fw ddos-protection

Configure FW DDoS Protection

ddos-protection Specification

Parameter Value
Type Configuration Resource
Element Name ddos-protection
Element URI /axapi/v3/fw/ddos-protection
Element Attributes ddos-protection_attributes
Partition Visibility shared
Statistics Data URI /axapi/v3/fw/ddos-protection/stats
Operational Data URI /axapi/v3/fw/ddos-protection/oper
Schema ddos-protection schema

Operations Allowed:

OperationMethodURIPayload

Create Object

POST

/axapi/v3/fw/ddos-protection

ddos-protection attributes

Get Object

GET

/axapi/v3/fw/ddos-protection

ddos-protection attributes

Modify Object

POST

/axapi/v3/fw/ddos-protection

ddos-protection attributes

Delete Object

DELETE

/axapi/v3/fw/ddos-protection

ddos-protection attributes

ddos-protection attributes

action

Description: action is a JSON Block. Please see below for action

Type: Object

dynamic-blacklist

Description: dynamic-blacklist is a JSON Block. Please see below for dynamic-blacklist

Type: Object

logging

Description: logging is a JSON Block. Please see below for logging

Type: Object

sampling-enable

Type: List

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

action

Specification Value
Type object

action-type

Description ‘drop’: Log, and drop all packets (default); ‘redistribute-route’: Log, Drop, and Notify upstream router to reroute the packets;

Type: string

Supported Values: drop, redistribute-route

Default: drop

expiration

Description To specify time in minutes to revert the action (Expiration time, in minutes (default is 5 mins))

Type: number

Range: 2-144000

Default: 5

expiration-route

Description To specify time in minutes to revert the action (Expiration time, in minutes (default is 60 mins))

Type: number

Range: 2-144000

Default: 60

remove-wait-timer

Description Max time to wait before removing IP from blackhole (Max value in seconds (default 300))

Type: number

Range: 0-300

Default: 300

route-map

Description Route map name

Type: string

Maximum Length: 128 characters

Maximum Length: 1 characters

timer-multiply-max

Description To specify max value of timer multiplier for attacks lasted long time (Max value of timer multiplier (default is 6))

Type: number

Range: 1-100

Default: 6

logging

Specification Value
Type object

enable-action

Description ‘local’: Enable local logs only; ‘remote’: Enable logging to remote server & IPFIX; ‘both’: Enable both local & remote logs;

Type: string

Supported Values: local, remote, both

Default: local

logging-action

Description ‘enable’: enable FW DDoS protection logging; ‘disable’: Disable both local & remote FW DDoS protection logging;

Type: string

Supported Values: enable, disable

Default: enable

sampling-enable

Specification Value
Type list
Block object keys  

counters1

Description ‘all’: all; ‘ddos_entries_too_many’: Too many DDOS entries; ‘ddos_entry_added’: DDOS entry added; ‘ddos_entry_removed’: DDOS entry removed; ‘ddos_entry_added_to_bgp’: DDoS Entry added to BGP; ‘ddos_entry_removed_from_bgp’: DDoS Entry Removed from BGP; ‘ddos_entry_add_to_bgp_failure’: DDoS Entry BGP add failures; ‘ddos_entry_remove_from_bgp_failure’: DDOS entry BGP remove failures; ‘ddos_packet_dropped’: DDOS Packet Drop;

Type: string

Supported Values: all, ddos_entries_too_many, ddos_entry_added, ddos_entry_removed, ddos_entry_added_to_bgp, ddos_entry_removed_from_bgp, ddos_entry_add_to_bgp_failure, ddos_entry_remove_from_bgp_failure, ddos_packet_dropped

dynamic-blacklist

Specification Value
Type object

cpu-threshold

Description Core-level CPU usage threshold for dynamic blacklist creation (Core-level CPU usage threshold for dynamic blacklist creation (default is 60))

Type: number

Range: 0-80

Default: 60

dir

Description ‘inbound’: enable in inbound direction; ‘outbound’: enable in outbound direction; ‘both’: enable in both directions;

Type: string

Supported Values: inbound, outbound, both

Default: both

dynamic-blacklist-action

Description ‘enable’: Enable protection against volumetric attacks using dynamic blacklist; ‘disable’: Disable protection against volumetric attacks using dynamic blacklist;

Type: string

Supported Values: enable, disable

Default: disable

timeout

Description Timeout value (in seconds) for dynamic blacklist (Timeout value (in seconds) for dynamic blacklist(default is 5 seconds))

Type: number

Range: 1-30

Default: 5