{ "id":"/axapi/v3/ddos", "type":"object", "node-type":"intermediate", "title":"ddos", "operation-not-allowed": ["PUT", "POST", "DELETE"], "partition-visibility":"shared", "auto-created-object":1, "description":"DDOS feature", "properties":{ "protection":{ "type":"object", "$ref":"/axapi/v3/ddos/protection", "properties":{ "toggle":{ "type":"string", "format":"enum", "plat-neg-list":["softax-ddet"], "default":"disable", "partition-visibility":"shared", "description":"'enable': enable; 'disable': disable; ", "enum":[ "enable", "disable" ] }, "rate-interval":{ "type":"string", "format":"enum", "plat-neg-list":["softax-ddet"], "default":"100ms", "partition-visibility":"shared", "description":"'100ms': 100ms; '1sec': 1sec; ", "enum":[ "100ms", "1sec" ] }, "src-ip-hash-bit":{ "type":"number", "format":"number", "plat-neg-list":["softax-ddet"], "minimum":0, "maximum":31, "default":2, "partition-visibility":"shared", "description":"Configure which bit hashed on" }, "src-ipv6-hash-bit":{ "type":"number", "format":"number", "plat-neg-list":["softax-ddet"], "minimum":0, "maximum":127, "default":2, "partition-visibility":"shared", "description":"Configure which bit hashed on" }, "force-routing-on-transp":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Force use of routing in transparent mode" }, "disable-on-reboot":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Disable DDoS protection upon reboot/reload" }, "rexmit-syn-log":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Enable ddos per flow rexmit syn exceeded log" }, "use-route":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Use route table, default use receive hop for device initiated traffic" }, "enable-now":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Override disable-on-reboot to enable runtime DDOS protection" }, "disable-advanced-core-analysis":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Disable advanced context info in coredump file" }, "mpls":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Enable MPLS packet inspection" }, "disable-delay-dynamic-src-learning":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Disable delay dynamic src entry learning" }, "fast-aging":{ "type":"object", "properties":{ "half-open-conn-ratio":{ "type":"number", "format":"number", "minimum":1, "maximum":99, "default":25, "partition-visibility":"shared", "description":"Minimum half-open session to total session ratio before session fast aging will take effect (default 25)" }, "half-open-conn-threshold":{ "type":"number", "format":"number", "minimum":1, "maximum":99, "default":1, "partition-visibility":"shared", "description":"Minimum half-open session (percentage) before session fast aging will take effect (default 1)" } } }, "src-dst-entry-limit":{ "type":"string", "format":"enum", "default":"16M", "partition-visibility":"shared", "description":"'8M': 8 Million; '16M': 16 Million; 'unlimited': Unlimited; 'platform-default': Half of platform maximum; ", "enum":[ "8M", "16M", "unlimited", "platform-default" ] }, "src-zone-port-entry-limit":{ "type":"string", "format":"enum", "default":"16M", "partition-visibility":"shared", "description":"'8M': 8 Million; '16M': 16 Million; 'unlimited': Unlimited; 'platform-default': Half of platform maximum; ", "enum":[ "8M", "16M", "unlimited", "platform-default" ] }, "force-traffic-to-same-blade-disable":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Allow traffic to be distributed among blades on Chassis" }, "non-zero-win-size-syncookie":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Send syn-cookie with fix TCP window size if SYN packet has zero window size (default disabled)" }, "hw-blocking-enable":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Enable hardware blacklist blocking for src or dst default entries (default disabled)" }, "hw-blocking-threshold-limit":{ "type":"number", "format":"number", "plat-neg-list":["softax-ddet"], "minimum":1, "maximum":16000000, "default":10000, "partition-visibility":"shared", "description":"Threshold to initiate hardware blocking (default 10000)" }, "progression-tracking":{ "type":"string", "format":"enum", "default":"enable", "partition-visibility":"shared", "description":"'enable': enable; 'disable': disable; ", "enum":[ "enable", "disable" ] }, "disallow-rst-ack-in-syn-auth":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Disallow RST-ACK passing syn-auth" }, "fast-path-disable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Disable fast path in SLB processing" }, "close-sess-for-unauth-src-without-rst":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"When closing unauthenticated sessions, don't send TCP RST for established TCP sessions. (Default disabled / sending TCP RST for" }, "blacklist-reason-tracking":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable blacklist reason tracking" }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" }, "ipv6-src-hash-mask-bits":{ "type":"object", "$ref":"/axapi/v3/ddos/protection/ipv6-src-hash-mask-bits", "properties":{ "mask-bit-offset-1":{ "type":"number", "format":"number", "minimum":0, "maximum":127, "partition-visibility":"shared", "description":"Configure mask bits" }, "mask-bit-offset-2":{ "type":"number", "format":"number", "minimum":0, "maximum":127, "partition-visibility":"shared", "description":"Configure mask bits" }, "mask-bit-offset-3":{ "type":"number", "format":"number", "minimum":0, "maximum":127, "partition-visibility":"shared", "description":"Configure mask bits" }, "mask-bit-offset-4":{ "type":"number", "format":"number", "minimum":0, "maximum":127, "partition-visibility":"shared", "description":"Configure mask bits" }, "mask-bit-offset-5":{ "type":"number", "format":"number", "minimum":0, "maximum":127, "partition-visibility":"shared", "description":"Configure mask bits" }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "multi-pu-zone-distribution":{ "type":"object", "$ref":"/axapi/v3/ddos/protection/multi-pu-zone-distribution", "properties":{ "distribution-method":{ "type":"string", "format":"enum", "default":"traffic-rate", "partition-visibility":"shared", "description":"'cpu-usage': Entry/Zone distribution based on CPU usage percentage; 'traffic-rate': Entry/Zone distribution based on traffic kbit/pkt rate (Default); ", "enum":[ "cpu-usage", "traffic-rate" ] }, "cpu-threshold-per-entry":{ "type":"number", "format":"number", "minimum":30, "maximum":100, "default":60, "partition-visibility":"shared", "description":"Entry/zone percentage threshold of CPU usage for source hash mode. Requires distribution-method cpu-usage. Default:60" }, "cpu-threshold-per-pu":{ "type":"number", "format":"number", "minimum":60, "maximum":100, "default":80, "partition-visibility":"shared", "description":"Per PU percentage threshold of average CPU usage to start check entry usage. Requires distribution-method cpu-usage. Default:80" }, "rate-pkt-threshold":{ "type":"number", "format":"number", "minimum":1, "maximum":55000000, "default":55000000, "partition-visibility":"shared", "description":"DDOS DST Entry/Zone packet rate threshold for source hash mode" }, "rate-kbit-threshold":{ "type":"number", "format":"number", "minimum":1, "maximum":150000000, "default":150000000, "partition-visibility":"shared", "description":"DDOS DST Entry/Zone kbit rate threshold for source hash mode" }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } } } }, "dns-cache-mode":{ "type":"object", "$ref":"/axapi/v3/ddos/dns-cache-mode", "properties":{ "enable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable DNS Cache mode" }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "signature-extraction":{ "type":"object", "$ref":"/axapi/v3/ddos/signature-extraction", "properties":{ "enable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable Automatic Signature Extraction" }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "pattern-recognition":{ "type":"object", "$ref":"/axapi/v3/ddos/pattern-recognition", "properties":{ "toggle":{ "type":"string", "format":"enum", "default":"disable", "partition-visibility":"shared", "description":"'enable': Enable Pattern Recognition; 'disable': Disable Pattern Recognition; ", "enum":[ "enable", "disable" ] }, "dedicated-cpus":{ "type":"number", "format":"number", "minimum":0, "maximum":6, "partition-visibility":"shared", "description":"Configure the number of dedicated cores for Pattern Recognition" }, "hardware-filter":{ "type":"string", "format":"enum", "plat-pos-list":["chassis"], "default":"disable", "partition-visibility":"shared", "description":"'enable': Enable Pattern Recognition hardware filter; 'disable': Disable Pattern Recognition harware filter; ", "enum":[ "enable", "disable" ] }, "disable-app-payload-all":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Disable application payload processing for all ports" }, "cpu-limit":{ "type":"number", "format":"number", "minimum":1, "maximum":100, "partition-visibility":"shared", "description":"CPU Limit" }, "sample-size":{ "type":"number", "format":"number", "minimum":1, "maximum":50000, "partition-visibility":"shared", "description":"Sample Size" }, "capture-backup":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Capture Backup" }, "sensitivity":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'high': High Sensitivity; 'medium': Medium Sensitivity; 'low': Low Sensitivity; ", "enum":[ "high", "medium", "low" ] }, "capturing-timeout":{ "type":"number", "format":"number", "minimum":10, "maximum":60000, "partition-visibility":"shared", "description":"Capturing state timeout in seconds" }, "scheduling-timeout":{ "type":"number", "format":"number", "minimum":10, "maximum":60000, "partition-visibility":"shared", "description":"Scheduling state timeout in seconds" }, "extracting-timeout":{ "type":"number", "format":"number", "minimum":10, "maximum":60000, "partition-visibility":"shared", "description":"Extracting state timeout in seconds" }, "error-timeout":{ "type":"number", "format":"number", "minimum":10, "maximum":60000, "partition-visibility":"shared", "description":"Error state timeout in seconds" }, "sflow-event-periodic-interval":{ "type":"number", "format":"number", "minimum":0, "maximum":120, "default":5, "partition-visibility":"shared", "description":"Configure the interval in minutes of periodic event (Default: 5 minutes, 0: No periodic updates)" }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" }, "cpu":{ "type":"object", "$ref":"/axapi/v3/ddos/pattern-recognition/cpu", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } } } }, "event-filter-list":{ "type":"array", "minItems":1, "items":{ "type":"event-filter" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/event-filter/{filter-name}", "array":[ { "properties":{ "filter-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "optional":false }, "drop":{ "type":"object", "properties":{ "drop-src":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Packet is dropped because of src" }, "drop-dst":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Packet is dropped because of dst" }, "drop-black-list":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Packet is dropped because of black-list" } } }, "black-list":{ "type":"object", "properties":{ "black-list-dst":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Dst entry/port is black-listed" }, "black-list-src":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Src entry/port is black-listed" } } }, "white-list":{ "type":"object", "properties":{ "white-list-dst":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Dst entry/port is white-listed" }, "white-list-src":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Src entry/port is white-listed" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "l4-type-list":{ "type":"array", "minItems":1, "items":{ "type":"l4-type" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/event-filter/{filter-name}/l4-type/{protocol}", "array":[ { "properties":{ "protocol":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'tcp': tcp; 'udp': udp; ", "enum":[ "tcp", "udp" ], "optional":false }, "tcp-auth":{ "type":"object", "properties":{ "tcp-auth-init":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Packet that inits syn-auth/action-on-ack" }, "tcp-auth-pass":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Packet that passes syn-auth/action-on-ack" }, "tcp-auth-fail":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Packet that fails syn-auth/action-on-ack" } } }, "retrans-syn-cfg":{ "type":"object", "properties":{ "retrans-syn":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"TCP SYN retransmission" }, "retrans-syn-exceed":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"TCP SYN retransmission exceed" } } }, "out-of-seq":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"TCP out-of-seq pkts", "optional":true }, "zero-window":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"TCP zero window pkts", "optional":true }, "udp-auth":{ "type":"object", "properties":{ "udp-auth-init":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Packet that inits spoof-detect" }, "udp-auth-pass":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Packet that passes spoof-detect" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "protocol" ] } ] } }, "required":[ "filter-name" ] } ] }, "detection":{ "type":"object", "$ref":"/axapi/v3/ddos/detection", "properties":{ "disable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Disable DDoS detection (default: enabled)" }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" }, "resource-usage":{ "type":"object", "$ref":"/axapi/v3/ddos/detection/resource-usage", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "ddos-script":{ "type":"object", "$ref":"/axapi/v3/ddos/detection/ddos-script", "properties":{ "file":{ "type":"string", "format":"string", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"startup-config local file name" }, "action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'delete': delete; ", "enum":[ "delete" ] }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "settings":{ "type":"object", "$ref":"/axapi/v3/ddos/detection/settings", "properties":{ "detector-mode":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'standalone': Standalone detector; 'on-box': Mitigator and Detector on the same box; 'auto-svc-discovery': Auto Service discovery using Visibility module (Deprecatd); ", "enum":[ "standalone", "on-box", "auto-svc-discovery" ] }, "dedicated-cpus":{ "type":"number", "format":"number", "minimum":1, "maximum":32, "partition-visibility":"shared", "description":"Configure the number of dedicated cores for detection" }, "ctrl-cpu-usage":{ "type":"number", "format":"number", "minimum":1, "maximum":100, "partition-visibility":"shared", "description":"Control cpu usage threshold for DDoS detection" }, "full-core-enable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable full core" }, "top-k-reset-interval":{ "type":"number", "format":"number", "minimum":1, "maximum":60, "partition-visibility":"shared", "description":"Configure top-k reset interval" }, "pkt-sampling":{ "type":"object", "properties":{ "override-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":50000000, "partition-visibility":"shared", "description":"Sample 1 in X packets (default: X=1)" }, "assign-index":{ "type":"number", "format":"number", "minimum":1, "maximum":64, "partition-visibility":"shared", "description":"Lower index is more aggressive sampling" }, "assign-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":50000000, "partition-visibility":"shared", "description":"Assign rate to given index" } } }, "histogram-escalate-percentage":{ "type":"number", "format":"number", "minimum":1, "maximum":100, "partition-visibility":"shared", "description":"histogram escalate sensitivity for DDoS detection" }, "histogram-de-escalate-percentage":{ "type":"number", "format":"number", "minimum":1, "maximum":100, "partition-visibility":"shared", "description":"histogram de-escalate sensitivity for DDoS detection" }, "detection-window-size":{ "type":"number", "format":"number", "minimum":1, "maximum":60, "default":1, "partition-visibility":"shared", "description":"Configure detection window size in seconds (DDoS detection window size in seconds(default: 1))" }, "initial-learning-interval":{ "type":"number", "format":"number", "minimum":1, "maximum":168, "partition-visibility":"shared", "description":"Initial learning interval (in hours) before processing" }, "export-interval":{ "type":"number", "format":"number", "minimum":20, "maximum":3000, "default":20, "partition-visibility":"shared", "description":"Configure Baselining and export interval in seconds (DDoS Baselining and export interval in seconds(default: 20))" }, "notification-debug-log":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'enable': Enable detection notification debug log (default: disabled); ", "enum":[ "enable" ] }, "network-object-window-size":{ "type":"string", "format":"enum", "default":"30", "partition-visibility":"shared", "description":"'5': 5 seconds; '10': 10 seconds; '15': 15 seconds; '30': 30 seconds; (DDoS detection window size in seconds(default: 30))", "enum":[ "5", "10", "15", "30" ] }, "network-object-flooding-multiple":{ "type":"number", "format":"number", "minimum":2, "maximum":10, "default":2, "partition-visibility":"shared", "description":"multiplier for flooding detection threshold in network objects (default 2x threshold)" }, "de-escalation-quiet-time":{ "type":"number", "format":"number", "minimum":1, "maximum":60, "partition-visibility":"shared", "description":"Configure de-escalation needed time in minutes from level 1 to 0.(default 1 minutes)" }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" }, "entry-saving":{ "type":"object", "$ref":"/axapi/v3/ddos/detection/settings/entry-saving", "properties":{ "interval":{ "type":"number", "format":"number", "minimum":0, "maximum":1440, "default":0, "partition-visibility":"shared", "description":"Configure periodical auto-saving interval in minutes(default: 0) and 0 to disable." }, "manual-save":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Manually save network-object-based detection entries and learned indicators" }, "manual-restore":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Manually restore network-object-based detection entries and learned indicators" }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "standalone-settings":{ "type":"object", "$ref":"/axapi/v3/ddos/detection/settings/standalone-settings", "properties":{ "action":{ "type":"string", "format":"enum", "default":"disable", "partition-visibility":"shared", "description":"'enable': Enable standalone detector; 'disable': Disable standalone detector (default); ", "enum":[ "enable", "disable" ] }, "de-escalation-quiet-time":{ "type":"number", "format":"number", "minimum":1, "maximum":60, "partition-visibility":"shared", "description":"Configure de-escalation needed time in minutes from level 1 to 0.(legacy)" }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" }, "sflow":{ "type":"object", "$ref":"/axapi/v3/ddos/detection/settings/standalone-settings/sflow", "properties":{ "listening-port":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "default":6343, "partition-visibility":"shared", "description":"sFlow port to receive packets (sFlow port number(default 6343))" }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "netflow":{ "type":"object", "$ref":"/axapi/v3/ddos/detection/settings/standalone-settings/netflow", "properties":{ "listening-port":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "default":9996, "partition-visibility":"shared", "description":"Netflow port to receive packets (Netflow port number(default 9996))" }, "template-active-timeout":{ "type":"number", "format":"number", "minimum":2, "maximum":300, "default":30, "partition-visibility":"shared", "description":"Configure active timeout of the netflow templates received in mins (Template active timeout(mins)(default 30mins))" }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } } } } } }, "agent-list":{ "type":"array", "minItems":1, "items":{ "type":"agent" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/detection/agent/{agent-name}", "array":[ { "properties":{ "agent-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Specify name for the agent", "optional":false }, "agent-v4-addr":{ "type":"string", "format":"ipv4-address", "partition-visibility":"shared", "description":"Configure agent's IPv4 address", "optional":true }, "agent-v6-addr":{ "type":"string", "format":"ipv6-address", "partition-visibility":"shared", "description":"Configure agent's IPv6 address", "optional":true }, "agent-type":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'Cisco': Cisco; 'Juniper': Juniper; ", "enum":[ "Cisco", "Juniper" ], "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "sampling-enable":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "counters1":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'all': all; 'sflow-packets-received': sFlow Packets Received; 'sflow-samples-received': sFlow Samples Received; 'sflow-samples-bad-len': sFlow Samples Bad Length; 'sflow-samples-non-std': sFlow Samples Non-standard; 'sflow-samples-skipped': sFlow Samples Skipped; 'sflow-sample-record-bad-len': sFlow Sample Records Bad Length; 'sflow-samples-sent-for-detection': sFlow Samples Processed For Detection; 'sflow-sample-record-invalid-layer2': sFlow Sample Records Unknown Layer-2; 'sflow-sample-ipv6-hdr-parse-fail': sFlow Sample IPv6 Record Header Parse Failures; 'sflow-disabled': sFlow Packet Samples Processing Disabled; 'netflow-disabled': Netflow Flow Samples Processing Disabled; 'netflow-v5-packets-received': Netflow v5 Packets Received; 'netflow-v5-samples-received': Netflow v5 Samples Received; 'netflow-v5-samples-sent-for-detection': Netflow v5 Samples Processed For Detection; 'netflow-v5-sample-records-bad-len': Netflow v5 Sample Records Bad Length; 'netflow-v5-max-records-exceed': Netflow v5 Sample Max Records Error; 'netflow-v9-packets-received': Netflow v9 Packets Received; 'netflow-v9-samples-received': Netflow v9 Samples Received; 'netflow-v9-samples-sent-for-detection': Netflow v9 Samples Processed For Detection; 'netflow-v9-sample-records-bad-len': Netflow v9 Sample Records Bad Length; 'netflow-v9-sample-flowset-bad-padding': Netflow v9 Sample Flowset Bad Padding; 'netflow-v9-max-records-exceed': Netflow v9 Sample Max Records Error; 'netflow-v9-template-not-found': Netflow v9 Template Not Found; 'netflow-v10-packets-received': Netflow v10 Packets Received; 'netflow-v10-samples-received': Netflow v10 Samples Received; 'netflow-v10-samples-sent-for-detection': Netflow v10 Samples Procssed For Detection; 'netflow-v10-sample-records-bad-len': Netflow v10 Sample Records Bad Length; 'netflow-v10-max-records-exceed': Netflow v10 Sample Max records Error; 'netflow-tcp-sample-received': Netflow TCP Samples Received; 'netflow-udp-sample-received': Netflow UDP Samples received; 'netflow-icmp-sample-received': Netflow ICMP Samples Received; 'netflow-other-sample-received': Netflow OTHER Samples Received; 'netflow-record-copy-oom-error': Netflow Data Record Copy Fail, Local MEM size error; 'netflow-record-rse-invalid': Netflow Data Record Reduced Size Invalid; 'netflow-sample-flow-dur-error': Netflow Sample Flow Duration Error; 'flow-dst-entry-miss': DDoS Destination Entry Lookup Failures; 'flow-ip-proto-or-port-miss': DDoS Destination Service Lookup Failures; 'flow-detection-msgq-full': Detection Message Enqueue Failures; 'flow-network-entry-miss': DDoS Destination Network-object Entry Lookup Failures; ", "enum":[ "all", "sflow-packets-received", "sflow-samples-received", "sflow-samples-bad-len", "sflow-samples-non-std", "sflow-samples-skipped", "sflow-sample-record-bad-len", "sflow-samples-sent-for-detection", "sflow-sample-record-invalid-layer2", "sflow-sample-ipv6-hdr-parse-fail", "sflow-disabled", "netflow-disabled", "netflow-v5-packets-received", "netflow-v5-samples-received", "netflow-v5-samples-sent-for-detection", "netflow-v5-sample-records-bad-len", "netflow-v5-max-records-exceed", "netflow-v9-packets-received", "netflow-v9-samples-received", "netflow-v9-samples-sent-for-detection", "netflow-v9-sample-records-bad-len", "netflow-v9-sample-flowset-bad-padding", "netflow-v9-max-records-exceed", "netflow-v9-template-not-found", "netflow-v10-packets-received", "netflow-v10-samples-received", "netflow-v10-samples-sent-for-detection", "netflow-v10-sample-records-bad-len", "netflow-v10-max-records-exceed", "netflow-tcp-sample-received", "netflow-udp-sample-received", "netflow-icmp-sample-received", "netflow-other-sample-received", "netflow-record-copy-oom-error", "netflow-record-rse-invalid", "netflow-sample-flow-dur-error", "flow-dst-entry-miss", "flow-ip-proto-or-port-miss", "flow-detection-msgq-full", "flow-network-entry-miss" ] } } } ] }, "sflow":{ "type":"object", "$ref":"/axapi/v3/ddos/detection/agent/{agent-name}/sflow", "properties":{ "sflow-pkt-samples-collection":{ "type":"string", "format":"enum", "default":"enable", "partition-visibility":"shared", "description":"'enable': Enable sflow packet samples collection(default); 'disable': Disable sflow packet samples collection; ", "enum":[ "enable", "disable" ] }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "netflow":{ "type":"object", "$ref":"/axapi/v3/ddos/detection/agent/{agent-name}/netflow", "properties":{ "netflow-samples-collection":{ "type":"string", "format":"enum", "default":"enable", "partition-visibility":"shared", "description":"'enable': Enable Netflow flow samples collection(default); 'disable': Disable Netflow flow samples collection; ", "enum":[ "enable", "disable" ] }, "netflow-sampling-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "default":1, "partition-visibility":"shared", "description":"Configure agent's netflow sampling rate" }, "active-timeout":{ "type":"number", "format":"number", "minimum":10, "maximum":600, "partition-visibility":"shared", "description":"Configure agent's flow active timeout (seconds)" }, "inactive-timeout":{ "type":"number", "format":"number", "minimum":10, "maximum":600, "partition-visibility":"shared", "description":"Configure agent's flow inactive timeout (seconds)" }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } } }, "required":[ "agent-name" ] } ] }, "statistics":{ "type":"object", "$ref":"/axapi/v3/ddos/detection/statistics", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } } } }, "dynamic-class-list":{ "type":"object", "$ref":"/axapi/v3/ddos/dynamic-class-list", "properties":{ "class-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Specify name of the class list" }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "resource-tracking":{ "type":"object", "$ref":"/axapi/v3/ddos/resource-tracking", "properties":{ "cpu":{ "type":"object", "$ref":"/axapi/v3/ddos/resource-tracking/cpu", "properties":{ "enable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable CPU usage tracking per dst object (default: disabled)" }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } } } }, "system-default":{ "type":"object", "$ref":"/axapi/v3/ddos/system-default", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" }, "limit-list":{ "type":"array", "minItems":1, "items":{ "type":"limit" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/system-default/limit/{limit-type}", "array":[ { "properties":{ "limit-type":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'dst-entry': dst-entry; 'dst-icmp': dst-icmp; 'dst-other': dst-other; 'dst-tcp': dst-tcp; 'dst-udp': dst-udp; 'src-entry': src-entry; 'src-icmp': src-icmp; 'src-other': src-other; 'src-tcp': src-tcp; 'src-udp': src-udp; ", "enum":[ "dst-entry", "dst-icmp", "dst-other", "dst-tcp", "dst-udp", "src-entry", "src-icmp", "src-other", "src-tcp", "src-udp" ], "optional":false }, "default-over-limit-action":{ "type":"object", "properties":{ "drop":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Silently Drop the new connection / new packet when it exceeds limit" } } }, "default-pkt-rate-limit":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "description":"Configure Default Packet rate limit", "optional":true }, "default-bit-rate-limit":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "description":"Configure Default Kibit (kibibit / 1024-bit) rate limit", "optional":true }, "default-frag-pkt-rate-limit":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "description":"Configure Default Fragmented packet rate limit", "optional":true }, "default-conn-limit":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "description":"Configure Default Connection limit", "optional":true }, "default-conn-rate-limit":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "description":"Configure Default Connection rate limit", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "limit-type" ] } ] } } }, "resource-usage":{ "type":"object", "$ref":"/axapi/v3/ddos/resource-usage", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "east-west-protection":{ "type":"object", "$ref":"/axapi/v3/ddos/east-west-protection", "properties":{ "deployment-mode":{ "type":"string", "format":"enum", "default":"disable", "partition-visibility":"shared", "description":"'L2-mode': Enable East-West Protection in Layer 2 mode.; 'L2-with-virtual-wire': Enable East-West Protection in Layer 2 mode with virtual-wire pairs.; 'L3-mode': Enable East-West Protection in Layer 3 mode.; 'disable': Disable East-West Protection.; ", "enum":[ "L2-mode", "L2-with-virtual-wire", "L3-mode", "disable" ] }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "reporting":{ "type":"object", "$ref":"/axapi/v3/ddos/reporting", "properties":{ "toggle":{ "type":"string", "format":"enum", "default":"reject-on-limit-reached", "partition-visibility":"shared", "description":"'disable-on-limit-reached': Disable reporting on DST/Port entry when the max reporting count is reached; 'reject-on-limit-reached': Reject the configuration when the max reporting count is reached; ", "enum":[ "disable-on-limit-reached", "reject-on-limit-reached" ] }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "interface-http-health-check":{ "type":"object", "$ref":"/axapi/v3/ddos/interface-http-health-check", "properties":{ "enable":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'enable': enable; ", "enum":[ "enable" ] }, "challenge-method":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'http-redirect': http-redirect; 'javascript': javascript; ", "enum":[ "http-redirect", "javascript" ] }, "challenge-redirect-code":{ "type":"string", "format":"enum", "default":"302", "partition-visibility":"shared", "description":"'302': 302 Found; '307': 307 Temporary Redirect; ", "enum":[ "302", "307" ] }, "challenge-uri-encode":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Encode the challenge phrase in uri instead of in http cookie. Default encoded in http cookie" }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "zone-template":{ "type":"object", "$ref":"/axapi/v3/ddos/zone-template", "properties":{ "encap-list":{ "type":"array", "minItems":1, "items":{ "type":"encap" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/zone-template/encap/{encap-tmpl-name}", "array":[ { "properties":{ "encap-tmpl-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS Tunnel Template Name", "optional":false }, "tunnel-encap":{ "type":"object", "properties":{ "ip-cfg":{ "type":"object", "properties":{ "ip-encap":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable Tunnel encapsulation using IP in IP" }, "always":{ "type":"object", "properties":{ "ipv4-addr":{ "type":"string", "format":"ipv4-address", "partition-visibility":"shared", "description":"IPv4 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)" }, "ipv6-addr":{ "type":"string", "format":"ipv6-address", "partition-visibility":"shared", "description":"IPv6 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)" } } } } }, "gre-cfg":{ "type":"object", "properties":{ "gre-encap":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable Tunnel encapsulation using GRE" }, "gre-always":{ "type":"object", "properties":{ "gre-ipv4":{ "type":"string", "format":"ipv4-address", "partition-visibility":"shared", "description":"IPv4 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)" }, "key-ipv4":{ "type":"string", "format":"string", "minLength":1, "maxLength":10, "partition-visibility":"shared", "description":"Encapsulate with key (Hexadecimal 0x0-0xFFFFFFFF,decimal 0-4294967295)" }, "gre-ipv6":{ "type":"string", "format":"ipv6-address", "partition-visibility":"shared", "description":"IPv6 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)" }, "key-ipv6":{ "type":"string", "format":"string", "minLength":1, "maxLength":10, "partition-visibility":"shared", "description":"Encapsulate with key (Hexadecimal 0x0-0xFFFFFFFF,decimal 0-4294967295)" } } } } } } }, "preserve-source-ip":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Use original source ip for encapsulation", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "encap-tmpl-name" ] } ] }, "logging-list":{ "type":"array", "minItems":1, "items":{ "type":"logging" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/zone-template/logging/{logging-tmpl-name}", "array":[ { "properties":{ "logging-tmpl-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "default":"default", "partition-visibility":"shared", "description":"DDOS Logging Template Name", "optional":false }, "log-format-cef":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Log in CEF format", "optional":true }, "use-obj-name":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Show obj name instead of ip in the log", "optional":true }, "log-format-custom":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":512, "partition-visibility":"shared", "description":"Customize log format", "optional":true }, "enable-action-logging":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Log action taken", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "logging-tmpl-name" ] } ] }, "ssl-l4-list":{ "type":"array", "minItems":1, "items":{ "type":"ssl-l4" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/zone-template/ssl-l4/{ssl-l4-tmpl-name}", "array":[ { "properties":{ "ssl-l4-tmpl-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "optional":false }, "disable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Disable this template", "optional":true }, "multi-pu-threshold-distribution":{ "type":"object", "properties":{ "multi-pu-threshold-distribution-value":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "not":"multi-pu-threshold-distribution-disable", "description":"Destination side rate limit only. Default: 0" }, "multi-pu-threshold-distribution-disable":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"multi-pu-threshold-distribution-value", "description":"'disable': Destination side rate limit only. Default: Enable; ", "enum":[ "disable" ] } } }, "renegotiation":{ "type":"object", "properties":{ "num-renegotiation":{ "type":"number", "format":"number", "minimum":0, "maximum":7, "partition-visibility":"shared", "description":"Number of renegotiation allowed" }, "ssl-l4-reneg-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"ssl-l4-reneg-action", "description":"Configure action-list to take" }, "ssl-l4-reneg-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"ssl-l4-reneg-action-list-name", "description":"'drop': Drop packets (Default); 'ignore': Take no action; 'blacklist-src': Blacklist-src; 'reset': Reset client connection; ", "enum":[ "drop", "ignore", "blacklist-src", "reset" ] } } }, "allow-non-tls":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Allow Non-TLS (SSLv3 and lower) traffic (Warning: security may be compromised)", "optional":true }, "auth-handshake":{ "type":"object", "properties":{ "auth-handshake-timeout":{ "type":"number", "format":"number", "minimum":1, "maximum":31, "default":5, "partition-visibility":"shared", "description":"Connection timeout (default 5 seconds) and trials (default 5 times) (DST support only)" }, "auth-handshake-trials":{ "type":"number", "format":"number", "minimum":0, "maximum":15, "default":5, "partition-visibility":"shared", "description":"Number of failed handshakes before entry marked black" }, "cert-cfg":{ "type":"object", "properties":{ "cert":{ "type":"string", "format":"string", "minLength":1, "maxLength":255, "partition-visibility":"shared", "description":"SSL certificate" }, "key":{ "type":"string", "format":"string", "minLength":1, "maxLength":255, "partition-visibility":"shared", "description":"SSL key" }, "key-passphrase":{ "type":"string", "format":"password", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Password Phrase" }, "key-encrypted":{ "type":"encrypted", "format":"encrypted", "partition-visibility":"shared", "description":"Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string)" } } }, "server-name-list":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "server-name":{ "type":"string", "format":"string", "minLength":1, "maxLength":255, "partition-visibility":"shared", "description":"Server name indication in Client hello extension (Server name String)" }, "server-cert":{ "type":"string", "format":"string", "minLength":1, "maxLength":255, "partition-visibility":"shared", "description":"Server Certificate associated to SNI (Server Certificate Name)" }, "server-key":{ "type":"string", "format":"string", "minLength":1, "maxLength":255, "partition-visibility":"shared", "description":"Server Private Key associated to SNI (Server Private Key Name)" }, "server-passphrase":{ "type":"string", "format":"password", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Password Phrase" }, "server-encrypted":{ "type":"encrypted", "format":"encrypted", "partition-visibility":"shared", "description":"Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string)" } } } ] }, "auth-handshake-pass-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"auth-handshake-pass-action", "description":"Configure action-list to take for passing the authentication" }, "auth-handshake-pass-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"auth-handshake-pass-action-list-name", "description":"'authenticate-src': authenticate-src (Default); ", "enum":[ "authenticate-src" ] }, "auth-handshake-fail-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"auth-handshake-fail-action", "description":"Configure action-list to take for failing the authentication" }, "auth-handshake-fail-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"auth-handshake-fail-action-list-name", "description":"'drop': Drop packets (Default); 'blacklist-src': Blacklist-src; 'reset': Reset client connection; ", "enum":[ "drop", "blacklist-src", "reset" ] } } }, "src":{ "type":"object", "properties":{ "rate-limit":{ "type":"object", "properties":{ "request":{ "type":"object", "properties":{ "src-request-rate-limit":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" }, "src-request-rate-limit-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"src-request-rate-limit-action", "description":"Configure action-list to take" }, "src-request-rate-limit-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"src-request-rate-limit-action-list-name", "description":"'drop': Drop packets (Default); 'ignore': Take no action; 'reset': Reset client connection; ", "enum":[ "drop", "ignore", "reset" ] } } } } } } }, "dst":{ "type":"object", "properties":{ "rate-limit":{ "type":"object", "properties":{ "request":{ "type":"object", "properties":{ "dst-request-rate-limit":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" }, "dst-request-rate-limit-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"dst-request-rate-limit-action", "description":"Configure action-list to take" }, "dst-request-rate-limit-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"dst-request-rate-limit-action-list-name", "description":"'drop': Drop packets (Default); 'ignore': Take no action; 'reset': Reset client connection; ", "enum":[ "drop", "ignore", "reset" ] } } } } } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "ssl-traffic-check":{ "type":"object", "$ref":"/axapi/v3/ddos/zone-template/ssl-l4/{ssl-l4-tmpl-name}/ssl-traffic-check", "properties":{ "header-inspection":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Inspect ssl header" }, "header-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'drop': Drop packets with bad ssl header; 'ignore': Forward packets with bad ssl header; ", "enum":[ "drop", "ignore" ] }, "check-resumed-connection":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Apply checks to SSL connections initialized by ACK packets" }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } } }, "required":[ "ssl-l4-tmpl-name" ] } ] }, "http-list":{ "type":"array", "minItems":1, "items":{ "type":"http" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/zone-template/http/{http-tmpl-name}", "array":[ { "properties":{ "http-tmpl-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS HTTP Template Name", "optional":false }, "disable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Disable this template", "optional":true }, "multi-pu-threshold-distribution":{ "type":"object", "properties":{ "multi-pu-threshold-distribution-value":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "not":"multi-pu-threshold-distribution-disable", "description":"Destination side rate limit only. Default: 0" }, "multi-pu-threshold-distribution-disable":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"multi-pu-threshold-distribution-value", "description":"'disable': Destination side rate limit only. Default: Enable; ", "enum":[ "disable" ] } } }, "mss-timeout":{ "type":"object", "properties":{ "mss-percent":{ "type":"number", "format":"number", "minimum":1, "maximum":100, "partition-visibility":"shared", "description":"Configure percentage of mss such that if a packet size is below the mss times mss-percent, packet is considered bad." }, "number-packets":{ "type":"number", "format":"number", "minimum":1, "maximum":31, "partition-visibility":"shared", "description":"Specify percentage of mss. Default is 0, mss-timeout is not enabled." }, "mss-timeout-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"mss-timeout-action", "description":"Configure action-list to take" }, "mss-timeout-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"mss-timeout-action-list-name", "description":"'drop': Drop packets (Default); 'ignore': Take no action; 'blacklist-src': Blacklist-src; 'reset': Reset client connection; ", "enum":[ "drop", "ignore", "blacklist-src", "reset" ] } } }, "disallow-connect-method":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Do not allow HTTP Connect method (asymmetric mode only)", "optional":true }, "challenge":{ "type":"object", "properties":{ "challenge-method":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'http-redirect': http-redirect; 'javascript': javascript; ", "enum":[ "http-redirect", "javascript" ] }, "challenge-redirect-code":{ "type":"string", "format":"enum", "default":"302", "partition-visibility":"shared", "description":"'302': 302 Found; '307': 307 Temporary Redirect; ", "enum":[ "302", "307" ] }, "challenge-uri-encode":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Encode the challenge phrase in uri instead of in http cookie. Default encoded in http cookie" }, "challenge-cookie-name":{ "type":"string", "format":"string", "minLength":1, "maxLength":63, "default":"sto-idd", "partition-visibility":"shared", "description":"Set the cookie name used to send back to client. Default is sto-idd" }, "challenge-keep-cookie":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Keep the challenge cookie from client and forward to backend. Default is do not keep" }, "challenge-interval":{ "type":"number", "format":"number", "minimum":1, "maximum":31, "default":8, "partition-visibility":"shared", "description":"Specify the challenge interval. Default is 8 seconds" }, "challenge-pass-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"challenge-pass-action", "description":"Configure action-list to take for passing the authentication" }, "challenge-pass-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"challenge-pass-action-list-name", "description":"'authenticate-src': Authenticate-src (Default); ", "enum":[ "authenticate-src" ] }, "challenge-fail-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"challenge-fail-action", "description":"Configure action-list to take for failing the authentication" }, "challenge-fail-action":{ "type":"string", "format":"enum", "default":"reset", "partition-visibility":"shared", "not":"challenge-fail-action-list-name", "description":"'blacklist-src': Blacklist-src; 'reset': Reset client connection(Default); ", "enum":[ "blacklist-src", "reset" ] } } }, "non-http-bypass":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Bypass non-http traffic instead of dropping", "optional":true }, "client-source-ip":{ "type":"object", "properties":{ "client-source-ip":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Mitigate on src ip specified by http header for example X-Forwarded-For header. Default is disabled" }, "http-header-name":{ "type":"string", "format":"string", "minLength":1, "maxLength":63, "default":"X-Forwarded-For", "partition-visibility":"shared", "description":"Set the http header name to parse for client ip. Default is X-Forwarded-For" } } }, "request-header":{ "type":"object", "properties":{ "timeout":{ "type":"number", "format":"number", "minimum":1, "maximum":63, "partition-visibility":"shared" }, "header-timeout-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"header-timeout-action", "description":"Configure action-list to take" }, "header-timeout-action":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "not":"header-timeout-action-list-name", "description":"'drop': Drop packets (Default); 'blacklist-src': Blacklist-src; 'reset': Reset client connection; ", "enum":[ "drop", "blacklist-src", "reset" ] } } }, "src":{ "type":"object", "properties":{ "rate-limit":{ "type":"object", "properties":{ "http-post":{ "type":"object", "properties":{ "src-post-rate-limit":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" }, "src-post-rate-limit-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"src-post-rate-limit-action", "description":"Configure action-list to take" }, "src-post-rate-limit-action":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "not":"src-post-rate-limit-action-list-name", "description":"'drop': Drop packets(Default); 'ignore': Take no action; 'reset': Reset client connection; 'blacklist-src': Blacklist-src; ", "enum":[ "drop", "ignore", "reset", "blacklist-src" ] } } }, "http-request":{ "type":"object", "properties":{ "src-request-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" }, "src-request-rate-limit-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"src-request-rate-limit-action", "description":"Configure action-list to take" }, "src-request-rate-limit-action":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "not":"src-request-rate-limit-action-list-name", "description":"'drop': Drop packets (Default); 'ignore': Take no action; 'reset': Reset client connection; 'blacklist-src': Blacklist-src; ", "enum":[ "drop", "ignore", "reset", "blacklist-src" ] } } } } } } }, "dst":{ "type":"object", "properties":{ "rate-limit":{ "type":"object", "properties":{ "http-post":{ "type":"object", "properties":{ "dst-post-rate-limit":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" }, "dst-post-rate-limit-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"dst-post-rate-limit-action", "description":"Configure action-list to take" }, "dst-post-rate-limit-action":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "not":"dst-post-rate-limit-action-list-name", "description":"'drop': Drop packets(Default); 'ignore': Take no action; 'reset': Reset client connection; 'blacklist-src': Blacklist-src; ", "enum":[ "drop", "ignore", "reset", "blacklist-src" ] } } }, "http-request":{ "type":"object", "properties":{ "dst-request-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" }, "dst-request-rate-limit-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"dst-request-rate-limit-action", "description":"Configure action-list to take" }, "dst-request-rate-limit-action":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "not":"dst-request-rate-limit-action-list-name", "description":"'drop': Drop packets (Default); 'ignore': Take no action; 'reset': Reset client connection; 'blacklist-src': Blacklist-src; ", "enum":[ "drop", "ignore", "reset", "blacklist-src" ] } } }, "response-size":{ "type":"object", "properties":{ "less-cfg":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "obj-less":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "description":"Response size configuration" }, "obj-less-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "description":"Response rate limit" } } } ] }, "greater-cfg":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "obj-greater":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "description":"Response size configuration" }, "obj-greater-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "description":"Response rate limit" } } } ] }, "between-cfg":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "obj-between1":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "description":"Response size configuration" }, "obj-between2":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "description":"Response size configuration" }, "obj-between-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "description":"Response rate limit" } } } ] }, "response-size-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"response-size-action", "description":"Configure action-list to take" }, "response-size-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"response-size-action-list-name", "description":"'drop': Drop packets (Default); 'ignore': Take no action; 'blacklist-src': Blacklist-src; 'reset': Reset client connection; ", "enum":[ "drop", "ignore", "blacklist-src", "reset" ] } } } } } } }, "slow-read":{ "type":"object", "properties":{ "min-window-size":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"minimum window size" }, "min-window-count":{ "type":"number", "format":"number", "minimum":1, "maximum":31, "partition-visibility":"shared", "description":"Number of packets" }, "slow-read-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"slow-read-action", "description":"Configure action-list to take" }, "slow-read-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"slow-read-action-list-name", "description":"'drop': Drop packets (Default); 'blacklist-src': Blacklist-src; 'ignore': Take no action; 'reset': Reset client connection; ", "enum":[ "drop", "blacklist-src", "ignore", "reset" ] } } }, "out-of-order-queue-size":{ "type":"number", "format":"number", "minimum":0, "maximum":15, "default":3, "partition-visibility":"shared", "description":"Set the number of packets for the out-of-order HTTP queue (asym mode only)", "optional":true }, "out-of-order-queue-timeout":{ "type":"number", "format":"number", "minimum":0, "maximum":15, "default":3, "partition-visibility":"shared", "description":"Set the timeout value in seconds for out-of-order queue in HTTP (asym mode only)", "optional":true }, "idle-timeout":{ "type":"object", "properties":{ "idle-timeout-value":{ "type":"number", "format":"number", "minimum":1, "maximum":63, "partition-visibility":"shared", "description":"Set the the idle timeout value in seconds for HTTP connections" }, "ignore-zero-payload":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Don't reset idle timer on packets with zero payload length from clients" }, "idle-timeout-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"idle-timeout-action", "description":"Configure action-list to take" }, "idle-timeout-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"idle-timeout-action-list-name", "description":"'drop': Drop packets (Default); 'blacklist-src': Blacklist-src; 'reset': Reset client connection; ", "enum":[ "drop", "blacklist-src", "reset" ] } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "filter-list":{ "type":"array", "minItems":1, "items":{ "type":"filter" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/zone-template/http/{http-tmpl-name}/filter/{http-filter-name}", "array":[ { "properties":{ "http-filter-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "optional":false }, "http-filter-seq":{ "type":"number", "format":"number", "minimum":1, "maximum":200, "partition-visibility":"shared", "description":"Sequence number", "optional":true }, "http-header-cfg":{ "type":"object", "properties":{ "http-filter-header-regex":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":1275, "partition-visibility":"shared", "description":"Regex Expression" }, "http-filter-header-inverse-match":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared" } } }, "http-referer-cfg":{ "type":"object", "properties":{ "referer-equals-cfg":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "http-filter-referer-equals":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared" } } } ] }, "referer-contains-cfg":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "http-filter-referer-contains":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared" } } } ] }, "referer-starts-cfg":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "http-filter-referer-starts-with":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared" } } } ] }, "referer-ends-cfg":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "http-filter-referer-ends-with":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared" } } } ] } } }, "http-agent-cfg":{ "type":"object", "properties":{ "agent-equals-cfg":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "http-filter-agent-equals":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared" } } } ] }, "agent-contains-cfg":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "http-filter-agent-contains":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared" } } } ] }, "agent-starts-cfg":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "http-filter-agent-starts-with":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared" } } } ] }, "agent-ends-cfg":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "http-filter-agent-ends-with":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared" } } } ] } } }, "http-uri-cfg":{ "type":"object", "properties":{ "uri-equal-cfg":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "http-filter-uri-equals":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared" } } } ] }, "uri-contains-cfg":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "http-filter-uri-contains":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared" } } } ] }, "uri-starts-cfg":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "http-filter-uri-starts-with":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared" } } } ] }, "uri-ends-cfg":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "http-filter-uri-ends-with":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared" } } } ] } } }, "dst":{ "type":"object", "properties":{ "http-filter-rate-limit":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "description":"Set rate limit" } } }, "http-filter-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"http-filter-action", "description":"Configure action-list to take", "optional":true }, "http-filter-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"http-filter-action-list-name", "description":"'drop': Drop packets (Default); 'ignore': Take no action; 'blacklist-src': Blacklist-src; 'authenticate-src': Authenticate-src; 'reset': Reset client connection; ", "enum":[ "drop", "ignore", "blacklist-src", "authenticate-src", "reset" ], "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "http-filter-name" ] } ] }, "malformed-http":{ "type":"object", "$ref":"/axapi/v3/ddos/zone-template/http/{http-tmpl-name}/malformed-http", "properties":{ "malformed-http":{ "type":"string", "format":"enum", "default":"check", "partition-visibility":"shared", "description":"'check': Configure malformed HTTP parameters; ", "enum":[ "check" ] }, "malformed-http-max-line-size":{ "type":"number", "format":"number", "minimum":1, "maximum":65280, "default":32512, "partition-visibility":"shared", "description":"Set the maximum line size. Default value is 32512" }, "malformed-http-max-num-headers":{ "type":"number", "format":"number", "minimum":1, "maximum":90, "default":90, "partition-visibility":"shared", "description":"Set the maximum number of headers. Default value is 90" }, "malformed-http-max-req-line-size":{ "type":"number", "format":"number", "minimum":1, "maximum":65280, "default":32512, "partition-visibility":"shared", "description":"Set the maximum request line size. Default value is 32512" }, "malformed-http-max-header-name-size":{ "type":"number", "format":"number", "minimum":1, "maximum":64, "default":64, "partition-visibility":"shared", "description":"Set the maxinum header name length. Default value is 64." }, "malformed-http-max-content-length":{ "type":"number", "format":"number", "minimum":1, "maximum":4294967295, "default":4294967295, "partition-visibility":"shared", "description":"Set the maxinum content-length header. Default value is 4294967295 bytes" }, "malformed-http-bad-chunk-mon-enabled":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enabling bad chunk monitoring. Default is disabled" }, "malformed-http-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"malformed-http-action", "description":"Configure action-list to take" }, "malformed-http-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"malformed-http-action-list-name", "description":"'drop': Drop packets (Default); 'reset': Reset client connection; 'blacklist-src': Blacklist-src; ", "enum":[ "drop", "reset", "blacklist-src" ] }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } } }, "required":[ "http-tmpl-name" ] } ] }, "dns-list":{ "type":"array", "minItems":1, "items":{ "type":"dns" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/zone-template/dns/{name}", "array":[ { "properties":{ "name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "optional":false }, "dns-any-check":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Drop DNS queries of Type ANY", "optional":true }, "dns-any-check-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"dns-any-check-action", "description":"Configure action-list to take", "optional":true }, "dns-any-check-action":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "not":"dns-any-check-action-list-name", "description":"'drop': Drop packets (Default); 'ignore': Take no action; 'blacklist-src': Blacklist-src; 'reset': Reset client connection; ", "enum":[ "drop", "ignore", "blacklist-src", "reset" ], "optional":true }, "multi-pu-threshold-distribution":{ "type":"object", "properties":{ "multi-pu-threshold-distribution-value":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "not":"multi-pu-threshold-distribution-disable", "description":"Destination side rate limit only. Default: 0" }, "multi-pu-threshold-distribution-disable":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"multi-pu-threshold-distribution-value", "description":"'disable': Destination side rate limit only. Default: Enable; ", "enum":[ "disable" ] } } }, "dns-udp-authentication":{ "type":"object", "properties":{ "force-tcp-cfg":{ "type":"object", "properties":{ "force-tcp":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "not-list":[ "udp-timeout", "min-delay" ], "description":"Force DNS request over TCP" }, "force-tcp-timeout":{ "type":"number", "format":"number", "minimum":1, "maximum":16, "partition-visibility":"shared", "description":"UDP authentication timeout in seconds" }, "force-tcp-min-delay":{ "type":"number", "format":"number", "minimum":1, "maximum":15, "partition-visibility":"shared", "description":"Optional minimum delay (seconds) between DNS retransmits for authentication to pass" }, "force-tcp-ignore-client-source-port":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Allow client to retransmit DNS request using different source port during udp-auth (supported in asymmetric mode only)" } } }, "udp-timeout":{ "type":"number", "format":"number", "minimum":1, "maximum":16, "partition-visibility":"shared", "not":"force-tcp", "description":"UDP authentication timeout in seconds" }, "min-delay":{ "type":"number", "format":"number", "minimum":1, "maximum":80, "partition-visibility":"shared", "not":"force-tcp", "description":"Optional minimum delay between DNS retransmits for authentication to pass, unit is specified by min-delay-interval" }, "min-delay-interval":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'100ms': 100ms; '1sec': 1sec; ", "enum":[ "100ms", "1sec" ] }, "dns-udp-auth-pass-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"dns-udp-auth-pass-action", "description":"Configure action-list to take for passing the authentication" }, "dns-udp-auth-pass-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"dns-udp-auth-pass-action-list-name", "description":"'authenticate-src': authenticate-src (Default); ", "enum":[ "authenticate-src" ] }, "dns-udp-auth-fail-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"dns-udp-auth-fail-action", "description":"Configure action-list to take for failing the authentication. (Applicable to dns-udp retry only)" }, "dns-udp-auth-fail-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"dns-udp-auth-fail-action-list-name", "description":"'drop': Drop packets (Default); 'blacklist-src': Blacklist-src; ", "enum":[ "drop", "blacklist-src" ] } } }, "fqdn-label-len-cfg":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "label-length":{ "type":"number", "format":"number", "minimum":1, "maximum":63, "partition-visibility":"shared", "description":"Maximum length of FQDN label" }, "fqdn-label-suffix":{ "type":"number", "format":"number", "minimum":1, "maximum":5, "partition-visibility":"shared", "description":"Number of suffixes" }, "fqdn-label-length-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"fqdn-label-length-action", "description":"Configure action-list to take" }, "fqdn-label-length-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"fqdn-label-length-action-list-name", "description":"'drop': Drop packets (Default); 'ignore': Take no action; 'blacklist-src': Blacklist-src; 'reset': Reset client connection; ", "enum":[ "drop", "ignore", "blacklist-src", "reset" ] } } } ] }, "fqdn-label-count-cfg":{ "type":"object", "properties":{ "label-count":{ "type":"number", "format":"number", "minimum":1, "maximum":10, "partition-visibility":"shared", "description":"Maximum number of FQDN labels per FQDN" }, "fqdn-label-count-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"fqdn-label-count-action", "description":"Configure action-list to take" }, "fqdn-label-count-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"fqdn-label-count-action-list-name", "description":"'drop': Drop packets (Default); 'ignore': Take no action; 'blacklist-src': Blacklist-src; 'reset': Send reset to client; ", "enum":[ "drop", "ignore", "blacklist-src", "reset" ] } } }, "src":{ "type":"object", "properties":{ "rate-limit":{ "type":"object", "properties":{ "nxdomain":{ "type":"object", "properties":{ "dns-nxdomain-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "description":"Limiting rate" }, "dns-nxdomain-rate-limit-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"dns-nxdomain-rate-limit-action", "description":"Configure action-list to take" }, "dns-nxdomain-rate-limit-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"dns-nxdomain-rate-limit-action-list-name", "description":"'drop': Drop packets (Default); 'ignore': Take no action; 'blacklist-src': Blacklist-src; 'reset': Reset client connection; ", "enum":[ "drop", "ignore", "blacklist-src", "reset" ] } } }, "request":{ "type":"object", "properties":{ "type":{ "type":"object", "properties":{ "A-cfg":{ "type":"object", "properties":{ "A":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Address record" }, "src-dns-a-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" } } }, "AAAA-cfg":{ "type":"object", "properties":{ "AAAA":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"IPv6 address record" }, "src-dns-aaaa-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" } } }, "CNAME-cfg":{ "type":"object", "properties":{ "CNAME":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Canonical name record" }, "src-dns-cname-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" } } }, "MX-cfg":{ "type":"object", "properties":{ "MX":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Mail exchange record" }, "src-dns-mx-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" } } }, "NS-cfg":{ "type":"object", "properties":{ "NS":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Name server record" }, "src-dns-ns-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" } } }, "SRV-cfg":{ "type":"object", "properties":{ "SRV":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Service locator" }, "src-dns-srv-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "description":"DNS request rate" } } }, "dns-type-cfg":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "src-dns-request-type":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Other type value" }, "src-dns-request-type-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "description":"request rate limit" } } } ] } } }, "src-dns-request-rate-limit-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"src-dns-request-rate-limit-action", "description":"Configure action-list to take" }, "src-dns-request-rate-limit-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"src-dns-request-rate-limit-action-list-name", "description":"'drop': Drop packets (Default); 'ignore': Take no action; 'blacklist-src': Blacklist-src; 'reset': Reset client connection; ", "enum":[ "drop", "ignore", "blacklist-src", "reset" ] } } } } } } }, "dst":{ "type":"object", "properties":{ "rate-limit":{ "type":"object", "properties":{ "fqdn":{ "type":"object", "properties":{ "dns-fqdn-rate-cfg":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "dns-fqdn-rate":{ "type":"number", "format":"number", "minimum":5, "maximum":16000000, "partition-visibility":"shared", "description":"Limiting rate (Range: 5-8000 for FQDN domain based rate limiting, 5-16000000 for FQDN label count based rate limiting)" }, "per":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'domain-name': Domain Name; 'src-ip': Source IP address; 'label-count': FQDN label count; ", "enum":[ "domain-name", "src-ip", "label-count" ] }, "per-domain-per-src-ip":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Use both Domain Name and Source IP address for rate-limiting" }, "fqdn-rate-suffix":{ "type":"number", "format":"number", "minimum":1, "maximum":5, "partition-visibility":"shared", "description":"Suffix count" }, "fqdn-rate-label-count":{ "type":"number", "format":"number", "minimum":1, "maximum":8, "partition-visibility":"shared", "description":"FQDN label count (Range: 1-8)" } } } ] }, "dns-fqdn-rate-limit-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"dns-fqdn-rate-limit-action", "description":"Configure action-list to take" }, "dns-fqdn-rate-limit-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"dns-fqdn-rate-limit-action-list-name", "description":"'drop': Drop packets (Default); 'ignore': Take no action; 'reset': Reset client connection; 'blacklist-src': Blacklist-src; ", "enum":[ "drop", "ignore", "reset", "blacklist-src" ] } } }, "domain-group-rate-exceed-action":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "description":"'drop': Drop the query (default); 'tunnel-encap-packet': Encapsulate the query and send on a tunnel; ", "enum":[ "drop", "tunnel-encap-packet" ] }, "encap-template":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS encap template to sepcify the tunnel endpoint" }, "domain-group-rate-per-service":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable per service domain rate checking" }, "request":{ "type":"object", "properties":{ "type":{ "type":"object", "properties":{ "A-cfg":{ "type":"object", "properties":{ "A":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Address record" }, "dns-a-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" } } }, "AAAA-cfg":{ "type":"object", "properties":{ "AAAA":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"IPv6 address record" }, "dns-aaaa-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" } } }, "CNAME-cfg":{ "type":"object", "properties":{ "CNAME":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Canonical name record" }, "dns-cname-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" } } }, "MX-cfg":{ "type":"object", "properties":{ "MX":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Mail exchange record" }, "dns-mx-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" } } }, "NS-cfg":{ "type":"object", "properties":{ "NS":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Name server record" }, "dns-ns-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" } } }, "SRV-cfg":{ "type":"object", "properties":{ "SRV":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Service locator" }, "dns-srv-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "description":"DNS request rate" } } }, "dns-type-cfg":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "dns-request-type":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Other type value" }, "dns-request-type-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "description":"request rate limit" } } } ] } } }, "dst-dns-request-rate-limit-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"dst-dns-request-rate-limit-action", "description":"Configure action-list to take" }, "dst-dns-request-rate-limit-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"dst-dns-request-rate-limit-action-list-name", "description":"'drop': Drop packets (Default); 'ignore': Take no action; 'reset': Reset client connection; 'blacklist-src': Blacklist-src; ", "enum":[ "drop", "ignore", "reset", "blacklist-src" ] } } } } } } }, "domain-group-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"Apply a domain-group to the DNS template", "optional":true }, "on-no-match":{ "type":"string", "format":"enum", "default":"deny", "partition-visibility":"shared", "description":"'permit': permit; 'deny': deny (default); ", "enum":[ "permit", "deny" ], "optional":true }, "symtimeout-cfg":{ "type":"object", "properties":{ "sym-timeout":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Timeout for DNS Symmetric session" }, "sym-timeout-value":{ "type":"number", "format":"number", "minimum":1, "maximum":31, "partition-visibility":"shared", "description":"Session timeout value in seconds" } } }, "allow-query-class":{ "type":"object", "properties":{ "allow-internet-query-class":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"INTERNET query class" }, "allow-csnet-query-class":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"CSNET query class" }, "allow-chaos-query-class":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"CHAOS query class" }, "allow-hesiod-query-class":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"HESIOD query class" }, "allow-none-query-class":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"NONE query class" }, "allow-any-query-class":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"ANY query class" }, "allow-query-class-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"allow-query-class-action", "description":"Configure action-list to take when query class doesn't match" }, "allow-query-class-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"allow-query-class-action-list-name", "description":"'drop': Drop packets (Default); 'blacklist-src': Blacklist-src; 'reset': Reset client connection; ", "enum":[ "drop", "blacklist-src", "reset" ] } } }, "allow-record-type":{ "type":"object", "properties":{ "allow-a-type":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Address record" }, "allow-aaaa-type":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"IPv6 address record" }, "allow-cname-type":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Canonical name record" }, "allow-mx-type":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Mail exchange record" }, "allow-ns-type":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Name server record" }, "allow-srv-type":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Service locator" }, "record-num-cfg":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "allow-num-type":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Other record type value" } } } ] }, "allow-record-type-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"allow-record-type-action", "description":"Configure action-list to take" }, "allow-record-type-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"allow-record-type-action-list-name", "description":"'drop': Drop packets (Default); 'blacklist-src': Blacklist-src; 'reset': Reset client connection; ", "enum":[ "drop", "blacklist-src", "reset" ] } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "malformed-query-check":{ "type":"object", "$ref":"/axapi/v3/ddos/zone-template/dns/{name}/malformed-query-check", "properties":{ "validation-type":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'basic-header-check': Basic header validation for DNS TCP/UDP queries; 'extended-header-check': Extended header/query validation for DNS TCP/UDP queries; 'disable': Disable Malform query validation for DNS TCP/UDP; ", "enum":[ "basic-header-check", "extended-header-check", "disable" ] }, "non-query-opcode-check":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'disable': When malform check is enabled, TPS always drops DNS query with non query opcode, this option disables this opcode check; ", "enum":[ "disable" ] }, "skip-multi-packet-check":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Bypass DNS fragmented and TCP segmented Queries(Default: dropped)" }, "dns-malformed-query-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"dns-malformed-query-action", "description":"Configure action-list to take" }, "dns-malformed-query-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"dns-malformed-query-action-list-name", "description":"'drop': Drop packets (Default); 'ignore': Take no action; 'blacklist-src': Blacklist-src; 'reset': Reset client connection; ", "enum":[ "drop", "ignore", "blacklist-src", "reset" ] }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } } }, "required":[ "name" ] } ] }, "quic-list":{ "type":"array", "minItems":1, "items":{ "type":"quic" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/zone-template/quic/{quic-tmpl-name}", "array":[ { "properties":{ "quic-tmpl-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "optional":false }, "fixed-bit-check-disable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Disable fixed-bit malform check", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "version-supported-list":{ "type":"array", "minItems":1, "items":{ "type":"version-supported" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/zone-template/quic/{quic-tmpl-name}/version-supported/{version-start}+{version-end}", "array":[ { "properties":{ "version-start":{ "type":"string", "format":"time", "minLength":1, "maxLength":4294967295, "partition-visibility":"shared", "description":"Configure versions supported", "optional":false }, "version-end":{ "type":"string", "format":"time", "minLength":1, "maxLength":4294967295, "partition-visibility":"shared", "description":"Version supported range end", "optional":false }, "version-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"version-action", "description":"Configure action-list to take", "optional":true }, "version-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"version-action-list-name", "description":"'drop': Drop packets; 'blacklist-src': Blacklist-src; ", "enum":[ "drop", "blacklist-src" ], "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "malformed-check":{ "type":"object", "$ref":"/axapi/v3/ddos/zone-template/quic/{quic-tmpl-name}/version-supported/{version-start}+{version-end}/malformed-check", "properties":{ "malformed-enable":{ "type":"string", "format":"enum", "default":"enable", "partition-visibility":"shared", "description":"'enable': Enable malformed check; ", "enum":[ "enable" ] }, "max-source-cid-length":{ "type":"number", "format":"number", "minimum":0, "maximum":255, "default":255, "partition-visibility":"shared", "description":"Set the maximum source CID length" }, "max-destination-cid-length":{ "type":"number", "format":"number", "minimum":0, "maximum":255, "default":255, "partition-visibility":"shared", "description":"Set the maximum destination CID length" }, "malformed-check-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"malformed-check-action", "description":"Configure action-list to take. Overwrites version action" }, "malformed-check-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"malformed-check-action-list-name", "description":"'drop': Drop packets (Default); 'blacklist-src': Blacklist-src; ", "enum":[ "drop", "blacklist-src" ] }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } } }, "required":[ "version-start", "version-end" ] } ] } }, "required":[ "quic-tmpl-name" ] } ] }, "tcp-list":{ "type":"array", "minItems":1, "items":{ "type":"tcp" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/zone-template/tcp/{name}", "array":[ { "properties":{ "name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "optional":false }, "age":{ "type":"number", "format":"number", "minimum":1, "maximum":63, "default":2, "partition-visibility":"shared", "description":"Session age in minutes", "optional":true }, "concurrent":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable concurrent port access for non-matching ports (DST support only)", "optional":true }, "syn-cookie":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable SYN Cookie", "optional":true }, "create-conn-on-syn-only":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable connection establishment on SYN only", "optional":true }, "filter-match-type":{ "type":"string", "format":"enum", "default":"default", "partition-visibility":"shared", "description":"'default': Stop matching on drop/blacklist action; 'stop-on-first-match': Stop matching on first match; ", "enum":[ "default", "stop-on-first-match" ], "optional":true }, "out-of-seq-cfg":{ "type":"object", "properties":{ "out-of-seq":{ "type":"number", "format":"number", "minimum":1, "maximum":64000, "partition-visibility":"shared", "not":"per-conn-out-of-seq-rate-limit", "description":"Take action if out-of-seq pkts exceed configured threshold" }, "out-of-seq-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"out-of-seq-action", "description":"Configure action-list to take for out-of-seq exceed" }, "out-of-seq-action":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "not":"out-of-seq-action-list-name", "description":"'drop': Drop packets for out-of-seq exceed (Default); 'blacklist-src': help Blacklist-src for out-of-seq exceed; 'ignore': help Ignore out-of-seq exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ] } } }, "per-conn-out-of-seq-rate-cfg":{ "type":"object", "properties":{ "per-conn-out-of-seq-rate-limit":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "not":"out-of-seq", "description":"Take action if out-of-seq pkt rate exceed configured threshold" }, "per-conn-out-of-seq-rate-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"per-conn-out-of-seq-rate-action", "description":"Configure action-list to take for out-of-seq rate exceed" }, "per-conn-out-of-seq-rate-action":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "not":"per-conn-out-of-seq-rate-action-list-name", "description":"'drop': Drop packets for out-of-seq rate exceed (Default); 'blacklist-src': help Blacklist-src for out-of-seq rate exceed; 'ignore': help Ignore out-of-seq rate exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ] } } }, "max-rexmit-syn-per-flow-cfg":{ "type":"object", "properties":{ "max-rexmit-syn-per-flow":{ "type":"number", "format":"number", "minimum":1, "maximum":6, "partition-visibility":"shared", "description":"Maximum number of re-transmit SYN per flow" }, "max-rexmit-syn-per-flow-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "description":"Configure action-list to take for max-rexmit-syn-per-flow exceed" }, "max-rexmit-syn-per-flow-action":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "description":"'drop': Drop SYN packets for max-rexmit-syn-per-flow exceed (Default); 'blacklist-src': help Blacklist-src for max-rexmit-syn-per-flow exceed; ", "enum":[ "drop", "blacklist-src" ] } } }, "retransmit-cfg":{ "type":"object", "properties":{ "retransmit":{ "type":"number", "format":"number", "minimum":1, "maximum":64000, "partition-visibility":"shared", "not":"per-conn-retransmit-rate-limit", "description":"Take action if retransmit pkts exceed configured threshold" }, "retransmit-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"retransmit-action", "description":"Configure action-list to take for retransmit exceed" }, "retransmit-action":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "not":"retransmit-action-list-name", "description":"'drop': Drop packets for retrans exceed (Default); 'blacklist-src': help Blacklist-src for retrans exceed; 'ignore': help Ignore retrans exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ] } } }, "per-conn-retransmit-rate-cfg":{ "type":"object", "properties":{ "per-conn-retransmit-rate-limit":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "not":"retransmit", "description":"Take action if retransmit pkt rate exceed configured threshold" }, "per-conn-retransmit-rate-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"per-conn-retransmit-rate-action", "description":"Configure action-list to take for retransmit rate exceed" }, "per-conn-retransmit-rate-action":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "not":"per-conn-retransmit-rate-action-list-name", "description":"'drop': Drop packets for retrans rate exceed (Default); 'blacklist-src': help Blacklist-src for retrans rate exceed; 'ignore': help Ignore retrans rate exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ] } } }, "zero-win-cfg":{ "type":"object", "properties":{ "zero-win":{ "type":"number", "format":"number", "minimum":1, "maximum":250, "partition-visibility":"shared", "not":"per-conn-zero-win-rate-limit", "description":"Take action if zero window pkts exceed configured threshold" }, "zero-win-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"zero-win-action", "description":"Configure action-list to take for zero window exceed" }, "zero-win-action":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "not":"zero-win-action-list-name", "description":"'drop': Drop packets for zero-win exceed (Default); 'blacklist-src': help Blacklist-src for zero-win exceed; 'ignore': Ignore zero-win exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ] } } }, "per-conn-zero-win-rate-cfg":{ "type":"object", "properties":{ "per-conn-zero-win-rate-limit":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "not":"zero-win", "description":"Take action if zero window pkt rate exceed configured threshold" }, "per-conn-zero-win-rate-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"per-conn-zero-win-rate-action", "description":"Configure action-list to take for zero window rate exceed" }, "per-conn-zero-win-rate-action":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "not":"per-conn-zero-win-rate-action-list-name", "description":"'drop': Drop packets for zero-win rate exceed (Default); 'blacklist-src': help Blacklist-src for zero-win rate exceed; 'ignore': Ignore zero-win rate exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ] } } }, "per-conn-pkt-rate-cfg":{ "type":"object", "properties":{ "per-conn-pkt-rate-limit":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "description":"Packet rate limit per connection per rate-interval" }, "per-conn-pkt-rate-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"per-conn-pkt-rate-action", "description":"Configure action-list to take for per-conn-pkt-rate exceed" }, "per-conn-pkt-rate-action":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "not":"per-conn-pkt-rate-action-list-name", "description":"'drop': Drop packets for per-conn-pkt-rate exceed (Default); 'blacklist-src': help Blacklist-src for per-conn-pkt-rate exceed; 'ignore': Ignore per-conn-pkt-rate-exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ] } } }, "per-conn-rate-interval":{ "type":"string", "format":"enum", "default":"1sec", "partition-visibility":"shared", "description":"'100ms': 100ms; '1sec': 1sec; '10sec': 10sec; ", "enum":[ "100ms", "1sec", "10sec" ], "optional":true }, "dst":{ "type":"object", "properties":{ "rate-limit":{ "type":"object", "properties":{ "syn-rate-limit":{ "type":"object", "properties":{ "dst-syn-rate-limit":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" }, "dst-syn-rate-action":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "description":"'drop': Drop packets for syn-rate exceed (Default); 'ignore': Ignore syn-rate-exceed; ", "enum":[ "drop", "ignore" ] } } } } } } }, "src":{ "type":"object", "properties":{ "rate-limit":{ "type":"object", "properties":{ "syn-rate-limit":{ "type":"object", "properties":{ "src-syn-rate-limit":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" }, "src-syn-rate-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"src-syn-rate-action", "description":"Configure action-list to take for syn-rate exceed" }, "src-syn-rate-action":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "not":"src-syn-rate-action-list-name", "description":"'drop': Drop packets for syn-rate exceed (Default); 'blacklist-src': Blacklist-src for syn-rate exceed; 'ignore': Ignore syn-rate-exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ] } } } } } } }, "allow-synack-skip-authentications":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Allow create sessions on SYNACK without syn-auth and ack-auth (ASYM Mode only)", "optional":true }, "synack-rate-limit":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "not":"track-together-with-syn", "description":"Config SYNACK rate limit", "optional":true }, "track-together-with-syn":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "not":"synack-rate-limit", "description":"SYNACK will be counted in Dst Syn-rate limit", "optional":true }, "allow-syn-otherflags":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Treat TCP SYN+PSH as a TCP SYN (DST tcp ports support only)", "optional":true }, "allow-tcp-tfo":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Allow TCP Fast Open", "optional":true }, "conn-rate-limit-on-syn-only":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Only count SYN-initiated connections towards connection-rate tracking", "optional":true }, "action-on-syn-rto-retry-count":{ "type":"number", "format":"number", "minimum":2, "maximum":10, "partition-visibility":"shared", "description":"Take action if syn-auth RTO-authentication fail over retry time(default:5)", "optional":true }, "action-on-ack-rto-retry-count":{ "type":"number", "format":"number", "minimum":2, "maximum":10, "partition-visibility":"shared", "description":"Take action if ack-auth RTO-authentication fail over retry time(default:5)", "optional":true }, "ack-authentication-synack-reset":{ "type":"number", "format":"flag", "plat-neg-list":["soft-ax"], "default":0, "partition-visibility":"shared", "description":"Reset client TCP SYN+ACK for authentication (DST support only)", "optional":true }, "known-resp-src-port-cfg":{ "type":"object", "properties":{ "known-resp-src-port":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Take action if src-port is less than 1024" }, "known-resp-src-port-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"known-resp-src-port-action", "description":"Configure action-list to take for well-known src-port" }, "known-resp-src-port-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"known-resp-src-port-action-list-name", "description":"'drop': Drop packets from well-known src-port(Default); 'blacklist-src': Blacklist-src from well-known src-port; 'ignore': Ignore well-known src-port; ", "enum":[ "drop", "blacklist-src", "ignore" ] }, "exclude-src-resp-port":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Exclude src port equal to dst port" } } }, "syn-authentication":{ "type":"object", "properties":{ "syn-auth-type":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not-list":[ "syn-auth-timeout", "syn-auth-min-delay" ], "description":"'send-rst': Send reset to all concurrent client auth attempts after syn cookie check pass; 'force-rst-by-ack': Send client a bad ack after syn cookie check pass; 'force-rst-by-synack': Send client a bad synack after syn cookie check pass; 'send-rst-once': Send RST to one client concurrent auth attempts; ", "enum":[ "send-rst", "force-rst-by-ack", "force-rst-by-synack", "send-rst-once" ] }, "syn-auth-timeout":{ "type":"number", "format":"number", "minimum":1, "maximum":31, "partition-visibility":"shared", "not":"syn-auth-type", "description":"syn retransmit timeout in seconds(default timeout: 5 seconds)" }, "syn-auth-min-delay":{ "type":"number", "format":"number", "minimum":1, "maximum":80, "partition-visibility":"shared", "not":"syn-auth-type", "description":"Minimum delay (in 100ms intervals) between SYN retransmits for retransmit-check to pass" }, "syn-auth-rto":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Estimate the RTO and apply the exponential back-off for authentication" }, "syn-auth-pass-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "not":"syn-auth-pass-action", "description":"Configure action-list to take for passing the authentication" }, "syn-auth-pass-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"syn-auth-pass-action-list-name", "description":"'authenticate-src': authenticate-src (Default); ", "enum":[ "authenticate-src" ] }, "syn-auth-fail-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "not":"syn-auth-fail-action", "description":"Configure action-list to take for failing the authentication." }, "syn-auth-fail-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"syn-auth-fail-action-list-name", "description":"'drop': Drop packets (Default); 'blacklist-src': Blacklist-src; 'reset': Send reset to client (Applicable to retransmit-check only); ", "enum":[ "drop", "blacklist-src", "reset" ] }, "allow-ra":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Allow RA packets to be used for auth" } } }, "ack-authentication":{ "type":"object", "properties":{ "ack-auth-timeout":{ "type":"number", "format":"number", "minimum":1, "maximum":31, "partition-visibility":"shared", "description":"ack retransmit timeout in seconds(default timeout: 5 seconds)" }, "ack-auth-min-delay":{ "type":"number", "format":"number", "minimum":1, "maximum":80, "partition-visibility":"shared", "description":"Minimum delay (in 100ms intervals) between ACK retransmits for retransmit-check to pass" }, "ack-auth-only":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Apply retransmit-check only once per source address for authentication purpose" }, "ack-auth-rto":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Estimate the RTO and apply the exponential back-off for authentication" }, "ack-auth-pass-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "not":"ack-auth-pass-action", "description":"Configure action-list to take for passing the authentication" }, "ack-auth-pass-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"ack-auth-pass-action-list-name", "description":"'authenticate-src': authenticate-src (Default); ", "enum":[ "authenticate-src" ] }, "ack-auth-fail-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "not":"ack-auth-fail-action", "description":"Configure action-list to take for failing the authentication." }, "ack-auth-fail-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"ack-auth-fail-action-list-name", "description":"'drop': Drop packets (Default); 'blacklist-src': Blacklist-src; 'reset': Send reset to client; ", "enum":[ "drop", "blacklist-src", "reset" ] } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "progression-tracking":{ "type":"object", "$ref":"/axapi/v3/ddos/zone-template/tcp/{name}/progression-tracking", "properties":{ "progression-tracking-enabled":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'enable-check': Enable Progression Tracking Check; ", "enum":[ "enable-check" ] }, "request-response-model":{ "type":"string", "format":"enum", "default":"enable", "partition-visibility":"shared", "description":"'enable': Enable Request Response Model; 'disable': Disable Request Response Model; ", "enum":[ "enable", "disable" ] }, "violation":{ "type":"number", "format":"number", "minimum":1, "maximum":255, "partition-visibility":"shared", "description":"Set the violation threshold" }, "ignore-TLS-handshake":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Ignore TLS handshake" }, "response-length-max":{ "type":"number", "format":"number", "minimum":1, "maximum":4294967295, "partition-visibility":"shared", "description":"Set the maximum response length" }, "response-length-min":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Set the minimum response length" }, "request-length-min":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Set the minimum request length" }, "request-length-max":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Set the maximum request length" }, "response-request-min-ratio":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Set the minimum response to request ratio (in unit of 0.1% [1:1000])" }, "response-request-max-ratio":{ "type":"number", "format":"number", "minimum":1, "maximum":4294967295, "partition-visibility":"shared", "description":"Set the maximum response to request ratio (in unit of 0.1% [1:1000])" }, "first-request-max-time":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Set the maximum wait time from connection creation until the first data is transmitted over the connection (100 ms)" }, "request-to-response-max-time":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Set the maximum request to response time (100 ms)" }, "response-to-request-max-time":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Set the maximum response to request time (100 ms)" }, "profiling-request-response-model":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable auto-config progression tracking learning for Request Response model" }, "profiling-connection-life-model":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable auto-config progression tracking learning for connection model" }, "profiling-time-window-model":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable auto-config progression tracking learning for time window model" }, "progression-tracking-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"progression-tracking-action", "description":"Configure action-list to take when progression tracking violation exceed" }, "progression-tracking-action":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "not":"progression-tracking-action-list-name", "description":"'drop': Drop packets for progression tracking violation exceed (Default); 'blacklist-src': Blacklist-src for progression tracking violation exceed; ", "enum":[ "drop", "blacklist-src" ] }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" }, "connection-tracking":{ "type":"object", "$ref":"/axapi/v3/ddos/zone-template/tcp/{name}/progression-tracking/connection-tracking", "properties":{ "progression-tracking-conn-enabled":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'enable-check': Enable General Progression Tracking per Connection; ", "enum":[ "enable-check" ] }, "conn-sent-max":{ "type":"number", "format":"number", "minimum":1, "maximum":2147483647, "partition-visibility":"shared", "description":"Set the maximum total sent byte" }, "conn-sent-min":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Set the minimum total sent byte" }, "conn-rcvd-max":{ "type":"number", "format":"number", "minimum":1, "maximum":2147483647, "partition-visibility":"shared", "description":"Set the maximum total received byte" }, "conn-rcvd-min":{ "type":"number", "format":"number", "minimum":1, "maximum":2147483647, "partition-visibility":"shared", "description":"Set the minimum total received byte" }, "conn-rcvd-sent-ratio-min":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Set the minimum received to sent ratio (in unit of milli-, 0.001)" }, "conn-rcvd-sent-ratio-max":{ "type":"number", "format":"number", "minimum":1, "maximum":2147483647, "partition-visibility":"shared", "description":"Set the maximum received to sent ratio (in unit of milli-, 0.001)" }, "conn-duration-max":{ "type":"number", "format":"number", "minimum":1, "maximum":2147483647, "partition-visibility":"shared", "description":"Set the maximum duration time (in unit of 100ms, up to 24 hours)" }, "conn-duration-min":{ "type":"number", "format":"number", "minimum":1, "maximum":864000, "partition-visibility":"shared", "description":"Set the minimum duration time (in unit of 100ms, up to 24 hours)" }, "conn-violation":{ "type":"number", "format":"number", "minimum":1, "maximum":255, "partition-visibility":"shared", "description":"Set the violation threshold" }, "progression-tracking-conn-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"progression-tracking-conn-action", "description":"Configure action-list to take when progression tracking violation exceed" }, "progression-tracking-conn-action":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "not":"progression-tracking-conn-action-list-name", "description":"'drop': Drop packets for progression tracking violation exceed (Default); 'blacklist-src': Blacklist-src for progression tracking violation exceed; ", "enum":[ "drop", "blacklist-src" ] }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "time-window-tracking":{ "type":"object", "$ref":"/axapi/v3/ddos/zone-template/tcp/{name}/progression-tracking/time-window-tracking", "properties":{ "progression-tracking-win-enabled":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'enable-check': Enable Progression Tracking per Time Window; ", "enum":[ "enable-check" ] }, "window-sent-max":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Set the maximum total sent byte" }, "window-sent-min":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Set the minimum total sent byte" }, "window-rcvd-max":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Set the maximum total received byte" }, "window-rcvd-min":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Set the minimum total received byte" }, "window-rcvd-sent-ratio-min":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Set the minimum received to sent ratio (in unit of 0.1% [1:1000])" }, "window-rcvd-sent-ratio-max":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Set the maximum received to sent ratio (in unit of 0.1% [1:1000])" }, "window-violation":{ "type":"number", "format":"number", "minimum":1, "maximum":255, "partition-visibility":"shared", "description":"Set the violation threshold" }, "progression-tracking-windows-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"progression-tracking-windows-action", "description":"Configure action-list to take when progression tracking violation exceed" }, "progression-tracking-windows-action":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "not":"progression-tracking-windows-action-list-name", "description":"'drop': Drop packets for progression tracking violation exceed (Default); 'blacklist-src': Blacklist-src for progression tracking violation exceed; ", "enum":[ "drop", "blacklist-src" ] }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } } } }, "filter-list":{ "type":"array", "minItems":1, "items":{ "type":"filter" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/zone-template/tcp/{name}/filter/{tcp-filter-name}", "array":[ { "properties":{ "tcp-filter-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "optional":false }, "tcp-filter-seq":{ "type":"number", "format":"number", "minimum":1, "maximum":200, "partition-visibility":"shared", "description":"Sequence number", "optional":true }, "tcp-filter-regex":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":1275, "partition-visibility":"shared", "description":"Regex Expression", "optional":true }, "tcp-filter-inverse-match":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Inverse the result of the matching", "optional":true }, "byte-offset-filter":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":1275, "partition-visibility":"shared", "description":"Filter using Berkeley Packet Filter syntax", "optional":true }, "tcp-filter-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"tcp-filter-action", "description":"Configure action-list to take", "optional":true }, "tcp-filter-action":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "not":"tcp-filter-action-list-name", "description":"'drop': Drop packets (Default); 'ignore': Take no action; 'blacklist-src': Blacklist-src; 'authenticate-src': Authenticate-src; ", "enum":[ "drop", "ignore", "blacklist-src", "authenticate-src" ], "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "tcp-filter-name" ] } ] } }, "required":[ "name" ] } ] }, "udp-list":{ "type":"array", "minItems":1, "items":{ "type":"udp" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/zone-template/udp/{name}", "array":[ { "properties":{ "name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS UDP Template Name", "optional":false }, "age":{ "type":"number", "format":"number", "minimum":1, "maximum":63, "default":2, "partition-visibility":"shared", "description":"Configure session age(in minutes) for UDP sessions", "optional":true }, "per-conn-pkt-rate-cfg":{ "type":"object", "properties":{ "per-conn-pkt-rate-limit":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "description":"Packet rate limit per connection per rate-interval" }, "per-conn-pkt-rate-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"per-conn-pkt-rate-action", "description":"Configure action-list to take for per-conn-pkt-rate exceed" }, "per-conn-pkt-rate-action":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "not":"per-conn-pkt-rate-action-list-name", "description":"'drop': Drop packets for per-conn-pkt-rate exceed (Default); 'blacklist-src': help Blacklist-src for per-conn-pkt-rate exceed; 'ignore': Ignore per-conn-pkt-rate-exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ] } } }, "per-conn-rate-interval":{ "type":"string", "format":"enum", "default":"1sec", "partition-visibility":"shared", "description":"'100ms': 100ms; '1sec': 1sec; ", "enum":[ "100ms", "1sec" ], "optional":true }, "filter-match-type":{ "type":"string", "format":"enum", "default":"default", "partition-visibility":"shared", "description":"'default': Stop matching on drop/blacklist action; 'stop-on-first-match': Stop matching on first match; ", "enum":[ "default", "stop-on-first-match" ], "optional":true }, "spoof-detect-retry-timeout":{ "type":"number", "format":"number", "minimum":1, "maximum":31, "partition-visibility":"shared", "description":"Timeout in seconds", "optional":true }, "spoof-detect-min-delay-interval":{ "type":"string", "format":"enum", "default":"1sec", "partition-visibility":"shared", "description":"'100ms': 100ms; '1sec': 1sec; ", "enum":[ "100ms", "1sec" ], "optional":true }, "spoof-detect-min-delay":{ "type":"number", "format":"number", "minimum":1, "maximum":80, "partition-visibility":"shared", "description":"Optional minimum delay between UDP retransmits for authentication to pass, unit is specified by min-delay-interval", "optional":true }, "spoof-detect-pass-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "not":"spoof-detect-pass-action", "description":"Configure action-list to take for passing the authentication", "optional":true }, "spoof-detect-pass-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"spoof-detect-pass-action-list-name", "description":"'authenticate-src': authenticate-src (Default); ", "enum":[ "authenticate-src" ], "optional":true }, "spoof-detect-fail-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "not":"spoof-detect-fail-action", "description":"Configure action-list to take for failing the authentication", "optional":true }, "spoof-detect-fail-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"spoof-detect-fail-action-list-name", "description":"'drop': Drop packets (Default); 'blacklist-src': Blacklist-src for spoof-detect fail; ", "enum":[ "drop", "blacklist-src" ], "optional":true }, "token-authentication":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable Token Authentication", "optional":true }, "token-authentication-hw-assist-disable":{ "type":"number", "format":"flag", "plat-neg-list":["non-fpga,soft-ax", "soft-ax"], "default":0, "partition-visibility":"shared", "description":"token-authentication disable hardware assistance", "optional":true }, "token-authentication-salt-prefix":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"token-authentication salt-prefix", "optional":true }, "token-authentication-salt-prefix-curr":{ "type":"number", "format":"number", "minimum":1, "maximum":4294967295, "partition-visibility":"shared", "optional":true }, "token-authentication-salt-prefix-prev":{ "type":"number", "format":"number", "minimum":1, "maximum":4294967295, "partition-visibility":"shared", "optional":true }, "token-authentication-formula":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'md5_Salt-SrcIp-SrcPort-DstIp-DstPort': md5 of Salt-SrcIp-SrcPort-DstIp-DstPort; 'md5_Salt-DstIp-DstPort': md5 of Salt-DstIp-DstPort; 'md5_Salt-SrcIp-DstIp': md5 of Salt-SrcIp-DstIp; 'md5_Salt-SrcPort-DstPort': md5 of Salt-SrcPort-DstPort; 'md5_Salt-UintDstIp-DstPort': Using the uint value of IP for md5 of Salt-DstIp-DstPort; 'sha1_Salt-SrcIp-SrcPort-DstIp-DstPort': sha1 of Salt-SrcIp-SrcPort-DstIp-DstPort; 'sha1_Salt-DstIp-DstPort': sha1 of Salt-DstIp-DstPort; 'sha1_Salt-SrcIp-DstIp': sha1 of Salt-SrcIp-DstIp; 'sha1_Salt-SrcPort-DstPort': sha1 of Salt-SrcPort-DstPort; 'sha1_Salt-UintDstIp-DstPort': Using the uint value of IP for sha1 of Salt-DstIp-DstPort; ", "enum":[ "md5_Salt-SrcIp-SrcPort-DstIp-DstPort", "md5_Salt-DstIp-DstPort", "md5_Salt-SrcIp-DstIp", "md5_Salt-SrcPort-DstPort", "md5_Salt-UintDstIp-DstPort", "sha1_Salt-SrcIp-SrcPort-DstIp-DstPort", "sha1_Salt-DstIp-DstPort", "sha1_Salt-SrcIp-DstIp", "sha1_Salt-SrcPort-DstPort", "sha1_Salt-UintDstIp-DstPort" ], "optional":true }, "previous-salt-timeout":{ "type":"number", "format":"number", "minimum":1, "maximum":10080, "default":1, "partition-visibility":"shared", "description":"Token-Authentication previous salt-prefix timeout in minutes, default is 1 min", "optional":true }, "token-authentication-public-address":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"The server public IP address", "optional":true }, "public-ipv4-addr":{ "type":"string", "format":"ipv4-address", "partition-visibility":"shared", "description":"IP address", "optional":true }, "public-ipv6-addr":{ "type":"string", "format":"ipv6-address", "partition-visibility":"shared", "description":"IPV6 address", "optional":true }, "known-resp-src-port-cfg":{ "type":"object", "properties":{ "known-resp-src-port":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Take action if src-port is less than 1024" }, "known-resp-src-port-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"known-resp-src-port-action", "description":"Configure action-list to take for well-known src-port" }, "known-resp-src-port-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"known-resp-src-port-action-list-name", "description":"'drop': Drop packets from well-known src-port(Default); 'blacklist-src': Blacklist-src from well-known src-port; 'ignore': Ignore well-known src-port; ", "enum":[ "drop", "blacklist-src", "ignore" ] }, "exclude-src-resp-port":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Exclude src port equal to dst port" } } }, "ntp-monlist-cfg":{ "type":"object", "properties":{ "ntp-monlist":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Take action for ntp monlist request/response" }, "ntp-monlist-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"ntp-monlist-action", "description":"Configure action-list to take for ntp-monlist" }, "ntp-monlist-action":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "not":"ntp-monlist-action-list-name", "description":"'drop': Drop packets for ntp-monlist (Default); 'blacklist-src': Blacklist-src for ntp-monlist; 'ignore': Ignore ntp-monlist; ", "enum":[ "drop", "blacklist-src", "ignore" ] } } }, "max-payload-size-cfg":{ "type":"object", "properties":{ "max-payload-size":{ "type":"number", "format":"number", "minimum":1, "maximum":1470, "partition-visibility":"shared", "description":"Maximum UDP payload size for each single packet" }, "max-payload-size-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":64, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"max-payload-size-action", "description":"Configure action-list to take for max-payload-size exceed" }, "max-payload-size-action":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "not":"max-payload-size-action-list-name", "description":"'drop': Drop packets for max-payload-size exceed (Default); 'blacklist-src': Blacklist-src for max-payload-size exceed; 'ignore': Do nothing for max-payload-size exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ] } } }, "min-payload-size-cfg":{ "type":"object", "properties":{ "min-payload-size":{ "type":"number", "format":"number", "minimum":1, "maximum":1470, "partition-visibility":"shared", "description":"Minimum UDP payload size for each single packet" }, "min-payload-size-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":64, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"min-payload-size-action", "description":"Configure action-list to take for min-payload-size exceed" }, "min-payload-size-action":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "not":"min-payload-size-action-list-name", "description":"'drop': Drop packets for min-payload-size (Default); 'blacklist-src': Blacklist-src for min-payload-size; 'ignore': Do nothing for min-payload-size exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ] } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "filter-list":{ "type":"array", "minItems":1, "items":{ "type":"filter" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/zone-template/udp/{name}/filter/{udp-filter-name}", "array":[ { "properties":{ "udp-filter-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "optional":false }, "udp-filter-seq":{ "type":"number", "format":"number", "minimum":1, "maximum":200, "partition-visibility":"shared", "description":"Sequence number", "optional":true }, "udp-filter-regex":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":1275, "partition-visibility":"shared", "description":"Regex Expression", "optional":true }, "udp-filter-inverse-match":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Inverse the result of the matching", "optional":true }, "byte-offset-filter":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":1275, "partition-visibility":"shared", "description":"Filter using Berkeley Packet Filter syntax", "optional":true }, "udp-filter-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "not":"udp-filter-action", "description":"Configure action-list to take", "optional":true }, "udp-filter-action":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "not":"udp-filter-action-list-name", "description":"'drop': Drop packets (Default); 'ignore': Take no action; 'blacklist-src': Blacklist-src; 'authenticate-src': Authenticate-src; ", "enum":[ "drop", "ignore", "blacklist-src", "authenticate-src" ], "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "udp-filter-name" ] } ] } }, "required":[ "name" ] } ] }, "ip-proto-list":{ "type":"array", "minItems":1, "items":{ "type":"ip-proto" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/zone-template/ip-proto/{name}", "array":[ { "properties":{ "name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS Ip-proto Template Name", "optional":false }, "filter-match-type":{ "type":"string", "format":"enum", "default":"default", "partition-visibility":"shared", "description":"'default': Stop matching on drop/blacklist action; 'stop-on-first-match': Stop matching on first match; ", "enum":[ "default", "stop-on-first-match" ], "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "filter-list":{ "type":"array", "minItems":1, "items":{ "type":"filter" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/zone-template/ip-proto/{name}/filter/{other-filter-name}", "array":[ { "properties":{ "other-filter-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "optional":false }, "other-filter-seq":{ "type":"number", "format":"number", "minimum":1, "maximum":200, "partition-visibility":"shared", "description":"Sequence number", "optional":true }, "other-filter-regex":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":1275, "partition-visibility":"shared", "description":"Regex Expression", "optional":true }, "other-filter-inverse-match":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Inverse the result of the matching", "optional":true }, "byte-offset-filter":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":1275, "partition-visibility":"shared", "description":"Filter using Berkeley Packet Filter syntax", "optional":true }, "other-filter-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"other-filter-action", "description":"Configure action-list to take", "optional":true }, "other-filter-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"other-filter-action-list-name", "description":"'drop': Drop packets (Default); 'ignore': Take no action; 'blacklist-src': Blacklist-src; 'authenticate-src': Authenticate-src; ", "enum":[ "drop", "ignore", "blacklist-src", "authenticate-src" ], "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "other-filter-name" ] } ] } }, "required":[ "name" ] } ] }, "icmp-v4-list":{ "type":"array", "minItems":1, "items":{ "type":"icmp-v4" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/zone-template/icmp-v4/{icmp-tmpl-name}", "array":[ { "properties":{ "icmp-tmpl-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS ICMPv4 Template Name", "optional":false }, "filter-match-type":{ "type":"string", "format":"enum", "default":"default", "partition-visibility":"shared", "description":"'default': Stop matching on drop/blacklist action; 'stop-on-first-match': Stop matching on first match; ", "enum":[ "default", "stop-on-first-match" ], "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "type-list":{ "type":"array", "minItems":1, "items":{ "type":"type" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/zone-template/icmp-v4/{icmp-tmpl-name}/type/{type-number}", "array":[ { "properties":{ "type-number":{ "type":"number", "format":"number", "minimum":0, "maximum":255, "partition-visibility":"shared", "description":"Specify ICMP type number", "optional":false }, "icmp-type-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"icmp-type-action", "description":"Configure action-list to take for this ICMP type", "optional":true }, "icmp-type-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"icmp-type-action-list-name", "description":"'drop': Reject this ICMP type; 'blacklist-src': Blacklist-src this ICMP type; 'ignore': Ignore this ICMP type; ", "enum":[ "drop", "blacklist-src", "ignore" ], "optional":true }, "v4-src-rate-cfg":{ "type":"object", "properties":{ "src-type-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "description":"Specify the whole src rate for this type" }, "src-type-rate-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"src-type-rate-action", "description":"Configure action-list to take for rate exceed" }, "src-type-rate-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"src-type-rate-action-list-name", "description":"'drop': Drop packets for rate exceed (Default); 'blacklist-src': Blacklist-src for rate exceed; 'ignore': Do nothing for rate exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ] } } }, "v4-src-code-cfg":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "src-code-number":{ "type":"number", "format":"number", "minimum":0, "maximum":255, "partition-visibility":"shared", "description":"Specify the ICMP code for this src rate" }, "src-code-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "description":"Specify the rate with the code" }, "src-code-rate-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"src-code-rate-action", "description":"Configure action-list to take for rate exceed" }, "src-code-rate-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"src-code-rate-action-list-name", "description":"'drop': Drop packets for rate exceed (Default); 'blacklist-src': Blacklist-src for rate exceed; 'ignore': Do nothing for rate exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ] } } } ] }, "src-code-other-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "description":"Specify the rate with other code", "optional":true }, "src-code-other-rate-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"src-code-other-rate-action", "description":"Configure action-list to take for rate exceed", "optional":true }, "src-code-other-rate-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"src-code-other-rate-action-list-name", "description":"'drop': Drop packets for rate exceed (Default); 'blacklist-src': Blacklist-src for rate exceed; 'ignore': Do nothing for rate exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ], "optional":true }, "v4-dst-rate-cfg":{ "type":"object", "properties":{ "dst-type-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "description":"Specify the whole dst rate for this type" }, "dst-type-rate-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"dst-type-rate-action", "description":"Configure action-list to take for rate exceed" }, "dst-type-rate-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"dst-type-rate-action-list-name", "description":"'drop': Drop packets for rate exceed (Default); 'blacklist-src': Blacklist-src for rate exceed; 'ignore': Do nothing for rate exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ] } } }, "v4-dst-code-cfg":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "dst-code-number":{ "type":"number", "format":"number", "minimum":0, "maximum":255, "partition-visibility":"shared", "description":"Specify the ICMP code for this dst rate" }, "dst-code-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "description":"Specify the rate with the code" }, "dst-code-rate-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"dst-code-rate-action", "description":"Configure action-list to take for rate exceed" }, "dst-code-rate-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"dst-code-rate-action-list-name", "description":"'drop': Drop packets for rate exceed (Default); 'blacklist-src': Blacklist-src for rate exceed; 'ignore': Do nothing for rate exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ] } } } ] }, "dst-code-other-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "description":"Specify the rate with other code", "optional":true }, "dst-code-other-rate-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"dst-code-other-rate-action", "description":"Configure action-list to take for rate exceed", "optional":true }, "dst-code-other-rate-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"dst-code-other-rate-action-list-name", "description":"'drop': Drop packets for rate exceed (Default); 'blacklist-src': Blacklist-src for rate exceed; 'ignore': Do nothing for rate exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ], "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "type-number" ] } ] }, "type-other":{ "type":"object", "$ref":"/axapi/v3/ddos/zone-template/icmp-v4/{icmp-tmpl-name}/type-other", "properties":{ "icmp-type-other-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"icmp-type-other-action", "description":"Configure action-list to take for wildcard ICMP match" }, "icmp-type-other-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"icmp-type-other-action-list-name", "description":"'drop': Reject wildcard ICMP type; 'blacklist-src': Blacklist-src wildcard ICMP type; 'ignore': Ignore wildcard ICMP type; ", "enum":[ "drop", "blacklist-src", "ignore" ] }, "src":{ "type":"object", "properties":{ "src-type-other-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "description":"Specify the whole src rate for wildcard ICMP type" }, "src-type-other-rate-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"src-type-other-rate-action", "description":"Configure action-list to take for rate exceed" }, "src-type-other-rate-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"src-type-other-rate-action-list-name", "description":"'drop': Drop packets for rate exceed (Default); 'blacklist-src': Blacklist-src for rate exceed; 'ignore': Do nothing for rate exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ] } } }, "dst":{ "type":"object", "properties":{ "dst-type-other-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "description":"Specify the whole dst rate for wildcard ICMP type" }, "dst-type-other-rate-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"dst-type-other-rate-action", "description":"Configure action-list to take for rate exceed" }, "dst-type-other-rate-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"dst-type-other-rate-action-list-name", "description":"'drop': Drop packets for rate exceed (Default); 'blacklist-src': Blacklist-src for rate exceed; 'ignore': Do nothing for rate exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ] } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "filter-list":{ "type":"array", "minItems":1, "items":{ "type":"filter" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/zone-template/icmp-v4/{icmp-tmpl-name}/filter/{icmp-filter-name}", "array":[ { "properties":{ "icmp-filter-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "optional":false }, "icmp-filter-seq":{ "type":"number", "format":"number", "minimum":1, "maximum":200, "partition-visibility":"shared", "description":"sequence number", "optional":true }, "icmp-filter-regex":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":1275, "partition-visibility":"shared", "description":"Regex Expression", "optional":true }, "icmp-filter-inverse-match":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Inverse the result of matching", "optional":true }, "byte-offset-filter":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"filter using Berkeley packet filter syntax", "optional":true }, "icmp-filter-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "not":"icmp-filter-action", "description":"Configure action-list to take", "optional":true }, "icmp-filter-action":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "not":"icmp-filter-action-list-name", "description":"'drop': Drop packets (Default); 'ignore': Take no action; 'blacklist-src': Blacklist-src; ", "enum":[ "drop", "ignore", "blacklist-src" ], "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "icmp-filter-name" ] } ] } }, "required":[ "icmp-tmpl-name" ] } ] }, "icmp-v6-list":{ "type":"array", "minItems":1, "items":{ "type":"icmp-v6" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/zone-template/icmp-v6/{icmp-tmpl-name}", "array":[ { "properties":{ "icmp-tmpl-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS ICMPv6 Template Name", "optional":false }, "filter-match-type":{ "type":"string", "format":"enum", "default":"default", "partition-visibility":"shared", "description":"'default': Stop matching on drop/blacklist action; 'stop-on-first-match': Stop matching on first match; ", "enum":[ "default", "stop-on-first-match" ], "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "type-list":{ "type":"array", "minItems":1, "items":{ "type":"type" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/zone-template/icmp-v6/{icmp-tmpl-name}/type/{type-number}", "array":[ { "properties":{ "type-number":{ "type":"number", "format":"number", "minimum":0, "maximum":255, "partition-visibility":"shared", "description":"Specify ICMP type number", "optional":false }, "icmp-type-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"icmp-type-action", "description":"Configure action-list to take for this ICMP type", "optional":true }, "icmp-type-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"icmp-type-action-list-name", "description":"'drop': Reject this ICMP type; 'blacklist-src': Blacklist-src this ICMP type; 'ignore': Ignore this ICMP type; ", "enum":[ "drop", "blacklist-src", "ignore" ], "optional":true }, "v6-src-rate-cfg":{ "type":"object", "properties":{ "src-type-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "description":"Specify the whole src rate for this type" }, "src-type-rate-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"src-type-rate-action", "description":"Configure action-list to take for rate exceed" }, "src-type-rate-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"src-type-rate-action-list-name", "description":"'drop': Drop packets for rate exceed (Default); 'blacklist-src': Blacklist-src for rate exceed; 'ignore': Do nothing for rate exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ] } } }, "v6-src-code-cfg":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "src-code-number":{ "type":"number", "format":"number", "minimum":0, "maximum":255, "partition-visibility":"shared", "description":"Specify the ICMP code for this src rate" }, "src-code-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "description":"Specify the rate with the code" }, "src-code-rate-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"src-code-rate-action", "description":"Configure action-list to take for rate exceed" }, "src-code-rate-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"src-code-rate-action-list-name", "description":"'drop': Drop packets for rate exceed (Default); 'blacklist-src': Blacklist-src for rate exceed; 'ignore': Do nothing for rate exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ] } } } ] }, "src-code-other-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "description":"Specify the rate with other code", "optional":true }, "src-code-other-rate-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"src-code-other-rate-action", "description":"Configure action-list to take for rate exceed", "optional":true }, "src-code-other-rate-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"src-code-other-rate-action-list-name", "description":"'drop': Drop packets for rate exceed (Default); 'blacklist-src': Blacklist-src for rate exceed; 'ignore': Do nothing for rate exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ], "optional":true }, "v6-dst-rate-cfg":{ "type":"object", "properties":{ "dst-type-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "description":"Specify the whole dst rate for this type" }, "dst-type-rate-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"dst-type-rate-action", "description":"Configure action-list to take for rate exceed" }, "dst-type-rate-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"dst-type-rate-action-list-name", "description":"'drop': Drop packets for rate exceed (Default); 'blacklist-src': Blacklist-src for rate exceed; 'ignore': Do nothing for rate exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ] } } }, "v6-dst-code-cfg":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "dst-code-number":{ "type":"number", "format":"number", "minimum":0, "maximum":255, "partition-visibility":"shared", "description":"Specify the ICMP code for this dst rate" }, "dst-code-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "description":"Specify the rate with the code" }, "dst-code-rate-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"dst-code-rate-action", "description":"Configure action-list to take for rate exceed" }, "dst-code-rate-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"dst-code-rate-action-list-name", "description":"'drop': Drop packets for rate exceed (Default); 'blacklist-src': Blacklist-src for rate exceed; 'ignore': Do nothing for rate exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ] } } } ] }, "dst-code-other-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "description":"Specify the rate with other code", "optional":true }, "dst-code-other-rate-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"dst-code-other-rate-action", "description":"Configure action-list to take for rate exceed", "optional":true }, "dst-code-other-rate-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"dst-code-other-rate-action-list-name", "description":"'drop': Drop packets for rate exceed (Default); 'blacklist-src': Blacklist-src for rate exceed; 'ignore': Do nothing for rate exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ], "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "type-number" ] } ] }, "type-other":{ "type":"object", "$ref":"/axapi/v3/ddos/zone-template/icmp-v6/{icmp-tmpl-name}/type-other", "properties":{ "icmp-type-other-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"icmp-type-other-action", "description":"Configure action-list to take for wildcard ICMP match" }, "icmp-type-other-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"icmp-type-other-action-list-name", "description":"'drop': Reject wildcard ICMP type; 'blacklist-src': Blacklist-src wildcard ICMP type; 'ignore': Ignore wildcard ICMP type; ", "enum":[ "drop", "blacklist-src", "ignore" ] }, "src":{ "type":"object", "properties":{ "src-type-other-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "description":"Specify the whole src rate for wildcard ICMP type" }, "src-type-other-rate-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"src-type-other-rate-action", "description":"Configure action-list to take for rate exceed" }, "src-type-other-rate-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"src-type-other-rate-action-list-name", "description":"'drop': Drop packets for rate exceed (Default); 'blacklist-src': Blacklist-src for rate exceed; 'ignore': Do nothing for rate exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ] } } }, "dst":{ "type":"object", "properties":{ "dst-type-other-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "description":"Specify the whole dst rate for wildcard ICMP type" }, "dst-type-other-rate-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"dst-type-other-rate-action", "description":"Configure action-list to take for rate exceed" }, "dst-type-other-rate-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"dst-type-other-rate-action-list-name", "description":"'drop': Drop packets for rate exceed (Default); 'blacklist-src': Blacklist-src for rate exceed; 'ignore': Do nothing for rate exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ] } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "filter-list":{ "type":"array", "minItems":1, "items":{ "type":"filter" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/zone-template/icmp-v6/{icmp-tmpl-name}/filter/{icmp-filter-name}", "array":[ { "properties":{ "icmp-filter-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "optional":false }, "icmp-filter-seq":{ "type":"number", "format":"number", "minimum":1, "maximum":200, "partition-visibility":"shared", "description":"sequence number", "optional":true }, "icmp-filter-regex":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":1275, "partition-visibility":"shared", "description":"Regex Expression", "optional":true }, "icmp-filter-inverse-match":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Inverse the result of matching", "optional":true }, "byte-offset-filter":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"filter using Berkeley packet filter syntax", "optional":true }, "icmp-filter-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "not":"icmp-filter-action", "description":"list to take", "optional":true }, "icmp-filter-action":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "not":"icmp-filter-action-list-name", "description":"'drop': Drop packets (Default); 'ignore': Take no action; 'blacklist-src': Blacklist-src; ", "enum":[ "drop", "ignore", "blacklist-src" ], "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "icmp-filter-name" ] } ] } }, "required":[ "icmp-tmpl-name" ] } ] }, "sip-list":{ "type":"array", "minItems":1, "items":{ "type":"sip" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/zone-template/sip/{sip-tmpl-name}", "array":[ { "properties":{ "sip-tmpl-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS SIP Template Name", "optional":false }, "multi-pu-threshold-distribution":{ "type":"object", "properties":{ "multi-pu-threshold-distribution-value":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "not":"multi-pu-threshold-distribution-disable", "description":"Destination side rate limit only. Default: 0" }, "multi-pu-threshold-distribution-disable":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"multi-pu-threshold-distribution-value", "description":"'disable': Destination side rate limit only. Default: Enable; ", "enum":[ "disable" ] } } }, "src":{ "type":"object", "properties":{ "sip-request-rate-limit":{ "type":"object", "properties":{ "src-sip-rate-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"src-sip-rate-action", "description":"Configure action-list to take" }, "src-sip-rate-action":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "not":"src-sip-rate-action-list-name", "description":"'drop': Drop packets(Default); 'ignore': Take no action; 'reset': Reset (sip-tcp) client connection; 'blacklist-src': Blacklist-src; ", "enum":[ "drop", "ignore", "reset", "blacklist-src" ] }, "method":{ "type":"object", "properties":{ "invite-cfg":{ "type":"object", "properties":{ "INVITE":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"INVITE method" }, "src-sip-invite-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" } } }, "register-cfg":{ "type":"object", "properties":{ "REGISTER":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"REGISTER method" }, "src-sip-register-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" } } }, "options-cfg":{ "type":"object", "properties":{ "OPTIONS":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"OPTIONS method" }, "src-sip-options-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" } } }, "bye-cfg":{ "type":"object", "properties":{ "BYE":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"BYE method" }, "src-sip-bye-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" } } }, "subscribe-cfg":{ "type":"object", "properties":{ "SUBSCRIBE":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"SUBSCRIBE method" }, "src-sip-subscribe-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" } } }, "notify-cfg":{ "type":"object", "properties":{ "NOTIFY":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"NOTIFY method" }, "src-sip-notify-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" } } }, "refer-cfg":{ "type":"object", "properties":{ "REFER":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"REFER method" }, "src-sip-refer-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" } } }, "message-cfg":{ "type":"object", "properties":{ "MESSAGE":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"MESSAGE method" }, "src-sip-message-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" } } }, "update-cfg":{ "type":"object", "properties":{ "UPDATE":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"UPDATE method" }, "src-sip-update-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" } } } } } } } } }, "dst":{ "type":"object", "properties":{ "sip-request-rate-limit":{ "type":"object", "properties":{ "dst-sip-rate-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"dst-sip-rate-action", "description":"Configure action-list to take" }, "dst-sip-rate-action":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "not":"dst-sip-rate-action-list-name", "description":"'drop': Drop packets(Default); 'ignore': Take no action; 'reset': Reset (sip-tcp) client connection; 'blacklist-src': Blacklist-src; ", "enum":[ "drop", "ignore", "reset", "blacklist-src" ] }, "method":{ "type":"object", "properties":{ "invite-cfg":{ "type":"object", "properties":{ "INVITE":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"INVITE method" }, "dst-sip-invite-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" } } }, "register-cfg":{ "type":"object", "properties":{ "REGISTER":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"REGISTER method" }, "dst-sip-register-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" } } }, "options-cfg":{ "type":"object", "properties":{ "OPTIONS":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"OPTIONS method" }, "dst-sip-options-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" } } }, "bye-cfg":{ "type":"object", "properties":{ "BYE":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"BYE method" }, "dst-sip-bye-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" } } }, "subscribe-cfg":{ "type":"object", "properties":{ "SUBSCRIBE":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"SUBSCRIBE method" }, "dst-sip-subscribe-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" } } }, "notify-cfg":{ "type":"object", "properties":{ "NOTIFY":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"NOTIFY method" }, "dst-sip-notify-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" } } }, "refer-cfg":{ "type":"object", "properties":{ "REFER":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"REFER method" }, "dst-sip-refer-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" } } }, "message-cfg":{ "type":"object", "properties":{ "MESSAGE":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"MESSAGE method" }, "dst-sip-message-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" } } }, "update-cfg":{ "type":"object", "properties":{ "UPDATE":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"UPDATE method" }, "dst-sip-update-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" } } } } } } } } }, "idle-timeout":{ "type":"object", "properties":{ "idle-timeout-value":{ "type":"number", "format":"number", "minimum":1, "maximum":63, "partition-visibility":"shared", "description":"Set the the idle timeout value for SIP-TCP connections" }, "ignore-zero-payload":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Don't reset idle timer on packets with zero payload length from clients" }, "idle-timeout-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"idle-timeout-action", "description":"Configure action-list to take" }, "idle-timeout-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"idle-timeout-action-list-name", "description":"'drop': Drop packets (Default); 'blacklist-src': Blacklist-src; 'reset': Reset (sip-tcp) client connection; ", "enum":[ "drop", "blacklist-src", "reset" ] } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "malformed-sip":{ "type":"object", "$ref":"/axapi/v3/ddos/zone-template/sip/{sip-tmpl-name}/malformed-sip", "properties":{ "malformed-sip-check":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'enable-check': Enable malformed SIP parameters; ", "enum":[ "enable-check" ] }, "malformed-sip-max-line-size":{ "type":"number", "format":"number", "minimum":1, "maximum":32511, "default":32511, "partition-visibility":"shared", "description":"Set the maximum line size. Default value is 32511" }, "malformed-sip-max-uri-length":{ "type":"number", "format":"number", "minimum":1, "maximum":32511, "default":32511, "partition-visibility":"shared", "description":"Set the maximum uri size. Default value is 32511" }, "malformed-sip-max-header-name-length":{ "type":"number", "format":"number", "minimum":1, "maximum":63, "default":63, "partition-visibility":"shared", "description":"Set the maximum header name length. Default value is 63" }, "malformed-sip-max-header-value-length":{ "type":"number", "format":"number", "minimum":1, "maximum":32511, "default":32511, "partition-visibility":"shared", "description":"Set the maximum header value length. Default value is 32511" }, "malformed-sip-call-id-max-length":{ "type":"number", "format":"number", "minimum":1, "maximum":32511, "default":32511, "partition-visibility":"shared", "description":"Set the maximum call-id length. Default value is 32511" }, "malformed-sip-sdp-max-length":{ "type":"number", "format":"number", "minimum":1, "maximum":32511, "default":32511, "partition-visibility":"shared", "description":"Set the maxinum SDP content length. Default value is 32511" }, "malformed-sip-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"malformed-sip-action", "description":"Configure action-list to take" }, "malformed-sip-action":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "not":"malformed-sip-action-list-name", "description":"'drop': Drop packets (Default); 'reset': Reset (sip-tcp) client connection; 'blacklist-src': Blacklist-src; ", "enum":[ "drop", "reset", "blacklist-src" ] }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "filter-header-list":{ "type":"array", "minItems":1, "items":{ "type":"filter-header" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/zone-template/sip/{sip-tmpl-name}/filter-header/{sip-filter-name}", "array":[ { "properties":{ "sip-filter-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "optional":false }, "sip-filter-header-seq":{ "type":"number", "format":"number", "minimum":1, "maximum":200, "partition-visibility":"shared", "description":"Sequence number", "optional":true }, "sip-header-cfg":{ "type":"object", "properties":{ "sip-filter-header-regex":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":1275, "partition-visibility":"shared", "description":"Regex Expression" }, "sip-filter-header-inverse-match":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared" } } }, "sip-filter-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"sip-filter-action", "description":"Configure action-list to take", "optional":true }, "sip-filter-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"sip-filter-action-list-name", "description":"'drop': Drop packets (Default); 'ignore': Take no action; 'blacklist-src': Blacklist-src; 'authenticate-src': Authenticate-src; 'reset': Reset client connection(for sip-tcp); ", "enum":[ "drop", "ignore", "blacklist-src", "authenticate-src", "reset" ], "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "sip-filter-name" ] } ] } }, "required":[ "sip-tmpl-name" ] } ] } } }, "action-list-list":{ "type":"array", "minItems":1, "items":{ "type":"action-list" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/action-list/{name}", "array":[ { "properties":{ "name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS action-list name", "optional":false }, "action":{ "type":"object", "properties":{ "action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'drop': Drop Packet (Default); 'ignore': Continue processing the packet; 'reset': Reset the connection; 'authenticate-src': Authenticate the source IP; 'blacklist-src': Black-list the source IP; 'tunnel-encap-packet': Encapsulate packet for tunneling. encap template need to be bound; ", "enum":[ "drop", "ignore", "reset", "authenticate-src", "blacklist-src", "tunnel-encap-packet" ] }, "blacklist-src-value":{ "type":"number", "format":"number", "minimum":1, "maximum":30, "partition-visibility":"shared", "description":"blacklist duration in minutes" }, "stateless":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"encapsulate all packests" }, "scrub-packet":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"allow packets to go through other DDoS checks before sent out" } } }, "zone-template":{ "type":"object", "properties":{ "logging":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/zone-template/logging", "description":"DDOS logging zone-template" }, "encap":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/zone-template/encap", "description":"DDOS encap template" } } }, "capture-config":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/capture-config", "description":"capture-config name", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "name" ] } ] }, "ip-filtering-policy-list":{ "type":"array", "minItems":1, "items":{ "type":"ip-filtering-policy" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/ip-filtering-policy/{name}", "array":[ { "properties":{ "name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS ip-filtering-policy name", "optional":false }, "default-action":{ "type":"string", "format":"enum", "default":"permit", "partition-visibility":"shared", "description":"'drop': Drop all the packets not meet any rule; 'permit': Forward all the packets not meet any rule (Default); ", "enum":[ "drop", "permit" ], "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "rule-list":{ "type":"array", "minItems":1, "items":{ "type":"rule" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/ip-filtering-policy/{name}/rule/{seq}", "array":[ { "properties":{ "seq":{ "type":"number", "format":"number", "minimum":1, "maximum":200, "partition-visibility":"shared", "description":"Sequence number", "optional":false }, "action":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "description":"'drop': Drop the packet (default); 'permit': Let the packet skip all afterword address filters; 'blacklist': Blacklist with glid; 'bypass': Bypass all the ddos process; ", "enum":[ "drop", "permit", "blacklist", "bypass" ], "optional":true }, "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "src-ip":{ "type":"string", "format":"ipv4-cidr", "partition-visibility":"shared", "not-list":[ "src-ipv6", "dst-ipv6" ], "description":"IPv4 Subnet address", "optional":true }, "src-ipv6":{ "type":"string", "format":"ipv6-address-plen", "partition-visibility":"shared", "not-list":[ "src-ip", "dst-ip" ], "description":"IPv6 Subnet address", "optional":true }, "dst-ip":{ "type":"string", "format":"ipv4-cidr", "partition-visibility":"shared", "not-list":[ "src-ipv6", "dst-ipv6" ], "description":"IPv4 Subnet address", "optional":true }, "dst-ipv6":{ "type":"string", "format":"ipv6-address-plen", "partition-visibility":"shared", "not-list":[ "src-ip", "dst-ip" ], "description":"IPv6 Subnet address", "optional":true }, "protocol":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'tcp': TCP; 'udp': UDP; 'icmp-v4': ICMP; 'icmp-v6': ICMPv6; 'number': Specify IP protocol number; ", "enum":[ "tcp", "udp", "icmp-v4", "icmp-v6", "number" ], "optional":true }, "proto-num":{ "type":"number", "format":"number", "minimum":0, "maximum":255, "partition-visibility":"shared", "description":"IP proto number", "optional":true }, "src-port":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "not":"src-port-start", "description":"Match only packets with the port number", "optional":true }, "src-port-start":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "not":"src-port", "description":"Match only packets in the range of port numbers (Starting Port Number)", "optional":true }, "src-port-end":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Ending Port Number", "optional":true }, "dst-port":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "not":"dst-port-start", "description":"Match only packets with the port number", "optional":true }, "dst-port-start":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "not":"dst-port", "description":"Match only packets in the range of port numbers (Starting Port Number)", "optional":true }, "dst-port-end":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Ending Port Number", "optional":true }, "tcp-flag":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'match-all': not = 0 match = 1; 'none-of': not = 1 match = 0; 'match-any': not = 0 match = 0; ", "enum":[ "match-all", "none-of", "match-any" ], "optional":true }, "tcp-flags-bitmask":{ "type":"string", "format":"time", "minLength":1, "maxLength":255, "partition-visibility":"shared", "description":"Bitmask in Hex", "optional":true }, "icmp-type":{ "type":"number", "format":"number", "minimum":0, "maximum":255, "partition-visibility":"shared", "description":"ICMP message type", "optional":true }, "icmp-code":{ "type":"number", "format":"number", "minimum":0, "maximum":255, "partition-visibility":"shared", "description":"ICMP code", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "seq" ] } ] } }, "required":[ "name" ] } ] }, "zone-src-port-template":{ "type":"object", "$ref":"/axapi/v3/ddos/zone-src-port-template", "properties":{ "tcp-list":{ "type":"array", "minItems":1, "items":{ "type":"tcp" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/zone-src-port-template/tcp/{name}", "array":[ { "properties":{ "name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "optional":false }, "filter-match-type":{ "type":"string", "format":"enum", "default":"default", "partition-visibility":"shared", "description":"'default': Stop matching on drop/blacklist action; 'stop-on-first-match': Stop matching on first match; ", "enum":[ "default", "stop-on-first-match" ], "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "filter-list":{ "type":"array", "minItems":1, "items":{ "type":"filter" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/zone-src-port-template/tcp/{name}/filter/{tcp-filter-name}", "array":[ { "properties":{ "tcp-filter-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "optional":false }, "tcp-filter-seq":{ "type":"number", "format":"number", "minimum":1, "maximum":200, "partition-visibility":"shared", "description":"Sequence number", "optional":true }, "tcp-filter-regex":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":1275, "partition-visibility":"shared", "description":"Regex Expression", "optional":true }, "tcp-filter-inverse-match":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Inverse the result of the matching", "optional":true }, "byte-offset-filter":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":1275, "partition-visibility":"shared", "description":"Filter using Berkeley Packet Filter syntax", "optional":true }, "tcp-filter-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"tcp-filter-action", "description":"Configure action-list to take", "optional":true }, "tcp-filter-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"tcp-filter-action-list-name", "description":"'drop': Drop packets (Default); 'ignore': Take no action; 'blacklist-src': Blacklist-src; 'authenticate-src': Authenticate-src; ", "enum":[ "drop", "ignore", "blacklist-src", "authenticate-src" ], "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "tcp-filter-name" ] } ] } }, "required":[ "name" ] } ] }, "udp-list":{ "type":"array", "minItems":1, "items":{ "type":"udp" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/zone-src-port-template/udp/{name}", "array":[ { "properties":{ "name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS UDP Template Name", "optional":false }, "filter-match-type":{ "type":"string", "format":"enum", "default":"default", "partition-visibility":"shared", "description":"'default': Stop matching on drop/blacklist action; 'stop-on-first-match': Stop matching on first match; ", "enum":[ "default", "stop-on-first-match" ], "optional":true }, "ntp-monlist-cfg":{ "type":"object", "properties":{ "ntp-monlist":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Take action for ntp monlist request/response" }, "ntp-monlist-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"ntp-monlist-action", "description":"Configure action-list to take for ntp-monlist" }, "ntp-monlist-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"ntp-monlist-action-list-name", "description":"'drop': Drop packets for ntp-monlist (Default); 'blacklist-src': Blacklist-src for ntp-monlist; 'ignore': Ignore ntp-monlist; ", "enum":[ "drop", "blacklist-src", "ignore" ] } } }, "max-payload-size-cfg":{ "type":"object", "properties":{ "max-payload-size":{ "type":"number", "format":"number", "minimum":1, "maximum":1470, "partition-visibility":"shared", "description":"Maximum UDP payload size for each single packet" }, "max-payload-size-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":64, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"max-payload-size-action", "description":"Configure action-list to take for max-payload-size exceed" }, "max-payload-size-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"max-payload-size-action-list-name", "description":"'drop': Drop packets for max-payload-size exceed (Default); 'blacklist-src': Blacklist-src for max-payload-size exceed; 'ignore': Do nothing for max-payload-size exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ] } } }, "min-payload-size-cfg":{ "type":"object", "properties":{ "min-payload-size":{ "type":"number", "format":"number", "minimum":1, "maximum":1470, "partition-visibility":"shared", "description":"Minimum UDP payload size for each single packet" }, "min-payload-size-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":64, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"min-payload-size-action", "description":"Configure action-list to take for min-payload-size exceed" }, "min-payload-size-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"min-payload-size-action-list-name", "description":"'drop': Drop packets for min-payload-size (Default); 'blacklist-src': Blacklist-src for min-payload-size; 'ignore': Do nothing for min-payload-size exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ] } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "filter-list":{ "type":"array", "minItems":1, "items":{ "type":"filter" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/zone-src-port-template/udp/{name}/filter/{udp-filter-name}", "array":[ { "properties":{ "udp-filter-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "optional":false }, "udp-filter-seq":{ "type":"number", "format":"number", "minimum":1, "maximum":200, "partition-visibility":"shared", "description":"Sequence number", "optional":true }, "udp-filter-regex":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":1275, "partition-visibility":"shared", "description":"Regex Expression", "optional":true }, "udp-filter-inverse-match":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Inverse the result of the matching", "optional":true }, "byte-offset-filter":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":1275, "partition-visibility":"shared", "description":"Filter using Berkeley Packet Filter syntax", "optional":true }, "udp-filter-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "not":"udp-filter-action", "description":"Configure action-list to take", "optional":true }, "udp-filter-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"udp-filter-action-list-name", "description":"'drop': Drop packets (Default); 'ignore': Take no action; 'blacklist-src': Blacklist-src; 'authenticate-src': Authenticate-src; ", "enum":[ "drop", "ignore", "blacklist-src", "authenticate-src" ], "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "udp-filter-name" ] } ] } }, "required":[ "name" ] } ] }, "dns-list":{ "type":"array", "minItems":1, "items":{ "type":"dns" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/zone-src-port-template/dns/{name}", "array":[ { "properties":{ "name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "optional":false }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "query-resolution-check":{ "type":"object", "$ref":"/axapi/v3/ddos/zone-src-port-template/dns/{name}/query-resolution-check", "properties":{ "session-timeout-value":{ "type":"number", "format":"number", "minimum":1, "maximum":30, "partition-visibility":"shared", "description":"max session timeout (secs) between DNS external server and Protected object" }, "domain-lockup-action":{ "type":"string", "format":"enum", "default":"default", "partition-visibility":"shared", "description":"'default': Default, No action for future connections; 'blacklist-src': Blacklist the external server for future connections; ", "enum":[ "default", "blacklist-src" ] }, "big-response-size":{ "type":"number", "format":"number", "minimum":1, "maximum":4096, "partition-visibility":"shared", "description":"Max DNS response size (in Bytes)" }, "big-response-action":{ "type":"string", "format":"enum", "default":"default", "partition-visibility":"shared", "description":"'default': Default, No action for future connections; 'blacklist-src': Blacklist the external server for future connections; ", "enum":[ "default", "blacklist-src" ] }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } } }, "required":[ "name" ] } ] } } }, "template":{ "type":"object", "$ref":"/axapi/v3/ddos/template", "properties":{ "encap-list":{ "type":"array", "minItems":1, "items":{ "type":"encap" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/template/encap/{encap-tmpl-name}", "array":[ { "properties":{ "encap-tmpl-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS Tunnel Template Name", "optional":false }, "tunnel-encap":{ "type":"object", "properties":{ "ip-cfg":{ "type":"object", "properties":{ "ip-encap":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable Tunnel encap for IP packets" }, "always":{ "type":"object", "properties":{ "ipv4-addr":{ "type":"string", "format":"ipv4-address", "partition-visibility":"shared", "description":"IPv4 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)" }, "ipv6-addr":{ "type":"string", "format":"ipv6-address", "partition-visibility":"shared", "description":"IPv6 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)" } } } } }, "gre-cfg":{ "type":"object", "properties":{ "gre-encap":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable Tunnel encap for GRE packets" }, "gre-always":{ "type":"object", "properties":{ "gre-ipv4":{ "type":"string", "format":"ipv4-address", "partition-visibility":"shared", "description":"IPv4 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)" }, "key-ipv4":{ "type":"string", "format":"string", "minLength":1, "maxLength":10, "partition-visibility":"shared", "description":"Encapsulate with key (Hexadecimal 0x0-0xFFFFFFFF,decimal 0-4294967295)" }, "gre-ipv6":{ "type":"string", "format":"ipv6-address", "partition-visibility":"shared", "description":"IPv6 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)" }, "key-ipv6":{ "type":"string", "format":"string", "minLength":1, "maxLength":10, "partition-visibility":"shared", "description":"Encapsulate with key (Hexadecimal 0x0-0xFFFFFFFF,decimal 0-4294967295)" } } } } } } }, "preserve-source-ip":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Use original source ip for encapsulation", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "encap-tmpl-name" ] } ] }, "ssl-l4-list":{ "type":"array", "minItems":1, "items":{ "type":"ssl-l4" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/template/ssl-l4/{ssl-l4-tmpl-name}", "array":[ { "properties":{ "ssl-l4-tmpl-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "optional":false }, "action":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "description":"'drop': drop; 'reset': reset; ", "enum":[ "drop", "reset" ], "optional":true }, "disable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Disable this template", "optional":true }, "renegotiation":{ "type":"number", "format":"number", "minimum":0, "maximum":7, "partition-visibility":"shared", "description":"Configure renegotiation limiting for SSL (Number of renegotiation allowed)", "optional":true }, "request-rate-limit":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "description":"Configure rate limiting for SSL", "optional":true }, "allow-non-tls":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Allow Non-TLS (SSLv3 and lower) traffic (Warning: security may be compromised)", "optional":true }, "multi-pu-threshold-distribution":{ "type":"object", "properties":{ "multi-pu-threshold-distribution-value":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "not":"multi-pu-threshold-distribution-disable", "description":"Destination side rate limit only. Default: 0" }, "multi-pu-threshold-distribution-disable":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"multi-pu-threshold-distribution-value", "description":"'disable': Destination side rate limit only. Default: Enable; ", "enum":[ "disable" ] } } }, "auth-config-cfg":{ "type":"object", "properties":{ "timeout":{ "type":"number", "format":"number", "minimum":1, "maximum":31, "default":5, "partition-visibility":"shared", "description":"Connection timeout" }, "trials":{ "type":"number", "format":"number", "minimum":0, "maximum":15, "default":5, "partition-visibility":"shared", "description":"Number of failed handshakes" }, "auth-handshake-fail-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'blacklist-src': Blacklist-src when auth handshake fails; ", "enum":[ "blacklist-src" ] } } }, "cert-cfg":{ "type":"object", "properties":{ "cert":{ "type":"string", "format":"string", "plat-neg-list":["fips"], "minLength":1, "maxLength":255, "partition-visibility":"shared", "description":"SSL certificate" }, "key":{ "type":"string", "format":"string", "minLength":1, "maxLength":255, "partition-visibility":"shared", "description":"SSL key" }, "key-passphrase":{ "type":"string", "format":"password", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Password Phrase" }, "key-encrypted":{ "type":"encrypted", "format":"encrypted", "partition-visibility":"shared", "description":"Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string)" } } }, "server-name-list":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "server-name":{ "type":"string", "format":"string", "plat-neg-list":["fips"], "minLength":1, "maxLength":255, "partition-visibility":"shared", "description":"Server name indication in Client hello extension (Server name String)" }, "server-cert":{ "type":"string", "format":"string", "minLength":1, "maxLength":255, "partition-visibility":"shared", "description":"Server Certificate associated to SNI (Server Certificate Name)" }, "server-key":{ "type":"string", "format":"string", "minLength":1, "maxLength":255, "partition-visibility":"shared", "description":"Server Private Key associated to SNI (Server Private Key Name)" }, "server-passphrase":{ "type":"string", "format":"password", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Password Phrase" }, "server-encrypted":{ "type":"encrypted", "format":"encrypted", "partition-visibility":"shared", "description":"Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string)" } } } ] }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "ssl-traffic-check":{ "type":"object", "$ref":"/axapi/v3/ddos/template/ssl-l4/{ssl-l4-tmpl-name}/ssl-traffic-check", "properties":{ "header-inspection":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Inspect ssl header" }, "header-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'drop': Drop packets with bad ssl header; 'ignore': Forward packets with bad ssl header; ", "enum":[ "drop", "ignore" ] }, "check-resumed-connection":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Apply checks to SSL connections initialized by ACK packets" }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } } }, "required":[ "ssl-l4-tmpl-name" ] } ] }, "http-list":{ "type":"array", "minItems":1, "items":{ "type":"http" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/template/http/{http-tmpl-name}", "array":[ { "properties":{ "http-tmpl-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS HTTP Template Name", "optional":false }, "multi-pu-threshold-distribution":{ "type":"object", "properties":{ "multi-pu-threshold-distribution-value":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "not":"multi-pu-threshold-distribution-disable", "description":"Destination side rate limit only. Default: 0" }, "multi-pu-threshold-distribution-disable":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"multi-pu-threshold-distribution-value", "description":"'disable': Destination side rate limit only. Default: Enable; ", "enum":[ "disable" ] } } }, "action":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "description":"'drop': Drop packets for the connection; 'reset': Send RST for the connection; ", "enum":[ "drop", "reset" ], "optional":true }, "disable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Disable this template", "optional":true }, "mss-cfg":{ "type":"object", "properties":{ "mss-timeout":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Configure DDOS detection based on mss and packet size" }, "mss-percent":{ "type":"number", "format":"number", "minimum":1, "maximum":100, "partition-visibility":"shared", "description":"Configure percentage of mss such that if a packet size is below the mss times mss-percent, packet is considered bad." }, "number-packets":{ "type":"number", "format":"number", "minimum":1, "maximum":31, "partition-visibility":"shared", "description":"Specify percentage of mss. Default is 0, mss-timeout is not enabled." } } }, "disallow-connect-method":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Do not allow HTTP Connect method (asymmetric mode only)", "optional":true }, "challenge-method":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'http-redirect': http-redirect; 'javascript': javascript; ", "enum":[ "http-redirect", "javascript" ], "optional":true }, "challenge-redirect-code":{ "type":"string", "format":"enum", "default":"302", "partition-visibility":"shared", "description":"'302': 302 Found; '307': 307 Temporary Redirect; ", "enum":[ "302", "307" ], "optional":true }, "challenge-uri-encode":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Encode the challenge phrase in uri instead of in http cookie. Default encoded in http cookie", "optional":true }, "challenge-cookie-name":{ "type":"string", "format":"string", "minLength":1, "maxLength":63, "default":"sto-idd", "partition-visibility":"shared", "description":"Set the cookie name used to send back to client. Default is sto-idd", "optional":true }, "challenge-keep-cookie":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Keep the challenge cookie from client and forward to backend. Default is do not keep", "optional":true }, "challenge-interval":{ "type":"number", "format":"number", "minimum":1, "maximum":31, "default":8, "partition-visibility":"shared", "description":"Specify the challenge interval. Default is 8 seconds", "optional":true }, "non-http-bypass":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Bypass non-http traffic instead of dropping", "optional":true }, "malformed-http":{ "type":"object", "properties":{ "malformed-http-enabled":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enabling ddos malformed http protection. Default value is disabled." }, "malformed-http-max-line-size":{ "type":"number", "format":"number", "minimum":1, "maximum":65280, "default":32512, "partition-visibility":"shared", "description":"Set the maximum line size. Default value is 32512" }, "malformed-http-max-num-headers":{ "type":"number", "format":"number", "minimum":1, "maximum":90, "default":90, "partition-visibility":"shared", "description":"Set the maximum number of headers. Default value is 90" }, "malformed-http-max-req-line-size":{ "type":"number", "format":"number", "minimum":1, "maximum":65280, "default":32512, "partition-visibility":"shared", "description":"Set the maximum request line size. Default value is 32512" }, "malformed-http-max-header-name-size":{ "type":"number", "format":"number", "minimum":1, "maximum":64, "default":64, "partition-visibility":"shared", "description":"Set the maxinum header name length. Default value is 64." }, "malformed-http-max-content-length":{ "type":"number", "format":"number", "minimum":1, "maximum":4294967295, "default":4294967295, "partition-visibility":"shared", "description":"Set the maximum content-length header. Default value is 4294967295 bytes" }, "malformed-http-bad-chunk-mon-enabled":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enabling bad chunk monitoring. Default is disabled" } } }, "use-hdr-ip-cfg":{ "type":"object", "properties":{ "use-hdr-ip-as-source":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Mitigate on src ip specified by http header for example X-Forwarded-For header. Default is disabled" }, "l7-hdr-name":{ "type":"string", "format":"string", "minLength":1, "maxLength":63, "default":"X-Forwarded-For", "partition-visibility":"shared", "description":"Set the http header name to parse for client ip. Default is X-Forwarded-For" } } }, "request-header":{ "type":"object", "properties":{ "timeout":{ "type":"number", "format":"number", "minimum":1, "maximum":63, "partition-visibility":"shared" } } }, "post-rate-limit":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "description":"Configure rate limiting for HTTP POST request", "optional":true }, "request-rate-limit":{ "type":"object", "properties":{ "request-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "description":"HTTP request rate limit" }, "uri":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "equal-cfg":{ "type":"object", "properties":{ "url-equals":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Request rate-limit HTTP URI matching a specified pattern" }, "url-equals-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "description":"Request rate limit" } } }, "contains-cfg":{ "type":"object", "properties":{ "url-contains":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Request rate-limit HTTP URI containing a specified pattern" }, "url-contains-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "description":"Request rate limit" } } }, "starts-cfg":{ "type":"object", "properties":{ "url-starts-with":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Request rate-limit HTTP URI strting with a specified pattern" }, "url-starts-with-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "description":"Request rate limit" } } }, "ends-cfg":{ "type":"object", "properties":{ "url-ends-with":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Request rate-limit HTTP URI ending with a specified pattern" }, "url-ends-with-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "description":"Request rate limit" } } } } } ] } } }, "response-rate-limit":{ "type":"object", "properties":{ "obj-size":{ "type":"object", "properties":{ "less-cfg":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "obj-less":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "description":"Response size configuration" }, "obj-less-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "description":"Response rate limit" } } } ] }, "greater-cfg":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "obj-greater":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "description":"Response size configuration" }, "obj-greater-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "description":"Response rate limit" } } } ] }, "between-cfg":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "obj-between1":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "description":"Response size configuration" }, "obj-between2":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "description":"Response size configuration" }, "obj-between-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "description":"Response rate limit" } } } ] } } } } }, "slow-read-drop":{ "type":"object", "properties":{ "min-window-size":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"minimum window size" }, "min-window-count":{ "type":"number", "format":"number", "minimum":1, "maximum":31, "partition-visibility":"shared", "description":"Number of packets" } } }, "idle-timeout":{ "type":"number", "format":"number", "minimum":1, "maximum":63, "partition-visibility":"shared", "description":"Set the the idle timeout value in seconds for HTTP connections", "optional":true }, "ignore-zero-payload":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Don't reset idle timer on packets with zero payload length from clients", "optional":true }, "out-of-order-queue-size":{ "type":"number", "format":"number", "minimum":0, "maximum":15, "default":3, "partition-visibility":"shared", "description":"Set the number of packets for the out-of-order HTTP queue (asym mode only)", "optional":true }, "out-of-order-queue-timeout":{ "type":"number", "format":"number", "minimum":0, "maximum":15, "default":3, "partition-visibility":"shared", "description":"Set the timeout value in seconds for out-of-order queue in HTTP (asym mode only)", "optional":true }, "referer-filter":{ "type":"object", "properties":{ "ref-filter-blacklist":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Blacklist the source if the referer matches" }, "referer-equals-cfg":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "referer-equals":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared" } } } ] }, "referer-contains-cfg":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "referer-contains":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared" } } } ] }, "referer-starts-cfg":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "referer-starts-with":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared" } } } ] }, "referer-ends-cfg":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "referer-ends-with":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared" } } } ] } } }, "agent-filter":{ "type":"object", "properties":{ "agent-filter-blacklist":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Blacklist the source if the user-agent matches" }, "agent-equals-cfg":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "agent-equals":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared" } } } ] }, "agent-contains-cfg":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "agent-contains":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared" } } } ] }, "agent-starts-cfg":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "agent-starts-with":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared" } } } ] }, "agent-ends-cfg":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "agent-ends-with":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared" } } } ] } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "filter-header-list":{ "type":"array", "minItems":1, "items":{ "type":"filter-header" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/template/http/{http-tmpl-name}/filter-header/{http-filter-header-seq}", "array":[ { "properties":{ "http-filter-header-seq":{ "type":"number", "format":"number", "minimum":1, "maximum":5, "partition-visibility":"shared", "description":"Sequence number", "optional":false }, "http-filter-header-regex":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":1275, "partition-visibility":"shared", "description":"Regex Expression", "optional":true }, "http-filter-header-unmatched":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"action taken when it does not match", "optional":true }, "http-filter-header-blacklist":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Also blacklist the source when action is taken", "optional":true }, "http-filter-header-whitelist":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Whitelist the source after filter passes, packets are dropped until then", "optional":true }, "http-filter-header-count-only":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Take no action and continue processing the next filter", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "http-filter-header-seq" ] } ] } }, "required":[ "http-tmpl-name" ] } ] }, "dns-list":{ "type":"array", "minItems":1, "items":{ "type":"dns" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/template/dns/{name}", "array":[ { "properties":{ "name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "optional":false }, "action":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "description":"'drop': Drop packets (Default action); 'reset': Send Client RST for TCP connections; ", "enum":[ "drop", "reset" ], "optional":true }, "dns-any-check":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Drop DNS queries of Type ANY", "optional":true }, "dns-auth-cfg":{ "type":"object", "properties":{ "dns-auth":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"DNS authentication" }, "dns-auth-type":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'udp': Drop DNS request and monitor client retry; 'force-tcp': Force DNS request over TCP; ", "enum":[ "udp", "force-tcp" ] }, "udp-timeout-val-only":{ "type":"number", "format":"number", "minimum":1, "maximum":16, "partition-visibility":"shared", "description":"UDP authentication timeout in seconds" }, "udp-timeout":{ "type":"number", "format":"number", "minimum":1, "maximum":16, "partition-visibility":"shared", "description":"UDP authentication timeout in seconds" }, "min-retry-gap":{ "type":"number", "format":"number", "minimum":1, "maximum":80, "partition-visibility":"shared", "description":"Optional minimum sec gap in between 2 dns-udp packets for auth to pass, unit is specified by min-retry-gap-interval" }, "min-retry-gap-interval":{ "type":"string", "format":"enum", "default":"1sec", "partition-visibility":"shared", "description":"'100ms': 100ms; '1sec': 1sec; ", "enum":[ "100ms", "1sec" ] }, "with-udp-auth":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Monitor client retry" }, "force-tcp-timeout":{ "type":"number", "format":"number", "minimum":1, "maximum":16, "partition-visibility":"shared", "description":"TCP authentication timeout in seconds" }, "force-tcp-min-retry-gap":{ "type":"number", "format":"number", "minimum":1, "maximum":15, "partition-visibility":"shared", "description":"Minimum sec gap in between 2 dns-udp packets for auth to pass" }, "force-tcp-ignore-client-source-port":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Allow client to retransmit DNS request using different source port during udp-auth (supported in asymmetric mode only)" } } }, "multi-pu-threshold-distribution":{ "type":"object", "properties":{ "multi-pu-threshold-distribution-value":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "not":"multi-pu-threshold-distribution-disable", "description":"Destination side rate limit only. Default: 0" }, "multi-pu-threshold-distribution-disable":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"multi-pu-threshold-distribution-value", "description":"'disable': Destination side rate limit only. Default: Enable; ", "enum":[ "disable" ] } } }, "fqdn-cfg":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "dns-fqdn-rate-limit":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"DNS Rate limiting on the basis of FQDN" }, "dns-fqdn-rate":{ "type":"number", "format":"number", "minimum":5, "maximum":16000000, "partition-visibility":"shared", "description":"Limiting rate (Range: 5-8000 for FQDN domain based rate limiting, 5-16000000 for FQDN label count based rate limiting)" }, "per":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"by", "description":"'domain-name': Domain Name; 'src-ip': Source IP address; 'label-count': FQDN label count; ", "enum":[ "domain-name", "src-ip", "label-count" ] }, "per-domain-per-src-ip":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Use both Domain Name and Source IP address for rate-limiting" }, "fqdn-rate-suffix":{ "type":"number", "format":"number", "minimum":1, "maximum":5, "partition-visibility":"shared", "description":"Suffix count" }, "fqdn-rate-label-count":{ "type":"number", "format":"number", "minimum":1, "maximum":8, "partition-visibility":"shared", "description":"FQDN label count (Range: 1-8)" }, "by":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"per", "description":"'domain-name': Domain Name; 'src-ip': Source IP address; 'both': Use both Domain Name and Source IP address for rate-limiting; ", "enum":[ "domain-name", "src-ip", "both" ] }, "fqdn-rate-suffix-by":{ "type":"number", "format":"number", "minimum":1, "maximum":5, "partition-visibility":"shared", "description":"Number of suffixes" } } } ] }, "fqdn-label-len-cfg":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "fqdn-label-length":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Maximum FQDN label length" }, "label-length":{ "type":"number", "format":"number", "minimum":1, "maximum":63, "partition-visibility":"shared", "description":"Maximum length of FQDN label" }, "fqdn-label-suffix":{ "type":"number", "format":"number", "minimum":1, "maximum":5, "partition-visibility":"shared", "description":"Number of suffixes" } } } ] }, "fqdn-label-count":{ "type":"number", "format":"number", "minimum":1, "maximum":10, "partition-visibility":"shared", "description":"Maximum number of length of FQDN labels", "optional":true }, "nxdomain-cfg":{ "type":"object", "properties":{ "dns-nxdomain-rate-limit":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"DNS NXDOMAIN Rate Limiting (SRC support only)" }, "dns-nxdomain-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "description":"Limiting rate" }, "dns-nxdomain-rate-limit-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'drop': Drop queries if rate is exceeded; 'black-list': Black-List source if rate is exceeded; ", "enum":[ "drop", "black-list" ] } } }, "symtimeout-cfg":{ "type":"object", "properties":{ "sym-timeout":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Timeout for DNS Symmetric session" }, "sym-timeout-value":{ "type":"number", "format":"number", "minimum":1, "maximum":31, "partition-visibility":"shared", "description":"Session timeout value in seconds" } } }, "dns-request-rate-limit":{ "type":"object", "properties":{ "type":{ "type":"object", "properties":{ "A-cfg":{ "type":"object", "properties":{ "A":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Address record" }, "dns-a-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" } } }, "AAAA-cfg":{ "type":"object", "properties":{ "AAAA":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"IPv6 address record" }, "dns-aaaa-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" } } }, "CNAME-cfg":{ "type":"object", "properties":{ "CNAME":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Canonical name record" }, "dns-cname-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" } } }, "MX-cfg":{ "type":"object", "properties":{ "MX":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Mail exchange record" }, "dns-mx-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" } } }, "NS-cfg":{ "type":"object", "properties":{ "NS":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Name server record" }, "dns-ns-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" } } }, "SRV-cfg":{ "type":"object", "properties":{ "SRV":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Service locator" }, "dns-srv-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "description":"DNS request rate" } } }, "dns-type-cfg":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "dns-request-type":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Other type value" }, "dns-request-type-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "description":"request rate limit" } } } ] } } } } }, "domain-group-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"Apply a domain-group to the DNS template", "optional":true }, "on-no-match":{ "type":"string", "format":"enum", "default":"deny", "partition-visibility":"shared", "description":"'permit': permit; 'deny': deny (default); ", "enum":[ "permit", "deny" ], "optional":true }, "domain-group-rate-exceed-action":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "description":"'drop': Drop the query (default); 'tunnel-encap-packet': Encapsulate the query and send on a tunnel; ", "enum":[ "drop", "tunnel-encap-packet" ], "optional":true }, "encap-template":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS encap template to sepcify the tunnel endpoint", "optional":true }, "domain-group-rate-per-service":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable per service domain rate checking", "optional":true }, "query-rate-threshold-for-cache-serving":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "description":"This is for DNS cache mode only, it sets a DNS query rate threshold such that queries under the rate threshold would be forward", "optional":true }, "allow-query-class":{ "type":"object", "properties":{ "allow-internet-query-class":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"INTERNET query class" }, "allow-csnet-query-class":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"CSNET query class" }, "allow-chaos-query-class":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"CHAOS query class" }, "allow-hesiod-query-class":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"HESIOD query class" }, "allow-none-query-class":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"NONE query class" }, "allow-any-query-class":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"ANY query class" } } }, "allow-record-type":{ "type":"object", "properties":{ "allow-a-type":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Address record" }, "allow-aaaa-type":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"IPv6 address record" }, "allow-cname-type":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Canonical name record" }, "allow-mx-type":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Mail exchange record" }, "allow-ns-type":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Name server record" }, "allow-srv-type":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Service locator" }, "record-num-cfg":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "allow-num-type":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Other record type value" } } } ] } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "malformed-query-check":{ "type":"object", "$ref":"/axapi/v3/ddos/template/dns/{name}/malformed-query-check", "properties":{ "validation-type":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'basic-header-check': Basic header validation for DNS TCP/UDP queries; 'extended-header-check': Extended header/query validation for DNS TCP/UDP queries; 'disable': Disable Malform query validation for DNS TCP/UDP; ", "enum":[ "basic-header-check", "extended-header-check", "disable" ] }, "non-query-opcode-check":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'disable': When malform check is enabled, TPS always drops DNS query with non query opcode, this option disables this opcode check; ", "enum":[ "disable" ] }, "skip-multi-packet-check":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Bypass DNS fragmented and TCP segmented Queries(Default: dropped)" }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } } }, "required":[ "name" ] } ] }, "tcp-list":{ "type":"array", "minItems":1, "items":{ "type":"tcp" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/template/tcp/{name}", "array":[ { "properties":{ "name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "optional":false }, "action-cfg":{ "type":"object", "properties":{ "action-on-ack":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Monitor tcp ack for age-out session" }, "reset":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Send RST to client" }, "timeout":{ "type":"number", "format":"number", "minimum":1, "maximum":31, "partition-visibility":"shared", "description":"ACK retry timeout in sec" }, "min-retry-gap":{ "type":"number", "format":"number", "minimum":1, "maximum":80, "partition-visibility":"shared", "description":"Min gap between 2 ACKs for action-on-ack pass in 100ms interval" }, "authenticate-only":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Apply action-on-ack once per source address for authentication purpose" }, "rto-authentication":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Estimate the RTO and apply the exponential back-off for authentication" } } }, "action-on-syn-rto-retry-count":{ "type":"number", "format":"number", "minimum":2, "maximum":10, "partition-visibility":"shared", "description":"Take action if action-on-syn RTO-authentication fail over retry time(default:5)", "optional":true }, "action-on-ack-rto-retry-count":{ "type":"number", "format":"number", "minimum":2, "maximum":10, "partition-visibility":"shared", "description":"Take action if action-on-ack RTO-authentication fail over retry time(default:5)", "optional":true }, "age":{ "type":"number", "format":"number", "minimum":1, "maximum":63, "partition-visibility":"shared", "description":"Session age in minutes", "optional":true }, "syn-cookie":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable SYN Cookie", "optional":true }, "create-conn-on-syn-only":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable connection establishment on SYN only", "optional":true }, "black-list-out-of-seq":{ "type":"number", "format":"number", "minimum":1, "maximum":64000, "partition-visibility":"shared", "not":"per-conn-out-of-seq-rate-limit", "description":"Black list Src IP if out of seq pkts exceed configured threshold", "optional":true }, "black-list-retransmit":{ "type":"number", "format":"number", "minimum":1, "maximum":64000, "partition-visibility":"shared", "not":"per-conn-retransmit-rate-limit", "description":"Black list Src IP if retransmit pkts exceed configured threshold", "optional":true }, "black-list-zero-win":{ "type":"number", "format":"number", "minimum":1, "maximum":250, "partition-visibility":"shared", "not":"per-conn-zero-win-rate-limit", "description":"Black list Src IP if zero window pkts exceed configured threshold", "optional":true }, "syn-auth":{ "type":"string", "format":"enum", "default":"send-rst", "partition-visibility":"shared", "description":"'send-rst': Send RST to all client's concurrent auth attempts; 'force-rst-by-ack': Force client RST via the use of ACK; 'force-rst-by-synack': Force client RST via the use of bad SYN|ACK; 'disable': Disable TCP SYN Authentication; 'send-rst-once': Send RST to one client's concurrent auth attempts; ", "enum":[ "send-rst", "force-rst-by-ack", "force-rst-by-synack", "disable", "send-rst-once" ], "optional":true }, "conn-rate-limit-on-syn-only":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Only count SYN-initiated connections towards connection-rate tracking", "optional":true }, "per-conn-rate-interval":{ "type":"string", "format":"enum", "default":"1sec", "partition-visibility":"shared", "description":"'100ms': 100ms; '1sec': 1sec; '10sec': 10sec; ", "enum":[ "100ms", "1sec", "10sec" ], "optional":true }, "per-conn-pkt-rate-limit":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "description":"Packet rate limit per connection per rate-interval", "optional":true }, "per-conn-pkt-rate-action":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "description":"'drop': Drop packets for per-conn-pkt-rate exceed (Default); 'blacklist-src': help Blacklist-src for per-conn-pkt-rate exceed; 'ignore': Ignore per-conn-pkt-rate-exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ], "optional":true }, "per-conn-out-of-seq-rate-limit":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "not":"black-list-out-of-seq", "description":"Take action if out-of-seq pkt rate exceed configured threshold", "optional":true }, "per-conn-out-of-seq-rate-action":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "description":"'drop': Drop packets for out-of-seq rate exceed (Default); 'blacklist-src': help Blacklist-src for out-of-seq rate exceed; 'ignore': help Ignore out-of-seq rate exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ], "optional":true }, "per-conn-retransmit-rate-limit":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "not":"black-list-retransmit", "description":"Take action if retransmit pkt rate exceed configured threshold", "optional":true }, "per-conn-retransmit-rate-action":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "description":"'drop': Drop packets for retransmit rate exceed (Default); 'blacklist-src': help Blacklist-src for retransmit rate exceed; 'ignore': help Ignore retransmit rate exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ], "optional":true }, "per-conn-zero-win-rate-limit":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "not":"black-list-zero-win", "description":"Take action if zero window pkt rate exceed configured threshold", "optional":true }, "per-conn-zero-win-rate-action":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "description":"'drop': Drop packets for zero-win rate exceed (Default); 'blacklist-src': help Blacklist-src for zero-win rate exceed; 'ignore': help Ignore zero-win rate exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ], "optional":true }, "allow-ra":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Allow RA packets to be used for auth", "optional":true }, "dst":{ "type":"object", "properties":{ "rate-limit":{ "type":"object", "properties":{ "syn-rate-limit":{ "type":"object", "properties":{ "dst-syn-rate-limit":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" }, "dst-syn-rate-action":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "description":"'drop': Drop packets for syn-rate exceed (Default); 'ignore': Ignore syn-rate-exceed; ", "enum":[ "drop", "ignore" ] } } } } } } }, "src":{ "type":"object", "properties":{ "rate-limit":{ "type":"object", "properties":{ "syn-rate-limit":{ "type":"object", "properties":{ "src-syn-rate-limit":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" }, "src-syn-rate-action":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "description":"'drop': Drop packets for syn-rate exceed (Default); 'blacklist-src': Blacklist-src for syn-rate exceed; 'ignore': Ignore syn-rate-exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ] } } } } } } }, "allow-synack-skip-authentications":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Allow create sessions on SYNACK without syn-auth and ack-auth (ASYM Mode only)", "optional":true }, "synack-rate-limit":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "not":"track-together-with-syn", "description":"Config SYNACK rate limit", "optional":true }, "track-together-with-syn":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "not":"synack-rate-limit", "description":"SYNACK will be counted in Dst Syn-rate limit", "optional":true }, "action-syn-cfg":{ "type":"object", "properties":{ "action-on-syn":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Monitor tcp syn for age-out session" }, "action-on-syn-reset":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Send RST to client" }, "action-on-syn-timeout":{ "type":"number", "format":"number", "minimum":1, "maximum":31, "partition-visibility":"shared", "description":"SYN retry timeout in sec" }, "action-on-syn-gap":{ "type":"number", "format":"number", "minimum":1, "maximum":80, "partition-visibility":"shared", "description":"Min gap between 2 SYNs for action-on-syn pass in 100ms interval" }, "action-on-syn-rto":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Estimate the RTO and apply the exponential back-off for authentication" } } }, "allow-syn-otherflags":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Treat TCP SYN+PSH as a TCP SYN (DST tcp ports support only)", "optional":true }, "allow-tcp-tfo":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Allow TCP Fast Open", "optional":true }, "ack-authentication-synack-reset":{ "type":"number", "format":"flag", "plat-neg-list":["soft-ax"], "default":0, "partition-visibility":"shared", "description":"Enable Reset client TCP SYN+ACK for authentication (DST support only)", "optional":true }, "drop-known-resp-src-port-cfg":{ "type":"object", "properties":{ "drop-known-resp-src-port":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Drop well-known if src-port is less than 1024" }, "exclude-src-resp-port":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"excluding src port equal destination port" } } }, "tunnel-encap":{ "type":"object", "properties":{ "ip-cfg":{ "type":"object", "properties":{ "ip-encap":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable Tunnel encapsulation using IP in IP" }, "always":{ "type":"object", "properties":{ "ipv4-addr":{ "type":"string", "format":"ipv4-address", "partition-visibility":"shared", "description":"IPv4 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)" }, "preserve-src-ipv4":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Use original source ip for encapsulation" }, "ipv6-addr":{ "type":"string", "format":"ipv6-address", "partition-visibility":"shared", "description":"IPv6 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)" }, "preserve-src-ipv6":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Use original source ip for encapsulation" } } } } }, "gre-cfg":{ "type":"object", "properties":{ "gre-encap":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable Tunnel encapsulation using GRE" }, "gre-always":{ "type":"object", "properties":{ "gre-ipv4":{ "type":"string", "format":"ipv4-address", "partition-visibility":"shared", "description":"IPv4 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)" }, "key-ipv4":{ "type":"string", "format":"string", "minLength":1, "maxLength":10, "partition-visibility":"shared", "description":"Encapsulate with key (Hexadecimal 0x0-0xFFFFFFFF,decimal 0-4294967295)" }, "preserve-src-ipv4-gre":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Use original source ip for encapsulation" }, "gre-ipv6":{ "type":"string", "format":"ipv6-address", "partition-visibility":"shared", "description":"IPv6 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)" }, "key-ipv6":{ "type":"string", "format":"string", "minLength":1, "maxLength":10, "partition-visibility":"shared", "description":"Encapsulate with key (Hexadecimal 0x0-0xFFFFFFFF,decimal 0-4294967295)" }, "preserve-src-ipv6-gre":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Use original source ip for encapsulation" } } } } } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "progression-tracking":{ "type":"object", "$ref":"/axapi/v3/ddos/template/tcp/{name}/progression-tracking", "properties":{ "progression-tracking-enabled":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'enable-check': Enable Progression Tracking Check; ", "enum":[ "enable-check" ] }, "request-response-model":{ "type":"string", "format":"enum", "default":"enable", "partition-visibility":"shared", "description":"'enable': Enable Request Response Model; 'disable': Disable Request Response Model; ", "enum":[ "enable", "disable" ] }, "violation":{ "type":"number", "format":"number", "minimum":1, "maximum":255, "partition-visibility":"shared", "description":"Set the violation threshold" }, "response-length-max":{ "type":"number", "format":"number", "minimum":1, "maximum":4294967295, "partition-visibility":"shared", "description":"Set the maximum response length" }, "response-length-min":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Set the minimum response length" }, "request-length-min":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Set the minimum request length" }, "request-length-max":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Set the maximum request length" }, "response-request-min-ratio":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Set the minimum response to request ratio (in unit of 0.1% [1:1000])" }, "response-request-max-ratio":{ "type":"number", "format":"number", "minimum":1, "maximum":4294967295, "partition-visibility":"shared", "description":"Set the maximum response to request ratio (in unit of 0.1% [1:1000])" }, "first-request-max-time":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Set the maximum wait time from connection creation until the first data is transmitted over the connection (100 ms)" }, "request-to-response-max-time":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Set the maximum request to response time (100 ms)" }, "response-to-request-max-time":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Set the maximum response to request time (100 ms)" }, "profiling-request-response-model":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable auto-config progression tracking learning for request response model" }, "profiling-connection-life-model":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable auto-config progression tracking learning for connection model" }, "profiling-time-window-model":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable auto-config progression tracking learning for time window model" }, "progression-tracking-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"progression-tracking-action", "description":"Configure action-list to take when progression tracking violation exceed" }, "progression-tracking-action":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "not":"progression-tracking-action-list-name", "description":"'drop': Drop packets for progression tracking violation exceed (Default); 'blacklist-src': Blacklist-src for progression tracking violation exceed; ", "enum":[ "drop", "blacklist-src" ] }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" }, "connection-tracking":{ "type":"object", "$ref":"/axapi/v3/ddos/template/tcp/{name}/progression-tracking/connection-tracking", "properties":{ "progression-tracking-conn-enabled":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'enable-check': Enable General Progression Tracking per Connection; ", "enum":[ "enable-check" ] }, "conn-sent-max":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Set the maximum total sent byte" }, "conn-sent-min":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Set the minimum total sent byte" }, "conn-rcvd-max":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Set the maximum total received byte" }, "conn-rcvd-min":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Set the minimum total received byte" }, "conn-rcvd-sent-ratio-min":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Set the minimum received to sent ratio (in unit of 0.1% [1:1000])" }, "conn-rcvd-sent-ratio-max":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Set the maximum received to sent ratio (in unit of 0.1% [1:1000])" }, "conn-duration-max":{ "type":"number", "format":"number", "minimum":1, "maximum":864000, "partition-visibility":"shared", "description":"Set the maximum duration time (in unit of 100ms, up to 24 hours)" }, "conn-duration-min":{ "type":"number", "format":"number", "minimum":1, "maximum":864000, "partition-visibility":"shared", "description":"Set the minimum duration time (in unit of 100ms, up to 24 hours)" }, "conn-violation":{ "type":"number", "format":"number", "minimum":1, "maximum":255, "partition-visibility":"shared", "description":"Set the violation threshold" }, "progression-tracking-conn-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"progression-tracking-conn-action", "description":"Configure action-list to take when progression tracking violation exceed" }, "progression-tracking-conn-action":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "not":"progression-tracking-conn-action-list-name", "description":"'drop': Drop packets for progression tracking violation exceed (Default); 'blacklist-src': Blacklist-src for progression tracking violation exceed; ", "enum":[ "drop", "blacklist-src" ] }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "time-window-tracking":{ "type":"object", "$ref":"/axapi/v3/ddos/template/tcp/{name}/progression-tracking/time-window-tracking", "properties":{ "progression-tracking-win-enabled":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'enable-check': Enable Progression Tracking per Time Window; ", "enum":[ "enable-check" ] }, "window-sent-max":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Set the maximum total sent byte" }, "window-sent-min":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Set the minimum total sent byte" }, "window-rcvd-max":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Set the maximum total received byte" }, "window-rcvd-min":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Set the minimum total received byte" }, "window-rcvd-sent-ratio-min":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Set the minimum received to sent ratio (in unit of 0.1% [1:1000])" }, "window-rcvd-sent-ratio-max":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Set the maximum received to sent ratio (in unit of 0.1% [1:1000])" }, "window-violation":{ "type":"number", "format":"number", "minimum":1, "maximum":255, "partition-visibility":"shared", "description":"Set the violation threshold" }, "progression-tracking-windows-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"progression-tracking-windows-action", "description":"Configure action-list to take when progression tracking violation exceed" }, "progression-tracking-windows-action":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "not":"progression-tracking-windows-action-list-name", "description":"'drop': Drop packets for progression tracking violation exceed (Default); 'blacklist-src': Blacklist-src for progression tracking violation exceed; ", "enum":[ "drop", "blacklist-src" ] }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } } } }, "filter-list":{ "type":"array", "minItems":1, "items":{ "type":"filter" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/template/tcp/{name}/filter/{tcp-filter-seq}", "array":[ { "properties":{ "tcp-filter-seq":{ "type":"number", "format":"number", "minimum":1, "maximum":5, "partition-visibility":"shared", "description":"Sequence number", "optional":false }, "tcp-filter-regex":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":1275, "partition-visibility":"shared", "description":"Regex Expression", "optional":true }, "byte-offset-filter":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":1275, "partition-visibility":"shared", "description":"Filter Expression using Berkeley Packet Filter syntax", "optional":true }, "tcp-filter-unmatched":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"action taken when it does not match", "optional":true }, "tcp-filter-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'blacklist-src': Also blacklist the source when action is taken; 'whitelist-src': Whitelist the source after filter passes, packets are dropped until then; 'count-only': Take no action and continue processing the next filter; ", "enum":[ "blacklist-src", "whitelist-src", "count-only" ], "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "tcp-filter-seq" ] } ] } }, "required":[ "name" ] } ] }, "udp-list":{ "type":"array", "minItems":1, "items":{ "type":"udp" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/template/udp/{name}", "array":[ { "properties":{ "name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS UDP Template Name", "optional":false }, "age":{ "type":"number", "format":"number", "minimum":1, "maximum":63, "partition-visibility":"shared", "description":"Configure session age(in minutes) for UDP sessions", "optional":true }, "per-conn-pkt-rate-limit":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "description":"Packet rate limit per connection per rate-interval", "optional":true }, "per-conn-rate-interval":{ "type":"string", "format":"enum", "default":"1sec", "partition-visibility":"shared", "description":"'100ms': 100ms; '1sec': 1sec; ", "enum":[ "100ms", "1sec" ], "optional":true }, "tunnel-encap":{ "type":"object", "properties":{ "ip-encap":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "not":"gre-encap", "description":"Enable Tunnel encapsulation using IP in IP" }, "always":{ "type":"object", "properties":{ "ipv4-addr":{ "type":"string", "format":"ipv4-address", "partition-visibility":"shared", "description":"IPv4 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)" }, "preserve-src-ipv4":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Use original source ip for encapsulation" }, "ipv6-addr":{ "type":"string", "format":"ipv6-address", "partition-visibility":"shared", "description":"IPv6 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)" }, "preserve-src-ipv6":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Use original source ip for encapsulation" } } }, "gre-encap":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "not":"ip-encap", "description":"Enable Tunnel encapsulation using GRE" }, "gre-always":{ "type":"object", "properties":{ "gre-ipv4":{ "type":"string", "format":"ipv4-address", "partition-visibility":"shared", "description":"IPv4 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)" }, "key-ipv4":{ "type":"string", "format":"string", "minLength":1, "maxLength":10, "partition-visibility":"shared", "description":"Encapsulate with key (Hexadecimal 0x0-0xFFFFFFFF,decimal 0-4294967295)" }, "preserve-src-ipv4-gre":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Use original source ip for encapsulation" }, "gre-ipv6":{ "type":"string", "format":"ipv6-address", "partition-visibility":"shared", "description":"IPv6 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)" }, "key-ipv6":{ "type":"string", "format":"string", "minLength":1, "maxLength":10, "partition-visibility":"shared", "description":"Encapsulate with key (Hexadecimal 0x0-0xFFFFFFFF,decimal 0-4294967295)" }, "preserve-src-ipv6-gre":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Use original source ip for encapsulation" } } } } }, "spoof-detect-cfg":{ "type":"object", "properties":{ "spoof-detect":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Force client to retry on udp" }, "min-retry-gap-interval":{ "type":"string", "format":"enum", "default":"1sec", "partition-visibility":"shared", "description":"'100ms': 100ms; '1sec': 1sec; ", "enum":[ "100ms", "1sec" ] }, "spoof-detect-retry-timeout-val-only":{ "type":"number", "format":"number", "minimum":1, "maximum":31, "default":5, "partition-visibility":"shared", "not":"spoof-detect-retry-timeout", "description":"timeout in seconds" }, "min-retry-gap":{ "type":"number", "format":"number", "minimum":1, "maximum":80, "partition-visibility":"shared", "description":"Optional minimum gap between 2 UDP packets for spoof-detect pass, unit is specified by min-retry-gap-interval" }, "spoof-detect-retry-timeout":{ "type":"number", "format":"number", "minimum":1, "maximum":31, "default":5, "partition-visibility":"shared", "not":"spoof-detect-retry-timeout-val-only", "description":"timeout in seconds" } } }, "drop-known-resp-src-port-cfg":{ "type":"object", "properties":{ "drop-known-resp-src-port":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Drop well-known if src-port is less than 1024" }, "exclude-src-resp-port":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"excluding src port equal destination port" } } }, "drop-ntp-monlist":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Drop NTP monlist request/response", "optional":true }, "token-authentication":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable Token Authentication", "optional":true }, "token-authentication-hw-assist-disable":{ "type":"number", "format":"flag", "plat-neg-list":["non-fpga,soft-ax", "soft-ax"], "default":0, "partition-visibility":"shared", "description":"token-authentication disable hardware assistance", "optional":true }, "token-authentication-salt-prefix":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"token-authentication salt-prefix", "optional":true }, "token-authentication-salt-prefix-curr":{ "type":"number", "format":"number", "minimum":1, "maximum":4294967295, "partition-visibility":"shared", "optional":true }, "token-authentication-salt-prefix-prev":{ "type":"number", "format":"number", "minimum":1, "maximum":4294967295, "partition-visibility":"shared", "optional":true }, "token-authentication-formula":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'md5_Salt-SrcIp-SrcPort-DstIp-DstPort': md5 of Salt-SrcIp-SrcPort-DstIp-DstPort; 'md5_Salt-DstIp-DstPort': md5 of Salt-DstIp-DstPort; 'md5_Salt-SrcIp-DstIp': md5 of Salt-SrcIp-DstIp; 'md5_Salt-SrcPort-DstPort': md5 of Salt-SrcPort-DstPort; 'md5_Salt-UintDstIp-DstPort': Using the uint value of IP for md5 of Salt-DstIp-DstPort; 'sha1_Salt-SrcIp-SrcPort-DstIp-DstPort': sha1 of Salt-SrcIp-SrcPort-DstIp-DstPort; 'sha1_Salt-DstIp-DstPort': sha1 of Salt-DstIp-DstPort; 'sha1_Salt-SrcIp-DstIp': sha1 of Salt-SrcIp-DstIp; 'sha1_Salt-SrcPort-DstPort': sha1 of Salt-SrcPort-DstPort; 'sha1_Salt-UintDstIp-DstPort': Using the uint value of IP for sha1 of Salt-DstIp-DstPort; ", "enum":[ "md5_Salt-SrcIp-SrcPort-DstIp-DstPort", "md5_Salt-DstIp-DstPort", "md5_Salt-SrcIp-DstIp", "md5_Salt-SrcPort-DstPort", "md5_Salt-UintDstIp-DstPort", "sha1_Salt-SrcIp-SrcPort-DstIp-DstPort", "sha1_Salt-DstIp-DstPort", "sha1_Salt-SrcIp-DstIp", "sha1_Salt-SrcPort-DstPort", "sha1_Salt-UintDstIp-DstPort" ], "optional":true }, "previous-salt-timeout":{ "type":"number", "format":"number", "minimum":1, "maximum":10080, "default":1, "partition-visibility":"shared", "description":"Token-Authentication previous salt-prefix timeout in minutes, default is 1 min", "optional":true }, "token-authentication-public-address":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"The server public IP address", "optional":true }, "public-ipv4-addr":{ "type":"string", "format":"ipv4-address", "partition-visibility":"shared", "description":"IP address", "optional":true }, "public-ipv6-addr":{ "type":"string", "format":"ipv6-address", "partition-visibility":"shared", "description":"IPV6 address", "optional":true }, "max-payload-size":{ "type":"number", "format":"number", "minimum":1, "maximum":1470, "partition-visibility":"shared", "description":"Maximum UDP payload size for each single packet", "optional":true }, "min-payload-size":{ "type":"number", "format":"number", "minimum":1, "maximum":1470, "partition-visibility":"shared", "description":"Minimum UDP payload size for each single packet", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "filter-list":{ "type":"array", "minItems":1, "items":{ "type":"filter" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/template/udp/{name}/filter/{udp-filter-seq}", "array":[ { "properties":{ "udp-filter-seq":{ "type":"number", "format":"number", "minimum":1, "maximum":5, "partition-visibility":"shared", "description":"Sequence number", "optional":false }, "udp-filter-regex":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":1275, "partition-visibility":"shared", "description":"Regex Expression", "optional":true }, "byte-offset-filter":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":1275, "partition-visibility":"shared", "description":"Filter Expression using Berkeley Packet Filter syntax", "optional":true }, "udp-filter-unmatched":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"action taken when it does not match", "optional":true }, "udp-filter-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'blacklist-src': Also blacklist the source when action is taken; 'whitelist-src': Whitelist the source after filter passes, packets are dropped until then; 'count-only': Take no action and continue processing the next filter; ", "enum":[ "blacklist-src", "whitelist-src", "count-only" ], "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "udp-filter-seq" ] } ] } }, "required":[ "name" ] } ] }, "other-list":{ "type":"array", "minItems":1, "items":{ "type":"other" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/template/other/{name}", "array":[ { "properties":{ "name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS OTHER Template Name", "optional":false }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "filter-list":{ "type":"array", "minItems":1, "items":{ "type":"filter" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/template/other/{name}/filter/{other-filter-seq}", "array":[ { "properties":{ "other-filter-seq":{ "type":"number", "format":"number", "minimum":1, "maximum":5, "partition-visibility":"shared", "description":"Sequence number", "optional":false }, "other-filter-regex":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":1275, "partition-visibility":"shared", "description":"Regex Expression", "optional":true }, "byte-offset-filter":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":1275, "partition-visibility":"shared", "description":"Filter Expression using Berkeley Packet Filter syntax", "optional":true }, "other-filter-unmatched":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"action taken when it does not match", "optional":true }, "other-filter-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'blacklist-src': Also blacklist the source when action is taken; 'whitelist-src': Whitelist the source after filter passes, packets are dropped until then; 'count-only': Take no action and continue processing the next filter; ", "enum":[ "blacklist-src", "whitelist-src", "count-only" ], "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "other-filter-seq" ] } ] } }, "required":[ "name" ] } ] }, "icmp-v4-list":{ "type":"array", "minItems":1, "items":{ "type":"icmp-v4" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/template/icmp-v4/{icmp-tmpl-name}", "array":[ { "properties":{ "icmp-tmpl-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS ICMPv4 Template Name", "optional":false }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "type-list":{ "type":"array", "minItems":1, "items":{ "type":"type" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/template/icmp-v4/{icmp-tmpl-name}/type/{type-number}", "array":[ { "properties":{ "type-number":{ "type":"number", "format":"number", "minimum":0, "maximum":255, "partition-visibility":"shared", "description":"Specify ICMP type number", "optional":false }, "type-deny":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "not-list":[ "type-rate", "code-other-rate" ], "description":"Reject this ICMP type", "optional":true }, "type-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "not":"type-deny", "description":"Specify the whole rate with this type", "optional":true }, "code":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "code-number":{ "type":"number", "format":"number", "minimum":0, "maximum":255, "partition-visibility":"shared", "description":"Specify the ICMP code" }, "code-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "description":"Specify the rate with the code" } } } ] }, "code-other":{ "type":"object", "properties":{ "code-other-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "not":"type-deny", "description":"Specify rate with other code" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "type-number" ] } ] }, "type-other":{ "type":"object", "$ref":"/axapi/v3/ddos/template/icmp-v4/{icmp-tmpl-name}/type-other", "properties":{ "type-other-deny":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "not":"type-other-rate", "description":"Deny all other type" }, "type-other-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "not":"type-other-deny", "description":"Specify rate with other type" }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } } }, "required":[ "icmp-tmpl-name" ] } ] }, "icmp-v6-list":{ "type":"array", "minItems":1, "items":{ "type":"icmp-v6" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/template/icmp-v6/{icmp-tmpl-name}", "array":[ { "properties":{ "icmp-tmpl-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS ICMPv6 Template Name", "optional":false }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "type-list":{ "type":"array", "minItems":1, "items":{ "type":"type" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/template/icmp-v6/{icmp-tmpl-name}/type/{type-number}", "array":[ { "properties":{ "type-number":{ "type":"number", "format":"number", "minimum":0, "maximum":255, "partition-visibility":"shared", "description":"Specify ICMP type number", "optional":false }, "type-deny":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "not-list":[ "type-rate", "code-other-rate" ], "description":"Reject this ICMP type", "optional":true }, "type-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "not":"type-deny", "description":"Specify the whole rate with this type", "optional":true }, "code":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "code-number":{ "type":"number", "format":"number", "minimum":0, "maximum":255, "partition-visibility":"shared", "description":"Specify the ICMP code" }, "code-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "description":"Specify the rate with the code" } } } ] }, "code-other":{ "type":"object", "properties":{ "code-other-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "not":"type-deny", "description":"Specify rate with other code" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "type-number" ] } ] }, "type-other":{ "type":"object", "$ref":"/axapi/v3/ddos/template/icmp-v6/{icmp-tmpl-name}/type-other", "properties":{ "type-other-deny":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "not":"type-other-rate", "description":"Deny all other type" }, "type-other-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "not":"type-other-deny", "description":"Specify rate with other type" }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } } }, "required":[ "icmp-tmpl-name" ] } ] }, "logging-list":{ "type":"array", "minItems":1, "items":{ "type":"logging" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/template/logging/{logging-tmpl-name}", "array":[ { "properties":{ "logging-tmpl-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "default":"default", "partition-visibility":"shared", "description":"DDOS Logging Template Name", "optional":false }, "log-format-cef":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Log in CEF format", "optional":true }, "use-obj-name":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Show obj name instead of ip in the log", "optional":true }, "log-format-custom":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":512, "partition-visibility":"shared", "description":"Customize log format", "optional":true }, "enable-action-logging":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Log action taken", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "logging-tmpl-name" ] } ] }, "sip-list":{ "type":"array", "minItems":1, "items":{ "type":"sip" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/template/sip/{sip-tmpl-name}", "array":[ { "properties":{ "sip-tmpl-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS SIP Template Name", "optional":false }, "idle-timeout":{ "type":"number", "format":"number", "minimum":1, "maximum":63, "partition-visibility":"shared", "description":"Set the the idle timeout value for sip-tcp connections", "optional":true }, "ignore-zero-payload":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Don't reset idle timer on packets with zero payload length from clients", "optional":true }, "action":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "description":"'drop': Drop packets for sip connection; 'reset': Send RST for sip-tcp connection; ", "enum":[ "drop", "reset" ], "optional":true }, "multi-pu-threshold-distribution":{ "type":"object", "properties":{ "multi-pu-threshold-distribution-value":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "not":"multi-pu-threshold-distribution-disable", "description":"Destination side rate limit only. Default: 0" }, "multi-pu-threshold-distribution-disable":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"multi-pu-threshold-distribution-value", "description":"'disable': Destination side rate limit only. Default: Enable; ", "enum":[ "disable" ] } } }, "dst":{ "type":"object", "properties":{ "sip-request-rate-limit":{ "type":"object", "properties":{ "method":{ "type":"object", "properties":{ "invite-cfg":{ "type":"object", "properties":{ "dst-sip-invite-cfg-flag":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"INVITE method" }, "dst-sip-invite-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" } } }, "register-cfg":{ "type":"object", "properties":{ "dst-sip-register-cfg-flag":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"REGISTER method" }, "dst-sip-register-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" } } }, "options-cfg":{ "type":"object", "properties":{ "dst-sip-options-cfg-flag":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"OPTIONS method" }, "dst-sip-options-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" } } }, "bye-cfg":{ "type":"object", "properties":{ "dst-sip-bye-cfg-flag":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"BYE method" }, "dst-sip-bye-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" } } }, "subscribe-cfg":{ "type":"object", "properties":{ "dst-sip-subscribe-cfg-flag":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"SUBSCRIBE method" }, "dst-sip-subscribe-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" } } }, "notify-cfg":{ "type":"object", "properties":{ "dst-sip-notify-cfg-flag":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"NOTIFY method" }, "dst-sip-notify-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" } } }, "refer-cfg":{ "type":"object", "properties":{ "dst-sip-refer-cfg-flag":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"REFER method" }, "dst-sip-refer-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" } } }, "message-cfg":{ "type":"object", "properties":{ "dst-sip-message-cfg-flag":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"MESSAGE method" }, "dst-sip-message-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" } } }, "update-cfg":{ "type":"object", "properties":{ "dst-sip-update-cfg-flag":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"UPDATE method" }, "dst-sip-update-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" } } } } } } } } }, "src":{ "type":"object", "properties":{ "sip-request-rate-limit":{ "type":"object", "properties":{ "method":{ "type":"object", "properties":{ "invite-cfg":{ "type":"object", "properties":{ "src-sip-invite-cfg-flag":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"INVITE method" }, "src-sip-invite-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" } } }, "register-cfg":{ "type":"object", "properties":{ "src-sip-register-cfg-flag":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"REGISTER method" }, "src-sip-register-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" } } }, "options-cfg":{ "type":"object", "properties":{ "src-sip-options-cfg-flag":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"OPTIONS method" }, "src-sip-options-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" } } }, "bye-cfg":{ "type":"object", "properties":{ "src-sip-bye-cfg-flag":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"BYE method" }, "src-sip-bye-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" } } }, "subscribe-cfg":{ "type":"object", "properties":{ "src-sip-subscribe-cfg-flag":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"SUBSCRIBE method" }, "src-sip-subscribe-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" } } }, "notify-cfg":{ "type":"object", "properties":{ "src-sip-notify-cfg-flag":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"NOTIFY method" }, "src-sip-notify-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" } } }, "refer-cfg":{ "type":"object", "properties":{ "src-sip-refer-cfg-flag":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"REFER method" }, "src-sip-refer-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" } } }, "message-cfg":{ "type":"object", "properties":{ "src-sip-message-cfg-flag":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"MESSAGE method" }, "src-sip-message-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" } } }, "update-cfg":{ "type":"object", "properties":{ "src-sip-update-cfg-flag":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"UPDATE method" }, "src-sip-update-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" } } } } } } } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "malformed-sip":{ "type":"object", "$ref":"/axapi/v3/ddos/template/sip/{sip-tmpl-name}/malformed-sip", "properties":{ "malformed-sip-check":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'enable-check': Enable malformed SIP parameters; ", "enum":[ "enable-check" ] }, "malformed-sip-max-line-size":{ "type":"number", "format":"number", "minimum":1, "maximum":32511, "default":32511, "partition-visibility":"shared", "description":"Set the maximum line size. Default value is 32511" }, "malformed-sip-max-uri-length":{ "type":"number", "format":"number", "minimum":1, "maximum":32511, "default":32511, "partition-visibility":"shared", "description":"Set the maximum uri size. Default value is 32511" }, "malformed-sip-max-header-name-length":{ "type":"number", "format":"number", "minimum":1, "maximum":63, "default":63, "partition-visibility":"shared", "description":"Set the maximum header name length. Default value is 63" }, "malformed-sip-max-header-value-length":{ "type":"number", "format":"number", "minimum":1, "maximum":32511, "default":32511, "partition-visibility":"shared", "description":"Set the maximum header value length. Default value is 32511" }, "malformed-sip-call-id-max-length":{ "type":"number", "format":"number", "minimum":1, "maximum":32511, "default":32511, "partition-visibility":"shared", "description":"Set the maximum call-id length. Default value is 32511" }, "malformed-sip-sdp-max-length":{ "type":"number", "format":"number", "minimum":1, "maximum":32511, "default":32511, "partition-visibility":"shared", "description":"Set the maxinum SDP content length. Default value is 32511" }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "filter-header-list":{ "type":"array", "minItems":1, "items":{ "type":"filter-header" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/template/sip/{sip-tmpl-name}/filter-header/{sip-filter-header-seq}", "array":[ { "properties":{ "sip-filter-header-seq":{ "type":"number", "format":"number", "minimum":1, "maximum":5, "partition-visibility":"shared", "description":"Sequence number", "optional":false }, "sip-filter-header-regex":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":1275, "partition-visibility":"shared", "description":"Regex Expression", "optional":true }, "sip-filter-header-unmatched":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"action taken when it does not match", "optional":true }, "sip-filter-header-blacklist":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Also blacklist the source when action is taken", "optional":true }, "sip-filter-header-whitelist":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Whitelist the source after filter passes, packets are dropped until then", "optional":true }, "sip-filter-header-count-only":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Take no action and continue processing the next filter", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "sip-filter-header-seq" ] } ] } }, "required":[ "sip-tmpl-name" ] } ] } } }, "src-port-template":{ "type":"object", "$ref":"/axapi/v3/ddos/src-port-template", "properties":{ "tcp-list":{ "type":"array", "minItems":1, "items":{ "type":"tcp" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/src-port-template/tcp/{name}", "array":[ { "properties":{ "name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "optional":false }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "filter-list":{ "type":"array", "minItems":1, "items":{ "type":"filter" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/src-port-template/tcp/{name}/filter/{tcp-filter-seq}", "array":[ { "properties":{ "tcp-filter-seq":{ "type":"number", "format":"number", "minimum":1, "maximum":5, "partition-visibility":"shared", "description":"Sequence number", "optional":false }, "tcp-filter-regex":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":1275, "partition-visibility":"shared", "description":"Regex Expression", "optional":true }, "byte-offset-filter":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":1275, "partition-visibility":"shared", "description":"Filter Expression using Berkeley Packet Filter syntax", "optional":true }, "tcp-filter-unmatched":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"action taken when it does not match", "optional":true }, "tcp-filter-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'blacklist-src': Also blacklist the source when action is taken; 'whitelist-src': Whitelist the source after filter passes, packets are dropped until then; 'count-only': Take no action and continue processing the next filter; ", "enum":[ "blacklist-src", "whitelist-src", "count-only" ], "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "tcp-filter-seq" ] } ] } }, "required":[ "name" ] } ] }, "udp-list":{ "type":"array", "minItems":1, "items":{ "type":"udp" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/src-port-template/udp/{name}", "array":[ { "properties":{ "name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS UDP Template Name", "optional":false }, "drop-ntp-monlist":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Drop NTP monlist request/response", "optional":true }, "max-payload-size":{ "type":"number", "format":"number", "minimum":1, "maximum":1470, "partition-visibility":"shared", "description":"Maximum UDP payload size for each single packet", "optional":true }, "min-payload-size":{ "type":"number", "format":"number", "minimum":1, "maximum":1470, "partition-visibility":"shared", "description":"Minimum UDP payload size for each single packet", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "filter-list":{ "type":"array", "minItems":1, "items":{ "type":"filter" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/src-port-template/udp/{name}/filter/{udp-filter-seq}", "array":[ { "properties":{ "udp-filter-seq":{ "type":"number", "format":"number", "minimum":1, "maximum":5, "partition-visibility":"shared", "description":"Sequence number", "optional":false }, "udp-filter-regex":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":1275, "partition-visibility":"shared", "description":"Regex Expression", "optional":true }, "byte-offset-filter":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":1275, "partition-visibility":"shared", "description":"Filter Expression using Berkeley Packet Filter syntax", "optional":true }, "udp-filter-unmatched":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"action taken when it does not match", "optional":true }, "udp-filter-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'blacklist-src': Also blacklist the source when action is taken; 'whitelist-src': Whitelist the source after filter passes, packets are dropped until then; 'count-only': Take no action and continue processing the next filter; ", "enum":[ "blacklist-src", "whitelist-src", "count-only" ], "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "udp-filter-seq" ] } ] } }, "required":[ "name" ] } ] }, "dns-list":{ "type":"array", "minItems":1, "items":{ "type":"dns" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/src-port-template/dns/{name}", "array":[ { "properties":{ "name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "optional":false }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "query-resolution-check":{ "type":"object", "$ref":"/axapi/v3/ddos/src-port-template/dns/{name}/query-resolution-check", "properties":{ "session-timeout-value":{ "type":"number", "format":"number", "minimum":1, "maximum":30, "partition-visibility":"shared", "description":"max session timeout (secs) between DNS external server and Protected object" }, "domain-lockup-action":{ "type":"string", "format":"enum", "default":"default", "partition-visibility":"shared", "description":"'default': Default, No action for future connections; 'blacklist-src': Blacklist the external server for future connections; ", "enum":[ "default", "blacklist-src" ] }, "big-response-size":{ "type":"number", "format":"number", "minimum":1, "maximum":4096, "partition-visibility":"shared", "description":"Max DNS response size (in Bytes)" }, "big-response-action":{ "type":"string", "format":"enum", "default":"default", "partition-visibility":"shared", "description":"'default': Default, No action for future connections; 'blacklist-src': Blacklist the external server for future connections; ", "enum":[ "default", "blacklist-src" ] }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } } }, "required":[ "name" ] } ] } } }, "dns-cache-config":{ "type":"object", "$ref":"/axapi/v3/ddos/dns-cache-config", "properties":{ "disable-zone-transfer-in-warm-up-mode":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Disable warm up zone transfer" }, "disable-zone-transfer-in-oper-mode":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Disable operational refreshing zone transfer" }, "enable-cache-warm-up-bgp-advertise":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable route injection during cold boot" }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" }, "max-concurrent-zone-transfers":{ "type":"object", "$ref":"/axapi/v3/ddos/dns-cache-config/max-concurrent-zone-transfers", "properties":{ "warm-up-mode":{ "type":"number", "format":"number", "minimum":100, "maximum":65535, "default":65472, "partition-visibility":"shared", "description":"Number of concurrent zone transfers during cold boot (default 65472)" }, "operational-mode":{ "type":"number", "format":"number", "minimum":1, "maximum":3120, "partition-visibility":"shared", "description":"Number of concurrent zone transfers after boot" }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } } } }, "dns-cache-list":{ "type":"array", "minItems":1, "items":{ "type":"dns-cache" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dns-cache/{name}", "array":[ { "properties":{ "name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DNS Cache Instance Name", "optional":false }, "zone-domain-lookup-miss-action":{ "type":"string", "format":"enum", "default":"respond-nxdomain", "partition-visibility":"shared", "description":"'respond-nxdomain': Send NxDomain response; 'drop': Drop the request; ", "enum":[ "respond-nxdomain", "drop" ], "optional":true }, "default-serving-action":{ "type":"string", "format":"enum", "default":"serve-from-cache", "partition-visibility":"shared", "description":"'serve-from-cache': Serve DNS records; 'forward': Forward to DNS server; 'drop': Drop the request; ", "enum":[ "serve-from-cache", "forward", "drop" ], "optional":true }, "any-query-action-str":{ "type":"string", "format":"enum", "default":"respond-refuse", "partition-visibility":"shared", "description":"'respond-refuse': Send refuse response (default); 'respond-empty': Send empty response; 'drop': Drop the request; ", "enum":[ "respond-refuse", "respond-empty", "drop" ], "optional":true }, "non-authoritative-zone-query-action-str":{ "type":"string", "format":"enum", "default":"respond-refuse", "partition-visibility":"shared", "description":"'default': Default action: respond-refuse; 'forward': Forward to DNS server; 'respond-refuse': Send refuse response; 'drop': Drop the request; ", "enum":[ "default", "forward", "respond-refuse", "drop" ], "optional":true }, "neg-cache-action-follow-q-rate":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Negative cached response queries counted toward query-rate-threshold", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "sampling-enable":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "counters1":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'all': all; 'total-cached-fqdn': total-cached-fqdn; 'total-cached-records': total-cached-records; 'fqdn-a': fqdn-a; 'fqdn-aaaa': fqdn-aaaa; 'fqdn-cname': fqdn-cname; 'fqdn-ns': fqdn-ns; 'fqdn-mx': fqdn-mx; 'fqdn-soa': fqdn-soa; 'fqdn-srv': fqdn-srv; 'fqdn-txt': fqdn-txt; 'fqdn-ptr': fqdn-ptr; 'fqdn-other': fqdn-other; 'fqdn-wildcard': fqdn-wildcard; 'fqdn-delegation': fqdn-delegation; 'shard-size': shard-size; 'resp-ext-size': resp-ext-size; 'a-record': a-record; 'aaaa-record': aaaa-record; 'cname-record': cname-record; 'ns-record': ns-record; 'mx-record': mx-record; 'soa-record': soa-record; 'srv-record': srv-record; 'txt-record': txt-record; 'ptr-record': ptr-record; 'other-record': other-record; 'fqdn-in-shard-filter': fqdn-in-shard-filter; ", "enum":[ "all", "total-cached-fqdn", "total-cached-records", "fqdn-a", "fqdn-aaaa", "fqdn-cname", "fqdn-ns", "fqdn-mx", "fqdn-soa", "fqdn-srv", "fqdn-txt", "fqdn-ptr", "fqdn-other", "fqdn-wildcard", "fqdn-delegation", "shard-size", "resp-ext-size", "a-record", "aaaa-record", "cname-record", "ns-record", "mx-record", "soa-record", "srv-record", "txt-record", "ptr-record", "other-record", "fqdn-in-shard-filter" ] } } } ] }, "zone-transfer":{ "type":"object", "$ref":"/axapi/v3/ddos/dns-cache/{name}/zone-transfer", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "domain-group":{ "type":"object", "$ref":"/axapi/v3/ddos/dns-cache/{name}/domain-group", "properties":{ "name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DNS domain group" }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" }, "domain-list-policy-list":{ "type":"array", "minItems":1, "items":{ "type":"domain-list-policy" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dns-cache/{name}/domain-group/domain-list-policy/{name}", "array":[ { "properties":{ "name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DNS domain list policy", "optional":false }, "server-ipv4":{ "type":"string", "format":"ipv4-address", "partition-visibility":"shared", "description":"Master ipv4 address", "optional":true }, "server-v4-port":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "default":53, "partition-visibility":"shared", "description":"Port number (default 53)", "optional":true }, "client-ipv4":{ "type":"string", "format":"ipv4-address", "partition-visibility":"shared", "description":"Client ipv4 address", "optional":true }, "server-ipv6":{ "type":"string", "format":"ipv6-address", "partition-visibility":"shared", "description":"Master ipv6 address", "optional":true }, "server-v6-port":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "default":53, "partition-visibility":"shared", "description":"Port number (default 53)", "optional":true }, "client-ipv6":{ "type":"string", "format":"ipv6-address", "partition-visibility":"shared", "description":"Client ipv6 address", "optional":true }, "refresh-interval-hours":{ "type":"number", "format":"number", "minimum":0, "maximum":24, "default":4, "partition-visibility":"shared", "description":"Zone transfer refresh rate in hours (Default 4). 0 means no refresh", "optional":true }, "ttl-override":{ "type":"number", "format":"number", "minimum":1, "maximum":2147483647, "partition-visibility":"shared", "description":"Override the TTL value for zone transfer", "optional":true }, "respond-with-authority":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Respond with authority section for all requests under this list", "optional":true }, "oversize-answer-response":{ "type":"string", "format":"enum", "default":"set-truncate-bit", "partition-visibility":"shared", "description":"'set-truncate-bit': Set the TC bit for oversize answer(default); 'disable-truncate-bit': Do not set TC bit for oversize answer; ", "enum":[ "set-truncate-bit", "disable-truncate-bit" ], "optional":true }, "resolve-cname-record":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Always try to resolve domain in CNAME record answer section", "optional":true }, "manual-refresh":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":253, "partition-visibility":"shared", "description":"Manually refresh the particular zone", "optional":true }, "force":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Force update even the serial is the same", "optional":true }, "cache-all-records":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"cache all fqdn records including uncommon types", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "packet-capturing":{ "type":"object", "$ref":"/axapi/v3/ddos/dns-cache/{name}/domain-group/domain-list-policy/{name}/packet-capturing", "properties":{ "root-zone-list":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "root-zone":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":253, "partition-visibility":"shared", "description":"Specify root zone to be captured" }, "capture-config":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "$ref":"/axapi/v3/capture-config", "description":"Capture-config name" }, "capture-mode":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'regular': Capture packet anyway; 'capture-on-failure': Capture packet if last XFR was failed; ", "enum":[ "regular", "capture-on-failure" ] } } } ] }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } } }, "required":[ "name" ] } ] } } }, "sharded-domain-group-list":{ "type":"array", "minItems":1, "items":{ "type":"sharded-domain-group" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dns-cache/{name}/sharded-domain-group/{name}", "array":[ { "properties":{ "name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DNS sharded domain group", "optional":false }, "match-action":{ "type":"string", "format":"enum", "default":"forward", "partition-visibility":"shared", "description":"'forward': Forward query to server (default); 'tunnel-encap': Encapsulate the query and send on a tunnel; ", "enum":[ "forward", "tunnel-encap" ], "optional":true }, "encap-template":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS encap template to sepcify the tunnel endpoint", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "sharded-domain-list-policy-list":{ "type":"array", "minItems":1, "items":{ "type":"sharded-domain-list-policy" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dns-cache/{name}/sharded-domain-group/{name}/sharded-domain-list-policy/{name}", "array":[ { "properties":{ "name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DNS sharded domain list policy", "optional":false }, "server-ipv4":{ "type":"string", "format":"ipv4-address", "partition-visibility":"shared", "description":"Master ipv4 address", "optional":true }, "server-v4-port":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "default":53, "partition-visibility":"shared", "description":"Port number (default 53)", "optional":true }, "client-ipv4":{ "type":"string", "format":"ipv4-address", "partition-visibility":"shared", "description":"Client ipv4 address", "optional":true }, "server-ipv6":{ "type":"string", "format":"ipv6-address", "partition-visibility":"shared", "description":"Master ipv6 address", "optional":true }, "server-v6-port":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "default":53, "partition-visibility":"shared", "description":"Port number (default 53)", "optional":true }, "client-ipv6":{ "type":"string", "format":"ipv6-address", "partition-visibility":"shared", "description":"Client ipv6 address", "optional":true }, "refresh-interval-hours":{ "type":"number", "format":"number", "minimum":0, "maximum":24, "default":4, "partition-visibility":"shared", "description":"Zone transfer refresh rate in hours (Default 4). 0 means no refresh", "optional":true }, "manual-refresh":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":253, "partition-visibility":"shared", "description":"Manually refresh the particular zone", "optional":true }, "force":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Force update even the serial is the same", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "packet-capturing":{ "type":"object", "$ref":"/axapi/v3/ddos/dns-cache/{name}/sharded-domain-group/{name}/sharded-domain-list-policy/{name}/packet-capturing", "properties":{ "root-zone-list":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "root-zone":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":253, "partition-visibility":"shared", "description":"Specify root zone to be captured" }, "capture-config":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "$ref":"/axapi/v3/capture-config", "description":"Capture-config name" }, "capture-mode":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'regular': Capture packet anyway; 'capture-on-failure': Capture packet if last XFR was failed; ", "enum":[ "regular", "capture-on-failure" ] } } } ] }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } } }, "required":[ "name" ] } ] } }, "required":[ "name" ] } ] }, "fqdn-manual-override-action-list":{ "type":"array", "minItems":1, "items":{ "type":"fqdn-manual-override-action" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dns-cache/{name}/fqdn-manual-override-action/{fqdn-name}", "array":[ { "properties":{ "fqdn-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":253, "partition-visibility":"shared", "description":"Specify fqdn name", "optional":false }, "action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'default': Default; 'forward': Forward to DNS server; 'drop': Drop the request; 'serve-from-cache': Serve DNS records; ", "enum":[ "default", "forward", "drop", "serve-from-cache" ], "optional":true } }, "required":[ "fqdn-name" ] } ] }, "zone-manual-override-action-list":{ "type":"array", "minItems":1, "items":{ "type":"zone-manual-override-action" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dns-cache/{name}/zone-manual-override-action/{zone-name}", "array":[ { "properties":{ "zone-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":253, "partition-visibility":"shared", "description":"Specify zone name", "optional":false }, "action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'default': Default; 'forward': Forward to DNS server; 'drop': Drop the request; 'serve-from-cache': Serve DNS records; ", "enum":[ "default", "forward", "drop", "serve-from-cache" ], "optional":true } }, "required":[ "zone-name" ] } ] } }, "required":[ "name" ] } ] }, "notification-template-list":{ "type":"array", "minItems":1, "items":{ "type":"notification-template" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/notification-template/{name}", "array":[ { "properties":{ "name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS nofitication template name", "optional":false }, "disable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Disable the notification template (Disable notification temaplate)", "optional":true }, "test-connectivity":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Test connectivity to notification receiver", "optional":true }, "verbose":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Dump zone IPs to the payload", "optional":true }, "debug-mode":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable debug mode", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "api":{ "type":"object", "$ref":"/axapi/v3/ddos/notification-template/{name}/api", "properties":{ "host-ipv4-address":{ "type":"string", "format":"ipv4-address", "partition-visibility":"shared", "not-list":[ "host-ipv6-address", "hostname" ], "description":"Configure the host IPv4 address to send notification (IPv4 address of the host)" }, "host-ipv6-address":{ "type":"string", "format":"ipv6-address", "partition-visibility":"shared", "not-list":[ "host-ipv4-address", "hostname" ], "description":"Configure the host IPv6 address to send notification (IPv6 address of the host)" }, "hostname":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "not-list":[ "host-ipv4-address", "host-ipv6-address" ], "description":"host name(e.g www.a10networks.com)" }, "http-protocol":{ "type":"string", "format":"enum", "default":"https", "partition-visibility":"shared", "description":"'http': Use http protocol; 'https': Use https protocol(default); (http protocol)", "enum":[ "http", "https" ] }, "http-port":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "default":80, "partition-visibility":"shared", "description":"Configure the http port to use(default 80) (http port(default 80))" }, "https-port":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "default":443, "partition-visibility":"shared", "description":"Configure the https port to use(default 443) (https port(default 443))" }, "timeout":{ "type":"number", "format":"number", "minimum":5, "maximum":60, "default":10, "partition-visibility":"shared", "description":"Configure the api execution timeout(default 10secs) (api timeout)" }, "relative-uri":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "default":"/", "partition-visibility":"shared", "description":"Configure the relative uri for the api(e.g /example , default /) (api relative uri)" }, "disable-authentication":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Disable authentication to communicate to the host" }, "use-mgmt-port":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Use management port to send out notification" }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" }, "authentication":{ "type":"object", "$ref":"/axapi/v3/ddos/notification-template/{name}/api/authentication", "properties":{ "relative-login-uri":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Configure the authentication login uri" }, "relative-logoff-uri":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Configure the authentication logoff uri" }, "auth-username":{ "type":"string", "format":"string", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Configure the authentication user name" }, "auth-password":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Configure the authentication user password (Authentication password)" }, "auth-password-val":{ "type":"string", "format":"password", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Configure the authentication user password (Authentication password)" }, "encrypted":{ "type":"encrypted", "format":"encrypted", "partition-visibility":"shared", "description":"Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED secret string)" }, "api-key":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Configure api-key as a mode of authentication" }, "api-key-string":{ "type":"string", "format":"password", "minLength":1, "maxLength":64, "partition-visibility":"shared", "description":"Configure api-key as a mode of authentication" }, "api-key-encrypted":{ "type":"encrypted", "format":"encrypted", "partition-visibility":"shared", "description":"Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED secret string)" }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } } } } }, "required":[ "name" ] } ] }, "notification-template-common":{ "type":"object", "$ref":"/axapi/v3/ddos/notification-template-common", "properties":{ "default-template":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "default-notification-template":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/notification-template", "description":"Specify the notification template name (Default notification template name)" } } } ] }, "on-box-gui-notification":{ "type":"string", "format":"enum", "default":"enable", "partition-visibility":"shared", "description":"'enable': enable; 'disable': disable; ", "enum":[ "enable", "disable" ] }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "violation-actions-list":{ "type":"array", "minItems":1, "items":{ "type":"violation-actions" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/violation-actions/{name}", "array":[ { "properties":{ "name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS violation-actions name", "optional":false }, "blacklist-src":{ "type":"number", "format":"number", "minimum":1, "maximum":30, "partition-visibility":"shared", "description":"Blacklist-src (in min) (applied only for source action)", "optional":true }, "blackhole":{ "type":"number", "format":"number", "minimum":0, "maximum":30, "partition-visibility":"shared", "description":"Blackhole the zone (in minute, 0 means infinite)", "optional":true }, "execute-script":{ "type":"string", "format":"string", "plat-neg-list":["chassis-duo"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Specify DDOS script to run (applied only for zone action)", "optional":true }, "execute-script-timeout":{ "type":"number", "format":"number", "plat-neg-list":["chassis-duo"], "minimum":5, "maximum":20, "partition-visibility":"shared", "description":"Timeout for script execution (in seconds) (applied only for zone action)", "optional":true }, "send-notification-only":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Forces TPS to only send out notification for the violation-action", "optional":true }, "notification":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "notification-template":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/notification-template", "description":"Specify the notification template name" } } } ] }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "name" ] } ] }, "zone-profile-list":{ "type":"array", "minItems":1, "items":{ "type":"zone-profile" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/zone-profile/{profile-name}", "array":[ { "properties":{ "profile-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Profile for DDoS zone thresholds", "optional":false }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "port-list":{ "type":"array", "minItems":1, "items":{ "type":"port" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/zone-profile/{profile-name}/port/{port-num}+{port-protocol}", "array":[ { "properties":{ "port-num":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Port Number", "optional":false }, "port-protocol":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'dns-tcp': dns-tcp; 'dns-udp': dns-udp; 'sip-tcp': sip-tcp; 'sip-udp': sip-udp; 'http': http; 'tcp': tcp; 'udp': udp; 'ssl-l4': ssl-l4; 'quic': quic; ", "enum":[ "dns-tcp", "dns-udp", "sip-tcp", "sip-udp", "http", "tcp", "udp", "ssl-l4", "quic" ], "optional":false }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "indicator-list":{ "type":"array", "minItems":1, "items":{ "type":"indicator" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/zone-profile/{profile-name}/port/{port-num}+{port-protocol}/indicator/{indicator-name}", "array":[ { "properties":{ "indicator-name":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'pkt-rate': pkt-rate; 'pkt-drop-rate': pkt-drop-rate; 'bit-rate': bit-rate; 'pkt-drop-ratio': pkt-drop-ratio; 'bytes-to-bytes-from-ratio': bytes-to-bytes-from-ratio; 'concurrent-conns': concurrent-conns; 'conn-miss-rate': conn-miss-rate; 'syn-rate': syn-rate; 'fin-rate': fin-rate; 'rst-rate': rst-rate; 'small-window-ack-rate': small-window-ack-rate; 'empty-ack-rate': empty-ack-rate; 'small-payload-rate': small-payload-rate; 'syn-fin-ratio': syn-fin-ratio; 'cpu-utilization': cpu-utilization; 'interface-utilization': interface-utilization; ", "enum":[ "pkt-rate", "pkt-drop-rate", "bit-rate", "pkt-drop-ratio", "bytes-to-bytes-from-ratio", "concurrent-conns", "conn-miss-rate", "syn-rate", "fin-rate", "rst-rate", "small-window-ack-rate", "empty-ack-rate", "small-payload-rate", "syn-fin-ratio", "cpu-utilization", "interface-utilization" ], "optional":false }, "src-threshold-cfg":{ "type":"object", "properties":{ "src-threshold-num":{ "type":"number", "format":"number", "minimum":1, "maximum":2147483647, "partition-visibility":"shared", "description":"Indicator per-src threshold" }, "src-threshold-large-num":{ "type":"number", "format":"number", "minimum":1, "maximum":10995116277760, "partition-visibility":"shared", "description":"Indicator per-src threshold" }, "src-threshold-str":{ "type":"string", "format":"string", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"Indicator per-src threshold (Non-zero floating point)" } } }, "zone-threshold-cfg":{ "type":"object", "properties":{ "zone-threshold-num":{ "type":"number", "format":"number", "minimum":1, "maximum":2147483647, "partition-visibility":"shared", "description":"Threshold for the entire zone" }, "zone-threshold-large-num":{ "type":"number", "format":"number", "minimum":1, "maximum":10995116277760, "partition-visibility":"shared", "description":"Threshold for the entire zone" }, "zone-threshold-str":{ "type":"string", "format":"string", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"Threshold for the entire zone (Non-zero floating point)" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "indicator-name" ] } ] } }, "required":[ "port-num", "port-protocol" ] } ] }, "ip-proto":{ "type":"object", "$ref":"/axapi/v3/ddos/zone-profile/{profile-name}/ip-proto", "properties":{ "proto-number-list":{ "type":"array", "minItems":1, "items":{ "type":"proto-number" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/zone-profile/{profile-name}/ip-proto/proto-number/{protocol-num}", "array":[ { "properties":{ "protocol-num":{ "type":"number", "format":"number", "minimum":0, "maximum":255, "partition-visibility":"shared", "description":"Protocol Number", "optional":false }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "indicator-list":{ "type":"array", "minItems":1, "items":{ "type":"indicator" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/zone-profile/{profile-name}/ip-proto/proto-number/{protocol-num}/indicator/{indicator-name}", "array":[ { "properties":{ "indicator-name":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'pkt-rate': pkt-rate; 'pkt-drop-rate': pkt-drop-rate; 'bit-rate': bit-rate; 'pkt-drop-ratio': pkt-drop-ratio; 'bytes-to-bytes-from-ratio': bytes-to-bytes-from-ratio; 'frag-rate': frag-rate; 'cpu-utilization': cpu-utilization; 'interface-utilization': interface-utilization; ", "enum":[ "pkt-rate", "pkt-drop-rate", "bit-rate", "pkt-drop-ratio", "bytes-to-bytes-from-ratio", "frag-rate", "cpu-utilization", "interface-utilization" ], "optional":false }, "src-threshold-cfg":{ "type":"object", "properties":{ "src-threshold-num":{ "type":"number", "format":"number", "minimum":1, "maximum":2147483647, "partition-visibility":"shared", "description":"Indicator per-src threshold" }, "src-threshold-large-num":{ "type":"number", "format":"number", "minimum":1, "maximum":10995116277760, "partition-visibility":"shared", "description":"Indicator per-src threshold" }, "src-threshold-str":{ "type":"string", "format":"string", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"Indicator per-src threshold (Non-zero floating point)" } } }, "zone-threshold-cfg":{ "type":"object", "properties":{ "zone-threshold-num":{ "type":"number", "format":"number", "minimum":1, "maximum":2147483647, "partition-visibility":"shared", "description":"Threshold for the entire zone" }, "zone-threshold-large-num":{ "type":"number", "format":"number", "minimum":1, "maximum":10995116277760, "partition-visibility":"shared", "description":"Threshold for the entire zone" }, "zone-threshold-str":{ "type":"string", "format":"string", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"Threshold for the entire zone (Non-zero floating point)" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "indicator-name" ] } ] } }, "required":[ "protocol-num" ] } ] }, "proto-name-list":{ "type":"array", "minItems":1, "items":{ "type":"proto-name" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/zone-profile/{profile-name}/ip-proto/proto-name/{protocol}", "array":[ { "properties":{ "protocol":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'icmp-v4': ip-proto icmp-v4; 'icmp-v6': ip-proto icmp-v6; 'gre': ip-proto gre; 'ipv4-encap': ip-proto IPv4 Encapsulation; 'ipv6-encap': ip-proto IPv6 Encapsulation; ", "enum":[ "icmp-v4", "icmp-v6", "gre", "ipv4-encap", "ipv6-encap" ], "optional":false }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "indicator-list":{ "type":"array", "minItems":1, "items":{ "type":"indicator" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/zone-profile/{profile-name}/ip-proto/proto-name/{protocol}/indicator/{indicator-name}", "array":[ { "properties":{ "indicator-name":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'pkt-rate': pkt-rate; 'pkt-drop-rate': pkt-drop-rate; 'bit-rate': bit-rate; 'pkt-drop-ratio': pkt-drop-ratio; 'bytes-to-bytes-from-ratio': bytes-to-bytes-from-ratio; 'frag-rate': frag-rate; 'cpu-utilization': cpu-utilization; 'interface-utilization': interface-utilization; ", "enum":[ "pkt-rate", "pkt-drop-rate", "bit-rate", "pkt-drop-ratio", "bytes-to-bytes-from-ratio", "frag-rate", "cpu-utilization", "interface-utilization" ], "optional":false }, "src-threshold-cfg":{ "type":"object", "properties":{ "src-threshold-num":{ "type":"number", "format":"number", "minimum":1, "maximum":2147483647, "partition-visibility":"shared", "description":"Indicator per-src threshold" }, "src-threshold-large-num":{ "type":"number", "format":"number", "minimum":1, "maximum":10995116277760, "partition-visibility":"shared", "description":"Indicator per-src threshold" }, "src-threshold-str":{ "type":"string", "format":"string", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"Indicator per-src threshold (Non-zero floating point)" } } }, "zone-threshold-cfg":{ "type":"object", "properties":{ "zone-threshold-num":{ "type":"number", "format":"number", "minimum":1, "maximum":2147483647, "partition-visibility":"shared", "description":"Threshold for the entire zone" }, "zone-threshold-large-num":{ "type":"number", "format":"number", "minimum":1, "maximum":10995116277760, "partition-visibility":"shared", "description":"Threshold for the entire zone" }, "zone-threshold-str":{ "type":"string", "format":"string", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"Threshold for the entire zone (Non-zero floating point)" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "indicator-name" ] } ] } }, "required":[ "protocol" ] } ] } } }, "port-range-list":{ "type":"array", "minItems":1, "items":{ "type":"port-range" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/zone-profile/{profile-name}/port-range/{port-range-start}+{port-range-end}+{protocol}", "array":[ { "properties":{ "port-range-start":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Port-Range Start Port Number", "optional":false }, "port-range-end":{ "type":"number", "format":"number", "minimum":2, "maximum":65535, "partition-visibility":"shared", "description":"Port-Range End Port Number", "optional":false }, "protocol":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'dns-tcp': DNS-TCP Port; 'dns-udp': DNS-UDP Port; 'http': HTTP Port; 'tcp': TCP Port; 'udp': UDP Port; 'ssl-l4': SSL-L4 Port; 'sip-tcp': SIP-TCP Port; 'sip-udp': SIP-UDP Port; 'quic': QUIC Port; ", "enum":[ "dns-tcp", "dns-udp", "http", "tcp", "udp", "ssl-l4", "sip-tcp", "sip-udp", "quic" ], "optional":false }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "indicator-list":{ "type":"array", "minItems":1, "items":{ "type":"indicator" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/zone-profile/{profile-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/indicator/{indicator-name}", "array":[ { "properties":{ "indicator-name":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'pkt-rate': pkt-rate; 'pkt-drop-rate': pkt-drop-rate; 'bit-rate': bit-rate; 'pkt-drop-ratio': pkt-drop-ratio; 'bytes-to-bytes-from-ratio': bytes-to-bytes-from-ratio; 'concurrent-conns': concurrent-conns; 'conn-miss-rate': conn-miss-rate; 'syn-rate': syn-rate; 'fin-rate': fin-rate; 'rst-rate': rst-rate; 'small-window-ack-rate': small-window-ack-rate; 'empty-ack-rate': empty-ack-rate; 'small-payload-rate': small-payload-rate; 'syn-fin-ratio': syn-fin-ratio; 'cpu-utilization': cpu-utilization; 'interface-utilization': interface-utilization; ", "enum":[ "pkt-rate", "pkt-drop-rate", "bit-rate", "pkt-drop-ratio", "bytes-to-bytes-from-ratio", "concurrent-conns", "conn-miss-rate", "syn-rate", "fin-rate", "rst-rate", "small-window-ack-rate", "empty-ack-rate", "small-payload-rate", "syn-fin-ratio", "cpu-utilization", "interface-utilization" ], "optional":false }, "src-threshold-cfg":{ "type":"object", "properties":{ "src-threshold-num":{ "type":"number", "format":"number", "minimum":1, "maximum":2147483647, "partition-visibility":"shared", "description":"Indicator per-src threshold" }, "src-threshold-large-num":{ "type":"number", "format":"number", "minimum":1, "maximum":10995116277760, "partition-visibility":"shared", "description":"Indicator per-src threshold" }, "src-threshold-str":{ "type":"string", "format":"string", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"Indicator per-src threshold (Non-zero floating point)" } } }, "zone-threshold-cfg":{ "type":"object", "properties":{ "zone-threshold-num":{ "type":"number", "format":"number", "minimum":1, "maximum":2147483647, "partition-visibility":"shared", "description":"Threshold for the entire zone" }, "zone-threshold-large-num":{ "type":"number", "format":"number", "minimum":1, "maximum":10995116277760, "partition-visibility":"shared", "description":"Threshold for the entire zone" }, "zone-threshold-str":{ "type":"string", "format":"string", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"Threshold for the entire zone (Non-zero floating point)" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "indicator-name" ] } ] } }, "required":[ "port-range-start", "port-range-end", "protocol" ] } ] } }, "required":[ "profile-name" ] } ] }, "notification-template-debug-log":{ "type":"object", "$ref":"/axapi/v3/ddos/notification-template-debug-log", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "network-object-list":{ "type":"array", "minItems":1, "items":{ "type":"network-object" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/network-object/{object-name}", "array":[ { "properties":{ "object-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "optional":false }, "operational-mode":{ "type":"string", "format":"enum", "default":"learning", "partition-visibility":"shared", "description":"'monitor': Monitor mode; 'learning': Learning mode; ", "enum":[ "monitor", "learning" ], "optional":true }, "ip":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "subnet-ip-addr":{ "type":"string", "format":"ipv4-cidr", "partition-visibility":"shared", "description":"IP Subnet, supported prefix range is from 8 to 31" } } } ] }, "ipv6":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "subnet-ipv6-addr":{ "type":"string", "format":"ipv6-address-plen", "partition-visibility":"shared", "description":"IPV6 Subnet, supported prefix range is from 40 to 63" } } } ] }, "histogram-enable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable histogram statistics (Default: Disabled)", "optional":true }, "anomaly-detection-trigger":{ "type":"string", "format":"enum", "default":"all", "partition-visibility":"shared", "description":"'all': Use both learned and static thresholds (static thresholds take precedence); 'static-threshold-only': Use static thresholds only; ", "enum":[ "all", "static-threshold-only" ], "optional":true }, "service-discovery":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'disable': Disable service discovery for hosts (default: enabled); ", "enum":[ "disable" ], "optional":true }, "relative-auto-break-down-threshold":{ "type":"object", "properties":{ "network-percentage":{ "type":"number", "format":"number", "minimum":1, "maximum":99, "partition-visibility":"shared", "description":"percentage of parent node" }, "permil":{ "type":"number", "format":"number", "minimum":1, "maximum":999, "partition-visibility":"shared", "description":"permil of root node" } } }, "static-auto-break-down-threshold":{ "type":"object", "properties":{ "network-pkt-rate":{ "type":"number", "format":"number", "minimum":100, "maximum":2000000, "partition-visibility":"shared", "description":"packet rate of current node" } } }, "service-break-down-threshold-local":{ "type":"object", "properties":{ "svc-percentage":{ "type":"number", "format":"number", "minimum":5, "maximum":99, "partition-visibility":"shared", "description":"percentage of parent ip node" } } }, "host-anomaly-threshold":{ "type":"object", "properties":{ "host-pkt-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":2147483647, "partition-visibility":"shared", "description":"Packet rate of per host" }, "host-byte-rate":{ "type":"number", "format":"number", "minimum":100, "maximum":4294967295, "partition-visibility":"shared", "description":"Byte rate of per host" } } }, "network-object-anomaly-threshold":{ "type":"object", "properties":{ "network-object-pkt-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":10995116277760, "partition-visibility":"shared", "description":"Packet rate of the network-object" }, "network-object-byte-rate":{ "type":"number", "format":"number", "minimum":100, "maximum":10995116277760, "partition-visibility":"shared", "description":"Byte rate of the network-object" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "sampling-enable":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "counters1":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'all': all; 'subnet_learned': Subnet Entry Learned; 'subnet_aged': Subnet Entry Aged; 'subnet_create_fail': Subnet Entry Create Failures; 'ip_learned': IP Entry Learned; 'ip_aged': IP Entry Aged; 'ip_create_fail': IP Entry Create Failures; 'service_learned': Service Entry Learned; 'service_aged': Service Entry Aged; 'service_create_fail': Service Entry Create Failures; ", "enum":[ "all", "subnet_learned", "subnet_aged", "subnet_create_fail", "ip_learned", "ip_aged", "ip_create_fail", "service_learned", "service_aged", "service_create_fail" ] } } } ] }, "notification":{ "type":"object", "$ref":"/axapi/v3/ddos/network-object/{object-name}/notification", "properties":{ "configuration":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'configuration': configuration; ", "enum":[ "configuration" ] }, "notification":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "notification-template-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/notification-template", "description":"Specify the notification template name" } } } ] }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "sub-network-list":{ "type":"array", "minItems":1, "items":{ "type":"sub-network" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/network-object/{object-name}/sub-network/{subnet-ip-addr}", "array":[ { "properties":{ "subnet-ip-addr":{ "type":"string", "format":"ipv4-cidr", "partition-visibility":"shared", "description":"IPv4 Subnet/host, supported prefix range is from 24 to 32", "optional":false }, "host-anomaly-threshold":{ "type":"object", "properties":{ "static-pkt-rate-threshold":{ "type":"number", "format":"number", "minimum":1, "maximum":2147483647, "partition-visibility":"shared", "description":"Packet rate of per host" }, "static-byte-rate-threshold":{ "type":"number", "format":"number", "minimum":100, "maximum":4294967295, "partition-visibility":"shared", "description":"Byte rate of per host" } } }, "sub-network-anomaly-threshold":{ "type":"object", "properties":{ "static-sub-network-pkt-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":2147483647, "partition-visibility":"shared", "description":"Packet rate of the sub-network" }, "static-sub-network-byte-rate":{ "type":"number", "format":"number", "minimum":100, "maximum":4294967295, "partition-visibility":"shared", "description":"Byte rate of the sub-network" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "subnet-ip-addr" ] } ] } }, "required":[ "object-name" ] } ] }, "use-default-route":{ "type":"object", "$ref":"/axapi/v3/ddos/use-default-route", "properties":{ "ethernet-start-cfg":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "ethernet-start":{ "type":"number", "format":"interface", "partition-visibility":"shared", "description":"Traffic receive from the ethernet port will use default route" }, "ethernet-end":{ "type":"number", "format":"interface", "partition-visibility":"shared" } } } ] }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "tap":{ "type":"object", "$ref":"/axapi/v3/ddos/tap", "properties":{ "ethernet-start-cfg":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "ethernet-start":{ "type":"number", "format":"interface", "partition-visibility":"shared", "description":"Traffic receive from the ethernet port will be dropped" }, "ethernet-end":{ "type":"number", "format":"interface", "partition-visibility":"shared" } } } ] }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "local-address":{ "type":"object", "$ref":"/axapi/v3/ddos/local-address", "properties":{ "ip-list":{ "type":"array", "minItems":1, "items":{ "type":"ip" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/local-address/ip/{ip-addr}", "array":[ { "properties":{ "ip-addr":{ "type":"string", "format":"ipv4-address", "partition-visibility":"shared", "description":"DDoS IPv4 Address for syn cookie usage", "optional":false }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true } }, "required":[ "ip-addr" ] } ] }, "ipv6-list":{ "type":"array", "minItems":1, "items":{ "type":"ipv6" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/local-address/ipv6/{ipv6-addr}", "array":[ { "properties":{ "ipv6-addr":{ "type":"string", "format":"ipv6-address", "partition-visibility":"shared", "description":"DDoS IPv6 Address for syn cookie usage", "optional":false }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true } }, "required":[ "ipv6-addr" ] } ] } } }, "src-based-policy-list":{ "type":"array", "minItems":1, "items":{ "type":"src-based-policy" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/src-based-policy/{name}", "array":[ { "properties":{ "name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Specify name of the policy", "optional":false }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "policy-class-list-list":{ "type":"array", "minItems":1, "items":{ "type":"policy-class-list" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/src-based-policy/{name}/policy-class-list/{class-list-name}", "array":[ { "properties":{ "class-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Class-list name", "optional":false }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true } }, "required":[ "class-list-name" ] } ] } }, "required":[ "name" ] } ] }, "outbound-policy-list":{ "type":"array", "minItems":1, "items":{ "type":"outbound-policy" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/outbound-policy/{name}", "array":[ { "properties":{ "name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Specify name of the policy", "optional":false }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "policy-class-list-list":{ "type":"array", "minItems":1, "items":{ "type":"policy-class-list" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/outbound-policy/{name}/policy-class-list/{class-list-name}", "array":[ { "properties":{ "class-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/class-list", "description":"Class-list name", "optional":false }, "class-list-glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "class-list-name" ] } ] }, "policy-default-class-list":{ "type":"object", "$ref":"/axapi/v3/ddos/outbound-policy/{name}/policy-default-class-list", "properties":{ "configuration":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Default class-list configuration" }, "class-list-glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID" }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "asn-based-tracking":{ "type":"object", "$ref":"/axapi/v3/ddos/outbound-policy/{name}/asn-based-tracking", "properties":{ "configuration":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'configuration': Configure asn based tracking; ", "enum":[ "configuration" ] }, "per-asn-glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID" }, "packet-rate-triggered":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Triggered by 1/2 packet rate limitation in per-asn-glid." }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "country-based-tracking":{ "type":"object", "$ref":"/axapi/v3/ddos/outbound-policy/{name}/country-based-tracking", "properties":{ "configuration":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'configuration': Configure country based tracking; ", "enum":[ "configuration" ] }, "per-country-glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID" }, "packet-rate-triggered":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Triggered by 1/2 packet rate limitation in per-country-glid." }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } } }, "required":[ "name" ] } ] }, "src":{ "type":"object", "$ref":"/axapi/v3/ddos/src", "properties":{ "default-list":{ "type":"array", "minItems":1, "items":{ "type":"default" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/src/default/{default-address-type}", "array":[ { "properties":{ "default-address-type":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'ip': ip; 'ipv6': ipv6; ", "enum":[ "ip", "ipv6" ], "optional":false }, "disable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Disable", "optional":true }, "age":{ "type":"number", "format":"number", "minimum":2, "maximum":1023, "default":5, "partition-visibility":"shared", "description":"Idle age for ip entry", "optional":true }, "exceed-log-cfg":{ "type":"object", "properties":{ "log-enable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable logging of limit exceed drop's" } } }, "log-periodic":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable periodic log while event is continuing", "optional":true }, "template":{ "type":"object", "properties":{ "logging":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS logging template" } } }, "max-dynamic-entry-count":{ "type":"number", "format":"number", "minimum":0, "maximum":2147483647, "partition-visibility":"shared", "description":"Maximum count for dynamic src entry", "optional":true }, "apply-policy-on-overflow":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable this flag to apply overflow policy when dynamic entry count overflows", "optional":true }, "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "l4-type-list":{ "type":"array", "minItems":1, "items":{ "type":"l4-type" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/src/default/{default-address-type}/l4-type/{protocol}", "array":[ { "properties":{ "protocol":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'tcp': tcp; 'udp': udp; 'icmp': icmp; 'other': other; ", "enum":[ "tcp", "udp", "icmp", "other" ], "optional":false }, "deny":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Blacklist and Drop all incoming packets for protocol", "optional":true }, "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "template":{ "type":"object", "properties":{ "tcp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS TCP template" }, "udp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS UDP template" }, "other":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS OTHER template" }, "template-icmp-v4":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS icmp-v4 template" }, "template-icmp-v6":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS icmp-v6 template" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "protocol" ] } ] }, "app-type-list":{ "type":"array", "minItems":1, "items":{ "type":"app-type" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/src/default/{default-address-type}/app-type/{protocol}", "array":[ { "properties":{ "protocol":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'dns': dns; 'http': http; 'ssl-l4': ssl-l4; 'sip': sip; ", "enum":[ "dns", "http", "ssl-l4", "sip" ], "optional":false }, "template":{ "type":"object", "properties":{ "dns":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS dns template" }, "http":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS http template" }, "ssl-l4":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS SSL-L4 template" }, "sip":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS sip template" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "protocol" ] } ] } }, "required":[ "default-address-type" ] } ] }, "dynamic-entry-overflow-policy-list":{ "type":"array", "minItems":1, "items":{ "type":"dynamic-entry-overflow-policy" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/src/dynamic-entry-overflow-policy/{default-address-type}", "array":[ { "properties":{ "default-address-type":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'ip': ip; 'ipv6': ipv6; ", "enum":[ "ip", "ipv6" ], "optional":false }, "exceed-log-cfg":{ "type":"object", "properties":{ "log-enable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable logging of limit exceed drop's" }, "with-sflow-sample":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Turn on sflow sample with log" } } }, "log-periodic":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable periodic log while event is continuing", "optional":true }, "template":{ "type":"object", "properties":{ "logging":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS logging template" } } }, "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "l4-type-list":{ "type":"array", "minItems":1, "items":{ "type":"l4-type" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/src/dynamic-entry-overflow-policy/{default-address-type}/l4-type/{protocol}", "array":[ { "properties":{ "protocol":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'tcp': tcp; 'udp': udp; 'icmp': icmp; 'other': other; ", "enum":[ "tcp", "udp", "icmp", "other" ], "optional":false }, "deny":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Blacklist and Drop all incoming packets for protocol", "optional":true }, "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "template":{ "type":"object", "properties":{ "tcp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS TCP template" }, "udp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS UDP template" }, "other":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS OTHER template" }, "template-icmp-v4":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS icmp-v4 template" }, "template-icmp-v6":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS icmp-v6 template" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "protocol" ] } ] }, "app-type-list":{ "type":"array", "minItems":1, "items":{ "type":"app-type" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/src/dynamic-entry-overflow-policy/{default-address-type}/app-type/{protocol}", "array":[ { "properties":{ "protocol":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'dns': dns; 'http': http; 'ssl-l4': ssl-l4; 'sip': sip; ", "enum":[ "dns", "http", "ssl-l4", "sip" ], "optional":false }, "template":{ "type":"object", "properties":{ "dns":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS dns template" }, "http":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS http template" }, "ssl-l4":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS SSL-L4 template" }, "sip":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS sip template" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "protocol" ] } ] } }, "required":[ "default-address-type" ] } ] }, "entry-list":{ "type":"array", "minItems":1, "items":{ "type":"entry" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/src/entry/{src-entry-name}", "array":[ { "properties":{ "src-entry-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "optional":false }, "ipv6-addr":{ "type":"string", "format":"ipv6-address", "partition-visibility":"shared", "modify-not-allowed":1, "optional":true }, "ip-addr":{ "type":"string", "format":"ipv4-address", "partition-visibility":"shared", "modify-not-allowed":1, "optional":true }, "subnet-ip-addr":{ "type":"string", "format":"ipv4-cidr", "partition-visibility":"shared", "modify-not-allowed":1, "description":"IP Subnet", "optional":true }, "subnet-ipv6-addr":{ "type":"string", "format":"ipv6-address-plen", "partition-visibility":"shared", "modify-not-allowed":1, "description":"IPV6 Subnet", "optional":true }, "description":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Description for this Source Entry", "optional":true }, "bypass":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Always permit for the Source to bypass all feature & limit checks", "optional":true }, "exceed-log-cfg":{ "type":"object", "properties":{ "log-enable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable logging of limit exceed drop's" } } }, "log-periodic":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable periodic log while event is continuing", "optional":true }, "template":{ "type":"object", "properties":{ "logging":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS logging template" } } }, "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "hw-blacklist-blocking":{ "type":"object", "$ref":"/axapi/v3/ddos/src/entry/{src-entry-name}/hw-blacklist-blocking", "properties":{ "src-enable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable Src side hardware blocking" }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "l4-type-list":{ "type":"array", "minItems":1, "items":{ "type":"l4-type" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/src/entry/{src-entry-name}/l4-type/{protocol}", "array":[ { "properties":{ "protocol":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'tcp': tcp; 'udp': udp; 'icmp': icmp; 'other': other; ", "enum":[ "tcp", "udp", "icmp", "other" ], "optional":false }, "action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'permit': Whitelist incoming packets for protocol; 'deny': Blacklist incoming packets for protocol; ", "enum":[ "permit", "deny" ], "optional":true }, "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "template":{ "type":"object", "properties":{ "tcp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS TCP template" }, "udp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS UDP template" }, "other":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS OTHER template" }, "template-icmp-v4":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS icmp-v4 template" }, "template-icmp-v6":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS icmp-v6 template" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "protocol" ] } ] }, "app-type-list":{ "type":"array", "minItems":1, "items":{ "type":"app-type" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/src/entry/{src-entry-name}/app-type/{protocol}", "array":[ { "properties":{ "protocol":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'dns': dns; 'http': http; 'ssl-l4': ssl-l4; 'sip': sip; ", "enum":[ "dns", "http", "ssl-l4", "sip" ], "optional":false }, "template":{ "type":"object", "properties":{ "ssl-l4":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS SSL-L4 template" }, "dns":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS dns template" }, "http":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS http template" }, "sip":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS sip template" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "protocol" ] } ] } }, "required":[ "src-entry-name" ] } ] }, "geo-location-list":{ "type":"array", "minItems":1, "items":{ "type":"geo-location" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/src/geo-location/{geolocation-name}", "array":[ { "properties":{ "geolocation-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":15, "partition-visibility":"shared", "description":"Geolocation Name", "optional":false }, "description":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Description for this Geolocation Entry", "optional":true }, "bypass":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Always permit for the Source to bypass all feature & limit checks", "optional":true }, "log-periodic":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable periodic log while event is continuing", "optional":true }, "template":{ "type":"object", "properties":{ "logging":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS logging template" } } }, "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "l4-type-list":{ "type":"array", "minItems":1, "items":{ "type":"l4-type" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/src/geo-location/{geolocation-name}/l4-type/{protocol}", "array":[ { "properties":{ "protocol":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'tcp': tcp; 'udp': udp; 'icmp': icmp; 'other': other; ", "enum":[ "tcp", "udp", "icmp", "other" ], "optional":false }, "action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'permit': Whitelist incoming packets for protocol; 'deny': Blacklist incoming packets for protocol; ", "enum":[ "permit", "deny" ], "optional":true }, "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "template":{ "type":"object", "properties":{ "tcp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS TCP template" }, "udp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS UDP template" }, "other":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS OTHER template" }, "template-icmp-v4":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS ICMP template" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "protocol" ] } ] }, "app-type-list":{ "type":"array", "minItems":1, "items":{ "type":"app-type" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/src/geo-location/{geolocation-name}/app-type/{protocol}", "array":[ { "properties":{ "protocol":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'dns': dns; 'http': http; 'ssl-l4': ssl-l4; 'sip': sip; ", "enum":[ "dns", "http", "ssl-l4", "sip" ], "optional":false }, "template":{ "type":"object", "properties":{ "ssl-l4":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS SSL-L4 template" }, "dns":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS DNS template" }, "http":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS HTTP template" }, "sip":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS sip template" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "protocol" ] } ] } }, "required":[ "geolocation-name" ] } ] }, "dynamic-entry":{ "type":"object", "$ref":"/axapi/v3/ddos/src/dynamic-entry", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "dynamic-entries-resource-usage":{ "type":"object", "$ref":"/axapi/v3/ddos/src/dynamic-entries-resource-usage", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } } } }, "dst":{ "type":"object", "$ref":"/axapi/v3/ddos/dst", "properties":{ "default-list":{ "type":"array", "minItems":1, "items":{ "type":"default" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/default/{default-address-type}", "array":[ { "properties":{ "default-address-type":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'ip': ip; 'ipv6': ipv6; ", "enum":[ "ip", "ipv6" ], "optional":false }, "disable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Disable", "optional":true }, "age":{ "type":"number", "format":"number", "minimum":5, "maximum":1023, "partition-visibility":"shared", "description":"Idle age for ip entry", "optional":true }, "exceed-log-dep-cfg":{ "type":"object", "properties":{ "exceed-log-enable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"(Deprecated)Enable logging of limit exceed drop's" }, "log-with-sflow-dep":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Turn on sflow sample with log" } } }, "exceed-log-cfg":{ "type":"object", "properties":{ "log-enable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable logging of limit exceed drop's" }, "with-sflow-sample":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Turn on sflow sample with log" } } }, "drop-disable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Disable certain drops during packet processing", "optional":true }, "drop-disable-fwd-immediate":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Immediately forward L4 drops", "optional":true }, "log-periodic":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable periodic log while event is continuing", "optional":true }, "drop-frag-pkt":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Drop fragmented packets", "optional":true }, "inbound-forward-dscp":{ "type":"number", "format":"number", "minimum":1, "maximum":63, "partition-visibility":"shared", "description":"To set dscp value for inbound packets (DSCP Value for the clear traffic marking)", "optional":true }, "outbound-forward-dscp":{ "type":"number", "format":"number", "minimum":1, "maximum":63, "partition-visibility":"shared", "description":"To set dscp value for outbound", "optional":true }, "template":{ "type":"object", "properties":{ "logging":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS logging template" } } }, "max-dynamic-entry-count":{ "type":"number", "format":"number", "minimum":0, "maximum":2147483647, "partition-visibility":"shared", "description":"Maximum count for dynamic dst entry", "optional":true }, "apply-policy-on-overflow":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable this flag to apply overflow policy when dynamic entry count overflows", "optional":true }, "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "deny":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Blacklist and Drop all incoming packets", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "l4-type-list":{ "type":"array", "minItems":1, "items":{ "type":"l4-type" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/default/{default-address-type}/l4-type/{protocol}", "array":[ { "properties":{ "protocol":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'tcp': tcp; 'udp': udp; 'icmp': icmp; 'other': other; ", "enum":[ "tcp", "udp", "icmp", "other" ], "optional":false }, "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "deny":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Blacklist and Drop all incoming packets for protocol", "optional":true }, "max-rexmit-syn-per-flow":{ "type":"number", "format":"number", "minimum":1, "maximum":6, "partition-visibility":"shared", "description":"Maximum number of re-transmit SYN per flow. Exceed action set to Drop", "optional":true }, "disable-syn-auth":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Disable TCP SYN Authentication", "optional":true }, "syn-auth":{ "type":"string", "format":"enum", "default":"send-rst", "partition-visibility":"shared", "description":"'send-rst': Send RST to client upon client ACK; 'force-rst-by-ack': Force client RST via the use of ACK; 'force-rst-by-synack': Force client RST via the use of bad SYN|ACK; 'disable': Disable TCP SYN Authentication; ", "enum":[ "send-rst", "force-rst-by-ack", "force-rst-by-synack", "disable" ], "optional":true }, "syn-cookie":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable SYN Cookie", "optional":true }, "tcp-reset-client":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Send reset to client when rate exceeds or session ages out", "optional":true }, "tcp-reset-server":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Send reset to server when rate exceeds or session ages out", "optional":true }, "drop-on-no-port-match":{ "type":"string", "format":"enum", "default":"enable", "partition-visibility":"shared", "description":"'disable': disable; 'enable': enable; ", "enum":[ "disable", "enable" ], "optional":true }, "stateful":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable stateful tracking of sessions (Default is stateless)", "optional":true }, "tunnel-decap":{ "type":"object", "properties":{ "ip-decap":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable IP Tunnel decapsulation" }, "gre-decap":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable GRE Tunnel decapsulation" }, "key-cfg":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "key":{ "type":"string", "format":"string", "minLength":1, "maxLength":10, "partition-visibility":"shared", "description":"Only decapsulate GRE packet with this key (Hexadecimal 0x0-0xFFFFFFFF,decimal 0-4294967295)" } } } ] } } }, "tunnel-rate-limit":{ "type":"object", "properties":{ "ip-rate-limit":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable inner IP rate limiting on IPinIP traffic" }, "gre-rate-limit":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable inner IP rate limiting on GRE traffic" } } }, "drop-frag-pkt":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Drop fragmented packets", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "protocol" ] } ] }, "port-list":{ "type":"array", "minItems":1, "items":{ "type":"port" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/default/{default-address-type}/port/{port-num}+{protocol}", "array":[ { "properties":{ "port-num":{ "type":"number", "format":"number", "minimum":0, "maximum":65535, "partition-visibility":"shared", "description":"Port Number", "optional":false }, "protocol":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'dns-tcp': dns-tcp; 'dns-udp': dns-udp; 'http': http; 'tcp': tcp; 'udp': udp; 'ssl-l4': ssl-l4; 'sip-udp': sip-udp; 'sip-tcp': sip-tcp; ", "enum":[ "dns-tcp", "dns-udp", "http", "tcp", "udp", "ssl-l4", "sip-udp", "sip-tcp" ], "optional":false }, "deny":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Blacklist and Drop all incoming packets for protocol", "optional":true }, "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "template":{ "type":"object", "properties":{ "dns":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS dns template" }, "http":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS http template" }, "ssl-l4":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS ssl-l4 template" }, "sip":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS sip template" }, "tcp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS tcp template" }, "udp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS udp template" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "port-num", "protocol" ] } ] }, "src-port-list":{ "type":"array", "minItems":1, "items":{ "type":"src-port" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/default/{default-address-type}/src-port/{port-num}+{protocol}", "array":[ { "properties":{ "port-num":{ "type":"number", "format":"number", "minimum":0, "maximum":65535, "partition-visibility":"shared", "description":"Port Number", "optional":false }, "protocol":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'udp': udp; 'tcp': tcp; ", "enum":[ "udp", "tcp" ], "optional":false }, "deny":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Blacklist and Drop all incoming packets for protocol", "optional":true }, "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "template":{ "type":"object", "properties":{ "src-udp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS udp src template" }, "src-tcp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS tcp src template" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "port-num", "protocol" ] } ] }, "ip-proto-list":{ "type":"array", "minItems":1, "items":{ "type":"ip-proto" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/default/{default-address-type}/ip-proto/{port-num}", "array":[ { "properties":{ "port-num":{ "type":"number", "format":"number", "minimum":0, "maximum":255, "partition-visibility":"shared", "description":"Protocol Number", "optional":false }, "deny":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Blacklist and Drop all incoming packets for protocol", "optional":true }, "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "template":{ "type":"object", "properties":{ "other":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS other template" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "port-num" ] } ] } }, "required":[ "default-address-type" ] } ] }, "dynamic-entry-overflow-policy-list":{ "type":"array", "minItems":1, "items":{ "type":"dynamic-entry-overflow-policy" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/dynamic-entry-overflow-policy/{default-address-type}", "array":[ { "properties":{ "default-address-type":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'ip': ip; 'ipv6': ipv6; ", "enum":[ "ip", "ipv6" ], "optional":false }, "exceed-log-dep-cfg":{ "type":"object", "properties":{ "exceed-log-enable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"(Deprecated)Enable logging of limit exceed drop's" }, "log-with-sflow-dep":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Turn on sflow sample with log" } } }, "exceed-log-cfg":{ "type":"object", "properties":{ "log-enable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable logging of limit exceed drop's" }, "with-sflow-sample":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Turn on sflow sample with log" } } }, "drop-disable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Disable certain drops during packet processing", "optional":true }, "drop-disable-fwd-immediate":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Immediately forward L4 drops", "optional":true }, "log-periodic":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable periodic log while event is continuing", "optional":true }, "inbound-forward-dscp":{ "type":"number", "format":"number", "minimum":1, "maximum":63, "partition-visibility":"shared", "description":"To set dscp value for inbound packets (DSCP Value for the clear traffic marking)", "optional":true }, "outbound-forward-dscp":{ "type":"number", "format":"number", "minimum":1, "maximum":63, "partition-visibility":"shared", "description":"To set dscp value for outbound", "optional":true }, "template":{ "type":"object", "properties":{ "logging":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS logging template" } } }, "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "l4-type-list":{ "type":"array", "minItems":1, "items":{ "type":"l4-type" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/dynamic-entry-overflow-policy/{default-address-type}/l4-type/{protocol}", "array":[ { "properties":{ "protocol":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'tcp': tcp; 'udp': udp; 'icmp': icmp; 'other': other; ", "enum":[ "tcp", "udp", "icmp", "other" ], "optional":false }, "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "deny":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Blacklist and Drop all incoming packets for protocol", "optional":true }, "max-rexmit-syn-per-flow":{ "type":"number", "format":"number", "minimum":1, "maximum":6, "partition-visibility":"shared", "description":"Maximum number of re-transmit SYN per flow. Exceed action set to Drop", "optional":true }, "syn-auth":{ "type":"string", "format":"enum", "default":"send-rst", "partition-visibility":"shared", "description":"'send-rst': Send RST to client upon client ACK; 'force-rst-by-ack': Force client RST via the use of ACK; 'force-rst-by-synack': Force client RST via the use of bad SYN|ACK; 'disable': Disable TCP SYN Authentication; ", "enum":[ "send-rst", "force-rst-by-ack", "force-rst-by-synack", "disable" ], "optional":true }, "syn-cookie":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable SYN Cookie", "optional":true }, "tcp-reset-client":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Send reset to client when rate exceeds or session ages out", "optional":true }, "tcp-reset-server":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Send reset to server when rate exceeds or session ages out", "optional":true }, "drop-on-no-port-match":{ "type":"string", "format":"enum", "default":"enable", "partition-visibility":"shared", "description":"'disable': disable; 'enable': enable; ", "enum":[ "disable", "enable" ], "optional":true }, "stateful":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable stateful tracking of sessions (Default is stateless)", "optional":true }, "tunnel-decap":{ "type":"object", "properties":{ "ip-decap":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable IP Tunnel decapsulation" }, "gre-decap":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable GRE Tunnel decapsulation" }, "key-cfg":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "key":{ "type":"string", "format":"string", "minLength":1, "maxLength":10, "partition-visibility":"shared", "description":"Only decapsulate GRE packet with this key (Hexadecimal 0x0-0xFFFFFFFF,decimal 0-4294967295)" } } } ] } } }, "tunnel-rate-limit":{ "type":"object", "properties":{ "ip-rate-limit":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable inner IP rate limiting on IPinIP traffic" }, "gre-rate-limit":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable inner IP rate limiting on GRE traffic" } } }, "drop-frag-pkt":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Drop fragmented packets", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "protocol" ] } ] }, "port-list":{ "type":"array", "minItems":1, "items":{ "type":"port" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/dynamic-entry-overflow-policy/{default-address-type}/port/{port-num}+{protocol}", "array":[ { "properties":{ "port-num":{ "type":"number", "format":"number", "minimum":0, "maximum":65535, "partition-visibility":"shared", "description":"Port Number", "optional":false }, "protocol":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'dns-tcp': dns-tcp; 'dns-udp': dns-udp; 'http': http; 'tcp': tcp; 'udp': udp; 'ssl-l4': ssl-l4; 'sip-udp': sip-udp; 'sip-tcp': sip-tcp; ", "enum":[ "dns-tcp", "dns-udp", "http", "tcp", "udp", "ssl-l4", "sip-udp", "sip-tcp" ], "optional":false }, "deny":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Blacklist and Drop all incoming packets for protocol", "optional":true }, "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "template":{ "type":"object", "properties":{ "dns":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS dns template" }, "http":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS http template" }, "ssl-l4":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS ssl-l4 template" }, "sip":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS sip template" }, "tcp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS tcp template" }, "udp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS udp template" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "port-num", "protocol" ] } ] }, "src-port-list":{ "type":"array", "minItems":1, "items":{ "type":"src-port" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/dynamic-entry-overflow-policy/{default-address-type}/src-port/{port-num}+{protocol}", "array":[ { "properties":{ "port-num":{ "type":"number", "format":"number", "minimum":0, "maximum":65535, "partition-visibility":"shared", "description":"Port Number", "optional":false }, "protocol":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'udp': udp; 'tcp': tcp; ", "enum":[ "udp", "tcp" ], "optional":false }, "deny":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Blacklist and Drop all incoming packets for protocol", "optional":true }, "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "template":{ "type":"object", "properties":{ "src-udp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS udp src template" }, "src-tcp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS tcp src template" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "port-num", "protocol" ] } ] }, "ip-proto-list":{ "type":"array", "minItems":1, "items":{ "type":"ip-proto" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/dynamic-entry-overflow-policy/{default-address-type}/ip-proto/{port-num}", "array":[ { "properties":{ "port-num":{ "type":"number", "format":"number", "minimum":0, "maximum":255, "partition-visibility":"shared", "description":"Protocol Number", "optional":false }, "deny":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Blacklist and Drop all incoming packets for protocol", "optional":true }, "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "template":{ "type":"object", "properties":{ "other":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS other template" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "port-num" ] } ] } }, "required":[ "default-address-type" ] } ] }, "entry-list":{ "type":"array", "minItems":1, "items":{ "type":"entry" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/entry/{dst-entry-name}", "array":[ { "properties":{ "dst-entry-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "optional":false }, "ipv6-addr":{ "type":"string", "format":"ipv6-address", "partition-visibility":"shared", "modify-not-allowed":1, "optional":true }, "ip-addr":{ "type":"string", "format":"ipv4-address", "partition-visibility":"shared", "modify-not-allowed":1, "optional":true }, "subnet-ip-addr":{ "type":"string", "format":"ipv4-cidr", "partition-visibility":"shared", "modify-not-allowed":1, "description":"IP Subnet", "optional":true }, "subnet-ipv6-addr":{ "type":"string", "format":"ipv6-address-plen", "partition-visibility":"shared", "modify-not-allowed":1, "description":"IPV6 Subnet", "optional":true }, "description":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Description for this Destination Entry", "optional":true }, "exceed-log-dep-cfg":{ "type":"object", "properties":{ "exceed-log-enable":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"(Deprecated)Enable logging of limit exceed drop's" }, "log-with-sflow-dep":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Turn on sflow sample with log" } } }, "exceed-log-cfg":{ "type":"object", "properties":{ "log-enable":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Enable logging of limit exceed drop's" }, "log-with-sflow":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Turn on sflow sample with log" }, "log-high-frequency":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Enable High frequency logging for non-event logs per entry" }, "rate-limit":{ "type":"number", "format":"number", "plat-neg-list":["softax-ddet"], "minimum":1, "maximum":1000, "default":1, "partition-visibility":"shared", "description":"Rate limit per second per entry(Default : 1 per second)" } } }, "log-periodic":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Enable periodic log while event is continuing", "optional":true }, "drop-frag-pkt":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Drop fragmented packets", "optional":true }, "sflow":{ "type":"object", "properties":{ "polling":{ "type":"object", "properties":{ "sflow-packets":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Enable sFlow packet-level counter polling. WARNING: Entry level Sflow polling might induce heavy CPU load depending on the tota" }, "sflow-layer-4":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Enable sFlow Layer 4 counter polling. WARNING: Entry level Sflow polling might induce heavy CPU load depending on the total num" }, "sflow-tcp":{ "type":"object", "properties":{ "sflow-tcp-basic":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Enable sFlow basic TCP counter polling. WARNING: Entry level Sflow polling might induce heavy CPU load depending on the total n" }, "sflow-tcp-stateful":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Enable sFlow stateful TCP counter polling. WARNING: Entry level Sflow polling might induce heavy CPU load depending on the tota" } } }, "sflow-http":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Enable sFlow HTTP counter polling. WARNING: Entry level Sflow polling might induce heavy CPU load depending on the total number" }, "sflow-undef-port-hit-stats":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Enable sFlow undefined-port-hit-statistics polling" }, "sflow-undef-port-hit-stats-brief":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Enable sFlow undefined-port-hit-statistics polling in brief mode" } } }, "collector":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "sflow-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "$ref":"/axapi/v3/sflow/collector/custom", "description":"Name of configured custom sFlow collector" } } } ] } } }, "drop-on-no-src-dst-default":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Drop if no match with src-based-policy class-list, and default is not configured", "optional":true }, "blackhole-on-glid-exceed":{ "type":"number", "format":"number", "plat-neg-list":["softax-ddet"], "minimum":1, "maximum":30, "partition-visibility":"shared", "description":"Blackhole destination entry for X minutes upon glid limit exceeded", "optional":true }, "source-nat-pool":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Configure source NAT", "optional":true }, "dest-nat-ip":{ "type":"string", "format":"ipv4-address", "plat-neg-list":["softax-ddet"], "partition-visibility":"shared", "description":"Destination NAT IP address", "optional":true }, "dest-nat-ipv6":{ "type":"string", "format":"ipv6-address", "plat-neg-list":["softax-ddet"], "partition-visibility":"shared", "description":"Destination NAT IPv6 address", "optional":true }, "drop-disable":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Disable certain drops during packet processing", "optional":true }, "drop-disable-fwd-immediate":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Immediately forward L4 drops", "optional":true }, "template":{ "type":"object", "properties":{ "logging":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS logging template" } } }, "operational-mode":{ "type":"string", "format":"enum", "default":"protection", "partition-visibility":"shared", "description":"'protection': Protection mode; 'bypass': Bypass mode; ", "enum":[ "protection", "bypass" ], "optional":true }, "reporting-disabled":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Disable Reporting", "optional":true }, "glid":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "glid-exceed-action":{ "type":"object", "properties":{ "stateless-encap-action-cfg":{ "type":"object", "properties":{ "stateless-encap-action":{ "type":"string", "format":"enum", "plat-neg-list":["softax-ddet"], "partition-visibility":"shared", "description":"'stateless-tunnel-encap': Encapsulate all packets; 'stateless-tunnel-encap-scrubbed': Encapsulate all packets and allow packets to go through other DDoS checks before sent (conn-limit exceeded packet can not be scrubbed, it will default to stateless-tunnel-encap); ", "enum":[ "stateless-tunnel-encap", "stateless-tunnel-encap-scrubbed" ] }, "encap-template":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":128, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/template/encap", "description":"Apply legacy encap template for encap action" } } } } }, "advertised-enable":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"BGP advertised", "optional":true }, "set-counter-base-val":{ "type":"number", "format":"number", "plat-neg-list":["softax-ddet"], "minimum":1, "maximum":4294967295, "partition-visibility":"shared", "description":"Set T2 counter value of current context to specified value", "optional":true }, "inbound-forward-dscp":{ "type":"number", "format":"number", "plat-neg-list":["softax-ddet"], "minimum":1, "maximum":63, "partition-visibility":"shared", "description":"To set dscp value for inbound packets (DSCP Value for the clear traffic marking)", "optional":true }, "outbound-forward-dscp":{ "type":"number", "format":"number", "plat-neg-list":["softax-ddet"], "minimum":1, "maximum":63, "partition-visibility":"shared", "description":"To set dscp value for outbound", "optional":true }, "pattern-recognition-sensitivity":{ "type":"string", "format":"enum", "plat-neg-list":["softax-ddet"], "partition-visibility":"shared", "description":"'high': High sensitive pattern recognition; 'medium': Medium sensitive pattern recognition; 'low': Low sensitive pattern recognition; ", "enum":[ "high", "medium", "low" ], "optional":true }, "pattern-recognition-hw-filter-enable":{ "type":"number", "format":"flag", "plat-neg-list":["non-fpga, softax-ddet", "softax-ddet"], "default":0, "partition-visibility":"shared", "description":"to enable pattern recognition hardware filter", "optional":true }, "enable-top-k":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "topk-type":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'destination': Topk destination IP; ", "enum":[ "destination" ] }, "topk-num-records":{ "type":"number", "format":"number", "minimum":1, "maximum":100, "default":20, "partition-visibility":"shared", "description":"Maximum number of records to show in topk" } } } ] }, "traffic-distribution-mode":{ "type":"string", "format":"enum", "plat-pos-list":["chassis-duo"], "plat-neg-list":["softax-ddet"], "default":"default", "partition-visibility":"shared", "description":"'default': Distribute traffic to one slot using default distribution mechanism; 'source-ip-based': Distribute traffic between slots, based on source ip; ", "enum":[ "default", "source-ip-based" ], "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "sampling-enable":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "counters1":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'all': all; 'dst_tcp_any_exceed': TCP Dst L4-Type Rate: Total Exceeded; 'dst_tcp_pkt_rate_exceed': TCP Dst L4-Type Rate: Packet Exceeded; 'dst_tcp_conn_rate_exceed': TCP Dst L4-Type Rate: Conn Exceeded; 'dst_udp_any_exceed': UDP Dst L4-Type Rate: Total Exceeded; 'dst_udp_pkt_rate_exceed': UDP Dst L4-Type Rate: Packet Exceeded; 'dst_udp_conn_limit_exceed': UDP Dst L4-Type Limit: Conn Exceeded; 'dst_udp_conn_rate_exceed': UDP Dst L4-Type Rate: Conn Exceeded; 'dst_icmp_pkt_rate_exceed': ICMP Dst Rate: Packet Exceeded; 'dst_other_pkt_rate_exceed': OTHER Dst L4-Type Rate: Packet Exceeded; 'dst_other_frag_pkt_rate_exceed': OTHER Dst L4-Type Rate: Frag Exceeded; 'dst_port_pkt_rate_exceed': Port Rate: Packet Exceeded; 'dst_port_conn_limit_exceed': Port Limit: Conn Exceeded; 'dst_port_conn_rate_exceed': Port Rate: Conn Exceeded; 'dst_pkt_sent': Inbound: Packets Forwarded; 'dst_udp_pkt_sent': UDP Total Packets Forwarded; 'dst_tcp_pkt_sent': TCP Total Packets Forwarded; 'dst_icmp_pkt_sent': ICMP Total Packets Forwarded; 'dst_other_pkt_sent': OTHER Total Packets Forwarded; 'dst_tcp_conn_limit_exceed': TCP Dst L4-Type Limit: Conn Exceeded; 'dst_tcp_pkt_rcvd': TCP Total Packets Received; 'dst_udp_pkt_rcvd': UDP Total Packets Received; 'dst_icmp_pkt_rcvd': ICMP Total Packets Received; 'dst_other_pkt_rcvd': OTHER Total Packets Received; 'dst_udp_filter_match': UDP Filter Match; 'dst_udp_filter_not_match': UDP Filter Not Matched on Pkt; 'dst_udp_filter_action_blacklist': UDP Filter Action Blacklist; 'dst_udp_filter_action_drop': UDP Filter Action Drop; 'dst_tcp_syn': TCP Total SYN Received; 'dst_tcp_syn_drop': TCP SYN Packets Dropped; 'dst_tcp_src_rate_drop': TCP Src Rate: Total Exceeded; 'dst_udp_src_rate_drop': UDP Src Rate: Total Exceeded; 'dst_icmp_src_rate_drop': ICMP Src Rate: Total Exceeded; 'dst_other_frag_src_rate_drop': OTHER Src Rate: Frag Exceeded; 'dst_other_src_rate_drop': OTHER Src Rate: Total Exceeded; 'dst_tcp_drop': TCP Total Packets Dropped; 'dst_udp_drop': UDP Total Packets Dropped; 'dst_icmp_drop': ICMP Total Packets Dropped; 'dst_frag_drop': Fragmented Packets Dropped; 'dst_other_drop': OTHER Total Packets Dropped; 'dst_tcp_auth': TCP Auth: SYN Cookie Sent; 'dst_udp_filter_action_default_pass': UDP Filter Action Default Pass; 'dst_tcp_filter_match': TCP Filter Match; 'dst_tcp_filter_not_match': TCP Filter Not Matched on Pkt; 'dst_tcp_filter_action_blacklist': TCP Filter Action Blacklist; 'dst_tcp_filter_action_drop': TCP Filter Action Drop; 'dst_tcp_filter_action_default_pass': TCP Filter Action Default Pass; 'dst_udp_filter_action_whitelist': UDP Filter Action WL; 'dst_over_limit_on': DST overlimit Trigger ON; 'dst_over_limit_off': DST overlimit Trigger OFF; 'dst_port_over_limit_on': DST port overlimit Trigger ON; 'dst_port_over_limit_off': DST port overlimit Trigger OFF; 'dst_over_limit_action': DST overlimit action; 'dst_port_over_limit_action': DST port overlimit action; 'scanning_detected_drop': Scanning Detected drop (deprecated); 'scanning_detected_blacklist': Scanning Detected blacklist (deprecated); 'dst_udp_kibit_rate_drop': UDP Dst L4-Type Rate: KiBit Exceeded; 'dst_tcp_kibit_rate_drop': TCP Dst L4-Type Rate: KiBit Exceeded; 'dst_icmp_kibit_rate_drop': ICMP Dst Rate: KiBit Exceeded; 'dst_other_kibit_rate_drop': OTHER Dst L4-Type Rate: KiBit Exceeded; 'dst_port_undef_drop': Dst Port Undefined Dropped; 'dst_port_bl': Dst Port Blacklist Packets Dropped; 'dst_src_port_bl': Dst SrcPort Blacklist Packets Dropped; 'dst_port_kbit_rate_exceed': Port Rate: KiBit Exceeded; 'dst_tcp_src_drop': TCP Src Packets Dropped; 'dst_udp_src_drop': UDP Src Packets Dropped; 'dst_icmp_src_drop': ICMP Src Packets Dropped; 'dst_other_src_drop': OTHER Src Packets Dropped; 'tcp_syn_rcvd': TCP Inbound SYN Received; 'tcp_syn_ack_rcvd': TCP SYN ACK Received; 'tcp_ack_rcvd': TCP ACK Received; 'tcp_fin_rcvd': TCP FIN Received; 'tcp_rst_rcvd': TCP RST Received; 'ingress_bytes': Inbound: Bytes Received; 'egress_bytes': Outbound: Bytes Received; 'ingress_packets': Inbound: Packets Received; 'egress_packets': Outbound: Packets Received; 'tcp_fwd_recv': TCP Inbound Packets Received; 'udp_fwd_recv': UDP Inbound Packets Received; 'icmp_fwd_recv': ICMP Inbound Packets Received; 'tcp_syn_cookie_fail': TCP Auth: SYN Cookie Failed; 'dst_tcp_session_created': TCP Sessions Created; 'dst_udp_session_created': UDP Sessions Created; 'dst_tcp_filter_action_whitelist': TCP Filter Action WL; 'dst_other_filter_match': OTHER Filter Match; 'dst_other_filter_not_match': OTHER Filter Not Matched on Pkt; 'dst_other_filter_action_blacklist': OTHER Filter Action Blacklist; 'dst_other_filter_action_drop': OTHER Filter Action Drop; 'dst_other_filter_action_whitelist': OTHER Filter Action WL; 'dst_other_filter_action_default_pass': OTHER Filter Action Default Pass; 'dst_blackhole_inject': Dst Blackhole Inject; 'dst_blackhole_withdraw': Dst Blackhole Withdraw; 'dst_tcp_out_of_seq_excd': TCP Out-Of-Seq Exceeded; 'dst_tcp_retransmit_excd': TCP Retransmit Exceeded; 'dst_tcp_zero_window_excd': TCP Zero-Window Exceeded; 'dst_tcp_conn_prate_excd': TCP Rate: Conn Pkt Exceeded; 'dst_tcp_action_on_ack_init': TCP Auth: ACK Retry Init; 'dst_tcp_action_on_ack_gap_drop': TCP Auth: ACK Retry Retry-Gap Dropped; 'dst_tcp_action_on_ack_fail': TCP Auth: ACK Retry Dropped; 'dst_tcp_action_on_ack_pass': TCP Auth: ACK Retry Passed; 'dst_tcp_action_on_syn_init': TCP Auth: SYN Retry Init; 'dst_tcp_action_on_syn_gap_drop': TCP Auth: SYN Retry-Gap Dropped; 'dst_tcp_action_on_syn_fail': TCP Auth: SYN Retry Dropped; 'dst_tcp_action_on_syn_pass': TCP Auth: SYN Retry Passed; 'udp_payload_too_small': UDP Payload Too Small; 'udp_payload_too_big': UDP Payload Too Large; 'dst_udp_conn_prate_excd': UDP Rate: Conn Pkt Exceeded; 'dst_udp_ntp_monlist_req': UDP NTP Monlist Request; 'dst_udp_ntp_monlist_resp': UDP NTP Monlist Response; 'dst_udp_wellknown_sport_drop': UDP SrcPort Wellknown; 'dst_udp_retry_init': UDP Auth: Retry Init; 'dst_udp_retry_pass': UDP Auth: Retry Passed; 'dst_tcp_bytes_drop': TCP Total Bytes Dropped; 'dst_udp_bytes_drop': UDP Total Bytes Dropped; 'dst_icmp_bytes_drop': ICMP Total Bytes Dropped; 'dst_other_bytes_drop': OTHER Total Bytes Dropped; 'dst_out_no_route': Dst IPv4/v6 Out No Route; 'outbound_bytes_sent': Outbound: Bytes Forwarded; 'outbound_pkt_drop': Outbound: Packets Dropped; 'outbound_bytes_drop': Outbound: Bytes Dropped; 'outbound_pkt_sent': Outbound: Packets Forwarded; 'inbound_bytes_sent': Inbound: Bytes Forwarded; 'inbound_bytes_drop': Inbound: Bytes Dropped; 'dst_src_port_pkt_rate_exceed': SrcPort Rate: Packet Exceeded; 'dst_src_port_kbit_rate_exceed': SrcPort Rate: KiBit Exceeded; 'dst_src_port_conn_limit_exceed': SrcPort Limit: Conn Exceeded; 'dst_src_port_conn_rate_exceed': SrcPort Rate: Conn Exceeded; 'dst_ip_proto_pkt_rate_exceed': IP-Proto Rate: Packet Exceeded; 'dst_ip_proto_kbit_rate_exceed': IP-Proto Rate: KiBit Exceeded; 'dst_tcp_port_any_exceed': TCP Port Rate: Total Exceed; 'dst_udp_port_any_exceed': UDP Port Rate: Total Exceed; 'dst_tcp_auth_pass': TCP Auth: SYN Auth Passed; 'dst_tcp_rst_cookie_fail': TCP Auth: RST Cookie Failed; 'dst_tcp_unauth_drop': TCP Auth: Unauth Dropped; 'src_tcp_syn_auth_fail': Src TCP Auth: SYN Auth Failed; 'src_tcp_syn_cookie_sent': Src TCP Auth: SYN Cookie Sent; 'src_tcp_syn_cookie_fail': Src TCP Auth: SYN Cookie Failed; 'src_tcp_rst_cookie_fail': Src TCP Auth: RST Cookie Failed; 'src_tcp_unauth_drop': Src TCP Auth: Unauth Dropped; 'src_tcp_action_on_syn_init': Src TCP Auth: SYN Retry Init; ", "enum":[ "all", "dst_tcp_any_exceed", "dst_tcp_pkt_rate_exceed", "dst_tcp_conn_rate_exceed", "dst_udp_any_exceed", "dst_udp_pkt_rate_exceed", "dst_udp_conn_limit_exceed", "dst_udp_conn_rate_exceed", "dst_icmp_pkt_rate_exceed", "dst_other_pkt_rate_exceed", "dst_other_frag_pkt_rate_exceed", "dst_port_pkt_rate_exceed", "dst_port_conn_limit_exceed", "dst_port_conn_rate_exceed", "dst_pkt_sent", "dst_udp_pkt_sent", "dst_tcp_pkt_sent", "dst_icmp_pkt_sent", "dst_other_pkt_sent", "dst_tcp_conn_limit_exceed", "dst_tcp_pkt_rcvd", "dst_udp_pkt_rcvd", "dst_icmp_pkt_rcvd", "dst_other_pkt_rcvd", "dst_udp_filter_match", "dst_udp_filter_not_match", "dst_udp_filter_action_blacklist", "dst_udp_filter_action_drop", "dst_tcp_syn", "dst_tcp_syn_drop", "dst_tcp_src_rate_drop", "dst_udp_src_rate_drop", "dst_icmp_src_rate_drop", "dst_other_frag_src_rate_drop", "dst_other_src_rate_drop", "dst_tcp_drop", "dst_udp_drop", "dst_icmp_drop", "dst_frag_drop", "dst_other_drop", "dst_tcp_auth", "dst_udp_filter_action_default_pass", "dst_tcp_filter_match", "dst_tcp_filter_not_match", "dst_tcp_filter_action_blacklist", "dst_tcp_filter_action_drop", "dst_tcp_filter_action_default_pass", "dst_udp_filter_action_whitelist", "dst_over_limit_on", "dst_over_limit_off", "dst_port_over_limit_on", "dst_port_over_limit_off", "dst_over_limit_action", "dst_port_over_limit_action", "scanning_detected_drop", "scanning_detected_blacklist", "dst_udp_kibit_rate_drop", "dst_tcp_kibit_rate_drop", "dst_icmp_kibit_rate_drop", "dst_other_kibit_rate_drop", "dst_port_undef_drop", "dst_port_bl", "dst_src_port_bl", "dst_port_kbit_rate_exceed", "dst_tcp_src_drop", "dst_udp_src_drop", "dst_icmp_src_drop", "dst_other_src_drop", "tcp_syn_rcvd", "tcp_syn_ack_rcvd", "tcp_ack_rcvd", "tcp_fin_rcvd", "tcp_rst_rcvd", "ingress_bytes", "egress_bytes", "ingress_packets", "egress_packets", "tcp_fwd_recv", "udp_fwd_recv", "icmp_fwd_recv", "tcp_syn_cookie_fail", "dst_tcp_session_created", "dst_udp_session_created", "dst_tcp_filter_action_whitelist", "dst_other_filter_match", "dst_other_filter_not_match", "dst_other_filter_action_blacklist", "dst_other_filter_action_drop", "dst_other_filter_action_whitelist", "dst_other_filter_action_default_pass", "dst_blackhole_inject", "dst_blackhole_withdraw", "dst_tcp_out_of_seq_excd", "dst_tcp_retransmit_excd", "dst_tcp_zero_window_excd", "dst_tcp_conn_prate_excd", "dst_tcp_action_on_ack_init", "dst_tcp_action_on_ack_gap_drop", "dst_tcp_action_on_ack_fail", "dst_tcp_action_on_ack_pass", "dst_tcp_action_on_syn_init", "dst_tcp_action_on_syn_gap_drop", "dst_tcp_action_on_syn_fail", "dst_tcp_action_on_syn_pass", "udp_payload_too_small", "udp_payload_too_big", "dst_udp_conn_prate_excd", "dst_udp_ntp_monlist_req", "dst_udp_ntp_monlist_resp", "dst_udp_wellknown_sport_drop", "dst_udp_retry_init", "dst_udp_retry_pass", "dst_tcp_bytes_drop", "dst_udp_bytes_drop", "dst_icmp_bytes_drop", "dst_other_bytes_drop", "dst_out_no_route", "outbound_bytes_sent", "outbound_pkt_drop", "outbound_bytes_drop", "outbound_pkt_sent", "inbound_bytes_sent", "inbound_bytes_drop", "dst_src_port_pkt_rate_exceed", "dst_src_port_kbit_rate_exceed", "dst_src_port_conn_limit_exceed", "dst_src_port_conn_rate_exceed", "dst_ip_proto_pkt_rate_exceed", "dst_ip_proto_kbit_rate_exceed", "dst_tcp_port_any_exceed", "dst_udp_port_any_exceed", "dst_tcp_auth_pass", "dst_tcp_rst_cookie_fail", "dst_tcp_unauth_drop", "src_tcp_syn_auth_fail", "src_tcp_syn_cookie_sent", "src_tcp_syn_cookie_fail", "src_tcp_rst_cookie_fail", "src_tcp_unauth_drop", "src_tcp_action_on_syn_init" ] }, "counters2":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'src_tcp_action_on_syn_gap_drop': Src TCP Auth: SYN Retry-Gap Dropped; 'src_tcp_action_on_syn_fail': Src TCP Auth: SYN Retry Dropped; 'src_tcp_action_on_ack_init': Src TCP Auth: ACK Retry Init; 'src_tcp_action_on_ack_gap_drop': Src TCP Auth: ACK Retry Retry-Gap Dropped; 'src_tcp_action_on_ack_fail': Src TCP Auth: ACK Retry Dropped; 'src_tcp_out_of_seq_excd': Src TCP Out-Of-Seq Exceeded; 'src_tcp_retransmit_excd': Src TCP Retransmit Exceeded; 'src_tcp_zero_window_excd': Src TCP Zero-Window Exceeded; 'src_tcp_conn_prate_excd': Src TCP Rate: Conn Pkt Exceeded; 'src_udp_min_payload': Src UDP Payload Too Small; 'src_udp_max_payload': Src UDP Payload Too Large; 'src_udp_conn_prate_excd': Src UDP Rate: Conn Pkt Exceeded; 'src_udp_ntp_monlist_req': Src UDP NTP Monlist Request; 'src_udp_ntp_monlist_resp': Src UDP NTP Monlist Response; 'src_udp_wellknown_sport_drop': Src UDP SrcPort Wellknown; 'src_udp_retry_init': Src UDP Auth: Retry Init; 'dst_udp_retry_gap_drop': UDP Auth: Retry-Gap Dropped; 'dst_udp_retry_fail': UDP Auth: Retry Timeout; 'dst_tcp_session_aged': TCP Sessions Aged; 'dst_udp_session_aged': UDP Sessions Aged; 'dst_tcp_conn_close': TCP Connections Closed; 'dst_tcp_conn_close_half_open': TCP Half Open Connections Closed; 'dst_l4_tcp_auth': TCP Dst L4-Type Auth: SYN Cookie Sent; 'tcp_l4_syn_cookie_fail': TCP Dst L4-Type Auth: SYN Cookie Failed; 'tcp_l4_rst_cookie_fail': TCP Dst L4-Type Auth: RST Cookie Failed; 'tcp_l4_unauth_drop': TCP Dst L4-Type Auth: Unauth Dropped; 'dst_drop_frag_pkt': Dst Fragmented Packets Dropped; 'src_tcp_filter_action_blacklist': Src TCP Filter Action Blacklist; 'src_tcp_filter_action_whitelist': Src TCP Filter Action WL; 'src_tcp_filter_action_drop': Src TCP Filter Action Drop; 'src_tcp_filter_action_default_pass': Src TCP Filter Action Default Pass; 'src_udp_filter_action_blacklist': Src UDP Filter Action Blacklist; 'src_udp_filter_action_whitelist': Src UDP Filter Action WL; 'src_udp_filter_action_drop': Src UDP Filter Action Drop; 'src_udp_filter_action_default_pass': Src UDP Filter Action Default Pass; 'src_other_filter_action_blacklist': Src OTHER Filter Action Blacklist; 'src_other_filter_action_whitelist': Src OTHER Filter Action WL; 'src_other_filter_action_drop': Src OTHER Filter Action Drop; 'src_other_filter_action_default_pass': Src OTHER Filter Action Default Pass; 'tcp_invalid_syn': TCP Invalid SYN Received; 'dst_tcp_conn_close_w_rst': TCP RST Connections Closed; 'dst_tcp_conn_close_w_fin': TCP FIN Connections Closed; 'dst_tcp_conn_close_w_idle': TCP Idle Connections Closed; 'dst_tcp_conn_create_from_syn': TCP Connections Created From SYN; 'dst_tcp_conn_create_from_ack': TCP Connections Created From ACK; 'src_frag_drop': Src Fragmented Packets Dropped; 'dst_l4_tcp_blacklist_drop': Dst L4-type TCP Blacklist Dropped; 'dst_l4_udp_blacklist_drop': Dst L4-type UDP Blacklist Dropped; 'dst_l4_icmp_blacklist_drop': Dst L4-type ICMP Blacklist Dropped; 'dst_l4_other_blacklist_drop': Dst L4-type OTHER Blacklist Dropped; 'src_l4_tcp_blacklist_drop': Src L4-type TCP Blacklist Dropped; 'src_l4_udp_blacklist_drop': Src L4-type UDP Blacklist Dropped; 'src_l4_icmp_blacklist_drop': Src L4-type ICMP Blacklist Dropped; 'src_l4_other_blacklist_drop': Src L4-type OTHER Blacklist Dropped; 'drop_frag_timeout_drop': Fragment Reassemble Timeout Drop; 'dst_port_kbit_rate_exceed_pkt': Port Rate: KiBit Pkt Exceeded; 'dst_tcp_bytes_rcv': TCP Total Bytes Received; 'dst_udp_bytes_rcv': UDP Total Bytes Received; 'dst_icmp_bytes_rcv': ICMP Total Bytes Received; 'dst_other_bytes_rcv': OTHER Total Bytes Received; 'dst_tcp_bytes_sent': TCP Total Bytes Forwarded; 'dst_udp_bytes_sent': UDP Total Bytes Forwarded; 'dst_icmp_bytes_sent': ICMP Total Bytes Forwarded; 'dst_other_bytes_sent': OTHER Total Bytes Forwarded; 'dst_udp_auth_drop': UDP Auth: Dropped; 'dst_tcp_auth_drop': TCP Auth: Dropped; 'dst_tcp_auth_resp': TCP Auth: Responded; 'inbound_pkt_drop': Inbound: Packets Dropped; 'dst_entry_pkt_rate_exceed': Entry Rate: Packet Exceeded; 'dst_entry_kbit_rate_exceed': Entry Rate: KiBit Exceeded; 'dst_entry_conn_limit_exceed': Entry Limit: Conn Exceeded; 'dst_entry_conn_rate_exceed': Entry Rate: Conn Exceeded; 'dst_entry_frag_pkt_rate_exceed': Entry Rate: Frag Packet Exceeded; 'dst_icmp_any_exceed': ICMP Rate: Total Exceed; 'dst_other_any_exceed': OTHER Rate: Total Exceed; 'src_dst_pair_entry_total': Src-Dst Pair Entry Total Count; 'src_dst_pair_entry_udp': Src-Dst Pair Entry UDP Count; 'src_dst_pair_entry_tcp': Src-Dst Pair Entry TCP Count; 'src_dst_pair_entry_icmp': Src-Dst Pair Entry ICMP Count; 'src_dst_pair_entry_other': Src-Dst Pair Entry OTHER Count; 'dst_clist_overflow_policy_at_learning': Dst Src-Based Overflow Policy Hit; 'tcp_rexmit_syn_limit_drop': TCP SYN Retransmit Exceeded Drop; 'tcp_rexmit_syn_limit_bl': TCP SYN Retransmit Exceeded Blacklist; 'dst_tcp_wellknown_sport_drop': TCP SrcPort Wellknown; 'src_tcp_wellknown_sport_drop': Src TCP SrcPort Wellknown; 'dst_frag_rcvd': Fragmented Packets Received; 'no_policy_class_list_match': No Policy Class-list Match; 'src_udp_retry_gap_drop': Src UDP Auth: Retry-Gap Dropped; 'dst_entry_kbit_rate_exceed_count': Entry Rate: KiBit Exceeded Count; 'dst_port_undef_hit': Dst Port Undefined Hit; 'dst_tcp_action_on_ack_timeout': TCP Auth: ACK Retry Timeout; 'dst_tcp_action_on_ack_reset': TCP Auth: ACK Retry Timeout Reset; 'dst_tcp_action_on_ack_blacklist': TCP Auth: ACK Retry Timeout Blacklisted; 'src_tcp_action_on_ack_timeout': Src TCP Auth: ACK Retry Timeout; 'src_tcp_action_on_ack_reset': Src TCP Auth: ACK Retry Timeout Reset; 'src_tcp_action_on_ack_blacklist': Src TCP Auth: ACK Retry Timeout Blacklisted; 'dst_tcp_action_on_syn_timeout': TCP Auth: SYN Retry Timeout; 'dst_tcp_action_on_syn_reset': TCP Auth: SYN Retry Timeout Reset; 'dst_tcp_action_on_syn_blacklist': TCP Auth: SYN Retry Timeout Blacklisted; 'src_tcp_action_on_syn_timeout': Src TCP Auth: SYN Retry Timeout; 'src_tcp_action_on_syn_reset': Src TCP Auth: SYN Retry Timeout Reset; 'src_tcp_action_on_syn_blacklist': Src TCP Auth: SYN Retry Timeout Blacklisted; 'dst_udp_frag_pkt_rate_exceed': UDP Dst L4-Type Rate: Frag Exceeded; 'dst_udp_frag_src_rate_drop': UDP Src Rate: Frag Exceeded; 'dst_tcp_frag_pkt_rate_exceed': TCP Dst L4-Type Rate: Frag Exceeded; 'dst_tcp_frag_src_rate_drop': TCP Src Rate: Frag Exceeded; 'dst_icmp_frag_pkt_rate_exceed': ICMP Dst L4-Type Rate: Frag Exceeded; 'dst_icmp_frag_src_rate_drop': ICMP Src Rate: Frag Exceeded; 'sflow_internal_samples_packed': Sflow Internal Samples Packed; 'sflow_external_samples_packed': Sflow External Samples Packed; 'sflow_internal_packets_sent': Sflow Internal Packets Sent; 'sflow_external_packets_sent': Sflow External Packets Sent; 'dns_outbound_total_query': DNS Outbound Total Query; 'dns_outbound_query_malformed': DNS Outbound Query Malformed; 'dns_outbound_query_resp_chk_failed': DNS Outbound Query Resp Check Failed; 'dns_outbound_query_resp_chk_blacklisted': DNS Outbound Query Resp Check Blacklisted; 'dns_outbound_query_resp_chk_refused_sent': DNS Outbound Query Resp Check REFUSED Sent; 'dns_outbound_query_resp_chk_reset_sent': DNS Outbound Query Resp Check RESET Sent; 'dns_outbound_query_resp_chk_no_resp_sent': DNS Outbound Query Resp Check No Response Sent; 'dns_outbound_query_resp_size_exceed': DNS Outbound Query Response Size Exceed; 'dns_outbound_query_sess_timed_out': DNS Outbound Query Session Timed Out; 'dst_exceed_action_tunnel': Entry Exceed Action: Tunnel; 'src_udp_auth_timeout': Src UDP Auth: Retry Timeout; 'src_udp_retry_pass': Src UDP Retry Passed; ", "enum":[ "src_tcp_action_on_syn_gap_drop", "src_tcp_action_on_syn_fail", "src_tcp_action_on_ack_init", "src_tcp_action_on_ack_gap_drop", "src_tcp_action_on_ack_fail", "src_tcp_out_of_seq_excd", "src_tcp_retransmit_excd", "src_tcp_zero_window_excd", "src_tcp_conn_prate_excd", "src_udp_min_payload", "src_udp_max_payload", "src_udp_conn_prate_excd", "src_udp_ntp_monlist_req", "src_udp_ntp_monlist_resp", "src_udp_wellknown_sport_drop", "src_udp_retry_init", "dst_udp_retry_gap_drop", "dst_udp_retry_fail", "dst_tcp_session_aged", "dst_udp_session_aged", "dst_tcp_conn_close", "dst_tcp_conn_close_half_open", "dst_l4_tcp_auth", "tcp_l4_syn_cookie_fail", "tcp_l4_rst_cookie_fail", "tcp_l4_unauth_drop", "dst_drop_frag_pkt", "src_tcp_filter_action_blacklist", "src_tcp_filter_action_whitelist", "src_tcp_filter_action_drop", "src_tcp_filter_action_default_pass", "src_udp_filter_action_blacklist", "src_udp_filter_action_whitelist", "src_udp_filter_action_drop", "src_udp_filter_action_default_pass", "src_other_filter_action_blacklist", "src_other_filter_action_whitelist", "src_other_filter_action_drop", "src_other_filter_action_default_pass", "tcp_invalid_syn", "dst_tcp_conn_close_w_rst", "dst_tcp_conn_close_w_fin", "dst_tcp_conn_close_w_idle", "dst_tcp_conn_create_from_syn", "dst_tcp_conn_create_from_ack", "src_frag_drop", "dst_l4_tcp_blacklist_drop", "dst_l4_udp_blacklist_drop", "dst_l4_icmp_blacklist_drop", "dst_l4_other_blacklist_drop", "src_l4_tcp_blacklist_drop", "src_l4_udp_blacklist_drop", "src_l4_icmp_blacklist_drop", "src_l4_other_blacklist_drop", "drop_frag_timeout_drop", "dst_port_kbit_rate_exceed_pkt", "dst_tcp_bytes_rcv", "dst_udp_bytes_rcv", "dst_icmp_bytes_rcv", "dst_other_bytes_rcv", "dst_tcp_bytes_sent", "dst_udp_bytes_sent", "dst_icmp_bytes_sent", "dst_other_bytes_sent", "dst_udp_auth_drop", "dst_tcp_auth_drop", "dst_tcp_auth_resp", "inbound_pkt_drop", "dst_entry_pkt_rate_exceed", "dst_entry_kbit_rate_exceed", "dst_entry_conn_limit_exceed", "dst_entry_conn_rate_exceed", "dst_entry_frag_pkt_rate_exceed", "dst_icmp_any_exceed", "dst_other_any_exceed", "src_dst_pair_entry_total", "src_dst_pair_entry_udp", "src_dst_pair_entry_tcp", "src_dst_pair_entry_icmp", "src_dst_pair_entry_other", "dst_clist_overflow_policy_at_learning", "tcp_rexmit_syn_limit_drop", "tcp_rexmit_syn_limit_bl", "dst_tcp_wellknown_sport_drop", "src_tcp_wellknown_sport_drop", "dst_frag_rcvd", "no_policy_class_list_match", "src_udp_retry_gap_drop", "dst_entry_kbit_rate_exceed_count", "dst_port_undef_hit", "dst_tcp_action_on_ack_timeout", "dst_tcp_action_on_ack_reset", "dst_tcp_action_on_ack_blacklist", "src_tcp_action_on_ack_timeout", "src_tcp_action_on_ack_reset", "src_tcp_action_on_ack_blacklist", "dst_tcp_action_on_syn_timeout", "dst_tcp_action_on_syn_reset", "dst_tcp_action_on_syn_blacklist", "src_tcp_action_on_syn_timeout", "src_tcp_action_on_syn_reset", "src_tcp_action_on_syn_blacklist", "dst_udp_frag_pkt_rate_exceed", "dst_udp_frag_src_rate_drop", "dst_tcp_frag_pkt_rate_exceed", "dst_tcp_frag_src_rate_drop", "dst_icmp_frag_pkt_rate_exceed", "dst_icmp_frag_src_rate_drop", "sflow_internal_samples_packed", "sflow_external_samples_packed", "sflow_internal_packets_sent", "sflow_external_packets_sent", "dns_outbound_total_query", "dns_outbound_query_malformed", "dns_outbound_query_resp_chk_failed", "dns_outbound_query_resp_chk_blacklisted", "dns_outbound_query_resp_chk_refused_sent", "dns_outbound_query_resp_chk_reset_sent", "dns_outbound_query_resp_chk_no_resp_sent", "dns_outbound_query_resp_size_exceed", "dns_outbound_query_sess_timed_out", "dst_exceed_action_tunnel", "src_udp_auth_timeout", "src_udp_retry_pass" ] }, "counters3":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'dst_hw_drop_rule_insert': Dst Hardware Drop Rules Inserted; 'dst_hw_drop_rule_remove': Dst Hardware Drop Rules Removed; 'src_hw_drop_rule_insert': Src Hardware Drop Rules Inserted; 'src_hw_drop_rule_remove': Src Hardware Drop Rules Removed; 'prog_first_req_time_exceed': Req-Resp: First Request Time Exceed; 'prog_req_resp_time_exceed': Req-Resp: Request to Response Time Exceed; 'prog_request_len_exceed': Req-Resp: Request Length Exceed; 'prog_response_len_exceed': Req-Resp: Response Length Exceed; 'prog_resp_req_ratio_exceed': Req-Resp: Response to Request Ratio Exceed; 'prog_resp_req_time_exceed': Req-Resp: Response to Request Time Exceed; 'entry_sync_message_received': Entry Sync Message Received; 'entry_sync_message_sent': Entry Sync Message Sent; 'prog_conn_sent_exceed': Connection: Sent Exceed; 'prog_conn_rcvd_exceed': Connection: Received Exceed; 'prog_conn_time_exceed': Connection: Time Exceed; 'prog_conn_rcvd_sent_ratio_exceed': Connection: Received to Sent Ratio Exceed; 'prog_win_sent_exceed': Time Window: Sent Exceed; 'prog_win_rcvd_exceed': Time Window: Received Exceed; 'prog_win_rcvd_sent_ratio_exceed': Time Window: Received to Sent Exceed; 'prog_exceed_drop': Req-Resp: Violation Exceed Dropped; 'prog_exceed_bl': Req-Resp: Violation Exceed Blacklisted; 'prog_conn_exceed_drop': Connection: Violation Exceed Dropped; 'prog_conn_exceed_bl': Connection: Violation Exceed Blacklisted; 'prog_win_exceed_drop': Time Window: Violation Exceed Dropped; 'prog_win_exceed_bl': Time Window: Violation Exceed Blacklisted; 'dst_exceed_action_drop': Entry Exceed Action: Dropped; 'prog_conn_samples': Sample Collected: Connection; 'prog_req_samples': Sample Collected: Req-Resp; 'prog_win_samples': Sample Collected: Time Window; 'prog_conn_samples_processed': Sample Processed: Connnection; 'prog_req_samples_processed': Sample Processed: Req-Resp; 'prog_win_samples_processed': Sample Processed: Time Window; 'src_hw_drop': Src Hardware Packets Dropped; 'dst_tcp_auth_rst': TCP Auth: Reset; 'dst_src_learn_overflow': Src Dynamic Entry Count Overflow; 'tcp_fwd_sent': TCP Inbound Packets Forwarded; 'udp_fwd_sent': UDP Inbound Packets Forwarded; ", "enum":[ "dst_hw_drop_rule_insert", "dst_hw_drop_rule_remove", "src_hw_drop_rule_insert", "src_hw_drop_rule_remove", "prog_first_req_time_exceed", "prog_req_resp_time_exceed", "prog_request_len_exceed", "prog_response_len_exceed", "prog_resp_req_ratio_exceed", "prog_resp_req_time_exceed", "entry_sync_message_received", "entry_sync_message_sent", "prog_conn_sent_exceed", "prog_conn_rcvd_exceed", "prog_conn_time_exceed", "prog_conn_rcvd_sent_ratio_exceed", "prog_win_sent_exceed", "prog_win_rcvd_exceed", "prog_win_rcvd_sent_ratio_exceed", "prog_exceed_drop", "prog_exceed_bl", "prog_conn_exceed_drop", "prog_conn_exceed_bl", "prog_win_exceed_drop", "prog_win_exceed_bl", "dst_exceed_action_drop", "prog_conn_samples", "prog_req_samples", "prog_win_samples", "prog_conn_samples_processed", "prog_req_samples_processed", "prog_win_samples_processed", "src_hw_drop", "dst_tcp_auth_rst", "dst_src_learn_overflow", "tcp_fwd_sent", "udp_fwd_sent" ] } } } ] }, "capture-config-list":{ "type":"array", "minItems":1, "items":{ "type":"capture-config" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/entry/{dst-entry-name}/capture-config/{name}", "array":[ { "properties":{ "name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "$ref":"/axapi/v3/capture-config", "description":"Capture-config name", "optional":false }, "mode":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'drop': Apply capture-config to dropped packets; 'forward': Apply capture-config to forwarded packets; 'all': Apply capture-config to both dropped and forwarded packets; ", "enum":[ "drop", "forward", "all" ], "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true } }, "required":[ "name" ] } ] }, "hw-blacklist-blocking":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/entry/{dst-entry-name}/hw-blacklist-blocking", "properties":{ "dst-enable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable Dst side hardware blocking" }, "src-enable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable Src side hardware blocking" }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "topk-destinations":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/entry/{dst-entry-name}/topk-destinations", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "l4-type-list":{ "type":"array", "minItems":1, "items":{ "type":"l4-type" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/entry/{dst-entry-name}/l4-type/{protocol}", "array":[ { "properties":{ "protocol":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'tcp': L4-Type TCP; 'udp': L4-Type UDP; 'icmp': L4-Type ICMP; 'other': L4-Type OTHER; ", "enum":[ "tcp", "udp", "icmp", "other" ], "optional":false }, "glid":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "glid-exceed-action":{ "type":"object", "properties":{ "stateless-encap-action-cfg":{ "type":"object", "properties":{ "stateless-encap-action":{ "type":"string", "format":"enum", "plat-neg-list":["softax-ddet"], "partition-visibility":"shared", "description":"'stateless-tunnel-encap': Encapsulate all packets; 'stateless-tunnel-encap-scrubbed': Encapsulate all packets and allow packets to go through other DDoS checks before sent (conn-limit exceeded packet can not be scrubbed, it will default to stateless-tunnel-encap); ", "enum":[ "stateless-tunnel-encap", "stateless-tunnel-encap-scrubbed" ] }, "encap-template":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":128, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/template/encap", "description":"Apply legacy encap template for encap action" } } } } }, "deny":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Blacklist and Drop all incoming packets for protocol", "optional":true }, "max-rexmit-syn-per-flow":{ "type":"number", "format":"number", "plat-neg-list":["softax-ddet"], "minimum":1, "maximum":6, "partition-visibility":"shared", "description":"Maximum number of re-transmit SYN per flow", "optional":true }, "max-rexmit-syn-per-flow-exceed-action":{ "type":"string", "format":"enum", "plat-neg-list":["softax-ddet"], "partition-visibility":"shared", "description":"'drop': Drop the packet; 'black-list': Add the source IP into black list; ", "enum":[ "drop", "black-list" ], "optional":true }, "disable-syn-auth":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Disable TCP SYN Authentication", "optional":true }, "syn-auth":{ "type":"string", "format":"enum", "plat-neg-list":["softax-ddet"], "default":"send-rst", "partition-visibility":"shared", "description":"'send-rst': Send RST to client upon client ACK; 'force-rst-by-ack': Force client RST via the use of ACK; 'force-rst-by-synack': Force client RST via the use of bad SYN|ACK; 'disable': Disable TCP SYN Authentication; ", "enum":[ "send-rst", "force-rst-by-ack", "force-rst-by-synack", "disable" ], "optional":true }, "syn-cookie":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Enable SYN Cookie", "optional":true }, "tcp-reset-client":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Send reset to client when rate exceeds or session ages out", "optional":true }, "tcp-reset-server":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Send reset to server when rate exceeds or session ages out", "optional":true }, "drop-on-no-port-match":{ "type":"string", "format":"enum", "plat-neg-list":["softax-ddet"], "default":"enable", "partition-visibility":"shared", "description":"'disable': disable; 'enable': enable; ", "enum":[ "disable", "enable" ], "optional":true }, "stateful":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Enable stateful tracking of sessions (Default is stateless)", "optional":true }, "tunnel-decap":{ "type":"object", "properties":{ "ip-decap":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Enable IP Tunnel decapsulation" }, "gre-decap":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Enable GRE Tunnel decapsulation" }, "key-cfg":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "key":{ "type":"string", "format":"string", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":10, "partition-visibility":"shared", "description":"Only decapsulate GRE packet with this key (Hexadecimal 0x0-0xFFFFFFFF,decimal 0-4294967295)" } } } ] } } }, "tunnel-rate-limit":{ "type":"object", "properties":{ "ip-rate-limit":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Enable inner IP rate limiting on IPinIP traffic" }, "gre-rate-limit":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Enable inner IP rate limiting on GRE traffic" } } }, "drop-frag-pkt":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Drop fragmented packets", "optional":true }, "undefined-port-hit-statistics":{ "type":"object", "properties":{ "undefined-port-hit-statistics":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Enable port scanning statistics" }, "reset-interval":{ "type":"number", "format":"number", "plat-neg-list":["softax-ddet"], "minimum":1, "maximum":64000, "default":60, "partition-visibility":"shared", "description":"Configure port scanning counter reset interval (minutes), Default 60 mins" } } }, "template":{ "type":"object", "properties":{ "template-icmp-v4":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS icmp-v4 template" }, "template-icmp-v6":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS icmp-v6 template" } } }, "detection-enable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable ddos detection", "optional":true }, "enable-top-k":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable ddos top-k entries", "optional":true }, "topk-num-records":{ "type":"number", "format":"number", "minimum":1, "maximum":100, "default":20, "partition-visibility":"shared", "description":"Maximum number of records to show in topk", "optional":true }, "set-counter-base-val":{ "type":"number", "format":"number", "plat-neg-list":["softax-ddet"], "minimum":1, "maximum":4294967295, "partition-visibility":"shared", "description":"Set T2 counter value of current context to specified value", "optional":true }, "ip-filtering-policy":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/ip-filtering-policy", "description":"Configure IP Filter", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "ip-filtering-policy-oper":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/entry/{dst-entry-name}/l4-type/{protocol}/ip-filtering-policy-oper", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "port-ind":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/entry/{dst-entry-name}/l4-type/{protocol}/port-ind", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" }, "sampling-enable":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "counters1":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'all': all; 'ip-proto-type': IP Protocol Type; 'ddet_ind_pkt_rate_current': Pkt Rate Current; 'ddet_ind_pkt_rate_min': Pkt Rate Min; 'ddet_ind_pkt_rate_max': Pkt Rate Max; 'ddet_ind_pkt_drop_rate_current': Pkt Drop Rate Current; 'ddet_ind_pkt_drop_rate_min': Pkt Drop Rate Min; 'ddet_ind_pkt_drop_rate_max': Pkt Drop Rate Max; 'ddet_ind_syn_rate_current': TCP SYN Rate Current; 'ddet_ind_syn_rate_min': TCP SYN Rate Min; 'ddet_ind_syn_rate_max': TCP SYN Rate Max; 'ddet_ind_fin_rate_current': TCP FIN Rate Current; 'ddet_ind_fin_rate_min': TCP FIN Rate Min; 'ddet_ind_fin_rate_max': TCP FIN Rate Max; 'ddet_ind_rst_rate_current': TCP RST Rate Current; 'ddet_ind_rst_rate_min': TCP RST Rate Min; 'ddet_ind_rst_rate_max': TCP RST Rate Max; 'ddet_ind_small_window_ack_rate_current': TCP Small Window ACK Rate Current; 'ddet_ind_small_window_ack_rate_min': TCP Small Window ACK Rate Min; 'ddet_ind_small_window_ack_rate_max': TCP Small Window ACK Rate Max; 'ddet_ind_empty_ack_rate_current': TCP Empty ACK Rate Current; 'ddet_ind_empty_ack_rate_min': TCP Empty ACK Rate Min; 'ddet_ind_empty_ack_rate_max': TCP Empty ACK Rate Max; 'ddet_ind_small_payload_rate_current': TCP Small Payload Rate Current; 'ddet_ind_small_payload_rate_min': TCP Small Payload Rate Min; 'ddet_ind_small_payload_rate_max': TCP Small Payload Rate Max; 'ddet_ind_pkt_drop_ratio_current': Pkt Drop / Pkt Rcvd Current; 'ddet_ind_pkt_drop_ratio_min': Pkt Drop / Pkt Rcvd Min; 'ddet_ind_pkt_drop_ratio_max': Pkt Drop / Pkt Rcvd Max; 'ddet_ind_inb_per_outb_current': Bytes-to / Bytes-from Current; 'ddet_ind_inb_per_outb_min': Bytes-to / Bytes-from Min; 'ddet_ind_inb_per_outb_max': Bytes-to / Bytes-from Max; 'ddet_ind_syn_per_fin_rate_current': TCP SYN Rate / FIN Rate Current; 'ddet_ind_syn_per_fin_rate_min': TCP SYN Rate / FIN Rate Min; 'ddet_ind_syn_per_fin_rate_max': TCP SYN Rate / FIN Rate Max; 'ddet_ind_conn_miss_rate_current': TCP Session Miss Rate Current; 'ddet_ind_conn_miss_rate_min': TCP Session Miss Rate Min; 'ddet_ind_conn_miss_rate_max': TCP Session Miss Rate Max; 'ddet_ind_concurrent_conns_current': TCP/UDP Concurrent Sessions Current; 'ddet_ind_concurrent_conns_min': TCP/UDP Concurrent Sessions Min; 'ddet_ind_concurrent_conns_max': TCP/UDP Concurrent Sessions Max; 'ddet_ind_data_cpu_util_current': Data CPU Utilization Current; 'ddet_ind_data_cpu_util_min': Data CPU Utilization Min; 'ddet_ind_data_cpu_util_max': Data CPU Utilization Max; 'ddet_ind_outside_intf_util_current': Outside Interface Utilization Current; 'ddet_ind_outside_intf_util_min': Outside Interface Utilization Min; 'ddet_ind_outside_intf_util_max': Outside Interface Utilization Max; 'ddet_ind_frag_rate_current': Frag Pkt Rate Current; 'ddet_ind_frag_rate_min': Frag Pkt Rate Min; 'ddet_ind_frag_rate_max': Frag Pkt Rate Max; 'ddet_ind_bit_rate_current': Bit Rate Current; 'ddet_ind_bit_rate_min': Bit Rate Min; 'ddet_ind_bit_rate_max': Bit Rate Max; ", "enum":[ "all", "ip-proto-type", "ddet_ind_pkt_rate_current", "ddet_ind_pkt_rate_min", "ddet_ind_pkt_rate_max", "ddet_ind_pkt_drop_rate_current", "ddet_ind_pkt_drop_rate_min", "ddet_ind_pkt_drop_rate_max", "ddet_ind_syn_rate_current", "ddet_ind_syn_rate_min", "ddet_ind_syn_rate_max", "ddet_ind_fin_rate_current", "ddet_ind_fin_rate_min", "ddet_ind_fin_rate_max", "ddet_ind_rst_rate_current", "ddet_ind_rst_rate_min", "ddet_ind_rst_rate_max", "ddet_ind_small_window_ack_rate_current", "ddet_ind_small_window_ack_rate_min", "ddet_ind_small_window_ack_rate_max", "ddet_ind_empty_ack_rate_current", "ddet_ind_empty_ack_rate_min", "ddet_ind_empty_ack_rate_max", "ddet_ind_small_payload_rate_current", "ddet_ind_small_payload_rate_min", "ddet_ind_small_payload_rate_max", "ddet_ind_pkt_drop_ratio_current", "ddet_ind_pkt_drop_ratio_min", "ddet_ind_pkt_drop_ratio_max", "ddet_ind_inb_per_outb_current", "ddet_ind_inb_per_outb_min", "ddet_ind_inb_per_outb_max", "ddet_ind_syn_per_fin_rate_current", "ddet_ind_syn_per_fin_rate_min", "ddet_ind_syn_per_fin_rate_max", "ddet_ind_conn_miss_rate_current", "ddet_ind_conn_miss_rate_min", "ddet_ind_conn_miss_rate_max", "ddet_ind_concurrent_conns_current", "ddet_ind_concurrent_conns_min", "ddet_ind_concurrent_conns_max", "ddet_ind_data_cpu_util_current", "ddet_ind_data_cpu_util_min", "ddet_ind_data_cpu_util_max", "ddet_ind_outside_intf_util_current", "ddet_ind_outside_intf_util_min", "ddet_ind_outside_intf_util_max", "ddet_ind_frag_rate_current", "ddet_ind_frag_rate_min", "ddet_ind_frag_rate_max", "ddet_ind_bit_rate_current", "ddet_ind_bit_rate_min", "ddet_ind_bit_rate_max" ] } } } ] } } }, "topk-sources":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/entry/{dst-entry-name}/l4-type/{protocol}/topk-sources", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "progression-tracking":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/entry/{dst-entry-name}/l4-type/{protocol}/progression-tracking", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } } }, "required":[ "protocol" ] } ] }, "port-list":{ "type":"array", "minItems":1, "items":{ "type":"port" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/entry/{dst-entry-name}/port/{port-num}+{protocol}", "array":[ { "properties":{ "port-num":{ "type":"number", "format":"number", "minimum":0, "maximum":65535, "partition-visibility":"shared", "description":"Port Number", "optional":false }, "protocol":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'dns-tcp': DNS-TCP Port; 'dns-udp': DNS-UDP Port; 'http': HTTP Port; 'tcp': TCP Port; 'udp': UDP Port; 'ssl-l4': SSL-L4 Port; 'sip-udp': SIP-UDP Port; 'sip-tcp': SIP-TCP Port; ", "enum":[ "dns-tcp", "dns-udp", "http", "tcp", "udp", "ssl-l4", "sip-udp", "sip-tcp" ], "optional":false }, "detection-enable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable ddos detection", "optional":true }, "enable-top-k":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable ddos top-k entries", "optional":true }, "topk-num-records":{ "type":"number", "format":"number", "minimum":1, "maximum":100, "default":20, "partition-visibility":"shared", "description":"Maximum number of records to show in topk", "optional":true }, "deny":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Blacklist and Drop all incoming packets for protocol", "optional":true }, "glid":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "glid-exceed-action":{ "type":"object", "properties":{ "stateless-encap-action-cfg":{ "type":"object", "properties":{ "stateless-encap-action":{ "type":"string", "format":"enum", "plat-neg-list":["softax-ddet"], "partition-visibility":"shared", "description":"'stateless-tunnel-encap': Encapsulate all packets; 'stateless-tunnel-encap-scrubbed': Encapsulate all packets and allow packets to go through other DDoS checks before sent (conn-limit exceeded packet can not be scrubbed, it will default to stateless-tunnel-encap); ", "enum":[ "stateless-tunnel-encap", "stateless-tunnel-encap-scrubbed" ] }, "encap-template":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":128, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/template/encap", "description":"Apply legacy encap template for encap action" } } } } }, "dns-cache":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/dns-cache", "description":"DNS Cache Instance", "optional":true }, "template":{ "type":"object", "properties":{ "dns":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS dns template" }, "http":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS http template" }, "ssl-l4":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS SSL-L4 template" }, "sip":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS sip template" }, "tcp":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS tcp template" }, "udp":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS udp template" } } }, "sflow":{ "type":"object", "properties":{ "polling":{ "type":"object", "properties":{ "sflow-packets":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Enable sFlow packet-level counter polling" }, "sflow-tcp":{ "type":"object", "properties":{ "sflow-tcp-basic":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Enable sFlow basic TCP counter polling" }, "sflow-tcp-stateful":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Enable sFlow stateful TCP counter polling" } } }, "sflow-http":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Enable sFlow HTTP counter polling" } } } } }, "capture-config":{ "type":"object", "properties":{ "capture-config-name":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"Capture-config name" }, "capture-config-mode":{ "type":"string", "format":"enum", "plat-neg-list":["softax-ddet"], "partition-visibility":"shared", "description":"'drop': Apply capture-config to dropped packets; 'forward': Apply capture-config to forwarded packets; 'all': Apply capture-config to both dropped and forwarded packets; ", "enum":[ "drop", "forward", "all" ] } } }, "set-counter-base-val":{ "type":"number", "format":"number", "plat-neg-list":["softax-ddet"], "minimum":1, "maximum":4294967295, "partition-visibility":"shared", "description":"Set T2 counter value of current context to specified value", "optional":true }, "ip-filtering-policy":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/ip-filtering-policy", "description":"Configure IP Filter", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "port-ind":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/entry/{dst-entry-name}/port/{port-num}+{protocol}/port-ind", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" }, "sampling-enable":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "counters1":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'all': all; 'ip-proto-type': IP Protocol Type; 'ddet_ind_pkt_rate_current': Pkt Rate Current; 'ddet_ind_pkt_rate_min': Pkt Rate Min; 'ddet_ind_pkt_rate_max': Pkt Rate Max; 'ddet_ind_pkt_drop_rate_current': Pkt Drop Rate Current; 'ddet_ind_pkt_drop_rate_min': Pkt Drop Rate Min; 'ddet_ind_pkt_drop_rate_max': Pkt Drop Rate Max; 'ddet_ind_syn_rate_current': TCP SYN Rate Current; 'ddet_ind_syn_rate_min': TCP SYN Rate Min; 'ddet_ind_syn_rate_max': TCP SYN Rate Max; 'ddet_ind_fin_rate_current': TCP FIN Rate Current; 'ddet_ind_fin_rate_min': TCP FIN Rate Min; 'ddet_ind_fin_rate_max': TCP FIN Rate Max; 'ddet_ind_rst_rate_current': TCP RST Rate Current; 'ddet_ind_rst_rate_min': TCP RST Rate Min; 'ddet_ind_rst_rate_max': TCP RST Rate Max; 'ddet_ind_small_window_ack_rate_current': TCP Small Window ACK Rate Current; 'ddet_ind_small_window_ack_rate_min': TCP Small Window ACK Rate Min; 'ddet_ind_small_window_ack_rate_max': TCP Small Window ACK Rate Max; 'ddet_ind_empty_ack_rate_current': TCP Empty ACK Rate Current; 'ddet_ind_empty_ack_rate_min': TCP Empty ACK Rate Min; 'ddet_ind_empty_ack_rate_max': TCP Empty ACK Rate Max; 'ddet_ind_small_payload_rate_current': TCP Small Payload Rate Current; 'ddet_ind_small_payload_rate_min': TCP Small Payload Rate Min; 'ddet_ind_small_payload_rate_max': TCP Small Payload Rate Max; 'ddet_ind_pkt_drop_ratio_current': Pkt Drop / Pkt Rcvd Current; 'ddet_ind_pkt_drop_ratio_min': Pkt Drop / Pkt Rcvd Min; 'ddet_ind_pkt_drop_ratio_max': Pkt Drop / Pkt Rcvd Max; 'ddet_ind_inb_per_outb_current': Bytes-to / Bytes-from Current; 'ddet_ind_inb_per_outb_min': Bytes-to / Bytes-from Min; 'ddet_ind_inb_per_outb_max': Bytes-to / Bytes-from Max; 'ddet_ind_syn_per_fin_rate_current': TCP SYN Rate / FIN Rate Current; 'ddet_ind_syn_per_fin_rate_min': TCP SYN Rate / FIN Rate Min; 'ddet_ind_syn_per_fin_rate_max': TCP SYN Rate / FIN Rate Max; 'ddet_ind_conn_miss_rate_current': TCP Session Miss Rate Current; 'ddet_ind_conn_miss_rate_min': TCP Session Miss Rate Min; 'ddet_ind_conn_miss_rate_max': TCP Session Miss Rate Max; 'ddet_ind_concurrent_conns_current': TCP/UDP Concurrent Sessions Current; 'ddet_ind_concurrent_conns_min': TCP/UDP Concurrent Sessions Min; 'ddet_ind_concurrent_conns_max': TCP/UDP Concurrent Sessions Max; 'ddet_ind_data_cpu_util_current': Data CPU Utilization Current; 'ddet_ind_data_cpu_util_min': Data CPU Utilization Min; 'ddet_ind_data_cpu_util_max': Data CPU Utilization Max; 'ddet_ind_outside_intf_util_current': Outside Interface Utilization Current; 'ddet_ind_outside_intf_util_min': Outside Interface Utilization Min; 'ddet_ind_outside_intf_util_max': Outside Interface Utilization Max; 'ddet_ind_frag_rate_current': Frag Pkt Rate Current; 'ddet_ind_frag_rate_min': Frag Pkt Rate Min; 'ddet_ind_frag_rate_max': Frag Pkt Rate Max; 'ddet_ind_bit_rate_current': Bit Rate Current; 'ddet_ind_bit_rate_min': Bit Rate Min; 'ddet_ind_bit_rate_max': Bit Rate Max; ", "enum":[ "all", "ip-proto-type", "ddet_ind_pkt_rate_current", "ddet_ind_pkt_rate_min", "ddet_ind_pkt_rate_max", "ddet_ind_pkt_drop_rate_current", "ddet_ind_pkt_drop_rate_min", "ddet_ind_pkt_drop_rate_max", "ddet_ind_syn_rate_current", "ddet_ind_syn_rate_min", "ddet_ind_syn_rate_max", "ddet_ind_fin_rate_current", "ddet_ind_fin_rate_min", "ddet_ind_fin_rate_max", "ddet_ind_rst_rate_current", "ddet_ind_rst_rate_min", "ddet_ind_rst_rate_max", "ddet_ind_small_window_ack_rate_current", "ddet_ind_small_window_ack_rate_min", "ddet_ind_small_window_ack_rate_max", "ddet_ind_empty_ack_rate_current", "ddet_ind_empty_ack_rate_min", "ddet_ind_empty_ack_rate_max", "ddet_ind_small_payload_rate_current", "ddet_ind_small_payload_rate_min", "ddet_ind_small_payload_rate_max", "ddet_ind_pkt_drop_ratio_current", "ddet_ind_pkt_drop_ratio_min", "ddet_ind_pkt_drop_ratio_max", "ddet_ind_inb_per_outb_current", "ddet_ind_inb_per_outb_min", "ddet_ind_inb_per_outb_max", "ddet_ind_syn_per_fin_rate_current", "ddet_ind_syn_per_fin_rate_min", "ddet_ind_syn_per_fin_rate_max", "ddet_ind_conn_miss_rate_current", "ddet_ind_conn_miss_rate_min", "ddet_ind_conn_miss_rate_max", "ddet_ind_concurrent_conns_current", "ddet_ind_concurrent_conns_min", "ddet_ind_concurrent_conns_max", "ddet_ind_data_cpu_util_current", "ddet_ind_data_cpu_util_min", "ddet_ind_data_cpu_util_max", "ddet_ind_outside_intf_util_current", "ddet_ind_outside_intf_util_min", "ddet_ind_outside_intf_util_max", "ddet_ind_frag_rate_current", "ddet_ind_frag_rate_min", "ddet_ind_frag_rate_max", "ddet_ind_bit_rate_current", "ddet_ind_bit_rate_min", "ddet_ind_bit_rate_max" ] } } } ] } } }, "ip-filtering-policy-oper":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/entry/{dst-entry-name}/port/{port-num}+{protocol}/ip-filtering-policy-oper", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "topk-sources":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/entry/{dst-entry-name}/port/{port-num}+{protocol}/topk-sources", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "progression-tracking":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/entry/{dst-entry-name}/port/{port-num}+{protocol}/progression-tracking", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "signature-extraction":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/entry/{dst-entry-name}/port/{port-num}+{protocol}/signature-extraction", "properties":{ "algorithm":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'heuristic': heuristic algorithm; ", "enum":[ "heuristic" ] }, "manual-mode":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable manual mode" }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "pattern-recognition":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/entry/{dst-entry-name}/port/{port-num}+{protocol}/pattern-recognition", "properties":{ "algorithm":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'heuristic': heuristic algorithm; ", "enum":[ "heuristic" ] }, "mode":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'capture-never-expire': War-time capture without rate exceeding and never expires; 'manual': Manual mode; ", "enum":[ "capture-never-expire", "manual" ] }, "sensitivity":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'high': High Sensitivity; 'medium': Medium Sensitivity; 'low': Low Sensitivity; ", "enum":[ "high", "medium", "low" ] }, "filter-threshold":{ "type":"number", "format":"number", "minimum":0, "maximum":100, "partition-visibility":"shared", "description":"Extracted filter threshold" }, "filter-inactive-threshold":{ "type":"number", "format":"number", "minimum":5, "maximum":255, "partition-visibility":"shared", "description":"Extracted filter inactive threshold" }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "pattern-recognition-pu-details":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/entry/{dst-entry-name}/port/{port-num}+{protocol}/pattern-recognition-pu-details", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } } }, "required":[ "port-num", "protocol" ] } ] }, "port-range-list":{ "type":"array", "minItems":1, "items":{ "type":"port-range" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/entry/{dst-entry-name}/port-range/{port-range-start}+{port-range-end}+{protocol}", "array":[ { "properties":{ "port-range-start":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Port-Range Start Port Number", "optional":false }, "port-range-end":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Port-Range End Port Number", "optional":false }, "protocol":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'dns-tcp': DNS-TCP Port; 'dns-udp': DNS-UDP Port; 'http': HTTP Port; 'tcp': TCP Port; 'udp': UDP Port; 'ssl-l4': SSL-L4 Port; 'sip-udp': SIP-UDP Port; 'sip-tcp': SIP-TCP Port; ", "enum":[ "dns-tcp", "dns-udp", "http", "tcp", "udp", "ssl-l4", "sip-udp", "sip-tcp" ], "optional":false }, "deny":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Blacklist and Drop all incoming packets for protocol", "optional":true }, "detection-enable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable ddos detection", "optional":true }, "enable-top-k":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable ddos top-k entries", "optional":true }, "topk-num-records":{ "type":"number", "format":"number", "minimum":1, "maximum":100, "default":20, "partition-visibility":"shared", "description":"Maximum number of records to show in topk", "optional":true }, "glid":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "glid-exceed-action":{ "type":"object", "properties":{ "stateless-encap-action-cfg":{ "type":"object", "properties":{ "stateless-encap-action":{ "type":"string", "format":"enum", "plat-neg-list":["softax-ddet"], "partition-visibility":"shared", "description":"'stateless-tunnel-encap': Encapsulate all packets; 'stateless-tunnel-encap-scrubbed': Encapsulate all packets and allow packets to go through other DDoS checks before sent (conn-limit exceeded packet can not be scrubbed, it will default to stateless-tunnel-encap); ", "enum":[ "stateless-tunnel-encap", "stateless-tunnel-encap-scrubbed" ] }, "encap-template":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":128, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/template/encap", "description":"Apply legacy encap template for encap action" } } } } }, "template":{ "type":"object", "properties":{ "dns":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS dns template" }, "http":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS http template" }, "ssl-l4":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS SSL-L4 template" }, "sip":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS sip template" }, "tcp":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS tcp template" }, "udp":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS udp template" } } }, "sflow":{ "type":"object", "properties":{ "polling":{ "type":"object", "properties":{ "sflow-packets":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Enable sFlow packet-level counter polling" }, "sflow-tcp":{ "type":"object", "properties":{ "sflow-tcp-basic":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Enable sFlow basic TCP counter polling" }, "sflow-tcp-stateful":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Enable sFlow stateful TCP counter polling" } } }, "sflow-http":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Enable sFlow HTTP counter polling" } } } } }, "capture-config":{ "type":"object", "properties":{ "capture-config-name":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"Capture-config name" }, "capture-config-mode":{ "type":"string", "format":"enum", "plat-neg-list":["softax-ddet"], "partition-visibility":"shared", "description":"'drop': Apply capture-config to dropped packets; 'forward': Apply capture-config to forwarded packets; 'all': Apply capture-config to both dropped and forwarded packets; ", "enum":[ "drop", "forward", "all" ] } } }, "set-counter-base-val":{ "type":"number", "format":"number", "plat-neg-list":["softax-ddet"], "minimum":1, "maximum":4294967295, "partition-visibility":"shared", "description":"Set T2 counter value of current context to specified value", "optional":true }, "ip-filtering-policy":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/ip-filtering-policy", "description":"Configure IP Filter", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "ip-filtering-policy-oper":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/entry/{dst-entry-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/ip-filtering-policy-oper", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "port-ind":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/entry/{dst-entry-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/port-ind", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" }, "sampling-enable":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "counters1":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'all': all; 'ip-proto-type': IP Protocol Type; 'ddet_ind_pkt_rate_current': Pkt Rate Current; 'ddet_ind_pkt_rate_min': Pkt Rate Min; 'ddet_ind_pkt_rate_max': Pkt Rate Max; 'ddet_ind_pkt_drop_rate_current': Pkt Drop Rate Current; 'ddet_ind_pkt_drop_rate_min': Pkt Drop Rate Min; 'ddet_ind_pkt_drop_rate_max': Pkt Drop Rate Max; 'ddet_ind_syn_rate_current': TCP SYN Rate Current; 'ddet_ind_syn_rate_min': TCP SYN Rate Min; 'ddet_ind_syn_rate_max': TCP SYN Rate Max; 'ddet_ind_fin_rate_current': TCP FIN Rate Current; 'ddet_ind_fin_rate_min': TCP FIN Rate Min; 'ddet_ind_fin_rate_max': TCP FIN Rate Max; 'ddet_ind_rst_rate_current': TCP RST Rate Current; 'ddet_ind_rst_rate_min': TCP RST Rate Min; 'ddet_ind_rst_rate_max': TCP RST Rate Max; 'ddet_ind_small_window_ack_rate_current': TCP Small Window ACK Rate Current; 'ddet_ind_small_window_ack_rate_min': TCP Small Window ACK Rate Min; 'ddet_ind_small_window_ack_rate_max': TCP Small Window ACK Rate Max; 'ddet_ind_empty_ack_rate_current': TCP Empty ACK Rate Current; 'ddet_ind_empty_ack_rate_min': TCP Empty ACK Rate Min; 'ddet_ind_empty_ack_rate_max': TCP Empty ACK Rate Max; 'ddet_ind_small_payload_rate_current': TCP Small Payload Rate Current; 'ddet_ind_small_payload_rate_min': TCP Small Payload Rate Min; 'ddet_ind_small_payload_rate_max': TCP Small Payload Rate Max; 'ddet_ind_pkt_drop_ratio_current': Pkt Drop / Pkt Rcvd Current; 'ddet_ind_pkt_drop_ratio_min': Pkt Drop / Pkt Rcvd Min; 'ddet_ind_pkt_drop_ratio_max': Pkt Drop / Pkt Rcvd Max; 'ddet_ind_inb_per_outb_current': Bytes-to / Bytes-from Current; 'ddet_ind_inb_per_outb_min': Bytes-to / Bytes-from Min; 'ddet_ind_inb_per_outb_max': Bytes-to / Bytes-from Max; 'ddet_ind_syn_per_fin_rate_current': TCP SYN Rate / FIN Rate Current; 'ddet_ind_syn_per_fin_rate_min': TCP SYN Rate / FIN Rate Min; 'ddet_ind_syn_per_fin_rate_max': TCP SYN Rate / FIN Rate Max; 'ddet_ind_conn_miss_rate_current': TCP Session Miss Rate Current; 'ddet_ind_conn_miss_rate_min': TCP Session Miss Rate Min; 'ddet_ind_conn_miss_rate_max': TCP Session Miss Rate Max; 'ddet_ind_concurrent_conns_current': TCP/UDP Concurrent Sessions Current; 'ddet_ind_concurrent_conns_min': TCP/UDP Concurrent Sessions Min; 'ddet_ind_concurrent_conns_max': TCP/UDP Concurrent Sessions Max; 'ddet_ind_data_cpu_util_current': Data CPU Utilization Current; 'ddet_ind_data_cpu_util_min': Data CPU Utilization Min; 'ddet_ind_data_cpu_util_max': Data CPU Utilization Max; 'ddet_ind_outside_intf_util_current': Outside Interface Utilization Current; 'ddet_ind_outside_intf_util_min': Outside Interface Utilization Min; 'ddet_ind_outside_intf_util_max': Outside Interface Utilization Max; 'ddet_ind_frag_rate_current': Frag Pkt Rate Current; 'ddet_ind_frag_rate_min': Frag Pkt Rate Min; 'ddet_ind_frag_rate_max': Frag Pkt Rate Max; 'ddet_ind_bit_rate_current': Bit Rate Current; 'ddet_ind_bit_rate_min': Bit Rate Min; 'ddet_ind_bit_rate_max': Bit Rate Max; ", "enum":[ "all", "ip-proto-type", "ddet_ind_pkt_rate_current", "ddet_ind_pkt_rate_min", "ddet_ind_pkt_rate_max", "ddet_ind_pkt_drop_rate_current", "ddet_ind_pkt_drop_rate_min", "ddet_ind_pkt_drop_rate_max", "ddet_ind_syn_rate_current", "ddet_ind_syn_rate_min", "ddet_ind_syn_rate_max", "ddet_ind_fin_rate_current", "ddet_ind_fin_rate_min", "ddet_ind_fin_rate_max", "ddet_ind_rst_rate_current", "ddet_ind_rst_rate_min", "ddet_ind_rst_rate_max", "ddet_ind_small_window_ack_rate_current", "ddet_ind_small_window_ack_rate_min", "ddet_ind_small_window_ack_rate_max", "ddet_ind_empty_ack_rate_current", "ddet_ind_empty_ack_rate_min", "ddet_ind_empty_ack_rate_max", "ddet_ind_small_payload_rate_current", "ddet_ind_small_payload_rate_min", "ddet_ind_small_payload_rate_max", "ddet_ind_pkt_drop_ratio_current", "ddet_ind_pkt_drop_ratio_min", "ddet_ind_pkt_drop_ratio_max", "ddet_ind_inb_per_outb_current", "ddet_ind_inb_per_outb_min", "ddet_ind_inb_per_outb_max", "ddet_ind_syn_per_fin_rate_current", "ddet_ind_syn_per_fin_rate_min", "ddet_ind_syn_per_fin_rate_max", "ddet_ind_conn_miss_rate_current", "ddet_ind_conn_miss_rate_min", "ddet_ind_conn_miss_rate_max", "ddet_ind_concurrent_conns_current", "ddet_ind_concurrent_conns_min", "ddet_ind_concurrent_conns_max", "ddet_ind_data_cpu_util_current", "ddet_ind_data_cpu_util_min", "ddet_ind_data_cpu_util_max", "ddet_ind_outside_intf_util_current", "ddet_ind_outside_intf_util_min", "ddet_ind_outside_intf_util_max", "ddet_ind_frag_rate_current", "ddet_ind_frag_rate_min", "ddet_ind_frag_rate_max", "ddet_ind_bit_rate_current", "ddet_ind_bit_rate_min", "ddet_ind_bit_rate_max" ] } } } ] } } }, "topk-sources":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/entry/{dst-entry-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/topk-sources", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "progression-tracking":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/entry/{dst-entry-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/progression-tracking", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "pattern-recognition":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/entry/{dst-entry-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/pattern-recognition", "properties":{ "algorithm":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'heuristic': heuristic algorithm; ", "enum":[ "heuristic" ] }, "mode":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'capture-never-expire': War-time capture without rate exceeding and never expires; 'manual': Manual mode; ", "enum":[ "capture-never-expire", "manual" ] }, "sensitivity":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'high': High Sensitivity; 'medium': Medium Sensitivity; 'low': Low Sensitivity; ", "enum":[ "high", "medium", "low" ] }, "filter-threshold":{ "type":"number", "format":"number", "minimum":0, "maximum":100, "partition-visibility":"shared", "description":"Extracted filter threshold" }, "filter-inactive-threshold":{ "type":"number", "format":"number", "minimum":5, "maximum":255, "partition-visibility":"shared", "description":"Extracted filter inactive threshold" }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "pattern-recognition-pu-details":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/entry/{dst-entry-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/pattern-recognition-pu-details", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } } }, "required":[ "port-range-start", "port-range-end", "protocol" ] } ] }, "src-port-list":{ "type":"array", "minItems":1, "items":{ "type":"src-port" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-port/{port-num}+{protocol}", "array":[ { "properties":{ "port-num":{ "type":"number", "format":"number", "minimum":0, "maximum":65535, "partition-visibility":"shared", "description":"Port Number", "optional":false }, "protocol":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'dns-udp': DNS-UDP Port; 'dns-tcp': DNS-TCP Port; 'udp': UDP Port; 'tcp': TCP Port; ", "enum":[ "dns-udp", "dns-tcp", "udp", "tcp" ], "optional":false }, "deny":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Blacklist and Drop all incoming packets for protocol", "optional":true }, "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "outbound-src-tracking":{ "type":"string", "format":"enum", "default":"disable", "partition-visibility":"shared", "description":"'enable': enable; 'disable': disable; ", "enum":[ "enable", "disable" ], "optional":true }, "template":{ "type":"object", "properties":{ "src-udp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS udp src template" }, "src-tcp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS tcp src template" }, "src-dns":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS dns src template" } } }, "set-counter-base-val":{ "type":"number", "format":"number", "minimum":1, "maximum":4294967295, "partition-visibility":"shared", "description":"Set T2 counter value of current context to specified value", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "port-num", "protocol" ] } ] }, "src-port-range-list":{ "type":"array", "minItems":1, "items":{ "type":"src-port-range" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-port-range/{src-port-range-start}+{src-port-range-end}+{protocol}", "array":[ { "properties":{ "src-port-range-start":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Src Port-Range Start Port Number", "optional":false }, "src-port-range-end":{ "type":"number", "format":"number", "minimum":2, "maximum":65535, "partition-visibility":"shared", "description":"Src Port-Range End Port Number", "optional":false }, "protocol":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'udp': UDP Port; 'tcp': TCP Port; ", "enum":[ "udp", "tcp" ], "optional":false }, "deny":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Blacklist and Drop all incoming packets for protocol", "optional":true }, "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "template":{ "type":"object", "properties":{ "src-udp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS udp src template" }, "src-tcp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS tcp src template" } } }, "set-counter-base-val":{ "type":"number", "format":"number", "minimum":1, "maximum":4294967295, "partition-visibility":"shared", "description":"Set T2 counter value of current context to specified value", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "src-port-range-start", "src-port-range-end", "protocol" ] } ] }, "ip-proto-list":{ "type":"array", "minItems":1, "items":{ "type":"ip-proto" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/entry/{dst-entry-name}/ip-proto/{port-num}", "array":[ { "properties":{ "port-num":{ "type":"number", "format":"number", "minimum":0, "maximum":255, "partition-visibility":"shared", "description":"Protocol Number", "optional":false }, "deny":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Blacklist and Drop all incoming packets for protocol", "optional":true }, "esp-inspect":{ "type":"object", "properties":{ "auth-algorithm":{ "type":"string", "format":"enum", "plat-neg-list":["softax-ddet"], "partition-visibility":"shared", "description":"'AUTH_NULL': No Integrity Check Value; 'HMAC-SHA-1-96': 96 bit Auth Algo; 'HMAC-SHA-256-96': 96 bit Auth Algo; 'HMAC-SHA-256-128': 128 bit Auth Algo; 'HMAC-SHA-384-192': 192 bit Auth Algo; 'HMAC-SHA-512-256': 256 bit Auth Algo; 'HMAC-MD5-96': 96 bit Auth Algo; 'MAC-RIPEMD-160-96': 96 bit Auth Algo; ", "enum":[ "AUTH_NULL", "HMAC-SHA-1-96", "HMAC-SHA-256-96", "HMAC-SHA-256-128", "HMAC-SHA-384-192", "HMAC-SHA-512-256", "HMAC-MD5-96", "MAC-RIPEMD-160-96" ] }, "encrypt-algorithm":{ "type":"string", "format":"enum", "plat-neg-list":["softax-ddet"], "partition-visibility":"shared", "description":"'NULL': Null Encryption Algorithm; ", "enum":[ "NULL" ] }, "mode":{ "type":"string", "format":"enum", "plat-neg-list":["softax-ddet"], "partition-visibility":"shared", "description":"'transport': Transport mode; ", "enum":[ "transport" ] } } }, "glid":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "glid-exceed-action":{ "type":"object", "properties":{ "stateless-encap-action-cfg":{ "type":"object", "properties":{ "stateless-encap-action":{ "type":"string", "format":"enum", "plat-neg-list":["softax-ddet"], "partition-visibility":"shared", "description":"'stateless-tunnel-encap': Encapsulate all packets; 'stateless-tunnel-encap-scrubbed': Encapsulate all packets and allow packets to go through other DDoS checks before sent (conn-limit exceeded packet can not be scrubbed, it will default to stateless-tunnel-encap); ", "enum":[ "stateless-tunnel-encap", "stateless-tunnel-encap-scrubbed" ] }, "encap-template":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":128, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/template/encap", "description":"Apply legacy encap template for encap action" } } } } }, "template":{ "type":"object", "properties":{ "other":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS other template" } } }, "set-counter-base-val":{ "type":"number", "format":"number", "plat-neg-list":["softax-ddet"], "minimum":1, "maximum":4294967295, "partition-visibility":"shared", "description":"Set T2 counter value of current context to specified value", "optional":true }, "ip-filtering-policy":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/ip-filtering-policy", "description":"Configure IP Filter", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "ip-filtering-policy-oper":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/entry/{dst-entry-name}/ip-proto/{port-num}/ip-filtering-policy-oper", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } } }, "required":[ "port-num" ] } ] }, "src-dst-pair":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair", "properties":{ "default":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Configure default" }, "bypass":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Always permit for the Source to bypass all feature & limit checks" }, "exceed-log-cfg":{ "type":"object", "properties":{ "log-enable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable logging of limit exceed drop's" } } }, "log-periodic":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable periodic log while event is continuing" }, "template":{ "type":"object", "properties":{ "logging":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS logging template" } } }, "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID" }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" }, "l4-type-src-dst-list":{ "type":"array", "minItems":1, "items":{ "type":"l4-type-src-dst" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair/l4-type-src-dst/{protocol}", "array":[ { "properties":{ "protocol":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'tcp': tcp; 'udp': udp; 'icmp': icmp; 'other': other; ", "enum":[ "tcp", "udp", "icmp", "other" ], "optional":false }, "deny":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Blacklist and Drop all incoming packets for protocol", "optional":true }, "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "template":{ "type":"object", "properties":{ "tcp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS TCP template" }, "udp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS UDP template" }, "other":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS OTHER template" }, "template-icmp-v4":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS icmp-v4 template" }, "template-icmp-v6":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS icmp-v6 template" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "protocol" ] } ] }, "app-type-src-dst-list":{ "type":"array", "minItems":1, "items":{ "type":"app-type-src-dst" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair/app-type-src-dst/{protocol}", "array":[ { "properties":{ "protocol":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'dns': dns; 'http': http; 'ssl-l4': ssl-l4; 'sip': sip; ", "enum":[ "dns", "http", "ssl-l4", "sip" ], "optional":false }, "template":{ "type":"object", "properties":{ "ssl-l4":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS SSL-L4 template" }, "dns":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS dns template" }, "http":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS http template" }, "sip":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS sip template" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "protocol" ] } ] } } }, "src-dst-pair-policy-list":{ "type":"array", "minItems":1, "items":{ "type":"src-dst-pair-policy" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair-policy/{src-based-policy-name}", "array":[ { "properties":{ "src-based-policy-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Src-based-policy name", "optional":false }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "policy-class-list-list":{ "type":"array", "minItems":1, "items":{ "type":"policy-class-list" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair-policy/{src-based-policy-name}/policy-class-list/{class-list-name}", "array":[ { "properties":{ "class-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Class-list name", "optional":false }, "bypass":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Always permit for the Source to bypass all feature & limit checks", "optional":true }, "exceed-log-cfg":{ "type":"object", "properties":{ "log-enable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable logging of limit exceed drop's" } } }, "log-periodic":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable periodic log while event is continuing", "optional":true }, "template":{ "type":"object", "properties":{ "logging":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS logging template" } } }, "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "max-dynamic-entry-count":{ "type":"number", "format":"number", "minimum":0, "maximum":2147483647, "partition-visibility":"shared", "description":"Maximum count for dynamic src-dst entry under class-list", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "sampling-enable":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "counters1":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'all': all; 'packet_received': Packets Received; 'packet_dropped': Packets Dropped; 'entry_learned': Entry Learned; 'entry_count_overflow': Entry Count Overflow; ", "enum":[ "all", "packet_received", "packet_dropped", "entry_learned", "entry_count_overflow" ] } } } ] }, "l4-type-src-dst-list":{ "type":"array", "minItems":1, "items":{ "type":"l4-type-src-dst" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair-policy/{src-based-policy-name}/policy-class-list/{class-list-name}/l4-type-src-dst/{protocol}", "array":[ { "properties":{ "protocol":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'tcp': tcp; 'udp': udp; 'icmp': icmp; 'other': other; ", "enum":[ "tcp", "udp", "icmp", "other" ], "optional":false }, "deny":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Blacklist and Drop all incoming packets for protocol", "optional":true }, "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "template":{ "type":"object", "properties":{ "tcp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS TCP template" }, "udp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS UDP template" }, "other":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS OTHER template" }, "template-icmp-v4":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS icmp-v4 template" }, "template-icmp-v6":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS icmp-v6 template" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "protocol" ] } ] }, "app-type-src-dst-list":{ "type":"array", "minItems":1, "items":{ "type":"app-type-src-dst" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair-policy/{src-based-policy-name}/policy-class-list/{class-list-name}/app-type-src-dst/{protocol}", "array":[ { "properties":{ "protocol":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'dns': dns; 'http': http; 'ssl-l4': ssl-l4; 'sip': sip; ", "enum":[ "dns", "http", "ssl-l4", "sip" ], "optional":false }, "template":{ "type":"object", "properties":{ "ssl-l4":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS SSL-L4 template" }, "dns":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS dns template" }, "http":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS http template" }, "sip":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS sip template" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "protocol" ] } ] }, "class-list-overflow-policy-list":{ "type":"array", "minItems":1, "items":{ "type":"class-list-overflow-policy" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair-policy/{src-based-policy-name}/policy-class-list/{class-list-name}/class-list-overflow-policy/{dummy-name}", "array":[ { "properties":{ "dummy-name":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'configuration': Configure src dst dynamic entry count overflow policy for class-list; ", "enum":[ "configuration" ], "optional":false }, "bypass":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Always permit for the Source to bypass all feature & limit checks", "optional":true }, "exceed-log-cfg":{ "type":"object", "properties":{ "log-enable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable logging of limit exceed drop's" } } }, "log-periodic":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable periodic log while event is continuing", "optional":true }, "template":{ "type":"object", "properties":{ "logging":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS logging template" } } }, "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "l4-type-src-dst-overflow-list":{ "type":"array", "minItems":1, "items":{ "type":"l4-type-src-dst-overflow" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair-policy/{src-based-policy-name}/policy-class-list/{class-list-name}/class-list-overflow-policy/{dummy-name}/l4-type-src-dst-overflow/{protocol}", "array":[ { "properties":{ "protocol":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'tcp': tcp; 'udp': udp; 'icmp': icmp; 'other': other; ", "enum":[ "tcp", "udp", "icmp", "other" ], "optional":false }, "deny":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Blacklist and Drop all incoming packets for protocol", "optional":true }, "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "template":{ "type":"object", "properties":{ "tcp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS TCP template" }, "udp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS UDP template" }, "other":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS OTHER template" }, "template-icmp-v4":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS icmp-v4 template" }, "template-icmp-v6":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS icmp-v6 template" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "protocol" ] } ] }, "app-type-src-dst-overflow-list":{ "type":"array", "minItems":1, "items":{ "type":"app-type-src-dst-overflow" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair-policy/{src-based-policy-name}/policy-class-list/{class-list-name}/class-list-overflow-policy/{dummy-name}/app-type-src-dst-overflow/{protocol}", "array":[ { "properties":{ "protocol":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'dns': dns; 'http': http; 'ssl-l4': ssl-l4; 'sip': sip; ", "enum":[ "dns", "http", "ssl-l4", "sip" ], "optional":false }, "template":{ "type":"object", "properties":{ "ssl-l4":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS SSL-L4 template" }, "dns":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS dns template" }, "http":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS http template" }, "sip":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS sip template" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "protocol" ] } ] } }, "required":[ "dummy-name" ] } ] } }, "required":[ "class-list-name" ] } ] } }, "required":[ "src-based-policy-name" ] } ] }, "src-dst-pair-settings-list":{ "type":"array", "minItems":1, "items":{ "type":"src-dst-pair-settings" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair-settings/{all-types}", "array":[ { "properties":{ "all-types":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'all-types': Settings for all types (default or class-list); ", "enum":[ "all-types" ], "optional":false }, "age":{ "type":"number", "format":"number", "minimum":2, "maximum":1023, "default":5, "partition-visibility":"shared", "description":"Idle age for ip entry", "optional":true }, "max-dynamic-entry-count":{ "type":"number", "format":"number", "minimum":0, "maximum":2147483647, "partition-visibility":"shared", "description":"Maximum count for dynamic src-dst entry", "optional":true }, "apply-policy-on-overflow":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable this flag to apply overflow policy when dynamic entry count overflows", "optional":true }, "unlimited-dynamic-entry-count":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"No limit for maximum dynamic src entry count", "optional":true }, "enable-class-list-overflow":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Apply class-list overflow policy upon exceeding dynamic entry count specified for DST entry or each class-list", "optional":true }, "src-prefix-len":{ "type":"number", "format":"number", "minimum":32, "maximum":127, "partition-visibility":"shared", "description":"Specify src prefix length for IPv6 (default: not set)", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "l4-type-src-dst-list":{ "type":"array", "minItems":1, "items":{ "type":"l4-type-src-dst" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair-settings/{all-types}/l4-type-src-dst/{protocol}", "array":[ { "properties":{ "protocol":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'tcp': tcp; 'udp': udp; 'icmp': icmp; 'other': other; ", "enum":[ "tcp", "udp", "icmp", "other" ], "optional":false }, "max-dynamic-entry-count":{ "type":"number", "format":"number", "minimum":0, "maximum":2147483647, "partition-visibility":"shared", "description":"Maximum count for dynamic src-dst entry", "optional":true }, "apply-policy-on-overflow":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable this flag to apply overflow policy when dynamic entry count overflows", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "protocol" ] } ] } }, "required":[ "all-types" ] } ] }, "src-dst-pair-class-list-list":{ "type":"array", "minItems":1, "items":{ "type":"src-dst-pair-class-list" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair-class-list/{class-list-name}", "array":[ { "properties":{ "class-list-name":{ "type":"string", "format":"string", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Class-list name", "optional":false }, "exceed-log-cfg":{ "type":"object", "properties":{ "log-enable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable logging of limit exceed drop's" } } }, "log-periodic":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable periodic log while event is continuing", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "l4-type-src-dst-list":{ "type":"array", "minItems":1, "items":{ "type":"l4-type-src-dst" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair-class-list/{class-list-name}/l4-type-src-dst/{protocol}", "array":[ { "properties":{ "protocol":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'tcp': tcp; 'udp': udp; 'icmp': icmp; 'other': other; ", "enum":[ "tcp", "udp", "icmp", "other" ], "optional":false }, "deny":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Blacklist and Drop all incoming packets for protocol", "optional":true }, "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "template":{ "type":"object", "properties":{ "tcp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS TCP template" }, "udp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS UDP template" }, "other":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS OTHER template" }, "template-icmp-v4":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS icmp-v4 template" }, "template-icmp-v6":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS icmp-v6 template" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "protocol" ] } ] }, "app-type-src-dst-list":{ "type":"array", "minItems":1, "items":{ "type":"app-type-src-dst" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair-class-list/{class-list-name}/app-type-src-dst/{protocol}", "array":[ { "properties":{ "protocol":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'dns': dns; 'http': http; 'ssl-l4': ssl-l4; 'sip': sip; ", "enum":[ "dns", "http", "ssl-l4", "sip" ], "optional":false }, "template":{ "type":"object", "properties":{ "ssl-l4":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS SSL-L4 template" }, "dns":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS dns template" }, "http":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS http template" }, "sip":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS sip template" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "protocol" ] } ] }, "cid-list":{ "type":"array", "minItems":1, "items":{ "type":"cid" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair-class-list/{class-list-name}/cid/{cid-num}", "array":[ { "properties":{ "cid-num":{ "type":"number", "format":"number", "minimum":1, "maximum":32, "partition-visibility":"shared", "description":"Class-list id", "optional":false }, "exceed-log-cfg":{ "type":"object", "properties":{ "log-enable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable logging of limit exceed drop's" } } }, "log-periodic":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable periodic log while event is continuing", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "l4-type-src-dst-cid-list":{ "type":"array", "minItems":1, "items":{ "type":"l4-type-src-dst-cid" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair-class-list/{class-list-name}/cid/{cid-num}/l4-type-src-dst-cid/{protocol}", "array":[ { "properties":{ "protocol":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'tcp': tcp; 'udp': udp; 'icmp': icmp; 'other': other; ", "enum":[ "tcp", "udp", "icmp", "other" ], "optional":false }, "deny":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Blacklist and Drop all incoming packets for protocol", "optional":true }, "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "template":{ "type":"object", "properties":{ "tcp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS TCP template" }, "udp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS UDP template" }, "other":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS OTHER template" }, "template-icmp-v4":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS icmp-v4 template" }, "template-icmp-v6":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS icmp-v6 template" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "protocol" ] } ] }, "app-type-src-dst-cid-list":{ "type":"array", "minItems":1, "items":{ "type":"app-type-src-dst-cid" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair-class-list/{class-list-name}/cid/{cid-num}/app-type-src-dst-cid/{protocol}", "array":[ { "properties":{ "protocol":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'dns': dns; 'http': http; 'ssl-l4': ssl-l4; 'sip': sip; ", "enum":[ "dns", "http", "ssl-l4", "sip" ], "optional":false }, "template":{ "type":"object", "properties":{ "ssl-l4":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS SSL-L4 template" }, "dns":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS dns template" }, "http":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS http template" }, "sip":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS sip template" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "protocol" ] } ] } }, "required":[ "cid-num" ] } ] } }, "required":[ "class-list-name" ] } ] }, "dynamic-entry-overflow-policy-list":{ "type":"array", "minItems":1, "items":{ "type":"dynamic-entry-overflow-policy" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/entry/{dst-entry-name}/dynamic-entry-overflow-policy/{dummy-name}", "array":[ { "properties":{ "dummy-name":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'configuration': Configure src dst dynamic entry count overflow policy; ", "enum":[ "configuration" ], "optional":false }, "bypass":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Always permit for the Source to bypass all feature & limit checks", "optional":true }, "exceed-log-cfg":{ "type":"object", "properties":{ "log-enable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable logging of limit exceed drop's" } } }, "log-periodic":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable periodic log while event is continuing", "optional":true }, "template":{ "type":"object", "properties":{ "logging":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS logging template" } } }, "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "l4-type-src-dst-list":{ "type":"array", "minItems":1, "items":{ "type":"l4-type-src-dst" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/entry/{dst-entry-name}/dynamic-entry-overflow-policy/{dummy-name}/l4-type-src-dst/{protocol}", "array":[ { "properties":{ "protocol":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'tcp': tcp; 'udp': udp; 'icmp': icmp; 'other': other; ", "enum":[ "tcp", "udp", "icmp", "other" ], "optional":false }, "deny":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Blacklist and Drop all incoming packets for protocol", "optional":true }, "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "template":{ "type":"object", "properties":{ "tcp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS TCP template" }, "udp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS UDP template" }, "other":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS OTHER template" }, "template-icmp-v4":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS icmp-v4 template" }, "template-icmp-v6":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS icmp-v6 template" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "protocol" ] } ] }, "app-type-src-dst-list":{ "type":"array", "minItems":1, "items":{ "type":"app-type-src-dst" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/entry/{dst-entry-name}/dynamic-entry-overflow-policy/{dummy-name}/app-type-src-dst/{protocol}", "array":[ { "properties":{ "protocol":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'dns': dns; 'http': http; 'ssl-l4': ssl-l4; 'sip': sip; ", "enum":[ "dns", "http", "ssl-l4", "sip" ], "optional":false }, "template":{ "type":"object", "properties":{ "ssl-l4":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS SSL-L4 template" }, "dns":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS dns template" }, "http":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS http template" }, "sip":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS sip template" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "protocol" ] } ] } }, "required":[ "dummy-name" ] } ] } }, "required":[ "dst-entry-name" ] } ] }, "interface-ip-list":{ "type":"array", "minItems":1, "items":{ "type":"interface-ip" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/interface-ip/{addr}", "array":[ { "properties":{ "addr":{ "type":"string", "format":"ipv4-address", "partition-visibility":"shared", "description":"IP address of interface", "optional":false }, "log-enable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable logging of limit exceed drops", "optional":true }, "log-periodic":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable periodic log while event is continuing", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "l4-type-list":{ "type":"array", "minItems":1, "items":{ "type":"l4-type" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/interface-ip/{addr}/l4-type/{protocol}", "array":[ { "properties":{ "protocol":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'tcp': tcp; 'udp': udp; 'icmp': icmp; 'other': other; ", "enum":[ "tcp", "udp", "icmp", "other" ], "optional":false }, "deny":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Blacklist and Drop all incoming packets for protocol", "optional":true }, "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "tunnel-decap":{ "type":"object", "properties":{ "ip-decap":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable IP Tunnel decapsulation" }, "gre-decap":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable GRE Tunnel decapsulation" }, "key-cfg":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "key":{ "type":"string", "format":"string", "minLength":1, "maxLength":10, "partition-visibility":"shared", "description":"Only decapsulate GRE packet with this key (Hexadecimal 0x0-0xFFFFFFFF,decimal 0-4294967295)" } } } ] } } }, "tunnel-rate-limit":{ "type":"object", "properties":{ "ip-rate-limit":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable inner IP rate limiting on IPinIP traffic" }, "gre-rate-limit":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable inner IP rate limiting on GRE traffic" } } }, "drop-frag-pkt":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Drop fragmented packets", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "protocol" ] } ] }, "ip-proto-list":{ "type":"array", "minItems":1, "items":{ "type":"ip-proto" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/interface-ip/{addr}/ip-proto/{port-num}", "array":[ { "properties":{ "port-num":{ "type":"number", "format":"number", "minimum":0, "maximum":255, "partition-visibility":"shared", "description":"IP protocol number", "optional":false }, "deny":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Blacklist and Drop all incoming packets for protocol", "optional":true }, "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "port-num" ] } ] }, "port-list":{ "type":"array", "minItems":1, "items":{ "type":"port" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/interface-ip/{addr}/port/{port-num}+{protocol}", "array":[ { "properties":{ "port-num":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Port Number", "optional":false }, "protocol":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'tcp': tcp; 'udp': udp; 'http-probe': http port for interface health check; ", "enum":[ "tcp", "udp", "http-probe" ], "optional":false }, "deny":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Blacklist and Drop all incoming packets for protocol", "optional":true }, "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "port-num", "protocol" ] } ] } }, "required":[ "addr" ] } ] }, "interface-ipv6-list":{ "type":"array", "minItems":1, "items":{ "type":"interface-ipv6" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/interface-ipv6/{addr}", "array":[ { "properties":{ "addr":{ "type":"string", "format":"ipv6-address", "partition-visibility":"shared", "description":"IPv6 address of interface", "optional":false }, "log-enable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable logging of limit exceed drops", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "l4-type-list":{ "type":"array", "minItems":1, "items":{ "type":"l4-type" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/interface-ipv6/{addr}/l4-type/{protocol}", "array":[ { "properties":{ "protocol":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'tcp': tcp; 'udp': udp; 'icmp': icmp; 'other': other; ", "enum":[ "tcp", "udp", "icmp", "other" ], "optional":false }, "deny":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Blacklist and Drop all incoming packets for protocol", "optional":true }, "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "tunnel-decap":{ "type":"object", "properties":{ "ip-decap":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable IP Tunnel decapsulation" }, "gre-decap":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable GRE Tunnel decapsulation" }, "key-cfg":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "key":{ "type":"string", "format":"string", "minLength":1, "maxLength":10, "partition-visibility":"shared", "description":"Only decapsulate GRE packet with this key (Hexadecimal 0x0-0xFFFFFFFF,decimal 0-4294967295)" } } } ] } } }, "tunnel-rate-limit":{ "type":"object", "properties":{ "ip-rate-limit":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable inner IP rate limiting on IPinIP traffic" }, "gre-rate-limit":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable inner IP rate limiting on GRE traffic" } } }, "drop-frag-pkt":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Drop fragmented packets", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "protocol" ] } ] }, "ip-proto-list":{ "type":"array", "minItems":1, "items":{ "type":"ip-proto" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/interface-ipv6/{addr}/ip-proto/{port-num}", "array":[ { "properties":{ "port-num":{ "type":"number", "format":"number", "minimum":0, "maximum":255, "partition-visibility":"shared", "description":"IP protocol number", "optional":false }, "deny":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Blacklist and Drop all incoming packets for protocol", "optional":true }, "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "port-num" ] } ] }, "port-list":{ "type":"array", "minItems":1, "items":{ "type":"port" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/interface-ipv6/{addr}/port/{port-num}+{protocol}", "array":[ { "properties":{ "port-num":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Port Number", "optional":false }, "protocol":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'tcp': tcp; 'udp': udp; 'http-probe': http port for interface health check; ", "enum":[ "tcp", "udp", "http-probe" ], "optional":false }, "deny":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Blacklist and Drop all incoming packets for protocol", "optional":true }, "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "port-num", "protocol" ] } ] } }, "required":[ "addr" ] } ] }, "zone-list":{ "type":"array", "minItems":1, "items":{ "type":"zone" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}", "array":[ { "properties":{ "zone-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "optional":false }, "operational-mode":{ "type":"string", "format":"enum", "default":"idle", "partition-visibility":"shared", "description":"'idle': Idle mode; 'monitor': Monitor mode; 'learning': Learning mode; ", "enum":[ "idle", "monitor", "learning" ], "optional":true }, "force-operational-mode":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Force configure operational mode", "optional":true }, "continuous-learning":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Continuous learning of detection", "optional":true }, "traffic-distribution-mode":{ "type":"string", "format":"enum", "plat-pos-list":["chassis-duo"], "plat-neg-list":["softax-ddet"], "default":"default", "partition-visibility":"shared", "description":"'default': Distribute traffic to one slot using default distribution mechanism; 'source-ip-based': Distribute traffic between slots, based on source ip; ", "enum":[ "default", "source-ip-based" ], "optional":true }, "ip":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "ip-addr":{ "type":"string", "format":"ipv4-address", "partition-visibility":"shared", "description":"Specify IP address" }, "subnet-ip-addr":{ "type":"string", "format":"ipv4-cidr", "partition-visibility":"shared", "description":"IP Subnet" }, "expand-ip-subnet":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Expand this subnet to individual IP address" }, "expand-ip-subnet-mode":{ "type":"string", "format":"enum", "plat-neg-list":["softax-ddet"], "default":"default", "partition-visibility":"shared", "description":"'default': Default learning mechanism (Default: Dynamic); 'dynamic': Dynamic learning; 'static': Static learning; ", "enum":[ "default", "dynamic", "static" ] } } } ] }, "ipv6":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "ip6-addr":{ "type":"string", "format":"ipv6-address", "partition-visibility":"shared", "description":"Specify IPv6 address" }, "subnet-ipv6-addr":{ "type":"string", "format":"ipv6-address-plen", "partition-visibility":"shared", "description":"IPV6 Subnet" }, "expand-ipv6-subnet":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Expand this subnet to individual IPv6 address" }, "expand-ipv6-subnet-mode":{ "type":"string", "format":"enum", "plat-neg-list":["softax-ddet"], "default":"default", "partition-visibility":"shared", "description":"'default': Default learning mechanism (Default: Dynamic); 'dynamic': Dynamic learning; 'static': Static learning; ", "enum":[ "default", "dynamic", "static" ] } } } ] }, "description":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Description for this Destination Zone", "optional":true }, "zone-profile":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/zone-profile", "description":"Apply threshold profile", "optional":true }, "enable-top-k":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "topk-type":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'destination': Topk destination IP; ", "enum":[ "destination" ] }, "topk-num-records":{ "type":"number", "format":"number", "minimum":1, "maximum":100, "default":20, "partition-visibility":"shared", "description":"Maximum number of records to show in topk" } } } ] }, "glid":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID for the whole zone", "optional":true }, "action-list":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "description":"Configure action-list to take", "optional":true }, "per-addr-glid":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID per address", "optional":true }, "dest-nat-ip":{ "type":"string", "format":"ipv4-address", "plat-neg-list":["softax-ddet"], "partition-visibility":"shared", "description":"Destination NAT IP address", "optional":true }, "dest-nat-ipv6":{ "type":"string", "format":"ipv6-address", "plat-neg-list":["softax-ddet"], "partition-visibility":"shared", "description":"Destination NAT IPv6 address", "optional":true }, "source-nat-pool":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Configure source NAT", "optional":true }, "non-restrictive":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Non-restrictive mode ignores Zero Thresholds Indicators", "optional":true }, "drop-frag-pkt":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Drop fragmented packets", "optional":true }, "sflow-common":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "not-list":[ "sflow-packets", "sflow-layer-4", "sflow-tcp-basic", "sflow-tcp-stateful", "sflow-http" ], "description":"Enable sFlow counter polling packets, tcp-basic, tcp-stateful and http. WARNING: Zone level Sflow polling might induce heavy CP", "optional":true }, "sflow-packets":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "not":"sflow-common", "description":"Enable sFlow packet-level counter polling. WARNING: Zone level Sflow polling might induce heavy CPU load depending on the total", "optional":true }, "sflow-layer-4":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "not":"sflow-common", "description":"Enable sFlow Layer 4 counter polling. WARNING: Zone level Sflow polling might induce heavy CPU load depending on the number of ", "optional":true }, "sflow-tcp":{ "type":"object", "properties":{ "sflow-tcp-basic":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "not":"sflow-common", "description":"Enable sFlow basic TCP counter polling. WARNING: Zone level Sflow polling might induce heavy CPU load depending on the total nu" }, "sflow-tcp-stateful":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "not":"sflow-common", "description":"Enable sFlow stateful TCP counter polling. WARNING: Zone level Sflow polling might induce heavy CPU load depending on the total" } } }, "sflow-http":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "not":"sflow-common", "description":"Enable sFlow HTTP counter polling. WARNING: Zone level Sflow polling might induce heavy CPU load depending on the total number ", "optional":true }, "advertised-enable":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"BGP advertised", "optional":true }, "telemetry-enable":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Enable from-l3-peer flag for the zone, thus all the ip entries in the zone will be dynamically created/deleted based on the BGP", "optional":true }, "zone-template":{ "type":"object", "properties":{ "logging":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS logging template" } } }, "inbound-forward-dscp":{ "type":"number", "format":"number", "plat-neg-list":["softax-ddet"], "minimum":1, "maximum":63, "partition-visibility":"shared", "description":"To set dscp value for inbound packets (DSCP Value for the clear traffic marking)", "optional":true }, "outbound-forward-dscp":{ "type":"number", "format":"number", "plat-neg-list":["softax-ddet"], "minimum":1, "maximum":63, "partition-visibility":"shared", "description":"To set dscp value for outbound", "optional":true }, "reporting-disabled":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Disable Reporting", "optional":true }, "log-enable":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Enable logging", "optional":true }, "log-periodic":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Enable log periodic", "optional":true }, "log-high-frequency":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Enable High frequency logging for non-event logs per zone", "optional":true }, "rate-limit":{ "type":"number", "format":"number", "plat-neg-list":["softax-ddet"], "minimum":1, "maximum":1000, "default":1, "partition-visibility":"shared", "description":"Rate limit per second per zone(Default : 1 per second)", "optional":true }, "set-counter-base-val":{ "type":"number", "format":"number", "plat-neg-list":["softax-ddet"], "minimum":1, "maximum":4294967295, "partition-visibility":"shared", "description":"Set T2 counter value of current context to specified value", "optional":true }, "is-from-wizard":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Is It Created from Onbox GUI Wizard", "optional":true }, "pattern-recognition-sensitivity":{ "type":"string", "format":"enum", "plat-neg-list":["softax-ddet"], "partition-visibility":"shared", "description":"'high': High sensitive pattern recognition; 'medium': Medium sensitive pattern recognition; 'low': Low sensitive pattern recognition; ", "enum":[ "high", "medium", "low" ], "optional":true }, "pattern-recognition-hw-filter-enable":{ "type":"number", "format":"flag", "plat-neg-list":["non-fpga, softax-ddet", "softax-ddet"], "default":0, "partition-visibility":"shared", "description":"to enable pattern recognition hardware filter", "optional":true }, "collector":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "sflow-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "$ref":"/axapi/v3/sflow/collector/custom", "description":"Name of configured custom sFlow collector" } } } ] }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "sampling-enable":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "counters1":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'all': all; 'zone_tcp_any_exceed': TCP Dst IP-Proto Rate: Total Exceeded; 'zone_tcp_pkt_rate_exceed': TCP Dst IP-Proto Rate: Packet Exceeded; 'zone_tcp_conn_rate_exceed': TCP Dst IP-Proto Rate: Conn Exceeded; 'zone_udp_any_exceed': UDP Dst IP-Proto Rate: Total Exceeded; 'zone_udp_pkt_rate_exceed': UDP Dst IP-Proto Rate: Packet Exceeded; 'zone_udp_conn_limit_exceed': UDP Dst IP-Proto Limit: Conn Exceeded; 'zone_udp_conn_rate_exceed': UDP Dst IP-Proto Rate: Conn Exceeded; 'zone_icmp_pkt_rate_exceed': ICMP Dst Rate: Packet Exceeded; 'zone_other_pkt_rate_exceed': OTHER Dst IP-Proto Rate: Packet Exceeded; 'zone_other_frag_pkt_rate_exceed': OTHER Dst IP-Proto Rate: Frag Exceeded; 'zone_port_pkt_rate_exceed': Port Rate: Packet Exceeded; 'zone_port_conn_limit_exceed': Port Limit: Conn Exceeded; 'zone_port_conn_rate_exceed': Port Rate: Conn Exceeded; 'zone_pkt_sent': Inbound: Packets Forwarded; 'zone_udp_pkt_sent': UDP Total Packets Forwarded; 'zone_tcp_pkt_sent': TCP Total Packets Forwarded; 'zone_icmp_pkt_sent': ICMP Total Packets Forwarded; 'zone_other_pkt_sent': OTHER Total Packets Forwarded; 'zone_tcp_conn_limit_exceed': TCP Dst IP-Proto Limit: Conn Exceeded; 'zone_tcp_pkt_rcvd': TCP Total Packets Received; 'zone_udp_pkt_rcvd': UDP Total Packets Received; 'zone_icmp_pkt_rcvd': ICMP Total Packets Received; 'zone_other_pkt_rcvd': OTHER Total Packets Received; 'zone_udp_filter_match': UDP Filter Match; 'zone_udp_filter_not_match': UDP Filter Not Matched on Pkt; 'zone_udp_filter_action_blacklist': UDP Filter Action Blacklist; 'zone_udp_filter_action_drop': UDP Filter Action Drop; 'zone_tcp_syn': TCP Total SYN Received; 'zone_tcp_syn_drop': TCP SYN Packets Dropped; 'zone_tcp_src_rate_drop': TCP Src Rate: Total Exceeded; 'zone_udp_src_rate_drop': UDP Src Rate: Total Exceeded; 'zone_icmp_src_rate_drop': ICMP Src Rate: Total Exceeded; 'zone_other_frag_src_rate_drop': OTHER Src Rate: Frag Exceeded; 'zone_other_src_rate_drop': OTHER Src Rate: Total Exceeded; 'zone_tcp_drop': TCP Total Packets Dropped; 'zone_udp_drop': UDP Total Packets Dropped; 'zone_icmp_drop': ICMP Total Packets Dropped; 'zone_frag_drop': Fragmented Packets Dropped; 'zone_other_drop': OTHER Total Packets Dropped; 'zone_tcp_auth': TCP Auth: SYN Cookie Sent; 'zone_udp_filter_action_default_pass': UDP Filter Action Default Pass; 'zone_tcp_filter_match': TCP Filter Match; 'zone_tcp_filter_not_match': TCP Filter Not Matched on Pkt; 'zone_tcp_filter_action_blacklist': TCP Filter Action Blacklist; 'zone_tcp_filter_action_drop': TCP Filter Action Drop; 'zone_tcp_filter_action_default_pass': TCP Filter Action Default Pass; 'zone_udp_filter_action_whitelist': UDP Filter Action WL; 'zone_over_limit_on': Zone overlimit Trigger ON; 'zone_over_limit_off': Zone overlimit Trigger OFF; 'zone_port_over_limit_on': Zone port overlimit Trigger ON; 'zone_port_over_limit_off': Zone port overlimit Trigger OFF; 'zone_over_limit_action': Zone overlimit action; 'zone_port_over_limit_action': Zone port overlimit action; 'scanning_detected_drop': Scanning Detected drop (deprecated); 'scanning_detected_blacklist': Scanning Detected blacklist (deprecated); 'zone_udp_kibit_rate_drop': UDP Dst IP-Proto Rate: KiBit Exceeded; 'zone_tcp_kibit_rate_drop': TCP Dst IP-Proto Rate: KiBit Exceeded; 'zone_icmp_kibit_rate_drop': ICMP Dst Rate: KiBit Exceeded; 'zone_other_kibit_rate_drop': OTHER Dst IP-Proto Rate: KiBit Exceeded; 'zone_port_undef_drop': Dst Port Undefined Dropped; 'zone_port_bl': Dst Port Blacklist Packets Dropped; 'zone_src_port_bl': Dst SrcPort Blacklist Packets Dropped; 'zone_port_kbit_rate_exceed': Port Rate: KiBit Exceeded; 'zone_tcp_src_drop': TCP Src Packets Dropped; 'zone_udp_src_drop': UDP Src Packets Dropped; 'zone_icmp_src_drop': ICMP Src Packets Dropped; 'zone_other_src_drop': OTHER Src Packets Dropped; 'tcp_syn_rcvd': TCP Inbound SYN Received; 'tcp_syn_ack_rcvd': TCP SYN ACK Received; 'tcp_ack_rcvd': TCP ACK Received; 'tcp_fin_rcvd': TCP FIN Received; 'tcp_rst_rcvd': TCP RST Received; 'ingress_bytes': Inbound: Bytes Received; 'egress_bytes': Outbound: Bytes Received; 'ingress_packets': Inbound: Packets Received; 'egress_packets': Outbound: Packets Received; 'tcp_fwd_recv': TCP Inbound Packets Received; 'udp_fwd_recv': UDP Inbound Packets Received; 'icmp_fwd_recv': ICMP Inbound Packets Received; 'tcp_syn_cookie_fail': TCP Auth: SYN Cookie Failed; 'zone_tcp_session_created': TCP Sessions Created; 'zone_udp_session_created': UDP Sessions Created; 'zone_tcp_filter_action_whitelist': TCP Filter Action WL; 'zone_other_filter_match': OTHER Filter Match; 'zone_other_filter_not_match': OTHER Filter Not Matched on Pkt; 'zone_other_filter_action_blacklist': OTHER Filter Action Blacklist; 'zone_other_filter_action_drop': OTHER Filter Action Drop; 'zone_other_filter_action_whitelist': OTHER Filter Action WL; 'zone_other_filter_action_default_pass': OTHER Filter Action Default Pass; 'zone_blackhole_inject': Dst Blackhole Inject; 'zone_blackhole_withdraw': Dst Blackhole Withdraw; 'zone_tcp_out_of_seq_excd': TCP Out-Of-Seq Exceeded; 'zone_tcp_retransmit_excd': TCP Retransmit Exceeded; 'zone_tcp_zero_window_excd': TCP Zero-Window Exceeded; 'zone_tcp_conn_prate_excd': TCP Rate: Conn Pkt Exceeded; 'zone_tcp_action_on_ack_init': TCP Auth: ACK Retry Init; 'zone_tcp_action_on_ack_gap_drop': TCP Auth: ACK Retry Retry-Gap Dropped; 'zone_tcp_action_on_ack_fail': TCP Auth: ACK Retry Dropped; 'zone_tcp_action_on_ack_pass': TCP Auth: ACK Retry Passed; 'zone_tcp_action_on_syn_init': TCP Auth: SYN Retry Init; 'zone_tcp_action_on_syn_gap_drop': TCP Auth: SYN Retry-Gap Dropped; 'zone_tcp_action_on_syn_fail': TCP Auth: SYN Retry Dropped; 'zone_tcp_action_on_syn_pass': TCP Auth: SYN Retry Passed; 'zone_payload_too_small': UDP Payload Too Small; 'zone_payload_too_big': UDP Payload Too Large; 'zone_udp_conn_prate_excd': UDP Rate: Conn Pkt Exceeded; 'zone_udp_ntp_monlist_req': UDP NTP Monlist Request; 'zone_udp_ntp_monlist_resp': UDP NTP Monlist Response; 'zone_udp_wellknown_sport_drop': UDP SrcPort Wellknown; 'zone_udp_retry_init': UDP Auth: Retry Init; 'zone_udp_retry_pass': UDP Auth: Retry Passed; 'zone_tcp_bytes_drop': TCP Total Bytes Dropped; 'zone_udp_bytes_drop': UDP Total Bytes Dropped; 'zone_icmp_bytes_drop': ICMP Total Bytes Dropped; 'zone_other_bytes_drop': OTHER Total Bytes Dropped; 'zone_out_no_route': Dst IPv4/v6 Out No Route; 'outbound_bytes_sent': Outbound: Bytes Forwarded; 'outbound_drop': Outbound: Packets Dropped; 'outbound_bytes_drop': Outbound: Bytes Dropped; 'outbound_pkt_sent': Outbound: Packets Forwarded; 'inbound_bytes_sent': Inbound: Bytes Forwarded; 'inbound_bytes_drop': Inbound: Bytes Dropped; 'zone_src_port_pkt_rate_exceed': SrcPort Rate: Packet Exceeded; 'zone_src_port_kbit_rate_exceed': SrcPort Rate: KiBit Exceeded; 'zone_src_port_conn_limit_exceed': SrcPort Limit: Conn Exceeded; 'zone_src_port_conn_rate_exceed': SrcPort Rate: Conn Exceeded; 'zone_ip_proto_pkt_rate_exceed': IP-Proto Rate: Packet Exceeded; 'zone_ip_proto_kbit_rate_exceed': IP-Proto Rate: KiBit Exceeded; 'zone_tcp_port_any_exceed': TCP Port Rate: Total Exceed; 'zone_udp_port_any_exceed': UDP Port Rate: Total Exceed; 'zone_tcp_auth_pass': TCP Auth: SYN Auth Passed; 'zone_tcp_rst_cookie_fail': TCP Auth: RST Cookie Failed; 'zone_tcp_unauth_drop': TCP Auth: Unauth Dropped; 'src_tcp_syn_auth_fail': Src TCP Auth: SYN Auth Failed; 'src_tcp_syn_cookie_sent': Src TCP Auth: SYN Cookie Sent; 'src_tcp_syn_cookie_fail': Src TCP Auth: SYN Cookie Failed; 'src_tcp_rst_cookie_fail': Src TCP Auth: RST Cookie Failed; ", "enum":[ "all", "zone_tcp_any_exceed", "zone_tcp_pkt_rate_exceed", "zone_tcp_conn_rate_exceed", "zone_udp_any_exceed", "zone_udp_pkt_rate_exceed", "zone_udp_conn_limit_exceed", "zone_udp_conn_rate_exceed", "zone_icmp_pkt_rate_exceed", "zone_other_pkt_rate_exceed", "zone_other_frag_pkt_rate_exceed", "zone_port_pkt_rate_exceed", "zone_port_conn_limit_exceed", "zone_port_conn_rate_exceed", "zone_pkt_sent", "zone_udp_pkt_sent", "zone_tcp_pkt_sent", "zone_icmp_pkt_sent", "zone_other_pkt_sent", "zone_tcp_conn_limit_exceed", "zone_tcp_pkt_rcvd", "zone_udp_pkt_rcvd", "zone_icmp_pkt_rcvd", "zone_other_pkt_rcvd", "zone_udp_filter_match", "zone_udp_filter_not_match", "zone_udp_filter_action_blacklist", "zone_udp_filter_action_drop", "zone_tcp_syn", "zone_tcp_syn_drop", "zone_tcp_src_rate_drop", "zone_udp_src_rate_drop", "zone_icmp_src_rate_drop", "zone_other_frag_src_rate_drop", "zone_other_src_rate_drop", "zone_tcp_drop", "zone_udp_drop", "zone_icmp_drop", "zone_frag_drop", "zone_other_drop", "zone_tcp_auth", "zone_udp_filter_action_default_pass", "zone_tcp_filter_match", "zone_tcp_filter_not_match", "zone_tcp_filter_action_blacklist", "zone_tcp_filter_action_drop", "zone_tcp_filter_action_default_pass", "zone_udp_filter_action_whitelist", "zone_over_limit_on", "zone_over_limit_off", "zone_port_over_limit_on", "zone_port_over_limit_off", "zone_over_limit_action", "zone_port_over_limit_action", "scanning_detected_drop", "scanning_detected_blacklist", "zone_udp_kibit_rate_drop", "zone_tcp_kibit_rate_drop", "zone_icmp_kibit_rate_drop", "zone_other_kibit_rate_drop", "zone_port_undef_drop", "zone_port_bl", "zone_src_port_bl", "zone_port_kbit_rate_exceed", "zone_tcp_src_drop", "zone_udp_src_drop", "zone_icmp_src_drop", "zone_other_src_drop", "tcp_syn_rcvd", "tcp_syn_ack_rcvd", "tcp_ack_rcvd", "tcp_fin_rcvd", "tcp_rst_rcvd", "ingress_bytes", "egress_bytes", "ingress_packets", "egress_packets", "tcp_fwd_recv", "udp_fwd_recv", "icmp_fwd_recv", "tcp_syn_cookie_fail", "zone_tcp_session_created", "zone_udp_session_created", "zone_tcp_filter_action_whitelist", "zone_other_filter_match", "zone_other_filter_not_match", "zone_other_filter_action_blacklist", "zone_other_filter_action_drop", "zone_other_filter_action_whitelist", "zone_other_filter_action_default_pass", "zone_blackhole_inject", "zone_blackhole_withdraw", "zone_tcp_out_of_seq_excd", "zone_tcp_retransmit_excd", "zone_tcp_zero_window_excd", "zone_tcp_conn_prate_excd", "zone_tcp_action_on_ack_init", "zone_tcp_action_on_ack_gap_drop", "zone_tcp_action_on_ack_fail", "zone_tcp_action_on_ack_pass", "zone_tcp_action_on_syn_init", "zone_tcp_action_on_syn_gap_drop", "zone_tcp_action_on_syn_fail", "zone_tcp_action_on_syn_pass", "zone_payload_too_small", "zone_payload_too_big", "zone_udp_conn_prate_excd", "zone_udp_ntp_monlist_req", "zone_udp_ntp_monlist_resp", "zone_udp_wellknown_sport_drop", "zone_udp_retry_init", "zone_udp_retry_pass", "zone_tcp_bytes_drop", "zone_udp_bytes_drop", "zone_icmp_bytes_drop", "zone_other_bytes_drop", "zone_out_no_route", "outbound_bytes_sent", "outbound_drop", "outbound_bytes_drop", "outbound_pkt_sent", "inbound_bytes_sent", "inbound_bytes_drop", "zone_src_port_pkt_rate_exceed", "zone_src_port_kbit_rate_exceed", "zone_src_port_conn_limit_exceed", "zone_src_port_conn_rate_exceed", "zone_ip_proto_pkt_rate_exceed", "zone_ip_proto_kbit_rate_exceed", "zone_tcp_port_any_exceed", "zone_udp_port_any_exceed", "zone_tcp_auth_pass", "zone_tcp_rst_cookie_fail", "zone_tcp_unauth_drop", "src_tcp_syn_auth_fail", "src_tcp_syn_cookie_sent", "src_tcp_syn_cookie_fail", "src_tcp_rst_cookie_fail" ] }, "counters2":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'src_tcp_unauth_drop': Src TCP Auth: Unauth Dropped; 'src_tcp_action_on_syn_init': Src TCP Auth: SYN Retry Init; 'src_tcp_action_on_syn_gap_drop': Src TCP Auth: SYN Retry-Gap Dropped; 'src_tcp_action_on_syn_fail': Src TCP Auth: SYN Retry Dropped; 'src_tcp_action_on_ack_init': Src TCP Auth: ACK Retry Init; 'src_tcp_action_on_ack_gap_drop': Src TCP Auth: ACK Retry Retry-Gap Dropped; 'src_tcp_action_on_ack_fail': Src TCP Auth: ACK Retry Dropped; 'src_tcp_out_of_seq_excd': Src TCP Out-Of-Seq Exceeded; 'src_tcp_retransmit_excd': Src TCP Retransmit Exceeded; 'src_tcp_zero_window_excd': Src TCP Zero-Window Exceeded; 'src_tcp_conn_prate_excd': Src TCP Rate: Conn Pkt Exceeded; 'src_udp_min_payload': Src UDP Payload Too Small; 'src_udp_max_payload': Src UDP Payload Too Large; 'src_udp_conn_prate_excd': Src UDP Rate: Conn Pkt Exceeded; 'src_udp_ntp_monlist_req': Src UDP NTP Monlist Request; 'src_udp_ntp_monlist_resp': Src UDP NTP Monlist Response; 'src_udp_wellknown_sport_drop': Src UDP SrcPort Wellknown; 'src_udp_retry_init': Src UDP Auth: Retry Init; 'dst_udp_retry_gap_drop': UDP Auth: Retry-Gap Dropped; 'dst_udp_retry_fail': UDP Auth: Retry Timeout; 'dst_tcp_session_aged': TCP Sessions Aged; 'dst_udp_session_aged': UDP Sessions Aged; 'dst_tcp_conn_close': TCP Connections Closed; 'dst_tcp_conn_close_half_open': TCP Half Open Connections Closed; 'dst_drop_frag_pkt': Fragmented Packets Dropped; 'src_tcp_filter_action_blacklist': Src TCP Filter Action Blacklist; 'src_tcp_filter_action_whitelist': Src TCP Filter Action WL; 'src_tcp_filter_action_drop': Src TCP Filter Action Drop; 'src_tcp_filter_action_default_pass': Src TCP Filter Action Default Pass; 'src_udp_filter_action_blacklist': Src UDP Filter Action Blacklist; 'src_udp_filter_action_whitelist': Src UDP Filter Action WL; 'src_udp_filter_action_drop': Src UDP Filter Action Drop; 'src_udp_filter_action_default_pass': Src UDP Filter Action Default Pass; 'src_other_filter_action_blacklist': Src OTHER Filter Action Blacklist; 'src_other_filter_action_whitelist': Src OTHER Filter Action WL; 'src_other_filter_action_drop': Src OTHER Filter Action Drop; 'src_other_filter_action_default_pass': Src OTHER Filter Action Default Pass; 'tcp_invalid_syn': TCP Invalid SYN Received; 'dst_tcp_conn_close_w_rst': TCP RST Connections Closed; 'dst_tcp_conn_close_w_fin': TCP FIN Connections Closed; 'dst_tcp_conn_close_w_idle': TCP Idle Connections Closed; 'dst_tcp_conn_create_from_syn': TCP Connections Created From SYN; 'dst_tcp_conn_create_from_ack': TCP Connections Created From ACK; 'src_frag_drop': Src Fragmented Packets Dropped; 'zone_port_kbit_rate_exceed_pkt': Port Rate: KiBit Pkt Exceeded; 'dst_tcp_bytes_rcv': TCP Total Bytes Received; 'dst_udp_bytes_rcv': UDP Total Bytes Received; 'dst_icmp_bytes_rcv': ICMP Total Bytes Received; 'dst_other_bytes_rcv': OTHER Total Bytes Received; 'dst_tcp_bytes_sent': TCP Total Bytes Forwarded; 'dst_udp_bytes_sent': UDP Total Bytes Forwarded; 'dst_icmp_bytes_sent': ICMP Total Bytes Forwarded; 'dst_other_bytes_sent': OTHER Total Bytes Forwarded; 'dst_udp_auth_drop': UDP Auth: Dropped; 'dst_tcp_auth_drop': TCP Auth: Dropped; 'dst_tcp_auth_resp': TCP Auth: Responded; 'dst_drop': Inbound: Packets Dropped; 'dst_entry_pkt_rate_exceed': Entry Rate: Packet Exceeded; 'dst_entry_kbit_rate_exceed': Entry Rate: KiBit Exceeded; 'dst_entry_conn_limit_exceed': Entry Limit: Conn Exceeded; 'dst_entry_conn_rate_exceed': Entry Rate: Conn Exceeded; 'dst_entry_frag_pkt_rate_exceed': Entry Rate: Frag Packet Exceeded; 'dst_l4_tcp_blacklist_drop': Dst TCP IP-Proto Blacklist Dropped; 'dst_l4_udp_blacklist_drop': Dst UDP IP-Proto Blacklist Dropped; 'dst_l4_icmp_blacklist_drop': Dst ICMP IP-Proto Blacklist Dropped; 'dst_l4_other_blacklist_drop': Dst OTHER IP-Proto Blacklist Dropped; 'dst_frag_timeout_drop': Fragment Reassemble Timeout Drop; 'dst_icmp_any_exceed': ICMP Rate: Total Exceed; 'dst_other_any_exceed': OTHER Rate: Total Exceed; 'tcp_rexmit_syn_limit_drop': TCP SYN Retransmit Exceeded Drop; 'tcp_rexmit_syn_limit_bl': TCP SYN Retransmit Exceeded Blacklist; 'dst_clist_overflow_policy_at_learning': Dst Src-Based Overflow Policy Hit; 'zone_frag_rcvd': Fragmented Packets Received; 'zone_tcp_wellknown_sport_drop': TCP SrcPort Wellknown; 'src_tcp_wellknown_sport_drop': Src TCP SrcPort Wellknown; 'secondary_dst_entry_pkt_rate_exceed': Per Addr Rate: Packet Exceeded; 'secondary_dst_entry_kbit_rate_exceed': Per Addr Rate: KiBit Exceeded; 'secondary_dst_entry_conn_limit_exceed': Per Addr Limit: Conn Exceeded; 'secondary_dst_entry_conn_rate_exceed': Per Addr Rate: Conn Exceeded; 'secondary_dst_entry_frag_pkt_rate_exceed': Per Addr Rate: Frag Packet Exceeded; 'src_udp_retry_gap_drop': Src UDP Auth: Retry-Gap Dropped; 'dst_entry_kbit_rate_exceed_count': Entry Rate: KiBit Exceeded Count; 'secondary_entry_learn': Per Addr Entry Learned; 'secondary_entry_hit': Per Addr Entry Hit; 'secondary_entry_miss': Per Addr Entry Missed; 'secondary_entry_aged': Per Addr Entry Aged; 'secondary_entry_learning_thre_exceed': Per Addr Entry Count Overflow; 'zone_port_undef_hit': Dst Port undefined Hit; 'zone_tcp_action_on_ack_timeout': TCP Auth: ACK Retry Timeout; 'zone_tcp_action_on_ack_reset': TCP Auth: ACK Retry Timeout Reset; 'zone_tcp_action_on_ack_blacklist': TCP Auth: ACK Retry Timeout Blacklisted; 'src_tcp_action_on_ack_timeout': Src TCP Auth: ACK Retry Timeout; 'src_tcp_action_on_ack_reset': Src TCP Auth: ACK Retry Timeout Reset; 'src_tcp_action_on_ack_blacklist': Src TCP Auth: ACK Retry Timeout Blacklisted; 'zone_tcp_action_on_syn_timeout': TCP Auth: SYN Retry Timeout; 'zone_tcp_action_on_syn_reset': TCP Auth: SYN Retry Timeout Reset; 'zone_tcp_action_on_syn_blacklist': TCP Auth: SYN Retry Timeout Blacklisted; 'src_tcp_action_on_syn_timeout': Src TCP Auth: SYN Retry Timeout; 'src_tcp_action_on_syn_reset': Src TCP Auth: SYN Retry Timeout Reset; 'src_tcp_action_on_syn_blacklist': Src TCP Auth: SYN Retry Timeout Blacklisted; 'zone_udp_frag_pkt_rate_exceed': UDP Dst IP-Proto Rate: Frag Exceeded; 'zone_udp_frag_src_rate_drop': UDP Src Rate: Frag Exceeded; 'zone_tcp_frag_pkt_rate_exceed': TCP Dst IP-Proto Rate: Frag Exceeded; 'zone_tcp_frag_src_rate_drop': TCP Src Rate: Frag Exceeded; 'zone_icmp_frag_pkt_rate_exceed': ICMP Dst IP-Proto Rate: Frag Exceeded; 'zone_icmp_frag_src_rate_drop': ICMP Src Rate: Frag Exceeded; 'sflow_internal_samples_packed': Sflow Internal Samples Packed; 'sflow_external_samples_packed': Sflow External Samples Packed; 'sflow_internal_packets_sent': Sflow Internal Packets Sent; 'sflow_external_packets_sent': Sflow External Packets Sent; 'dns_outbound_total_query': DNS Outbound Total Query; 'dns_outbound_query_malformed': DNS Outbound Query Malformed; 'dns_outbound_query_resp_chk_failed': DNS Outbound Query Resp Check Failed; 'dns_outbound_query_resp_chk_blacklisted': DNS Outbound Query Resp Check Blacklisted; 'dns_outbound_query_resp_chk_refused_sent': DNS Outbound Query Resp Check REFUSED Sent; 'dns_outbound_query_resp_chk_reset_sent': DNS Outbound Query Resp Check RESET Sent; 'dns_outbound_query_resp_chk_no_resp_sent': DNS Outbound Query Resp Check No Response Sent; 'dns_outbound_query_resp_size_exceed': DNS Outbound Query Response Size Exceed; 'dns_outbound_query_sess_timed_out': DNS Outbound Query Session Timed Out; 'source_entry_total': Source Entry Total Count; 'source_entry_udp': Source Entry UDP Count; 'source_entry_tcp': Source Entry TCP Count; 'source_entry_icmp': Source Entry ICMP Count; 'source_entry_other': Source Entry OTHER Count; 'dst_exceed_action_tunnel': Entry Exceed Action: Tunnel; ", "enum":[ "src_tcp_unauth_drop", "src_tcp_action_on_syn_init", "src_tcp_action_on_syn_gap_drop", "src_tcp_action_on_syn_fail", "src_tcp_action_on_ack_init", "src_tcp_action_on_ack_gap_drop", "src_tcp_action_on_ack_fail", "src_tcp_out_of_seq_excd", "src_tcp_retransmit_excd", "src_tcp_zero_window_excd", "src_tcp_conn_prate_excd", "src_udp_min_payload", "src_udp_max_payload", "src_udp_conn_prate_excd", "src_udp_ntp_monlist_req", "src_udp_ntp_monlist_resp", "src_udp_wellknown_sport_drop", "src_udp_retry_init", "dst_udp_retry_gap_drop", "dst_udp_retry_fail", "dst_tcp_session_aged", "dst_udp_session_aged", "dst_tcp_conn_close", "dst_tcp_conn_close_half_open", "dst_drop_frag_pkt", "src_tcp_filter_action_blacklist", "src_tcp_filter_action_whitelist", "src_tcp_filter_action_drop", "src_tcp_filter_action_default_pass", "src_udp_filter_action_blacklist", "src_udp_filter_action_whitelist", "src_udp_filter_action_drop", "src_udp_filter_action_default_pass", "src_other_filter_action_blacklist", "src_other_filter_action_whitelist", "src_other_filter_action_drop", "src_other_filter_action_default_pass", "tcp_invalid_syn", "dst_tcp_conn_close_w_rst", "dst_tcp_conn_close_w_fin", "dst_tcp_conn_close_w_idle", "dst_tcp_conn_create_from_syn", "dst_tcp_conn_create_from_ack", "src_frag_drop", "zone_port_kbit_rate_exceed_pkt", "dst_tcp_bytes_rcv", "dst_udp_bytes_rcv", "dst_icmp_bytes_rcv", "dst_other_bytes_rcv", "dst_tcp_bytes_sent", "dst_udp_bytes_sent", "dst_icmp_bytes_sent", "dst_other_bytes_sent", "dst_udp_auth_drop", "dst_tcp_auth_drop", "dst_tcp_auth_resp", "dst_drop", "dst_entry_pkt_rate_exceed", "dst_entry_kbit_rate_exceed", "dst_entry_conn_limit_exceed", "dst_entry_conn_rate_exceed", "dst_entry_frag_pkt_rate_exceed", "dst_l4_tcp_blacklist_drop", "dst_l4_udp_blacklist_drop", "dst_l4_icmp_blacklist_drop", "dst_l4_other_blacklist_drop", "dst_frag_timeout_drop", "dst_icmp_any_exceed", "dst_other_any_exceed", "tcp_rexmit_syn_limit_drop", "tcp_rexmit_syn_limit_bl", "dst_clist_overflow_policy_at_learning", "zone_frag_rcvd", "zone_tcp_wellknown_sport_drop", "src_tcp_wellknown_sport_drop", "secondary_dst_entry_pkt_rate_exceed", "secondary_dst_entry_kbit_rate_exceed", "secondary_dst_entry_conn_limit_exceed", "secondary_dst_entry_conn_rate_exceed", "secondary_dst_entry_frag_pkt_rate_exceed", "src_udp_retry_gap_drop", "dst_entry_kbit_rate_exceed_count", "secondary_entry_learn", "secondary_entry_hit", "secondary_entry_miss", "secondary_entry_aged", "secondary_entry_learning_thre_exceed", "zone_port_undef_hit", "zone_tcp_action_on_ack_timeout", "zone_tcp_action_on_ack_reset", "zone_tcp_action_on_ack_blacklist", "src_tcp_action_on_ack_timeout", "src_tcp_action_on_ack_reset", "src_tcp_action_on_ack_blacklist", "zone_tcp_action_on_syn_timeout", "zone_tcp_action_on_syn_reset", "zone_tcp_action_on_syn_blacklist", "src_tcp_action_on_syn_timeout", "src_tcp_action_on_syn_reset", "src_tcp_action_on_syn_blacklist", "zone_udp_frag_pkt_rate_exceed", "zone_udp_frag_src_rate_drop", "zone_tcp_frag_pkt_rate_exceed", "zone_tcp_frag_src_rate_drop", "zone_icmp_frag_pkt_rate_exceed", "zone_icmp_frag_src_rate_drop", "sflow_internal_samples_packed", "sflow_external_samples_packed", "sflow_internal_packets_sent", "sflow_external_packets_sent", "dns_outbound_total_query", "dns_outbound_query_malformed", "dns_outbound_query_resp_chk_failed", "dns_outbound_query_resp_chk_blacklisted", "dns_outbound_query_resp_chk_refused_sent", "dns_outbound_query_resp_chk_reset_sent", "dns_outbound_query_resp_chk_no_resp_sent", "dns_outbound_query_resp_size_exceed", "dns_outbound_query_sess_timed_out", "source_entry_total", "source_entry_udp", "source_entry_tcp", "source_entry_icmp", "source_entry_other", "dst_exceed_action_tunnel" ] }, "counters3":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'dst_udp_retry_timeout_blacklist': UDP Auth: Retry Timeout Blacklisted; 'src_udp_auth_timeout': Src UDP Auth: Retry Timeout; 'zone_src_udp_retry_timeout_blacklist': Src UDP Auth: Retry Timeout Blacklisted; 'src_udp_retry_pass': Src UDP Retry Passed; 'secondary_port_learn': Per Addr Port Learned; 'secondary_port_aged': Per Addr Port Aged; 'dst_entry_outbound_udp_session_created': Outbound: UDP Sessions Created; 'dst_entry_outbound_udp_session_aged': Outbound: UDP Sessions Aged; 'dst_entry_outbound_tcp_session_created': Outbound: TCP Sessions Created; 'dst_entry_outbound_tcp_session_aged': Outbound: TCP Sessions Aged; 'dst_entry_outbound_pkt_rate_exceed': Outbound Rate: Packet Exceeded; 'dst_entry_outbound_kbit_rate_exceed': Outbound Rate: KiBit Exceeded; 'dst_entry_outbound_kbit_rate_exceed_count': Outbound Rate: KiBit Exceeded Count; 'dst_entry_outbound_conn_limit_exceed': Outbound Limit: Conn Exceeded; 'dst_entry_outbound_conn_rate_exceed': Outbound Rate: Conn Exceeded; 'dst_entry_outbound_frag_pkt_rate_exceed': Outbound Rate: Frag Packet Exceeded; 'prog_first_req_time_exceed': Req-Resp: First Request Time Exceed; 'prog_req_resp_time_exceed': Req-Resp: Request to Response Time Exceed; 'prog_request_len_exceed': Req-Resp: Request Length Exceed; 'prog_response_len_exceed': Req-Resp: Response Length Exceed; 'prog_resp_req_ratio_exceed': Req-Resp: Response to Request Ratio Exceed; 'prog_resp_req_time_exceed': Req-Resp: Response to Request Time Exceed; 'entry_sync_message_received': Entry Sync Message Received; 'entry_sync_message_sent': Entry Sync Message Sent; 'prog_conn_sent_exceed': Connection: Sent Exceed; 'prog_conn_rcvd_exceed': Connection: Received Exceed; 'prog_conn_time_exceed': Connection: Time Exceed; 'prog_conn_rcvd_sent_ratio_exceed': Connection: Received to Sent Ratio Exceed; 'prog_win_sent_exceed': Time Window: Sent Exceed; 'prog_win_rcvd_exceed': Time Window: Received Exceed; 'prog_win_rcvd_sent_ratio_exceed': Time Window: Received to Sent Exceed; 'prog_exceed_drop': Req-Resp: Violation Exceed Dropped; 'prog_exceed_bl': Req-Resp: Violation Exceed Blacklisted; 'prog_conn_exceed_drop': Connection: Violation Exceed Dropped; 'prog_conn_exceed_bl': Connection: Violation Exceed Blacklisted; 'prog_win_exceed_drop': Time Window: Violation Exceed Dropped; 'prog_win_exceed_bl': Time Window: Violation Exceed Blacklisted; 'east_west_inbound_rcv_pkt': East West: Inbound Packets Received; 'east_west_inbound_drop_pkt': East West: Inbound Packets Dropped; 'east_west_inbound_fwd_pkt': East West: Inbound Packets Forwarded; 'east_west_inbound_rcv_byte': East West: Inbound Bytes Received; 'east_west_inbound_drop_byte': East West: Inbound Bytes Dropped; 'east_west_inbound_fwd_byte': East West: Inbound Bytes Forwarded; 'east_west_outbound_rcv_pkt': East West: Outbound Packets Received; 'east_west_outbound_drop_pkt': East West: Outbound Packets Dropped; 'east_west_outbound_fwd_pkt': East West: Outbound Packets Forwarded; 'east_west_outbound_rcv_byte': East West: Outbound Bytes Received; 'east_west_outbound_drop_byte': East West: Outbound Bytes Dropped; 'east_west_outbound_fwd_byte': East West: Outbound Bytes Forwarded; 'dst_exceed_action_drop': Entry Exceed Action: Dropped; 'prog_conn_samples': Sample Collected: Connection; 'prog_req_samples': Sample Collected: Req-Resp; 'prog_win_samples': Sample Collected: Time Window; 'victim_ip_learned': Victim Identification: IP Entry Learned; 'victim_ip_aged': Victim Identification: IP Entry Aged; 'prog_conn_samples_processed': Sample Processed: Connnection; 'prog_req_samples_processed': Sample Processed: Req-Resp; 'prog_win_samples_processed': Sample Processed: Time Window; 'dst_src_learn_overflow': Src Dynamic Entry Count Overflow; 'dst_tcp_auth_rst': TCP Auth: Reset; ", "enum":[ "dst_udp_retry_timeout_blacklist", "src_udp_auth_timeout", "zone_src_udp_retry_timeout_blacklist", "src_udp_retry_pass", "secondary_port_learn", "secondary_port_aged", "dst_entry_outbound_udp_session_created", "dst_entry_outbound_udp_session_aged", "dst_entry_outbound_tcp_session_created", "dst_entry_outbound_tcp_session_aged", "dst_entry_outbound_pkt_rate_exceed", "dst_entry_outbound_kbit_rate_exceed", "dst_entry_outbound_kbit_rate_exceed_count", "dst_entry_outbound_conn_limit_exceed", "dst_entry_outbound_conn_rate_exceed", "dst_entry_outbound_frag_pkt_rate_exceed", "prog_first_req_time_exceed", "prog_req_resp_time_exceed", "prog_request_len_exceed", "prog_response_len_exceed", "prog_resp_req_ratio_exceed", "prog_resp_req_time_exceed", "entry_sync_message_received", "entry_sync_message_sent", "prog_conn_sent_exceed", "prog_conn_rcvd_exceed", "prog_conn_time_exceed", "prog_conn_rcvd_sent_ratio_exceed", "prog_win_sent_exceed", "prog_win_rcvd_exceed", "prog_win_rcvd_sent_ratio_exceed", "prog_exceed_drop", "prog_exceed_bl", "prog_conn_exceed_drop", "prog_conn_exceed_bl", "prog_win_exceed_drop", "prog_win_exceed_bl", "east_west_inbound_rcv_pkt", "east_west_inbound_drop_pkt", "east_west_inbound_fwd_pkt", "east_west_inbound_rcv_byte", "east_west_inbound_drop_byte", "east_west_inbound_fwd_byte", "east_west_outbound_rcv_pkt", "east_west_outbound_drop_pkt", "east_west_outbound_fwd_pkt", "east_west_outbound_rcv_byte", "east_west_outbound_drop_byte", "east_west_outbound_fwd_byte", "dst_exceed_action_drop", "prog_conn_samples", "prog_req_samples", "prog_win_samples", "victim_ip_learned", "victim_ip_aged", "prog_conn_samples_processed", "prog_req_samples_processed", "prog_win_samples_processed", "dst_src_learn_overflow", "dst_tcp_auth_rst" ] } } } ] }, "detection":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/detection", "properties":{ "settings":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'settings': settings; ", "enum":[ "settings" ] }, "toggle":{ "type":"string", "format":"enum", "default":"enable", "partition-visibility":"shared", "description":"'enable': Enable detection; 'disable': Disable detection; ", "enum":[ "enable", "disable" ] }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" }, "notification":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/detection/notification", "properties":{ "configuration":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'configuration': configuration; ", "enum":[ "configuration" ] }, "notification":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "notification-template-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/notification-template", "description":"Specify the notification template name" } } } ] }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "outbound-detection":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/detection/outbound-detection", "properties":{ "configuration":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'configuration': configuration; ", "enum":[ "configuration" ] }, "toggle":{ "type":"string", "format":"enum", "default":"disable", "partition-visibility":"shared", "description":"'enable': Enable outbound detection; 'disable': Disable outbound detection; ", "enum":[ "enable", "disable" ] }, "discovery-method":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'asn': Autonomous Systems number; 'country': Country; ", "enum":[ "asn", "country" ] }, "discovery-record":{ "type":"number", "format":"number", "minimum":1, "maximum":100, "default":10, "partition-visibility":"shared", "description":"Maximum number of top locations" }, "enable-top-k":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "topk-type":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'source-subnet': Topk source subnet; ", "enum":[ "source-subnet" ] }, "topk-netmask":{ "type":"number", "format":"number", "minimum":1, "maximum":128, "default":128, "partition-visibility":"shared", "description":"Subnet mask. The value should be less than or equal to the minimum zone subnet mask + 8 (IPv6 Subnet mask)" }, "topk-num-records":{ "type":"number", "format":"number", "minimum":1, "maximum":100, "default":20, "partition-visibility":"shared", "description":"Maximum number of records to show in topk" } } } ] }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" }, "indicator-list":{ "type":"array", "minItems":1, "items":{ "type":"indicator" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/detection/outbound-detection/indicator/{type}", "array":[ { "properties":{ "type":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'pkt-rate': rate of incoming packets; 'pkt-drop-rate': rate of packets got dropped; 'bit-rate': rate of incoming bits; 'pkt-drop-ratio': ratio of incoming packet rate divided by the rate of dropping packets; 'bytes-to-bytes-from-ratio': ratio of incoming packet rate divided by the rate of outgoing packets; 'syn-rate': rate on incoming SYN packets; 'fin-rate': rate on incoming FIN packets; 'rst-rate': rate of incoming RST packets; 'small-window-ack-rate': rate of small window advertisement; 'empty-ack-rate': rate of incoming packets which have no payload; 'small-payload-rate': rate of short payload packet; 'syn-fin-ratio': ratio of incoming SYN packet rate divided by the rate of incoming FIN packets; ", "enum":[ "pkt-rate", "pkt-drop-rate", "bit-rate", "pkt-drop-ratio", "bytes-to-bytes-from-ratio", "syn-rate", "fin-rate", "rst-rate", "small-window-ack-rate", "empty-ack-rate", "small-payload-rate", "syn-fin-ratio" ], "optional":false }, "tcp-window-size":{ "type":"number", "format":"number", "minimum":1, "maximum":500, "partition-visibility":"shared", "description":"Expected minimal window size", "optional":true }, "data-packet-size":{ "type":"number", "format":"number", "minimum":1, "maximum":1500, "partition-visibility":"shared", "description":"Expected minimal data size", "optional":true }, "threshold-num":{ "type":"number", "format":"number", "minimum":1, "maximum":2147483647, "partition-visibility":"shared", "description":"Threshold for each geo-location", "optional":true }, "threshold-large-num":{ "type":"number", "format":"number", "minimum":1, "maximum":10995116277760, "partition-visibility":"shared", "description":"Threshold for each geo-location", "optional":true }, "threshold-str":{ "type":"string", "format":"string", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"Threshold for each geo-location (Non-zero floating point)", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "type" ] } ] }, "topk-source-subnet":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/detection/outbound-detection/topk-source-subnet", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } } } }, "service-discovery":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/detection/service-discovery", "properties":{ "configuration":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'configuration': configuration; ", "enum":[ "configuration" ] }, "toggle":{ "type":"string", "format":"enum", "default":"disable", "partition-visibility":"shared", "description":"'enable': Enable service discovery; 'disable': Disable service discovery; ", "enum":[ "enable", "disable" ] }, "pkt-rate-threshold":{ "type":"number", "format":"number", "minimum":1, "maximum":255, "default":10, "partition-visibility":"shared", "description":"packet rate threshold for discovery (default 10 packets per second)" }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "packet-anomaly-detection":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/detection/packet-anomaly-detection", "properties":{ "configuration":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'configuration': configuration; ", "enum":[ "configuration" ] }, "toggle":{ "type":"string", "format":"enum", "default":"enable", "partition-visibility":"shared", "description":"'enable': Enable packet anomaly; 'disable': Disable packet anomaly; ", "enum":[ "enable", "disable" ] }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" }, "indicator-list":{ "type":"array", "minItems":1, "items":{ "type":"indicator" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/detection/packet-anomaly-detection/indicator/{type}", "array":[ { "properties":{ "type":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'port-zero-pkt-rate': Port Zero Packet Rate (default 100 packet per second); ", "enum":[ "port-zero-pkt-rate" ], "optional":false }, "threshold-num":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "default":100, "partition-visibility":"shared", "description":"Threshold for each indicator", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "type" ] } ] } } }, "victim-ip-detection":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/detection/victim-ip-detection", "properties":{ "configuration":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'configuration': configuration; ", "enum":[ "configuration" ] }, "toggle":{ "type":"string", "format":"enum", "default":"disable", "partition-visibility":"shared", "description":"'enable': Enable victim IP detection; 'disable': Disable victim IP detection; ", "enum":[ "enable", "disable" ] }, "histogram-toggle":{ "type":"string", "format":"enum", "default":"histogram-disable", "partition-visibility":"shared", "description":"'histogram-enable': Enable histogram statistics of victim IP detection; 'histogram-disable': Disable histogram statistics of victim IP detection; ", "enum":[ "histogram-enable", "histogram-disable" ] }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" }, "indicator-list":{ "type":"array", "minItems":1, "items":{ "type":"indicator" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/detection/victim-ip-detection/indicator/{type}", "array":[ { "properties":{ "type":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'pkt-rate': rate of incoming packets; 'reverse-pkt-rate': rate of reverse coming packets; 'fwd-byte-rate': rate of incoming bytes; 'rev-byte-rate': rate of reverse coming bytes; ", "enum":[ "pkt-rate", "reverse-pkt-rate", "fwd-byte-rate", "rev-byte-rate" ], "optional":false }, "ip-threshold-num":{ "type":"number", "format":"number", "minimum":1, "maximum":2147483647, "partition-visibility":"shared", "description":"Threshold for IP", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "type" ] } ] } } } } }, "packet-anomaly-detection":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/packet-anomaly-detection", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "outbound-policy":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/outbound-policy", "properties":{ "name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/outbound-policy", "description":"Specify name of the outbound policy" }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "capture-config-list":{ "type":"array", "minItems":1, "items":{ "type":"capture-config" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/capture-config/{name}", "array":[ { "properties":{ "name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "$ref":"/axapi/v3/capture-config", "description":"Capture-config name", "optional":false }, "mode":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'drop': Apply capture-config to dropped packets; 'forward': Apply capture-config to forwarded packets; 'all': Apply capture-config to both dropped and forwarded packets; ", "enum":[ "drop", "forward", "all" ], "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true } }, "required":[ "name" ] } ] }, "hw-blacklist-blocking":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/hw-blacklist-blocking", "properties":{ "dst-enable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable Dst side hardware blocking" }, "src-enable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable Src side hardware blocking" }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "topk-destinations":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/topk-destinations", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "src-port-range-list":{ "type":"array", "minItems":1, "items":{ "type":"src-port-range" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/src-port-range/{src-port-range-start}+{src-port-range-end}+{protocol}", "array":[ { "properties":{ "src-port-range-start":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Src Port-Range Start Port Number", "optional":false }, "src-port-range-end":{ "type":"number", "format":"number", "minimum":2, "maximum":65535, "partition-visibility":"shared", "description":"Src Port-Range End Port Number", "optional":false }, "protocol":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'udp': UDP port; 'tcp': TCP Port; ", "enum":[ "udp", "tcp" ], "optional":false }, "deny":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Blacklist and Drop all incoming packets for protocol", "optional":true }, "glid-cfg":{ "type":"object", "properties":{ "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID" }, "glid-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'drop': Drop packets for glid exceed (Default); 'ignore': Do nothing for glid exceed; ", "enum":[ "drop", "ignore" ] } } }, "zone-template":{ "type":"object", "properties":{ "src-udp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS udp src template" }, "src-tcp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS tcp src template" } } }, "default-action-list":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "description":"Configure default-action-list", "optional":true }, "capture-config":{ "type":"object", "properties":{ "capture-config-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"Capture-config name" }, "capture-config-mode":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'drop': Apply capture-config to dropped packets; 'forward': Apply capture-config to forwarded packets; 'all': Apply capture-config to both dropped and forwarded packets; ", "enum":[ "drop", "forward", "all" ] } } }, "set-counter-base-val":{ "type":"number", "format":"number", "minimum":1, "maximum":4294967295, "partition-visibility":"shared", "description":"Set T2 counter value of current context to specified value", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "port-ind":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/src-port-range/{src-port-range-start}+{src-port-range-end}+{protocol}/port-ind", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "level-list":{ "type":"array", "minItems":1, "items":{ "type":"level" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/src-port-range/{src-port-range-start}+{src-port-range-end}+{protocol}/level/{level-num}", "array":[ { "properties":{ "level-num":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'0': Default policy level; '1': Policy level 1; ", "enum":[ "0", "1" ], "optional":false }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "indicator-list":{ "type":"array", "minItems":1, "items":{ "type":"indicator" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/src-port-range/{src-port-range-start}+{src-port-range-end}+{protocol}/level/{level-num}/indicator/{type}", "array":[ { "properties":{ "type":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'pkt-rate': rate of incoming packets; 'bit-rate': rate of incoming bits; ", "enum":[ "pkt-rate", "bit-rate" ], "optional":false }, "zone-threshold-num":{ "type":"number", "format":"number", "minimum":1, "maximum":2147483647, "partition-visibility":"shared", "description":"Threshold of the entire zone for the port-range", "optional":true }, "zone-threshold-large-num":{ "type":"number", "format":"number", "minimum":1, "maximum":10995116277760, "partition-visibility":"shared", "description":"Threshold of the entire zone for the port-range", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "type" ] } ] } }, "required":[ "level-num" ] } ] } }, "required":[ "src-port-range-start", "src-port-range-end", "protocol" ] } ] }, "src-port":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/src-port", "properties":{ "zone-src-port-list":{ "type":"array", "minItems":1, "items":{ "type":"zone-src-port" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/src-port/zone-src-port/{port-num}+{protocol}", "array":[ { "properties":{ "port-num":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Source Port Number", "optional":false }, "protocol":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'dns-udp': DNS-UDP Port; 'dns-tcp': DNS-TCP Port; 'udp': UDP port; 'tcp': TCP Port; ", "enum":[ "dns-udp", "dns-tcp", "udp", "tcp" ], "optional":false }, "deny":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Blacklist and Drop all incoming packets for protocol", "optional":true }, "glid-cfg":{ "type":"object", "properties":{ "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID" }, "glid-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'drop': Drop packets for glid exceed (Default); 'ignore': Do nothing for glid exceed; ", "enum":[ "drop", "ignore" ] } } }, "outbound-src-tracking":{ "type":"string", "format":"enum", "default":"disable", "partition-visibility":"shared", "description":"'enable': enable; 'disable': disable; ", "enum":[ "enable", "disable" ], "optional":true }, "zone-template":{ "type":"object", "properties":{ "src-udp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS udp src template" }, "src-tcp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS tcp src template" }, "src-dns":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS dns src template" } } }, "default-action-list":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "description":"Configure default-action-list", "optional":true }, "set-counter-base-val":{ "type":"number", "format":"number", "minimum":1, "maximum":4294967295, "partition-visibility":"shared", "description":"Set T2 counter value of current context to specified value", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "port-ind":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/src-port/zone-src-port/{port-num}+{protocol}/port-ind", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "level-list":{ "type":"array", "minItems":1, "items":{ "type":"level" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/src-port/zone-src-port/{port-num}+{protocol}/level/{level-num}", "array":[ { "properties":{ "level-num":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'0': Default policy level; '1': Policy level 1; ", "enum":[ "0", "1" ], "optional":false }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "indicator-list":{ "type":"array", "minItems":1, "items":{ "type":"indicator" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/src-port/zone-src-port/{port-num}+{protocol}/level/{level-num}/indicator/{type}", "array":[ { "properties":{ "type":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'pkt-rate': rate of incoming packets; 'bit-rate': rate of incoming bits; ", "enum":[ "pkt-rate", "bit-rate" ], "optional":false }, "zone-threshold-num":{ "type":"number", "format":"number", "minimum":1, "maximum":2147483647, "partition-visibility":"shared", "description":"Threshold of the entire zone for the src-port", "optional":true }, "zone-threshold-large-num":{ "type":"number", "format":"number", "minimum":1, "maximum":10995116277760, "partition-visibility":"shared", "description":"Threshold of the entire zone for the src-port", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "type" ] } ] } }, "required":[ "level-num" ] } ] } }, "required":[ "port-num", "protocol" ] } ] }, "zone-src-port-other-list":{ "type":"array", "minItems":1, "items":{ "type":"zone-src-port-other" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/src-port/zone-src-port-other/{port-other}+{protocol}", "array":[ { "properties":{ "port-other":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'other': other; ", "enum":[ "other" ], "optional":false }, "protocol":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'udp': UDP port; 'tcp': TCP Port; ", "enum":[ "udp", "tcp" ], "optional":false }, "deny":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Blacklist and Drop all incoming packets for protocol", "optional":true }, "glid-cfg":{ "type":"object", "properties":{ "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID" }, "glid-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'drop': Drop packets for glid exceed (Default); 'ignore': Do nothing for glid exceed; ", "enum":[ "drop", "ignore" ] } } }, "zone-template":{ "type":"object", "properties":{ "src-udp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS udp src template" }, "src-tcp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"DDOS tcp src template" } } }, "default-action-list":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "description":"Configure default-action-list", "optional":true }, "set-counter-base-val":{ "type":"number", "format":"number", "minimum":1, "maximum":4294967295, "partition-visibility":"shared", "description":"Set T2 counter value of current context to specified value", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "port-ind":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/src-port/zone-src-port-other/{port-other}+{protocol}/port-ind", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "level-list":{ "type":"array", "minItems":1, "items":{ "type":"level" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/src-port/zone-src-port-other/{port-other}+{protocol}/level/{level-num}", "array":[ { "properties":{ "level-num":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'0': Default policy level; '1': Policy level 1; ", "enum":[ "0", "1" ], "optional":false }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "indicator-list":{ "type":"array", "minItems":1, "items":{ "type":"indicator" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/src-port/zone-src-port-other/{port-other}+{protocol}/level/{level-num}/indicator/{type}", "array":[ { "properties":{ "type":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'pkt-rate': rate of incoming packets; 'bit-rate': rate of incoming bits; ", "enum":[ "pkt-rate", "bit-rate" ], "optional":false }, "zone-threshold-num":{ "type":"number", "format":"number", "minimum":1, "maximum":2147483647, "partition-visibility":"shared", "description":"Threshold of the entire zone for the src-port", "optional":true }, "zone-threshold-large-num":{ "type":"number", "format":"number", "minimum":1, "maximum":10995116277760, "partition-visibility":"shared", "description":"Threshold of the entire zone for the src-port", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "type" ] } ] } }, "required":[ "level-num" ] } ] } }, "required":[ "port-other", "protocol" ] } ] } } }, "ip-proto":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto", "properties":{ "proto-number-list":{ "type":"array", "minItems":1, "items":{ "type":"proto-number" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}", "array":[ { "properties":{ "protocol-num":{ "type":"number", "format":"number", "minimum":0, "maximum":255, "partition-visibility":"shared", "description":"Protocol Number", "optional":false }, "manual-mode-enable":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Toggle manual mode to use fix templates", "optional":true }, "deny":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Blacklist and Drop all incoming packets for this ip-proto", "optional":true }, "esp-inspect":{ "type":"object", "properties":{ "auth-algorithm":{ "type":"string", "format":"enum", "plat-neg-list":["softax-ddet"], "partition-visibility":"shared", "description":"'AUTH_NULL': No Integrity Check Value; 'HMAC-SHA-1-96': 96 bit Auth Algo; 'HMAC-SHA-256-96': 96 bit Auth Algo; 'HMAC-SHA-256-128': 128 bit Auth Algo; 'HMAC-SHA-384-192': 192 bit Auth Algo; 'HMAC-SHA-512-256': 256 bit Auth Algo; 'HMAC-MD5-96': 96 bit Auth Algo; 'MAC-RIPEMD-160-96': 96 bit Auth Algo; ", "enum":[ "AUTH_NULL", "HMAC-SHA-1-96", "HMAC-SHA-256-96", "HMAC-SHA-256-128", "HMAC-SHA-384-192", "HMAC-SHA-512-256", "HMAC-MD5-96", "MAC-RIPEMD-160-96" ] }, "encrypt-algorithm":{ "type":"string", "format":"enum", "plat-neg-list":["softax-ddet"], "partition-visibility":"shared", "description":"'NULL': Null Encryption Algorithm; ", "enum":[ "NULL" ] }, "mode":{ "type":"string", "format":"enum", "plat-neg-list":["softax-ddet"], "partition-visibility":"shared", "description":"'transport': Transport mode; ", "enum":[ "transport" ] } } }, "glid-cfg":{ "type":"object", "properties":{ "glid":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID for the whole zone" }, "glid-action":{ "type":"string", "format":"enum", "plat-neg-list":["softax-ddet"], "partition-visibility":"shared", "description":"'drop': Drop packets for glid exceed (Default); 'ignore': Do nothing for glid exceed; ", "enum":[ "drop", "ignore" ] }, "action-list":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "description":"Configure action-list to take" }, "per-addr-glid":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID per address" } } }, "drop-frag-pkt":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Drop fragmented packets", "optional":true }, "unlimited-dynamic-entry-count":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"No limit for maximum dynamic src entry count", "optional":true }, "max-dynamic-entry-count":{ "type":"number", "format":"number", "plat-neg-list":["softax-ddet"], "minimum":0, "maximum":2147483647, "partition-visibility":"shared", "description":"Maximum count for dynamic source zone service entry", "optional":true }, "apply-policy-on-overflow":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Enable this flag to apply overflow policy when dynamic entry count overflows", "optional":true }, "enable-top-k":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable ddos top-k source IP detection", "optional":true }, "topk-num-records":{ "type":"number", "format":"number", "minimum":1, "maximum":100, "default":20, "partition-visibility":"shared", "description":"Maximum number of records to show in topk", "optional":true }, "enable-top-k-destination":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable ddos top-k destination IP detection", "optional":true }, "topk-dst-num-records":{ "type":"number", "format":"number", "minimum":1, "maximum":100, "default":20, "partition-visibility":"shared", "description":"Maximum number of records to show in topk", "optional":true }, "set-counter-base-val":{ "type":"number", "format":"number", "plat-neg-list":["softax-ddet"], "minimum":1, "maximum":4294967295, "partition-visibility":"shared", "description":"Set T2 counter value of current context to specified value", "optional":true }, "age":{ "type":"number", "format":"number", "minimum":2, "maximum":1023, "default":5, "partition-visibility":"shared", "description":"Idle age for ip entry", "optional":true }, "enable-class-list-overflow":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Apply class-list overflow policy upon exceeding dynamic entry count specified for zone-port or class-list", "optional":true }, "faster-de-escalation":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"De-escalate faster in standalone mode", "optional":true }, "ip-filtering-policy":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/ip-filtering-policy", "description":"Configure IP Filter", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "ip-filtering-policy-oper":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}/ip-filtering-policy-oper", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "src-based-policy-list":{ "type":"array", "minItems":1, "items":{ "type":"src-based-policy" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}/src-based-policy/{src-based-policy-name}", "array":[ { "properties":{ "src-based-policy-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Specify name of the policy", "optional":false }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "policy-class-list-list":{ "type":"array", "minItems":1, "items":{ "type":"policy-class-list" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}/src-based-policy/{src-based-policy-name}/policy-class-list/{class-list-name}", "array":[ { "properties":{ "class-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Class-list name", "optional":false }, "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "glid-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'drop': Drop packets for glid exceed (Default); 'blacklist-src': Blacklist-src for glid exceed; 'ignore': Do nothing for glid exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ], "optional":true }, "action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'bypass': Always permit for the Source to bypass all feature & limit checks; 'deny': Blacklist incoming packets for service; ", "enum":[ "bypass", "deny" ], "optional":true }, "log-enable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable logging", "optional":true }, "log-periodic":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable log periodic", "optional":true }, "max-dynamic-entry-count":{ "type":"number", "format":"number", "minimum":0, "maximum":2147483647, "partition-visibility":"shared", "description":"Maximum count for dynamic source zone service entry allowed for this class-list", "optional":true }, "zone-template":{ "type":"object", "properties":{ "logging":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS logging template" }, "ip-proto":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS ip-proto template" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "sampling-enable":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "counters1":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'all': all; 'packet_received': Packets Received; 'packet_dropped': Packets Dropped; 'entry_learned': Entry Learned; 'entry_count_overflow': Entry Count Overflow; ", "enum":[ "all", "packet_received", "packet_dropped", "entry_learned", "entry_count_overflow" ] } } } ] }, "class-list-overflow-policy-list":{ "type":"array", "minItems":1, "items":{ "type":"class-list-overflow-policy" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}/src-based-policy/{src-based-policy-name}/policy-class-list/{class-list-name}/class-list-overflow-policy/{dummy-name}", "array":[ { "properties":{ "dummy-name":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'configuration': Configure overflow policy for class-list; ", "enum":[ "configuration" ], "optional":false }, "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'bypass': Always permit for the Source to bypass all feature & limit checks; 'deny': Blacklist incoming packets for service; ", "enum":[ "bypass", "deny" ], "optional":true }, "log-enable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable logging", "optional":true }, "log-periodic":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable log periodic", "optional":true }, "zone-template":{ "type":"object", "properties":{ "ip-proto":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS ip-proto template" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "dummy-name" ] } ] } }, "required":[ "class-list-name" ] } ] } }, "required":[ "src-based-policy-name" ] } ] }, "dynamic-entry-overflow-policy-list":{ "type":"array", "minItems":1, "items":{ "type":"dynamic-entry-overflow-policy" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}/dynamic-entry-overflow-policy/{dummy-name}", "array":[ { "properties":{ "dummy-name":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'configuration': Configure overflow policy; ", "enum":[ "configuration" ], "optional":false }, "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'bypass': Always permit for the Source to bypass all feature & limit checks; 'deny': Blacklist incoming packets for service; ", "enum":[ "bypass", "deny" ], "optional":true }, "zone-template":{ "type":"object", "properties":{ "ip-proto":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS ip-proto template" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "dummy-name" ] } ] }, "level-list":{ "type":"array", "minItems":1, "items":{ "type":"level" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}/level/{level-num}", "array":[ { "properties":{ "level-num":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'0': Default policy level; '1': Policy level 1; '2': Policy level 2; '3': Policy level 3; '4': Policy level 4; ", "enum":[ "0", "1", "2", "3", "4" ], "optional":false }, "src-default-glid":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "glid-action":{ "type":"string", "format":"enum", "plat-neg-list":["softax-ddet"], "partition-visibility":"shared", "description":"'drop': Drop packets for glid exceed (Default); 'blacklist-src': Blacklist-src for glid exceed; 'ignore': Do nothing for glid exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ], "optional":true }, "zone-escalation-score":{ "type":"number", "format":"number", "minimum":1, "maximum":1000000, "partition-visibility":"shared", "description":"Zone activation score of this level", "optional":true }, "zone-violation-actions":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/violation-actions", "description":"Violation actions apply due to zone escalate from this level", "optional":true }, "src-escalation-score":{ "type":"number", "format":"number", "minimum":1, "maximum":1000000, "partition-visibility":"shared", "description":"Source activation score of this level", "optional":true }, "src-violation-actions":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/violation-actions", "description":"Violation actions apply due to source escalate from this level", "optional":true }, "zone-template":{ "type":"object", "properties":{ "ip-proto":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS ip-proto template" }, "encap":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "indicator-list":{ "type":"array", "minItems":1, "items":{ "type":"indicator" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}/level/{level-num}/indicator/{type}", "array":[ { "properties":{ "type":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'pkt-rate': rate of incoming packets; 'pkt-drop-rate': rate of packets got dropped; 'bit-rate': rate of incoming bits; 'pkt-drop-ratio': ratio of incoming packet rate divided by the rate of dropping packets; 'bytes-to-bytes-from-ratio': ratio of incoming packet rate divided by the rate of outgoing packets; 'frag-rate': rate of incoming fragmented packets; 'cpu-utilization': average data CPU utilization; 'interface-utilization': outside interface utilization; ", "enum":[ "pkt-rate", "pkt-drop-rate", "bit-rate", "pkt-drop-ratio", "bytes-to-bytes-from-ratio", "frag-rate", "cpu-utilization", "interface-utilization" ], "optional":false }, "data-packet-size":{ "type":"number", "format":"number", "minimum":1, "maximum":1500, "partition-visibility":"shared", "description":"Expected minimal data size", "optional":true }, "score":{ "type":"number", "format":"number", "minimum":1, "maximum":1000000, "partition-visibility":"shared", "description":"Score corresponding to the indicator", "optional":true }, "src-threshold-num":{ "type":"number", "format":"number", "minimum":1, "maximum":2147483647, "partition-visibility":"shared", "description":"Indicator per-src threshold", "optional":true }, "src-threshold-large-num":{ "type":"number", "format":"number", "minimum":1, "maximum":10995116277760, "partition-visibility":"shared", "description":"Indicator per-src threshold", "optional":true }, "src-threshold-str":{ "type":"string", "format":"string", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"Indicator per-src threshold (Non-zero floating point)", "optional":true }, "src-violation-actions":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/violation-actions", "description":"Violation actions to use when this src indicator threshold reaches", "optional":true }, "zone-threshold-num":{ "type":"number", "format":"number", "minimum":1, "maximum":2147483647, "partition-visibility":"shared", "description":"Threshold for the entire zone", "optional":true }, "zone-threshold-large-num":{ "type":"number", "format":"number", "minimum":1, "maximum":10995116277760, "partition-visibility":"shared", "description":"Threshold for the entire zone", "optional":true }, "zone-threshold-str":{ "type":"string", "format":"string", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"Threshold for the entire zone (Non-zero floating point)", "optional":true }, "zone-violation-actions":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/violation-actions", "description":"Violation actions to use when this zone indicator threshold reaches", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "type" ] } ] } }, "required":[ "level-num" ] } ] }, "manual-mode-list":{ "type":"array", "minItems":1, "items":{ "type":"manual-mode" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}/manual-mode/{config}", "array":[ { "properties":{ "config":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'configuration': Manual-mode configuration; ", "enum":[ "configuration" ], "optional":false }, "src-default-glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "glid-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'drop': Drop packets for glid exceed (Default); 'blacklist-src': Blacklist-src for glid exceed; 'ignore': Do nothing for glid exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ], "optional":true }, "zone-template":{ "type":"object", "properties":{ "ip-proto":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS ip-proto template" }, "encap":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "config" ] } ] }, "port-ind":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}/port-ind", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" }, "sampling-enable":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "counters1":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'all': all; 'ip-proto-type': IP Protocol Type; 'ddet_ind_pkt_rate_current': Pkt Rate Current; 'ddet_ind_pkt_rate_min': Pkt Rate Min; 'ddet_ind_pkt_rate_max': Pkt Rate Max; 'ddet_ind_pkt_rate_adaptive_threshold': Pkt Rate Adaptive Threshold; 'ddet_ind_pkt_drop_rate_current': Pkt Drop Rate Current; 'ddet_ind_pkt_drop_rate_min': Pkt Drop Rate Min; 'ddet_ind_pkt_drop_rate_max': Pkt Drop Rate Max; 'ddet_ind_pkt_drop_rate_adaptive_threshold': Pkt Drop Rate Adaptive Threshold; 'ddet_ind_syn_rate_current': TCP SYN Rate Current; 'ddet_ind_syn_rate_min': TCP SYN Rate Min; 'ddet_ind_syn_rate_max': TCP SYN Rate Max; 'ddet_ind_syn_rate_adaptive_threshold': TCP SYN Rate Adaptive Threshold; 'ddet_ind_fin_rate_current': TCP FIN Rate Current; 'ddet_ind_fin_rate_min': TCP FIN Rate Min; 'ddet_ind_fin_rate_max': TCP FIN Rate Max; 'ddet_ind_fin_rate_adaptive_threshold': TCP FIN Rate Adaptive Threshold; 'ddet_ind_rst_rate_current': TCP RST Rate Current; 'ddet_ind_rst_rate_min': TCP RST Rate Min; 'ddet_ind_rst_rate_max': TCP RST Rate Max; 'ddet_ind_rst_rate_adaptive_threshold': TCP RST Rate Adaptive Threshold; 'ddet_ind_small_window_ack_rate_current': TCP Small Window ACK Rate Current; 'ddet_ind_small_window_ack_rate_min': TCP Small Window ACK Rate Min; 'ddet_ind_small_window_ack_rate_max': TCP Small Window ACK Rate Max; 'ddet_ind_small_window_ack_rate_adaptive_threshold': TCP Small Window ACK Rate Adaptive Threshold; 'ddet_ind_empty_ack_rate_current': TCP Empty ACK Rate Current; 'ddet_ind_empty_ack_rate_min': TCP Empty ACK Rate Min; 'ddet_ind_empty_ack_rate_max': TCP Empty ACK Rate Max; 'ddet_ind_empty_ack_rate_adaptive_threshold': TCP Empty ACK Rate Adaptive Threshold; 'ddet_ind_small_payload_rate_current': TCP Small Payload Rate Current; 'ddet_ind_small_payload_rate_min': TCP Small Payload Rate Min; 'ddet_ind_small_payload_rate_max': TCP Small Payload Rate Max; 'ddet_ind_small_payload_rate_adaptive_threshold': TCP Small Payload Rate Adaptive Threshold; 'ddet_ind_pkt_drop_ratio_current': Pkt Drop / Pkt Rcvd Current; 'ddet_ind_pkt_drop_ratio_min': Pkt Drop / Pkt Rcvd Min; 'ddet_ind_pkt_drop_ratio_max': Pkt Drop / Pkt Rcvd Max; 'ddet_ind_pkt_drop_ratio_adaptive_threshold': Pkt Drop / Pkt Rcvd Adaptive Threshold; 'ddet_ind_inb_per_outb_current': Bytes-to / Bytes-from Current; 'ddet_ind_inb_per_outb_min': Bytes-to / Bytes-from Min; 'ddet_ind_inb_per_outb_max': Bytes-to / Bytes-from Max; 'ddet_ind_inb_per_outb_adaptive_threshold': Bytes-to / Bytes-from Adaptive Threshold; 'ddet_ind_syn_per_fin_rate_current': TCP SYN Rate / FIN Rate Current; 'ddet_ind_syn_per_fin_rate_min': TCP SYN Rate / FIN Rate Min; 'ddet_ind_syn_per_fin_rate_max': TCP SYN Rate / FIN Rate Max; 'ddet_ind_syn_per_fin_rate_adaptive_threshold': TCP SYN Rate / FIN Rate Adaptive Threshold; 'ddet_ind_conn_miss_rate_current': TCP Session Miss Rate Current; 'ddet_ind_conn_miss_rate_min': TCP Session Miss Rate Min; 'ddet_ind_conn_miss_rate_max': TCP Session Miss Rate Max; 'ddet_ind_conn_miss_rate_adaptive_threshold': TCP Session Miss Rate Adaptive Threshold; 'ddet_ind_concurrent_conns_current': TCP/UDP Concurrent Sessions Current; 'ddet_ind_concurrent_conns_min': TCP/UDP Concurrent Sessions Min; 'ddet_ind_concurrent_conns_max': TCP/UDP Concurrent Sessions Max; 'ddet_ind_concurrent_conns_adaptive_threshold': TCP/UDP Concurrent Sessions Adaptive Threshold; 'ddet_ind_data_cpu_util_current': Data CPU Utilization Current; 'ddet_ind_data_cpu_util_min': Data CPU Utilization Min; 'ddet_ind_data_cpu_util_max': Data CPU Utilization Max; 'ddet_ind_data_cpu_util_adaptive_threshold': Data CPU Utilization Adaptive Threshold; 'ddet_ind_outside_intf_util_current': Outside Interface Utilization Current; 'ddet_ind_outside_intf_util_min': Outside Interface Utilization Min; 'ddet_ind_outside_intf_util_max': Outside Interface Utilization Max; 'ddet_ind_outside_intf_util_adaptive_threshold': Outside Interface Utilization Adaptive Threshold; 'ddet_ind_frag_rate_current': Frag Pkt Rate Current; 'ddet_ind_frag_rate_min': Frag Pkt Rate Min; 'ddet_ind_frag_rate_max': Frag Pkt Rate Max; 'ddet_ind_frag_rate_adaptive_threshold': Frag Pkt Rate Adaptive Threshold; 'ddet_ind_bit_rate_current': Bit Rate Current; 'ddet_ind_bit_rate_min': Bit Rate Min; 'ddet_ind_bit_rate_max': Bit Rate Max; 'ddet_ind_bit_rate_adaptive_threshold': Bit Rate Adaptive Threshold; ", "enum":[ "all", "ip-proto-type", "ddet_ind_pkt_rate_current", "ddet_ind_pkt_rate_min", "ddet_ind_pkt_rate_max", "ddet_ind_pkt_rate_adaptive_threshold", "ddet_ind_pkt_drop_rate_current", "ddet_ind_pkt_drop_rate_min", "ddet_ind_pkt_drop_rate_max", "ddet_ind_pkt_drop_rate_adaptive_threshold", "ddet_ind_syn_rate_current", "ddet_ind_syn_rate_min", "ddet_ind_syn_rate_max", "ddet_ind_syn_rate_adaptive_threshold", "ddet_ind_fin_rate_current", "ddet_ind_fin_rate_min", "ddet_ind_fin_rate_max", "ddet_ind_fin_rate_adaptive_threshold", "ddet_ind_rst_rate_current", "ddet_ind_rst_rate_min", "ddet_ind_rst_rate_max", "ddet_ind_rst_rate_adaptive_threshold", "ddet_ind_small_window_ack_rate_current", "ddet_ind_small_window_ack_rate_min", "ddet_ind_small_window_ack_rate_max", "ddet_ind_small_window_ack_rate_adaptive_threshold", "ddet_ind_empty_ack_rate_current", "ddet_ind_empty_ack_rate_min", "ddet_ind_empty_ack_rate_max", "ddet_ind_empty_ack_rate_adaptive_threshold", "ddet_ind_small_payload_rate_current", "ddet_ind_small_payload_rate_min", "ddet_ind_small_payload_rate_max", "ddet_ind_small_payload_rate_adaptive_threshold", "ddet_ind_pkt_drop_ratio_current", "ddet_ind_pkt_drop_ratio_min", "ddet_ind_pkt_drop_ratio_max", "ddet_ind_pkt_drop_ratio_adaptive_threshold", "ddet_ind_inb_per_outb_current", "ddet_ind_inb_per_outb_min", "ddet_ind_inb_per_outb_max", "ddet_ind_inb_per_outb_adaptive_threshold", "ddet_ind_syn_per_fin_rate_current", "ddet_ind_syn_per_fin_rate_min", "ddet_ind_syn_per_fin_rate_max", "ddet_ind_syn_per_fin_rate_adaptive_threshold", "ddet_ind_conn_miss_rate_current", "ddet_ind_conn_miss_rate_min", "ddet_ind_conn_miss_rate_max", "ddet_ind_conn_miss_rate_adaptive_threshold", "ddet_ind_concurrent_conns_current", "ddet_ind_concurrent_conns_min", "ddet_ind_concurrent_conns_max", "ddet_ind_concurrent_conns_adaptive_threshold", "ddet_ind_data_cpu_util_current", "ddet_ind_data_cpu_util_min", "ddet_ind_data_cpu_util_max", "ddet_ind_data_cpu_util_adaptive_threshold", "ddet_ind_outside_intf_util_current", "ddet_ind_outside_intf_util_min", "ddet_ind_outside_intf_util_max", "ddet_ind_outside_intf_util_adaptive_threshold", "ddet_ind_frag_rate_current", "ddet_ind_frag_rate_min", "ddet_ind_frag_rate_max", "ddet_ind_frag_rate_adaptive_threshold", "ddet_ind_bit_rate_current", "ddet_ind_bit_rate_min", "ddet_ind_bit_rate_max", "ddet_ind_bit_rate_adaptive_threshold" ] } } } ] } } }, "topk-sources":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}/topk-sources", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "topk-destinations":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}/topk-destinations", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "progression-tracking":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}/progression-tracking", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } } }, "required":[ "protocol-num" ] } ] }, "proto-tcp-udp-list":{ "type":"array", "minItems":1, "items":{ "type":"proto-tcp-udp" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-tcp-udp/{protocol}", "array":[ { "properties":{ "protocol":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'tcp': ip-proto tcp; 'udp': ip-proto udp; ", "enum":[ "tcp", "udp" ], "optional":false }, "deny":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Blacklist and Drop all incoming packets for this ip-proto", "optional":true }, "glid-cfg":{ "type":"object", "properties":{ "glid":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID for the whole zone" }, "glid-action":{ "type":"string", "format":"enum", "plat-neg-list":["softax-ddet"], "partition-visibility":"shared", "description":"'drop': Drop packets for glid exceed (Default); 'ignore': Do nothing for glid exceed; ", "enum":[ "drop", "ignore" ] }, "per-addr-glid":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID per address" }, "action-list":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "description":"Configure action-list to take" } } }, "drop-frag-pkt":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Drop fragmented packets", "optional":true }, "set-counter-base-val":{ "type":"number", "format":"number", "plat-neg-list":["softax-ddet"], "minimum":1, "maximum":4294967295, "partition-visibility":"shared", "description":"Set T2 counter value of current context to specified value", "optional":true }, "ip-filtering-policy":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/ip-filtering-policy", "description":"Configure IP Filter", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "ip-filtering-policy-oper":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-tcp-udp/{protocol}/ip-filtering-policy-oper", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } } }, "required":[ "protocol" ] } ] }, "proto-name-list":{ "type":"array", "minItems":1, "items":{ "type":"proto-name" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol}", "array":[ { "properties":{ "protocol":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'icmp-v4': ip-proto icmp-v4; 'icmp-v6': ip-proto icmp-v6; 'other': ip-proto other; 'gre': ip-proto gre; 'ipv4-encap': ip-proto IPv4 Encapsulation; 'ipv6-encap': ip-proto IPv6 Encapsulation; ", "enum":[ "icmp-v4", "icmp-v6", "other", "gre", "ipv4-encap", "ipv6-encap" ], "optional":false }, "manual-mode-enable":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Toggle manual mode to use fix templates", "optional":true }, "deny":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Blacklist and Drop all incoming packets for ip-proto icmp-v4", "optional":true }, "glid-cfg":{ "type":"object", "properties":{ "glid":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID for the whole zone" }, "glid-action":{ "type":"string", "format":"enum", "plat-neg-list":["softax-ddet"], "partition-visibility":"shared", "description":"'drop': Drop packets for glid exceed (Default); 'ignore': Do nothing for glid exceed; ", "enum":[ "drop", "ignore" ] }, "action-list":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "description":"Configure action-list to take" }, "per-addr-glid":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID per address" } } }, "tunnel-decap":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Enable tunnel decapsulation", "optional":true }, "key-cfg":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "key":{ "type":"string", "format":"string", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":10, "partition-visibility":"shared", "description":"Only decapsulate GRE packet with this key (Hexadecimal 0x0-0xFFFFFFFF,decimal 0-4294967295)" } } } ] }, "tunnel-rate-limit":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Enable DDOS-protection on tunnel traffic", "optional":true }, "drop-frag-pkt":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Drop fragmented packets", "optional":true }, "unlimited-dynamic-entry-count":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"No limit for maximum dynamic src entry count", "optional":true }, "max-dynamic-entry-count":{ "type":"number", "format":"number", "plat-neg-list":["softax-ddet"], "minimum":0, "maximum":2147483647, "partition-visibility":"shared", "description":"Maximum count for dynamic source zone service entry", "optional":true }, "apply-policy-on-overflow":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Enable this flag to apply overflow policy when dynamic entry count overflows", "optional":true }, "enable-top-k":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable ddos top-k source IP detection", "optional":true }, "topk-num-records":{ "type":"number", "format":"number", "minimum":1, "maximum":100, "default":20, "partition-visibility":"shared", "description":"Maximum number of records to show in topk", "optional":true }, "enable-top-k-destination":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable ddos top-k destination IP detection", "optional":true }, "topk-dst-num-records":{ "type":"number", "format":"number", "minimum":1, "maximum":100, "default":20, "partition-visibility":"shared", "description":"Maximum number of records to show in topk", "optional":true }, "set-counter-base-val":{ "type":"number", "format":"number", "plat-neg-list":["softax-ddet"], "minimum":1, "maximum":4294967295, "partition-visibility":"shared", "description":"Set T2 counter value of current context to specified value", "optional":true }, "age":{ "type":"number", "format":"number", "minimum":2, "maximum":1023, "default":5, "partition-visibility":"shared", "description":"Idle age for ip entry", "optional":true }, "enable-class-list-overflow":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Apply class-list overflow policy upon exceeding dynamic entry count specified for zone-port or class-list", "optional":true }, "faster-de-escalation":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"De-escalate faster in standalone mode", "optional":true }, "ip-filtering-policy":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/ip-filtering-policy", "description":"Configure IP Filter", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "ip-filtering-policy-oper":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol}/ip-filtering-policy-oper", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "level-list":{ "type":"array", "minItems":1, "items":{ "type":"level" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol}/level/{level-num}", "array":[ { "properties":{ "level-num":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'0': Default policy level; '1': Policy level 1; '2': Policy level 2; '3': Policy level 3; '4': Policy level 4; ", "enum":[ "0", "1", "2", "3", "4" ], "optional":false }, "src-default-glid":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "glid-action":{ "type":"string", "format":"enum", "plat-neg-list":["softax-ddet"], "partition-visibility":"shared", "description":"'drop': Drop packets for glid exceed (Default); 'blacklist-src': Blacklist-src for glid exceed; 'ignore': Do nothing for glid exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ], "optional":true }, "zone-escalation-score":{ "type":"number", "format":"number", "minimum":1, "maximum":1000000, "partition-visibility":"shared", "description":"Zone activation score of this level", "optional":true }, "zone-violation-actions":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/violation-actions", "description":"Violation actions apply due to zone escalate from this level", "optional":true }, "src-escalation-score":{ "type":"number", "format":"number", "minimum":1, "maximum":1000000, "partition-visibility":"shared", "description":"Source activation score of this level", "optional":true }, "src-violation-actions":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/violation-actions", "description":"Violation actions apply due to source escalate from this level", "optional":true }, "zone-template":{ "type":"object", "properties":{ "icmp-v4":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS icmp-v4 template" }, "icmp-v6":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS icmp-v6 template" }, "ip-proto":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS ip-proto template" }, "encap":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "indicator-list":{ "type":"array", "minItems":1, "items":{ "type":"indicator" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol}/level/{level-num}/indicator/{type}", "array":[ { "properties":{ "type":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'pkt-rate': rate of incoming packets; 'pkt-drop-rate': rate of packets got dropped; 'bit-rate': rate of incoming bits; 'pkt-drop-ratio': ratio of incoming packet rate divided by the rate of dropping packets; 'bytes-to-bytes-from-ratio': ratio of incoming packet rate divided by the rate of outgoing packets; 'frag-rate': rate of incoming fragmented packets; 'cpu-utilization': average data CPU utilization; 'interface-utilization': outside interface utilization; ", "enum":[ "pkt-rate", "pkt-drop-rate", "bit-rate", "pkt-drop-ratio", "bytes-to-bytes-from-ratio", "frag-rate", "cpu-utilization", "interface-utilization" ], "optional":false }, "data-packet-size":{ "type":"number", "format":"number", "minimum":1, "maximum":1500, "partition-visibility":"shared", "description":"Expected minimal data size", "optional":true }, "score":{ "type":"number", "format":"number", "minimum":1, "maximum":1000000, "partition-visibility":"shared", "description":"Score corresponding to the indicator", "optional":true }, "src-threshold-num":{ "type":"number", "format":"number", "minimum":1, "maximum":2147483647, "partition-visibility":"shared", "description":"Indicator per-src threshold", "optional":true }, "src-threshold-large-num":{ "type":"number", "format":"number", "minimum":1, "maximum":10995116277760, "partition-visibility":"shared", "description":"Indicator per-src threshold", "optional":true }, "src-threshold-str":{ "type":"string", "format":"string", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"Indicator per-src threshold (Non-zero floating point)", "optional":true }, "src-violation-actions":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/violation-actions", "description":"Violation actions to use when this src indicator threshold reaches", "optional":true }, "zone-threshold-num":{ "type":"number", "format":"number", "minimum":1, "maximum":2147483647, "partition-visibility":"shared", "description":"Threshold for the entire zone", "optional":true }, "zone-threshold-large-num":{ "type":"number", "format":"number", "minimum":1, "maximum":10995116277760, "partition-visibility":"shared", "description":"Threshold for the entire zone", "optional":true }, "zone-threshold-str":{ "type":"string", "format":"string", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"Threshold for the entire zone (Non-zero floating point)", "optional":true }, "zone-violation-actions":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/violation-actions", "description":"Violation actions to use when this zone indicator threshold reaches", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "type" ] } ] } }, "required":[ "level-num" ] } ] }, "manual-mode-list":{ "type":"array", "minItems":1, "items":{ "type":"manual-mode" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol}/manual-mode/{config}", "array":[ { "properties":{ "config":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'configuration': Manual-mode configuration; ", "enum":[ "configuration" ], "optional":false }, "src-default-glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "glid-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'drop': Drop packets for glid exceed (Default); 'blacklist-src': Blacklist-src for glid exceed; 'ignore': Do nothing for glid exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ], "optional":true }, "zone-template":{ "type":"object", "properties":{ "icmp-v4":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS icmp-v4 template" }, "icmp-v6":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS icmp-v6 template" }, "ip-proto":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS ip-proto template" }, "encap":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "config" ] } ] }, "src-based-policy-list":{ "type":"array", "minItems":1, "items":{ "type":"src-based-policy" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol}/src-based-policy/{src-based-policy-name}", "array":[ { "properties":{ "src-based-policy-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Specify name of the policy", "optional":false }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "policy-class-list-list":{ "type":"array", "minItems":1, "items":{ "type":"policy-class-list" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol}/src-based-policy/{src-based-policy-name}/policy-class-list/{class-list-name}", "array":[ { "properties":{ "class-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Class-list name", "optional":false }, "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "glid-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'drop': Drop packets for glid exceed (Default); 'blacklist-src': Blacklist-src for glid exceed; 'ignore': Do nothing for glid exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ], "optional":true }, "action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'bypass': Always permit for the Source to bypass all feature & limit checks; 'deny': Blacklist incoming packets for service; ", "enum":[ "bypass", "deny" ], "optional":true }, "log-enable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable logging", "optional":true }, "log-periodic":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable log periodic", "optional":true }, "max-dynamic-entry-count":{ "type":"number", "format":"number", "minimum":0, "maximum":2147483647, "partition-visibility":"shared", "description":"Maximum count for dynamic source zone service entry allowed for this class-list", "optional":true }, "zone-template":{ "type":"object", "properties":{ "logging":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS logging template" }, "icmp-v4":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS icmp-v4 template" }, "icmp-v6":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS icmp-v6 template" }, "ip-proto":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS ip-proto template" }, "encap":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "sampling-enable":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "counters1":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'all': all; 'packet_received': Packets Received; 'packet_dropped': Packets Dropped; 'entry_learned': Entry Learned; 'entry_count_overflow': Entry Count Overflow; ", "enum":[ "all", "packet_received", "packet_dropped", "entry_learned", "entry_count_overflow" ] } } } ] }, "class-list-overflow-policy-list":{ "type":"array", "minItems":1, "items":{ "type":"class-list-overflow-policy" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol}/src-based-policy/{src-based-policy-name}/policy-class-list/{class-list-name}/class-list-overflow-policy/{dummy-name}", "array":[ { "properties":{ "dummy-name":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'configuration': Configure overflow policy for class-list; ", "enum":[ "configuration" ], "optional":false }, "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'bypass': Always permit for the Source to bypass all feature & limit checks; 'deny': Blacklist incoming packets for service; ", "enum":[ "bypass", "deny" ], "optional":true }, "log-enable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable logging", "optional":true }, "log-periodic":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable log periodic", "optional":true }, "zone-template":{ "type":"object", "properties":{ "icmp-v4":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS icmp-v4 template" }, "icmp-v6":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS icmp-v6 template" }, "ip-proto":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS ip-proto template" }, "encap":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "dummy-name" ] } ] } }, "required":[ "class-list-name" ] } ] } }, "required":[ "src-based-policy-name" ] } ] }, "dynamic-entry-overflow-policy-list":{ "type":"array", "minItems":1, "items":{ "type":"dynamic-entry-overflow-policy" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol}/dynamic-entry-overflow-policy/{dummy-name}", "array":[ { "properties":{ "dummy-name":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'configuration': Configure overflow policy; ", "enum":[ "configuration" ], "optional":false }, "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'bypass': Always permit for the Source to bypass all feature & limit checks; 'deny': Blacklist incoming packets for service; ", "enum":[ "bypass", "deny" ], "optional":true }, "zone-template":{ "type":"object", "properties":{ "icmp-v4":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS icmp-v4 template" }, "icmp-v6":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS icmp-v6 template" }, "ip-proto":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS ip-proto template" }, "encap":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "dummy-name" ] } ] }, "port-ind":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol}/port-ind", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" }, "sampling-enable":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "counters1":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'all': all; 'ip-proto-type': IP Protocol Type; 'ddet_ind_pkt_rate_current': Pkt Rate Current; 'ddet_ind_pkt_rate_min': Pkt Rate Min; 'ddet_ind_pkt_rate_max': Pkt Rate Max; 'ddet_ind_pkt_rate_adaptive_threshold': Pkt Rate Adaptive Threshold; 'ddet_ind_pkt_drop_rate_current': Pkt Drop Rate Current; 'ddet_ind_pkt_drop_rate_min': Pkt Drop Rate Min; 'ddet_ind_pkt_drop_rate_max': Pkt Drop Rate Max; 'ddet_ind_pkt_drop_rate_adaptive_threshold': Pkt Drop Rate Adaptive Threshold; 'ddet_ind_syn_rate_current': TCP SYN Rate Current; 'ddet_ind_syn_rate_min': TCP SYN Rate Min; 'ddet_ind_syn_rate_max': TCP SYN Rate Max; 'ddet_ind_syn_rate_adaptive_threshold': TCP SYN Rate Adaptive Threshold; 'ddet_ind_fin_rate_current': TCP FIN Rate Current; 'ddet_ind_fin_rate_min': TCP FIN Rate Min; 'ddet_ind_fin_rate_max': TCP FIN Rate Max; 'ddet_ind_fin_rate_adaptive_threshold': TCP FIN Rate Adaptive Threshold; 'ddet_ind_rst_rate_current': TCP RST Rate Current; 'ddet_ind_rst_rate_min': TCP RST Rate Min; 'ddet_ind_rst_rate_max': TCP RST Rate Max; 'ddet_ind_rst_rate_adaptive_threshold': TCP RST Rate Adaptive Threshold; 'ddet_ind_small_window_ack_rate_current': TCP Small Window ACK Rate Current; 'ddet_ind_small_window_ack_rate_min': TCP Small Window ACK Rate Min; 'ddet_ind_small_window_ack_rate_max': TCP Small Window ACK Rate Max; 'ddet_ind_small_window_ack_rate_adaptive_threshold': TCP Small Window ACK Rate Adaptive Threshold; 'ddet_ind_empty_ack_rate_current': TCP Empty ACK Rate Current; 'ddet_ind_empty_ack_rate_min': TCP Empty ACK Rate Min; 'ddet_ind_empty_ack_rate_max': TCP Empty ACK Rate Max; 'ddet_ind_empty_ack_rate_adaptive_threshold': TCP Empty ACK Rate Adaptive Threshold; 'ddet_ind_small_payload_rate_current': TCP Small Payload Rate Current; 'ddet_ind_small_payload_rate_min': TCP Small Payload Rate Min; 'ddet_ind_small_payload_rate_max': TCP Small Payload Rate Max; 'ddet_ind_small_payload_rate_adaptive_threshold': TCP Small Payload Rate Adaptive Threshold; 'ddet_ind_pkt_drop_ratio_current': Pkt Drop / Pkt Rcvd Current; 'ddet_ind_pkt_drop_ratio_min': Pkt Drop / Pkt Rcvd Min; 'ddet_ind_pkt_drop_ratio_max': Pkt Drop / Pkt Rcvd Max; 'ddet_ind_pkt_drop_ratio_adaptive_threshold': Pkt Drop / Pkt Rcvd Adaptive Threshold; 'ddet_ind_inb_per_outb_current': Bytes-to / Bytes-from Current; 'ddet_ind_inb_per_outb_min': Bytes-to / Bytes-from Min; 'ddet_ind_inb_per_outb_max': Bytes-to / Bytes-from Max; 'ddet_ind_inb_per_outb_adaptive_threshold': Bytes-to / Bytes-from Adaptive Threshold; 'ddet_ind_syn_per_fin_rate_current': TCP SYN Rate / FIN Rate Current; 'ddet_ind_syn_per_fin_rate_min': TCP SYN Rate / FIN Rate Min; 'ddet_ind_syn_per_fin_rate_max': TCP SYN Rate / FIN Rate Max; 'ddet_ind_syn_per_fin_rate_adaptive_threshold': TCP SYN Rate / FIN Rate Adaptive Threshold; 'ddet_ind_conn_miss_rate_current': TCP Session Miss Rate Current; 'ddet_ind_conn_miss_rate_min': TCP Session Miss Rate Min; 'ddet_ind_conn_miss_rate_max': TCP Session Miss Rate Max; 'ddet_ind_conn_miss_rate_adaptive_threshold': TCP Session Miss Rate Adaptive Threshold; 'ddet_ind_concurrent_conns_current': TCP/UDP Concurrent Sessions Current; 'ddet_ind_concurrent_conns_min': TCP/UDP Concurrent Sessions Min; 'ddet_ind_concurrent_conns_max': TCP/UDP Concurrent Sessions Max; 'ddet_ind_concurrent_conns_adaptive_threshold': TCP/UDP Concurrent Sessions Adaptive Threshold; 'ddet_ind_data_cpu_util_current': Data CPU Utilization Current; 'ddet_ind_data_cpu_util_min': Data CPU Utilization Min; 'ddet_ind_data_cpu_util_max': Data CPU Utilization Max; 'ddet_ind_data_cpu_util_adaptive_threshold': Data CPU Utilization Adaptive Threshold; 'ddet_ind_outside_intf_util_current': Outside Interface Utilization Current; 'ddet_ind_outside_intf_util_min': Outside Interface Utilization Min; 'ddet_ind_outside_intf_util_max': Outside Interface Utilization Max; 'ddet_ind_outside_intf_util_adaptive_threshold': Outside Interface Utilization Adaptive Threshold; 'ddet_ind_frag_rate_current': Frag Pkt Rate Current; 'ddet_ind_frag_rate_min': Frag Pkt Rate Min; 'ddet_ind_frag_rate_max': Frag Pkt Rate Max; 'ddet_ind_frag_rate_adaptive_threshold': Frag Pkt Rate Adaptive Threshold; 'ddet_ind_bit_rate_current': Bit Rate Current; 'ddet_ind_bit_rate_min': Bit Rate Min; 'ddet_ind_bit_rate_max': Bit Rate Max; 'ddet_ind_bit_rate_adaptive_threshold': Bit Rate Adaptive Threshold; ", "enum":[ "all", "ip-proto-type", "ddet_ind_pkt_rate_current", "ddet_ind_pkt_rate_min", "ddet_ind_pkt_rate_max", "ddet_ind_pkt_rate_adaptive_threshold", "ddet_ind_pkt_drop_rate_current", "ddet_ind_pkt_drop_rate_min", "ddet_ind_pkt_drop_rate_max", "ddet_ind_pkt_drop_rate_adaptive_threshold", "ddet_ind_syn_rate_current", "ddet_ind_syn_rate_min", "ddet_ind_syn_rate_max", "ddet_ind_syn_rate_adaptive_threshold", "ddet_ind_fin_rate_current", "ddet_ind_fin_rate_min", "ddet_ind_fin_rate_max", "ddet_ind_fin_rate_adaptive_threshold", "ddet_ind_rst_rate_current", "ddet_ind_rst_rate_min", "ddet_ind_rst_rate_max", "ddet_ind_rst_rate_adaptive_threshold", "ddet_ind_small_window_ack_rate_current", "ddet_ind_small_window_ack_rate_min", "ddet_ind_small_window_ack_rate_max", "ddet_ind_small_window_ack_rate_adaptive_threshold", "ddet_ind_empty_ack_rate_current", "ddet_ind_empty_ack_rate_min", "ddet_ind_empty_ack_rate_max", "ddet_ind_empty_ack_rate_adaptive_threshold", "ddet_ind_small_payload_rate_current", "ddet_ind_small_payload_rate_min", "ddet_ind_small_payload_rate_max", "ddet_ind_small_payload_rate_adaptive_threshold", "ddet_ind_pkt_drop_ratio_current", "ddet_ind_pkt_drop_ratio_min", "ddet_ind_pkt_drop_ratio_max", "ddet_ind_pkt_drop_ratio_adaptive_threshold", "ddet_ind_inb_per_outb_current", "ddet_ind_inb_per_outb_min", "ddet_ind_inb_per_outb_max", "ddet_ind_inb_per_outb_adaptive_threshold", "ddet_ind_syn_per_fin_rate_current", "ddet_ind_syn_per_fin_rate_min", "ddet_ind_syn_per_fin_rate_max", "ddet_ind_syn_per_fin_rate_adaptive_threshold", "ddet_ind_conn_miss_rate_current", "ddet_ind_conn_miss_rate_min", "ddet_ind_conn_miss_rate_max", "ddet_ind_conn_miss_rate_adaptive_threshold", "ddet_ind_concurrent_conns_current", "ddet_ind_concurrent_conns_min", "ddet_ind_concurrent_conns_max", "ddet_ind_concurrent_conns_adaptive_threshold", "ddet_ind_data_cpu_util_current", "ddet_ind_data_cpu_util_min", "ddet_ind_data_cpu_util_max", "ddet_ind_data_cpu_util_adaptive_threshold", "ddet_ind_outside_intf_util_current", "ddet_ind_outside_intf_util_min", "ddet_ind_outside_intf_util_max", "ddet_ind_outside_intf_util_adaptive_threshold", "ddet_ind_frag_rate_current", "ddet_ind_frag_rate_min", "ddet_ind_frag_rate_max", "ddet_ind_frag_rate_adaptive_threshold", "ddet_ind_bit_rate_current", "ddet_ind_bit_rate_min", "ddet_ind_bit_rate_max", "ddet_ind_bit_rate_adaptive_threshold" ] } } } ] } } }, "topk-sources":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol}/topk-sources", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "progression-tracking":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol}/progression-tracking", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "topk-destinations":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol}/topk-destinations", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } } }, "required":[ "protocol" ] } ] } } }, "port":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port", "properties":{ "zone-service-list":{ "type":"array", "minItems":1, "items":{ "type":"zone-service" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}", "array":[ { "properties":{ "port-num":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Port Number", "optional":false }, "protocol":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'dns-tcp': DNS-TCP Port; 'dns-udp': DNS-UDP Port; 'http': HTTP Port; 'tcp': TCP Port; 'udp': UDP Port; 'ssl-l4': SSL-L4 Port; 'sip-udp': SIP-UDP Port; 'sip-tcp': SIP-TCP Port; 'quic': QUIC Port; ", "enum":[ "dns-tcp", "dns-udp", "http", "tcp", "udp", "ssl-l4", "sip-udp", "sip-tcp", "quic" ], "optional":false }, "manual-mode-enable":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Toggle manual mode to use fix templates", "optional":true }, "deny":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Blacklist and Drop all incoming packets for protocol", "optional":true }, "glid-cfg":{ "type":"object", "properties":{ "glid":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID for the whole zone" }, "glid-action":{ "type":"string", "format":"enum", "plat-neg-list":["softax-ddet"], "partition-visibility":"shared", "description":"'drop': Drop packets for glid exceed (Default if default-action-list is not configured); 'ignore': Do nothing for glid exceed; ", "enum":[ "drop", "ignore" ] }, "action-list":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "description":"Configure action-list to take" }, "per-addr-glid":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID per address" } } }, "stateful":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Enable stateful tracking of sessions (Default is stateless)", "optional":true }, "default-action-list":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "description":"Configure default-action-list", "optional":true }, "sflow-common":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "not-list":[ "sflow-packets", "sflow-tcp-basic", "sflow-tcp-stateful", "sflow-http" ], "description":"Enable all sFlow polling options under this zone port", "optional":true }, "sflow-packets":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "not":"sflow-common", "description":"Enable sFlow packet-level counter polling", "optional":true }, "sflow-tcp":{ "type":"object", "properties":{ "sflow-tcp-basic":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "not":"sflow-common", "description":"Enable sFlow basic TCP counter polling" }, "sflow-tcp-stateful":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "not":"sflow-common", "description":"Enable sFlow stateful TCP counter polling" } } }, "sflow-http":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "not":"sflow-common", "description":"Enable sFlow HTTP counter polling", "optional":true }, "unlimited-dynamic-entry-count":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"No limit for maximum dynamic src entry count", "optional":true }, "max-dynamic-entry-count":{ "type":"number", "format":"number", "plat-neg-list":["softax-ddet"], "minimum":0, "maximum":2147483647, "partition-visibility":"shared", "description":"Maximum count for dynamic source zone service entry", "optional":true }, "apply-policy-on-overflow":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Enable this flag to apply overflow policy when dynamic entry count overflows", "optional":true }, "enable-class-list-overflow":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Apply class-list overflow policy upon exceeding dynamic entry count specified for zone-port or class-list", "optional":true }, "age":{ "type":"number", "format":"number", "minimum":2, "maximum":1023, "default":5, "partition-visibility":"shared", "description":"Idle age for ip entry", "optional":true }, "enable-top-k":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable ddos top-k source IP detection", "optional":true }, "topk-num-records":{ "type":"number", "format":"number", "minimum":1, "maximum":100, "default":20, "partition-visibility":"shared", "description":"Maximum number of records to show in topk", "optional":true }, "enable-top-k-destination":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable ddos top-k destination IP detection", "optional":true }, "topk-dst-num-records":{ "type":"number", "format":"number", "minimum":1, "maximum":100, "default":20, "partition-visibility":"shared", "description":"Maximum number of records to show in topk", "optional":true }, "capture-config":{ "type":"object", "properties":{ "capture-config-name":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"Capture-config name" }, "capture-config-mode":{ "type":"string", "format":"enum", "plat-neg-list":["softax-ddet"], "partition-visibility":"shared", "description":"'drop': Apply capture-config to dropped packets; 'forward': Apply capture-config to forwarded packets; 'all': Apply capture-config to both dropped and forwarded packets; ", "enum":[ "drop", "forward", "all" ] } } }, "set-counter-base-val":{ "type":"number", "format":"number", "plat-neg-list":["softax-ddet"], "minimum":1, "maximum":4294967295, "partition-visibility":"shared", "description":"Set T2 counter value of current context to specified value", "optional":true }, "outbound-only":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Only allow outbound traffic", "optional":true }, "faster-de-escalation":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"De-escalate faster in standalone mode", "optional":true }, "ip-filtering-policy":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/ip-filtering-policy", "description":"Configure IP Filter", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "signature-extraction":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/signature-extraction", "properties":{ "algorithm":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'heuristic': heuristic algorithm; ", "enum":[ "heuristic" ] }, "manual-mode":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable manual mode" }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "pattern-recognition":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/pattern-recognition", "properties":{ "algorithm":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'heuristic': heuristic algorithm; ", "enum":[ "heuristic" ] }, "mode":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'capture-never-expire': War-time capture without rate exceeding and never expires; 'manual': Manual mode; ", "enum":[ "capture-never-expire", "manual" ] }, "sensitivity":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'high': High Sensitivity; 'medium': Medium Sensitivity; 'low': Low Sensitivity; ", "enum":[ "high", "medium", "low" ] }, "filter-threshold":{ "type":"number", "format":"number", "minimum":0, "maximum":100, "partition-visibility":"shared", "description":"Extracted filter threshold" }, "filter-inactive-threshold":{ "type":"number", "format":"number", "minimum":5, "maximum":255, "partition-visibility":"shared", "description":"Extracted filter inactive threshold" }, "triggered-by":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'zone-escalation': Zone escalation trigger pattern recognition; 'packet-rate-exceeds': Packet rate limit exceeds trigger pattern recognition (default); ", "enum":[ "zone-escalation", "packet-rate-exceeds" ] }, "capture-traffic":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'all': Capture all packets; 'dropped': Capture dropped packets (default); ", "enum":[ "all", "dropped" ] }, "app-payload-offset":{ "type":"number", "format":"number", "minimum":0, "maximum":1500, "default":0, "partition-visibility":"shared", "description":"Set offset of the payload" }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "pattern-recognition-pu-details":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/pattern-recognition-pu-details", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "ip-filtering-policy-oper":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/ip-filtering-policy-oper", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "level-list":{ "type":"array", "minItems":1, "items":{ "type":"level" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/level/{level-num}", "array":[ { "properties":{ "level-num":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'0': Default policy level; '1': Policy level 1; '2': Policy level 2; '3': Policy level 3; '4': Policy level 4; ", "enum":[ "0", "1", "2", "3", "4" ], "optional":false }, "src-default-glid":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "glid-action":{ "type":"string", "format":"enum", "plat-neg-list":["softax-ddet"], "partition-visibility":"shared", "description":"'drop': Drop packets for glid exceed (Default); 'blacklist-src': Blacklist-src for glid exceed; 'ignore': Do nothing for glid exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ], "optional":true }, "zone-escalation-score":{ "type":"number", "format":"number", "minimum":1, "maximum":1000000, "partition-visibility":"shared", "description":"Zone activation score of this level", "optional":true }, "zone-violation-actions":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/violation-actions", "description":"Violation actions apply due to zone escalate from this level", "optional":true }, "src-escalation-score":{ "type":"number", "format":"number", "minimum":1, "maximum":1000000, "partition-visibility":"shared", "description":"Source activation score of this level", "optional":true }, "src-violation-actions":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/violation-actions", "description":"Violation actions apply due to source escalate from this level", "optional":true }, "zone-template":{ "type":"object", "properties":{ "quic":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS quic template" }, "dns":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS dns template" }, "http":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS http template" }, "ssl-l4":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS ssl-l4 template" }, "sip":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS sip template" }, "tcp":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS tcp template" }, "udp":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS udp template" }, "encap":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)" } } }, "close-sessions-for-unauth-sources":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Close session for unauthenticated sources", "optional":true }, "start-signature-extraction":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Start signature extraction from this level", "optional":true }, "start-pattern-recognition":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Start pattern recognition from this level", "optional":true }, "apply-extracted-filters":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Apply extracted filters from this level", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "indicator-list":{ "type":"array", "minItems":1, "items":{ "type":"indicator" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/level/{level-num}/indicator/{type}", "array":[ { "properties":{ "type":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'pkt-rate': rate of incoming packets; 'pkt-drop-rate': rate of packets got dropped; 'bit-rate': rate of incoming bits; 'pkt-drop-ratio': ratio of incoming packet rate divided by the rate of dropping packets; 'bytes-to-bytes-from-ratio': ratio of incoming packet rate divided by the rate of outgoing packets; 'concurrent-conns': number of concurrent connections; 'conn-miss-rate': rate of incoming packets for which no previously established connection exists; 'syn-rate': rate on incoming SYN packets; 'fin-rate': rate on incoming FIN packets; 'rst-rate': rate of incoming RST packets; 'small-window-ack-rate': rate of small window advertisement; 'empty-ack-rate': rate of incoming packets which have no payload; 'small-payload-rate': rate of short payload packet; 'syn-fin-ratio': ratio of incoming SYN packet rate divided by the rate of incoming FIN packets; 'cpu-utilization': average data CPU utilization; 'interface-utilization': outside interface utilization; ", "enum":[ "pkt-rate", "pkt-drop-rate", "bit-rate", "pkt-drop-ratio", "bytes-to-bytes-from-ratio", "concurrent-conns", "conn-miss-rate", "syn-rate", "fin-rate", "rst-rate", "small-window-ack-rate", "empty-ack-rate", "small-payload-rate", "syn-fin-ratio", "cpu-utilization", "interface-utilization" ], "optional":false }, "tcp-window-size":{ "type":"number", "format":"number", "minimum":1, "maximum":500, "partition-visibility":"shared", "description":"Expected minimal window size", "optional":true }, "data-packet-size":{ "type":"number", "format":"number", "minimum":1, "maximum":1500, "partition-visibility":"shared", "description":"Expected minimal data size", "optional":true }, "score":{ "type":"number", "format":"number", "minimum":1, "maximum":1000000, "partition-visibility":"shared", "description":"Score corresponding to the indicator", "optional":true }, "src-threshold-num":{ "type":"number", "format":"number", "minimum":1, "maximum":2147483647, "partition-visibility":"shared", "description":"Indicator per-src threshold", "optional":true }, "src-threshold-large-num":{ "type":"number", "format":"number", "minimum":1, "maximum":10995116277760, "partition-visibility":"shared", "description":"Indicator per-src threshold", "optional":true }, "src-threshold-str":{ "type":"string", "format":"string", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"Indicator per-src threshold (Non-zero floating point)", "optional":true }, "src-violation-actions":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/violation-actions", "description":"Violation actions to use when this src indicator threshold reaches", "optional":true }, "zone-threshold-large-num":{ "type":"number", "format":"number", "minimum":1, "maximum":10995116277760, "partition-visibility":"shared", "description":"Threshold for the entire zone", "optional":true }, "zone-threshold-num":{ "type":"number", "format":"number", "minimum":1, "maximum":2147483647, "partition-visibility":"shared", "description":"Threshold for the entire zone", "optional":true }, "zone-threshold-str":{ "type":"string", "format":"string", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"Threshold for the entire zone (Non-zero floating point)", "optional":true }, "zone-violation-actions":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/violation-actions", "description":"Violation actions to use when this zone indicator threshold reaches", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "type" ] } ] } }, "required":[ "level-num" ] } ] }, "manual-mode-list":{ "type":"array", "minItems":1, "items":{ "type":"manual-mode" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/manual-mode/{config}", "array":[ { "properties":{ "config":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'configuration': Manual-mode configuration; ", "enum":[ "configuration" ], "optional":false }, "src-default-glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "glid-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'drop': Drop packets for glid exceed (Default); 'blacklist-src': Blacklist-src for glid exceed; 'ignore': Do nothing for glid exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ], "optional":true }, "zone-template":{ "type":"object", "properties":{ "quic":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS quic template" }, "dns":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS dns template" }, "http":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS http template" }, "ssl-l4":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS ssl-l4 template" }, "sip":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS sip template" }, "tcp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS tcp template" }, "udp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS udp template" }, "encap":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)" } } }, "close-sessions-for-unauth-sources":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Close session for unauthenticated sources", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "config" ] } ] }, "ips":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/ips", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" }, "sampling-enable":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "counters1":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'all': all; 'ips_matched_total': IPS Matched Total; 'ips_matched_action_pass': IPS Matched Action Pass; 'ips_matched_action_drop': IPS Matched Action Drop; 'ips_matched_action_blacklist': IPS Matched Action Blacklist; 'ips_matched_severity_high': IPS Matched Severity High; 'ips_matched_severity_medium': IPS Matched Severity Medium; 'ips_matched_severity_low': IPS Matched Severity Low; 'src_ips_matched_action_pass': Src IPS Matched Action Pass; 'src_ips_matched_action_drop': Src IPS Matched Action Drop; 'src_ips_matched_action_blacklist': Src IPS Matched Action Blacklist; 'src_ips_matched_severity_high': Src IPS Matched Severity High; 'src_ips_matched_severity_medium': Src IPS Matched Severity Medium; 'src_ips_matched_severity_low': Src IPS Matched Severity Low; ", "enum":[ "all", "ips_matched_total", "ips_matched_action_pass", "ips_matched_action_drop", "ips_matched_action_blacklist", "ips_matched_severity_high", "ips_matched_severity_medium", "ips_matched_severity_low", "src_ips_matched_action_pass", "src_ips_matched_action_drop", "src_ips_matched_action_blacklist", "src_ips_matched_severity_high", "src_ips_matched_severity_medium", "src_ips_matched_severity_low" ] } } } ] } } }, "port-ind":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/port-ind", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" }, "sampling-enable":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "counters1":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'all': all; 'ip-proto-type': IP Protocol Type; 'ddet_ind_pkt_rate_current': Pkt Rate Current; 'ddet_ind_pkt_rate_min': Pkt Rate Min; 'ddet_ind_pkt_rate_max': Pkt Rate Max; 'ddet_ind_pkt_rate_adaptive_threshold': Pkt Rate Adaptive Threshold; 'ddet_ind_pkt_drop_rate_current': Pkt Drop Rate Current; 'ddet_ind_pkt_drop_rate_min': Pkt Drop Rate Min; 'ddet_ind_pkt_drop_rate_max': Pkt Drop Rate Max; 'ddet_ind_pkt_drop_rate_adaptive_threshold': Pkt Drop Rate Adaptive Threshold; 'ddet_ind_syn_rate_current': TCP SYN Rate Current; 'ddet_ind_syn_rate_min': TCP SYN Rate Min; 'ddet_ind_syn_rate_max': TCP SYN Rate Max; 'ddet_ind_syn_rate_adaptive_threshold': TCP SYN Rate Adaptive Threshold; 'ddet_ind_fin_rate_current': TCP FIN Rate Current; 'ddet_ind_fin_rate_min': TCP FIN Rate Min; 'ddet_ind_fin_rate_max': TCP FIN Rate Max; 'ddet_ind_fin_rate_adaptive_threshold': TCP FIN Rate Adaptive Threshold; 'ddet_ind_rst_rate_current': TCP RST Rate Current; 'ddet_ind_rst_rate_min': TCP RST Rate Min; 'ddet_ind_rst_rate_max': TCP RST Rate Max; 'ddet_ind_rst_rate_adaptive_threshold': TCP RST Rate Adaptive Threshold; 'ddet_ind_small_window_ack_rate_current': TCP Small Window ACK Rate Current; 'ddet_ind_small_window_ack_rate_min': TCP Small Window ACK Rate Min; 'ddet_ind_small_window_ack_rate_max': TCP Small Window ACK Rate Max; 'ddet_ind_small_window_ack_rate_adaptive_threshold': TCP Small Window ACK Rate Adaptive Threshold; 'ddet_ind_empty_ack_rate_current': TCP Empty ACK Rate Current; 'ddet_ind_empty_ack_rate_min': TCP Empty ACK Rate Min; 'ddet_ind_empty_ack_rate_max': TCP Empty ACK Rate Max; 'ddet_ind_empty_ack_rate_adaptive_threshold': TCP Empty ACK Rate Adaptive Threshold; 'ddet_ind_small_payload_rate_current': TCP Small Payload Rate Current; 'ddet_ind_small_payload_rate_min': TCP Small Payload Rate Min; 'ddet_ind_small_payload_rate_max': TCP Small Payload Rate Max; 'ddet_ind_small_payload_rate_adaptive_threshold': TCP Small Payload Rate Adaptive Threshold; 'ddet_ind_pkt_drop_ratio_current': Pkt Drop / Pkt Rcvd Current; 'ddet_ind_pkt_drop_ratio_min': Pkt Drop / Pkt Rcvd Min; 'ddet_ind_pkt_drop_ratio_max': Pkt Drop / Pkt Rcvd Max; 'ddet_ind_pkt_drop_ratio_adaptive_threshold': Pkt Drop / Pkt Rcvd Adaptive Threshold; 'ddet_ind_inb_per_outb_current': Bytes-to / Bytes-from Current; 'ddet_ind_inb_per_outb_min': Bytes-to / Bytes-from Min; 'ddet_ind_inb_per_outb_max': Bytes-to / Bytes-from Max; 'ddet_ind_inb_per_outb_adaptive_threshold': Bytes-to / Bytes-from Adaptive Threshold; 'ddet_ind_syn_per_fin_rate_current': TCP SYN Rate / FIN Rate Current; 'ddet_ind_syn_per_fin_rate_min': TCP SYN Rate / FIN Rate Min; 'ddet_ind_syn_per_fin_rate_max': TCP SYN Rate / FIN Rate Max; 'ddet_ind_syn_per_fin_rate_adaptive_threshold': TCP SYN Rate / FIN Rate Adaptive Threshold; 'ddet_ind_conn_miss_rate_current': TCP Session Miss Rate Current; 'ddet_ind_conn_miss_rate_min': TCP Session Miss Rate Min; 'ddet_ind_conn_miss_rate_max': TCP Session Miss Rate Max; 'ddet_ind_conn_miss_rate_adaptive_threshold': TCP Session Miss Rate Adaptive Threshold; 'ddet_ind_concurrent_conns_current': TCP/UDP Concurrent Sessions Current; 'ddet_ind_concurrent_conns_min': TCP/UDP Concurrent Sessions Min; 'ddet_ind_concurrent_conns_max': TCP/UDP Concurrent Sessions Max; 'ddet_ind_concurrent_conns_adaptive_threshold': TCP/UDP Concurrent Sessions Adaptive Threshold; 'ddet_ind_data_cpu_util_current': Data CPU Utilization Current; 'ddet_ind_data_cpu_util_min': Data CPU Utilization Min; 'ddet_ind_data_cpu_util_max': Data CPU Utilization Max; 'ddet_ind_data_cpu_util_adaptive_threshold': Data CPU Utilization Adaptive Threshold; 'ddet_ind_outside_intf_util_current': Outside Interface Utilization Current; 'ddet_ind_outside_intf_util_min': Outside Interface Utilization Min; 'ddet_ind_outside_intf_util_max': Outside Interface Utilization Max; 'ddet_ind_outside_intf_util_adaptive_threshold': Outside Interface Utilization Adaptive Threshold; 'ddet_ind_frag_rate_current': Frag Pkt Rate Current; 'ddet_ind_frag_rate_min': Frag Pkt Rate Min; 'ddet_ind_frag_rate_max': Frag Pkt Rate Max; 'ddet_ind_frag_rate_adaptive_threshold': Frag Pkt Rate Adaptive Threshold; 'ddet_ind_bit_rate_current': Bit Rate Current; 'ddet_ind_bit_rate_min': Bit Rate Min; 'ddet_ind_bit_rate_max': Bit Rate Max; 'ddet_ind_bit_rate_adaptive_threshold': Bit Rate Adaptive Threshold; ", "enum":[ "all", "ip-proto-type", "ddet_ind_pkt_rate_current", "ddet_ind_pkt_rate_min", "ddet_ind_pkt_rate_max", "ddet_ind_pkt_rate_adaptive_threshold", "ddet_ind_pkt_drop_rate_current", "ddet_ind_pkt_drop_rate_min", "ddet_ind_pkt_drop_rate_max", "ddet_ind_pkt_drop_rate_adaptive_threshold", "ddet_ind_syn_rate_current", "ddet_ind_syn_rate_min", "ddet_ind_syn_rate_max", "ddet_ind_syn_rate_adaptive_threshold", "ddet_ind_fin_rate_current", "ddet_ind_fin_rate_min", "ddet_ind_fin_rate_max", "ddet_ind_fin_rate_adaptive_threshold", "ddet_ind_rst_rate_current", "ddet_ind_rst_rate_min", "ddet_ind_rst_rate_max", "ddet_ind_rst_rate_adaptive_threshold", "ddet_ind_small_window_ack_rate_current", "ddet_ind_small_window_ack_rate_min", "ddet_ind_small_window_ack_rate_max", "ddet_ind_small_window_ack_rate_adaptive_threshold", "ddet_ind_empty_ack_rate_current", "ddet_ind_empty_ack_rate_min", "ddet_ind_empty_ack_rate_max", "ddet_ind_empty_ack_rate_adaptive_threshold", "ddet_ind_small_payload_rate_current", "ddet_ind_small_payload_rate_min", "ddet_ind_small_payload_rate_max", "ddet_ind_small_payload_rate_adaptive_threshold", "ddet_ind_pkt_drop_ratio_current", "ddet_ind_pkt_drop_ratio_min", "ddet_ind_pkt_drop_ratio_max", "ddet_ind_pkt_drop_ratio_adaptive_threshold", "ddet_ind_inb_per_outb_current", "ddet_ind_inb_per_outb_min", "ddet_ind_inb_per_outb_max", "ddet_ind_inb_per_outb_adaptive_threshold", "ddet_ind_syn_per_fin_rate_current", "ddet_ind_syn_per_fin_rate_min", "ddet_ind_syn_per_fin_rate_max", "ddet_ind_syn_per_fin_rate_adaptive_threshold", "ddet_ind_conn_miss_rate_current", "ddet_ind_conn_miss_rate_min", "ddet_ind_conn_miss_rate_max", "ddet_ind_conn_miss_rate_adaptive_threshold", "ddet_ind_concurrent_conns_current", "ddet_ind_concurrent_conns_min", "ddet_ind_concurrent_conns_max", "ddet_ind_concurrent_conns_adaptive_threshold", "ddet_ind_data_cpu_util_current", "ddet_ind_data_cpu_util_min", "ddet_ind_data_cpu_util_max", "ddet_ind_data_cpu_util_adaptive_threshold", "ddet_ind_outside_intf_util_current", "ddet_ind_outside_intf_util_min", "ddet_ind_outside_intf_util_max", "ddet_ind_outside_intf_util_adaptive_threshold", "ddet_ind_frag_rate_current", "ddet_ind_frag_rate_min", "ddet_ind_frag_rate_max", "ddet_ind_frag_rate_adaptive_threshold", "ddet_ind_bit_rate_current", "ddet_ind_bit_rate_min", "ddet_ind_bit_rate_max", "ddet_ind_bit_rate_adaptive_threshold" ] } } } ] } } }, "topk-sources":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/topk-sources", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "progression-tracking":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/progression-tracking", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "topk-destinations":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/topk-destinations", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "src-based-policy-list":{ "type":"array", "minItems":1, "items":{ "type":"src-based-policy" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/src-based-policy/{src-based-policy-name}", "array":[ { "properties":{ "src-based-policy-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Specify name of the policy", "optional":false }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "policy-class-list-list":{ "type":"array", "minItems":1, "items":{ "type":"policy-class-list" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/src-based-policy/{src-based-policy-name}/policy-class-list/{class-list-name}", "array":[ { "properties":{ "class-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Class-list name", "optional":false }, "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "glid-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'drop': Drop packets for glid exceed (Default); 'blacklist-src': Blacklist-src for glid exceed; 'ignore': Do nothing for glid exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ], "optional":true }, "action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'bypass': Always permit for the Source to bypass all feature & limit checks; 'deny': Blacklist incoming packets for service; ", "enum":[ "bypass", "deny" ], "optional":true }, "log-enable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable logging", "optional":true }, "log-periodic":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable log periodic", "optional":true }, "max-dynamic-entry-count":{ "type":"number", "format":"number", "minimum":0, "maximum":2147483647, "partition-visibility":"shared", "description":"Maximum count for dynamic source zone service entry allowed for this class-list", "optional":true }, "zone-template":{ "type":"object", "properties":{ "quic":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS quic template" }, "dns":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS dns template" }, "http":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS http template" }, "ssl-l4":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS ssl-l4 template" }, "sip":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS sip template" }, "tcp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS tcp template" }, "udp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS udp template" }, "encap":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)" }, "logging":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS logging template" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "sampling-enable":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "counters1":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'all': all; 'packet_received': Packets Received; 'packet_dropped': Packets Dropped; 'entry_learned': Entry Learned; 'entry_count_overflow': Entry Count Overflow; ", "enum":[ "all", "packet_received", "packet_dropped", "entry_learned", "entry_count_overflow" ] } } } ] }, "class-list-overflow-policy-list":{ "type":"array", "minItems":1, "items":{ "type":"class-list-overflow-policy" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/src-based-policy/{src-based-policy-name}/policy-class-list/{class-list-name}/class-list-overflow-policy/{dummy-name}", "array":[ { "properties":{ "dummy-name":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'configuration': Configure overflow policy for class-list; ", "enum":[ "configuration" ], "optional":false }, "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'bypass': Always permit for the Source to bypass all feature & limit checks; 'deny': Blacklist incoming packets for service; ", "enum":[ "bypass", "deny" ], "optional":true }, "log-enable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable logging", "optional":true }, "log-periodic":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable log periodic", "optional":true }, "zone-template":{ "type":"object", "properties":{ "quic":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS quic template" }, "dns":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS dns template" }, "http":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS http template" }, "ssl-l4":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS ssl-l4 template" }, "sip":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS sip template" }, "tcp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS tcp template" }, "udp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS udp template" }, "encap":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)" }, "logging":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS logging template" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "dummy-name" ] } ] } }, "required":[ "class-list-name" ] } ] } }, "required":[ "src-based-policy-name" ] } ] }, "dynamic-entry-overflow-policy-list":{ "type":"array", "minItems":1, "items":{ "type":"dynamic-entry-overflow-policy" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/dynamic-entry-overflow-policy/{dummy-name}", "array":[ { "properties":{ "dummy-name":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'configuration': Configure overflow policy; ", "enum":[ "configuration" ], "optional":false }, "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'bypass': Always permit for the Source to bypass all feature & limit checks; 'deny': Blacklist incoming packets for service; ", "enum":[ "bypass", "deny" ], "optional":true }, "log-enable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable logging", "optional":true }, "log-periodic":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable log periodic", "optional":true }, "zone-template":{ "type":"object", "properties":{ "quic":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS quic template" }, "dns":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS dns template" }, "http":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS http template" }, "ssl-l4":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS ssl-l4 template" }, "sip":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS sip template" }, "tcp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS tcp template" }, "udp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS udp template" }, "encap":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)" }, "logging":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS logging template" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "dummy-name" ] } ] } }, "required":[ "port-num", "protocol" ] } ] }, "zone-service-other-list":{ "type":"array", "minItems":1, "items":{ "type":"zone-service-other" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}", "array":[ { "properties":{ "port-other":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'other': other; ", "enum":[ "other" ], "optional":false }, "protocol":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'tcp': TCP Port; 'udp': UDP Port; ", "enum":[ "tcp", "udp" ], "optional":false }, "manual-mode-enable":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Toggle manual mode to use fix templates", "optional":true }, "enable-top-k":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable ddos top-k source IP detection", "optional":true }, "topk-num-records":{ "type":"number", "format":"number", "minimum":1, "maximum":100, "default":20, "partition-visibility":"shared", "description":"Maximum number of records to show in topk", "optional":true }, "enable-top-k-destination":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable ddos top-k destination IP detection", "optional":true }, "topk-dst-num-records":{ "type":"number", "format":"number", "minimum":1, "maximum":100, "default":20, "partition-visibility":"shared", "description":"Maximum number of records to show in topk", "optional":true }, "deny":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Blacklist and Drop all incoming packets for protocol", "optional":true }, "glid-cfg":{ "type":"object", "properties":{ "glid":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID for the whole zone" }, "glid-action":{ "type":"string", "format":"enum", "plat-neg-list":["softax-ddet"], "partition-visibility":"shared", "description":"'drop': Drop packets for glid exceed (Default if default-action-list is not configured); 'ignore': Do nothing for glid exceed; ", "enum":[ "drop", "ignore" ] }, "action-list":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "description":"Configure action-list to take" }, "per-addr-glid":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID per address" } } }, "stateful":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Enable stateful tracking of sessions (Default is stateless)", "optional":true }, "default-action-list":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "description":"Configure default-action-list", "optional":true }, "sflow-common":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "not-list":[ "sflow-packets", "sflow-tcp-basic", "sflow-tcp-stateful" ], "description":"Enable all sFlow polling options under this zone port", "optional":true }, "sflow-packets":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "not":"sflow-common", "description":"Enable sFlow packet-level counter polling", "optional":true }, "sflow-tcp":{ "type":"object", "properties":{ "sflow-tcp-basic":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "not":"sflow-common", "description":"Enable sFlow basic TCP counter polling" }, "sflow-tcp-stateful":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "not":"sflow-common", "description":"Enable sFlow stateful TCP counter polling" } } }, "unlimited-dynamic-entry-count":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"No limit for maximum dynamic src entry count", "optional":true }, "max-dynamic-entry-count":{ "type":"number", "format":"number", "plat-neg-list":["softax-ddet"], "minimum":0, "maximum":2147483647, "partition-visibility":"shared", "description":"Maximum count for dynamic source zone service entry", "optional":true }, "apply-policy-on-overflow":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Enable this flag to apply overflow policy when dynamic entry count overflows", "optional":true }, "set-counter-base-val":{ "type":"number", "format":"number", "plat-neg-list":["softax-ddet"], "minimum":1, "maximum":4294967295, "partition-visibility":"shared", "description":"Set T2 counter value of current context to specified value", "optional":true }, "enable-class-list-overflow":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Apply class-list overflow policy upon exceeding dynamic entry count specified for this zone port or each class-list", "optional":true }, "age":{ "type":"number", "format":"number", "minimum":2, "maximum":1023, "default":5, "partition-visibility":"shared", "description":"Idle age for ip entry", "optional":true }, "outbound-only":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Only allow outbound traffic", "optional":true }, "faster-de-escalation":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"De-escalate faster in standalone mode", "optional":true }, "ip-filtering-policy":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/ip-filtering-policy", "description":"Configure IP Filter", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "ip-filtering-policy-oper":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}/ip-filtering-policy-oper", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "pattern-recognition":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}/pattern-recognition", "properties":{ "algorithm":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'heuristic': heuristic algorithm; ", "enum":[ "heuristic" ] }, "mode":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'capture-never-expire': War-time capture without rate exceeding and never expires; 'manual': Manual mode; ", "enum":[ "capture-never-expire", "manual" ] }, "sensitivity":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'high': High Sensitivity; 'medium': Medium Sensitivity; 'low': Low Sensitivity; ", "enum":[ "high", "medium", "low" ] }, "filter-threshold":{ "type":"number", "format":"number", "minimum":0, "maximum":100, "partition-visibility":"shared", "description":"Extracted filter threshold" }, "filter-inactive-threshold":{ "type":"number", "format":"number", "minimum":5, "maximum":255, "partition-visibility":"shared", "description":"Extracted filter inactive threshold" }, "triggered-by":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'zone-escalation': Zone escalation trigger pattern recognition; 'packet-rate-exceeds': Packet rate limit exceeds trigger pattern recognition (default); ", "enum":[ "zone-escalation", "packet-rate-exceeds" ] }, "capture-traffic":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'all': Capture all packets; 'dropped': Capture dropped packets (default); ", "enum":[ "all", "dropped" ] }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "pattern-recognition-pu-details":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}/pattern-recognition-pu-details", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "level-list":{ "type":"array", "minItems":1, "items":{ "type":"level" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}/level/{level-num}", "array":[ { "properties":{ "level-num":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'0': Default policy level; '1': Policy level 1; '2': Policy level 2; '3': Policy level 3; '4': Policy level 4; ", "enum":[ "0", "1", "2", "3", "4" ], "optional":false }, "src-default-glid":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "glid-action":{ "type":"string", "format":"enum", "plat-neg-list":["softax-ddet"], "partition-visibility":"shared", "description":"'drop': Drop packets for glid exceed (Default); 'blacklist-src': Blacklist-src for glid exceed; 'ignore': Do nothing for glid exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ], "optional":true }, "zone-escalation-score":{ "type":"number", "format":"number", "minimum":1, "maximum":1000000, "partition-visibility":"shared", "description":"Zone activation score of this level", "optional":true }, "zone-violation-actions":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/violation-actions", "description":"Violation actions apply due to zone escalate from this level", "optional":true }, "src-escalation-score":{ "type":"number", "format":"number", "minimum":1, "maximum":1000000, "partition-visibility":"shared", "description":"Source activation score of this level", "optional":true }, "src-violation-actions":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/violation-actions", "description":"Violation actions apply due to source escalate from this level", "optional":true }, "zone-template":{ "type":"object", "properties":{ "tcp":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS tcp template" }, "udp":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS udp template" }, "encap":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)" } } }, "close-sessions-for-unauth-sources":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Close session for unauthenticated sources", "optional":true }, "start-pattern-recognition":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Start pattern recognition from this level", "optional":true }, "apply-extracted-filters":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Apply extracted filters from this level", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "indicator-list":{ "type":"array", "minItems":1, "items":{ "type":"indicator" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}/level/{level-num}/indicator/{type}", "array":[ { "properties":{ "type":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'pkt-rate': rate of incoming packets; 'pkt-drop-rate': rate of packets got dropped; 'bit-rate': rate of incoming bits; 'pkt-drop-ratio': ratio of incoming packet rate divided by the rate of dropping packets; 'bytes-to-bytes-from-ratio': ratio of incoming packet rate divided by the rate of outgoing packets; 'concurrent-conns': number of concurrent connections; 'conn-miss-rate': rate of incoming packets for which no previously established connection exists; 'syn-rate': rate on incoming SYN packets; 'fin-rate': rate on incoming FIN packets; 'rst-rate': rate of incoming RST packets; 'small-window-ack-rate': rate of small window advertisement; 'empty-ack-rate': rate of incoming packets which have no payload; 'small-payload-rate': rate of short payload packet; 'syn-fin-ratio': ratio of incoming SYN packet rate divided by the rate of incoming FIN packets; 'cpu-utilization': average data CPU utilization; 'interface-utilization': outside interface utilization; ", "enum":[ "pkt-rate", "pkt-drop-rate", "bit-rate", "pkt-drop-ratio", "bytes-to-bytes-from-ratio", "concurrent-conns", "conn-miss-rate", "syn-rate", "fin-rate", "rst-rate", "small-window-ack-rate", "empty-ack-rate", "small-payload-rate", "syn-fin-ratio", "cpu-utilization", "interface-utilization" ], "optional":false }, "tcp-window-size":{ "type":"number", "format":"number", "minimum":1, "maximum":500, "partition-visibility":"shared", "description":"Expected minimal window size", "optional":true }, "data-packet-size":{ "type":"number", "format":"number", "minimum":1, "maximum":1500, "partition-visibility":"shared", "description":"Expected minimal data size", "optional":true }, "score":{ "type":"number", "format":"number", "minimum":1, "maximum":1000000, "partition-visibility":"shared", "description":"Score corresponding to the indicator", "optional":true }, "src-threshold-num":{ "type":"number", "format":"number", "minimum":1, "maximum":2147483647, "partition-visibility":"shared", "description":"Indicator per-src threshold", "optional":true }, "src-threshold-large-num":{ "type":"number", "format":"number", "minimum":1, "maximum":10995116277760, "partition-visibility":"shared", "description":"Indicator per-src threshold", "optional":true }, "src-threshold-str":{ "type":"string", "format":"string", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"Indicator per-src threshold (Non-zero floating point)", "optional":true }, "src-violation-actions":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/violation-actions", "description":"Violation actions to use when this src indicator threshold reaches", "optional":true }, "zone-threshold-num":{ "type":"number", "format":"number", "minimum":1, "maximum":2147483647, "partition-visibility":"shared", "description":"Threshold for the entire zone", "optional":true }, "zone-threshold-large-num":{ "type":"number", "format":"number", "minimum":1, "maximum":10995116277760, "partition-visibility":"shared", "description":"Threshold for the entire zone", "optional":true }, "zone-threshold-str":{ "type":"string", "format":"string", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"Threshold for the entire zone (Non-zero floating point)", "optional":true }, "zone-violation-actions":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/violation-actions", "description":"Violation actions to use when this zone indicator threshold reaches", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "type" ] } ] } }, "required":[ "level-num" ] } ] }, "manual-mode-list":{ "type":"array", "minItems":1, "items":{ "type":"manual-mode" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}/manual-mode/{config}", "array":[ { "properties":{ "config":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'configuration': Manual-mode configuration; ", "enum":[ "configuration" ], "optional":false }, "src-default-glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "glid-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'drop': Drop packets for glid exceed (Default); 'blacklist-src': Blacklist-src for glid exceed; 'ignore': Do nothing for glid exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ], "optional":true }, "zone-template":{ "type":"object", "properties":{ "tcp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS tcp template" }, "udp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS udp template" }, "encap":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)" } } }, "close-sessions-for-unauth-sources":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Close session for unauthenticated sources", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "config" ] } ] }, "port-ind":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}/port-ind", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" }, "sampling-enable":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "counters1":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'all': all; 'ip-proto-type': IP Protocol Type; 'ddet_ind_pkt_rate_current': Pkt Rate Current; 'ddet_ind_pkt_rate_min': Pkt Rate Min; 'ddet_ind_pkt_rate_max': Pkt Rate Max; 'ddet_ind_pkt_rate_adaptive_threshold': Pkt Rate Adaptive Threshold; 'ddet_ind_pkt_drop_rate_current': Pkt Drop Rate Current; 'ddet_ind_pkt_drop_rate_min': Pkt Drop Rate Min; 'ddet_ind_pkt_drop_rate_max': Pkt Drop Rate Max; 'ddet_ind_pkt_drop_rate_adaptive_threshold': Pkt Drop Rate Adaptive Threshold; 'ddet_ind_syn_rate_current': TCP SYN Rate Current; 'ddet_ind_syn_rate_min': TCP SYN Rate Min; 'ddet_ind_syn_rate_max': TCP SYN Rate Max; 'ddet_ind_syn_rate_adaptive_threshold': TCP SYN Rate Adaptive Threshold; 'ddet_ind_fin_rate_current': TCP FIN Rate Current; 'ddet_ind_fin_rate_min': TCP FIN Rate Min; 'ddet_ind_fin_rate_max': TCP FIN Rate Max; 'ddet_ind_fin_rate_adaptive_threshold': TCP FIN Rate Adaptive Threshold; 'ddet_ind_rst_rate_current': TCP RST Rate Current; 'ddet_ind_rst_rate_min': TCP RST Rate Min; 'ddet_ind_rst_rate_max': TCP RST Rate Max; 'ddet_ind_rst_rate_adaptive_threshold': TCP RST Rate Adaptive Threshold; 'ddet_ind_small_window_ack_rate_current': TCP Small Window ACK Rate Current; 'ddet_ind_small_window_ack_rate_min': TCP Small Window ACK Rate Min; 'ddet_ind_small_window_ack_rate_max': TCP Small Window ACK Rate Max; 'ddet_ind_small_window_ack_rate_adaptive_threshold': TCP Small Window ACK Rate Adaptive Threshold; 'ddet_ind_empty_ack_rate_current': TCP Empty ACK Rate Current; 'ddet_ind_empty_ack_rate_min': TCP Empty ACK Rate Min; 'ddet_ind_empty_ack_rate_max': TCP Empty ACK Rate Max; 'ddet_ind_empty_ack_rate_adaptive_threshold': TCP Empty ACK Rate Adaptive Threshold; 'ddet_ind_small_payload_rate_current': TCP Small Payload Rate Current; 'ddet_ind_small_payload_rate_min': TCP Small Payload Rate Min; 'ddet_ind_small_payload_rate_max': TCP Small Payload Rate Max; 'ddet_ind_small_payload_rate_adaptive_threshold': TCP Small Payload Rate Adaptive Threshold; 'ddet_ind_pkt_drop_ratio_current': Pkt Drop / Pkt Rcvd Current; 'ddet_ind_pkt_drop_ratio_min': Pkt Drop / Pkt Rcvd Min; 'ddet_ind_pkt_drop_ratio_max': Pkt Drop / Pkt Rcvd Max; 'ddet_ind_pkt_drop_ratio_adaptive_threshold': Pkt Drop / Pkt Rcvd Adaptive Threshold; 'ddet_ind_inb_per_outb_current': Bytes-to / Bytes-from Current; 'ddet_ind_inb_per_outb_min': Bytes-to / Bytes-from Min; 'ddet_ind_inb_per_outb_max': Bytes-to / Bytes-from Max; 'ddet_ind_inb_per_outb_adaptive_threshold': Bytes-to / Bytes-from Adaptive Threshold; 'ddet_ind_syn_per_fin_rate_current': TCP SYN Rate / FIN Rate Current; 'ddet_ind_syn_per_fin_rate_min': TCP SYN Rate / FIN Rate Min; 'ddet_ind_syn_per_fin_rate_max': TCP SYN Rate / FIN Rate Max; 'ddet_ind_syn_per_fin_rate_adaptive_threshold': TCP SYN Rate / FIN Rate Adaptive Threshold; 'ddet_ind_conn_miss_rate_current': TCP Session Miss Rate Current; 'ddet_ind_conn_miss_rate_min': TCP Session Miss Rate Min; 'ddet_ind_conn_miss_rate_max': TCP Session Miss Rate Max; 'ddet_ind_conn_miss_rate_adaptive_threshold': TCP Session Miss Rate Adaptive Threshold; 'ddet_ind_concurrent_conns_current': TCP/UDP Concurrent Sessions Current; 'ddet_ind_concurrent_conns_min': TCP/UDP Concurrent Sessions Min; 'ddet_ind_concurrent_conns_max': TCP/UDP Concurrent Sessions Max; 'ddet_ind_concurrent_conns_adaptive_threshold': TCP/UDP Concurrent Sessions Adaptive Threshold; 'ddet_ind_data_cpu_util_current': Data CPU Utilization Current; 'ddet_ind_data_cpu_util_min': Data CPU Utilization Min; 'ddet_ind_data_cpu_util_max': Data CPU Utilization Max; 'ddet_ind_data_cpu_util_adaptive_threshold': Data CPU Utilization Adaptive Threshold; 'ddet_ind_outside_intf_util_current': Outside Interface Utilization Current; 'ddet_ind_outside_intf_util_min': Outside Interface Utilization Min; 'ddet_ind_outside_intf_util_max': Outside Interface Utilization Max; 'ddet_ind_outside_intf_util_adaptive_threshold': Outside Interface Utilization Adaptive Threshold; 'ddet_ind_frag_rate_current': Frag Pkt Rate Current; 'ddet_ind_frag_rate_min': Frag Pkt Rate Min; 'ddet_ind_frag_rate_max': Frag Pkt Rate Max; 'ddet_ind_frag_rate_adaptive_threshold': Frag Pkt Rate Adaptive Threshold; 'ddet_ind_bit_rate_current': Bit Rate Current; 'ddet_ind_bit_rate_min': Bit Rate Min; 'ddet_ind_bit_rate_max': Bit Rate Max; 'ddet_ind_bit_rate_adaptive_threshold': Bit Rate Adaptive Threshold; ", "enum":[ "all", "ip-proto-type", "ddet_ind_pkt_rate_current", "ddet_ind_pkt_rate_min", "ddet_ind_pkt_rate_max", "ddet_ind_pkt_rate_adaptive_threshold", "ddet_ind_pkt_drop_rate_current", "ddet_ind_pkt_drop_rate_min", "ddet_ind_pkt_drop_rate_max", "ddet_ind_pkt_drop_rate_adaptive_threshold", "ddet_ind_syn_rate_current", "ddet_ind_syn_rate_min", "ddet_ind_syn_rate_max", "ddet_ind_syn_rate_adaptive_threshold", "ddet_ind_fin_rate_current", "ddet_ind_fin_rate_min", "ddet_ind_fin_rate_max", "ddet_ind_fin_rate_adaptive_threshold", "ddet_ind_rst_rate_current", "ddet_ind_rst_rate_min", "ddet_ind_rst_rate_max", "ddet_ind_rst_rate_adaptive_threshold", "ddet_ind_small_window_ack_rate_current", "ddet_ind_small_window_ack_rate_min", "ddet_ind_small_window_ack_rate_max", "ddet_ind_small_window_ack_rate_adaptive_threshold", "ddet_ind_empty_ack_rate_current", "ddet_ind_empty_ack_rate_min", "ddet_ind_empty_ack_rate_max", "ddet_ind_empty_ack_rate_adaptive_threshold", "ddet_ind_small_payload_rate_current", "ddet_ind_small_payload_rate_min", "ddet_ind_small_payload_rate_max", "ddet_ind_small_payload_rate_adaptive_threshold", "ddet_ind_pkt_drop_ratio_current", "ddet_ind_pkt_drop_ratio_min", "ddet_ind_pkt_drop_ratio_max", "ddet_ind_pkt_drop_ratio_adaptive_threshold", "ddet_ind_inb_per_outb_current", "ddet_ind_inb_per_outb_min", "ddet_ind_inb_per_outb_max", "ddet_ind_inb_per_outb_adaptive_threshold", "ddet_ind_syn_per_fin_rate_current", "ddet_ind_syn_per_fin_rate_min", "ddet_ind_syn_per_fin_rate_max", "ddet_ind_syn_per_fin_rate_adaptive_threshold", "ddet_ind_conn_miss_rate_current", "ddet_ind_conn_miss_rate_min", "ddet_ind_conn_miss_rate_max", "ddet_ind_conn_miss_rate_adaptive_threshold", "ddet_ind_concurrent_conns_current", "ddet_ind_concurrent_conns_min", "ddet_ind_concurrent_conns_max", "ddet_ind_concurrent_conns_adaptive_threshold", "ddet_ind_data_cpu_util_current", "ddet_ind_data_cpu_util_min", "ddet_ind_data_cpu_util_max", "ddet_ind_data_cpu_util_adaptive_threshold", "ddet_ind_outside_intf_util_current", "ddet_ind_outside_intf_util_min", "ddet_ind_outside_intf_util_max", "ddet_ind_outside_intf_util_adaptive_threshold", "ddet_ind_frag_rate_current", "ddet_ind_frag_rate_min", "ddet_ind_frag_rate_max", "ddet_ind_frag_rate_adaptive_threshold", "ddet_ind_bit_rate_current", "ddet_ind_bit_rate_min", "ddet_ind_bit_rate_max", "ddet_ind_bit_rate_adaptive_threshold" ] } } } ] } } }, "topk-sources":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}/topk-sources", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "progression-tracking":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}/progression-tracking", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "topk-destinations":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}/topk-destinations", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "src-based-policy-list":{ "type":"array", "minItems":1, "items":{ "type":"src-based-policy" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}/src-based-policy/{src-based-policy-name}", "array":[ { "properties":{ "src-based-policy-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Specify name of the policy", "optional":false }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "policy-class-list-list":{ "type":"array", "minItems":1, "items":{ "type":"policy-class-list" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}/src-based-policy/{src-based-policy-name}/policy-class-list/{class-list-name}", "array":[ { "properties":{ "class-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Class-list name", "optional":false }, "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "glid-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'drop': Drop packets for glid exceed (Default); 'blacklist-src': Blacklist-src for glid exceed; 'ignore': Do nothing for glid exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ], "optional":true }, "action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'bypass': Always permit for the Source to bypass all feature & limit checks; 'deny': Blacklist incoming packets for service; ", "enum":[ "bypass", "deny" ], "optional":true }, "max-dynamic-entry-count":{ "type":"number", "format":"number", "minimum":0, "maximum":2147483647, "partition-visibility":"shared", "description":"Maximum count for dynamic source zone service entry allowed for this class-list", "optional":true }, "zone-template":{ "type":"object", "properties":{ "tcp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS tcp template" }, "udp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS udp template" }, "encap":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)" }, "logging":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS logging template" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "sampling-enable":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "counters1":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'all': all; 'packet_received': Packets Received; 'packet_dropped': Packets Dropped; 'entry_learned': Entry Learned; 'entry_count_overflow': Entry Count Overflow; ", "enum":[ "all", "packet_received", "packet_dropped", "entry_learned", "entry_count_overflow" ] } } } ] }, "class-list-overflow-policy-list":{ "type":"array", "minItems":1, "items":{ "type":"class-list-overflow-policy" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}/src-based-policy/{src-based-policy-name}/policy-class-list/{class-list-name}/class-list-overflow-policy/{dummy-name}", "array":[ { "properties":{ "dummy-name":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'configuration': Configure overflow policy for class-list; ", "enum":[ "configuration" ], "optional":false }, "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'bypass': Always permit for the Source to bypass all feature & limit checks; 'deny': Blacklist incoming packets for service; ", "enum":[ "bypass", "deny" ], "optional":true }, "log-enable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable logging", "optional":true }, "log-periodic":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable log periodic", "optional":true }, "zone-template":{ "type":"object", "properties":{ "dns":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS dns template" }, "http":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS http template" }, "ssl-l4":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS ssl-l4 template" }, "sip":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS sip template" }, "tcp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS tcp template" }, "udp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS udp template" }, "encap":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)" }, "logging":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS logging template" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "dummy-name" ] } ] } }, "required":[ "class-list-name" ] } ] } }, "required":[ "src-based-policy-name" ] } ] }, "dynamic-entry-overflow-policy-list":{ "type":"array", "minItems":1, "items":{ "type":"dynamic-entry-overflow-policy" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}/dynamic-entry-overflow-policy/{dummy-name}", "array":[ { "properties":{ "dummy-name":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'configuration': Configure overflow policy; ", "enum":[ "configuration" ], "optional":false }, "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'bypass': Always permit for the Source to bypass all feature & limit checks; 'deny': Blacklist incoming packets for service; ", "enum":[ "bypass", "deny" ], "optional":true }, "log-enable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable logging", "optional":true }, "log-periodic":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable log periodic", "optional":true }, "zone-template":{ "type":"object", "properties":{ "dns":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS dns template" }, "http":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS http template" }, "ssl-l4":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS ssl-l4 template" }, "sip":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS sip template" }, "tcp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS tcp template" }, "udp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS udp template" }, "encap":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)" }, "logging":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS logging template" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "dummy-name" ] } ] } }, "required":[ "port-other", "protocol" ] } ] } } }, "port-range-list":{ "type":"array", "minItems":1, "items":{ "type":"port-range" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}", "array":[ { "properties":{ "port-range-start":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Port-Range Start Port Number", "optional":false }, "port-range-end":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Port-Range End Port Number", "optional":false }, "protocol":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'dns-tcp': DNS-TCP Port; 'dns-udp': DNS-UDP Port; 'http': HTTP Port; 'tcp': TCP Port; 'udp': UDP Port; 'ssl-l4': SSL-L4 Port; 'sip-udp': SIP-UDP Port; 'sip-tcp': SIP-TCP Port; 'quic': QUIC Port; ", "enum":[ "dns-tcp", "dns-udp", "http", "tcp", "udp", "ssl-l4", "sip-udp", "sip-tcp", "quic" ], "optional":false }, "manual-mode-enable":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Toggle manual mode to use fix templates", "optional":true }, "deny":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Blacklist and Drop all incoming packets for protocol", "optional":true }, "glid-cfg":{ "type":"object", "properties":{ "glid":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID for the whole zone" }, "glid-action":{ "type":"string", "format":"enum", "plat-neg-list":["softax-ddet"], "partition-visibility":"shared", "description":"'drop': Drop packets for glid exceed (Default if default-action-list is not configured); 'ignore': Do nothing for glid exceed; ", "enum":[ "drop", "ignore" ] }, "action-list":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "description":"Configure action-list to take" }, "per-addr-glid":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID per address" } } }, "stateful":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Enable stateful tracking of sessions (Default is stateless)", "optional":true }, "default-action-list":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "description":"Configure default-action-list", "optional":true }, "sflow-common":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "not-list":[ "sflow-packets", "sflow-tcp-basic", "sflow-tcp-stateful", "sflow-http" ], "description":"Enable all sFlow polling options under this zone port", "optional":true }, "sflow-packets":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "not":"sflow-common", "description":"Enable sFlow packet-level counter polling", "optional":true }, "sflow-tcp":{ "type":"object", "properties":{ "sflow-tcp-basic":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "not":"sflow-common", "description":"Enable sFlow basic TCP counter polling" }, "sflow-tcp-stateful":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "not":"sflow-common", "description":"Enable sFlow stateful TCP counter polling" } } }, "sflow-http":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "not":"sflow-common", "description":"Enable sFlow HTTP counter polling", "optional":true }, "unlimited-dynamic-entry-count":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"No limit for maximum dynamic src entry count", "optional":true }, "max-dynamic-entry-count":{ "type":"number", "format":"number", "plat-neg-list":["softax-ddet"], "minimum":0, "maximum":2147483647, "partition-visibility":"shared", "description":"Maximum count for dynamic source zone service entry", "optional":true }, "apply-policy-on-overflow":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Enable this flag to apply overflow policy when dynamic entry count overflows", "optional":true }, "enable-class-list-overflow":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Apply class-list overflow policy upon exceeding dynamic entry count specified under zone port or each class-list", "optional":true }, "enable-top-k":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable ddos top-k source IP detection", "optional":true }, "topk-num-records":{ "type":"number", "format":"number", "minimum":1, "maximum":100, "default":20, "partition-visibility":"shared", "description":"Maximum number of records to show in topk", "optional":true }, "enable-top-k-destination":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable ddos top-k destination IP detection", "optional":true }, "topk-dst-num-records":{ "type":"number", "format":"number", "minimum":1, "maximum":100, "default":20, "partition-visibility":"shared", "description":"Maximum number of records to show in topk", "optional":true }, "set-counter-base-val":{ "type":"number", "format":"number", "plat-neg-list":["softax-ddet"], "minimum":1, "maximum":4294967295, "partition-visibility":"shared", "description":"Set T2 counter value of current context to specified value", "optional":true }, "age":{ "type":"number", "format":"number", "minimum":2, "maximum":1023, "default":5, "partition-visibility":"shared", "description":"Idle age for ip entry", "optional":true }, "outbound-only":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Only allow outbound traffic", "optional":true }, "faster-de-escalation":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"De-escalate faster in standalone mode", "optional":true }, "ip-filtering-policy":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/ip-filtering-policy", "description":"Configure IP Filter", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "ip-filtering-policy-oper":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/ip-filtering-policy-oper", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "pattern-recognition":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/pattern-recognition", "properties":{ "algorithm":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'heuristic': heuristic algorithm; ", "enum":[ "heuristic" ] }, "mode":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'capture-never-expire': War-time capture without rate exceeding and never expires; 'manual': Manual mode; ", "enum":[ "capture-never-expire", "manual" ] }, "sensitivity":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'high': High Sensitivity; 'medium': Medium Sensitivity; 'low': Low Sensitivity; ", "enum":[ "high", "medium", "low" ] }, "filter-threshold":{ "type":"number", "format":"number", "minimum":0, "maximum":100, "partition-visibility":"shared", "description":"Extracted filter threshold" }, "filter-inactive-threshold":{ "type":"number", "format":"number", "minimum":5, "maximum":255, "partition-visibility":"shared", "description":"Extracted filter inactive threshold" }, "triggered-by":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'zone-escalation': Zone escalation trigger pattern recognition; 'packet-rate-exceeds': Packet rate limit exceeds trigger pattern recognition (default); ", "enum":[ "zone-escalation", "packet-rate-exceeds" ] }, "capture-traffic":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'all': Capture all packets; 'dropped': Capture dropped packets (default); ", "enum":[ "all", "dropped" ] }, "app-payload-offset":{ "type":"number", "format":"number", "minimum":0, "maximum":1500, "partition-visibility":"shared", "description":"Set offset of the payload, default 0" }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "pattern-recognition-pu-details":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/pattern-recognition-pu-details", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "level-list":{ "type":"array", "minItems":1, "items":{ "type":"level" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/level/{level-num}", "array":[ { "properties":{ "level-num":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'0': Default policy level; '1': Policy level 1; '2': Policy level 2; '3': Policy level 3; '4': Policy level 4; ", "enum":[ "0", "1", "2", "3", "4" ], "optional":false }, "src-default-glid":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "glid-action":{ "type":"string", "format":"enum", "plat-neg-list":["softax-ddet"], "partition-visibility":"shared", "description":"'drop': Drop packets for glid exceed (Default); 'blacklist-src': Blacklist-src for glid exceed; 'ignore': Do nothing for glid exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ], "optional":true }, "zone-escalation-score":{ "type":"number", "format":"number", "minimum":1, "maximum":1000000, "partition-visibility":"shared", "description":"Zone activation score of this level", "optional":true }, "zone-violation-actions":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/violation-actions", "description":"Violation actions apply due to zone escalate from this level", "optional":true }, "src-escalation-score":{ "type":"number", "format":"number", "minimum":1, "maximum":1000000, "partition-visibility":"shared", "description":"Source activation score of this level", "optional":true }, "src-violation-actions":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/violation-actions", "description":"Violation actions apply due to source escalate from this level", "optional":true }, "zone-template":{ "type":"object", "properties":{ "quic":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS quic template" }, "dns":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS dns template" }, "http":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS http template" }, "ssl-l4":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS ssl-l4 template" }, "sip":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS sip template" }, "tcp":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS tcp template" }, "udp":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS udp template" }, "encap":{ "type":"string", "format":"string-rlx", "plat-neg-list":["softax-ddet"], "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)" } } }, "close-sessions-for-unauth-sources":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Close session for unauthenticated sources", "optional":true }, "start-pattern-recognition":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Start pattern recognition from this level", "optional":true }, "apply-extracted-filters":{ "type":"number", "format":"flag", "plat-neg-list":["softax-ddet"], "default":0, "partition-visibility":"shared", "description":"Apply extracted filters from this level", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "indicator-list":{ "type":"array", "minItems":1, "items":{ "type":"indicator" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/level/{level-num}/indicator/{type}", "array":[ { "properties":{ "type":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'pkt-rate': rate of incoming packets; 'pkt-drop-rate': rate of packets got dropped; 'bit-rate': rate of incoming bits; 'pkt-drop-ratio': ratio of incoming packet rate divided by the rate of dropping packets; 'bytes-to-bytes-from-ratio': ratio of incoming packet rate divided by the rate of outgoing packets; 'concurrent-conns': number of concurrent connections; 'conn-miss-rate': rate of incoming packets for which no previously established connection exists; 'syn-rate': rate on incoming SYN packets; 'fin-rate': rate on incoming FIN packets; 'rst-rate': rate of incoming RST packets; 'small-window-ack-rate': rate of small window advertisement; 'empty-ack-rate': rate of incoming packets which have no payload; 'small-payload-rate': rate of short payload packet; 'syn-fin-ratio': ratio of incoming SYN packet rate divided by the rate of incoming FIN packets; 'cpu-utilization': average data CPU utilization; 'interface-utilization': outside interface utilization; ", "enum":[ "pkt-rate", "pkt-drop-rate", "bit-rate", "pkt-drop-ratio", "bytes-to-bytes-from-ratio", "concurrent-conns", "conn-miss-rate", "syn-rate", "fin-rate", "rst-rate", "small-window-ack-rate", "empty-ack-rate", "small-payload-rate", "syn-fin-ratio", "cpu-utilization", "interface-utilization" ], "optional":false }, "tcp-window-size":{ "type":"number", "format":"number", "minimum":1, "maximum":500, "partition-visibility":"shared", "description":"Expected minimal window size", "optional":true }, "data-packet-size":{ "type":"number", "format":"number", "minimum":1, "maximum":1500, "partition-visibility":"shared", "description":"Expected minimal data size", "optional":true }, "score":{ "type":"number", "format":"number", "minimum":1, "maximum":1000000, "partition-visibility":"shared", "description":"Score corresponding to the indicator", "optional":true }, "src-threshold-num":{ "type":"number", "format":"number", "minimum":1, "maximum":2147483647, "partition-visibility":"shared", "description":"Indicator per-src threshold", "optional":true }, "src-threshold-large-num":{ "type":"number", "format":"number", "minimum":1, "maximum":10995116277760, "partition-visibility":"shared", "description":"Indicator per-src threshold", "optional":true }, "src-threshold-str":{ "type":"string", "format":"string", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"Indicator per-src threshold (Non-zero floating point)", "optional":true }, "src-violation-actions":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/violation-actions", "description":"Violation actions to use when this src indicator threshold reaches", "optional":true }, "zone-threshold-num":{ "type":"number", "format":"number", "minimum":1, "maximum":2147483647, "partition-visibility":"shared", "description":"Threshold for the entire zone", "optional":true }, "zone-threshold-large-num":{ "type":"number", "format":"number", "minimum":1, "maximum":10995116277760, "partition-visibility":"shared", "description":"Threshold for the entire zone", "optional":true }, "zone-threshold-str":{ "type":"string", "format":"string", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"Threshold for the entire zone (Non-zero floating point)", "optional":true }, "zone-violation-actions":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/violation-actions", "description":"Violation actions to use when this zone indicator threshold reaches", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "type" ] } ] } }, "required":[ "level-num" ] } ] }, "manual-mode-list":{ "type":"array", "minItems":1, "items":{ "type":"manual-mode" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/manual-mode/{config}", "array":[ { "properties":{ "config":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'configuration': Manual-mode configuration; ", "enum":[ "configuration" ], "optional":false }, "src-default-glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "glid-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'drop': Drop packets for glid exceed (Default); 'blacklist-src': Blacklist-src for glid exceed; 'ignore': Do nothing for glid exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ], "optional":true }, "zone-template":{ "type":"object", "properties":{ "quic":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS quic template" }, "dns":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS dns template" }, "http":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS http template" }, "ssl-l4":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS ssl-l4 template" }, "sip":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS sip template" }, "tcp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS tcp template" }, "udp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS udp template" }, "encap":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)" } } }, "close-sessions-for-unauth-sources":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Close session for unauthenticated sources", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "config" ] } ] }, "ips":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/ips", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" }, "sampling-enable":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "counters1":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'all': all; 'ips_matched_total': IPS Matched Total; 'ips_matched_action_pass': IPS Matched Action Pass; 'ips_matched_action_drop': IPS Matched Action Drop; 'ips_matched_action_blacklist': IPS Matched Action Blacklist; 'ips_matched_severity_high': IPS Matched Severity High; 'ips_matched_severity_medium': IPS Matched Severity Medium; 'ips_matched_severity_low': IPS Matched Severity Low; 'src_ips_matched_action_pass': Src IPS Matched Action Pass; 'src_ips_matched_action_drop': Src IPS Matched Action Drop; 'src_ips_matched_action_blacklist': Src IPS Matched Action Blacklist; 'src_ips_matched_severity_high': Src IPS Matched Severity High; 'src_ips_matched_severity_medium': Src IPS Matched Severity Medium; 'src_ips_matched_severity_low': Src IPS Matched Severity Low; ", "enum":[ "all", "ips_matched_total", "ips_matched_action_pass", "ips_matched_action_drop", "ips_matched_action_blacklist", "ips_matched_severity_high", "ips_matched_severity_medium", "ips_matched_severity_low", "src_ips_matched_action_pass", "src_ips_matched_action_drop", "src_ips_matched_action_blacklist", "src_ips_matched_severity_high", "src_ips_matched_severity_medium", "src_ips_matched_severity_low" ] } } } ] } } }, "port-ind":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/port-ind", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" }, "sampling-enable":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "counters1":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'all': all; 'ip-proto-type': IP Protocol Type; 'ddet_ind_pkt_rate_current': Pkt Rate Current; 'ddet_ind_pkt_rate_min': Pkt Rate Min; 'ddet_ind_pkt_rate_max': Pkt Rate Max; 'ddet_ind_pkt_rate_adaptive_threshold': Pkt Rate Adaptive Threshold; 'ddet_ind_pkt_drop_rate_current': Pkt Drop Rate Current; 'ddet_ind_pkt_drop_rate_min': Pkt Drop Rate Min; 'ddet_ind_pkt_drop_rate_max': Pkt Drop Rate Max; 'ddet_ind_pkt_drop_rate_adaptive_threshold': Pkt Drop Rate Adaptive Threshold; 'ddet_ind_syn_rate_current': TCP SYN Rate Current; 'ddet_ind_syn_rate_min': TCP SYN Rate Min; 'ddet_ind_syn_rate_max': TCP SYN Rate Max; 'ddet_ind_syn_rate_adaptive_threshold': TCP SYN Rate Adaptive Threshold; 'ddet_ind_fin_rate_current': TCP FIN Rate Current; 'ddet_ind_fin_rate_min': TCP FIN Rate Min; 'ddet_ind_fin_rate_max': TCP FIN Rate Max; 'ddet_ind_fin_rate_adaptive_threshold': TCP FIN Rate Adaptive Threshold; 'ddet_ind_rst_rate_current': TCP RST Rate Current; 'ddet_ind_rst_rate_min': TCP RST Rate Min; 'ddet_ind_rst_rate_max': TCP RST Rate Max; 'ddet_ind_rst_rate_adaptive_threshold': TCP RST Rate Adaptive Threshold; 'ddet_ind_small_window_ack_rate_current': TCP Small Window ACK Rate Current; 'ddet_ind_small_window_ack_rate_min': TCP Small Window ACK Rate Min; 'ddet_ind_small_window_ack_rate_max': TCP Small Window ACK Rate Max; 'ddet_ind_small_window_ack_rate_adaptive_threshold': TCP Small Window ACK Rate Adaptive Threshold; 'ddet_ind_empty_ack_rate_current': TCP Empty ACK Rate Current; 'ddet_ind_empty_ack_rate_min': TCP Empty ACK Rate Min; 'ddet_ind_empty_ack_rate_max': TCP Empty ACK Rate Max; 'ddet_ind_empty_ack_rate_adaptive_threshold': TCP Empty ACK Rate Adaptive Threshold; 'ddet_ind_small_payload_rate_current': TCP Small Payload Rate Current; 'ddet_ind_small_payload_rate_min': TCP Small Payload Rate Min; 'ddet_ind_small_payload_rate_max': TCP Small Payload Rate Max; 'ddet_ind_small_payload_rate_adaptive_threshold': TCP Small Payload Rate Adaptive Threshold; 'ddet_ind_pkt_drop_ratio_current': Pkt Drop / Pkt Rcvd Current; 'ddet_ind_pkt_drop_ratio_min': Pkt Drop / Pkt Rcvd Min; 'ddet_ind_pkt_drop_ratio_max': Pkt Drop / Pkt Rcvd Max; 'ddet_ind_pkt_drop_ratio_adaptive_threshold': Pkt Drop / Pkt Rcvd Adaptive Threshold; 'ddet_ind_inb_per_outb_current': Bytes-to / Bytes-from Current; 'ddet_ind_inb_per_outb_min': Bytes-to / Bytes-from Min; 'ddet_ind_inb_per_outb_max': Bytes-to / Bytes-from Max; 'ddet_ind_inb_per_outb_adaptive_threshold': Bytes-to / Bytes-from Adaptive Threshold; 'ddet_ind_syn_per_fin_rate_current': TCP SYN Rate / FIN Rate Current; 'ddet_ind_syn_per_fin_rate_min': TCP SYN Rate / FIN Rate Min; 'ddet_ind_syn_per_fin_rate_max': TCP SYN Rate / FIN Rate Max; 'ddet_ind_syn_per_fin_rate_adaptive_threshold': TCP SYN Rate / FIN Rate Adaptive Threshold; 'ddet_ind_conn_miss_rate_current': TCP Session Miss Rate Current; 'ddet_ind_conn_miss_rate_min': TCP Session Miss Rate Min; 'ddet_ind_conn_miss_rate_max': TCP Session Miss Rate Max; 'ddet_ind_conn_miss_rate_adaptive_threshold': TCP Session Miss Rate Adaptive Threshold; 'ddet_ind_concurrent_conns_current': TCP/UDP Concurrent Sessions Current; 'ddet_ind_concurrent_conns_min': TCP/UDP Concurrent Sessions Min; 'ddet_ind_concurrent_conns_max': TCP/UDP Concurrent Sessions Max; 'ddet_ind_concurrent_conns_adaptive_threshold': TCP/UDP Concurrent Sessions Adaptive Threshold; 'ddet_ind_data_cpu_util_current': Data CPU Utilization Current; 'ddet_ind_data_cpu_util_min': Data CPU Utilization Min; 'ddet_ind_data_cpu_util_max': Data CPU Utilization Max; 'ddet_ind_data_cpu_util_adaptive_threshold': Data CPU Utilization Adaptive Threshold; 'ddet_ind_outside_intf_util_current': Outside Interface Utilization Current; 'ddet_ind_outside_intf_util_min': Outside Interface Utilization Min; 'ddet_ind_outside_intf_util_max': Outside Interface Utilization Max; 'ddet_ind_outside_intf_util_adaptive_threshold': Outside Interface Utilization Adaptive Threshold; 'ddet_ind_frag_rate_current': Frag Pkt Rate Current; 'ddet_ind_frag_rate_min': Frag Pkt Rate Min; 'ddet_ind_frag_rate_max': Frag Pkt Rate Max; 'ddet_ind_frag_rate_adaptive_threshold': Frag Pkt Rate Adaptive Threshold; 'ddet_ind_bit_rate_current': Bit Rate Current; 'ddet_ind_bit_rate_min': Bit Rate Min; 'ddet_ind_bit_rate_max': Bit Rate Max; 'ddet_ind_bit_rate_adaptive_threshold': Bit Rate Adaptive Threshold; ", "enum":[ "all", "ip-proto-type", "ddet_ind_pkt_rate_current", "ddet_ind_pkt_rate_min", "ddet_ind_pkt_rate_max", "ddet_ind_pkt_rate_adaptive_threshold", "ddet_ind_pkt_drop_rate_current", "ddet_ind_pkt_drop_rate_min", "ddet_ind_pkt_drop_rate_max", "ddet_ind_pkt_drop_rate_adaptive_threshold", "ddet_ind_syn_rate_current", "ddet_ind_syn_rate_min", "ddet_ind_syn_rate_max", "ddet_ind_syn_rate_adaptive_threshold", "ddet_ind_fin_rate_current", "ddet_ind_fin_rate_min", "ddet_ind_fin_rate_max", "ddet_ind_fin_rate_adaptive_threshold", "ddet_ind_rst_rate_current", "ddet_ind_rst_rate_min", "ddet_ind_rst_rate_max", "ddet_ind_rst_rate_adaptive_threshold", "ddet_ind_small_window_ack_rate_current", "ddet_ind_small_window_ack_rate_min", "ddet_ind_small_window_ack_rate_max", "ddet_ind_small_window_ack_rate_adaptive_threshold", "ddet_ind_empty_ack_rate_current", "ddet_ind_empty_ack_rate_min", "ddet_ind_empty_ack_rate_max", "ddet_ind_empty_ack_rate_adaptive_threshold", "ddet_ind_small_payload_rate_current", "ddet_ind_small_payload_rate_min", "ddet_ind_small_payload_rate_max", "ddet_ind_small_payload_rate_adaptive_threshold", "ddet_ind_pkt_drop_ratio_current", "ddet_ind_pkt_drop_ratio_min", "ddet_ind_pkt_drop_ratio_max", "ddet_ind_pkt_drop_ratio_adaptive_threshold", "ddet_ind_inb_per_outb_current", "ddet_ind_inb_per_outb_min", "ddet_ind_inb_per_outb_max", "ddet_ind_inb_per_outb_adaptive_threshold", "ddet_ind_syn_per_fin_rate_current", "ddet_ind_syn_per_fin_rate_min", "ddet_ind_syn_per_fin_rate_max", "ddet_ind_syn_per_fin_rate_adaptive_threshold", "ddet_ind_conn_miss_rate_current", "ddet_ind_conn_miss_rate_min", "ddet_ind_conn_miss_rate_max", "ddet_ind_conn_miss_rate_adaptive_threshold", "ddet_ind_concurrent_conns_current", "ddet_ind_concurrent_conns_min", "ddet_ind_concurrent_conns_max", "ddet_ind_concurrent_conns_adaptive_threshold", "ddet_ind_data_cpu_util_current", "ddet_ind_data_cpu_util_min", "ddet_ind_data_cpu_util_max", "ddet_ind_data_cpu_util_adaptive_threshold", "ddet_ind_outside_intf_util_current", "ddet_ind_outside_intf_util_min", "ddet_ind_outside_intf_util_max", "ddet_ind_outside_intf_util_adaptive_threshold", "ddet_ind_frag_rate_current", "ddet_ind_frag_rate_min", "ddet_ind_frag_rate_max", "ddet_ind_frag_rate_adaptive_threshold", "ddet_ind_bit_rate_current", "ddet_ind_bit_rate_min", "ddet_ind_bit_rate_max", "ddet_ind_bit_rate_adaptive_threshold" ] } } } ] } } }, "topk-sources":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/topk-sources", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "topk-destinations":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/topk-destinations", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "progression-tracking":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/progression-tracking", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "src-based-policy-list":{ "type":"array", "minItems":1, "items":{ "type":"src-based-policy" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/src-based-policy/{src-based-policy-name}", "array":[ { "properties":{ "src-based-policy-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Specify name of the policy", "optional":false }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "policy-class-list-list":{ "type":"array", "minItems":1, "items":{ "type":"policy-class-list" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/src-based-policy/{src-based-policy-name}/policy-class-list/{class-list-name}", "array":[ { "properties":{ "class-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Class-list name", "optional":false }, "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "glid-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'drop': Drop packets for glid exceed (Default); 'blacklist-src': Blacklist-src for glid exceed; 'ignore': Do nothing for glid exceed; ", "enum":[ "drop", "blacklist-src", "ignore" ], "optional":true }, "action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'bypass': Always permit for the Source to bypass all feature & limit checks; 'deny': Blacklist incoming packets for service; ", "enum":[ "bypass", "deny" ], "optional":true }, "max-dynamic-entry-count":{ "type":"number", "format":"number", "minimum":0, "maximum":2147483647, "partition-visibility":"shared", "description":"Maximum count for dynamic source zone service entry allowed for this class-list", "optional":true }, "zone-template":{ "type":"object", "properties":{ "quic":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS quic template" }, "dns":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS dns template" }, "http":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS http template" }, "ssl-l4":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS ssl-l4 template" }, "sip":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS sip template" }, "tcp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS tcp template" }, "udp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS udp template" }, "encap":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)" }, "logging":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS logging template" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "sampling-enable":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "counters1":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'all': all; 'packet_received': Packets Received; 'packet_dropped': Packets Dropped; 'entry_learned': Entry Learned; 'entry_count_overflow': Entry Count Overflow; ", "enum":[ "all", "packet_received", "packet_dropped", "entry_learned", "entry_count_overflow" ] } } } ] }, "class-list-overflow-policy-list":{ "type":"array", "minItems":1, "items":{ "type":"class-list-overflow-policy" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/src-based-policy/{src-based-policy-name}/policy-class-list/{class-list-name}/class-list-overflow-policy/{dummy-name}", "array":[ { "properties":{ "dummy-name":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'configuration': Configure overflow policy for class-list; ", "enum":[ "configuration" ], "optional":false }, "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'bypass': Always permit for the Source to bypass all feature & limit checks; 'deny': Blacklist incoming packets for service; ", "enum":[ "bypass", "deny" ], "optional":true }, "log-enable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable logging", "optional":true }, "log-periodic":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable log periodic", "optional":true }, "zone-template":{ "type":"object", "properties":{ "quic":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS quic template" }, "dns":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS dns template" }, "http":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS http template" }, "ssl-l4":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS ssl-l4 template" }, "sip":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS sip template" }, "tcp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS tcp template" }, "udp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS udp template" }, "encap":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)" }, "logging":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS logging template" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "dummy-name" ] } ] } }, "required":[ "class-list-name" ] } ] } }, "required":[ "src-based-policy-name" ] } ] }, "dynamic-entry-overflow-policy-list":{ "type":"array", "minItems":1, "items":{ "type":"dynamic-entry-overflow-policy" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/dynamic-entry-overflow-policy/{dummy-name}", "array":[ { "properties":{ "dummy-name":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'configuration': Configure overflow policy; ", "enum":[ "configuration" ], "optional":false }, "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'bypass': Always permit for the Source to bypass all feature & limit checks; 'deny': Blacklist incoming packets for service; ", "enum":[ "bypass", "deny" ], "optional":true }, "log-enable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable logging", "optional":true }, "log-periodic":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable log periodic", "optional":true }, "zone-template":{ "type":"object", "properties":{ "quic":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS quic template" }, "dns":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS dns template" }, "http":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS http template" }, "ssl-l4":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS ssl-l4 template" }, "sip":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS sip template" }, "tcp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS tcp template" }, "udp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS udp template" }, "encap":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)" }, "logging":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS logging template" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "dummy-name" ] } ] } }, "required":[ "port-range-start", "port-range-end", "protocol" ] } ] }, "web-gui":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/web-gui", "properties":{ "status":{ "type":"string", "format":"enum", "default":"newly", "partition-visibility":"shared", "description":"'newly': newly; 'learning': learning; 'learned': learned; 'activated': activated; ", "enum":[ "newly", "learning", "learned", "activated" ] }, "activated-after-learning":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Activate it after learning" }, "create-time":{ "type":"string", "format":"string", "minLength":1, "maxLength":13, "partition-visibility":"shared", "description":"Configure create time" }, "modify-time":{ "type":"string", "format":"string", "minLength":1, "maxLength":13, "partition-visibility":"shared", "description":"Configure modify time" }, "sensitivity":{ "type":"string", "format":"enum", "default":"3", "partition-visibility":"shared", "description":"'5': Low; '3': Medium; '1.5': High; ", "enum":[ "5", "3", "1.5" ] }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" }, "learning":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/web-gui/learning", "properties":{ "duration":{ "type":"string", "format":"enum", "default":"6hour", "partition-visibility":"shared", "description":"'1minute': 1 minute; '6hour': 6 hours; '12hour': 12 hours; '24hour': 24 hours; '7day': 7 days; ", "enum":[ "1minute", "6hour", "12hour", "24hour", "7day" ] }, "starting-time":{ "type":"string", "format":"string", "minLength":1, "maxLength":13, "partition-visibility":"shared", "description":"Configure learning starting time" }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "protection":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/web-gui/protection", "properties":{ "port":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/web-gui/protection/port", "properties":{ "zone-service-list":{ "type":"array", "minItems":1, "items":{ "type":"zone-service" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/web-gui/protection/port/zone-service/{port-num}+{protocol}", "array":[ { "properties":{ "port-num":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Port Number", "optional":false }, "protocol":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'dns-tcp': DNS-TCP Port; 'dns-udp': DNS-UDP Port; 'http': HTTP Port; 'tcp': TCP Port; 'udp': UDP Port; 'ssl-l4': SSL-L4 Port; ", "enum":[ "dns-tcp", "dns-udp", "http", "tcp", "udp", "ssl-l4" ], "optional":false }, "pbe":{ "type":"string", "format":"string", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"Peak Bandwidth Expected", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true } }, "required":[ "port-num", "protocol" ] } ] }, "zone-service-other-list":{ "type":"array", "minItems":1, "items":{ "type":"zone-service-other" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/web-gui/protection/port/zone-service-other/{port-other}+{protocol}", "array":[ { "properties":{ "port-other":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'other': other; ", "enum":[ "other" ], "optional":false }, "protocol":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'tcp': TCP Port; 'udp': UDP Port; ", "enum":[ "tcp", "udp" ], "optional":false }, "pbe":{ "type":"string", "format":"string", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"Peak Bandwidth Expected", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true } }, "required":[ "port-other", "protocol" ] } ] } } }, "ip-proto":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/web-gui/protection/ip-proto", "properties":{ "proto-name-list":{ "type":"array", "minItems":1, "items":{ "type":"proto-name" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/web-gui/protection/ip-proto/proto-name/{protocol}", "array":[ { "properties":{ "protocol":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'icmp-v4': ip-proto icmp-v4; 'icmp-v6': ip-proto icmp-v6; ", "enum":[ "icmp-v4", "icmp-v6" ], "optional":false }, "pbe":{ "type":"string", "format":"string", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"Peak Bandwidth Expected", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "protocol" ] } ] } } }, "port-range-list":{ "type":"array", "minItems":1, "items":{ "type":"port-range" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/zone/{zone-name}/web-gui/protection/port-range/{port-range-start}+{port-range-end}+{protocol}", "array":[ { "properties":{ "port-range-start":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Port-Range Start Port Number", "optional":false }, "port-range-end":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Port-Range End Port Number", "optional":false }, "protocol":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'dns-tcp': DNS-TCP Port; 'dns-udp': DNS-UDP Port; 'http': HTTP Port; 'tcp': TCP Port; 'udp': UDP Port; 'ssl-l4': SSL-L4 Port; ", "enum":[ "dns-tcp", "dns-udp", "http", "tcp", "udp", "ssl-l4" ], "optional":false }, "pbe":{ "type":"string", "format":"string", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"Peak Bandwidth Expected", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "port-range-start", "port-range-end", "protocol" ] } ] } } } } } }, "required":[ "zone-name" ] } ] }, "dynamic-entry":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/dynamic-entry", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" }, "all-entries":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/dynamic-entry/all-entries", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" }, "sampling-enable":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "counters1":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'all': all; 'dst_tcp_any_exceed': TCP Dst L4-Type Rate: Total Exceeded; 'dst_tcp_pkt_rate_exceed': TCP Dst L4-Type Rate: Packet Exceeded; 'dst_tcp_conn_rate_exceed': TCP Dst L4-Type Rate: Conn Exceeded; 'dst_udp_any_exceed': UDP Dst L4-Type Rate: Total Exceeded; 'dst_udp_pkt_rate_exceed': UDP Dst L4-Type Rate: Packet Exceeded; 'dst_udp_conn_limit_exceed': UDP Dst L4-Type Limit: Conn Exceeded; 'dst_udp_conn_rate_exceed': UDP Dst L4-Type Rate: Conn Exceeded; 'dst_icmp_pkt_rate_exceed': ICMP Dst Rate: Packet Exceeded; 'dst_other_pkt_rate_exceed': OTHER Dst L4-Type Rate: Packet Exceeded; 'dst_other_frag_pkt_rate_exceed': OTHER Dst L4-Type Rate: Frag Exceeded; 'dst_port_pkt_rate_exceed': Port Rate: Packet Exceeded; 'dst_port_conn_limit_exceed': Port Limit: Conn Exceeded; 'dst_port_conn_rate_exceed': Port Rate: Conn Exceeded; 'dst_pkt_sent': Inbound: Packets Forwarded; 'dst_udp_pkt_sent': UDP Total Packets Forwarded; 'dst_tcp_pkt_sent': TCP Total Packets Forwarded; 'dst_icmp_pkt_sent': ICMP Total Packets Forwarded; 'dst_other_pkt_sent': OTHER Total Packets Forwarded; 'dst_tcp_conn_limit_exceed': TCP Dst L4-Type Limit: Conn Exceeded; 'dst_tcp_pkt_rcvd': TCP Total Packets Received; 'dst_udp_pkt_rcvd': UDP Total Packets Received; 'dst_icmp_pkt_rcvd': ICMP Total Packets Received; 'dst_other_pkt_rcvd': OTHER Total Packets Received; 'dst_udp_filter_match': UDP Filter Match; 'dst_udp_filter_not_match': UDP Filter Not Matched on Pkt; 'dst_udp_filter_action_blacklist': UDP Filter Action Blacklist; 'dst_udp_filter_action_drop': UDP Filter Action Drop; 'dst_tcp_syn': TCP Total SYN Received; 'dst_tcp_syn_drop': TCP SYN Packets Dropped; 'dst_tcp_src_rate_drop': TCP Src Rate: Total Exceeded; 'dst_udp_src_rate_drop': UDP Src Rate: Total Exceeded; 'dst_icmp_src_rate_drop': ICMP Src Rate: Total Exceeded; 'dst_other_frag_src_rate_drop': OTHER Src Rate: Frag Exceeded; 'dst_other_src_rate_drop': OTHER Src Rate: Total Exceeded; 'dst_tcp_drop': TCP Total Packets Dropped; 'dst_udp_drop': UDP Total Packets Dropped; 'dst_icmp_drop': ICMP Total Packets Dropped; 'dst_frag_drop': Fragmented Packets Dropped; 'dst_other_drop': OTHER Total Packets Dropped; 'dst_tcp_auth': TCP Auth: SYN Cookie Sent; 'dst_udp_filter_action_default_pass': UDP Filter Action Default Pass; 'dst_tcp_filter_match': TCP Filter Match; 'dst_tcp_filter_not_match': TCP Filter Not Matched on Pkt; 'dst_tcp_filter_action_blacklist': TCP Filter Action Blacklist; 'dst_tcp_filter_action_drop': TCP Filter Action Drop; 'dst_tcp_filter_action_default_pass': TCP Filter Action Default Pass; 'dst_udp_filter_action_whitelist': UDP Filter Action WL; 'dst_over_limit_on': DST overlimit Trigger ON; 'dst_over_limit_off': DST overlimit Trigger OFF; 'dst_port_over_limit_on': DST port overlimit Trigger ON; 'dst_port_over_limit_off': DST port overlimit Trigger OFF; 'dst_over_limit_action': DST overlimit action; 'dst_port_over_limit_action': DST port overlimit action; 'scanning_detected_drop': Scanning Detected drop (deprecated); 'scanning_detected_blacklist': Scanning Detected blacklist (deprecated); 'dst_udp_kibit_rate_drop': UDP Dst L4-Type Rate: KiBit Exceeded; 'dst_tcp_kibit_rate_drop': TCP Dst L4-Type Rate: KiBit Exceeded; 'dst_icmp_kibit_rate_drop': ICMP Dst Rate: KiBit Exceeded; 'dst_other_kibit_rate_drop': OTHER Dst L4-Type Rate: KiBit Exceeded; 'dst_port_undef_drop': Dst Port Undefined Dropped; 'dst_port_bl': Dst Port Blacklist Packets Dropped; 'dst_src_port_bl': Dst SrcPort Blacklist Packets Dropped; 'dst_port_kbit_rate_exceed': Port Rate: KiBit Exceeded; 'dst_tcp_src_drop': TCP Src Packets Dropped; 'dst_udp_src_drop': UDP Src Packets Dropped; 'dst_icmp_src_drop': ICMP Src Packets Dropped; 'dst_other_src_drop': OTHER Src Packets Dropped; 'tcp_syn_rcvd': TCP Inbound SYN Received; 'tcp_syn_ack_rcvd': TCP SYN ACK Received; 'tcp_ack_rcvd': TCP ACK Received; 'tcp_fin_rcvd': TCP FIN Received; 'tcp_rst_rcvd': TCP RST Received; 'ingress_bytes': Inbound: Bytes Received; 'egress_bytes': Outbound: Bytes Received; 'ingress_packets': Inbound: Packets Received; 'egress_packets': Outbound: Packets Received; 'tcp_fwd_recv': TCP Inbound Packets Received; 'udp_fwd_recv': UDP Inbound Packets Received; 'icmp_fwd_recv': ICMP Inbound Packets Received; 'tcp_syn_cookie_fail': TCP Auth: SYN Cookie Failed; 'dst_tcp_session_created': TCP Sessions Created; 'dst_udp_session_created': UDP Sessions Created; 'dst_tcp_filter_action_whitelist': TCP Filter Action WL; 'dst_other_filter_match': OTHER Filter Match; 'dst_other_filter_not_match': OTHER Filter Not Matched on Pkt; 'dst_other_filter_action_blacklist': OTHER Filter Action Blacklist; 'dst_other_filter_action_drop': OTHER Filter Action Drop; 'dst_other_filter_action_whitelist': OTHER Filter Action WL; 'dst_other_filter_action_default_pass': OTHER Filter Action Default Pass; 'dst_blackhole_inject': Dst Blackhole Inject; 'dst_blackhole_withdraw': Dst Blackhole Withdraw; 'dst_tcp_out_of_seq_excd': TCP Out-Of-Seq Exceeded; 'dst_tcp_retransmit_excd': TCP Retransmit Exceeded; 'dst_tcp_zero_window_excd': TCP Zero-Window Exceeded; 'dst_tcp_conn_prate_excd': TCP Rate: Conn Pkt Exceeded; 'dst_tcp_action_on_ack_init': TCP Auth: ACK Retry Init; 'dst_tcp_action_on_ack_gap_drop': TCP Auth: ACK Retry Retry-Gap Dropped; 'dst_tcp_action_on_ack_fail': TCP Auth: ACK Retry Dropped; 'dst_tcp_action_on_ack_pass': TCP Auth: ACK Retry Passed; 'dst_tcp_action_on_syn_init': TCP Auth: SYN Retry Init; 'dst_tcp_action_on_syn_gap_drop': TCP Auth: SYN Retry-Gap Dropped; 'dst_tcp_action_on_syn_fail': TCP Auth: SYN Retry Dropped; 'dst_tcp_action_on_syn_pass': TCP Auth: SYN Retry Passed; 'udp_payload_too_small': UDP Payload Too Small; 'udp_payload_too_big': UDP Payload Too Large; 'dst_udp_conn_prate_excd': UDP Rate: Conn Pkt Exceeded; 'dst_udp_ntp_monlist_req': UDP NTP Monlist Request; 'dst_udp_ntp_monlist_resp': UDP NTP Monlist Response; 'dst_udp_wellknown_sport_drop': UDP SrcPort Wellknown; 'dst_udp_retry_init': UDP Auth: Retry Init; 'dst_udp_retry_pass': UDP Auth: Retry Passed; 'dst_tcp_bytes_drop': TCP Total Bytes Dropped; 'dst_udp_bytes_drop': UDP Total Bytes Dropped; 'dst_icmp_bytes_drop': ICMP Total Bytes Dropped; 'dst_other_bytes_drop': OTHER Total Bytes Dropped; 'dst_out_no_route': Dst IPv4/v6 Out No Route; 'outbound_bytes_sent': Outbound: Bytes Forwarded; 'outbound_pkt_drop': Outbound: Packets Dropped; 'outbound_bytes_drop': Outbound: Bytes Dropped; 'outbound_pkt_sent': Outbound: Packets Forwarded; 'inbound_bytes_sent': Inbound: Bytes Forwarded; 'inbound_bytes_drop': Inbound: Bytes Dropped; 'dst_src_port_pkt_rate_exceed': SrcPort Rate: Packet Exceeded; 'dst_src_port_kbit_rate_exceed': SrcPort Rate: KiBit Exceeded; 'dst_src_port_conn_limit_exceed': SrcPort Limit: Conn Exceeded; 'dst_src_port_conn_rate_exceed': SrcPort Rate: Conn Exceeded; 'dst_ip_proto_pkt_rate_exceed': IP-Proto Rate: Packet Exceeded; 'dst_ip_proto_kbit_rate_exceed': IP-Proto Rate: KiBit Exceeded; 'dst_tcp_port_any_exceed': TCP Port Rate: Total Exceed; 'dst_udp_port_any_exceed': UDP Port Rate: Total Exceed; 'dst_tcp_auth_pass': TCP Auth: SYN Auth Passed; 'dst_tcp_rst_cookie_fail': TCP Auth: RST Cookie Failed; 'dst_tcp_unauth_drop': TCP Auth: Unauth Dropped; 'src_tcp_syn_auth_fail': Src TCP Auth: SYN Auth Failed; 'src_tcp_syn_cookie_sent': Src TCP Auth: SYN Cookie Sent; 'src_tcp_syn_cookie_fail': Src TCP Auth: SYN Cookie Failed; 'src_tcp_rst_cookie_fail': Src TCP Auth: RST Cookie Failed; 'src_tcp_unauth_drop': Src TCP Auth: Unauth Dropped; 'src_tcp_action_on_syn_init': Src TCP Auth: SYN Retry Init; ", "enum":[ "all", "dst_tcp_any_exceed", "dst_tcp_pkt_rate_exceed", "dst_tcp_conn_rate_exceed", "dst_udp_any_exceed", "dst_udp_pkt_rate_exceed", "dst_udp_conn_limit_exceed", "dst_udp_conn_rate_exceed", "dst_icmp_pkt_rate_exceed", "dst_other_pkt_rate_exceed", "dst_other_frag_pkt_rate_exceed", "dst_port_pkt_rate_exceed", "dst_port_conn_limit_exceed", "dst_port_conn_rate_exceed", "dst_pkt_sent", "dst_udp_pkt_sent", "dst_tcp_pkt_sent", "dst_icmp_pkt_sent", "dst_other_pkt_sent", "dst_tcp_conn_limit_exceed", "dst_tcp_pkt_rcvd", "dst_udp_pkt_rcvd", "dst_icmp_pkt_rcvd", "dst_other_pkt_rcvd", "dst_udp_filter_match", "dst_udp_filter_not_match", "dst_udp_filter_action_blacklist", "dst_udp_filter_action_drop", "dst_tcp_syn", "dst_tcp_syn_drop", "dst_tcp_src_rate_drop", "dst_udp_src_rate_drop", "dst_icmp_src_rate_drop", "dst_other_frag_src_rate_drop", "dst_other_src_rate_drop", "dst_tcp_drop", "dst_udp_drop", "dst_icmp_drop", "dst_frag_drop", "dst_other_drop", "dst_tcp_auth", "dst_udp_filter_action_default_pass", "dst_tcp_filter_match", "dst_tcp_filter_not_match", "dst_tcp_filter_action_blacklist", "dst_tcp_filter_action_drop", "dst_tcp_filter_action_default_pass", "dst_udp_filter_action_whitelist", "dst_over_limit_on", "dst_over_limit_off", "dst_port_over_limit_on", "dst_port_over_limit_off", "dst_over_limit_action", "dst_port_over_limit_action", "scanning_detected_drop", "scanning_detected_blacklist", "dst_udp_kibit_rate_drop", "dst_tcp_kibit_rate_drop", "dst_icmp_kibit_rate_drop", "dst_other_kibit_rate_drop", "dst_port_undef_drop", "dst_port_bl", "dst_src_port_bl", "dst_port_kbit_rate_exceed", "dst_tcp_src_drop", "dst_udp_src_drop", "dst_icmp_src_drop", "dst_other_src_drop", "tcp_syn_rcvd", "tcp_syn_ack_rcvd", "tcp_ack_rcvd", "tcp_fin_rcvd", "tcp_rst_rcvd", "ingress_bytes", "egress_bytes", "ingress_packets", "egress_packets", "tcp_fwd_recv", "udp_fwd_recv", "icmp_fwd_recv", "tcp_syn_cookie_fail", "dst_tcp_session_created", "dst_udp_session_created", "dst_tcp_filter_action_whitelist", "dst_other_filter_match", "dst_other_filter_not_match", "dst_other_filter_action_blacklist", "dst_other_filter_action_drop", "dst_other_filter_action_whitelist", "dst_other_filter_action_default_pass", "dst_blackhole_inject", "dst_blackhole_withdraw", "dst_tcp_out_of_seq_excd", "dst_tcp_retransmit_excd", "dst_tcp_zero_window_excd", "dst_tcp_conn_prate_excd", "dst_tcp_action_on_ack_init", "dst_tcp_action_on_ack_gap_drop", "dst_tcp_action_on_ack_fail", "dst_tcp_action_on_ack_pass", "dst_tcp_action_on_syn_init", "dst_tcp_action_on_syn_gap_drop", "dst_tcp_action_on_syn_fail", "dst_tcp_action_on_syn_pass", "udp_payload_too_small", "udp_payload_too_big", "dst_udp_conn_prate_excd", "dst_udp_ntp_monlist_req", "dst_udp_ntp_monlist_resp", "dst_udp_wellknown_sport_drop", "dst_udp_retry_init", "dst_udp_retry_pass", "dst_tcp_bytes_drop", "dst_udp_bytes_drop", "dst_icmp_bytes_drop", "dst_other_bytes_drop", "dst_out_no_route", "outbound_bytes_sent", "outbound_pkt_drop", "outbound_bytes_drop", "outbound_pkt_sent", "inbound_bytes_sent", "inbound_bytes_drop", "dst_src_port_pkt_rate_exceed", "dst_src_port_kbit_rate_exceed", "dst_src_port_conn_limit_exceed", "dst_src_port_conn_rate_exceed", "dst_ip_proto_pkt_rate_exceed", "dst_ip_proto_kbit_rate_exceed", "dst_tcp_port_any_exceed", "dst_udp_port_any_exceed", "dst_tcp_auth_pass", "dst_tcp_rst_cookie_fail", "dst_tcp_unauth_drop", "src_tcp_syn_auth_fail", "src_tcp_syn_cookie_sent", "src_tcp_syn_cookie_fail", "src_tcp_rst_cookie_fail", "src_tcp_unauth_drop", "src_tcp_action_on_syn_init" ] }, "counters2":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'src_tcp_action_on_syn_gap_drop': Src TCP Auth: SYN Retry-Gap Dropped; 'src_tcp_action_on_syn_fail': Src TCP Auth: SYN Retry Dropped; 'src_tcp_action_on_ack_init': Src TCP Auth: ACK Retry Init; 'src_tcp_action_on_ack_gap_drop': Src TCP Auth: ACK Retry Retry-Gap Dropped; 'src_tcp_action_on_ack_fail': Src TCP Auth: ACK Retry Dropped; 'src_tcp_out_of_seq_excd': Src TCP Out-Of-Seq Exceeded; 'src_tcp_retransmit_excd': Src TCP Retransmit Exceeded; 'src_tcp_zero_window_excd': Src TCP Zero-Window Exceeded; 'src_tcp_conn_prate_excd': Src TCP Rate: Conn Pkt Exceeded; 'src_udp_min_payload': Src UDP Payload Too Small; 'src_udp_max_payload': Src UDP Payload Too Large; 'src_udp_conn_prate_excd': Src UDP Rate: Conn Pkt Exceeded; 'src_udp_ntp_monlist_req': Src UDP NTP Monlist Request; 'src_udp_ntp_monlist_resp': Src UDP NTP Monlist Response; 'src_udp_wellknown_sport_drop': Src UDP SrcPort Wellknown; 'src_udp_retry_init': Src UDP Auth: Retry Init; 'dst_udp_retry_gap_drop': UDP Auth: Retry-Gap Dropped; 'dst_udp_retry_fail': UDP P Sessions Aged; 'dst_tcp_session_aged': TCP Sessions Aged; 'dst_udp_session_aged': UDP Sessions Aged; 'dst_tcp_conn_close': TCP Connections Closed; 'dst_tcp_conn_close_half_open': TCP Half Open Connections Closed; 'dst_l4_tcp_auth': TCP Dst L4-Type Auth: SYN Cookie Sent; 'tcp_l4_syn_cookie_fail': TCP Dst L4-Type Auth: SYN Cookie Failed; 'tcp_l4_rst_cookie_fail': TCP Dst L4-Type Auth: RST Cookie Failed; 'tcp_l4_unauth_drop': TCP Dst L4-Type Auth: Unauth Dropped; 'dst_drop_frag_pkt': Dst Fragmented Packets Dropped; 'src_tcp_filter_action_blacklist': Src TCP Filter Action Blacklist; 'src_tcp_filter_action_whitelist': Src TCP Filter Action WL; 'src_tcp_filter_action_drop': Src TCP Filter Action Drop; 'src_tcp_filter_action_default_pass': Src TCP Filter Action Default Pass; 'src_udp_filter_action_blacklist': Src UDP Filter Action Blacklist; 'src_udp_filter_action_whitelist': Src UDP Filter Action WL; 'src_udp_filter_action_drop': Src UDP Filter Action Drop; 'src_udp_filter_action_default_pass': Src UDP Filter Action Default Pass; 'src_other_filter_action_blacklist': Src OTHER Filter Action Blacklist; 'src_other_filter_action_whitelist': Src OTHER Filter Action WL; 'src_other_filter_action_drop': Src OTHER Filter Action Drop; 'src_other_filter_action_default_pass': Src OTHER Filter Action Default Pass; 'tcp_invalid_syn': TCP Invalid SYN Received; 'dst_tcp_conn_close_w_rst': TCP RST Connections Closed; 'dst_tcp_conn_close_w_fin': TCP FIN Connections Closed; 'dst_tcp_conn_close_w_idle': TCP Idle Connections Closed; 'dst_tcp_conn_create_from_syn': TCP Connections Created From SYN; 'dst_tcp_conn_create_from_ack': TCP Connections Created From ACK; 'src_frag_drop': Src Fragmented Packets Dropped; 'dst_l4_tcp_blacklist_drop': Dst L4-type TCP Blacklist Dropped; 'dst_l4_udp_blacklist_drop': Dst L4-type UDP Blacklist Dropped; 'dst_l4_icmp_blacklist_drop': No Policy Class-list Match; 'dst_l4_other_blacklist_drop': Dst L4-type OTHER Blacklist Dropped; 'src_l4_tcp_blacklist_drop': Src L4-type TCP Blacklist Dropped; 'src_l4_udp_blacklist_drop': Src L4-type UDP Blacklist Dropped; 'src_l4_icmp_blacklist_drop': Src L4-type ICMP Blacklist Dropped; 'src_l4_other_blacklist_drop': Src L4-type OTHER Blacklist Dropped; 'drop_frag_timeout_drop': Fragment Reassemble Timeout Drop; 'dst_port_kbit_rate_exceed_pkt': Port Rate: KiBit Pkt Exceeded; 'dst_tcp_bytes_rcv': TCP Total Bytes Received; 'dst_udp_bytes_rcv': UDP Total Bytes Received; 'dst_icmp_bytes_rcv': ICMP Total Bytes Received; 'dst_other_bytes_rcv': OTHER Total Bytes Received; 'dst_tcp_bytes_sent': TCP Total Bytes Forwarded; 'dst_udp_bytes_sent': UDP Total Bytes Forwarded; 'dst_icmp_bytes_sent': ICMP Total Bytes Forwarded; 'dst_other_bytes_sent': OTHER Total Bytes Forwarded; 'dst_udp_auth_drop': UDP Auth: Dropped; 'dst_tcp_auth_drop': TCP Auth: Dropped; 'dst_tcp_auth_resp': TCP Auth: Responded; 'inbound_pkt_drop': Inbound: Packets Dropped; 'dst_entry_pkt_rate_exceed': Entry Rate: Packet Exceeded; 'dst_entry_kbit_rate_exceed': Entry Rate: KiBit Exceeded; 'dst_entry_conn_limit_exceed': Entry Limit: Conn Exceeded; 'dst_entry_conn_rate_exceed': Entry Rate: Conn Exceeded; 'dst_entry_frag_pkt_rate_exceed': Entry Rate: Frag Packet Exceeded; 'dst_icmp_any_exceed': ICMP Rate: Total Exceed; 'dst_other_any_exceed': OTHER Rate: Total Exceed; 'src_dst_pair_entry_total': Src-Dst Pair Entry Total Count; 'src_dst_pair_entry_udp': Src-Dst Pair Entry UDP Count; 'src_dst_pair_entry_tcp': Src-Dst Pair Entry TCP Count; 'src_dst_pair_entry_icmp': Src-Dst Pair Entry ICMP Count; 'src_dst_pair_entry_other': Src-Dst Pair Entry OTHER Count; 'dst_clist_overflow_policy_at_learning': Dst Src-Based Overflow Policy Hit; 'tcp_rexmit_syn_limit_drop': TCP SYN Retransmit Exceeded Drop; 'tcp_rexmit_syn_limit_bl': TCP SYN Retransmit Exceeded Blacklist; 'dst_tcp_wellknown_sport_drop': TCP SrcPort Wellknown; 'src_tcp_wellknown_sport_drop': Src TCP SrcPort Wellknown; 'dst_frag_rcvd': Fragmented Packets Received; 'no_policy_class_list_match': No Policy Class-list Match; 'src_udp_retry_gap_drop': Src UDP Auth: Retry-Gap Dropped; 'dst_entry_kbit_rate_exceed_count': Entry Rate: KiBit Exceeded Count; 'dst_port_undef_hit': Dst Port Undefined Hit; 'dst_tcp_action_on_ack_timeout': TCP Auth: ACK Retry Timeout; 'dst_tcp_action_on_ack_reset': TCP Auth: ACK Retry Timeout Reset; 'dst_tcp_action_on_ack_blacklist': TCP Auth: ACK Retry Timeout Blacklisted; 'src_tcp_action_on_ack_timeout': Src TCP Auth: ACK Retry Timeout; 'src_tcp_action_on_ack_reset': Src TCP Auth: ACK Retry Timeout Reset; 'src_tcp_action_on_ack_blacklist': Src TCP Auth: ACK Retry Timeout Blacklisted; 'dst_tcp_action_on_syn_timeout': TCP Auth: SYN Retry Timeout; 'dst_tcp_action_on_syn_reset': TCP Auth: SYN Retry Timeout Reset; 'dst_tcp_action_on_syn_blacklist': TCP Auth: SYN Retry Timeout Blacklisted; 'src_tcp_action_on_syn_timeout': Src TCP Auth: SYN Retry Timeout; 'src_tcp_action_on_syn_reset': Src TCP Auth: SYN Retry Timeout Reset; 'src_tcp_action_on_syn_blacklist': Src TCP Auth: SYN Retry Timeout Blacklisted; 'dst_udp_frag_pkt_rate_exceed': UDP Dst L4-Type Rate: Frag Exceeded; 'dst_udp_frag_src_rate_drop': UDP Src Rate: Frag Exceeded; 'dst_tcp_frag_pkt_rate_exceed': TCP Dst L4-Type Rate: Frag Exceeded; 'dst_tcp_frag_src_rate_drop': TCP Src Rate: Frag Exceeded; 'dst_icmp_frag_pkt_rate_exceed': ICMP Dst L4-Type Rate: Frag Exceeded; 'dst_icmp_frag_src_rate_drop': ICMP Src Rate: Frag Exceeded; 'sflow_internal_samples_packed': Sflow Internal Samples Packed; 'sflow_external_samples_packed': Sflow External Samples Packed; 'sflow_internal_packets_sent': Sflow Internal Packets Sent; 'sflow_external_packets_sent': Sflow External Packets Sent; 'dns_outbound_total_query': DNS Outbound Total Query; 'dns_outbound_query_malformed': DNS Outbound Query Malformed; 'dns_outbound_query_resp_chk_failed': DNS Outbound Query Resp Check Failed; 'dns_outbound_query_resp_chk_blacklisted': DNS Outbound Query Resp Check Blacklisted; 'dns_outbound_query_resp_chk_refused_sent': DNS Outbound Query Resp Check REFUSED Sent; 'dns_outbound_query_resp_chk_reset_sent': DNS Outbound Query Resp Check RESET Sent; 'dns_outbound_query_resp_chk_no_resp_sent': DNS Outbound Query Resp Check No Response Sent; 'dns_outbound_query_resp_size_exceed': DNS Outbound Query Response Size Exceed; 'dns_outbound_query_sess_timed_out': DNS Outbound Query Session Timed Out; 'dst_exceed_action_tunnel': Entry Exceed Action: Tunnel; 'src_udp_auth_timeout': Src UDP Auth: Retry Timeout; 'src_udp_retry_pass': Src UDP Retry Passed; ", "enum":[ "src_tcp_action_on_syn_gap_drop", "src_tcp_action_on_syn_fail", "src_tcp_action_on_ack_init", "src_tcp_action_on_ack_gap_drop", "src_tcp_action_on_ack_fail", "src_tcp_out_of_seq_excd", "src_tcp_retransmit_excd", "src_tcp_zero_window_excd", "src_tcp_conn_prate_excd", "src_udp_min_payload", "src_udp_max_payload", "src_udp_conn_prate_excd", "src_udp_ntp_monlist_req", "src_udp_ntp_monlist_resp", "src_udp_wellknown_sport_drop", "src_udp_retry_init", "dst_udp_retry_gap_drop", "dst_udp_retry_fail", "dst_tcp_session_aged", "dst_udp_session_aged", "dst_tcp_conn_close", "dst_tcp_conn_close_half_open", "dst_l4_tcp_auth", "tcp_l4_syn_cookie_fail", "tcp_l4_rst_cookie_fail", "tcp_l4_unauth_drop", "dst_drop_frag_pkt", "src_tcp_filter_action_blacklist", "src_tcp_filter_action_whitelist", "src_tcp_filter_action_drop", "src_tcp_filter_action_default_pass", "src_udp_filter_action_blacklist", "src_udp_filter_action_whitelist", "src_udp_filter_action_drop", "src_udp_filter_action_default_pass", "src_other_filter_action_blacklist", "src_other_filter_action_whitelist", "src_other_filter_action_drop", "src_other_filter_action_default_pass", "tcp_invalid_syn", "dst_tcp_conn_close_w_rst", "dst_tcp_conn_close_w_fin", "dst_tcp_conn_close_w_idle", "dst_tcp_conn_create_from_syn", "dst_tcp_conn_create_from_ack", "src_frag_drop", "dst_l4_tcp_blacklist_drop", "dst_l4_udp_blacklist_drop", "dst_l4_icmp_blacklist_drop", "dst_l4_other_blacklist_drop", "src_l4_tcp_blacklist_drop", "src_l4_udp_blacklist_drop", "src_l4_icmp_blacklist_drop", "src_l4_other_blacklist_drop", "drop_frag_timeout_drop", "dst_port_kbit_rate_exceed_pkt", "dst_tcp_bytes_rcv", "dst_udp_bytes_rcv", "dst_icmp_bytes_rcv", "dst_other_bytes_rcv", "dst_tcp_bytes_sent", "dst_udp_bytes_sent", "dst_icmp_bytes_sent", "dst_other_bytes_sent", "dst_udp_auth_drop", "dst_tcp_auth_drop", "dst_tcp_auth_resp", "inbound_pkt_drop", "dst_entry_pkt_rate_exceed", "dst_entry_kbit_rate_exceed", "dst_entry_conn_limit_exceed", "dst_entry_conn_rate_exceed", "dst_entry_frag_pkt_rate_exceed", "dst_icmp_any_exceed", "dst_other_any_exceed", "src_dst_pair_entry_total", "src_dst_pair_entry_udp", "src_dst_pair_entry_tcp", "src_dst_pair_entry_icmp", "src_dst_pair_entry_other", "dst_clist_overflow_policy_at_learning", "tcp_rexmit_syn_limit_drop", "tcp_rexmit_syn_limit_bl", "dst_tcp_wellknown_sport_drop", "src_tcp_wellknown_sport_drop", "dst_frag_rcvd", "no_policy_class_list_match", "src_udp_retry_gap_drop", "dst_entry_kbit_rate_exceed_count", "dst_port_undef_hit", "dst_tcp_action_on_ack_timeout", "dst_tcp_action_on_ack_reset", "dst_tcp_action_on_ack_blacklist", "src_tcp_action_on_ack_timeout", "src_tcp_action_on_ack_reset", "src_tcp_action_on_ack_blacklist", "dst_tcp_action_on_syn_timeout", "dst_tcp_action_on_syn_reset", "dst_tcp_action_on_syn_blacklist", "src_tcp_action_on_syn_timeout", "src_tcp_action_on_syn_reset", "src_tcp_action_on_syn_blacklist", "dst_udp_frag_pkt_rate_exceed", "dst_udp_frag_src_rate_drop", "dst_tcp_frag_pkt_rate_exceed", "dst_tcp_frag_src_rate_drop", "dst_icmp_frag_pkt_rate_exceed", "dst_icmp_frag_src_rate_drop", "sflow_internal_samples_packed", "sflow_external_samples_packed", "sflow_internal_packets_sent", "sflow_external_packets_sent", "dns_outbound_total_query", "dns_outbound_query_malformed", "dns_outbound_query_resp_chk_failed", "dns_outbound_query_resp_chk_blacklisted", "dns_outbound_query_resp_chk_refused_sent", "dns_outbound_query_resp_chk_reset_sent", "dns_outbound_query_resp_chk_no_resp_sent", "dns_outbound_query_resp_size_exceed", "dns_outbound_query_sess_timed_out", "dst_exceed_action_tunnel", "src_udp_auth_timeout", "src_udp_retry_pass" ] }, "counters3":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'dst_hw_drop_rule_insert': Dst Hardware Drop Rules Inserted; 'dst_hw_drop_rule_remove': Dst Hardware Drop Rules Removed; 'src_hw_drop_rule_insert': Src Hardware Drop Rules Inserted; 'src_hw_drop_rule_remove': Src Hardware Drop Rules Removed; 'prog_first_req_time_exceed': Req-Resp: First Request Time Exceed; 'prog_req_resp_time_exceed': Req-Resp: Request to Response Time Exceed; 'prog_request_len_exceed': Req-Resp: Request Length Exceed; 'prog_response_len_exceed': Req-Resp: Response Length Exceed; 'prog_resp_req_ratio_exceed': Req-Resp: Response to Request Ratio Exceed; 'prog_resp_req_time_exceed': Req-Resp: Response to Request Time Exceed; 'entry_sync_message_received': Entry Sync Message Received; 'entry_sync_message_sent': Entry Sync Message Sent; 'prog_conn_sent_exceed': Connection: Sent Exceed; 'prog_conn_rcvd_exceed': Connection: Received Exceed; 'prog_conn_time_exceed': Connection: Time Exceed; 'prog_conn_rcvd_sent_ratio_exceed': Connection: Reveived to Sent Ratio Exceed; 'prog_win_sent_exceed': Time Window: Sent Exceed; 'prog_win_rcvd_exceed': Time Window: Received Exceed; 'prog_win_rcvd_sent_ratio_exceed': Time Window: Received to Sent Exceed; 'prog_exceed_drop': Req-Resp: Violation Exceed Dropped; 'prog_exceed_bl': Req-Resp: Violation Exceed Blacklisted; 'prog_conn_exceed_drop': Connection: Violation Exceed Dropped; 'prog_conn_exceed_bl': Connection: Violation Exceed Blacklisted; 'prog_win_exceed_drop': Time Window: Violation Exceed Dropped; 'prog_win_exceed_bl': Time Window: Violation Exceed Blacklisted; 'dst_exceed_action_drop': Entry Exceed Action: Dropped; 'src_hw_drop': Src Hardware Packets Dropped; 'dst_tcp_auth_rst': TCP Auth: Reset; 'dst_src_learn_overflow': Src Dynamic Entry Count Overflow; 'tcp_fwd_sent': TCP Inbound Packets Forwarded; 'udp_fwd_sent': UDP Inbound Packets Forwarded; ", "enum":[ "dst_hw_drop_rule_insert", "dst_hw_drop_rule_remove", "src_hw_drop_rule_insert", "src_hw_drop_rule_remove", "prog_first_req_time_exceed", "prog_req_resp_time_exceed", "prog_request_len_exceed", "prog_response_len_exceed", "prog_resp_req_ratio_exceed", "prog_resp_req_time_exceed", "entry_sync_message_received", "entry_sync_message_sent", "prog_conn_sent_exceed", "prog_conn_rcvd_exceed", "prog_conn_time_exceed", "prog_conn_rcvd_sent_ratio_exceed", "prog_win_sent_exceed", "prog_win_rcvd_exceed", "prog_win_rcvd_sent_ratio_exceed", "prog_exceed_drop", "prog_exceed_bl", "prog_conn_exceed_drop", "prog_conn_exceed_bl", "prog_win_exceed_drop", "prog_win_exceed_bl", "dst_exceed_action_drop", "src_hw_drop", "dst_tcp_auth_rst", "dst_src_learn_overflow", "tcp_fwd_sent", "udp_fwd_sent" ] } } } ] } } } } }, "dynamic-entries-resource-usage":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/dynamic-entries-resource-usage", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } } } }, "token-authentication":{ "type":"object", "$ref":"/axapi/v3/ddos/token-authentication", "properties":{ "player-mode":{ "type":"object", "$ref":"/axapi/v3/ddos/token-authentication/player-mode", "properties":{ "mode":{ "type":"string", "format":"enum", "default":"many-to-one", "partition-visibility":"shared", "description":"'one-to-one': Only one player talks to one server; 'many-to-one': Many player talk to one server; ", "enum":[ "one-to-one", "many-to-one" ] }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "secret-salt":{ "type":"object", "$ref":"/axapi/v3/ddos/token-authentication/secret-salt", "properties":{ "current-salt":{ "type":"number", "format":"number", "minimum":0, "maximum":4294967295, "partition-visibility":"shared", "description":"Current salt value" }, "previous-salt":{ "type":"number", "format":"number", "minimum":0, "maximum":4294967295, "partition-visibility":"shared", "description":"Previous salt value" }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "players-list":{ "type":"array", "minItems":1, "items":{ "type":"players" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/token-authentication/players/{src-ip}+{src-port}+{dst-ip}+{dst-port}", "array":[ { "properties":{ "src-ip":{ "type":"string", "format":"ipv4-address", "partition-visibility":"shared", "optional":false }, "src-port":{ "type":"number", "format":"number", "minimum":0, "maximum":65535, "partition-visibility":"shared", "optional":false }, "dst-ip":{ "type":"string", "format":"ipv4-address", "partition-visibility":"shared", "optional":false }, "dst-port":{ "type":"number", "format":"number", "minimum":0, "maximum":65535, "partition-visibility":"shared", "optional":false }, "magic-value":{ "type":"number", "format":"number", "minimum":0, "maximum":4294967295, "partition-visibility":"shared", "optional":true } }, "required":[ "src-ip", "src-port", "dst-ip", "dst-port" ] } ] }, "summary":{ "type":"object", "$ref":"/axapi/v3/ddos/token-authentication/summary", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "authenticated-list":{ "type":"object", "$ref":"/axapi/v3/ddos/token-authentication/authenticated-list", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } } } }, "sync":{ "type":"object", "$ref":"/axapi/v3/ddos/sync", "properties":{ "enable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable" }, "local-ip":{ "type":"string", "format":"ipv4-address", "partition-visibility":"shared", "description":"Local IP address for White list sync" }, "peer-ip-cfg":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "peer-ip":{ "type":"string", "format":"ipv4-address", "partition-visibility":"shared", "description":"IP Address" } } } ] }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "run-time-user-string":{ "type":"object", "$ref":"/axapi/v3/ddos/run-time-user-string", "properties":{ "value":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Add run time user string" }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "exec-script":{ "type":"object", "$ref":"/axapi/v3/ddos/exec-script", "properties":{ "script":{ "type":"string", "format":"string", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Specify script to execute" }, "mock":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Use mock data" }, "alert-type":{ "type":"number", "format":"number", "minimum":1, "maximum":3, "partition-visibility":"shared", "description":"1: UDP Pkt Rate 2: TCP Pkt Rate 3: ICMP Pkt Rate" }, "level":{ "type":"number", "format":"number", "minimum":1, "maximum":4, "partition-visibility":"shared", "description":"Current Level" }, "threshold":{ "type":"number", "format":"number", "minimum":1, "maximum":3000, "partition-visibility":"shared", "description":"Threshold" }, "zone":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DST Zone name" }, "port-num":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Port Number" }, "protocol":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'dns-tcp': DNS-TCP Port; 'dns-udp': DNS-UDP Port; 'http': HTTP Port; 'tcp': TCP Port; 'udp': UDP Port; 'ssl-l4': SSL-L4 Port; 'sip-tcp': SIP-TCP Port; 'sip-udp': SIP-UDP Port; 'quic': QUIC Port; ", "enum":[ "dns-tcp", "dns-udp", "http", "tcp", "udp", "ssl-l4", "sip-tcp", "sip-udp", "quic" ] }, "port-other":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'other': other; ", "enum":[ "other" ] }, "exec-script-port-other-protocol":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'tcp': TCP Port; 'udp': UDP Port; ", "enum":[ "tcp", "udp" ] }, "protocol-num":{ "type":"number", "format":"number", "minimum":0, "maximum":255, "partition-visibility":"shared", "description":"Protocol Number" }, "exec-script-ip-portocol":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'icmp-v4': ip-proto icmp-v4; 'icmp-v6': ip-proto icmp-v6; 'other': ip-proto other; 'gre': ip-proto gre; 'ipv4-encap': ip-proto IPv4 Encapsulation; 'ipv6-encap': ip-proto IPv6 Encapsulation; ", "enum":[ "icmp-v4", "icmp-v6", "other", "gre", "ipv4-encap", "ipv6-encap" ] }, "src-ip":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "ip-addr":{ "type":"string", "format":"ipv4-address", "partition-visibility":"shared", "description":"Specify IP address" }, "subnet-ip-addr":{ "type":"string", "format":"ipv4-cidr", "partition-visibility":"shared", "description":"IP Subnet" } } } ] }, "src-ipv6":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "ip6-addr":{ "type":"string", "format":"ipv6-address", "partition-visibility":"shared", "description":"Specify IPv6 address" }, "subnet-ipv6-addr":{ "type":"string", "format":"ipv6-address-plen", "partition-visibility":"shared", "description":"IPV6 Subnet" } } } ] }, "timeout":{ "type":"number", "format":"number", "minimum":1, "maximum":31, "partition-visibility":"shared", "description":"Timeout (Default: 10 seconds, Mock Default: 2 seconds)" } } }, "anomaly-drop":{ "type":"object", "$ref":"/axapi/v3/ddos/anomaly-drop", "properties":{ "security-attack-layer-3":{ "type":"object", "$ref":"/axapi/v3/ddos/anomaly-drop/security-attack-layer-3", "properties":{ "toggle":{ "type":"string", "format":"enum", "default":"enable", "partition-visibility":"shared", "description":"'enable': enable; 'disable': disable; ", "enum":[ "enable", "disable" ] }, "log":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Log the anomaly event (Can only configure when drop-disabled)" }, "capture-config":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"capture-config name (Can only configure when drop-disabled)" }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "security-attack-layer-4-tcp":{ "type":"object", "$ref":"/axapi/v3/ddos/anomaly-drop/security-attack-layer-4-tcp", "properties":{ "toggle":{ "type":"string", "format":"enum", "default":"enable", "partition-visibility":"shared", "description":"'enable': enable; 'disable': disable; ", "enum":[ "enable", "disable" ] }, "log":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Log the anomaly event (Can only configure when drop-disabled)" }, "capture-config":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"capture-config name (Can only configure when drop-disabled)" }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "security-attack-layer-4-udp":{ "type":"object", "$ref":"/axapi/v3/ddos/anomaly-drop/security-attack-layer-4-udp", "properties":{ "toggle":{ "type":"string", "format":"enum", "default":"enable", "partition-visibility":"shared", "description":"'enable': enable; 'disable': disable; ", "enum":[ "enable", "disable" ] }, "log":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Log the anomaly event (Can only configure when drop-disabled)" }, "capture-config":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"capture-config name (Can only configure when drop-disabled)" }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "packet-deformity-layer-3":{ "type":"object", "$ref":"/axapi/v3/ddos/anomaly-drop/packet-deformity-layer-3", "properties":{ "toggle":{ "type":"string", "format":"enum", "default":"enable", "partition-visibility":"shared", "description":"'enable': enable; 'disable': disable; ", "enum":[ "enable", "disable" ] }, "log":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Log the anomaly event (Can only configure when drop-disabled)" }, "capture-config":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"capture-config name (Can only configure when drop-disabled)" }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "packet-deformity-layer-4":{ "type":"object", "$ref":"/axapi/v3/ddos/anomaly-drop/packet-deformity-layer-4", "properties":{ "toggle":{ "type":"string", "format":"enum", "default":"enable", "partition-visibility":"shared", "description":"'enable': enable; 'disable': disable; ", "enum":[ "enable", "disable" ] }, "log":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Log the anomaly event (Can only configure when drop-disabled)" }, "capture-config":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"capture-config name (Can only configure when drop-disabled)" }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } } } }, "geo-location":{ "type":"object", "$ref":"/axapi/v3/ddos/geo-location", "properties":{ "db":{ "type":"object", "$ref":"/axapi/v3/ddos/geo-location/db", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "file":{ "type":"object", "$ref":"/axapi/v3/ddos/geo-location/file", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } } } }, "l4-tcp":{ "type":"object", "$ref":"/axapi/v3/ddos/l4-tcp", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "l4-udp":{ "type":"object", "$ref":"/axapi/v3/ddos/l4-udp", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "l4-icmp":{ "type":"object", "$ref":"/axapi/v3/ddos/l4-icmp", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "l4-other":{ "type":"object", "$ref":"/axapi/v3/ddos/l4-other", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "l7-dns":{ "type":"object", "$ref":"/axapi/v3/ddos/l7-dns", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "l7-http":{ "type":"object", "$ref":"/axapi/v3/ddos/l7-http", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "l4-ssl":{ "type":"object", "$ref":"/axapi/v3/ddos/l4-ssl", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "l7-sip":{ "type":"object", "$ref":"/axapi/v3/ddos/l7-sip", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "session":{ "type":"object", "$ref":"/axapi/v3/ddos/session", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "switch":{ "type":"object", "$ref":"/axapi/v3/ddos/switch", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "table":{ "type":"object", "$ref":"/axapi/v3/ddos/table", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "protect":{ "type":"object", "$ref":"/axapi/v3/ddos/protect", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "port":{ "type":"object", "$ref":"/axapi/v3/ddos/port", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "ip-proto":{ "type":"object", "$ref":"/axapi/v3/ddos/ip-proto", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "tunnel":{ "type":"object", "$ref":"/axapi/v3/ddos/tunnel", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "anomaly":{ "type":"object", "$ref":"/axapi/v3/ddos/anomaly", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "l4-sync":{ "type":"object", "$ref":"/axapi/v3/ddos/l4-sync", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "long":{ "type":"object", "$ref":"/axapi/v3/ddos/long", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "brief":{ "type":"object", "$ref":"/axapi/v3/ddos/brief", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "logging":{ "type":"object", "$ref":"/axapi/v3/ddos/logging", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "dns-cache-server":{ "type":"object", "$ref":"/axapi/v3/ddos/dns-cache-server", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } }, "token-auth":{ "type":"object", "$ref":"/axapi/v3/ddos/token-auth", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } } } }