{ "id":"/axapi/v3/ddos/dst/dynamic-entry-overflow-policy/{default-address-type}", "type":"object", "node-type":"list", "title":"dynamic-entry-overflow-policy", "partition-visibility":"shared", "description":"Configure IP/IPv6 Policy Used When Dynamic Dst Entry Count overflows", "properties":{ "default-address-type":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'ip': ip; 'ipv6': ipv6; ", "enum":[ "ip", "ipv6" ], "optional":false }, "exceed-log-dep-cfg":{ "type":"object", "properties":{ "exceed-log-enable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"(Deprecated)Enable logging of limit exceed drop's" }, "log-with-sflow-dep":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Turn on sflow sample with log" } } }, "exceed-log-cfg":{ "type":"object", "properties":{ "log-enable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable logging of limit exceed drop's" }, "with-sflow-sample":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Turn on sflow sample with log" } } }, "drop-disable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Disable certain drops during packet processing", "optional":true }, "drop-disable-fwd-immediate":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Immediately forward L4 drops", "optional":true }, "log-periodic":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable periodic log while event is continuing", "optional":true }, "inbound-forward-dscp":{ "type":"number", "format":"number", "minimum":1, "maximum":63, "partition-visibility":"shared", "description":"To set dscp value for inbound packets (DSCP Value for the clear traffic marking)", "optional":true }, "outbound-forward-dscp":{ "type":"number", "format":"number", "minimum":1, "maximum":63, "partition-visibility":"shared", "description":"To set dscp value for outbound", "optional":true }, "template":{ "type":"object", "properties":{ "logging":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS logging template" } } }, "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "l4-type-list":{ "type":"array", "minItems":1, "items":{ "type":"l4-type" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/dynamic-entry-overflow-policy/{default-address-type}/l4-type/{protocol}", "array":[ { "properties":{ "protocol":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'tcp': tcp; 'udp': udp; 'icmp': icmp; 'other': other; ", "enum":[ "tcp", "udp", "icmp", "other" ], "optional":false }, "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "deny":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Blacklist and Drop all incoming packets for protocol", "optional":true }, "max-rexmit-syn-per-flow":{ "type":"number", "format":"number", "minimum":1, "maximum":6, "partition-visibility":"shared", "description":"Maximum number of re-transmit SYN per flow. Exceed action set to Drop", "optional":true }, "syn-auth":{ "type":"string", "format":"enum", "default":"send-rst", "partition-visibility":"shared", "description":"'send-rst': Send RST to client upon client ACK; 'force-rst-by-ack': Force client RST via the use of ACK; 'force-rst-by-synack': Force client RST via the use of bad SYN|ACK; 'disable': Disable TCP SYN Authentication; ", "enum":[ "send-rst", "force-rst-by-ack", "force-rst-by-synack", "disable" ], "optional":true }, "syn-cookie":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable SYN Cookie", "optional":true }, "tcp-reset-client":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Send reset to client when rate exceeds or session ages out", "optional":true }, "tcp-reset-server":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Send reset to server when rate exceeds or session ages out", "optional":true }, "drop-on-no-port-match":{ "type":"string", "format":"enum", "default":"enable", "partition-visibility":"shared", "description":"'disable': disable; 'enable': enable; ", "enum":[ "disable", "enable" ], "optional":true }, "stateful":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable stateful tracking of sessions (Default is stateless)", "optional":true }, "tunnel-decap":{ "type":"object", "properties":{ "ip-decap":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable IP Tunnel decapsulation" }, "gre-decap":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable GRE Tunnel decapsulation" }, "key-cfg":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "key":{ "type":"string", "format":"string", "minLength":1, "maxLength":10, "partition-visibility":"shared", "description":"Only decapsulate GRE packet with this key (Hexadecimal 0x0-0xFFFFFFFF,decimal 0-4294967295)" } } } ] } } }, "tunnel-rate-limit":{ "type":"object", "properties":{ "ip-rate-limit":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable inner IP rate limiting on IPinIP traffic" }, "gre-rate-limit":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable inner IP rate limiting on GRE traffic" } } }, "drop-frag-pkt":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Drop fragmented packets", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "protocol" ] } ] }, "port-list":{ "type":"array", "minItems":1, "items":{ "type":"port" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/dynamic-entry-overflow-policy/{default-address-type}/port/{port-num}+{protocol}", "array":[ { "properties":{ "port-num":{ "type":"number", "format":"number", "minimum":0, "maximum":65535, "partition-visibility":"shared", "description":"Port Number", "optional":false }, "protocol":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'dns-tcp': dns-tcp; 'dns-udp': dns-udp; 'http': http; 'tcp': tcp; 'udp': udp; 'ssl-l4': ssl-l4; 'sip-udp': sip-udp; 'sip-tcp': sip-tcp; ", "enum":[ "dns-tcp", "dns-udp", "http", "tcp", "udp", "ssl-l4", "sip-udp", "sip-tcp" ], "optional":false }, "deny":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Blacklist and Drop all incoming packets for protocol", "optional":true }, "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "template":{ "type":"object", "properties":{ "dns":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS dns template" }, "http":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS http template" }, "ssl-l4":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS ssl-l4 template" }, "sip":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS sip template" }, "tcp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS tcp template" }, "udp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS udp template" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "port-num", "protocol" ] } ] }, "src-port-list":{ "type":"array", "minItems":1, "items":{ "type":"src-port" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/dynamic-entry-overflow-policy/{default-address-type}/src-port/{port-num}+{protocol}", "array":[ { "properties":{ "port-num":{ "type":"number", "format":"number", "minimum":0, "maximum":65535, "partition-visibility":"shared", "description":"Port Number", "optional":false }, "protocol":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'udp': udp; 'tcp': tcp; ", "enum":[ "udp", "tcp" ], "optional":false }, "deny":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Blacklist and Drop all incoming packets for protocol", "optional":true }, "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "template":{ "type":"object", "properties":{ "src-udp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS udp src template" }, "src-tcp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS tcp src template" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "port-num", "protocol" ] } ] }, "ip-proto-list":{ "type":"array", "minItems":1, "items":{ "type":"ip-proto" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/dynamic-entry-overflow-policy/{default-address-type}/ip-proto/{port-num}", "array":[ { "properties":{ "port-num":{ "type":"number", "format":"number", "minimum":0, "maximum":255, "partition-visibility":"shared", "description":"Protocol Number", "optional":false }, "deny":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Blacklist and Drop all incoming packets for protocol", "optional":true }, "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "template":{ "type":"object", "properties":{ "other":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS other template" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "port-num" ] } ] } }, "object-keys":[ "default-address-type" ], "required":[ "default-address-type" ] }