rule-set rule

Configure rule-set rule

rule Specification

   
Type Collection
Object Key(s) name
Collection Name rule-list
Collection URI /axapi/v3/rule-set/{name}/rule
Element Name rule
Element URI /axapi/v3/rule-set/{name}/rule/{name}
Element Attributes rule_attributes
Statistics Data URI /axapi/v3/rule-set/{name}/rule/{name}/stats
Operational Data URI /axapi/v3/rule-set/{name}/rule/{name}/oper
Schema rule schema

Operations Allowed:

OperationMethodURIPayload

Create Object

POST

/axapi/v3/rule-set/{name}/rule

rule attributes

Create List

POST

/axapi/v3/rule-set/{name}/rule

rule attributes

Get Object

GET

/axapi/v3/rule-set/{name}/rule/{name}

rule attributes

Get List

GET

/axapi/v3/rule-set/{name}/rule

rule-list

Modify Object

POST

/axapi/v3/rule-set/{name}/rule/{name}

rule attributes

Replace Object

PUT

/axapi/v3/rule-set/{name}/rule/{name}

rule attributes

Replace List

PUT

/axapi/v3/rule-set/{name}/rule

rule-list

Delete Object

DELETE

/axapi/v3/rule-set/{name}/rule/{name}

rule attributes

rule-list

rule-list is JSON List of rule attributes

rule-list : [

rule attributes

action

Description ‘permit’: permit; ‘deny’: deny; ‘reset’: reset;

Type: string

Supported Values: permit, deny, reset

action-group

Description: action-group is a JSON Block. Please see below for action-group

Type: Object

Reference Object: /axapi/v3/rule-set/{name}/rule/{name}/action-group

app-list

Type: List

application-any

Description ‘any’: any;

Type: string

Supported Values: any

Default: any

Mutual Exclusion: application-anyobj-grp-application, protocol and protocol-tag are mutually exclusive

cgnv6-ds-lite

Description ‘lsn-lid’: Apply specified CGNv6 LSN LID;

Type: string

Supported Values: lsn-lid

cgnv6-ds-lite-log

Description Enable logging

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

cgnv6-ds-lite-lsn-lid

Description LSN LID

Type: number

Range: 1-1023

cgnv6-fixed-nat-log

Description Enable logging

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

cgnv6-log

Description Enable logging

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: cgnv6-log and cgnv6-policy are mutually exclusive

cgnv6-lsn-lid

Description LSN LID

Type: number

Range: 1-1023

cgnv6-lsn-log

Description Enable logging

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

cgnv6-policy

Description ‘lsn-lid’: Apply specified CGNv6 LSN LID; ‘fixed-nat’: Apply CGNv6 Fixed NAT; ‘ds-lite’: Apply CGNv6 DS-Lite;

Type: string

Supported Values: lsn-lid, fixed-nat, ds-lite

Mutual Exclusion: cgnv6-policy and cgnv6-log are mutually exclusive

dest-list

Type: List

dscp-list

Type: List

dst-class-list

Description Match destination IP against class-list

Type: string

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: dst-class-listdst-ip-subnet, dst-ipv6-subnet, dst-obj-network, dst-obj-grp-network, dst-slb-server and dst-slb-vserver are mutually exclusive

Reference Object: /axapi/v3/class-list

dst-domain-list

Description Match destination IP against domain-list

Type: string

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: dst-domain-list dst-ipv4-any and dst-ipv6-any are mutually exclusive

Reference Object: /axapi/v3/domain-list

dst-geoloc-list

Description Geolocation name list

Type: string

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: dst-geoloc-listdst-geoloc-name, dst-ip-subnet, dst-ipv6-subnet, dst-obj-network, dst-obj-grp-network, dst-slb-server and dst-slb-vserver are mutually exclusive

dst-geoloc-list-shared

Description Use Geolocation list from shared partition

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dst-geoloc-name

Description Single geolocation name

Type: string

Format: string-rlx

Maximum Length: 127 characters

Maximum Length: 1 characters

Mutual Exclusion: dst-geoloc-namedst-geoloc-list, dst-ip-subnet, dst-ipv6-subnet, dst-obj-network, dst-obj-grp-network, dst-slb-server and dst-slb-vserver are mutually exclusive

dst-ipv4-any

Description ‘any’: Any IPv4 address;

Type: string

Supported Values: any

Default: any

Mutual Exclusion: dst-ipv4-anydst-ipv6-any, dst-ip-subnet, dst-ipv6-subnet, dst-obj-network, dst-obj-grp-network, dst-slb-server, dst-slb-vserver and dst-domain-list are mutually exclusive

dst-ipv6-any

Description ‘any’: Any IPv6 address;

Type: string

Supported Values: any

Default: any

Mutual Exclusion: dst-ipv6-anydst-ipv4-any, dst-ip-subnet, dst-ipv6-subnet, dst-obj-network, dst-obj-grp-network, dst-slb-server, dst-slb-vserver and dst-domain-list are mutually exclusive

dst-threat-list

Description Bind threat-list for destination IP based filtering

Type: string

Maximum Length: 63 characters

Maximum Length: 1 characters

Reference Object: /axapi/v3/threat-intel/threat-list

dst-zone

Description Zone name

Type: string

Maximum Length: 128 characters

Maximum Length: 1 characters

Mutual Exclusion: dst-zone and dst-zone-any are mutually exclusive

Reference Object: /axapi/v3/zone

dst-zone-any

Description ‘any’: any;

Type: string

Supported Values: any

Default: any

Mutual Exclusion: dst-zone-any and dst-zone are mutually exclusive

forward-listen-on-port

Description Listen on port

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

forward-log

Description Enable logging

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

fw-log

Description Enable logging

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

fwlog

Description Enable logging

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

gtp-template

Description Configure GTP Policy Template (GTP Template Policy Name)

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Reference Object: /axapi/v3/template/gtp-policy

idle-timeout

Description TCP/UDP idle-timeout

Type: number

Range: 1-2097151

inspect-payload

Description Enable DS-Lite tunnel inspection

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

ip-version

Description ‘v4’: IPv4 rule; ‘v6’: IPv6 rule;

Type: string

Supported Values: v4, v6

Default: v4

lid

Description Apply a Template LID

Type: number

Range: 1-1023

lidlog

Description Enable logging

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

listen-on-port

Description Listen on port

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: listen-on-port and log are mutually exclusive

listen-on-port-lid

Description Apply a Template LID

Type: number

Range: 1-1023

listen-on-port-lidlog

Description Enable logging

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

log

Description Enable logging

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: log listen-on-port and policy are mutually exclusive

move-rule

Description: move-rule is a JSON Block. Please see below for move-rule

Type: Object

Reference Object: /axapi/v3/rule-set/{name}/rule/{name}/move-rule

name

Description Rule name

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

policy

Description ‘cgnv6’: Apply CGNv6 policy; ‘forward’: Forward packet; ‘ipsec’: Apply IPsec encapsulation;

Type: string

Supported Values: cgnv6, forward, ipsec

Mutual Exclusion: policy and log are mutually exclusive

remark

Description Rule entry comment (Notes for this rule)

Type: string

Format: string-rlx

Maximum Length: 255 characters

Maximum Length: 1 characters

reset-lid

Description Apply a Template LID

Type: number

Range: 1-1023

reset-lidlog

Description Enable logging

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

sampling-enable

Type: List

service-any

Description ‘any’: any;

Type: string

Supported Values: any

Default: any

Mutual Exclusion: service-anyprotocols, proto-id, obj-grp-service, icmp and icmpv6 are mutually exclusive

service-list

Type: List

source-list

Type: List

src-class-list

Description Match source IP against class-list

Type: string

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: src-class-listsrc-ip-subnet, src-ipv6-subnet, src-obj-network, src-obj-grp-network and src-slb-server are mutually exclusive

Reference Object: /axapi/v3/class-list

src-geoloc-list

Description Geolocation name list

Type: string

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: src-geoloc-listsrc-geoloc-name, src-ip-subnet, src-ipv6-subnet, src-obj-network, src-obj-grp-network and src-slb-server are mutually exclusive

src-geoloc-list-shared

Description Use Geolocation list from shared partition

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

src-geoloc-name

Description Single geolocation name

Type: string

Format: string-rlx

Maximum Length: 127 characters

Maximum Length: 1 characters

Mutual Exclusion: src-geoloc-namesrc-geoloc-list, src-ip-subnet, src-ipv6-subnet, src-obj-network, src-obj-grp-network and src-slb-server are mutually exclusive

src-ipv4-any

Description ‘any’: Any IPv4 address;

Type: string

Supported Values: any

Default: any

Mutual Exclusion: src-ipv4-anysrc-ipv6-any, src-ip-subnet, src-ipv6-subnet, src-obj-network, src-obj-grp-network and src-slb-server are mutually exclusive

src-ipv6-any

Description ‘any’: Any IPv6 address;

Type: string

Supported Values: any

Default: any

Mutual Exclusion: src-ipv6-anysrc-ipv4-any, src-ip-subnet, src-ipv6-subnet, src-obj-network, src-obj-grp-network and src-slb-server are mutually exclusive

src-threat-list

Description Bind threat-list for source IP based filtering

Type: string

Maximum Length: 63 characters

Maximum Length: 1 characters

Reference Object: /axapi/v3/threat-intel/threat-list

src-zone

Description Zone name

Type: string

Maximum Length: 128 characters

Maximum Length: 1 characters

Mutual Exclusion: src-zone and src-zone-any are mutually exclusive

Reference Object: /axapi/v3/zone

src-zone-any

Description ‘any’: any;

Type: string

Supported Values: any

Default: any

Mutual Exclusion: src-zone-any and src-zone are mutually exclusive

status

Description ‘enable’: Enable rule; ‘disable’: Disable rule;

Type: string

Supported Values: enable, disable

Default: enable

track-application

Description Enable application statistic

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

user-tag

Description Customized tag

Type: string

Format: string-rlx

Maximum Length: 127 characters

Maximum Length: 1 characters

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

vpn-ipsec-name

Description VPN IPsec name

Type: string

Maximum Length: 31 characters

Maximum Length: 1 characters

Reference Object: /axapi/v3/vpn/ipsec

sampling-enable

Specification  
Type list
Block object keys  

counters1

Description ‘all’: all; ‘hit-count’: Hit counts; ‘permit-bytes’: Permitted bytes counter; ‘deny-bytes’: Denied bytes counter; ‘reset-bytes’: Reset bytes counter; ‘permit-packets’: Permitted packets counter; ‘deny-packets’: Denied packets counter; ‘reset-packets’: Reset packets counter; ‘active-session-tcp’: Active TCP session counter; ‘active-session-udp’: Active UDP session counter; ‘active-session-icmp’: Active ICMP session counter; ‘active-session-other’: Active other protocol session counter; ‘session-tcp’: TCP session counter; ‘session-udp’: UDP session counter; ‘session-icmp’: ICMP session counter; ‘session-other’: Other protocol session counter; ‘active-session-sctp’: Active SCTP session counter; ‘session-sctp’: SCTP session counter; ‘hitcount-timestamp’: Last hit counts timestamp; ‘rate-limit-drops’: Rate Limit Drops;

Type: string

Supported Values: all, hit-count, permit-bytes, deny-bytes, reset-bytes, permit-packets, deny-packets, reset-packets, active-session-tcp, active-session-udp, active-session-icmp, active-session-other, session-tcp, session-udp, session-icmp, session-other, active-session-sctp, session-sctp, hitcount-timestamp, rate-limit-drops

dscp-list

Specification  
Type list
Block object keys  

dscp-range-end

Description Ending DSCP Number

Type: number

Range: 1-63

dscp-range-start

Description Start DSCP Number

Type: number

Range: 1-63

dscp-value

Description ‘default’: Default dscp (000000); ‘af11’: AF11 (001010); ‘af12’: AF12 (001100); ‘af13’: AF13 (001110); ‘af21’: AF21 (010010); ‘af22’: AF22 (010100); ‘af23’: AF23 (010110); ‘af31’: AF31 (011010); ‘af32’: AF32 (011100); ‘af33’: AF33 (011110); ‘af41’: AF41 (100010); ‘af42’: AF42 (100100); ‘af43’: AF43 (100110); ‘cs1’: CS1 (001000); ‘cs2’: CS2 (010000); ‘cs3’: CS3 (011000); ‘cs4’: CS4 (100000); ‘cs5’: CS5 (101000); ‘cs6’: CS6 (110000); ‘cs7’: CS7 (111000); ‘ef’: EF (101110);

Type: string

Supported Values: default, af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, cs1, cs2, cs3, cs4, cs5, cs6, cs7, ef

Mutual Exclusion: dscp-value and dscp-range are mutually exclusive

app-list

Specification  
Type list
Block object keys  

obj-grp-application

Description Application object group

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: obj-grp-application and application-any are mutually exclusive

Reference Object: /axapi/v3/object-group/application

protocol

Description Specify application(s)

Type: string

Format: string-rlx

Maximum Length: 31 characters

Maximum Length: 1 characters

Mutual Exclusion: protocol and application-any are mutually exclusive

protocol-tag

Description ‘aaa’: Protocol/application used for AAA (Authentification, Authorization and Accounting) purposes.; ‘adult-content’: Adult content protocol/application.; ‘advertising’: Advertising networks and applications.; ‘application-enforcing-tls’: Application known to enforce HSTS and thus use of TLS.; ‘analytics-and-statistics’: User analytics and statistics protocol/application.; ‘anonymizers-and-proxies’: Traffic-anonymization protocol/application.; ‘audio-chat’: Protocol/application used for Audio Chat.; ‘basic’: Covers all protocols required for basic classification, including most networking protocols as well as standard protocols like HTTP.; ‘blog’: Blogging platform protocol/application.; ‘cdn’: Protocol/application used for Content-Delivery Networks.; ‘certification-authority’: Certification Authority for SSL/TLS certificate.; ‘chat’: Protocol/application used for Text Chat.; ‘classified-ads’: Protocol/application used for Classified Advertisements.; ‘cloud-based-services’: SaaS and/or PaaS cloud based services.; ‘crowdfunding’: Service for funding a project or venture by raising small amounts of money from a large number of people, typically via the Internet.; ‘cryptocurrency’: Services for mining cryptocurrencies, for example a Crypto Web Browser (an application that mines crypto currency in the background while its user browses the web).; ‘database’: Database-specific protocols.; ‘disposable-email’: Service offering Disposable Email Accounts (DEA). DEA is a technique to share temporary email address between many users.; ‘ebook-reader’: Services for e-book readers, i.e. connected devices that display electronic books (typically using e-ink displays to reduce glare and eye strain).; ‘education’: Protocols offering education services and online courses.; ‘email’: Native email protocol.; ‘enterprise’: Protocol/application used in an enterprise network.; ‘file-management’: Protocol/application designed specifically for file management and exchange. This can include bona fide network protocols (like SMB) as well as web/cloud services (like Dropbox).; ‘file-transfer’: Protocol that offers file transferring as a secondary feature. This typically includes IM, WebMail, and other protocols that allow file transfers in addition to their principal function.; ‘forum’: Online forum protocol/application.; ‘gaming’: Protocol/application used by games.; ‘healthcare’: Protocols offering medical services, i.e protocols used in medical environment.; ‘instant-messaging-and-multimedia-conferencing’: Protocol/application used for Instant Messaging or Multi-Conferencing.; ‘internet-of-things’: Internet Of Things protocol/application.; ‘map-service’: Digital Maps service (web site and their related API).; ‘mobile’: Mobile-specific protocol/application.; ‘multimedia-streaming’: Protocol/application used for multimedia streaming.; ‘networking’: Protocol used for (inter) networking purpose.; ‘news-portal’: Protocol/application used for News Portals.; ‘payment-service’: Application offering online services for accepting electronic payments by a variety of payment methods (credit card, bank-based payments such as direct debit, bank transfer, etc).; ‘peer-to-peer’: Protocol/application used for Peer-to-peer purposes.; ‘remote-access’: Protocol/application used for remote access.; ‘scada’: SCADA (Supervisory control and data acquisition) protocols, all generations.; ‘social-networks’: Social networking application.; ‘software-update’: Auto-update protocol.; ‘speedtest’: Speedtest application allowing to access quality of Internet connection (upload, download, latency, etc).; ‘standards-based’: Protocol issued from standardized bodies such as IETF, ITU, IEEE, ETSI, OIF.; ‘transportation’: Transportation services, for example smartphone applications that allow users to hail a taxi.; ‘video-chat’: Protocol/application used for Video Chat.; ‘voip’: Application used for Voice-Over-IP.; ‘vpn-tunnels’: Protocol/application used for VPN or tunneling purposes.; ‘web’: Application based on HTTP/HTTPS.; ‘web-e-commerce’: Protocol/application used for E-commerce websites.; ‘web-search-engines’: Protocol/application used for Web search portals.; ‘web-websites’: Protocol/application used for Company Websites.; ‘webmails’: Web-based e-mail application.; ‘web-ext-adult’: Web Extension Adult; ‘web-ext-auctions’: Web Extension Auctions; ‘web-ext-blogs’: Web Extension Blogs; ‘web-ext-business-and-economy’: Web Extension Business and Economy; ‘web-ext-cdns’: Web Extension CDNs; ‘web-ext-collaboration’: Web Extension Collaboration; ‘web-ext-computer-and-internet-info’: Web Extension Computer and Internet Info; ‘web-ext-computer-and-internet-security’: Web Extension Computer and Internet Security; ‘web-ext-dating’: Web Extension Dating; ‘web-ext-educational-institutions’: Web Extension Educational Institutions; ‘web-ext-entertainment-and-arts’: Web Extension Entertainment and Arts; ‘web-ext-fashion-and-beauty’: Web Extension Fashion and Beauty; ‘web-ext-file-share’: Web Extension File Share; ‘web-ext-financial-services’: Web Extension Financial Services; ‘web-ext-gambling’: Web Extension Gambling; ‘web-ext-games’: Web Extension Games; ‘web-ext-government’: Web Extension Government; ‘web-ext-health-and-medicine’: Web Extension Health and Medicine; ‘web-ext-individual-stock-advice-and-tools’: Web Extension Individual Stock Advice and Tools; ‘web-ext-internet-portals’: Web Extension Internet Portals; ‘web-ext-job-search’: Web Extension Job Search; ‘web-ext-local-information’: Web Extension Local Information; ‘web-ext-malware’: Web Extension Malware; ‘web-ext-motor-vehicles’: Web Extension Motor Vehicles; ‘web-ext-music’: Web Extension Music; ‘web-ext-news’: Web Extension News; ‘web-ext-p2p’: Web Extension P2P; ‘web-ext-parked-sites’: Web Extension Parked Sites; ‘web-ext-proxy-avoid-and-anonymizers’: Web Extension Proxy Avoid and Anonymizers; ‘web-ext-real-estate’: Web Extension Real Estate; ‘web-ext-reference-and-research’: Web Extension Reference and Research; ‘web-ext-search-engines’: Web Extension Search Engines; ‘web-ext-shopping’: Web Extension Shopping; ‘web-ext-social-network’: Web Extension Social Network; ‘web-ext-society’: Web Extension Society; ‘web-ext-software’: Web Extension Software; ‘web-ext-sports’: Web Extension Sports; ‘web-ext-streaming-media’: Web Extension Streaming Media; ‘web-ext-training-and-tools’: Web Extension Training and Tools; ‘web-ext-translation’: Web Extension Translation; ‘web-ext-travel’: Web Extension Travel; ‘web-ext-web-advertisements’: Web Extension Web Advertisements; ‘web-ext-web-based-email’: Web Extension Web based Email; ‘web-ext-web-hosting’: Web Extension Web Hosting; ‘web-ext-web-service’: Web Extension Web Service;

Type: string

Supported Values: aaa, adult-content, advertising, application-enforcing-tls, analytics-and-statistics, anonymizers-and-proxies, audio-chat, basic, blog, cdn, certification-authority, chat, classified-ads, cloud-based-services, crowdfunding, cryptocurrency, database, disposable-email, ebook-reader, education, email, enterprise, file-management, file-transfer, forum, gaming, healthcare, instant-messaging-and-multimedia-conferencing, internet-of-things, map-service, mobile, multimedia-streaming, networking, news-portal, payment-service, peer-to-peer, remote-access, scada, social-networks, software-update, speedtest, standards-based, transportation, video-chat, voip, vpn-tunnels, web, web-e-commerce, web-search-engines, web-websites, webmails, web-ext-adult, web-ext-auctions, web-ext-blogs, web-ext-business-and-economy, web-ext-cdns, web-ext-collaboration, web-ext-computer-and-internet-info, web-ext-computer-and-internet-security, web-ext-dating, web-ext-educational-institutions, web-ext-entertainment-and-arts, web-ext-fashion-and-beauty, web-ext-file-share, web-ext-financial-services, web-ext-gambling, web-ext-games, web-ext-government, web-ext-health-and-medicine, web-ext-individual-stock-advice-and-tools, web-ext-internet-portals, web-ext-job-search, web-ext-local-information, web-ext-malware, web-ext-motor-vehicles, web-ext-music, web-ext-news, web-ext-p2p, web-ext-parked-sites, web-ext-proxy-avoid-and-anonymizers, web-ext-real-estate, web-ext-reference-and-research, web-ext-search-engines, web-ext-shopping, web-ext-social-network, web-ext-society, web-ext-software, web-ext-sports, web-ext-streaming-media, web-ext-training-and-tools, web-ext-translation, web-ext-travel, web-ext-web-advertisements, web-ext-web-based-email, web-ext-web-hosting, web-ext-web-service

Mutual Exclusion: protocol-tag and application-any are mutually exclusive

action-group

Specification  
Type object

cgnv6

Description Apply CGNv6 policy

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: cgnv6listen-on-port, forward and ipsec are mutually exclusive

cgnv6-ds-lite

Description ‘lsn-lid’: Apply specified CGNv6 LSN LID;

Type: string

Supported Values: lsn-lid

cgnv6-ds-lite-lsn-lid

Description LSN LID

Type: number

Range: 1-1023

cgnv6-lsn-lid

Description LSN LID

Type: number

Range: 1-1023

cgnv6-policy

Description ‘lsn-lid’: Apply specified CGNv6 LSN LID; ‘fixed-nat’: Apply CGNv6 Fixed NAT; ‘ds-lite’: Apply CGNv6 DS-Lite;

Type: string

Supported Values: lsn-lid, fixed-nat, ds-lite

deny-log

Description Enable logging

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

forward

Description Forward packet

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: forward ipsec and cgnv6 are mutually exclusive

inspect-payload

Description Enable DS-Lite tunnel inspection

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

ipsec

Description Apply IPsec encapsulation

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: ipsecpermit-log, listen-on-port, forward, cgnv6, permit-limit-policy and permit-respond-to-user-mac are mutually exclusive

listen-on-port

Description Listen on port

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: listen-on-port ipsec and cgnv6 are mutually exclusive

permit-limit-policy

Description Limit policy Template

Type: number

Range: 1-1023

Mutual Exclusion: permit-limit-policy and ipsec are mutually exclusive

Reference Object: /axapi/v3/template/limit-policy

permit-log

Description Enable logging

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: permit-log and ipsec are mutually exclusive

permit-respond-to-user-mac

Description Use the user’s source MAC for the next hop rather than the routing table (default:off)

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: permit-respond-to-user-mac and ipsec are mutually exclusive

reset-log

Description Enable logging

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

reset-respond-to-user-mac

Description Use the user’s source MAC for the next hop rather than the routing table (default:off)

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

type

Description ‘permit’: permit; ‘deny’: deny; ‘reset’: reset;

Type: string

Supported Values: permit, deny, reset

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

vpn-ipsec-name

Description VPN IPsec name

Type: string

Maximum Length: 31 characters

Maximum Length: 1 characters

Reference Object: /axapi/v3/vpn/ipsec

dest-list

Specification  
Type list
Block object keys  

dst-ip-subnet

Description IPv4 IP Address

Type: string

Format: ipv4-cidr

Mutual Exclusion: dst-ip-subnetdst-class-list, dst-geoloc-name, dst-geoloc-list, dst-ipv4-any, dst-ipv6-any and dst-ipv6-subnet are mutually exclusive

dst-ipv6-subnet

Description IPv6 IP Address

Type: string

Format: ipv6-address-plen

Mutual Exclusion: dst-ipv6-subnetdst-class-list, dst-geoloc-name, dst-geoloc-list, dst-ipv4-any, dst-ipv6-any and dst-ip-subnet are mutually exclusive

dst-obj-grp-network

Description Network object group

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: dst-obj-grp-networkdst-class-list, dst-geoloc-name, dst-geoloc-list, dst-ipv4-any and dst-ipv6-any are mutually exclusive

Reference Object: /axapi/v3/object-group/network

dst-obj-network

Description Network object

Type: string

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: dst-obj-networkdst-class-list, dst-geoloc-name, dst-geoloc-list, dst-ipv4-any and dst-ipv6-any are mutually exclusive

Reference Object: /axapi/v3/object/network

dst-slb-server

Description SLB Real server name

Type: string

Format: string-rlx

Maximum Length: 127 characters

Maximum Length: 1 characters

Mutual Exclusion: dst-slb-serverdst-class-list, dst-geoloc-name, dst-geoloc-list, dst-ipv4-any and dst-ipv6-any are mutually exclusive

Reference Object: /axapi/v3/slb/server

dst-slb-vserver

Description SLB Virtual server name

Type: string

Format: string-rlx

Maximum Length: 127 characters

Maximum Length: 1 characters

Mutual Exclusion: dst-slb-vserverdst-class-list, dst-geoloc-name, dst-geoloc-list, dst-ipv4-any and dst-ipv6-any are mutually exclusive

Reference Object: /axapi/v3/slb/virtual-server

move-rule

Specification  
Type object

location

Description ‘top’: top; ‘before’: before; ‘after’: after; ‘bottom’: bottom;

Type: string

Supported Values: top, before, after, bottom

Default: bottom

target-rule

Description

Type: string

Maximum Length: 63 characters

Maximum Length: 1 characters

source-list

Specification  
Type list
Block object keys  

src-ip-subnet

Description IPv4 IP Address

Type: string

Format: ipv4-cidr

Mutual Exclusion: src-ip-subnetsrc-class-list, src-geoloc-name, src-geoloc-list, src-ipv4-any, src-ipv6-any and src-ipv6-subnet are mutually exclusive

src-ipv6-subnet

Description IPv6 IP Address

Type: string

Format: ipv6-address-plen

Mutual Exclusion: src-ipv6-subnetsrc-class-list, src-geoloc-name, src-geoloc-list, src-ipv4-any, src-ipv6-any and src-ip-subnet are mutually exclusive

src-obj-grp-network

Description Network object group

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: src-obj-grp-networksrc-class-list, src-geoloc-name, src-geoloc-list, src-ipv4-any and src-ipv6-any are mutually exclusive

Reference Object: /axapi/v3/object-group/network

src-obj-network

Description Network object

Type: string

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: src-obj-networksrc-class-list, src-geoloc-name, src-geoloc-list, src-ipv4-any and src-ipv6-any are mutually exclusive

Reference Object: /axapi/v3/object/network

src-slb-server

Description SLB Real server name

Type: string

Format: string-rlx

Maximum Length: 127 characters

Maximum Length: 1 characters

Mutual Exclusion: src-slb-serversrc-class-list, src-geoloc-name, src-geoloc-list, src-ipv4-any and src-ipv6-any are mutually exclusive

Reference Object: /axapi/v3/slb/server

service-list

Specification  
Type list
Block object keys  

alg

Description ‘FTP’: FTP; ‘TFTP’: TFTP; ‘SIP’: SIP; ‘DNS’: DNS; ‘PPTP’: PPTP; ‘RTSP’: RTSP; ‘ESP’: ESP;

Type: string

Supported Values: FTP, TFTP, SIP, DNS, PPTP, RTSP, ESP

eq-dst-port

Description Equal to the port number

Type: number

Range: 1-65535

eq-src-port

Description Equal to the port number

Type: number

Range: 1-65535

gt-dst-port

Description Greater than the port number

Type: number

Range: 1-65534

gt-src-port

Description Greater than the port number

Type: number

Range: 1-65534

icmp

Description ICMP

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: icmp service-any and icmpv6 are mutually exclusive

icmp-code

Description ICMP code number

Type: number

Range: 0-254

Mutual Exclusion: icmp-code and special-code are mutually exclusive

icmp-type

Description ICMP type number

Type: number

Range: 0-254

Mutual Exclusion: icmp-type and special-type are mutually exclusive

icmpv6

Description ICMPv6

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: icmpv6 service-any and icmp are mutually exclusive

icmpv6-code

Description ICMPv6 code number

Type: number

Range: 0-254

Mutual Exclusion: icmpv6-code and special-v6-code are mutually exclusive

icmpv6-type

Description ICMPv6 type number

Type: number

Range: 0-254

Mutual Exclusion: icmpv6-type and special-v6-type are mutually exclusive

lt-dst-port

Description Lower than the port number

Type: number

Range: 2-65535

lt-src-port

Description Lower than the port number

Type: number

Range: 2-65535

obj-grp-service

Description service object group

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: obj-grp-service and service-any are mutually exclusive

Reference Object: /axapi/v3/object-group/service

port-num-end-dst

Description Ending Port Number

Type: number

Range: 1-65535

port-num-end-src

Description Ending Port Number

Type: number

Range: 1-65535

proto-id

Description Protocol ID

Type: number

Range: 0-255

Mutual Exclusion: proto-id and service-any are mutually exclusive

protocols

Description ‘tcp’: tcp; ‘udp’: udp; ‘sctp’: sctp;

Type: string

Supported Values: tcp, udp, sctp

Mutual Exclusion: protocols and service-any are mutually exclusive

range-dst-port

Description Port range (Starting Port Number)

Type: number

Range: 1-65535

range-src-port

Description Port range (Starting Port Number)

Type: number

Range: 1-65535

sctp-template

Description SCTP Template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Reference Object: /axapi/v3/template/sctp

special-code

Description ‘any-code’: Any ICMP code; ‘frag-required’: Code 4, fragmentation required; ‘host-unreachable’: Code 1, destination host unreachable; ‘network-unreachable’: Code 0, destination network unreachable; ‘port-unreachable’: Code 3, destination port unreachable; ‘proto-unreachable’: Code 2, destination protocol unreachable; ‘route-failed’: Code 5, source route failed;

Type: string

Supported Values: any-code, frag-required, host-unreachable, network-unreachable, port-unreachable, proto-unreachable, route-failed

Mutual Exclusion: special-code and icmp-code are mutually exclusive

special-type

Description ‘any-type’: Any ICMP type; ‘echo-reply’: Type 0, echo reply; ‘echo-request’: Type 8, echo request; ‘info-reply’: Type 16, information reply; ‘info-request’: Type 15, information request; ‘mask-reply’: Type 18, address mask reply; ‘mask-request’: Type 17, address mask request; ‘parameter-problem’: Type 12, parameter problem; ‘redirect’: Type 5, redirect message; ‘source-quench’: Type 4, source quench; ‘time-exceeded’: Type 11, time exceeded; ‘timestamp’: Type 13, timestamp; ‘timestamp-reply’: Type 14, timestamp reply; ‘dest-unreachable’: Type 3, destination unreachable;

Type: string

Supported Values: any-type, echo-reply, echo-request, info-reply, info-request, mask-reply, mask-request, parameter-problem, redirect, source-quench, time-exceeded, timestamp, timestamp-reply, dest-unreachable

Mutual Exclusion: special-type and icmp-type are mutually exclusive

special-v6-code

Description ‘any-code’: Any ICMPv6 code; ‘addr-unreachable’: Code 3, address unreachable; ‘admin-prohibited’: Code 1, admin prohibited; ‘no-route’: Code 0, no route to destination; ‘not-neighbour’: Code 2, not neighbor; ‘port-unreachable’: Code 4, destination port unreachable;

Type: string

Supported Values: any-code, addr-unreachable, admin-prohibited, no-route, not-neighbour, port-unreachable

Mutual Exclusion: special-v6-code and icmpv6-code are mutually exclusive

special-v6-type

Description ‘any-type’: Any ICMPv6 type; ‘dest-unreachable’: Type 1, destination unreachable; ‘echo-reply’: Type 129, echo reply; ‘echo-request’: Type 128, echo request; ‘packet-too-big’: Type 2, packet too big; ‘param-prob’: Type 4, parameter problem; ‘time-exceeded’: Type 3, time exceeded;

Type: string

Supported Values: any-type, dest-unreachable, echo-reply, echo-request, packet-too-big, param-prob, time-exceeded

Mutual Exclusion: special-v6-type and icmpv6-type are mutually exclusive

stats data

  Counter Size Description
       
  active-session-other 8 Active other protocol session counter
  session-icmp 8 ICMP session counter
  hit-count 8 Hit counts
  active-session-tcp 8 Active TCP session counter
  deny-packets 8 Denied packets counter
  session-other 8 Other protocol session counter
  session-sctp 8 SCTP session counter
  active-session-icmp 8 Active ICMP session counter
  permit-bytes 8 Permitted bytes counter
  reset-packets 8 Reset packets counter
  hitcount-timestamp 8 Last hit counts timestamp
  reset-bytes 8 Reset bytes counter
  session-udp 8 UDP session counter
  rate-limit-drops 8 Rate Limit Drops
  session-tcp 8 TCP session counter
  active-session-sctp 8 Active SCTP session counter
  active-session-udp 8 Active UDP session counter
  deny-bytes 8 Denied bytes counter
  permit-packets 8 Permitted packets counter

operational data

  Counter Size Description
       
  denybytes number denybytes
  activesessiontcp number activesessiontcp
  permitbytes number permitbytes
  sessiontcp number sessiontcp
  resetpackets number resetpackets
  sessionsctp number sessionsctp
  ratelimitdrops number ratelimitdrops
  sessionother number sessionother
  totalbytes number totalbytes
  activesessionicmp number activesessionicmp
  denypackets number denypackets
  resetbytes number resetbytes
  status string status
  activesessionother number activesessionother
  sessionudp number sessionudp
  sessionicmp number sessionicmp
  sessiontotal number sessiontotal
  totalpackets number totalpackets
  activesessionudp number activesessionudp
  permitpackets number permitpackets
  last-hitcount-time string last-hitcount-time
  activesessiontotal number activesessiontotal
  hitcount number hitcount
  action string action
  activesessionsctp number activesessionsctp