ddos¶
DDOS feature
ddos Specification¶
Parameter Value Type Intermediate Resource Element Name ddos Element URI /axapi/v3/ddos Element Attributes ddos_attributes Partition Visibility shared Schema ddos schemaOperations Allowed:
| Operation | Method | URI | Payload | |
|---|---|---|---|---|
Get Object | GET | /axapi/v3/ddos | ddos_attributes |
ddos attributes¶
action-list-list
Type: List
Reference Object: /axapi/v3/ddos/action-list/{name}
anomaly
Description: anomaly is a JSON Block. Please see below for anomaly
Type: Object
Reference Object: /axapi/v3/ddos/anomaly
anomaly-drop
Description: anomaly-drop is a JSON Block. Please see below for anomaly-drop
Type: Object
Reference Object: /axapi/v3/ddos/anomaly-drop
brief
Description: brief is a JSON Block. Please see below for brief
Type: Object
Reference Object: /axapi/v3/ddos/brief
detection
Description: detection is a JSON Block. Please see below for detection
Type: Object
Reference Object: /axapi/v3/ddos/detection
dns-cache-config
Description: dns-cache-config is a JSON Block. Please see below for dns-cache-config
Type: Object
Reference Object: /axapi/v3/ddos/dns-cache-config
dns-cache-list
Type: List
Reference Object: /axapi/v3/ddos/dns-cache/{name}
dns-cache-mode
Description: dns-cache-mode is a JSON Block. Please see below for dns-cache-mode
Type: Object
Reference Object: /axapi/v3/ddos/dns-cache-mode
dns-cache-server
Description: dns-cache-server is a JSON Block. Please see below for dns-cache-server
Type: Object
Reference Object: /axapi/v3/ddos/dns-cache-server
dst
Description: dst is a JSON Block. Please see below for dst
Type: Object
Reference Object: /axapi/v3/ddos/dst
dynamic-class-list
Description: dynamic-class-list is a JSON Block. Please see below for dynamic-class-list
Type: Object
Reference Object: /axapi/v3/ddos/dynamic-class-list
east-west-protection
Description: east-west-protection is a JSON Block. Please see below for east-west-protection
Type: Object
Reference Object: /axapi/v3/ddos/east-west-protection
event-filter-list
Type: List
Reference Object: /axapi/v3/ddos/event-filter/{filter-name}
exec-script
Description: exec-script is a JSON Block. Please see below for exec-script
Type: Object
Reference Object: /axapi/v3/ddos/exec-script
geo-location
Description: geo-location is a JSON Block. Please see below for geo-location
Type: Object
Reference Object: /axapi/v3/ddos/geo-location
interface-http-health-check
Description: interface-http-health-check is a JSON Block. Please see below for interface-http-health-check
Type: Object
Reference Object: /axapi/v3/ddos/interface-http-health-check
ip-proto
Description: ip-proto is a JSON Block. Please see below for ip-proto
Type: Object
Reference Object: /axapi/v3/ddos/ip-proto
l4-icmp
Description: l4-icmp is a JSON Block. Please see below for l4-icmp
Type: Object
Reference Object: /axapi/v3/ddos/l4-icmp
l4-other
Description: l4-other is a JSON Block. Please see below for l4-other
Type: Object
Reference Object: /axapi/v3/ddos/l4-other
l4-ssl
Description: l4-ssl is a JSON Block. Please see below for l4-ssl
Type: Object
Reference Object: /axapi/v3/ddos/l4-ssl
l4-sync
Description: l4-sync is a JSON Block. Please see below for l4-sync
Type: Object
Reference Object: /axapi/v3/ddos/l4-sync
l4-tcp
Description: l4-tcp is a JSON Block. Please see below for l4-tcp
Type: Object
Reference Object: /axapi/v3/ddos/l4-tcp
l4-udp
Description: l4-udp is a JSON Block. Please see below for l4-udp
Type: Object
Reference Object: /axapi/v3/ddos/l4-udp
l7-dns
Description: l7-dns is a JSON Block. Please see below for l7-dns
Type: Object
Reference Object: /axapi/v3/ddos/l7-dns
l7-http
Description: l7-http is a JSON Block. Please see below for l7-http
Type: Object
Reference Object: /axapi/v3/ddos/l7-http
l7-sip
Description: l7-sip is a JSON Block. Please see below for l7-sip
Type: Object
Reference Object: /axapi/v3/ddos/l7-sip
local-address
Description: local-address is a JSON Block. Please see below for local-address
Type: Object
Reference Object: /axapi/v3/ddos/local-address
logging
Description: logging is a JSON Block. Please see below for logging
Type: Object
Reference Object: /axapi/v3/ddos/logging
long
Description: long is a JSON Block. Please see below for long
Type: Object
Reference Object: /axapi/v3/ddos/long
notification-template-common
Description: notification-template-common is a JSON Block. Please see below for notification-template-common
Type: Object
Reference Object: /axapi/v3/ddos/notification-template-common
notification-template-debug-log
Description: notification-template-debug-log is a JSON Block. Please see below for notification-template-debug-log
Type: Object
Reference Object: /axapi/v3/ddos/notification-template-debug-log
notification-template-list
Type: List
Reference Object: /axapi/v3/ddos/notification-template/{name}
outbound-policy-list
Type: List
Reference Object: /axapi/v3/ddos/outbound-policy/{name}
pattern-recognition
Description: pattern-recognition is a JSON Block. Please see below for pattern-recognition
Type: Object
Reference Object: /axapi/v3/ddos/pattern-recognition
port
Description: port is a JSON Block. Please see below for port
Type: Object
Reference Object: /axapi/v3/ddos/port
protect
Description: protect is a JSON Block. Please see below for protect
Type: Object
Reference Object: /axapi/v3/ddos/protect
protection
Description: protection is a JSON Block. Please see below for protection
Type: Object
Reference Object: /axapi/v3/ddos/protection
reporting
Description: reporting is a JSON Block. Please see below for reporting
Type: Object
Reference Object: /axapi/v3/ddos/reporting
resource-tracking
Description: resource-tracking is a JSON Block. Please see below for resource-tracking
Type: Object
Reference Object: /axapi/v3/ddos/resource-tracking
resource-usage
Description: resource-usage is a JSON Block. Please see below for resource-usage
Type: Object
Reference Object: /axapi/v3/ddos/resource-usage
run-time-user-string
Description: run-time-user-string is a JSON Block. Please see below for run-time-user-string
Type: Object
Reference Object: /axapi/v3/ddos/run-time-user-string
session
Description: session is a JSON Block. Please see below for session
Type: Object
Reference Object: /axapi/v3/ddos/session
signature-extraction
Description: signature-extraction is a JSON Block. Please see below for signature-extraction
Type: Object
Reference Object: /axapi/v3/ddos/signature-extraction
src
Description: src is a JSON Block. Please see below for src
Type: Object
Reference Object: /axapi/v3/ddos/src
src-based-policy-list
Type: List
Reference Object: /axapi/v3/ddos/src-based-policy/{name}
src-port-template
Description: src-port-template is a JSON Block. Please see below for src-port-template
Type: Object
Reference Object: /axapi/v3/ddos/src-port-template
switch
Description: switch is a JSON Block. Please see below for switch
Type: Object
Reference Object: /axapi/v3/ddos/switch
sync
Description: sync is a JSON Block. Please see below for sync
Type: Object
Reference Object: /axapi/v3/ddos/sync
system-default
Description: system-default is a JSON Block. Please see below for system-default
Type: Object
Reference Object: /axapi/v3/ddos/system-default
table
Description: table is a JSON Block. Please see below for table
Type: Object
Reference Object: /axapi/v3/ddos/table
tap
Description: tap is a JSON Block. Please see below for tap
Type: Object
Reference Object: /axapi/v3/ddos/tap
template
Description: template is a JSON Block. Please see below for template
Type: Object
Reference Object: /axapi/v3/ddos/template
token-auth
Description: token-auth is a JSON Block. Please see below for token-auth
Type: Object
Reference Object: /axapi/v3/ddos/token-auth
token-authentication
Description: token-authentication is a JSON Block. Please see below for token-authentication
Type: Object
Reference Object: /axapi/v3/ddos/token-authentication
tunnel
Description: tunnel is a JSON Block. Please see below for tunnel
Type: Object
Reference Object: /axapi/v3/ddos/tunnel
use-default-route
Description: use-default-route is a JSON Block. Please see below for use-default-route
Type: Object
Reference Object: /axapi/v3/ddos/use-default-route
violation-actions-list
Type: List
Reference Object: /axapi/v3/ddos/violation-actions/{name}
zone-profile-list
Type: List
Reference Object: /axapi/v3/ddos/zone-profile/{profile-name}
zone-src-port-template
Description: zone-src-port-template is a JSON Block. Please see below for zone-src-port-template
Type: Object
Reference Object: /axapi/v3/ddos/zone-src-port-template
zone-template
Description: zone-template is a JSON Block. Please see below for zone-template
Type: Object
Reference Object: /axapi/v3/ddos/zone-template
run-time-user-string¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
value
Description Add run time user string
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
pattern-recognition¶
Specification Value Type object capture-backup
Description Capture Backup
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
capturing-timeout
Description Capturing state timeout in seconds
Type: number
Range: 10-60000
cpu
Description: cpu is a JSON Block. Please see below for pattern-recognition_cpu
Type: Object
Reference Object: /axapi/v3/ddos/pattern-recognition/cpu
cpu-limit
Description CPU Limit
Type: number
Range: 1-100
dedicated-cpus
Description Configure the number of dedicated cores for Pattern Recognition
Type: number
Range: 0-6
disable-app-payload-all
Description Disable application payload processing for all ports
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
error-timeout
Description Error state timeout in seconds
Type: number
Range: 10-60000
extracting-timeout
Description Extracting state timeout in seconds
Type: number
Range: 10-60000
hardware-filter
Description ‘enable’: Enable Pattern Recognition hardware filter; ‘disable’: Disable Pattern Recognition harware filter;
Type: string
Supported Values: enable, disable
Default: disable
sample-size
Description Sample Size
Type: number
Range: 1-50000
scheduling-timeout
Description Scheduling state timeout in seconds
Type: number
Range: 10-60000
sensitivity
Description ‘high’: High Sensitivity; ‘medium’: Medium Sensitivity; ‘low’: Low Sensitivity;
Type: string
Supported Values: high, medium, low
sflow-event-periodic-interval
Description Configure the interval in minutes of periodic event (Default: 5 minutes, 0: No periodic updates)
Type: number
Range: 0-120
Default: 5
toggle
Description ‘enable’: Enable Pattern Recognition; ‘disable’: Disable Pattern Recognition;
Type: string
Supported Values: enable, disable
Default: disable
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
pattern-recognition_cpu¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
tap¶
Specification Value Type object ethernet-start-cfg
Type: Listuuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
tap_ethernet-start-cfg¶
Specification Value Type list Block object keys ethernet-end
Description
Type: number
Format: interface
ethernet-start
Description Traffic receive from the ethernet port will be dropped
Type: number
Format: interface
ip-proto¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
src-based-policy-list¶
Specification Value Type list Block object keys name
Description Specify name of the policy
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
policy-class-list-list
Type: List
Reference Object: /axapi/v3/ddos/src-based-policy/{name}/policy-class-list/{class-list-name}
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
src-based-policy-list_policy-class-list-list¶
Specification Value Type list Block object keys class-list-name
Description Class-list name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dynamic-class-list¶
Specification Value Type object class-list-name
Description Specify name of the class list
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
sync¶
Specification Value Type object enable
Description Enable
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
local-ip
Description Local IP address for White list sync
Type: string
Format: ipv4-address
peer-ip-cfg
Type: Listuuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
sync_peer-ip-cfg¶
Specification Value Type list Block object keys peer-ip
Description IP Address
Type: string
Format: ipv4-address
brief¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
detection¶
Specification Value Type object agent-list
Type: List
Reference Object: /axapi/v3/ddos/detection/agent/{agent-name}
ddos-script
Description: ddos-script is a JSON Block. Please see below for detection_ddos-script
Type: Object
Reference Object: /axapi/v3/ddos/detection/ddos-script
disable
Description Disable DDoS detection (default: enabled)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
resource-usage
Description: resource-usage is a JSON Block. Please see below for detection_resource-usage
Type: Object
Reference Object: /axapi/v3/ddos/detection/resource-usage
settings
Description: settings is a JSON Block. Please see below for detection_settings
Type: Object
Reference Object: /axapi/v3/ddos/detection/settings
statistics
Description: statistics is a JSON Block. Please see below for detection_statistics
Type: Object
Reference Object: /axapi/v3/ddos/detection/statistics
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
detection_resource-usage¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
detection_statistics¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
detection_settings¶
Specification Value Type object ctrl-cpu-usage
Description Control cpu usage threshold for DDoS detection
Type: number
Range: 1-100
de-escalation-quiet-time
Description Configure de-escalation needed time in minutes from level 1 to 0.(default 1 minutes)
Type: number
Range: 1-60
dedicated-cpus
Description Configure the number of dedicated cores for detection
Type: number
Range: 1-32
detection-window-size
Description Configure detection window size in seconds (DDoS detection window size in seconds(default: 1))
Type: number
Range: 1-60
Default: 1
detector-mode
Description ‘standalone’: Standalone detector; ‘on-box’: Mitigator and Detector on the same box; ‘auto-svc-discovery’: Auto Service discovery using Visibility module (Deprecatd);
Type: string
Supported Values: standalone, on-box, auto-svc-discovery
export-interval
Description Configure Baselining and export interval in seconds (DDoS Baselining and export interval in seconds(default: 20))
Type: number
Range: 20-3000
Default: 20
full-core-enable
Description Enable full core
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
histogram-de-escalate-percentage
Description histogram de-escalate sensitivity for DDoS detection
Type: number
Range: 1-100
histogram-escalate-percentage
Description histogram escalate sensitivity for DDoS detection
Type: number
Range: 1-100
initial-learning-interval
Description Initial learning interval (in hours) before processing
Type: number
Range: 1-168
notification-debug-log
Description ‘enable’: Enable detection notification debug log (default: disabled);
Type: string
Supported Values: enable
pkt-sampling
Description: pkt-sampling is a JSON Block. Please see below for detection_settings_pkt-sampling
Type: Object
standalone-settings
Description: standalone-settings is a JSON Block. Please see below for detection_settings_standalone-settings
Type: Object
Reference Object: /axapi/v3/ddos/detection/settings/standalone-settings
top-k-reset-interval
Description Configure top-k reset interval
Type: number
Range: 1-60
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
detection_settings_standalone-settings¶
Specification Value Type object action
Description ‘enable’: Enable standalone detector; ‘disable’: Disable standalone detector (default);
Type: string
Supported Values: enable, disable
Default: disable
de-escalation-quiet-time
Description Configure de-escalation needed time in minutes from level 1 to 0.(default 6 minutes)
Type: number
Range: 1-60
netflow
Description: netflow is a JSON Block. Please see below for detection_settings_standalone-settings_netflow
Type: Object
Reference Object: /axapi/v3/ddos/detection/settings/standalone-settings/netflow
sflow
Description: sflow is a JSON Block. Please see below for detection_settings_standalone-settings_sflow
Type: Object
Reference Object: /axapi/v3/ddos/detection/settings/standalone-settings/sflow
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
detection_settings_standalone-settings_netflow¶
Specification Value Type object listening-port
Description Netflow port to receive packets (Netflow port number(default 9996))
Type: number
Range: 1-65535
Default: 9996
template-active-timeout
Description Configure active timeout of the netflow templates received in mins (Template active timeout(mins)(default 30mins))
Type: number
Range: 2-300
Default: 30
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
detection_settings_standalone-settings_sflow¶
Specification Value Type object listening-port
Description sFlow port to receive packets (sFlow port number(default 6343))
Type: number
Range: 1-65535
Default: 6343
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
detection_settings_pkt-sampling¶
Specification Value Type object assign-index
Description Lower index is more aggressive sampling
Type: number
Range: 1-64
assign-rate
Description Assign rate to given index
Type: number
Range: 1-50000000
override-rate
Description Sample 1 in X packets (default: X=1)
Type: number
Range: 1-50000000
detection_ddos-script¶
Specification Value Type object action
Description ‘delete’: delete;
Type: string
Supported Values: delete
file
Description startup-config local file name
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
detection_agent-list¶
Specification Value Type list Block object keys agent-name
Description Specify name for the agent
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
agent-type
Description ‘Cisco’: Cisco; ‘Juniper’: Juniper;
Type: string
Supported Values: Cisco, Juniper
agent-v4-addr
Description Configure agent’s IPv4 address
Type: string
Format: ipv4-address
agent-v6-addr
Description Configure agent’s IPv6 address
Type: string
Format: ipv6-address
netflow
Description: netflow is a JSON Block. Please see below for detection_agent-list_netflow
Type: Object
Reference Object: /axapi/v3/ddos/detection/agent/{agent-name}/netflow
sampling-enable
Type: Listsflow
Description: sflow is a JSON Block. Please see below for detection_agent-list_sflow
Type: Object
Reference Object: /axapi/v3/ddos/detection/agent/{agent-name}/sflow
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
detection_agent-list_sflow¶
Specification Value Type object sflow-pkt-samples-collection
Description ‘enable’: Enable sflow packet samples collection(default); ‘disable’: Disable sflow packet samples collection;
Type: string
Supported Values: enable, disable
Default: enable
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
detection_agent-list_sampling-enable¶
Specification Value Type list Block object keys counters1
Description ‘all’: all; ‘sflow-packets-received’: sFlow Packets Received; ‘sflow-samples-received’: sFlow Samples Received; ‘sflow-samples-bad-len’: sFlow Samples Bad Length; ‘sflow-samples-non-std’: sFlow Samples Non-standard; ‘sflow-samples-skipped’: sFlow Samples Skipped; ‘sflow-sample-record-bad-len’: sFlow Sample Records Bad Length; ‘sflow-samples-sent-for-detection’: sFlow Samples Processed For Detection; ‘sflow-sample-record-invalid-layer2’: sFlow Sample Records Unknown Layer-2; ‘sflow-sample-ipv6-hdr-parse-fail’: sFlow Sample IPv6 Record Header Parse Failures; ‘sflow-disabled’: sFlow Packet Samples Processing Disabled; ‘netflow-disabled’: Netflow Flow Samples Processing Disabled; ‘netflow-v5-packets-received’: Netflow v5 Packets Received; ‘netflow-v5-samples-received’: Netflow v5 Samples Received; ‘netflow-v5-samples-sent-for-detection’: Netflow v5 Samples Processed For Detection; ‘netflow-v5-sample-records-bad-len’: Netflow v5 Sample Records Bad Length; ‘netflow-v5-max-records-exceed’: Netflow v5 Sample Max Records Error; ‘netflow-v9-packets-received’: Netflow v9 Packets Received; ‘netflow-v9-samples-received’: Netflow v9 Samples Received; ‘netflow-v9-samples-sent-for-detection’: Netflow v9 Samples Processed For Detection; ‘netflow-v9-sample-records-bad-len’: Netflow v9 Sample Records Bad Length; ‘netflow-v9-sample-flowset-bad-padding’: Netflow v9 Sample Flowset Bad Padding; ‘netflow-v9-max-records-exceed’: Netflow v9 Sample Max Records Error; ‘netflow-v9-template-not-found’: Netflow v9 Template Not Found; ‘netflow-v10-packets-received’: Netflow v10 Packets Received; ‘netflow-v10-samples-received’: Netflow v10 Samples Received; ‘netflow-v10-samples-sent-for-detection’: Netflow v10 Samples Procssed For Detection; ‘netflow-v10-sample-records-bad-len’: Netflow v10 Sample Records Bad Length; ‘netflow-v10-max-records-exceed’: Netflow v10 Sample Max records Error; ‘netflow-tcp-sample-received’: Netflow TCP Samples Received; ‘netflow-udp-sample-received’: Netflow UDP Samples received; ‘netflow-icmp-sample-received’: Netflow ICMP Samples Received; ‘netflow-other-sample-received’: Netflow OTHER Samples Received; ‘netflow-record-copy-oom-error’: Netflow Data Record Copy Fail, Local MEM size error; ‘netflow-record-rse-invalid’: Netflow Data Record Reduced Size Invalid; ‘netflow-sample-flow-dur-error’: Netflow Sample Flow Duration Error; ‘flow-dst-entry-miss’: DDoS Destination Entry Lookup Failures; ‘flow-ip-proto-or-port-miss’: DDoS Destination Service Lookup Failures; ‘flow-detection-msgq-full’: Detection Message Enqueue Failures;
Type: string
Supported Values: all, sflow-packets-received, sflow-samples-received, sflow-samples-bad-len, sflow-samples-non-std, sflow-samples-skipped, sflow-sample-record-bad-len, sflow-samples-sent-for-detection, sflow-sample-record-invalid-layer2, sflow-sample-ipv6-hdr-parse-fail, sflow-disabled, netflow-disabled, netflow-v5-packets-received, netflow-v5-samples-received, netflow-v5-samples-sent-for-detection, netflow-v5-sample-records-bad-len, netflow-v5-max-records-exceed, netflow-v9-packets-received, netflow-v9-samples-received, netflow-v9-samples-sent-for-detection, netflow-v9-sample-records-bad-len, netflow-v9-sample-flowset-bad-padding, netflow-v9-max-records-exceed, netflow-v9-template-not-found, netflow-v10-packets-received, netflow-v10-samples-received, netflow-v10-samples-sent-for-detection, netflow-v10-sample-records-bad-len, netflow-v10-max-records-exceed, netflow-tcp-sample-received, netflow-udp-sample-received, netflow-icmp-sample-received, netflow-other-sample-received, netflow-record-copy-oom-error, netflow-record-rse-invalid, netflow-sample-flow-dur-error, flow-dst-entry-miss, flow-ip-proto-or-port-miss, flow-detection-msgq-full
detection_agent-list_netflow¶
Specification Value Type object active-timeout
Description Configure agent’s flow active timeout (seconds)
Type: number
Range: 10-600
inactive-timeout
Description Configure agent’s flow inactive timeout (seconds)
Type: number
Range: 10-600
netflow-samples-collection
Description ‘enable’: Enable Netflow flow samples collection(default); ‘disable’: Disable Netflow flow samples collection;
Type: string
Supported Values: enable, disable
Default: enable
netflow-sampling-rate
Description Configure agent’s netflow sampling rate
Type: number
Range: 1-65535
Default: 1
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
session¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
long¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
exec-script¶
Specification Value Type object alert-type
Description 1: UDP Pkt Rate 2: TCP Pkt Rate 3: ICMP Pkt Rate
Type: number
Range: 1-3
exec-script-ip-portocol
Description ‘icmp-v4’: ip-proto icmp-v4; ‘icmp-v6’: ip-proto icmp-v6; ‘other’: ip-proto other; ‘gre’: ip-proto gre; ‘ipv4-encap’: ip-proto IPv4 Encapsulation; ‘ipv6-encap’: ip-proto IPv6 Encapsulation;
Type: string
Supported Values: icmp-v4, icmp-v6, other, gre, ipv4-encap, ipv6-encap
exec-script-port-other-protocol
Description ‘tcp’: TCP Port; ‘udp’: UDP Port;
Type: string
Supported Values: tcp, udp
level
Description Current Level
Type: number
Range: 1-4
mock
Description Use mock data
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
port-num
Description Port Number
Type: number
Range: 1-65535
port-other
Description ‘other’: other;
Type: string
Supported Values: other
protocol
Description ‘dns-tcp’: DNS-TCP Port; ‘dns-udp’: DNS-UDP Port; ‘http’: HTTP Port; ‘tcp’: TCP Port; ‘udp’: UDP Port; ‘ssl-l4’: SSL-L4 Port; ‘sip-tcp’: SIP-TCP Port; ‘sip-udp’: SIP-UDP Port; ‘quic’: QUIC Port;
Type: string
Supported Values: dns-tcp, dns-udp, http, tcp, udp, ssl-l4, sip-tcp, sip-udp, quic
protocol-num
Description Protocol Number
Type: number
Range: 0-255
script
Description Specify script to execute
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
src-ip
Type: Listsrc-ipv6
Type: Listthreshold
Description Threshold
Type: number
Range: 1-3000
timeout
Description Timeout (Default: 10 seconds, Mock Default: 2 seconds)
Type: number
Range: 1-31
zone
Description DST Zone name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
exec-script_src-ip¶
Specification Value Type list Block object keys ip-addr
Description Specify IP address
Type: string
Format: ipv4-address
subnet-ip-addr
Description IP Subnet
Type: string
Format: ipv4-cidr
exec-script_src-ipv6¶
Specification Value Type list Block object keys ip6-addr
Description Specify IPv6 address
Type: string
Format: ipv6-address
subnet-ipv6-addr
Description IPV6 Subnet
Type: string
Format: ipv6-address-plen
l4-ssl¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
table¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
east-west-protection¶
Specification Value Type object deployment-mode
Description ‘L2-mode’: Enable East-West Protection in Layer 2 mode.; ‘L2-with-virtual-wire’: Enable East-West Protection in Layer 2 mode with virtual-wire pairs.; ‘L3-mode’: Enable East-West Protection in Layer 3 mode.; ‘disable’: Disable East-West Protection.;
Type: string
Supported Values: L2-mode, L2-with-virtual-wire, L3-mode, disable
Default: disable
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
port¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
token-authentication¶
Specification Value Type object authenticated-list
Description: authenticated-list is a JSON Block. Please see below for token-authentication_authenticated-list
Type: Object
Reference Object: /axapi/v3/ddos/token-authentication/authenticated-list
player-mode
Description: player-mode is a JSON Block. Please see below for token-authentication_player-mode
Type: Object
Reference Object: /axapi/v3/ddos/token-authentication/player-mode
players-list
Type: List
Reference Object: /axapi/v3/ddos/token-authentication/players/{src-ip}+{src-port}+{dst-ip}+{dst-port}
secret-salt
Description: secret-salt is a JSON Block. Please see below for token-authentication_secret-salt
Type: Object
Reference Object: /axapi/v3/ddos/token-authentication/secret-salt
summary
Description: summary is a JSON Block. Please see below for token-authentication_summary
Type: Object
Reference Object: /axapi/v3/ddos/token-authentication/summary
token-authentication_authenticated-list¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
token-authentication_player-mode¶
Specification Value Type object mode
Description ‘one-to-one’: Only one player talks to one server; ‘many-to-one’: Many player talk to one server;
Type: string
Supported Values: one-to-one, many-to-one
Default: one-to-one
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
token-authentication_summary¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
token-authentication_secret-salt¶
Specification Value Type object current-salt
Description Current salt value
Type: number
Range: 0-4294967295
previous-salt
Description Previous salt value
Type: number
Range: 0-4294967295
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
token-authentication_players-list¶
Specification Value Type list Block object keys dst-ip
Description
Type: string
Format: ipv4-address
dst-port
Description
Type: number
Range: 0-65535
magic-value
Description
Type: number
Range: 0-4294967295
src-ip
Description
Type: string
Format: ipv4-address
src-port
Description
Type: number
Range: 0-65535
dns-cache-mode¶
Specification Value Type object enable
Description Enable DNS Cache mode
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
l4-icmp¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
anomaly-drop¶
Specification Value Type object packet-deformity-layer-3
Description: packet-deformity-layer-3 is a JSON Block. Please see below for anomaly-drop_packet-deformity-layer-3
Type: Object
Reference Object: /axapi/v3/ddos/anomaly-drop/packet-deformity-layer-3
packet-deformity-layer-4
Description: packet-deformity-layer-4 is a JSON Block. Please see below for anomaly-drop_packet-deformity-layer-4
Type: Object
Reference Object: /axapi/v3/ddos/anomaly-drop/packet-deformity-layer-4
security-attack-layer-3
Description: security-attack-layer-3 is a JSON Block. Please see below for anomaly-drop_security-attack-layer-3
Type: Object
Reference Object: /axapi/v3/ddos/anomaly-drop/security-attack-layer-3
security-attack-layer-4-tcp
Description: security-attack-layer-4-tcp is a JSON Block. Please see below for anomaly-drop_security-attack-layer-4-tcp
Type: Object
Reference Object: /axapi/v3/ddos/anomaly-drop/security-attack-layer-4-tcp
security-attack-layer-4-udp
Description: security-attack-layer-4-udp is a JSON Block. Please see below for anomaly-drop_security-attack-layer-4-udp
Type: Object
Reference Object: /axapi/v3/ddos/anomaly-drop/security-attack-layer-4-udp
anomaly-drop_security-attack-layer-3¶
Specification Value Type object capture-config
Description capture-config name (Can only configure when drop-disabled)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
log
Description Log the anomaly event (Can only configure when drop-disabled)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
toggle
Description ‘enable’: enable; ‘disable’: disable;
Type: string
Supported Values: enable, disable
Default: enable
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
anomaly-drop_packet-deformity-layer-3¶
Specification Value Type object capture-config
Description capture-config name (Can only configure when drop-disabled)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
log
Description Log the anomaly event (Can only configure when drop-disabled)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
toggle
Description ‘enable’: enable; ‘disable’: disable;
Type: string
Supported Values: enable, disable
Default: enable
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
anomaly-drop_packet-deformity-layer-4¶
Specification Value Type object capture-config
Description capture-config name (Can only configure when drop-disabled)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
log
Description Log the anomaly event (Can only configure when drop-disabled)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
toggle
Description ‘enable’: enable; ‘disable’: disable;
Type: string
Supported Values: enable, disable
Default: enable
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
anomaly-drop_security-attack-layer-4-tcp¶
Specification Value Type object capture-config
Description capture-config name (Can only configure when drop-disabled)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
log
Description Log the anomaly event (Can only configure when drop-disabled)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
toggle
Description ‘enable’: enable; ‘disable’: disable;
Type: string
Supported Values: enable, disable
Default: enable
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
anomaly-drop_security-attack-layer-4-udp¶
Specification Value Type object capture-config
Description capture-config name (Can only configure when drop-disabled)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
log
Description Log the anomaly event (Can only configure when drop-disabled)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
toggle
Description ‘enable’: enable; ‘disable’: disable;
Type: string
Supported Values: enable, disable
Default: enable
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
token-auth¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
l4-other¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst¶
Specification Value Type object default-list
Type: List
Reference Object: /axapi/v3/ddos/dst/default/{default-address-type}
dynamic-entries-resource-usage
Description: dynamic-entries-resource-usage is a JSON Block. Please see below for dst_dynamic-entries-resource-usage
Type: Object
Reference Object: /axapi/v3/ddos/dst/dynamic-entries-resource-usage
dynamic-entry
Description: dynamic-entry is a JSON Block. Please see below for dst_dynamic-entry
Type: Object
Reference Object: /axapi/v3/ddos/dst/dynamic-entry
dynamic-entry-overflow-policy-list
Type: List
Reference Object: /axapi/v3/ddos/dst/dynamic-entry-overflow-policy/{default-address-type}
entry-list
Type: List
Reference Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}
interface-ip-list
Type: List
Reference Object: /axapi/v3/ddos/dst/interface-ip/{addr}
interface-ipv6-list
Type: List
Reference Object: /axapi/v3/ddos/dst/interface-ipv6/{addr}
zone-list
Type: List
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}
dst_interface-ip-list¶
Specification Value Type list Block object keys addr
Description IP address of interface
Type: string
Format: ipv4-address
ip-proto-list
Type: List
Reference Object: /axapi/v3/ddos/dst/interface-ip/{addr}/ip-proto/{port-num}
l4-type-list
Type: List
Reference Object: /axapi/v3/ddos/dst/interface-ip/{addr}/l4-type/{protocol}
log-enable
Description Enable logging of limit exceed drops
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
log-periodic
Description Enable periodic log while event is continuing
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
port-list
Type: List
Reference Object: /axapi/v3/ddos/dst/interface-ip/{addr}/port/{port-num}+{protocol}
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_interface-ip-list_port-list¶
Specification Value Type list Block object keys deny
Description Blacklist and Drop all incoming packets for protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
port-num
Description Port Number
Type: number
Range: 1-65535
protocol
Description ‘tcp’: tcp; ‘udp’: udp; ‘http-probe’: http port for interface health check;
Type: string
Supported Values: tcp, udp, http-probe
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_interface-ip-list_ip-proto-list¶
Specification Value Type list Block object keys deny
Description Blacklist and Drop all incoming packets for protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
port-num
Description IP protocol number
Type: number
Range: 0-255
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_interface-ip-list_l4-type-list¶
Specification Value Type list Block object keys deny
Description Blacklist and Drop all incoming packets for protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
drop-frag-pkt
Description Drop fragmented packets
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
protocol
Description ‘tcp’: tcp; ‘udp’: udp; ‘icmp’: icmp; ‘other’: other;
Type: string
Supported Values: tcp, udp, icmp, other
tunnel-decap
Description: tunnel-decap is a JSON Block. Please see below for dst_interface-ip-list_l4-type-list_tunnel-decap
Type: Object
tunnel-rate-limit
Description: tunnel-rate-limit is a JSON Block. Please see below for dst_interface-ip-list_l4-type-list_tunnel-rate-limit
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_interface-ip-list_l4-type-list_tunnel-decap¶
Specification Value Type object gre-decap
Description Enable GRE Tunnel decapsulation
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
ip-decap
Description Enable IP Tunnel decapsulation
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
key-cfg
Type: List
dst_interface-ip-list_l4-type-list_tunnel-decap_key-cfg¶
Specification Value Type list Block object keys key
Description Only decapsulate GRE packet with this key (Hexadecimal 0x0-0xFFFFFFFF,decimal 0-4294967295)
Type: string
Maximum Length: 10 characters
Maximum Length: 1 characters
dst_interface-ip-list_l4-type-list_tunnel-rate-limit¶
Specification Value Type object gre-rate-limit
Description Enable inner IP rate limiting on GRE traffic
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
ip-rate-limit
Description Enable inner IP rate limiting on IPinIP traffic
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dst_default-list¶
Specification Value Type list Block object keys age
Description Idle age for ip entry
Type: number
Range: 5-1023
apply-policy-on-overflow
Description Enable this flag to apply overflow policy when dynamic entry count overflows
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
default-address-type
Description ‘ip’: ip; ‘ipv6’: ipv6;
Type: string
Supported Values: ip, ipv6
deny
Description Blacklist and Drop all incoming packets
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
disable
Description Disable
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
drop-disable
Description Disable certain drops during packet processing
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
drop-disable-fwd-immediate
Description Immediately forward L4 drops
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
drop-frag-pkt
Description Drop fragmented packets
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exceed-log-cfg
Description: exceed-log-cfg is a JSON Block. Please see below for dst_default-list_exceed-log-cfg
Type: Object
exceed-log-dep-cfg
Description: exceed-log-dep-cfg is a JSON Block. Please see below for dst_default-list_exceed-log-dep-cfg
Type: Object
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
inbound-forward-dscp
Description To set dscp value for inbound packets (DSCP Value for the clear traffic marking)
Type: number
Range: 1-63
ip-proto-list
Type: List
Reference Object: /axapi/v3/ddos/dst/default/{default-address-type}/ip-proto/{port-num}
l4-type-list
Type: List
Reference Object: /axapi/v3/ddos/dst/default/{default-address-type}/l4-type/{protocol}
log-periodic
Description Enable periodic log while event is continuing
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
max-dynamic-entry-count
Description Maximum count for dynamic dst entry
Type: number
Range: 0-2147483647
outbound-forward-dscp
Description To set dscp value for outbound
Type: number
Range: 1-63
port-list
Type: List
Reference Object: /axapi/v3/ddos/dst/default/{default-address-type}/port/{port-num}+{protocol}
src-port-list
Type: List
Reference Object: /axapi/v3/ddos/dst/default/{default-address-type}/src-port/{port-num}+{protocol}
template
Description: template is a JSON Block. Please see below for dst_default-list_template
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_default-list_port-list¶
Specification Value Type list Block object keys deny
Description Blacklist and Drop all incoming packets for protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
port-num
Description Port Number
Type: number
Range: 0-65535
protocol
Description ‘dns-tcp’: dns-tcp; ‘dns-udp’: dns-udp; ‘http’: http; ‘tcp’: tcp; ‘udp’: udp; ‘ssl-l4’: ssl-l4; ‘sip-udp’: sip-udp; ‘sip-tcp’: sip-tcp;
Type: string
Supported Values: dns-tcp, dns-udp, http, tcp, udp, ssl-l4, sip-udp, sip-tcp
template
Description: template is a JSON Block. Please see below for dst_default-list_port-list_template
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_default-list_port-list_template¶
Specification Value Type object dns
Description DDOS dns template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
http
Description DDOS http template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
sip
Description DDOS sip template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
ssl-l4
Description DDOS ssl-l4 template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
tcp
Description DDOS tcp template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
udp
Description DDOS udp template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
dst_default-list_template¶
Specification Value Type object logging
Description DDOS logging template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
dst_default-list_l4-type-list¶
Specification Value Type list Block object keys deny
Description Blacklist and Drop all incoming packets for protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
disable-syn-auth
Description Disable TCP SYN Authentication
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
drop-frag-pkt
Description Drop fragmented packets
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
drop-on-no-port-match
Description ‘disable’: disable; ‘enable’: enable;
Type: string
Supported Values: disable, enable
Default: enable
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
max-rexmit-syn-per-flow
Description Maximum number of re-transmit SYN per flow. Exceed action set to Drop
Type: number
Range: 1-6
protocol
Description ‘tcp’: tcp; ‘udp’: udp; ‘icmp’: icmp; ‘other’: other;
Type: string
Supported Values: tcp, udp, icmp, other
stateful
Description Enable stateful tracking of sessions (Default is stateless)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
syn-auth
Description ‘send-rst’: Send RST to client upon client ACK; ‘force-rst-by-ack’: Force client RST via the use of ACK; ‘force-rst-by-synack’: Force client RST via the use of bad SYN|ACK; ‘disable’: Disable TCP SYN Authentication;
Type: string
Supported Values: send-rst, force-rst-by-ack, force-rst-by-synack, disable
Default: send-rst
syn-cookie
Description Enable SYN Cookie
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
tcp-reset-client
Description Send reset to client when rate exceeds or session ages out
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
tcp-reset-server
Description Send reset to server when rate exceeds or session ages out
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
tunnel-decap
Description: tunnel-decap is a JSON Block. Please see below for dst_default-list_l4-type-list_tunnel-decap
Type: Object
tunnel-rate-limit
Description: tunnel-rate-limit is a JSON Block. Please see below for dst_default-list_l4-type-list_tunnel-rate-limit
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_default-list_l4-type-list_tunnel-rate-limit¶
Specification Value Type object gre-rate-limit
Description Enable inner IP rate limiting on GRE traffic
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
ip-rate-limit
Description Enable inner IP rate limiting on IPinIP traffic
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dst_default-list_l4-type-list_tunnel-decap¶
Specification Value Type object gre-decap
Description Enable GRE Tunnel decapsulation
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
ip-decap
Description Enable IP Tunnel decapsulation
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
key-cfg
Type: List
dst_default-list_l4-type-list_tunnel-decap_key-cfg¶
Specification Value Type list Block object keys key
Description Only decapsulate GRE packet with this key (Hexadecimal 0x0-0xFFFFFFFF,decimal 0-4294967295)
Type: string
Maximum Length: 10 characters
Maximum Length: 1 characters
dst_default-list_src-port-list¶
Specification Value Type list Block object keys deny
Description Blacklist and Drop all incoming packets for protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
port-num
Description Port Number
Type: number
Range: 0-65535
protocol
Description ‘udp’: udp; ‘tcp’: tcp;
Type: string
Supported Values: udp, tcp
template
Description: template is a JSON Block. Please see below for dst_default-list_src-port-list_template
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_default-list_src-port-list_template¶
Specification Value Type object src-tcp
Description DDOS tcp src template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
src-udp
Description DDOS udp src template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
dst_default-list_ip-proto-list¶
Specification Value Type list Block object keys deny
Description Blacklist and Drop all incoming packets for protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
port-num
Description Protocol Number
Type: number
Range: 0-255
template
Description: template is a JSON Block. Please see below for dst_default-list_ip-proto-list_template
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_default-list_ip-proto-list_template¶
Specification Value Type object other
Description DDOS other template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
dst_default-list_exceed-log-cfg¶
Specification Value Type object log-enable
Description Enable logging of limit exceed drop’s
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
with-sflow-sample
Description Turn on sflow sample with log
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dst_default-list_exceed-log-dep-cfg¶
Specification Value Type object exceed-log-enable
Description (Deprecated)Enable logging of limit exceed drop’s
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
log-with-sflow-dep
Description Turn on sflow sample with log
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dst_dynamic-entries-resource-usage¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_interface-ipv6-list¶
Specification Value Type list Block object keys addr
Description IPv6 address of interface
Type: string
Format: ipv6-address
ip-proto-list
Type: List
Reference Object: /axapi/v3/ddos/dst/interface-ipv6/{addr}/ip-proto/{port-num}
l4-type-list
Type: List
Reference Object: /axapi/v3/ddos/dst/interface-ipv6/{addr}/l4-type/{protocol}
log-enable
Description Enable logging of limit exceed drops
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
port-list
Type: List
Reference Object: /axapi/v3/ddos/dst/interface-ipv6/{addr}/port/{port-num}+{protocol}
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_interface-ipv6-list_port-list¶
Specification Value Type list Block object keys deny
Description Blacklist and Drop all incoming packets for protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
port-num
Description Port Number
Type: number
Range: 1-65535
protocol
Description ‘tcp’: tcp; ‘udp’: udp; ‘http-probe’: http port for interface health check;
Type: string
Supported Values: tcp, udp, http-probe
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_interface-ipv6-list_ip-proto-list¶
Specification Value Type list Block object keys deny
Description Blacklist and Drop all incoming packets for protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
port-num
Description IP protocol number
Type: number
Range: 0-255
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_interface-ipv6-list_l4-type-list¶
Specification Value Type list Block object keys deny
Description Blacklist and Drop all incoming packets for protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
drop-frag-pkt
Description Drop fragmented packets
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
protocol
Description ‘tcp’: tcp; ‘udp’: udp; ‘icmp’: icmp; ‘other’: other;
Type: string
Supported Values: tcp, udp, icmp, other
tunnel-decap
Description: tunnel-decap is a JSON Block. Please see below for dst_interface-ipv6-list_l4-type-list_tunnel-decap
Type: Object
tunnel-rate-limit
Description: tunnel-rate-limit is a JSON Block. Please see below for dst_interface-ipv6-list_l4-type-list_tunnel-rate-limit
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_interface-ipv6-list_l4-type-list_tunnel-decap¶
Specification Value Type object gre-decap
Description Enable GRE Tunnel decapsulation
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
ip-decap
Description Enable IP Tunnel decapsulation
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
key-cfg
Type: List
dst_interface-ipv6-list_l4-type-list_tunnel-decap_key-cfg¶
Specification Value Type list Block object keys key
Description Only decapsulate GRE packet with this key (Hexadecimal 0x0-0xFFFFFFFF,decimal 0-4294967295)
Type: string
Maximum Length: 10 characters
Maximum Length: 1 characters
dst_interface-ipv6-list_l4-type-list_tunnel-rate-limit¶
Specification Value Type object gre-rate-limit
Description Enable inner IP rate limiting on GRE traffic
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
ip-rate-limit
Description Enable inner IP rate limiting on IPinIP traffic
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dst_entry-list¶
Specification Value Type list Block object keys advertised-enable
Description BGP advertised
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
blackhole-on-glid-exceed
Description Blackhole destination entry for X minutes upon glid limit exceeded
Type: number
Range: 1-30
capture-config-list
Type: List
Reference Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/capture-config/{name}
description
Description Description for this Destination Entry
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
dest-nat-ip
Description Destination NAT IP address
Type: string
Format: ipv4-address
dest-nat-ipv6
Description Destination NAT IPv6 address
Type: string
Format: ipv6-address
drop-disable
Description Disable certain drops during packet processing
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
drop-disable-fwd-immediate
Description Immediately forward L4 drops
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
drop-frag-pkt
Description Drop fragmented packets
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
drop-on-no-src-dst-default
Description Drop if no match with src-based-policy class-list, and default is not configured
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dst-entry-name
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
dynamic-entry-overflow-policy-list
Type: List
Reference Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/dynamic-entry-overflow-policy/{dummy-name}
enable-top-k
Type: Listexceed-log-cfg
Description: exceed-log-cfg is a JSON Block. Please see below for dst_entry-list_exceed-log-cfg
Type: Object
exceed-log-dep-cfg
Description: exceed-log-dep-cfg is a JSON Block. Please see below for dst_entry-list_exceed-log-dep-cfg
Type: Object
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
glid-exceed-action
Description: glid-exceed-action is a JSON Block. Please see below for dst_entry-list_glid-exceed-action
Type: Object
hw-blacklist-blocking
Description: hw-blacklist-blocking is a JSON Block. Please see below for dst_entry-list_hw-blacklist-blocking
Type: Object
Reference Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/hw-blacklist-blocking
inbound-forward-dscp
Description To set dscp value for inbound packets (DSCP Value for the clear traffic marking)
Type: number
Range: 1-63
ip-addr
Description
Type: string
Format: ipv4-address
ip-proto-list
Type: List
Reference Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/ip-proto/{port-num}
ipv6-addr
Description
Type: string
Format: ipv6-address
l4-type-list
Type: List
Reference Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/l4-type/{protocol}
log-periodic
Description Enable periodic log while event is continuing
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
operational-mode
Description ‘protection’: Protection mode; ‘bypass’: Bypass mode;
Type: string
Supported Values: protection, bypass
Default: protection
outbound-forward-dscp
Description To set dscp value for outbound
Type: number
Range: 1-63
pattern-recognition-hw-filter-enable
Description to enable pattern recognition hardware filter
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
pattern-recognition-sensitivity
Description ‘high’: High sensitive pattern recognition; ‘medium’: Medium sensitive pattern recognition; ‘low’: Low sensitive pattern recognition;
Type: string
Supported Values: high, medium, low
port-list
Type: List
Reference Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/port/{port-num}+{protocol}
port-range-list
Type: List
Reference Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/port-range/{port-range-start}+{port-range-end}+{protocol}
reporting-disabled
Description Disable Reporting
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sampling-enable
Type: Listset-counter-base-val
Description Set T2 counter value of current context to specified value
Type: number
Range: 1-4294967295
sflow
Description: sflow is a JSON Block. Please see below for dst_entry-list_sflow
Type: Object
source-nat-pool
Description Configure source NAT
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
src-dst-pair
Description: src-dst-pair is a JSON Block. Please see below for dst_entry-list_src-dst-pair
Type: Object
Reference Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair
src-dst-pair-class-list-list
Type: List
Reference Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair-class-list/{class-list-name}
src-dst-pair-policy-list
Type: List
Reference Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair-policy/{src-based-policy-name}
src-dst-pair-settings-list
Type: List
Reference Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair-settings/{all-types}
src-port-list
Type: List
Reference Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/src-port/{port-num}+{protocol}
src-port-range-list
Type: List
Reference Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/src-port-range/{src-port-range-start}+{src-port-range-end}+{protocol}
subnet-ip-addr
Description IP Subnet
Type: string
Format: ipv4-cidr
subnet-ipv6-addr
Description IPV6 Subnet
Type: string
Format: ipv6-address-plen
template
Description: template is a JSON Block. Please see below for dst_entry-list_template
Type: Object
topk-destinations
Description: topk-destinations is a JSON Block. Please see below for dst_entry-list_topk-destinations
Type: Object
Reference Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/topk-destinations
traffic-distribution-mode
Description ‘default’: Distribute traffic to one slot using default distribution mechanism; ‘source-ip-based’: Distribute traffic between slots, based on source ip;
Type: string
Supported Values: default, source-ip-based
Default: default
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_entry-list_port-list¶
Specification Value Type list Block object keys capture-config
Description: capture-config is a JSON Block. Please see below for dst_entry-list_port-list_capture-config
Type: Object
deny
Description Blacklist and Drop all incoming packets for protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
detection-enable
Description Enable ddos detection
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dns-cache
Description DNS Cache Instance
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/dns-cache
enable-top-k
Description Enable ddos top-k entries
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
glid-exceed-action
Description: glid-exceed-action is a JSON Block. Please see below for dst_entry-list_port-list_glid-exceed-action
Type: Object
pattern-recognition
Description: pattern-recognition is a JSON Block. Please see below for dst_entry-list_port-list_pattern-recognition
Type: Object
Reference Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/port/{port-num}+{protocol}/pattern-recognition
pattern-recognition-pu-details
Description: pattern-recognition-pu-details is a JSON Block. Please see below for dst_entry-list_port-list_pattern-recognition-pu-details
Type: Object
Reference Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/port/{port-num}+{protocol}/pattern-recognition-pu-details
port-ind
Description: port-ind is a JSON Block. Please see below for dst_entry-list_port-list_port-ind
Type: Object
Reference Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/port/{port-num}+{protocol}/port-ind
port-num
Description Port Number
Type: number
Range: 0-65535
progression-tracking
Description: progression-tracking is a JSON Block. Please see below for dst_entry-list_port-list_progression-tracking
Type: Object
Reference Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/port/{port-num}+{protocol}/progression-tracking
protocol
Description ‘dns-tcp’: DNS-TCP Port; ‘dns-udp’: DNS-UDP Port; ‘http’: HTTP Port; ‘tcp’: TCP Port; ‘udp’: UDP Port; ‘ssl-l4’: SSL-L4 Port; ‘sip-udp’: SIP-UDP Port; ‘sip-tcp’: SIP-TCP Port;
Type: string
Supported Values: dns-tcp, dns-udp, http, tcp, udp, ssl-l4, sip-udp, sip-tcp
set-counter-base-val
Description Set T2 counter value of current context to specified value
Type: number
Range: 1-4294967295
sflow
Description: sflow is a JSON Block. Please see below for dst_entry-list_port-list_sflow
Type: Object
signature-extraction
Description: signature-extraction is a JSON Block. Please see below for dst_entry-list_port-list_signature-extraction
Type: Object
Reference Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/port/{port-num}+{protocol}/signature-extraction
template
Description: template is a JSON Block. Please see below for dst_entry-list_port-list_template
Type: Object
topk-num-records
Description Maximum number of records to show in topk
Type: number
Range: 1-100
Default: 20
topk-sources
Description: topk-sources is a JSON Block. Please see below for dst_entry-list_port-list_topk-sources
Type: Object
Reference Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/port/{port-num}+{protocol}/topk-sources
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_entry-list_port-list_pattern-recognition¶
Specification Value Type object algorithm
Description ‘heuristic’: heuristic algorithm;
Type: string
Supported Values: heuristic
filter-inactive-threshold
Description Extracted filter inactive threshold
Type: number
Range: 5-255
filter-threshold
Description Extracted filter threshold
Type: number
Range: 0-100
mode
Description ‘capture-never-expire’: War-time capture without rate exceeding and never expires; ‘manual’: Manual mode;
Type: string
Supported Values: capture-never-expire, manual
sensitivity
Description ‘high’: High Sensitivity; ‘medium’: Medium Sensitivity; ‘low’: Low Sensitivity;
Type: string
Supported Values: high, medium, low
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_entry-list_port-list_sflow¶
Specification Value Type object polling
Description: polling is a JSON Block. Please see below for dst_entry-list_port-list_sflow_polling
Type: Object
dst_entry-list_port-list_sflow_polling¶
Specification Value Type object sflow-http
Description Enable sFlow HTTP counter polling
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sflow-packets
Description Enable sFlow packet-level counter polling
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sflow-tcp
Description: sflow-tcp is a JSON Block. Please see below for dst_entry-list_port-list_sflow_polling_sflow-tcp
Type: Object
dst_entry-list_port-list_sflow_polling_sflow-tcp¶
Specification Value Type object sflow-tcp-basic
Description Enable sFlow basic TCP counter polling
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sflow-tcp-stateful
Description Enable sFlow stateful TCP counter polling
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dst_entry-list_port-list_capture-config¶
Specification Value Type object capture-config-mode
Description ‘drop’: Apply capture-config to dropped packets; ‘forward’: Apply capture-config to forwarded packets; ‘all’: Apply capture-config to both dropped and forwarded packets;
Type: string
Supported Values: drop, forward, all
capture-config-name
Description Capture-config name
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
dst_entry-list_port-list_progression-tracking¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_entry-list_port-list_port-ind¶
Specification Value Type object sampling-enable
Type: Listuuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_entry-list_port-list_port-ind_sampling-enable¶
Specification Value Type list Block object keys counters1
Description ‘all’: all; ‘ip-proto-type’: IP Protocol Type; ‘ddet_ind_pkt_rate_current’: Pkt Rate Current; ‘ddet_ind_pkt_rate_min’: Pkt Rate Min; ‘ddet_ind_pkt_rate_max’: Pkt Rate Max; ‘ddet_ind_pkt_drop_rate_current’: Pkt Drop Rate Current; ‘ddet_ind_pkt_drop_rate_min’: Pkt Drop Rate Min; ‘ddet_ind_pkt_drop_rate_max’: Pkt Drop Rate Max; ‘ddet_ind_syn_rate_current’: TCP SYN Rate Current; ‘ddet_ind_syn_rate_min’: TCP SYN Rate Min; ‘ddet_ind_syn_rate_max’: TCP SYN Rate Max; ‘ddet_ind_fin_rate_current’: TCP FIN Rate Current; ‘ddet_ind_fin_rate_min’: TCP FIN Rate Min; ‘ddet_ind_fin_rate_max’: TCP FIN Rate Max; ‘ddet_ind_rst_rate_current’: TCP RST Rate Current; ‘ddet_ind_rst_rate_min’: TCP RST Rate Min; ‘ddet_ind_rst_rate_max’: TCP RST Rate Max; ‘ddet_ind_small_window_ack_rate_current’: TCP Small Window ACK Rate Current; ‘ddet_ind_small_window_ack_rate_min’: TCP Small Window ACK Rate Min; ‘ddet_ind_small_window_ack_rate_max’: TCP Small Window ACK Rate Max; ‘ddet_ind_empty_ack_rate_current’: TCP Empty ACK Rate Current; ‘ddet_ind_empty_ack_rate_min’: TCP Empty ACK Rate Min; ‘ddet_ind_empty_ack_rate_max’: TCP Empty ACK Rate Max; ‘ddet_ind_small_payload_rate_current’: TCP Small Payload Rate Current; ‘ddet_ind_small_payload_rate_min’: TCP Small Payload Rate Min; ‘ddet_ind_small_payload_rate_max’: TCP Small Payload Rate Max; ‘ddet_ind_pkt_drop_ratio_current’: Pkt Drop / Pkt Rcvd Current; ‘ddet_ind_pkt_drop_ratio_min’: Pkt Drop / Pkt Rcvd Min; ‘ddet_ind_pkt_drop_ratio_max’: Pkt Drop / Pkt Rcvd Max; ‘ddet_ind_inb_per_outb_current’: Bytes-to / Bytes-from Current; ‘ddet_ind_inb_per_outb_min’: Bytes-to / Bytes-from Min; ‘ddet_ind_inb_per_outb_max’: Bytes-to / Bytes-from Max; ‘ddet_ind_syn_per_fin_rate_current’: TCP SYN Rate / FIN Rate Current; ‘ddet_ind_syn_per_fin_rate_min’: TCP SYN Rate / FIN Rate Min; ‘ddet_ind_syn_per_fin_rate_max’: TCP SYN Rate / FIN Rate Max; ‘ddet_ind_conn_miss_rate_current’: TCP Session Miss Rate Current; ‘ddet_ind_conn_miss_rate_min’: TCP Session Miss Rate Min; ‘ddet_ind_conn_miss_rate_max’: TCP Session Miss Rate Max; ‘ddet_ind_concurrent_conns_current’: TCP/UDP Concurrent Sessions Current; ‘ddet_ind_concurrent_conns_min’: TCP/UDP Concurrent Sessions Min; ‘ddet_ind_concurrent_conns_max’: TCP/UDP Concurrent Sessions Max; ‘ddet_ind_data_cpu_util_current’: Data CPU Utilization Current; ‘ddet_ind_data_cpu_util_min’: Data CPU Utilization Min; ‘ddet_ind_data_cpu_util_max’: Data CPU Utilization Max; ‘ddet_ind_outside_intf_util_current’: Outside Interface Utilization Current; ‘ddet_ind_outside_intf_util_min’: Outside Interface Utilization Min; ‘ddet_ind_outside_intf_util_max’: Outside Interface Utilization Max; ‘ddet_ind_frag_rate_current’: Frag Pkt Rate Current; ‘ddet_ind_frag_rate_min’: Frag Pkt Rate Min; ‘ddet_ind_frag_rate_max’: Frag Pkt Rate Max; ‘ddet_ind_bit_rate_current’: Bit Rate Current; ‘ddet_ind_bit_rate_min’: Bit Rate Min; ‘ddet_ind_bit_rate_max’: Bit Rate Max;
Type: string
Supported Values: all, ip-proto-type, ddet_ind_pkt_rate_current, ddet_ind_pkt_rate_min, ddet_ind_pkt_rate_max, ddet_ind_pkt_drop_rate_current, ddet_ind_pkt_drop_rate_min, ddet_ind_pkt_drop_rate_max, ddet_ind_syn_rate_current, ddet_ind_syn_rate_min, ddet_ind_syn_rate_max, ddet_ind_fin_rate_current, ddet_ind_fin_rate_min, ddet_ind_fin_rate_max, ddet_ind_rst_rate_current, ddet_ind_rst_rate_min, ddet_ind_rst_rate_max, ddet_ind_small_window_ack_rate_current, ddet_ind_small_window_ack_rate_min, ddet_ind_small_window_ack_rate_max, ddet_ind_empty_ack_rate_current, ddet_ind_empty_ack_rate_min, ddet_ind_empty_ack_rate_max, ddet_ind_small_payload_rate_current, ddet_ind_small_payload_rate_min, ddet_ind_small_payload_rate_max, ddet_ind_pkt_drop_ratio_current, ddet_ind_pkt_drop_ratio_min, ddet_ind_pkt_drop_ratio_max, ddet_ind_inb_per_outb_current, ddet_ind_inb_per_outb_min, ddet_ind_inb_per_outb_max, ddet_ind_syn_per_fin_rate_current, ddet_ind_syn_per_fin_rate_min, ddet_ind_syn_per_fin_rate_max, ddet_ind_conn_miss_rate_current, ddet_ind_conn_miss_rate_min, ddet_ind_conn_miss_rate_max, ddet_ind_concurrent_conns_current, ddet_ind_concurrent_conns_min, ddet_ind_concurrent_conns_max, ddet_ind_data_cpu_util_current, ddet_ind_data_cpu_util_min, ddet_ind_data_cpu_util_max, ddet_ind_outside_intf_util_current, ddet_ind_outside_intf_util_min, ddet_ind_outside_intf_util_max, ddet_ind_frag_rate_current, ddet_ind_frag_rate_min, ddet_ind_frag_rate_max, ddet_ind_bit_rate_current, ddet_ind_bit_rate_min, ddet_ind_bit_rate_max
dst_entry-list_port-list_signature-extraction¶
Specification Value Type object algorithm
Description ‘heuristic’: heuristic algorithm;
Type: string
Supported Values: heuristic
manual-mode
Description Enable manual mode
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_entry-list_port-list_template¶
Specification Value Type object dns
Description DDOS dns template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
http
Description DDOS http template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
sip
Description DDOS sip template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
ssl-l4
Description DDOS SSL-L4 template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
tcp
Description DDOS tcp template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
udp
Description DDOS udp template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
dst_entry-list_port-list_pattern-recognition-pu-details¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_entry-list_port-list_glid-exceed-action¶
Specification Value Type object stateless-encap-action-cfg
Description: stateless-encap-action-cfg is a JSON Block. Please see below for dst_entry-list_port-list_glid-exceed-action_stateless-encap-action-cfg
Type: Object
dst_entry-list_port-list_glid-exceed-action_stateless-encap-action-cfg¶
Specification Value Type object encap-template
Description Apply legacy encap template for encap action
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/template/encap
stateless-encap-action
Description ‘stateless-tunnel-encap’: Encapsulate all packets; ‘stateless-tunnel-encap-scrubbed’: Encapsulate all packets and allow packets to go through other DDoS checks before sent (conn-limit exceeded packet can not be scrubbed, it will default to stateless-tunnel-encap);
Type: string
Supported Values: stateless-tunnel-encap, stateless-tunnel-encap-scrubbed
dst_entry-list_port-list_topk-sources¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_entry-list_capture-config-list¶
Specification Value Type list Block object keys mode
Description ‘drop’: Apply capture-config to dropped packets; ‘forward’: Apply capture-config to forwarded packets; ‘all’: Apply capture-config to both dropped and forwarded packets;
Type: string
Supported Values: drop, forward, all
name
Description Capture-config name
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/capture-config
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_entry-list_dynamic-entry-overflow-policy-list¶
Specification Value Type list Block object keys app-type-src-dst-list
Type: List
Reference Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/dynamic-entry-overflow-policy/{dummy-name}/app-type-src-dst/{protocol}
bypass
Description Always permit for the Source to bypass all feature & limit checks
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dummy-name
Description ‘configuration’: Configure src dst dynamic entry count overflow policy;
Type: string
Supported Values: configuration
exceed-log-cfg
Description: exceed-log-cfg is a JSON Block. Please see below for dst_entry-list_dynamic-entry-overflow-policy-list_exceed-log-cfg
Type: Object
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
l4-type-src-dst-list
Type: List
Reference Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/dynamic-entry-overflow-policy/{dummy-name}/l4-type-src-dst/{protocol}
log-periodic
Description Enable periodic log while event is continuing
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
template
Description: template is a JSON Block. Please see below for dst_entry-list_dynamic-entry-overflow-policy-list_template
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_entry-list_dynamic-entry-overflow-policy-list_template¶
Specification Value Type object logging
Description DDOS logging template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
dst_entry-list_dynamic-entry-overflow-policy-list_app-type-src-dst-list¶
Specification Value Type list Block object keys protocol
Description ‘dns’: dns; ‘http’: http; ‘ssl-l4’: ssl-l4; ‘sip’: sip;
Type: string
Supported Values: dns, http, ssl-l4, sip
template
Description: template is a JSON Block. Please see below for dst_entry-list_dynamic-entry-overflow-policy-list_app-type-src-dst-list_template
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_entry-list_dynamic-entry-overflow-policy-list_app-type-src-dst-list_template¶
Specification Value Type object dns
Description DDOS dns template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
http
Description DDOS http template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
sip
Description DDOS sip template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
ssl-l4
Description DDOS SSL-L4 template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
dst_entry-list_dynamic-entry-overflow-policy-list_l4-type-src-dst-list¶
Specification Value Type list Block object keys deny
Description Blacklist and Drop all incoming packets for protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
protocol
Description ‘tcp’: tcp; ‘udp’: udp; ‘icmp’: icmp; ‘other’: other;
Type: string
Supported Values: tcp, udp, icmp, other
template
Description: template is a JSON Block. Please see below for dst_entry-list_dynamic-entry-overflow-policy-list_l4-type-src-dst-list_template
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_entry-list_dynamic-entry-overflow-policy-list_l4-type-src-dst-list_template¶
Specification Value Type object other
Description DDOS OTHER template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
tcp
Description DDOS TCP template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
template-icmp-v4
Description DDOS icmp-v4 template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
template-icmp-v6
Description DDOS icmp-v6 template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
udp
Description DDOS UDP template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
dst_entry-list_dynamic-entry-overflow-policy-list_exceed-log-cfg¶
Specification Value Type object log-enable
Description Enable logging of limit exceed drop’s
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dst_entry-list_port-range-list¶
Specification Value Type list Block object keys capture-config
Description: capture-config is a JSON Block. Please see below for dst_entry-list_port-range-list_capture-config
Type: Object
deny
Description Blacklist and Drop all incoming packets for protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
detection-enable
Description Enable ddos detection
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
enable-top-k
Description Enable ddos top-k entries
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
glid-exceed-action
Description: glid-exceed-action is a JSON Block. Please see below for dst_entry-list_port-range-list_glid-exceed-action
Type: Object
pattern-recognition
Description: pattern-recognition is a JSON Block. Please see below for dst_entry-list_port-range-list_pattern-recognition
Type: Object
Reference Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/pattern-recognition
pattern-recognition-pu-details
Description: pattern-recognition-pu-details is a JSON Block. Please see below for dst_entry-list_port-range-list_pattern-recognition-pu-details
Type: Object
Reference Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/pattern-recognition-pu-details
port-ind
Description: port-ind is a JSON Block. Please see below for dst_entry-list_port-range-list_port-ind
Type: Object
Reference Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/port-ind
port-range-end
Description Port-Range End Port Number
Type: number
Range: 1-65535
port-range-start
Description Port-Range Start Port Number
Type: number
Range: 1-65535
progression-tracking
Description: progression-tracking is a JSON Block. Please see below for dst_entry-list_port-range-list_progression-tracking
Type: Object
Reference Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/progression-tracking
protocol
Description ‘dns-tcp’: DNS-TCP Port; ‘dns-udp’: DNS-UDP Port; ‘http’: HTTP Port; ‘tcp’: TCP Port; ‘udp’: UDP Port; ‘ssl-l4’: SSL-L4 Port; ‘sip-udp’: SIP-UDP Port; ‘sip-tcp’: SIP-TCP Port;
Type: string
Supported Values: dns-tcp, dns-udp, http, tcp, udp, ssl-l4, sip-udp, sip-tcp
set-counter-base-val
Description Set T2 counter value of current context to specified value
Type: number
Range: 1-4294967295
sflow
Description: sflow is a JSON Block. Please see below for dst_entry-list_port-range-list_sflow
Type: Object
template
Description: template is a JSON Block. Please see below for dst_entry-list_port-range-list_template
Type: Object
topk-num-records
Description Maximum number of records to show in topk
Type: number
Range: 1-100
Default: 20
topk-sources
Description: topk-sources is a JSON Block. Please see below for dst_entry-list_port-range-list_topk-sources
Type: Object
Reference Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/topk-sources
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_entry-list_port-range-list_pattern-recognition¶
Specification Value Type object algorithm
Description ‘heuristic’: heuristic algorithm;
Type: string
Supported Values: heuristic
filter-inactive-threshold
Description Extracted filter inactive threshold
Type: number
Range: 5-255
filter-threshold
Description Extracted filter threshold
Type: number
Range: 0-100
mode
Description ‘capture-never-expire’: War-time capture without rate exceeding and never expires; ‘manual’: Manual mode;
Type: string
Supported Values: capture-never-expire, manual
sensitivity
Description ‘high’: High Sensitivity; ‘medium’: Medium Sensitivity; ‘low’: Low Sensitivity;
Type: string
Supported Values: high, medium, low
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_entry-list_port-range-list_progression-tracking¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_entry-list_port-range-list_capture-config¶
Specification Value Type object capture-config-mode
Description ‘drop’: Apply capture-config to dropped packets; ‘forward’: Apply capture-config to forwarded packets; ‘all’: Apply capture-config to both dropped and forwarded packets;
Type: string
Supported Values: drop, forward, all
capture-config-name
Description Capture-config name
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
dst_entry-list_port-range-list_sflow¶
Specification Value Type object polling
Description: polling is a JSON Block. Please see below for dst_entry-list_port-range-list_sflow_polling
Type: Object
dst_entry-list_port-range-list_sflow_polling¶
Specification Value Type object sflow-http
Description Enable sFlow HTTP counter polling
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sflow-packets
Description Enable sFlow packet-level counter polling
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sflow-tcp
Description: sflow-tcp is a JSON Block. Please see below for dst_entry-list_port-range-list_sflow_polling_sflow-tcp
Type: Object
dst_entry-list_port-range-list_sflow_polling_sflow-tcp¶
Specification Value Type object sflow-tcp-basic
Description Enable sFlow basic TCP counter polling
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sflow-tcp-stateful
Description Enable sFlow stateful TCP counter polling
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dst_entry-list_port-range-list_pattern-recognition-pu-details¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_entry-list_port-range-list_port-ind¶
Specification Value Type object sampling-enable
Type: Listuuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_entry-list_port-range-list_port-ind_sampling-enable¶
Specification Value Type list Block object keys counters1
Description ‘all’: all; ‘ip-proto-type’: IP Protocol Type; ‘ddet_ind_pkt_rate_current’: Pkt Rate Current; ‘ddet_ind_pkt_rate_min’: Pkt Rate Min; ‘ddet_ind_pkt_rate_max’: Pkt Rate Max; ‘ddet_ind_pkt_drop_rate_current’: Pkt Drop Rate Current; ‘ddet_ind_pkt_drop_rate_min’: Pkt Drop Rate Min; ‘ddet_ind_pkt_drop_rate_max’: Pkt Drop Rate Max; ‘ddet_ind_syn_rate_current’: TCP SYN Rate Current; ‘ddet_ind_syn_rate_min’: TCP SYN Rate Min; ‘ddet_ind_syn_rate_max’: TCP SYN Rate Max; ‘ddet_ind_fin_rate_current’: TCP FIN Rate Current; ‘ddet_ind_fin_rate_min’: TCP FIN Rate Min; ‘ddet_ind_fin_rate_max’: TCP FIN Rate Max; ‘ddet_ind_rst_rate_current’: TCP RST Rate Current; ‘ddet_ind_rst_rate_min’: TCP RST Rate Min; ‘ddet_ind_rst_rate_max’: TCP RST Rate Max; ‘ddet_ind_small_window_ack_rate_current’: TCP Small Window ACK Rate Current; ‘ddet_ind_small_window_ack_rate_min’: TCP Small Window ACK Rate Min; ‘ddet_ind_small_window_ack_rate_max’: TCP Small Window ACK Rate Max; ‘ddet_ind_empty_ack_rate_current’: TCP Empty ACK Rate Current; ‘ddet_ind_empty_ack_rate_min’: TCP Empty ACK Rate Min; ‘ddet_ind_empty_ack_rate_max’: TCP Empty ACK Rate Max; ‘ddet_ind_small_payload_rate_current’: TCP Small Payload Rate Current; ‘ddet_ind_small_payload_rate_min’: TCP Small Payload Rate Min; ‘ddet_ind_small_payload_rate_max’: TCP Small Payload Rate Max; ‘ddet_ind_pkt_drop_ratio_current’: Pkt Drop / Pkt Rcvd Current; ‘ddet_ind_pkt_drop_ratio_min’: Pkt Drop / Pkt Rcvd Min; ‘ddet_ind_pkt_drop_ratio_max’: Pkt Drop / Pkt Rcvd Max; ‘ddet_ind_inb_per_outb_current’: Bytes-to / Bytes-from Current; ‘ddet_ind_inb_per_outb_min’: Bytes-to / Bytes-from Min; ‘ddet_ind_inb_per_outb_max’: Bytes-to / Bytes-from Max; ‘ddet_ind_syn_per_fin_rate_current’: TCP SYN Rate / FIN Rate Current; ‘ddet_ind_syn_per_fin_rate_min’: TCP SYN Rate / FIN Rate Min; ‘ddet_ind_syn_per_fin_rate_max’: TCP SYN Rate / FIN Rate Max; ‘ddet_ind_conn_miss_rate_current’: TCP Session Miss Rate Current; ‘ddet_ind_conn_miss_rate_min’: TCP Session Miss Rate Min; ‘ddet_ind_conn_miss_rate_max’: TCP Session Miss Rate Max; ‘ddet_ind_concurrent_conns_current’: TCP/UDP Concurrent Sessions Current; ‘ddet_ind_concurrent_conns_min’: TCP/UDP Concurrent Sessions Min; ‘ddet_ind_concurrent_conns_max’: TCP/UDP Concurrent Sessions Max; ‘ddet_ind_data_cpu_util_current’: Data CPU Utilization Current; ‘ddet_ind_data_cpu_util_min’: Data CPU Utilization Min; ‘ddet_ind_data_cpu_util_max’: Data CPU Utilization Max; ‘ddet_ind_outside_intf_util_current’: Outside Interface Utilization Current; ‘ddet_ind_outside_intf_util_min’: Outside Interface Utilization Min; ‘ddet_ind_outside_intf_util_max’: Outside Interface Utilization Max; ‘ddet_ind_frag_rate_current’: Frag Pkt Rate Current; ‘ddet_ind_frag_rate_min’: Frag Pkt Rate Min; ‘ddet_ind_frag_rate_max’: Frag Pkt Rate Max; ‘ddet_ind_bit_rate_current’: Bit Rate Current; ‘ddet_ind_bit_rate_min’: Bit Rate Min; ‘ddet_ind_bit_rate_max’: Bit Rate Max;
Type: string
Supported Values: all, ip-proto-type, ddet_ind_pkt_rate_current, ddet_ind_pkt_rate_min, ddet_ind_pkt_rate_max, ddet_ind_pkt_drop_rate_current, ddet_ind_pkt_drop_rate_min, ddet_ind_pkt_drop_rate_max, ddet_ind_syn_rate_current, ddet_ind_syn_rate_min, ddet_ind_syn_rate_max, ddet_ind_fin_rate_current, ddet_ind_fin_rate_min, ddet_ind_fin_rate_max, ddet_ind_rst_rate_current, ddet_ind_rst_rate_min, ddet_ind_rst_rate_max, ddet_ind_small_window_ack_rate_current, ddet_ind_small_window_ack_rate_min, ddet_ind_small_window_ack_rate_max, ddet_ind_empty_ack_rate_current, ddet_ind_empty_ack_rate_min, ddet_ind_empty_ack_rate_max, ddet_ind_small_payload_rate_current, ddet_ind_small_payload_rate_min, ddet_ind_small_payload_rate_max, ddet_ind_pkt_drop_ratio_current, ddet_ind_pkt_drop_ratio_min, ddet_ind_pkt_drop_ratio_max, ddet_ind_inb_per_outb_current, ddet_ind_inb_per_outb_min, ddet_ind_inb_per_outb_max, ddet_ind_syn_per_fin_rate_current, ddet_ind_syn_per_fin_rate_min, ddet_ind_syn_per_fin_rate_max, ddet_ind_conn_miss_rate_current, ddet_ind_conn_miss_rate_min, ddet_ind_conn_miss_rate_max, ddet_ind_concurrent_conns_current, ddet_ind_concurrent_conns_min, ddet_ind_concurrent_conns_max, ddet_ind_data_cpu_util_current, ddet_ind_data_cpu_util_min, ddet_ind_data_cpu_util_max, ddet_ind_outside_intf_util_current, ddet_ind_outside_intf_util_min, ddet_ind_outside_intf_util_max, ddet_ind_frag_rate_current, ddet_ind_frag_rate_min, ddet_ind_frag_rate_max, ddet_ind_bit_rate_current, ddet_ind_bit_rate_min, ddet_ind_bit_rate_max
dst_entry-list_port-range-list_template¶
Specification Value Type object dns
Description DDOS dns template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
http
Description DDOS http template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
sip
Description DDOS sip template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
ssl-l4
Description DDOS SSL-L4 template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
tcp
Description DDOS tcp template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
udp
Description DDOS udp template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
dst_entry-list_port-range-list_glid-exceed-action¶
Specification Value Type object stateless-encap-action-cfg
Description: stateless-encap-action-cfg is a JSON Block. Please see below for dst_entry-list_port-range-list_glid-exceed-action_stateless-encap-action-cfg
Type: Object
dst_entry-list_port-range-list_glid-exceed-action_stateless-encap-action-cfg¶
Specification Value Type object encap-template
Description Apply legacy encap template for encap action
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/template/encap
stateless-encap-action
Description ‘stateless-tunnel-encap’: Encapsulate all packets; ‘stateless-tunnel-encap-scrubbed’: Encapsulate all packets and allow packets to go through other DDoS checks before sent (conn-limit exceeded packet can not be scrubbed, it will default to stateless-tunnel-encap);
Type: string
Supported Values: stateless-tunnel-encap, stateless-tunnel-encap-scrubbed
dst_entry-list_port-range-list_topk-sources¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_entry-list_hw-blacklist-blocking¶
Specification Value Type object dst-enable
Description Enable Dst side hardware blocking
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
src-enable
Description Enable Src side hardware blocking
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_entry-list_src-dst-pair-class-list-list¶
Specification Value Type list Block object keys app-type-src-dst-list
Type: List
Reference Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair-class-list/{class-list-name}/app-type-src-dst/{protocol}
cid-list
Type: List
Reference Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair-class-list/{class-list-name}/cid/{cid-num}
class-list-name
Description Class-list name
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
exceed-log-cfg
Description: exceed-log-cfg is a JSON Block. Please see below for dst_entry-list_src-dst-pair-class-list-list_exceed-log-cfg
Type: Object
l4-type-src-dst-list
Type: List
Reference Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair-class-list/{class-list-name}/l4-type-src-dst/{protocol}
log-periodic
Description Enable periodic log while event is continuing
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_entry-list_src-dst-pair-class-list-list_cid-list¶
Specification Value Type list Block object keys app-type-src-dst-cid-list
cid-num
Description Class-list id
Type: number
Range: 1-32
exceed-log-cfg
Description: exceed-log-cfg is a JSON Block. Please see below for dst_entry-list_src-dst-pair-class-list-list_cid-list_exceed-log-cfg
Type: Object
l4-type-src-dst-cid-list
log-periodic
Description Enable periodic log while event is continuing
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_entry-list_src-dst-pair-class-list-list_cid-list_app-type-src-dst-cid-list¶
Specification Value Type list Block object keys protocol
Description ‘dns’: dns; ‘http’: http; ‘ssl-l4’: ssl-l4; ‘sip’: sip;
Type: string
Supported Values: dns, http, ssl-l4, sip
template
Description: template is a JSON Block. Please see below for dst_entry-list_src-dst-pair-class-list-list_cid-list_app-type-src-dst-cid-list_template
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_entry-list_src-dst-pair-class-list-list_cid-list_app-type-src-dst-cid-list_template¶
Specification Value Type object dns
Description DDOS dns template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
http
Description DDOS http template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
sip
Description DDOS sip template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
ssl-l4
Description DDOS SSL-L4 template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
dst_entry-list_src-dst-pair-class-list-list_cid-list_l4-type-src-dst-cid-list¶
Specification Value Type list Block object keys deny
Description Blacklist and Drop all incoming packets for protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
protocol
Description ‘tcp’: tcp; ‘udp’: udp; ‘icmp’: icmp; ‘other’: other;
Type: string
Supported Values: tcp, udp, icmp, other
template
Description: template is a JSON Block. Please see below for dst_entry-list_src-dst-pair-class-list-list_cid-list_l4-type-src-dst-cid-list_template
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_entry-list_src-dst-pair-class-list-list_cid-list_l4-type-src-dst-cid-list_template¶
Specification Value Type object other
Description DDOS OTHER template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
tcp
Description DDOS TCP template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
template-icmp-v4
Description DDOS icmp-v4 template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
template-icmp-v6
Description DDOS icmp-v6 template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
udp
Description DDOS UDP template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
dst_entry-list_src-dst-pair-class-list-list_cid-list_exceed-log-cfg¶
Specification Value Type object log-enable
Description Enable logging of limit exceed drop’s
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dst_entry-list_src-dst-pair-class-list-list_app-type-src-dst-list¶
Specification Value Type list Block object keys protocol
Description ‘dns’: dns; ‘http’: http; ‘ssl-l4’: ssl-l4; ‘sip’: sip;
Type: string
Supported Values: dns, http, ssl-l4, sip
template
Description: template is a JSON Block. Please see below for dst_entry-list_src-dst-pair-class-list-list_app-type-src-dst-list_template
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_entry-list_src-dst-pair-class-list-list_app-type-src-dst-list_template¶
Specification Value Type object dns
Description DDOS dns template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
http
Description DDOS http template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
sip
Description DDOS sip template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
ssl-l4
Description DDOS SSL-L4 template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
dst_entry-list_src-dst-pair-class-list-list_l4-type-src-dst-list¶
Specification Value Type list Block object keys deny
Description Blacklist and Drop all incoming packets for protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
protocol
Description ‘tcp’: tcp; ‘udp’: udp; ‘icmp’: icmp; ‘other’: other;
Type: string
Supported Values: tcp, udp, icmp, other
template
Description: template is a JSON Block. Please see below for dst_entry-list_src-dst-pair-class-list-list_l4-type-src-dst-list_template
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_entry-list_src-dst-pair-class-list-list_l4-type-src-dst-list_template¶
Specification Value Type object other
Description DDOS OTHER template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
tcp
Description DDOS TCP template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
template-icmp-v4
Description DDOS icmp-v4 template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
template-icmp-v6
Description DDOS icmp-v6 template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
udp
Description DDOS UDP template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
dst_entry-list_src-dst-pair-class-list-list_exceed-log-cfg¶
Specification Value Type object log-enable
Description Enable logging of limit exceed drop’s
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dst_entry-list_template¶
Specification Value Type object logging
Description DDOS logging template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
dst_entry-list_glid-exceed-action¶
Specification Value Type object stateless-encap-action-cfg
Description: stateless-encap-action-cfg is a JSON Block. Please see below for dst_entry-list_glid-exceed-action_stateless-encap-action-cfg
Type: Object
dst_entry-list_glid-exceed-action_stateless-encap-action-cfg¶
Specification Value Type object encap-template
Description Apply legacy encap template for encap action
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/template/encap
stateless-encap-action
Description ‘stateless-tunnel-encap’: Encapsulate all packets; ‘stateless-tunnel-encap-scrubbed’: Encapsulate all packets and allow packets to go through other DDoS checks before sent (conn-limit exceeded packet can not be scrubbed, it will default to stateless-tunnel-encap);
Type: string
Supported Values: stateless-tunnel-encap, stateless-tunnel-encap-scrubbed
dst_entry-list_l4-type-list¶
Specification Value Type list Block object keys deny
Description Blacklist and Drop all incoming packets for protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
detection-enable
Description Enable ddos detection
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
disable-syn-auth
Description Disable TCP SYN Authentication
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
drop-frag-pkt
Description Drop fragmented packets
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
drop-on-no-port-match
Description ‘disable’: disable; ‘enable’: enable;
Type: string
Supported Values: disable, enable
Default: enable
enable-top-k
Description Enable ddos top-k entries
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
glid-exceed-action
Description: glid-exceed-action is a JSON Block. Please see below for dst_entry-list_l4-type-list_glid-exceed-action
Type: Object
max-rexmit-syn-per-flow
Description Maximum number of re-transmit SYN per flow
Type: number
Range: 1-6
max-rexmit-syn-per-flow-exceed-action
Description ‘drop’: Drop the packet; ‘black-list’: Add the source IP into black list;
Type: string
Supported Values: drop, black-list
port-ind
Description: port-ind is a JSON Block. Please see below for dst_entry-list_l4-type-list_port-ind
Type: Object
Reference Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/l4-type/{protocol}/port-ind
progression-tracking
Description: progression-tracking is a JSON Block. Please see below for dst_entry-list_l4-type-list_progression-tracking
Type: Object
Reference Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/l4-type/{protocol}/progression-tracking
protocol
Description ‘tcp’: L4-Type TCP; ‘udp’: L4-Type UDP; ‘icmp’: L4-Type ICMP; ‘other’: L4-Type OTHER;
Type: string
Supported Values: tcp, udp, icmp, other
set-counter-base-val
Description Set T2 counter value of current context to specified value
Type: number
Range: 1-4294967295
stateful
Description Enable stateful tracking of sessions (Default is stateless)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
syn-auth
Description ‘send-rst’: Send RST to client upon client ACK; ‘force-rst-by-ack’: Force client RST via the use of ACK; ‘force-rst-by-synack’: Force client RST via the use of bad SYN|ACK; ‘disable’: Disable TCP SYN Authentication;
Type: string
Supported Values: send-rst, force-rst-by-ack, force-rst-by-synack, disable
Default: send-rst
syn-cookie
Description Enable SYN Cookie
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
tcp-reset-client
Description Send reset to client when rate exceeds or session ages out
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
tcp-reset-server
Description Send reset to server when rate exceeds or session ages out
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
template
Description: template is a JSON Block. Please see below for dst_entry-list_l4-type-list_template
Type: Object
topk-num-records
Description Maximum number of records to show in topk
Type: number
Range: 1-100
Default: 20
topk-sources
Description: topk-sources is a JSON Block. Please see below for dst_entry-list_l4-type-list_topk-sources
Type: Object
Reference Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/l4-type/{protocol}/topk-sources
tunnel-decap
Description: tunnel-decap is a JSON Block. Please see below for dst_entry-list_l4-type-list_tunnel-decap
Type: Object
tunnel-rate-limit
Description: tunnel-rate-limit is a JSON Block. Please see below for dst_entry-list_l4-type-list_tunnel-rate-limit
Type: Object
undefined-port-hit-statistics
Description: undefined-port-hit-statistics is a JSON Block. Please see below for dst_entry-list_l4-type-list_undefined-port-hit-statistics
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_entry-list_l4-type-list_undefined-port-hit-statistics¶
Specification Value Type object reset-interval
Description Configure port scanning counter reset interval (minutes), Default 60 mins
Type: number
Range: 1-64000
Default: 60
undefined-port-hit-statistics
Description Enable port scanning statistics
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dst_entry-list_l4-type-list_template¶
Specification Value Type object template-icmp-v4
Description DDOS icmp-v4 template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
template-icmp-v6
Description DDOS icmp-v6 template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
dst_entry-list_l4-type-list_glid-exceed-action¶
Specification Value Type object stateless-encap-action-cfg
Description: stateless-encap-action-cfg is a JSON Block. Please see below for dst_entry-list_l4-type-list_glid-exceed-action_stateless-encap-action-cfg
Type: Object
dst_entry-list_l4-type-list_glid-exceed-action_stateless-encap-action-cfg¶
Specification Value Type object encap-template
Description Apply legacy encap template for encap action
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/template/encap
stateless-encap-action
Description ‘stateless-tunnel-encap’: Encapsulate all packets; ‘stateless-tunnel-encap-scrubbed’: Encapsulate all packets and allow packets to go through other DDoS checks before sent (conn-limit exceeded packet can not be scrubbed, it will default to stateless-tunnel-encap);
Type: string
Supported Values: stateless-tunnel-encap, stateless-tunnel-encap-scrubbed
dst_entry-list_l4-type-list_tunnel-decap¶
Specification Value Type object gre-decap
Description Enable GRE Tunnel decapsulation
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
ip-decap
Description Enable IP Tunnel decapsulation
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
key-cfg
Type: List
dst_entry-list_l4-type-list_tunnel-decap_key-cfg¶
Specification Value Type list Block object keys key
Description Only decapsulate GRE packet with this key (Hexadecimal 0x0-0xFFFFFFFF,decimal 0-4294967295)
Type: string
Maximum Length: 10 characters
Maximum Length: 1 characters
dst_entry-list_l4-type-list_port-ind¶
Specification Value Type object sampling-enable
Type: Listuuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_entry-list_l4-type-list_port-ind_sampling-enable¶
Specification Value Type list Block object keys counters1
Description ‘all’: all; ‘ip-proto-type’: IP Protocol Type; ‘ddet_ind_pkt_rate_current’: Pkt Rate Current; ‘ddet_ind_pkt_rate_min’: Pkt Rate Min; ‘ddet_ind_pkt_rate_max’: Pkt Rate Max; ‘ddet_ind_pkt_drop_rate_current’: Pkt Drop Rate Current; ‘ddet_ind_pkt_drop_rate_min’: Pkt Drop Rate Min; ‘ddet_ind_pkt_drop_rate_max’: Pkt Drop Rate Max; ‘ddet_ind_syn_rate_current’: TCP SYN Rate Current; ‘ddet_ind_syn_rate_min’: TCP SYN Rate Min; ‘ddet_ind_syn_rate_max’: TCP SYN Rate Max; ‘ddet_ind_fin_rate_current’: TCP FIN Rate Current; ‘ddet_ind_fin_rate_min’: TCP FIN Rate Min; ‘ddet_ind_fin_rate_max’: TCP FIN Rate Max; ‘ddet_ind_rst_rate_current’: TCP RST Rate Current; ‘ddet_ind_rst_rate_min’: TCP RST Rate Min; ‘ddet_ind_rst_rate_max’: TCP RST Rate Max; ‘ddet_ind_small_window_ack_rate_current’: TCP Small Window ACK Rate Current; ‘ddet_ind_small_window_ack_rate_min’: TCP Small Window ACK Rate Min; ‘ddet_ind_small_window_ack_rate_max’: TCP Small Window ACK Rate Max; ‘ddet_ind_empty_ack_rate_current’: TCP Empty ACK Rate Current; ‘ddet_ind_empty_ack_rate_min’: TCP Empty ACK Rate Min; ‘ddet_ind_empty_ack_rate_max’: TCP Empty ACK Rate Max; ‘ddet_ind_small_payload_rate_current’: TCP Small Payload Rate Current; ‘ddet_ind_small_payload_rate_min’: TCP Small Payload Rate Min; ‘ddet_ind_small_payload_rate_max’: TCP Small Payload Rate Max; ‘ddet_ind_pkt_drop_ratio_current’: Pkt Drop / Pkt Rcvd Current; ‘ddet_ind_pkt_drop_ratio_min’: Pkt Drop / Pkt Rcvd Min; ‘ddet_ind_pkt_drop_ratio_max’: Pkt Drop / Pkt Rcvd Max; ‘ddet_ind_inb_per_outb_current’: Bytes-to / Bytes-from Current; ‘ddet_ind_inb_per_outb_min’: Bytes-to / Bytes-from Min; ‘ddet_ind_inb_per_outb_max’: Bytes-to / Bytes-from Max; ‘ddet_ind_syn_per_fin_rate_current’: TCP SYN Rate / FIN Rate Current; ‘ddet_ind_syn_per_fin_rate_min’: TCP SYN Rate / FIN Rate Min; ‘ddet_ind_syn_per_fin_rate_max’: TCP SYN Rate / FIN Rate Max; ‘ddet_ind_conn_miss_rate_current’: TCP Session Miss Rate Current; ‘ddet_ind_conn_miss_rate_min’: TCP Session Miss Rate Min; ‘ddet_ind_conn_miss_rate_max’: TCP Session Miss Rate Max; ‘ddet_ind_concurrent_conns_current’: TCP/UDP Concurrent Sessions Current; ‘ddet_ind_concurrent_conns_min’: TCP/UDP Concurrent Sessions Min; ‘ddet_ind_concurrent_conns_max’: TCP/UDP Concurrent Sessions Max; ‘ddet_ind_data_cpu_util_current’: Data CPU Utilization Current; ‘ddet_ind_data_cpu_util_min’: Data CPU Utilization Min; ‘ddet_ind_data_cpu_util_max’: Data CPU Utilization Max; ‘ddet_ind_outside_intf_util_current’: Outside Interface Utilization Current; ‘ddet_ind_outside_intf_util_min’: Outside Interface Utilization Min; ‘ddet_ind_outside_intf_util_max’: Outside Interface Utilization Max; ‘ddet_ind_frag_rate_current’: Frag Pkt Rate Current; ‘ddet_ind_frag_rate_min’: Frag Pkt Rate Min; ‘ddet_ind_frag_rate_max’: Frag Pkt Rate Max; ‘ddet_ind_bit_rate_current’: Bit Rate Current; ‘ddet_ind_bit_rate_min’: Bit Rate Min; ‘ddet_ind_bit_rate_max’: Bit Rate Max;
Type: string
Supported Values: all, ip-proto-type, ddet_ind_pkt_rate_current, ddet_ind_pkt_rate_min, ddet_ind_pkt_rate_max, ddet_ind_pkt_drop_rate_current, ddet_ind_pkt_drop_rate_min, ddet_ind_pkt_drop_rate_max, ddet_ind_syn_rate_current, ddet_ind_syn_rate_min, ddet_ind_syn_rate_max, ddet_ind_fin_rate_current, ddet_ind_fin_rate_min, ddet_ind_fin_rate_max, ddet_ind_rst_rate_current, ddet_ind_rst_rate_min, ddet_ind_rst_rate_max, ddet_ind_small_window_ack_rate_current, ddet_ind_small_window_ack_rate_min, ddet_ind_small_window_ack_rate_max, ddet_ind_empty_ack_rate_current, ddet_ind_empty_ack_rate_min, ddet_ind_empty_ack_rate_max, ddet_ind_small_payload_rate_current, ddet_ind_small_payload_rate_min, ddet_ind_small_payload_rate_max, ddet_ind_pkt_drop_ratio_current, ddet_ind_pkt_drop_ratio_min, ddet_ind_pkt_drop_ratio_max, ddet_ind_inb_per_outb_current, ddet_ind_inb_per_outb_min, ddet_ind_inb_per_outb_max, ddet_ind_syn_per_fin_rate_current, ddet_ind_syn_per_fin_rate_min, ddet_ind_syn_per_fin_rate_max, ddet_ind_conn_miss_rate_current, ddet_ind_conn_miss_rate_min, ddet_ind_conn_miss_rate_max, ddet_ind_concurrent_conns_current, ddet_ind_concurrent_conns_min, ddet_ind_concurrent_conns_max, ddet_ind_data_cpu_util_current, ddet_ind_data_cpu_util_min, ddet_ind_data_cpu_util_max, ddet_ind_outside_intf_util_current, ddet_ind_outside_intf_util_min, ddet_ind_outside_intf_util_max, ddet_ind_frag_rate_current, ddet_ind_frag_rate_min, ddet_ind_frag_rate_max, ddet_ind_bit_rate_current, ddet_ind_bit_rate_min, ddet_ind_bit_rate_max
dst_entry-list_l4-type-list_topk-sources¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_entry-list_l4-type-list_tunnel-rate-limit¶
Specification Value Type object gre-rate-limit
Description Enable inner IP rate limiting on GRE traffic
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
ip-rate-limit
Description Enable inner IP rate limiting on IPinIP traffic
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dst_entry-list_l4-type-list_progression-tracking¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_entry-list_topk-destinations¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_entry-list_src-dst-pair-settings-list¶
Specification Value Type list Block object keys age
Description Idle age for ip entry
Type: number
Range: 2-1023
Default: 5
all-types
Description ‘all-types’: Settings for all types (default or class-list);
Type: string
Supported Values: all-types
apply-policy-on-overflow
Description Enable this flag to apply overflow policy when dynamic entry count overflows
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
enable-class-list-overflow
Description Apply class-list overflow policy upon exceeding dynamic entry count specified for DST entry or each class-list
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
l4-type-src-dst-list
Type: List
Reference Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair-settings/{all-types}/l4-type-src-dst/{protocol}
max-dynamic-entry-count
Description Maximum count for dynamic src-dst entry
Type: number
Range: 0-2147483647
src-prefix-len
Description Specify src prefix length for IPv6 (default: not set)
Type: number
Range: 32-127
unlimited-dynamic-entry-count
Description No limit for maximum dynamic src entry count
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_entry-list_src-dst-pair-settings-list_l4-type-src-dst-list¶
Specification Value Type list Block object keys apply-policy-on-overflow
Description Enable this flag to apply overflow policy when dynamic entry count overflows
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
max-dynamic-entry-count
Description Maximum count for dynamic src-dst entry
Type: number
Range: 0-2147483647
protocol
Description ‘tcp’: tcp; ‘udp’: udp; ‘icmp’: icmp; ‘other’: other;
Type: string
Supported Values: tcp, udp, icmp, other
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_entry-list_src-port-range-list¶
Specification Value Type list Block object keys deny
Description Blacklist and Drop all incoming packets for protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
protocol
Description ‘udp’: UDP Port; ‘tcp’: TCP Port;
Type: string
Supported Values: udp, tcp
set-counter-base-val
Description Set T2 counter value of current context to specified value
Type: number
Range: 1-4294967295
src-port-range-end
Description Src Port-Range End Port Number
Type: number
Range: 2-65535
src-port-range-start
Description Src Port-Range Start Port Number
Type: number
Range: 1-65535
template
Description: template is a JSON Block. Please see below for dst_entry-list_src-port-range-list_template
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_entry-list_src-port-range-list_template¶
Specification Value Type object src-tcp
Description DDOS tcp src template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
src-udp
Description DDOS udp src template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
dst_entry-list_ip-proto-list¶
Specification Value Type list Block object keys deny
Description Blacklist and Drop all incoming packets for protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
esp-inspect
Description: esp-inspect is a JSON Block. Please see below for dst_entry-list_ip-proto-list_esp-inspect
Type: Object
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
glid-exceed-action
Description: glid-exceed-action is a JSON Block. Please see below for dst_entry-list_ip-proto-list_glid-exceed-action
Type: Object
port-num
Description Protocol Number
Type: number
Range: 0-255
set-counter-base-val
Description Set T2 counter value of current context to specified value
Type: number
Range: 1-4294967295
template
Description: template is a JSON Block. Please see below for dst_entry-list_ip-proto-list_template
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_entry-list_ip-proto-list_esp-inspect¶
Specification Value Type object auth-algorithm
Description ‘AUTH_NULL’: No Integrity Check Value; ‘HMAC-SHA-1-96’: 96 bit Auth Algo; ‘HMAC-SHA-256-96’: 96 bit Auth Algo; ‘HMAC-SHA-256-128’: 128 bit Auth Algo; ‘HMAC-SHA-384-192’: 192 bit Auth Algo; ‘HMAC-SHA-512-256’: 256 bit Auth Algo; ‘HMAC-MD5-96’: 96 bit Auth Algo; ‘MAC-RIPEMD-160-96’: 96 bit Auth Algo;
Type: string
Supported Values: AUTH_NULL, HMAC-SHA-1-96, HMAC-SHA-256-96, HMAC-SHA-256-128, HMAC-SHA-384-192, HMAC-SHA-512-256, HMAC-MD5-96, MAC-RIPEMD-160-96
encrypt-algorithm
Description ‘NULL’: Null Encryption Algorithm;
Type: string
Supported Values: NULL
mode
Description ‘transport’: Transport mode;
Type: string
Supported Values: transport
dst_entry-list_ip-proto-list_template¶
Specification Value Type object other
Description DDOS other template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
dst_entry-list_ip-proto-list_glid-exceed-action¶
Specification Value Type object stateless-encap-action-cfg
Description: stateless-encap-action-cfg is a JSON Block. Please see below for dst_entry-list_ip-proto-list_glid-exceed-action_stateless-encap-action-cfg
Type: Object
dst_entry-list_ip-proto-list_glid-exceed-action_stateless-encap-action-cfg¶
Specification Value Type object encap-template
Description Apply legacy encap template for encap action
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/template/encap
stateless-encap-action
Description ‘stateless-tunnel-encap’: Encapsulate all packets; ‘stateless-tunnel-encap-scrubbed’: Encapsulate all packets and allow packets to go through other DDoS checks before sent (conn-limit exceeded packet can not be scrubbed, it will default to stateless-tunnel-encap);
Type: string
Supported Values: stateless-tunnel-encap, stateless-tunnel-encap-scrubbed
dst_entry-list_src-port-list¶
Specification Value Type list Block object keys deny
Description Blacklist and Drop all incoming packets for protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
outbound-src-tracking
Description ‘enable’: enable; ‘disable’: disable;
Type: string
Supported Values: enable, disable
Default: disable
port-num
Description Port Number
Type: number
Range: 0-65535
protocol
Description ‘dns-udp’: DNS-UDP Port; ‘dns-tcp’: DNS-TCP Port; ‘udp’: UDP Port; ‘tcp’: TCP Port;
Type: string
Supported Values: dns-udp, dns-tcp, udp, tcp
set-counter-base-val
Description Set T2 counter value of current context to specified value
Type: number
Range: 1-4294967295
template
Description: template is a JSON Block. Please see below for dst_entry-list_src-port-list_template
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_entry-list_src-port-list_template¶
Specification Value Type object src-dns
Description DDOS dns src template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
src-tcp
Description DDOS tcp src template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
src-udp
Description DDOS udp src template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
dst_entry-list_exceed-log-cfg¶
Specification Value Type object log-enable
Description Enable logging of limit exceed drop’s
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
log-high-frequency
Description Enable High frequency logging for non-event logs per entry
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
log-with-sflow
Description Turn on sflow sample with log
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
rate-limit
Description Rate limit per second per entry(Default : 1 per second)
Type: number
Range: 1-1000
Default: 1
dst_entry-list_sflow¶
Specification Value Type object polling
Description: polling is a JSON Block. Please see below for dst_entry-list_sflow_polling
Type: Object
dst_entry-list_sflow_polling¶
Specification Value Type object sflow-http
Description Enable sFlow HTTP counter polling. WARNING: Entry level Sflow polling might induce heavy CPU load depending on the total number
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sflow-layer-4
Description Enable sFlow Layer 4 counter polling. WARNING: Entry level Sflow polling might induce heavy CPU load depending on the total num
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sflow-packets
Description Enable sFlow packet-level counter polling. WARNING: Entry level Sflow polling might induce heavy CPU load depending on the tota
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sflow-tcp
Description: sflow-tcp is a JSON Block. Please see below for dst_entry-list_sflow_polling_sflow-tcp
Type: Object
sflow-undef-port-hit-stats
Description Enable sFlow undefined-port-hit-statistics polling
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sflow-undef-port-hit-stats-brief
Description Enable sFlow undefined-port-hit-statistics polling in brief mode
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dst_entry-list_sflow_polling_sflow-tcp¶
Specification Value Type object sflow-tcp-basic
Description Enable sFlow basic TCP counter polling. WARNING: Entry level Sflow polling might induce heavy CPU load depending on the total n
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sflow-tcp-stateful
Description Enable sFlow stateful TCP counter polling. WARNING: Entry level Sflow polling might induce heavy CPU load depending on the tota
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dst_entry-list_src-dst-pair¶
Specification Value Type object app-type-src-dst-list
Type: List
Reference Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair/app-type-src-dst/{protocol}
bypass
Description Always permit for the Source to bypass all feature & limit checks
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
default
Description Configure default
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exceed-log-cfg
Description: exceed-log-cfg is a JSON Block. Please see below for dst_entry-list_src-dst-pair_exceed-log-cfg
Type: Object
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
l4-type-src-dst-list
Type: List
Reference Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair/l4-type-src-dst/{protocol}
log-periodic
Description Enable periodic log while event is continuing
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
template
Description: template is a JSON Block. Please see below for dst_entry-list_src-dst-pair_template
Type: Object
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_entry-list_src-dst-pair_template¶
Specification Value Type object logging
Description DDOS logging template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
dst_entry-list_src-dst-pair_app-type-src-dst-list¶
Specification Value Type list Block object keys protocol
Description ‘dns’: dns; ‘http’: http; ‘ssl-l4’: ssl-l4; ‘sip’: sip;
Type: string
Supported Values: dns, http, ssl-l4, sip
template
Description: template is a JSON Block. Please see below for dst_entry-list_src-dst-pair_app-type-src-dst-list_template
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_entry-list_src-dst-pair_app-type-src-dst-list_template¶
Specification Value Type object dns
Description DDOS dns template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
http
Description DDOS http template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
sip
Description DDOS sip template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
ssl-l4
Description DDOS SSL-L4 template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
dst_entry-list_src-dst-pair_l4-type-src-dst-list¶
Specification Value Type list Block object keys deny
Description Blacklist and Drop all incoming packets for protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
protocol
Description ‘tcp’: tcp; ‘udp’: udp; ‘icmp’: icmp; ‘other’: other;
Type: string
Supported Values: tcp, udp, icmp, other
template
Description: template is a JSON Block. Please see below for dst_entry-list_src-dst-pair_l4-type-src-dst-list_template
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_entry-list_src-dst-pair_l4-type-src-dst-list_template¶
Specification Value Type object other
Description DDOS OTHER template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
tcp
Description DDOS TCP template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
template-icmp-v4
Description DDOS icmp-v4 template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
template-icmp-v6
Description DDOS icmp-v6 template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
udp
Description DDOS UDP template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
dst_entry-list_src-dst-pair_exceed-log-cfg¶
Specification Value Type object log-enable
Description Enable logging of limit exceed drop’s
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dst_entry-list_src-dst-pair-policy-list¶
Specification Value Type list Block object keys policy-class-list-list
src-based-policy-name
Description Src-based-policy name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_entry-list_src-dst-pair-policy-list_policy-class-list-list¶
Specification Value Type list Block object keys app-type-src-dst-list
bypass
Description Always permit for the Source to bypass all feature & limit checks
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
class-list-name
Description Class-list name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
class-list-overflow-policy-list
exceed-log-cfg
Description: exceed-log-cfg is a JSON Block. Please see below for dst_entry-list_src-dst-pair-policy-list_policy-class-list-list_exceed-log-cfg
Type: Object
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
l4-type-src-dst-list
log-periodic
Description Enable periodic log while event is continuing
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
max-dynamic-entry-count
Description Maximum count for dynamic src-dst entry under class-list
Type: number
Range: 0-2147483647
sampling-enable
Type: Listtemplate
Description: template is a JSON Block. Please see below for dst_entry-list_src-dst-pair-policy-list_policy-class-list-list_template
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_entry-list_src-dst-pair-policy-list_policy-class-list-list_template¶
Specification Value Type object logging
Description DDOS logging template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
dst_entry-list_src-dst-pair-policy-list_policy-class-list-list_app-type-src-dst-list¶
Specification Value Type list Block object keys protocol
Description ‘dns’: dns; ‘http’: http; ‘ssl-l4’: ssl-l4; ‘sip’: sip;
Type: string
Supported Values: dns, http, ssl-l4, sip
template
Description: template is a JSON Block. Please see below for dst_entry-list_src-dst-pair-policy-list_policy-class-list-list_app-type-src-dst-list_template
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_entry-list_src-dst-pair-policy-list_policy-class-list-list_app-type-src-dst-list_template¶
Specification Value Type object dns
Description DDOS dns template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
http
Description DDOS http template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
sip
Description DDOS sip template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
ssl-l4
Description DDOS SSL-L4 template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
dst_entry-list_src-dst-pair-policy-list_policy-class-list-list_sampling-enable¶
Specification Value Type list Block object keys counters1
Description ‘all’: all; ‘packet_received’: Packets Received; ‘packet_dropped’: Packets Dropped; ‘entry_learned’: Entry Learned; ‘entry_count_overflow’: Entry Count Overflow;
Type: string
Supported Values: all, packet_received, packet_dropped, entry_learned, entry_count_overflow
dst_entry-list_src-dst-pair-policy-list_policy-class-list-list_l4-type-src-dst-list¶
Specification Value Type list Block object keys deny
Description Blacklist and Drop all incoming packets for protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
protocol
Description ‘tcp’: tcp; ‘udp’: udp; ‘icmp’: icmp; ‘other’: other;
Type: string
Supported Values: tcp, udp, icmp, other
template
Description: template is a JSON Block. Please see below for dst_entry-list_src-dst-pair-policy-list_policy-class-list-list_l4-type-src-dst-list_template
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_entry-list_src-dst-pair-policy-list_policy-class-list-list_l4-type-src-dst-list_template¶
Specification Value Type object other
Description DDOS OTHER template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
tcp
Description DDOS TCP template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
template-icmp-v4
Description DDOS icmp-v4 template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
template-icmp-v6
Description DDOS icmp-v6 template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
udp
Description DDOS UDP template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
dst_entry-list_src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list¶
Specification Value Type list Block object keys app-type-src-dst-overflow-list
bypass
Description Always permit for the Source to bypass all feature & limit checks
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dummy-name
Description ‘configuration’: Configure src dst dynamic entry count overflow policy for class-list;
Type: string
Supported Values: configuration
exceed-log-cfg
Description: exceed-log-cfg is a JSON Block. Please see below for dst_entry-list_src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list_exceed-log-cfg
Type: Object
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
l4-type-src-dst-overflow-list
log-periodic
Description Enable periodic log while event is continuing
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
template
Description: template is a JSON Block. Please see below for dst_entry-list_src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list_template
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_entry-list_src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list_template¶
Specification Value Type object logging
Description DDOS logging template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
dst_entry-list_src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list_l4-type-src-dst-overflow-list¶
Specification Value Type list Block object keys deny
Description Blacklist and Drop all incoming packets for protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
protocol
Description ‘tcp’: tcp; ‘udp’: udp; ‘icmp’: icmp; ‘other’: other;
Type: string
Supported Values: tcp, udp, icmp, other
template
Description: template is a JSON Block. Please see below for dst_entry-list_src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list_l4-type-src-dst-overflow-list_template
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_entry-list_src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list_l4-type-src-dst-overflow-list_template¶
Specification Value Type object other
Description DDOS OTHER template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
tcp
Description DDOS TCP template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
template-icmp-v4
Description DDOS icmp-v4 template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
template-icmp-v6
Description DDOS icmp-v6 template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
udp
Description DDOS UDP template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
dst_entry-list_src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list_app-type-src-dst-overflow-list¶
Specification Value Type list Block object keys protocol
Description ‘dns’: dns; ‘http’: http; ‘ssl-l4’: ssl-l4; ‘sip’: sip;
Type: string
Supported Values: dns, http, ssl-l4, sip
template
Description: template is a JSON Block. Please see below for dst_entry-list_src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list_app-type-src-dst-overflow-list_template
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_entry-list_src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list_app-type-src-dst-overflow-list_template¶
Specification Value Type object dns
Description DDOS dns template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
http
Description DDOS http template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
sip
Description DDOS sip template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
ssl-l4
Description DDOS SSL-L4 template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
dst_entry-list_src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list_exceed-log-cfg¶
Specification Value Type object log-enable
Description Enable logging of limit exceed drop’s
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dst_entry-list_src-dst-pair-policy-list_policy-class-list-list_exceed-log-cfg¶
Specification Value Type object log-enable
Description Enable logging of limit exceed drop’s
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dst_entry-list_sampling-enable¶
Specification Value Type list Block object keys counters1
Description ‘all’: all; ‘dst_tcp_any_exceed’: TCP Dst L4-Type Rate: Total Exceeded; ‘dst_tcp_pkt_rate_exceed’: TCP Dst L4-Type Rate: Packet Exceeded; ‘dst_tcp_conn_rate_exceed’: TCP Dst L4-Type Rate: Conn Exceeded; ‘dst_udp_any_exceed’: UDP Dst L4-Type Rate: Total Exceeded; ‘dst_udp_pkt_rate_exceed’: UDP Dst L4-Type Rate: Packet Exceeded; ‘dst_udp_conn_limit_exceed’: UDP Dst L4-Type Limit: Conn Exceeded; ‘dst_udp_conn_rate_exceed’: UDP Dst L4-Type Rate: Conn Exceeded; ‘dst_icmp_pkt_rate_exceed’: ICMP Dst Rate: Packet Exceeded; ‘dst_other_pkt_rate_exceed’: OTHER Dst L4-Type Rate: Packet Exceeded; ‘dst_other_frag_pkt_rate_exceed’: OTHER Dst L4-Type Rate: Frag Exceeded; ‘dst_port_pkt_rate_exceed’: Port Rate: Packet Exceeded; ‘dst_port_conn_limit_exceed’: Port Limit: Conn Exceeded; ‘dst_port_conn_rate_exceed’: Port Rate: Conn Exceeded; ‘dst_pkt_sent’: Inbound: Packets Forwarded; ‘dst_udp_pkt_sent’: UDP Total Packets Forwarded; ‘dst_tcp_pkt_sent’: TCP Total Packets Forwarded; ‘dst_icmp_pkt_sent’: ICMP Total Packets Forwarded; ‘dst_other_pkt_sent’: OTHER Total Packets Forwarded; ‘dst_tcp_conn_limit_exceed’: TCP Dst L4-Type Limit: Conn Exceeded; ‘dst_tcp_pkt_rcvd’: TCP Total Packets Received; ‘dst_udp_pkt_rcvd’: UDP Total Packets Received; ‘dst_icmp_pkt_rcvd’: ICMP Total Packets Received; ‘dst_other_pkt_rcvd’: OTHER Total Packets Received; ‘dst_udp_filter_match’: UDP Filter Match; ‘dst_udp_filter_not_match’: UDP Filter Not Matched on Pkt; ‘dst_udp_filter_action_blacklist’: UDP Filter Action Blacklist; ‘dst_udp_filter_action_drop’: UDP Filter Action Drop; ‘dst_tcp_syn’: TCP Total SYN Received; ‘dst_tcp_syn_drop’: TCP SYN Packets Dropped; ‘dst_tcp_src_rate_drop’: TCP Src Rate: Total Exceeded; ‘dst_udp_src_rate_drop’: UDP Src Rate: Total Exceeded; ‘dst_icmp_src_rate_drop’: ICMP Src Rate: Total Exceeded; ‘dst_other_frag_src_rate_drop’: OTHER Src Rate: Frag Exceeded; ‘dst_other_src_rate_drop’: OTHER Src Rate: Total Exceeded; ‘dst_tcp_drop’: TCP Total Packets Dropped; ‘dst_udp_drop’: UDP Total Packets Dropped; ‘dst_icmp_drop’: ICMP Total Packets Dropped; ‘dst_frag_drop’: Fragmented Packets Dropped; ‘dst_other_drop’: OTHER Total Packets Dropped; ‘dst_tcp_auth’: TCP Auth: SYN Cookie Sent; ‘dst_udp_filter_action_default_pass’: UDP Filter Action Default Pass; ‘dst_tcp_filter_match’: TCP Filter Match; ‘dst_tcp_filter_not_match’: TCP Filter Not Matched on Pkt; ‘dst_tcp_filter_action_blacklist’: TCP Filter Action Blacklist; ‘dst_tcp_filter_action_drop’: TCP Filter Action Drop; ‘dst_tcp_filter_action_default_pass’: TCP Filter Action Default Pass; ‘dst_udp_filter_action_whitelist’: UDP Filter Action WL; ‘dst_over_limit_on’: DST overlimit Trigger ON; ‘dst_over_limit_off’: DST overlimit Trigger OFF; ‘dst_port_over_limit_on’: DST port overlimit Trigger ON; ‘dst_port_over_limit_off’: DST port overlimit Trigger OFF; ‘dst_over_limit_action’: DST overlimit action; ‘dst_port_over_limit_action’: DST port overlimit action; ‘scanning_detected_drop’: Scanning Detected drop (deprecated); ‘scanning_detected_blacklist’: Scanning Detected blacklist (deprecated); ‘dst_udp_kibit_rate_drop’: UDP Dst L4-Type Rate: KiBit Exceeded; ‘dst_tcp_kibit_rate_drop’: TCP Dst L4-Type Rate: KiBit Exceeded; ‘dst_icmp_kibit_rate_drop’: ICMP Dst Rate: KiBit Exceeded; ‘dst_other_kibit_rate_drop’: OTHER Dst L4-Type Rate: KiBit Exceeded; ‘dst_port_undef_drop’: Dst Port Undefined Dropped; ‘dst_port_bl’: Dst Port Blacklist Packets Dropped; ‘dst_src_port_bl’: Dst SrcPort Blacklist Packets Dropped; ‘dst_port_kbit_rate_exceed’: Port Rate: KiBit Exceeded; ‘dst_tcp_src_drop’: TCP Src Packets Dropped; ‘dst_udp_src_drop’: UDP Src Packets Dropped; ‘dst_icmp_src_drop’: ICMP Src Packets Dropped; ‘dst_other_src_drop’: OTHER Src Packets Dropped; ‘tcp_syn_rcvd’: TCP Inbound SYN Received; ‘tcp_syn_ack_rcvd’: TCP SYN ACK Received; ‘tcp_ack_rcvd’: TCP ACK Received; ‘tcp_fin_rcvd’: TCP FIN Received; ‘tcp_rst_rcvd’: TCP RST Received; ‘ingress_bytes’: Inbound: Bytes Received; ‘egress_bytes’: Outbound: Bytes Received; ‘ingress_packets’: Inbound: Packets Received; ‘egress_packets’: Outbound: Packets Received; ‘tcp_fwd_recv’: TCP Inbound Packets Received; ‘udp_fwd_recv’: UDP Inbound Packets Received; ‘icmp_fwd_recv’: ICMP Inbound Packets Received; ‘tcp_syn_cookie_fail’: TCP Auth: SYN Cookie Failed; ‘dst_tcp_session_created’: TCP Sessions Created; ‘dst_udp_session_created’: UDP Sessions Created; ‘dst_tcp_filter_action_whitelist’: TCP Filter Action WL; ‘dst_other_filter_match’: OTHER Filter Match; ‘dst_other_filter_not_match’: OTHER Filter Not Matched on Pkt; ‘dst_other_filter_action_blacklist’: OTHER Filter Action Blacklist; ‘dst_other_filter_action_drop’: OTHER Filter Action Drop; ‘dst_other_filter_action_whitelist’: OTHER Filter Action WL; ‘dst_other_filter_action_default_pass’: OTHER Filter Action Default Pass; ‘dst_blackhole_inject’: Dst Blackhole Inject; ‘dst_blackhole_withdraw’: Dst Blackhole Withdraw; ‘dst_tcp_out_of_seq_excd’: TCP Out-Of-Seq Exceeded; ‘dst_tcp_retransmit_excd’: TCP Retransmit Exceeded; ‘dst_tcp_zero_window_excd’: TCP Zero-Window Exceeded; ‘dst_tcp_conn_prate_excd’: TCP Rate: Conn Pkt Exceeded; ‘dst_tcp_action_on_ack_init’: TCP Auth: ACK Retry Init; ‘dst_tcp_action_on_ack_gap_drop’: TCP Auth: ACK Retry Retry-Gap Dropped; ‘dst_tcp_action_on_ack_fail’: TCP Auth: ACK Retry Dropped; ‘dst_tcp_action_on_ack_pass’: TCP Auth: ACK Retry Passed; ‘dst_tcp_action_on_syn_init’: TCP Auth: SYN Retry Init; ‘dst_tcp_action_on_syn_gap_drop’: TCP Auth: SYN Retry-Gap Dropped; ‘dst_tcp_action_on_syn_fail’: TCP Auth: SYN Retry Dropped; ‘dst_tcp_action_on_syn_pass’: TCP Auth: SYN Retry Passed; ‘udp_payload_too_small’: UDP Payload Too Small; ‘udp_payload_too_big’: UDP Payload Too Large; ‘dst_udp_conn_prate_excd’: UDP Rate: Conn Pkt Exceeded; ‘dst_udp_ntp_monlist_req’: UDP NTP Monlist Request; ‘dst_udp_ntp_monlist_resp’: UDP NTP Monlist Response; ‘dst_udp_wellknown_sport_drop’: UDP SrcPort Wellknown; ‘dst_udp_retry_init’: UDP Auth: Retry Init; ‘dst_udp_retry_pass’: UDP Auth: Retry Passed; ‘dst_tcp_bytes_drop’: TCP Total Bytes Dropped; ‘dst_udp_bytes_drop’: UDP Total Bytes Dropped; ‘dst_icmp_bytes_drop’: ICMP Total Bytes Dropped; ‘dst_other_bytes_drop’: OTHER Total Bytes Dropped; ‘dst_out_no_route’: Dst IPv4/v6 Out No Route; ‘outbound_bytes_sent’: Outbound: Bytes Forwarded; ‘outbound_pkt_drop’: Outbound: Packets Dropped; ‘outbound_bytes_drop’: Outbound: Bytes Dropped; ‘outbound_pkt_sent’: Outbound: Packets Forwarded; ‘inbound_bytes_sent’: Inbound: Bytes Forwarded; ‘inbound_bytes_drop’: Inbound: Bytes Dropped; ‘dst_src_port_pkt_rate_exceed’: SrcPort Rate: Packet Exceeded; ‘dst_src_port_kbit_rate_exceed’: SrcPort Rate: KiBit Exceeded; ‘dst_src_port_conn_limit_exceed’: SrcPort Limit: Conn Exceeded; ‘dst_src_port_conn_rate_exceed’: SrcPort Rate: Conn Exceeded; ‘dst_ip_proto_pkt_rate_exceed’: IP-Proto Rate: Packet Exceeded; ‘dst_ip_proto_kbit_rate_exceed’: IP-Proto Rate: KiBit Exceeded; ‘dst_tcp_port_any_exceed’: TCP Port Rate: Total Exceed; ‘dst_udp_port_any_exceed’: UDP Port Rate: Total Exceed; ‘dst_tcp_auth_pass’: TCP Auth: SYN Auth Passed; ‘dst_tcp_rst_cookie_fail’: TCP Auth: RST Cookie Failed; ‘dst_tcp_unauth_drop’: TCP Auth: Unauth Dropped; ‘src_tcp_syn_auth_fail’: Src TCP Auth: SYN Auth Failed; ‘src_tcp_syn_cookie_sent’: Src TCP Auth: SYN Cookie Sent; ‘src_tcp_syn_cookie_fail’: Src TCP Auth: SYN Cookie Failed; ‘src_tcp_rst_cookie_fail’: Src TCP Auth: RST Cookie Failed; ‘src_tcp_unauth_drop’: Src TCP Auth: Unauth Dropped; ‘src_tcp_action_on_syn_init’: Src TCP Auth: SYN Retry Init;
Type: string
Supported Values: all, dst_tcp_any_exceed, dst_tcp_pkt_rate_exceed, dst_tcp_conn_rate_exceed, dst_udp_any_exceed, dst_udp_pkt_rate_exceed, dst_udp_conn_limit_exceed, dst_udp_conn_rate_exceed, dst_icmp_pkt_rate_exceed, dst_other_pkt_rate_exceed, dst_other_frag_pkt_rate_exceed, dst_port_pkt_rate_exceed, dst_port_conn_limit_exceed, dst_port_conn_rate_exceed, dst_pkt_sent, dst_udp_pkt_sent, dst_tcp_pkt_sent, dst_icmp_pkt_sent, dst_other_pkt_sent, dst_tcp_conn_limit_exceed, dst_tcp_pkt_rcvd, dst_udp_pkt_rcvd, dst_icmp_pkt_rcvd, dst_other_pkt_rcvd, dst_udp_filter_match, dst_udp_filter_not_match, dst_udp_filter_action_blacklist, dst_udp_filter_action_drop, dst_tcp_syn, dst_tcp_syn_drop, dst_tcp_src_rate_drop, dst_udp_src_rate_drop, dst_icmp_src_rate_drop, dst_other_frag_src_rate_drop, dst_other_src_rate_drop, dst_tcp_drop, dst_udp_drop, dst_icmp_drop, dst_frag_drop, dst_other_drop, dst_tcp_auth, dst_udp_filter_action_default_pass, dst_tcp_filter_match, dst_tcp_filter_not_match, dst_tcp_filter_action_blacklist, dst_tcp_filter_action_drop, dst_tcp_filter_action_default_pass, dst_udp_filter_action_whitelist, dst_over_limit_on, dst_over_limit_off, dst_port_over_limit_on, dst_port_over_limit_off, dst_over_limit_action, dst_port_over_limit_action, scanning_detected_drop, scanning_detected_blacklist, dst_udp_kibit_rate_drop, dst_tcp_kibit_rate_drop, dst_icmp_kibit_rate_drop, dst_other_kibit_rate_drop, dst_port_undef_drop, dst_port_bl, dst_src_port_bl, dst_port_kbit_rate_exceed, dst_tcp_src_drop, dst_udp_src_drop, dst_icmp_src_drop, dst_other_src_drop, tcp_syn_rcvd, tcp_syn_ack_rcvd, tcp_ack_rcvd, tcp_fin_rcvd, tcp_rst_rcvd, ingress_bytes, egress_bytes, ingress_packets, egress_packets, tcp_fwd_recv, udp_fwd_recv, icmp_fwd_recv, tcp_syn_cookie_fail, dst_tcp_session_created, dst_udp_session_created, dst_tcp_filter_action_whitelist, dst_other_filter_match, dst_other_filter_not_match, dst_other_filter_action_blacklist, dst_other_filter_action_drop, dst_other_filter_action_whitelist, dst_other_filter_action_default_pass, dst_blackhole_inject, dst_blackhole_withdraw, dst_tcp_out_of_seq_excd, dst_tcp_retransmit_excd, dst_tcp_zero_window_excd, dst_tcp_conn_prate_excd, dst_tcp_action_on_ack_init, dst_tcp_action_on_ack_gap_drop, dst_tcp_action_on_ack_fail, dst_tcp_action_on_ack_pass, dst_tcp_action_on_syn_init, dst_tcp_action_on_syn_gap_drop, dst_tcp_action_on_syn_fail, dst_tcp_action_on_syn_pass, udp_payload_too_small, udp_payload_too_big, dst_udp_conn_prate_excd, dst_udp_ntp_monlist_req, dst_udp_ntp_monlist_resp, dst_udp_wellknown_sport_drop, dst_udp_retry_init, dst_udp_retry_pass, dst_tcp_bytes_drop, dst_udp_bytes_drop, dst_icmp_bytes_drop, dst_other_bytes_drop, dst_out_no_route, outbound_bytes_sent, outbound_pkt_drop, outbound_bytes_drop, outbound_pkt_sent, inbound_bytes_sent, inbound_bytes_drop, dst_src_port_pkt_rate_exceed, dst_src_port_kbit_rate_exceed, dst_src_port_conn_limit_exceed, dst_src_port_conn_rate_exceed, dst_ip_proto_pkt_rate_exceed, dst_ip_proto_kbit_rate_exceed, dst_tcp_port_any_exceed, dst_udp_port_any_exceed, dst_tcp_auth_pass, dst_tcp_rst_cookie_fail, dst_tcp_unauth_drop, src_tcp_syn_auth_fail, src_tcp_syn_cookie_sent, src_tcp_syn_cookie_fail, src_tcp_rst_cookie_fail, src_tcp_unauth_drop, src_tcp_action_on_syn_init
counters2
Description ‘src_tcp_action_on_syn_gap_drop’: Src TCP Auth: SYN Retry-Gap Dropped; ‘src_tcp_action_on_syn_fail’: Src TCP Auth: SYN Retry Dropped; ‘src_tcp_action_on_ack_init’: Src TCP Auth: ACK Retry Init; ‘src_tcp_action_on_ack_gap_drop’: Src TCP Auth: ACK Retry Retry-Gap Dropped; ‘src_tcp_action_on_ack_fail’: Src TCP Auth: ACK Retry Dropped; ‘src_tcp_out_of_seq_excd’: Src TCP Out-Of-Seq Exceeded; ‘src_tcp_retransmit_excd’: Src TCP Retransmit Exceeded; ‘src_tcp_zero_window_excd’: Src TCP Zero-Window Exceeded; ‘src_tcp_conn_prate_excd’: Src TCP Rate: Conn Pkt Exceeded; ‘src_udp_min_payload’: Src UDP Payload Too Small; ‘src_udp_max_payload’: Src UDP Payload Too Large; ‘src_udp_conn_prate_excd’: Src UDP Rate: Conn Pkt Exceeded; ‘src_udp_ntp_monlist_req’: Src UDP NTP Monlist Request; ‘src_udp_ntp_monlist_resp’: Src UDP NTP Monlist Response; ‘src_udp_wellknown_sport_drop’: Src UDP SrcPort Wellknown; ‘src_udp_retry_init’: Src UDP Auth: Retry Init; ‘dst_udp_retry_gap_drop’: UDP Auth: Retry-Gap Dropped; ‘dst_udp_retry_fail’: UDP Auth: Retry Timeout; ‘dst_tcp_session_aged’: TCP Sessions Aged; ‘dst_udp_session_aged’: UDP Sessions Aged; ‘dst_tcp_conn_close’: TCP Connections Closed; ‘dst_tcp_conn_close_half_open’: TCP Half Open Connections Closed; ‘dst_l4_tcp_auth’: TCP Dst L4-Type Auth: SYN Cookie Sent; ‘tcp_l4_syn_cookie_fail’: TCP Dst L4-Type Auth: SYN Cookie Failed; ‘tcp_l4_rst_cookie_fail’: TCP Dst L4-Type Auth: RST Cookie Failed; ‘tcp_l4_unauth_drop’: TCP Dst L4-Type Auth: Unauth Dropped; ‘dst_drop_frag_pkt’: Dst Fragmented Packets Dropped; ‘src_tcp_filter_action_blacklist’: Src TCP Filter Action Blacklist; ‘src_tcp_filter_action_whitelist’: Src TCP Filter Action WL; ‘src_tcp_filter_action_drop’: Src TCP Filter Action Drop; ‘src_tcp_filter_action_default_pass’: Src TCP Filter Action Default Pass; ‘src_udp_filter_action_blacklist’: Src UDP Filter Action Blacklist; ‘src_udp_filter_action_whitelist’: Src UDP Filter Action WL; ‘src_udp_filter_action_drop’: Src UDP Filter Action Drop; ‘src_udp_filter_action_default_pass’: Src UDP Filter Action Default Pass; ‘src_other_filter_action_blacklist’: Src OTHER Filter Action Blacklist; ‘src_other_filter_action_whitelist’: Src OTHER Filter Action WL; ‘src_other_filter_action_drop’: Src OTHER Filter Action Drop; ‘src_other_filter_action_default_pass’: Src OTHER Filter Action Default Pass; ‘tcp_invalid_syn’: TCP Invalid SYN Received; ‘dst_tcp_conn_close_w_rst’: TCP RST Connections Closed; ‘dst_tcp_conn_close_w_fin’: TCP FIN Connections Closed; ‘dst_tcp_conn_close_w_idle’: TCP Idle Connections Closed; ‘dst_tcp_conn_create_from_syn’: TCP Connections Created From SYN; ‘dst_tcp_conn_create_from_ack’: TCP Connections Created From ACK; ‘src_frag_drop’: Src Fragmented Packets Dropped; ‘dst_l4_tcp_blacklist_drop’: Dst L4-type TCP Blacklist Dropped; ‘dst_l4_udp_blacklist_drop’: Dst L4-type UDP Blacklist Dropped; ‘dst_l4_icmp_blacklist_drop’: Dst L4-type ICMP Blacklist Dropped; ‘dst_l4_other_blacklist_drop’: Dst L4-type OTHER Blacklist Dropped; ‘src_l4_tcp_blacklist_drop’: Src L4-type TCP Blacklist Dropped; ‘src_l4_udp_blacklist_drop’: Src L4-type UDP Blacklist Dropped; ‘src_l4_icmp_blacklist_drop’: Src L4-type ICMP Blacklist Dropped; ‘src_l4_other_blacklist_drop’: Src L4-type OTHER Blacklist Dropped; ‘drop_frag_timeout_drop’: Fragment Reassemble Timeout Drop; ‘dst_port_kbit_rate_exceed_pkt’: Port Rate: KiBit Pkt Exceeded; ‘dst_tcp_bytes_rcv’: TCP Total Bytes Received; ‘dst_udp_bytes_rcv’: UDP Total Bytes Received; ‘dst_icmp_bytes_rcv’: ICMP Total Bytes Received; ‘dst_other_bytes_rcv’: OTHER Total Bytes Received; ‘dst_tcp_bytes_sent’: TCP Total Bytes Forwarded; ‘dst_udp_bytes_sent’: UDP Total Bytes Forwarded; ‘dst_icmp_bytes_sent’: ICMP Total Bytes Forwarded; ‘dst_other_bytes_sent’: OTHER Total Bytes Forwarded; ‘dst_udp_auth_drop’: UDP Auth: Dropped; ‘dst_tcp_auth_drop’: TCP Auth: Dropped; ‘dst_tcp_auth_resp’: TCP Auth: Responded; ‘inbound_pkt_drop’: Inbound: Packets Dropped; ‘dst_entry_pkt_rate_exceed’: Entry Rate: Packet Exceeded; ‘dst_entry_kbit_rate_exceed’: Entry Rate: KiBit Exceeded; ‘dst_entry_conn_limit_exceed’: Entry Limit: Conn Exceeded; ‘dst_entry_conn_rate_exceed’: Entry Rate: Conn Exceeded; ‘dst_entry_frag_pkt_rate_exceed’: Entry Rate: Frag Packet Exceeded; ‘dst_icmp_any_exceed’: ICMP Rate: Total Exceed; ‘dst_other_any_exceed’: OTHER Rate: Total Exceed; ‘src_dst_pair_entry_total’: Src-Dst Pair Entry Total Count; ‘src_dst_pair_entry_udp’: Src-Dst Pair Entry UDP Count; ‘src_dst_pair_entry_tcp’: Src-Dst Pair Entry TCP Count; ‘src_dst_pair_entry_icmp’: Src-Dst Pair Entry ICMP Count; ‘src_dst_pair_entry_other’: Src-Dst Pair Entry OTHER Count; ‘dst_clist_overflow_policy_at_learning’: Dst Src-Based Overflow Policy Hit; ‘tcp_rexmit_syn_limit_drop’: TCP SYN Retransmit Exceeded Drop; ‘tcp_rexmit_syn_limit_bl’: TCP SYN Retransmit Exceeded Blacklist; ‘dst_tcp_wellknown_sport_drop’: TCP SrcPort Wellknown; ‘src_tcp_wellknown_sport_drop’: Src TCP SrcPort Wellknown; ‘dst_frag_rcvd’: Fragmented Packets Received; ‘no_policy_class_list_match’: No Policy Class-list Match; ‘src_udp_retry_gap_drop’: Src UDP Auth: Retry-Gap Dropped; ‘dst_entry_kbit_rate_exceed_count’: Entry Rate: KiBit Exceeded Count; ‘dst_port_undef_hit’: Dst Port Undefined Hit; ‘dst_tcp_action_on_ack_timeout’: TCP Auth: ACK Retry Timeout; ‘dst_tcp_action_on_ack_reset’: TCP Auth: ACK Retry Timeout Reset; ‘dst_tcp_action_on_ack_blacklist’: TCP Auth: ACK Retry Timeout Blacklisted; ‘src_tcp_action_on_ack_timeout’: Src TCP Auth: ACK Retry Timeout; ‘src_tcp_action_on_ack_reset’: Src TCP Auth: ACK Retry Timeout Reset; ‘src_tcp_action_on_ack_blacklist’: Src TCP Auth: ACK Retry Timeout Blacklisted; ‘dst_tcp_action_on_syn_timeout’: TCP Auth: SYN Retry Timeout; ‘dst_tcp_action_on_syn_reset’: TCP Auth: SYN Retry Timeout Reset; ‘dst_tcp_action_on_syn_blacklist’: TCP Auth: SYN Retry Timeout Blacklisted; ‘src_tcp_action_on_syn_timeout’: Src TCP Auth: SYN Retry Timeout; ‘src_tcp_action_on_syn_reset’: Src TCP Auth: SYN Retry Timeout Reset; ‘src_tcp_action_on_syn_blacklist’: Src TCP Auth: SYN Retry Timeout Blacklisted; ‘dst_udp_frag_pkt_rate_exceed’: UDP Dst L4-Type Rate: Frag Exceeded; ‘dst_udp_frag_src_rate_drop’: UDP Src Rate: Frag Exceeded; ‘dst_tcp_frag_pkt_rate_exceed’: TCP Dst L4-Type Rate: Frag Exceeded; ‘dst_tcp_frag_src_rate_drop’: TCP Src Rate: Frag Exceeded; ‘dst_icmp_frag_pkt_rate_exceed’: ICMP Dst L4-Type Rate: Frag Exceeded; ‘dst_icmp_frag_src_rate_drop’: ICMP Src Rate: Frag Exceeded; ‘sflow_internal_samples_packed’: Sflow Internal Samples Packed; ‘sflow_external_samples_packed’: Sflow External Samples Packed; ‘sflow_internal_packets_sent’: Sflow Internal Packets Sent; ‘sflow_external_packets_sent’: Sflow External Packets Sent; ‘dns_outbound_total_query’: DNS Outbound Total Query; ‘dns_outbound_query_malformed’: DNS Outbound Query Malformed; ‘dns_outbound_query_resp_chk_failed’: DNS Outbound Query Resp Check Failed; ‘dns_outbound_query_resp_chk_blacklisted’: DNS Outbound Query Resp Check Blacklisted; ‘dns_outbound_query_resp_chk_refused_sent’: DNS Outbound Query Resp Check REFUSED Sent; ‘dns_outbound_query_resp_chk_reset_sent’: DNS Outbound Query Resp Check RESET Sent; ‘dns_outbound_query_resp_chk_no_resp_sent’: DNS Outbound Query Resp Check No Response Sent; ‘dns_outbound_query_resp_size_exceed’: DNS Outbound Query Response Size Exceed; ‘dns_outbound_query_sess_timed_out’: DNS Outbound Query Session Timed Out; ‘dst_exceed_action_tunnel’: Entry Exceed Action: Tunnel; ‘src_udp_auth_timeout’: Src UDP Auth: Retry Timeout; ‘src_udp_retry_pass’: Src UDP Retry Passed;
Type: string
Supported Values: src_tcp_action_on_syn_gap_drop, src_tcp_action_on_syn_fail, src_tcp_action_on_ack_init, src_tcp_action_on_ack_gap_drop, src_tcp_action_on_ack_fail, src_tcp_out_of_seq_excd, src_tcp_retransmit_excd, src_tcp_zero_window_excd, src_tcp_conn_prate_excd, src_udp_min_payload, src_udp_max_payload, src_udp_conn_prate_excd, src_udp_ntp_monlist_req, src_udp_ntp_monlist_resp, src_udp_wellknown_sport_drop, src_udp_retry_init, dst_udp_retry_gap_drop, dst_udp_retry_fail, dst_tcp_session_aged, dst_udp_session_aged, dst_tcp_conn_close, dst_tcp_conn_close_half_open, dst_l4_tcp_auth, tcp_l4_syn_cookie_fail, tcp_l4_rst_cookie_fail, tcp_l4_unauth_drop, dst_drop_frag_pkt, src_tcp_filter_action_blacklist, src_tcp_filter_action_whitelist, src_tcp_filter_action_drop, src_tcp_filter_action_default_pass, src_udp_filter_action_blacklist, src_udp_filter_action_whitelist, src_udp_filter_action_drop, src_udp_filter_action_default_pass, src_other_filter_action_blacklist, src_other_filter_action_whitelist, src_other_filter_action_drop, src_other_filter_action_default_pass, tcp_invalid_syn, dst_tcp_conn_close_w_rst, dst_tcp_conn_close_w_fin, dst_tcp_conn_close_w_idle, dst_tcp_conn_create_from_syn, dst_tcp_conn_create_from_ack, src_frag_drop, dst_l4_tcp_blacklist_drop, dst_l4_udp_blacklist_drop, dst_l4_icmp_blacklist_drop, dst_l4_other_blacklist_drop, src_l4_tcp_blacklist_drop, src_l4_udp_blacklist_drop, src_l4_icmp_blacklist_drop, src_l4_other_blacklist_drop, drop_frag_timeout_drop, dst_port_kbit_rate_exceed_pkt, dst_tcp_bytes_rcv, dst_udp_bytes_rcv, dst_icmp_bytes_rcv, dst_other_bytes_rcv, dst_tcp_bytes_sent, dst_udp_bytes_sent, dst_icmp_bytes_sent, dst_other_bytes_sent, dst_udp_auth_drop, dst_tcp_auth_drop, dst_tcp_auth_resp, inbound_pkt_drop, dst_entry_pkt_rate_exceed, dst_entry_kbit_rate_exceed, dst_entry_conn_limit_exceed, dst_entry_conn_rate_exceed, dst_entry_frag_pkt_rate_exceed, dst_icmp_any_exceed, dst_other_any_exceed, src_dst_pair_entry_total, src_dst_pair_entry_udp, src_dst_pair_entry_tcp, src_dst_pair_entry_icmp, src_dst_pair_entry_other, dst_clist_overflow_policy_at_learning, tcp_rexmit_syn_limit_drop, tcp_rexmit_syn_limit_bl, dst_tcp_wellknown_sport_drop, src_tcp_wellknown_sport_drop, dst_frag_rcvd, no_policy_class_list_match, src_udp_retry_gap_drop, dst_entry_kbit_rate_exceed_count, dst_port_undef_hit, dst_tcp_action_on_ack_timeout, dst_tcp_action_on_ack_reset, dst_tcp_action_on_ack_blacklist, src_tcp_action_on_ack_timeout, src_tcp_action_on_ack_reset, src_tcp_action_on_ack_blacklist, dst_tcp_action_on_syn_timeout, dst_tcp_action_on_syn_reset, dst_tcp_action_on_syn_blacklist, src_tcp_action_on_syn_timeout, src_tcp_action_on_syn_reset, src_tcp_action_on_syn_blacklist, dst_udp_frag_pkt_rate_exceed, dst_udp_frag_src_rate_drop, dst_tcp_frag_pkt_rate_exceed, dst_tcp_frag_src_rate_drop, dst_icmp_frag_pkt_rate_exceed, dst_icmp_frag_src_rate_drop, sflow_internal_samples_packed, sflow_external_samples_packed, sflow_internal_packets_sent, sflow_external_packets_sent, dns_outbound_total_query, dns_outbound_query_malformed, dns_outbound_query_resp_chk_failed, dns_outbound_query_resp_chk_blacklisted, dns_outbound_query_resp_chk_refused_sent, dns_outbound_query_resp_chk_reset_sent, dns_outbound_query_resp_chk_no_resp_sent, dns_outbound_query_resp_size_exceed, dns_outbound_query_sess_timed_out, dst_exceed_action_tunnel, src_udp_auth_timeout, src_udp_retry_pass
counters3
Description ‘dst_hw_drop_rule_insert’: Dst Hardware Drop Rules Inserted; ‘dst_hw_drop_rule_remove’: Dst Hardware Drop Rules Removed; ‘src_hw_drop_rule_insert’: Src Hardware Drop Rules Inserted; ‘src_hw_drop_rule_remove’: Src Hardware Drop Rules Removed; ‘prog_first_req_time_exceed’: Req-Resp: First Request Time Exceed; ‘prog_req_resp_time_exceed’: Req-Resp: Request to Response Time Exceed; ‘prog_request_len_exceed’: Req-Resp: Request Length Exceed; ‘prog_response_len_exceed’: Req-Resp: Response Length Exceed; ‘prog_resp_req_ratio_exceed’: Req-Resp: Response to Request Ratio Exceed; ‘prog_resp_req_time_exceed’: Req-Resp: Response to Request Time Exceed; ‘entry_sync_message_received’: Entry Sync Message Received; ‘entry_sync_message_sent’: Entry Sync Message Sent; ‘prog_conn_sent_exceed’: Connection: Sent Exceed; ‘prog_conn_rcvd_exceed’: Connection: Received Exceed; ‘prog_conn_time_exceed’: Connection: Time Exceed; ‘prog_conn_rcvd_sent_ratio_exceed’: Connection: Reveived to Sent Ratio Exceed; ‘prog_win_sent_exceed’: Time Window: Sent Exceed; ‘prog_win_rcvd_exceed’: Time Window: Received Exceed; ‘prog_win_rcvd_sent_ratio_exceed’: Time Window: Received to Sent Exceed; ‘prog_exceed_drop’: Req-Resp: Violation Exceed Dropped; ‘prog_exceed_bl’: Req-Resp: Violation Exceed Blacklisted; ‘prog_conn_exceed_drop’: Connection: Violation Exceed Dropped; ‘prog_conn_exceed_bl’: Connection: Violation Exceed Blacklisted; ‘prog_win_exceed_drop’: Time Window: Violation Exceed Dropped; ‘prog_win_exceed_bl’: Time Window: Violation Exceed Blacklisted; ‘dst_exceed_action_drop’: Entry Exceed Action: Dropped; ‘prog_conn_samples’: Sample Collected: Connection; ‘prog_req_samples’: Sample Collected: Req-Resp; ‘prog_win_samples’: Sample Collected: Time Window;
Type: string
Supported Values: dst_hw_drop_rule_insert, dst_hw_drop_rule_remove, src_hw_drop_rule_insert, src_hw_drop_rule_remove, prog_first_req_time_exceed, prog_req_resp_time_exceed, prog_request_len_exceed, prog_response_len_exceed, prog_resp_req_ratio_exceed, prog_resp_req_time_exceed, entry_sync_message_received, entry_sync_message_sent, prog_conn_sent_exceed, prog_conn_rcvd_exceed, prog_conn_time_exceed, prog_conn_rcvd_sent_ratio_exceed, prog_win_sent_exceed, prog_win_rcvd_exceed, prog_win_rcvd_sent_ratio_exceed, prog_exceed_drop, prog_exceed_bl, prog_conn_exceed_drop, prog_conn_exceed_bl, prog_win_exceed_drop, prog_win_exceed_bl, dst_exceed_action_drop, prog_conn_samples, prog_req_samples, prog_win_samples
dst_entry-list_enable-top-k¶
Specification Value Type list Block object keys topk-num-records
Description Maximum number of records to show in topk
Type: number
Range: 1-100
Default: 20
topk-type
Description ‘destination’: Topk destination IP;
Type: string
Supported Values: destination
dst_entry-list_exceed-log-dep-cfg¶
Specification Value Type object exceed-log-enable
Description (Deprecated)Enable logging of limit exceed drop’s
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
log-with-sflow-dep
Description Turn on sflow sample with log
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dst_dynamic-entry-overflow-policy-list¶
Specification Value Type list Block object keys default-address-type
Description ‘ip’: ip; ‘ipv6’: ipv6;
Type: string
Supported Values: ip, ipv6
drop-disable
Description Disable certain drops during packet processing
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
drop-disable-fwd-immediate
Description Immediately forward L4 drops
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exceed-log-cfg
Description: exceed-log-cfg is a JSON Block. Please see below for dst_dynamic-entry-overflow-policy-list_exceed-log-cfg
Type: Object
exceed-log-dep-cfg
Description: exceed-log-dep-cfg is a JSON Block. Please see below for dst_dynamic-entry-overflow-policy-list_exceed-log-dep-cfg
Type: Object
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
inbound-forward-dscp
Description To set dscp value for inbound packets (DSCP Value for the clear traffic marking)
Type: number
Range: 1-63
ip-proto-list
Type: List
Reference Object: /axapi/v3/ddos/dst/dynamic-entry-overflow-policy/{default-address-type}/ip-proto/{port-num}
l4-type-list
Type: List
Reference Object: /axapi/v3/ddos/dst/dynamic-entry-overflow-policy/{default-address-type}/l4-type/{protocol}
log-periodic
Description Enable periodic log while event is continuing
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
outbound-forward-dscp
Description To set dscp value for outbound
Type: number
Range: 1-63
port-list
Type: List
Reference Object: /axapi/v3/ddos/dst/dynamic-entry-overflow-policy/{default-address-type}/port/{port-num}+{protocol}
src-port-list
Type: List
Reference Object: /axapi/v3/ddos/dst/dynamic-entry-overflow-policy/{default-address-type}/src-port/{port-num}+{protocol}
template
Description: template is a JSON Block. Please see below for dst_dynamic-entry-overflow-policy-list_template
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_dynamic-entry-overflow-policy-list_port-list¶
Specification Value Type list Block object keys deny
Description Blacklist and Drop all incoming packets for protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
port-num
Description Port Number
Type: number
Range: 0-65535
protocol
Description ‘dns-tcp’: dns-tcp; ‘dns-udp’: dns-udp; ‘http’: http; ‘tcp’: tcp; ‘udp’: udp; ‘ssl-l4’: ssl-l4; ‘sip-udp’: sip-udp; ‘sip-tcp’: sip-tcp;
Type: string
Supported Values: dns-tcp, dns-udp, http, tcp, udp, ssl-l4, sip-udp, sip-tcp
template
Description: template is a JSON Block. Please see below for dst_dynamic-entry-overflow-policy-list_port-list_template
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_dynamic-entry-overflow-policy-list_port-list_template¶
Specification Value Type object dns
Description DDOS dns template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
http
Description DDOS http template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
sip
Description DDOS sip template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
ssl-l4
Description DDOS ssl-l4 template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
tcp
Description DDOS tcp template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
udp
Description DDOS udp template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
dst_dynamic-entry-overflow-policy-list_template¶
Specification Value Type object logging
Description DDOS logging template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
dst_dynamic-entry-overflow-policy-list_ip-proto-list¶
Specification Value Type list Block object keys deny
Description Blacklist and Drop all incoming packets for protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
port-num
Description Protocol Number
Type: number
Range: 0-255
template
Description: template is a JSON Block. Please see below for dst_dynamic-entry-overflow-policy-list_ip-proto-list_template
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_dynamic-entry-overflow-policy-list_ip-proto-list_template¶
Specification Value Type object other
Description DDOS other template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
dst_dynamic-entry-overflow-policy-list_exceed-log-cfg¶
Specification Value Type object log-enable
Description Enable logging of limit exceed drop’s
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
with-sflow-sample
Description Turn on sflow sample with log
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dst_dynamic-entry-overflow-policy-list_exceed-log-dep-cfg¶
Specification Value Type object exceed-log-enable
Description (Deprecated)Enable logging of limit exceed drop’s
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
log-with-sflow-dep
Description Turn on sflow sample with log
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dst_dynamic-entry-overflow-policy-list_src-port-list¶
Specification Value Type list Block object keys deny
Description Blacklist and Drop all incoming packets for protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
port-num
Description Port Number
Type: number
Range: 0-65535
protocol
Description ‘udp’: udp; ‘tcp’: tcp;
Type: string
Supported Values: udp, tcp
template
Description: template is a JSON Block. Please see below for dst_dynamic-entry-overflow-policy-list_src-port-list_template
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_dynamic-entry-overflow-policy-list_src-port-list_template¶
Specification Value Type object src-tcp
Description DDOS tcp src template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
src-udp
Description DDOS udp src template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
dst_dynamic-entry-overflow-policy-list_l4-type-list¶
Specification Value Type list Block object keys deny
Description Blacklist and Drop all incoming packets for protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
drop-frag-pkt
Description Drop fragmented packets
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
drop-on-no-port-match
Description ‘disable’: disable; ‘enable’: enable;
Type: string
Supported Values: disable, enable
Default: enable
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
max-rexmit-syn-per-flow
Description Maximum number of re-transmit SYN per flow. Exceed action set to Drop
Type: number
Range: 1-6
protocol
Description ‘tcp’: tcp; ‘udp’: udp; ‘icmp’: icmp; ‘other’: other;
Type: string
Supported Values: tcp, udp, icmp, other
stateful
Description Enable stateful tracking of sessions (Default is stateless)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
syn-auth
Description ‘send-rst’: Send RST to client upon client ACK; ‘force-rst-by-ack’: Force client RST via the use of ACK; ‘force-rst-by-synack’: Force client RST via the use of bad SYN|ACK; ‘disable’: Disable TCP SYN Authentication;
Type: string
Supported Values: send-rst, force-rst-by-ack, force-rst-by-synack, disable
Default: send-rst
syn-cookie
Description Enable SYN Cookie
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
tcp-reset-client
Description Send reset to client when rate exceeds or session ages out
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
tcp-reset-server
Description Send reset to server when rate exceeds or session ages out
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
tunnel-decap
Description: tunnel-decap is a JSON Block. Please see below for dst_dynamic-entry-overflow-policy-list_l4-type-list_tunnel-decap
Type: Object
tunnel-rate-limit
Description: tunnel-rate-limit is a JSON Block. Please see below for dst_dynamic-entry-overflow-policy-list_l4-type-list_tunnel-rate-limit
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_dynamic-entry-overflow-policy-list_l4-type-list_tunnel-rate-limit¶
Specification Value Type object gre-rate-limit
Description Enable inner IP rate limiting on GRE traffic
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
ip-rate-limit
Description Enable inner IP rate limiting on IPinIP traffic
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dst_dynamic-entry-overflow-policy-list_l4-type-list_tunnel-decap¶
Specification Value Type object gre-decap
Description Enable GRE Tunnel decapsulation
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
ip-decap
Description Enable IP Tunnel decapsulation
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
key-cfg
Type: List
dst_dynamic-entry-overflow-policy-list_l4-type-list_tunnel-decap_key-cfg¶
Specification Value Type list Block object keys key
Description Only decapsulate GRE packet with this key (Hexadecimal 0x0-0xFFFFFFFF,decimal 0-4294967295)
Type: string
Maximum Length: 10 characters
Maximum Length: 1 characters
dst_dynamic-entry¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_zone-list¶
Specification Value Type list Block object keys action-list
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/action-list
advertised-enable
Description BGP advertised
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
capture-config-list
Type: List
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/capture-config/{name}
continuous-learning
Description Continuous learning of detection
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
description
Description Description for this Destination Zone
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
dest-nat-ip
Description Destination NAT IP address
Type: string
Format: ipv4-address
dest-nat-ipv6
Description Destination NAT IPv6 address
Type: string
Format: ipv6-address
detection
Description: detection is a JSON Block. Please see below for dst_zone-list_detection
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/detection
drop-frag-pkt
Description Drop fragmented packets
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
enable-top-k
Type: Listforce-operational-mode
Description Force configure operational mode
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid
Description Global limit ID for the whole zone
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
hw-blacklist-blocking
Description: hw-blacklist-blocking is a JSON Block. Please see below for dst_zone-list_hw-blacklist-blocking
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/hw-blacklist-blocking
inbound-forward-dscp
Description To set dscp value for inbound packets (DSCP Value for the clear traffic marking)
Type: number
Range: 1-63
ip
Type: Listip-proto
Description: ip-proto is a JSON Block. Please see below for dst_zone-list_ip-proto
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/ip-proto
ipv6
Type: Listis-from-wizard
Description Is It Created from Onbox GUI Wizard
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
log-enable
Description Enable logging
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
log-high-frequency
Description Enable High frequency logging for non-event logs per zone
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
log-periodic
Description Enable log periodic
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
non-restrictive
Description Non-restrictive mode ignores Zero Thresholds Indicators
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
operational-mode
Description ‘idle’: Idle mode; ‘monitor’: Monitor mode; ‘learning’: Learning mode;
Type: string
Supported Values: idle, monitor, learning
Default: idle
outbound-forward-dscp
Description To set dscp value for outbound
Type: number
Range: 1-63
outbound-policy
Description: outbound-policy is a JSON Block. Please see below for dst_zone-list_outbound-policy
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/outbound-policy
packet-anomaly-detection
Description: packet-anomaly-detection is a JSON Block. Please see below for dst_zone-list_packet-anomaly-detection
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/packet-anomaly-detection
pattern-recognition-hw-filter-enable
Description to enable pattern recognition hardware filter
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
pattern-recognition-sensitivity
Description ‘high’: High sensitive pattern recognition; ‘medium’: Medium sensitive pattern recognition; ‘low’: Low sensitive pattern recognition;
Type: string
Supported Values: high, medium, low
per-addr-glid
Description Global limit ID per address
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
port
Description: port is a JSON Block. Please see below for dst_zone-list_port
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/port
port-range-list
Type: List
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}
rate-limit
Description Rate limit per second per zone(Default : 1 per second)
Type: number
Range: 1-1000
Default: 1
reporting-disabled
Description Disable Reporting
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sampling-enable
Type: Listset-counter-base-val
Description Set T2 counter value of current context to specified value
Type: number
Range: 1-4294967295
sflow-common
Description Enable sFlow counter polling packets, tcp-basic, tcp-stateful and http. WARNING: Zone level Sflow polling might induce heavy CP
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: sflow-common,sflow-packets, sflow-layer-4, sflow-tcp-basic, sflow-tcp-stateful, and sflow-http are mutually exclusive
sflow-http
Description Enable sFlow HTTP counter polling. WARNING: Zone level Sflow polling might induce heavy CPU load depending on the total number
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: sflow-http and sflow-common are mutually exclusive
sflow-layer-4
Description Enable sFlow Layer 4 counter polling. WARNING: Zone level Sflow polling might induce heavy CPU load depending on the number of
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: sflow-layer-4 and sflow-common are mutually exclusive
sflow-packets
Description Enable sFlow packet-level counter polling. WARNING: Zone level Sflow polling might induce heavy CPU load depending on the total
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: sflow-packets and sflow-common are mutually exclusive
sflow-tcp
Description: sflow-tcp is a JSON Block. Please see below for dst_zone-list_sflow-tcp
Type: Object
source-nat-pool
Description Configure source NAT
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
src-port
Description: src-port is a JSON Block. Please see below for dst_zone-list_src-port
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/src-port
src-port-range-list
Type: List
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/src-port-range/{src-port-range-start}+{src-port-range-end}+{protocol}
telemetry-enable
Description Enable from-l3-peer flag for the zone, thus all the ip entries in the zone will be dynamically created/deleted based on the BGP
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
topk-destinations
Description: topk-destinations is a JSON Block. Please see below for dst_zone-list_topk-destinations
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/topk-destinations
traffic-distribution-mode
Description ‘default’: Distribute traffic to one slot using default distribution mechanism; ‘source-ip-based’: Distribute traffic between slots, based on source ip;
Type: string
Supported Values: default, source-ip-based
Default: default
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
web-gui
Description: web-gui is a JSON Block. Please see below for dst_zone-list_web-gui
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/web-gui
zone-name
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
zone-profile
Description Apply threshold profile
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/zone-profile
zone-template
Description: zone-template is a JSON Block. Please see below for dst_zone-list_zone-template
Type: Object
dst_zone-list_outbound-policy¶
Specification Value Type object name
Description Specify name of the outbound policy
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/outbound-policy
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_zone-list_ip¶
Specification Value Type list Block object keys expand-ip-subnet
Description Expand this subnet to individual IP address
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
expand-ip-subnet-mode
Description ‘default’: Default learning mechanism (Default: Dynamic); ‘dynamic’: Dynamic learning; ‘static’: Static learning;
Type: string
Supported Values: default, dynamic, static
Default: default
ip-addr
Description Specify IP address
Type: string
Format: ipv4-address
subnet-ip-addr
Description IP Subnet
Type: string
Format: ipv4-cidr
dst_zone-list_detection¶
Specification Value Type object notification
Description: notification is a JSON Block. Please see below for dst_zone-list_detection_notification
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/detection/notification
outbound-detection
Description: outbound-detection is a JSON Block. Please see below for dst_zone-list_detection_outbound-detection
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/detection/outbound-detection
packet-anomaly-detection
Description: packet-anomaly-detection is a JSON Block. Please see below for dst_zone-list_detection_packet-anomaly-detection
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/detection/packet-anomaly-detection
service-discovery
Description: service-discovery is a JSON Block. Please see below for dst_zone-list_detection_service-discovery
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/detection/service-discovery
settings
Description ‘settings’: settings;
Type: string
Supported Values: settings
toggle
Description ‘enable’: Enable detection; ‘disable’: Disable detection;
Type: string
Supported Values: enable, disable
Default: enable
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
victim-ip-detection
Description: victim-ip-detection is a JSON Block. Please see below for dst_zone-list_detection_victim-ip-detection
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/detection/victim-ip-detection
dst_zone-list_detection_packet-anomaly-detection¶
Specification Value Type object configuration
Description ‘configuration’: configuration;
Type: string
Supported Values: configuration
indicator-list
Type: List
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/detection/packet-anomaly-detection/indicator/{type}
toggle
Description ‘enable’: Enable packet anomaly; ‘disable’: Disable packet anomaly;
Type: string
Supported Values: enable, disable
Default: enable
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_zone-list_detection_packet-anomaly-detection_indicator-list¶
Specification Value Type list Block object keys threshold-num
Description Threshold for each indicator
Type: number
Range: 1-65535
Default: 100
type
Description ‘port-zero-pkt-rate’: Port Zero Packet Rate (default 100 packet per second);
Type: string
Supported Values: port-zero-pkt-rate
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_zone-list_detection_victim-ip-detection¶
Specification Value Type object configuration
Description ‘configuration’: configuration;
Type: string
Supported Values: configuration
histogram-toggle
Description ‘histogram-enable’: Enable histogram statistics of victim IP detection; ‘histogram-disable’: Disable histogram statistics of victim IP detection;
Type: string
Supported Values: histogram-enable, histogram-disable
Default: histogram-disable
indicator-list
Type: List
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/detection/victim-ip-detection/indicator/{type}
toggle
Description ‘enable’: Enable victim IP detection; ‘disable’: Disable victim IP detection;
Type: string
Supported Values: enable, disable
Default: disable
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_zone-list_detection_victim-ip-detection_indicator-list¶
Specification Value Type list Block object keys ip-threshold-num
Description Threshold for IP
Type: number
Range: 1-2147483647
type
Description ‘pkt-rate’: rate of incoming packets; ‘reverse-pkt-rate’: rate of reverse coming packets; ‘fwd-byte-rate’: rate of incoming bytes; ‘rev-byte-rate’: rate of reverse coming bytes;
Type: string
Supported Values: pkt-rate, reverse-pkt-rate, fwd-byte-rate, rev-byte-rate
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_zone-list_detection_notification¶
Specification Value Type object configuration
Description ‘configuration’: configuration;
Type: string
Supported Values: configuration
notification
Type: Listuuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_zone-list_detection_notification_notification¶
Specification Value Type list Block object keys notification-template-name
Description Specify the notification template name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/notification-template
dst_zone-list_detection_service-discovery¶
Specification Value Type object configuration
Description ‘configuration’: configuration;
Type: string
Supported Values: configuration
pkt-rate-threshold
Description packet rate threshold for discovery (default 10 packets per second)
Type: number
Range: 1-255
Default: 10
toggle
Description ‘enable’: Enable service discovery; ‘disable’: Disable service discovery;
Type: string
Supported Values: enable, disable
Default: disable
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_zone-list_detection_outbound-detection¶
Specification Value Type object configuration
Description ‘configuration’: configuration;
Type: string
Supported Values: configuration
discovery-method
Description ‘asn’: Autonomous Systems number; ‘country’: Country;
Type: string
Supported Values: asn, country
discovery-record
Description Maximum number of top locations
Type: number
Range: 1-100
Default: 10
enable-top-k
Type: Listindicator-list
Type: List
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/detection/outbound-detection/indicator/{type}
toggle
Description ‘enable’: Enable outbound detection; ‘disable’: Disable outbound detection;
Type: string
Supported Values: enable, disable
Default: disable
topk-source-subnet
Description: topk-source-subnet is a JSON Block. Please see below for dst_zone-list_detection_outbound-detection_topk-source-subnet
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/detection/outbound-detection/topk-source-subnet
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_zone-list_detection_outbound-detection_topk-source-subnet¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_zone-list_detection_outbound-detection_enable-top-k¶
Specification Value Type list Block object keys topk-netmask
Description Subnet mask. The value should be less than or equal to the minimum zone subnet mask + 8 (IPv6 Subnet mask)
Type: number
Range: 1-128
Default: 128
topk-num-records
Description Maximum number of records to show in topk
Type: number
Range: 1-100
Default: 20
topk-type
Description ‘source-subnet’: Topk source subnet;
Type: string
Supported Values: source-subnet
dst_zone-list_detection_outbound-detection_indicator-list¶
Specification Value Type list Block object keys data-packet-size
Description Expected minimal data size
Type: number
Range: 1-1500
tcp-window-size
Description Expected minimal window size
Type: number
Range: 1-500
threshold-num
Description Threshold for each geo-location
Type: number
Range: 1-2147483647
threshold-str
Description Threshold for each geo-location (Non-zero floating point)
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
type
Description ‘pkt-rate’: rate of incoming packets; ‘pkt-drop-rate’: rate of packets got dropped; ‘bit-rate’: rate of incoming bits; ‘pkt-drop-ratio’: ratio of incoming packet rate divided by the rate of dropping packets; ‘bytes-to-bytes-from-ratio’: ratio of incoming packet rate divided by the rate of outgoing packets; ‘syn-rate’: rate on incoming SYN packets; ‘fin-rate’: rate on incoming FIN packets; ‘rst-rate’: rate of incoming RST packets; ‘small-window-ack-rate’: rate of small window advertisement; ‘empty-ack-rate’: rate of incoming packets which have no payload; ‘small-payload-rate’: rate of short payload packet; ‘syn-fin-ratio’: ratio of incoming SYN packet rate divided by the rate of incoming FIN packets;
Type: string
Supported Values: pkt-rate, pkt-drop-rate, bit-rate, pkt-drop-ratio, bytes-to-bytes-from-ratio, syn-rate, fin-rate, rst-rate, small-window-ack-rate, empty-ack-rate, small-payload-rate, syn-fin-ratio
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_zone-list_packet-anomaly-detection¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_zone-list_ip-proto¶
Specification Value Type object proto-name-list
Type: List
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol}
proto-number-list
Type: List
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}
proto-tcp-udp-list
Type: List
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-tcp-udp/{protocol}
dst_zone-list_ip-proto_proto-number-list¶
Specification Value Type list Block object keys age
Description Idle age for ip entry
Type: number
Range: 2-1023
Default: 5
apply-policy-on-overflow
Description Enable this flag to apply overflow policy when dynamic entry count overflows
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
deny
Description Blacklist and Drop all incoming packets for this ip-proto
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
drop-frag-pkt
Description Drop fragmented packets
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dynamic-entry-overflow-policy-list
Type: List
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}/dynamic-entry-overflow-policy/{dummy-name}
enable-class-list-overflow
Description Apply class-list overflow policy upon exceeding dynamic entry count specified for zone-port or class-list
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
enable-top-k
Description Enable ddos top-k source IP detection
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
enable-top-k-destination
Description Enable ddos top-k destination IP detection
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
esp-inspect
Description: esp-inspect is a JSON Block. Please see below for dst_zone-list_ip-proto_proto-number-list_esp-inspect
Type: Object
faster-de-escalation
Description De-escalate faster in standalone mode
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid-cfg
Description: glid-cfg is a JSON Block. Please see below for dst_zone-list_ip-proto_proto-number-list_glid-cfg
Type: Object
level-list
Type: List
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}/level/{level-num}
manual-mode-enable
Description Toggle manual mode to use fix templates
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
manual-mode-list
Type: List
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}/manual-mode/{config}
max-dynamic-entry-count
Description Maximum count for dynamic source zone service entry
Type: number
Range: 0-2147483647
port-ind
Description: port-ind is a JSON Block. Please see below for dst_zone-list_ip-proto_proto-number-list_port-ind
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}/port-ind
progression-tracking
Description: progression-tracking is a JSON Block. Please see below for dst_zone-list_ip-proto_proto-number-list_progression-tracking
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}/progression-tracking
protocol-num
Description Protocol Number
Type: number
Range: 0-255
set-counter-base-val
Description Set T2 counter value of current context to specified value
Type: number
Range: 1-4294967295
src-based-policy-list
Type: List
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}/src-based-policy/{src-based-policy-name}
topk-destinations
Description: topk-destinations is a JSON Block. Please see below for dst_zone-list_ip-proto_proto-number-list_topk-destinations
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}/topk-destinations
topk-dst-num-records
Description Maximum number of records to show in topk
Type: number
Range: 1-100
Default: 20
topk-num-records
Description Maximum number of records to show in topk
Type: number
Range: 1-100
Default: 20
topk-sources
Description: topk-sources is a JSON Block. Please see below for dst_zone-list_ip-proto_proto-number-list_topk-sources
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}/topk-sources
unlimited-dynamic-entry-count
Description No limit for maximum dynamic src entry count
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_zone-list_ip-proto_proto-number-list_dynamic-entry-overflow-policy-list¶
Specification Value Type list Block object keys action
Description ‘bypass’: Always permit for the Source to bypass all feature & limit checks; ‘deny’: Blacklist incoming packets for service;
Type: string
Supported Values: bypass, deny
dummy-name
Description ‘configuration’: Configure overflow policy;
Type: string
Supported Values: configuration
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template
Description: zone-template is a JSON Block. Please see below for dst_zone-list_ip-proto_proto-number-list_dynamic-entry-overflow-policy-list_zone-template
Type: Object
dst_zone-list_ip-proto_proto-number-list_dynamic-entry-overflow-policy-list_zone-template¶
Specification Value Type object ip-proto
Description DDOS ip-proto template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
dst_zone-list_ip-proto_proto-number-list_glid-cfg¶
Specification Value Type object action-list
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/action-list
glid
Description Global limit ID for the whole zone
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
glid-action
Description ‘drop’: Drop packets for glid exceed (Default); ‘ignore’: Do nothing for glid exceed;
Type: string
Supported Values: drop, ignore
per-addr-glid
Description Global limit ID per address
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
dst_zone-list_ip-proto_proto-number-list_level-list¶
Specification Value Type list Block object keys glid-action
Description ‘drop’: Drop packets for glid exceed (Default); ‘blacklist-src’: Blacklist-src for glid exceed; ‘ignore’: Do nothing for glid exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
indicator-list
Type: List
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}/level/{level-num}/indicator/{type}
level-num
Description ‘0’: Default policy level; ‘1’: Policy level 1; ‘2’: Policy level 2; ‘3’: Policy level 3; ‘4’: Policy level 4;
Type: string
Supported Values: 0, 1, 2, 3, 4
src-default-glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
src-escalation-score
Description Source activation score of this level
Type: number
Range: 1-1000000
src-violation-actions
Description Violation actions apply due to source escalate from this level
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/violation-actions
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-escalation-score
Description Zone activation score of this level
Type: number
Range: 1-1000000
zone-template
Description: zone-template is a JSON Block. Please see below for dst_zone-list_ip-proto_proto-number-list_level-list_zone-template
Type: Object
zone-violation-actions
Description Violation actions apply due to zone escalate from this level
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/violation-actions
dst_zone-list_ip-proto_proto-number-list_level-list_zone-template¶
Specification Value Type object encap
Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
ip-proto
Description DDOS ip-proto template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
dst_zone-list_ip-proto_proto-number-list_level-list_indicator-list¶
Specification Value Type list Block object keys data-packet-size
Description Expected minimal data size
Type: number
Range: 1-1500
score
Description Score corresponding to the indicator
Type: number
Range: 1-1000000
src-threshold-num
Description Indicator per-src threshold
Type: number
Range: 1-2147483647
src-threshold-str
Description Indicator per-src threshold (Non-zero floating point)
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
src-violation-actions
Description Violation actions to use when this src indicator threshold reaches
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/violation-actions
type
Description ‘pkt-rate’: rate of incoming packets; ‘pkt-drop-rate’: rate of packets got dropped; ‘bit-rate’: rate of incoming bits; ‘pkt-drop-ratio’: ratio of incoming packet rate divided by the rate of dropping packets; ‘bytes-to-bytes-from-ratio’: ratio of incoming packet rate divided by the rate of outgoing packets; ‘frag-rate’: rate of incoming fragmented packets; ‘cpu-utilization’: average data CPU utilization; ‘interface-utilization’: outside interface utilization;
Type: string
Supported Values: pkt-rate, pkt-drop-rate, bit-rate, pkt-drop-ratio, bytes-to-bytes-from-ratio, frag-rate, cpu-utilization, interface-utilization
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-threshold-num
Description Threshold for the entire zone
Type: number
Range: 1-2147483647
zone-threshold-str
Description Threshold for the entire zone (Non-zero floating point)
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
zone-violation-actions
Description Violation actions to use when this zone indicator threshold reaches
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/violation-actions
dst_zone-list_ip-proto_proto-number-list_manual-mode-list¶
Specification Value Type list Block object keys config
Description ‘configuration’: Manual-mode configuration;
Type: string
Supported Values: configuration
glid-action
Description ‘drop’: Drop packets for glid exceed (Default); ‘blacklist-src’: Blacklist-src for glid exceed; ‘ignore’: Do nothing for glid exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
src-default-glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template
Description: zone-template is a JSON Block. Please see below for dst_zone-list_ip-proto_proto-number-list_manual-mode-list_zone-template
Type: Object
dst_zone-list_ip-proto_proto-number-list_manual-mode-list_zone-template¶
Specification Value Type object encap
Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
ip-proto
Description DDOS ip-proto template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
dst_zone-list_ip-proto_proto-number-list_src-based-policy-list¶
Specification Value Type list Block object keys policy-class-list-list
src-based-policy-name
Description Specify name of the policy
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_zone-list_ip-proto_proto-number-list_src-based-policy-list_policy-class-list-list¶
Specification Value Type list Block object keys action
Description ‘bypass’: Always permit for the Source to bypass all feature & limit checks; ‘deny’: Blacklist incoming packets for service;
Type: string
Supported Values: bypass, deny
class-list-name
Description Class-list name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
class-list-overflow-policy-list
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
glid-action
Description ‘drop’: Drop packets for glid exceed (Default); ‘blacklist-src’: Blacklist-src for glid exceed; ‘ignore’: Do nothing for glid exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
log-enable
Description Enable logging
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
log-periodic
Description Enable log periodic
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
max-dynamic-entry-count
Description Maximum count for dynamic source zone service entry allowed for this class-list
Type: number
Range: 0-2147483647
sampling-enable
Type: Listuser-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template
Description: zone-template is a JSON Block. Please see below for dst_zone-list_ip-proto_proto-number-list_src-based-policy-list_policy-class-list-list_zone-template
Type: Object
dst_zone-list_ip-proto_proto-number-list_src-based-policy-list_policy-class-list-list_sampling-enable¶
Specification Value Type list Block object keys counters1
Description ‘all’: all; ‘packet_received’: Packets Received; ‘packet_dropped’: Packets Dropped; ‘entry_learned’: Entry Learned; ‘entry_count_overflow’: Entry Count Overflow;
Type: string
Supported Values: all, packet_received, packet_dropped, entry_learned, entry_count_overflow
dst_zone-list_ip-proto_proto-number-list_src-based-policy-list_policy-class-list-list_zone-template¶
Specification Value Type object ip-proto
Description DDOS ip-proto template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
logging
Description DDOS logging template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
dst_zone-list_ip-proto_proto-number-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list¶
Specification Value Type list Block object keys action
Description ‘bypass’: Always permit for the Source to bypass all feature & limit checks; ‘deny’: Blacklist incoming packets for service;
Type: string
Supported Values: bypass, deny
dummy-name
Description ‘configuration’: Configure overflow policy for class-list;
Type: string
Supported Values: configuration
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
log-enable
Description Enable logging
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
log-periodic
Description Enable log periodic
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template
Description: zone-template is a JSON Block. Please see below for dst_zone-list_ip-proto_proto-number-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list_zone-template
Type: Object
dst_zone-list_ip-proto_proto-number-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list_zone-template¶
Specification Value Type object ip-proto
Description DDOS ip-proto template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
dst_zone-list_ip-proto_proto-number-list_port-ind¶
Specification Value Type object sampling-enable
Type: Listuuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_zone-list_ip-proto_proto-number-list_port-ind_sampling-enable¶
Specification Value Type list Block object keys counters1
Description ‘all’: all; ‘ip-proto-type’: IP Protocol Type; ‘ddet_ind_pkt_rate_current’: Pkt Rate Current; ‘ddet_ind_pkt_rate_min’: Pkt Rate Min; ‘ddet_ind_pkt_rate_max’: Pkt Rate Max; ‘ddet_ind_pkt_rate_adaptive_threshold’: Pkt Rate Adaptive Threshold; ‘ddet_ind_pkt_drop_rate_current’: Pkt Drop Rate Current; ‘ddet_ind_pkt_drop_rate_min’: Pkt Drop Rate Min; ‘ddet_ind_pkt_drop_rate_max’: Pkt Drop Rate Max; ‘ddet_ind_pkt_drop_rate_adaptive_threshold’: Pkt Drop Rate Adaptive Threshold; ‘ddet_ind_syn_rate_current’: TCP SYN Rate Current; ‘ddet_ind_syn_rate_min’: TCP SYN Rate Min; ‘ddet_ind_syn_rate_max’: TCP SYN Rate Max; ‘ddet_ind_syn_rate_adaptive_threshold’: TCP SYN Rate Adaptive Threshold; ‘ddet_ind_fin_rate_current’: TCP FIN Rate Current; ‘ddet_ind_fin_rate_min’: TCP FIN Rate Min; ‘ddet_ind_fin_rate_max’: TCP FIN Rate Max; ‘ddet_ind_fin_rate_adaptive_threshold’: TCP FIN Rate Adaptive Threshold; ‘ddet_ind_rst_rate_current’: TCP RST Rate Current; ‘ddet_ind_rst_rate_min’: TCP RST Rate Min; ‘ddet_ind_rst_rate_max’: TCP RST Rate Max; ‘ddet_ind_rst_rate_adaptive_threshold’: TCP RST Rate Adaptive Threshold; ‘ddet_ind_small_window_ack_rate_current’: TCP Small Window ACK Rate Current; ‘ddet_ind_small_window_ack_rate_min’: TCP Small Window ACK Rate Min; ‘ddet_ind_small_window_ack_rate_max’: TCP Small Window ACK Rate Max; ‘ddet_ind_small_window_ack_rate_adaptive_threshold’: TCP Small Window ACK Rate Adaptive Threshold; ‘ddet_ind_empty_ack_rate_current’: TCP Empty ACK Rate Current; ‘ddet_ind_empty_ack_rate_min’: TCP Empty ACK Rate Min; ‘ddet_ind_empty_ack_rate_max’: TCP Empty ACK Rate Max; ‘ddet_ind_empty_ack_rate_adaptive_threshold’: TCP Empty ACK Rate Adaptive Threshold; ‘ddet_ind_small_payload_rate_current’: TCP Small Payload Rate Current; ‘ddet_ind_small_payload_rate_min’: TCP Small Payload Rate Min; ‘ddet_ind_small_payload_rate_max’: TCP Small Payload Rate Max; ‘ddet_ind_small_payload_rate_adaptive_threshold’: TCP Small Payload Rate Adaptive Threshold; ‘ddet_ind_pkt_drop_ratio_current’: Pkt Drop / Pkt Rcvd Current; ‘ddet_ind_pkt_drop_ratio_min’: Pkt Drop / Pkt Rcvd Min; ‘ddet_ind_pkt_drop_ratio_max’: Pkt Drop / Pkt Rcvd Max; ‘ddet_ind_pkt_drop_ratio_adaptive_threshold’: Pkt Drop / Pkt Rcvd Adaptive Threshold; ‘ddet_ind_inb_per_outb_current’: Bytes-to / Bytes-from Current; ‘ddet_ind_inb_per_outb_min’: Bytes-to / Bytes-from Min; ‘ddet_ind_inb_per_outb_max’: Bytes-to / Bytes-from Max; ‘ddet_ind_inb_per_outb_adaptive_threshold’: Bytes-to / Bytes-from Adaptive Threshold; ‘ddet_ind_syn_per_fin_rate_current’: TCP SYN Rate / FIN Rate Current; ‘ddet_ind_syn_per_fin_rate_min’: TCP SYN Rate / FIN Rate Min; ‘ddet_ind_syn_per_fin_rate_max’: TCP SYN Rate / FIN Rate Max; ‘ddet_ind_syn_per_fin_rate_adaptive_threshold’: TCP SYN Rate / FIN Rate Adaptive Threshold; ‘ddet_ind_conn_miss_rate_current’: TCP Session Miss Rate Current; ‘ddet_ind_conn_miss_rate_min’: TCP Session Miss Rate Min; ‘ddet_ind_conn_miss_rate_max’: TCP Session Miss Rate Max; ‘ddet_ind_conn_miss_rate_adaptive_threshold’: TCP Session Miss Rate Adaptive Threshold; ‘ddet_ind_concurrent_conns_current’: TCP/UDP Concurrent Sessions Current; ‘ddet_ind_concurrent_conns_min’: TCP/UDP Concurrent Sessions Min; ‘ddet_ind_concurrent_conns_max’: TCP/UDP Concurrent Sessions Max; ‘ddet_ind_concurrent_conns_adaptive_threshold’: TCP/UDP Concurrent Sessions Adaptive Threshold; ‘ddet_ind_data_cpu_util_current’: Data CPU Utilization Current; ‘ddet_ind_data_cpu_util_min’: Data CPU Utilization Min; ‘ddet_ind_data_cpu_util_max’: Data CPU Utilization Max; ‘ddet_ind_data_cpu_util_adaptive_threshold’: Data CPU Utilization Adaptive Threshold; ‘ddet_ind_outside_intf_util_current’: Outside Interface Utilization Current; ‘ddet_ind_outside_intf_util_min’: Outside Interface Utilization Min; ‘ddet_ind_outside_intf_util_max’: Outside Interface Utilization Max; ‘ddet_ind_outside_intf_util_adaptive_threshold’: Outside Interface Utilization Adaptive Threshold; ‘ddet_ind_frag_rate_current’: Frag Pkt Rate Current; ‘ddet_ind_frag_rate_min’: Frag Pkt Rate Min; ‘ddet_ind_frag_rate_max’: Frag Pkt Rate Max; ‘ddet_ind_frag_rate_adaptive_threshold’: Frag Pkt Rate Adaptive Threshold; ‘ddet_ind_bit_rate_current’: Bit Rate Current; ‘ddet_ind_bit_rate_min’: Bit Rate Min; ‘ddet_ind_bit_rate_max’: Bit Rate Max; ‘ddet_ind_bit_rate_adaptive_threshold’: Bit Rate Adaptive Threshold;
Type: string
Supported Values: all, ip-proto-type, ddet_ind_pkt_rate_current, ddet_ind_pkt_rate_min, ddet_ind_pkt_rate_max, ddet_ind_pkt_rate_adaptive_threshold, ddet_ind_pkt_drop_rate_current, ddet_ind_pkt_drop_rate_min, ddet_ind_pkt_drop_rate_max, ddet_ind_pkt_drop_rate_adaptive_threshold, ddet_ind_syn_rate_current, ddet_ind_syn_rate_min, ddet_ind_syn_rate_max, ddet_ind_syn_rate_adaptive_threshold, ddet_ind_fin_rate_current, ddet_ind_fin_rate_min, ddet_ind_fin_rate_max, ddet_ind_fin_rate_adaptive_threshold, ddet_ind_rst_rate_current, ddet_ind_rst_rate_min, ddet_ind_rst_rate_max, ddet_ind_rst_rate_adaptive_threshold, ddet_ind_small_window_ack_rate_current, ddet_ind_small_window_ack_rate_min, ddet_ind_small_window_ack_rate_max, ddet_ind_small_window_ack_rate_adaptive_threshold, ddet_ind_empty_ack_rate_current, ddet_ind_empty_ack_rate_min, ddet_ind_empty_ack_rate_max, ddet_ind_empty_ack_rate_adaptive_threshold, ddet_ind_small_payload_rate_current, ddet_ind_small_payload_rate_min, ddet_ind_small_payload_rate_max, ddet_ind_small_payload_rate_adaptive_threshold, ddet_ind_pkt_drop_ratio_current, ddet_ind_pkt_drop_ratio_min, ddet_ind_pkt_drop_ratio_max, ddet_ind_pkt_drop_ratio_adaptive_threshold, ddet_ind_inb_per_outb_current, ddet_ind_inb_per_outb_min, ddet_ind_inb_per_outb_max, ddet_ind_inb_per_outb_adaptive_threshold, ddet_ind_syn_per_fin_rate_current, ddet_ind_syn_per_fin_rate_min, ddet_ind_syn_per_fin_rate_max, ddet_ind_syn_per_fin_rate_adaptive_threshold, ddet_ind_conn_miss_rate_current, ddet_ind_conn_miss_rate_min, ddet_ind_conn_miss_rate_max, ddet_ind_conn_miss_rate_adaptive_threshold, ddet_ind_concurrent_conns_current, ddet_ind_concurrent_conns_min, ddet_ind_concurrent_conns_max, ddet_ind_concurrent_conns_adaptive_threshold, ddet_ind_data_cpu_util_current, ddet_ind_data_cpu_util_min, ddet_ind_data_cpu_util_max, ddet_ind_data_cpu_util_adaptive_threshold, ddet_ind_outside_intf_util_current, ddet_ind_outside_intf_util_min, ddet_ind_outside_intf_util_max, ddet_ind_outside_intf_util_adaptive_threshold, ddet_ind_frag_rate_current, ddet_ind_frag_rate_min, ddet_ind_frag_rate_max, ddet_ind_frag_rate_adaptive_threshold, ddet_ind_bit_rate_current, ddet_ind_bit_rate_min, ddet_ind_bit_rate_max, ddet_ind_bit_rate_adaptive_threshold
dst_zone-list_ip-proto_proto-number-list_topk-sources¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_zone-list_ip-proto_proto-number-list_esp-inspect¶
Specification Value Type object auth-algorithm
Description ‘AUTH_NULL’: No Integrity Check Value; ‘HMAC-SHA-1-96’: 96 bit Auth Algo; ‘HMAC-SHA-256-96’: 96 bit Auth Algo; ‘HMAC-SHA-256-128’: 128 bit Auth Algo; ‘HMAC-SHA-384-192’: 192 bit Auth Algo; ‘HMAC-SHA-512-256’: 256 bit Auth Algo; ‘HMAC-MD5-96’: 96 bit Auth Algo; ‘MAC-RIPEMD-160-96’: 96 bit Auth Algo;
Type: string
Supported Values: AUTH_NULL, HMAC-SHA-1-96, HMAC-SHA-256-96, HMAC-SHA-256-128, HMAC-SHA-384-192, HMAC-SHA-512-256, HMAC-MD5-96, MAC-RIPEMD-160-96
encrypt-algorithm
Description ‘NULL’: Null Encryption Algorithm;
Type: string
Supported Values: NULL
mode
Description ‘transport’: Transport mode;
Type: string
Supported Values: transport
dst_zone-list_ip-proto_proto-number-list_topk-destinations¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_zone-list_ip-proto_proto-number-list_progression-tracking¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_zone-list_ip-proto_proto-name-list¶
Specification Value Type list Block object keys age
Description Idle age for ip entry
Type: number
Range: 2-1023
Default: 5
apply-policy-on-overflow
Description Enable this flag to apply overflow policy when dynamic entry count overflows
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
deny
Description Blacklist and Drop all incoming packets for ip-proto icmp-v4
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
drop-frag-pkt
Description Drop fragmented packets
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dynamic-entry-overflow-policy-list
Type: List
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol}/dynamic-entry-overflow-policy/{dummy-name}
enable-class-list-overflow
Description Apply class-list overflow policy upon exceeding dynamic entry count specified for zone-port or class-list
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
enable-top-k
Description Enable ddos top-k source IP detection
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
enable-top-k-destination
Description Enable ddos top-k destination IP detection
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
faster-de-escalation
Description De-escalate faster in standalone mode
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid-cfg
Description: glid-cfg is a JSON Block. Please see below for dst_zone-list_ip-proto_proto-name-list_glid-cfg
Type: Object
key-cfg
Type: Listlevel-list
Type: List
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol}/level/{level-num}
manual-mode-enable
Description Toggle manual mode to use fix templates
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
manual-mode-list
Type: List
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol}/manual-mode/{config}
max-dynamic-entry-count
Description Maximum count for dynamic source zone service entry
Type: number
Range: 0-2147483647
port-ind
Description: port-ind is a JSON Block. Please see below for dst_zone-list_ip-proto_proto-name-list_port-ind
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol}/port-ind
progression-tracking
Description: progression-tracking is a JSON Block. Please see below for dst_zone-list_ip-proto_proto-name-list_progression-tracking
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol}/progression-tracking
protocol
Description ‘icmp-v4’: ip-proto icmp-v4; ‘icmp-v6’: ip-proto icmp-v6; ‘other’: ip-proto other; ‘gre’: ip-proto gre; ‘ipv4-encap’: ip-proto IPv4 Encapsulation; ‘ipv6-encap’: ip-proto IPv6 Encapsulation;
Type: string
Supported Values: icmp-v4, icmp-v6, other, gre, ipv4-encap, ipv6-encap
set-counter-base-val
Description Set T2 counter value of current context to specified value
Type: number
Range: 1-4294967295
src-based-policy-list
Type: List
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol}/src-based-policy/{src-based-policy-name}
topk-destinations
Description: topk-destinations is a JSON Block. Please see below for dst_zone-list_ip-proto_proto-name-list_topk-destinations
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol}/topk-destinations
topk-dst-num-records
Description Maximum number of records to show in topk
Type: number
Range: 1-100
Default: 20
topk-num-records
Description Maximum number of records to show in topk
Type: number
Range: 1-100
Default: 20
topk-sources
Description: topk-sources is a JSON Block. Please see below for dst_zone-list_ip-proto_proto-name-list_topk-sources
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol}/topk-sources
tunnel-decap
Description Enable tunnel decapsulation
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
tunnel-rate-limit
Description Enable DDOS-protection on tunnel traffic
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
unlimited-dynamic-entry-count
Description No limit for maximum dynamic src entry count
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_zone-list_ip-proto_proto-name-list_dynamic-entry-overflow-policy-list¶
Specification Value Type list Block object keys action
Description ‘bypass’: Always permit for the Source to bypass all feature & limit checks; ‘deny’: Blacklist incoming packets for service;
Type: string
Supported Values: bypass, deny
dummy-name
Description ‘configuration’: Configure overflow policy;
Type: string
Supported Values: configuration
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template
Description: zone-template is a JSON Block. Please see below for dst_zone-list_ip-proto_proto-name-list_dynamic-entry-overflow-policy-list_zone-template
Type: Object
dst_zone-list_ip-proto_proto-name-list_dynamic-entry-overflow-policy-list_zone-template¶
Specification Value Type object encap
Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
icmp-v4
Description DDOS icmp-v4 template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
icmp-v6
Description DDOS icmp-v6 template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
ip-proto
Description DDOS ip-proto template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
dst_zone-list_ip-proto_proto-name-list_key-cfg¶
Specification Value Type list Block object keys key
Description Only decapsulate GRE packet with this key (Hexadecimal 0x0-0xFFFFFFFF,decimal 0-4294967295)
Type: string
Maximum Length: 10 characters
Maximum Length: 1 characters
dst_zone-list_ip-proto_proto-name-list_glid-cfg¶
Specification Value Type object action-list
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/action-list
glid
Description Global limit ID for the whole zone
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
glid-action
Description ‘drop’: Drop packets for glid exceed (Default); ‘ignore’: Do nothing for glid exceed;
Type: string
Supported Values: drop, ignore
per-addr-glid
Description Global limit ID per address
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
dst_zone-list_ip-proto_proto-name-list_level-list¶
Specification Value Type list Block object keys glid-action
Description ‘drop’: Drop packets for glid exceed (Default); ‘blacklist-src’: Blacklist-src for glid exceed; ‘ignore’: Do nothing for glid exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
indicator-list
Type: List
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol}/level/{level-num}/indicator/{type}
level-num
Description ‘0’: Default policy level; ‘1’: Policy level 1; ‘2’: Policy level 2; ‘3’: Policy level 3; ‘4’: Policy level 4;
Type: string
Supported Values: 0, 1, 2, 3, 4
src-default-glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
src-escalation-score
Description Source activation score of this level
Type: number
Range: 1-1000000
src-violation-actions
Description Violation actions apply due to source escalate from this level
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/violation-actions
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-escalation-score
Description Zone activation score of this level
Type: number
Range: 1-1000000
zone-template
Description: zone-template is a JSON Block. Please see below for dst_zone-list_ip-proto_proto-name-list_level-list_zone-template
Type: Object
zone-violation-actions
Description Violation actions apply due to zone escalate from this level
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/violation-actions
dst_zone-list_ip-proto_proto-name-list_level-list_zone-template¶
Specification Value Type object encap
Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
icmp-v4
Description DDOS icmp-v4 template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
icmp-v6
Description DDOS icmp-v6 template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
ip-proto
Description DDOS ip-proto template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
dst_zone-list_ip-proto_proto-name-list_level-list_indicator-list¶
Specification Value Type list Block object keys data-packet-size
Description Expected minimal data size
Type: number
Range: 1-1500
score
Description Score corresponding to the indicator
Type: number
Range: 1-1000000
src-threshold-num
Description Indicator per-src threshold
Type: number
Range: 1-2147483647
src-threshold-str
Description Indicator per-src threshold (Non-zero floating point)
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
src-violation-actions
Description Violation actions to use when this src indicator threshold reaches
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/violation-actions
type
Description ‘pkt-rate’: rate of incoming packets; ‘pkt-drop-rate’: rate of packets got dropped; ‘bit-rate’: rate of incoming bits; ‘pkt-drop-ratio’: ratio of incoming packet rate divided by the rate of dropping packets; ‘bytes-to-bytes-from-ratio’: ratio of incoming packet rate divided by the rate of outgoing packets; ‘frag-rate’: rate of incoming fragmented packets; ‘cpu-utilization’: average data CPU utilization; ‘interface-utilization’: outside interface utilization;
Type: string
Supported Values: pkt-rate, pkt-drop-rate, bit-rate, pkt-drop-ratio, bytes-to-bytes-from-ratio, frag-rate, cpu-utilization, interface-utilization
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-threshold-num
Description Threshold for the entire zone
Type: number
Range: 1-2147483647
zone-threshold-str
Description Threshold for the entire zone (Non-zero floating point)
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
zone-violation-actions
Description Violation actions to use when this zone indicator threshold reaches
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/violation-actions
dst_zone-list_ip-proto_proto-name-list_manual-mode-list¶
Specification Value Type list Block object keys config
Description ‘configuration’: Manual-mode configuration;
Type: string
Supported Values: configuration
glid-action
Description ‘drop’: Drop packets for glid exceed (Default); ‘blacklist-src’: Blacklist-src for glid exceed; ‘ignore’: Do nothing for glid exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
src-default-glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template
Description: zone-template is a JSON Block. Please see below for dst_zone-list_ip-proto_proto-name-list_manual-mode-list_zone-template
Type: Object
dst_zone-list_ip-proto_proto-name-list_manual-mode-list_zone-template¶
Specification Value Type object encap
Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
icmp-v4
Description DDOS icmp-v4 template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
icmp-v6
Description DDOS icmp-v6 template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
ip-proto
Description DDOS ip-proto template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
dst_zone-list_ip-proto_proto-name-list_src-based-policy-list¶
Specification Value Type list Block object keys policy-class-list-list
src-based-policy-name
Description Specify name of the policy
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_zone-list_ip-proto_proto-name-list_src-based-policy-list_policy-class-list-list¶
Specification Value Type list Block object keys action
Description ‘bypass’: Always permit for the Source to bypass all feature & limit checks; ‘deny’: Blacklist incoming packets for service;
Type: string
Supported Values: bypass, deny
class-list-name
Description Class-list name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
class-list-overflow-policy-list
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
glid-action
Description ‘drop’: Drop packets for glid exceed (Default); ‘blacklist-src’: Blacklist-src for glid exceed; ‘ignore’: Do nothing for glid exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
log-enable
Description Enable logging
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
log-periodic
Description Enable log periodic
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
max-dynamic-entry-count
Description Maximum count for dynamic source zone service entry allowed for this class-list
Type: number
Range: 0-2147483647
sampling-enable
Type: Listuser-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template
Description: zone-template is a JSON Block. Please see below for dst_zone-list_ip-proto_proto-name-list_src-based-policy-list_policy-class-list-list_zone-template
Type: Object
dst_zone-list_ip-proto_proto-name-list_src-based-policy-list_policy-class-list-list_sampling-enable¶
Specification Value Type list Block object keys counters1
Description ‘all’: all; ‘packet_received’: Packets Received; ‘packet_dropped’: Packets Dropped; ‘entry_learned’: Entry Learned; ‘entry_count_overflow’: Entry Count Overflow;
Type: string
Supported Values: all, packet_received, packet_dropped, entry_learned, entry_count_overflow
dst_zone-list_ip-proto_proto-name-list_src-based-policy-list_policy-class-list-list_zone-template¶
Specification Value Type object encap
Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
icmp-v4
Description DDOS icmp-v4 template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
icmp-v6
Description DDOS icmp-v6 template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
ip-proto
Description DDOS ip-proto template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
logging
Description DDOS logging template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
dst_zone-list_ip-proto_proto-name-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list¶
Specification Value Type list Block object keys action
Description ‘bypass’: Always permit for the Source to bypass all feature & limit checks; ‘deny’: Blacklist incoming packets for service;
Type: string
Supported Values: bypass, deny
dummy-name
Description ‘configuration’: Configure overflow policy for class-list;
Type: string
Supported Values: configuration
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
log-enable
Description Enable logging
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
log-periodic
Description Enable log periodic
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template
Description: zone-template is a JSON Block. Please see below for dst_zone-list_ip-proto_proto-name-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list_zone-template
Type: Object
dst_zone-list_ip-proto_proto-name-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list_zone-template¶
Specification Value Type object encap
Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
icmp-v4
Description DDOS icmp-v4 template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
icmp-v6
Description DDOS icmp-v6 template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
ip-proto
Description DDOS ip-proto template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
dst_zone-list_ip-proto_proto-name-list_port-ind¶
Specification Value Type object sampling-enable
Type: Listuuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_zone-list_ip-proto_proto-name-list_port-ind_sampling-enable¶
Specification Value Type list Block object keys counters1
Description ‘all’: all; ‘ip-proto-type’: IP Protocol Type; ‘ddet_ind_pkt_rate_current’: Pkt Rate Current; ‘ddet_ind_pkt_rate_min’: Pkt Rate Min; ‘ddet_ind_pkt_rate_max’: Pkt Rate Max; ‘ddet_ind_pkt_rate_adaptive_threshold’: Pkt Rate Adaptive Threshold; ‘ddet_ind_pkt_drop_rate_current’: Pkt Drop Rate Current; ‘ddet_ind_pkt_drop_rate_min’: Pkt Drop Rate Min; ‘ddet_ind_pkt_drop_rate_max’: Pkt Drop Rate Max; ‘ddet_ind_pkt_drop_rate_adaptive_threshold’: Pkt Drop Rate Adaptive Threshold; ‘ddet_ind_syn_rate_current’: TCP SYN Rate Current; ‘ddet_ind_syn_rate_min’: TCP SYN Rate Min; ‘ddet_ind_syn_rate_max’: TCP SYN Rate Max; ‘ddet_ind_syn_rate_adaptive_threshold’: TCP SYN Rate Adaptive Threshold; ‘ddet_ind_fin_rate_current’: TCP FIN Rate Current; ‘ddet_ind_fin_rate_min’: TCP FIN Rate Min; ‘ddet_ind_fin_rate_max’: TCP FIN Rate Max; ‘ddet_ind_fin_rate_adaptive_threshold’: TCP FIN Rate Adaptive Threshold; ‘ddet_ind_rst_rate_current’: TCP RST Rate Current; ‘ddet_ind_rst_rate_min’: TCP RST Rate Min; ‘ddet_ind_rst_rate_max’: TCP RST Rate Max; ‘ddet_ind_rst_rate_adaptive_threshold’: TCP RST Rate Adaptive Threshold; ‘ddet_ind_small_window_ack_rate_current’: TCP Small Window ACK Rate Current; ‘ddet_ind_small_window_ack_rate_min’: TCP Small Window ACK Rate Min; ‘ddet_ind_small_window_ack_rate_max’: TCP Small Window ACK Rate Max; ‘ddet_ind_small_window_ack_rate_adaptive_threshold’: TCP Small Window ACK Rate Adaptive Threshold; ‘ddet_ind_empty_ack_rate_current’: TCP Empty ACK Rate Current; ‘ddet_ind_empty_ack_rate_min’: TCP Empty ACK Rate Min; ‘ddet_ind_empty_ack_rate_max’: TCP Empty ACK Rate Max; ‘ddet_ind_empty_ack_rate_adaptive_threshold’: TCP Empty ACK Rate Adaptive Threshold; ‘ddet_ind_small_payload_rate_current’: TCP Small Payload Rate Current; ‘ddet_ind_small_payload_rate_min’: TCP Small Payload Rate Min; ‘ddet_ind_small_payload_rate_max’: TCP Small Payload Rate Max; ‘ddet_ind_small_payload_rate_adaptive_threshold’: TCP Small Payload Rate Adaptive Threshold; ‘ddet_ind_pkt_drop_ratio_current’: Pkt Drop / Pkt Rcvd Current; ‘ddet_ind_pkt_drop_ratio_min’: Pkt Drop / Pkt Rcvd Min; ‘ddet_ind_pkt_drop_ratio_max’: Pkt Drop / Pkt Rcvd Max; ‘ddet_ind_pkt_drop_ratio_adaptive_threshold’: Pkt Drop / Pkt Rcvd Adaptive Threshold; ‘ddet_ind_inb_per_outb_current’: Bytes-to / Bytes-from Current; ‘ddet_ind_inb_per_outb_min’: Bytes-to / Bytes-from Min; ‘ddet_ind_inb_per_outb_max’: Bytes-to / Bytes-from Max; ‘ddet_ind_inb_per_outb_adaptive_threshold’: Bytes-to / Bytes-from Adaptive Threshold; ‘ddet_ind_syn_per_fin_rate_current’: TCP SYN Rate / FIN Rate Current; ‘ddet_ind_syn_per_fin_rate_min’: TCP SYN Rate / FIN Rate Min; ‘ddet_ind_syn_per_fin_rate_max’: TCP SYN Rate / FIN Rate Max; ‘ddet_ind_syn_per_fin_rate_adaptive_threshold’: TCP SYN Rate / FIN Rate Adaptive Threshold; ‘ddet_ind_conn_miss_rate_current’: TCP Session Miss Rate Current; ‘ddet_ind_conn_miss_rate_min’: TCP Session Miss Rate Min; ‘ddet_ind_conn_miss_rate_max’: TCP Session Miss Rate Max; ‘ddet_ind_conn_miss_rate_adaptive_threshold’: TCP Session Miss Rate Adaptive Threshold; ‘ddet_ind_concurrent_conns_current’: TCP/UDP Concurrent Sessions Current; ‘ddet_ind_concurrent_conns_min’: TCP/UDP Concurrent Sessions Min; ‘ddet_ind_concurrent_conns_max’: TCP/UDP Concurrent Sessions Max; ‘ddet_ind_concurrent_conns_adaptive_threshold’: TCP/UDP Concurrent Sessions Adaptive Threshold; ‘ddet_ind_data_cpu_util_current’: Data CPU Utilization Current; ‘ddet_ind_data_cpu_util_min’: Data CPU Utilization Min; ‘ddet_ind_data_cpu_util_max’: Data CPU Utilization Max; ‘ddet_ind_data_cpu_util_adaptive_threshold’: Data CPU Utilization Adaptive Threshold; ‘ddet_ind_outside_intf_util_current’: Outside Interface Utilization Current; ‘ddet_ind_outside_intf_util_min’: Outside Interface Utilization Min; ‘ddet_ind_outside_intf_util_max’: Outside Interface Utilization Max; ‘ddet_ind_outside_intf_util_adaptive_threshold’: Outside Interface Utilization Adaptive Threshold; ‘ddet_ind_frag_rate_current’: Frag Pkt Rate Current; ‘ddet_ind_frag_rate_min’: Frag Pkt Rate Min; ‘ddet_ind_frag_rate_max’: Frag Pkt Rate Max; ‘ddet_ind_frag_rate_adaptive_threshold’: Frag Pkt Rate Adaptive Threshold; ‘ddet_ind_bit_rate_current’: Bit Rate Current; ‘ddet_ind_bit_rate_min’: Bit Rate Min; ‘ddet_ind_bit_rate_max’: Bit Rate Max; ‘ddet_ind_bit_rate_adaptive_threshold’: Bit Rate Adaptive Threshold;
Type: string
Supported Values: all, ip-proto-type, ddet_ind_pkt_rate_current, ddet_ind_pkt_rate_min, ddet_ind_pkt_rate_max, ddet_ind_pkt_rate_adaptive_threshold, ddet_ind_pkt_drop_rate_current, ddet_ind_pkt_drop_rate_min, ddet_ind_pkt_drop_rate_max, ddet_ind_pkt_drop_rate_adaptive_threshold, ddet_ind_syn_rate_current, ddet_ind_syn_rate_min, ddet_ind_syn_rate_max, ddet_ind_syn_rate_adaptive_threshold, ddet_ind_fin_rate_current, ddet_ind_fin_rate_min, ddet_ind_fin_rate_max, ddet_ind_fin_rate_adaptive_threshold, ddet_ind_rst_rate_current, ddet_ind_rst_rate_min, ddet_ind_rst_rate_max, ddet_ind_rst_rate_adaptive_threshold, ddet_ind_small_window_ack_rate_current, ddet_ind_small_window_ack_rate_min, ddet_ind_small_window_ack_rate_max, ddet_ind_small_window_ack_rate_adaptive_threshold, ddet_ind_empty_ack_rate_current, ddet_ind_empty_ack_rate_min, ddet_ind_empty_ack_rate_max, ddet_ind_empty_ack_rate_adaptive_threshold, ddet_ind_small_payload_rate_current, ddet_ind_small_payload_rate_min, ddet_ind_small_payload_rate_max, ddet_ind_small_payload_rate_adaptive_threshold, ddet_ind_pkt_drop_ratio_current, ddet_ind_pkt_drop_ratio_min, ddet_ind_pkt_drop_ratio_max, ddet_ind_pkt_drop_ratio_adaptive_threshold, ddet_ind_inb_per_outb_current, ddet_ind_inb_per_outb_min, ddet_ind_inb_per_outb_max, ddet_ind_inb_per_outb_adaptive_threshold, ddet_ind_syn_per_fin_rate_current, ddet_ind_syn_per_fin_rate_min, ddet_ind_syn_per_fin_rate_max, ddet_ind_syn_per_fin_rate_adaptive_threshold, ddet_ind_conn_miss_rate_current, ddet_ind_conn_miss_rate_min, ddet_ind_conn_miss_rate_max, ddet_ind_conn_miss_rate_adaptive_threshold, ddet_ind_concurrent_conns_current, ddet_ind_concurrent_conns_min, ddet_ind_concurrent_conns_max, ddet_ind_concurrent_conns_adaptive_threshold, ddet_ind_data_cpu_util_current, ddet_ind_data_cpu_util_min, ddet_ind_data_cpu_util_max, ddet_ind_data_cpu_util_adaptive_threshold, ddet_ind_outside_intf_util_current, ddet_ind_outside_intf_util_min, ddet_ind_outside_intf_util_max, ddet_ind_outside_intf_util_adaptive_threshold, ddet_ind_frag_rate_current, ddet_ind_frag_rate_min, ddet_ind_frag_rate_max, ddet_ind_frag_rate_adaptive_threshold, ddet_ind_bit_rate_current, ddet_ind_bit_rate_min, ddet_ind_bit_rate_max, ddet_ind_bit_rate_adaptive_threshold
dst_zone-list_ip-proto_proto-name-list_topk-sources¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_zone-list_ip-proto_proto-name-list_topk-destinations¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_zone-list_ip-proto_proto-name-list_progression-tracking¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_zone-list_ip-proto_proto-tcp-udp-list¶
Specification Value Type list Block object keys deny
Description Blacklist and Drop all incoming packets for this ip-proto
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
drop-frag-pkt
Description Drop fragmented packets
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid-cfg
Description: glid-cfg is a JSON Block. Please see below for dst_zone-list_ip-proto_proto-tcp-udp-list_glid-cfg
Type: Object
protocol
Description ‘tcp’: ip-proto tcp; ‘udp’: ip-proto udp;
Type: string
Supported Values: tcp, udp
set-counter-base-val
Description Set T2 counter value of current context to specified value
Type: number
Range: 1-4294967295
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_zone-list_ip-proto_proto-tcp-udp-list_glid-cfg¶
Specification Value Type object action-list
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/action-list
glid
Description Global limit ID for the whole zone
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
glid-action
Description ‘drop’: Drop packets for glid exceed (Default); ‘ignore’: Do nothing for glid exceed;
Type: string
Supported Values: drop, ignore
per-addr-glid
Description Global limit ID per address
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
dst_zone-list_port-range-list¶
Specification Value Type list Block object keys age
Description Idle age for ip entry
Type: number
Range: 2-1023
Default: 5
apply-policy-on-overflow
Description Enable this flag to apply overflow policy when dynamic entry count overflows
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
default-action-list
Description Configure default-action-list
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/action-list
deny
Description Blacklist and Drop all incoming packets for protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dynamic-entry-overflow-policy-list
enable-class-list-overflow
Description Apply class-list overflow policy upon exceeding dynamic entry count specified under zone port or each class-list
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
enable-top-k
Description Enable ddos top-k source IP detection
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
enable-top-k-destination
Description Enable ddos top-k destination IP detection
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
faster-de-escalation
Description De-escalate faster in standalone mode
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid-cfg
Description: glid-cfg is a JSON Block. Please see below for dst_zone-list_port-range-list_glid-cfg
Type: Object
ips
Description: ips is a JSON Block. Please see below for dst_zone-list_port-range-list_ips
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/ips
level-list
Type: List
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/level/{level-num}
manual-mode-enable
Description Toggle manual mode to use fix templates
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
manual-mode-list
Type: List
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/manual-mode/{config}
max-dynamic-entry-count
Description Maximum count for dynamic source zone service entry
Type: number
Range: 0-2147483647
outbound-only
Description Only allow outbound traffic
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
pattern-recognition
Description: pattern-recognition is a JSON Block. Please see below for dst_zone-list_port-range-list_pattern-recognition
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/pattern-recognition
pattern-recognition-pu-details
Description: pattern-recognition-pu-details is a JSON Block. Please see below for dst_zone-list_port-range-list_pattern-recognition-pu-details
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/pattern-recognition-pu-details
port-ind
Description: port-ind is a JSON Block. Please see below for dst_zone-list_port-range-list_port-ind
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/port-ind
port-range-end
Description Port-Range End Port Number
Type: number
Range: 1-65535
port-range-start
Description Port-Range Start Port Number
Type: number
Range: 1-65535
progression-tracking
Description: progression-tracking is a JSON Block. Please see below for dst_zone-list_port-range-list_progression-tracking
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/progression-tracking
protocol
Description ‘dns-tcp’: DNS-TCP Port; ‘dns-udp’: DNS-UDP Port; ‘http’: HTTP Port; ‘tcp’: TCP Port; ‘udp’: UDP Port; ‘ssl-l4’: SSL-L4 Port; ‘sip-udp’: SIP-UDP Port; ‘sip-tcp’: SIP-TCP Port; ‘quic’: QUIC Port;
Type: string
Supported Values: dns-tcp, dns-udp, http, tcp, udp, ssl-l4, sip-udp, sip-tcp, quic
set-counter-base-val
Description Set T2 counter value of current context to specified value
Type: number
Range: 1-4294967295
sflow-common
Description Enable all sFlow polling options under this zone port
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: sflow-common,sflow-packets, sflow-tcp-basic, sflow-tcp-stateful, and sflow-http are mutually exclusive
sflow-http
Description Enable sFlow HTTP counter polling
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: sflow-http and sflow-common are mutually exclusive
sflow-packets
Description Enable sFlow packet-level counter polling
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: sflow-packets and sflow-common are mutually exclusive
sflow-tcp
Description: sflow-tcp is a JSON Block. Please see below for dst_zone-list_port-range-list_sflow-tcp
Type: Object
src-based-policy-list
stateful
Description Enable stateful tracking of sessions (Default is stateless)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
topk-destinations
Description: topk-destinations is a JSON Block. Please see below for dst_zone-list_port-range-list_topk-destinations
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/topk-destinations
topk-dst-num-records
Description Maximum number of records to show in topk
Type: number
Range: 1-100
Default: 20
topk-num-records
Description Maximum number of records to show in topk
Type: number
Range: 1-100
Default: 20
topk-sources
Description: topk-sources is a JSON Block. Please see below for dst_zone-list_port-range-list_topk-sources
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/topk-sources
unlimited-dynamic-entry-count
Description No limit for maximum dynamic src entry count
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template
Description: zone-template is a JSON Block. Please see below for dst_zone-list_port-range-list_zone-template
Type: Object
dst_zone-list_port-range-list_pattern-recognition¶
Specification Value Type object algorithm
Description ‘heuristic’: heuristic algorithm;
Type: string
Supported Values: heuristic
app-payload-offset
Description Set offset of the payload, default 0
Type: number
Range: 0-1500
capture-traffic
Description ‘all’: Capture all packets; ‘dropped’: Capture dropped packets (default);
Type: string
Supported Values: all, dropped
filter-inactive-threshold
Description Extracted filter inactive threshold
Type: number
Range: 5-255
filter-threshold
Description Extracted filter threshold
Type: number
Range: 0-100
mode
Description ‘capture-never-expire’: War-time capture without rate exceeding and never expires; ‘manual’: Manual mode;
Type: string
Supported Values: capture-never-expire, manual
sensitivity
Description ‘high’: High Sensitivity; ‘medium’: Medium Sensitivity; ‘low’: Low Sensitivity;
Type: string
Supported Values: high, medium, low
triggered-by
Description ‘zone-escalation’: Zone escalation trigger pattern recognition; ‘packet-rate-exceeds’: Packet rate limit exceeds trigger pattern recognition (default);
Type: string
Supported Values: zone-escalation, packet-rate-exceeds
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_zone-list_port-range-list_progression-tracking¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_zone-list_port-range-list_ips¶
Specification Value Type object sampling-enable
Type: Listuuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_zone-list_port-range-list_ips_sampling-enable¶
Specification Value Type list Block object keys counters1
Description ‘all’: all; ‘ips_matched_total’: IPS Matched Total; ‘ips_matched_action_pass’: IPS Matched Action Pass; ‘ips_matched_action_drop’: IPS Matched Action Drop; ‘ips_matched_action_blacklist’: IPS Matched Action Blacklist; ‘ips_matched_severity_high’: IPS Matched Severity High; ‘ips_matched_severity_medium’: IPS Matched Severity Medium; ‘ips_matched_severity_low’: IPS Matched Severity Low; ‘src_ips_matched_action_pass’: Src IPS Matched Action Pass; ‘src_ips_matched_action_drop’: Src IPS Matched Action Drop; ‘src_ips_matched_action_blacklist’: Src IPS Matched Action Blacklist; ‘src_ips_matched_severity_high’: Src IPS Matched Severity High; ‘src_ips_matched_severity_medium’: Src IPS Matched Severity Medium; ‘src_ips_matched_severity_low’: Src IPS Matched Severity Low;
Type: string
Supported Values: all, ips_matched_total, ips_matched_action_pass, ips_matched_action_drop, ips_matched_action_blacklist, ips_matched_severity_high, ips_matched_severity_medium, ips_matched_severity_low, src_ips_matched_action_pass, src_ips_matched_action_drop, src_ips_matched_action_blacklist, src_ips_matched_severity_high, src_ips_matched_severity_medium, src_ips_matched_severity_low
dst_zone-list_port-range-list_glid-cfg¶
Specification Value Type object action-list
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/action-list
glid
Description Global limit ID for the whole zone
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
glid-action
Description ‘drop’: Drop packets for glid exceed (Default if default-action-list is not configured); ‘ignore’: Do nothing for glid exceed;
Type: string
Supported Values: drop, ignore
per-addr-glid
Description Global limit ID per address
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
dst_zone-list_port-range-list_zone-template¶
Specification Value Type object ips
Description IPS template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
dst_zone-list_port-range-list_level-list¶
Specification Value Type list Block object keys apply-extracted-filters
Description Apply extracted filters from this level
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
close-sessions-for-unauth-sources
Description Close session for unauthenticated sources
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid-action
Description ‘drop’: Drop packets for glid exceed (Default); ‘blacklist-src’: Blacklist-src for glid exceed; ‘ignore’: Do nothing for glid exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
indicator-list
level-num
Description ‘0’: Default policy level; ‘1’: Policy level 1; ‘2’: Policy level 2; ‘3’: Policy level 3; ‘4’: Policy level 4;
Type: string
Supported Values: 0, 1, 2, 3, 4
src-default-glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
src-escalation-score
Description Source activation score of this level
Type: number
Range: 1-1000000
src-violation-actions
Description Violation actions apply due to source escalate from this level
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/violation-actions
start-pattern-recognition
Description Start pattern recognition from this level
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-escalation-score
Description Zone activation score of this level
Type: number
Range: 1-1000000
zone-template
Description: zone-template is a JSON Block. Please see below for dst_zone-list_port-range-list_level-list_zone-template
Type: Object
zone-violation-actions
Description Violation actions apply due to zone escalate from this level
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/violation-actions
dst_zone-list_port-range-list_level-list_zone-template¶
Specification Value Type object dns
Description DDOS dns template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
encap
Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
http
Description DDOS http template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
quic
Description DDOS quic template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
sip
Description DDOS sip template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
ssl-l4
Description DDOS ssl-l4 template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
tcp
Description DDOS tcp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
udp
Description DDOS udp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
dst_zone-list_port-range-list_level-list_indicator-list¶
Specification Value Type list Block object keys data-packet-size
Description Expected minimal data size
Type: number
Range: 1-1500
score
Description Score corresponding to the indicator
Type: number
Range: 1-1000000
src-threshold-num
Description Indicator per-src threshold
Type: number
Range: 1-2147483647
src-threshold-str
Description Indicator per-src threshold (Non-zero floating point)
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
src-violation-actions
Description Violation actions to use when this src indicator threshold reaches
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/violation-actions
tcp-window-size
Description Expected minimal window size
Type: number
Range: 1-500
type
Description ‘pkt-rate’: rate of incoming packets; ‘pkt-drop-rate’: rate of packets got dropped; ‘bit-rate’: rate of incoming bits; ‘pkt-drop-ratio’: ratio of incoming packet rate divided by the rate of dropping packets; ‘bytes-to-bytes-from-ratio’: ratio of incoming packet rate divided by the rate of outgoing packets; ‘concurrent-conns’: number of concurrent connections; ‘conn-miss-rate’: rate of incoming packets for which no previously established connection exists; ‘syn-rate’: rate on incoming SYN packets; ‘fin-rate’: rate on incoming FIN packets; ‘rst-rate’: rate of incoming RST packets; ‘small-window-ack-rate’: rate of small window advertisement; ‘empty-ack-rate’: rate of incoming packets which have no payload; ‘small-payload-rate’: rate of short payload packet; ‘syn-fin-ratio’: ratio of incoming SYN packet rate divided by the rate of incoming FIN packets; ‘cpu-utilization’: average data CPU utilization; ‘interface-utilization’: outside interface utilization;
Type: string
Supported Values: pkt-rate, pkt-drop-rate, bit-rate, pkt-drop-ratio, bytes-to-bytes-from-ratio, concurrent-conns, conn-miss-rate, syn-rate, fin-rate, rst-rate, small-window-ack-rate, empty-ack-rate, small-payload-rate, syn-fin-ratio, cpu-utilization, interface-utilization
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-threshold-num
Description Threshold for the entire zone
Type: number
Range: 1-2147483647
zone-threshold-str
Description Threshold for the entire zone (Non-zero floating point)
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
zone-violation-actions
Description Violation actions to use when this zone indicator threshold reaches
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/violation-actions
dst_zone-list_port-range-list_manual-mode-list¶
Specification Value Type list Block object keys close-sessions-for-unauth-sources
Description Close session for unauthenticated sources
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
config
Description ‘configuration’: Manual-mode configuration;
Type: string
Supported Values: configuration
glid-action
Description ‘drop’: Drop packets for glid exceed (Default); ‘blacklist-src’: Blacklist-src for glid exceed; ‘ignore’: Do nothing for glid exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
src-default-glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template
Description: zone-template is a JSON Block. Please see below for dst_zone-list_port-range-list_manual-mode-list_zone-template
Type: Object
dst_zone-list_port-range-list_manual-mode-list_zone-template¶
Specification Value Type object dns
Description DDOS dns template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
encap
Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
http
Description DDOS http template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
quic
Description DDOS quic template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
sip
Description DDOS sip template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
ssl-l4
Description DDOS ssl-l4 template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
tcp
Description DDOS tcp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
udp
Description DDOS udp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
dst_zone-list_port-range-list_src-based-policy-list¶
Specification Value Type list Block object keys policy-class-list-list
src-based-policy-name
Description Specify name of the policy
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_zone-list_port-range-list_src-based-policy-list_policy-class-list-list¶
Specification Value Type list Block object keys action
Description ‘bypass’: Always permit for the Source to bypass all feature & limit checks; ‘deny’: Blacklist incoming packets for service;
Type: string
Supported Values: bypass, deny
class-list-name
Description Class-list name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
class-list-overflow-policy-list
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
glid-action
Description ‘drop’: Drop packets for glid exceed (Default); ‘blacklist-src’: Blacklist-src for glid exceed; ‘ignore’: Do nothing for glid exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
max-dynamic-entry-count
Description Maximum count for dynamic source zone service entry allowed for this class-list
Type: number
Range: 0-2147483647
sampling-enable
Type: Listuser-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template
Description: zone-template is a JSON Block. Please see below for dst_zone-list_port-range-list_src-based-policy-list_policy-class-list-list_zone-template
Type: Object
dst_zone-list_port-range-list_src-based-policy-list_policy-class-list-list_zone-template¶
Specification Value Type object dns
Description DDOS dns template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
encap
Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
http
Description DDOS http template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
ips
Description IPS template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
logging
Description DDOS logging template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
quic
Description DDOS quic template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
sip
Description DDOS sip template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
ssl-l4
Description DDOS ssl-l4 template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
tcp
Description DDOS tcp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
udp
Description DDOS udp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
dst_zone-list_port-range-list_src-based-policy-list_policy-class-list-list_sampling-enable¶
Specification Value Type list Block object keys counters1
Description ‘all’: all; ‘packet_received’: Packets Received; ‘packet_dropped’: Packets Dropped; ‘entry_learned’: Entry Learned; ‘entry_count_overflow’: Entry Count Overflow;
Type: string
Supported Values: all, packet_received, packet_dropped, entry_learned, entry_count_overflow
dst_zone-list_port-range-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list¶
Specification Value Type list Block object keys action
Description ‘bypass’: Always permit for the Source to bypass all feature & limit checks; ‘deny’: Blacklist incoming packets for service;
Type: string
Supported Values: bypass, deny
dummy-name
Description ‘configuration’: Configure overflow policy for class-list;
Type: string
Supported Values: configuration
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
log-enable
Description Enable logging
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
log-periodic
Description Enable log periodic
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template
Description: zone-template is a JSON Block. Please see below for dst_zone-list_port-range-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list_zone-template
Type: Object
dst_zone-list_port-range-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list_zone-template¶
Specification Value Type object dns
Description DDOS dns template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
encap
Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
http
Description DDOS http template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
logging
Description DDOS logging template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
quic
Description DDOS quic template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
sip
Description DDOS sip template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
ssl-l4
Description DDOS ssl-l4 template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
tcp
Description DDOS tcp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
udp
Description DDOS udp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
dst_zone-list_port-range-list_pattern-recognition-pu-details¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_zone-list_port-range-list_port-ind¶
Specification Value Type object sampling-enable
Type: Listuuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_zone-list_port-range-list_port-ind_sampling-enable¶
Specification Value Type list Block object keys counters1
Description ‘all’: all; ‘ip-proto-type’: IP Protocol Type; ‘ddet_ind_pkt_rate_current’: Pkt Rate Current; ‘ddet_ind_pkt_rate_min’: Pkt Rate Min; ‘ddet_ind_pkt_rate_max’: Pkt Rate Max; ‘ddet_ind_pkt_rate_adaptive_threshold’: Pkt Rate Adaptive Threshold; ‘ddet_ind_pkt_drop_rate_current’: Pkt Drop Rate Current; ‘ddet_ind_pkt_drop_rate_min’: Pkt Drop Rate Min; ‘ddet_ind_pkt_drop_rate_max’: Pkt Drop Rate Max; ‘ddet_ind_pkt_drop_rate_adaptive_threshold’: Pkt Drop Rate Adaptive Threshold; ‘ddet_ind_syn_rate_current’: TCP SYN Rate Current; ‘ddet_ind_syn_rate_min’: TCP SYN Rate Min; ‘ddet_ind_syn_rate_max’: TCP SYN Rate Max; ‘ddet_ind_syn_rate_adaptive_threshold’: TCP SYN Rate Adaptive Threshold; ‘ddet_ind_fin_rate_current’: TCP FIN Rate Current; ‘ddet_ind_fin_rate_min’: TCP FIN Rate Min; ‘ddet_ind_fin_rate_max’: TCP FIN Rate Max; ‘ddet_ind_fin_rate_adaptive_threshold’: TCP FIN Rate Adaptive Threshold; ‘ddet_ind_rst_rate_current’: TCP RST Rate Current; ‘ddet_ind_rst_rate_min’: TCP RST Rate Min; ‘ddet_ind_rst_rate_max’: TCP RST Rate Max; ‘ddet_ind_rst_rate_adaptive_threshold’: TCP RST Rate Adaptive Threshold; ‘ddet_ind_small_window_ack_rate_current’: TCP Small Window ACK Rate Current; ‘ddet_ind_small_window_ack_rate_min’: TCP Small Window ACK Rate Min; ‘ddet_ind_small_window_ack_rate_max’: TCP Small Window ACK Rate Max; ‘ddet_ind_small_window_ack_rate_adaptive_threshold’: TCP Small Window ACK Rate Adaptive Threshold; ‘ddet_ind_empty_ack_rate_current’: TCP Empty ACK Rate Current; ‘ddet_ind_empty_ack_rate_min’: TCP Empty ACK Rate Min; ‘ddet_ind_empty_ack_rate_max’: TCP Empty ACK Rate Max; ‘ddet_ind_empty_ack_rate_adaptive_threshold’: TCP Empty ACK Rate Adaptive Threshold; ‘ddet_ind_small_payload_rate_current’: TCP Small Payload Rate Current; ‘ddet_ind_small_payload_rate_min’: TCP Small Payload Rate Min; ‘ddet_ind_small_payload_rate_max’: TCP Small Payload Rate Max; ‘ddet_ind_small_payload_rate_adaptive_threshold’: TCP Small Payload Rate Adaptive Threshold; ‘ddet_ind_pkt_drop_ratio_current’: Pkt Drop / Pkt Rcvd Current; ‘ddet_ind_pkt_drop_ratio_min’: Pkt Drop / Pkt Rcvd Min; ‘ddet_ind_pkt_drop_ratio_max’: Pkt Drop / Pkt Rcvd Max; ‘ddet_ind_pkt_drop_ratio_adaptive_threshold’: Pkt Drop / Pkt Rcvd Adaptive Threshold; ‘ddet_ind_inb_per_outb_current’: Bytes-to / Bytes-from Current; ‘ddet_ind_inb_per_outb_min’: Bytes-to / Bytes-from Min; ‘ddet_ind_inb_per_outb_max’: Bytes-to / Bytes-from Max; ‘ddet_ind_inb_per_outb_adaptive_threshold’: Bytes-to / Bytes-from Adaptive Threshold; ‘ddet_ind_syn_per_fin_rate_current’: TCP SYN Rate / FIN Rate Current; ‘ddet_ind_syn_per_fin_rate_min’: TCP SYN Rate / FIN Rate Min; ‘ddet_ind_syn_per_fin_rate_max’: TCP SYN Rate / FIN Rate Max; ‘ddet_ind_syn_per_fin_rate_adaptive_threshold’: TCP SYN Rate / FIN Rate Adaptive Threshold; ‘ddet_ind_conn_miss_rate_current’: TCP Session Miss Rate Current; ‘ddet_ind_conn_miss_rate_min’: TCP Session Miss Rate Min; ‘ddet_ind_conn_miss_rate_max’: TCP Session Miss Rate Max; ‘ddet_ind_conn_miss_rate_adaptive_threshold’: TCP Session Miss Rate Adaptive Threshold; ‘ddet_ind_concurrent_conns_current’: TCP/UDP Concurrent Sessions Current; ‘ddet_ind_concurrent_conns_min’: TCP/UDP Concurrent Sessions Min; ‘ddet_ind_concurrent_conns_max’: TCP/UDP Concurrent Sessions Max; ‘ddet_ind_concurrent_conns_adaptive_threshold’: TCP/UDP Concurrent Sessions Adaptive Threshold; ‘ddet_ind_data_cpu_util_current’: Data CPU Utilization Current; ‘ddet_ind_data_cpu_util_min’: Data CPU Utilization Min; ‘ddet_ind_data_cpu_util_max’: Data CPU Utilization Max; ‘ddet_ind_data_cpu_util_adaptive_threshold’: Data CPU Utilization Adaptive Threshold; ‘ddet_ind_outside_intf_util_current’: Outside Interface Utilization Current; ‘ddet_ind_outside_intf_util_min’: Outside Interface Utilization Min; ‘ddet_ind_outside_intf_util_max’: Outside Interface Utilization Max; ‘ddet_ind_outside_intf_util_adaptive_threshold’: Outside Interface Utilization Adaptive Threshold; ‘ddet_ind_frag_rate_current’: Frag Pkt Rate Current; ‘ddet_ind_frag_rate_min’: Frag Pkt Rate Min; ‘ddet_ind_frag_rate_max’: Frag Pkt Rate Max; ‘ddet_ind_frag_rate_adaptive_threshold’: Frag Pkt Rate Adaptive Threshold; ‘ddet_ind_bit_rate_current’: Bit Rate Current; ‘ddet_ind_bit_rate_min’: Bit Rate Min; ‘ddet_ind_bit_rate_max’: Bit Rate Max; ‘ddet_ind_bit_rate_adaptive_threshold’: Bit Rate Adaptive Threshold;
Type: string
Supported Values: all, ip-proto-type, ddet_ind_pkt_rate_current, ddet_ind_pkt_rate_min, ddet_ind_pkt_rate_max, ddet_ind_pkt_rate_adaptive_threshold, ddet_ind_pkt_drop_rate_current, ddet_ind_pkt_drop_rate_min, ddet_ind_pkt_drop_rate_max, ddet_ind_pkt_drop_rate_adaptive_threshold, ddet_ind_syn_rate_current, ddet_ind_syn_rate_min, ddet_ind_syn_rate_max, ddet_ind_syn_rate_adaptive_threshold, ddet_ind_fin_rate_current, ddet_ind_fin_rate_min, ddet_ind_fin_rate_max, ddet_ind_fin_rate_adaptive_threshold, ddet_ind_rst_rate_current, ddet_ind_rst_rate_min, ddet_ind_rst_rate_max, ddet_ind_rst_rate_adaptive_threshold, ddet_ind_small_window_ack_rate_current, ddet_ind_small_window_ack_rate_min, ddet_ind_small_window_ack_rate_max, ddet_ind_small_window_ack_rate_adaptive_threshold, ddet_ind_empty_ack_rate_current, ddet_ind_empty_ack_rate_min, ddet_ind_empty_ack_rate_max, ddet_ind_empty_ack_rate_adaptive_threshold, ddet_ind_small_payload_rate_current, ddet_ind_small_payload_rate_min, ddet_ind_small_payload_rate_max, ddet_ind_small_payload_rate_adaptive_threshold, ddet_ind_pkt_drop_ratio_current, ddet_ind_pkt_drop_ratio_min, ddet_ind_pkt_drop_ratio_max, ddet_ind_pkt_drop_ratio_adaptive_threshold, ddet_ind_inb_per_outb_current, ddet_ind_inb_per_outb_min, ddet_ind_inb_per_outb_max, ddet_ind_inb_per_outb_adaptive_threshold, ddet_ind_syn_per_fin_rate_current, ddet_ind_syn_per_fin_rate_min, ddet_ind_syn_per_fin_rate_max, ddet_ind_syn_per_fin_rate_adaptive_threshold, ddet_ind_conn_miss_rate_current, ddet_ind_conn_miss_rate_min, ddet_ind_conn_miss_rate_max, ddet_ind_conn_miss_rate_adaptive_threshold, ddet_ind_concurrent_conns_current, ddet_ind_concurrent_conns_min, ddet_ind_concurrent_conns_max, ddet_ind_concurrent_conns_adaptive_threshold, ddet_ind_data_cpu_util_current, ddet_ind_data_cpu_util_min, ddet_ind_data_cpu_util_max, ddet_ind_data_cpu_util_adaptive_threshold, ddet_ind_outside_intf_util_current, ddet_ind_outside_intf_util_min, ddet_ind_outside_intf_util_max, ddet_ind_outside_intf_util_adaptive_threshold, ddet_ind_frag_rate_current, ddet_ind_frag_rate_min, ddet_ind_frag_rate_max, ddet_ind_frag_rate_adaptive_threshold, ddet_ind_bit_rate_current, ddet_ind_bit_rate_min, ddet_ind_bit_rate_max, ddet_ind_bit_rate_adaptive_threshold
dst_zone-list_port-range-list_sflow-tcp¶
Specification Value Type object sflow-tcp-basic
Description Enable sFlow basic TCP counter polling
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: sflow-tcp-basic and sflow-common are mutually exclusive
sflow-tcp-stateful
Description Enable sFlow stateful TCP counter polling
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: sflow-tcp-stateful and sflow-common are mutually exclusive
dst_zone-list_port-range-list_topk-sources¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_zone-list_port-range-list_dynamic-entry-overflow-policy-list¶
Specification Value Type list Block object keys action
Description ‘bypass’: Always permit for the Source to bypass all feature & limit checks; ‘deny’: Blacklist incoming packets for service;
Type: string
Supported Values: bypass, deny
dummy-name
Description ‘configuration’: Configure overflow policy;
Type: string
Supported Values: configuration
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
log-enable
Description Enable logging
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
log-periodic
Description Enable log periodic
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template
Description: zone-template is a JSON Block. Please see below for dst_zone-list_port-range-list_dynamic-entry-overflow-policy-list_zone-template
Type: Object
dst_zone-list_port-range-list_dynamic-entry-overflow-policy-list_zone-template¶
Specification Value Type object dns
Description DDOS dns template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
encap
Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
http
Description DDOS http template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
logging
Description DDOS logging template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
quic
Description DDOS quic template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
sip
Description DDOS sip template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
ssl-l4
Description DDOS ssl-l4 template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
tcp
Description DDOS tcp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
udp
Description DDOS udp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
dst_zone-list_port-range-list_topk-destinations¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_zone-list_topk-destinations¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_zone-list_capture-config-list¶
Specification Value Type list Block object keys mode
Description ‘drop’: Apply capture-config to dropped packets; ‘forward’: Apply capture-config to forwarded packets; ‘all’: Apply capture-config to both dropped and forwarded packets;
Type: string
Supported Values: drop, forward, all
name
Description Capture-config name
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/capture-config
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_zone-list_zone-template¶
Specification Value Type object logging
Description DDOS logging template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
dst_zone-list_web-gui¶
Specification Value Type object activated-after-learning
Description Activate it after learning
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
create-time
Description Configure create time
Type: string
Maximum Length: 13 characters
Maximum Length: 1 characters
learning
Description: learning is a JSON Block. Please see below for dst_zone-list_web-gui_learning
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/web-gui/learning
modify-time
Description Configure modify time
Type: string
Maximum Length: 13 characters
Maximum Length: 1 characters
protection
Description: protection is a JSON Block. Please see below for dst_zone-list_web-gui_protection
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/web-gui/protection
sensitivity
Description ‘5’: Low; ‘3’: Medium; ‘1.5’: High;
Type: string
Supported Values: 5, 3, 1.5
Default: 3
status
Description ‘newly’: newly; ‘learning’: learning; ‘learned’: learned; ‘activated’: activated;
Type: string
Supported Values: newly, learning, learned, activated
Default: newly
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_zone-list_web-gui_protection¶
Specification Value Type object ip-proto
Description: ip-proto is a JSON Block. Please see below for dst_zone-list_web-gui_protection_ip-proto
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/web-gui/protection/ip-proto
port
Description: port is a JSON Block. Please see below for dst_zone-list_web-gui_protection_port
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/web-gui/protection/port
port-range-list
Type: List
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/web-gui/protection/port-range/{port-range-start}+{port-range-end}+{protocol}
dst_zone-list_web-gui_protection_port-range-list¶
Specification Value Type list Block object keys pbe
Description Peak Bandwidth Expected
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
port-range-end
Description Port-Range End Port Number
Type: number
Range: 1-65535
port-range-start
Description Port-Range Start Port Number
Type: number
Range: 1-65535
protocol
Description ‘dns-tcp’: DNS-TCP Port; ‘dns-udp’: DNS-UDP Port; ‘http’: HTTP Port; ‘tcp’: TCP Port; ‘udp’: UDP Port; ‘ssl-l4’: SSL-L4 Port;
Type: string
Supported Values: dns-tcp, dns-udp, http, tcp, udp, ssl-l4
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_zone-list_web-gui_protection_port¶
Specification Value Type object zone-service-list
Type: List
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/web-gui/protection/port/zone-service/{port-num}+{protocol}
zone-service-other-list
Type: List
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/web-gui/protection/port/zone-service-other/{port-other}+{protocol}
dst_zone-list_web-gui_protection_port_zone-service-list¶
Specification Value Type list Block object keys pbe
Description Peak Bandwidth Expected
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
port-num
Description Port Number
Type: number
Range: 1-65535
protocol
Description ‘dns-tcp’: DNS-TCP Port; ‘dns-udp’: DNS-UDP Port; ‘http’: HTTP Port; ‘tcp’: TCP Port; ‘udp’: UDP Port; ‘ssl-l4’: SSL-L4 Port;
Type: string
Supported Values: dns-tcp, dns-udp, http, tcp, udp, ssl-l4
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_zone-list_web-gui_protection_port_zone-service-other-list¶
Specification Value Type list Block object keys pbe
Description Peak Bandwidth Expected
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
port-other
Description ‘other’: other;
Type: string
Supported Values: other
protocol
Description ‘tcp’: TCP Port; ‘udp’: UDP Port;
Type: string
Supported Values: tcp, udp
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_zone-list_web-gui_protection_ip-proto¶
Specification Value Type object proto-name-list
Type: List
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/web-gui/protection/ip-proto/proto-name/{protocol}
dst_zone-list_web-gui_protection_ip-proto_proto-name-list¶
Specification Value Type list Block object keys pbe
Description Peak Bandwidth Expected
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
protocol
Description ‘icmp-v4’: ip-proto icmp-v4; ‘icmp-v6’: ip-proto icmp-v6;
Type: string
Supported Values: icmp-v4, icmp-v6
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_zone-list_web-gui_learning¶
Specification Value Type object duration
Description ‘1minute’: 1 minute; ‘6hour’: 6 hours; ‘12hour’: 12 hours; ‘24hour’: 24 hours; ‘7day’: 7 days;
Type: string
Supported Values: 1minute, 6hour, 12hour, 24hour, 7day
Default: 6hour
starting-time
Description Configure learning starting time
Type: string
Maximum Length: 13 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_zone-list_hw-blacklist-blocking¶
Specification Value Type object dst-enable
Description Enable Dst side hardware blocking
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
src-enable
Description Enable Src side hardware blocking
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_zone-list_port¶
Specification Value Type object zone-service-list
Type: List
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}
zone-service-other-list
Type: List
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}
dst_zone-list_port_zone-service-list¶
Specification Value Type list Block object keys age
Description Idle age for ip entry
Type: number
Range: 2-1023
Default: 5
apply-policy-on-overflow
Description Enable this flag to apply overflow policy when dynamic entry count overflows
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
capture-config
Description: capture-config is a JSON Block. Please see below for dst_zone-list_port_zone-service-list_capture-config
Type: Object
default-action-list
Description Configure default-action-list
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/action-list
deny
Description Blacklist and Drop all incoming packets for protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dynamic-entry-overflow-policy-list
enable-class-list-overflow
Description Apply class-list overflow policy upon exceeding dynamic entry count specified for zone-port or class-list
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
enable-top-k
Description Enable ddos top-k source IP detection
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
enable-top-k-destination
Description Enable ddos top-k destination IP detection
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
faster-de-escalation
Description De-escalate faster in standalone mode
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid-cfg
Description: glid-cfg is a JSON Block. Please see below for dst_zone-list_port_zone-service-list_glid-cfg
Type: Object
ips
Description: ips is a JSON Block. Please see below for dst_zone-list_port_zone-service-list_ips
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/ips
level-list
Type: List
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/level/{level-num}
manual-mode-enable
Description Toggle manual mode to use fix templates
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
manual-mode-list
Type: List
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/manual-mode/{config}
max-dynamic-entry-count
Description Maximum count for dynamic source zone service entry
Type: number
Range: 0-2147483647
outbound-only
Description Only allow outbound traffic
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
pattern-recognition
Description: pattern-recognition is a JSON Block. Please see below for dst_zone-list_port_zone-service-list_pattern-recognition
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/pattern-recognition
pattern-recognition-pu-details
Description: pattern-recognition-pu-details is a JSON Block. Please see below for dst_zone-list_port_zone-service-list_pattern-recognition-pu-details
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/pattern-recognition-pu-details
port-ind
Description: port-ind is a JSON Block. Please see below for dst_zone-list_port_zone-service-list_port-ind
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/port-ind
port-num
Description Port Number
Type: number
Range: 1-65535
progression-tracking
Description: progression-tracking is a JSON Block. Please see below for dst_zone-list_port_zone-service-list_progression-tracking
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/progression-tracking
protocol
Description ‘dns-tcp’: DNS-TCP Port; ‘dns-udp’: DNS-UDP Port; ‘http’: HTTP Port; ‘tcp’: TCP Port; ‘udp’: UDP Port; ‘ssl-l4’: SSL-L4 Port; ‘sip-udp’: SIP-UDP Port; ‘sip-tcp’: SIP-TCP Port; ‘quic’: QUIC Port;
Type: string
Supported Values: dns-tcp, dns-udp, http, tcp, udp, ssl-l4, sip-udp, sip-tcp, quic
set-counter-base-val
Description Set T2 counter value of current context to specified value
Type: number
Range: 1-4294967295
sflow-common
Description Enable all sFlow polling options under this zone port
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: sflow-common,sflow-packets, sflow-tcp-basic, sflow-tcp-stateful, and sflow-http are mutually exclusive
sflow-http
Description Enable sFlow HTTP counter polling
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: sflow-http and sflow-common are mutually exclusive
sflow-packets
Description Enable sFlow packet-level counter polling
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: sflow-packets and sflow-common are mutually exclusive
sflow-tcp
Description: sflow-tcp is a JSON Block. Please see below for dst_zone-list_port_zone-service-list_sflow-tcp
Type: Object
signature-extraction
Description: signature-extraction is a JSON Block. Please see below for dst_zone-list_port_zone-service-list_signature-extraction
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/signature-extraction
src-based-policy-list
Type: List
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/src-based-policy/{src-based-policy-name}
stateful
Description Enable stateful tracking of sessions (Default is stateless)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
topk-destinations
Description: topk-destinations is a JSON Block. Please see below for dst_zone-list_port_zone-service-list_topk-destinations
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/topk-destinations
topk-dst-num-records
Description Maximum number of records to show in topk
Type: number
Range: 1-100
Default: 20
topk-num-records
Description Maximum number of records to show in topk
Type: number
Range: 1-100
Default: 20
topk-sources
Description: topk-sources is a JSON Block. Please see below for dst_zone-list_port_zone-service-list_topk-sources
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/topk-sources
unlimited-dynamic-entry-count
Description No limit for maximum dynamic src entry count
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template
Description: zone-template is a JSON Block. Please see below for dst_zone-list_port_zone-service-list_zone-template
Type: Object
dst_zone-list_port_zone-service-list_pattern-recognition¶
Specification Value Type object algorithm
Description ‘heuristic’: heuristic algorithm;
Type: string
Supported Values: heuristic
app-payload-offset
Description Set offset of the payload
Type: number
Range: 0-1500
Default: 0
capture-traffic
Description ‘all’: Capture all packets; ‘dropped’: Capture dropped packets (default);
Type: string
Supported Values: all, dropped
filter-inactive-threshold
Description Extracted filter inactive threshold
Type: number
Range: 5-255
filter-threshold
Description Extracted filter threshold
Type: number
Range: 0-100
mode
Description ‘capture-never-expire’: War-time capture without rate exceeding and never expires; ‘manual’: Manual mode;
Type: string
Supported Values: capture-never-expire, manual
sensitivity
Description ‘high’: High Sensitivity; ‘medium’: Medium Sensitivity; ‘low’: Low Sensitivity;
Type: string
Supported Values: high, medium, low
triggered-by
Description ‘zone-escalation’: Zone escalation trigger pattern recognition; ‘packet-rate-exceeds’: Packet rate limit exceeds trigger pattern recognition (default);
Type: string
Supported Values: zone-escalation, packet-rate-exceeds
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_zone-list_port_zone-service-list_ips¶
Specification Value Type object sampling-enable
Type: Listuuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_zone-list_port_zone-service-list_ips_sampling-enable¶
Specification Value Type list Block object keys counters1
Description ‘all’: all; ‘ips_matched_total’: IPS Matched Total; ‘ips_matched_action_pass’: IPS Matched Action Pass; ‘ips_matched_action_drop’: IPS Matched Action Drop; ‘ips_matched_action_blacklist’: IPS Matched Action Blacklist; ‘ips_matched_severity_high’: IPS Matched Severity High; ‘ips_matched_severity_medium’: IPS Matched Severity Medium; ‘ips_matched_severity_low’: IPS Matched Severity Low; ‘src_ips_matched_action_pass’: Src IPS Matched Action Pass; ‘src_ips_matched_action_drop’: Src IPS Matched Action Drop; ‘src_ips_matched_action_blacklist’: Src IPS Matched Action Blacklist; ‘src_ips_matched_severity_high’: Src IPS Matched Severity High; ‘src_ips_matched_severity_medium’: Src IPS Matched Severity Medium; ‘src_ips_matched_severity_low’: Src IPS Matched Severity Low;
Type: string
Supported Values: all, ips_matched_total, ips_matched_action_pass, ips_matched_action_drop, ips_matched_action_blacklist, ips_matched_severity_high, ips_matched_severity_medium, ips_matched_severity_low, src_ips_matched_action_pass, src_ips_matched_action_drop, src_ips_matched_action_blacklist, src_ips_matched_severity_high, src_ips_matched_severity_medium, src_ips_matched_severity_low
dst_zone-list_port_zone-service-list_glid-cfg¶
Specification Value Type object action-list
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/action-list
glid
Description Global limit ID for the whole zone
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
glid-action
Description ‘drop’: Drop packets for glid exceed (Default if default-action-list is not configured); ‘ignore’: Do nothing for glid exceed;
Type: string
Supported Values: drop, ignore
per-addr-glid
Description Global limit ID per address
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
dst_zone-list_port_zone-service-list_zone-template¶
Specification Value Type object ips
Description IPS template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
dst_zone-list_port_zone-service-list_signature-extraction¶
Specification Value Type object algorithm
Description ‘heuristic’: heuristic algorithm;
Type: string
Supported Values: heuristic
manual-mode
Description Enable manual mode
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_zone-list_port_zone-service-list_level-list¶
Specification Value Type list Block object keys apply-extracted-filters
Description Apply extracted filters from this level
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
close-sessions-for-unauth-sources
Description Close session for unauthenticated sources
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid-action
Description ‘drop’: Drop packets for glid exceed (Default); ‘blacklist-src’: Blacklist-src for glid exceed; ‘ignore’: Do nothing for glid exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
indicator-list
Type: List
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/level/{level-num}/indicator/{type}
level-num
Description ‘0’: Default policy level; ‘1’: Policy level 1; ‘2’: Policy level 2; ‘3’: Policy level 3; ‘4’: Policy level 4;
Type: string
Supported Values: 0, 1, 2, 3, 4
src-default-glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
src-escalation-score
Description Source activation score of this level
Type: number
Range: 1-1000000
src-violation-actions
Description Violation actions apply due to source escalate from this level
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/violation-actions
start-pattern-recognition
Description Start pattern recognition from this level
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
start-signature-extraction
Description Start signature extraction from this level
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-escalation-score
Description Zone activation score of this level
Type: number
Range: 1-1000000
zone-template
Description: zone-template is a JSON Block. Please see below for dst_zone-list_port_zone-service-list_level-list_zone-template
Type: Object
zone-violation-actions
Description Violation actions apply due to zone escalate from this level
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/violation-actions
dst_zone-list_port_zone-service-list_level-list_zone-template¶
Specification Value Type object dns
Description DDOS dns template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
encap
Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
http
Description DDOS http template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
quic
Description DDOS quic template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
sip
Description DDOS sip template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
ssl-l4
Description DDOS ssl-l4 template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
tcp
Description DDOS tcp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
udp
Description DDOS udp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
dst_zone-list_port_zone-service-list_level-list_indicator-list¶
Specification Value Type list Block object keys data-packet-size
Description Expected minimal data size
Type: number
Range: 1-1500
score
Description Score corresponding to the indicator
Type: number
Range: 1-1000000
src-threshold-num
Description Indicator per-src threshold
Type: number
Range: 1-2147483647
src-threshold-str
Description Indicator per-src threshold (Non-zero floating point)
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
src-violation-actions
Description Violation actions to use when this src indicator threshold reaches
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/violation-actions
tcp-window-size
Description Expected minimal window size
Type: number
Range: 1-500
type
Description ‘pkt-rate’: rate of incoming packets; ‘pkt-drop-rate’: rate of packets got dropped; ‘bit-rate’: rate of incoming bits; ‘pkt-drop-ratio’: ratio of incoming packet rate divided by the rate of dropping packets; ‘bytes-to-bytes-from-ratio’: ratio of incoming packet rate divided by the rate of outgoing packets; ‘concurrent-conns’: number of concurrent connections; ‘conn-miss-rate’: rate of incoming packets for which no previously established connection exists; ‘syn-rate’: rate on incoming SYN packets; ‘fin-rate’: rate on incoming FIN packets; ‘rst-rate’: rate of incoming RST packets; ‘small-window-ack-rate’: rate of small window advertisement; ‘empty-ack-rate’: rate of incoming packets which have no payload; ‘small-payload-rate’: rate of short payload packet; ‘syn-fin-ratio’: ratio of incoming SYN packet rate divided by the rate of incoming FIN packets; ‘cpu-utilization’: average data CPU utilization; ‘interface-utilization’: outside interface utilization;
Type: string
Supported Values: pkt-rate, pkt-drop-rate, bit-rate, pkt-drop-ratio, bytes-to-bytes-from-ratio, concurrent-conns, conn-miss-rate, syn-rate, fin-rate, rst-rate, small-window-ack-rate, empty-ack-rate, small-payload-rate, syn-fin-ratio, cpu-utilization, interface-utilization
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-threshold-num
Description Threshold for the entire zone
Type: number
Range: 1-2147483647
zone-threshold-str
Description Threshold for the entire zone (Non-zero floating point)
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
zone-violation-actions
Description Violation actions to use when this zone indicator threshold reaches
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/violation-actions
dst_zone-list_port_zone-service-list_manual-mode-list¶
Specification Value Type list Block object keys close-sessions-for-unauth-sources
Description Close session for unauthenticated sources
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
config
Description ‘configuration’: Manual-mode configuration;
Type: string
Supported Values: configuration
glid-action
Description ‘drop’: Drop packets for glid exceed (Default); ‘blacklist-src’: Blacklist-src for glid exceed; ‘ignore’: Do nothing for glid exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
src-default-glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template
Description: zone-template is a JSON Block. Please see below for dst_zone-list_port_zone-service-list_manual-mode-list_zone-template
Type: Object
dst_zone-list_port_zone-service-list_manual-mode-list_zone-template¶
Specification Value Type object dns
Description DDOS dns template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
encap
Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
http
Description DDOS http template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
quic
Description DDOS quic template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
sip
Description DDOS sip template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
ssl-l4
Description DDOS ssl-l4 template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
tcp
Description DDOS tcp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
udp
Description DDOS udp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
dst_zone-list_port_zone-service-list_src-based-policy-list¶
Specification Value Type list Block object keys policy-class-list-list
src-based-policy-name
Description Specify name of the policy
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_zone-list_port_zone-service-list_src-based-policy-list_policy-class-list-list¶
Specification Value Type list Block object keys action
Description ‘bypass’: Always permit for the Source to bypass all feature & limit checks; ‘deny’: Blacklist incoming packets for service;
Type: string
Supported Values: bypass, deny
class-list-name
Description Class-list name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
class-list-overflow-policy-list
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
glid-action
Description ‘drop’: Drop packets for glid exceed (Default); ‘blacklist-src’: Blacklist-src for glid exceed; ‘ignore’: Do nothing for glid exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
log-enable
Description Enable logging
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
log-periodic
Description Enable log periodic
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
max-dynamic-entry-count
Description Maximum count for dynamic source zone service entry allowed for this class-list
Type: number
Range: 0-2147483647
sampling-enable
Type: Listuser-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template
Description: zone-template is a JSON Block. Please see below for dst_zone-list_port_zone-service-list_src-based-policy-list_policy-class-list-list_zone-template
Type: Object
dst_zone-list_port_zone-service-list_src-based-policy-list_policy-class-list-list_sampling-enable¶
Specification Value Type list Block object keys counters1
Description ‘all’: all; ‘packet_received’: Packets Received; ‘packet_dropped’: Packets Dropped; ‘entry_learned’: Entry Learned; ‘entry_count_overflow’: Entry Count Overflow;
Type: string
Supported Values: all, packet_received, packet_dropped, entry_learned, entry_count_overflow
dst_zone-list_port_zone-service-list_src-based-policy-list_policy-class-list-list_zone-template¶
Specification Value Type object dns
Description DDOS dns template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
encap
Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
http
Description DDOS http template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
ips
Description IPS template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
logging
Description DDOS logging template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
quic
Description DDOS quic template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
sip
Description DDOS sip template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
ssl-l4
Description DDOS ssl-l4 template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
tcp
Description DDOS tcp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
udp
Description DDOS udp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
dst_zone-list_port_zone-service-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list¶
Specification Value Type list Block object keys action
Description ‘bypass’: Always permit for the Source to bypass all feature & limit checks; ‘deny’: Blacklist incoming packets for service;
Type: string
Supported Values: bypass, deny
dummy-name
Description ‘configuration’: Configure overflow policy for class-list;
Type: string
Supported Values: configuration
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
log-enable
Description Enable logging
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
log-periodic
Description Enable log periodic
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template
Description: zone-template is a JSON Block. Please see below for dst_zone-list_port_zone-service-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list_zone-template
Type: Object
dst_zone-list_port_zone-service-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list_zone-template¶
Specification Value Type object dns
Description DDOS dns template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
encap
Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
http
Description DDOS http template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
logging
Description DDOS logging template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
quic
Description DDOS quic template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
sip
Description DDOS sip template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
ssl-l4
Description DDOS ssl-l4 template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
tcp
Description DDOS tcp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
udp
Description DDOS udp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
dst_zone-list_port_zone-service-list_pattern-recognition-pu-details¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_zone-list_port_zone-service-list_port-ind¶
Specification Value Type object sampling-enable
Type: Listuuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_zone-list_port_zone-service-list_port-ind_sampling-enable¶
Specification Value Type list Block object keys counters1
Description ‘all’: all; ‘ip-proto-type’: IP Protocol Type; ‘ddet_ind_pkt_rate_current’: Pkt Rate Current; ‘ddet_ind_pkt_rate_min’: Pkt Rate Min; ‘ddet_ind_pkt_rate_max’: Pkt Rate Max; ‘ddet_ind_pkt_rate_adaptive_threshold’: Pkt Rate Adaptive Threshold; ‘ddet_ind_pkt_drop_rate_current’: Pkt Drop Rate Current; ‘ddet_ind_pkt_drop_rate_min’: Pkt Drop Rate Min; ‘ddet_ind_pkt_drop_rate_max’: Pkt Drop Rate Max; ‘ddet_ind_pkt_drop_rate_adaptive_threshold’: Pkt Drop Rate Adaptive Threshold; ‘ddet_ind_syn_rate_current’: TCP SYN Rate Current; ‘ddet_ind_syn_rate_min’: TCP SYN Rate Min; ‘ddet_ind_syn_rate_max’: TCP SYN Rate Max; ‘ddet_ind_syn_rate_adaptive_threshold’: TCP SYN Rate Adaptive Threshold; ‘ddet_ind_fin_rate_current’: TCP FIN Rate Current; ‘ddet_ind_fin_rate_min’: TCP FIN Rate Min; ‘ddet_ind_fin_rate_max’: TCP FIN Rate Max; ‘ddet_ind_fin_rate_adaptive_threshold’: TCP FIN Rate Adaptive Threshold; ‘ddet_ind_rst_rate_current’: TCP RST Rate Current; ‘ddet_ind_rst_rate_min’: TCP RST Rate Min; ‘ddet_ind_rst_rate_max’: TCP RST Rate Max; ‘ddet_ind_rst_rate_adaptive_threshold’: TCP RST Rate Adaptive Threshold; ‘ddet_ind_small_window_ack_rate_current’: TCP Small Window ACK Rate Current; ‘ddet_ind_small_window_ack_rate_min’: TCP Small Window ACK Rate Min; ‘ddet_ind_small_window_ack_rate_max’: TCP Small Window ACK Rate Max; ‘ddet_ind_small_window_ack_rate_adaptive_threshold’: TCP Small Window ACK Rate Adaptive Threshold; ‘ddet_ind_empty_ack_rate_current’: TCP Empty ACK Rate Current; ‘ddet_ind_empty_ack_rate_min’: TCP Empty ACK Rate Min; ‘ddet_ind_empty_ack_rate_max’: TCP Empty ACK Rate Max; ‘ddet_ind_empty_ack_rate_adaptive_threshold’: TCP Empty ACK Rate Adaptive Threshold; ‘ddet_ind_small_payload_rate_current’: TCP Small Payload Rate Current; ‘ddet_ind_small_payload_rate_min’: TCP Small Payload Rate Min; ‘ddet_ind_small_payload_rate_max’: TCP Small Payload Rate Max; ‘ddet_ind_small_payload_rate_adaptive_threshold’: TCP Small Payload Rate Adaptive Threshold; ‘ddet_ind_pkt_drop_ratio_current’: Pkt Drop / Pkt Rcvd Current; ‘ddet_ind_pkt_drop_ratio_min’: Pkt Drop / Pkt Rcvd Min; ‘ddet_ind_pkt_drop_ratio_max’: Pkt Drop / Pkt Rcvd Max; ‘ddet_ind_pkt_drop_ratio_adaptive_threshold’: Pkt Drop / Pkt Rcvd Adaptive Threshold; ‘ddet_ind_inb_per_outb_current’: Bytes-to / Bytes-from Current; ‘ddet_ind_inb_per_outb_min’: Bytes-to / Bytes-from Min; ‘ddet_ind_inb_per_outb_max’: Bytes-to / Bytes-from Max; ‘ddet_ind_inb_per_outb_adaptive_threshold’: Bytes-to / Bytes-from Adaptive Threshold; ‘ddet_ind_syn_per_fin_rate_current’: TCP SYN Rate / FIN Rate Current; ‘ddet_ind_syn_per_fin_rate_min’: TCP SYN Rate / FIN Rate Min; ‘ddet_ind_syn_per_fin_rate_max’: TCP SYN Rate / FIN Rate Max; ‘ddet_ind_syn_per_fin_rate_adaptive_threshold’: TCP SYN Rate / FIN Rate Adaptive Threshold; ‘ddet_ind_conn_miss_rate_current’: TCP Session Miss Rate Current; ‘ddet_ind_conn_miss_rate_min’: TCP Session Miss Rate Min; ‘ddet_ind_conn_miss_rate_max’: TCP Session Miss Rate Max; ‘ddet_ind_conn_miss_rate_adaptive_threshold’: TCP Session Miss Rate Adaptive Threshold; ‘ddet_ind_concurrent_conns_current’: TCP/UDP Concurrent Sessions Current; ‘ddet_ind_concurrent_conns_min’: TCP/UDP Concurrent Sessions Min; ‘ddet_ind_concurrent_conns_max’: TCP/UDP Concurrent Sessions Max; ‘ddet_ind_concurrent_conns_adaptive_threshold’: TCP/UDP Concurrent Sessions Adaptive Threshold; ‘ddet_ind_data_cpu_util_current’: Data CPU Utilization Current; ‘ddet_ind_data_cpu_util_min’: Data CPU Utilization Min; ‘ddet_ind_data_cpu_util_max’: Data CPU Utilization Max; ‘ddet_ind_data_cpu_util_adaptive_threshold’: Data CPU Utilization Adaptive Threshold; ‘ddet_ind_outside_intf_util_current’: Outside Interface Utilization Current; ‘ddet_ind_outside_intf_util_min’: Outside Interface Utilization Min; ‘ddet_ind_outside_intf_util_max’: Outside Interface Utilization Max; ‘ddet_ind_outside_intf_util_adaptive_threshold’: Outside Interface Utilization Adaptive Threshold; ‘ddet_ind_frag_rate_current’: Frag Pkt Rate Current; ‘ddet_ind_frag_rate_min’: Frag Pkt Rate Min; ‘ddet_ind_frag_rate_max’: Frag Pkt Rate Max; ‘ddet_ind_frag_rate_adaptive_threshold’: Frag Pkt Rate Adaptive Threshold; ‘ddet_ind_bit_rate_current’: Bit Rate Current; ‘ddet_ind_bit_rate_min’: Bit Rate Min; ‘ddet_ind_bit_rate_max’: Bit Rate Max; ‘ddet_ind_bit_rate_adaptive_threshold’: Bit Rate Adaptive Threshold;
Type: string
Supported Values: all, ip-proto-type, ddet_ind_pkt_rate_current, ddet_ind_pkt_rate_min, ddet_ind_pkt_rate_max, ddet_ind_pkt_rate_adaptive_threshold, ddet_ind_pkt_drop_rate_current, ddet_ind_pkt_drop_rate_min, ddet_ind_pkt_drop_rate_max, ddet_ind_pkt_drop_rate_adaptive_threshold, ddet_ind_syn_rate_current, ddet_ind_syn_rate_min, ddet_ind_syn_rate_max, ddet_ind_syn_rate_adaptive_threshold, ddet_ind_fin_rate_current, ddet_ind_fin_rate_min, ddet_ind_fin_rate_max, ddet_ind_fin_rate_adaptive_threshold, ddet_ind_rst_rate_current, ddet_ind_rst_rate_min, ddet_ind_rst_rate_max, ddet_ind_rst_rate_adaptive_threshold, ddet_ind_small_window_ack_rate_current, ddet_ind_small_window_ack_rate_min, ddet_ind_small_window_ack_rate_max, ddet_ind_small_window_ack_rate_adaptive_threshold, ddet_ind_empty_ack_rate_current, ddet_ind_empty_ack_rate_min, ddet_ind_empty_ack_rate_max, ddet_ind_empty_ack_rate_adaptive_threshold, ddet_ind_small_payload_rate_current, ddet_ind_small_payload_rate_min, ddet_ind_small_payload_rate_max, ddet_ind_small_payload_rate_adaptive_threshold, ddet_ind_pkt_drop_ratio_current, ddet_ind_pkt_drop_ratio_min, ddet_ind_pkt_drop_ratio_max, ddet_ind_pkt_drop_ratio_adaptive_threshold, ddet_ind_inb_per_outb_current, ddet_ind_inb_per_outb_min, ddet_ind_inb_per_outb_max, ddet_ind_inb_per_outb_adaptive_threshold, ddet_ind_syn_per_fin_rate_current, ddet_ind_syn_per_fin_rate_min, ddet_ind_syn_per_fin_rate_max, ddet_ind_syn_per_fin_rate_adaptive_threshold, ddet_ind_conn_miss_rate_current, ddet_ind_conn_miss_rate_min, ddet_ind_conn_miss_rate_max, ddet_ind_conn_miss_rate_adaptive_threshold, ddet_ind_concurrent_conns_current, ddet_ind_concurrent_conns_min, ddet_ind_concurrent_conns_max, ddet_ind_concurrent_conns_adaptive_threshold, ddet_ind_data_cpu_util_current, ddet_ind_data_cpu_util_min, ddet_ind_data_cpu_util_max, ddet_ind_data_cpu_util_adaptive_threshold, ddet_ind_outside_intf_util_current, ddet_ind_outside_intf_util_min, ddet_ind_outside_intf_util_max, ddet_ind_outside_intf_util_adaptive_threshold, ddet_ind_frag_rate_current, ddet_ind_frag_rate_min, ddet_ind_frag_rate_max, ddet_ind_frag_rate_adaptive_threshold, ddet_ind_bit_rate_current, ddet_ind_bit_rate_min, ddet_ind_bit_rate_max, ddet_ind_bit_rate_adaptive_threshold
dst_zone-list_port_zone-service-list_sflow-tcp¶
Specification Value Type object sflow-tcp-basic
Description Enable sFlow basic TCP counter polling
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: sflow-tcp-basic and sflow-common are mutually exclusive
sflow-tcp-stateful
Description Enable sFlow stateful TCP counter polling
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: sflow-tcp-stateful and sflow-common are mutually exclusive
dst_zone-list_port_zone-service-list_topk-sources¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_zone-list_port_zone-service-list_dynamic-entry-overflow-policy-list¶
Specification Value Type list Block object keys action
Description ‘bypass’: Always permit for the Source to bypass all feature & limit checks; ‘deny’: Blacklist incoming packets for service;
Type: string
Supported Values: bypass, deny
dummy-name
Description ‘configuration’: Configure overflow policy;
Type: string
Supported Values: configuration
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
log-enable
Description Enable logging
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
log-periodic
Description Enable log periodic
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template
Description: zone-template is a JSON Block. Please see below for dst_zone-list_port_zone-service-list_dynamic-entry-overflow-policy-list_zone-template
Type: Object
dst_zone-list_port_zone-service-list_dynamic-entry-overflow-policy-list_zone-template¶
Specification Value Type object dns
Description DDOS dns template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
encap
Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
http
Description DDOS http template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
logging
Description DDOS logging template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
quic
Description DDOS quic template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
sip
Description DDOS sip template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
ssl-l4
Description DDOS ssl-l4 template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
tcp
Description DDOS tcp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
udp
Description DDOS udp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
dst_zone-list_port_zone-service-list_capture-config¶
Specification Value Type object capture-config-mode
Description ‘drop’: Apply capture-config to dropped packets; ‘forward’: Apply capture-config to forwarded packets; ‘all’: Apply capture-config to both dropped and forwarded packets;
Type: string
Supported Values: drop, forward, all
capture-config-name
Description Capture-config name
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
dst_zone-list_port_zone-service-list_topk-destinations¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_zone-list_port_zone-service-list_progression-tracking¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_zone-list_port_zone-service-other-list¶
Specification Value Type list Block object keys age
Description Idle age for ip entry
Type: number
Range: 2-1023
Default: 5
apply-policy-on-overflow
Description Enable this flag to apply overflow policy when dynamic entry count overflows
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
default-action-list
Description Configure default-action-list
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/action-list
deny
Description Blacklist and Drop all incoming packets for protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dynamic-entry-overflow-policy-list
enable-class-list-overflow
Description Apply class-list overflow policy upon exceeding dynamic entry count specified for this zone port or each class-list
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
enable-top-k
Description Enable ddos top-k source IP detection
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
enable-top-k-destination
Description Enable ddos top-k destination IP detection
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
faster-de-escalation
Description De-escalate faster in standalone mode
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid-cfg
Description: glid-cfg is a JSON Block. Please see below for dst_zone-list_port_zone-service-other-list_glid-cfg
Type: Object
level-list
Type: List
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}/level/{level-num}
manual-mode-enable
Description Toggle manual mode to use fix templates
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
manual-mode-list
Type: List
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}/manual-mode/{config}
max-dynamic-entry-count
Description Maximum count for dynamic source zone service entry
Type: number
Range: 0-2147483647
outbound-only
Description Only allow outbound traffic
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
pattern-recognition
Description: pattern-recognition is a JSON Block. Please see below for dst_zone-list_port_zone-service-other-list_pattern-recognition
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}/pattern-recognition
pattern-recognition-pu-details
Description: pattern-recognition-pu-details is a JSON Block. Please see below for dst_zone-list_port_zone-service-other-list_pattern-recognition-pu-details
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}/pattern-recognition-pu-details
port-ind
Description: port-ind is a JSON Block. Please see below for dst_zone-list_port_zone-service-other-list_port-ind
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}/port-ind
port-other
Description ‘other’: other;
Type: string
Supported Values: other
progression-tracking
Description: progression-tracking is a JSON Block. Please see below for dst_zone-list_port_zone-service-other-list_progression-tracking
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}/progression-tracking
protocol
Description ‘tcp’: TCP Port; ‘udp’: UDP Port;
Type: string
Supported Values: tcp, udp
set-counter-base-val
Description Set T2 counter value of current context to specified value
Type: number
Range: 1-4294967295
sflow-common
Description Enable all sFlow polling options under this zone port
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: sflow-common,sflow-packets, sflow-tcp-basic, and sflow-tcp-stateful are mutually exclusive
sflow-packets
Description Enable sFlow packet-level counter polling
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: sflow-packets and sflow-common are mutually exclusive
sflow-tcp
Description: sflow-tcp is a JSON Block. Please see below for dst_zone-list_port_zone-service-other-list_sflow-tcp
Type: Object
src-based-policy-list
stateful
Description Enable stateful tracking of sessions (Default is stateless)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
topk-destinations
Description: topk-destinations is a JSON Block. Please see below for dst_zone-list_port_zone-service-other-list_topk-destinations
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}/topk-destinations
topk-dst-num-records
Description Maximum number of records to show in topk
Type: number
Range: 1-100
Default: 20
topk-num-records
Description Maximum number of records to show in topk
Type: number
Range: 1-100
Default: 20
topk-sources
Description: topk-sources is a JSON Block. Please see below for dst_zone-list_port_zone-service-other-list_topk-sources
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}/topk-sources
unlimited-dynamic-entry-count
Description No limit for maximum dynamic src entry count
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_zone-list_port_zone-service-other-list_pattern-recognition¶
Specification Value Type object algorithm
Description ‘heuristic’: heuristic algorithm;
Type: string
Supported Values: heuristic
capture-traffic
Description ‘all’: Capture all packets; ‘dropped’: Capture dropped packets (default);
Type: string
Supported Values: all, dropped
filter-inactive-threshold
Description Extracted filter inactive threshold
Type: number
Range: 5-255
filter-threshold
Description Extracted filter threshold
Type: number
Range: 0-100
mode
Description ‘capture-never-expire’: War-time capture without rate exceeding and never expires; ‘manual’: Manual mode;
Type: string
Supported Values: capture-never-expire, manual
sensitivity
Description ‘high’: High Sensitivity; ‘medium’: Medium Sensitivity; ‘low’: Low Sensitivity;
Type: string
Supported Values: high, medium, low
triggered-by
Description ‘zone-escalation’: Zone escalation trigger pattern recognition; ‘packet-rate-exceeds’: Packet rate limit exceeds trigger pattern recognition (default);
Type: string
Supported Values: zone-escalation, packet-rate-exceeds
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_zone-list_port_zone-service-other-list_dynamic-entry-overflow-policy-list¶
Specification Value Type list Block object keys action
Description ‘bypass’: Always permit for the Source to bypass all feature & limit checks; ‘deny’: Blacklist incoming packets for service;
Type: string
Supported Values: bypass, deny
dummy-name
Description ‘configuration’: Configure overflow policy;
Type: string
Supported Values: configuration
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
log-enable
Description Enable logging
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
log-periodic
Description Enable log periodic
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template
Description: zone-template is a JSON Block. Please see below for dst_zone-list_port_zone-service-other-list_dynamic-entry-overflow-policy-list_zone-template
Type: Object
dst_zone-list_port_zone-service-other-list_dynamic-entry-overflow-policy-list_zone-template¶
Specification Value Type object dns
Description DDOS dns template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
encap
Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
http
Description DDOS http template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
logging
Description DDOS logging template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
sip
Description DDOS sip template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
ssl-l4
Description DDOS ssl-l4 template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
tcp
Description DDOS tcp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
udp
Description DDOS udp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
dst_zone-list_port_zone-service-other-list_glid-cfg¶
Specification Value Type object action-list
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/action-list
glid
Description Global limit ID for the whole zone
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
glid-action
Description ‘drop’: Drop packets for glid exceed (Default if default-action-list is not configured); ‘ignore’: Do nothing for glid exceed;
Type: string
Supported Values: drop, ignore
per-addr-glid
Description Global limit ID per address
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
dst_zone-list_port_zone-service-other-list_level-list¶
Specification Value Type list Block object keys apply-extracted-filters
Description Apply extracted filters from this level
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
close-sessions-for-unauth-sources
Description Close session for unauthenticated sources
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid-action
Description ‘drop’: Drop packets for glid exceed (Default); ‘blacklist-src’: Blacklist-src for glid exceed; ‘ignore’: Do nothing for glid exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
indicator-list
level-num
Description ‘0’: Default policy level; ‘1’: Policy level 1; ‘2’: Policy level 2; ‘3’: Policy level 3; ‘4’: Policy level 4;
Type: string
Supported Values: 0, 1, 2, 3, 4
src-default-glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
src-escalation-score
Description Source activation score of this level
Type: number
Range: 1-1000000
src-violation-actions
Description Violation actions apply due to source escalate from this level
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/violation-actions
start-pattern-recognition
Description Start pattern recognition from this level
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-escalation-score
Description Zone activation score of this level
Type: number
Range: 1-1000000
zone-template
Description: zone-template is a JSON Block. Please see below for dst_zone-list_port_zone-service-other-list_level-list_zone-template
Type: Object
zone-violation-actions
Description Violation actions apply due to zone escalate from this level
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/violation-actions
dst_zone-list_port_zone-service-other-list_level-list_zone-template¶
Specification Value Type object encap
Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
tcp
Description DDOS tcp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
udp
Description DDOS udp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
dst_zone-list_port_zone-service-other-list_level-list_indicator-list¶
Specification Value Type list Block object keys data-packet-size
Description Expected minimal data size
Type: number
Range: 1-1500
score
Description Score corresponding to the indicator
Type: number
Range: 1-1000000
src-threshold-num
Description Indicator per-src threshold
Type: number
Range: 1-2147483647
src-threshold-str
Description Indicator per-src threshold (Non-zero floating point)
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
src-violation-actions
Description Violation actions to use when this src indicator threshold reaches
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/violation-actions
tcp-window-size
Description Expected minimal window size
Type: number
Range: 1-500
type
Description ‘pkt-rate’: rate of incoming packets; ‘pkt-drop-rate’: rate of packets got dropped; ‘bit-rate’: rate of incoming bits; ‘pkt-drop-ratio’: ratio of incoming packet rate divided by the rate of dropping packets; ‘bytes-to-bytes-from-ratio’: ratio of incoming packet rate divided by the rate of outgoing packets; ‘concurrent-conns’: number of concurrent connections; ‘conn-miss-rate’: rate of incoming packets for which no previously established connection exists; ‘syn-rate’: rate on incoming SYN packets; ‘fin-rate’: rate on incoming FIN packets; ‘rst-rate’: rate of incoming RST packets; ‘small-window-ack-rate’: rate of small window advertisement; ‘empty-ack-rate’: rate of incoming packets which have no payload; ‘small-payload-rate’: rate of short payload packet; ‘syn-fin-ratio’: ratio of incoming SYN packet rate divided by the rate of incoming FIN packets; ‘cpu-utilization’: average data CPU utilization; ‘interface-utilization’: outside interface utilization;
Type: string
Supported Values: pkt-rate, pkt-drop-rate, bit-rate, pkt-drop-ratio, bytes-to-bytes-from-ratio, concurrent-conns, conn-miss-rate, syn-rate, fin-rate, rst-rate, small-window-ack-rate, empty-ack-rate, small-payload-rate, syn-fin-ratio, cpu-utilization, interface-utilization
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-threshold-num
Description Threshold for the entire zone
Type: number
Range: 1-2147483647
zone-threshold-str
Description Threshold for the entire zone (Non-zero floating point)
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
zone-violation-actions
Description Violation actions to use when this zone indicator threshold reaches
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/violation-actions
dst_zone-list_port_zone-service-other-list_manual-mode-list¶
Specification Value Type list Block object keys close-sessions-for-unauth-sources
Description Close session for unauthenticated sources
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
config
Description ‘configuration’: Manual-mode configuration;
Type: string
Supported Values: configuration
glid-action
Description ‘drop’: Drop packets for glid exceed (Default); ‘blacklist-src’: Blacklist-src for glid exceed; ‘ignore’: Do nothing for glid exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
src-default-glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template
Description: zone-template is a JSON Block. Please see below for dst_zone-list_port_zone-service-other-list_manual-mode-list_zone-template
Type: Object
dst_zone-list_port_zone-service-other-list_manual-mode-list_zone-template¶
Specification Value Type object encap
Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
tcp
Description DDOS tcp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
udp
Description DDOS udp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
dst_zone-list_port_zone-service-other-list_src-based-policy-list¶
Specification Value Type list Block object keys policy-class-list-list
src-based-policy-name
Description Specify name of the policy
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_zone-list_port_zone-service-other-list_src-based-policy-list_policy-class-list-list¶
Specification Value Type list Block object keys action
Description ‘bypass’: Always permit for the Source to bypass all feature & limit checks; ‘deny’: Blacklist incoming packets for service;
Type: string
Supported Values: bypass, deny
class-list-name
Description Class-list name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
class-list-overflow-policy-list
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
glid-action
Description ‘drop’: Drop packets for glid exceed (Default); ‘blacklist-src’: Blacklist-src for glid exceed; ‘ignore’: Do nothing for glid exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
max-dynamic-entry-count
Description Maximum count for dynamic source zone service entry allowed for this class-list
Type: number
Range: 0-2147483647
sampling-enable
Type: Listuser-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template
Description: zone-template is a JSON Block. Please see below for dst_zone-list_port_zone-service-other-list_src-based-policy-list_policy-class-list-list_zone-template
Type: Object
dst_zone-list_port_zone-service-other-list_src-based-policy-list_policy-class-list-list_zone-template¶
Specification Value Type object encap
Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
ips
Description IPS template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
logging
Description DDOS logging template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
tcp
Description DDOS tcp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
udp
Description DDOS udp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
dst_zone-list_port_zone-service-other-list_src-based-policy-list_policy-class-list-list_sampling-enable¶
Specification Value Type list Block object keys counters1
Description ‘all’: all; ‘packet_received’: Packets Received; ‘packet_dropped’: Packets Dropped; ‘entry_learned’: Entry Learned; ‘entry_count_overflow’: Entry Count Overflow;
Type: string
Supported Values: all, packet_received, packet_dropped, entry_learned, entry_count_overflow
dst_zone-list_port_zone-service-other-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list¶
Specification Value Type list Block object keys action
Description ‘bypass’: Always permit for the Source to bypass all feature & limit checks; ‘deny’: Blacklist incoming packets for service;
Type: string
Supported Values: bypass, deny
dummy-name
Description ‘configuration’: Configure overflow policy for class-list;
Type: string
Supported Values: configuration
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
log-enable
Description Enable logging
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
log-periodic
Description Enable log periodic
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template
Description: zone-template is a JSON Block. Please see below for dst_zone-list_port_zone-service-other-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list_zone-template
Type: Object
dst_zone-list_port_zone-service-other-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list_zone-template¶
Specification Value Type object dns
Description DDOS dns template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
encap
Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
http
Description DDOS http template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
logging
Description DDOS logging template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
sip
Description DDOS sip template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
ssl-l4
Description DDOS ssl-l4 template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
tcp
Description DDOS tcp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
udp
Description DDOS udp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
dst_zone-list_port_zone-service-other-list_pattern-recognition-pu-details¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_zone-list_port_zone-service-other-list_port-ind¶
Specification Value Type object sampling-enable
Type: Listuuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_zone-list_port_zone-service-other-list_port-ind_sampling-enable¶
Specification Value Type list Block object keys counters1
Description ‘all’: all; ‘ip-proto-type’: IP Protocol Type; ‘ddet_ind_pkt_rate_current’: Pkt Rate Current; ‘ddet_ind_pkt_rate_min’: Pkt Rate Min; ‘ddet_ind_pkt_rate_max’: Pkt Rate Max; ‘ddet_ind_pkt_rate_adaptive_threshold’: Pkt Rate Adaptive Threshold; ‘ddet_ind_pkt_drop_rate_current’: Pkt Drop Rate Current; ‘ddet_ind_pkt_drop_rate_min’: Pkt Drop Rate Min; ‘ddet_ind_pkt_drop_rate_max’: Pkt Drop Rate Max; ‘ddet_ind_pkt_drop_rate_adaptive_threshold’: Pkt Drop Rate Adaptive Threshold; ‘ddet_ind_syn_rate_current’: TCP SYN Rate Current; ‘ddet_ind_syn_rate_min’: TCP SYN Rate Min; ‘ddet_ind_syn_rate_max’: TCP SYN Rate Max; ‘ddet_ind_syn_rate_adaptive_threshold’: TCP SYN Rate Adaptive Threshold; ‘ddet_ind_fin_rate_current’: TCP FIN Rate Current; ‘ddet_ind_fin_rate_min’: TCP FIN Rate Min; ‘ddet_ind_fin_rate_max’: TCP FIN Rate Max; ‘ddet_ind_fin_rate_adaptive_threshold’: TCP FIN Rate Adaptive Threshold; ‘ddet_ind_rst_rate_current’: TCP RST Rate Current; ‘ddet_ind_rst_rate_min’: TCP RST Rate Min; ‘ddet_ind_rst_rate_max’: TCP RST Rate Max; ‘ddet_ind_rst_rate_adaptive_threshold’: TCP RST Rate Adaptive Threshold; ‘ddet_ind_small_window_ack_rate_current’: TCP Small Window ACK Rate Current; ‘ddet_ind_small_window_ack_rate_min’: TCP Small Window ACK Rate Min; ‘ddet_ind_small_window_ack_rate_max’: TCP Small Window ACK Rate Max; ‘ddet_ind_small_window_ack_rate_adaptive_threshold’: TCP Small Window ACK Rate Adaptive Threshold; ‘ddet_ind_empty_ack_rate_current’: TCP Empty ACK Rate Current; ‘ddet_ind_empty_ack_rate_min’: TCP Empty ACK Rate Min; ‘ddet_ind_empty_ack_rate_max’: TCP Empty ACK Rate Max; ‘ddet_ind_empty_ack_rate_adaptive_threshold’: TCP Empty ACK Rate Adaptive Threshold; ‘ddet_ind_small_payload_rate_current’: TCP Small Payload Rate Current; ‘ddet_ind_small_payload_rate_min’: TCP Small Payload Rate Min; ‘ddet_ind_small_payload_rate_max’: TCP Small Payload Rate Max; ‘ddet_ind_small_payload_rate_adaptive_threshold’: TCP Small Payload Rate Adaptive Threshold; ‘ddet_ind_pkt_drop_ratio_current’: Pkt Drop / Pkt Rcvd Current; ‘ddet_ind_pkt_drop_ratio_min’: Pkt Drop / Pkt Rcvd Min; ‘ddet_ind_pkt_drop_ratio_max’: Pkt Drop / Pkt Rcvd Max; ‘ddet_ind_pkt_drop_ratio_adaptive_threshold’: Pkt Drop / Pkt Rcvd Adaptive Threshold; ‘ddet_ind_inb_per_outb_current’: Bytes-to / Bytes-from Current; ‘ddet_ind_inb_per_outb_min’: Bytes-to / Bytes-from Min; ‘ddet_ind_inb_per_outb_max’: Bytes-to / Bytes-from Max; ‘ddet_ind_inb_per_outb_adaptive_threshold’: Bytes-to / Bytes-from Adaptive Threshold; ‘ddet_ind_syn_per_fin_rate_current’: TCP SYN Rate / FIN Rate Current; ‘ddet_ind_syn_per_fin_rate_min’: TCP SYN Rate / FIN Rate Min; ‘ddet_ind_syn_per_fin_rate_max’: TCP SYN Rate / FIN Rate Max; ‘ddet_ind_syn_per_fin_rate_adaptive_threshold’: TCP SYN Rate / FIN Rate Adaptive Threshold; ‘ddet_ind_conn_miss_rate_current’: TCP Session Miss Rate Current; ‘ddet_ind_conn_miss_rate_min’: TCP Session Miss Rate Min; ‘ddet_ind_conn_miss_rate_max’: TCP Session Miss Rate Max; ‘ddet_ind_conn_miss_rate_adaptive_threshold’: TCP Session Miss Rate Adaptive Threshold; ‘ddet_ind_concurrent_conns_current’: TCP/UDP Concurrent Sessions Current; ‘ddet_ind_concurrent_conns_min’: TCP/UDP Concurrent Sessions Min; ‘ddet_ind_concurrent_conns_max’: TCP/UDP Concurrent Sessions Max; ‘ddet_ind_concurrent_conns_adaptive_threshold’: TCP/UDP Concurrent Sessions Adaptive Threshold; ‘ddet_ind_data_cpu_util_current’: Data CPU Utilization Current; ‘ddet_ind_data_cpu_util_min’: Data CPU Utilization Min; ‘ddet_ind_data_cpu_util_max’: Data CPU Utilization Max; ‘ddet_ind_data_cpu_util_adaptive_threshold’: Data CPU Utilization Adaptive Threshold; ‘ddet_ind_outside_intf_util_current’: Outside Interface Utilization Current; ‘ddet_ind_outside_intf_util_min’: Outside Interface Utilization Min; ‘ddet_ind_outside_intf_util_max’: Outside Interface Utilization Max; ‘ddet_ind_outside_intf_util_adaptive_threshold’: Outside Interface Utilization Adaptive Threshold; ‘ddet_ind_frag_rate_current’: Frag Pkt Rate Current; ‘ddet_ind_frag_rate_min’: Frag Pkt Rate Min; ‘ddet_ind_frag_rate_max’: Frag Pkt Rate Max; ‘ddet_ind_frag_rate_adaptive_threshold’: Frag Pkt Rate Adaptive Threshold; ‘ddet_ind_bit_rate_current’: Bit Rate Current; ‘ddet_ind_bit_rate_min’: Bit Rate Min; ‘ddet_ind_bit_rate_max’: Bit Rate Max; ‘ddet_ind_bit_rate_adaptive_threshold’: Bit Rate Adaptive Threshold;
Type: string
Supported Values: all, ip-proto-type, ddet_ind_pkt_rate_current, ddet_ind_pkt_rate_min, ddet_ind_pkt_rate_max, ddet_ind_pkt_rate_adaptive_threshold, ddet_ind_pkt_drop_rate_current, ddet_ind_pkt_drop_rate_min, ddet_ind_pkt_drop_rate_max, ddet_ind_pkt_drop_rate_adaptive_threshold, ddet_ind_syn_rate_current, ddet_ind_syn_rate_min, ddet_ind_syn_rate_max, ddet_ind_syn_rate_adaptive_threshold, ddet_ind_fin_rate_current, ddet_ind_fin_rate_min, ddet_ind_fin_rate_max, ddet_ind_fin_rate_adaptive_threshold, ddet_ind_rst_rate_current, ddet_ind_rst_rate_min, ddet_ind_rst_rate_max, ddet_ind_rst_rate_adaptive_threshold, ddet_ind_small_window_ack_rate_current, ddet_ind_small_window_ack_rate_min, ddet_ind_small_window_ack_rate_max, ddet_ind_small_window_ack_rate_adaptive_threshold, ddet_ind_empty_ack_rate_current, ddet_ind_empty_ack_rate_min, ddet_ind_empty_ack_rate_max, ddet_ind_empty_ack_rate_adaptive_threshold, ddet_ind_small_payload_rate_current, ddet_ind_small_payload_rate_min, ddet_ind_small_payload_rate_max, ddet_ind_small_payload_rate_adaptive_threshold, ddet_ind_pkt_drop_ratio_current, ddet_ind_pkt_drop_ratio_min, ddet_ind_pkt_drop_ratio_max, ddet_ind_pkt_drop_ratio_adaptive_threshold, ddet_ind_inb_per_outb_current, ddet_ind_inb_per_outb_min, ddet_ind_inb_per_outb_max, ddet_ind_inb_per_outb_adaptive_threshold, ddet_ind_syn_per_fin_rate_current, ddet_ind_syn_per_fin_rate_min, ddet_ind_syn_per_fin_rate_max, ddet_ind_syn_per_fin_rate_adaptive_threshold, ddet_ind_conn_miss_rate_current, ddet_ind_conn_miss_rate_min, ddet_ind_conn_miss_rate_max, ddet_ind_conn_miss_rate_adaptive_threshold, ddet_ind_concurrent_conns_current, ddet_ind_concurrent_conns_min, ddet_ind_concurrent_conns_max, ddet_ind_concurrent_conns_adaptive_threshold, ddet_ind_data_cpu_util_current, ddet_ind_data_cpu_util_min, ddet_ind_data_cpu_util_max, ddet_ind_data_cpu_util_adaptive_threshold, ddet_ind_outside_intf_util_current, ddet_ind_outside_intf_util_min, ddet_ind_outside_intf_util_max, ddet_ind_outside_intf_util_adaptive_threshold, ddet_ind_frag_rate_current, ddet_ind_frag_rate_min, ddet_ind_frag_rate_max, ddet_ind_frag_rate_adaptive_threshold, ddet_ind_bit_rate_current, ddet_ind_bit_rate_min, ddet_ind_bit_rate_max, ddet_ind_bit_rate_adaptive_threshold
dst_zone-list_port_zone-service-other-list_sflow-tcp¶
Specification Value Type object sflow-tcp-basic
Description Enable sFlow basic TCP counter polling
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: sflow-tcp-basic and sflow-common are mutually exclusive
sflow-tcp-stateful
Description Enable sFlow stateful TCP counter polling
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: sflow-tcp-stateful and sflow-common are mutually exclusive
dst_zone-list_port_zone-service-other-list_topk-sources¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_zone-list_port_zone-service-other-list_topk-destinations¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_zone-list_port_zone-service-other-list_progression-tracking¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dst_zone-list_ipv6¶
Specification Value Type list Block object keys expand-ipv6-subnet
Description Expand this subnet to individual IPv6 address
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
expand-ipv6-subnet-mode
Description ‘default’: Default learning mechanism (Default: Dynamic); ‘dynamic’: Dynamic learning; ‘static’: Static learning;
Type: string
Supported Values: default, dynamic, static
Default: default
ip6-addr
Description Specify IPv6 address
Type: string
Format: ipv6-address
subnet-ipv6-addr
Description IPV6 Subnet
Type: string
Format: ipv6-address-plen
dst_zone-list_src-port-range-list¶
Specification Value Type list Block object keys capture-config
Description: capture-config is a JSON Block. Please see below for dst_zone-list_src-port-range-list_capture-config
Type: Object
default-action-list
Description Configure default-action-list
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/action-list
deny
Description Blacklist and Drop all incoming packets for protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid-cfg
Description: glid-cfg is a JSON Block. Please see below for dst_zone-list_src-port-range-list_glid-cfg
Type: Object
protocol
Description ‘udp’: UDP port; ‘tcp’: TCP Port;
Type: string
Supported Values: udp, tcp
set-counter-base-val
Description Set T2 counter value of current context to specified value
Type: number
Range: 1-4294967295
src-port-range-end
Description Src Port-Range End Port Number
Type: number
Range: 2-65535
src-port-range-start
Description Src Port-Range Start Port Number
Type: number
Range: 1-65535
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template
Description: zone-template is a JSON Block. Please see below for dst_zone-list_src-port-range-list_zone-template
Type: Object
dst_zone-list_src-port-range-list_capture-config¶
Specification Value Type object capture-config-mode
Description ‘drop’: Apply capture-config to dropped packets; ‘forward’: Apply capture-config to forwarded packets; ‘all’: Apply capture-config to both dropped and forwarded packets;
Type: string
Supported Values: drop, forward, all
capture-config-name
Description Capture-config name
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
dst_zone-list_src-port-range-list_glid-cfg¶
Specification Value Type object glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
glid-action
Description ‘drop’: Drop packets for glid exceed (Default); ‘ignore’: Do nothing for glid exceed;
Type: string
Supported Values: drop, ignore
dst_zone-list_src-port-range-list_zone-template¶
Specification Value Type object src-tcp
Description DDOS tcp src template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
src-udp
Description DDOS udp src template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
dst_zone-list_sflow-tcp¶
Specification Value Type object sflow-tcp-basic
Description Enable sFlow basic TCP counter polling. WARNING: Zone level Sflow polling might induce heavy CPU load depending on the total nu
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: sflow-tcp-basic and sflow-common are mutually exclusive
sflow-tcp-stateful
Description Enable sFlow stateful TCP counter polling. WARNING: Zone level Sflow polling might induce heavy CPU load depending on the total
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: sflow-tcp-stateful and sflow-common are mutually exclusive
dst_zone-list_src-port¶
Specification Value Type object zone-src-port-list
Type: List
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/src-port/zone-src-port/{port-num}+{protocol}
zone-src-port-other-list
Type: List
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/src-port/zone-src-port-other/{port-other}+{protocol}
dst_zone-list_src-port_zone-src-port-list¶
Specification Value Type list Block object keys default-action-list
Description Configure default-action-list
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/action-list
deny
Description Blacklist and Drop all incoming packets for protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid-cfg
Description: glid-cfg is a JSON Block. Please see below for dst_zone-list_src-port_zone-src-port-list_glid-cfg
Type: Object
outbound-src-tracking
Description ‘enable’: enable; ‘disable’: disable;
Type: string
Supported Values: enable, disable
Default: disable
port-num
Description Source Port Number
Type: number
Range: 1-65535
protocol
Description ‘dns-udp’: DNS-UDP Port; ‘dns-tcp’: DNS-TCP Port; ‘udp’: UDP port; ‘tcp’: TCP Port;
Type: string
Supported Values: dns-udp, dns-tcp, udp, tcp
set-counter-base-val
Description Set T2 counter value of current context to specified value
Type: number
Range: 1-4294967295
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template
Description: zone-template is a JSON Block. Please see below for dst_zone-list_src-port_zone-src-port-list_zone-template
Type: Object
dst_zone-list_src-port_zone-src-port-list_glid-cfg¶
Specification Value Type object glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
glid-action
Description ‘drop’: Drop packets for glid exceed (Default); ‘ignore’: Do nothing for glid exceed;
Type: string
Supported Values: drop, ignore
dst_zone-list_src-port_zone-src-port-list_zone-template¶
Specification Value Type object src-dns
Description DDOS dns src template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
src-tcp
Description DDOS tcp src template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
src-udp
Description DDOS udp src template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
dst_zone-list_src-port_zone-src-port-other-list¶
Specification Value Type list Block object keys default-action-list
Description Configure default-action-list
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/action-list
deny
Description Blacklist and Drop all incoming packets for protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid-cfg
Description: glid-cfg is a JSON Block. Please see below for dst_zone-list_src-port_zone-src-port-other-list_glid-cfg
Type: Object
port-other
Description ‘other’: other;
Type: string
Supported Values: other
protocol
Description ‘udp’: UDP port; ‘tcp’: TCP Port;
Type: string
Supported Values: udp, tcp
set-counter-base-val
Description Set T2 counter value of current context to specified value
Type: number
Range: 1-4294967295
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template
Description: zone-template is a JSON Block. Please see below for dst_zone-list_src-port_zone-src-port-other-list_zone-template
Type: Object
dst_zone-list_src-port_zone-src-port-other-list_glid-cfg¶
Specification Value Type object glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
glid-action
Description ‘drop’: Drop packets for glid exceed (Default); ‘ignore’: Do nothing for glid exceed;
Type: string
Supported Values: drop, ignore
dst_zone-list_src-port_zone-src-port-other-list_zone-template¶
Specification Value Type object src-tcp
Description DDOS tcp src template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
src-udp
Description DDOS udp src template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
dst_zone-list_sampling-enable¶
Specification Value Type list Block object keys counters1
Description ‘all’: all; ‘zone_tcp_any_exceed’: TCP Dst IP-Proto Rate: Total Exceeded; ‘zone_tcp_pkt_rate_exceed’: TCP Dst IP-Proto Rate: Packet Exceeded; ‘zone_tcp_conn_rate_exceed’: TCP Dst IP-Proto Rate: Conn Exceeded; ‘zone_udp_any_exceed’: UDP Dst IP-Proto Rate: Total Exceeded; ‘zone_udp_pkt_rate_exceed’: UDP Dst IP-Proto Rate: Packet Exceeded; ‘zone_udp_conn_limit_exceed’: UDP Dst IP-Proto Limit: Conn Exceeded; ‘zone_udp_conn_rate_exceed’: UDP Dst IP-Proto Rate: Conn Exceeded; ‘zone_icmp_pkt_rate_exceed’: ICMP Dst Rate: Packet Exceeded; ‘zone_other_pkt_rate_exceed’: OTHER Dst IP-Proto Rate: Packet Exceeded; ‘zone_other_frag_pkt_rate_exceed’: OTHER Dst IP-Proto Rate: Frag Exceeded; ‘zone_port_pkt_rate_exceed’: Port Rate: Packet Exceeded; ‘zone_port_conn_limit_exceed’: Port Limit: Conn Exceeded; ‘zone_port_conn_rate_exceed’: Port Rate: Conn Exceeded; ‘zone_pkt_sent’: Inbound: Packets Forwarded; ‘zone_udp_pkt_sent’: UDP Total Packets Forwarded; ‘zone_tcp_pkt_sent’: TCP Total Packets Forwarded; ‘zone_icmp_pkt_sent’: ICMP Total Packets Forwarded; ‘zone_other_pkt_sent’: OTHER Total Packets Forwarded; ‘zone_tcp_conn_limit_exceed’: TCP Dst IP-Proto Limit: Conn Exceeded; ‘zone_tcp_pkt_rcvd’: TCP Total Packets Received; ‘zone_udp_pkt_rcvd’: UDP Total Packets Received; ‘zone_icmp_pkt_rcvd’: ICMP Total Packets Received; ‘zone_other_pkt_rcvd’: OTHER Total Packets Received; ‘zone_udp_filter_match’: UDP Filter Match; ‘zone_udp_filter_not_match’: UDP Filter Not Matched on Pkt; ‘zone_udp_filter_action_blacklist’: UDP Filter Action Blacklist; ‘zone_udp_filter_action_drop’: UDP Filter Action Drop; ‘zone_tcp_syn’: TCP Total SYN Received; ‘zone_tcp_syn_drop’: TCP SYN Packets Dropped; ‘zone_tcp_src_rate_drop’: TCP Src Rate: Total Exceeded; ‘zone_udp_src_rate_drop’: UDP Src Rate: Total Exceeded; ‘zone_icmp_src_rate_drop’: ICMP Src Rate: Total Exceeded; ‘zone_other_frag_src_rate_drop’: OTHER Src Rate: Frag Exceeded; ‘zone_other_src_rate_drop’: OTHER Src Rate: Total Exceeded; ‘zone_tcp_drop’: TCP Total Packets Dropped; ‘zone_udp_drop’: UDP Total Packets Dropped; ‘zone_icmp_drop’: ICMP Total Packets Dropped; ‘zone_frag_drop’: Fragmented Packets Dropped; ‘zone_other_drop’: OTHER Total Packets Dropped; ‘zone_tcp_auth’: TCP Auth: SYN Cookie Sent; ‘zone_udp_filter_action_default_pass’: UDP Filter Action Default Pass; ‘zone_tcp_filter_match’: TCP Filter Match; ‘zone_tcp_filter_not_match’: TCP Filter Not Matched on Pkt; ‘zone_tcp_filter_action_blacklist’: TCP Filter Action Blacklist; ‘zone_tcp_filter_action_drop’: TCP Filter Action Drop; ‘zone_tcp_filter_action_default_pass’: TCP Filter Action Default Pass; ‘zone_udp_filter_action_whitelist’: UDP Filter Action WL; ‘zone_over_limit_on’: Zone overlimit Trigger ON; ‘zone_over_limit_off’: Zone overlimit Trigger OFF; ‘zone_port_over_limit_on’: Zone port overlimit Trigger ON; ‘zone_port_over_limit_off’: Zone port overlimit Trigger OFF; ‘zone_over_limit_action’: Zone overlimit action; ‘zone_port_over_limit_action’: Zone port overlimit action; ‘scanning_detected_drop’: Scanning Detected drop (deprecated); ‘scanning_detected_blacklist’: Scanning Detected blacklist (deprecated); ‘zone_udp_kibit_rate_drop’: UDP Dst IP-Proto Rate: KiBit Exceeded; ‘zone_tcp_kibit_rate_drop’: TCP Dst IP-Proto Rate: KiBit Exceeded; ‘zone_icmp_kibit_rate_drop’: ICMP Dst Rate: KiBit Exceeded; ‘zone_other_kibit_rate_drop’: OTHER Dst IP-Proto Rate: KiBit Exceeded; ‘zone_port_undef_drop’: Dst Port Undefined Dropped; ‘zone_port_bl’: Dst Port Blacklist Packets Dropped; ‘zone_src_port_bl’: Dst SrcPort Blacklist Packets Dropped; ‘zone_port_kbit_rate_exceed’: Port Rate: KiBit Exceeded; ‘zone_tcp_src_drop’: TCP Src Packets Dropped; ‘zone_udp_src_drop’: UDP Src Packets Dropped; ‘zone_icmp_src_drop’: ICMP Src Packets Dropped; ‘zone_other_src_drop’: OTHER Src Packets Dropped; ‘tcp_syn_rcvd’: TCP Inbound SYN Received; ‘tcp_syn_ack_rcvd’: TCP SYN ACK Received; ‘tcp_ack_rcvd’: TCP ACK Received; ‘tcp_fin_rcvd’: TCP FIN Received; ‘tcp_rst_rcvd’: TCP RST Received; ‘ingress_bytes’: Inbound: Bytes Received; ‘egress_bytes’: Outbound: Bytes Received; ‘ingress_packets’: Inbound: Packets Received; ‘egress_packets’: Outbound: Packets Received; ‘tcp_fwd_recv’: TCP Inbound Packets Received; ‘udp_fwd_recv’: UDP Inbound Packets Received; ‘icmp_fwd_recv’: ICMP Inbound Packets Received; ‘tcp_syn_cookie_fail’: TCP Auth: SYN Cookie Failed; ‘zone_tcp_session_created’: TCP Sessions Created; ‘zone_udp_session_created’: UDP Sessions Created; ‘zone_tcp_filter_action_whitelist’: TCP Filter Action WL; ‘zone_other_filter_match’: OTHER Filter Match; ‘zone_other_filter_not_match’: OTHER Filter Not Matched on Pkt; ‘zone_other_filter_action_blacklist’: OTHER Filter Action Blacklist; ‘zone_other_filter_action_drop’: OTHER Filter Action Drop; ‘zone_other_filter_action_whitelist’: OTHER Filter Action WL; ‘zone_other_filter_action_default_pass’: OTHER Filter Action Default Pass; ‘zone_blackhole_inject’: Dst Blackhole Inject; ‘zone_blackhole_withdraw’: Dst Blackhole Withdraw; ‘zone_tcp_out_of_seq_excd’: TCP Out-Of-Seq Exceeded; ‘zone_tcp_retransmit_excd’: TCP Retransmit Exceeded; ‘zone_tcp_zero_window_excd’: TCP Zero-Window Exceeded; ‘zone_tcp_conn_prate_excd’: TCP Rate: Conn Pkt Exceeded; ‘zone_tcp_action_on_ack_init’: TCP Auth: ACK Retry Init; ‘zone_tcp_action_on_ack_gap_drop’: TCP Auth: ACK Retry Retry-Gap Dropped; ‘zone_tcp_action_on_ack_fail’: TCP Auth: ACK Retry Dropped; ‘zone_tcp_action_on_ack_pass’: TCP Auth: ACK Retry Passed; ‘zone_tcp_action_on_syn_init’: TCP Auth: SYN Retry Init; ‘zone_tcp_action_on_syn_gap_drop’: TCP Auth: SYN Retry-Gap Dropped; ‘zone_tcp_action_on_syn_fail’: TCP Auth: SYN Retry Dropped; ‘zone_tcp_action_on_syn_pass’: TCP Auth: SYN Retry Passed; ‘zone_payload_too_small’: UDP Payload Too Small; ‘zone_payload_too_big’: UDP Payload Too Large; ‘zone_udp_conn_prate_excd’: UDP Rate: Conn Pkt Exceeded; ‘zone_udp_ntp_monlist_req’: UDP NTP Monlist Request; ‘zone_udp_ntp_monlist_resp’: UDP NTP Monlist Response; ‘zone_udp_wellknown_sport_drop’: UDP SrcPort Wellknown; ‘zone_udp_retry_init’: UDP Auth: Retry Init; ‘zone_udp_retry_pass’: UDP Auth: Retry Passed; ‘zone_tcp_bytes_drop’: TCP Total Bytes Dropped; ‘zone_udp_bytes_drop’: UDP Total Bytes Dropped; ‘zone_icmp_bytes_drop’: ICMP Total Bytes Dropped; ‘zone_other_bytes_drop’: OTHER Total Bytes Dropped; ‘zone_out_no_route’: Dst IPv4/v6 Out No Route; ‘outbound_bytes_sent’: Outbound: Bytes Forwarded; ‘outbound_drop’: Outbound: Packets Dropped; ‘outbound_bytes_drop’: Outbound: Bytes Dropped; ‘outbound_pkt_sent’: Outbound: Packets Forwarded; ‘inbound_bytes_sent’: Inbound: Bytes Forwarded; ‘inbound_bytes_drop’: Inbound: Bytes Dropped; ‘zone_src_port_pkt_rate_exceed’: SrcPort Rate: Packet Exceeded; ‘zone_src_port_kbit_rate_exceed’: SrcPort Rate: KiBit Exceeded; ‘zone_src_port_conn_limit_exceed’: SrcPort Limit: Conn Exceeded; ‘zone_src_port_conn_rate_exceed’: SrcPort Rate: Conn Exceeded; ‘zone_ip_proto_pkt_rate_exceed’: IP-Proto Rate: Packet Exceeded; ‘zone_ip_proto_kbit_rate_exceed’: IP-Proto Rate: KiBit Exceeded; ‘zone_tcp_port_any_exceed’: TCP Port Rate: Total Exceed; ‘zone_udp_port_any_exceed’: UDP Port Rate: Total Exceed; ‘zone_tcp_auth_pass’: TCP Auth: SYN Auth Passed; ‘zone_tcp_rst_cookie_fail’: TCP Auth: RST Cookie Failed; ‘zone_tcp_unauth_drop’: TCP Auth: Unauth Dropped; ‘src_tcp_syn_auth_fail’: Src TCP Auth: SYN Auth Failed; ‘src_tcp_syn_cookie_sent’: Src TCP Auth: SYN Cookie Sent; ‘src_tcp_syn_cookie_fail’: Src TCP Auth: SYN Cookie Failed; ‘src_tcp_rst_cookie_fail’: Src TCP Auth: RST Cookie Failed;
Type: string
Supported Values: all, zone_tcp_any_exceed, zone_tcp_pkt_rate_exceed, zone_tcp_conn_rate_exceed, zone_udp_any_exceed, zone_udp_pkt_rate_exceed, zone_udp_conn_limit_exceed, zone_udp_conn_rate_exceed, zone_icmp_pkt_rate_exceed, zone_other_pkt_rate_exceed, zone_other_frag_pkt_rate_exceed, zone_port_pkt_rate_exceed, zone_port_conn_limit_exceed, zone_port_conn_rate_exceed, zone_pkt_sent, zone_udp_pkt_sent, zone_tcp_pkt_sent, zone_icmp_pkt_sent, zone_other_pkt_sent, zone_tcp_conn_limit_exceed, zone_tcp_pkt_rcvd, zone_udp_pkt_rcvd, zone_icmp_pkt_rcvd, zone_other_pkt_rcvd, zone_udp_filter_match, zone_udp_filter_not_match, zone_udp_filter_action_blacklist, zone_udp_filter_action_drop, zone_tcp_syn, zone_tcp_syn_drop, zone_tcp_src_rate_drop, zone_udp_src_rate_drop, zone_icmp_src_rate_drop, zone_other_frag_src_rate_drop, zone_other_src_rate_drop, zone_tcp_drop, zone_udp_drop, zone_icmp_drop, zone_frag_drop, zone_other_drop, zone_tcp_auth, zone_udp_filter_action_default_pass, zone_tcp_filter_match, zone_tcp_filter_not_match, zone_tcp_filter_action_blacklist, zone_tcp_filter_action_drop, zone_tcp_filter_action_default_pass, zone_udp_filter_action_whitelist, zone_over_limit_on, zone_over_limit_off, zone_port_over_limit_on, zone_port_over_limit_off, zone_over_limit_action, zone_port_over_limit_action, scanning_detected_drop, scanning_detected_blacklist, zone_udp_kibit_rate_drop, zone_tcp_kibit_rate_drop, zone_icmp_kibit_rate_drop, zone_other_kibit_rate_drop, zone_port_undef_drop, zone_port_bl, zone_src_port_bl, zone_port_kbit_rate_exceed, zone_tcp_src_drop, zone_udp_src_drop, zone_icmp_src_drop, zone_other_src_drop, tcp_syn_rcvd, tcp_syn_ack_rcvd, tcp_ack_rcvd, tcp_fin_rcvd, tcp_rst_rcvd, ingress_bytes, egress_bytes, ingress_packets, egress_packets, tcp_fwd_recv, udp_fwd_recv, icmp_fwd_recv, tcp_syn_cookie_fail, zone_tcp_session_created, zone_udp_session_created, zone_tcp_filter_action_whitelist, zone_other_filter_match, zone_other_filter_not_match, zone_other_filter_action_blacklist, zone_other_filter_action_drop, zone_other_filter_action_whitelist, zone_other_filter_action_default_pass, zone_blackhole_inject, zone_blackhole_withdraw, zone_tcp_out_of_seq_excd, zone_tcp_retransmit_excd, zone_tcp_zero_window_excd, zone_tcp_conn_prate_excd, zone_tcp_action_on_ack_init, zone_tcp_action_on_ack_gap_drop, zone_tcp_action_on_ack_fail, zone_tcp_action_on_ack_pass, zone_tcp_action_on_syn_init, zone_tcp_action_on_syn_gap_drop, zone_tcp_action_on_syn_fail, zone_tcp_action_on_syn_pass, zone_payload_too_small, zone_payload_too_big, zone_udp_conn_prate_excd, zone_udp_ntp_monlist_req, zone_udp_ntp_monlist_resp, zone_udp_wellknown_sport_drop, zone_udp_retry_init, zone_udp_retry_pass, zone_tcp_bytes_drop, zone_udp_bytes_drop, zone_icmp_bytes_drop, zone_other_bytes_drop, zone_out_no_route, outbound_bytes_sent, outbound_drop, outbound_bytes_drop, outbound_pkt_sent, inbound_bytes_sent, inbound_bytes_drop, zone_src_port_pkt_rate_exceed, zone_src_port_kbit_rate_exceed, zone_src_port_conn_limit_exceed, zone_src_port_conn_rate_exceed, zone_ip_proto_pkt_rate_exceed, zone_ip_proto_kbit_rate_exceed, zone_tcp_port_any_exceed, zone_udp_port_any_exceed, zone_tcp_auth_pass, zone_tcp_rst_cookie_fail, zone_tcp_unauth_drop, src_tcp_syn_auth_fail, src_tcp_syn_cookie_sent, src_tcp_syn_cookie_fail, src_tcp_rst_cookie_fail
counters2
Description ‘src_tcp_unauth_drop’: Src TCP Auth: Unauth Dropped; ‘src_tcp_action_on_syn_init’: Src TCP Auth: SYN Retry Init; ‘src_tcp_action_on_syn_gap_drop’: Src TCP Auth: SYN Retry-Gap Dropped; ‘src_tcp_action_on_syn_fail’: Src TCP Auth: SYN Retry Dropped; ‘src_tcp_action_on_ack_init’: Src TCP Auth: ACK Retry Init; ‘src_tcp_action_on_ack_gap_drop’: Src TCP Auth: ACK Retry Retry-Gap Dropped; ‘src_tcp_action_on_ack_fail’: Src TCP Auth: ACK Retry Dropped; ‘src_tcp_out_of_seq_excd’: Src TCP Out-Of-Seq Exceeded; ‘src_tcp_retransmit_excd’: Src TCP Retransmit Exceeded; ‘src_tcp_zero_window_excd’: Src TCP Zero-Window Exceeded; ‘src_tcp_conn_prate_excd’: Src TCP Rate: Conn Pkt Exceeded; ‘src_udp_min_payload’: Src UDP Payload Too Small; ‘src_udp_max_payload’: Src UDP Payload Too Large; ‘src_udp_conn_prate_excd’: Src UDP Rate: Conn Pkt Exceeded; ‘src_udp_ntp_monlist_req’: Src UDP NTP Monlist Request; ‘src_udp_ntp_monlist_resp’: Src UDP NTP Monlist Response; ‘src_udp_wellknown_sport_drop’: Src UDP SrcPort Wellknown; ‘src_udp_retry_init’: Src UDP Auth: Retry Init; ‘dst_udp_retry_gap_drop’: UDP Auth: Retry-Gap Dropped; ‘dst_udp_retry_fail’: UDP Auth: Retry Timeout; ‘dst_tcp_session_aged’: TCP Sessions Aged; ‘dst_udp_session_aged’: UDP Sessions Aged; ‘dst_tcp_conn_close’: TCP Connections Closed; ‘dst_tcp_conn_close_half_open’: TCP Half Open Connections Closed; ‘dst_drop_frag_pkt’: Fragmented Packets Dropped; ‘src_tcp_filter_action_blacklist’: Src TCP Filter Action Blacklist; ‘src_tcp_filter_action_whitelist’: Src TCP Filter Action WL; ‘src_tcp_filter_action_drop’: Src TCP Filter Action Drop; ‘src_tcp_filter_action_default_pass’: Src TCP Filter Action Default Pass; ‘src_udp_filter_action_blacklist’: Src UDP Filter Action Blacklist; ‘src_udp_filter_action_whitelist’: Src UDP Filter Action WL; ‘src_udp_filter_action_drop’: Src UDP Filter Action Drop; ‘src_udp_filter_action_default_pass’: Src UDP Filter Action Default Pass; ‘src_other_filter_action_blacklist’: Src OTHER Filter Action Blacklist; ‘src_other_filter_action_whitelist’: Src OTHER Filter Action WL; ‘src_other_filter_action_drop’: Src OTHER Filter Action Drop; ‘src_other_filter_action_default_pass’: Src OTHER Filter Action Default Pass; ‘tcp_invalid_syn’: TCP Invalid SYN Received; ‘dst_tcp_conn_close_w_rst’: TCP RST Connections Closed; ‘dst_tcp_conn_close_w_fin’: TCP FIN Connections Closed; ‘dst_tcp_conn_close_w_idle’: TCP Idle Connections Closed; ‘dst_tcp_conn_create_from_syn’: TCP Connections Created From SYN; ‘dst_tcp_conn_create_from_ack’: TCP Connections Created From ACK; ‘src_frag_drop’: Src Fragmented Packets Dropped; ‘zone_port_kbit_rate_exceed_pkt’: Port Rate: KiBit Pkt Exceeded; ‘dst_tcp_bytes_rcv’: TCP Total Bytes Received; ‘dst_udp_bytes_rcv’: UDP Total Bytes Received; ‘dst_icmp_bytes_rcv’: ICMP Total Bytes Received; ‘dst_other_bytes_rcv’: OTHER Total Bytes Received; ‘dst_tcp_bytes_sent’: TCP Total Bytes Forwarded; ‘dst_udp_bytes_sent’: UDP Total Bytes Forwarded; ‘dst_icmp_bytes_sent’: ICMP Total Bytes Forwarded; ‘dst_other_bytes_sent’: OTHER Total Bytes Forwarded; ‘dst_udp_auth_drop’: UDP Auth: Dropped; ‘dst_tcp_auth_drop’: TCP Auth: Dropped; ‘dst_tcp_auth_resp’: TCP Auth: Responded; ‘dst_drop’: Inbound: Packets Dropped; ‘dst_entry_pkt_rate_exceed’: Entry Rate: Packet Exceeded; ‘dst_entry_kbit_rate_exceed’: Entry Rate: KiBit Exceeded; ‘dst_entry_conn_limit_exceed’: Entry Limit: Conn Exceeded; ‘dst_entry_conn_rate_exceed’: Entry Rate: Conn Exceeded; ‘dst_entry_frag_pkt_rate_exceed’: Entry Rate: Frag Packet Exceeded; ‘dst_l4_tcp_blacklist_drop’: Dst TCP IP-Proto Blacklist Dropped; ‘dst_l4_udp_blacklist_drop’: Dst UDP IP-Proto Blacklist Dropped; ‘dst_l4_icmp_blacklist_drop’: Dst ICMP IP-Proto Blacklist Dropped; ‘dst_l4_other_blacklist_drop’: Dst OTHER IP-Proto Blacklist Dropped; ‘dst_frag_timeout_drop’: Fragment Reassemble Timeout Drop; ‘dst_icmp_any_exceed’: ICMP Rate: Total Exceed; ‘dst_other_any_exceed’: OTHER Rate: Total Exceed; ‘tcp_rexmit_syn_limit_drop’: TCP SYN Retransmit Exceeded Drop; ‘tcp_rexmit_syn_limit_bl’: TCP SYN Retransmit Exceeded Blacklist; ‘dst_clist_overflow_policy_at_learning’: Dst Src-Based Overflow Policy Hit; ‘zone_frag_rcvd’: Fragmented Packets Received; ‘zone_tcp_wellknown_sport_drop’: TCP SrcPort Wellknown; ‘src_tcp_wellknown_sport_drop’: Src TCP SrcPort Wellknown; ‘secondary_dst_entry_pkt_rate_exceed’: Per Addr Rate: Packet Exceeded; ‘secondary_dst_entry_kbit_rate_exceed’: Per Addr Rate: KiBit Exceeded; ‘secondary_dst_entry_conn_limit_exceed’: Per Addr Limit: Conn Exceeded; ‘secondary_dst_entry_conn_rate_exceed’: Per Addr Rate: Conn Exceeded; ‘secondary_dst_entry_frag_pkt_rate_exceed’: Per Addr Rate: Frag Packet Exceeded; ‘src_udp_retry_gap_drop’: Src UDP Auth: Retry-Gap Dropped; ‘dst_entry_kbit_rate_exceed_count’: Entry Rate: KiBit Exceeded Count; ‘secondary_entry_learn’: Per Addr Entry Learned; ‘secondary_entry_hit’: Per Addr Entry Hit; ‘secondary_entry_miss’: Per Addr Entry Missed; ‘secondary_entry_aged’: Per Addr Entry Aged; ‘secondary_entry_learning_thre_exceed’: Per Addr Entry Count Overflow; ‘zone_port_undef_hit’: Dst Port undefined Hit; ‘zone_tcp_action_on_ack_timeout’: TCP Auth: ACK Retry Timeout; ‘zone_tcp_action_on_ack_reset’: TCP Auth: ACK Retry Timeout Reset; ‘zone_tcp_action_on_ack_blacklist’: TCP Auth: ACK Retry Timeout Blacklisted; ‘src_tcp_action_on_ack_timeout’: Src TCP Auth: ACK Retry Timeout; ‘src_tcp_action_on_ack_reset’: Src TCP Auth: ACK Retry Timeout Reset; ‘src_tcp_action_on_ack_blacklist’: Src TCP Auth: ACK Retry Timeout Blacklisted; ‘zone_tcp_action_on_syn_timeout’: TCP Auth: SYN Retry Timeout; ‘zone_tcp_action_on_syn_reset’: TCP Auth: SYN Retry Timeout Reset; ‘zone_tcp_action_on_syn_blacklist’: TCP Auth: SYN Retry Timeout Blacklisted; ‘src_tcp_action_on_syn_timeout’: Src TCP Auth: SYN Retry Timeout; ‘src_tcp_action_on_syn_reset’: Src TCP Auth: SYN Retry Timeout Reset; ‘src_tcp_action_on_syn_blacklist’: Src TCP Auth: SYN Retry Timeout Blacklisted; ‘zone_udp_frag_pkt_rate_exceed’: UDP Dst IP-Proto Rate: Frag Exceeded; ‘zone_udp_frag_src_rate_drop’: UDP Src Rate: Frag Exceeded; ‘zone_tcp_frag_pkt_rate_exceed’: TCP Dst IP-Proto Rate: Frag Exceeded; ‘zone_tcp_frag_src_rate_drop’: TCP Src Rate: Frag Exceeded; ‘zone_icmp_frag_pkt_rate_exceed’: ICMP Dst IP-Proto Rate: Frag Exceeded; ‘zone_icmp_frag_src_rate_drop’: ICMP Src Rate: Frag Exceeded; ‘sflow_internal_samples_packed’: Sflow Internal Samples Packed; ‘sflow_external_samples_packed’: Sflow External Samples Packed; ‘sflow_internal_packets_sent’: Sflow Internal Packets Sent; ‘sflow_external_packets_sent’: Sflow External Packets Sent; ‘dns_outbound_total_query’: DNS Outbound Total Query; ‘dns_outbound_query_malformed’: DNS Outbound Query Malformed; ‘dns_outbound_query_resp_chk_failed’: DNS Outbound Query Resp Check Failed; ‘dns_outbound_query_resp_chk_blacklisted’: DNS Outbound Query Resp Check Blacklisted; ‘dns_outbound_query_resp_chk_refused_sent’: DNS Outbound Query Resp Check REFUSED Sent; ‘dns_outbound_query_resp_chk_reset_sent’: DNS Outbound Query Resp Check RESET Sent; ‘dns_outbound_query_resp_chk_no_resp_sent’: DNS Outbound Query Resp Check No Response Sent; ‘dns_outbound_query_resp_size_exceed’: DNS Outbound Query Response Size Exceed; ‘dns_outbound_query_sess_timed_out’: DNS Outbound Query Session Timed Out; ‘source_entry_total’: Source Entry Total Count; ‘source_entry_udp’: Source Entry UDP Count; ‘source_entry_tcp’: Source Entry TCP Count; ‘source_entry_icmp’: Source Entry ICMP Count; ‘source_entry_other’: Source Entry OTHER Count; ‘dst_exceed_action_tunnel’: Entry Exceed Action: Tunnel;
Type: string
Supported Values: src_tcp_unauth_drop, src_tcp_action_on_syn_init, src_tcp_action_on_syn_gap_drop, src_tcp_action_on_syn_fail, src_tcp_action_on_ack_init, src_tcp_action_on_ack_gap_drop, src_tcp_action_on_ack_fail, src_tcp_out_of_seq_excd, src_tcp_retransmit_excd, src_tcp_zero_window_excd, src_tcp_conn_prate_excd, src_udp_min_payload, src_udp_max_payload, src_udp_conn_prate_excd, src_udp_ntp_monlist_req, src_udp_ntp_monlist_resp, src_udp_wellknown_sport_drop, src_udp_retry_init, dst_udp_retry_gap_drop, dst_udp_retry_fail, dst_tcp_session_aged, dst_udp_session_aged, dst_tcp_conn_close, dst_tcp_conn_close_half_open, dst_drop_frag_pkt, src_tcp_filter_action_blacklist, src_tcp_filter_action_whitelist, src_tcp_filter_action_drop, src_tcp_filter_action_default_pass, src_udp_filter_action_blacklist, src_udp_filter_action_whitelist, src_udp_filter_action_drop, src_udp_filter_action_default_pass, src_other_filter_action_blacklist, src_other_filter_action_whitelist, src_other_filter_action_drop, src_other_filter_action_default_pass, tcp_invalid_syn, dst_tcp_conn_close_w_rst, dst_tcp_conn_close_w_fin, dst_tcp_conn_close_w_idle, dst_tcp_conn_create_from_syn, dst_tcp_conn_create_from_ack, src_frag_drop, zone_port_kbit_rate_exceed_pkt, dst_tcp_bytes_rcv, dst_udp_bytes_rcv, dst_icmp_bytes_rcv, dst_other_bytes_rcv, dst_tcp_bytes_sent, dst_udp_bytes_sent, dst_icmp_bytes_sent, dst_other_bytes_sent, dst_udp_auth_drop, dst_tcp_auth_drop, dst_tcp_auth_resp, dst_drop, dst_entry_pkt_rate_exceed, dst_entry_kbit_rate_exceed, dst_entry_conn_limit_exceed, dst_entry_conn_rate_exceed, dst_entry_frag_pkt_rate_exceed, dst_l4_tcp_blacklist_drop, dst_l4_udp_blacklist_drop, dst_l4_icmp_blacklist_drop, dst_l4_other_blacklist_drop, dst_frag_timeout_drop, dst_icmp_any_exceed, dst_other_any_exceed, tcp_rexmit_syn_limit_drop, tcp_rexmit_syn_limit_bl, dst_clist_overflow_policy_at_learning, zone_frag_rcvd, zone_tcp_wellknown_sport_drop, src_tcp_wellknown_sport_drop, secondary_dst_entry_pkt_rate_exceed, secondary_dst_entry_kbit_rate_exceed, secondary_dst_entry_conn_limit_exceed, secondary_dst_entry_conn_rate_exceed, secondary_dst_entry_frag_pkt_rate_exceed, src_udp_retry_gap_drop, dst_entry_kbit_rate_exceed_count, secondary_entry_learn, secondary_entry_hit, secondary_entry_miss, secondary_entry_aged, secondary_entry_learning_thre_exceed, zone_port_undef_hit, zone_tcp_action_on_ack_timeout, zone_tcp_action_on_ack_reset, zone_tcp_action_on_ack_blacklist, src_tcp_action_on_ack_timeout, src_tcp_action_on_ack_reset, src_tcp_action_on_ack_blacklist, zone_tcp_action_on_syn_timeout, zone_tcp_action_on_syn_reset, zone_tcp_action_on_syn_blacklist, src_tcp_action_on_syn_timeout, src_tcp_action_on_syn_reset, src_tcp_action_on_syn_blacklist, zone_udp_frag_pkt_rate_exceed, zone_udp_frag_src_rate_drop, zone_tcp_frag_pkt_rate_exceed, zone_tcp_frag_src_rate_drop, zone_icmp_frag_pkt_rate_exceed, zone_icmp_frag_src_rate_drop, sflow_internal_samples_packed, sflow_external_samples_packed, sflow_internal_packets_sent, sflow_external_packets_sent, dns_outbound_total_query, dns_outbound_query_malformed, dns_outbound_query_resp_chk_failed, dns_outbound_query_resp_chk_blacklisted, dns_outbound_query_resp_chk_refused_sent, dns_outbound_query_resp_chk_reset_sent, dns_outbound_query_resp_chk_no_resp_sent, dns_outbound_query_resp_size_exceed, dns_outbound_query_sess_timed_out, source_entry_total, source_entry_udp, source_entry_tcp, source_entry_icmp, source_entry_other, dst_exceed_action_tunnel
counters3
Description ‘dst_udp_retry_timeout_blacklist’: UDP Auth: Retry Timeout Blacklisted; ‘src_udp_auth_timeout’: Src UDP Auth: Retry Timeout; ‘zone_src_udp_retry_timeout_blacklist’: Src UDP Auth: Retry Timeout Blacklisted; ‘src_udp_retry_pass’: Src UDP Retry Passed; ‘secondary_port_learn’: Per Addr Port Learned; ‘secondary_port_aged’: Per Addr Port Aged; ‘dst_entry_outbound_udp_session_created’: Outbound: UDP Sessions Created; ‘dst_entry_outbound_udp_session_aged’: Outbound: UDP Sessions Aged; ‘dst_entry_outbound_tcp_session_created’: Outbound: TCP Sessions Created; ‘dst_entry_outbound_tcp_session_aged’: Outbound: TCP Sessions Aged; ‘dst_entry_outbound_pkt_rate_exceed’: Outbound Rate: Packet Exceeded; ‘dst_entry_outbound_kbit_rate_exceed’: Outbound Rate: KiBit Exceeded; ‘dst_entry_outbound_kbit_rate_exceed_count’: Outbound Rate: KiBit Exceeded Count; ‘dst_entry_outbound_conn_limit_exceed’: Outbound Limit: Conn Exceeded; ‘dst_entry_outbound_conn_rate_exceed’: Outbound Rate: Conn Exceeded; ‘dst_entry_outbound_frag_pkt_rate_exceed’: Outbound Rate: Frag Packet Exceeded; ‘prog_first_req_time_exceed’: Req-Resp: First Request Time Exceed; ‘prog_req_resp_time_exceed’: Req-Resp: Request to Response Time Exceed; ‘prog_request_len_exceed’: Req-Resp: Request Length Exceed; ‘prog_response_len_exceed’: Req-Resp: Response Length Exceed; ‘prog_resp_req_ratio_exceed’: Req-Resp: Response to Request Ratio Exceed; ‘prog_resp_req_time_exceed’: Req-Resp: Response to Request Time Exceed; ‘entry_sync_message_received’: Entry Sync Message Received; ‘entry_sync_message_sent’: Entry Sync Message Sent; ‘prog_conn_sent_exceed’: Connection: Sent Exceed; ‘prog_conn_rcvd_exceed’: Connection: Received Exceed; ‘prog_conn_time_exceed’: Connection: Time Exceed; ‘prog_conn_rcvd_sent_ratio_exceed’: Connection: Reveived to Sent Ratio Exceed; ‘prog_win_sent_exceed’: Time Window: Sent Exceed; ‘prog_win_rcvd_exceed’: Time Window: Received Exceed; ‘prog_win_rcvd_sent_ratio_exceed’: Time Window: Received to Sent Exceed; ‘prog_exceed_drop’: Req-Resp: Violation Exceed Dropped; ‘prog_exceed_bl’: Req-Resp: Violation Exceed Blacklisted; ‘prog_conn_exceed_drop’: Connection: Violation Exceed Dropped; ‘prog_conn_exceed_bl’: Connection: Violation Exceed Blacklisted; ‘prog_win_exceed_drop’: Time Window: Violation Exceed Dropped; ‘prog_win_exceed_bl’: Time Window: Violation Exceed Blacklisted; ‘east_west_inbound_rcv_pkt’: East West: Inbound Packets Received; ‘east_west_inbound_drop_pkt’: East West: Inbound Packets Dropped; ‘east_west_inbound_fwd_pkt’: East West: Inbound Packets Forwarded; ‘east_west_inbound_rcv_byte’: East West: Inbound Bytes Received; ‘east_west_inbound_drop_byte’: East West: Inbound Bytes Dropped; ‘east_west_inbound_fwd_byte’: East West: Inbound Bytes Forwarded; ‘east_west_outbound_rcv_pkt’: East West: Outbound Packets Received; ‘east_west_outbound_drop_pkt’: East West: Outbound Packets Dropped; ‘east_west_outbound_fwd_pkt’: East West: Outbound Packets Forwarded; ‘east_west_outbound_rcv_byte’: East West: Outbound Bytes Received; ‘east_west_outbound_drop_byte’: East West: Outbound Bytes Dropped; ‘east_west_outbound_fwd_byte’: East West: Outbound Bytes Forwarded; ‘dst_exceed_action_drop’: Entry Exceed Action: Dropped; ‘prog_conn_samples’: Sample Collected: Connection; ‘prog_req_samples’: Sample Collected: Req-Resp; ‘prog_win_samples’: Sample Collected: Time Window; ‘victim_ip_learned’: Victim Identification: IP Entry Learned; ‘victim_ip_aged’: Victim Identification: IP Entry Aged;
Type: string
Supported Values: dst_udp_retry_timeout_blacklist, src_udp_auth_timeout, zone_src_udp_retry_timeout_blacklist, src_udp_retry_pass, secondary_port_learn, secondary_port_aged, dst_entry_outbound_udp_session_created, dst_entry_outbound_udp_session_aged, dst_entry_outbound_tcp_session_created, dst_entry_outbound_tcp_session_aged, dst_entry_outbound_pkt_rate_exceed, dst_entry_outbound_kbit_rate_exceed, dst_entry_outbound_kbit_rate_exceed_count, dst_entry_outbound_conn_limit_exceed, dst_entry_outbound_conn_rate_exceed, dst_entry_outbound_frag_pkt_rate_exceed, prog_first_req_time_exceed, prog_req_resp_time_exceed, prog_request_len_exceed, prog_response_len_exceed, prog_resp_req_ratio_exceed, prog_resp_req_time_exceed, entry_sync_message_received, entry_sync_message_sent, prog_conn_sent_exceed, prog_conn_rcvd_exceed, prog_conn_time_exceed, prog_conn_rcvd_sent_ratio_exceed, prog_win_sent_exceed, prog_win_rcvd_exceed, prog_win_rcvd_sent_ratio_exceed, prog_exceed_drop, prog_exceed_bl, prog_conn_exceed_drop, prog_conn_exceed_bl, prog_win_exceed_drop, prog_win_exceed_bl, east_west_inbound_rcv_pkt, east_west_inbound_drop_pkt, east_west_inbound_fwd_pkt, east_west_inbound_rcv_byte, east_west_inbound_drop_byte, east_west_inbound_fwd_byte, east_west_outbound_rcv_pkt, east_west_outbound_drop_pkt, east_west_outbound_fwd_pkt, east_west_outbound_rcv_byte, east_west_outbound_drop_byte, east_west_outbound_fwd_byte, dst_exceed_action_drop, prog_conn_samples, prog_req_samples, prog_win_samples, victim_ip_learned, victim_ip_aged
dst_zone-list_enable-top-k¶
Specification Value Type list Block object keys topk-num-records
Description Maximum number of records to show in topk
Type: number
Range: 1-100
Default: 20
topk-type
Description ‘destination’: Topk destination IP;
Type: string
Supported Values: destination
system-default¶
Specification Value Type object limit-list
Type: List
Reference Object: /axapi/v3/ddos/system-default/limit/{limit-type}
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
system-default_limit-list¶
Specification Value Type list Block object keys default-bit-rate-limit
Description Configure Default Kibit (kibibit / 1024-bit) rate limit
Type: number
Range: 1-16000000
default-conn-limit
Description Configure Default Connection limit
Type: number
Range: 1-16000000
default-conn-rate-limit
Description Configure Default Connection rate limit
Type: number
Range: 1-16000000
default-frag-pkt-rate-limit
Description Configure Default Fragmented packet rate limit
Type: number
Range: 1-16000000
default-over-limit-action
Description: default-over-limit-action is a JSON Block. Please see below for system-default_limit-list_default-over-limit-action
Type: Object
default-pkt-rate-limit
Description Configure Default Packet rate limit
Type: number
Range: 1-16000000
limit-type
Description ‘dst-entry’: dst-entry; ‘dst-icmp’: dst-icmp; ‘dst-other’: dst-other; ‘dst-tcp’: dst-tcp; ‘dst-udp’: dst-udp; ‘src-entry’: src-entry; ‘src-icmp’: src-icmp; ‘src-other’: src-other; ‘src-tcp’: src-tcp; ‘src-udp’: src-udp;
Type: string
Supported Values: dst-entry, dst-icmp, dst-other, dst-tcp, dst-udp, src-entry, src-icmp, src-other, src-tcp, src-udp
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
system-default_limit-list_default-over-limit-action¶
Specification Value Type object drop
Description Silently Drop the new connection / new packet when it exceeds limit
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
notification-template-common¶
Specification Value Type object default-template
Type: Liston-box-gui-notification
Description ‘enable’: enable; ‘disable’: disable;
Type: string
Supported Values: enable, disable
Default: enable
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
notification-template-common_default-template¶
Specification Value Type list Block object keys default-notification-template
Description Specify the notification template name (Default notification template name)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/notification-template
zone-template¶
Specification Value Type object dns-list
Type: List
Reference Object: /axapi/v3/ddos/zone-template/dns/{name}
encap-list
Type: List
Reference Object: /axapi/v3/ddos/zone-template/encap/{encap-tmpl-name}
http-list
Type: List
Reference Object: /axapi/v3/ddos/zone-template/http/{http-tmpl-name}
icmp-v4-list
Type: List
Reference Object: /axapi/v3/ddos/zone-template/icmp-v4/{icmp-tmpl-name}
icmp-v6-list
Type: List
Reference Object: /axapi/v3/ddos/zone-template/icmp-v6/{icmp-tmpl-name}
ip-proto-list
Type: List
Reference Object: /axapi/v3/ddos/zone-template/ip-proto/{name}
ips-list
Type: List
Reference Object: /axapi/v3/ddos/zone-template/ips/{ips-tmpl-name}
logging-list
Type: List
Reference Object: /axapi/v3/ddos/zone-template/logging/{logging-tmpl-name}
quic-list
Type: List
Reference Object: /axapi/v3/ddos/zone-template/quic/{quic-tmpl-name}
sip-list
Type: List
Reference Object: /axapi/v3/ddos/zone-template/sip/{sip-tmpl-name}
ssl-l4-list
Type: List
Reference Object: /axapi/v3/ddos/zone-template/ssl-l4/{ssl-l4-tmpl-name}
tcp-list
Type: List
Reference Object: /axapi/v3/ddos/zone-template/tcp/{name}
udp-list
Type: List
Reference Object: /axapi/v3/ddos/zone-template/udp/{name}
zone-template_logging-list¶
Specification Value Type list Block object keys enable-action-logging
Description Log action taken
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
log-format-cef
Description Log in CEF format
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
log-format-custom
Description Customize log format
Type: string
Format: string-rlx
Maximum Length: 512 characters
Maximum Length: 1 characters
logging-tmpl-name
Description DDOS Logging Template Name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Default: default
use-obj-name
Description Show obj name instead of ip in the log
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template_tcp-list¶
Specification Value Type list Block object keys ack-authentication
Description: ack-authentication is a JSON Block. Please see below for zone-template_tcp-list_ack-authentication
Type: Object
ack-authentication-synack-reset
Description Reset client TCP SYN+ACK for authentication (DST support only)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
action-on-ack-rto-retry-count
Description Take action if ack-auth RTO-authentication fail over retry time(default:5)
Type: number
Range: 2-10
action-on-syn-rto-retry-count
Description Take action if syn-auth RTO-authentication fail over retry time(default:5)
Type: number
Range: 2-10
age
Description Session age in minutes
Type: number
Range: 1-63
Default: 2
allow-syn-otherflags
Description Treat TCP SYN+PSH as a TCP SYN (DST tcp ports support only)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
allow-synack-skip-authentications
Description Allow create sessions on SYNACK without syn-auth and ack-auth (ASYM Mode only)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
allow-tcp-tfo
Description Allow TCP Fast Open
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
concurrent
Description Enable concurrent port access for non-matching ports (DST support only)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
conn-rate-limit-on-syn-only
Description Only count SYN-initiated connections towards connection-rate tracking
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
create-conn-on-syn-only
Description Enable connection establishment on SYN only
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dst
Description: dst is a JSON Block. Please see below for zone-template_tcp-list_dst
Type: Object
filter-list
Type: List
Reference Object: /axapi/v3/ddos/zone-template/tcp/{name}/filter/{tcp-filter-name}
known-resp-src-port-cfg
Description: known-resp-src-port-cfg is a JSON Block. Please see below for zone-template_tcp-list_known-resp-src-port-cfg
Type: Object
max-rexmit-syn-per-flow-cfg
Description: max-rexmit-syn-per-flow-cfg is a JSON Block. Please see below for zone-template_tcp-list_max-rexmit-syn-per-flow-cfg
Type: Object
name
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
out-of-seq-cfg
Description: out-of-seq-cfg is a JSON Block. Please see below for zone-template_tcp-list_out-of-seq-cfg
Type: Object
per-conn-out-of-seq-rate-cfg
Description: per-conn-out-of-seq-rate-cfg is a JSON Block. Please see below for zone-template_tcp-list_per-conn-out-of-seq-rate-cfg
Type: Object
per-conn-pkt-rate-cfg
Description: per-conn-pkt-rate-cfg is a JSON Block. Please see below for zone-template_tcp-list_per-conn-pkt-rate-cfg
Type: Object
per-conn-rate-interval
Description ‘100ms’: 100ms; ‘1sec’: 1sec; ’10sec’: 10sec;
Type: string
Supported Values: 100ms, 1sec, 10sec
Default: 1sec
per-conn-retransmit-rate-cfg
Description: per-conn-retransmit-rate-cfg is a JSON Block. Please see below for zone-template_tcp-list_per-conn-retransmit-rate-cfg
Type: Object
per-conn-zero-win-rate-cfg
Description: per-conn-zero-win-rate-cfg is a JSON Block. Please see below for zone-template_tcp-list_per-conn-zero-win-rate-cfg
Type: Object
progression-tracking
Description: progression-tracking is a JSON Block. Please see below for zone-template_tcp-list_progression-tracking
Type: Object
Reference Object: /axapi/v3/ddos/zone-template/tcp/{name}/progression-tracking
retransmit-cfg
Description: retransmit-cfg is a JSON Block. Please see below for zone-template_tcp-list_retransmit-cfg
Type: Object
src
Description: src is a JSON Block. Please see below for zone-template_tcp-list_src
Type: Object
syn-authentication
Description: syn-authentication is a JSON Block. Please see below for zone-template_tcp-list_syn-authentication
Type: Object
syn-cookie
Description Enable SYN Cookie
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
synack-rate-limit
Description Config SYNACK rate limit
Type: number
Range: 1-16000000
Mutual Exclusion: synack-rate-limit and track-together-with-syn are mutually exclusive
track-together-with-syn
Description SYNACK will be counted in Dst Syn-rate limit
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: track-together-with-syn and synack-rate-limit are mutually exclusive
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zero-win-cfg
Description: zero-win-cfg is a JSON Block. Please see below for zone-template_tcp-list_zero-win-cfg
Type: Object
zone-template_tcp-list_syn-authentication¶
Specification Value Type object syn-auth-fail-action
Description ‘drop’: Drop packets (Default); ‘blacklist-src’: Blacklist-src; ‘reset’: Send reset to client (Applicable to retransmit-check only);
Type: string
Supported Values: drop, blacklist-src, reset
Mutual Exclusion: syn-auth-fail-action and syn-auth-fail-action-list-name are mutually exclusive
syn-auth-fail-action-list-name
Description Configure action-list to take for failing the authentication.
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: syn-auth-fail-action-list-name and syn-auth-fail-action are mutually exclusive
syn-auth-min-delay
Description Minimum delay (in 100ms intervals) between SYN retransmits for retransmit-check to pass
Type: number
Range: 1-80
Mutual Exclusion: syn-auth-min-delay and syn-auth-type are mutually exclusive
syn-auth-pass-action
Description ‘authenticate-src’: authenticate-src (Default);
Type: string
Supported Values: authenticate-src
Mutual Exclusion: syn-auth-pass-action and syn-auth-pass-action-list-name are mutually exclusive
syn-auth-pass-action-list-name
Description Configure action-list to take for passing the authentication
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: syn-auth-pass-action-list-name and syn-auth-pass-action are mutually exclusive
syn-auth-rto
Description Estimate the RTO and apply the exponential back-off for authentication
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
syn-auth-timeout
Description syn retransmit timeout in seconds(default timeout: 5 seconds)
Type: number
Range: 1-31
Mutual Exclusion: syn-auth-timeout and syn-auth-type are mutually exclusive
syn-auth-type
Description ‘send-rst’: Send reset to client after syn cookie check pass; ‘force-rst-by-ack’: Send client a bad ack after syn cookie check pass; ‘force-rst-by-synack’: Send client a bad synack after syn cookie check pass;
Type: string
Supported Values: send-rst, force-rst-by-ack, force-rst-by-synack
Mutual Exclusion: syn-auth-type, syn-auth-timeout, and syn-auth-min-delay are mutually exclusive
zone-template_tcp-list_ack-authentication¶
Specification Value Type object ack-auth-fail-action
Description ‘drop’: Drop packets (Default); ‘blacklist-src’: Blacklist-src; ‘reset’: Send reset to client;
Type: string
Supported Values: drop, blacklist-src, reset
Mutual Exclusion: ack-auth-fail-action and ack-auth-fail-action-list-name are mutually exclusive
ack-auth-fail-action-list-name
Description Configure action-list to take for failing the authentication.
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: ack-auth-fail-action-list-name and ack-auth-fail-action are mutually exclusive
ack-auth-min-delay
Description Minimum delay (in 100ms intervals) between ACK retransmits for retransmit-check to pass
Type: number
Range: 1-80
ack-auth-only
Description Apply retransmit-check only once per source address for authentication purpose
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
ack-auth-pass-action
Description ‘authenticate-src’: authenticate-src (Default);
Type: string
Supported Values: authenticate-src
Mutual Exclusion: ack-auth-pass-action and ack-auth-pass-action-list-name are mutually exclusive
ack-auth-pass-action-list-name
Description Configure action-list to take for passing the authentication
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: ack-auth-pass-action-list-name and ack-auth-pass-action are mutually exclusive
ack-auth-rto
Description Estimate the RTO and apply the exponential back-off for authentication
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
ack-auth-timeout
Description ack retransmit timeout in seconds(default timeout: 5 seconds)
Type: number
Range: 1-31
zone-template_tcp-list_retransmit-cfg¶
Specification Value Type object retransmit
Description Take action if retransmit pkts exceed configured threshold
Type: number
Range: 1-64000
Mutual Exclusion: retransmit and per-conn-retransmit-rate-limit are mutually exclusive
retransmit-action
Description ‘drop’: Drop packets for retrans exceed (Default); ‘blacklist-src’: help Blacklist-src for retrans exceed; ‘ignore’: help Ignore retrans exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
Default: drop
Mutual Exclusion: retransmit-action and retransmit-action-list-name are mutually exclusive
retransmit-action-list-name
Description Configure action-list to take for retransmit exceed
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: retransmit-action-list-name and retransmit-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
zone-template_tcp-list_dst¶
Specification Value Type object rate-limit
Description: rate-limit is a JSON Block. Please see below for zone-template_tcp-list_dst_rate-limit
Type: Object
zone-template_tcp-list_dst_rate-limit¶
Specification Value Type object syn-rate-limit
Description: syn-rate-limit is a JSON Block. Please see below for zone-template_tcp-list_dst_rate-limit_syn-rate-limit
Type: Object
zone-template_tcp-list_dst_rate-limit_syn-rate-limit¶
Specification Value Type object dst-syn-rate-action
Description ‘drop’: Drop packets for syn-rate exceed (Default); ‘ignore’: Ignore syn-rate-exceed;
Type: string
Supported Values: drop, ignore
Default: drop
dst-syn-rate-limit
Description
Type: number
Range: 1-16000000
zone-template_tcp-list_per-conn-retransmit-rate-cfg¶
Specification Value Type object per-conn-retransmit-rate-action
Description ‘drop’: Drop packets for retrans rate exceed (Default); ‘blacklist-src’: help Blacklist-src for retrans rate exceed; ‘ignore’: help Ignore retrans rate exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
Default: drop
Mutual Exclusion: per-conn-retransmit-rate-action and per-conn-retransmit-rate-action-list-name are mutually exclusive
per-conn-retransmit-rate-action-list-name
Description Configure action-list to take for retransmit rate exceed
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: per-conn-retransmit-rate-action-list-name and per-conn-retransmit-rate-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
per-conn-retransmit-rate-limit
Description Take action if retransmit pkt rate exceed configured threshold
Type: number
Range: 1-16000000
Mutual Exclusion: per-conn-retransmit-rate-limit and retransmit are mutually exclusive
zone-template_tcp-list_per-conn-zero-win-rate-cfg¶
Specification Value Type object per-conn-zero-win-rate-action
Description ‘drop’: Drop packets for zero-win rate exceed (Default); ‘blacklist-src’: help Blacklist-src for zero-win rate exceed; ‘ignore’: Ignore zero-win rate exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
Default: drop
Mutual Exclusion: per-conn-zero-win-rate-action and per-conn-zero-win-rate-action-list-name are mutually exclusive
per-conn-zero-win-rate-action-list-name
Description Configure action-list to take for zero window rate exceed
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: per-conn-zero-win-rate-action-list-name and per-conn-zero-win-rate-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
per-conn-zero-win-rate-limit
Description Take action if zero window pkt rate exceed configured threshold
Type: number
Range: 1-16000000
Mutual Exclusion: per-conn-zero-win-rate-limit and zero-win are mutually exclusive
zone-template_tcp-list_per-conn-pkt-rate-cfg¶
Specification Value Type object per-conn-pkt-rate-action
Description ‘drop’: Drop packets for per-conn-pkt-rate exceed (Default); ‘blacklist-src’: help Blacklist-src for per-conn-pkt-rate exceed; ‘ignore’: Ignore per-conn-pkt-rate-exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
Default: drop
Mutual Exclusion: per-conn-pkt-rate-action and per-conn-pkt-rate-action-list-name are mutually exclusive
per-conn-pkt-rate-action-list-name
Description Configure action-list to take for per-conn-pkt-rate exceed
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: per-conn-pkt-rate-action-list-name and per-conn-pkt-rate-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
per-conn-pkt-rate-limit
Description Packet rate limit per connection per rate-interval
Type: number
Range: 1-16000000
zone-template_tcp-list_max-rexmit-syn-per-flow-cfg¶
Specification Value Type object max-rexmit-syn-per-flow
Description Maximum number of re-transmit SYN per flow
Type: number
Range: 1-6
max-rexmit-syn-per-flow-action
Description ‘drop’: Drop SYN packets for max-rexmit-syn-per-flow exceed (Default); ‘blacklist-src’: help Blacklist-src for max-rexmit-syn-per-flow exceed;
Type: string
Supported Values: drop, blacklist-src
Default: drop
max-rexmit-syn-per-flow-action-list-name
Description Configure action-list to take for max-rexmit-syn-per-flow exceed
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/action-list
zone-template_tcp-list_src¶
Specification Value Type object rate-limit
Description: rate-limit is a JSON Block. Please see below for zone-template_tcp-list_src_rate-limit
Type: Object
zone-template_tcp-list_src_rate-limit¶
Specification Value Type object syn-rate-limit
Description: syn-rate-limit is a JSON Block. Please see below for zone-template_tcp-list_src_rate-limit_syn-rate-limit
Type: Object
zone-template_tcp-list_src_rate-limit_syn-rate-limit¶
Specification Value Type object src-syn-rate-action
Description ‘drop’: Drop packets for syn-rate exceed (Default); ‘blacklist-src’: Blacklist-src for syn-rate exceed; ‘ignore’: Ignore syn-rate-exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
Default: drop
Mutual Exclusion: src-syn-rate-action and src-syn-rate-action-list-name are mutually exclusive
src-syn-rate-action-list-name
Description Configure action-list to take for syn-rate exceed
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: src-syn-rate-action-list-name and src-syn-rate-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
src-syn-rate-limit
Description
Type: number
Range: 1-16000000
zone-template_tcp-list_progression-tracking¶
Specification Value Type object connection-tracking
Description: connection-tracking is a JSON Block. Please see below for zone-template_tcp-list_progression-tracking_connection-tracking
Type: Object
Reference Object: /axapi/v3/ddos/zone-template/tcp/{name}/progression-tracking/connection-tracking
first-request-max-time
Description Set the maximum wait time from connection creation until the first data is transmitted over the connection (100 ms)
Type: number
Range: 1-65535
ignore-TLS-handshake
Description Ignore TLS handshake
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
profiling-connection-life-model
Description Enable auto-config progression tracking learning for connection model
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
profiling-request-response-model
Description Enable auto-config progression tracking learning for Request Response model
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
profiling-time-window-model
Description Enable auto-config progression tracking learning for time window model
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
progression-tracking-action
Description ‘drop’: Drop packets for progression tracking violation exceed (Default); ‘blacklist-src’: Blacklist-src for progression tracking violation exceed;
Type: string
Supported Values: drop, blacklist-src
Default: drop
Mutual Exclusion: progression-tracking-action and progression-tracking-action-list-name are mutually exclusive
progression-tracking-action-list-name
Description Configure action-list to take when progression tracking violation exceed
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: progression-tracking-action-list-name and progression-tracking-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
progression-tracking-enabled
Description ‘enable-check’: Enable Progression Tracking Check;
Type: string
Supported Values: enable-check
request-length-max
Description Set the maximum request length
Type: number
Range: 1-65535
request-length-min
Description Set the minimum request length
Type: number
Range: 1-65535
request-response-model
Description ‘enable’: Enable Request Response Model; ‘disable’: Disable Request Response Model;
Type: string
Supported Values: enable, disable
Default: enable
request-to-response-max-time
Description Set the maximum request to response time (100 ms)
Type: number
Range: 1-65535
response-length-max
Description Set the maximum response length
Type: number
Range: 1-4294967295
response-request-max-ratio
Description Set the maximum response to request ratio (in unit of 0.1% [1:1000])
Type: number
Range: 1-4294967295
response-request-min-ratio
Description Set the minimum response to request ratio (in unit of 0.1% [1:1000])
Type: number
Range: 1-65535
response-to-request-max-time
Description Set the maximum response to request time (100 ms)
Type: number
Range: 1-65535
time-window-tracking
Description: time-window-tracking is a JSON Block. Please see below for zone-template_tcp-list_progression-tracking_time-window-tracking
Type: Object
Reference Object: /axapi/v3/ddos/zone-template/tcp/{name}/progression-tracking/time-window-tracking
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
violation
Description Set the violation threshold
Type: number
Range: 1-255
zone-template_tcp-list_progression-tracking_connection-tracking¶
Specification Value Type object conn-duration-max
Description Set the maximum duration time (in unit of 100ms, up to 24 hours)
Type: number
Range: 1-864000
conn-duration-min
Description Set the minimum duration time (in unit of 100ms, up to 24 hours)
Type: number
Range: 1-864000
conn-rcvd-max
Description Set the maximum total received byte
Type: number
Range: 1-2147483647
conn-rcvd-min
Description Set the minimum total received byte
Type: number
Range: 1-2147483647
conn-rcvd-sent-ratio-max
Description Set the maximum received to sent ratio (in unit of milli-, 0.001)
Type: number
Range: 1-2147483647
conn-rcvd-sent-ratio-min
Description Set the minimum received to sent ratio (in unit of milli-, 0.001)
Type: number
Range: 1-65535
conn-sent-max
Description Set the maximum total sent byte
Type: number
Range: 1-2147483647
conn-sent-min
Description Set the minimum total sent byte
Type: number
Range: 1-65535
conn-violation
Description Set the violation threshold
Type: number
Range: 1-255
progression-tracking-conn-action
Description ‘drop’: Drop packets for progression tracking violation exceed (Default); ‘blacklist-src’: Blacklist-src for progression tracking violation exceed;
Type: string
Supported Values: drop, blacklist-src
Default: drop
Mutual Exclusion: progression-tracking-conn-action and progression-tracking-conn-action-list-name are mutually exclusive
progression-tracking-conn-action-list-name
Description Configure action-list to take when progression tracking violation exceed
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: progression-tracking-conn-action-list-name and progression-tracking-conn-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
progression-tracking-conn-enabled
Description ‘enable-check’: Enable General Progression Tracking per Connection;
Type: string
Supported Values: enable-check
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template_tcp-list_progression-tracking_time-window-tracking¶
Specification Value Type object progression-tracking-win-enabled
Description ‘enable-check’: Enable Progression Tracking per Time Window;
Type: string
Supported Values: enable-check
progression-tracking-windows-action
Description ‘drop’: Drop packets for progression tracking violation exceed (Default); ‘blacklist-src’: Blacklist-src for progression tracking violation exceed;
Type: string
Supported Values: drop, blacklist-src
Default: drop
Mutual Exclusion: progression-tracking-windows-action and progression-tracking-windows-action-list-name are mutually exclusive
progression-tracking-windows-action-list-name
Description Configure action-list to take when progression tracking violation exceed
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: progression-tracking-windows-action-list-name and progression-tracking-windows-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
window-rcvd-max
Description Set the maximum total received byte
Type: number
Range: 1-65535
window-rcvd-min
Description Set the minimum total received byte
Type: number
Range: 1-65535
window-rcvd-sent-ratio-max
Description Set the maximum received to sent ratio (in unit of 0.1% [1:1000])
Type: number
Range: 1-65535
window-rcvd-sent-ratio-min
Description Set the minimum received to sent ratio (in unit of 0.1% [1:1000])
Type: number
Range: 1-65535
window-sent-max
Description Set the maximum total sent byte
Type: number
Range: 1-65535
window-sent-min
Description Set the minimum total sent byte
Type: number
Range: 1-65535
window-violation
Description Set the violation threshold
Type: number
Range: 1-255
zone-template_tcp-list_filter-list¶
Specification Value Type list Block object keys byte-offset-filter
Description Filter using Berkeley Packet Filter syntax
Type: string
Format: string-rlx
Maximum Length: 1275 characters
Maximum Length: 1 characters
tcp-filter-action
Description ‘drop’: Drop packets (Default); ‘ignore’: Take no action; ‘blacklist-src’: Blacklist-src; ‘authenticate-src’: Authenticate-src;
Type: string
Supported Values: drop, ignore, blacklist-src, authenticate-src
Default: drop
Mutual Exclusion: tcp-filter-action and tcp-filter-action-list-name are mutually exclusive
tcp-filter-action-list-name
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: tcp-filter-action-list-name and tcp-filter-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
tcp-filter-inverse-match
Description Inverse the result of the matching
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
tcp-filter-name
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
tcp-filter-regex
Description Regex Expression
Type: string
Format: string-rlx
Maximum Length: 1275 characters
Maximum Length: 1 characters
tcp-filter-seq
Description Sequence number
Type: number
Range: 1-200
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template_tcp-list_known-resp-src-port-cfg¶
Specification Value Type object exclude-src-resp-port
Description Exclude src port equal to dst port
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
known-resp-src-port
Description Take action if src-port is less than 1024
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
known-resp-src-port-action
Description ‘drop’: Drop packets from well-known src-port(Default); ‘blacklist-src’: Blacklist-src from well-known src-port; ‘ignore’: Ignore well-known src-port;
Type: string
Supported Values: drop, blacklist-src, ignore
Mutual Exclusion: known-resp-src-port-action and known-resp-src-port-action-list-name are mutually exclusive
known-resp-src-port-action-list-name
Description Configure action-list to take for well-known src-port
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: known-resp-src-port-action-list-name and known-resp-src-port-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
zone-template_tcp-list_zero-win-cfg¶
Specification Value Type object zero-win
Description Take action if zero window pkts exceed configured threshold
Type: number
Range: 1-250
Mutual Exclusion: zero-win and per-conn-zero-win-rate-limit are mutually exclusive
zero-win-action
Description ‘drop’: Drop packets for zero-win exceed (Default); ‘blacklist-src’: help Blacklist-src for zero-win exceed; ‘ignore’: Ignore zero-win exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
Default: drop
Mutual Exclusion: zero-win-action and zero-win-action-list-name are mutually exclusive
zero-win-action-list-name
Description Configure action-list to take for zero window exceed
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: zero-win-action-list-name and zero-win-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
zone-template_tcp-list_per-conn-out-of-seq-rate-cfg¶
Specification Value Type object per-conn-out-of-seq-rate-action
Description ‘drop’: Drop packets for out-of-seq rate exceed (Default); ‘blacklist-src’: help Blacklist-src for out-of-seq rate exceed; ‘ignore’: help Ignore out-of-seq rate exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
Default: drop
Mutual Exclusion: per-conn-out-of-seq-rate-action and per-conn-out-of-seq-rate-action-list-name are mutually exclusive
per-conn-out-of-seq-rate-action-list-name
Description Configure action-list to take for out-of-seq rate exceed
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: per-conn-out-of-seq-rate-action-list-name and per-conn-out-of-seq-rate-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
per-conn-out-of-seq-rate-limit
Description Take action if out-of-seq pkt rate exceed configured threshold
Type: number
Range: 1-16000000
Mutual Exclusion: per-conn-out-of-seq-rate-limit and out-of-seq are mutually exclusive
zone-template_tcp-list_out-of-seq-cfg¶
Specification Value Type object out-of-seq
Description Take action if out-of-seq pkts exceed configured threshold
Type: number
Range: 1-64000
Mutual Exclusion: out-of-seq and per-conn-out-of-seq-rate-limit are mutually exclusive
out-of-seq-action
Description ‘drop’: Drop packets for out-of-seq exceed (Default); ‘blacklist-src’: help Blacklist-src for out-of-seq exceed; ‘ignore’: help Ignore out-of-seq exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
Default: drop
Mutual Exclusion: out-of-seq-action and out-of-seq-action-list-name are mutually exclusive
out-of-seq-action-list-name
Description Configure action-list to take for out-of-seq exceed
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: out-of-seq-action-list-name and out-of-seq-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
zone-template_quic-list¶
Specification Value Type list Block object keys fixed-bit-check-disable
Description Disable fixed-bit malform check
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
quic-tmpl-name
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
version-supported-list
Type: List
Reference Object: /axapi/v3/ddos/zone-template/quic/{quic-tmpl-name}/version-supported/{version-start}+{version-end}
zone-template_quic-list_version-supported-list¶
Specification Value Type list Block object keys malformed-check
Description: malformed-check is a JSON Block. Please see below for zone-template_quic-list_version-supported-list_malformed-check
Type: Object
Reference Object: /axapi/v3/ddos/zone-template/quic/{quic-tmpl-name}/version-supported/{version-start}+{version-end}/malformed-check
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
version-action
Description ‘drop’: Drop packets; ‘blacklist-src’: Blacklist-src;
Type: string
Supported Values: drop, blacklist-src
Mutual Exclusion: version-action and version-action-list-name are mutually exclusive
version-action-list-name
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: version-action-list-name and version-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
version-end
Description Version supported range end
Type: string
Format: time
Maximum Length: 4294967295 characters
Maximum Length: 1 characters
version-start
Description Configure versions supported
Type: string
Format: time
Maximum Length: 4294967295 characters
Maximum Length: 1 characters
zone-template_quic-list_version-supported-list_malformed-check¶
Specification Value Type object malformed-check-action
Description ‘drop’: Drop packets (Default); ‘blacklist-src’: Blacklist-src;
Type: string
Supported Values: drop, blacklist-src
Mutual Exclusion: malformed-check-action and malformed-check-action-list-name are mutually exclusive
malformed-check-action-list-name
Description Configure action-list to take. Overwrites version action
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: malformed-check-action-list-name and malformed-check-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
malformed-enable
Description ‘enable’: Enable malformed check;
Type: string
Supported Values: enable
Default: enable
max-destination-cid-length
Description Set the maximum destination CID length
Type: number
Range: 0-255
Default: 255
max-source-cid-length
Description Set the maximum source CID length
Type: number
Range: 0-255
Default: 255
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template_ssl-l4-list¶
Specification Value Type list Block object keys allow-non-tls
Description Allow Non-TLS (SSLv3 and lower) traffic (Warning: security may be compromised)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
auth-handshake
Description: auth-handshake is a JSON Block. Please see below for zone-template_ssl-l4-list_auth-handshake
Type: Object
disable
Description Disable this template
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dst
Description: dst is a JSON Block. Please see below for zone-template_ssl-l4-list_dst
Type: Object
multi-pu-threshold-distribution
Description: multi-pu-threshold-distribution is a JSON Block. Please see below for zone-template_ssl-l4-list_multi-pu-threshold-distribution
Type: Object
renegotiation
Description: renegotiation is a JSON Block. Please see below for zone-template_ssl-l4-list_renegotiation
Type: Object
src
Description: src is a JSON Block. Please see below for zone-template_ssl-l4-list_src
Type: Object
ssl-l4-tmpl-name
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
ssl-traffic-check
Description: ssl-traffic-check is a JSON Block. Please see below for zone-template_ssl-l4-list_ssl-traffic-check
Type: Object
Reference Object: /axapi/v3/ddos/zone-template/ssl-l4/{ssl-l4-tmpl-name}/ssl-traffic-check
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template_ssl-l4-list_auth-handshake¶
Specification Value Type object auth-handshake-fail-action
Description ‘drop’: Drop packets (Default); ‘blacklist-src’: Blacklist-src; ‘reset’: Reset client connection;
Type: string
Supported Values: drop, blacklist-src, reset
Mutual Exclusion: auth-handshake-fail-action and auth-handshake-fail-action-list-name are mutually exclusive
auth-handshake-fail-action-list-name
Description Configure action-list to take for failing the authentication
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: auth-handshake-fail-action-list-name and auth-handshake-fail-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
auth-handshake-pass-action
Description ‘authenticate-src’: authenticate-src (Default);
Type: string
Supported Values: authenticate-src
Mutual Exclusion: auth-handshake-pass-action and auth-handshake-pass-action-list-name are mutually exclusive
auth-handshake-pass-action-list-name
Description Configure action-list to take for passing the authentication
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: auth-handshake-pass-action-list-name and auth-handshake-pass-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
auth-handshake-timeout
Description Connection timeout (default 5 seconds) and trials (default 5 times) (DST support only)
Type: number
Range: 1-31
Default: 5
auth-handshake-trials
Description Number of failed handshakes before entry marked black
Type: number
Range: 0-15
Default: 5
cert-cfg
Description: cert-cfg is a JSON Block. Please see below for zone-template_ssl-l4-list_auth-handshake_cert-cfg
Type: Object
server-name-list
Type: List
zone-template_ssl-l4-list_auth-handshake_cert-cfg¶
Specification Value Type object cert
Description SSL certificate
Type: string
Maximum Length: 255 characters
Maximum Length: 1 characters
key
Description SSL key
Type: string
Maximum Length: 255 characters
Maximum Length: 1 characters
key-encrypted
Description Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string)key-passphrase
Description Password Phrase
Type: string
Format: password
Maximum Length: 63 characters
Maximum Length: 1 characters
zone-template_ssl-l4-list_auth-handshake_server-name-list¶
Specification Value Type list Block object keys server-cert
Description Server Certificate associated to SNI (Server Certificate Name)
Type: string
Maximum Length: 255 characters
Maximum Length: 1 characters
server-encrypted
Description Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string)server-key
Description Server Private Key associated to SNI (Server Private Key Name)
Type: string
Maximum Length: 255 characters
Maximum Length: 1 characters
server-name
Description Server name indication in Client hello extension (Server name String)
Type: string
Maximum Length: 255 characters
Maximum Length: 1 characters
server-passphrase
Description Password Phrase
Type: string
Format: password
Maximum Length: 63 characters
Maximum Length: 1 characters
zone-template_ssl-l4-list_src¶
Specification Value Type object rate-limit
Description: rate-limit is a JSON Block. Please see below for zone-template_ssl-l4-list_src_rate-limit
Type: Object
zone-template_ssl-l4-list_src_rate-limit¶
Specification Value Type object request
Description: request is a JSON Block. Please see below for zone-template_ssl-l4-list_src_rate-limit_request
Type: Object
zone-template_ssl-l4-list_src_rate-limit_request¶
Specification Value Type object src-request-rate-limit
Description
Type: number
Range: 1-16000000
src-request-rate-limit-action
Description ‘drop’: Drop packets (Default); ‘ignore’: Take no action; ‘reset’: Reset client connection;
Type: string
Supported Values: drop, ignore, reset
Mutual Exclusion: src-request-rate-limit-action and src-request-rate-limit-action-list-name are mutually exclusive
src-request-rate-limit-action-list-name
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: src-request-rate-limit-action-list-name and src-request-rate-limit-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
zone-template_ssl-l4-list_dst¶
Specification Value Type object rate-limit
Description: rate-limit is a JSON Block. Please see below for zone-template_ssl-l4-list_dst_rate-limit
Type: Object
zone-template_ssl-l4-list_dst_rate-limit¶
Specification Value Type object request
Description: request is a JSON Block. Please see below for zone-template_ssl-l4-list_dst_rate-limit_request
Type: Object
zone-template_ssl-l4-list_dst_rate-limit_request¶
Specification Value Type object dst-request-rate-limit
Description
Type: number
Range: 1-16000000
dst-request-rate-limit-action
Description ‘drop’: Drop packets (Default); ‘ignore’: Take no action; ‘reset’: Reset client connection;
Type: string
Supported Values: drop, ignore, reset
Mutual Exclusion: dst-request-rate-limit-action and dst-request-rate-limit-action-list-name are mutually exclusive
dst-request-rate-limit-action-list-name
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: dst-request-rate-limit-action-list-name and dst-request-rate-limit-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
zone-template_ssl-l4-list_ssl-traffic-check¶
Specification Value Type object check-resumed-connection
Description Apply checks to SSL connections initialized by ACK packets
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
header-action
Description ‘drop’: Drop packets with bad ssl header; ‘ignore’: Forward packets with bad ssl header;
Type: string
Supported Values: drop, ignore
header-inspection
Description Inspect ssl header
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template_ssl-l4-list_multi-pu-threshold-distribution¶
Specification Value Type object multi-pu-threshold-distribution-disable
Description ‘disable’: Destination side rate limit only. Default: Enable;
Type: string
Supported Values: disable
Mutual Exclusion: multi-pu-threshold-distribution-disable and multi-pu-threshold-distribution-value are mutually exclusive
multi-pu-threshold-distribution-value
Description Destination side rate limit only. Default: 0
Type: number
Range: 1-16000000
Mutual Exclusion: multi-pu-threshold-distribution-value and multi-pu-threshold-distribution-disable are mutually exclusive
zone-template_ssl-l4-list_renegotiation¶
Specification Value Type object num-renegotiation
Description Number of renegotiation allowed
Type: number
Range: 0-7
ssl-l4-reneg-action
Description ‘drop’: Drop packets (Default); ‘ignore’: Take no action; ‘blacklist-src’: Blacklist-src; ‘reset’: Reset client connection;
Type: string
Supported Values: drop, ignore, blacklist-src, reset
Mutual Exclusion: ssl-l4-reneg-action and ssl-l4-reneg-action-list-name are mutually exclusive
ssl-l4-reneg-action-list-name
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: ssl-l4-reneg-action-list-name and ssl-l4-reneg-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
zone-template_ips-list¶
Specification Value Type list Block object keys high-serverity-action-list-name
Description Configure action-list to take for high serverity signature
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/action-list
ips-profile-list
Type: Listips-tmpl-name
Description DDOS IPS Template Name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
low-serverity-action-list-name
Description Configure action-list to take for low serverity signature
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/action-list
medium-serverity-action-list-name
Description Configure action-list to take for medium serverity signature
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/action-list
streaming-scan-disable
Description Disable IPS streaming scan
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template_ips-list_ips-profile-list¶
Specification Value Type list Block object keys ips-profile-name
Description IPS Profile Name
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
zone-template_ip-proto-list¶
Specification Value Type list Block object keys filter-list
Type: List
Reference Object: /axapi/v3/ddos/zone-template/ip-proto/{name}/filter/{other-filter-name}
name
Description DDOS Ip-proto Template Name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template_ip-proto-list_filter-list¶
Specification Value Type list Block object keys byte-offset-filter
Description Filter using Berkeley Packet Filter syntax
Type: string
Format: string-rlx
Maximum Length: 1275 characters
Maximum Length: 1 characters
other-filter-action
Description ‘drop’: Drop packets (Default); ‘ignore’: Take no action; ‘blacklist-src’: Blacklist-src; ‘authenticate-src’: Authenticate-src;
Type: string
Supported Values: drop, ignore, blacklist-src, authenticate-src
Mutual Exclusion: other-filter-action and other-filter-action-list-name are mutually exclusive
other-filter-action-list-name
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: other-filter-action-list-name and other-filter-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
other-filter-inverse-match
Description Inverse the result of the matching
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
other-filter-name
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
other-filter-regex
Description Regex Expression
Type: string
Format: string-rlx
Maximum Length: 1275 characters
Maximum Length: 1 characters
other-filter-seq
Description Sequence number
Type: number
Range: 1-200
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template_dns-list¶
Specification Value Type list Block object keys allow-query-class
Description: allow-query-class is a JSON Block. Please see below for zone-template_dns-list_allow-query-class
Type: Object
allow-record-type
Description: allow-record-type is a JSON Block. Please see below for zone-template_dns-list_allow-record-type
Type: Object
dns-any-check
Description Drop DNS queries of Type ANY
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dns-any-check-action
Description ‘drop’: Drop packets (Default); ‘ignore’: Take no action; ‘blacklist-src’: Blacklist-src; ‘reset’: Reset client connection;
Type: string
Supported Values: drop, ignore, blacklist-src, reset
Default: drop
Mutual Exclusion: dns-any-check-action and dns-any-check-action-list-name are mutually exclusive
dns-any-check-action-list-name
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: dns-any-check-action-list-name and dns-any-check-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
dns-udp-authentication
Description: dns-udp-authentication is a JSON Block. Please see below for zone-template_dns-list_dns-udp-authentication
Type: Object
domain-group-name
Description Apply a domain-group to the DNS template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
dst
Description: dst is a JSON Block. Please see below for zone-template_dns-list_dst
Type: Object
fqdn-label-count-cfg
Description: fqdn-label-count-cfg is a JSON Block. Please see below for zone-template_dns-list_fqdn-label-count-cfg
Type: Object
fqdn-label-len-cfg
Type: Listmalformed-query-check
Description: malformed-query-check is a JSON Block. Please see below for zone-template_dns-list_malformed-query-check
Type: Object
Reference Object: /axapi/v3/ddos/zone-template/dns/{name}/malformed-query-check
multi-pu-threshold-distribution
Description: multi-pu-threshold-distribution is a JSON Block. Please see below for zone-template_dns-list_multi-pu-threshold-distribution
Type: Object
name
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
on-no-match
Description ‘permit’: permit; ‘deny’: deny (default);
Type: string
Supported Values: permit, deny
Default: deny
src
Description: src is a JSON Block. Please see below for zone-template_dns-list_src
Type: Object
symtimeout-cfg
Description: symtimeout-cfg is a JSON Block. Please see below for zone-template_dns-list_symtimeout-cfg
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template_dns-list_src¶
Specification Value Type object rate-limit
Description: rate-limit is a JSON Block. Please see below for zone-template_dns-list_src_rate-limit
Type: Object
zone-template_dns-list_src_rate-limit¶
Specification Value Type object nxdomain
Description: nxdomain is a JSON Block. Please see below for zone-template_dns-list_src_rate-limit_nxdomain
Type: Object
request
Description: request is a JSON Block. Please see below for zone-template_dns-list_src_rate-limit_request
Type: Object
zone-template_dns-list_src_rate-limit_request¶
Specification Value Type object src-dns-request-rate-limit-action
Description ‘drop’: Drop packets (Default); ‘ignore’: Take no action; ‘blacklist-src’: Blacklist-src; ‘reset’: Reset client connection;
Type: string
Supported Values: drop, ignore, blacklist-src, reset
Mutual Exclusion: src-dns-request-rate-limit-action and src-dns-request-rate-limit-action-list-name are mutually exclusive
src-dns-request-rate-limit-action-list-name
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: src-dns-request-rate-limit-action-list-name and src-dns-request-rate-limit-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
type
Description: type is a JSON Block. Please see below for zone-template_dns-list_src_rate-limit_request_type
Type: Object
zone-template_dns-list_src_rate-limit_request_type¶
Specification Value Type object A-cfg
Description: A-cfg is a JSON Block. Please see below for zone-template_dns-list_src_rate-limit_request_type_A-cfg
Type: Object
AAAA-cfg
Description: AAAA-cfg is a JSON Block. Please see below for zone-template_dns-list_src_rate-limit_request_type_AAAA-cfg
Type: Object
CNAME-cfg
Description: CNAME-cfg is a JSON Block. Please see below for zone-template_dns-list_src_rate-limit_request_type_CNAME-cfg
Type: Object
MX-cfg
Description: MX-cfg is a JSON Block. Please see below for zone-template_dns-list_src_rate-limit_request_type_MX-cfg
Type: Object
NS-cfg
Description: NS-cfg is a JSON Block. Please see below for zone-template_dns-list_src_rate-limit_request_type_NS-cfg
Type: Object
SRV-cfg
Description: SRV-cfg is a JSON Block. Please see below for zone-template_dns-list_src_rate-limit_request_type_SRV-cfg
Type: Object
dns-type-cfg
Type: List
zone-template_dns-list_src_rate-limit_request_type_SRV-cfg¶
Specification Value Type object SRV
Description Service locator
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
src-dns-srv-rate
Description DNS request rate
Type: number
Range: 1-16000000
zone-template_dns-list_src_rate-limit_request_type_CNAME-cfg¶
Specification Value Type object CNAME
Description Canonical name record
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
src-dns-cname-rate
Description
Type: number
Range: 1-16000000
zone-template_dns-list_src_rate-limit_request_type_dns-type-cfg¶
Specification Value Type list Block object keys src-dns-request-type
Description Other type value
Type: number
Range: 1-65535
src-dns-request-type-rate
Description request rate limit
Type: number
Range: 1-16000000
zone-template_dns-list_src_rate-limit_request_type_AAAA-cfg¶
Specification Value Type object AAAA
Description IPv6 address record
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
src-dns-aaaa-rate
Description
Type: number
Range: 1-16000000
zone-template_dns-list_src_rate-limit_request_type_A-cfg¶
Specification Value Type object A
Description Address record
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
src-dns-a-rate
Description
Type: number
Range: 1-16000000
zone-template_dns-list_src_rate-limit_request_type_MX-cfg¶
Specification Value Type object MX
Description Mail exchange record
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
src-dns-mx-rate
Description
Type: number
Range: 1-16000000
zone-template_dns-list_src_rate-limit_request_type_NS-cfg¶
Specification Value Type object NS
Description Name server record
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
src-dns-ns-rate
Description
Type: number
Range: 1-16000000
zone-template_dns-list_src_rate-limit_nxdomain¶
Specification Value Type object dns-nxdomain-rate
Description Limiting rate
Type: number
Range: 1-16000000
dns-nxdomain-rate-limit-action
Description ‘drop’: Drop packets (Default); ‘ignore’: Take no action; ‘blacklist-src’: Blacklist-src; ‘reset’: Reset client connection;
Type: string
Supported Values: drop, ignore, blacklist-src, reset
Mutual Exclusion: dns-nxdomain-rate-limit-action and dns-nxdomain-rate-limit-action-list-name are mutually exclusive
dns-nxdomain-rate-limit-action-list-name
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: dns-nxdomain-rate-limit-action-list-name and dns-nxdomain-rate-limit-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
zone-template_dns-list_fqdn-label-count-cfg¶
Specification Value Type object fqdn-label-count-action
Description ‘drop’: Drop packets (Default); ‘ignore’: Take no action; ‘blacklist-src’: Blacklist-src; ‘reset’: Send reset to client;
Type: string
Supported Values: drop, ignore, blacklist-src, reset
Mutual Exclusion: fqdn-label-count-action and fqdn-label-count-action-list-name are mutually exclusive
fqdn-label-count-action-list-name
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: fqdn-label-count-action-list-name and fqdn-label-count-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
label-count
Description Maximum number of FQDN labels per FQDN
Type: number
Range: 1-10
zone-template_dns-list_malformed-query-check¶
Specification Value Type object dns-malformed-query-action
Description ‘drop’: Drop packets (Default); ‘ignore’: Take no action; ‘blacklist-src’: Blacklist-src; ‘reset’: Reset client connection;
Type: string
Supported Values: drop, ignore, blacklist-src, reset
Mutual Exclusion: dns-malformed-query-action and dns-malformed-query-action-list-name are mutually exclusive
dns-malformed-query-action-list-name
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: dns-malformed-query-action-list-name and dns-malformed-query-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
non-query-opcode-check
Description ‘disable’: When malform check is enabled, TPS always drops DNS query with non query opcode, this option disables this opcode check;
Type: string
Supported Values: disable
skip-multi-packet-check
Description Bypass DNS fragmented and TCP segmented Queries(Default: dropped)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
validation-type
Description ‘basic-header-check’: Basic header validation for DNS TCP/UDP queries; ‘extended-header-check’: Extended header/query validation for DNS TCP/UDP queries; ‘disable’: Disable Malform query validation for DNS TCP/UDP;
Type: string
Supported Values: basic-header-check, extended-header-check, disable
zone-template_dns-list_dst¶
Specification Value Type object rate-limit
Description: rate-limit is a JSON Block. Please see below for zone-template_dns-list_dst_rate-limit
Type: Object
zone-template_dns-list_dst_rate-limit¶
Specification Value Type object domain-group-rate-exceed-action
Description ‘drop’: Drop the query (default); ‘tunnel-encap-packet’: Encapsulate the query and send on a tunnel;
Type: string
Supported Values: drop, tunnel-encap-packet
Default: drop
domain-group-rate-per-service
Description Enable per service domain rate checking
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
encap-template
Description DDOS encap template to sepcify the tunnel endpoint
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
fqdn
Description: fqdn is a JSON Block. Please see below for zone-template_dns-list_dst_rate-limit_fqdn
Type: Object
request
Description: request is a JSON Block. Please see below for zone-template_dns-list_dst_rate-limit_request
Type: Object
zone-template_dns-list_dst_rate-limit_request¶
Specification Value Type object dst-dns-request-rate-limit-action
Description ‘drop’: Drop packets (Default); ‘ignore’: Take no action; ‘reset’: Reset client connection; ‘blacklist-src’: Blacklist-src;
Type: string
Supported Values: drop, ignore, reset, blacklist-src
Mutual Exclusion: dst-dns-request-rate-limit-action and dst-dns-request-rate-limit-action-list-name are mutually exclusive
dst-dns-request-rate-limit-action-list-name
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: dst-dns-request-rate-limit-action-list-name and dst-dns-request-rate-limit-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
type
Description: type is a JSON Block. Please see below for zone-template_dns-list_dst_rate-limit_request_type
Type: Object
zone-template_dns-list_dst_rate-limit_request_type¶
Specification Value Type object A-cfg
Description: A-cfg is a JSON Block. Please see below for zone-template_dns-list_dst_rate-limit_request_type_A-cfg
Type: Object
AAAA-cfg
Description: AAAA-cfg is a JSON Block. Please see below for zone-template_dns-list_dst_rate-limit_request_type_AAAA-cfg
Type: Object
CNAME-cfg
Description: CNAME-cfg is a JSON Block. Please see below for zone-template_dns-list_dst_rate-limit_request_type_CNAME-cfg
Type: Object
MX-cfg
Description: MX-cfg is a JSON Block. Please see below for zone-template_dns-list_dst_rate-limit_request_type_MX-cfg
Type: Object
NS-cfg
Description: NS-cfg is a JSON Block. Please see below for zone-template_dns-list_dst_rate-limit_request_type_NS-cfg
Type: Object
SRV-cfg
Description: SRV-cfg is a JSON Block. Please see below for zone-template_dns-list_dst_rate-limit_request_type_SRV-cfg
Type: Object
dns-type-cfg
Type: List
zone-template_dns-list_dst_rate-limit_request_type_SRV-cfg¶
Specification Value Type object SRV
Description Service locator
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dns-srv-rate
Description DNS request rate
Type: number
Range: 1-16000000
zone-template_dns-list_dst_rate-limit_request_type_CNAME-cfg¶
Specification Value Type object CNAME
Description Canonical name record
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dns-cname-rate
Description
Type: number
Range: 1-16000000
zone-template_dns-list_dst_rate-limit_request_type_dns-type-cfg¶
Specification Value Type list Block object keys dns-request-type
Description Other type value
Type: number
Range: 1-65535
dns-request-type-rate
Description request rate limit
Type: number
Range: 1-16000000
zone-template_dns-list_dst_rate-limit_request_type_AAAA-cfg¶
Specification Value Type object AAAA
Description IPv6 address record
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dns-aaaa-rate
Description
Type: number
Range: 1-16000000
zone-template_dns-list_dst_rate-limit_request_type_A-cfg¶
Specification Value Type object A
Description Address record
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dns-a-rate
Description
Type: number
Range: 1-16000000
zone-template_dns-list_dst_rate-limit_request_type_MX-cfg¶
Specification Value Type object MX
Description Mail exchange record
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dns-mx-rate
Description
Type: number
Range: 1-16000000
zone-template_dns-list_dst_rate-limit_request_type_NS-cfg¶
Specification Value Type object NS
Description Name server record
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dns-ns-rate
Description
Type: number
Range: 1-16000000
zone-template_dns-list_dst_rate-limit_fqdn¶
Specification Value Type object dns-fqdn-rate-cfg
Type: Listdns-fqdn-rate-limit-action
Description ‘drop’: Drop packets (Default); ‘ignore’: Take no action; ‘reset’: Reset client connection; ‘blacklist-src’: Blacklist-src;
Type: string
Supported Values: drop, ignore, reset, blacklist-src
Mutual Exclusion: dns-fqdn-rate-limit-action and dns-fqdn-rate-limit-action-list-name are mutually exclusive
dns-fqdn-rate-limit-action-list-name
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: dns-fqdn-rate-limit-action-list-name and dns-fqdn-rate-limit-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
zone-template_dns-list_dst_rate-limit_fqdn_dns-fqdn-rate-cfg¶
Specification Value Type list Block object keys dns-fqdn-rate
Description Limiting rate (Range: 5-8000 for FQDN domain based rate limiting, 5-16000000 for FQDN label count based rate limiting)
Type: number
Range: 5-16000000
fqdn-rate-label-count
Description FQDN label count (Range: 1-8)
Type: number
Range: 1-8
fqdn-rate-suffix
Description Suffix count
Type: number
Range: 1-5
per
Description ‘domain-name’: Domain Name; ‘src-ip’: Source IP address; ‘label-count’: FQDN label count;
Type: string
Supported Values: domain-name, src-ip, label-count
per-domain-per-src-ip
Description Use both Domain Name and Source IP address for rate-limiting
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
zone-template_dns-list_allow-record-type¶
Specification Value Type object allow-a-type
Description Address record
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
allow-aaaa-type
Description IPv6 address record
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
allow-cname-type
Description Canonical name record
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
allow-mx-type
Description Mail exchange record
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
allow-ns-type
Description Name server record
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
allow-record-type-action
Description ‘drop’: Drop packets (Default); ‘blacklist-src’: Blacklist-src; ‘reset’: Reset client connection;
Type: string
Supported Values: drop, blacklist-src, reset
Mutual Exclusion: allow-record-type-action and allow-record-type-action-list-name are mutually exclusive
allow-record-type-action-list-name
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: allow-record-type-action-list-name and allow-record-type-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
allow-srv-type
Description Service locator
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
record-num-cfg
Type: List
zone-template_dns-list_allow-record-type_record-num-cfg¶
Specification Value Type list Block object keys allow-num-type
Description Other record type value
Type: number
Range: 1-65535
zone-template_dns-list_allow-query-class¶
Specification Value Type object allow-any-query-class
Description ANY query class
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
allow-chaos-query-class
Description CHAOS query class
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
allow-csnet-query-class
Description CSNET query class
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
allow-hesiod-query-class
Description HESIOD query class
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
allow-internet-query-class
Description INTERNET query class
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
allow-none-query-class
Description NONE query class
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
allow-query-class-action
Description ‘drop’: Drop packets (Default); ‘blacklist-src’: Blacklist-src; ‘reset’: Reset client connection;
Type: string
Supported Values: drop, blacklist-src, reset
Mutual Exclusion: allow-query-class-action and allow-query-class-action-list-name are mutually exclusive
allow-query-class-action-list-name
Description Configure action-list to take when query class doesn’t match
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: allow-query-class-action-list-name and allow-query-class-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
zone-template_dns-list_dns-udp-authentication¶
Specification Value Type object dns-udp-auth-fail-action
Description ‘drop’: Drop packets (Default); ‘blacklist-src’: Blacklist-src;
Type: string
Supported Values: drop, blacklist-src
Mutual Exclusion: dns-udp-auth-fail-action and dns-udp-auth-fail-action-list-name are mutually exclusive
dns-udp-auth-fail-action-list-name
Description Configure action-list to take for failing the authentication. (Applicable to dns-udp retry only)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: dns-udp-auth-fail-action-list-name and dns-udp-auth-fail-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
dns-udp-auth-pass-action
Description ‘authenticate-src’: authenticate-src (Default);
Type: string
Supported Values: authenticate-src
Mutual Exclusion: dns-udp-auth-pass-action and dns-udp-auth-pass-action-list-name are mutually exclusive
dns-udp-auth-pass-action-list-name
Description Configure action-list to take for passing the authentication
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: dns-udp-auth-pass-action-list-name and dns-udp-auth-pass-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
force-tcp-cfg
Description: force-tcp-cfg is a JSON Block. Please see below for zone-template_dns-list_dns-udp-authentication_force-tcp-cfg
Type: Object
min-delay
Description Optional minimum delay between DNS retransmits for authentication to pass, unit is specified by min-delay-interval
Type: number
Range: 1-80
Mutual Exclusion: min-delay and force-tcp are mutually exclusive
min-delay-interval
Description ‘100ms’: 100ms; ‘1sec’: 1sec;
Type: string
Supported Values: 100ms, 1sec
udp-timeout
Description UDP authentication timeout in seconds
Type: number
Range: 1-16
Mutual Exclusion: udp-timeout and force-tcp are mutually exclusive
zone-template_dns-list_dns-udp-authentication_force-tcp-cfg¶
Specification Value Type object force-tcp
Description Force DNS request over TCP
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: force-tcp, udp-timeout, and min-delay are mutually exclusive
force-tcp-ignore-client-source-port
Description Allow client to retransmit DNS request using different source port during udp-auth (supported in asymmetric mode only)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
force-tcp-min-delay
Description Optional minimum delay (seconds) between DNS retransmits for authentication to pass
Type: number
Range: 1-15
force-tcp-timeout
Description UDP authentication timeout in seconds
Type: number
Range: 1-16
zone-template_dns-list_multi-pu-threshold-distribution¶
Specification Value Type object multi-pu-threshold-distribution-disable
Description ‘disable’: Destination side rate limit only. Default: Enable;
Type: string
Supported Values: disable
Mutual Exclusion: multi-pu-threshold-distribution-disable and multi-pu-threshold-distribution-value are mutually exclusive
multi-pu-threshold-distribution-value
Description Destination side rate limit only. Default: 0
Type: number
Range: 1-16000000
Mutual Exclusion: multi-pu-threshold-distribution-value and multi-pu-threshold-distribution-disable are mutually exclusive
zone-template_dns-list_fqdn-label-len-cfg¶
Specification Value Type list Block object keys fqdn-label-length-action
Description ‘drop’: Drop packets (Default); ‘ignore’: Take no action; ‘blacklist-src’: Blacklist-src; ‘reset’: Reset client connection;
Type: string
Supported Values: drop, ignore, blacklist-src, reset
Mutual Exclusion: fqdn-label-length-action and fqdn-label-length-action-list-name are mutually exclusive
fqdn-label-length-action-list-name
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: fqdn-label-length-action-list-name and fqdn-label-length-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
fqdn-label-suffix
Description Number of suffixes
Type: number
Range: 1-5
label-length
Description Maximum length of FQDN label
Type: number
Range: 1-63
zone-template_dns-list_symtimeout-cfg¶
Specification Value Type object sym-timeout
Description Timeout for DNS Symmetric session
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sym-timeout-value
Description Session timeout value in seconds
Type: number
Range: 1-31
zone-template_icmp-v4-list¶
Specification Value Type list Block object keys filter-list
Type: List
Reference Object: /axapi/v3/ddos/zone-template/icmp-v4/{icmp-tmpl-name}/filter/{icmp-filter-name}
icmp-tmpl-name
Description DDOS ICMPv4 Template Name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
type-list
Type: List
Reference Object: /axapi/v3/ddos/zone-template/icmp-v4/{icmp-tmpl-name}/type/{type-number}
type-other
Description: type-other is a JSON Block. Please see below for zone-template_icmp-v4-list_type-other
Type: Object
Reference Object: /axapi/v3/ddos/zone-template/icmp-v4/{icmp-tmpl-name}/type-other
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template_icmp-v4-list_type-list¶
Specification Value Type list Block object keys dst-code-other-rate
Description Specify the rate with other code
Type: number
Range: 1-16000000
dst-code-other-rate-action
Description ‘drop’: Drop packets for rate exceed (Default); ‘blacklist-src’: Blacklist-src for rate exceed; ‘ignore’: Do nothing for rate exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
Mutual Exclusion: dst-code-other-rate-action and dst-code-other-rate-action-list-name are mutually exclusive
dst-code-other-rate-action-list-name
Description Configure action-list to take for rate exceed
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: dst-code-other-rate-action-list-name and dst-code-other-rate-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
icmp-type-action
Description ‘drop’: Reject this ICMP type; ‘blacklist-src’: Blacklist-src this ICMP type; ‘ignore’: Ignore this ICMP type;
Type: string
Supported Values: drop, blacklist-src, ignore
Mutual Exclusion: icmp-type-action and icmp-type-action-list-name are mutually exclusive
icmp-type-action-list-name
Description Configure action-list to take for this ICMP type
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: icmp-type-action-list-name and icmp-type-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
src-code-other-rate
Description Specify the rate with other code
Type: number
Range: 1-16000000
src-code-other-rate-action
Description ‘drop’: Drop packets for rate exceed (Default); ‘blacklist-src’: Blacklist-src for rate exceed; ‘ignore’: Do nothing for rate exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
Mutual Exclusion: src-code-other-rate-action and src-code-other-rate-action-list-name are mutually exclusive
src-code-other-rate-action-list-name
Description Configure action-list to take for rate exceed
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: src-code-other-rate-action-list-name and src-code-other-rate-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
type-number
Description Specify ICMP type number
Type: number
Range: 0-255
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
v4-dst-code-cfg
Type: Listv4-dst-rate-cfg
Description: v4-dst-rate-cfg is a JSON Block. Please see below for zone-template_icmp-v4-list_type-list_v4-dst-rate-cfg
Type: Object
v4-src-code-cfg
Type: Listv4-src-rate-cfg
Description: v4-src-rate-cfg is a JSON Block. Please see below for zone-template_icmp-v4-list_type-list_v4-src-rate-cfg
Type: Object
zone-template_icmp-v4-list_type-list_v4-src-rate-cfg¶
Specification Value Type object src-type-rate
Description Specify the whole src rate for this type
Type: number
Range: 1-16000000
src-type-rate-action
Description ‘drop’: Drop packets for rate exceed (Default); ‘blacklist-src’: Blacklist-src for rate exceed; ‘ignore’: Do nothing for rate exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
Mutual Exclusion: src-type-rate-action and src-type-rate-action-list-name are mutually exclusive
src-type-rate-action-list-name
Description Configure action-list to take for rate exceed
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: src-type-rate-action-list-name and src-type-rate-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
zone-template_icmp-v4-list_type-list_v4-dst-code-cfg¶
Specification Value Type list Block object keys dst-code-number
Description Specify the ICMP code for this dst rate
Type: number
Range: 0-255
dst-code-rate
Description Specify the rate with the code
Type: number
Range: 1-16000000
dst-code-rate-action
Description ‘drop’: Drop packets for rate exceed (Default); ‘blacklist-src’: Blacklist-src for rate exceed; ‘ignore’: Do nothing for rate exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
Mutual Exclusion: dst-code-rate-action and dst-code-rate-action-list-name are mutually exclusive
dst-code-rate-action-list-name
Description Configure action-list to take for rate exceed
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: dst-code-rate-action-list-name and dst-code-rate-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
zone-template_icmp-v4-list_type-list_v4-src-code-cfg¶
Specification Value Type list Block object keys src-code-number
Description Specify the ICMP code for this src rate
Type: number
Range: 0-255
src-code-rate
Description Specify the rate with the code
Type: number
Range: 1-16000000
src-code-rate-action
Description ‘drop’: Drop packets for rate exceed (Default); ‘blacklist-src’: Blacklist-src for rate exceed; ‘ignore’: Do nothing for rate exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
Mutual Exclusion: src-code-rate-action and src-code-rate-action-list-name are mutually exclusive
src-code-rate-action-list-name
Description Configure action-list to take for rate exceed
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: src-code-rate-action-list-name and src-code-rate-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
zone-template_icmp-v4-list_type-list_v4-dst-rate-cfg¶
Specification Value Type object dst-type-rate
Description Specify the whole dst rate for this type
Type: number
Range: 1-16000000
dst-type-rate-action
Description ‘drop’: Drop packets for rate exceed (Default); ‘blacklist-src’: Blacklist-src for rate exceed; ‘ignore’: Do nothing for rate exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
Mutual Exclusion: dst-type-rate-action and dst-type-rate-action-list-name are mutually exclusive
dst-type-rate-action-list-name
Description Configure action-list to take for rate exceed
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: dst-type-rate-action-list-name and dst-type-rate-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
zone-template_icmp-v4-list_type-other¶
Specification Value Type object dst
Description: dst is a JSON Block. Please see below for zone-template_icmp-v4-list_type-other_dst
Type: Object
icmp-type-other-action
Description ‘drop’: Reject wildcard ICMP type; ‘blacklist-src’: Blacklist-src wildcard ICMP type; ‘ignore’: Ignore wildcard ICMP type;
Type: string
Supported Values: drop, blacklist-src, ignore
Mutual Exclusion: icmp-type-other-action and icmp-type-other-action-list-name are mutually exclusive
icmp-type-other-action-list-name
Description Configure action-list to take for wildcard ICMP match
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: icmp-type-other-action-list-name and icmp-type-other-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
src
Description: src is a JSON Block. Please see below for zone-template_icmp-v4-list_type-other_src
Type: Object
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template_icmp-v4-list_type-other_src¶
Specification Value Type object src-type-other-rate
Description Specify the whole src rate for wildcard ICMP type
Type: number
Range: 1-16000000
src-type-other-rate-action
Description ‘drop’: Drop packets for rate exceed (Default); ‘blacklist-src’: Blacklist-src for rate exceed; ‘ignore’: Do nothing for rate exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
Mutual Exclusion: src-type-other-rate-action and src-type-other-rate-action-list-name are mutually exclusive
src-type-other-rate-action-list-name
Description Configure action-list to take for rate exceed
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: src-type-other-rate-action-list-name and src-type-other-rate-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
zone-template_icmp-v4-list_type-other_dst¶
Specification Value Type object dst-type-other-rate
Description Specify the whole dst rate for wildcard ICMP type
Type: number
Range: 1-16000000
dst-type-other-rate-action
Description ‘drop’: Drop packets for rate exceed (Default); ‘blacklist-src’: Blacklist-src for rate exceed; ‘ignore’: Do nothing for rate exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
Mutual Exclusion: dst-type-other-rate-action and dst-type-other-rate-action-list-name are mutually exclusive
dst-type-other-rate-action-list-name
Description Configure action-list to take for rate exceed
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: dst-type-other-rate-action-list-name and dst-type-other-rate-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
zone-template_icmp-v4-list_filter-list¶
Specification Value Type list Block object keys byte-offset-filter
Description filter using Berkeley packet filter syntax
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
icmp-filter-action
Description ‘drop’: Drop packets (Default); ‘ignore’: Take no action; ‘blacklist-src’: Blacklist-src;
Type: string
Supported Values: drop, ignore, blacklist-src
Default: drop
Mutual Exclusion: icmp-filter-action and icmp-filter-action-list-name are mutually exclusive
icmp-filter-action-list-name
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: icmp-filter-action-list-name and icmp-filter-action are mutually exclusive
icmp-filter-inverse-match
Description Inverse the result of matching
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
icmp-filter-name
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
icmp-filter-regex
Description Regex Expression
Type: string
Format: string-rlx
Maximum Length: 1275 characters
Maximum Length: 1 characters
icmp-filter-seq
Description sequence number
Type: number
Range: 1-200
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template_encap-list¶
Specification Value Type list Block object keys encap-tmpl-name
Description DDOS Tunnel Template Name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
preserve-source-ip
Description Use original source ip for encapsulation
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
tunnel-encap
Description: tunnel-encap is a JSON Block. Please see below for zone-template_encap-list_tunnel-encap
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template_encap-list_tunnel-encap¶
Specification Value Type object gre-cfg
Description: gre-cfg is a JSON Block. Please see below for zone-template_encap-list_tunnel-encap_gre-cfg
Type: Object
ip-cfg
Description: ip-cfg is a JSON Block. Please see below for zone-template_encap-list_tunnel-encap_ip-cfg
Type: Object
zone-template_encap-list_tunnel-encap_ip-cfg¶
Specification Value Type object always
Description: always is a JSON Block. Please see below for zone-template_encap-list_tunnel-encap_ip-cfg_always
Type: Object
ip-encap
Description Enable Tunnel encapsulation using IP in IP
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
zone-template_encap-list_tunnel-encap_ip-cfg_always¶
Specification Value Type object ipv4-addr
Description IPv4 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: ipv4-address
ipv6-addr
Description IPv6 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: ipv6-address
zone-template_encap-list_tunnel-encap_gre-cfg¶
Specification Value Type object gre-always
Description: gre-always is a JSON Block. Please see below for zone-template_encap-list_tunnel-encap_gre-cfg_gre-always
Type: Object
gre-encap
Description Enable Tunnel encapsulation using GRE
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
zone-template_encap-list_tunnel-encap_gre-cfg_gre-always¶
Specification Value Type object gre-ipv4
Description IPv4 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: ipv4-address
gre-ipv6
Description IPv6 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: ipv6-address
key-ipv4
Description Encapsulate with key (Hexadecimal 0x0-0xFFFFFFFF,decimal 0-4294967295)
Type: string
Maximum Length: 10 characters
Maximum Length: 1 characters
key-ipv6
Description Encapsulate with key (Hexadecimal 0x0-0xFFFFFFFF,decimal 0-4294967295)
Type: string
Maximum Length: 10 characters
Maximum Length: 1 characters
zone-template_udp-list¶
Specification Value Type list Block object keys age
Description Configure session age(in minutes) for UDP sessions
Type: number
Range: 1-63
Default: 2
filter-list
Type: List
Reference Object: /axapi/v3/ddos/zone-template/udp/{name}/filter/{udp-filter-name}
known-resp-src-port-cfg
Description: known-resp-src-port-cfg is a JSON Block. Please see below for zone-template_udp-list_known-resp-src-port-cfg
Type: Object
max-payload-size-cfg
Description: max-payload-size-cfg is a JSON Block. Please see below for zone-template_udp-list_max-payload-size-cfg
Type: Object
min-payload-size-cfg
Description: min-payload-size-cfg is a JSON Block. Please see below for zone-template_udp-list_min-payload-size-cfg
Type: Object
name
Description DDOS UDP Template Name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
ntp-monlist-cfg
Description: ntp-monlist-cfg is a JSON Block. Please see below for zone-template_udp-list_ntp-monlist-cfg
Type: Object
per-conn-pkt-rate-cfg
Description: per-conn-pkt-rate-cfg is a JSON Block. Please see below for zone-template_udp-list_per-conn-pkt-rate-cfg
Type: Object
per-conn-rate-interval
Description ‘100ms’: 100ms; ‘1sec’: 1sec;
Type: string
Supported Values: 100ms, 1sec
Default: 1sec
previous-salt-timeout
Description Token-Authentication previous salt-prefix timeout in minutes, default is 1 min
Type: number
Range: 1-10080
Default: 1
public-ipv4-addr
Description IP address
Type: string
Format: ipv4-address
public-ipv6-addr
Description IPV6 address
Type: string
Format: ipv6-address
spoof-detect-fail-action
Description ‘drop’: Drop packets (Default); ‘blacklist-src’: Blacklist-src for spoof-detect fail;
Type: string
Supported Values: drop, blacklist-src
Mutual Exclusion: spoof-detect-fail-action and spoof-detect-fail-action-list-name are mutually exclusive
spoof-detect-fail-action-list-name
Description Configure action-list to take for failing the authentication
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: spoof-detect-fail-action-list-name and spoof-detect-fail-action are mutually exclusive
spoof-detect-min-delay
Description Optional minimum delay between UDP retransmits for authentication to pass, unit is specified by min-delay-interval
Type: number
Range: 1-80
spoof-detect-min-delay-interval
Description ‘100ms’: 100ms; ‘1sec’: 1sec;
Type: string
Supported Values: 100ms, 1sec
Default: 1sec
spoof-detect-pass-action
Description ‘authenticate-src’: authenticate-src (Default);
Type: string
Supported Values: authenticate-src
Mutual Exclusion: spoof-detect-pass-action and spoof-detect-pass-action-list-name are mutually exclusive
spoof-detect-pass-action-list-name
Description Configure action-list to take for passing the authentication
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: spoof-detect-pass-action-list-name and spoof-detect-pass-action are mutually exclusive
spoof-detect-retry-timeout
Description Timeout in seconds
Type: number
Range: 1-31
token-authentication
Description Enable Token Authentication
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
token-authentication-formula
Description ‘md5_Salt-SrcIp-SrcPort-DstIp-DstPort’: md5 of Salt-SrcIp-SrcPort-DstIp-DstPort; ‘md5_Salt-DstIp-DstPort’: md5 of Salt-DstIp-DstPort; ‘md5_Salt-SrcIp-DstIp’: md5 of Salt-SrcIp-DstIp; ‘md5_Salt-SrcPort-DstPort’: md5 of Salt-SrcPort-DstPort; ‘md5_Salt-UintDstIp-DstPort’: Using the uint value of IP for md5 of Salt-DstIp-DstPort; ‘sha1_Salt-SrcIp-SrcPort-DstIp-DstPort’: sha1 of Salt-SrcIp-SrcPort-DstIp-DstPort; ‘sha1_Salt-DstIp-DstPort’: sha1 of Salt-DstIp-DstPort; ‘sha1_Salt-SrcIp-DstIp’: sha1 of Salt-SrcIp-DstIp; ‘sha1_Salt-SrcPort-DstPort’: sha1 of Salt-SrcPort-DstPort; ‘sha1_Salt-UintDstIp-DstPort’: Using the uint value of IP for sha1 of Salt-DstIp-DstPort;
Type: string
Supported Values: md5_Salt-SrcIp-SrcPort-DstIp-DstPort, md5_Salt-DstIp-DstPort, md5_Salt-SrcIp-DstIp, md5_Salt-SrcPort-DstPort, md5_Salt-UintDstIp-DstPort, sha1_Salt-SrcIp-SrcPort-DstIp-DstPort, sha1_Salt-DstIp-DstPort, sha1_Salt-SrcIp-DstIp, sha1_Salt-SrcPort-DstPort, sha1_Salt-UintDstIp-DstPort
token-authentication-hw-assist-disable
Description token-authentication disable hardware assistance
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
token-authentication-public-address
Description The server public IP address
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
token-authentication-salt-prefix
Description token-authentication salt-prefix
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
token-authentication-salt-prefix-curr
Description
Type: number
Range: 1-4294967295
token-authentication-salt-prefix-prev
Description
Type: number
Range: 1-4294967295
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template_udp-list_ntp-monlist-cfg¶
Specification Value Type object ntp-monlist
Description Take action for ntp monlist request/response
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
ntp-monlist-action
Description ‘drop’: Drop packets for ntp-monlist (Default); ‘blacklist-src’: Blacklist-src for ntp-monlist; ‘ignore’: Ignore ntp-monlist;
Type: string
Supported Values: drop, blacklist-src, ignore
Default: drop
Mutual Exclusion: ntp-monlist-action and ntp-monlist-action-list-name are mutually exclusive
ntp-monlist-action-list-name
Description Configure action-list to take for ntp-monlist
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: ntp-monlist-action-list-name and ntp-monlist-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
zone-template_udp-list_known-resp-src-port-cfg¶
Specification Value Type object exclude-src-resp-port
Description Exclude src port equal to dst port
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
known-resp-src-port
Description Take action if src-port is less than 1024
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
known-resp-src-port-action
Description ‘drop’: Drop packets from well-known src-port(Default); ‘blacklist-src’: Blacklist-src from well-known src-port; ‘ignore’: Ignore well-known src-port;
Type: string
Supported Values: drop, blacklist-src, ignore
Mutual Exclusion: known-resp-src-port-action and known-resp-src-port-action-list-name are mutually exclusive
known-resp-src-port-action-list-name
Description Configure action-list to take for well-known src-port
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: known-resp-src-port-action-list-name and known-resp-src-port-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
zone-template_udp-list_per-conn-pkt-rate-cfg¶
Specification Value Type object per-conn-pkt-rate-action
Description ‘drop’: Drop packets for per-conn-pkt-rate exceed (Default); ‘blacklist-src’: help Blacklist-src for per-conn-pkt-rate exceed; ‘ignore’: Ignore per-conn-pkt-rate-exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
Default: drop
Mutual Exclusion: per-conn-pkt-rate-action and per-conn-pkt-rate-action-list-name are mutually exclusive
per-conn-pkt-rate-action-list-name
Description Configure action-list to take for per-conn-pkt-rate exceed
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: per-conn-pkt-rate-action-list-name and per-conn-pkt-rate-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
per-conn-pkt-rate-limit
Description Packet rate limit per connection per rate-interval
Type: number
Range: 1-16000000
zone-template_udp-list_min-payload-size-cfg¶
Specification Value Type object min-payload-size
Description Minimum UDP payload size for each single packet
Type: number
Range: 1-1470
min-payload-size-action
Description ‘drop’: Drop packets for min-payload-size (Default); ‘blacklist-src’: Blacklist-src for min-payload-size; ‘ignore’: Do nothing for min-payload-size exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
Default: drop
Mutual Exclusion: min-payload-size-action and min-payload-size-action-list-name are mutually exclusive
min-payload-size-action-list-name
Description Configure action-list to take for min-payload-size exceed
Type: string
Format: string-rlx
Maximum Length: 64 characters
Maximum Length: 1 characters
Mutual Exclusion: min-payload-size-action-list-name and min-payload-size-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
zone-template_udp-list_filter-list¶
Specification Value Type list Block object keys byte-offset-filter
Description Filter using Berkeley Packet Filter syntax
Type: string
Format: string-rlx
Maximum Length: 1275 characters
Maximum Length: 1 characters
udp-filter-action
Description ‘drop’: Drop packets (Default); ‘ignore’: Take no action; ‘blacklist-src’: Blacklist-src; ‘authenticate-src’: Authenticate-src;
Type: string
Supported Values: drop, ignore, blacklist-src, authenticate-src
Default: drop
Mutual Exclusion: udp-filter-action and udp-filter-action-list-name are mutually exclusive
udp-filter-action-list-name
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: udp-filter-action-list-name and udp-filter-action are mutually exclusive
udp-filter-inverse-match
Description Inverse the result of the matching
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
udp-filter-name
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
udp-filter-regex
Description Regex Expression
Type: string
Format: string-rlx
Maximum Length: 1275 characters
Maximum Length: 1 characters
udp-filter-seq
Description Sequence number
Type: number
Range: 1-200
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template_udp-list_max-payload-size-cfg¶
Specification Value Type object max-payload-size
Description Maximum UDP payload size for each single packet
Type: number
Range: 1-1470
max-payload-size-action
Description ‘drop’: Drop packets for max-payload-size exceed (Default); ‘blacklist-src’: Blacklist-src for max-payload-size exceed; ‘ignore’: Do nothing for max-payload-size exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
Default: drop
Mutual Exclusion: max-payload-size-action and max-payload-size-action-list-name are mutually exclusive
max-payload-size-action-list-name
Description Configure action-list to take for max-payload-size exceed
Type: string
Format: string-rlx
Maximum Length: 64 characters
Maximum Length: 1 characters
Mutual Exclusion: max-payload-size-action-list-name and max-payload-size-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
zone-template_http-list¶
Specification Value Type list Block object keys challenge
Description: challenge is a JSON Block. Please see below for zone-template_http-list_challenge
Type: Object
client-source-ip
Description: client-source-ip is a JSON Block. Please see below for zone-template_http-list_client-source-ip
Type: Object
disable
Description Disable this template
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
disallow-connect-method
Description Do not allow HTTP Connect method (asymmetric mode only)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dst
Description: dst is a JSON Block. Please see below for zone-template_http-list_dst
Type: Object
filter-list
Type: List
Reference Object: /axapi/v3/ddos/zone-template/http/{http-tmpl-name}/filter/{http-filter-name}
http-tmpl-name
Description DDOS HTTP Template Name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
idle-timeout
Description: idle-timeout is a JSON Block. Please see below for zone-template_http-list_idle-timeout
Type: Object
malformed-http
Description: malformed-http is a JSON Block. Please see below for zone-template_http-list_malformed-http
Type: Object
Reference Object: /axapi/v3/ddos/zone-template/http/{http-tmpl-name}/malformed-http
mss-timeout
Description: mss-timeout is a JSON Block. Please see below for zone-template_http-list_mss-timeout
Type: Object
multi-pu-threshold-distribution
Description: multi-pu-threshold-distribution is a JSON Block. Please see below for zone-template_http-list_multi-pu-threshold-distribution
Type: Object
non-http-bypass
Description Bypass non-http traffic instead of dropping
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
out-of-order-queue-size
Description Set the number of packets for the out-of-order HTTP queue (asym mode only)
Type: number
Range: 0-15
Default: 3
out-of-order-queue-timeout
Description Set the timeout value in seconds for out-of-order queue in HTTP (asym mode only)
Type: number
Range: 0-15
Default: 3
request-header
Description: request-header is a JSON Block. Please see below for zone-template_http-list_request-header
Type: Object
slow-read
Description: slow-read is a JSON Block. Please see below for zone-template_http-list_slow-read
Type: Object
src
Description: src is a JSON Block. Please see below for zone-template_http-list_src
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template_http-list_client-source-ip¶
Specification Value Type object client-source-ip
Description Mitigate on src ip specified by http header for example X-Forwarded-For header. Default is disabled
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
http-header-name
Description Set the http header name to parse for client ip. Default is X-Forwarded-For
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
Default: X-Forwarded-For
zone-template_http-list_dst¶
Specification Value Type object rate-limit
Description: rate-limit is a JSON Block. Please see below for zone-template_http-list_dst_rate-limit
Type: Object
zone-template_http-list_dst_rate-limit¶
Specification Value Type object http-post
Description: http-post is a JSON Block. Please see below for zone-template_http-list_dst_rate-limit_http-post
Type: Object
http-request
Description: http-request is a JSON Block. Please see below for zone-template_http-list_dst_rate-limit_http-request
Type: Object
response-size
Description: response-size is a JSON Block. Please see below for zone-template_http-list_dst_rate-limit_response-size
Type: Object
zone-template_http-list_dst_rate-limit_response-size¶
Specification Value Type object between-cfg
Type: Listgreater-cfg
Type: Listless-cfg
Type: Listresponse-size-action
Description ‘drop’: Drop packets (Default); ‘ignore’: Take no action; ‘blacklist-src’: Blacklist-src; ‘reset’: Reset client connection;
Type: string
Supported Values: drop, ignore, blacklist-src, reset
Mutual Exclusion: response-size-action and response-size-action-list-name are mutually exclusive
response-size-action-list-name
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: response-size-action-list-name and response-size-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
zone-template_http-list_dst_rate-limit_response-size_between-cfg¶
Specification Value Type list Block object keys obj-between-rate
Description Response rate limit
Type: number
Range: 1-16000000
obj-between1
Description Response size configuration
Type: number
Range: 1-16000000
obj-between2
Description Response size configuration
Type: number
Range: 1-16000000
zone-template_http-list_dst_rate-limit_response-size_greater-cfg¶
Specification Value Type list Block object keys obj-greater
Description Response size configuration
Type: number
Range: 1-16000000
obj-greater-rate
Description Response rate limit
Type: number
Range: 1-16000000
zone-template_http-list_dst_rate-limit_response-size_less-cfg¶
Specification Value Type list Block object keys obj-less
Description Response size configuration
Type: number
Range: 1-16000000
obj-less-rate
Description Response rate limit
Type: number
Range: 1-16000000
zone-template_http-list_dst_rate-limit_http-post¶
Specification Value Type object dst-post-rate-limit
Description
Type: number
Range: 1-16000000
dst-post-rate-limit-action
Description ‘drop’: Drop packets(Default); ‘ignore’: Take no action; ‘reset’: Reset client connection; ‘blacklist-src’: Blacklist-src;
Type: string
Supported Values: drop, ignore, reset, blacklist-src
Default: drop
Mutual Exclusion: dst-post-rate-limit-action and dst-post-rate-limit-action-list-name are mutually exclusive
dst-post-rate-limit-action-list-name
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: dst-post-rate-limit-action-list-name and dst-post-rate-limit-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
zone-template_http-list_dst_rate-limit_http-request¶
Specification Value Type object dst-request-rate
Description
Type: number
Range: 1-16000000
dst-request-rate-limit-action
Description ‘drop’: Drop packets (Default); ‘ignore’: Take no action; ‘reset’: Reset client connection; ‘blacklist-src’: Blacklist-src;
Type: string
Supported Values: drop, ignore, reset, blacklist-src
Default: drop
Mutual Exclusion: dst-request-rate-limit-action and dst-request-rate-limit-action-list-name are mutually exclusive
dst-request-rate-limit-action-list-name
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: dst-request-rate-limit-action-list-name and dst-request-rate-limit-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
zone-template_http-list_src¶
Specification Value Type object rate-limit
Description: rate-limit is a JSON Block. Please see below for zone-template_http-list_src_rate-limit
Type: Object
zone-template_http-list_src_rate-limit¶
Specification Value Type object http-post
Description: http-post is a JSON Block. Please see below for zone-template_http-list_src_rate-limit_http-post
Type: Object
http-request
Description: http-request is a JSON Block. Please see below for zone-template_http-list_src_rate-limit_http-request
Type: Object
zone-template_http-list_src_rate-limit_http-post¶
Specification Value Type object src-post-rate-limit
Description
Type: number
Range: 1-16000000
src-post-rate-limit-action
Description ‘drop’: Drop packets(Default); ‘ignore’: Take no action; ‘reset’: Reset client connection; ‘blacklist-src’: Blacklist-src;
Type: string
Supported Values: drop, ignore, reset, blacklist-src
Default: drop
Mutual Exclusion: src-post-rate-limit-action and src-post-rate-limit-action-list-name are mutually exclusive
src-post-rate-limit-action-list-name
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: src-post-rate-limit-action-list-name and src-post-rate-limit-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
zone-template_http-list_src_rate-limit_http-request¶
Specification Value Type object src-request-rate
Description
Type: number
Range: 1-16000000
src-request-rate-limit-action
Description ‘drop’: Drop packets (Default); ‘ignore’: Take no action; ‘reset’: Reset client connection; ‘blacklist-src’: Blacklist-src;
Type: string
Supported Values: drop, ignore, reset, blacklist-src
Default: drop
Mutual Exclusion: src-request-rate-limit-action and src-request-rate-limit-action-list-name are mutually exclusive
src-request-rate-limit-action-list-name
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: src-request-rate-limit-action-list-name and src-request-rate-limit-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
zone-template_http-list_challenge¶
Specification Value Type object challenge-cookie-name
Description Set the cookie name used to send back to client. Default is sto-idd
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
Default: sto-idd
challenge-fail-action
Description ‘blacklist-src’: Blacklist-src; ‘reset’: Reset client connection(Default);
Type: string
Supported Values: blacklist-src, reset
Default: reset
Mutual Exclusion: challenge-fail-action and challenge-fail-action-list-name are mutually exclusive
challenge-fail-action-list-name
Description Configure action-list to take for failing the authentication
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: challenge-fail-action-list-name and challenge-fail-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
challenge-interval
Description Specify the challenge interval. Default is 8 seconds
Type: number
Range: 1-31
Default: 8
challenge-keep-cookie
Description Keep the challenge cookie from client and forward to backend. Default is do not keep
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
challenge-method
Description ‘http-redirect’: http-redirect; ‘javascript’: javascript;
Type: string
Supported Values: http-redirect, javascript
challenge-pass-action
Description ‘authenticate-src’: Authenticate-src (Default);
Type: string
Supported Values: authenticate-src
Mutual Exclusion: challenge-pass-action and challenge-pass-action-list-name are mutually exclusive
challenge-pass-action-list-name
Description Configure action-list to take for passing the authentication
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: challenge-pass-action-list-name and challenge-pass-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
challenge-redirect-code
Description ‘302’: 302 Found; ‘307’: 307 Temporary Redirect;
Type: string
Supported Values: 302, 307
Default: 302
challenge-uri-encode
Description Encode the challenge phrase in uri instead of in http cookie. Default encoded in http cookie
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
zone-template_http-list_idle-timeout¶
Specification Value Type object idle-timeout-action
Description ‘drop’: Drop packets (Default); ‘blacklist-src’: Blacklist-src; ‘reset’: Reset client connection;
Type: string
Supported Values: drop, blacklist-src, reset
Mutual Exclusion: idle-timeout-action and idle-timeout-action-list-name are mutually exclusive
idle-timeout-action-list-name
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: idle-timeout-action-list-name and idle-timeout-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
idle-timeout-value
Description Set the the idle timeout value in seconds for HTTP connections
Type: number
Range: 1-63
ignore-zero-payload
Description Don’t reset idle timer on packets with zero payload length from clients
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
zone-template_http-list_slow-read¶
Specification Value Type object min-window-count
Description Number of packets
Type: number
Range: 1-31
min-window-size
Description minimum window size
Type: number
Range: 1-65535
slow-read-action
Description ‘drop’: Drop packets (Default); ‘blacklist-src’: Blacklist-src; ‘ignore’: Take no action; ‘reset’: Reset client connection;
Type: string
Supported Values: drop, blacklist-src, ignore, reset
Mutual Exclusion: slow-read-action and slow-read-action-list-name are mutually exclusive
slow-read-action-list-name
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: slow-read-action-list-name and slow-read-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
zone-template_http-list_multi-pu-threshold-distribution¶
Specification Value Type object multi-pu-threshold-distribution-disable
Description ‘disable’: Destination side rate limit only. Default: Enable;
Type: string
Supported Values: disable
Mutual Exclusion: multi-pu-threshold-distribution-disable and multi-pu-threshold-distribution-value are mutually exclusive
multi-pu-threshold-distribution-value
Description Destination side rate limit only. Default: 0
Type: number
Range: 1-16000000
Mutual Exclusion: multi-pu-threshold-distribution-value and multi-pu-threshold-distribution-disable are mutually exclusive
zone-template_http-list_filter-list¶
Specification Value Type list Block object keys dst
Description: dst is a JSON Block. Please see below for zone-template_http-list_filter-list_dst
Type: Object
http-agent-cfg
Description: http-agent-cfg is a JSON Block. Please see below for zone-template_http-list_filter-list_http-agent-cfg
Type: Object
http-filter-action
Description ‘drop’: Drop packets (Default); ‘ignore’: Take no action; ‘blacklist-src’: Blacklist-src; ‘authenticate-src’: Authenticate-src; ‘reset’: Reset client connection;
Type: string
Supported Values: drop, ignore, blacklist-src, authenticate-src, reset
Mutual Exclusion: http-filter-action and http-filter-action-list-name are mutually exclusive
http-filter-action-list-name
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: http-filter-action-list-name and http-filter-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
http-filter-name
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
http-filter-seq
Description Sequence number
Type: number
Range: 1-200
http-header-cfg
Description: http-header-cfg is a JSON Block. Please see below for zone-template_http-list_filter-list_http-header-cfg
Type: Object
http-referer-cfg
Description: http-referer-cfg is a JSON Block. Please see below for zone-template_http-list_filter-list_http-referer-cfg
Type: Object
http-uri-cfg
Description: http-uri-cfg is a JSON Block. Please see below for zone-template_http-list_filter-list_http-uri-cfg
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template_http-list_filter-list_http-uri-cfg¶
Specification Value Type object uri-contains-cfg
Type: Listuri-ends-cfg
Type: Listuri-equal-cfg
Type: Listuri-starts-cfg
Type: List
zone-template_http-list_filter-list_http-uri-cfg_uri-equal-cfg¶
Specification Value Type list Block object keys http-filter-uri-equals
Description
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
zone-template_http-list_filter-list_http-uri-cfg_uri-starts-cfg¶
Specification Value Type list Block object keys http-filter-uri-starts-with
Description
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
zone-template_http-list_filter-list_http-uri-cfg_uri-ends-cfg¶
Specification Value Type list Block object keys http-filter-uri-ends-with
Description
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
zone-template_http-list_filter-list_http-uri-cfg_uri-contains-cfg¶
Specification Value Type list Block object keys http-filter-uri-contains
Description
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
zone-template_http-list_filter-list_dst¶
Specification Value Type object http-filter-rate-limit
Description Set rate limit
Type: number
Range: 1-16000000
zone-template_http-list_filter-list_http-agent-cfg¶
Specification Value Type object agent-contains-cfg
Type: Listagent-ends-cfg
Type: Listagent-equals-cfg
Type: Listagent-starts-cfg
Type: List
zone-template_http-list_filter-list_http-agent-cfg_agent-contains-cfg¶
Specification Value Type list Block object keys http-filter-agent-contains
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
zone-template_http-list_filter-list_http-agent-cfg_agent-ends-cfg¶
Specification Value Type list Block object keys http-filter-agent-ends-with
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
zone-template_http-list_filter-list_http-agent-cfg_agent-equals-cfg¶
Specification Value Type list Block object keys http-filter-agent-equals
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
zone-template_http-list_filter-list_http-agent-cfg_agent-starts-cfg¶
Specification Value Type list Block object keys http-filter-agent-starts-with
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
zone-template_http-list_filter-list_http-header-cfg¶
Specification Value Type object http-filter-header-inverse-match
Description
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
http-filter-header-regex
Description Regex Expression
Type: string
Format: string-rlx
Maximum Length: 1275 characters
Maximum Length: 1 characters
zone-template_http-list_filter-list_http-referer-cfg¶
Specification Value Type object referer-contains-cfg
Type: Listreferer-ends-cfg
Type: Listreferer-equals-cfg
Type: Listreferer-starts-cfg
Type: List
zone-template_http-list_filter-list_http-referer-cfg_referer-equals-cfg¶
Specification Value Type list Block object keys http-filter-referer-equals
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
zone-template_http-list_filter-list_http-referer-cfg_referer-starts-cfg¶
Specification Value Type list Block object keys http-filter-referer-starts-with
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
zone-template_http-list_filter-list_http-referer-cfg_referer-contains-cfg¶
Specification Value Type list Block object keys http-filter-referer-contains
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
zone-template_http-list_filter-list_http-referer-cfg_referer-ends-cfg¶
Specification Value Type list Block object keys http-filter-referer-ends-with
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
zone-template_http-list_mss-timeout¶
Specification Value Type object mss-percent
Description Configure percentage of mss such that if a packet size is below the mss times mss-percent, packet is considered bad.
Type: number
Range: 1-100
mss-timeout-action
Description ‘drop’: Drop packets (Default); ‘ignore’: Take no action; ‘blacklist-src’: Blacklist-src; ‘reset’: Reset client connection;
Type: string
Supported Values: drop, ignore, blacklist-src, reset
Mutual Exclusion: mss-timeout-action and mss-timeout-action-list-name are mutually exclusive
mss-timeout-action-list-name
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: mss-timeout-action-list-name and mss-timeout-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
number-packets
Description Specify percentage of mss. Default is 0, mss-timeout is not enabled.
Type: number
Range: 1-31
zone-template_http-list_malformed-http¶
Specification Value Type object malformed-http
Description ‘check’: Configure malformed HTTP parameters;
Type: string
Supported Values: check
Default: check
malformed-http-action
Description ‘drop’: Drop packets (Default); ‘reset’: Reset client connection; ‘blacklist-src’: Blacklist-src;
Type: string
Supported Values: drop, reset, blacklist-src
Mutual Exclusion: malformed-http-action and malformed-http-action-list-name are mutually exclusive
malformed-http-action-list-name
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: malformed-http-action-list-name and malformed-http-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
malformed-http-bad-chunk-mon-enabled
Description Enabling bad chunk monitoring. Default is disabled
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
malformed-http-max-content-length
Description Set the maxinum content-length header. Default value is 4294967295 bytes
Type: number
Range: 1-4294967295
Default: 4294967295
malformed-http-max-header-name-size
Description Set the maxinum header name length. Default value is 64.
Type: number
Range: 1-64
Default: 64
malformed-http-max-line-size
Description Set the maximum line size. Default value is 32512
Type: number
Range: 1-65280
Default: 32512
malformed-http-max-num-headers
Description Set the maximum number of headers. Default value is 90
Type: number
Range: 1-90
Default: 90
malformed-http-max-req-line-size
Description Set the maximum request line size. Default value is 32512
Type: number
Range: 1-65280
Default: 32512
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template_http-list_request-header¶
Specification Value Type object header-timeout-action
Description ‘drop’: Drop packets (Default); ‘blacklist-src’: Blacklist-src; ‘reset’: Reset client connection;
Type: string
Supported Values: drop, blacklist-src, reset
Default: drop
Mutual Exclusion: header-timeout-action and header-timeout-action-list-name are mutually exclusive
header-timeout-action-list-name
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: header-timeout-action-list-name and header-timeout-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
timeout
Description
Type: number
Range: 1-63
zone-template_sip-list¶
Specification Value Type list Block object keys dst
Description: dst is a JSON Block. Please see below for zone-template_sip-list_dst
Type: Object
filter-header-list
Type: List
Reference Object: /axapi/v3/ddos/zone-template/sip/{sip-tmpl-name}/filter-header/{sip-filter-name}
idle-timeout
Description: idle-timeout is a JSON Block. Please see below for zone-template_sip-list_idle-timeout
Type: Object
malformed-sip
Description: malformed-sip is a JSON Block. Please see below for zone-template_sip-list_malformed-sip
Type: Object
Reference Object: /axapi/v3/ddos/zone-template/sip/{sip-tmpl-name}/malformed-sip
multi-pu-threshold-distribution
Description: multi-pu-threshold-distribution is a JSON Block. Please see below for zone-template_sip-list_multi-pu-threshold-distribution
Type: Object
sip-tmpl-name
Description DDOS SIP Template Name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
src
Description: src is a JSON Block. Please see below for zone-template_sip-list_src
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template_sip-list_src¶
Specification Value Type object sip-request-rate-limit
Description: sip-request-rate-limit is a JSON Block. Please see below for zone-template_sip-list_src_sip-request-rate-limit
Type: Object
zone-template_sip-list_src_sip-request-rate-limit¶
Specification Value Type object method
Description: method is a JSON Block. Please see below for zone-template_sip-list_src_sip-request-rate-limit_method
Type: Object
src-sip-rate-action
Description ‘drop’: Drop packets(Default); ‘ignore’: Take no action; ‘reset’: Reset (sip-tcp) client connection; ‘blacklist-src’: Blacklist-src;
Type: string
Supported Values: drop, ignore, reset, blacklist-src
Default: drop
Mutual Exclusion: src-sip-rate-action and src-sip-rate-action-list-name are mutually exclusive
src-sip-rate-action-list-name
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: src-sip-rate-action-list-name and src-sip-rate-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
zone-template_sip-list_src_sip-request-rate-limit_method¶
Specification Value Type object bye-cfg
Description: bye-cfg is a JSON Block. Please see below for zone-template_sip-list_src_sip-request-rate-limit_method_bye-cfg
Type: Object
invite-cfg
Description: invite-cfg is a JSON Block. Please see below for zone-template_sip-list_src_sip-request-rate-limit_method_invite-cfg
Type: Object
message-cfg
Description: message-cfg is a JSON Block. Please see below for zone-template_sip-list_src_sip-request-rate-limit_method_message-cfg
Type: Object
notify-cfg
Description: notify-cfg is a JSON Block. Please see below for zone-template_sip-list_src_sip-request-rate-limit_method_notify-cfg
Type: Object
options-cfg
Description: options-cfg is a JSON Block. Please see below for zone-template_sip-list_src_sip-request-rate-limit_method_options-cfg
Type: Object
refer-cfg
Description: refer-cfg is a JSON Block. Please see below for zone-template_sip-list_src_sip-request-rate-limit_method_refer-cfg
Type: Object
register-cfg
Description: register-cfg is a JSON Block. Please see below for zone-template_sip-list_src_sip-request-rate-limit_method_register-cfg
Type: Object
subscribe-cfg
Description: subscribe-cfg is a JSON Block. Please see below for zone-template_sip-list_src_sip-request-rate-limit_method_subscribe-cfg
Type: Object
update-cfg
Description: update-cfg is a JSON Block. Please see below for zone-template_sip-list_src_sip-request-rate-limit_method_update-cfg
Type: Object
zone-template_sip-list_src_sip-request-rate-limit_method_options-cfg¶
Specification Value Type object OPTIONS
Description OPTIONS method
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
src-sip-options-rate
Description
Type: number
Range: 1-16000000
zone-template_sip-list_src_sip-request-rate-limit_method_refer-cfg¶
Specification Value Type object REFER
Description REFER method
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
src-sip-refer-rate
Description
Type: number
Range: 1-16000000
zone-template_sip-list_src_sip-request-rate-limit_method_bye-cfg¶
Specification Value Type object BYE
Description BYE method
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
src-sip-bye-rate
Description
Type: number
Range: 1-16000000
zone-template_sip-list_src_sip-request-rate-limit_method_subscribe-cfg¶
Specification Value Type object SUBSCRIBE
Description SUBSCRIBE method
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
src-sip-subscribe-rate
Description
Type: number
Range: 1-16000000
zone-template_sip-list_src_sip-request-rate-limit_method_register-cfg¶
Specification Value Type object REGISTER
Description REGISTER method
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
src-sip-register-rate
Description
Type: number
Range: 1-16000000
zone-template_sip-list_src_sip-request-rate-limit_method_invite-cfg¶
Specification Value Type object INVITE
Description INVITE method
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
src-sip-invite-rate
Description
Type: number
Range: 1-16000000
zone-template_sip-list_src_sip-request-rate-limit_method_message-cfg¶
Specification Value Type object MESSAGE
Description MESSAGE method
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
src-sip-message-rate
Description
Type: number
Range: 1-16000000
zone-template_sip-list_src_sip-request-rate-limit_method_update-cfg¶
Specification Value Type object UPDATE
Description UPDATE method
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
src-sip-update-rate
Description
Type: number
Range: 1-16000000
zone-template_sip-list_src_sip-request-rate-limit_method_notify-cfg¶
Specification Value Type object NOTIFY
Description NOTIFY method
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
src-sip-notify-rate
Description
Type: number
Range: 1-16000000
zone-template_sip-list_dst¶
Specification Value Type object sip-request-rate-limit
Description: sip-request-rate-limit is a JSON Block. Please see below for zone-template_sip-list_dst_sip-request-rate-limit
Type: Object
zone-template_sip-list_dst_sip-request-rate-limit¶
Specification Value Type object dst-sip-rate-action
Description ‘drop’: Drop packets(Default); ‘ignore’: Take no action; ‘reset’: Reset (sip-tcp) client connection; ‘blacklist-src’: Blacklist-src;
Type: string
Supported Values: drop, ignore, reset, blacklist-src
Default: drop
Mutual Exclusion: dst-sip-rate-action and dst-sip-rate-action-list-name are mutually exclusive
dst-sip-rate-action-list-name
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: dst-sip-rate-action-list-name and dst-sip-rate-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
method
Description: method is a JSON Block. Please see below for zone-template_sip-list_dst_sip-request-rate-limit_method
Type: Object
zone-template_sip-list_dst_sip-request-rate-limit_method¶
Specification Value Type object bye-cfg
Description: bye-cfg is a JSON Block. Please see below for zone-template_sip-list_dst_sip-request-rate-limit_method_bye-cfg
Type: Object
invite-cfg
Description: invite-cfg is a JSON Block. Please see below for zone-template_sip-list_dst_sip-request-rate-limit_method_invite-cfg
Type: Object
message-cfg
Description: message-cfg is a JSON Block. Please see below for zone-template_sip-list_dst_sip-request-rate-limit_method_message-cfg
Type: Object
notify-cfg
Description: notify-cfg is a JSON Block. Please see below for zone-template_sip-list_dst_sip-request-rate-limit_method_notify-cfg
Type: Object
options-cfg
Description: options-cfg is a JSON Block. Please see below for zone-template_sip-list_dst_sip-request-rate-limit_method_options-cfg
Type: Object
refer-cfg
Description: refer-cfg is a JSON Block. Please see below for zone-template_sip-list_dst_sip-request-rate-limit_method_refer-cfg
Type: Object
register-cfg
Description: register-cfg is a JSON Block. Please see below for zone-template_sip-list_dst_sip-request-rate-limit_method_register-cfg
Type: Object
subscribe-cfg
Description: subscribe-cfg is a JSON Block. Please see below for zone-template_sip-list_dst_sip-request-rate-limit_method_subscribe-cfg
Type: Object
update-cfg
Description: update-cfg is a JSON Block. Please see below for zone-template_sip-list_dst_sip-request-rate-limit_method_update-cfg
Type: Object
zone-template_sip-list_dst_sip-request-rate-limit_method_options-cfg¶
Specification Value Type object OPTIONS
Description OPTIONS method
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dst-sip-options-rate
Description
Type: number
Range: 1-16000000
zone-template_sip-list_dst_sip-request-rate-limit_method_refer-cfg¶
Specification Value Type object REFER
Description REFER method
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dst-sip-refer-rate
Description
Type: number
Range: 1-16000000
zone-template_sip-list_dst_sip-request-rate-limit_method_bye-cfg¶
Specification Value Type object BYE
Description BYE method
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dst-sip-bye-rate
Description
Type: number
Range: 1-16000000
zone-template_sip-list_dst_sip-request-rate-limit_method_subscribe-cfg¶
Specification Value Type object SUBSCRIBE
Description SUBSCRIBE method
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dst-sip-subscribe-rate
Description
Type: number
Range: 1-16000000
zone-template_sip-list_dst_sip-request-rate-limit_method_register-cfg¶
Specification Value Type object REGISTER
Description REGISTER method
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dst-sip-register-rate
Description
Type: number
Range: 1-16000000
zone-template_sip-list_dst_sip-request-rate-limit_method_invite-cfg¶
Specification Value Type object INVITE
Description INVITE method
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dst-sip-invite-rate
Description
Type: number
Range: 1-16000000
zone-template_sip-list_dst_sip-request-rate-limit_method_message-cfg¶
Specification Value Type object MESSAGE
Description MESSAGE method
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dst-sip-message-rate
Description
Type: number
Range: 1-16000000
zone-template_sip-list_dst_sip-request-rate-limit_method_update-cfg¶
Specification Value Type object UPDATE
Description UPDATE method
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dst-sip-update-rate
Description
Type: number
Range: 1-16000000
zone-template_sip-list_dst_sip-request-rate-limit_method_notify-cfg¶
Specification Value Type object NOTIFY
Description NOTIFY method
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dst-sip-notify-rate
Description
Type: number
Range: 1-16000000
zone-template_sip-list_idle-timeout¶
Specification Value Type object idle-timeout-action
Description ‘drop’: Drop packets (Default); ‘blacklist-src’: Blacklist-src; ‘reset’: Reset (sip-tcp) client connection;
Type: string
Supported Values: drop, blacklist-src, reset
Mutual Exclusion: idle-timeout-action and idle-timeout-action-list-name are mutually exclusive
idle-timeout-action-list-name
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: idle-timeout-action-list-name and idle-timeout-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
idle-timeout-value
Description Set the the idle timeout value for SIP-TCP connections
Type: number
Range: 1-63
ignore-zero-payload
Description Don’t reset idle timer on packets with zero payload length from clients
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
zone-template_sip-list_multi-pu-threshold-distribution¶
Specification Value Type object multi-pu-threshold-distribution-disable
Description ‘disable’: Destination side rate limit only. Default: Enable;
Type: string
Supported Values: disable
Mutual Exclusion: multi-pu-threshold-distribution-disable and multi-pu-threshold-distribution-value are mutually exclusive
multi-pu-threshold-distribution-value
Description Destination side rate limit only. Default: 0
Type: number
Range: 1-16000000
Mutual Exclusion: multi-pu-threshold-distribution-value and multi-pu-threshold-distribution-disable are mutually exclusive
zone-template_sip-list_malformed-sip¶
Specification Value Type object malformed-sip-action
Description ‘drop’: Drop packets (Default); ‘reset’: Reset (sip-tcp) client connection; ‘blacklist-src’: Blacklist-src;
Type: string
Supported Values: drop, reset, blacklist-src
Default: drop
Mutual Exclusion: malformed-sip-action and malformed-sip-action-list-name are mutually exclusive
malformed-sip-action-list-name
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: malformed-sip-action-list-name and malformed-sip-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
malformed-sip-call-id-max-length
Description Set the maximum call-id length. Default value is 32511
Type: number
Range: 1-32511
Default: 32511
malformed-sip-check
Description ‘enable-check’: Enable malformed SIP parameters;
Type: string
Supported Values: enable-check
malformed-sip-max-header-name-length
Description Set the maximum header name length. Default value is 63
Type: number
Range: 1-63
Default: 63
malformed-sip-max-header-value-length
Description Set the maximum header value length. Default value is 32511
Type: number
Range: 1-32511
Default: 32511
malformed-sip-max-line-size
Description Set the maximum line size. Default value is 32511
Type: number
Range: 1-32511
Default: 32511
malformed-sip-max-uri-length
Description Set the maximum uri size. Default value is 32511
Type: number
Range: 1-32511
Default: 32511
malformed-sip-sdp-max-length
Description Set the maxinum SDP content length. Default value is 32511
Type: number
Range: 1-32511
Default: 32511
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template_sip-list_filter-header-list¶
Specification Value Type list Block object keys sip-filter-action
Description ‘drop’: Drop packets (Default); ‘ignore’: Take no action; ‘blacklist-src’: Blacklist-src; ‘authenticate-src’: Authenticate-src; ‘reset’: Reset client connection(for sip-tcp);
Type: string
Supported Values: drop, ignore, blacklist-src, authenticate-src, reset
Mutual Exclusion: sip-filter-action and sip-filter-action-list-name are mutually exclusive
sip-filter-action-list-name
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: sip-filter-action-list-name and sip-filter-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
sip-filter-header-seq
Description Sequence number
Type: number
Range: 1-200
sip-filter-name
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
sip-header-cfg
Description: sip-header-cfg is a JSON Block. Please see below for zone-template_sip-list_filter-header-list_sip-header-cfg
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template_sip-list_filter-header-list_sip-header-cfg¶
Specification Value Type object sip-filter-header-inverse-match
Description
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sip-filter-header-regex
Description Regex Expression
Type: string
Format: string-rlx
Maximum Length: 1275 characters
Maximum Length: 1 characters
zone-template_icmp-v6-list¶
Specification Value Type list Block object keys filter-list
Type: List
Reference Object: /axapi/v3/ddos/zone-template/icmp-v6/{icmp-tmpl-name}/filter/{icmp-filter-name}
icmp-tmpl-name
Description DDOS ICMPv6 Template Name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
type-list
Type: List
Reference Object: /axapi/v3/ddos/zone-template/icmp-v6/{icmp-tmpl-name}/type/{type-number}
type-other
Description: type-other is a JSON Block. Please see below for zone-template_icmp-v6-list_type-other
Type: Object
Reference Object: /axapi/v3/ddos/zone-template/icmp-v6/{icmp-tmpl-name}/type-other
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template_icmp-v6-list_type-list¶
Specification Value Type list Block object keys dst-code-other-rate
Description Specify the rate with other code
Type: number
Range: 1-16000000
dst-code-other-rate-action
Description ‘drop’: Drop packets for rate exceed (Default); ‘blacklist-src’: Blacklist-src for rate exceed; ‘ignore’: Do nothing for rate exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
Mutual Exclusion: dst-code-other-rate-action and dst-code-other-rate-action-list-name are mutually exclusive
dst-code-other-rate-action-list-name
Description Configure action-list to take for rate exceed
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: dst-code-other-rate-action-list-name and dst-code-other-rate-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
icmp-type-action
Description ‘drop’: Reject this ICMP type; ‘blacklist-src’: Blacklist-src this ICMP type; ‘ignore’: Ignore this ICMP type;
Type: string
Supported Values: drop, blacklist-src, ignore
Mutual Exclusion: icmp-type-action and icmp-type-action-list-name are mutually exclusive
icmp-type-action-list-name
Description Configure action-list to take for this ICMP type
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: icmp-type-action-list-name and icmp-type-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
src-code-other-rate
Description Specify the rate with other code
Type: number
Range: 1-16000000
src-code-other-rate-action
Description ‘drop’: Drop packets for rate exceed (Default); ‘blacklist-src’: Blacklist-src for rate exceed; ‘ignore’: Do nothing for rate exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
Mutual Exclusion: src-code-other-rate-action and src-code-other-rate-action-list-name are mutually exclusive
src-code-other-rate-action-list-name
Description Configure action-list to take for rate exceed
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: src-code-other-rate-action-list-name and src-code-other-rate-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
type-number
Description Specify ICMP type number
Type: number
Range: 0-255
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
v6-dst-code-cfg
Type: Listv6-dst-rate-cfg
Description: v6-dst-rate-cfg is a JSON Block. Please see below for zone-template_icmp-v6-list_type-list_v6-dst-rate-cfg
Type: Object
v6-src-code-cfg
Type: Listv6-src-rate-cfg
Description: v6-src-rate-cfg is a JSON Block. Please see below for zone-template_icmp-v6-list_type-list_v6-src-rate-cfg
Type: Object
zone-template_icmp-v6-list_type-list_v6-dst-rate-cfg¶
Specification Value Type object dst-type-rate
Description Specify the whole dst rate for this type
Type: number
Range: 1-16000000
dst-type-rate-action
Description ‘drop’: Drop packets for rate exceed (Default); ‘blacklist-src’: Blacklist-src for rate exceed; ‘ignore’: Do nothing for rate exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
Mutual Exclusion: dst-type-rate-action and dst-type-rate-action-list-name are mutually exclusive
dst-type-rate-action-list-name
Description Configure action-list to take for rate exceed
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: dst-type-rate-action-list-name and dst-type-rate-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
zone-template_icmp-v6-list_type-list_v6-src-rate-cfg¶
Specification Value Type object src-type-rate
Description Specify the whole src rate for this type
Type: number
Range: 1-16000000
src-type-rate-action
Description ‘drop’: Drop packets for rate exceed (Default); ‘blacklist-src’: Blacklist-src for rate exceed; ‘ignore’: Do nothing for rate exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
Mutual Exclusion: src-type-rate-action and src-type-rate-action-list-name are mutually exclusive
src-type-rate-action-list-name
Description Configure action-list to take for rate exceed
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: src-type-rate-action-list-name and src-type-rate-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
zone-template_icmp-v6-list_type-list_v6-src-code-cfg¶
Specification Value Type list Block object keys src-code-number
Description Specify the ICMP code for this src rate
Type: number
Range: 0-255
src-code-rate
Description Specify the rate with the code
Type: number
Range: 1-16000000
src-code-rate-action
Description ‘drop’: Drop packets for rate exceed (Default); ‘blacklist-src’: Blacklist-src for rate exceed; ‘ignore’: Do nothing for rate exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
Mutual Exclusion: src-code-rate-action and src-code-rate-action-list-name are mutually exclusive
src-code-rate-action-list-name
Description Configure action-list to take for rate exceed
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: src-code-rate-action-list-name and src-code-rate-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
zone-template_icmp-v6-list_type-list_v6-dst-code-cfg¶
Specification Value Type list Block object keys dst-code-number
Description Specify the ICMP code for this dst rate
Type: number
Range: 0-255
dst-code-rate
Description Specify the rate with the code
Type: number
Range: 1-16000000
dst-code-rate-action
Description ‘drop’: Drop packets for rate exceed (Default); ‘blacklist-src’: Blacklist-src for rate exceed; ‘ignore’: Do nothing for rate exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
Mutual Exclusion: dst-code-rate-action and dst-code-rate-action-list-name are mutually exclusive
dst-code-rate-action-list-name
Description Configure action-list to take for rate exceed
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: dst-code-rate-action-list-name and dst-code-rate-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
zone-template_icmp-v6-list_type-other¶
Specification Value Type object dst
Description: dst is a JSON Block. Please see below for zone-template_icmp-v6-list_type-other_dst
Type: Object
icmp-type-other-action
Description ‘drop’: Reject wildcard ICMP type; ‘blacklist-src’: Blacklist-src wildcard ICMP type; ‘ignore’: Ignore wildcard ICMP type;
Type: string
Supported Values: drop, blacklist-src, ignore
Mutual Exclusion: icmp-type-other-action and icmp-type-other-action-list-name are mutually exclusive
icmp-type-other-action-list-name
Description Configure action-list to take for wildcard ICMP match
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: icmp-type-other-action-list-name and icmp-type-other-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
src
Description: src is a JSON Block. Please see below for zone-template_icmp-v6-list_type-other_src
Type: Object
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template_icmp-v6-list_type-other_src¶
Specification Value Type object src-type-other-rate
Description Specify the whole src rate for wildcard ICMP type
Type: number
Range: 1-16000000
src-type-other-rate-action
Description ‘drop’: Drop packets for rate exceed (Default); ‘blacklist-src’: Blacklist-src for rate exceed; ‘ignore’: Do nothing for rate exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
Mutual Exclusion: src-type-other-rate-action and src-type-other-rate-action-list-name are mutually exclusive
src-type-other-rate-action-list-name
Description Configure action-list to take for rate exceed
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: src-type-other-rate-action-list-name and src-type-other-rate-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
zone-template_icmp-v6-list_type-other_dst¶
Specification Value Type object dst-type-other-rate
Description Specify the whole dst rate for wildcard ICMP type
Type: number
Range: 1-16000000
dst-type-other-rate-action
Description ‘drop’: Drop packets for rate exceed (Default); ‘blacklist-src’: Blacklist-src for rate exceed; ‘ignore’: Do nothing for rate exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
Mutual Exclusion: dst-type-other-rate-action and dst-type-other-rate-action-list-name are mutually exclusive
dst-type-other-rate-action-list-name
Description Configure action-list to take for rate exceed
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: dst-type-other-rate-action-list-name and dst-type-other-rate-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
zone-template_icmp-v6-list_filter-list¶
Specification Value Type list Block object keys byte-offset-filter
Description filter using Berkeley packet filter syntax
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
icmp-filter-action
Description ‘drop’: Drop packets (Default); ‘ignore’: Take no action; ‘blacklist-src’: Blacklist-src;
Type: string
Supported Values: drop, ignore, blacklist-src
Default: drop
Mutual Exclusion: icmp-filter-action and icmp-filter-action-list-name are mutually exclusive
icmp-filter-action-list-name
Description list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: icmp-filter-action-list-name and icmp-filter-action are mutually exclusive
icmp-filter-inverse-match
Description Inverse the result of matching
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
icmp-filter-name
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
icmp-filter-regex
Description Regex Expression
Type: string
Format: string-rlx
Maximum Length: 1275 characters
Maximum Length: 1 characters
icmp-filter-seq
Description sequence number
Type: number
Range: 1-200
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
interface-http-health-check¶
Specification Value Type object challenge-method
Description ‘http-redirect’: http-redirect; ‘javascript’: javascript;
Type: string
Supported Values: http-redirect, javascript
challenge-redirect-code
Description ‘302’: 302 Found; ‘307’: 307 Temporary Redirect;
Type: string
Supported Values: 302, 307
Default: 302
challenge-uri-encode
Description Encode the challenge phrase in uri instead of in http cookie. Default encoded in http cookie
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
enable
Description ‘enable’: enable;
Type: string
Supported Values: enable
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-profile-list¶
Specification Value Type list Block object keys ip-proto
Description: ip-proto is a JSON Block. Please see below for zone-profile-list_ip-proto
Type: Object
Reference Object: /axapi/v3/ddos/zone-profile/{profile-name}/ip-proto
port-list
Type: List
Reference Object: /axapi/v3/ddos/zone-profile/{profile-name}/port/{port-num}+{port-protocol}
port-range-list
Type: List
Reference Object: /axapi/v3/ddos/zone-profile/{profile-name}/port-range/{port-range-start}+{port-range-end}+{protocol}
profile-name
Description Profile for DDoS zone thresholds
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-profile-list_port-list¶
Specification Value Type list Block object keys indicator-list
Type: List
Reference Object: /axapi/v3/ddos/zone-profile/{profile-name}/port/{port-num}+{port-protocol}/indicator/{indicator-name}
port-num
Description Port Number
Type: number
Range: 1-65535
port-protocol
Description ‘dns-tcp’: dns-tcp; ‘dns-udp’: dns-udp; ‘sip-tcp’: sip-tcp; ‘sip-udp’: sip-udp; ‘http’: http; ‘tcp’: tcp; ‘udp’: udp; ‘ssl-l4’: ssl-l4; ‘quic’: quic;
Type: string
Supported Values: dns-tcp, dns-udp, sip-tcp, sip-udp, http, tcp, udp, ssl-l4, quic
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-profile-list_port-list_indicator-list¶
Specification Value Type list Block object keys indicator-name
Description ‘pkt-rate’: pkt-rate; ‘pkt-drop-rate’: pkt-drop-rate; ‘bit-rate’: bit-rate; ‘pkt-drop-ratio’: pkt-drop-ratio; ‘bytes-to-bytes-from-ratio’: bytes-to-bytes-from-ratio; ‘concurrent-conns’: concurrent-conns; ‘conn-miss-rate’: conn-miss-rate; ‘syn-rate’: syn-rate; ‘fin-rate’: fin-rate; ‘rst-rate’: rst-rate; ‘small-window-ack-rate’: small-window-ack-rate; ‘empty-ack-rate’: empty-ack-rate; ‘small-payload-rate’: small-payload-rate; ‘syn-fin-ratio’: syn-fin-ratio; ‘cpu-utilization’: cpu-utilization; ‘interface-utilization’: interface-utilization;
Type: string
Supported Values: pkt-rate, pkt-drop-rate, bit-rate, pkt-drop-ratio, bytes-to-bytes-from-ratio, concurrent-conns, conn-miss-rate, syn-rate, fin-rate, rst-rate, small-window-ack-rate, empty-ack-rate, small-payload-rate, syn-fin-ratio, cpu-utilization, interface-utilization
src-threshold-cfg
Description: src-threshold-cfg is a JSON Block. Please see below for zone-profile-list_port-list_indicator-list_src-threshold-cfg
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-threshold-cfg
Description: zone-threshold-cfg is a JSON Block. Please see below for zone-profile-list_port-list_indicator-list_zone-threshold-cfg
Type: Object
zone-profile-list_port-list_indicator-list_src-threshold-cfg¶
Specification Value Type object src-threshold-num
Description Indicator per-src threshold
Type: number
Range: 1-2147483647
src-threshold-str
Description Indicator per-src threshold (Non-zero floating point)
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
zone-profile-list_port-list_indicator-list_zone-threshold-cfg¶
Specification Value Type object zone-threshold-num
Description Threshold for the entire zone
Type: number
Range: 1-2147483647
zone-threshold-str
Description Threshold for the entire zone (Non-zero floating point)
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
zone-profile-list_ip-proto¶
Specification Value Type object proto-name-list
Type: List
Reference Object: /axapi/v3/ddos/zone-profile/{profile-name}/ip-proto/proto-name/{protocol}
proto-number-list
Type: List
Reference Object: /axapi/v3/ddos/zone-profile/{profile-name}/ip-proto/proto-number/{protocol-num}
zone-profile-list_ip-proto_proto-number-list¶
Specification Value Type list Block object keys indicator-list
Type: List
Reference Object: /axapi/v3/ddos/zone-profile/{profile-name}/ip-proto/proto-number/{protocol-num}/indicator/{indicator-name}
protocol-num
Description Protocol Number
Type: number
Range: 0-255
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-profile-list_ip-proto_proto-number-list_indicator-list¶
Specification Value Type list Block object keys indicator-name
Description ‘pkt-rate’: pkt-rate; ‘pkt-drop-rate’: pkt-drop-rate; ‘bit-rate’: bit-rate; ‘pkt-drop-ratio’: pkt-drop-ratio; ‘bytes-to-bytes-from-ratio’: bytes-to-bytes-from-ratio; ‘frag-rate’: frag-rate; ‘cpu-utilization’: cpu-utilization; ‘interface-utilization’: interface-utilization;
Type: string
Supported Values: pkt-rate, pkt-drop-rate, bit-rate, pkt-drop-ratio, bytes-to-bytes-from-ratio, frag-rate, cpu-utilization, interface-utilization
src-threshold-cfg
Description: src-threshold-cfg is a JSON Block. Please see below for zone-profile-list_ip-proto_proto-number-list_indicator-list_src-threshold-cfg
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-threshold-cfg
Description: zone-threshold-cfg is a JSON Block. Please see below for zone-profile-list_ip-proto_proto-number-list_indicator-list_zone-threshold-cfg
Type: Object
zone-profile-list_ip-proto_proto-number-list_indicator-list_src-threshold-cfg¶
Specification Value Type object src-threshold-num
Description Indicator per-src threshold
Type: number
Range: 1-2147483647
src-threshold-str
Description Indicator per-src threshold (Non-zero floating point)
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
zone-profile-list_ip-proto_proto-number-list_indicator-list_zone-threshold-cfg¶
Specification Value Type object zone-threshold-num
Description Threshold for the entire zone
Type: number
Range: 1-2147483647
zone-threshold-str
Description Threshold for the entire zone (Non-zero floating point)
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
zone-profile-list_ip-proto_proto-name-list¶
Specification Value Type list Block object keys indicator-list
Type: List
Reference Object: /axapi/v3/ddos/zone-profile/{profile-name}/ip-proto/proto-name/{protocol}/indicator/{indicator-name}
protocol
Description ‘icmp-v4’: ip-proto icmp-v4; ‘icmp-v6’: ip-proto icmp-v6; ‘gre’: ip-proto gre; ‘ipv4-encap’: ip-proto IPv4 Encapsulation; ‘ipv6-encap’: ip-proto IPv6 Encapsulation;
Type: string
Supported Values: icmp-v4, icmp-v6, gre, ipv4-encap, ipv6-encap
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-profile-list_ip-proto_proto-name-list_indicator-list¶
Specification Value Type list Block object keys indicator-name
Description ‘pkt-rate’: pkt-rate; ‘pkt-drop-rate’: pkt-drop-rate; ‘bit-rate’: bit-rate; ‘pkt-drop-ratio’: pkt-drop-ratio; ‘bytes-to-bytes-from-ratio’: bytes-to-bytes-from-ratio; ‘frag-rate’: frag-rate; ‘cpu-utilization’: cpu-utilization; ‘interface-utilization’: interface-utilization;
Type: string
Supported Values: pkt-rate, pkt-drop-rate, bit-rate, pkt-drop-ratio, bytes-to-bytes-from-ratio, frag-rate, cpu-utilization, interface-utilization
src-threshold-cfg
Description: src-threshold-cfg is a JSON Block. Please see below for zone-profile-list_ip-proto_proto-name-list_indicator-list_src-threshold-cfg
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-threshold-cfg
Description: zone-threshold-cfg is a JSON Block. Please see below for zone-profile-list_ip-proto_proto-name-list_indicator-list_zone-threshold-cfg
Type: Object
zone-profile-list_ip-proto_proto-name-list_indicator-list_src-threshold-cfg¶
Specification Value Type object src-threshold-num
Description Indicator per-src threshold
Type: number
Range: 1-2147483647
src-threshold-str
Description Indicator per-src threshold (Non-zero floating point)
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
zone-profile-list_ip-proto_proto-name-list_indicator-list_zone-threshold-cfg¶
Specification Value Type object zone-threshold-num
Description Threshold for the entire zone
Type: number
Range: 1-2147483647
zone-threshold-str
Description Threshold for the entire zone (Non-zero floating point)
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
zone-profile-list_port-range-list¶
Specification Value Type list Block object keys indicator-list
port-range-end
Description Port-Range End Port Number
Type: number
Range: 2-65535
port-range-start
Description Port-Range Start Port Number
Type: number
Range: 1-65535
protocol
Description ‘dns-tcp’: DNS-TCP Port; ‘dns-udp’: DNS-UDP Port; ‘http’: HTTP Port; ‘tcp’: TCP Port; ‘udp’: UDP Port; ‘ssl-l4’: SSL-L4 Port; ‘sip-tcp’: SIP-TCP Port; ‘sip-udp’: SIP-UDP Port; ‘quic’: QUIC Port;
Type: string
Supported Values: dns-tcp, dns-udp, http, tcp, udp, ssl-l4, sip-tcp, sip-udp, quic
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-profile-list_port-range-list_indicator-list¶
Specification Value Type list Block object keys indicator-name
Description ‘pkt-rate’: pkt-rate; ‘pkt-drop-rate’: pkt-drop-rate; ‘bit-rate’: bit-rate; ‘pkt-drop-ratio’: pkt-drop-ratio; ‘bytes-to-bytes-from-ratio’: bytes-to-bytes-from-ratio; ‘concurrent-conns’: concurrent-conns; ‘conn-miss-rate’: conn-miss-rate; ‘syn-rate’: syn-rate; ‘fin-rate’: fin-rate; ‘rst-rate’: rst-rate; ‘small-window-ack-rate’: small-window-ack-rate; ‘empty-ack-rate’: empty-ack-rate; ‘small-payload-rate’: small-payload-rate; ‘syn-fin-ratio’: syn-fin-ratio; ‘cpu-utilization’: cpu-utilization; ‘interface-utilization’: interface-utilization;
Type: string
Supported Values: pkt-rate, pkt-drop-rate, bit-rate, pkt-drop-ratio, bytes-to-bytes-from-ratio, concurrent-conns, conn-miss-rate, syn-rate, fin-rate, rst-rate, small-window-ack-rate, empty-ack-rate, small-payload-rate, syn-fin-ratio, cpu-utilization, interface-utilization
src-threshold-cfg
Description: src-threshold-cfg is a JSON Block. Please see below for zone-profile-list_port-range-list_indicator-list_src-threshold-cfg
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-threshold-cfg
Description: zone-threshold-cfg is a JSON Block. Please see below for zone-profile-list_port-range-list_indicator-list_zone-threshold-cfg
Type: Object
zone-profile-list_port-range-list_indicator-list_src-threshold-cfg¶
Specification Value Type object src-threshold-num
Description Indicator per-src threshold
Type: number
Range: 1-2147483647
src-threshold-str
Description Indicator per-src threshold (Non-zero floating point)
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
zone-profile-list_port-range-list_indicator-list_zone-threshold-cfg¶
Specification Value Type object zone-threshold-num
Description Threshold for the entire zone
Type: number
Range: 1-2147483647
zone-threshold-str
Description Threshold for the entire zone (Non-zero floating point)
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
dns-cache-config¶
Specification Value Type object disable-zone-transfer-in-oper-mode
Description Disable operational refreshing zone transfer
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
disable-zone-transfer-in-warm-up-mode
Description Disable warm up zone transfer
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
enable-cache-warm-up-bgp-advertise
Description Enable route injection during cold boot
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
max-concurrent-zone-transfers
Description: max-concurrent-zone-transfers is a JSON Block. Please see below for dns-cache-config_max-concurrent-zone-transfers
Type: Object
Reference Object: /axapi/v3/ddos/dns-cache-config/max-concurrent-zone-transfers
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dns-cache-config_max-concurrent-zone-transfers¶
Specification Value Type object operational-mode
Description Number of concurrent zone transfers after boot
Type: number
Range: 1-3120
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
warm-up-mode
Description Number of concurrent zone transfers during cold boot (default 65472)
Type: number
Range: 100-65535
Default: 65472
signature-extraction¶
Specification Value Type object enable
Description Enable Automatic Signature Extraction
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
template¶
Specification Value Type object dns-list
Type: List
Reference Object: /axapi/v3/ddos/template/dns/{name}
encap-list
Type: List
Reference Object: /axapi/v3/ddos/template/encap/{encap-tmpl-name}
http-list
Type: List
Reference Object: /axapi/v3/ddos/template/http/{http-tmpl-name}
icmp-v4-list
Type: List
Reference Object: /axapi/v3/ddos/template/icmp-v4/{icmp-tmpl-name}
icmp-v6-list
Type: List
Reference Object: /axapi/v3/ddos/template/icmp-v6/{icmp-tmpl-name}
logging-list
Type: List
Reference Object: /axapi/v3/ddos/template/logging/{logging-tmpl-name}
other-list
Type: List
Reference Object: /axapi/v3/ddos/template/other/{name}
sip-list
Type: List
Reference Object: /axapi/v3/ddos/template/sip/{sip-tmpl-name}
ssl-l4-list
Type: List
Reference Object: /axapi/v3/ddos/template/ssl-l4/{ssl-l4-tmpl-name}
tcp-list
Type: List
Reference Object: /axapi/v3/ddos/template/tcp/{name}
udp-list
Type: List
Reference Object: /axapi/v3/ddos/template/udp/{name}
template_logging-list¶
Specification Value Type list Block object keys enable-action-logging
Description Log action taken
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
log-format-cef
Description Log in CEF format
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
log-format-custom
Description Customize log format
Type: string
Format: string-rlx
Maximum Length: 512 characters
Maximum Length: 1 characters
logging-tmpl-name
Description DDOS Logging Template Name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Default: default
use-obj-name
Description Show obj name instead of ip in the log
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
template_encap-list¶
Specification Value Type list Block object keys encap-tmpl-name
Description DDOS Tunnel Template Name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
preserve-source-ip
Description Use original source ip for encapsulation
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
tunnel-encap
Description: tunnel-encap is a JSON Block. Please see below for template_encap-list_tunnel-encap
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
template_encap-list_tunnel-encap¶
Specification Value Type object gre-cfg
Description: gre-cfg is a JSON Block. Please see below for template_encap-list_tunnel-encap_gre-cfg
Type: Object
ip-cfg
Description: ip-cfg is a JSON Block. Please see below for template_encap-list_tunnel-encap_ip-cfg
Type: Object
template_encap-list_tunnel-encap_ip-cfg¶
Specification Value Type object always
Description: always is a JSON Block. Please see below for template_encap-list_tunnel-encap_ip-cfg_always
Type: Object
ip-encap
Description Enable Tunnel encap for IP packets
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
template_encap-list_tunnel-encap_ip-cfg_always¶
Specification Value Type object ipv4-addr
Description IPv4 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: ipv4-address
ipv6-addr
Description IPv6 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: ipv6-address
template_encap-list_tunnel-encap_gre-cfg¶
Specification Value Type object gre-always
Description: gre-always is a JSON Block. Please see below for template_encap-list_tunnel-encap_gre-cfg_gre-always
Type: Object
gre-encap
Description Enable Tunnel encap for GRE packets
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
template_encap-list_tunnel-encap_gre-cfg_gre-always¶
Specification Value Type object gre-ipv4
Description IPv4 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: ipv4-address
gre-ipv6
Description IPv6 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: ipv6-address
key-ipv4
Description Encapsulate with key (Hexadecimal 0x0-0xFFFFFFFF,decimal 0-4294967295)
Type: string
Maximum Length: 10 characters
Maximum Length: 1 characters
key-ipv6
Description Encapsulate with key (Hexadecimal 0x0-0xFFFFFFFF,decimal 0-4294967295)
Type: string
Maximum Length: 10 characters
Maximum Length: 1 characters
template_ssl-l4-list¶
Specification Value Type list Block object keys action
Description ‘drop’: drop; ‘reset’: reset;
Type: string
Supported Values: drop, reset
Default: drop
allow-non-tls
Description Allow Non-TLS (SSLv3 and lower) traffic (Warning: security may be compromised)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
auth-config-cfg
Description: auth-config-cfg is a JSON Block. Please see below for template_ssl-l4-list_auth-config-cfg
Type: Object
cert-cfg
Description: cert-cfg is a JSON Block. Please see below for template_ssl-l4-list_cert-cfg
Type: Object
disable
Description Disable this template
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
multi-pu-threshold-distribution
Description: multi-pu-threshold-distribution is a JSON Block. Please see below for template_ssl-l4-list_multi-pu-threshold-distribution
Type: Object
renegotiation
Description Configure renegotiation limiting for SSL (Number of renegotiation allowed)
Type: number
Range: 0-7
request-rate-limit
Description Configure rate limiting for SSL
Type: number
Range: 1-16000000
server-name-list
Type: Listssl-l4-tmpl-name
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
ssl-traffic-check
Description: ssl-traffic-check is a JSON Block. Please see below for template_ssl-l4-list_ssl-traffic-check
Type: Object
Reference Object: /axapi/v3/ddos/template/ssl-l4/{ssl-l4-tmpl-name}/ssl-traffic-check
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
template_ssl-l4-list_cert-cfg¶
Specification Value Type object cert
Description SSL certificate
Type: string
Maximum Length: 255 characters
Maximum Length: 1 characters
key
Description SSL key
Type: string
Maximum Length: 255 characters
Maximum Length: 1 characters
key-encrypted
Description Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string)key-passphrase
Description Password Phrase
Type: string
Format: password
Maximum Length: 63 characters
Maximum Length: 1 characters
template_ssl-l4-list_auth-config-cfg¶
Specification Value Type object auth-handshake-fail-action
Description ‘blacklist-src’: Blacklist-src when auth handshake fails;
Type: string
Supported Values: blacklist-src
timeout
Description Connection timeout
Type: number
Range: 1-31
Default: 5
trials
Description Number of failed handshakes
Type: number
Range: 0-15
Default: 5
template_ssl-l4-list_ssl-traffic-check¶
Specification Value Type object check-resumed-connection
Description Apply checks to SSL connections initialized by ACK packets
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
header-action
Description ‘drop’: Drop packets with bad ssl header; ‘ignore’: Forward packets with bad ssl header;
Type: string
Supported Values: drop, ignore
header-inspection
Description Inspect ssl header
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
template_ssl-l4-list_multi-pu-threshold-distribution¶
Specification Value Type object multi-pu-threshold-distribution-disable
Description ‘disable’: Destination side rate limit only. Default: Enable;
Type: string
Supported Values: disable
Mutual Exclusion: multi-pu-threshold-distribution-disable and multi-pu-threshold-distribution-value are mutually exclusive
multi-pu-threshold-distribution-value
Description Destination side rate limit only. Default: 0
Type: number
Range: 1-16000000
Mutual Exclusion: multi-pu-threshold-distribution-value and multi-pu-threshold-distribution-disable are mutually exclusive
template_ssl-l4-list_server-name-list¶
Specification Value Type list Block object keys server-cert
Description Server Certificate associated to SNI (Server Certificate Name)
Type: string
Maximum Length: 255 characters
Maximum Length: 1 characters
server-encrypted
Description Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string)server-key
Description Server Private Key associated to SNI (Server Private Key Name)
Type: string
Maximum Length: 255 characters
Maximum Length: 1 characters
server-name
Description Server name indication in Client hello extension (Server name String)
Type: string
Maximum Length: 255 characters
Maximum Length: 1 characters
server-passphrase
Description Password Phrase
Type: string
Format: password
Maximum Length: 63 characters
Maximum Length: 1 characters
template_dns-list¶
Specification Value Type list Block object keys action
Description ‘drop’: Drop packets (Default action); ‘reset’: Send Client RST for TCP connections;
Type: string
Supported Values: drop, reset
Default: drop
allow-query-class
Description: allow-query-class is a JSON Block. Please see below for template_dns-list_allow-query-class
Type: Object
allow-record-type
Description: allow-record-type is a JSON Block. Please see below for template_dns-list_allow-record-type
Type: Object
dns-any-check
Description Drop DNS queries of Type ANY
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dns-auth-cfg
Description: dns-auth-cfg is a JSON Block. Please see below for template_dns-list_dns-auth-cfg
Type: Object
dns-request-rate-limit
Description: dns-request-rate-limit is a JSON Block. Please see below for template_dns-list_dns-request-rate-limit
Type: Object
domain-group-name
Description Apply a domain-group to the DNS template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
domain-group-rate-exceed-action
Description ‘drop’: Drop the query (default); ‘tunnel-encap-packet’: Encapsulate the query and send on a tunnel;
Type: string
Supported Values: drop, tunnel-encap-packet
Default: drop
domain-group-rate-per-service
Description Enable per service domain rate checking
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
encap-template
Description DDOS encap template to sepcify the tunnel endpoint
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
fqdn-cfg
Type: Listfqdn-label-count
Description Maximum number of length of FQDN labels
Type: number
Range: 1-10
fqdn-label-len-cfg
Type: Listmalformed-query-check
Description: malformed-query-check is a JSON Block. Please see below for template_dns-list_malformed-query-check
Type: Object
Reference Object: /axapi/v3/ddos/template/dns/{name}/malformed-query-check
multi-pu-threshold-distribution
Description: multi-pu-threshold-distribution is a JSON Block. Please see below for template_dns-list_multi-pu-threshold-distribution
Type: Object
name
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
nxdomain-cfg
Description: nxdomain-cfg is a JSON Block. Please see below for template_dns-list_nxdomain-cfg
Type: Object
on-no-match
Description ‘permit’: permit; ‘deny’: deny (default);
Type: string
Supported Values: permit, deny
Default: deny
query-rate-threshold-for-cache-serving
Description This is for DNS cache mode only, it sets a DNS query rate threshold such that queries under the rate threshold would be forward
Type: number
Range: 1-16000000
symtimeout-cfg
Description: symtimeout-cfg is a JSON Block. Please see below for template_dns-list_symtimeout-cfg
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
template_dns-list_dns-request-rate-limit¶
Specification Value Type object type
Description: type is a JSON Block. Please see below for template_dns-list_dns-request-rate-limit_type
Type: Object
template_dns-list_dns-request-rate-limit_type¶
Specification Value Type object A-cfg
Description: A-cfg is a JSON Block. Please see below for template_dns-list_dns-request-rate-limit_type_A-cfg
Type: Object
AAAA-cfg
Description: AAAA-cfg is a JSON Block. Please see below for template_dns-list_dns-request-rate-limit_type_AAAA-cfg
Type: Object
CNAME-cfg
Description: CNAME-cfg is a JSON Block. Please see below for template_dns-list_dns-request-rate-limit_type_CNAME-cfg
Type: Object
MX-cfg
Description: MX-cfg is a JSON Block. Please see below for template_dns-list_dns-request-rate-limit_type_MX-cfg
Type: Object
NS-cfg
Description: NS-cfg is a JSON Block. Please see below for template_dns-list_dns-request-rate-limit_type_NS-cfg
Type: Object
SRV-cfg
Description: SRV-cfg is a JSON Block. Please see below for template_dns-list_dns-request-rate-limit_type_SRV-cfg
Type: Object
dns-type-cfg
Type: List
template_dns-list_dns-request-rate-limit_type_SRV-cfg¶
Specification Value Type object SRV
Description Service locator
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dns-srv-rate
Description DNS request rate
Type: number
Range: 1-16000000
template_dns-list_dns-request-rate-limit_type_CNAME-cfg¶
Specification Value Type object CNAME
Description Canonical name record
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dns-cname-rate
Description
Type: number
Range: 1-16000000
template_dns-list_dns-request-rate-limit_type_dns-type-cfg¶
Specification Value Type list Block object keys dns-request-type
Description Other type value
Type: number
Range: 1-65535
dns-request-type-rate
Description request rate limit
Type: number
Range: 1-16000000
template_dns-list_dns-request-rate-limit_type_AAAA-cfg¶
Specification Value Type object AAAA
Description IPv6 address record
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dns-aaaa-rate
Description
Type: number
Range: 1-16000000
template_dns-list_dns-request-rate-limit_type_A-cfg¶
Specification Value Type object A
Description Address record
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dns-a-rate
Description
Type: number
Range: 1-16000000
template_dns-list_dns-request-rate-limit_type_MX-cfg¶
Specification Value Type object MX
Description Mail exchange record
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dns-mx-rate
Description
Type: number
Range: 1-16000000
template_dns-list_dns-request-rate-limit_type_NS-cfg¶
Specification Value Type object NS
Description Name server record
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dns-ns-rate
Description
Type: number
Range: 1-16000000
template_dns-list_multi-pu-threshold-distribution¶
Specification Value Type object multi-pu-threshold-distribution-disable
Description ‘disable’: Destination side rate limit only. Default: Enable;
Type: string
Supported Values: disable
Mutual Exclusion: multi-pu-threshold-distribution-disable and multi-pu-threshold-distribution-value are mutually exclusive
multi-pu-threshold-distribution-value
Description Destination side rate limit only. Default: 0
Type: number
Range: 1-16000000
Mutual Exclusion: multi-pu-threshold-distribution-value and multi-pu-threshold-distribution-disable are mutually exclusive
template_dns-list_nxdomain-cfg¶
Specification Value Type object dns-nxdomain-rate
Description Limiting rate
Type: number
Range: 1-16000000
dns-nxdomain-rate-limit
Description DNS NXDOMAIN Rate Limiting (SRC support only)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dns-nxdomain-rate-limit-action
Description ‘drop’: Drop queries if rate is exceeded; ‘black-list’: Black-List source if rate is exceeded;
Type: string
Supported Values: drop, black-list
template_dns-list_fqdn-cfg¶
Specification Value Type list Block object keys by
Description ‘domain-name’: Domain Name; ‘src-ip’: Source IP address; ‘both’: Use both Domain Name and Source IP address for rate-limiting;
Type: string
Supported Values: domain-name, src-ip, both
Mutual Exclusion: by and per are mutually exclusive
dns-fqdn-rate
Description Limiting rate (Range: 5-8000 for FQDN domain based rate limiting, 5-16000000 for FQDN label count based rate limiting)
Type: number
Range: 5-16000000
dns-fqdn-rate-limit
Description DNS Rate limiting on the basis of FQDN
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
fqdn-rate-label-count
Description FQDN label count (Range: 1-8)
Type: number
Range: 1-8
fqdn-rate-suffix
Description Suffix count
Type: number
Range: 1-5
fqdn-rate-suffix-by
Description Number of suffixes
Type: number
Range: 1-5
per
Description ‘domain-name’: Domain Name; ‘src-ip’: Source IP address; ‘label-count’: FQDN label count;
Type: string
Supported Values: domain-name, src-ip, label-count
Mutual Exclusion: per and by are mutually exclusive
per-domain-per-src-ip
Description Use both Domain Name and Source IP address for rate-limiting
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
template_dns-list_dns-auth-cfg¶
Specification Value Type object dns-auth
Description DNS authentication
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dns-auth-type
Description ‘udp’: Drop DNS request and monitor client retry; ‘force-tcp’: Force DNS request over TCP;
Type: string
Supported Values: udp, force-tcp
force-tcp-ignore-client-source-port
Description Allow client to retransmit DNS request using different source port during udp-auth (supported in asymmetric mode only)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
force-tcp-min-retry-gap
Description Minimum sec gap in between 2 dns-udp packets for auth to pass
Type: number
Range: 1-15
force-tcp-timeout
Description TCP authentication timeout in seconds
Type: number
Range: 1-16
min-retry-gap
Description Optional minimum sec gap in between 2 dns-udp packets for auth to pass, unit is specified by min-retry-gap-interval
Type: number
Range: 1-80
min-retry-gap-interval
Description ‘100ms’: 100ms; ‘1sec’: 1sec;
Type: string
Supported Values: 100ms, 1sec
Default: 1sec
udp-timeout
Description UDP authentication timeout in seconds
Type: number
Range: 1-16
udp-timeout-val-only
Description UDP authentication timeout in seconds
Type: number
Range: 1-16
with-udp-auth
Description Monitor client retry
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
template_dns-list_symtimeout-cfg¶
Specification Value Type object sym-timeout
Description Timeout for DNS Symmetric session
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sym-timeout-value
Description Session timeout value in seconds
Type: number
Range: 1-31
template_dns-list_allow-query-class¶
Specification Value Type object allow-any-query-class
Description ANY query class
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
allow-chaos-query-class
Description CHAOS query class
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
allow-csnet-query-class
Description CSNET query class
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
allow-hesiod-query-class
Description HESIOD query class
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
allow-internet-query-class
Description INTERNET query class
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
allow-none-query-class
Description NONE query class
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
template_dns-list_fqdn-label-len-cfg¶
Specification Value Type list Block object keys fqdn-label-length
Description Maximum FQDN label length
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
fqdn-label-suffix
Description Number of suffixes
Type: number
Range: 1-5
label-length
Description Maximum length of FQDN label
Type: number
Range: 1-63
template_dns-list_allow-record-type¶
Specification Value Type object allow-a-type
Description Address record
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
allow-aaaa-type
Description IPv6 address record
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
allow-cname-type
Description Canonical name record
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
allow-mx-type
Description Mail exchange record
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
allow-ns-type
Description Name server record
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
allow-srv-type
Description Service locator
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
record-num-cfg
Type: List
template_dns-list_allow-record-type_record-num-cfg¶
Specification Value Type list Block object keys allow-num-type
Description Other record type value
Type: number
Range: 1-65535
template_dns-list_malformed-query-check¶
Specification Value Type object non-query-opcode-check
Description ‘disable’: When malform check is enabled, TPS always drops DNS query with non query opcode, this option disables this opcode check;
Type: string
Supported Values: disable
skip-multi-packet-check
Description Bypass DNS fragmented and TCP segmented Queries(Default: dropped)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
validation-type
Description ‘basic-header-check’: Basic header validation for DNS TCP/UDP queries; ‘extended-header-check’: Extended header/query validation for DNS TCP/UDP queries; ‘disable’: Disable Malform query validation for DNS TCP/UDP;
Type: string
Supported Values: basic-header-check, extended-header-check, disable
template_icmp-v4-list¶
Specification Value Type list Block object keys icmp-tmpl-name
Description DDOS ICMPv4 Template Name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
type-list
Type: List
Reference Object: /axapi/v3/ddos/template/icmp-v4/{icmp-tmpl-name}/type/{type-number}
type-other
Description: type-other is a JSON Block. Please see below for template_icmp-v4-list_type-other
Type: Object
Reference Object: /axapi/v3/ddos/template/icmp-v4/{icmp-tmpl-name}/type-other
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
template_icmp-v4-list_type-other¶
Specification Value Type object type-other-deny
Description Deny all other type
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: type-other-deny and type-other-rate are mutually exclusive
type-other-rate
Description Specify rate with other type
Type: number
Range: 1-16000000
Mutual Exclusion: type-other-rate and type-other-deny are mutually exclusive
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
template_icmp-v4-list_type-list¶
Specification Value Type list Block object keys code
Type: Listcode-other
Description: code-other is a JSON Block. Please see below for template_icmp-v4-list_type-list_code-other
Type: Object
type-deny
Description Reject this ICMP type
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: type-deny, type-rate, and code-other-rate are mutually exclusive
type-number
Description Specify ICMP type number
Type: number
Range: 0-255
type-rate
Description Specify the whole rate with this type
Type: number
Range: 1-16000000
Mutual Exclusion: type-rate and type-deny are mutually exclusive
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
template_icmp-v4-list_type-list_code¶
Specification Value Type list Block object keys code-number
Description Specify the ICMP code
Type: number
Range: 0-255
code-rate
Description Specify the rate with the code
Type: number
Range: 1-16000000
template_icmp-v4-list_type-list_code-other¶
Specification Value Type object code-other-rate
Description Specify rate with other code
Type: number
Range: 1-16000000
Mutual Exclusion: code-other-rate and type-deny are mutually exclusive
template_tcp-list¶
Specification Value Type list Block object keys ack-authentication-synack-reset
Description Enable Reset client TCP SYN+ACK for authentication (DST support only)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
action-cfg
Description: action-cfg is a JSON Block. Please see below for template_tcp-list_action-cfg
Type: Object
action-on-ack-rto-retry-count
Description Take action if action-on-ack RTO-authentication fail over retry time(default:5)
Type: number
Range: 2-10
action-on-syn-rto-retry-count
Description Take action if action-on-syn RTO-authentication fail over retry time(default:5)
Type: number
Range: 2-10
action-syn-cfg
Description: action-syn-cfg is a JSON Block. Please see below for template_tcp-list_action-syn-cfg
Type: Object
age
Description Session age in minutes
Type: number
Range: 1-63
allow-syn-otherflags
Description Treat TCP SYN+PSH as a TCP SYN (DST tcp ports support only)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
allow-synack-skip-authentications
Description Allow create sessions on SYNACK without syn-auth and ack-auth (ASYM Mode only)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
allow-tcp-tfo
Description Allow TCP Fast Open
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
black-list-out-of-seq
Description Black list Src IP if out of seq pkts exceed configured threshold
Type: number
Range: 1-64000
Mutual Exclusion: black-list-out-of-seq and per-conn-out-of-seq-rate-limit are mutually exclusive
black-list-retransmit
Description Black list Src IP if retransmit pkts exceed configured threshold
Type: number
Range: 1-64000
Mutual Exclusion: black-list-retransmit and per-conn-retransmit-rate-limit are mutually exclusive
black-list-zero-win
Description Black list Src IP if zero window pkts exceed configured threshold
Type: number
Range: 1-250
Mutual Exclusion: black-list-zero-win and per-conn-zero-win-rate-limit are mutually exclusive
conn-rate-limit-on-syn-only
Description Only count SYN-initiated connections towards connection-rate tracking
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
create-conn-on-syn-only
Description Enable connection establishment on SYN only
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
drop-known-resp-src-port-cfg
Description: drop-known-resp-src-port-cfg is a JSON Block. Please see below for template_tcp-list_drop-known-resp-src-port-cfg
Type: Object
dst
Description: dst is a JSON Block. Please see below for template_tcp-list_dst
Type: Object
filter-list
Type: List
Reference Object: /axapi/v3/ddos/template/tcp/{name}/filter/{tcp-filter-seq}
name
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
per-conn-out-of-seq-rate-action
Description ‘drop’: Drop packets for out-of-seq rate exceed (Default); ‘blacklist-src’: help Blacklist-src for out-of-seq rate exceed; ‘ignore’: help Ignore out-of-seq rate exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
Default: drop
per-conn-out-of-seq-rate-limit
Description Take action if out-of-seq pkt rate exceed configured threshold
Type: number
Range: 1-16000000
Mutual Exclusion: per-conn-out-of-seq-rate-limit and black-list-out-of-seq are mutually exclusive
per-conn-pkt-rate-action
Description ‘drop’: Drop packets for per-conn-pkt-rate exceed (Default); ‘blacklist-src’: help Blacklist-src for per-conn-pkt-rate exceed; ‘ignore’: Ignore per-conn-pkt-rate-exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
Default: drop
per-conn-pkt-rate-limit
Description Packet rate limit per connection per rate-interval
Type: number
Range: 1-16000000
per-conn-rate-interval
Description ‘100ms’: 100ms; ‘1sec’: 1sec; ’10sec’: 10sec;
Type: string
Supported Values: 100ms, 1sec, 10sec
Default: 1sec
per-conn-retransmit-rate-action
Description ‘drop’: Drop packets for retransmit rate exceed (Default); ‘blacklist-src’: help Blacklist-src for retransmit rate exceed; ‘ignore’: help Ignore retransmit rate exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
Default: drop
per-conn-retransmit-rate-limit
Description Take action if retransmit pkt rate exceed configured threshold
Type: number
Range: 1-16000000
Mutual Exclusion: per-conn-retransmit-rate-limit and black-list-retransmit are mutually exclusive
per-conn-zero-win-rate-action
Description ‘drop’: Drop packets for zero-win rate exceed (Default); ‘blacklist-src’: help Blacklist-src for zero-win rate exceed; ‘ignore’: help Ignore zero-win rate exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
Default: drop
per-conn-zero-win-rate-limit
Description Take action if zero window pkt rate exceed configured threshold
Type: number
Range: 1-16000000
Mutual Exclusion: per-conn-zero-win-rate-limit and black-list-zero-win are mutually exclusive
progression-tracking
Description: progression-tracking is a JSON Block. Please see below for template_tcp-list_progression-tracking
Type: Object
Reference Object: /axapi/v3/ddos/template/tcp/{name}/progression-tracking
src
Description: src is a JSON Block. Please see below for template_tcp-list_src
Type: Object
syn-auth
Description ‘send-rst’: Send RST to client upon client ACK; ‘force-rst-by-ack’: Force client RST via the use of ACK; ‘force-rst-by-synack’: Force client RST via the use of bad SYN|ACK; ‘disable’: Disable TCP SYN Authentication;
Type: string
Supported Values: send-rst, force-rst-by-ack, force-rst-by-synack, disable
Default: send-rst
syn-cookie
Description Enable SYN Cookie
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
synack-rate-limit
Description Config SYNACK rate limit
Type: number
Range: 1-16000000
Mutual Exclusion: synack-rate-limit and track-together-with-syn are mutually exclusive
track-together-with-syn
Description SYNACK will be counted in Dst Syn-rate limit
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: track-together-with-syn and synack-rate-limit are mutually exclusive
tunnel-encap
Description: tunnel-encap is a JSON Block. Please see below for template_tcp-list_tunnel-encap
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
template_tcp-list_tunnel-encap¶
Specification Value Type object gre-cfg
Description: gre-cfg is a JSON Block. Please see below for template_tcp-list_tunnel-encap_gre-cfg
Type: Object
ip-cfg
Description: ip-cfg is a JSON Block. Please see below for template_tcp-list_tunnel-encap_ip-cfg
Type: Object
template_tcp-list_tunnel-encap_ip-cfg¶
Specification Value Type object always
Description: always is a JSON Block. Please see below for template_tcp-list_tunnel-encap_ip-cfg_always
Type: Object
ip-encap
Description Enable Tunnel encapsulation using IP in IP
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
template_tcp-list_tunnel-encap_ip-cfg_always¶
Specification Value Type object ipv4-addr
Description IPv4 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: ipv4-address
ipv6-addr
Description IPv6 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: ipv6-address
preserve-src-ipv4
Description Use original source ip for encapsulation
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
preserve-src-ipv6
Description Use original source ip for encapsulation
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
template_tcp-list_tunnel-encap_gre-cfg¶
Specification Value Type object gre-always
Description: gre-always is a JSON Block. Please see below for template_tcp-list_tunnel-encap_gre-cfg_gre-always
Type: Object
gre-encap
Description Enable Tunnel encapsulation using GRE
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
template_tcp-list_tunnel-encap_gre-cfg_gre-always¶
Specification Value Type object gre-ipv4
Description IPv4 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: ipv4-address
gre-ipv6
Description IPv6 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: ipv6-address
key-ipv4
Description Encapsulate with key (Hexadecimal 0x0-0xFFFFFFFF,decimal 0-4294967295)
Type: string
Maximum Length: 10 characters
Maximum Length: 1 characters
key-ipv6
Description Encapsulate with key (Hexadecimal 0x0-0xFFFFFFFF,decimal 0-4294967295)
Type: string
Maximum Length: 10 characters
Maximum Length: 1 characters
preserve-src-ipv4-gre
Description Use original source ip for encapsulation
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
preserve-src-ipv6-gre
Description Use original source ip for encapsulation
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
template_tcp-list_dst¶
Specification Value Type object rate-limit
Description: rate-limit is a JSON Block. Please see below for template_tcp-list_dst_rate-limit
Type: Object
template_tcp-list_dst_rate-limit¶
Specification Value Type object syn-rate-limit
Description: syn-rate-limit is a JSON Block. Please see below for template_tcp-list_dst_rate-limit_syn-rate-limit
Type: Object
template_tcp-list_dst_rate-limit_syn-rate-limit¶
Specification Value Type object dst-syn-rate-action
Description ‘drop’: Drop packets for syn-rate exceed (Default); ‘ignore’: Ignore syn-rate-exceed;
Type: string
Supported Values: drop, ignore
Default: drop
dst-syn-rate-limit
Description
Type: number
Range: 1-16000000
template_tcp-list_action-cfg¶
Specification Value Type object action-on-ack
Description Monitor tcp ack for age-out session
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
authenticate-only
Description Apply action-on-ack once per source address for authentication purpose
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
min-retry-gap
Description Min gap between 2 ACKs for action-on-ack pass in 100ms interval
Type: number
Range: 1-80
reset
Description Send RST to client
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
rto-authentication
Description Estimate the RTO and apply the exponential back-off for authentication
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
timeout
Description ACK retry timeout in sec
Type: number
Range: 1-31
template_tcp-list_progression-tracking¶
Specification Value Type object connection-tracking
Description: connection-tracking is a JSON Block. Please see below for template_tcp-list_progression-tracking_connection-tracking
Type: Object
Reference Object: /axapi/v3/ddos/template/tcp/{name}/progression-tracking/connection-tracking
first-request-max-time
Description Set the maximum wait time from connection creation until the first data is transmitted over the connection (100 ms)
Type: number
Range: 1-65535
profiling-connection-life-model
Description Enable auto-config progression tracking learning for connection model
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
profiling-request-response-model
Description Enable auto-config progression tracking learning for request response model
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
profiling-time-window-model
Description Enable auto-config progression tracking learning for time window model
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
progression-tracking-action
Description ‘drop’: Drop packets for progression tracking violation exceed (Default); ‘blacklist-src’: Blacklist-src for progression tracking violation exceed;
Type: string
Supported Values: drop, blacklist-src
Default: drop
Mutual Exclusion: progression-tracking-action and progression-tracking-action-list-name are mutually exclusive
progression-tracking-action-list-name
Description Configure action-list to take when progression tracking violation exceed
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: progression-tracking-action-list-name and progression-tracking-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
progression-tracking-enabled
Description ‘enable-check’: Enable Progression Tracking Check;
Type: string
Supported Values: enable-check
request-length-max
Description Set the maximum request length
Type: number
Range: 1-65535
request-length-min
Description Set the minimum request length
Type: number
Range: 1-65535
request-response-model
Description ‘enable’: Enable Request Response Model; ‘disable’: Disable Request Response Model;
Type: string
Supported Values: enable, disable
Default: enable
request-to-response-max-time
Description Set the maximum request to response time (100 ms)
Type: number
Range: 1-65535
response-length-max
Description Set the maximum response length
Type: number
Range: 1-4294967295
response-request-max-ratio
Description Set the maximum response to request ratio (in unit of 0.1% [1:1000])
Type: number
Range: 1-4294967295
response-request-min-ratio
Description Set the minimum response to request ratio (in unit of 0.1% [1:1000])
Type: number
Range: 1-65535
response-to-request-max-time
Description Set the maximum response to request time (100 ms)
Type: number
Range: 1-65535
time-window-tracking
Description: time-window-tracking is a JSON Block. Please see below for template_tcp-list_progression-tracking_time-window-tracking
Type: Object
Reference Object: /axapi/v3/ddos/template/tcp/{name}/progression-tracking/time-window-tracking
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
violation
Description Set the violation threshold
Type: number
Range: 1-255
template_tcp-list_progression-tracking_connection-tracking¶
Specification Value Type object conn-duration-max
Description Set the maximum duration time (in unit of 100ms, up to 24 hours)
Type: number
Range: 1-864000
conn-duration-min
Description Set the minimum duration time (in unit of 100ms, up to 24 hours)
Type: number
Range: 1-864000
conn-rcvd-max
Description Set the maximum total received byte
Type: number
Range: 1-65535
conn-rcvd-min
Description Set the minimum total received byte
Type: number
Range: 1-65535
conn-rcvd-sent-ratio-max
Description Set the maximum received to sent ratio (in unit of 0.1% [1:1000])
Type: number
Range: 1-65535
conn-rcvd-sent-ratio-min
Description Set the minimum received to sent ratio (in unit of 0.1% [1:1000])
Type: number
Range: 1-65535
conn-sent-max
Description Set the maximum total sent byte
Type: number
Range: 1-65535
conn-sent-min
Description Set the minimum total sent byte
Type: number
Range: 1-65535
conn-violation
Description Set the violation threshold
Type: number
Range: 1-255
progression-tracking-conn-action
Description ‘drop’: Drop packets for progression tracking violation exceed (Default); ‘blacklist-src’: Blacklist-src for progression tracking violation exceed;
Type: string
Supported Values: drop, blacklist-src
Default: drop
Mutual Exclusion: progression-tracking-conn-action and progression-tracking-conn-action-list-name are mutually exclusive
progression-tracking-conn-action-list-name
Description Configure action-list to take when progression tracking violation exceed
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: progression-tracking-conn-action-list-name and progression-tracking-conn-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
progression-tracking-conn-enabled
Description ‘enable-check’: Enable General Progression Tracking per Connection;
Type: string
Supported Values: enable-check
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
template_tcp-list_progression-tracking_time-window-tracking¶
Specification Value Type object progression-tracking-win-enabled
Description ‘enable-check’: Enable Progression Tracking per Time Window;
Type: string
Supported Values: enable-check
progression-tracking-windows-action
Description ‘drop’: Drop packets for progression tracking violation exceed (Default); ‘blacklist-src’: Blacklist-src for progression tracking violation exceed;
Type: string
Supported Values: drop, blacklist-src
Default: drop
Mutual Exclusion: progression-tracking-windows-action and progression-tracking-windows-action-list-name are mutually exclusive
progression-tracking-windows-action-list-name
Description Configure action-list to take when progression tracking violation exceed
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: progression-tracking-windows-action-list-name and progression-tracking-windows-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
window-rcvd-max
Description Set the maximum total received byte
Type: number
Range: 1-65535
window-rcvd-min
Description Set the minimum total received byte
Type: number
Range: 1-65535
window-rcvd-sent-ratio-max
Description Set the maximum received to sent ratio (in unit of 0.1% [1:1000])
Type: number
Range: 1-65535
window-rcvd-sent-ratio-min
Description Set the minimum received to sent ratio (in unit of 0.1% [1:1000])
Type: number
Range: 1-65535
window-sent-max
Description Set the maximum total sent byte
Type: number
Range: 1-65535
window-sent-min
Description Set the minimum total sent byte
Type: number
Range: 1-65535
window-violation
Description Set the violation threshold
Type: number
Range: 1-255
template_tcp-list_filter-list¶
Specification Value Type list Block object keys byte-offset-filter
Description Filter Expression using Berkeley Packet Filter syntax
Type: string
Format: string-rlx
Maximum Length: 1275 characters
Maximum Length: 1 characters
tcp-filter-action
Description ‘blacklist-src’: Also blacklist the source when action is taken; ‘whitelist-src’: Whitelist the source after filter passes, packets are dropped until then; ‘count-only’: Take no action and continue processing the next filter;
Type: string
Supported Values: blacklist-src, whitelist-src, count-only
tcp-filter-regex
Description Regex Expression
Type: string
Format: string-rlx
Maximum Length: 1275 characters
Maximum Length: 1 characters
tcp-filter-seq
Description Sequence number
Type: number
Range: 1-5
tcp-filter-unmatched
Description action taken when it does not match
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
template_tcp-list_src¶
Specification Value Type object rate-limit
Description: rate-limit is a JSON Block. Please see below for template_tcp-list_src_rate-limit
Type: Object
template_tcp-list_src_rate-limit¶
Specification Value Type object syn-rate-limit
Description: syn-rate-limit is a JSON Block. Please see below for template_tcp-list_src_rate-limit_syn-rate-limit
Type: Object
template_tcp-list_src_rate-limit_syn-rate-limit¶
Specification Value Type object src-syn-rate-action
Description ‘drop’: Drop packets for syn-rate exceed (Default); ‘blacklist-src’: Blacklist-src for syn-rate exceed; ‘ignore’: Ignore syn-rate-exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
Default: drop
src-syn-rate-limit
Description
Type: number
Range: 1-16000000
template_tcp-list_action-syn-cfg¶
Specification Value Type object action-on-syn
Description Monitor tcp syn for age-out session
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
action-on-syn-gap
Description Min gap between 2 SYNs for action-on-syn pass in 100ms interval
Type: number
Range: 1-80
action-on-syn-reset
Description Send RST to client
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
action-on-syn-rto
Description Estimate the RTO and apply the exponential back-off for authentication
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
action-on-syn-timeout
Description SYN retry timeout in sec
Type: number
Range: 1-31
template_tcp-list_drop-known-resp-src-port-cfg¶
Specification Value Type object drop-known-resp-src-port
Description Drop well-known if src-port is less than 1024
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exclude-src-resp-port
Description excluding src port equal destination port
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
template_other-list¶
Specification Value Type list Block object keys filter-list
Type: List
Reference Object: /axapi/v3/ddos/template/other/{name}/filter/{other-filter-seq}
name
Description DDOS OTHER Template Name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
template_other-list_filter-list¶
Specification Value Type list Block object keys byte-offset-filter
Description Filter Expression using Berkeley Packet Filter syntax
Type: string
Format: string-rlx
Maximum Length: 1275 characters
Maximum Length: 1 characters
other-filter-action
Description ‘blacklist-src’: Also blacklist the source when action is taken; ‘whitelist-src’: Whitelist the source after filter passes, packets are dropped until then; ‘count-only’: Take no action and continue processing the next filter;
Type: string
Supported Values: blacklist-src, whitelist-src, count-only
other-filter-regex
Description Regex Expression
Type: string
Format: string-rlx
Maximum Length: 1275 characters
Maximum Length: 1 characters
other-filter-seq
Description Sequence number
Type: number
Range: 1-5
other-filter-unmatched
Description action taken when it does not match
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
template_udp-list¶
Specification Value Type list Block object keys age
Description Configure session age(in minutes) for UDP sessions
Type: number
Range: 1-63
drop-known-resp-src-port-cfg
Description: drop-known-resp-src-port-cfg is a JSON Block. Please see below for template_udp-list_drop-known-resp-src-port-cfg
Type: Object
drop-ntp-monlist
Description Drop NTP monlist request/response
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
filter-list
Type: List
Reference Object: /axapi/v3/ddos/template/udp/{name}/filter/{udp-filter-seq}
max-payload-size
Description Maximum UDP payload size for each single packet
Type: number
Range: 1-1470
min-payload-size
Description Minimum UDP payload size for each single packet
Type: number
Range: 1-1470
name
Description DDOS UDP Template Name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
per-conn-pkt-rate-limit
Description Packet rate limit per connection per rate-interval
Type: number
Range: 1-16000000
per-conn-rate-interval
Description ‘100ms’: 100ms; ‘1sec’: 1sec;
Type: string
Supported Values: 100ms, 1sec
Default: 1sec
previous-salt-timeout
Description Token-Authentication previous salt-prefix timeout in minutes, default is 1 min
Type: number
Range: 1-10080
Default: 1
public-ipv4-addr
Description IP address
Type: string
Format: ipv4-address
public-ipv6-addr
Description IPV6 address
Type: string
Format: ipv6-address
spoof-detect-cfg
Description: spoof-detect-cfg is a JSON Block. Please see below for template_udp-list_spoof-detect-cfg
Type: Object
token-authentication
Description Enable Token Authentication
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
token-authentication-formula
Description ‘md5_Salt-SrcIp-SrcPort-DstIp-DstPort’: md5 of Salt-SrcIp-SrcPort-DstIp-DstPort; ‘md5_Salt-DstIp-DstPort’: md5 of Salt-DstIp-DstPort; ‘md5_Salt-SrcIp-DstIp’: md5 of Salt-SrcIp-DstIp; ‘md5_Salt-SrcPort-DstPort’: md5 of Salt-SrcPort-DstPort; ‘md5_Salt-UintDstIp-DstPort’: Using the uint value of IP for md5 of Salt-DstIp-DstPort; ‘sha1_Salt-SrcIp-SrcPort-DstIp-DstPort’: sha1 of Salt-SrcIp-SrcPort-DstIp-DstPort; ‘sha1_Salt-DstIp-DstPort’: sha1 of Salt-DstIp-DstPort; ‘sha1_Salt-SrcIp-DstIp’: sha1 of Salt-SrcIp-DstIp; ‘sha1_Salt-SrcPort-DstPort’: sha1 of Salt-SrcPort-DstPort; ‘sha1_Salt-UintDstIp-DstPort’: Using the uint value of IP for sha1 of Salt-DstIp-DstPort;
Type: string
Supported Values: md5_Salt-SrcIp-SrcPort-DstIp-DstPort, md5_Salt-DstIp-DstPort, md5_Salt-SrcIp-DstIp, md5_Salt-SrcPort-DstPort, md5_Salt-UintDstIp-DstPort, sha1_Salt-SrcIp-SrcPort-DstIp-DstPort, sha1_Salt-DstIp-DstPort, sha1_Salt-SrcIp-DstIp, sha1_Salt-SrcPort-DstPort, sha1_Salt-UintDstIp-DstPort
token-authentication-hw-assist-disable
Description token-authentication disable hardware assistance
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
token-authentication-public-address
Description The server public IP address
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
token-authentication-salt-prefix
Description token-authentication salt-prefix
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
token-authentication-salt-prefix-curr
Description
Type: number
Range: 1-4294967295
token-authentication-salt-prefix-prev
Description
Type: number
Range: 1-4294967295
tunnel-encap
Description: tunnel-encap is a JSON Block. Please see below for template_udp-list_tunnel-encap
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
template_udp-list_tunnel-encap¶
Specification Value Type object always
Description: always is a JSON Block. Please see below for template_udp-list_tunnel-encap_always
Type: Object
gre-always
Description: gre-always is a JSON Block. Please see below for template_udp-list_tunnel-encap_gre-always
Type: Object
gre-encap
Description Enable Tunnel encapsulation using GRE
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: gre-encap and ip-encap are mutually exclusive
ip-encap
Description Enable Tunnel encapsulation using IP in IP
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: ip-encap and gre-encap are mutually exclusive
template_udp-list_tunnel-encap_gre-always¶
Specification Value Type object gre-ipv4
Description IPv4 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: ipv4-address
gre-ipv6
Description IPv6 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: ipv6-address
key-ipv4
Description Encapsulate with key (Hexadecimal 0x0-0xFFFFFFFF,decimal 0-4294967295)
Type: string
Maximum Length: 10 characters
Maximum Length: 1 characters
key-ipv6
Description Encapsulate with key (Hexadecimal 0x0-0xFFFFFFFF,decimal 0-4294967295)
Type: string
Maximum Length: 10 characters
Maximum Length: 1 characters
preserve-src-ipv4-gre
Description Use original source ip for encapsulation
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
preserve-src-ipv6-gre
Description Use original source ip for encapsulation
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
template_udp-list_tunnel-encap_always¶
Specification Value Type object ipv4-addr
Description IPv4 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: ipv4-address
ipv6-addr
Description IPv6 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: ipv6-address
preserve-src-ipv4
Description Use original source ip for encapsulation
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
preserve-src-ipv6
Description Use original source ip for encapsulation
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
template_udp-list_spoof-detect-cfg¶
Specification Value Type object min-retry-gap
Description Optional minimum gap between 2 UDP packets for spoof-detect pass, unit is specified by min-retry-gap-interval
Type: number
Range: 1-80
min-retry-gap-interval
Description ‘100ms’: 100ms; ‘1sec’: 1sec;
Type: string
Supported Values: 100ms, 1sec
Default: 1sec
spoof-detect
Description Force client to retry on udp
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
spoof-detect-retry-timeout
Description timeout in seconds
Type: number
Range: 1-31
Default: 5
Mutual Exclusion: spoof-detect-retry-timeout and spoof-detect-retry-timeout-val-only are mutually exclusive
spoof-detect-retry-timeout-val-only
Description timeout in seconds
Type: number
Range: 1-31
Default: 5
Mutual Exclusion: spoof-detect-retry-timeout-val-only and spoof-detect-retry-timeout are mutually exclusive
template_udp-list_drop-known-resp-src-port-cfg¶
Specification Value Type object drop-known-resp-src-port
Description Drop well-known if src-port is less than 1024
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exclude-src-resp-port
Description excluding src port equal destination port
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
template_udp-list_filter-list¶
Specification Value Type list Block object keys byte-offset-filter
Description Filter Expression using Berkeley Packet Filter syntax
Type: string
Format: string-rlx
Maximum Length: 1275 characters
Maximum Length: 1 characters
udp-filter-action
Description ‘blacklist-src’: Also blacklist the source when action is taken; ‘whitelist-src’: Whitelist the source after filter passes, packets are dropped until then; ‘count-only’: Take no action and continue processing the next filter;
Type: string
Supported Values: blacklist-src, whitelist-src, count-only
udp-filter-regex
Description Regex Expression
Type: string
Format: string-rlx
Maximum Length: 1275 characters
Maximum Length: 1 characters
udp-filter-seq
Description Sequence number
Type: number
Range: 1-5
udp-filter-unmatched
Description action taken when it does not match
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
template_http-list¶
Specification Value Type list Block object keys action
Description ‘drop’: Drop packets for the connection; ‘reset’: Send RST for the connection;
Type: string
Supported Values: drop, reset
Default: drop
agent-filter
Description: agent-filter is a JSON Block. Please see below for template_http-list_agent-filter
Type: Object
challenge-cookie-name
Description Set the cookie name used to send back to client. Default is sto-idd
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
Default: sto-idd
challenge-interval
Description Specify the challenge interval. Default is 8 seconds
Type: number
Range: 1-31
Default: 8
challenge-keep-cookie
Description Keep the challenge cookie from client and forward to backend. Default is do not keep
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
challenge-method
Description ‘http-redirect’: http-redirect; ‘javascript’: javascript;
Type: string
Supported Values: http-redirect, javascript
challenge-redirect-code
Description ‘302’: 302 Found; ‘307’: 307 Temporary Redirect;
Type: string
Supported Values: 302, 307
Default: 302
challenge-uri-encode
Description Encode the challenge phrase in uri instead of in http cookie. Default encoded in http cookie
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
disable
Description Disable this template
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
disallow-connect-method
Description Do not allow HTTP Connect method (asymmetric mode only)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
filter-header-list
Type: List
Reference Object: /axapi/v3/ddos/template/http/{http-tmpl-name}/filter-header/{http-filter-header-seq}
http-tmpl-name
Description DDOS HTTP Template Name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
idle-timeout
Description Set the the idle timeout value in seconds for HTTP connections
Type: number
Range: 1-63
ignore-zero-payload
Description Don’t reset idle timer on packets with zero payload length from clients
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
malformed-http
Description: malformed-http is a JSON Block. Please see below for template_http-list_malformed-http
Type: Object
mss-cfg
Description: mss-cfg is a JSON Block. Please see below for template_http-list_mss-cfg
Type: Object
multi-pu-threshold-distribution
Description: multi-pu-threshold-distribution is a JSON Block. Please see below for template_http-list_multi-pu-threshold-distribution
Type: Object
non-http-bypass
Description Bypass non-http traffic instead of dropping
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
out-of-order-queue-size
Description Set the number of packets for the out-of-order HTTP queue (asym mode only)
Type: number
Range: 0-15
Default: 3
out-of-order-queue-timeout
Description Set the timeout value in seconds for out-of-order queue in HTTP (asym mode only)
Type: number
Range: 0-15
Default: 3
post-rate-limit
Description Configure rate limiting for HTTP POST request
Type: number
Range: 1-16000000
referer-filter
Description: referer-filter is a JSON Block. Please see below for template_http-list_referer-filter
Type: Object
request-header
Description: request-header is a JSON Block. Please see below for template_http-list_request-header
Type: Object
request-rate-limit
Description: request-rate-limit is a JSON Block. Please see below for template_http-list_request-rate-limit
Type: Object
response-rate-limit
Description: response-rate-limit is a JSON Block. Please see below for template_http-list_response-rate-limit
Type: Object
slow-read-drop
Description: slow-read-drop is a JSON Block. Please see below for template_http-list_slow-read-drop
Type: Object
use-hdr-ip-cfg
Description: use-hdr-ip-cfg is a JSON Block. Please see below for template_http-list_use-hdr-ip-cfg
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
template_http-list_request-rate-limit¶
Specification Value Type object request-rate
Description HTTP request rate limit
Type: number
Range: 1-16000000
uri
Type: List
template_http-list_request-rate-limit_uri¶
Specification Value Type list Block object keys contains-cfg
Description: contains-cfg is a JSON Block. Please see below for template_http-list_request-rate-limit_uri_contains-cfg
Type: Object
ends-cfg
Description: ends-cfg is a JSON Block. Please see below for template_http-list_request-rate-limit_uri_ends-cfg
Type: Object
equal-cfg
Description: equal-cfg is a JSON Block. Please see below for template_http-list_request-rate-limit_uri_equal-cfg
Type: Object
starts-cfg
Description: starts-cfg is a JSON Block. Please see below for template_http-list_request-rate-limit_uri_starts-cfg
Type: Object
template_http-list_request-rate-limit_uri_equal-cfg¶
Specification Value Type object url-equals
Description Request rate-limit HTTP URI matching a specified pattern
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
url-equals-rate
Description Request rate limit
Type: number
Range: 1-16000000
template_http-list_request-rate-limit_uri_starts-cfg¶
Specification Value Type object url-starts-with
Description Request rate-limit HTTP URI strting with a specified pattern
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
url-starts-with-rate
Description Request rate limit
Type: number
Range: 1-16000000
template_http-list_request-rate-limit_uri_contains-cfg¶
Specification Value Type object url-contains
Description Request rate-limit HTTP URI containing a specified pattern
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
url-contains-rate
Description Request rate limit
Type: number
Range: 1-16000000
template_http-list_request-rate-limit_uri_ends-cfg¶
Specification Value Type object url-ends-with
Description Request rate-limit HTTP URI ending with a specified pattern
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
url-ends-with-rate
Description Request rate limit
Type: number
Range: 1-16000000
template_http-list_multi-pu-threshold-distribution¶
Specification Value Type object multi-pu-threshold-distribution-disable
Description ‘disable’: Destination side rate limit only. Default: Enable;
Type: string
Supported Values: disable
Mutual Exclusion: multi-pu-threshold-distribution-disable and multi-pu-threshold-distribution-value are mutually exclusive
multi-pu-threshold-distribution-value
Description Destination side rate limit only. Default: 0
Type: number
Range: 1-16000000
Mutual Exclusion: multi-pu-threshold-distribution-value and multi-pu-threshold-distribution-disable are mutually exclusive
template_http-list_malformed-http¶
Specification Value Type object malformed-http-bad-chunk-mon-enabled
Description Enabling bad chunk monitoring. Default is disabled
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
malformed-http-enabled
Description Enabling ddos malformed http protection. Default value is disabled.
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
malformed-http-max-content-length
Description Set the maximum content-length header. Default value is 4294967295 bytes
Type: number
Range: 1-4294967295
Default: 4294967295
malformed-http-max-header-name-size
Description Set the maxinum header name length. Default value is 64.
Type: number
Range: 1-64
Default: 64
malformed-http-max-line-size
Description Set the maximum line size. Default value is 32512
Type: number
Range: 1-65280
Default: 32512
malformed-http-max-num-headers
Description Set the maximum number of headers. Default value is 90
Type: number
Range: 1-90
Default: 90
malformed-http-max-req-line-size
Description Set the maximum request line size. Default value is 32512
Type: number
Range: 1-65280
Default: 32512
template_http-list_request-header¶
Specification Value Type object timeout
Description
Type: number
Range: 1-63
template_http-list_agent-filter¶
Specification Value Type object agent-contains-cfg
Type: Listagent-ends-cfg
Type: Listagent-equals-cfg
Type: Listagent-filter-blacklist
Description Blacklist the source if the user-agent matches
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
agent-starts-cfg
Type: List
template_http-list_agent-filter_agent-contains-cfg¶
Specification Value Type list Block object keys agent-contains
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
template_http-list_agent-filter_agent-ends-cfg¶
Specification Value Type list Block object keys agent-ends-with
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
template_http-list_agent-filter_agent-equals-cfg¶
Specification Value Type list Block object keys agent-equals
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
template_http-list_agent-filter_agent-starts-cfg¶
Specification Value Type list Block object keys agent-starts-with
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
template_http-list_filter-header-list¶
Specification Value Type list Block object keys http-filter-header-blacklist
Description Also blacklist the source when action is taken
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
http-filter-header-count-only
Description Take no action and continue processing the next filter
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
http-filter-header-regex
Description Regex Expression
Type: string
Format: string-rlx
Maximum Length: 1275 characters
Maximum Length: 1 characters
http-filter-header-seq
Description Sequence number
Type: number
Range: 1-5
http-filter-header-unmatched
Description action taken when it does not match
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
http-filter-header-whitelist
Description Whitelist the source after filter passes, packets are dropped until then
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
template_http-list_response-rate-limit¶
Specification Value Type object obj-size
Description: obj-size is a JSON Block. Please see below for template_http-list_response-rate-limit_obj-size
Type: Object
template_http-list_response-rate-limit_obj-size¶
Specification Value Type object between-cfg
Type: Listgreater-cfg
Type: Listless-cfg
Type: List
template_http-list_response-rate-limit_obj-size_between-cfg¶
Specification Value Type list Block object keys obj-between-rate
Description Response rate limit
Type: number
Range: 1-16000000
obj-between1
Description Response size configuration
Type: number
Range: 1-16000000
obj-between2
Description Response size configuration
Type: number
Range: 1-16000000
template_http-list_response-rate-limit_obj-size_greater-cfg¶
Specification Value Type list Block object keys obj-greater
Description Response size configuration
Type: number
Range: 1-16000000
obj-greater-rate
Description Response rate limit
Type: number
Range: 1-16000000
template_http-list_response-rate-limit_obj-size_less-cfg¶
Specification Value Type list Block object keys obj-less
Description Response size configuration
Type: number
Range: 1-16000000
obj-less-rate
Description Response rate limit
Type: number
Range: 1-16000000
template_http-list_mss-cfg¶
Specification Value Type object mss-percent
Description Configure percentage of mss such that if a packet size is below the mss times mss-percent, packet is considered bad.
Type: number
Range: 1-100
mss-timeout
Description Configure DDOS detection based on mss and packet size
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
number-packets
Description Specify percentage of mss. Default is 0, mss-timeout is not enabled.
Type: number
Range: 1-31
template_http-list_referer-filter¶
Specification Value Type object ref-filter-blacklist
Description Blacklist the source if the referer matches
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
referer-contains-cfg
Type: Listreferer-ends-cfg
Type: Listreferer-equals-cfg
Type: Listreferer-starts-cfg
Type: List
template_http-list_referer-filter_referer-equals-cfg¶
Specification Value Type list Block object keys referer-equals
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
template_http-list_referer-filter_referer-starts-cfg¶
Specification Value Type list Block object keys referer-starts-with
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
template_http-list_referer-filter_referer-contains-cfg¶
Specification Value Type list Block object keys referer-contains
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
template_http-list_referer-filter_referer-ends-cfg¶
Specification Value Type list Block object keys referer-ends-with
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
template_http-list_slow-read-drop¶
Specification Value Type object min-window-count
Description Number of packets
Type: number
Range: 1-31
min-window-size
Description minimum window size
Type: number
Range: 1-65535
template_http-list_use-hdr-ip-cfg¶
Specification Value Type object l7-hdr-name
Description Set the http header name to parse for client ip. Default is X-Forwarded-For
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
Default: X-Forwarded-For
use-hdr-ip-as-source
Description Mitigate on src ip specified by http header for example X-Forwarded-For header. Default is disabled
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
template_sip-list¶
Specification Value Type list Block object keys action
Description ‘drop’: Drop packets for sip connection; ‘reset’: Send RST for sip-tcp connection;
Type: string
Supported Values: drop, reset
Default: drop
dst
Description: dst is a JSON Block. Please see below for template_sip-list_dst
Type: Object
filter-header-list
Type: List
Reference Object: /axapi/v3/ddos/template/sip/{sip-tmpl-name}/filter-header/{sip-filter-header-seq}
idle-timeout
Description Set the the idle timeout value for sip-tcp connections
Type: number
Range: 1-63
ignore-zero-payload
Description Don’t reset idle timer on packets with zero payload length from clients
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
malformed-sip
Description: malformed-sip is a JSON Block. Please see below for template_sip-list_malformed-sip
Type: Object
Reference Object: /axapi/v3/ddos/template/sip/{sip-tmpl-name}/malformed-sip
multi-pu-threshold-distribution
Description: multi-pu-threshold-distribution is a JSON Block. Please see below for template_sip-list_multi-pu-threshold-distribution
Type: Object
sip-tmpl-name
Description DDOS SIP Template Name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
src
Description: src is a JSON Block. Please see below for template_sip-list_src
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
template_sip-list_src¶
Specification Value Type object sip-request-rate-limit
Description: sip-request-rate-limit is a JSON Block. Please see below for template_sip-list_src_sip-request-rate-limit
Type: Object
template_sip-list_src_sip-request-rate-limit¶
Specification Value Type object method
Description: method is a JSON Block. Please see below for template_sip-list_src_sip-request-rate-limit_method
Type: Object
template_sip-list_src_sip-request-rate-limit_method¶
Specification Value Type object bye-cfg
Description: bye-cfg is a JSON Block. Please see below for template_sip-list_src_sip-request-rate-limit_method_bye-cfg
Type: Object
invite-cfg
Description: invite-cfg is a JSON Block. Please see below for template_sip-list_src_sip-request-rate-limit_method_invite-cfg
Type: Object
message-cfg
Description: message-cfg is a JSON Block. Please see below for template_sip-list_src_sip-request-rate-limit_method_message-cfg
Type: Object
notify-cfg
Description: notify-cfg is a JSON Block. Please see below for template_sip-list_src_sip-request-rate-limit_method_notify-cfg
Type: Object
options-cfg
Description: options-cfg is a JSON Block. Please see below for template_sip-list_src_sip-request-rate-limit_method_options-cfg
Type: Object
refer-cfg
Description: refer-cfg is a JSON Block. Please see below for template_sip-list_src_sip-request-rate-limit_method_refer-cfg
Type: Object
register-cfg
Description: register-cfg is a JSON Block. Please see below for template_sip-list_src_sip-request-rate-limit_method_register-cfg
Type: Object
subscribe-cfg
Description: subscribe-cfg is a JSON Block. Please see below for template_sip-list_src_sip-request-rate-limit_method_subscribe-cfg
Type: Object
update-cfg
Description: update-cfg is a JSON Block. Please see below for template_sip-list_src_sip-request-rate-limit_method_update-cfg
Type: Object
template_sip-list_src_sip-request-rate-limit_method_options-cfg¶
Specification Value Type object src-sip-options-cfg-flag
Description OPTIONS method
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
src-sip-options-rate
Description
Type: number
Range: 1-16000000
template_sip-list_src_sip-request-rate-limit_method_refer-cfg¶
Specification Value Type object src-sip-refer-cfg-flag
Description REFER method
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
src-sip-refer-rate
Description
Type: number
Range: 1-16000000
template_sip-list_src_sip-request-rate-limit_method_bye-cfg¶
Specification Value Type object src-sip-bye-cfg-flag
Description BYE method
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
src-sip-bye-rate
Description
Type: number
Range: 1-16000000
template_sip-list_src_sip-request-rate-limit_method_subscribe-cfg¶
Specification Value Type object src-sip-subscribe-cfg-flag
Description SUBSCRIBE method
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
src-sip-subscribe-rate
Description
Type: number
Range: 1-16000000
template_sip-list_src_sip-request-rate-limit_method_register-cfg¶
Specification Value Type object src-sip-register-cfg-flag
Description REGISTER method
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
src-sip-register-rate
Description
Type: number
Range: 1-16000000
template_sip-list_src_sip-request-rate-limit_method_invite-cfg¶
Specification Value Type object src-sip-invite-cfg-flag
Description INVITE method
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
src-sip-invite-rate
Description
Type: number
Range: 1-16000000
template_sip-list_src_sip-request-rate-limit_method_message-cfg¶
Specification Value Type object src-sip-message-cfg-flag
Description MESSAGE method
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
src-sip-message-rate
Description
Type: number
Range: 1-16000000
template_sip-list_src_sip-request-rate-limit_method_update-cfg¶
Specification Value Type object src-sip-update-cfg-flag
Description UPDATE method
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
src-sip-update-rate
Description
Type: number
Range: 1-16000000
template_sip-list_src_sip-request-rate-limit_method_notify-cfg¶
Specification Value Type object src-sip-notify-cfg-flag
Description NOTIFY method
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
src-sip-notify-rate
Description
Type: number
Range: 1-16000000
template_sip-list_dst¶
Specification Value Type object sip-request-rate-limit
Description: sip-request-rate-limit is a JSON Block. Please see below for template_sip-list_dst_sip-request-rate-limit
Type: Object
template_sip-list_dst_sip-request-rate-limit¶
Specification Value Type object method
Description: method is a JSON Block. Please see below for template_sip-list_dst_sip-request-rate-limit_method
Type: Object
template_sip-list_dst_sip-request-rate-limit_method¶
Specification Value Type object bye-cfg
Description: bye-cfg is a JSON Block. Please see below for template_sip-list_dst_sip-request-rate-limit_method_bye-cfg
Type: Object
invite-cfg
Description: invite-cfg is a JSON Block. Please see below for template_sip-list_dst_sip-request-rate-limit_method_invite-cfg
Type: Object
message-cfg
Description: message-cfg is a JSON Block. Please see below for template_sip-list_dst_sip-request-rate-limit_method_message-cfg
Type: Object
notify-cfg
Description: notify-cfg is a JSON Block. Please see below for template_sip-list_dst_sip-request-rate-limit_method_notify-cfg
Type: Object
options-cfg
Description: options-cfg is a JSON Block. Please see below for template_sip-list_dst_sip-request-rate-limit_method_options-cfg
Type: Object
refer-cfg
Description: refer-cfg is a JSON Block. Please see below for template_sip-list_dst_sip-request-rate-limit_method_refer-cfg
Type: Object
register-cfg
Description: register-cfg is a JSON Block. Please see below for template_sip-list_dst_sip-request-rate-limit_method_register-cfg
Type: Object
subscribe-cfg
Description: subscribe-cfg is a JSON Block. Please see below for template_sip-list_dst_sip-request-rate-limit_method_subscribe-cfg
Type: Object
update-cfg
Description: update-cfg is a JSON Block. Please see below for template_sip-list_dst_sip-request-rate-limit_method_update-cfg
Type: Object
template_sip-list_dst_sip-request-rate-limit_method_options-cfg¶
Specification Value Type object dst-sip-options-cfg-flag
Description OPTIONS method
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dst-sip-options-rate
Description
Type: number
Range: 1-16000000
template_sip-list_dst_sip-request-rate-limit_method_refer-cfg¶
Specification Value Type object dst-sip-refer-cfg-flag
Description REFER method
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dst-sip-refer-rate
Description
Type: number
Range: 1-16000000
template_sip-list_dst_sip-request-rate-limit_method_bye-cfg¶
Specification Value Type object dst-sip-bye-cfg-flag
Description BYE method
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dst-sip-bye-rate
Description
Type: number
Range: 1-16000000
template_sip-list_dst_sip-request-rate-limit_method_subscribe-cfg¶
Specification Value Type object dst-sip-subscribe-cfg-flag
Description SUBSCRIBE method
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dst-sip-subscribe-rate
Description
Type: number
Range: 1-16000000
template_sip-list_dst_sip-request-rate-limit_method_register-cfg¶
Specification Value Type object dst-sip-register-cfg-flag
Description REGISTER method
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dst-sip-register-rate
Description
Type: number
Range: 1-16000000
template_sip-list_dst_sip-request-rate-limit_method_invite-cfg¶
Specification Value Type object dst-sip-invite-cfg-flag
Description INVITE method
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dst-sip-invite-rate
Description
Type: number
Range: 1-16000000
template_sip-list_dst_sip-request-rate-limit_method_message-cfg¶
Specification Value Type object dst-sip-message-cfg-flag
Description MESSAGE method
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dst-sip-message-rate
Description
Type: number
Range: 1-16000000
template_sip-list_dst_sip-request-rate-limit_method_update-cfg¶
Specification Value Type object dst-sip-update-cfg-flag
Description UPDATE method
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dst-sip-update-rate
Description
Type: number
Range: 1-16000000
template_sip-list_dst_sip-request-rate-limit_method_notify-cfg¶
Specification Value Type object dst-sip-notify-cfg-flag
Description NOTIFY method
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dst-sip-notify-rate
Description
Type: number
Range: 1-16000000
template_sip-list_multi-pu-threshold-distribution¶
Specification Value Type object multi-pu-threshold-distribution-disable
Description ‘disable’: Destination side rate limit only. Default: Enable;
Type: string
Supported Values: disable
Mutual Exclusion: multi-pu-threshold-distribution-disable and multi-pu-threshold-distribution-value are mutually exclusive
multi-pu-threshold-distribution-value
Description Destination side rate limit only. Default: 0
Type: number
Range: 1-16000000
Mutual Exclusion: multi-pu-threshold-distribution-value and multi-pu-threshold-distribution-disable are mutually exclusive
template_sip-list_malformed-sip¶
Specification Value Type object malformed-sip-call-id-max-length
Description Set the maximum call-id length. Default value is 32511
Type: number
Range: 1-32511
Default: 32511
malformed-sip-check
Description ‘enable-check’: Enable malformed SIP parameters;
Type: string
Supported Values: enable-check
malformed-sip-max-header-name-length
Description Set the maximum header name length. Default value is 63
Type: number
Range: 1-63
Default: 63
malformed-sip-max-header-value-length
Description Set the maximum header value length. Default value is 32511
Type: number
Range: 1-32511
Default: 32511
malformed-sip-max-line-size
Description Set the maximum line size. Default value is 32511
Type: number
Range: 1-32511
Default: 32511
malformed-sip-max-uri-length
Description Set the maximum uri size. Default value is 32511
Type: number
Range: 1-32511
Default: 32511
malformed-sip-sdp-max-length
Description Set the maxinum SDP content length. Default value is 32511
Type: number
Range: 1-32511
Default: 32511
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
template_sip-list_filter-header-list¶
Specification Value Type list Block object keys sip-filter-header-blacklist
Description Also blacklist the source when action is taken
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sip-filter-header-count-only
Description Take no action and continue processing the next filter
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sip-filter-header-regex
Description Regex Expression
Type: string
Format: string-rlx
Maximum Length: 1275 characters
Maximum Length: 1 characters
sip-filter-header-seq
Description Sequence number
Type: number
Range: 1-5
sip-filter-header-unmatched
Description action taken when it does not match
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sip-filter-header-whitelist
Description Whitelist the source after filter passes, packets are dropped until then
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
template_icmp-v6-list¶
Specification Value Type list Block object keys icmp-tmpl-name
Description DDOS ICMPv6 Template Name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
type-list
Type: List
Reference Object: /axapi/v3/ddos/template/icmp-v6/{icmp-tmpl-name}/type/{type-number}
type-other
Description: type-other is a JSON Block. Please see below for template_icmp-v6-list_type-other
Type: Object
Reference Object: /axapi/v3/ddos/template/icmp-v6/{icmp-tmpl-name}/type-other
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
template_icmp-v6-list_type-other¶
Specification Value Type object type-other-deny
Description Deny all other type
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: type-other-deny and type-other-rate are mutually exclusive
type-other-rate
Description Specify rate with other type
Type: number
Range: 1-16000000
Mutual Exclusion: type-other-rate and type-other-deny are mutually exclusive
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
template_icmp-v6-list_type-list¶
Specification Value Type list Block object keys code
Type: Listcode-other
Description: code-other is a JSON Block. Please see below for template_icmp-v6-list_type-list_code-other
Type: Object
type-deny
Description Reject this ICMP type
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: type-deny, type-rate, and code-other-rate are mutually exclusive
type-number
Description Specify ICMP type number
Type: number
Range: 0-255
type-rate
Description Specify the whole rate with this type
Type: number
Range: 1-16000000
Mutual Exclusion: type-rate and type-deny are mutually exclusive
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
template_icmp-v6-list_type-list_code¶
Specification Value Type list Block object keys code-number
Description Specify the ICMP code
Type: number
Range: 0-255
code-rate
Description Specify the rate with the code
Type: number
Range: 1-16000000
template_icmp-v6-list_type-list_code-other¶
Specification Value Type object code-other-rate
Description Specify rate with other code
Type: number
Range: 1-16000000
Mutual Exclusion: code-other-rate and type-deny are mutually exclusive
l4-sync¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
outbound-policy-list¶
Specification Value Type list Block object keys asn-based-tracking
Description: asn-based-tracking is a JSON Block. Please see below for outbound-policy-list_asn-based-tracking
Type: Object
Reference Object: /axapi/v3/ddos/outbound-policy/{name}/asn-based-tracking
country-based-tracking
Description: country-based-tracking is a JSON Block. Please see below for outbound-policy-list_country-based-tracking
Type: Object
Reference Object: /axapi/v3/ddos/outbound-policy/{name}/country-based-tracking
name
Description Specify name of the policy
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
policy-class-list-list
Type: List
Reference Object: /axapi/v3/ddos/outbound-policy/{name}/policy-class-list/{class-list-name}
policy-default-class-list
Description: policy-default-class-list is a JSON Block. Please see below for outbound-policy-list_policy-default-class-list
Type: Object
Reference Object: /axapi/v3/ddos/outbound-policy/{name}/policy-default-class-list
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
outbound-policy-list_country-based-tracking¶
Specification Value Type object configuration
Description ‘configuration’: Configure country based tracking;
Type: string
Supported Values: configuration
packet-rate-triggered
Description Triggered by 1/2 packet rate limitation in per-country-glid.
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
per-country-glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
outbound-policy-list_policy-default-class-list¶
Specification Value Type object class-list-glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
configuration
Description Default class-list configuration
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
outbound-policy-list_asn-based-tracking¶
Specification Value Type object configuration
Description ‘configuration’: Configure asn based tracking;
Type: string
Supported Values: configuration
packet-rate-triggered
Description Triggered by 1/2 packet rate limitation in per-asn-glid.
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
per-asn-glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
outbound-policy-list_policy-class-list-list¶
Specification Value Type list Block object keys class-list-glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
class-list-name
Description Class-list name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/class-list
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
geo-location¶
Specification Value Type object db
Description: db is a JSON Block. Please see below for geo-location_db
Type: Object
Reference Object: /axapi/v3/ddos/geo-location/db
file
Description: file is a JSON Block. Please see below for geo-location_file
Type: Object
Reference Object: /axapi/v3/ddos/geo-location/file
geo-location_db¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
geo-location_file¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
src-port-template¶
Specification Value Type object dns-list
Type: List
Reference Object: /axapi/v3/ddos/src-port-template/dns/{name}
tcp-list
Type: List
Reference Object: /axapi/v3/ddos/src-port-template/tcp/{name}
udp-list
Type: List
Reference Object: /axapi/v3/ddos/src-port-template/udp/{name}
src-port-template_udp-list¶
Specification Value Type list Block object keys drop-ntp-monlist
Description Drop NTP monlist request/response
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
filter-list
Type: List
Reference Object: /axapi/v3/ddos/src-port-template/udp/{name}/filter/{udp-filter-seq}
max-payload-size
Description Maximum UDP payload size for each single packet
Type: number
Range: 1-1470
min-payload-size
Description Minimum UDP payload size for each single packet
Type: number
Range: 1-1470
name
Description DDOS UDP Template Name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
src-port-template_udp-list_filter-list¶
Specification Value Type list Block object keys byte-offset-filter
Description Filter Expression using Berkeley Packet Filter syntax
Type: string
Format: string-rlx
Maximum Length: 1275 characters
Maximum Length: 1 characters
udp-filter-action
Description ‘blacklist-src’: Also blacklist the source when action is taken; ‘whitelist-src’: Whitelist the source after filter passes, packets are dropped until then; ‘count-only’: Take no action and continue processing the next filter;
Type: string
Supported Values: blacklist-src, whitelist-src, count-only
udp-filter-regex
Description Regex Expression
Type: string
Format: string-rlx
Maximum Length: 1275 characters
Maximum Length: 1 characters
udp-filter-seq
Description Sequence number
Type: number
Range: 1-5
udp-filter-unmatched
Description action taken when it does not match
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
src-port-template_dns-list¶
Specification Value Type list Block object keys name
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
query-resolution-check
Description: query-resolution-check is a JSON Block. Please see below for src-port-template_dns-list_query-resolution-check
Type: Object
Reference Object: /axapi/v3/ddos/src-port-template/dns/{name}/query-resolution-check
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
src-port-template_dns-list_query-resolution-check¶
Specification Value Type object big-response-action
Description ‘default’: Default, No action for future connections; ‘blacklist-src’: Blacklist the external server for future connections;
Type: string
Supported Values: default, blacklist-src
Default: default
big-response-size
Description Max DNS response size (in Bytes)
Type: number
Range: 1-4096
domain-lockup-action
Description ‘default’: Default, No action for future connections; ‘blacklist-src’: Blacklist the external server for future connections;
Type: string
Supported Values: default, blacklist-src
Default: default
session-timeout-value
Description max session timeout (secs) between DNS external server and Protected object
Type: number
Range: 1-30
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
src-port-template_tcp-list¶
Specification Value Type list Block object keys filter-list
Type: List
Reference Object: /axapi/v3/ddos/src-port-template/tcp/{name}/filter/{tcp-filter-seq}
name
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
src-port-template_tcp-list_filter-list¶
Specification Value Type list Block object keys byte-offset-filter
Description Filter Expression using Berkeley Packet Filter syntax
Type: string
Format: string-rlx
Maximum Length: 1275 characters
Maximum Length: 1 characters
tcp-filter-action
Description ‘blacklist-src’: Also blacklist the source when action is taken; ‘whitelist-src’: Whitelist the source after filter passes, packets are dropped until then; ‘count-only’: Take no action and continue processing the next filter;
Type: string
Supported Values: blacklist-src, whitelist-src, count-only
tcp-filter-regex
Description Regex Expression
Type: string
Format: string-rlx
Maximum Length: 1275 characters
Maximum Length: 1 characters
tcp-filter-seq
Description Sequence number
Type: number
Range: 1-5
tcp-filter-unmatched
Description action taken when it does not match
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
local-address¶
Specification Value Type object ip-list
Type: List
Reference Object: /axapi/v3/ddos/local-address/ip/{ip-addr}
ipv6-list
Type: List
Reference Object: /axapi/v3/ddos/local-address/ipv6/{ipv6-addr}
local-address_ip-list¶
Specification Value Type list Block object keys ip-addr
Description DDoS IPv4 Address for syn cookie usage
Type: string
Format: ipv4-address
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
local-address_ipv6-list¶
Specification Value Type list Block object keys ipv6-addr
Description DDoS IPv6 Address for syn cookie usage
Type: string
Format: ipv6-address
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
l4-tcp¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
reporting¶
Specification Value Type object toggle
Description ‘disable-on-limit-reached’: Disable reporting on DST/Port entry when the max reporting count is reached; ‘reject-on-limit-reached’: Reject the configuration when the max reporting count is reached;
Type: string
Supported Values: disable-on-limit-reached, reject-on-limit-reached
Default: reject-on-limit-reached
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
violation-actions-list¶
Specification Value Type list Block object keys blackhole
Description Blackhole the zone (in minute, 0 means infinite)
Type: number
Range: 0-30
blacklist-src
Description Blacklist-src (in min) (applied only for source action)
Type: number
Range: 1-30
execute-script
Description Specify DDOS script to run (applied only for zone action)
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
execute-script-timeout
Description Timeout for script execution (in seconds) (applied only for zone action)
Type: number
Range: 5-20
name
Description DDOS violation-actions name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
notification
Type: Listsend-notification-only
Description Forces TPS to only send out notification for the violation-action
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
violation-actions-list_notification¶
Specification Value Type list Block object keys notification-template
Description Specify the notification template name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/notification-template
protection¶
Specification Value Type object close-sess-for-unauth-src-without-rst
Description When closing unauthenticated sessions, don’t send TCP RST for established TCP sessions. (Default disabled / sending TCP RST for
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
disable-advanced-core-analysis
Description Disable advanced context info in coredump file
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
disable-delay-dynamic-src-learning
Description Disable delay dynamic src entry learning
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
disable-on-reboot
Description Disable DDoS protection upon reboot/reload
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
disallow-rst-ack-in-syn-auth
Description Disallow RST-ACK passing syn-auth
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
enable-now
Description Override disable-on-reboot to enable runtime DDOS protection
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
fast-aging
Description: fast-aging is a JSON Block. Please see below for protection_fast-aging
Type: Object
fast-path-disable
Description Disable fast path in SLB processing
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
force-routing-on-transp
Description Force use of routing in transparent mode
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
force-traffic-to-same-blade-disable
Description Allow traffic to be distributed among blades on Chassis
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
hw-blocking-enable
Description Enable hardware blacklist blocking for src or dst default entries (default disabled)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
hw-blocking-threshold-limit
Description Threshold to initiate hardware blocking (default 10000)
Type: number
Range: 1-16000000
Default: 10000
ipv6-src-hash-mask-bits
Description: ipv6-src-hash-mask-bits is a JSON Block. Please see below for protection_ipv6-src-hash-mask-bits
Type: Object
Reference Object: /axapi/v3/ddos/protection/ipv6-src-hash-mask-bits
mpls
Description Enable MPLS packet inspection
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
multi-pu-zone-distribution
Description: multi-pu-zone-distribution is a JSON Block. Please see below for protection_multi-pu-zone-distribution
Type: Object
Reference Object: /axapi/v3/ddos/protection/multi-pu-zone-distribution
non-zero-win-size-syncookie
Description Send syn-cookie with fix TCP window size if SYN packet has zero window size (default disabled)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
progression-tracking
Description ‘enable’: enable; ‘disable’: disable;
Type: string
Supported Values: enable, disable
Default: enable
rate-interval
Description ‘100ms’: 100ms; ‘1sec’: 1sec;
Type: string
Supported Values: 100ms, 1sec
Default: 100ms
rexmit-syn-log
Description Enable ddos per flow rexmit syn exceeded log
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
src-dst-entry-limit
Description ‘8M’: 8 Million; ‘16M’: 16 Million; ‘unlimited’: Unlimited; ‘platform-default’: Half of platform maximum;
Type: string
Supported Values: 8M, 16M, unlimited, platform-default
Default: 16M
src-ip-hash-bit
Description Configure which bit hashed on
Type: number
Range: 0-31
Default: 2
src-ipv6-hash-bit
Description Configure which bit hashed on
Type: number
Range: 0-127
Default: 2
src-zone-port-entry-limit
Description ‘8M’: 8 Million; ‘16M’: 16 Million; ‘unlimited’: Unlimited; ‘platform-default’: Half of platform maximum;
Type: string
Supported Values: 8M, 16M, unlimited, platform-default
Default: 16M
toggle
Description ‘enable’: enable; ‘disable’: disable;
Type: string
Supported Values: enable, disable
Default: disable
use-route
Description Use route table, default use receive hop for device initiated traffic
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
protection_fast-aging¶
Specification Value Type object half-open-conn-ratio
Description Minimum half-open session to total session ratio before session fast aging will take effect (default 25)
Type: number
Range: 1-99
Default: 25
half-open-conn-threshold
Description Minimum half-open session (percentage) before session fast aging will take effect (default 1)
Type: number
Range: 1-99
Default: 1
protection_ipv6-src-hash-mask-bits¶
Specification Value Type object mask-bit-offset-1
Description Configure mask bits
Type: number
Range: 0-127
mask-bit-offset-2
Description Configure mask bits
Type: number
Range: 0-127
mask-bit-offset-3
Description Configure mask bits
Type: number
Range: 0-127
mask-bit-offset-4
Description Configure mask bits
Type: number
Range: 0-127
mask-bit-offset-5
Description Configure mask bits
Type: number
Range: 0-127
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
protection_multi-pu-zone-distribution¶
Specification Value Type object cpu-threshold-per-entry
Description Entry/zone percentage threshold of CPU usage for source hash mode. Requires distribution-method cpu-usage. Default:60
Type: number
Range: 30-100
Default: 60
cpu-threshold-per-pu
Description Per PU percentage threshold of average CPU usage to start check entry usage. Requires distribution-method cpu-usage. Default:80
Type: number
Range: 60-100
Default: 80
distribution-method
Description ‘cpu-usage’: Entry/Zone distribution based on CPU usage percentage; ‘traffic-rate’: Entry/Zone distribution based on traffic kbit/pkt rate (Default);
Type: string
Supported Values: cpu-usage, traffic-rate
Default: traffic-rate
rate-kbit-threshold
Description DDOS DST Entry/Zone kbit rate threshold for source hash mode
Type: number
Range: 1-150000000
Default: 150000000
rate-pkt-threshold
Description DDOS DST Entry/Zone packet rate threshold for source hash mode
Type: number
Range: 1-55000000
Default: 55000000
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
notification-template-list¶
Specification Value Type list Block object keys api
Description: api is a JSON Block. Please see below for notification-template-list_api
Type: Object
Reference Object: /axapi/v3/ddos/notification-template/{name}/api
debug-mode
Description Enable debug mode
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
disable
Description Disable the notification template (Disable notification temaplate)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
name
Description DDOS nofitication template name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
test-connectivity
Description Test connectivity to notification receiver
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
verbose
Description Dump zone IPs to the payload
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
notification-template-list_api¶
Specification Value Type object authentication
Description: authentication is a JSON Block. Please see below for notification-template-list_api_authentication
Type: Object
Reference Object: /axapi/v3/ddos/notification-template/{name}/api/authentication
disable-authentication
Description Disable authentication to communicate to the host
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
host-ipv4-address
Description Configure the host IPv4 address to send notification (IPv4 address of the host)
Type: string
Format: ipv4-address
Mutual Exclusion: host-ipv4-address, host-ipv6-address, and hostname are mutually exclusive
host-ipv6-address
Description Configure the host IPv6 address to send notification (IPv6 address of the host)
Type: string
Format: ipv6-address
Mutual Exclusion: host-ipv6-address, host-ipv4-address, and hostname are mutually exclusive
hostname
Description host name(e.g www.a10networks.com)
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Mutual Exclusion: hostname, host-ipv4-address, and host-ipv6-address are mutually exclusive
http-port
Description Configure the http port to use(default 80) (http port(default 80))
Type: number
Range: 1-65535
Default: 80
http-protocol
Description ‘http’: Use http protocol; ‘https’: Use https protocol(default); (http protocol)
Type: string
Supported Values: http, https
Default: https
https-port
Description Configure the https port to use(default 443) (https port(default 443))
Type: number
Range: 1-65535
Default: 443
relative-uri
Description Configure the relative uri for the api(e.g /example , default /) (api relative uri)
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
Default: /
timeout
Description Configure the api execution timeout(default 10secs) (api timeout)
Type: number
Range: 5-60
Default: 10
use-mgmt-port
Description Use management port to send out notification
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
notification-template-list_api_authentication¶
Specification Value Type object api-key
Description Configure api-key as a mode of authentication
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
api-key-encrypted
Description Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED secret string)api-key-string
Description Configure api-key as a mode of authentication
Type: string
Format: password
Maximum Length: 64 characters
Maximum Length: 1 characters
auth-password
Description Configure the authentication user password (Authentication password)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
auth-password-val
Description Configure the authentication user password (Authentication password)
Type: string
Format: password
Maximum Length: 63 characters
Maximum Length: 1 characters
auth-username
Description Configure the authentication user name
Type: string
Maximum Length: 63 characters
Maximum Length: 1 characters
encrypted
Description Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED secret string)relative-login-uri
Description Configure the authentication login uri
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
relative-logoff-uri
Description Configure the authentication logoff uri
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
notification-template-debug-log¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
l7-sip¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
resource-usage¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
src¶
Specification Value Type object default-list
Type: List
Reference Object: /axapi/v3/ddos/src/default/{default-address-type}
dynamic-entries-resource-usage
Description: dynamic-entries-resource-usage is a JSON Block. Please see below for src_dynamic-entries-resource-usage
Type: Object
Reference Object: /axapi/v3/ddos/src/dynamic-entries-resource-usage
dynamic-entry
Description: dynamic-entry is a JSON Block. Please see below for src_dynamic-entry
Type: Object
Reference Object: /axapi/v3/ddos/src/dynamic-entry
dynamic-entry-overflow-policy-list
Type: List
Reference Object: /axapi/v3/ddos/src/dynamic-entry-overflow-policy/{default-address-type}
entry-list
Type: List
Reference Object: /axapi/v3/ddos/src/entry/{src-entry-name}
geo-location-list
Type: List
Reference Object: /axapi/v3/ddos/src/geo-location/{geolocation-name}
src_default-list¶
Specification Value Type list Block object keys age
Description Idle age for ip entry
Type: number
Range: 2-1023
Default: 5
app-type-list
Type: List
Reference Object: /axapi/v3/ddos/src/default/{default-address-type}/app-type/{protocol}
apply-policy-on-overflow
Description Enable this flag to apply overflow policy when dynamic entry count overflows
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
default-address-type
Description ‘ip’: ip; ‘ipv6’: ipv6;
Type: string
Supported Values: ip, ipv6
disable
Description Disable
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exceed-log-cfg
Description: exceed-log-cfg is a JSON Block. Please see below for src_default-list_exceed-log-cfg
Type: Object
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
l4-type-list
Type: List
Reference Object: /axapi/v3/ddos/src/default/{default-address-type}/l4-type/{protocol}
log-periodic
Description Enable periodic log while event is continuing
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
max-dynamic-entry-count
Description Maximum count for dynamic src entry
Type: number
Range: 0-2147483647
template
Description: template is a JSON Block. Please see below for src_default-list_template
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
src_default-list_app-type-list¶
Specification Value Type list Block object keys protocol
Description ‘dns’: dns; ‘http’: http; ‘ssl-l4’: ssl-l4; ‘sip’: sip;
Type: string
Supported Values: dns, http, ssl-l4, sip
template
Description: template is a JSON Block. Please see below for src_default-list_app-type-list_template
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
src_default-list_app-type-list_template¶
Specification Value Type object dns
Description DDOS dns template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
http
Description DDOS http template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
sip
Description DDOS sip template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
ssl-l4
Description DDOS SSL-L4 template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
src_default-list_template¶
Specification Value Type object logging
Description DDOS logging template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
src_default-list_l4-type-list¶
Specification Value Type list Block object keys deny
Description Blacklist and Drop all incoming packets for protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
protocol
Description ‘tcp’: tcp; ‘udp’: udp; ‘icmp’: icmp; ‘other’: other;
Type: string
Supported Values: tcp, udp, icmp, other
template
Description: template is a JSON Block. Please see below for src_default-list_l4-type-list_template
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
src_default-list_l4-type-list_template¶
Specification Value Type object other
Description DDOS OTHER template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
tcp
Description DDOS TCP template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
template-icmp-v4
Description DDOS icmp-v4 template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
template-icmp-v6
Description DDOS icmp-v6 template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
udp
Description DDOS UDP template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
src_default-list_exceed-log-cfg¶
Specification Value Type object log-enable
Description Enable logging of limit exceed drop’s
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
src_dynamic-entries-resource-usage¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
src_entry-list¶
Specification Value Type list Block object keys app-type-list
Type: List
Reference Object: /axapi/v3/ddos/src/entry/{src-entry-name}/app-type/{protocol}
bypass
Description Always permit for the Source to bypass all feature & limit checks
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
description
Description Description for this Source Entry
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
exceed-log-cfg
Description: exceed-log-cfg is a JSON Block. Please see below for src_entry-list_exceed-log-cfg
Type: Object
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
hw-blacklist-blocking
Description: hw-blacklist-blocking is a JSON Block. Please see below for src_entry-list_hw-blacklist-blocking
Type: Object
Reference Object: /axapi/v3/ddos/src/entry/{src-entry-name}/hw-blacklist-blocking
ip-addr
Description
Type: string
Format: ipv4-address
ipv6-addr
Description
Type: string
Format: ipv6-address
l4-type-list
Type: List
Reference Object: /axapi/v3/ddos/src/entry/{src-entry-name}/l4-type/{protocol}
log-periodic
Description Enable periodic log while event is continuing
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
src-entry-name
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
subnet-ip-addr
Description IP Subnet
Type: string
Format: ipv4-cidr
subnet-ipv6-addr
Description IPV6 Subnet
Type: string
Format: ipv6-address-plen
template
Description: template is a JSON Block. Please see below for src_entry-list_template
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
src_entry-list_app-type-list¶
Specification Value Type list Block object keys protocol
Description ‘dns’: dns; ‘http’: http; ‘ssl-l4’: ssl-l4; ‘sip’: sip;
Type: string
Supported Values: dns, http, ssl-l4, sip
template
Description: template is a JSON Block. Please see below for src_entry-list_app-type-list_template
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
src_entry-list_app-type-list_template¶
Specification Value Type object dns
Description DDOS dns template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
http
Description DDOS http template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
sip
Description DDOS sip template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
ssl-l4
Description DDOS SSL-L4 template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
src_entry-list_hw-blacklist-blocking¶
Specification Value Type object src-enable
Description Enable Src side hardware blocking
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
src_entry-list_l4-type-list¶
Specification Value Type list Block object keys action
Description ‘permit’: Whitelist incoming packets for protocol; ‘deny’: Blacklist incoming packets for protocol;
Type: string
Supported Values: permit, deny
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
protocol
Description ‘tcp’: tcp; ‘udp’: udp; ‘icmp’: icmp; ‘other’: other;
Type: string
Supported Values: tcp, udp, icmp, other
template
Description: template is a JSON Block. Please see below for src_entry-list_l4-type-list_template
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
src_entry-list_l4-type-list_template¶
Specification Value Type object other
Description DDOS OTHER template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
tcp
Description DDOS TCP template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
template-icmp-v4
Description DDOS icmp-v4 template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
template-icmp-v6
Description DDOS icmp-v6 template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
udp
Description DDOS UDP template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
src_entry-list_exceed-log-cfg¶
Specification Value Type object log-enable
Description Enable logging of limit exceed drop’s
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
src_entry-list_template¶
Specification Value Type object logging
Description DDOS logging template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
src_geo-location-list¶
Specification Value Type list Block object keys app-type-list
Type: List
Reference Object: /axapi/v3/ddos/src/geo-location/{geolocation-name}/app-type/{protocol}
bypass
Description Always permit for the Source to bypass all feature & limit checks
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
description
Description Description for this Geolocation Entry
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
geolocation-name
Description Geolocation Name
Type: string
Format: string-rlx
Maximum Length: 15 characters
Maximum Length: 1 characters
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
l4-type-list
Type: List
Reference Object: /axapi/v3/ddos/src/geo-location/{geolocation-name}/l4-type/{protocol}
log-periodic
Description Enable periodic log while event is continuing
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
template
Description: template is a JSON Block. Please see below for src_geo-location-list_template
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
src_geo-location-list_app-type-list¶
Specification Value Type list Block object keys protocol
Description ‘dns’: dns; ‘http’: http; ‘ssl-l4’: ssl-l4; ‘sip’: sip;
Type: string
Supported Values: dns, http, ssl-l4, sip
template
Description: template is a JSON Block. Please see below for src_geo-location-list_app-type-list_template
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
src_geo-location-list_app-type-list_template¶
Specification Value Type object dns
Description DDOS DNS template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
http
Description DDOS HTTP template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
sip
Description DDOS sip template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
ssl-l4
Description DDOS SSL-L4 template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
src_geo-location-list_l4-type-list¶
Specification Value Type list Block object keys action
Description ‘permit’: Whitelist incoming packets for protocol; ‘deny’: Blacklist incoming packets for protocol;
Type: string
Supported Values: permit, deny
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
protocol
Description ‘tcp’: tcp; ‘udp’: udp; ‘icmp’: icmp; ‘other’: other;
Type: string
Supported Values: tcp, udp, icmp, other
template
Description: template is a JSON Block. Please see below for src_geo-location-list_l4-type-list_template
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
src_geo-location-list_l4-type-list_template¶
Specification Value Type object other
Description DDOS OTHER template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
tcp
Description DDOS TCP template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
template-icmp-v4
Description DDOS ICMP template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
udp
Description DDOS UDP template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
src_geo-location-list_template¶
Specification Value Type object logging
Description DDOS logging template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
src_dynamic-entry-overflow-policy-list¶
Specification Value Type list Block object keys app-type-list
Type: List
Reference Object: /axapi/v3/ddos/src/dynamic-entry-overflow-policy/{default-address-type}/app-type/{protocol}
default-address-type
Description ‘ip’: ip; ‘ipv6’: ipv6;
Type: string
Supported Values: ip, ipv6
exceed-log-cfg
Description: exceed-log-cfg is a JSON Block. Please see below for src_dynamic-entry-overflow-policy-list_exceed-log-cfg
Type: Object
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
l4-type-list
Type: List
Reference Object: /axapi/v3/ddos/src/dynamic-entry-overflow-policy/{default-address-type}/l4-type/{protocol}
log-periodic
Description Enable periodic log while event is continuing
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
template
Description: template is a JSON Block. Please see below for src_dynamic-entry-overflow-policy-list_template
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
src_dynamic-entry-overflow-policy-list_app-type-list¶
Specification Value Type list Block object keys protocol
Description ‘dns’: dns; ‘http’: http; ‘ssl-l4’: ssl-l4; ‘sip’: sip;
Type: string
Supported Values: dns, http, ssl-l4, sip
template
Description: template is a JSON Block. Please see below for src_dynamic-entry-overflow-policy-list_app-type-list_template
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
src_dynamic-entry-overflow-policy-list_app-type-list_template¶
Specification Value Type object dns
Description DDOS dns template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
http
Description DDOS http template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
sip
Description DDOS sip template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
ssl-l4
Description DDOS SSL-L4 template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
src_dynamic-entry-overflow-policy-list_template¶
Specification Value Type object logging
Description DDOS logging template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
src_dynamic-entry-overflow-policy-list_l4-type-list¶
Specification Value Type list Block object keys deny
Description Blacklist and Drop all incoming packets for protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
protocol
Description ‘tcp’: tcp; ‘udp’: udp; ‘icmp’: icmp; ‘other’: other;
Type: string
Supported Values: tcp, udp, icmp, other
template
Description: template is a JSON Block. Please see below for src_dynamic-entry-overflow-policy-list_l4-type-list_template
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
src_dynamic-entry-overflow-policy-list_l4-type-list_template¶
Specification Value Type object other
Description DDOS OTHER template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
tcp
Description DDOS TCP template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
template-icmp-v4
Description DDOS icmp-v4 template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
template-icmp-v6
Description DDOS icmp-v6 template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
udp
Description DDOS UDP template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
src_dynamic-entry-overflow-policy-list_exceed-log-cfg¶
Specification Value Type object log-enable
Description Enable logging of limit exceed drop’s
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
with-sflow-sample
Description Turn on sflow sample with log
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
src_dynamic-entry¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
protect¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
resource-tracking¶
Specification Value Type object cpu
Description: cpu is a JSON Block. Please see below for resource-tracking_cpu
Type: Object
Reference Object: /axapi/v3/ddos/resource-tracking/cpu
resource-tracking_cpu¶
Specification Value Type object enable
Description Enable CPU usage tracking per dst object (default: disabled)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
logging¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
l7-dns¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
tunnel¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
anomaly¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
use-default-route¶
Specification Value Type object ethernet-start-cfg
Type: Listuuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
use-default-route_ethernet-start-cfg¶
Specification Value Type list Block object keys ethernet-end
Description
Type: number
Format: interface
ethernet-start
Description Traffic receive from the ethernet port will use default route
Type: number
Format: interface
event-filter-list¶
Specification Value Type list Block object keys black-list
Description: black-list is a JSON Block. Please see below for event-filter-list_black-list
Type: Object
drop
Description: drop is a JSON Block. Please see below for event-filter-list_drop
Type: Object
filter-name
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
l4-type-list
Type: List
Reference Object: /axapi/v3/ddos/event-filter/{filter-name}/l4-type/{protocol}
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
white-list
Description: white-list is a JSON Block. Please see below for event-filter-list_white-list
Type: Object
event-filter-list_black-list¶
Specification Value Type object black-list-dst
Description Dst entry/port is black-listed
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
black-list-src
Description Src entry/port is black-listed
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
event-filter-list_drop¶
Specification Value Type object drop-black-list
Description Packet is dropped because of black-list
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
drop-dst
Description Packet is dropped because of dst
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
drop-src
Description Packet is dropped because of src
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
event-filter-list_white-list¶
Specification Value Type object white-list-dst
Description Dst entry/port is white-listed
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
white-list-src
Description Src entry/port is white-listed
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
event-filter-list_l4-type-list¶
Specification Value Type list Block object keys out-of-seq
Description TCP out-of-seq pkts
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
protocol
Description ‘tcp’: tcp; ‘udp’: udp;
Type: string
Supported Values: tcp, udp
retrans-syn-cfg
Description: retrans-syn-cfg is a JSON Block. Please see below for event-filter-list_l4-type-list_retrans-syn-cfg
Type: Object
tcp-auth
Description: tcp-auth is a JSON Block. Please see below for event-filter-list_l4-type-list_tcp-auth
Type: Object
udp-auth
Description: udp-auth is a JSON Block. Please see below for event-filter-list_l4-type-list_udp-auth
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zero-window
Description TCP zero window pkts
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
event-filter-list_l4-type-list_tcp-auth¶
Specification Value Type object tcp-auth-fail
Description Packet that fails syn-auth/action-on-ack
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
tcp-auth-init
Description Packet that inits syn-auth/action-on-ack
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
tcp-auth-pass
Description Packet that passes syn-auth/action-on-ack
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
event-filter-list_l4-type-list_udp-auth¶
Specification Value Type object udp-auth-init
Description Packet that inits spoof-detect
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
udp-auth-pass
Description Packet that passes spoof-detect
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
event-filter-list_l4-type-list_retrans-syn-cfg¶
Specification Value Type object retrans-syn
Description TCP SYN retransmission
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
retrans-syn-exceed
Description TCP SYN retransmission exceed
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dns-cache-server¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
switch¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
l7-http¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
action-list-list¶
Specification Value Type list Block object keys action
Description: action is a JSON Block. Please see below for action-list-list_action
Type: Object
capture-config
Description capture-config name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/capture-config
name
Description DDOS action-list name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template
Description: zone-template is a JSON Block. Please see below for action-list-list_zone-template
Type: Object
action-list-list_zone-template¶
Specification Value Type object encap
Description DDOS encap template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/zone-template/encap
logging
Description DDOS logging zone-template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/zone-template/logging
action-list-list_action¶
Specification Value Type object action
Description ‘drop’: Drop Packet (Default); ‘ignore’: Continue processing the packet; ‘reset’: Reset the connection; ‘authenticate-src’: Authenticate the source IP; ‘blacklist-src’: Black-list the source IP; ‘tunnel-encap-packet’: Encapsulate packet for tunneling. encap template need to be bound;
Type: string
Supported Values: drop, ignore, reset, authenticate-src, blacklist-src, tunnel-encap-packet
blacklist-src-value
Description blacklist duration in minutes
Type: number
Range: 1-30
scrub-packet
Description allow packets to go through other DDoS checks before sent out
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
stateless
Description encapsulate all packests
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
zone-src-port-template¶
Specification Value Type object dns-list
Type: List
Reference Object: /axapi/v3/ddos/zone-src-port-template/dns/{name}
tcp-list
Type: List
Reference Object: /axapi/v3/ddos/zone-src-port-template/tcp/{name}
udp-list
Type: List
Reference Object: /axapi/v3/ddos/zone-src-port-template/udp/{name}
zone-src-port-template_udp-list¶
Specification Value Type list Block object keys filter-list
Type: List
Reference Object: /axapi/v3/ddos/zone-src-port-template/udp/{name}/filter/{udp-filter-name}
max-payload-size-cfg
Description: max-payload-size-cfg is a JSON Block. Please see below for zone-src-port-template_udp-list_max-payload-size-cfg
Type: Object
min-payload-size-cfg
Description: min-payload-size-cfg is a JSON Block. Please see below for zone-src-port-template_udp-list_min-payload-size-cfg
Type: Object
name
Description DDOS UDP Template Name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
ntp-monlist-cfg
Description: ntp-monlist-cfg is a JSON Block. Please see below for zone-src-port-template_udp-list_ntp-monlist-cfg
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-src-port-template_udp-list_ntp-monlist-cfg¶
Specification Value Type object ntp-monlist
Description Take action for ntp monlist request/response
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
ntp-monlist-action
Description ‘drop’: Drop packets for ntp-monlist (Default); ‘blacklist-src’: Blacklist-src for ntp-monlist; ‘ignore’: Ignore ntp-monlist;
Type: string
Supported Values: drop, blacklist-src, ignore
Mutual Exclusion: ntp-monlist-action and ntp-monlist-action-list-name are mutually exclusive
ntp-monlist-action-list-name
Description Configure action-list to take for ntp-monlist
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: ntp-monlist-action-list-name and ntp-monlist-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
zone-src-port-template_udp-list_max-payload-size-cfg¶
Specification Value Type object max-payload-size
Description Maximum UDP payload size for each single packet
Type: number
Range: 1-1470
max-payload-size-action
Description ‘drop’: Drop packets for max-payload-size exceed (Default); ‘blacklist-src’: Blacklist-src for max-payload-size exceed; ‘ignore’: Do nothing for max-payload-size exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
Mutual Exclusion: max-payload-size-action and max-payload-size-action-list-name are mutually exclusive
max-payload-size-action-list-name
Description Configure action-list to take for max-payload-size exceed
Type: string
Format: string-rlx
Maximum Length: 64 characters
Maximum Length: 1 characters
Mutual Exclusion: max-payload-size-action-list-name and max-payload-size-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
zone-src-port-template_udp-list_min-payload-size-cfg¶
Specification Value Type object min-payload-size
Description Minimum UDP payload size for each single packet
Type: number
Range: 1-1470
min-payload-size-action
Description ‘drop’: Drop packets for min-payload-size (Default); ‘blacklist-src’: Blacklist-src for min-payload-size; ‘ignore’: Do nothing for min-payload-size exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
Mutual Exclusion: min-payload-size-action and min-payload-size-action-list-name are mutually exclusive
min-payload-size-action-list-name
Description Configure action-list to take for min-payload-size exceed
Type: string
Format: string-rlx
Maximum Length: 64 characters
Maximum Length: 1 characters
Mutual Exclusion: min-payload-size-action-list-name and min-payload-size-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
zone-src-port-template_udp-list_filter-list¶
Specification Value Type list Block object keys byte-offset-filter
Description Filter using Berkeley Packet Filter syntax
Type: string
Format: string-rlx
Maximum Length: 1275 characters
Maximum Length: 1 characters
udp-filter-action
Description ‘drop’: Drop packets (Default); ‘ignore’: Take no action; ‘blacklist-src’: Blacklist-src; ‘authenticate-src’: Authenticate-src;
Type: string
Supported Values: drop, ignore, blacklist-src, authenticate-src
Mutual Exclusion: udp-filter-action and udp-filter-action-list-name are mutually exclusive
udp-filter-action-list-name
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: udp-filter-action-list-name and udp-filter-action are mutually exclusive
udp-filter-inverse-match
Description Inverse the result of the matching
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
udp-filter-name
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
udp-filter-regex
Description Regex Expression
Type: string
Format: string-rlx
Maximum Length: 1275 characters
Maximum Length: 1 characters
udp-filter-seq
Description Sequence number
Type: number
Range: 1-200
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-src-port-template_dns-list¶
Specification Value Type list Block object keys name
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
query-resolution-check
Description: query-resolution-check is a JSON Block. Please see below for zone-src-port-template_dns-list_query-resolution-check
Type: Object
Reference Object: /axapi/v3/ddos/zone-src-port-template/dns/{name}/query-resolution-check
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-src-port-template_dns-list_query-resolution-check¶
Specification Value Type object big-response-action
Description ‘default’: Default, No action for future connections; ‘blacklist-src’: Blacklist the external server for future connections;
Type: string
Supported Values: default, blacklist-src
Default: default
big-response-size
Description Max DNS response size (in Bytes)
Type: number
Range: 1-4096
domain-lockup-action
Description ‘default’: Default, No action for future connections; ‘blacklist-src’: Blacklist the external server for future connections;
Type: string
Supported Values: default, blacklist-src
Default: default
session-timeout-value
Description max session timeout (secs) between DNS external server and Protected object
Type: number
Range: 1-30
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-src-port-template_tcp-list¶
Specification Value Type list Block object keys filter-list
Type: List
Reference Object: /axapi/v3/ddos/zone-src-port-template/tcp/{name}/filter/{tcp-filter-name}
name
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-src-port-template_tcp-list_filter-list¶
Specification Value Type list Block object keys byte-offset-filter
Description Filter using Berkeley Packet Filter syntax
Type: string
Format: string-rlx
Maximum Length: 1275 characters
Maximum Length: 1 characters
tcp-filter-action
Description ‘drop’: Drop packets (Default); ‘ignore’: Take no action; ‘blacklist-src’: Blacklist-src; ‘authenticate-src’: Authenticate-src;
Type: string
Supported Values: drop, ignore, blacklist-src, authenticate-src
Mutual Exclusion: tcp-filter-action and tcp-filter-action-list-name are mutually exclusive
tcp-filter-action-list-name
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: tcp-filter-action-list-name and tcp-filter-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
tcp-filter-inverse-match
Description Inverse the result of the matching
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
tcp-filter-name
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
tcp-filter-regex
Description Regex Expression
Type: string
Format: string-rlx
Maximum Length: 1275 characters
Maximum Length: 1 characters
tcp-filter-seq
Description Sequence number
Type: number
Range: 1-200
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
l4-udp¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dns-cache-list¶
Specification Value Type list Block object keys any-query-action-str
Description ‘respond-refuse’: Send refuse response (default); ‘respond-empty’: Send empty response; ‘drop’: Drop the request;
Type: string
Supported Values: respond-refuse, respond-empty, drop
Default: respond-refuse
default-serving-action
Description ‘serve-from-cache’: Serve DNS records; ‘forward’: Forward to DNS server; ‘drop’: Drop the request;
Type: string
Supported Values: serve-from-cache, forward, drop
Default: serve-from-cache
domain-group
Description: domain-group is a JSON Block. Please see below for dns-cache-list_domain-group
Type: Object
Reference Object: /axapi/v3/ddos/dns-cache/{name}/domain-group
fqdn-manual-override-action-list
Type: List
Reference Object: /axapi/v3/ddos/dns-cache/{name}/fqdn-manual-override-action/{fqdn-name}
name
Description DNS Cache Instance Name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
neg-cache-action-follow-q-rate
Description Negative cached response queries counted toward query-rate-threshold
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
non-authoritative-zone-query-action-str
Description ‘default’: Default action: respond-refuse; ‘forward’: Forward to DNS server; ‘respond-refuse’: Send refuse response; ‘drop’: Drop the request;
Type: string
Supported Values: default, forward, respond-refuse, drop
Default: respond-refuse
sampling-enable
Type: Listsharded-domain-group-list
Type: List
Reference Object: /axapi/v3/ddos/dns-cache/{name}/sharded-domain-group/{name}
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-domain-lookup-miss-action
Description ‘respond-nxdomain’: Send NxDomain response; ‘drop’: Drop the request;
Type: string
Supported Values: respond-nxdomain, drop
Default: respond-nxdomain
zone-manual-override-action-list
Type: List
Reference Object: /axapi/v3/ddos/dns-cache/{name}/zone-manual-override-action/{zone-name}
zone-transfer
Description: zone-transfer is a JSON Block. Please see below for dns-cache-list_zone-transfer
Type: Object
Reference Object: /axapi/v3/ddos/dns-cache/{name}/zone-transfer
dns-cache-list_domain-group¶
Specification Value Type object domain-list-policy-list
Type: List
Reference Object: /axapi/v3/ddos/dns-cache/{name}/domain-group/domain-list-policy/{name}
name
Description DNS domain group
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dns-cache-list_domain-group_domain-list-policy-list¶
Specification Value Type list Block object keys cache-all-records
Description cache all fqdn records including uncommon types
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
client-ipv4
Description Client ipv4 address
Type: string
Format: ipv4-address
client-ipv6
Description Client ipv6 address
Type: string
Format: ipv6-address
force
Description Force update even the serial is the same
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
manual-refresh
Description Manually refresh the particular zone
Type: string
Format: string-rlx
Maximum Length: 253 characters
Maximum Length: 1 characters
name
Description DNS domain list policy
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
oversize-answer-response
Description ‘set-truncate-bit’: Set the TC bit for oversize answer(default); ‘disable-truncate-bit’: Do not set TC bit for oversize answer;
Type: string
Supported Values: set-truncate-bit, disable-truncate-bit
Default: set-truncate-bit
packet-capturing
Description: packet-capturing is a JSON Block. Please see below for dns-cache-list_domain-group_domain-list-policy-list_packet-capturing
Type: Object
Reference Object: /axapi/v3/ddos/dns-cache/{name}/domain-group/domain-list-policy/{name}/packet-capturing
refresh-interval-hours
Description Zone transfer refresh rate in hours (Default 4). 0 means no refresh
Type: number
Range: 0-24
Default: 4
resolve-cname-record
Description Always try to resolve domain in CNAME record answer section
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
respond-with-authority
Description Respond with authority section for all requests under this list
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
server-ipv4
Description Master ipv4 address
Type: string
Format: ipv4-address
server-ipv6
Description Master ipv6 address
Type: string
Format: ipv6-address
server-v4-port
Description Port number (default 53)
Type: number
Range: 1-65535
Default: 53
server-v6-port
Description Port number (default 53)
Type: number
Range: 1-65535
Default: 53
ttl-override
Description Override the TTL value for zone transfer
Type: number
Range: 1-2147483647
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dns-cache-list_domain-group_domain-list-policy-list_packet-capturing¶
Specification Value Type object root-zone-list
Type: Listuuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dns-cache-list_domain-group_domain-list-policy-list_packet-capturing_root-zone-list¶
Specification Value Type list Block object keys capture-config
Description Capture-config name
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/capture-config
capture-mode
Description ‘regular’: Capture packet anyway; ‘capture-on-failure’: Capture packet if last XFR was failed;
Type: string
Supported Values: regular, capture-on-failure
root-zone
Description Specify root zone to be captured
Type: string
Format: string-rlx
Maximum Length: 253 characters
Maximum Length: 1 characters
dns-cache-list_fqdn-manual-override-action-list¶
Specification Value Type list Block object keys action
Description ‘default’: Default; ‘forward’: Forward to DNS server; ‘drop’: Drop the request; ‘serve-from-cache’: Serve DNS records;
Type: string
Supported Values: default, forward, drop, serve-from-cache
fqdn-name
Description Specify fqdn name
Type: string
Format: string-rlx
Maximum Length: 253 characters
Maximum Length: 1 characters
dns-cache-list_zone-transfer¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dns-cache-list_sampling-enable¶
Specification Value Type list Block object keys counters1
Description ‘all’: all; ‘total-cached-fqdn’: total-cached-fqdn; ‘total-cached-records’: total-cached-records; ‘fqdn-a’: fqdn-a; ‘fqdn-aaaa’: fqdn-aaaa; ‘fqdn-cname’: fqdn-cname; ‘fqdn-ns’: fqdn-ns; ‘fqdn-mx’: fqdn-mx; ‘fqdn-soa’: fqdn-soa; ‘fqdn-srv’: fqdn-srv; ‘fqdn-txt’: fqdn-txt; ‘fqdn-ptr’: fqdn-ptr; ‘fqdn-other’: fqdn-other; ‘fqdn-wildcard’: fqdn-wildcard; ‘fqdn-delegation’: fqdn-delegation; ‘shard-size’: shard-size; ‘resp-ext-size’: resp-ext-size; ‘a-record’: a-record; ‘aaaa-record’: aaaa-record; ‘cname-record’: cname-record; ‘ns-record’: ns-record; ‘mx-record’: mx-record; ‘soa-record’: soa-record; ‘srv-record’: srv-record; ‘txt-record’: txt-record; ‘ptr-record’: ptr-record; ‘other-record’: other-record; ‘fqdn-in-shard-filter’: fqdn-in-shard-filter;
Type: string
Supported Values: all, total-cached-fqdn, total-cached-records, fqdn-a, fqdn-aaaa, fqdn-cname, fqdn-ns, fqdn-mx, fqdn-soa, fqdn-srv, fqdn-txt, fqdn-ptr, fqdn-other, fqdn-wildcard, fqdn-delegation, shard-size, resp-ext-size, a-record, aaaa-record, cname-record, ns-record, mx-record, soa-record, srv-record, txt-record, ptr-record, other-record, fqdn-in-shard-filter
dns-cache-list_zone-manual-override-action-list¶
Specification Value Type list Block object keys action
Description ‘default’: Default; ‘forward’: Forward to DNS server; ‘drop’: Drop the request; ‘serve-from-cache’: Serve DNS records;
Type: string
Supported Values: default, forward, drop, serve-from-cache
zone-name
Description Specify zone name
Type: string
Format: string-rlx
Maximum Length: 253 characters
Maximum Length: 1 characters
dns-cache-list_sharded-domain-group-list¶
Specification Value Type list Block object keys encap-template
Description DDOS encap template to sepcify the tunnel endpoint
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
match-action
Description ‘forward’: Forward query to server (default); ‘tunnel-encap’: Encapsulate the query and send on a tunnel;
Type: string
Supported Values: forward, tunnel-encap
Default: forward
name
Description DNS sharded domain group
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
sharded-domain-list-policy-list
Type: List
Reference Object: /axapi/v3/ddos/dns-cache/{name}/sharded-domain-group/{name}/sharded-domain-list-policy/{name}
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dns-cache-list_sharded-domain-group-list_sharded-domain-list-policy-list¶
Specification Value Type list Block object keys client-ipv4
Description Client ipv4 address
Type: string
Format: ipv4-address
client-ipv6
Description Client ipv6 address
Type: string
Format: ipv6-address
force
Description Force update even the serial is the same
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
manual-refresh
Description Manually refresh the particular zone
Type: string
Format: string-rlx
Maximum Length: 253 characters
Maximum Length: 1 characters
name
Description DNS sharded domain list policy
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
packet-capturing
Description: packet-capturing is a JSON Block. Please see below for dns-cache-list_sharded-domain-group-list_sharded-domain-list-policy-list_packet-capturing
Type: Object
Reference Object: /axapi/v3/ddos/dns-cache/{name}/sharded-domain-group/{name}/sharded-domain-list-policy/{name}/packet-capturing
refresh-interval-hours
Description Zone transfer refresh rate in hours (Default 4). 0 means no refresh
Type: number
Range: 0-24
Default: 4
server-ipv4
Description Master ipv4 address
Type: string
Format: ipv4-address
server-ipv6
Description Master ipv6 address
Type: string
Format: ipv6-address
server-v4-port
Description Port number (default 53)
Type: number
Range: 1-65535
Default: 53
server-v6-port
Description Port number (default 53)
Type: number
Range: 1-65535
Default: 53
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dns-cache-list_sharded-domain-group-list_sharded-domain-list-policy-list_packet-capturing¶
Specification Value Type object root-zone-list
Type: Listuuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dns-cache-list_sharded-domain-group-list_sharded-domain-list-policy-list_packet-capturing_root-zone-list¶
Specification Value Type list Block object keys capture-config
Description Capture-config name
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/capture-config
capture-mode
Description ‘regular’: Capture packet anyway; ‘capture-on-failure’: Capture packet if last XFR was failed;
Type: string
Supported Values: regular, capture-on-failure
root-zone
Description Specify root zone to be captured
Type: string
Format: string-rlx
Maximum Length: 253 characters
Maximum Length: 1 characters