’: match servername extension when equals this string; ‘starts-with’: match servername extension when starts with this string;
Type: string
Supported Values: contains, ends-with, equals, starts-with
zone-list_port-range-list_virtualhosts_virtualhost-list_glid-cfg¶
Specification Value Type object glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
glid-action
Description ‘drop’: Drop packets for glid exceed (Default); ‘ignore’: Do nothing for glid exceed;
Type: string
Supported Values: drop, ignore
zone-list_port-range-list_virtualhosts_virtualhost-list_level-list¶
Specification Value Type list Block object keys glid-action
Description ‘drop’: Drop packets for glid exceed (Default); ‘blacklist-src’: Blacklist-src for glid exceed; ‘ignore’: Do nothing for glid exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
level-num
Description ‘0’: Default policy level;
Type: string
Supported Values: 0
src-default-glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template
Description: zone-template is a JSON Block. Please see below for zone-list_port-range-list_virtualhosts_virtualhost-list_level-list_zone-template
Type: Object
zone-list_port-range-list_virtualhosts_virtualhost-list_level-list_zone-template¶
Specification Value Type object ssl-l4
Description DDOS ssl-l4 template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
tcp
Description DDOS tcp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
zone-list_port-range-list_manual-mode-list¶
Specification Value Type list Block object keys close-sessions-for-all-sources
Description Close session for all sources
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
config
Description ‘configuration’: Manual-mode configuration;
Type: string
Supported Values: configuration
glid-action
Description ‘drop’: Drop packets for glid exceed (Default); ‘blacklist-src’: Blacklist-src for glid exceed; ‘ignore’: Do nothing for glid exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
src-default-glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template
Description: zone-template is a JSON Block. Please see below for zone-list_port-range-list_manual-mode-list_zone-template
Type: Object
zone-list_port-range-list_manual-mode-list_zone-template¶
Specification Value Type object dns
Description DDOS dns template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
encap
Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
http
Description DDOS http template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
quic
Description DDOS quic template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
sip
Description DDOS sip template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
ssl-l4
Description DDOS ssl-l4 template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
tcp
Description DDOS tcp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
udp
Description DDOS udp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
zone-list_port-range-list_src-based-policy-list¶
Specification Value Type list Block object keys policy-class-list-list
src-based-policy-name
Description Specify name of the policy
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-list_port-range-list_src-based-policy-list_policy-class-list-list¶
Specification Value Type list Block object keys action
Description ‘bypass’: Always permit for the Source to bypass all feature & limit checks; ‘deny’: Blacklist incoming packets for service;
Type: string
Supported Values: bypass, deny
class-list-name
Description Class-list name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
class-list-overflow-policy-list
dynamic-entry-count-warn-threshold
Description Set threshold percentage of “max-src-dst-entry” for generating warning logs. Including start and end.
Type: number
Range: 1-100
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
glid-action
Description ‘drop’: Drop packets for glid exceed (Default); ‘blacklist-src’: Blacklist-src for glid exceed; ‘ignore’: Do nothing for glid exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
max-dynamic-entry-count
Description Maximum count for dynamic source zone service entry allowed for this class-list
Type: number
Range: 0-2147483647
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template
Description: zone-template is a JSON Block. Please see below for zone-list_port-range-list_src-based-policy-list_policy-class-list-list_zone-template
Type: Object
zone-list_port-range-list_src-based-policy-list_policy-class-list-list_zone-template¶
Specification Value Type object dns
Description DDOS dns template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
encap
Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
http
Description DDOS http template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
ips
Description IPS template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
logging
Description DDOS logging template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
quic
Description DDOS quic template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
sip
Description DDOS sip template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
ssl-l4
Description DDOS ssl-l4 template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
tcp
Description DDOS tcp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
udp
Description DDOS udp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
zone-list_port-range-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list¶
Specification Value Type list Block object keys action
Description ‘bypass’: Always permit for the Source to bypass all feature & limit checks; ‘deny’: Blacklist incoming packets for service;
Type: string
Supported Values: bypass, deny
dummy-name
Description ‘configuration’: Configure overflow policy for class-list;
Type: string
Supported Values: configuration
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
log-enable
Description Enable logging
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
log-periodic
Description Enable log periodic
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template
Description: zone-template is a JSON Block. Please see below for zone-list_port-range-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list_zone-template
Type: Object
zone-list_port-range-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list_zone-template¶
Specification Value Type object dns
Description DDOS dns template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
encap
Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
http
Description DDOS http template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
logging
Description DDOS logging template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
quic
Description DDOS quic template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
sip
Description DDOS sip template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
ssl-l4
Description DDOS ssl-l4 template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
tcp
Description DDOS tcp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
udp
Description DDOS udp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
zone-list_port-range-list_pattern-recognition-pu-details¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-list_port-range-list_port-ind¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-list_port-range-list_ip-filtering-policy-statistics¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-list_port-range-list_sflow-tcp¶
Specification Value Type object sflow-tcp-basic
Description Enable sFlow basic TCP counter polling
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: sflow-tcp-basic and sflow-common are mutually exclusive
sflow-tcp-stateful
Description Enable sFlow stateful TCP counter polling
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: sflow-tcp-stateful and sflow-common are mutually exclusive
zone-list_port-range-list_topk-sources¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-list_port-range-list_capture-config¶
Specification Value Type object capture-config-mode
Description ‘drop’: Apply capture-config to dropped packets; ‘forward’: Apply capture-config to forwarded packets; ‘all’: Apply capture-config to both dropped and forwarded packets;
Type: string
Supported Values: drop, forward, all
capture-config-name
Description Capture-config name
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
zone-list_port-range-list_topk-destinations¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-list_collector¶
Specification Value Type list Block object keys sflow-name
Description Name of configured custom sFlow collector
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/sflow/collector/custom
zone-list_port¶
Specification Value Type object zone-service-list
Type: List
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}
zone-service-other-list
Type: List
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}
zone-list_port_zone-service-list¶
Specification Value Type list Block object keys age
Description Idle age for ip entry
Type: number
Range: 2-1023
Default: 5
apply-policy-on-overflow
Description Enable this flag to apply overflow policy when dynamic entry count overflows
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
capture-config
Description: capture-config is a JSON Block. Please see below for zone-list_port_zone-service-list_capture-config
Type: Object
default-action-list
Description Configure default-action-list
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/action-list
deny
Description Blacklist and Drop all incoming packets for protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dynamic-entry-count-warn-threshold
Description Set threshold percentage of “max-src-dst-entry” for generating warning logs. Including start and end.
Type: number
Range: 1-100
dynamic-entry-overflow-policy-list
enable-class-list-overflow
Description Apply class-list overflow policy upon exceeding dynamic entry count specified for zone-port or class-list
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
enable-top-k
Description Enable ddos top-k detection
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
enable-top-k-destination
Description Enable ddos top-k destination IP detection
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
faster-de-escalation
Description De-escalate faster in standalone mode
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid-cfg
Description: glid-cfg is a JSON Block. Please see below for zone-list_port_zone-service-list_glid-cfg
Type: Object
ip-filtering-policy
Description Configure IP Filter
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/ip-filtering-policy
ip-filtering-policy-statistics
Description: ip-filtering-policy-statistics is a JSON Block. Please see below for zone-list_port_zone-service-list_ip-filtering-policy-statistics
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/ip-filtering-policy-statistics
level-list
Type: List
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/level/{level-num}
manual-mode-enable
Description Toggle manual mode to use fix templates
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
manual-mode-list
Type: List
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/manual-mode/{config}
max-dynamic-entry-count
Description Maximum count for dynamic source zone service entry
Type: number
Range: 0-2147483647
outbound-only
Description Only allow outbound traffic
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
pattern-recognition
Description: pattern-recognition is a JSON Block. Please see below for zone-list_port_zone-service-list_pattern-recognition
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/pattern-recognition
pattern-recognition-pu-details
Description: pattern-recognition-pu-details is a JSON Block. Please see below for zone-list_port_zone-service-list_pattern-recognition-pu-details
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/pattern-recognition-pu-details
port-ind
Description: port-ind is a JSON Block. Please see below for zone-list_port_zone-service-list_port-ind
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/port-ind
port-num
Description Port Number
Type: number
Range: 1-65535
protocol
Description ‘dns-tcp’: DNS-TCP Port; ‘dns-udp’: DNS-UDP Port; ‘http’: HTTP Port; ‘tcp’: TCP Port; ‘udp’: UDP Port; ‘ssl-l4’: SSL-L4 Port; ‘sip-udp’: SIP-UDP Port; ‘sip-tcp’: SIP-TCP Port; ‘quic’: QUIC Port;
Type: string
Supported Values: dns-tcp, dns-udp, http, tcp, udp, ssl-l4, sip-udp, sip-tcp, quic
sflow-common
Description Enable all sFlow polling options under this zone port
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: sflow-common,sflow-packets, sflow-tcp-basic, sflow-tcp-stateful, and sflow-http are mutually exclusive
sflow-http
Description Enable sFlow HTTP counter polling
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: sflow-http and sflow-common are mutually exclusive
sflow-packets
Description Enable sFlow packet-level counter polling
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: sflow-packets and sflow-common are mutually exclusive
sflow-tcp
Description: sflow-tcp is a JSON Block. Please see below for zone-list_port_zone-service-list_sflow-tcp
Type: Object
signature-extraction
Description: signature-extraction is a JSON Block. Please see below for zone-list_port_zone-service-list_signature-extraction
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/signature-extraction
src-based-policy-list
Type: List
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/src-based-policy/{src-based-policy-name}
stateful
Description Enable stateful tracking of sessions (Default is stateless)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
topk-destinations
Description: topk-destinations is a JSON Block. Please see below for zone-list_port_zone-service-list_topk-destinations
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/topk-destinations
topk-dst-num-records
Description Maximum number of records to show in topk
Type: number
Range: 1-100
Default: 20
topk-dst-sort-key
Description ‘avg’: window average; ‘max-peak’: max peak;
Type: string
Supported Values: avg, max-peak
Default: avg
topk-num-records
Description Maximum number of records to show in topk
Type: number
Range: 1-100
Default: 20
topk-sort-key
Description ‘avg’: window average; ‘max-peak’: max peak;
Type: string
Supported Values: avg, max-peak
Default: avg
topk-sources
Description: topk-sources is a JSON Block. Please see below for zone-list_port_zone-service-list_topk-sources
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/topk-sources
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
virtualhosts
Description: virtualhosts is a JSON Block. Please see below for zone-list_port_zone-service-list_virtualhosts
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/virtualhosts
zone-list_port_zone-service-list_pattern-recognition¶
Specification Value Type object algorithm
Description ‘heuristic’: heuristic algorithm;
Type: string
Supported Values: heuristic
capture-traffic
Description ‘all’: Capture all packets; ‘dropped’: Capture dropped packets (default);
Type: string
Supported Values: all, dropped
triggered-by
Description ‘zone-escalation’: Zone escalation trigger pattern recognition; ‘packet-rate-exceeds’: Packet rate limit exceeds trigger pattern recognition (default);
Type: string
Supported Values: zone-escalation, packet-rate-exceeds
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-list_port_zone-service-list_dynamic-entry-overflow-policy-list¶
Specification Value Type list Block object keys action
Description ‘bypass’: Always permit for the Source to bypass all feature & limit checks; ‘deny’: Blacklist incoming packets for service;
Type: string
Supported Values: bypass, deny
dummy-name
Description ‘configuration’: Configure overflow policy;
Type: string
Supported Values: configuration
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
log-enable
Description Enable logging
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
log-periodic
Description Enable log periodic
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template
Description: zone-template is a JSON Block. Please see below for zone-list_port_zone-service-list_dynamic-entry-overflow-policy-list_zone-template
Type: Object
zone-list_port_zone-service-list_dynamic-entry-overflow-policy-list_zone-template¶
Specification Value Type object dns
Description DDOS dns template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
encap
Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
http
Description DDOS http template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
logging
Description DDOS logging template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
quic
Description DDOS quic template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
sip
Description DDOS sip template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
ssl-l4
Description DDOS ssl-l4 template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
tcp
Description DDOS tcp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
udp
Description DDOS udp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
zone-list_port_zone-service-list_glid-cfg¶
Specification Value Type object action-list
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: action-list and glid-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
glid
Description Global limit ID for the whole zone
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
glid-action
Description ‘drop’: Drop packets for glid exceed (Default if default-action-list is not configured); ‘ignore’: Do nothing for glid exceed;
Type: string
Supported Values: drop, ignore
Mutual Exclusion: glid-action and action-list are mutually exclusive
per-addr-glid
Description Global limit ID per address
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
zone-list_port_zone-service-list_signature-extraction¶
Specification Value Type object algorithm
Description ‘heuristic’: heuristic algorithm;
Type: string
Supported Values: heuristic
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-list_port_zone-service-list_level-list¶
Specification Value Type list Block object keys apply-extracted-filters
Description Apply extracted filters from this level
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
clear-sources-upon-deescalation
Description Clear sources upon de-escalation from level 1 to 0 or manual to 0
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
close-sessions-for-all-sources
Description Close session for all sources
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
close-sessions-for-unauth-sources
Description Close session for unauthenticated sources
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid-action
Description ‘drop’: Drop packets for glid exceed (Default); ‘blacklist-src’: Blacklist-src for glid exceed; ‘ignore’: Do nothing for glid exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
indicator-list
Type: List
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/level/{level-num}/indicator/{type}
level-num
Description ‘0’: Default policy level; ‘1’: Policy level 1; ‘2’: Policy level 2; ‘3’: Policy level 3; ‘4’: Policy level 4;
Type: string
Supported Values: 0, 1, 2, 3, 4
src-default-glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
src-escalation-score
Description Source activation score of this level
Type: number
Range: 1-1000000
src-violation-actions
Description Violation actions apply due to source escalate from this level
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/violation-actions
start-pattern-recognition
Description Start pattern recognition from this level
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-escalation-score
Description Zone activation score of this level
Type: number
Range: 1-1000000
zone-template
Description: zone-template is a JSON Block. Please see below for zone-list_port_zone-service-list_level-list_zone-template
Type: Object
zone-violation-actions
Description Violation actions apply due to zone escalate from this level
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/violation-actions
zone-list_port_zone-service-list_level-list_zone-template¶
Specification Value Type object dns
Description DDOS dns template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
encap
Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
http
Description DDOS http template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
quic
Description DDOS quic template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
sip
Description DDOS sip template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
ssl-l4
Description DDOS ssl-l4 template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
tcp
Description DDOS tcp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
udp
Description DDOS udp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
zone-list_port_zone-service-list_level-list_indicator-list¶
Specification Value Type list Block object keys data-packet-size
Description Expected minimal data size
Type: number
Range: 1-1500
score
Description Score corresponding to the indicator
Type: number
Range: 1-1000000
src-threshold-large-num
Description Indicator per-src threshold
Type: number
Range: 1-10995116277760
src-threshold-num
Description Indicator per-src threshold
Type: number
Range: 1-2147483647
src-threshold-str
Description Indicator per-src threshold
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
src-violation-actions
Description Violation actions to use when this src indicator threshold reaches
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/violation-actions
tcp-window-size
Description Expected minimal window size
Type: number
Range: 1-500
type
Description ‘pkt-rate’: rate of incoming packets; ‘pkt-drop-rate’: rate of packets got dropped; ‘pkt-drop-ratio’: ratio of incoming packet rate divided by the rate of dropping packets; ‘bytes-to-bytes-from-ratio’: ratio of incoming packet rate divided by the rate of outgoing packets; ‘concurrent-conns’: number of concurrent connections; ‘conn-miss-rate’: rate of incoming packets for which no previously established connection exists; ‘syn-rate’: rate on incoming SYN packets; ‘fin-rate’: rate on incoming FIN packets; ‘rst-rate’: rate of incoming RST packets; ‘small-window-ack-rate’: rate of small window advertisement; ‘empty-ack-rate’: rate of incoming packets which have no payload; ‘small-payload-rate’: rate of short payload packet; ‘syn-fin-ratio’: ratio of incoming SYN packet rate divided by the rate of incoming FIN packets; ‘cpu-utilization’: average data CPU utilization; ‘interface-utilization’: outside interface utilization;
Type: string
Supported Values: pkt-rate, pkt-drop-rate, bit-rate, pkt-drop-ratio, bytes-to-bytes-from-ratio, concurrent-conns, conn-miss-rate, syn-rate, fin-rate, rst-rate, small-window-ack-rate, empty-ack-rate, small-payload-rate, syn-fin-ratio, cpu-utilization, interface-utilization, learnt-sources
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-threshold-large-num
Description Threshold for the entire zone
Type: number
Range: 1-10995116277760
zone-threshold-num
Description Threshold for the entire zone
Type: number
Range: 1-2147483647
zone-threshold-str
Description Threshold for the entire zone
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
zone-violation-actions
Description Violation actions to use when this zone indicator threshold reaches
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/violation-actions
zone-list_port_zone-service-list_virtualhosts¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
vhosts-config
Description ‘configuration’: configure virtualhost based mitigation for ssl services;
Type: string
Supported Values: configuration
virtualhost-list
Type: List
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/virtualhosts/virtualhost/{vhost}
zone-list_port_zone-service-list_virtualhosts_virtualhost-list¶
Specification Value Type list Block object keys deny
Description Blacklist and Drop all incoming packets for protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid-cfg
Description: glid-cfg is a JSON Block. Please see below for zone-list_port_zone-service-list_virtualhosts_virtualhost-list_glid-cfg
Type: Object
level-list
servername
Type: Listservername-list
Description Class List to match servername (AC type Class List Name)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
servername-match-any
Description Match when there is no SNI or other servernames are not matched
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
servername-no-sni
Description Match when there is no SNI extension found
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
vhost
Description name for virtualhost
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
zone-list_port_zone-service-list_virtualhosts_virtualhost-list_servername¶
Specification Value Type list Block object keys host-match-string
Description SNI String
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
match-type
Description ‘contains’: match servername extension when contains this string; ‘ends-with’: match servername extension when ends with this string; ‘equals’: match servername extension when equals this string; ‘starts-with’: match servername extension when starts with this string;
Type: string
Supported Values: contains, ends-with, equals, starts-with
zone-list_port_zone-service-list_virtualhosts_virtualhost-list_glid-cfg¶
Specification Value Type object glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
glid-action
Description ‘drop’: Drop packets for glid exceed; ‘ignore’: Do nothing for glid exceed;
Type: string
Supported Values: drop, ignore
zone-list_port_zone-service-list_virtualhosts_virtualhost-list_level-list¶
Specification Value Type list Block object keys glid-action
Description ‘drop’: Drop packets for glid exceed (Default); ‘blacklist-src’: Blacklist-src for glid exceed; ‘ignore’: Do nothing for glid exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
level-num
Description ‘0’: Default policy level;
Type: string
Supported Values: 0
src-default-glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template
Description: zone-template is a JSON Block. Please see below for zone-list_port_zone-service-list_virtualhosts_virtualhost-list_level-list_zone-template
Type: Object
zone-list_port_zone-service-list_virtualhosts_virtualhost-list_level-list_zone-template¶
Specification Value Type object ssl-l4
Description DDOS ssl-l4 template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
tcp
Description DDOS tcp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
zone-list_port_zone-service-list_manual-mode-list¶
Specification Value Type list Block object keys close-sessions-for-all-sources
Description Close session for all sources
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
config
Description ‘configuration’: Manual-mode configuration;
Type: string
Supported Values: configuration
glid-action
Description ‘drop’: Drop packets for glid exceed (Default); ‘blacklist-src’: Blacklist-src for glid exceed; ‘ignore’: Do nothing for glid exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
src-default-glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template
Description: zone-template is a JSON Block. Please see below for zone-list_port_zone-service-list_manual-mode-list_zone-template
Type: Object
zone-list_port_zone-service-list_manual-mode-list_zone-template¶
Specification Value Type object dns
Description DDOS dns template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
encap
Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
http
Description DDOS http template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
quic
Description DDOS quic template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
sip
Description DDOS sip template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
ssl-l4
Description DDOS ssl-l4 template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
tcp
Description DDOS tcp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
udp
Description DDOS udp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
zone-list_port_zone-service-list_src-based-policy-list¶
Specification Value Type list Block object keys policy-class-list-list
src-based-policy-name
Description Specify name of the policy
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-list_port_zone-service-list_src-based-policy-list_policy-class-list-list¶
Specification Value Type list Block object keys action
Description ‘bypass’: Always permit for the Source to bypass all feature & limit checks; ‘deny’: Blacklist incoming packets for service;
Type: string
Supported Values: bypass, deny
class-list-name
Description Class-list name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
class-list-overflow-policy-list
dynamic-entry-count-warn-threshold
Description Set threshold percentage of “max-src-dst-entry” for generating warning logs. Including start and end.
Type: number
Range: 1-100
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
glid-action
Description ‘drop’: Drop packets for glid exceed (Default); ‘blacklist-src’: Blacklist-src for glid exceed; ‘ignore’: Do nothing for glid exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
log-enable
Description Enable logging
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
log-periodic
Description Enable log periodic
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
max-dynamic-entry-count
Description Maximum count for dynamic source zone service entry allowed for this class-list
Type: number
Range: 0-2147483647
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template
Description: zone-template is a JSON Block. Please see below for zone-list_port_zone-service-list_src-based-policy-list_policy-class-list-list_zone-template
Type: Object
zone-list_port_zone-service-list_src-based-policy-list_policy-class-list-list_zone-template¶
Specification Value Type object dns
Description DDOS dns template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
encap
Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
http
Description DDOS http template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
logging
Description DDOS logging template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
quic
Description DDOS quic template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
sip
Description DDOS sip template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
ssl-l4
Description DDOS ssl-l4 template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
tcp
Description DDOS tcp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
udp
Description DDOS udp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
zone-list_port_zone-service-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list¶
Specification Value Type list Block object keys action
Description ‘bypass’: Always permit for the Source to bypass all feature & limit checks; ‘deny’: Blacklist incoming packets for service;
Type: string
Supported Values: bypass, deny
dummy-name
Description ‘configuration’: Configure overflow policy for class-list;
Type: string
Supported Values: configuration
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
log-enable
Description Enable logging
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
log-periodic
Description Enable log periodic
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template
Description: zone-template is a JSON Block. Please see below for zone-list_port_zone-service-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list_zone-template
Type: Object
zone-list_port_zone-service-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list_zone-template¶
Specification Value Type object dns
Description DDOS dns template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
encap
Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
http
Description DDOS http template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
logging
Description DDOS logging template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
quic
Description DDOS quic template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
sip
Description DDOS sip template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
ssl-l4
Description DDOS ssl-l4 template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
tcp
Description DDOS tcp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
udp
Description DDOS udp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
zone-list_port_zone-service-list_pattern-recognition-pu-details¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-list_port_zone-service-list_port-ind¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-list_port_zone-service-list_ip-filtering-policy-statistics¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-list_port_zone-service-list_sflow-tcp¶
Specification Value Type object sflow-tcp-basic
Description Enable sFlow basic TCP counter polling
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: sflow-tcp-basic and sflow-common are mutually exclusive
sflow-tcp-stateful
Description Enable sFlow stateful TCP counter polling
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: sflow-tcp-stateful and sflow-common are mutually exclusive
zone-list_port_zone-service-list_topk-sources¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-list_port_zone-service-list_capture-config¶
Specification Value Type object capture-config-mode
Description ‘drop’: Apply capture-config to dropped packets; ‘forward’: Apply capture-config to forwarded packets; ‘all’: Apply capture-config to both dropped and forwarded packets;
Type: string
Supported Values: drop, forward, all
capture-config-name
Description Capture-config name
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
zone-list_port_zone-service-list_topk-destinations¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-list_port_zone-service-other-list¶
Specification Value Type list Block object keys age
Description Idle age for ip entry
Type: number
Range: 2-1023
Default: 5
apply-policy-on-overflow
Description Enable this flag to apply overflow policy when dynamic entry count overflows
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
default-action-list
Description Configure default-action-list
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/action-list
deny
Description Blacklist and Drop all incoming packets for protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dynamic-entry-count-warn-threshold
Description Set threshold percentage of “max-src-dst-entry” for generating warning logs. Including start and end.
Type: number
Range: 1-100
dynamic-entry-overflow-policy-list
enable-class-list-overflow
Description Apply class-list overflow policy upon exceeding dynamic entry count specified for this zone port or each class-list
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
enable-top-k
Description Enable ddos top-k detection
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
enable-top-k-destination
Description Enable ddos top-k destination IP detection
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
faster-de-escalation
Description De-escalate faster in standalone mode
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid-cfg
Description: glid-cfg is a JSON Block. Please see below for zone-list_port_zone-service-other-list_glid-cfg
Type: Object
ip-filtering-policy
Description Configure IP Filter
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/ip-filtering-policy
ip-filtering-policy-statistics
Description: ip-filtering-policy-statistics is a JSON Block. Please see below for zone-list_port_zone-service-other-list_ip-filtering-policy-statistics
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}/ip-filtering-policy-statistics
level-list
Type: List
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}/level/{level-num}
manual-mode-enable
Description Toggle manual mode to use fix templates
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
manual-mode-list
Type: List
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}/manual-mode/{config}
max-dynamic-entry-count
Description Maximum count for dynamic source zone service entry
Type: number
Range: 0-2147483647
outbound-only
Description Only allow outbound traffic
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
pattern-recognition
Description: pattern-recognition is a JSON Block. Please see below for zone-list_port_zone-service-other-list_pattern-recognition
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}/pattern-recognition
pattern-recognition-pu-details
Description: pattern-recognition-pu-details is a JSON Block. Please see below for zone-list_port_zone-service-other-list_pattern-recognition-pu-details
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}/pattern-recognition-pu-details
port-ind
Description: port-ind is a JSON Block. Please see below for zone-list_port_zone-service-other-list_port-ind
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}/port-ind
port-other
Description ‘other’: other;
Type: string
Supported Values: other
protocol
Description ‘tcp’: TCP Port; ‘udp’: UDP Port;
Type: string
Supported Values: tcp, udp
sflow-common
Description Enable all sFlow polling options under this zone port
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: sflow-common,sflow-packets, sflow-tcp-basic, and sflow-tcp-stateful are mutually exclusive
sflow-packets
Description Enable sFlow packet-level counter polling
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: sflow-packets and sflow-common are mutually exclusive
sflow-tcp
Description: sflow-tcp is a JSON Block. Please see below for zone-list_port_zone-service-other-list_sflow-tcp
Type: Object
src-based-policy-list
stateful
Description Enable stateful tracking of sessions (Default is stateless)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
topk-destinations
Description: topk-destinations is a JSON Block. Please see below for zone-list_port_zone-service-other-list_topk-destinations
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}/topk-destinations
topk-dst-num-records
Description Maximum number of records to show in topk
Type: number
Range: 1-100
Default: 20
topk-dst-sort-key
Description ‘avg’: window average; ‘max-peak’: max peak;
Type: string
Supported Values: avg, max-peak
Default: avg
topk-num-records
Description Maximum number of records to show in topk
Type: number
Range: 1-100
Default: 20
topk-sort-key
Description ‘avg’: window average; ‘max-peak’: max peak;
Type: string
Supported Values: avg, max-peak
Default: avg
topk-sources
Description: topk-sources is a JSON Block. Please see below for zone-list_port_zone-service-other-list_topk-sources
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}/topk-sources
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-list_port_zone-service-other-list_pattern-recognition¶
Specification Value Type object algorithm
Description ‘heuristic’: heuristic algorithm;
Type: string
Supported Values: heuristic
capture-traffic
Description ‘all’: Capture all packets; ‘dropped’: Capture dropped packets (default);
Type: string
Supported Values: all, dropped
triggered-by
Description ‘zone-escalation’: Zone escalation trigger pattern recognition; ‘packet-rate-exceeds’: Packet rate limit exceeds trigger pattern recognition (default);
Type: string
Supported Values: zone-escalation, packet-rate-exceeds
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-list_port_zone-service-other-list_dynamic-entry-overflow-policy-list¶
Specification Value Type list Block object keys action
Description ‘bypass’: Always permit for the Source to bypass all feature & limit checks; ‘deny’: Blacklist incoming packets for service;
Type: string
Supported Values: bypass, deny
dummy-name
Description ‘configuration’: Configure overflow policy;
Type: string
Supported Values: configuration
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
log-enable
Description Enable logging
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
log-periodic
Description Enable log periodic
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template
Description: zone-template is a JSON Block. Please see below for zone-list_port_zone-service-other-list_dynamic-entry-overflow-policy-list_zone-template
Type: Object
zone-list_port_zone-service-other-list_dynamic-entry-overflow-policy-list_zone-template¶
Specification Value Type object dns
Description DDOS dns template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
encap
Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
http
Description DDOS http template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
logging
Description DDOS logging template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
sip
Description DDOS sip template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
ssl-l4
Description DDOS ssl-l4 template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
tcp
Description DDOS tcp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
udp
Description DDOS udp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
zone-list_port_zone-service-other-list_glid-cfg¶
Specification Value Type object action-list
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: action-list and glid-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
glid
Description Global limit ID for the whole zone
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
glid-action
Description ‘drop’: Drop packets for glid exceed (Default if default-action-list is not configured); ‘ignore’: Do nothing for glid exceed;
Type: string
Supported Values: drop, ignore
Mutual Exclusion: glid-action and action-list are mutually exclusive
per-addr-glid
Description Global limit ID per address
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
zone-list_port_zone-service-other-list_level-list¶
Specification Value Type list Block object keys apply-extracted-filters
Description Apply extracted filters from this level
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
clear-sources-upon-deescalation
Description Clear sources upon de-escalation from level 1 to 0 or manual to 0
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
close-sessions-for-all-sources
Description Close session for all sources
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
close-sessions-for-unauth-sources
Description Close session for unauthenticated sources
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid-action
Description ‘drop’: Drop packets for glid exceed (Default); ‘blacklist-src’: Blacklist-src for glid exceed; ‘ignore’: Do nothing for glid exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
indicator-list
level-num
Description ‘0’: Default policy level; ‘1’: Policy level 1; ‘2’: Policy level 2; ‘3’: Policy level 3; ‘4’: Policy level 4;
Type: string
Supported Values: 0, 1, 2, 3, 4
src-default-glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
src-escalation-score
Description Source activation score of this level
Type: number
Range: 1-1000000
src-violation-actions
Description Violation actions apply due to source escalate from this level
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/violation-actions
start-pattern-recognition
Description Start pattern recognition from this level
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-escalation-score
Description Zone activation score of this level
Type: number
Range: 1-1000000
zone-template
Description: zone-template is a JSON Block. Please see below for zone-list_port_zone-service-other-list_level-list_zone-template
Type: Object
zone-violation-actions
Description Violation actions apply due to zone escalate from this level
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/violation-actions
zone-list_port_zone-service-other-list_level-list_zone-template¶
Specification Value Type object encap
Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
tcp
Description DDOS tcp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
udp
Description DDOS udp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
zone-list_port_zone-service-other-list_level-list_indicator-list¶
Specification Value Type list Block object keys data-packet-size
Description Expected minimal data size
Type: number
Range: 1-1500
score
Description Score corresponding to the indicator
Type: number
Range: 1-1000000
src-threshold-large-num
Description Indicator per-src threshold
Type: number
Range: 1-10995116277760
src-threshold-num
Description Indicator per-src threshold
Type: number
Range: 1-2147483647
src-threshold-str
Description Indicator per-src threshold
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
src-violation-actions
Description Violation actions to use when this src indicator threshold reaches
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/violation-actions
tcp-window-size
Description Expected minimal window size
Type: number
Range: 1-500
type
Description ‘pkt-rate’: rate of incoming packets; ‘pkt-drop-rate’: rate of packets got dropped; ‘pkt-drop-ratio’: ratio of incoming packet rate divided by the rate of dropping packets; ‘bytes-to-bytes-from-ratio’: ratio of incoming packet rate divided by the rate of outgoing packets; ‘concurrent-conns’: number of concurrent connections; ‘conn-miss-rate’: rate of incoming packets for which no previously established connection exists; ‘syn-rate’: rate on incoming SYN packets; ‘fin-rate’: rate on incoming FIN packets; ‘rst-rate’: rate of incoming RST packets; ‘small-window-ack-rate’: rate of small window advertisement; ‘empty-ack-rate’: rate of incoming packets which have no payload; ‘small-payload-rate’: rate of short payload packet; ‘syn-fin-ratio’: ratio of incoming SYN packet rate divided by the rate of incoming FIN packets; ‘cpu-utilization’: average data CPU utilization; ‘interface-utilization’: outside interface utilization;
Type: string
Supported Values: pkt-rate, pkt-drop-rate, bit-rate, pkt-drop-ratio, bytes-to-bytes-from-ratio, concurrent-conns, conn-miss-rate, syn-rate, fin-rate, rst-rate, small-window-ack-rate, empty-ack-rate, small-payload-rate, syn-fin-ratio, cpu-utilization, interface-utilization, learnt-sources
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-threshold-large-num
Description Threshold for the entire zone
Type: number
Range: 1-10995116277760
zone-threshold-num
Description Threshold for the entire zone
Type: number
Range: 1-2147483647
zone-threshold-str
Description Threshold for the entire zone
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
zone-violation-actions
Description Violation actions to use when this zone indicator threshold reaches
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/violation-actions
zone-list_port_zone-service-other-list_manual-mode-list¶
Specification Value Type list Block object keys close-sessions-for-all-sources
Description Close session for all sources
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
config
Description ‘configuration’: Manual-mode configuration;
Type: string
Supported Values: configuration
glid-action
Description ‘drop’: Drop packets for glid exceed (Default); ‘blacklist-src’: Blacklist-src for glid exceed; ‘ignore’: Do nothing for glid exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
src-default-glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template
Description: zone-template is a JSON Block. Please see below for zone-list_port_zone-service-other-list_manual-mode-list_zone-template
Type: Object
zone-list_port_zone-service-other-list_manual-mode-list_zone-template¶
Specification Value Type object encap
Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
tcp
Description DDOS tcp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
udp
Description DDOS udp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
zone-list_port_zone-service-other-list_src-based-policy-list¶
Specification Value Type list Block object keys policy-class-list-list
src-based-policy-name
Description Specify name of the policy
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-list_port_zone-service-other-list_src-based-policy-list_policy-class-list-list¶
Specification Value Type list Block object keys action
Description ‘bypass’: Always permit for the Source to bypass all feature & limit checks; ‘deny’: Blacklist incoming packets for service;
Type: string
Supported Values: bypass, deny
class-list-name
Description Class-list name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
class-list-overflow-policy-list
dynamic-entry-count-warn-threshold
Description Set threshold percentage of “max-src-dst-entry” for generating warning logs. Including start and end.
Type: number
Range: 1-100
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
glid-action
Description ‘drop’: Drop packets for glid exceed (Default); ‘blacklist-src’: Blacklist-src for glid exceed; ‘ignore’: Do nothing for glid exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
max-dynamic-entry-count
Description Maximum count for dynamic source zone service entry allowed for this class-list
Type: number
Range: 0-2147483647
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template
Description: zone-template is a JSON Block. Please see below for zone-list_port_zone-service-other-list_src-based-policy-list_policy-class-list-list_zone-template
Type: Object
zone-list_port_zone-service-other-list_src-based-policy-list_policy-class-list-list_zone-template¶
Specification Value Type object encap
Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
logging
Description DDOS logging template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
tcp
Description DDOS tcp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
udp
Description DDOS udp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
zone-list_port_zone-service-other-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list¶
Specification Value Type list Block object keys action
Description ‘bypass’: Always permit for the Source to bypass all feature & limit checks; ‘deny’: Blacklist incoming packets for service;
Type: string
Supported Values: bypass, deny
dummy-name
Description ‘configuration’: Configure overflow policy for class-list;
Type: string
Supported Values: configuration
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
log-enable
Description Enable logging
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
log-periodic
Description Enable log periodic
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template
Description: zone-template is a JSON Block. Please see below for zone-list_port_zone-service-other-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list_zone-template
Type: Object
zone-list_port_zone-service-other-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list_zone-template¶
Specification Value Type object dns
Description DDOS dns template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
encap
Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
http
Description DDOS http template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
logging
Description DDOS logging template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
sip
Description DDOS sip template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
ssl-l4
Description DDOS ssl-l4 template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
tcp
Description DDOS tcp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
udp
Description DDOS udp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
zone-list_port_zone-service-other-list_pattern-recognition-pu-details¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-list_port_zone-service-other-list_port-ind¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-list_port_zone-service-other-list_ip-filtering-policy-statistics¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-list_port_zone-service-other-list_sflow-tcp¶
Specification Value Type object sflow-tcp-basic
Description Enable sFlow basic TCP counter polling
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: sflow-tcp-basic and sflow-common are mutually exclusive
sflow-tcp-stateful
Description Enable sFlow stateful TCP counter polling
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: sflow-tcp-stateful and sflow-common are mutually exclusive
zone-list_port_zone-service-other-list_topk-sources¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-list_port_zone-service-other-list_topk-destinations¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-list_capture-config-list¶
Specification Value Type list Block object keys mode
Description ‘drop’: Apply capture-config to dropped packets; ‘forward’: Apply capture-config to forwarded packets; ‘all’: Apply capture-config to both dropped and forwarded packets;
Type: string
Supported Values: drop, forward, all
name
Description Capture-config name
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/capture-config
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-list_zone-template¶
Specification Value Type object logging
Description DDOS logging template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
zone-list_hw-blacklist-blocking¶
Specification Value Type object dst-enable
Description Enable Dst side hardware blocking
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
src-enable
Description Enable Src side hardware blocking
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-list_src-port-range-list¶
Specification Value Type list Block object keys capture-config
Description: capture-config is a JSON Block. Please see below for zone-list_src-port-range-list_capture-config
Type: Object
default-action-list
Description Configure default-action-list
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/action-list
deny
Description Blacklist and Drop all incoming packets for protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid-cfg
Description: glid-cfg is a JSON Block. Please see below for zone-list_src-port-range-list_glid-cfg
Type: Object
level-list
port-ind
Description: port-ind is a JSON Block. Please see below for zone-list_src-port-range-list_port-ind
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/src-port-range/{src-port-range-start}+{src-port-range-end}+{protocol}/port-ind
protocol
Description ‘udp’: UDP port; ‘tcp’: TCP Port;
Type: string
Supported Values: udp, tcp
src-port-range-end
Description Src Port-Range End Port Number
Type: number
Range: 2-65535
src-port-range-start
Description Src Port-Range Start Port Number
Type: number
Range: 1-65535
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template
Description: zone-template is a JSON Block. Please see below for zone-list_src-port-range-list_zone-template
Type: Object
zone-list_src-port-range-list_capture-config¶
Specification Value Type object capture-config-mode
Description ‘drop’: Apply capture-config to dropped packets; ‘forward’: Apply capture-config to forwarded packets; ‘all’: Apply capture-config to both dropped and forwarded packets;
Type: string
Supported Values: drop, forward, all
capture-config-name
Description Capture-config name
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
zone-list_src-port-range-list_glid-cfg¶
Specification Value Type object glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
glid-action
Description ‘drop’: Drop packets for glid exceed (Default); ‘ignore’: Do nothing for glid exceed;
Type: string
Supported Values: drop, ignore
zone-list_src-port-range-list_zone-template¶
Specification Value Type object src-tcp
Description DDOS tcp src template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
src-udp
Description DDOS udp src template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
zone-list_src-port-range-list_port-ind¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-list_src-port-range-list_level-list¶
Specification Value Type list Block object keys indicator-list
level-num
Description ‘0’: Default policy level; ‘1’: Policy level 1;
Type: string
Supported Values: 0, 1
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-list_src-port-range-list_level-list_indicator-list¶
Specification Value Type list Block object keys type
Description ‘pkt-rate’: rate of incoming packets; ‘bit-rate’: rate of incoming bits;
Type: string
Supported Values: pkt-rate, bit-rate
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-threshold-large-num
Description Threshold of the entire zone for the port-range
Type: number
Range: 1-10995116277760
zone-threshold-num
Description Threshold of the entire zone for the port-range
Type: number
Range: 1-2147483647
zone-list_sflow-tcp¶
Specification Value Type object sflow-tcp-basic
Description Enable sFlow basic TCP counter polling. WARNING: Zone level Sflow polling might induce heavy CPU load depending on the total nu
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: sflow-tcp-basic and sflow-common are mutually exclusive
sflow-tcp-stateful
Description Enable sFlow stateful TCP counter polling. WARNING: Zone level Sflow polling might induce heavy CPU load depending on the total
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: sflow-tcp-stateful and sflow-common are mutually exclusive
zone-list_src-port¶
Specification Value Type object zone-src-port-list
Type: List
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/src-port/zone-src-port/{port-num}+{protocol}
zone-src-port-other-list
Type: List
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/src-port/zone-src-port-other/{port-other}+{protocol}
zone-list_src-port_zone-src-port-list¶
Specification Value Type list Block object keys default-action-list
Description Configure default-action-list
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/action-list
deny
Description Blacklist and Drop all incoming packets for protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid-cfg
Description: glid-cfg is a JSON Block. Please see below for zone-list_src-port_zone-src-port-list_glid-cfg
Type: Object
level-list
Type: List
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/src-port/zone-src-port/{port-num}+{protocol}/level/{level-num}
outbound-src-tracking
Description ‘enable’: enable; ‘disable’: disable;
Type: string
Supported Values: enable, disable
Default: disable
port-ind
Description: port-ind is a JSON Block. Please see below for zone-list_src-port_zone-src-port-list_port-ind
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/src-port/zone-src-port/{port-num}+{protocol}/port-ind
port-num
Description Source Port Number
Type: number
Range: 1-65535
protocol
Description ‘dns-udp’: DNS-UDP Port; ‘dns-tcp’: DNS-TCP Port; ‘udp’: UDP port; ‘tcp’: TCP Port;
Type: string
Supported Values: dns-udp, dns-tcp, udp, tcp
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template
Description: zone-template is a JSON Block. Please see below for zone-list_src-port_zone-src-port-list_zone-template
Type: Object
zone-list_src-port_zone-src-port-list_glid-cfg¶
Specification Value Type object glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
glid-action
Description ‘drop’: Drop packets for glid exceed (Default); ‘ignore’: Do nothing for glid exceed;
Type: string
Supported Values: drop, ignore
zone-list_src-port_zone-src-port-list_zone-template¶
Specification Value Type object src-dns
Description DDOS dns src template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
src-tcp
Description DDOS tcp src template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
src-udp
Description DDOS udp src template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
zone-list_src-port_zone-src-port-list_port-ind¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-list_src-port_zone-src-port-list_level-list¶
Specification Value Type list Block object keys indicator-list
Type: List
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/src-port/zone-src-port/{port-num}+{protocol}/level/{level-num}/indicator/{type}
level-num
Description ‘0’: Default policy level; ‘1’: Policy level 1;
Type: string
Supported Values: 0, 1
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-list_src-port_zone-src-port-list_level-list_indicator-list¶
Specification Value Type list Block object keys type
Description ‘pkt-rate’: rate of incoming packets; ‘bit-rate’: rate of incoming bits;
Type: string
Supported Values: pkt-rate, bit-rate
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-threshold-large-num
Description Threshold of the entire zone for the src-port
Type: number
Range: 1-10995116277760
zone-threshold-num
Description Threshold of the entire zone for the src-port
Type: number
Range: 1-2147483647
zone-list_src-port_zone-src-port-other-list¶
Specification Value Type list Block object keys default-action-list
Description Configure default-action-list
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/action-list
deny
Description Blacklist and Drop all incoming packets for protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid-cfg
Description: glid-cfg is a JSON Block. Please see below for zone-list_src-port_zone-src-port-other-list_glid-cfg
Type: Object
level-list
Type: List
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/src-port/zone-src-port-other/{port-other}+{protocol}/level/{level-num}
port-ind
Description: port-ind is a JSON Block. Please see below for zone-list_src-port_zone-src-port-other-list_port-ind
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/src-port/zone-src-port-other/{port-other}+{protocol}/port-ind
port-other
Description ‘other’: other;
Type: string
Supported Values: other
protocol
Description ‘udp’: UDP port; ‘tcp’: TCP Port;
Type: string
Supported Values: udp, tcp
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template
Description: zone-template is a JSON Block. Please see below for zone-list_src-port_zone-src-port-other-list_zone-template
Type: Object
zone-list_src-port_zone-src-port-other-list_glid-cfg¶
Specification Value Type object glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
glid-action
Description ‘drop’: Drop packets for glid exceed (Default); ‘ignore’: Do nothing for glid exceed;
Type: string
Supported Values: drop, ignore
zone-list_src-port_zone-src-port-other-list_zone-template¶
Specification Value Type object src-tcp
Description DDOS tcp src template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
src-udp
Description DDOS udp src template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
zone-list_src-port_zone-src-port-other-list_port-ind¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-list_src-port_zone-src-port-other-list_level-list¶
Specification Value Type list Block object keys indicator-list
level-num
Description ‘0’: Default policy level; ‘1’: Policy level 1;
Type: string
Supported Values: 0, 1
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-list_src-port_zone-src-port-other-list_level-list_indicator-list¶
Specification Value Type list Block object keys type
Description ‘pkt-rate’: rate of incoming packets; ‘bit-rate’: rate of incoming bits;
Type: string
Supported Values: pkt-rate, bit-rate
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-threshold-large-num
Description Threshold of the entire zone for the src-port
Type: number
Range: 1-10995116277760
zone-threshold-num
Description Threshold of the entire zone for the src-port
Type: number
Range: 1-2147483647
zone-list_web-gui¶
Specification Value Type object activated-after-learning
Description Activate it after learning
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
create-time
Description Configure create time
Type: string
Maximum Length: 13 characters
Maximum Length: 1 characters
learning
Description: learning is a JSON Block. Please see below for zone-list_web-gui_learning
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/web-gui/learning
modify-time
Description Configure modify time
Type: string
Maximum Length: 13 characters
Maximum Length: 1 characters
protection
Description: protection is a JSON Block. Please see below for zone-list_web-gui_protection
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/web-gui/protection
sensitivity
Description ‘5’: Low; ‘3’: Medium; ‘1.5’: High;
Type: string
Supported Values: 5, 3, 1.5
Default: 3
status
Description ‘newly’: newly; ‘learning’: learning; ‘learned’: learned; ‘activated’: activated;
Type: string
Supported Values: newly, learning, learned, activated
Default: newly
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-list_web-gui_protection¶
Specification Value Type object ip-proto
Description: ip-proto is a JSON Block. Please see below for zone-list_web-gui_protection_ip-proto
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/web-gui/protection/ip-proto
port
Description: port is a JSON Block. Please see below for zone-list_web-gui_protection_port
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/web-gui/protection/port
port-range-list
Type: List
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/web-gui/protection/port-range/{port-range-start}+{port-range-end}+{protocol}
zone-list_web-gui_protection_port-range-list¶
Specification Value Type list Block object keys pbe
Description Peak Bandwidth Expected
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
port-range-end
Description Port-Range End Port Number
Type: number
Range: 1-65535
port-range-start
Description Port-Range Start Port Number
Type: number
Range: 1-65535
protocol
Description ‘dns-tcp’: DNS-TCP Port; ‘dns-udp’: DNS-UDP Port; ‘http’: HTTP Port; ‘tcp’: TCP Port; ‘udp’: UDP Port; ‘ssl-l4’: SSL-L4 Port;
Type: string
Supported Values: dns-tcp, dns-udp, http, tcp, udp, ssl-l4
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-list_web-gui_protection_port¶
Specification Value Type object zone-service-list
Type: List
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/web-gui/protection/port/zone-service/{port-num}+{protocol}
zone-service-other-list
Type: List
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/web-gui/protection/port/zone-service-other/{port-other}+{protocol}
zone-list_web-gui_protection_port_zone-service-list¶
Specification Value Type list Block object keys pbe
Description Peak Bandwidth Expected
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
port-num
Description Port Number
Type: number
Range: 1-65535
protocol
Description ‘dns-tcp’: DNS-TCP Port; ‘dns-udp’: DNS-UDP Port; ‘http’: HTTP Port; ‘tcp’: TCP Port; ‘udp’: UDP Port; ‘ssl-l4’: SSL-L4 Port;
Type: string
Supported Values: dns-tcp, dns-udp, http, tcp, udp, ssl-l4
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-list_web-gui_protection_port_zone-service-other-list¶
Specification Value Type list Block object keys pbe
Description Peak Bandwidth Expected
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
port-other
Description ‘other’: other;
Type: string
Supported Values: other
protocol
Description ‘tcp’: TCP Port; ‘udp’: UDP Port;
Type: string
Supported Values: tcp, udp
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-list_web-gui_protection_ip-proto¶
Specification Value Type object proto-name-list
Type: List
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/web-gui/protection/ip-proto/proto-name/{protocol}
zone-list_web-gui_protection_ip-proto_proto-name-list¶
Specification Value Type list Block object keys pbe
Description Peak Bandwidth Expected
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
protocol
Description ‘icmp-v4’: ip-proto icmp-v4; ‘icmp-v6’: ip-proto icmp-v6;
Type: string
Supported Values: icmp-v4, icmp-v6
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-list_web-gui_learning¶
Specification Value Type object duration
Description ‘1minute’: 1 minute; ‘6hour’: 6 hours; ‘12hour’: 12 hours; ‘24hour’: 24 hours; ‘7day’: 7 days;
Type: string
Supported Values: 1minute, 6hour, 12hour, 24hour, 7day
Default: 6hour
starting-time
Description Configure learning starting time
Type: string
Maximum Length: 13 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-list_ipv6¶
Specification Value Type list Block object keys expand-ipv6-subnet
Description Expand this subnet to individual IPv6 address
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
expand-ipv6-subnet-mode
Description ‘default’: Default learning mechanism (Default: Dynamic); ‘dynamic’: Dynamic learning; ‘static’: Static learning;
Type: string
Supported Values: default, dynamic, static
Default: default
ip6-addr
Description Specify IPv6 address
Type: string
Format: ipv6-address
subnet-ipv6-addr
Description IPV6 Subnet
Type: string
Format: ipv6-address-plen
zone-list_enable-top-k¶
Specification Value Type list Block object keys topk-num-records
Description Maximum number of records to show in topk
Type: number
Range: 1-100
Default: 20
topk-sort-key
Description ‘avg’: window average; ‘max-peak’: max peak;
Type: string
Supported Values: avg, max-peak
Default: avg
topk-type
Description ‘destination’: Topk destination IP;
Type: string
Supported Values: destination
zone-list_topk-destinations¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters