.. _ddos: ddos ==== DDOS feature ddos Specification ------------------ ===================================== ============================================= **Parameter** **Value** ===================================== ============================================= **Type** *Intermediate Resource* **Element Name** ddos **Element URI** /axapi/v3/ddos **Element Attributes** ddos_attributes **Partition Visibility** shared **Schema** :download:`ddos schema ` ===================================== ============================================= **Operations Allowed:** .. raw:: html .. raw:: html .. raw:: html .. raw:: html
OperationMethodURIPayload
Get Object .. raw:: html GET .. raw:: html /axapi/v3/ddos .. raw:: html ddos_attributes .. raw:: html
.. _1278_ddos_attributes: ddos attributes --------------- **action-list-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/action-list/{name} ` **anomaly** **Description:** anomaly is a **JSON Block**. Please see below for :ref:`1278_anomaly` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/anomaly ` **anomaly-drop** **Description:** anomaly-drop is a **JSON Block**. Please see below for :ref:`1278_anomaly-drop` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/anomaly-drop ` **brief** **Description:** brief is a **JSON Block**. Please see below for :ref:`1278_brief` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/brief ` **detection** **Description:** detection is a **JSON Block**. Please see below for :ref:`1278_detection` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/detection ` **dns-cache-config** **Description:** dns-cache-config is a **JSON Block**. Please see below for :ref:`1278_dns-cache-config` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dns-cache-config ` **dns-cache-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dns-cache/{name} ` **dns-cache-mode** **Description:** dns-cache-mode is a **JSON Block**. Please see below for :ref:`1278_dns-cache-mode` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dns-cache-mode ` **dns-cache-server** **Description:** dns-cache-server is a **JSON Block**. Please see below for :ref:`1278_dns-cache-server` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dns-cache-server ` **dst** **Description:** dst is a **JSON Block**. Please see below for :ref:`1278_dst` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst ` **dynamic-class-list** **Description:** dynamic-class-list is a **JSON Block**. Please see below for :ref:`1278_dynamic-class-list` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dynamic-class-list ` **east-west-protection** **Description:** east-west-protection is a **JSON Block**. Please see below for :ref:`1278_east-west-protection` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/east-west-protection ` **event-filter-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/event-filter/{filter-name} ` **exec-script** **Description:** exec-script is a **JSON Block**. Please see below for :ref:`1278_exec-script` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/exec-script ` **geo-location** **Description:** geo-location is a **JSON Block**. Please see below for :ref:`1278_geo-location` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/geo-location ` **interface-http-health-check** **Description:** interface-http-health-check is a **JSON Block**. Please see below for :ref:`1278_interface-http-health-check` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/interface-http-health-check ` **ip-filtering-policy-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/ip-filtering-policy/{name} ` **ip-proto** **Description:** ip-proto is a **JSON Block**. Please see below for :ref:`1278_ip-proto` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/ip-proto ` **l4-icmp** **Description:** l4-icmp is a **JSON Block**. Please see below for :ref:`1278_l4-icmp` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/l4-icmp ` **l4-other** **Description:** l4-other is a **JSON Block**. Please see below for :ref:`1278_l4-other` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/l4-other ` **l4-ssl** **Description:** l4-ssl is a **JSON Block**. Please see below for :ref:`1278_l4-ssl` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/l4-ssl ` **l4-sync** **Description:** l4-sync is a **JSON Block**. Please see below for :ref:`1278_l4-sync` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/l4-sync ` **l4-tcp** **Description:** l4-tcp is a **JSON Block**. Please see below for :ref:`1278_l4-tcp` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/l4-tcp ` **l4-udp** **Description:** l4-udp is a **JSON Block**. Please see below for :ref:`1278_l4-udp` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/l4-udp ` **l7-dns** **Description:** l7-dns is a **JSON Block**. Please see below for :ref:`1278_l7-dns` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/l7-dns ` **l7-http** **Description:** l7-http is a **JSON Block**. Please see below for :ref:`1278_l7-http` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/l7-http ` **l7-sip** **Description:** l7-sip is a **JSON Block**. Please see below for :ref:`1278_l7-sip` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/l7-sip ` **local-address** **Description:** local-address is a **JSON Block**. Please see below for :ref:`1278_local-address` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/local-address ` **logging** **Description:** logging is a **JSON Block**. Please see below for :ref:`1278_logging` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/logging ` **long** **Description:** long is a **JSON Block**. Please see below for :ref:`1278_long` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/long ` **network-object-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/network-object/{object-name} ` **notification-template-common** **Description:** notification-template-common is a **JSON Block**. Please see below for :ref:`1278_notification-template-common` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/notification-template-common ` **notification-template-debug-log** **Description:** notification-template-debug-log is a **JSON Block**. Please see below for :ref:`1278_notification-template-debug-log` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/notification-template-debug-log ` **notification-template-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/notification-template/{name} ` **outbound-policy-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/outbound-policy/{name} ` **pattern-recognition** **Description:** pattern-recognition is a **JSON Block**. Please see below for :ref:`1278_pattern-recognition` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/pattern-recognition ` **port** **Description:** port is a **JSON Block**. Please see below for :ref:`1278_port` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/port ` **protect** **Description:** protect is a **JSON Block**. Please see below for :ref:`1278_protect` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/protect ` **protection** **Description:** protection is a **JSON Block**. Please see below for :ref:`1278_protection` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/protection ` **reporting** **Description:** reporting is a **JSON Block**. Please see below for :ref:`1278_reporting` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/reporting ` **resource-tracking** **Description:** resource-tracking is a **JSON Block**. Please see below for :ref:`1278_resource-tracking` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/resource-tracking ` **resource-usage** **Description:** resource-usage is a **JSON Block**. Please see below for :ref:`1278_resource-usage` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/resource-usage ` **run-time-user-string** **Description:** run-time-user-string is a **JSON Block**. Please see below for :ref:`1278_run-time-user-string` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/run-time-user-string ` **session** **Description:** session is a **JSON Block**. Please see below for :ref:`1278_session` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/session ` **signature-extraction** **Description:** signature-extraction is a **JSON Block**. Please see below for :ref:`1278_signature-extraction` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/signature-extraction ` **src** **Description:** src is a **JSON Block**. Please see below for :ref:`1278_src` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/src ` **src-based-policy-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/src-based-policy/{name} ` **src-port-template** **Description:** src-port-template is a **JSON Block**. Please see below for :ref:`1278_src-port-template` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/src-port-template ` **switch** **Description:** switch is a **JSON Block**. Please see below for :ref:`1278_switch` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/switch ` **sync** **Description:** sync is a **JSON Block**. Please see below for :ref:`1278_sync` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/sync ` **system-default** **Description:** system-default is a **JSON Block**. Please see below for :ref:`1278_system-default` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/system-default ` **table** **Description:** table is a **JSON Block**. Please see below for :ref:`1278_table` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/table ` **tap** **Description:** tap is a **JSON Block**. Please see below for :ref:`1278_tap` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/tap ` **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1278_template` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/template ` **token-auth** **Description:** token-auth is a **JSON Block**. Please see below for :ref:`1278_token-auth` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/token-auth ` **token-authentication** **Description:** token-authentication is a **JSON Block**. Please see below for :ref:`1278_token-authentication` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/token-authentication ` **tunnel** **Description:** tunnel is a **JSON Block**. Please see below for :ref:`1278_tunnel` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/tunnel ` **use-default-route** **Description:** use-default-route is a **JSON Block**. Please see below for :ref:`1278_use-default-route` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/use-default-route ` **violation-actions-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/violation-actions/{name} ` **zone-profile-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/zone-profile/{profile-name} ` **zone-src-port-template** **Description:** zone-src-port-template is a **JSON Block**. Please see below for :ref:`1278_zone-src-port-template` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/zone-src-port-template ` **zone-template** **Description:** zone-template is a **JSON Block**. Please see below for :ref:`1278_zone-template` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/zone-template ` .. _1278_run-time-user-string: run-time-user-string ^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **value** **Description** Add run time user string **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _1278_pattern-recognition: pattern-recognition ^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **capture-backup** **Description** Capture Backup **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **capturing-timeout** **Description** Capturing state timeout in seconds **Type:** number **Range:** 10-60000 **cpu** **Description:** cpu is a **JSON Block**. Please see below for :ref:`1278_pattern-recognition_cpu` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/pattern-recognition/cpu ` **cpu-limit** **Description** CPU Limit **Type:** number **Range:** 1-100 **dedicated-cpus** **Description** Configure the number of dedicated cores for Pattern Recognition **Type:** number **Range:** 0-6 **disable-app-payload-all** **Description** Disable application payload processing for all ports **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **error-timeout** **Description** Error state timeout in seconds **Type:** number **Range:** 10-60000 **extracting-timeout** **Description** Extracting state timeout in seconds **Type:** number **Range:** 10-60000 **hardware-filter** **Description** 'enable': Enable Pattern Recognition hardware filter; 'disable': Disable Pattern Recognition harware filter; **Type:** string **Supported Values:** enable, disable **Default:** disable **sample-size** **Description** Sample Size **Type:** number **Range:** 1-50000 **scheduling-timeout** **Description** Scheduling state timeout in seconds **Type:** number **Range:** 10-60000 **sensitivity** **Description** 'high': High Sensitivity; 'medium': Medium Sensitivity; 'low': Low Sensitivity; **Type:** string **Supported Values:** high, medium, low **sflow-event-periodic-interval** **Description** Configure the interval in minutes of periodic event (Default: 5 minutes, 0: No periodic updates) **Type:** number **Range:** 0-120 **Default:** 5 **toggle** **Description** 'enable': Enable Pattern Recognition; 'disable': Disable Pattern Recognition; **Type:** string **Supported Values:** enable, disable **Default:** disable **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_pattern-recognition_cpu: pattern-recognition_cpu ^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_tap: tap ^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **ethernet-start-cfg** **Type:** List **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_tap_ethernet-start-cfg: tap_ethernet-start-cfg ^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **ethernet-end** **Description** **Type:** number **Format:** interface **ethernet-start** **Description** Traffic receive from the ethernet port will be dropped **Type:** number **Format:** interface .. _1278_ip-proto: ip-proto ^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_src-based-policy-list: src-based-policy-list ^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **name** **Description** Specify name of the policy **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **policy-class-list-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/src-based-policy/{name}/policy-class-list/{class-list-name} ` **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_src-based-policy-list_policy-class-list-list: src-based-policy-list_policy-class-list-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **class-list-name** **Description** Class-list name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dynamic-class-list: dynamic-class-list ^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **class-list-name** **Description** Specify name of the class list **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_sync: sync ^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **enable** **Description** Enable **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **local-ip** **Description** Local IP address for White list sync **Type:** string **Format:** ipv4-address **peer-ip-cfg** **Type:** List **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_sync_peer-ip-cfg: sync_peer-ip-cfg ^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **peer-ip** **Description** IP Address **Type:** string **Format:** ipv4-address .. _1278_brief: brief ^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_detection: detection ^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **agent-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/detection/agent/{agent-name} ` **ddos-script** **Description:** ddos-script is a **JSON Block**. Please see below for :ref:`1278_detection_ddos-script` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/detection/ddos-script ` **disable** **Description** Disable DDoS detection (default: enabled) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **resource-usage** **Description:** resource-usage is a **JSON Block**. Please see below for :ref:`1278_detection_resource-usage` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/detection/resource-usage ` **settings** **Description:** settings is a **JSON Block**. Please see below for :ref:`1278_detection_settings` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/detection/settings ` **statistics** **Description:** statistics is a **JSON Block**. Please see below for :ref:`1278_detection_statistics` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/detection/statistics ` **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_detection_resource-usage: detection_resource-usage ^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_detection_statistics: detection_statistics ^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_detection_settings: detection_settings ^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **ctrl-cpu-usage** **Description** Control cpu usage threshold for DDoS detection **Type:** number **Range:** 1-100 **de-escalation-quiet-time** **Description** Configure de-escalation needed time in minutes from level 1 to 0.(default 1 minutes) **Type:** number **Range:** 1-60 **dedicated-cpus** **Description** Configure the number of dedicated cores for detection **Type:** number **Range:** 1-32 **detection-window-size** **Description** Configure detection window size in seconds (DDoS detection window size in seconds(default: 1)) **Type:** number **Range:** 1-60 **Default:** 1 **detector-mode** **Description** 'standalone': Standalone detector; 'on-box': Mitigator and Detector on the same box; 'auto-svc-discovery': Auto Service discovery using Visibility module (Deprecatd); **Type:** string **Supported Values:** standalone, on-box, auto-svc-discovery **entry-saving** **Description:** entry-saving is a **JSON Block**. Please see below for :ref:`1278_detection_settings_entry-saving` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/detection/settings/entry-saving ` **export-interval** **Description** Configure Baselining and export interval in seconds (DDoS Baselining and export interval in seconds(default: 20)) **Type:** number **Range:** 20-3000 **Default:** 20 **full-core-enable** **Description** Enable full core **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **histogram-de-escalate-percentage** **Description** histogram de-escalate sensitivity for DDoS detection **Type:** number **Range:** 1-100 **histogram-escalate-percentage** **Description** histogram escalate sensitivity for DDoS detection **Type:** number **Range:** 1-100 **initial-learning-interval** **Description** Initial learning interval (in hours) before processing **Type:** number **Range:** 1-168 **network-object-flooding-multiple** **Description** multiplier for flooding detection threshold in network objects (default 2x threshold) **Type:** number **Range:** 2-10 **Default:** 2 **network-object-window-size** **Description** '5': 5 seconds; '10': 10 seconds; '15': 15 seconds; '30': 30 seconds; (DDoS detection window size in seconds(default: 30)) **Type:** string **Supported Values:** 5, 10, 15, 30 **Default:** 30 **notification-debug-log** **Description** 'enable': Enable detection notification debug log (default: disabled); **Type:** string **Supported Values:** enable **pkt-sampling** **Description:** pkt-sampling is a **JSON Block**. Please see below for :ref:`1278_detection_settings_pkt-sampling` **Type:** Object **standalone-settings** **Description:** standalone-settings is a **JSON Block**. Please see below for :ref:`1278_detection_settings_standalone-settings` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/detection/settings/standalone-settings ` **top-k-reset-interval** **Description** Configure top-k reset interval **Type:** number **Range:** 1-60 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_detection_settings_entry-saving: detection_settings_entry-saving ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **interval** **Description** Configure periodical auto-saving interval in minutes(default: 0) and 0 to disable. **Type:** number **Range:** 0-1440 **Default:** 0 **manual-restore** **Description** Manually restore network-object-based detection entries and learned indicators **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **manual-save** **Description** Manually save network-object-based detection entries and learned indicators **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_detection_settings_standalone-settings: detection_settings_standalone-settings ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **action** **Description** 'enable': Enable standalone detector; 'disable': Disable standalone detector (default); **Type:** string **Supported Values:** enable, disable **Default:** disable **de-escalation-quiet-time** **Description** Configure de-escalation needed time in minutes from level 1 to 0.(default 6 minutes) **Type:** number **Range:** 1-60 **netflow** **Description:** netflow is a **JSON Block**. Please see below for :ref:`1278_detection_settings_standalone-settings_netflow` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/detection/settings/standalone-settings/netflow ` **sflow** **Description:** sflow is a **JSON Block**. Please see below for :ref:`1278_detection_settings_standalone-settings_sflow` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/detection/settings/standalone-settings/sflow ` **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_detection_settings_standalone-settings_netflow: detection_settings_standalone-settings_netflow ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **listening-port** **Description** Netflow port to receive packets (Netflow port number(default 9996)) **Type:** number **Range:** 1-65535 **Default:** 9996 **template-active-timeout** **Description** Configure active timeout of the netflow templates received in mins (Template active timeout(mins)(default 30mins)) **Type:** number **Range:** 2-300 **Default:** 30 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_detection_settings_standalone-settings_sflow: detection_settings_standalone-settings_sflow ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **listening-port** **Description** sFlow port to receive packets (sFlow port number(default 6343)) **Type:** number **Range:** 1-65535 **Default:** 6343 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_detection_settings_pkt-sampling: detection_settings_pkt-sampling ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **assign-index** **Description** Lower index is more aggressive sampling **Type:** number **Range:** 1-64 **assign-rate** **Description** Assign rate to given index **Type:** number **Range:** 1-50000000 **override-rate** **Description** Sample 1 in X packets (default: X=1) **Type:** number **Range:** 1-50000000 .. _1278_detection_ddos-script: detection_ddos-script ^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **action** **Description** 'delete': delete; **Type:** string **Supported Values:** delete **file** **Description** startup-config local file name **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_detection_agent-list: detection_agent-list ^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **agent-name** **Description** Specify name for the agent **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **agent-type** **Description** 'Cisco': Cisco; 'Juniper': Juniper; **Type:** string **Supported Values:** Cisco, Juniper **agent-v4-addr** **Description** Configure agent's IPv4 address **Type:** string **Format:** ipv4-address **agent-v6-addr** **Description** Configure agent's IPv6 address **Type:** string **Format:** ipv6-address **netflow** **Description:** netflow is a **JSON Block**. Please see below for :ref:`1278_detection_agent-list_netflow` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/detection/agent/{agent-name}/netflow ` **sampling-enable** **Type:** List **sflow** **Description:** sflow is a **JSON Block**. Please see below for :ref:`1278_detection_agent-list_sflow` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/detection/agent/{agent-name}/sflow ` **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_detection_agent-list_sflow: detection_agent-list_sflow ^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **sflow-pkt-samples-collection** **Description** 'enable': Enable sflow packet samples collection(default); 'disable': Disable sflow packet samples collection; **Type:** string **Supported Values:** enable, disable **Default:** enable **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_detection_agent-list_sampling-enable: detection_agent-list_sampling-enable ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'sflow-packets-received': sFlow Packets Received; 'sflow-samples-received': sFlow Samples Received; 'sflow-samples-bad-len': sFlow Samples Bad Length; 'sflow-samples-non-std': sFlow Samples Non-standard; 'sflow-samples-skipped': sFlow Samples Skipped; 'sflow-sample-record-bad-len': sFlow Sample Records Bad Length; 'sflow-samples-sent-for-detection': sFlow Samples Processed For Detection; 'sflow-sample-record-invalid-layer2': sFlow Sample Records Unknown Layer-2; 'sflow-sample-ipv6-hdr-parse-fail': sFlow Sample IPv6 Record Header Parse Failures; 'sflow-disabled': sFlow Packet Samples Processing Disabled; 'netflow-disabled': Netflow Flow Samples Processing Disabled; 'netflow-v5-packets-received': Netflow v5 Packets Received; 'netflow-v5-samples-received': Netflow v5 Samples Received; 'netflow-v5-samples-sent-for-detection': Netflow v5 Samples Processed For Detection; 'netflow-v5-sample-records-bad-len': Netflow v5 Sample Records Bad Length; 'netflow-v5-max-records-exceed': Netflow v5 Sample Max Records Error; 'netflow-v9-packets-received': Netflow v9 Packets Received; 'netflow-v9-samples-received': Netflow v9 Samples Received; 'netflow-v9-samples-sent-for-detection': Netflow v9 Samples Processed For Detection; 'netflow-v9-sample-records-bad-len': Netflow v9 Sample Records Bad Length; 'netflow-v9-sample-flowset-bad-padding': Netflow v9 Sample Flowset Bad Padding; 'netflow-v9-max-records-exceed': Netflow v9 Sample Max Records Error; 'netflow-v9-template-not-found': Netflow v9 Template Not Found; 'netflow-v10-packets-received': Netflow v10 Packets Received; 'netflow-v10-samples-received': Netflow v10 Samples Received; 'netflow-v10-samples-sent-for-detection': Netflow v10 Samples Procssed For Detection; 'netflow-v10-sample-records-bad-len': Netflow v10 Sample Records Bad Length; 'netflow-v10-max-records-exceed': Netflow v10 Sample Max records Error; 'netflow-tcp-sample-received': Netflow TCP Samples Received; 'netflow-udp-sample-received': Netflow UDP Samples received; 'netflow-icmp-sample-received': Netflow ICMP Samples Received; 'netflow-other-sample-received': Netflow OTHER Samples Received; 'netflow-record-copy-oom-error': Netflow Data Record Copy Fail, Local MEM size error; 'netflow-record-rse-invalid': Netflow Data Record Reduced Size Invalid; 'netflow-sample-flow-dur-error': Netflow Sample Flow Duration Error; 'flow-dst-entry-miss': DDoS Destination Entry Lookup Failures; 'flow-ip-proto-or-port-miss': DDoS Destination Service Lookup Failures; 'flow-detection-msgq-full': Detection Message Enqueue Failures; **Type:** string **Supported Values:** all, sflow-packets-received, sflow-samples-received, sflow-samples-bad-len, sflow-samples-non-std, sflow-samples-skipped, sflow-sample-record-bad-len, sflow-samples-sent-for-detection, sflow-sample-record-invalid-layer2, sflow-sample-ipv6-hdr-parse-fail, sflow-disabled, netflow-disabled, netflow-v5-packets-received, netflow-v5-samples-received, netflow-v5-samples-sent-for-detection, netflow-v5-sample-records-bad-len, netflow-v5-max-records-exceed, netflow-v9-packets-received, netflow-v9-samples-received, netflow-v9-samples-sent-for-detection, netflow-v9-sample-records-bad-len, netflow-v9-sample-flowset-bad-padding, netflow-v9-max-records-exceed, netflow-v9-template-not-found, netflow-v10-packets-received, netflow-v10-samples-received, netflow-v10-samples-sent-for-detection, netflow-v10-sample-records-bad-len, netflow-v10-max-records-exceed, netflow-tcp-sample-received, netflow-udp-sample-received, netflow-icmp-sample-received, netflow-other-sample-received, netflow-record-copy-oom-error, netflow-record-rse-invalid, netflow-sample-flow-dur-error, flow-dst-entry-miss, flow-ip-proto-or-port-miss, flow-detection-msgq-full, flow-network-entry-miss .. _1278_detection_agent-list_netflow: detection_agent-list_netflow ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **active-timeout** **Description** Configure agent's flow active timeout (seconds) **Type:** number **Range:** 10-600 **inactive-timeout** **Description** Configure agent's flow inactive timeout (seconds) **Type:** number **Range:** 10-600 **netflow-samples-collection** **Description** 'enable': Enable Netflow flow samples collection(default); 'disable': Disable Netflow flow samples collection; **Type:** string **Supported Values:** enable, disable **Default:** enable **netflow-sampling-rate** **Description** Configure agent's netflow sampling rate **Type:** number **Range:** 1-65535 **Default:** 1 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_session: session ^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_long: long ^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_exec-script: exec-script ^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **alert-type** **Description** 1: UDP Pkt Rate 2: TCP Pkt Rate 3: ICMP Pkt Rate **Type:** number **Range:** 1-3 **exec-script-ip-portocol** **Description** 'icmp-v4': ip-proto icmp-v4; 'icmp-v6': ip-proto icmp-v6; 'other': ip-proto other; 'gre': ip-proto gre; 'ipv4-encap': ip-proto IPv4 Encapsulation; 'ipv6-encap': ip-proto IPv6 Encapsulation; **Type:** string **Supported Values:** icmp-v4, icmp-v6, other, gre, ipv4-encap, ipv6-encap **exec-script-port-other-protocol** **Description** 'tcp': TCP Port; 'udp': UDP Port; **Type:** string **Supported Values:** tcp, udp **level** **Description** Current Level **Type:** number **Range:** 1-4 **mock** **Description** Use mock data **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **port-num** **Description** Port Number **Type:** number **Range:** 1-65535 **port-other** **Description** 'other': other; **Type:** string **Supported Values:** other **protocol** **Description** 'dns-tcp': DNS-TCP Port; 'dns-udp': DNS-UDP Port; 'http': HTTP Port; 'tcp': TCP Port; 'udp': UDP Port; 'ssl-l4': SSL-L4 Port; 'sip-tcp': SIP-TCP Port; 'sip-udp': SIP-UDP Port; 'quic': QUIC Port; **Type:** string **Supported Values:** dns-tcp, dns-udp, http, tcp, udp, ssl-l4, sip-tcp, sip-udp, quic **protocol-num** **Description** Protocol Number **Type:** number **Range:** 0-255 **script** **Description** Specify script to execute **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **src-ip** **Type:** List **src-ipv6** **Type:** List **threshold** **Description** Threshold **Type:** number **Range:** 1-3000 **timeout** **Description** Timeout (Default: 10 seconds, Mock Default: 2 seconds) **Type:** number **Range:** 1-31 **zone** **Description** DST Zone name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _1278_exec-script_src-ip: exec-script_src-ip ^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **ip-addr** **Description** Specify IP address **Type:** string **Format:** ipv4-address **subnet-ip-addr** **Description** IP Subnet **Type:** string **Format:** ipv4-cidr .. _1278_exec-script_src-ipv6: exec-script_src-ipv6 ^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **ip6-addr** **Description** Specify IPv6 address **Type:** string **Format:** ipv6-address **subnet-ipv6-addr** **Description** IPV6 Subnet **Type:** string **Format:** ipv6-address-plen .. _1278_l4-ssl: l4-ssl ^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_table: table ^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_east-west-protection: east-west-protection ^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **deployment-mode** **Description** 'L2-mode': Enable East-West Protection in Layer 2 mode.; 'L2-with-virtual-wire': Enable East-West Protection in Layer 2 mode with virtual-wire pairs.; 'L3-mode': Enable East-West Protection in Layer 3 mode.; 'disable': Disable East-West Protection.; **Type:** string **Supported Values:** L2-mode, L2-with-virtual-wire, L3-mode, disable **Default:** disable **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_port: port ^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_token-authentication: token-authentication ^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **authenticated-list** **Description:** authenticated-list is a **JSON Block**. Please see below for :ref:`1278_token-authentication_authenticated-list` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/token-authentication/authenticated-list ` **player-mode** **Description:** player-mode is a **JSON Block**. Please see below for :ref:`1278_token-authentication_player-mode` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/token-authentication/player-mode ` **players-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/token-authentication/players/{src-ip}+{src-port}+{dst-ip}+{dst-port} ` **secret-salt** **Description:** secret-salt is a **JSON Block**. Please see below for :ref:`1278_token-authentication_secret-salt` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/token-authentication/secret-salt ` **summary** **Description:** summary is a **JSON Block**. Please see below for :ref:`1278_token-authentication_summary` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/token-authentication/summary ` .. _1278_token-authentication_authenticated-list: token-authentication_authenticated-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_token-authentication_player-mode: token-authentication_player-mode ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **mode** **Description** 'one-to-one': Only one player talks to one server; 'many-to-one': Many player talk to one server; **Type:** string **Supported Values:** one-to-one, many-to-one **Default:** many-to-one **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_token-authentication_summary: token-authentication_summary ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_token-authentication_secret-salt: token-authentication_secret-salt ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **current-salt** **Description** Current salt value **Type:** number **Range:** 0-4294967295 **previous-salt** **Description** Previous salt value **Type:** number **Range:** 0-4294967295 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_token-authentication_players-list: token-authentication_players-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **dst-ip** **Description** **Type:** string **Format:** ipv4-address **dst-port** **Description** **Type:** number **Range:** 0-65535 **magic-value** **Description** **Type:** number **Range:** 0-4294967295 **src-ip** **Description** **Type:** string **Format:** ipv4-address **src-port** **Description** **Type:** number **Range:** 0-65535 .. _1278_dns-cache-mode: dns-cache-mode ^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **enable** **Description** Enable DNS Cache mode **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_l4-icmp: l4-icmp ^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_anomaly-drop: anomaly-drop ^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **packet-deformity-layer-3** **Description:** packet-deformity-layer-3 is a **JSON Block**. Please see below for :ref:`1278_anomaly-drop_packet-deformity-layer-3` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/anomaly-drop/packet-deformity-layer-3 ` **packet-deformity-layer-4** **Description:** packet-deformity-layer-4 is a **JSON Block**. Please see below for :ref:`1278_anomaly-drop_packet-deformity-layer-4` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/anomaly-drop/packet-deformity-layer-4 ` **security-attack-layer-3** **Description:** security-attack-layer-3 is a **JSON Block**. Please see below for :ref:`1278_anomaly-drop_security-attack-layer-3` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/anomaly-drop/security-attack-layer-3 ` **security-attack-layer-4-tcp** **Description:** security-attack-layer-4-tcp is a **JSON Block**. Please see below for :ref:`1278_anomaly-drop_security-attack-layer-4-tcp` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/anomaly-drop/security-attack-layer-4-tcp ` **security-attack-layer-4-udp** **Description:** security-attack-layer-4-udp is a **JSON Block**. Please see below for :ref:`1278_anomaly-drop_security-attack-layer-4-udp` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/anomaly-drop/security-attack-layer-4-udp ` .. _1278_anomaly-drop_security-attack-layer-3: anomaly-drop_security-attack-layer-3 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **capture-config** **Description** capture-config name (Can only configure when drop-disabled) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **log** **Description** Log the anomaly event (Can only configure when drop-disabled) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **toggle** **Description** 'enable': enable; 'disable': disable; **Type:** string **Supported Values:** enable, disable **Default:** enable **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_anomaly-drop_packet-deformity-layer-3: anomaly-drop_packet-deformity-layer-3 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **capture-config** **Description** capture-config name (Can only configure when drop-disabled) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **log** **Description** Log the anomaly event (Can only configure when drop-disabled) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **toggle** **Description** 'enable': enable; 'disable': disable; **Type:** string **Supported Values:** enable, disable **Default:** enable **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_anomaly-drop_packet-deformity-layer-4: anomaly-drop_packet-deformity-layer-4 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **capture-config** **Description** capture-config name (Can only configure when drop-disabled) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **log** **Description** Log the anomaly event (Can only configure when drop-disabled) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **toggle** **Description** 'enable': enable; 'disable': disable; **Type:** string **Supported Values:** enable, disable **Default:** enable **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_anomaly-drop_security-attack-layer-4-tcp: anomaly-drop_security-attack-layer-4-tcp ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **capture-config** **Description** capture-config name (Can only configure when drop-disabled) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **log** **Description** Log the anomaly event (Can only configure when drop-disabled) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **toggle** **Description** 'enable': enable; 'disable': disable; **Type:** string **Supported Values:** enable, disable **Default:** enable **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_anomaly-drop_security-attack-layer-4-udp: anomaly-drop_security-attack-layer-4-udp ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **capture-config** **Description** capture-config name (Can only configure when drop-disabled) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **log** **Description** Log the anomaly event (Can only configure when drop-disabled) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **toggle** **Description** 'enable': enable; 'disable': disable; **Type:** string **Supported Values:** enable, disable **Default:** enable **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_token-auth: token-auth ^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_l4-other: l4-other ^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst: dst ^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **default-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/default/{default-address-type} ` **dynamic-entries-resource-usage** **Description:** dynamic-entries-resource-usage is a **JSON Block**. Please see below for :ref:`1278_dst_dynamic-entries-resource-usage` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/dynamic-entries-resource-usage ` **dynamic-entry** **Description:** dynamic-entry is a **JSON Block**. Please see below for :ref:`1278_dst_dynamic-entry` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/dynamic-entry ` **dynamic-entry-overflow-policy-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/dynamic-entry-overflow-policy/{default-address-type} ` **entry-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name} ` **interface-ip-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/interface-ip/{addr} ` **interface-ipv6-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/interface-ipv6/{addr} ` **zone-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name} ` .. _1278_dst_interface-ip-list: dst_interface-ip-list ^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **addr** **Description** IP address of interface **Type:** string **Format:** ipv4-address **ip-proto-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/interface-ip/{addr}/ip-proto/{port-num} ` **l4-type-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/interface-ip/{addr}/l4-type/{protocol} ` **log-enable** **Description** Enable logging of limit exceed drops **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **log-periodic** **Description** Enable periodic log while event is continuing **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **port-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/interface-ip/{addr}/port/{port-num}+{protocol} ` **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_interface-ip-list_port-list: dst_interface-ip-list_port-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **deny** **Description** Blacklist and Drop all incoming packets for protocol **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **port-num** **Description** Port Number **Type:** number **Range:** 1-65535 **protocol** **Description** 'tcp': tcp; 'udp': udp; 'http-probe': http port for interface health check; **Type:** string **Supported Values:** tcp, udp, http-probe **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_interface-ip-list_ip-proto-list: dst_interface-ip-list_ip-proto-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **deny** **Description** Blacklist and Drop all incoming packets for protocol **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **port-num** **Description** IP protocol number **Type:** number **Range:** 0-255 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_interface-ip-list_l4-type-list: dst_interface-ip-list_l4-type-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **deny** **Description** Blacklist and Drop all incoming packets for protocol **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **drop-frag-pkt** **Description** Drop fragmented packets **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **protocol** **Description** 'tcp': tcp; 'udp': udp; 'icmp': icmp; 'other': other; **Type:** string **Supported Values:** tcp, udp, icmp, other **tunnel-decap** **Description:** tunnel-decap is a **JSON Block**. Please see below for :ref:`1278_dst_interface-ip-list_l4-type-list_tunnel-decap` **Type:** Object **tunnel-rate-limit** **Description:** tunnel-rate-limit is a **JSON Block**. Please see below for :ref:`1278_dst_interface-ip-list_l4-type-list_tunnel-rate-limit` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_interface-ip-list_l4-type-list_tunnel-decap: dst_interface-ip-list_l4-type-list_tunnel-decap ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **gre-decap** **Description** Enable GRE Tunnel decapsulation **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **ip-decap** **Description** Enable IP Tunnel decapsulation **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **key-cfg** **Type:** List .. _1278_dst_interface-ip-list_l4-type-list_tunnel-decap_key-cfg: dst_interface-ip-list_l4-type-list_tunnel-decap_key-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **key** **Description** Only decapsulate GRE packet with this key (Hexadecimal 0x0-0xFFFFFFFF,decimal 0-4294967295) **Type:** string **Maximum Length:** 10 characters **Maximum Length:** 1 characters .. _1278_dst_interface-ip-list_l4-type-list_tunnel-rate-limit: dst_interface-ip-list_l4-type-list_tunnel-rate-limit ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **gre-rate-limit** **Description** Enable inner IP rate limiting on GRE traffic **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **ip-rate-limit** **Description** Enable inner IP rate limiting on IPinIP traffic **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1278_dst_default-list: dst_default-list ^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **age** **Description** Idle age for ip entry **Type:** number **Range:** 5-1023 **apply-policy-on-overflow** **Description** Enable this flag to apply overflow policy when dynamic entry count overflows **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **default-address-type** **Description** 'ip': ip; 'ipv6': ipv6; **Type:** string **Supported Values:** ip, ipv6 **deny** **Description** Blacklist and Drop all incoming packets **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **disable** **Description** Disable **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **drop-disable** **Description** Disable certain drops during packet processing **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **drop-disable-fwd-immediate** **Description** Immediately forward L4 drops **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **drop-frag-pkt** **Description** Drop fragmented packets **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exceed-log-cfg** **Description:** exceed-log-cfg is a **JSON Block**. Please see below for :ref:`1278_dst_default-list_exceed-log-cfg` **Type:** Object **exceed-log-dep-cfg** **Description:** exceed-log-dep-cfg is a **JSON Block**. Please see below for :ref:`1278_dst_default-list_exceed-log-dep-cfg` **Type:** Object **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **inbound-forward-dscp** **Description** To set dscp value for inbound packets (DSCP Value for the clear traffic marking) **Type:** number **Range:** 1-63 **ip-proto-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/default/{default-address-type}/ip-proto/{port-num} ` **l4-type-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/default/{default-address-type}/l4-type/{protocol} ` **log-periodic** **Description** Enable periodic log while event is continuing **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **max-dynamic-entry-count** **Description** Maximum count for dynamic dst entry **Type:** number **Range:** 0-2147483647 **outbound-forward-dscp** **Description** To set dscp value for outbound **Type:** number **Range:** 1-63 **port-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/default/{default-address-type}/port/{port-num}+{protocol} ` **src-port-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/default/{default-address-type}/src-port/{port-num}+{protocol} ` **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1278_dst_default-list_template` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_default-list_port-list: dst_default-list_port-list ^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **deny** **Description** Blacklist and Drop all incoming packets for protocol **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **port-num** **Description** Port Number **Type:** number **Range:** 0-65535 **protocol** **Description** 'dns-tcp': dns-tcp; 'dns-udp': dns-udp; 'http': http; 'tcp': tcp; 'udp': udp; 'ssl-l4': ssl-l4; 'sip-udp': sip-udp; 'sip-tcp': sip-tcp; **Type:** string **Supported Values:** dns-tcp, dns-udp, http, tcp, udp, ssl-l4, sip-udp, sip-tcp **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1278_dst_default-list_port-list_template` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_default-list_port-list_template: dst_default-list_port-list_template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dns** **Description** DDOS dns template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **http** **Description** DDOS http template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **sip** **Description** DDOS sip template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **ssl-l4** **Description** DDOS ssl-l4 template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **tcp** **Description** DDOS tcp template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **udp** **Description** DDOS udp template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1278_dst_default-list_template: dst_default-list_template ^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **logging** **Description** DDOS logging template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1278_dst_default-list_l4-type-list: dst_default-list_l4-type-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **deny** **Description** Blacklist and Drop all incoming packets for protocol **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **disable-syn-auth** **Description** Disable TCP SYN Authentication **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **drop-frag-pkt** **Description** Drop fragmented packets **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **drop-on-no-port-match** **Description** 'disable': disable; 'enable': enable; **Type:** string **Supported Values:** disable, enable **Default:** enable **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **max-rexmit-syn-per-flow** **Description** Maximum number of re-transmit SYN per flow. Exceed action set to Drop **Type:** number **Range:** 1-6 **protocol** **Description** 'tcp': tcp; 'udp': udp; 'icmp': icmp; 'other': other; **Type:** string **Supported Values:** tcp, udp, icmp, other **stateful** **Description** Enable stateful tracking of sessions (Default is stateless) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **syn-auth** **Description** 'send-rst': Send RST to client upon client ACK; 'force-rst-by-ack': Force client RST via the use of ACK; 'force-rst-by-synack': Force client RST via the use of bad SYN|ACK; 'disable': Disable TCP SYN Authentication; **Type:** string **Supported Values:** send-rst, force-rst-by-ack, force-rst-by-synack, disable **Default:** send-rst **syn-cookie** **Description** Enable SYN Cookie **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **tcp-reset-client** **Description** Send reset to client when rate exceeds or session ages out **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **tcp-reset-server** **Description** Send reset to server when rate exceeds or session ages out **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **tunnel-decap** **Description:** tunnel-decap is a **JSON Block**. Please see below for :ref:`1278_dst_default-list_l4-type-list_tunnel-decap` **Type:** Object **tunnel-rate-limit** **Description:** tunnel-rate-limit is a **JSON Block**. Please see below for :ref:`1278_dst_default-list_l4-type-list_tunnel-rate-limit` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_default-list_l4-type-list_tunnel-rate-limit: dst_default-list_l4-type-list_tunnel-rate-limit ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **gre-rate-limit** **Description** Enable inner IP rate limiting on GRE traffic **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **ip-rate-limit** **Description** Enable inner IP rate limiting on IPinIP traffic **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1278_dst_default-list_l4-type-list_tunnel-decap: dst_default-list_l4-type-list_tunnel-decap ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **gre-decap** **Description** Enable GRE Tunnel decapsulation **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **ip-decap** **Description** Enable IP Tunnel decapsulation **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **key-cfg** **Type:** List .. _1278_dst_default-list_l4-type-list_tunnel-decap_key-cfg: dst_default-list_l4-type-list_tunnel-decap_key-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **key** **Description** Only decapsulate GRE packet with this key (Hexadecimal 0x0-0xFFFFFFFF,decimal 0-4294967295) **Type:** string **Maximum Length:** 10 characters **Maximum Length:** 1 characters .. _1278_dst_default-list_src-port-list: dst_default-list_src-port-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **deny** **Description** Blacklist and Drop all incoming packets for protocol **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **port-num** **Description** Port Number **Type:** number **Range:** 0-65535 **protocol** **Description** 'udp': udp; 'tcp': tcp; **Type:** string **Supported Values:** udp, tcp **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1278_dst_default-list_src-port-list_template` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_default-list_src-port-list_template: dst_default-list_src-port-list_template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **src-tcp** **Description** DDOS tcp src template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **src-udp** **Description** DDOS udp src template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1278_dst_default-list_ip-proto-list: dst_default-list_ip-proto-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **deny** **Description** Blacklist and Drop all incoming packets for protocol **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **port-num** **Description** Protocol Number **Type:** number **Range:** 0-255 **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1278_dst_default-list_ip-proto-list_template` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_default-list_ip-proto-list_template: dst_default-list_ip-proto-list_template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **other** **Description** DDOS other template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1278_dst_default-list_exceed-log-cfg: dst_default-list_exceed-log-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **log-enable** **Description** Enable logging of limit exceed drop's **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **with-sflow-sample** **Description** Turn on sflow sample with log **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1278_dst_default-list_exceed-log-dep-cfg: dst_default-list_exceed-log-dep-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **exceed-log-enable** **Description** (Deprecated)Enable logging of limit exceed drop's **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **log-with-sflow-dep** **Description** Turn on sflow sample with log **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1278_dst_dynamic-entries-resource-usage: dst_dynamic-entries-resource-usage ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_interface-ipv6-list: dst_interface-ipv6-list ^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **addr** **Description** IPv6 address of interface **Type:** string **Format:** ipv6-address **ip-proto-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/interface-ipv6/{addr}/ip-proto/{port-num} ` **l4-type-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/interface-ipv6/{addr}/l4-type/{protocol} ` **log-enable** **Description** Enable logging of limit exceed drops **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **port-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/interface-ipv6/{addr}/port/{port-num}+{protocol} ` **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_interface-ipv6-list_port-list: dst_interface-ipv6-list_port-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **deny** **Description** Blacklist and Drop all incoming packets for protocol **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **port-num** **Description** Port Number **Type:** number **Range:** 1-65535 **protocol** **Description** 'tcp': tcp; 'udp': udp; 'http-probe': http port for interface health check; **Type:** string **Supported Values:** tcp, udp, http-probe **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_interface-ipv6-list_ip-proto-list: dst_interface-ipv6-list_ip-proto-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **deny** **Description** Blacklist and Drop all incoming packets for protocol **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **port-num** **Description** IP protocol number **Type:** number **Range:** 0-255 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_interface-ipv6-list_l4-type-list: dst_interface-ipv6-list_l4-type-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **deny** **Description** Blacklist and Drop all incoming packets for protocol **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **drop-frag-pkt** **Description** Drop fragmented packets **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **protocol** **Description** 'tcp': tcp; 'udp': udp; 'icmp': icmp; 'other': other; **Type:** string **Supported Values:** tcp, udp, icmp, other **tunnel-decap** **Description:** tunnel-decap is a **JSON Block**. Please see below for :ref:`1278_dst_interface-ipv6-list_l4-type-list_tunnel-decap` **Type:** Object **tunnel-rate-limit** **Description:** tunnel-rate-limit is a **JSON Block**. Please see below for :ref:`1278_dst_interface-ipv6-list_l4-type-list_tunnel-rate-limit` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_interface-ipv6-list_l4-type-list_tunnel-decap: dst_interface-ipv6-list_l4-type-list_tunnel-decap ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **gre-decap** **Description** Enable GRE Tunnel decapsulation **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **ip-decap** **Description** Enable IP Tunnel decapsulation **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **key-cfg** **Type:** List .. _1278_dst_interface-ipv6-list_l4-type-list_tunnel-decap_key-cfg: dst_interface-ipv6-list_l4-type-list_tunnel-decap_key-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **key** **Description** Only decapsulate GRE packet with this key (Hexadecimal 0x0-0xFFFFFFFF,decimal 0-4294967295) **Type:** string **Maximum Length:** 10 characters **Maximum Length:** 1 characters .. _1278_dst_interface-ipv6-list_l4-type-list_tunnel-rate-limit: dst_interface-ipv6-list_l4-type-list_tunnel-rate-limit ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **gre-rate-limit** **Description** Enable inner IP rate limiting on GRE traffic **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **ip-rate-limit** **Description** Enable inner IP rate limiting on IPinIP traffic **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1278_dst_entry-list: dst_entry-list ^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **advertised-enable** **Description** BGP advertised **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **blackhole-on-glid-exceed** **Description** Blackhole destination entry for X minutes upon glid limit exceeded **Type:** number **Range:** 1-30 **capture-config-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/capture-config/{name} ` **description** **Description** Description for this Destination Entry **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **dest-nat-ip** **Description** Destination NAT IP address **Type:** string **Format:** ipv4-address **dest-nat-ipv6** **Description** Destination NAT IPv6 address **Type:** string **Format:** ipv6-address **drop-disable** **Description** Disable certain drops during packet processing **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **drop-disable-fwd-immediate** **Description** Immediately forward L4 drops **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **drop-frag-pkt** **Description** Drop fragmented packets **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **drop-on-no-src-dst-default** **Description** Drop if no match with src-based-policy class-list, and default is not configured **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dst-entry-name** **Description** **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **dynamic-entry-overflow-policy-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/dynamic-entry-overflow-policy/{dummy-name} ` **enable-top-k** **Type:** List **exceed-log-cfg** **Description:** exceed-log-cfg is a **JSON Block**. Please see below for :ref:`1278_dst_entry-list_exceed-log-cfg` **Type:** Object **exceed-log-dep-cfg** **Description:** exceed-log-dep-cfg is a **JSON Block**. Please see below for :ref:`1278_dst_entry-list_exceed-log-dep-cfg` **Type:** Object **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **glid-exceed-action** **Description:** glid-exceed-action is a **JSON Block**. Please see below for :ref:`1278_dst_entry-list_glid-exceed-action` **Type:** Object **hw-blacklist-blocking** **Description:** hw-blacklist-blocking is a **JSON Block**. Please see below for :ref:`1278_dst_entry-list_hw-blacklist-blocking` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/hw-blacklist-blocking ` **inbound-forward-dscp** **Description** To set dscp value for inbound packets (DSCP Value for the clear traffic marking) **Type:** number **Range:** 1-63 **ip-addr** **Description** **Type:** string **Format:** ipv4-address **ip-proto-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/ip-proto/{port-num} ` **ipv6-addr** **Description** **Type:** string **Format:** ipv6-address **l4-type-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/l4-type/{protocol} ` **log-periodic** **Description** Enable periodic log while event is continuing **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **operational-mode** **Description** 'protection': Protection mode; 'bypass': Bypass mode; **Type:** string **Supported Values:** protection, bypass **Default:** protection **outbound-forward-dscp** **Description** To set dscp value for outbound **Type:** number **Range:** 1-63 **pattern-recognition-hw-filter-enable** **Description** to enable pattern recognition hardware filter **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **pattern-recognition-sensitivity** **Description** 'high': High sensitive pattern recognition; 'medium': Medium sensitive pattern recognition; 'low': Low sensitive pattern recognition; **Type:** string **Supported Values:** high, medium, low **port-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/port/{port-num}+{protocol} ` **port-range-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/port-range/{port-range-start}+{port-range-end}+{protocol} ` **reporting-disabled** **Description** Disable Reporting **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **sampling-enable** **Type:** List **set-counter-base-val** **Description** Set T2 counter value of current context to specified value **Type:** number **Range:** 1-4294967295 **sflow** **Description:** sflow is a **JSON Block**. Please see below for :ref:`1278_dst_entry-list_sflow` **Type:** Object **source-nat-pool** **Description** Configure source NAT **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **src-dst-pair** **Description:** src-dst-pair is a **JSON Block**. Please see below for :ref:`1278_dst_entry-list_src-dst-pair` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair ` **src-dst-pair-class-list-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair-class-list/{class-list-name} ` **src-dst-pair-policy-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair-policy/{src-based-policy-name} ` **src-dst-pair-settings-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair-settings/{all-types} ` **src-port-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-port/{port-num}+{protocol} ` **src-port-range-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-port-range/{src-port-range-start}+{src-port-range-end}+{protocol} ` **subnet-ip-addr** **Description** IP Subnet **Type:** string **Format:** ipv4-cidr **subnet-ipv6-addr** **Description** IPV6 Subnet **Type:** string **Format:** ipv6-address-plen **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1278_dst_entry-list_template` **Type:** Object **topk-destinations** **Description:** topk-destinations is a **JSON Block**. Please see below for :ref:`1278_dst_entry-list_topk-destinations` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/topk-destinations ` **traffic-distribution-mode** **Description** 'default': Distribute traffic to one slot using default distribution mechanism; 'source-ip-based': Distribute traffic between slots, based on source ip; **Type:** string **Supported Values:** default, source-ip-based **Default:** default **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_entry-list_port-list: dst_entry-list_port-list ^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **capture-config** **Description:** capture-config is a **JSON Block**. Please see below for :ref:`1278_dst_entry-list_port-list_capture-config` **Type:** Object **deny** **Description** Blacklist and Drop all incoming packets for protocol **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **detection-enable** **Description** Enable ddos detection **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dns-cache** **Description** DNS Cache Instance **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/dns-cache ` **enable-top-k** **Description** Enable ddos top-k entries **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **glid-exceed-action** **Description:** glid-exceed-action is a **JSON Block**. Please see below for :ref:`1278_dst_entry-list_port-list_glid-exceed-action` **Type:** Object **ip-filtering-policy** **Description** Configure IP Filter **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/ip-filtering-policy ` **ip-filtering-policy-oper** **Description:** ip-filtering-policy-oper is a **JSON Block**. Please see below for :ref:`1278_dst_entry-list_port-list_ip-filtering-policy-oper` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/port/{port-num}+{protocol}/ip-filtering-policy-oper ` **pattern-recognition** **Description:** pattern-recognition is a **JSON Block**. Please see below for :ref:`1278_dst_entry-list_port-list_pattern-recognition` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/port/{port-num}+{protocol}/pattern-recognition ` **pattern-recognition-pu-details** **Description:** pattern-recognition-pu-details is a **JSON Block**. Please see below for :ref:`1278_dst_entry-list_port-list_pattern-recognition-pu-details` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/port/{port-num}+{protocol}/pattern-recognition-pu-details ` **port-ind** **Description:** port-ind is a **JSON Block**. Please see below for :ref:`1278_dst_entry-list_port-list_port-ind` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/port/{port-num}+{protocol}/port-ind ` **port-num** **Description** Port Number **Type:** number **Range:** 0-65535 **progression-tracking** **Description:** progression-tracking is a **JSON Block**. Please see below for :ref:`1278_dst_entry-list_port-list_progression-tracking` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/port/{port-num}+{protocol}/progression-tracking ` **protocol** **Description** 'dns-tcp': DNS-TCP Port; 'dns-udp': DNS-UDP Port; 'http': HTTP Port; 'tcp': TCP Port; 'udp': UDP Port; 'ssl-l4': SSL-L4 Port; 'sip-udp': SIP-UDP Port; 'sip-tcp': SIP-TCP Port; **Type:** string **Supported Values:** dns-tcp, dns-udp, http, tcp, udp, ssl-l4, sip-udp, sip-tcp **set-counter-base-val** **Description** Set T2 counter value of current context to specified value **Type:** number **Range:** 1-4294967295 **sflow** **Description:** sflow is a **JSON Block**. Please see below for :ref:`1278_dst_entry-list_port-list_sflow` **Type:** Object **signature-extraction** **Description:** signature-extraction is a **JSON Block**. Please see below for :ref:`1278_dst_entry-list_port-list_signature-extraction` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/port/{port-num}+{protocol}/signature-extraction ` **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1278_dst_entry-list_port-list_template` **Type:** Object **topk-num-records** **Description** Maximum number of records to show in topk **Type:** number **Range:** 1-100 **Default:** 20 **topk-sources** **Description:** topk-sources is a **JSON Block**. Please see below for :ref:`1278_dst_entry-list_port-list_topk-sources` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/port/{port-num}+{protocol}/topk-sources ` **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_entry-list_port-list_pattern-recognition: dst_entry-list_port-list_pattern-recognition ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **algorithm** **Description** 'heuristic': heuristic algorithm; **Type:** string **Supported Values:** heuristic **filter-inactive-threshold** **Description** Extracted filter inactive threshold **Type:** number **Range:** 5-255 **filter-threshold** **Description** Extracted filter threshold **Type:** number **Range:** 0-100 **mode** **Description** 'capture-never-expire': War-time capture without rate exceeding and never expires; 'manual': Manual mode; **Type:** string **Supported Values:** capture-never-expire, manual **sensitivity** **Description** 'high': High Sensitivity; 'medium': Medium Sensitivity; 'low': Low Sensitivity; **Type:** string **Supported Values:** high, medium, low **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_entry-list_port-list_signature-extraction: dst_entry-list_port-list_signature-extraction ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **algorithm** **Description** 'heuristic': heuristic algorithm; **Type:** string **Supported Values:** heuristic **manual-mode** **Description** Enable manual mode **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_entry-list_port-list_template: dst_entry-list_port-list_template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dns** **Description** DDOS dns template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **http** **Description** DDOS http template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **sip** **Description** DDOS sip template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **ssl-l4** **Description** DDOS SSL-L4 template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **tcp** **Description** DDOS tcp template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **udp** **Description** DDOS udp template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1278_dst_entry-list_port-list_glid-exceed-action: dst_entry-list_port-list_glid-exceed-action ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **stateless-encap-action-cfg** **Description:** stateless-encap-action-cfg is a **JSON Block**. Please see below for :ref:`1278_dst_entry-list_port-list_glid-exceed-action_stateless-encap-action-cfg` **Type:** Object .. _1278_dst_entry-list_port-list_glid-exceed-action_stateless-encap-action-cfg: dst_entry-list_port-list_glid-exceed-action_stateless-encap-action-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **encap-template** **Description** Apply legacy encap template for encap action **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/template/encap ` **stateless-encap-action** **Description** 'stateless-tunnel-encap': Encapsulate all packets; 'stateless-tunnel-encap-scrubbed': Encapsulate all packets and allow packets to go through other DDoS checks before sent (conn-limit exceeded packet can not be scrubbed, it will default to stateless-tunnel-encap); **Type:** string **Supported Values:** stateless-tunnel-encap, stateless-tunnel-encap-scrubbed .. _1278_dst_entry-list_port-list_pattern-recognition-pu-details: dst_entry-list_port-list_pattern-recognition-pu-details ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_entry-list_port-list_port-ind: dst_entry-list_port-list_port-ind ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **sampling-enable** **Type:** List **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_entry-list_port-list_port-ind_sampling-enable: dst_entry-list_port-list_port-ind_sampling-enable ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'ip-proto-type': IP Protocol Type; 'ddet_ind_pkt_rate_current': Pkt Rate Current; 'ddet_ind_pkt_rate_min': Pkt Rate Min; 'ddet_ind_pkt_rate_max': Pkt Rate Max; 'ddet_ind_pkt_drop_rate_current': Pkt Drop Rate Current; 'ddet_ind_pkt_drop_rate_min': Pkt Drop Rate Min; 'ddet_ind_pkt_drop_rate_max': Pkt Drop Rate Max; 'ddet_ind_syn_rate_current': TCP SYN Rate Current; 'ddet_ind_syn_rate_min': TCP SYN Rate Min; 'ddet_ind_syn_rate_max': TCP SYN Rate Max; 'ddet_ind_fin_rate_current': TCP FIN Rate Current; 'ddet_ind_fin_rate_min': TCP FIN Rate Min; 'ddet_ind_fin_rate_max': TCP FIN Rate Max; 'ddet_ind_rst_rate_current': TCP RST Rate Current; 'ddet_ind_rst_rate_min': TCP RST Rate Min; 'ddet_ind_rst_rate_max': TCP RST Rate Max; 'ddet_ind_small_window_ack_rate_current': TCP Small Window ACK Rate Current; 'ddet_ind_small_window_ack_rate_min': TCP Small Window ACK Rate Min; 'ddet_ind_small_window_ack_rate_max': TCP Small Window ACK Rate Max; 'ddet_ind_empty_ack_rate_current': TCP Empty ACK Rate Current; 'ddet_ind_empty_ack_rate_min': TCP Empty ACK Rate Min; 'ddet_ind_empty_ack_rate_max': TCP Empty ACK Rate Max; 'ddet_ind_small_payload_rate_current': TCP Small Payload Rate Current; 'ddet_ind_small_payload_rate_min': TCP Small Payload Rate Min; 'ddet_ind_small_payload_rate_max': TCP Small Payload Rate Max; 'ddet_ind_pkt_drop_ratio_current': Pkt Drop / Pkt Rcvd Current; 'ddet_ind_pkt_drop_ratio_min': Pkt Drop / Pkt Rcvd Min; 'ddet_ind_pkt_drop_ratio_max': Pkt Drop / Pkt Rcvd Max; 'ddet_ind_inb_per_outb_current': Bytes-to / Bytes-from Current; 'ddet_ind_inb_per_outb_min': Bytes-to / Bytes-from Min; 'ddet_ind_inb_per_outb_max': Bytes-to / Bytes-from Max; 'ddet_ind_syn_per_fin_rate_current': TCP SYN Rate / FIN Rate Current; 'ddet_ind_syn_per_fin_rate_min': TCP SYN Rate / FIN Rate Min; 'ddet_ind_syn_per_fin_rate_max': TCP SYN Rate / FIN Rate Max; 'ddet_ind_conn_miss_rate_current': TCP Session Miss Rate Current; 'ddet_ind_conn_miss_rate_min': TCP Session Miss Rate Min; 'ddet_ind_conn_miss_rate_max': TCP Session Miss Rate Max; 'ddet_ind_concurrent_conns_current': TCP/UDP Concurrent Sessions Current; 'ddet_ind_concurrent_conns_min': TCP/UDP Concurrent Sessions Min; 'ddet_ind_concurrent_conns_max': TCP/UDP Concurrent Sessions Max; 'ddet_ind_data_cpu_util_current': Data CPU Utilization Current; 'ddet_ind_data_cpu_util_min': Data CPU Utilization Min; 'ddet_ind_data_cpu_util_max': Data CPU Utilization Max; 'ddet_ind_outside_intf_util_current': Outside Interface Utilization Current; 'ddet_ind_outside_intf_util_min': Outside Interface Utilization Min; 'ddet_ind_outside_intf_util_max': Outside Interface Utilization Max; 'ddet_ind_frag_rate_current': Frag Pkt Rate Current; 'ddet_ind_frag_rate_min': Frag Pkt Rate Min; 'ddet_ind_frag_rate_max': Frag Pkt Rate Max; 'ddet_ind_bit_rate_current': Bit Rate Current; 'ddet_ind_bit_rate_min': Bit Rate Min; 'ddet_ind_bit_rate_max': Bit Rate Max; **Type:** string **Supported Values:** all, ip-proto-type, ddet_ind_pkt_rate_current, ddet_ind_pkt_rate_min, ddet_ind_pkt_rate_max, ddet_ind_pkt_drop_rate_current, ddet_ind_pkt_drop_rate_min, ddet_ind_pkt_drop_rate_max, ddet_ind_syn_rate_current, ddet_ind_syn_rate_min, ddet_ind_syn_rate_max, ddet_ind_fin_rate_current, ddet_ind_fin_rate_min, ddet_ind_fin_rate_max, ddet_ind_rst_rate_current, ddet_ind_rst_rate_min, ddet_ind_rst_rate_max, ddet_ind_small_window_ack_rate_current, ddet_ind_small_window_ack_rate_min, ddet_ind_small_window_ack_rate_max, ddet_ind_empty_ack_rate_current, ddet_ind_empty_ack_rate_min, ddet_ind_empty_ack_rate_max, ddet_ind_small_payload_rate_current, ddet_ind_small_payload_rate_min, ddet_ind_small_payload_rate_max, ddet_ind_pkt_drop_ratio_current, ddet_ind_pkt_drop_ratio_min, ddet_ind_pkt_drop_ratio_max, ddet_ind_inb_per_outb_current, ddet_ind_inb_per_outb_min, ddet_ind_inb_per_outb_max, ddet_ind_syn_per_fin_rate_current, ddet_ind_syn_per_fin_rate_min, ddet_ind_syn_per_fin_rate_max, ddet_ind_conn_miss_rate_current, ddet_ind_conn_miss_rate_min, ddet_ind_conn_miss_rate_max, ddet_ind_concurrent_conns_current, ddet_ind_concurrent_conns_min, ddet_ind_concurrent_conns_max, ddet_ind_data_cpu_util_current, ddet_ind_data_cpu_util_min, ddet_ind_data_cpu_util_max, ddet_ind_outside_intf_util_current, ddet_ind_outside_intf_util_min, ddet_ind_outside_intf_util_max, ddet_ind_frag_rate_current, ddet_ind_frag_rate_min, ddet_ind_frag_rate_max, ddet_ind_bit_rate_current, ddet_ind_bit_rate_min, ddet_ind_bit_rate_max .. _1278_dst_entry-list_port-list_progression-tracking: dst_entry-list_port-list_progression-tracking ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_entry-list_port-list_topk-sources: dst_entry-list_port-list_topk-sources ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_entry-list_port-list_ip-filtering-policy-oper: dst_entry-list_port-list_ip-filtering-policy-oper ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_entry-list_port-list_sflow: dst_entry-list_port-list_sflow ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **polling** **Description:** polling is a **JSON Block**. Please see below for :ref:`1278_dst_entry-list_port-list_sflow_polling` **Type:** Object .. _1278_dst_entry-list_port-list_sflow_polling: dst_entry-list_port-list_sflow_polling ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **sflow-http** **Description** Enable sFlow HTTP counter polling **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **sflow-packets** **Description** Enable sFlow packet-level counter polling **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **sflow-tcp** **Description:** sflow-tcp is a **JSON Block**. Please see below for :ref:`1278_dst_entry-list_port-list_sflow_polling_sflow-tcp` **Type:** Object .. _1278_dst_entry-list_port-list_sflow_polling_sflow-tcp: dst_entry-list_port-list_sflow_polling_sflow-tcp ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **sflow-tcp-basic** **Description** Enable sFlow basic TCP counter polling **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **sflow-tcp-stateful** **Description** Enable sFlow stateful TCP counter polling **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1278_dst_entry-list_port-list_capture-config: dst_entry-list_port-list_capture-config ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **capture-config-mode** **Description** 'drop': Apply capture-config to dropped packets; 'forward': Apply capture-config to forwarded packets; 'all': Apply capture-config to both dropped and forwarded packets; **Type:** string **Supported Values:** drop, forward, all **capture-config-name** **Description** Capture-config name **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1278_dst_entry-list_capture-config-list: dst_entry-list_capture-config-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **mode** **Description** 'drop': Apply capture-config to dropped packets; 'forward': Apply capture-config to forwarded packets; 'all': Apply capture-config to both dropped and forwarded packets; **Type:** string **Supported Values:** drop, forward, all **name** **Description** Capture-config name **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/capture-config ` **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_entry-list_dynamic-entry-overflow-policy-list: dst_entry-list_dynamic-entry-overflow-policy-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **app-type-src-dst-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/dynamic-entry-overflow-policy/{dummy-name}/app-type-src-dst/{protocol} ` **bypass** **Description** Always permit for the Source to bypass all feature & limit checks **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dummy-name** **Description** 'configuration': Configure src dst dynamic entry count overflow policy; **Type:** string **Supported Values:** configuration **exceed-log-cfg** **Description:** exceed-log-cfg is a **JSON Block**. Please see below for :ref:`1278_dst_entry-list_dynamic-entry-overflow-policy-list_exceed-log-cfg` **Type:** Object **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **l4-type-src-dst-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/dynamic-entry-overflow-policy/{dummy-name}/l4-type-src-dst/{protocol} ` **log-periodic** **Description** Enable periodic log while event is continuing **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1278_dst_entry-list_dynamic-entry-overflow-policy-list_template` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_entry-list_dynamic-entry-overflow-policy-list_template: dst_entry-list_dynamic-entry-overflow-policy-list_template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **logging** **Description** DDOS logging template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1278_dst_entry-list_dynamic-entry-overflow-policy-list_app-type-src-dst-list: dst_entry-list_dynamic-entry-overflow-policy-list_app-type-src-dst-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **protocol** **Description** 'dns': dns; 'http': http; 'ssl-l4': ssl-l4; 'sip': sip; **Type:** string **Supported Values:** dns, http, ssl-l4, sip **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1278_dst_entry-list_dynamic-entry-overflow-policy-list_app-type-src-dst-list_template` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_entry-list_dynamic-entry-overflow-policy-list_app-type-src-dst-list_template: dst_entry-list_dynamic-entry-overflow-policy-list_app-type-src-dst-list_template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dns** **Description** DDOS dns template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **http** **Description** DDOS http template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **sip** **Description** DDOS sip template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **ssl-l4** **Description** DDOS SSL-L4 template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1278_dst_entry-list_dynamic-entry-overflow-policy-list_l4-type-src-dst-list: dst_entry-list_dynamic-entry-overflow-policy-list_l4-type-src-dst-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **deny** **Description** Blacklist and Drop all incoming packets for protocol **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **protocol** **Description** 'tcp': tcp; 'udp': udp; 'icmp': icmp; 'other': other; **Type:** string **Supported Values:** tcp, udp, icmp, other **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1278_dst_entry-list_dynamic-entry-overflow-policy-list_l4-type-src-dst-list_template` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_entry-list_dynamic-entry-overflow-policy-list_l4-type-src-dst-list_template: dst_entry-list_dynamic-entry-overflow-policy-list_l4-type-src-dst-list_template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **other** **Description** DDOS OTHER template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **tcp** **Description** DDOS TCP template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **template-icmp-v4** **Description** DDOS icmp-v4 template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **template-icmp-v6** **Description** DDOS icmp-v6 template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **udp** **Description** DDOS UDP template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1278_dst_entry-list_dynamic-entry-overflow-policy-list_exceed-log-cfg: dst_entry-list_dynamic-entry-overflow-policy-list_exceed-log-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **log-enable** **Description** Enable logging of limit exceed drop's **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1278_dst_entry-list_port-range-list: dst_entry-list_port-range-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **capture-config** **Description:** capture-config is a **JSON Block**. Please see below for :ref:`1278_dst_entry-list_port-range-list_capture-config` **Type:** Object **deny** **Description** Blacklist and Drop all incoming packets for protocol **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **detection-enable** **Description** Enable ddos detection **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **enable-top-k** **Description** Enable ddos top-k entries **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **glid-exceed-action** **Description:** glid-exceed-action is a **JSON Block**. Please see below for :ref:`1278_dst_entry-list_port-range-list_glid-exceed-action` **Type:** Object **ip-filtering-policy** **Description** Configure IP Filter **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/ip-filtering-policy ` **ip-filtering-policy-oper** **Description:** ip-filtering-policy-oper is a **JSON Block**. Please see below for :ref:`1278_dst_entry-list_port-range-list_ip-filtering-policy-oper` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/ip-filtering-policy-oper ` **pattern-recognition** **Description:** pattern-recognition is a **JSON Block**. Please see below for :ref:`1278_dst_entry-list_port-range-list_pattern-recognition` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/pattern-recognition ` **pattern-recognition-pu-details** **Description:** pattern-recognition-pu-details is a **JSON Block**. Please see below for :ref:`1278_dst_entry-list_port-range-list_pattern-recognition-pu-details` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/pattern-recognition-pu-details ` **port-ind** **Description:** port-ind is a **JSON Block**. Please see below for :ref:`1278_dst_entry-list_port-range-list_port-ind` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/port-ind ` **port-range-end** **Description** Port-Range End Port Number **Type:** number **Range:** 1-65535 **port-range-start** **Description** Port-Range Start Port Number **Type:** number **Range:** 1-65535 **progression-tracking** **Description:** progression-tracking is a **JSON Block**. Please see below for :ref:`1278_dst_entry-list_port-range-list_progression-tracking` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/progression-tracking ` **protocol** **Description** 'dns-tcp': DNS-TCP Port; 'dns-udp': DNS-UDP Port; 'http': HTTP Port; 'tcp': TCP Port; 'udp': UDP Port; 'ssl-l4': SSL-L4 Port; 'sip-udp': SIP-UDP Port; 'sip-tcp': SIP-TCP Port; **Type:** string **Supported Values:** dns-tcp, dns-udp, http, tcp, udp, ssl-l4, sip-udp, sip-tcp **set-counter-base-val** **Description** Set T2 counter value of current context to specified value **Type:** number **Range:** 1-4294967295 **sflow** **Description:** sflow is a **JSON Block**. Please see below for :ref:`1278_dst_entry-list_port-range-list_sflow` **Type:** Object **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1278_dst_entry-list_port-range-list_template` **Type:** Object **topk-num-records** **Description** Maximum number of records to show in topk **Type:** number **Range:** 1-100 **Default:** 20 **topk-sources** **Description:** topk-sources is a **JSON Block**. Please see below for :ref:`1278_dst_entry-list_port-range-list_topk-sources` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/topk-sources ` **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_entry-list_port-range-list_pattern-recognition: dst_entry-list_port-range-list_pattern-recognition ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **algorithm** **Description** 'heuristic': heuristic algorithm; **Type:** string **Supported Values:** heuristic **filter-inactive-threshold** **Description** Extracted filter inactive threshold **Type:** number **Range:** 5-255 **filter-threshold** **Description** Extracted filter threshold **Type:** number **Range:** 0-100 **mode** **Description** 'capture-never-expire': War-time capture without rate exceeding and never expires; 'manual': Manual mode; **Type:** string **Supported Values:** capture-never-expire, manual **sensitivity** **Description** 'high': High Sensitivity; 'medium': Medium Sensitivity; 'low': Low Sensitivity; **Type:** string **Supported Values:** high, medium, low **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_entry-list_port-range-list_template: dst_entry-list_port-range-list_template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dns** **Description** DDOS dns template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **http** **Description** DDOS http template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **sip** **Description** DDOS sip template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **ssl-l4** **Description** DDOS SSL-L4 template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **tcp** **Description** DDOS tcp template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **udp** **Description** DDOS udp template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1278_dst_entry-list_port-range-list_glid-exceed-action: dst_entry-list_port-range-list_glid-exceed-action ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **stateless-encap-action-cfg** **Description:** stateless-encap-action-cfg is a **JSON Block**. Please see below for :ref:`1278_dst_entry-list_port-range-list_glid-exceed-action_stateless-encap-action-cfg` **Type:** Object .. _1278_dst_entry-list_port-range-list_glid-exceed-action_stateless-encap-action-cfg: dst_entry-list_port-range-list_glid-exceed-action_stateless-encap-action-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **encap-template** **Description** Apply legacy encap template for encap action **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/template/encap ` **stateless-encap-action** **Description** 'stateless-tunnel-encap': Encapsulate all packets; 'stateless-tunnel-encap-scrubbed': Encapsulate all packets and allow packets to go through other DDoS checks before sent (conn-limit exceeded packet can not be scrubbed, it will default to stateless-tunnel-encap); **Type:** string **Supported Values:** stateless-tunnel-encap, stateless-tunnel-encap-scrubbed .. _1278_dst_entry-list_port-range-list_pattern-recognition-pu-details: dst_entry-list_port-range-list_pattern-recognition-pu-details ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_entry-list_port-range-list_port-ind: dst_entry-list_port-range-list_port-ind ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **sampling-enable** **Type:** List **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_entry-list_port-range-list_port-ind_sampling-enable: dst_entry-list_port-range-list_port-ind_sampling-enable ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'ip-proto-type': IP Protocol Type; 'ddet_ind_pkt_rate_current': Pkt Rate Current; 'ddet_ind_pkt_rate_min': Pkt Rate Min; 'ddet_ind_pkt_rate_max': Pkt Rate Max; 'ddet_ind_pkt_drop_rate_current': Pkt Drop Rate Current; 'ddet_ind_pkt_drop_rate_min': Pkt Drop Rate Min; 'ddet_ind_pkt_drop_rate_max': Pkt Drop Rate Max; 'ddet_ind_syn_rate_current': TCP SYN Rate Current; 'ddet_ind_syn_rate_min': TCP SYN Rate Min; 'ddet_ind_syn_rate_max': TCP SYN Rate Max; 'ddet_ind_fin_rate_current': TCP FIN Rate Current; 'ddet_ind_fin_rate_min': TCP FIN Rate Min; 'ddet_ind_fin_rate_max': TCP FIN Rate Max; 'ddet_ind_rst_rate_current': TCP RST Rate Current; 'ddet_ind_rst_rate_min': TCP RST Rate Min; 'ddet_ind_rst_rate_max': TCP RST Rate Max; 'ddet_ind_small_window_ack_rate_current': TCP Small Window ACK Rate Current; 'ddet_ind_small_window_ack_rate_min': TCP Small Window ACK Rate Min; 'ddet_ind_small_window_ack_rate_max': TCP Small Window ACK Rate Max; 'ddet_ind_empty_ack_rate_current': TCP Empty ACK Rate Current; 'ddet_ind_empty_ack_rate_min': TCP Empty ACK Rate Min; 'ddet_ind_empty_ack_rate_max': TCP Empty ACK Rate Max; 'ddet_ind_small_payload_rate_current': TCP Small Payload Rate Current; 'ddet_ind_small_payload_rate_min': TCP Small Payload Rate Min; 'ddet_ind_small_payload_rate_max': TCP Small Payload Rate Max; 'ddet_ind_pkt_drop_ratio_current': Pkt Drop / Pkt Rcvd Current; 'ddet_ind_pkt_drop_ratio_min': Pkt Drop / Pkt Rcvd Min; 'ddet_ind_pkt_drop_ratio_max': Pkt Drop / Pkt Rcvd Max; 'ddet_ind_inb_per_outb_current': Bytes-to / Bytes-from Current; 'ddet_ind_inb_per_outb_min': Bytes-to / Bytes-from Min; 'ddet_ind_inb_per_outb_max': Bytes-to / Bytes-from Max; 'ddet_ind_syn_per_fin_rate_current': TCP SYN Rate / FIN Rate Current; 'ddet_ind_syn_per_fin_rate_min': TCP SYN Rate / FIN Rate Min; 'ddet_ind_syn_per_fin_rate_max': TCP SYN Rate / FIN Rate Max; 'ddet_ind_conn_miss_rate_current': TCP Session Miss Rate Current; 'ddet_ind_conn_miss_rate_min': TCP Session Miss Rate Min; 'ddet_ind_conn_miss_rate_max': TCP Session Miss Rate Max; 'ddet_ind_concurrent_conns_current': TCP/UDP Concurrent Sessions Current; 'ddet_ind_concurrent_conns_min': TCP/UDP Concurrent Sessions Min; 'ddet_ind_concurrent_conns_max': TCP/UDP Concurrent Sessions Max; 'ddet_ind_data_cpu_util_current': Data CPU Utilization Current; 'ddet_ind_data_cpu_util_min': Data CPU Utilization Min; 'ddet_ind_data_cpu_util_max': Data CPU Utilization Max; 'ddet_ind_outside_intf_util_current': Outside Interface Utilization Current; 'ddet_ind_outside_intf_util_min': Outside Interface Utilization Min; 'ddet_ind_outside_intf_util_max': Outside Interface Utilization Max; 'ddet_ind_frag_rate_current': Frag Pkt Rate Current; 'ddet_ind_frag_rate_min': Frag Pkt Rate Min; 'ddet_ind_frag_rate_max': Frag Pkt Rate Max; 'ddet_ind_bit_rate_current': Bit Rate Current; 'ddet_ind_bit_rate_min': Bit Rate Min; 'ddet_ind_bit_rate_max': Bit Rate Max; **Type:** string **Supported Values:** all, ip-proto-type, ddet_ind_pkt_rate_current, ddet_ind_pkt_rate_min, ddet_ind_pkt_rate_max, ddet_ind_pkt_drop_rate_current, ddet_ind_pkt_drop_rate_min, ddet_ind_pkt_drop_rate_max, ddet_ind_syn_rate_current, ddet_ind_syn_rate_min, ddet_ind_syn_rate_max, ddet_ind_fin_rate_current, ddet_ind_fin_rate_min, ddet_ind_fin_rate_max, ddet_ind_rst_rate_current, ddet_ind_rst_rate_min, ddet_ind_rst_rate_max, ddet_ind_small_window_ack_rate_current, ddet_ind_small_window_ack_rate_min, ddet_ind_small_window_ack_rate_max, ddet_ind_empty_ack_rate_current, ddet_ind_empty_ack_rate_min, ddet_ind_empty_ack_rate_max, ddet_ind_small_payload_rate_current, ddet_ind_small_payload_rate_min, ddet_ind_small_payload_rate_max, ddet_ind_pkt_drop_ratio_current, ddet_ind_pkt_drop_ratio_min, ddet_ind_pkt_drop_ratio_max, ddet_ind_inb_per_outb_current, ddet_ind_inb_per_outb_min, ddet_ind_inb_per_outb_max, ddet_ind_syn_per_fin_rate_current, ddet_ind_syn_per_fin_rate_min, ddet_ind_syn_per_fin_rate_max, ddet_ind_conn_miss_rate_current, ddet_ind_conn_miss_rate_min, ddet_ind_conn_miss_rate_max, ddet_ind_concurrent_conns_current, ddet_ind_concurrent_conns_min, ddet_ind_concurrent_conns_max, ddet_ind_data_cpu_util_current, ddet_ind_data_cpu_util_min, ddet_ind_data_cpu_util_max, ddet_ind_outside_intf_util_current, ddet_ind_outside_intf_util_min, ddet_ind_outside_intf_util_max, ddet_ind_frag_rate_current, ddet_ind_frag_rate_min, ddet_ind_frag_rate_max, ddet_ind_bit_rate_current, ddet_ind_bit_rate_min, ddet_ind_bit_rate_max .. _1278_dst_entry-list_port-range-list_progression-tracking: dst_entry-list_port-range-list_progression-tracking ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_entry-list_port-range-list_topk-sources: dst_entry-list_port-range-list_topk-sources ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_entry-list_port-range-list_ip-filtering-policy-oper: dst_entry-list_port-range-list_ip-filtering-policy-oper ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_entry-list_port-range-list_sflow: dst_entry-list_port-range-list_sflow ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **polling** **Description:** polling is a **JSON Block**. Please see below for :ref:`1278_dst_entry-list_port-range-list_sflow_polling` **Type:** Object .. _1278_dst_entry-list_port-range-list_sflow_polling: dst_entry-list_port-range-list_sflow_polling ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **sflow-http** **Description** Enable sFlow HTTP counter polling **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **sflow-packets** **Description** Enable sFlow packet-level counter polling **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **sflow-tcp** **Description:** sflow-tcp is a **JSON Block**. Please see below for :ref:`1278_dst_entry-list_port-range-list_sflow_polling_sflow-tcp` **Type:** Object .. _1278_dst_entry-list_port-range-list_sflow_polling_sflow-tcp: dst_entry-list_port-range-list_sflow_polling_sflow-tcp ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **sflow-tcp-basic** **Description** Enable sFlow basic TCP counter polling **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **sflow-tcp-stateful** **Description** Enable sFlow stateful TCP counter polling **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1278_dst_entry-list_port-range-list_capture-config: dst_entry-list_port-range-list_capture-config ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **capture-config-mode** **Description** 'drop': Apply capture-config to dropped packets; 'forward': Apply capture-config to forwarded packets; 'all': Apply capture-config to both dropped and forwarded packets; **Type:** string **Supported Values:** drop, forward, all **capture-config-name** **Description** Capture-config name **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1278_dst_entry-list_hw-blacklist-blocking: dst_entry-list_hw-blacklist-blocking ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dst-enable** **Description** Enable Dst side hardware blocking **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **src-enable** **Description** Enable Src side hardware blocking **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_entry-list_src-dst-pair-class-list-list: dst_entry-list_src-dst-pair-class-list-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **app-type-src-dst-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair-class-list/{class-list-name}/app-type-src-dst/{protocol} ` **cid-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair-class-list/{class-list-name}/cid/{cid-num} ` **class-list-name** **Description** Class-list name **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **exceed-log-cfg** **Description:** exceed-log-cfg is a **JSON Block**. Please see below for :ref:`1278_dst_entry-list_src-dst-pair-class-list-list_exceed-log-cfg` **Type:** Object **l4-type-src-dst-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair-class-list/{class-list-name}/l4-type-src-dst/{protocol} ` **log-periodic** **Description** Enable periodic log while event is continuing **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_entry-list_src-dst-pair-class-list-list_cid-list: dst_entry-list_src-dst-pair-class-list-list_cid-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **app-type-src-dst-cid-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair-class-list/{class-list-name}/cid/{cid-num}/app-type-src-dst-cid/{protocol} ` **cid-num** **Description** Class-list id **Type:** number **Range:** 1-32 **exceed-log-cfg** **Description:** exceed-log-cfg is a **JSON Block**. Please see below for :ref:`1278_dst_entry-list_src-dst-pair-class-list-list_cid-list_exceed-log-cfg` **Type:** Object **l4-type-src-dst-cid-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair-class-list/{class-list-name}/cid/{cid-num}/l4-type-src-dst-cid/{protocol} ` **log-periodic** **Description** Enable periodic log while event is continuing **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_entry-list_src-dst-pair-class-list-list_cid-list_app-type-src-dst-cid-list: dst_entry-list_src-dst-pair-class-list-list_cid-list_app-type-src-dst-cid-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **protocol** **Description** 'dns': dns; 'http': http; 'ssl-l4': ssl-l4; 'sip': sip; **Type:** string **Supported Values:** dns, http, ssl-l4, sip **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1278_dst_entry-list_src-dst-pair-class-list-list_cid-list_app-type-src-dst-cid-list_template` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_entry-list_src-dst-pair-class-list-list_cid-list_app-type-src-dst-cid-list_template: dst_entry-list_src-dst-pair-class-list-list_cid-list_app-type-src-dst-cid-list_template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dns** **Description** DDOS dns template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **http** **Description** DDOS http template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **sip** **Description** DDOS sip template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **ssl-l4** **Description** DDOS SSL-L4 template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1278_dst_entry-list_src-dst-pair-class-list-list_cid-list_l4-type-src-dst-cid-list: dst_entry-list_src-dst-pair-class-list-list_cid-list_l4-type-src-dst-cid-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **deny** **Description** Blacklist and Drop all incoming packets for protocol **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **protocol** **Description** 'tcp': tcp; 'udp': udp; 'icmp': icmp; 'other': other; **Type:** string **Supported Values:** tcp, udp, icmp, other **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1278_dst_entry-list_src-dst-pair-class-list-list_cid-list_l4-type-src-dst-cid-list_template` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_entry-list_src-dst-pair-class-list-list_cid-list_l4-type-src-dst-cid-list_template: dst_entry-list_src-dst-pair-class-list-list_cid-list_l4-type-src-dst-cid-list_template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **other** **Description** DDOS OTHER template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **tcp** **Description** DDOS TCP template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **template-icmp-v4** **Description** DDOS icmp-v4 template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **template-icmp-v6** **Description** DDOS icmp-v6 template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **udp** **Description** DDOS UDP template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1278_dst_entry-list_src-dst-pair-class-list-list_cid-list_exceed-log-cfg: dst_entry-list_src-dst-pair-class-list-list_cid-list_exceed-log-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **log-enable** **Description** Enable logging of limit exceed drop's **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1278_dst_entry-list_src-dst-pair-class-list-list_app-type-src-dst-list: dst_entry-list_src-dst-pair-class-list-list_app-type-src-dst-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **protocol** **Description** 'dns': dns; 'http': http; 'ssl-l4': ssl-l4; 'sip': sip; **Type:** string **Supported Values:** dns, http, ssl-l4, sip **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1278_dst_entry-list_src-dst-pair-class-list-list_app-type-src-dst-list_template` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_entry-list_src-dst-pair-class-list-list_app-type-src-dst-list_template: dst_entry-list_src-dst-pair-class-list-list_app-type-src-dst-list_template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dns** **Description** DDOS dns template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **http** **Description** DDOS http template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **sip** **Description** DDOS sip template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **ssl-l4** **Description** DDOS SSL-L4 template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1278_dst_entry-list_src-dst-pair-class-list-list_l4-type-src-dst-list: dst_entry-list_src-dst-pair-class-list-list_l4-type-src-dst-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **deny** **Description** Blacklist and Drop all incoming packets for protocol **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **protocol** **Description** 'tcp': tcp; 'udp': udp; 'icmp': icmp; 'other': other; **Type:** string **Supported Values:** tcp, udp, icmp, other **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1278_dst_entry-list_src-dst-pair-class-list-list_l4-type-src-dst-list_template` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_entry-list_src-dst-pair-class-list-list_l4-type-src-dst-list_template: dst_entry-list_src-dst-pair-class-list-list_l4-type-src-dst-list_template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **other** **Description** DDOS OTHER template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **tcp** **Description** DDOS TCP template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **template-icmp-v4** **Description** DDOS icmp-v4 template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **template-icmp-v6** **Description** DDOS icmp-v6 template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **udp** **Description** DDOS UDP template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1278_dst_entry-list_src-dst-pair-class-list-list_exceed-log-cfg: dst_entry-list_src-dst-pair-class-list-list_exceed-log-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **log-enable** **Description** Enable logging of limit exceed drop's **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1278_dst_entry-list_template: dst_entry-list_template ^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **logging** **Description** DDOS logging template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1278_dst_entry-list_glid-exceed-action: dst_entry-list_glid-exceed-action ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **stateless-encap-action-cfg** **Description:** stateless-encap-action-cfg is a **JSON Block**. Please see below for :ref:`1278_dst_entry-list_glid-exceed-action_stateless-encap-action-cfg` **Type:** Object .. _1278_dst_entry-list_glid-exceed-action_stateless-encap-action-cfg: dst_entry-list_glid-exceed-action_stateless-encap-action-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **encap-template** **Description** Apply legacy encap template for encap action **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/template/encap ` **stateless-encap-action** **Description** 'stateless-tunnel-encap': Encapsulate all packets; 'stateless-tunnel-encap-scrubbed': Encapsulate all packets and allow packets to go through other DDoS checks before sent (conn-limit exceeded packet can not be scrubbed, it will default to stateless-tunnel-encap); **Type:** string **Supported Values:** stateless-tunnel-encap, stateless-tunnel-encap-scrubbed .. _1278_dst_entry-list_l4-type-list: dst_entry-list_l4-type-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **deny** **Description** Blacklist and Drop all incoming packets for protocol **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **detection-enable** **Description** Enable ddos detection **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **disable-syn-auth** **Description** Disable TCP SYN Authentication **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **drop-frag-pkt** **Description** Drop fragmented packets **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **drop-on-no-port-match** **Description** 'disable': disable; 'enable': enable; **Type:** string **Supported Values:** disable, enable **Default:** enable **enable-top-k** **Description** Enable ddos top-k entries **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **glid-exceed-action** **Description:** glid-exceed-action is a **JSON Block**. Please see below for :ref:`1278_dst_entry-list_l4-type-list_glid-exceed-action` **Type:** Object **ip-filtering-policy** **Description** Configure IP Filter **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/ip-filtering-policy ` **ip-filtering-policy-oper** **Description:** ip-filtering-policy-oper is a **JSON Block**. Please see below for :ref:`1278_dst_entry-list_l4-type-list_ip-filtering-policy-oper` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/l4-type/{protocol}/ip-filtering-policy-oper ` **max-rexmit-syn-per-flow** **Description** Maximum number of re-transmit SYN per flow **Type:** number **Range:** 1-6 **max-rexmit-syn-per-flow-exceed-action** **Description** 'drop': Drop the packet; 'black-list': Add the source IP into black list; **Type:** string **Supported Values:** drop, black-list **port-ind** **Description:** port-ind is a **JSON Block**. Please see below for :ref:`1278_dst_entry-list_l4-type-list_port-ind` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/l4-type/{protocol}/port-ind ` **progression-tracking** **Description:** progression-tracking is a **JSON Block**. Please see below for :ref:`1278_dst_entry-list_l4-type-list_progression-tracking` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/l4-type/{protocol}/progression-tracking ` **protocol** **Description** 'tcp': L4-Type TCP; 'udp': L4-Type UDP; 'icmp': L4-Type ICMP; 'other': L4-Type OTHER; **Type:** string **Supported Values:** tcp, udp, icmp, other **set-counter-base-val** **Description** Set T2 counter value of current context to specified value **Type:** number **Range:** 1-4294967295 **stateful** **Description** Enable stateful tracking of sessions (Default is stateless) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **syn-auth** **Description** 'send-rst': Send RST to client upon client ACK; 'force-rst-by-ack': Force client RST via the use of ACK; 'force-rst-by-synack': Force client RST via the use of bad SYN|ACK; 'disable': Disable TCP SYN Authentication; **Type:** string **Supported Values:** send-rst, force-rst-by-ack, force-rst-by-synack, disable **Default:** send-rst **syn-cookie** **Description** Enable SYN Cookie **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **tcp-reset-client** **Description** Send reset to client when rate exceeds or session ages out **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **tcp-reset-server** **Description** Send reset to server when rate exceeds or session ages out **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1278_dst_entry-list_l4-type-list_template` **Type:** Object **topk-num-records** **Description** Maximum number of records to show in topk **Type:** number **Range:** 1-100 **Default:** 20 **topk-sources** **Description:** topk-sources is a **JSON Block**. Please see below for :ref:`1278_dst_entry-list_l4-type-list_topk-sources` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/l4-type/{protocol}/topk-sources ` **tunnel-decap** **Description:** tunnel-decap is a **JSON Block**. Please see below for :ref:`1278_dst_entry-list_l4-type-list_tunnel-decap` **Type:** Object **tunnel-rate-limit** **Description:** tunnel-rate-limit is a **JSON Block**. Please see below for :ref:`1278_dst_entry-list_l4-type-list_tunnel-rate-limit` **Type:** Object **undefined-port-hit-statistics** **Description:** undefined-port-hit-statistics is a **JSON Block**. Please see below for :ref:`1278_dst_entry-list_l4-type-list_undefined-port-hit-statistics` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_entry-list_l4-type-list_undefined-port-hit-statistics: dst_entry-list_l4-type-list_undefined-port-hit-statistics ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **reset-interval** **Description** Configure port scanning counter reset interval (minutes), Default 60 mins **Type:** number **Range:** 1-64000 **Default:** 60 **undefined-port-hit-statistics** **Description** Enable port scanning statistics **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1278_dst_entry-list_l4-type-list_template: dst_entry-list_l4-type-list_template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **template-icmp-v4** **Description** DDOS icmp-v4 template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **template-icmp-v6** **Description** DDOS icmp-v6 template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1278_dst_entry-list_l4-type-list_glid-exceed-action: dst_entry-list_l4-type-list_glid-exceed-action ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **stateless-encap-action-cfg** **Description:** stateless-encap-action-cfg is a **JSON Block**. Please see below for :ref:`1278_dst_entry-list_l4-type-list_glid-exceed-action_stateless-encap-action-cfg` **Type:** Object .. _1278_dst_entry-list_l4-type-list_glid-exceed-action_stateless-encap-action-cfg: dst_entry-list_l4-type-list_glid-exceed-action_stateless-encap-action-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **encap-template** **Description** Apply legacy encap template for encap action **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/template/encap ` **stateless-encap-action** **Description** 'stateless-tunnel-encap': Encapsulate all packets; 'stateless-tunnel-encap-scrubbed': Encapsulate all packets and allow packets to go through other DDoS checks before sent (conn-limit exceeded packet can not be scrubbed, it will default to stateless-tunnel-encap); **Type:** string **Supported Values:** stateless-tunnel-encap, stateless-tunnel-encap-scrubbed .. _1278_dst_entry-list_l4-type-list_tunnel-decap: dst_entry-list_l4-type-list_tunnel-decap ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **gre-decap** **Description** Enable GRE Tunnel decapsulation **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **ip-decap** **Description** Enable IP Tunnel decapsulation **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **key-cfg** **Type:** List .. _1278_dst_entry-list_l4-type-list_tunnel-decap_key-cfg: dst_entry-list_l4-type-list_tunnel-decap_key-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **key** **Description** Only decapsulate GRE packet with this key (Hexadecimal 0x0-0xFFFFFFFF,decimal 0-4294967295) **Type:** string **Maximum Length:** 10 characters **Maximum Length:** 1 characters .. _1278_dst_entry-list_l4-type-list_port-ind: dst_entry-list_l4-type-list_port-ind ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **sampling-enable** **Type:** List **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_entry-list_l4-type-list_port-ind_sampling-enable: dst_entry-list_l4-type-list_port-ind_sampling-enable ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'ip-proto-type': IP Protocol Type; 'ddet_ind_pkt_rate_current': Pkt Rate Current; 'ddet_ind_pkt_rate_min': Pkt Rate Min; 'ddet_ind_pkt_rate_max': Pkt Rate Max; 'ddet_ind_pkt_drop_rate_current': Pkt Drop Rate Current; 'ddet_ind_pkt_drop_rate_min': Pkt Drop Rate Min; 'ddet_ind_pkt_drop_rate_max': Pkt Drop Rate Max; 'ddet_ind_syn_rate_current': TCP SYN Rate Current; 'ddet_ind_syn_rate_min': TCP SYN Rate Min; 'ddet_ind_syn_rate_max': TCP SYN Rate Max; 'ddet_ind_fin_rate_current': TCP FIN Rate Current; 'ddet_ind_fin_rate_min': TCP FIN Rate Min; 'ddet_ind_fin_rate_max': TCP FIN Rate Max; 'ddet_ind_rst_rate_current': TCP RST Rate Current; 'ddet_ind_rst_rate_min': TCP RST Rate Min; 'ddet_ind_rst_rate_max': TCP RST Rate Max; 'ddet_ind_small_window_ack_rate_current': TCP Small Window ACK Rate Current; 'ddet_ind_small_window_ack_rate_min': TCP Small Window ACK Rate Min; 'ddet_ind_small_window_ack_rate_max': TCP Small Window ACK Rate Max; 'ddet_ind_empty_ack_rate_current': TCP Empty ACK Rate Current; 'ddet_ind_empty_ack_rate_min': TCP Empty ACK Rate Min; 'ddet_ind_empty_ack_rate_max': TCP Empty ACK Rate Max; 'ddet_ind_small_payload_rate_current': TCP Small Payload Rate Current; 'ddet_ind_small_payload_rate_min': TCP Small Payload Rate Min; 'ddet_ind_small_payload_rate_max': TCP Small Payload Rate Max; 'ddet_ind_pkt_drop_ratio_current': Pkt Drop / Pkt Rcvd Current; 'ddet_ind_pkt_drop_ratio_min': Pkt Drop / Pkt Rcvd Min; 'ddet_ind_pkt_drop_ratio_max': Pkt Drop / Pkt Rcvd Max; 'ddet_ind_inb_per_outb_current': Bytes-to / Bytes-from Current; 'ddet_ind_inb_per_outb_min': Bytes-to / Bytes-from Min; 'ddet_ind_inb_per_outb_max': Bytes-to / Bytes-from Max; 'ddet_ind_syn_per_fin_rate_current': TCP SYN Rate / FIN Rate Current; 'ddet_ind_syn_per_fin_rate_min': TCP SYN Rate / FIN Rate Min; 'ddet_ind_syn_per_fin_rate_max': TCP SYN Rate / FIN Rate Max; 'ddet_ind_conn_miss_rate_current': TCP Session Miss Rate Current; 'ddet_ind_conn_miss_rate_min': TCP Session Miss Rate Min; 'ddet_ind_conn_miss_rate_max': TCP Session Miss Rate Max; 'ddet_ind_concurrent_conns_current': TCP/UDP Concurrent Sessions Current; 'ddet_ind_concurrent_conns_min': TCP/UDP Concurrent Sessions Min; 'ddet_ind_concurrent_conns_max': TCP/UDP Concurrent Sessions Max; 'ddet_ind_data_cpu_util_current': Data CPU Utilization Current; 'ddet_ind_data_cpu_util_min': Data CPU Utilization Min; 'ddet_ind_data_cpu_util_max': Data CPU Utilization Max; 'ddet_ind_outside_intf_util_current': Outside Interface Utilization Current; 'ddet_ind_outside_intf_util_min': Outside Interface Utilization Min; 'ddet_ind_outside_intf_util_max': Outside Interface Utilization Max; 'ddet_ind_frag_rate_current': Frag Pkt Rate Current; 'ddet_ind_frag_rate_min': Frag Pkt Rate Min; 'ddet_ind_frag_rate_max': Frag Pkt Rate Max; 'ddet_ind_bit_rate_current': Bit Rate Current; 'ddet_ind_bit_rate_min': Bit Rate Min; 'ddet_ind_bit_rate_max': Bit Rate Max; **Type:** string **Supported Values:** all, ip-proto-type, ddet_ind_pkt_rate_current, ddet_ind_pkt_rate_min, ddet_ind_pkt_rate_max, ddet_ind_pkt_drop_rate_current, ddet_ind_pkt_drop_rate_min, ddet_ind_pkt_drop_rate_max, ddet_ind_syn_rate_current, ddet_ind_syn_rate_min, ddet_ind_syn_rate_max, ddet_ind_fin_rate_current, ddet_ind_fin_rate_min, ddet_ind_fin_rate_max, ddet_ind_rst_rate_current, ddet_ind_rst_rate_min, ddet_ind_rst_rate_max, ddet_ind_small_window_ack_rate_current, ddet_ind_small_window_ack_rate_min, ddet_ind_small_window_ack_rate_max, ddet_ind_empty_ack_rate_current, ddet_ind_empty_ack_rate_min, ddet_ind_empty_ack_rate_max, ddet_ind_small_payload_rate_current, ddet_ind_small_payload_rate_min, ddet_ind_small_payload_rate_max, ddet_ind_pkt_drop_ratio_current, ddet_ind_pkt_drop_ratio_min, ddet_ind_pkt_drop_ratio_max, ddet_ind_inb_per_outb_current, ddet_ind_inb_per_outb_min, ddet_ind_inb_per_outb_max, ddet_ind_syn_per_fin_rate_current, ddet_ind_syn_per_fin_rate_min, ddet_ind_syn_per_fin_rate_max, ddet_ind_conn_miss_rate_current, ddet_ind_conn_miss_rate_min, ddet_ind_conn_miss_rate_max, ddet_ind_concurrent_conns_current, ddet_ind_concurrent_conns_min, ddet_ind_concurrent_conns_max, ddet_ind_data_cpu_util_current, ddet_ind_data_cpu_util_min, ddet_ind_data_cpu_util_max, ddet_ind_outside_intf_util_current, ddet_ind_outside_intf_util_min, ddet_ind_outside_intf_util_max, ddet_ind_frag_rate_current, ddet_ind_frag_rate_min, ddet_ind_frag_rate_max, ddet_ind_bit_rate_current, ddet_ind_bit_rate_min, ddet_ind_bit_rate_max .. _1278_dst_entry-list_l4-type-list_topk-sources: dst_entry-list_l4-type-list_topk-sources ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_entry-list_l4-type-list_ip-filtering-policy-oper: dst_entry-list_l4-type-list_ip-filtering-policy-oper ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_entry-list_l4-type-list_tunnel-rate-limit: dst_entry-list_l4-type-list_tunnel-rate-limit ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **gre-rate-limit** **Description** Enable inner IP rate limiting on GRE traffic **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **ip-rate-limit** **Description** Enable inner IP rate limiting on IPinIP traffic **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1278_dst_entry-list_l4-type-list_progression-tracking: dst_entry-list_l4-type-list_progression-tracking ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_entry-list_topk-destinations: dst_entry-list_topk-destinations ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_entry-list_src-dst-pair-settings-list: dst_entry-list_src-dst-pair-settings-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **age** **Description** Idle age for ip entry **Type:** number **Range:** 2-1023 **Default:** 5 **all-types** **Description** 'all-types': Settings for all types (default or class-list); **Type:** string **Supported Values:** all-types **apply-policy-on-overflow** **Description** Enable this flag to apply overflow policy when dynamic entry count overflows **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **enable-class-list-overflow** **Description** Apply class-list overflow policy upon exceeding dynamic entry count specified for DST entry or each class-list **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **l4-type-src-dst-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair-settings/{all-types}/l4-type-src-dst/{protocol} ` **max-dynamic-entry-count** **Description** Maximum count for dynamic src-dst entry **Type:** number **Range:** 0-2147483647 **src-prefix-len** **Description** Specify src prefix length for IPv6 (default: not set) **Type:** number **Range:** 32-127 **unlimited-dynamic-entry-count** **Description** No limit for maximum dynamic src entry count **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_entry-list_src-dst-pair-settings-list_l4-type-src-dst-list: dst_entry-list_src-dst-pair-settings-list_l4-type-src-dst-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **apply-policy-on-overflow** **Description** Enable this flag to apply overflow policy when dynamic entry count overflows **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **max-dynamic-entry-count** **Description** Maximum count for dynamic src-dst entry **Type:** number **Range:** 0-2147483647 **protocol** **Description** 'tcp': tcp; 'udp': udp; 'icmp': icmp; 'other': other; **Type:** string **Supported Values:** tcp, udp, icmp, other **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_entry-list_src-port-range-list: dst_entry-list_src-port-range-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **deny** **Description** Blacklist and Drop all incoming packets for protocol **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **protocol** **Description** 'udp': UDP Port; 'tcp': TCP Port; **Type:** string **Supported Values:** udp, tcp **set-counter-base-val** **Description** Set T2 counter value of current context to specified value **Type:** number **Range:** 1-4294967295 **src-port-range-end** **Description** Src Port-Range End Port Number **Type:** number **Range:** 2-65535 **src-port-range-start** **Description** Src Port-Range Start Port Number **Type:** number **Range:** 1-65535 **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1278_dst_entry-list_src-port-range-list_template` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_entry-list_src-port-range-list_template: dst_entry-list_src-port-range-list_template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **src-tcp** **Description** DDOS tcp src template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **src-udp** **Description** DDOS udp src template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1278_dst_entry-list_ip-proto-list: dst_entry-list_ip-proto-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **deny** **Description** Blacklist and Drop all incoming packets for protocol **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **esp-inspect** **Description:** esp-inspect is a **JSON Block**. Please see below for :ref:`1278_dst_entry-list_ip-proto-list_esp-inspect` **Type:** Object **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **glid-exceed-action** **Description:** glid-exceed-action is a **JSON Block**. Please see below for :ref:`1278_dst_entry-list_ip-proto-list_glid-exceed-action` **Type:** Object **ip-filtering-policy** **Description** Configure IP Filter **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/ip-filtering-policy ` **ip-filtering-policy-oper** **Description:** ip-filtering-policy-oper is a **JSON Block**. Please see below for :ref:`1278_dst_entry-list_ip-proto-list_ip-filtering-policy-oper` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/ip-proto/{port-num}/ip-filtering-policy-oper ` **port-num** **Description** Protocol Number **Type:** number **Range:** 0-255 **set-counter-base-val** **Description** Set T2 counter value of current context to specified value **Type:** number **Range:** 1-4294967295 **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1278_dst_entry-list_ip-proto-list_template` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_entry-list_ip-proto-list_esp-inspect: dst_entry-list_ip-proto-list_esp-inspect ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **auth-algorithm** **Description** 'AUTH_NULL': No Integrity Check Value; 'HMAC-SHA-1-96': 96 bit Auth Algo; 'HMAC-SHA-256-96': 96 bit Auth Algo; 'HMAC-SHA-256-128': 128 bit Auth Algo; 'HMAC-SHA-384-192': 192 bit Auth Algo; 'HMAC-SHA-512-256': 256 bit Auth Algo; 'HMAC-MD5-96': 96 bit Auth Algo; 'MAC-RIPEMD-160-96': 96 bit Auth Algo; **Type:** string **Supported Values:** AUTH_NULL, HMAC-SHA-1-96, HMAC-SHA-256-96, HMAC-SHA-256-128, HMAC-SHA-384-192, HMAC-SHA-512-256, HMAC-MD5-96, MAC-RIPEMD-160-96 **encrypt-algorithm** **Description** 'NULL': Null Encryption Algorithm; **Type:** string **Supported Values:** NULL **mode** **Description** 'transport': Transport mode; **Type:** string **Supported Values:** transport .. _1278_dst_entry-list_ip-proto-list_template: dst_entry-list_ip-proto-list_template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **other** **Description** DDOS other template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1278_dst_entry-list_ip-proto-list_glid-exceed-action: dst_entry-list_ip-proto-list_glid-exceed-action ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **stateless-encap-action-cfg** **Description:** stateless-encap-action-cfg is a **JSON Block**. Please see below for :ref:`1278_dst_entry-list_ip-proto-list_glid-exceed-action_stateless-encap-action-cfg` **Type:** Object .. _1278_dst_entry-list_ip-proto-list_glid-exceed-action_stateless-encap-action-cfg: dst_entry-list_ip-proto-list_glid-exceed-action_stateless-encap-action-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **encap-template** **Description** Apply legacy encap template for encap action **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/template/encap ` **stateless-encap-action** **Description** 'stateless-tunnel-encap': Encapsulate all packets; 'stateless-tunnel-encap-scrubbed': Encapsulate all packets and allow packets to go through other DDoS checks before sent (conn-limit exceeded packet can not be scrubbed, it will default to stateless-tunnel-encap); **Type:** string **Supported Values:** stateless-tunnel-encap, stateless-tunnel-encap-scrubbed .. _1278_dst_entry-list_ip-proto-list_ip-filtering-policy-oper: dst_entry-list_ip-proto-list_ip-filtering-policy-oper ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_entry-list_src-port-list: dst_entry-list_src-port-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **deny** **Description** Blacklist and Drop all incoming packets for protocol **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **outbound-src-tracking** **Description** 'enable': enable; 'disable': disable; **Type:** string **Supported Values:** enable, disable **Default:** disable **port-num** **Description** Port Number **Type:** number **Range:** 0-65535 **protocol** **Description** 'dns-udp': DNS-UDP Port; 'dns-tcp': DNS-TCP Port; 'udp': UDP Port; 'tcp': TCP Port; **Type:** string **Supported Values:** dns-udp, dns-tcp, udp, tcp **set-counter-base-val** **Description** Set T2 counter value of current context to specified value **Type:** number **Range:** 1-4294967295 **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1278_dst_entry-list_src-port-list_template` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_entry-list_src-port-list_template: dst_entry-list_src-port-list_template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **src-dns** **Description** DDOS dns src template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **src-tcp** **Description** DDOS tcp src template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **src-udp** **Description** DDOS udp src template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1278_dst_entry-list_exceed-log-cfg: dst_entry-list_exceed-log-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **log-enable** **Description** Enable logging of limit exceed drop's **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **log-high-frequency** **Description** Enable High frequency logging for non-event logs per entry **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **log-with-sflow** **Description** Turn on sflow sample with log **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **rate-limit** **Description** Rate limit per second per entry(Default : 1 per second) **Type:** number **Range:** 1-1000 **Default:** 1 .. _1278_dst_entry-list_sflow: dst_entry-list_sflow ^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **collector** **Type:** List **polling** **Description:** polling is a **JSON Block**. Please see below for :ref:`1278_dst_entry-list_sflow_polling` **Type:** Object .. _1278_dst_entry-list_sflow_collector: dst_entry-list_sflow_collector ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **sflow-name** **Description** Name of configured custom sFlow collector **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/sflow/collector/custom ` .. _1278_dst_entry-list_sflow_polling: dst_entry-list_sflow_polling ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **sflow-http** **Description** Enable sFlow HTTP counter polling. WARNING: Entry level Sflow polling might induce heavy CPU load depending on the total number **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **sflow-layer-4** **Description** Enable sFlow Layer 4 counter polling. WARNING: Entry level Sflow polling might induce heavy CPU load depending on the total num **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **sflow-packets** **Description** Enable sFlow packet-level counter polling. WARNING: Entry level Sflow polling might induce heavy CPU load depending on the tota **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **sflow-tcp** **Description:** sflow-tcp is a **JSON Block**. Please see below for :ref:`1278_dst_entry-list_sflow_polling_sflow-tcp` **Type:** Object **sflow-undef-port-hit-stats** **Description** Enable sFlow undefined-port-hit-statistics polling **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **sflow-undef-port-hit-stats-brief** **Description** Enable sFlow undefined-port-hit-statistics polling in brief mode **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1278_dst_entry-list_sflow_polling_sflow-tcp: dst_entry-list_sflow_polling_sflow-tcp ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **sflow-tcp-basic** **Description** Enable sFlow basic TCP counter polling. WARNING: Entry level Sflow polling might induce heavy CPU load depending on the total n **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **sflow-tcp-stateful** **Description** Enable sFlow stateful TCP counter polling. WARNING: Entry level Sflow polling might induce heavy CPU load depending on the tota **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1278_dst_entry-list_src-dst-pair: dst_entry-list_src-dst-pair ^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **app-type-src-dst-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair/app-type-src-dst/{protocol} ` **bypass** **Description** Always permit for the Source to bypass all feature & limit checks **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **default** **Description** Configure default **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exceed-log-cfg** **Description:** exceed-log-cfg is a **JSON Block**. Please see below for :ref:`1278_dst_entry-list_src-dst-pair_exceed-log-cfg` **Type:** Object **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **l4-type-src-dst-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair/l4-type-src-dst/{protocol} ` **log-periodic** **Description** Enable periodic log while event is continuing **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1278_dst_entry-list_src-dst-pair_template` **Type:** Object **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_entry-list_src-dst-pair_template: dst_entry-list_src-dst-pair_template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **logging** **Description** DDOS logging template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1278_dst_entry-list_src-dst-pair_app-type-src-dst-list: dst_entry-list_src-dst-pair_app-type-src-dst-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **protocol** **Description** 'dns': dns; 'http': http; 'ssl-l4': ssl-l4; 'sip': sip; **Type:** string **Supported Values:** dns, http, ssl-l4, sip **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1278_dst_entry-list_src-dst-pair_app-type-src-dst-list_template` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_entry-list_src-dst-pair_app-type-src-dst-list_template: dst_entry-list_src-dst-pair_app-type-src-dst-list_template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dns** **Description** DDOS dns template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **http** **Description** DDOS http template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **sip** **Description** DDOS sip template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **ssl-l4** **Description** DDOS SSL-L4 template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1278_dst_entry-list_src-dst-pair_l4-type-src-dst-list: dst_entry-list_src-dst-pair_l4-type-src-dst-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **deny** **Description** Blacklist and Drop all incoming packets for protocol **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **protocol** **Description** 'tcp': tcp; 'udp': udp; 'icmp': icmp; 'other': other; **Type:** string **Supported Values:** tcp, udp, icmp, other **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1278_dst_entry-list_src-dst-pair_l4-type-src-dst-list_template` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_entry-list_src-dst-pair_l4-type-src-dst-list_template: dst_entry-list_src-dst-pair_l4-type-src-dst-list_template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **other** **Description** DDOS OTHER template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **tcp** **Description** DDOS TCP template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **template-icmp-v4** **Description** DDOS icmp-v4 template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **template-icmp-v6** **Description** DDOS icmp-v6 template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **udp** **Description** DDOS UDP template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1278_dst_entry-list_src-dst-pair_exceed-log-cfg: dst_entry-list_src-dst-pair_exceed-log-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **log-enable** **Description** Enable logging of limit exceed drop's **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1278_dst_entry-list_src-dst-pair-policy-list: dst_entry-list_src-dst-pair-policy-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **policy-class-list-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair-policy/{src-based-policy-name}/policy-class-list/{class-list-name} ` **src-based-policy-name** **Description** Src-based-policy name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_entry-list_src-dst-pair-policy-list_policy-class-list-list: dst_entry-list_src-dst-pair-policy-list_policy-class-list-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **app-type-src-dst-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair-policy/{src-based-policy-name}/policy-class-list/{class-list-name}/app-type-src-dst/{protocol} ` **bypass** **Description** Always permit for the Source to bypass all feature & limit checks **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **class-list-name** **Description** Class-list name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **class-list-overflow-policy-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair-policy/{src-based-policy-name}/policy-class-list/{class-list-name}/class-list-overflow-policy/{dummy-name} ` **exceed-log-cfg** **Description:** exceed-log-cfg is a **JSON Block**. Please see below for :ref:`1278_dst_entry-list_src-dst-pair-policy-list_policy-class-list-list_exceed-log-cfg` **Type:** Object **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **l4-type-src-dst-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair-policy/{src-based-policy-name}/policy-class-list/{class-list-name}/l4-type-src-dst/{protocol} ` **log-periodic** **Description** Enable periodic log while event is continuing **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **max-dynamic-entry-count** **Description** Maximum count for dynamic src-dst entry under class-list **Type:** number **Range:** 0-2147483647 **sampling-enable** **Type:** List **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1278_dst_entry-list_src-dst-pair-policy-list_policy-class-list-list_template` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_entry-list_src-dst-pair-policy-list_policy-class-list-list_template: dst_entry-list_src-dst-pair-policy-list_policy-class-list-list_template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **logging** **Description** DDOS logging template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1278_dst_entry-list_src-dst-pair-policy-list_policy-class-list-list_app-type-src-dst-list: dst_entry-list_src-dst-pair-policy-list_policy-class-list-list_app-type-src-dst-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **protocol** **Description** 'dns': dns; 'http': http; 'ssl-l4': ssl-l4; 'sip': sip; **Type:** string **Supported Values:** dns, http, ssl-l4, sip **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1278_dst_entry-list_src-dst-pair-policy-list_policy-class-list-list_app-type-src-dst-list_template` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_entry-list_src-dst-pair-policy-list_policy-class-list-list_app-type-src-dst-list_template: dst_entry-list_src-dst-pair-policy-list_policy-class-list-list_app-type-src-dst-list_template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dns** **Description** DDOS dns template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **http** **Description** DDOS http template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **sip** **Description** DDOS sip template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **ssl-l4** **Description** DDOS SSL-L4 template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1278_dst_entry-list_src-dst-pair-policy-list_policy-class-list-list_sampling-enable: dst_entry-list_src-dst-pair-policy-list_policy-class-list-list_sampling-enable ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'packet_received': Packets Received; 'packet_dropped': Packets Dropped; 'entry_learned': Entry Learned; 'entry_count_overflow': Entry Count Overflow; **Type:** string **Supported Values:** all, packet_received, packet_dropped, entry_learned, entry_count_overflow .. _1278_dst_entry-list_src-dst-pair-policy-list_policy-class-list-list_l4-type-src-dst-list: dst_entry-list_src-dst-pair-policy-list_policy-class-list-list_l4-type-src-dst-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **deny** **Description** Blacklist and Drop all incoming packets for protocol **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **protocol** **Description** 'tcp': tcp; 'udp': udp; 'icmp': icmp; 'other': other; **Type:** string **Supported Values:** tcp, udp, icmp, other **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1278_dst_entry-list_src-dst-pair-policy-list_policy-class-list-list_l4-type-src-dst-list_template` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_entry-list_src-dst-pair-policy-list_policy-class-list-list_l4-type-src-dst-list_template: dst_entry-list_src-dst-pair-policy-list_policy-class-list-list_l4-type-src-dst-list_template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **other** **Description** DDOS OTHER template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **tcp** **Description** DDOS TCP template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **template-icmp-v4** **Description** DDOS icmp-v4 template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **template-icmp-v6** **Description** DDOS icmp-v6 template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **udp** **Description** DDOS UDP template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1278_dst_entry-list_src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list: dst_entry-list_src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **app-type-src-dst-overflow-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair-policy/{src-based-policy-name}/policy-class-list/{class-list-name}/class-list-overflow-policy/{dummy-name}/app-type-src-dst-overflow/{protocol} ` **bypass** **Description** Always permit for the Source to bypass all feature & limit checks **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dummy-name** **Description** 'configuration': Configure src dst dynamic entry count overflow policy for class-list; **Type:** string **Supported Values:** configuration **exceed-log-cfg** **Description:** exceed-log-cfg is a **JSON Block**. Please see below for :ref:`1278_dst_entry-list_src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list_exceed-log-cfg` **Type:** Object **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **l4-type-src-dst-overflow-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair-policy/{src-based-policy-name}/policy-class-list/{class-list-name}/class-list-overflow-policy/{dummy-name}/l4-type-src-dst-overflow/{protocol} ` **log-periodic** **Description** Enable periodic log while event is continuing **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1278_dst_entry-list_src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list_template` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_entry-list_src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list_template: dst_entry-list_src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list_template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **logging** **Description** DDOS logging template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1278_dst_entry-list_src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list_l4-type-src-dst-overflow-list: dst_entry-list_src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list_l4-type-src-dst-overflow-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **deny** **Description** Blacklist and Drop all incoming packets for protocol **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **protocol** **Description** 'tcp': tcp; 'udp': udp; 'icmp': icmp; 'other': other; **Type:** string **Supported Values:** tcp, udp, icmp, other **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1278_dst_entry-list_src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list_l4-type-src-dst-overflow-list_template` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_entry-list_src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list_l4-type-src-dst-overflow-list_template: dst_entry-list_src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list_l4-type-src-dst-overflow-list_template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **other** **Description** DDOS OTHER template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **tcp** **Description** DDOS TCP template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **template-icmp-v4** **Description** DDOS icmp-v4 template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **template-icmp-v6** **Description** DDOS icmp-v6 template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **udp** **Description** DDOS UDP template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1278_dst_entry-list_src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list_app-type-src-dst-overflow-list: dst_entry-list_src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list_app-type-src-dst-overflow-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **protocol** **Description** 'dns': dns; 'http': http; 'ssl-l4': ssl-l4; 'sip': sip; **Type:** string **Supported Values:** dns, http, ssl-l4, sip **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1278_dst_entry-list_src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list_app-type-src-dst-overflow-list_template` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_entry-list_src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list_app-type-src-dst-overflow-list_template: dst_entry-list_src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list_app-type-src-dst-overflow-list_template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dns** **Description** DDOS dns template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **http** **Description** DDOS http template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **sip** **Description** DDOS sip template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **ssl-l4** **Description** DDOS SSL-L4 template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1278_dst_entry-list_src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list_exceed-log-cfg: dst_entry-list_src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list_exceed-log-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **log-enable** **Description** Enable logging of limit exceed drop's **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1278_dst_entry-list_src-dst-pair-policy-list_policy-class-list-list_exceed-log-cfg: dst_entry-list_src-dst-pair-policy-list_policy-class-list-list_exceed-log-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **log-enable** **Description** Enable logging of limit exceed drop's **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1278_dst_entry-list_sampling-enable: dst_entry-list_sampling-enable ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'dst_tcp_any_exceed': TCP Dst L4-Type Rate: Total Exceeded; 'dst_tcp_pkt_rate_exceed': TCP Dst L4-Type Rate: Packet Exceeded; 'dst_tcp_conn_rate_exceed': TCP Dst L4-Type Rate: Conn Exceeded; 'dst_udp_any_exceed': UDP Dst L4-Type Rate: Total Exceeded; 'dst_udp_pkt_rate_exceed': UDP Dst L4-Type Rate: Packet Exceeded; 'dst_udp_conn_limit_exceed': UDP Dst L4-Type Limit: Conn Exceeded; 'dst_udp_conn_rate_exceed': UDP Dst L4-Type Rate: Conn Exceeded; 'dst_icmp_pkt_rate_exceed': ICMP Dst Rate: Packet Exceeded; 'dst_other_pkt_rate_exceed': OTHER Dst L4-Type Rate: Packet Exceeded; 'dst_other_frag_pkt_rate_exceed': OTHER Dst L4-Type Rate: Frag Exceeded; 'dst_port_pkt_rate_exceed': Port Rate: Packet Exceeded; 'dst_port_conn_limit_exceed': Port Limit: Conn Exceeded; 'dst_port_conn_rate_exceed': Port Rate: Conn Exceeded; 'dst_pkt_sent': Inbound: Packets Forwarded; 'dst_udp_pkt_sent': UDP Total Packets Forwarded; 'dst_tcp_pkt_sent': TCP Total Packets Forwarded; 'dst_icmp_pkt_sent': ICMP Total Packets Forwarded; 'dst_other_pkt_sent': OTHER Total Packets Forwarded; 'dst_tcp_conn_limit_exceed': TCP Dst L4-Type Limit: Conn Exceeded; 'dst_tcp_pkt_rcvd': TCP Total Packets Received; 'dst_udp_pkt_rcvd': UDP Total Packets Received; 'dst_icmp_pkt_rcvd': ICMP Total Packets Received; 'dst_other_pkt_rcvd': OTHER Total Packets Received; 'dst_udp_filter_match': UDP Filter Match; 'dst_udp_filter_not_match': UDP Filter Not Matched on Pkt; 'dst_udp_filter_action_blacklist': UDP Filter Action Blacklist; 'dst_udp_filter_action_drop': UDP Filter Action Drop; 'dst_tcp_syn': TCP Total SYN Received; 'dst_tcp_syn_drop': TCP SYN Packets Dropped; 'dst_tcp_src_rate_drop': TCP Src Rate: Total Exceeded; 'dst_udp_src_rate_drop': UDP Src Rate: Total Exceeded; 'dst_icmp_src_rate_drop': ICMP Src Rate: Total Exceeded; 'dst_other_frag_src_rate_drop': OTHER Src Rate: Frag Exceeded; 'dst_other_src_rate_drop': OTHER Src Rate: Total Exceeded; 'dst_tcp_drop': TCP Total Packets Dropped; 'dst_udp_drop': UDP Total Packets Dropped; 'dst_icmp_drop': ICMP Total Packets Dropped; 'dst_frag_drop': Fragmented Packets Dropped; 'dst_other_drop': OTHER Total Packets Dropped; 'dst_tcp_auth': TCP Auth: SYN Cookie Sent; 'dst_udp_filter_action_default_pass': UDP Filter Action Default Pass; 'dst_tcp_filter_match': TCP Filter Match; 'dst_tcp_filter_not_match': TCP Filter Not Matched on Pkt; 'dst_tcp_filter_action_blacklist': TCP Filter Action Blacklist; 'dst_tcp_filter_action_drop': TCP Filter Action Drop; 'dst_tcp_filter_action_default_pass': TCP Filter Action Default Pass; 'dst_udp_filter_action_whitelist': UDP Filter Action WL; 'dst_over_limit_on': DST overlimit Trigger ON; 'dst_over_limit_off': DST overlimit Trigger OFF; 'dst_port_over_limit_on': DST port overlimit Trigger ON; 'dst_port_over_limit_off': DST port overlimit Trigger OFF; 'dst_over_limit_action': DST overlimit action; 'dst_port_over_limit_action': DST port overlimit action; 'scanning_detected_drop': Scanning Detected drop (deprecated); 'scanning_detected_blacklist': Scanning Detected blacklist (deprecated); 'dst_udp_kibit_rate_drop': UDP Dst L4-Type Rate: KiBit Exceeded; 'dst_tcp_kibit_rate_drop': TCP Dst L4-Type Rate: KiBit Exceeded; 'dst_icmp_kibit_rate_drop': ICMP Dst Rate: KiBit Exceeded; 'dst_other_kibit_rate_drop': OTHER Dst L4-Type Rate: KiBit Exceeded; 'dst_port_undef_drop': Dst Port Undefined Dropped; 'dst_port_bl': Dst Port Blacklist Packets Dropped; 'dst_src_port_bl': Dst SrcPort Blacklist Packets Dropped; 'dst_port_kbit_rate_exceed': Port Rate: KiBit Exceeded; 'dst_tcp_src_drop': TCP Src Packets Dropped; 'dst_udp_src_drop': UDP Src Packets Dropped; 'dst_icmp_src_drop': ICMP Src Packets Dropped; 'dst_other_src_drop': OTHER Src Packets Dropped; 'tcp_syn_rcvd': TCP Inbound SYN Received; 'tcp_syn_ack_rcvd': TCP SYN ACK Received; 'tcp_ack_rcvd': TCP ACK Received; 'tcp_fin_rcvd': TCP FIN Received; 'tcp_rst_rcvd': TCP RST Received; 'ingress_bytes': Inbound: Bytes Received; 'egress_bytes': Outbound: Bytes Received; 'ingress_packets': Inbound: Packets Received; 'egress_packets': Outbound: Packets Received; 'tcp_fwd_recv': TCP Inbound Packets Received; 'udp_fwd_recv': UDP Inbound Packets Received; 'icmp_fwd_recv': ICMP Inbound Packets Received; 'tcp_syn_cookie_fail': TCP Auth: SYN Cookie Failed; 'dst_tcp_session_created': TCP Sessions Created; 'dst_udp_session_created': UDP Sessions Created; 'dst_tcp_filter_action_whitelist': TCP Filter Action WL; 'dst_other_filter_match': OTHER Filter Match; 'dst_other_filter_not_match': OTHER Filter Not Matched on Pkt; 'dst_other_filter_action_blacklist': OTHER Filter Action Blacklist; 'dst_other_filter_action_drop': OTHER Filter Action Drop; 'dst_other_filter_action_whitelist': OTHER Filter Action WL; 'dst_other_filter_action_default_pass': OTHER Filter Action Default Pass; 'dst_blackhole_inject': Dst Blackhole Inject; 'dst_blackhole_withdraw': Dst Blackhole Withdraw; 'dst_tcp_out_of_seq_excd': TCP Out-Of-Seq Exceeded; 'dst_tcp_retransmit_excd': TCP Retransmit Exceeded; 'dst_tcp_zero_window_excd': TCP Zero-Window Exceeded; 'dst_tcp_conn_prate_excd': TCP Rate: Conn Pkt Exceeded; 'dst_tcp_action_on_ack_init': TCP Auth: ACK Retry Init; 'dst_tcp_action_on_ack_gap_drop': TCP Auth: ACK Retry Retry-Gap Dropped; 'dst_tcp_action_on_ack_fail': TCP Auth: ACK Retry Dropped; 'dst_tcp_action_on_ack_pass': TCP Auth: ACK Retry Passed; 'dst_tcp_action_on_syn_init': TCP Auth: SYN Retry Init; 'dst_tcp_action_on_syn_gap_drop': TCP Auth: SYN Retry-Gap Dropped; 'dst_tcp_action_on_syn_fail': TCP Auth: SYN Retry Dropped; 'dst_tcp_action_on_syn_pass': TCP Auth: SYN Retry Passed; 'udp_payload_too_small': UDP Payload Too Small; 'udp_payload_too_big': UDP Payload Too Large; 'dst_udp_conn_prate_excd': UDP Rate: Conn Pkt Exceeded; 'dst_udp_ntp_monlist_req': UDP NTP Monlist Request; 'dst_udp_ntp_monlist_resp': UDP NTP Monlist Response; 'dst_udp_wellknown_sport_drop': UDP SrcPort Wellknown; 'dst_udp_retry_init': UDP Auth: Retry Init; 'dst_udp_retry_pass': UDP Auth: Retry Passed; 'dst_tcp_bytes_drop': TCP Total Bytes Dropped; 'dst_udp_bytes_drop': UDP Total Bytes Dropped; 'dst_icmp_bytes_drop': ICMP Total Bytes Dropped; 'dst_other_bytes_drop': OTHER Total Bytes Dropped; 'dst_out_no_route': Dst IPv4/v6 Out No Route; 'outbound_bytes_sent': Outbound: Bytes Forwarded; 'outbound_pkt_drop': Outbound: Packets Dropped; 'outbound_bytes_drop': Outbound: Bytes Dropped; 'outbound_pkt_sent': Outbound: Packets Forwarded; 'inbound_bytes_sent': Inbound: Bytes Forwarded; 'inbound_bytes_drop': Inbound: Bytes Dropped; 'dst_src_port_pkt_rate_exceed': SrcPort Rate: Packet Exceeded; 'dst_src_port_kbit_rate_exceed': SrcPort Rate: KiBit Exceeded; 'dst_src_port_conn_limit_exceed': SrcPort Limit: Conn Exceeded; 'dst_src_port_conn_rate_exceed': SrcPort Rate: Conn Exceeded; 'dst_ip_proto_pkt_rate_exceed': IP-Proto Rate: Packet Exceeded; 'dst_ip_proto_kbit_rate_exceed': IP-Proto Rate: KiBit Exceeded; 'dst_tcp_port_any_exceed': TCP Port Rate: Total Exceed; 'dst_udp_port_any_exceed': UDP Port Rate: Total Exceed; 'dst_tcp_auth_pass': TCP Auth: SYN Auth Passed; 'dst_tcp_rst_cookie_fail': TCP Auth: RST Cookie Failed; 'dst_tcp_unauth_drop': TCP Auth: Unauth Dropped; 'src_tcp_syn_auth_fail': Src TCP Auth: SYN Auth Failed; 'src_tcp_syn_cookie_sent': Src TCP Auth: SYN Cookie Sent; 'src_tcp_syn_cookie_fail': Src TCP Auth: SYN Cookie Failed; 'src_tcp_rst_cookie_fail': Src TCP Auth: RST Cookie Failed; 'src_tcp_unauth_drop': Src TCP Auth: Unauth Dropped; 'src_tcp_action_on_syn_init': Src TCP Auth: SYN Retry Init; **Type:** string **Supported Values:** all, dst_tcp_any_exceed, dst_tcp_pkt_rate_exceed, dst_tcp_conn_rate_exceed, dst_udp_any_exceed, dst_udp_pkt_rate_exceed, dst_udp_conn_limit_exceed, dst_udp_conn_rate_exceed, dst_icmp_pkt_rate_exceed, dst_other_pkt_rate_exceed, dst_other_frag_pkt_rate_exceed, dst_port_pkt_rate_exceed, dst_port_conn_limit_exceed, dst_port_conn_rate_exceed, dst_pkt_sent, dst_udp_pkt_sent, dst_tcp_pkt_sent, dst_icmp_pkt_sent, dst_other_pkt_sent, dst_tcp_conn_limit_exceed, dst_tcp_pkt_rcvd, dst_udp_pkt_rcvd, dst_icmp_pkt_rcvd, dst_other_pkt_rcvd, dst_udp_filter_match, dst_udp_filter_not_match, dst_udp_filter_action_blacklist, dst_udp_filter_action_drop, dst_tcp_syn, dst_tcp_syn_drop, dst_tcp_src_rate_drop, dst_udp_src_rate_drop, dst_icmp_src_rate_drop, dst_other_frag_src_rate_drop, dst_other_src_rate_drop, dst_tcp_drop, dst_udp_drop, dst_icmp_drop, dst_frag_drop, dst_other_drop, dst_tcp_auth, dst_udp_filter_action_default_pass, dst_tcp_filter_match, dst_tcp_filter_not_match, dst_tcp_filter_action_blacklist, dst_tcp_filter_action_drop, dst_tcp_filter_action_default_pass, dst_udp_filter_action_whitelist, dst_over_limit_on, dst_over_limit_off, dst_port_over_limit_on, dst_port_over_limit_off, dst_over_limit_action, dst_port_over_limit_action, scanning_detected_drop, scanning_detected_blacklist, dst_udp_kibit_rate_drop, dst_tcp_kibit_rate_drop, dst_icmp_kibit_rate_drop, dst_other_kibit_rate_drop, dst_port_undef_drop, dst_port_bl, dst_src_port_bl, dst_port_kbit_rate_exceed, dst_tcp_src_drop, dst_udp_src_drop, dst_icmp_src_drop, dst_other_src_drop, tcp_syn_rcvd, tcp_syn_ack_rcvd, tcp_ack_rcvd, tcp_fin_rcvd, tcp_rst_rcvd, ingress_bytes, egress_bytes, ingress_packets, egress_packets, tcp_fwd_recv, udp_fwd_recv, icmp_fwd_recv, tcp_syn_cookie_fail, dst_tcp_session_created, dst_udp_session_created, dst_tcp_filter_action_whitelist, dst_other_filter_match, dst_other_filter_not_match, dst_other_filter_action_blacklist, dst_other_filter_action_drop, dst_other_filter_action_whitelist, dst_other_filter_action_default_pass, dst_blackhole_inject, dst_blackhole_withdraw, dst_tcp_out_of_seq_excd, dst_tcp_retransmit_excd, dst_tcp_zero_window_excd, dst_tcp_conn_prate_excd, dst_tcp_action_on_ack_init, dst_tcp_action_on_ack_gap_drop, dst_tcp_action_on_ack_fail, dst_tcp_action_on_ack_pass, dst_tcp_action_on_syn_init, dst_tcp_action_on_syn_gap_drop, dst_tcp_action_on_syn_fail, dst_tcp_action_on_syn_pass, udp_payload_too_small, udp_payload_too_big, dst_udp_conn_prate_excd, dst_udp_ntp_monlist_req, dst_udp_ntp_monlist_resp, dst_udp_wellknown_sport_drop, dst_udp_retry_init, dst_udp_retry_pass, dst_tcp_bytes_drop, dst_udp_bytes_drop, dst_icmp_bytes_drop, dst_other_bytes_drop, dst_out_no_route, outbound_bytes_sent, outbound_pkt_drop, outbound_bytes_drop, outbound_pkt_sent, inbound_bytes_sent, inbound_bytes_drop, dst_src_port_pkt_rate_exceed, dst_src_port_kbit_rate_exceed, dst_src_port_conn_limit_exceed, dst_src_port_conn_rate_exceed, dst_ip_proto_pkt_rate_exceed, dst_ip_proto_kbit_rate_exceed, dst_tcp_port_any_exceed, dst_udp_port_any_exceed, dst_tcp_auth_pass, dst_tcp_rst_cookie_fail, dst_tcp_unauth_drop, src_tcp_syn_auth_fail, src_tcp_syn_cookie_sent, src_tcp_syn_cookie_fail, src_tcp_rst_cookie_fail, src_tcp_unauth_drop, src_tcp_action_on_syn_init **counters2** **Description** 'src_tcp_action_on_syn_gap_drop': Src TCP Auth: SYN Retry-Gap Dropped; 'src_tcp_action_on_syn_fail': Src TCP Auth: SYN Retry Dropped; 'src_tcp_action_on_ack_init': Src TCP Auth: ACK Retry Init; 'src_tcp_action_on_ack_gap_drop': Src TCP Auth: ACK Retry Retry-Gap Dropped; 'src_tcp_action_on_ack_fail': Src TCP Auth: ACK Retry Dropped; 'src_tcp_out_of_seq_excd': Src TCP Out-Of-Seq Exceeded; 'src_tcp_retransmit_excd': Src TCP Retransmit Exceeded; 'src_tcp_zero_window_excd': Src TCP Zero-Window Exceeded; 'src_tcp_conn_prate_excd': Src TCP Rate: Conn Pkt Exceeded; 'src_udp_min_payload': Src UDP Payload Too Small; 'src_udp_max_payload': Src UDP Payload Too Large; 'src_udp_conn_prate_excd': Src UDP Rate: Conn Pkt Exceeded; 'src_udp_ntp_monlist_req': Src UDP NTP Monlist Request; 'src_udp_ntp_monlist_resp': Src UDP NTP Monlist Response; 'src_udp_wellknown_sport_drop': Src UDP SrcPort Wellknown; 'src_udp_retry_init': Src UDP Auth: Retry Init; 'dst_udp_retry_gap_drop': UDP Auth: Retry-Gap Dropped; 'dst_udp_retry_fail': UDP Auth: Retry Timeout; 'dst_tcp_session_aged': TCP Sessions Aged; 'dst_udp_session_aged': UDP Sessions Aged; 'dst_tcp_conn_close': TCP Connections Closed; 'dst_tcp_conn_close_half_open': TCP Half Open Connections Closed; 'dst_l4_tcp_auth': TCP Dst L4-Type Auth: SYN Cookie Sent; 'tcp_l4_syn_cookie_fail': TCP Dst L4-Type Auth: SYN Cookie Failed; 'tcp_l4_rst_cookie_fail': TCP Dst L4-Type Auth: RST Cookie Failed; 'tcp_l4_unauth_drop': TCP Dst L4-Type Auth: Unauth Dropped; 'dst_drop_frag_pkt': Dst Fragmented Packets Dropped; 'src_tcp_filter_action_blacklist': Src TCP Filter Action Blacklist; 'src_tcp_filter_action_whitelist': Src TCP Filter Action WL; 'src_tcp_filter_action_drop': Src TCP Filter Action Drop; 'src_tcp_filter_action_default_pass': Src TCP Filter Action Default Pass; 'src_udp_filter_action_blacklist': Src UDP Filter Action Blacklist; 'src_udp_filter_action_whitelist': Src UDP Filter Action WL; 'src_udp_filter_action_drop': Src UDP Filter Action Drop; 'src_udp_filter_action_default_pass': Src UDP Filter Action Default Pass; 'src_other_filter_action_blacklist': Src OTHER Filter Action Blacklist; 'src_other_filter_action_whitelist': Src OTHER Filter Action WL; 'src_other_filter_action_drop': Src OTHER Filter Action Drop; 'src_other_filter_action_default_pass': Src OTHER Filter Action Default Pass; 'tcp_invalid_syn': TCP Invalid SYN Received; 'dst_tcp_conn_close_w_rst': TCP RST Connections Closed; 'dst_tcp_conn_close_w_fin': TCP FIN Connections Closed; 'dst_tcp_conn_close_w_idle': TCP Idle Connections Closed; 'dst_tcp_conn_create_from_syn': TCP Connections Created From SYN; 'dst_tcp_conn_create_from_ack': TCP Connections Created From ACK; 'src_frag_drop': Src Fragmented Packets Dropped; 'dst_l4_tcp_blacklist_drop': Dst L4-type TCP Blacklist Dropped; 'dst_l4_udp_blacklist_drop': Dst L4-type UDP Blacklist Dropped; 'dst_l4_icmp_blacklist_drop': Dst L4-type ICMP Blacklist Dropped; 'dst_l4_other_blacklist_drop': Dst L4-type OTHER Blacklist Dropped; 'src_l4_tcp_blacklist_drop': Src L4-type TCP Blacklist Dropped; 'src_l4_udp_blacklist_drop': Src L4-type UDP Blacklist Dropped; 'src_l4_icmp_blacklist_drop': Src L4-type ICMP Blacklist Dropped; 'src_l4_other_blacklist_drop': Src L4-type OTHER Blacklist Dropped; 'drop_frag_timeout_drop': Fragment Reassemble Timeout Drop; 'dst_port_kbit_rate_exceed_pkt': Port Rate: KiBit Pkt Exceeded; 'dst_tcp_bytes_rcv': TCP Total Bytes Received; 'dst_udp_bytes_rcv': UDP Total Bytes Received; 'dst_icmp_bytes_rcv': ICMP Total Bytes Received; 'dst_other_bytes_rcv': OTHER Total Bytes Received; 'dst_tcp_bytes_sent': TCP Total Bytes Forwarded; 'dst_udp_bytes_sent': UDP Total Bytes Forwarded; 'dst_icmp_bytes_sent': ICMP Total Bytes Forwarded; 'dst_other_bytes_sent': OTHER Total Bytes Forwarded; 'dst_udp_auth_drop': UDP Auth: Dropped; 'dst_tcp_auth_drop': TCP Auth: Dropped; 'dst_tcp_auth_resp': TCP Auth: Responded; 'inbound_pkt_drop': Inbound: Packets Dropped; 'dst_entry_pkt_rate_exceed': Entry Rate: Packet Exceeded; 'dst_entry_kbit_rate_exceed': Entry Rate: KiBit Exceeded; 'dst_entry_conn_limit_exceed': Entry Limit: Conn Exceeded; 'dst_entry_conn_rate_exceed': Entry Rate: Conn Exceeded; 'dst_entry_frag_pkt_rate_exceed': Entry Rate: Frag Packet Exceeded; 'dst_icmp_any_exceed': ICMP Rate: Total Exceed; 'dst_other_any_exceed': OTHER Rate: Total Exceed; 'src_dst_pair_entry_total': Src-Dst Pair Entry Total Count; 'src_dst_pair_entry_udp': Src-Dst Pair Entry UDP Count; 'src_dst_pair_entry_tcp': Src-Dst Pair Entry TCP Count; 'src_dst_pair_entry_icmp': Src-Dst Pair Entry ICMP Count; 'src_dst_pair_entry_other': Src-Dst Pair Entry OTHER Count; 'dst_clist_overflow_policy_at_learning': Dst Src-Based Overflow Policy Hit; 'tcp_rexmit_syn_limit_drop': TCP SYN Retransmit Exceeded Drop; 'tcp_rexmit_syn_limit_bl': TCP SYN Retransmit Exceeded Blacklist; 'dst_tcp_wellknown_sport_drop': TCP SrcPort Wellknown; 'src_tcp_wellknown_sport_drop': Src TCP SrcPort Wellknown; 'dst_frag_rcvd': Fragmented Packets Received; 'no_policy_class_list_match': No Policy Class-list Match; 'src_udp_retry_gap_drop': Src UDP Auth: Retry-Gap Dropped; 'dst_entry_kbit_rate_exceed_count': Entry Rate: KiBit Exceeded Count; 'dst_port_undef_hit': Dst Port Undefined Hit; 'dst_tcp_action_on_ack_timeout': TCP Auth: ACK Retry Timeout; 'dst_tcp_action_on_ack_reset': TCP Auth: ACK Retry Timeout Reset; 'dst_tcp_action_on_ack_blacklist': TCP Auth: ACK Retry Timeout Blacklisted; 'src_tcp_action_on_ack_timeout': Src TCP Auth: ACK Retry Timeout; 'src_tcp_action_on_ack_reset': Src TCP Auth: ACK Retry Timeout Reset; 'src_tcp_action_on_ack_blacklist': Src TCP Auth: ACK Retry Timeout Blacklisted; 'dst_tcp_action_on_syn_timeout': TCP Auth: SYN Retry Timeout; 'dst_tcp_action_on_syn_reset': TCP Auth: SYN Retry Timeout Reset; 'dst_tcp_action_on_syn_blacklist': TCP Auth: SYN Retry Timeout Blacklisted; 'src_tcp_action_on_syn_timeout': Src TCP Auth: SYN Retry Timeout; 'src_tcp_action_on_syn_reset': Src TCP Auth: SYN Retry Timeout Reset; 'src_tcp_action_on_syn_blacklist': Src TCP Auth: SYN Retry Timeout Blacklisted; 'dst_udp_frag_pkt_rate_exceed': UDP Dst L4-Type Rate: Frag Exceeded; 'dst_udp_frag_src_rate_drop': UDP Src Rate: Frag Exceeded; 'dst_tcp_frag_pkt_rate_exceed': TCP Dst L4-Type Rate: Frag Exceeded; 'dst_tcp_frag_src_rate_drop': TCP Src Rate: Frag Exceeded; 'dst_icmp_frag_pkt_rate_exceed': ICMP Dst L4-Type Rate: Frag Exceeded; 'dst_icmp_frag_src_rate_drop': ICMP Src Rate: Frag Exceeded; 'sflow_internal_samples_packed': Sflow Internal Samples Packed; 'sflow_external_samples_packed': Sflow External Samples Packed; 'sflow_internal_packets_sent': Sflow Internal Packets Sent; 'sflow_external_packets_sent': Sflow External Packets Sent; 'dns_outbound_total_query': DNS Outbound Total Query; 'dns_outbound_query_malformed': DNS Outbound Query Malformed; 'dns_outbound_query_resp_chk_failed': DNS Outbound Query Resp Check Failed; 'dns_outbound_query_resp_chk_blacklisted': DNS Outbound Query Resp Check Blacklisted; 'dns_outbound_query_resp_chk_refused_sent': DNS Outbound Query Resp Check REFUSED Sent; 'dns_outbound_query_resp_chk_reset_sent': DNS Outbound Query Resp Check RESET Sent; 'dns_outbound_query_resp_chk_no_resp_sent': DNS Outbound Query Resp Check No Response Sent; 'dns_outbound_query_resp_size_exceed': DNS Outbound Query Response Size Exceed; 'dns_outbound_query_sess_timed_out': DNS Outbound Query Session Timed Out; 'dst_exceed_action_tunnel': Entry Exceed Action: Tunnel; 'src_udp_auth_timeout': Src UDP Auth: Retry Timeout; 'src_udp_retry_pass': Src UDP Retry Passed; **Type:** string **Supported Values:** src_tcp_action_on_syn_gap_drop, src_tcp_action_on_syn_fail, src_tcp_action_on_ack_init, src_tcp_action_on_ack_gap_drop, src_tcp_action_on_ack_fail, src_tcp_out_of_seq_excd, src_tcp_retransmit_excd, src_tcp_zero_window_excd, src_tcp_conn_prate_excd, src_udp_min_payload, src_udp_max_payload, src_udp_conn_prate_excd, src_udp_ntp_monlist_req, src_udp_ntp_monlist_resp, src_udp_wellknown_sport_drop, src_udp_retry_init, dst_udp_retry_gap_drop, dst_udp_retry_fail, dst_tcp_session_aged, dst_udp_session_aged, dst_tcp_conn_close, dst_tcp_conn_close_half_open, dst_l4_tcp_auth, tcp_l4_syn_cookie_fail, tcp_l4_rst_cookie_fail, tcp_l4_unauth_drop, dst_drop_frag_pkt, src_tcp_filter_action_blacklist, src_tcp_filter_action_whitelist, src_tcp_filter_action_drop, src_tcp_filter_action_default_pass, src_udp_filter_action_blacklist, src_udp_filter_action_whitelist, src_udp_filter_action_drop, src_udp_filter_action_default_pass, src_other_filter_action_blacklist, src_other_filter_action_whitelist, src_other_filter_action_drop, src_other_filter_action_default_pass, tcp_invalid_syn, dst_tcp_conn_close_w_rst, dst_tcp_conn_close_w_fin, dst_tcp_conn_close_w_idle, dst_tcp_conn_create_from_syn, dst_tcp_conn_create_from_ack, src_frag_drop, dst_l4_tcp_blacklist_drop, dst_l4_udp_blacklist_drop, dst_l4_icmp_blacklist_drop, dst_l4_other_blacklist_drop, src_l4_tcp_blacklist_drop, src_l4_udp_blacklist_drop, src_l4_icmp_blacklist_drop, src_l4_other_blacklist_drop, drop_frag_timeout_drop, dst_port_kbit_rate_exceed_pkt, dst_tcp_bytes_rcv, dst_udp_bytes_rcv, dst_icmp_bytes_rcv, dst_other_bytes_rcv, dst_tcp_bytes_sent, dst_udp_bytes_sent, dst_icmp_bytes_sent, dst_other_bytes_sent, dst_udp_auth_drop, dst_tcp_auth_drop, dst_tcp_auth_resp, inbound_pkt_drop, dst_entry_pkt_rate_exceed, dst_entry_kbit_rate_exceed, dst_entry_conn_limit_exceed, dst_entry_conn_rate_exceed, dst_entry_frag_pkt_rate_exceed, dst_icmp_any_exceed, dst_other_any_exceed, src_dst_pair_entry_total, src_dst_pair_entry_udp, src_dst_pair_entry_tcp, src_dst_pair_entry_icmp, src_dst_pair_entry_other, dst_clist_overflow_policy_at_learning, tcp_rexmit_syn_limit_drop, tcp_rexmit_syn_limit_bl, dst_tcp_wellknown_sport_drop, src_tcp_wellknown_sport_drop, dst_frag_rcvd, no_policy_class_list_match, src_udp_retry_gap_drop, dst_entry_kbit_rate_exceed_count, dst_port_undef_hit, dst_tcp_action_on_ack_timeout, dst_tcp_action_on_ack_reset, dst_tcp_action_on_ack_blacklist, src_tcp_action_on_ack_timeout, src_tcp_action_on_ack_reset, src_tcp_action_on_ack_blacklist, dst_tcp_action_on_syn_timeout, dst_tcp_action_on_syn_reset, dst_tcp_action_on_syn_blacklist, src_tcp_action_on_syn_timeout, src_tcp_action_on_syn_reset, src_tcp_action_on_syn_blacklist, dst_udp_frag_pkt_rate_exceed, dst_udp_frag_src_rate_drop, dst_tcp_frag_pkt_rate_exceed, dst_tcp_frag_src_rate_drop, dst_icmp_frag_pkt_rate_exceed, dst_icmp_frag_src_rate_drop, sflow_internal_samples_packed, sflow_external_samples_packed, sflow_internal_packets_sent, sflow_external_packets_sent, dns_outbound_total_query, dns_outbound_query_malformed, dns_outbound_query_resp_chk_failed, dns_outbound_query_resp_chk_blacklisted, dns_outbound_query_resp_chk_refused_sent, dns_outbound_query_resp_chk_reset_sent, dns_outbound_query_resp_chk_no_resp_sent, dns_outbound_query_resp_size_exceed, dns_outbound_query_sess_timed_out, dst_exceed_action_tunnel, src_udp_auth_timeout, src_udp_retry_pass **counters3** **Description** 'dst_hw_drop_rule_insert': Dst Hardware Drop Rules Inserted; 'dst_hw_drop_rule_remove': Dst Hardware Drop Rules Removed; 'src_hw_drop_rule_insert': Src Hardware Drop Rules Inserted; 'src_hw_drop_rule_remove': Src Hardware Drop Rules Removed; 'prog_first_req_time_exceed': Req-Resp: First Request Time Exceed; 'prog_req_resp_time_exceed': Req-Resp: Request to Response Time Exceed; 'prog_request_len_exceed': Req-Resp: Request Length Exceed; 'prog_response_len_exceed': Req-Resp: Response Length Exceed; 'prog_resp_req_ratio_exceed': Req-Resp: Response to Request Ratio Exceed; 'prog_resp_req_time_exceed': Req-Resp: Response to Request Time Exceed; 'entry_sync_message_received': Entry Sync Message Received; 'entry_sync_message_sent': Entry Sync Message Sent; 'prog_conn_sent_exceed': Connection: Sent Exceed; 'prog_conn_rcvd_exceed': Connection: Received Exceed; 'prog_conn_time_exceed': Connection: Time Exceed; 'prog_conn_rcvd_sent_ratio_exceed': Connection: Reveived to Sent Ratio Exceed; 'prog_win_sent_exceed': Time Window: Sent Exceed; 'prog_win_rcvd_exceed': Time Window: Received Exceed; 'prog_win_rcvd_sent_ratio_exceed': Time Window: Received to Sent Exceed; 'prog_exceed_drop': Req-Resp: Violation Exceed Dropped; 'prog_exceed_bl': Req-Resp: Violation Exceed Blacklisted; 'prog_conn_exceed_drop': Connection: Violation Exceed Dropped; 'prog_conn_exceed_bl': Connection: Violation Exceed Blacklisted; 'prog_win_exceed_drop': Time Window: Violation Exceed Dropped; 'prog_win_exceed_bl': Time Window: Violation Exceed Blacklisted; 'dst_exceed_action_drop': Entry Exceed Action: Dropped; 'prog_conn_samples': Sample Collected: Connection; 'prog_req_samples': Sample Collected: Req-Resp; 'prog_win_samples': Sample Collected: Time Window; **Type:** string **Supported Values:** dst_hw_drop_rule_insert, dst_hw_drop_rule_remove, src_hw_drop_rule_insert, src_hw_drop_rule_remove, prog_first_req_time_exceed, prog_req_resp_time_exceed, prog_request_len_exceed, prog_response_len_exceed, prog_resp_req_ratio_exceed, prog_resp_req_time_exceed, entry_sync_message_received, entry_sync_message_sent, prog_conn_sent_exceed, prog_conn_rcvd_exceed, prog_conn_time_exceed, prog_conn_rcvd_sent_ratio_exceed, prog_win_sent_exceed, prog_win_rcvd_exceed, prog_win_rcvd_sent_ratio_exceed, prog_exceed_drop, prog_exceed_bl, prog_conn_exceed_drop, prog_conn_exceed_bl, prog_win_exceed_drop, prog_win_exceed_bl, dst_exceed_action_drop, prog_conn_samples, prog_req_samples, prog_win_samples, prog_conn_samples_processed, prog_req_samples_processed, prog_win_samples_processed, src_hw_drop, dst_tcp_auth_rst, dst_src_learn_overflow, tcp_fwd_sent, udp_fwd_sent .. _1278_dst_entry-list_enable-top-k: dst_entry-list_enable-top-k ^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **topk-num-records** **Description** Maximum number of records to show in topk **Type:** number **Range:** 1-100 **Default:** 20 **topk-type** **Description** 'destination': Topk destination IP; **Type:** string **Supported Values:** destination .. _1278_dst_entry-list_exceed-log-dep-cfg: dst_entry-list_exceed-log-dep-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **exceed-log-enable** **Description** (Deprecated)Enable logging of limit exceed drop's **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **log-with-sflow-dep** **Description** Turn on sflow sample with log **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1278_dst_dynamic-entry-overflow-policy-list: dst_dynamic-entry-overflow-policy-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **default-address-type** **Description** 'ip': ip; 'ipv6': ipv6; **Type:** string **Supported Values:** ip, ipv6 **drop-disable** **Description** Disable certain drops during packet processing **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **drop-disable-fwd-immediate** **Description** Immediately forward L4 drops **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exceed-log-cfg** **Description:** exceed-log-cfg is a **JSON Block**. Please see below for :ref:`1278_dst_dynamic-entry-overflow-policy-list_exceed-log-cfg` **Type:** Object **exceed-log-dep-cfg** **Description:** exceed-log-dep-cfg is a **JSON Block**. Please see below for :ref:`1278_dst_dynamic-entry-overflow-policy-list_exceed-log-dep-cfg` **Type:** Object **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **inbound-forward-dscp** **Description** To set dscp value for inbound packets (DSCP Value for the clear traffic marking) **Type:** number **Range:** 1-63 **ip-proto-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/dynamic-entry-overflow-policy/{default-address-type}/ip-proto/{port-num} ` **l4-type-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/dynamic-entry-overflow-policy/{default-address-type}/l4-type/{protocol} ` **log-periodic** **Description** Enable periodic log while event is continuing **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **outbound-forward-dscp** **Description** To set dscp value for outbound **Type:** number **Range:** 1-63 **port-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/dynamic-entry-overflow-policy/{default-address-type}/port/{port-num}+{protocol} ` **src-port-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/dynamic-entry-overflow-policy/{default-address-type}/src-port/{port-num}+{protocol} ` **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1278_dst_dynamic-entry-overflow-policy-list_template` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_dynamic-entry-overflow-policy-list_port-list: dst_dynamic-entry-overflow-policy-list_port-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **deny** **Description** Blacklist and Drop all incoming packets for protocol **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **port-num** **Description** Port Number **Type:** number **Range:** 0-65535 **protocol** **Description** 'dns-tcp': dns-tcp; 'dns-udp': dns-udp; 'http': http; 'tcp': tcp; 'udp': udp; 'ssl-l4': ssl-l4; 'sip-udp': sip-udp; 'sip-tcp': sip-tcp; **Type:** string **Supported Values:** dns-tcp, dns-udp, http, tcp, udp, ssl-l4, sip-udp, sip-tcp **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1278_dst_dynamic-entry-overflow-policy-list_port-list_template` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_dynamic-entry-overflow-policy-list_port-list_template: dst_dynamic-entry-overflow-policy-list_port-list_template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dns** **Description** DDOS dns template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **http** **Description** DDOS http template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **sip** **Description** DDOS sip template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **ssl-l4** **Description** DDOS ssl-l4 template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **tcp** **Description** DDOS tcp template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **udp** **Description** DDOS udp template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1278_dst_dynamic-entry-overflow-policy-list_template: dst_dynamic-entry-overflow-policy-list_template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **logging** **Description** DDOS logging template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1278_dst_dynamic-entry-overflow-policy-list_ip-proto-list: dst_dynamic-entry-overflow-policy-list_ip-proto-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **deny** **Description** Blacklist and Drop all incoming packets for protocol **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **port-num** **Description** Protocol Number **Type:** number **Range:** 0-255 **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1278_dst_dynamic-entry-overflow-policy-list_ip-proto-list_template` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_dynamic-entry-overflow-policy-list_ip-proto-list_template: dst_dynamic-entry-overflow-policy-list_ip-proto-list_template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **other** **Description** DDOS other template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1278_dst_dynamic-entry-overflow-policy-list_exceed-log-cfg: dst_dynamic-entry-overflow-policy-list_exceed-log-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **log-enable** **Description** Enable logging of limit exceed drop's **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **with-sflow-sample** **Description** Turn on sflow sample with log **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1278_dst_dynamic-entry-overflow-policy-list_exceed-log-dep-cfg: dst_dynamic-entry-overflow-policy-list_exceed-log-dep-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **exceed-log-enable** **Description** (Deprecated)Enable logging of limit exceed drop's **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **log-with-sflow-dep** **Description** Turn on sflow sample with log **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1278_dst_dynamic-entry-overflow-policy-list_src-port-list: dst_dynamic-entry-overflow-policy-list_src-port-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **deny** **Description** Blacklist and Drop all incoming packets for protocol **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **port-num** **Description** Port Number **Type:** number **Range:** 0-65535 **protocol** **Description** 'udp': udp; 'tcp': tcp; **Type:** string **Supported Values:** udp, tcp **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1278_dst_dynamic-entry-overflow-policy-list_src-port-list_template` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_dynamic-entry-overflow-policy-list_src-port-list_template: dst_dynamic-entry-overflow-policy-list_src-port-list_template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **src-tcp** **Description** DDOS tcp src template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **src-udp** **Description** DDOS udp src template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1278_dst_dynamic-entry-overflow-policy-list_l4-type-list: dst_dynamic-entry-overflow-policy-list_l4-type-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **deny** **Description** Blacklist and Drop all incoming packets for protocol **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **drop-frag-pkt** **Description** Drop fragmented packets **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **drop-on-no-port-match** **Description** 'disable': disable; 'enable': enable; **Type:** string **Supported Values:** disable, enable **Default:** enable **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **max-rexmit-syn-per-flow** **Description** Maximum number of re-transmit SYN per flow. Exceed action set to Drop **Type:** number **Range:** 1-6 **protocol** **Description** 'tcp': tcp; 'udp': udp; 'icmp': icmp; 'other': other; **Type:** string **Supported Values:** tcp, udp, icmp, other **stateful** **Description** Enable stateful tracking of sessions (Default is stateless) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **syn-auth** **Description** 'send-rst': Send RST to client upon client ACK; 'force-rst-by-ack': Force client RST via the use of ACK; 'force-rst-by-synack': Force client RST via the use of bad SYN|ACK; 'disable': Disable TCP SYN Authentication; **Type:** string **Supported Values:** send-rst, force-rst-by-ack, force-rst-by-synack, disable **Default:** send-rst **syn-cookie** **Description** Enable SYN Cookie **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **tcp-reset-client** **Description** Send reset to client when rate exceeds or session ages out **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **tcp-reset-server** **Description** Send reset to server when rate exceeds or session ages out **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **tunnel-decap** **Description:** tunnel-decap is a **JSON Block**. Please see below for :ref:`1278_dst_dynamic-entry-overflow-policy-list_l4-type-list_tunnel-decap` **Type:** Object **tunnel-rate-limit** **Description:** tunnel-rate-limit is a **JSON Block**. Please see below for :ref:`1278_dst_dynamic-entry-overflow-policy-list_l4-type-list_tunnel-rate-limit` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_dynamic-entry-overflow-policy-list_l4-type-list_tunnel-rate-limit: dst_dynamic-entry-overflow-policy-list_l4-type-list_tunnel-rate-limit ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **gre-rate-limit** **Description** Enable inner IP rate limiting on GRE traffic **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **ip-rate-limit** **Description** Enable inner IP rate limiting on IPinIP traffic **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1278_dst_dynamic-entry-overflow-policy-list_l4-type-list_tunnel-decap: dst_dynamic-entry-overflow-policy-list_l4-type-list_tunnel-decap ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **gre-decap** **Description** Enable GRE Tunnel decapsulation **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **ip-decap** **Description** Enable IP Tunnel decapsulation **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **key-cfg** **Type:** List .. _1278_dst_dynamic-entry-overflow-policy-list_l4-type-list_tunnel-decap_key-cfg: dst_dynamic-entry-overflow-policy-list_l4-type-list_tunnel-decap_key-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **key** **Description** Only decapsulate GRE packet with this key (Hexadecimal 0x0-0xFFFFFFFF,decimal 0-4294967295) **Type:** string **Maximum Length:** 10 characters **Maximum Length:** 1 characters .. _1278_dst_dynamic-entry: dst_dynamic-entry ^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **all-entries** **Description:** all-entries is a **JSON Block**. Please see below for :ref:`1278_dst_dynamic-entry_all-entries` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/dynamic-entry/all-entries ` **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_dynamic-entry_all-entries: dst_dynamic-entry_all-entries ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **sampling-enable** **Type:** List **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_dynamic-entry_all-entries_sampling-enable: dst_dynamic-entry_all-entries_sampling-enable ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'dst_tcp_any_exceed': TCP Dst L4-Type Rate: Total Exceeded; 'dst_tcp_pkt_rate_exceed': TCP Dst L4-Type Rate: Packet Exceeded; 'dst_tcp_conn_rate_exceed': TCP Dst L4-Type Rate: Conn Exceeded; 'dst_udp_any_exceed': UDP Dst L4-Type Rate: Total Exceeded; 'dst_udp_pkt_rate_exceed': UDP Dst L4-Type Rate: Packet Exceeded; 'dst_udp_conn_limit_exceed': UDP Dst L4-Type Limit: Conn Exceeded; 'dst_udp_conn_rate_exceed': UDP Dst L4-Type Rate: Conn Exceeded; 'dst_icmp_pkt_rate_exceed': ICMP Dst Rate: Packet Exceeded; 'dst_other_pkt_rate_exceed': OTHER Dst L4-Type Rate: Packet Exceeded; 'dst_other_frag_pkt_rate_exceed': OTHER Dst L4-Type Rate: Frag Exceeded; 'dst_port_pkt_rate_exceed': Port Rate: Packet Exceeded; 'dst_port_conn_limit_exceed': Port Limit: Conn Exceeded; 'dst_port_conn_rate_exceed': Port Rate: Conn Exceeded; 'dst_pkt_sent': Inbound: Packets Forwarded; 'dst_udp_pkt_sent': UDP Total Packets Forwarded; 'dst_tcp_pkt_sent': TCP Total Packets Forwarded; 'dst_icmp_pkt_sent': ICMP Total Packets Forwarded; 'dst_other_pkt_sent': OTHER Total Packets Forwarded; 'dst_tcp_conn_limit_exceed': TCP Dst L4-Type Limit: Conn Exceeded; 'dst_tcp_pkt_rcvd': TCP Total Packets Received; 'dst_udp_pkt_rcvd': UDP Total Packets Received; 'dst_icmp_pkt_rcvd': ICMP Total Packets Received; 'dst_other_pkt_rcvd': OTHER Total Packets Received; 'dst_udp_filter_match': UDP Filter Match; 'dst_udp_filter_not_match': UDP Filter Not Matched on Pkt; 'dst_udp_filter_action_blacklist': UDP Filter Action Blacklist; 'dst_udp_filter_action_drop': UDP Filter Action Drop; 'dst_tcp_syn': TCP Total SYN Received; 'dst_tcp_syn_drop': TCP SYN Packets Dropped; 'dst_tcp_src_rate_drop': TCP Src Rate: Total Exceeded; 'dst_udp_src_rate_drop': UDP Src Rate: Total Exceeded; 'dst_icmp_src_rate_drop': ICMP Src Rate: Total Exceeded; 'dst_other_frag_src_rate_drop': OTHER Src Rate: Frag Exceeded; 'dst_other_src_rate_drop': OTHER Src Rate: Total Exceeded; 'dst_tcp_drop': TCP Total Packets Dropped; 'dst_udp_drop': UDP Total Packets Dropped; 'dst_icmp_drop': ICMP Total Packets Dropped; 'dst_frag_drop': Fragmented Packets Dropped; 'dst_other_drop': OTHER Total Packets Dropped; 'dst_tcp_auth': TCP Auth: SYN Cookie Sent; 'dst_udp_filter_action_default_pass': UDP Filter Action Default Pass; 'dst_tcp_filter_match': TCP Filter Match; 'dst_tcp_filter_not_match': TCP Filter Not Matched on Pkt; 'dst_tcp_filter_action_blacklist': TCP Filter Action Blacklist; 'dst_tcp_filter_action_drop': TCP Filter Action Drop; 'dst_tcp_filter_action_default_pass': TCP Filter Action Default Pass; 'dst_udp_filter_action_whitelist': UDP Filter Action WL; 'dst_over_limit_on': DST overlimit Trigger ON; 'dst_over_limit_off': DST overlimit Trigger OFF; 'dst_port_over_limit_on': DST port overlimit Trigger ON; 'dst_port_over_limit_off': DST port overlimit Trigger OFF; 'dst_over_limit_action': DST overlimit action; 'dst_port_over_limit_action': DST port overlimit action; 'scanning_detected_drop': Scanning Detected drop (deprecated); 'scanning_detected_blacklist': Scanning Detected blacklist (deprecated); 'dst_udp_kibit_rate_drop': UDP Dst L4-Type Rate: KiBit Exceeded; 'dst_tcp_kibit_rate_drop': TCP Dst L4-Type Rate: KiBit Exceeded; 'dst_icmp_kibit_rate_drop': ICMP Dst Rate: KiBit Exceeded; 'dst_other_kibit_rate_drop': OTHER Dst L4-Type Rate: KiBit Exceeded; 'dst_port_undef_drop': Dst Port Undefined Dropped; 'dst_port_bl': Dst Port Blacklist Packets Dropped; 'dst_src_port_bl': Dst SrcPort Blacklist Packets Dropped; 'dst_port_kbit_rate_exceed': Port Rate: KiBit Exceeded; 'dst_tcp_src_drop': TCP Src Packets Dropped; 'dst_udp_src_drop': UDP Src Packets Dropped; 'dst_icmp_src_drop': ICMP Src Packets Dropped; 'dst_other_src_drop': OTHER Src Packets Dropped; 'tcp_syn_rcvd': TCP Inbound SYN Received; 'tcp_syn_ack_rcvd': TCP SYN ACK Received; 'tcp_ack_rcvd': TCP ACK Received; 'tcp_fin_rcvd': TCP FIN Received; 'tcp_rst_rcvd': TCP RST Received; 'ingress_bytes': Inbound: Bytes Received; 'egress_bytes': Outbound: Bytes Received; 'ingress_packets': Inbound: Packets Received; 'egress_packets': Outbound: Packets Received; 'tcp_fwd_recv': TCP Inbound Packets Received; 'udp_fwd_recv': UDP Inbound Packets Received; 'icmp_fwd_recv': ICMP Inbound Packets Received; 'tcp_syn_cookie_fail': TCP Auth: SYN Cookie Failed; 'dst_tcp_session_created': TCP Sessions Created; 'dst_udp_session_created': UDP Sessions Created; 'dst_tcp_filter_action_whitelist': TCP Filter Action WL; 'dst_other_filter_match': OTHER Filter Match; 'dst_other_filter_not_match': OTHER Filter Not Matched on Pkt; 'dst_other_filter_action_blacklist': OTHER Filter Action Blacklist; 'dst_other_filter_action_drop': OTHER Filter Action Drop; 'dst_other_filter_action_whitelist': OTHER Filter Action WL; 'dst_other_filter_action_default_pass': OTHER Filter Action Default Pass; 'dst_blackhole_inject': Dst Blackhole Inject; 'dst_blackhole_withdraw': Dst Blackhole Withdraw; 'dst_tcp_out_of_seq_excd': TCP Out-Of-Seq Exceeded; 'dst_tcp_retransmit_excd': TCP Retransmit Exceeded; 'dst_tcp_zero_window_excd': TCP Zero-Window Exceeded; 'dst_tcp_conn_prate_excd': TCP Rate: Conn Pkt Exceeded; 'dst_tcp_action_on_ack_init': TCP Auth: ACK Retry Init; 'dst_tcp_action_on_ack_gap_drop': TCP Auth: ACK Retry Retry-Gap Dropped; 'dst_tcp_action_on_ack_fail': TCP Auth: ACK Retry Dropped; 'dst_tcp_action_on_ack_pass': TCP Auth: ACK Retry Passed; 'dst_tcp_action_on_syn_init': TCP Auth: SYN Retry Init; 'dst_tcp_action_on_syn_gap_drop': TCP Auth: SYN Retry-Gap Dropped; 'dst_tcp_action_on_syn_fail': TCP Auth: SYN Retry Dropped; 'dst_tcp_action_on_syn_pass': TCP Auth: SYN Retry Passed; 'udp_payload_too_small': UDP Payload Too Small; 'udp_payload_too_big': UDP Payload Too Large; 'dst_udp_conn_prate_excd': UDP Rate: Conn Pkt Exceeded; 'dst_udp_ntp_monlist_req': UDP NTP Monlist Request; 'dst_udp_ntp_monlist_resp': UDP NTP Monlist Response; 'dst_udp_wellknown_sport_drop': UDP SrcPort Wellknown; 'dst_udp_retry_init': UDP Auth: Retry Init; 'dst_udp_retry_pass': UDP Auth: Retry Passed; 'dst_tcp_bytes_drop': TCP Total Bytes Dropped; 'dst_udp_bytes_drop': UDP Total Bytes Dropped; 'dst_icmp_bytes_drop': ICMP Total Bytes Dropped; 'dst_other_bytes_drop': OTHER Total Bytes Dropped; 'dst_out_no_route': Dst IPv4/v6 Out No Route; 'outbound_bytes_sent': Outbound: Bytes Forwarded; 'outbound_pkt_drop': Outbound: Packets Dropped; 'outbound_bytes_drop': Outbound: Bytes Dropped; 'outbound_pkt_sent': Outbound: Packets Forwarded; 'inbound_bytes_sent': Inbound: Bytes Forwarded; 'inbound_bytes_drop': Inbound: Bytes Dropped; 'dst_src_port_pkt_rate_exceed': SrcPort Rate: Packet Exceeded; 'dst_src_port_kbit_rate_exceed': SrcPort Rate: KiBit Exceeded; 'dst_src_port_conn_limit_exceed': SrcPort Limit: Conn Exceeded; 'dst_src_port_conn_rate_exceed': SrcPort Rate: Conn Exceeded; 'dst_ip_proto_pkt_rate_exceed': IP-Proto Rate: Packet Exceeded; 'dst_ip_proto_kbit_rate_exceed': IP-Proto Rate: KiBit Exceeded; 'dst_tcp_port_any_exceed': TCP Port Rate: Total Exceed; 'dst_udp_port_any_exceed': UDP Port Rate: Total Exceed; 'dst_tcp_auth_pass': TCP Auth: SYN Auth Passed; 'dst_tcp_rst_cookie_fail': TCP Auth: RST Cookie Failed; 'dst_tcp_unauth_drop': TCP Auth: Unauth Dropped; 'src_tcp_syn_auth_fail': Src TCP Auth: SYN Auth Failed; 'src_tcp_syn_cookie_sent': Src TCP Auth: SYN Cookie Sent; 'src_tcp_syn_cookie_fail': Src TCP Auth: SYN Cookie Failed; 'src_tcp_rst_cookie_fail': Src TCP Auth: RST Cookie Failed; 'src_tcp_unauth_drop': Src TCP Auth: Unauth Dropped; 'src_tcp_action_on_syn_init': Src TCP Auth: SYN Retry Init; **Type:** string **Supported Values:** all, dst_tcp_any_exceed, dst_tcp_pkt_rate_exceed, dst_tcp_conn_rate_exceed, dst_udp_any_exceed, dst_udp_pkt_rate_exceed, dst_udp_conn_limit_exceed, dst_udp_conn_rate_exceed, dst_icmp_pkt_rate_exceed, dst_other_pkt_rate_exceed, dst_other_frag_pkt_rate_exceed, dst_port_pkt_rate_exceed, dst_port_conn_limit_exceed, dst_port_conn_rate_exceed, dst_pkt_sent, dst_udp_pkt_sent, dst_tcp_pkt_sent, dst_icmp_pkt_sent, dst_other_pkt_sent, dst_tcp_conn_limit_exceed, dst_tcp_pkt_rcvd, dst_udp_pkt_rcvd, dst_icmp_pkt_rcvd, dst_other_pkt_rcvd, dst_udp_filter_match, dst_udp_filter_not_match, dst_udp_filter_action_blacklist, dst_udp_filter_action_drop, dst_tcp_syn, dst_tcp_syn_drop, dst_tcp_src_rate_drop, dst_udp_src_rate_drop, dst_icmp_src_rate_drop, dst_other_frag_src_rate_drop, dst_other_src_rate_drop, dst_tcp_drop, dst_udp_drop, dst_icmp_drop, dst_frag_drop, dst_other_drop, dst_tcp_auth, dst_udp_filter_action_default_pass, dst_tcp_filter_match, dst_tcp_filter_not_match, dst_tcp_filter_action_blacklist, dst_tcp_filter_action_drop, dst_tcp_filter_action_default_pass, dst_udp_filter_action_whitelist, dst_over_limit_on, dst_over_limit_off, dst_port_over_limit_on, dst_port_over_limit_off, dst_over_limit_action, dst_port_over_limit_action, scanning_detected_drop, scanning_detected_blacklist, dst_udp_kibit_rate_drop, dst_tcp_kibit_rate_drop, dst_icmp_kibit_rate_drop, dst_other_kibit_rate_drop, dst_port_undef_drop, dst_port_bl, dst_src_port_bl, dst_port_kbit_rate_exceed, dst_tcp_src_drop, dst_udp_src_drop, dst_icmp_src_drop, dst_other_src_drop, tcp_syn_rcvd, tcp_syn_ack_rcvd, tcp_ack_rcvd, tcp_fin_rcvd, tcp_rst_rcvd, ingress_bytes, egress_bytes, ingress_packets, egress_packets, tcp_fwd_recv, udp_fwd_recv, icmp_fwd_recv, tcp_syn_cookie_fail, dst_tcp_session_created, dst_udp_session_created, dst_tcp_filter_action_whitelist, dst_other_filter_match, dst_other_filter_not_match, dst_other_filter_action_blacklist, dst_other_filter_action_drop, dst_other_filter_action_whitelist, dst_other_filter_action_default_pass, dst_blackhole_inject, dst_blackhole_withdraw, dst_tcp_out_of_seq_excd, dst_tcp_retransmit_excd, dst_tcp_zero_window_excd, dst_tcp_conn_prate_excd, dst_tcp_action_on_ack_init, dst_tcp_action_on_ack_gap_drop, dst_tcp_action_on_ack_fail, dst_tcp_action_on_ack_pass, dst_tcp_action_on_syn_init, dst_tcp_action_on_syn_gap_drop, dst_tcp_action_on_syn_fail, dst_tcp_action_on_syn_pass, udp_payload_too_small, udp_payload_too_big, dst_udp_conn_prate_excd, dst_udp_ntp_monlist_req, dst_udp_ntp_monlist_resp, dst_udp_wellknown_sport_drop, dst_udp_retry_init, dst_udp_retry_pass, dst_tcp_bytes_drop, dst_udp_bytes_drop, dst_icmp_bytes_drop, dst_other_bytes_drop, dst_out_no_route, outbound_bytes_sent, outbound_pkt_drop, outbound_bytes_drop, outbound_pkt_sent, inbound_bytes_sent, inbound_bytes_drop, dst_src_port_pkt_rate_exceed, dst_src_port_kbit_rate_exceed, dst_src_port_conn_limit_exceed, dst_src_port_conn_rate_exceed, dst_ip_proto_pkt_rate_exceed, dst_ip_proto_kbit_rate_exceed, dst_tcp_port_any_exceed, dst_udp_port_any_exceed, dst_tcp_auth_pass, dst_tcp_rst_cookie_fail, dst_tcp_unauth_drop, src_tcp_syn_auth_fail, src_tcp_syn_cookie_sent, src_tcp_syn_cookie_fail, src_tcp_rst_cookie_fail, src_tcp_unauth_drop, src_tcp_action_on_syn_init **counters2** **Description** 'src_tcp_action_on_syn_gap_drop': Src TCP Auth: SYN Retry-Gap Dropped; 'src_tcp_action_on_syn_fail': Src TCP Auth: SYN Retry Dropped; 'src_tcp_action_on_ack_init': Src TCP Auth: ACK Retry Init; 'src_tcp_action_on_ack_gap_drop': Src TCP Auth: ACK Retry Retry-Gap Dropped; 'src_tcp_action_on_ack_fail': Src TCP Auth: ACK Retry Dropped; 'src_tcp_out_of_seq_excd': Src TCP Out-Of-Seq Exceeded; 'src_tcp_retransmit_excd': Src TCP Retransmit Exceeded; 'src_tcp_zero_window_excd': Src TCP Zero-Window Exceeded; 'src_tcp_conn_prate_excd': Src TCP Rate: Conn Pkt Exceeded; 'src_udp_min_payload': Src UDP Payload Too Small; 'src_udp_max_payload': Src UDP Payload Too Large; 'src_udp_conn_prate_excd': Src UDP Rate: Conn Pkt Exceeded; 'src_udp_ntp_monlist_req': Src UDP NTP Monlist Request; 'src_udp_ntp_monlist_resp': Src UDP NTP Monlist Response; 'src_udp_wellknown_sport_drop': Src UDP SrcPort Wellknown; 'src_udp_retry_init': Src UDP Auth: Retry Init; 'dst_udp_retry_gap_drop': UDP Auth: Retry-Gap Dropped; 'dst_udp_retry_fail': UDP P Sessions Aged; 'dst_tcp_session_aged': TCP Sessions Aged; 'dst_udp_session_aged': UDP Sessions Aged; 'dst_tcp_conn_close': TCP Connections Closed; 'dst_tcp_conn_close_half_open': TCP Half Open Connections Closed; 'dst_l4_tcp_auth': TCP Dst L4-Type Auth: SYN Cookie Sent; 'tcp_l4_syn_cookie_fail': TCP Dst L4-Type Auth: SYN Cookie Failed; 'tcp_l4_rst_cookie_fail': TCP Dst L4-Type Auth: RST Cookie Failed; 'tcp_l4_unauth_drop': TCP Dst L4-Type Auth: Unauth Dropped; 'dst_drop_frag_pkt': Dst Fragmented Packets Dropped; 'src_tcp_filter_action_blacklist': Src TCP Filter Action Blacklist; 'src_tcp_filter_action_whitelist': Src TCP Filter Action WL; 'src_tcp_filter_action_drop': Src TCP Filter Action Drop; 'src_tcp_filter_action_default_pass': Src TCP Filter Action Default Pass; 'src_udp_filter_action_blacklist': Src UDP Filter Action Blacklist; 'src_udp_filter_action_whitelist': Src UDP Filter Action WL; 'src_udp_filter_action_drop': Src UDP Filter Action Drop; 'src_udp_filter_action_default_pass': Src UDP Filter Action Default Pass; 'src_other_filter_action_blacklist': Src OTHER Filter Action Blacklist; 'src_other_filter_action_whitelist': Src OTHER Filter Action WL; 'src_other_filter_action_drop': Src OTHER Filter Action Drop; 'src_other_filter_action_default_pass': Src OTHER Filter Action Default Pass; 'tcp_invalid_syn': TCP Invalid SYN Received; 'dst_tcp_conn_close_w_rst': TCP RST Connections Closed; 'dst_tcp_conn_close_w_fin': TCP FIN Connections Closed; 'dst_tcp_conn_close_w_idle': TCP Idle Connections Closed; 'dst_tcp_conn_create_from_syn': TCP Connections Created From SYN; 'dst_tcp_conn_create_from_ack': TCP Connections Created From ACK; 'src_frag_drop': Src Fragmented Packets Dropped; 'dst_l4_tcp_blacklist_drop': Dst L4-type TCP Blacklist Dropped; 'dst_l4_udp_blacklist_drop': Dst L4-type UDP Blacklist Dropped; 'dst_l4_icmp_blacklist_drop': No Policy Class-list Match; 'dst_l4_other_blacklist_drop': Dst L4-type OTHER Blacklist Dropped; 'src_l4_tcp_blacklist_drop': Src L4-type TCP Blacklist Dropped; 'src_l4_udp_blacklist_drop': Src L4-type UDP Blacklist Dropped; 'src_l4_icmp_blacklist_drop': Src L4-type ICMP Blacklist Dropped; 'src_l4_other_blacklist_drop': Src L4-type OTHER Blacklist Dropped; 'drop_frag_timeout_drop': Fragment Reassemble Timeout Drop; 'dst_port_kbit_rate_exceed_pkt': Port Rate: KiBit Pkt Exceeded; 'dst_tcp_bytes_rcv': TCP Total Bytes Received; 'dst_udp_bytes_rcv': UDP Total Bytes Received; 'dst_icmp_bytes_rcv': ICMP Total Bytes Received; 'dst_other_bytes_rcv': OTHER Total Bytes Received; 'dst_tcp_bytes_sent': TCP Total Bytes Forwarded; 'dst_udp_bytes_sent': UDP Total Bytes Forwarded; 'dst_icmp_bytes_sent': ICMP Total Bytes Forwarded; 'dst_other_bytes_sent': OTHER Total Bytes Forwarded; 'dst_udp_auth_drop': UDP Auth: Dropped; 'dst_tcp_auth_drop': TCP Auth: Dropped; 'dst_tcp_auth_resp': TCP Auth: Responded; 'inbound_pkt_drop': Inbound: Packets Dropped; 'dst_entry_pkt_rate_exceed': Entry Rate: Packet Exceeded; 'dst_entry_kbit_rate_exceed': Entry Rate: KiBit Exceeded; 'dst_entry_conn_limit_exceed': Entry Limit: Conn Exceeded; 'dst_entry_conn_rate_exceed': Entry Rate: Conn Exceeded; 'dst_entry_frag_pkt_rate_exceed': Entry Rate: Frag Packet Exceeded; 'dst_icmp_any_exceed': ICMP Rate: Total Exceed; 'dst_other_any_exceed': OTHER Rate: Total Exceed; 'src_dst_pair_entry_total': Src-Dst Pair Entry Total Count; 'src_dst_pair_entry_udp': Src-Dst Pair Entry UDP Count; 'src_dst_pair_entry_tcp': Src-Dst Pair Entry TCP Count; 'src_dst_pair_entry_icmp': Src-Dst Pair Entry ICMP Count; 'src_dst_pair_entry_other': Src-Dst Pair Entry OTHER Count; 'dst_clist_overflow_policy_at_learning': Dst Src-Based Overflow Policy Hit; 'tcp_rexmit_syn_limit_drop': TCP SYN Retransmit Exceeded Drop; 'tcp_rexmit_syn_limit_bl': TCP SYN Retransmit Exceeded Blacklist; 'dst_tcp_wellknown_sport_drop': TCP SrcPort Wellknown; 'src_tcp_wellknown_sport_drop': Src TCP SrcPort Wellknown; 'dst_frag_rcvd': Fragmented Packets Received; 'no_policy_class_list_match': No Policy Class-list Match; 'src_udp_retry_gap_drop': Src UDP Auth: Retry-Gap Dropped; 'dst_entry_kbit_rate_exceed_count': Entry Rate: KiBit Exceeded Count; 'dst_port_undef_hit': Dst Port Undefined Hit; 'dst_tcp_action_on_ack_timeout': TCP Auth: ACK Retry Timeout; 'dst_tcp_action_on_ack_reset': TCP Auth: ACK Retry Timeout Reset; 'dst_tcp_action_on_ack_blacklist': TCP Auth: ACK Retry Timeout Blacklisted; 'src_tcp_action_on_ack_timeout': Src TCP Auth: ACK Retry Timeout; 'src_tcp_action_on_ack_reset': Src TCP Auth: ACK Retry Timeout Reset; 'src_tcp_action_on_ack_blacklist': Src TCP Auth: ACK Retry Timeout Blacklisted; 'dst_tcp_action_on_syn_timeout': TCP Auth: SYN Retry Timeout; 'dst_tcp_action_on_syn_reset': TCP Auth: SYN Retry Timeout Reset; 'dst_tcp_action_on_syn_blacklist': TCP Auth: SYN Retry Timeout Blacklisted; 'src_tcp_action_on_syn_timeout': Src TCP Auth: SYN Retry Timeout; 'src_tcp_action_on_syn_reset': Src TCP Auth: SYN Retry Timeout Reset; 'src_tcp_action_on_syn_blacklist': Src TCP Auth: SYN Retry Timeout Blacklisted; 'dst_udp_frag_pkt_rate_exceed': UDP Dst L4-Type Rate: Frag Exceeded; 'dst_udp_frag_src_rate_drop': UDP Src Rate: Frag Exceeded; 'dst_tcp_frag_pkt_rate_exceed': TCP Dst L4-Type Rate: Frag Exceeded; 'dst_tcp_frag_src_rate_drop': TCP Src Rate: Frag Exceeded; 'dst_icmp_frag_pkt_rate_exceed': ICMP Dst L4-Type Rate: Frag Exceeded; 'dst_icmp_frag_src_rate_drop': ICMP Src Rate: Frag Exceeded; 'sflow_internal_samples_packed': Sflow Internal Samples Packed; 'sflow_external_samples_packed': Sflow External Samples Packed; 'sflow_internal_packets_sent': Sflow Internal Packets Sent; 'sflow_external_packets_sent': Sflow External Packets Sent; 'dns_outbound_total_query': DNS Outbound Total Query; 'dns_outbound_query_malformed': DNS Outbound Query Malformed; 'dns_outbound_query_resp_chk_failed': DNS Outbound Query Resp Check Failed; 'dns_outbound_query_resp_chk_blacklisted': DNS Outbound Query Resp Check Blacklisted; 'dns_outbound_query_resp_chk_refused_sent': DNS Outbound Query Resp Check REFUSED Sent; 'dns_outbound_query_resp_chk_reset_sent': DNS Outbound Query Resp Check RESET Sent; 'dns_outbound_query_resp_chk_no_resp_sent': DNS Outbound Query Resp Check No Response Sent; 'dns_outbound_query_resp_size_exceed': DNS Outbound Query Response Size Exceed; 'dns_outbound_query_sess_timed_out': DNS Outbound Query Session Timed Out; 'dst_exceed_action_tunnel': Entry Exceed Action: Tunnel; 'src_udp_auth_timeout': Src UDP Auth: Retry Timeout; 'src_udp_retry_pass': Src UDP Retry Passed; **Type:** string **Supported Values:** src_tcp_action_on_syn_gap_drop, src_tcp_action_on_syn_fail, src_tcp_action_on_ack_init, src_tcp_action_on_ack_gap_drop, src_tcp_action_on_ack_fail, src_tcp_out_of_seq_excd, src_tcp_retransmit_excd, src_tcp_zero_window_excd, src_tcp_conn_prate_excd, src_udp_min_payload, src_udp_max_payload, src_udp_conn_prate_excd, src_udp_ntp_monlist_req, src_udp_ntp_monlist_resp, src_udp_wellknown_sport_drop, src_udp_retry_init, dst_udp_retry_gap_drop, dst_udp_retry_fail, dst_tcp_session_aged, dst_udp_session_aged, dst_tcp_conn_close, dst_tcp_conn_close_half_open, dst_l4_tcp_auth, tcp_l4_syn_cookie_fail, tcp_l4_rst_cookie_fail, tcp_l4_unauth_drop, dst_drop_frag_pkt, src_tcp_filter_action_blacklist, src_tcp_filter_action_whitelist, src_tcp_filter_action_drop, src_tcp_filter_action_default_pass, src_udp_filter_action_blacklist, src_udp_filter_action_whitelist, src_udp_filter_action_drop, src_udp_filter_action_default_pass, src_other_filter_action_blacklist, src_other_filter_action_whitelist, src_other_filter_action_drop, src_other_filter_action_default_pass, tcp_invalid_syn, dst_tcp_conn_close_w_rst, dst_tcp_conn_close_w_fin, dst_tcp_conn_close_w_idle, dst_tcp_conn_create_from_syn, dst_tcp_conn_create_from_ack, src_frag_drop, dst_l4_tcp_blacklist_drop, dst_l4_udp_blacklist_drop, dst_l4_icmp_blacklist_drop, dst_l4_other_blacklist_drop, src_l4_tcp_blacklist_drop, src_l4_udp_blacklist_drop, src_l4_icmp_blacklist_drop, src_l4_other_blacklist_drop, drop_frag_timeout_drop, dst_port_kbit_rate_exceed_pkt, dst_tcp_bytes_rcv, dst_udp_bytes_rcv, dst_icmp_bytes_rcv, dst_other_bytes_rcv, dst_tcp_bytes_sent, dst_udp_bytes_sent, dst_icmp_bytes_sent, dst_other_bytes_sent, dst_udp_auth_drop, dst_tcp_auth_drop, dst_tcp_auth_resp, inbound_pkt_drop, dst_entry_pkt_rate_exceed, dst_entry_kbit_rate_exceed, dst_entry_conn_limit_exceed, dst_entry_conn_rate_exceed, dst_entry_frag_pkt_rate_exceed, dst_icmp_any_exceed, dst_other_any_exceed, src_dst_pair_entry_total, src_dst_pair_entry_udp, src_dst_pair_entry_tcp, src_dst_pair_entry_icmp, src_dst_pair_entry_other, dst_clist_overflow_policy_at_learning, tcp_rexmit_syn_limit_drop, tcp_rexmit_syn_limit_bl, dst_tcp_wellknown_sport_drop, src_tcp_wellknown_sport_drop, dst_frag_rcvd, no_policy_class_list_match, src_udp_retry_gap_drop, dst_entry_kbit_rate_exceed_count, dst_port_undef_hit, dst_tcp_action_on_ack_timeout, dst_tcp_action_on_ack_reset, dst_tcp_action_on_ack_blacklist, src_tcp_action_on_ack_timeout, src_tcp_action_on_ack_reset, src_tcp_action_on_ack_blacklist, dst_tcp_action_on_syn_timeout, dst_tcp_action_on_syn_reset, dst_tcp_action_on_syn_blacklist, src_tcp_action_on_syn_timeout, src_tcp_action_on_syn_reset, src_tcp_action_on_syn_blacklist, dst_udp_frag_pkt_rate_exceed, dst_udp_frag_src_rate_drop, dst_tcp_frag_pkt_rate_exceed, dst_tcp_frag_src_rate_drop, dst_icmp_frag_pkt_rate_exceed, dst_icmp_frag_src_rate_drop, sflow_internal_samples_packed, sflow_external_samples_packed, sflow_internal_packets_sent, sflow_external_packets_sent, dns_outbound_total_query, dns_outbound_query_malformed, dns_outbound_query_resp_chk_failed, dns_outbound_query_resp_chk_blacklisted, dns_outbound_query_resp_chk_refused_sent, dns_outbound_query_resp_chk_reset_sent, dns_outbound_query_resp_chk_no_resp_sent, dns_outbound_query_resp_size_exceed, dns_outbound_query_sess_timed_out, dst_exceed_action_tunnel, src_udp_auth_timeout, src_udp_retry_pass **counters3** **Description** 'dst_hw_drop_rule_insert': Dst Hardware Drop Rules Inserted; 'dst_hw_drop_rule_remove': Dst Hardware Drop Rules Removed; 'src_hw_drop_rule_insert': Src Hardware Drop Rules Inserted; 'src_hw_drop_rule_remove': Src Hardware Drop Rules Removed; 'prog_first_req_time_exceed': Req-Resp: First Request Time Exceed; 'prog_req_resp_time_exceed': Req-Resp: Request to Response Time Exceed; 'prog_request_len_exceed': Req-Resp: Request Length Exceed; 'prog_response_len_exceed': Req-Resp: Response Length Exceed; 'prog_resp_req_ratio_exceed': Req-Resp: Response to Request Ratio Exceed; 'prog_resp_req_time_exceed': Req-Resp: Response to Request Time Exceed; 'entry_sync_message_received': Entry Sync Message Received; 'entry_sync_message_sent': Entry Sync Message Sent; 'prog_conn_sent_exceed': Connection: Sent Exceed; 'prog_conn_rcvd_exceed': Connection: Received Exceed; 'prog_conn_time_exceed': Connection: Time Exceed; 'prog_conn_rcvd_sent_ratio_exceed': Connection: Reveived to Sent Ratio Exceed; 'prog_win_sent_exceed': Time Window: Sent Exceed; 'prog_win_rcvd_exceed': Time Window: Received Exceed; 'prog_win_rcvd_sent_ratio_exceed': Time Window: Received to Sent Exceed; 'prog_exceed_drop': Req-Resp: Violation Exceed Dropped; 'prog_exceed_bl': Req-Resp: Violation Exceed Blacklisted; 'prog_conn_exceed_drop': Connection: Violation Exceed Dropped; 'prog_conn_exceed_bl': Connection: Violation Exceed Blacklisted; 'prog_win_exceed_drop': Time Window: Violation Exceed Dropped; 'prog_win_exceed_bl': Time Window: Violation Exceed Blacklisted; 'dst_exceed_action_drop': Entry Exceed Action: Dropped; 'src_hw_drop': Src Hardware Packets Dropped; 'dst_tcp_auth_rst': TCP Auth: Reset; 'dst_src_learn_overflow': Src Dynamic Entry Count Overflow; 'tcp_fwd_sent': TCP Inbound Packets Forwarded; 'udp_fwd_sent': UDP Inbound Packets Forwarded; **Type:** string **Supported Values:** dst_hw_drop_rule_insert, dst_hw_drop_rule_remove, src_hw_drop_rule_insert, src_hw_drop_rule_remove, prog_first_req_time_exceed, prog_req_resp_time_exceed, prog_request_len_exceed, prog_response_len_exceed, prog_resp_req_ratio_exceed, prog_resp_req_time_exceed, entry_sync_message_received, entry_sync_message_sent, prog_conn_sent_exceed, prog_conn_rcvd_exceed, prog_conn_time_exceed, prog_conn_rcvd_sent_ratio_exceed, prog_win_sent_exceed, prog_win_rcvd_exceed, prog_win_rcvd_sent_ratio_exceed, prog_exceed_drop, prog_exceed_bl, prog_conn_exceed_drop, prog_conn_exceed_bl, prog_win_exceed_drop, prog_win_exceed_bl, dst_exceed_action_drop, src_hw_drop, dst_tcp_auth_rst, dst_src_learn_overflow, tcp_fwd_sent, udp_fwd_sent .. _1278_dst_zone-list: dst_zone-list ^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **action-list** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **advertised-enable** **Description** BGP advertised **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **capture-config-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/capture-config/{name} ` **collector** **Type:** List **continuous-learning** **Description** Continuous learning of detection **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **description** **Description** Description for this Destination Zone **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **dest-nat-ip** **Description** Destination NAT IP address **Type:** string **Format:** ipv4-address **dest-nat-ipv6** **Description** Destination NAT IPv6 address **Type:** string **Format:** ipv6-address **detection** **Description:** detection is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_detection` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/detection ` **drop-frag-pkt** **Description** Drop fragmented packets **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **enable-top-k** **Type:** List **force-operational-mode** **Description** Force configure operational mode **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid** **Description** Global limit ID for the whole zone **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **hw-blacklist-blocking** **Description:** hw-blacklist-blocking is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_hw-blacklist-blocking` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/hw-blacklist-blocking ` **inbound-forward-dscp** **Description** To set dscp value for inbound packets (DSCP Value for the clear traffic marking) **Type:** number **Range:** 1-63 **ip** **Type:** List **ip-proto** **Description:** ip-proto is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_ip-proto` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto ` **ipv6** **Type:** List **is-from-wizard** **Description** Is It Created from Onbox GUI Wizard **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **log-enable** **Description** Enable logging **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **log-high-frequency** **Description** Enable High frequency logging for non-event logs per zone **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **log-periodic** **Description** Enable log periodic **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **non-restrictive** **Description** Non-restrictive mode ignores Zero Thresholds Indicators **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **operational-mode** **Description** 'idle': Idle mode; 'monitor': Monitor mode; 'learning': Learning mode; **Type:** string **Supported Values:** idle, monitor, learning **Default:** idle **outbound-forward-dscp** **Description** To set dscp value for outbound **Type:** number **Range:** 1-63 **outbound-policy** **Description:** outbound-policy is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_outbound-policy` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/outbound-policy ` **packet-anomaly-detection** **Description:** packet-anomaly-detection is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_packet-anomaly-detection` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/packet-anomaly-detection ` **pattern-recognition-hw-filter-enable** **Description** to enable pattern recognition hardware filter **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **pattern-recognition-sensitivity** **Description** 'high': High sensitive pattern recognition; 'medium': Medium sensitive pattern recognition; 'low': Low sensitive pattern recognition; **Type:** string **Supported Values:** high, medium, low **per-addr-glid** **Description** Global limit ID per address **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **port** **Description:** port is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_port` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port ` **port-range-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol} ` **rate-limit** **Description** Rate limit per second per zone(Default : 1 per second) **Type:** number **Range:** 1-1000 **Default:** 1 **reporting-disabled** **Description** Disable Reporting **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **sampling-enable** **Type:** List **set-counter-base-val** **Description** Set T2 counter value of current context to specified value **Type:** number **Range:** 1-4294967295 **sflow-common** **Description** Enable sFlow counter polling packets, tcp-basic, tcp-stateful and http. WARNING: Zone level Sflow polling might induce heavy CP **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** sflow-common,sflow-packets, sflow-layer-4, sflow-tcp-basic, sflow-tcp-stateful, and sflow-http are mutually exclusive **sflow-http** **Description** Enable sFlow HTTP counter polling. WARNING: Zone level Sflow polling might induce heavy CPU load depending on the total number **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** sflow-http and sflow-common are mutually exclusive **sflow-layer-4** **Description** Enable sFlow Layer 4 counter polling. WARNING: Zone level Sflow polling might induce heavy CPU load depending on the number of **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** sflow-layer-4 and sflow-common are mutually exclusive **sflow-packets** **Description** Enable sFlow packet-level counter polling. WARNING: Zone level Sflow polling might induce heavy CPU load depending on the total **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** sflow-packets and sflow-common are mutually exclusive **sflow-tcp** **Description:** sflow-tcp is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_sflow-tcp` **Type:** Object **source-nat-pool** **Description** Configure source NAT **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **src-port** **Description:** src-port is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_src-port` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/src-port ` **src-port-range-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/src-port-range/{src-port-range-start}+{src-port-range-end}+{protocol} ` **telemetry-enable** **Description** Enable from-l3-peer flag for the zone, thus all the ip entries in the zone will be dynamically created/deleted based on the BGP **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **topk-destinations** **Description:** topk-destinations is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_topk-destinations` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/topk-destinations ` **traffic-distribution-mode** **Description** 'default': Distribute traffic to one slot using default distribution mechanism; 'source-ip-based': Distribute traffic between slots, based on source ip; **Type:** string **Supported Values:** default, source-ip-based **Default:** default **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **web-gui** **Description:** web-gui is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_web-gui` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/web-gui ` **zone-name** **Description** **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **zone-profile** **Description** Apply threshold profile **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/zone-profile ` **zone-template** **Description:** zone-template is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_zone-template` **Type:** Object .. _1278_dst_zone-list_outbound-policy: dst_zone-list_outbound-policy ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **name** **Description** Specify name of the outbound policy **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/outbound-policy ` **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_ip: dst_zone-list_ip ^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **expand-ip-subnet** **Description** Expand this subnet to individual IP address **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **expand-ip-subnet-mode** **Description** 'default': Default learning mechanism (Default: Dynamic); 'dynamic': Dynamic learning; 'static': Static learning; **Type:** string **Supported Values:** default, dynamic, static **Default:** default **ip-addr** **Description** Specify IP address **Type:** string **Format:** ipv4-address **subnet-ip-addr** **Description** IP Subnet **Type:** string **Format:** ipv4-cidr .. _1278_dst_zone-list_detection: dst_zone-list_detection ^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **notification** **Description:** notification is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_detection_notification` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/detection/notification ` **outbound-detection** **Description:** outbound-detection is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_detection_outbound-detection` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/detection/outbound-detection ` **packet-anomaly-detection** **Description:** packet-anomaly-detection is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_detection_packet-anomaly-detection` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/detection/packet-anomaly-detection ` **service-discovery** **Description:** service-discovery is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_detection_service-discovery` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/detection/service-discovery ` **settings** **Description** 'settings': settings; **Type:** string **Supported Values:** settings **toggle** **Description** 'enable': Enable detection; 'disable': Disable detection; **Type:** string **Supported Values:** enable, disable **Default:** enable **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **victim-ip-detection** **Description:** victim-ip-detection is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_detection_victim-ip-detection` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/detection/victim-ip-detection ` .. _1278_dst_zone-list_detection_packet-anomaly-detection: dst_zone-list_detection_packet-anomaly-detection ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **configuration** **Description** 'configuration': configuration; **Type:** string **Supported Values:** configuration **indicator-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/detection/packet-anomaly-detection/indicator/{type} ` **toggle** **Description** 'enable': Enable packet anomaly; 'disable': Disable packet anomaly; **Type:** string **Supported Values:** enable, disable **Default:** enable **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_detection_packet-anomaly-detection_indicator-list: dst_zone-list_detection_packet-anomaly-detection_indicator-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **threshold-num** **Description** Threshold for each indicator **Type:** number **Range:** 1-65535 **Default:** 100 **type** **Description** 'port-zero-pkt-rate': Port Zero Packet Rate (default 100 packet per second); **Type:** string **Supported Values:** port-zero-pkt-rate **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_detection_victim-ip-detection: dst_zone-list_detection_victim-ip-detection ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **configuration** **Description** 'configuration': configuration; **Type:** string **Supported Values:** configuration **histogram-toggle** **Description** 'histogram-enable': Enable histogram statistics of victim IP detection; 'histogram-disable': Disable histogram statistics of victim IP detection; **Type:** string **Supported Values:** histogram-enable, histogram-disable **Default:** histogram-disable **indicator-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/detection/victim-ip-detection/indicator/{type} ` **toggle** **Description** 'enable': Enable victim IP detection; 'disable': Disable victim IP detection; **Type:** string **Supported Values:** enable, disable **Default:** disable **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_detection_victim-ip-detection_indicator-list: dst_zone-list_detection_victim-ip-detection_indicator-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **ip-threshold-num** **Description** Threshold for IP **Type:** number **Range:** 1-2147483647 **type** **Description** 'pkt-rate': rate of incoming packets; 'reverse-pkt-rate': rate of reverse coming packets; 'fwd-byte-rate': rate of incoming bytes; 'rev-byte-rate': rate of reverse coming bytes; **Type:** string **Supported Values:** pkt-rate, reverse-pkt-rate, fwd-byte-rate, rev-byte-rate **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_detection_notification: dst_zone-list_detection_notification ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **configuration** **Description** 'configuration': configuration; **Type:** string **Supported Values:** configuration **notification** **Type:** List **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_detection_notification_notification: dst_zone-list_detection_notification_notification ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **notification-template-name** **Description** Specify the notification template name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/notification-template ` .. _1278_dst_zone-list_detection_service-discovery: dst_zone-list_detection_service-discovery ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **configuration** **Description** 'configuration': configuration; **Type:** string **Supported Values:** configuration **pkt-rate-threshold** **Description** packet rate threshold for discovery (default 10 packets per second) **Type:** number **Range:** 1-255 **Default:** 10 **toggle** **Description** 'enable': Enable service discovery; 'disable': Disable service discovery; **Type:** string **Supported Values:** enable, disable **Default:** disable **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_detection_outbound-detection: dst_zone-list_detection_outbound-detection ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **configuration** **Description** 'configuration': configuration; **Type:** string **Supported Values:** configuration **discovery-method** **Description** 'asn': Autonomous Systems number; 'country': Country; **Type:** string **Supported Values:** asn, country **discovery-record** **Description** Maximum number of top locations **Type:** number **Range:** 1-100 **Default:** 10 **enable-top-k** **Type:** List **indicator-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/detection/outbound-detection/indicator/{type} ` **toggle** **Description** 'enable': Enable outbound detection; 'disable': Disable outbound detection; **Type:** string **Supported Values:** enable, disable **Default:** disable **topk-source-subnet** **Description:** topk-source-subnet is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_detection_outbound-detection_topk-source-subnet` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/detection/outbound-detection/topk-source-subnet ` **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_detection_outbound-detection_topk-source-subnet: dst_zone-list_detection_outbound-detection_topk-source-subnet ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_detection_outbound-detection_enable-top-k: dst_zone-list_detection_outbound-detection_enable-top-k ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **topk-netmask** **Description** Subnet mask. The value should be less than or equal to the minimum zone subnet mask + 8 (IPv6 Subnet mask) **Type:** number **Range:** 1-128 **Default:** 128 **topk-num-records** **Description** Maximum number of records to show in topk **Type:** number **Range:** 1-100 **Default:** 20 **topk-type** **Description** 'source-subnet': Topk source subnet; **Type:** string **Supported Values:** source-subnet .. _1278_dst_zone-list_detection_outbound-detection_indicator-list: dst_zone-list_detection_outbound-detection_indicator-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **data-packet-size** **Description** Expected minimal data size **Type:** number **Range:** 1-1500 **tcp-window-size** **Description** Expected minimal window size **Type:** number **Range:** 1-500 **threshold-large-num** **Description** Threshold for each geo-location **Type:** number **Range:** 1-10995116277760 **threshold-num** **Description** Threshold for each geo-location **Type:** number **Range:** 1-2147483647 **threshold-str** **Description** Threshold for each geo-location (Non-zero floating point) **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters **type** **Description** 'pkt-rate': rate of incoming packets; 'pkt-drop-rate': rate of packets got dropped; 'bit-rate': rate of incoming bits; 'pkt-drop-ratio': ratio of incoming packet rate divided by the rate of dropping packets; 'bytes-to-bytes-from-ratio': ratio of incoming packet rate divided by the rate of outgoing packets; 'syn-rate': rate on incoming SYN packets; 'fin-rate': rate on incoming FIN packets; 'rst-rate': rate of incoming RST packets; 'small-window-ack-rate': rate of small window advertisement; 'empty-ack-rate': rate of incoming packets which have no payload; 'small-payload-rate': rate of short payload packet; 'syn-fin-ratio': ratio of incoming SYN packet rate divided by the rate of incoming FIN packets; **Type:** string **Supported Values:** pkt-rate, pkt-drop-rate, bit-rate, pkt-drop-ratio, bytes-to-bytes-from-ratio, syn-rate, fin-rate, rst-rate, small-window-ack-rate, empty-ack-rate, small-payload-rate, syn-fin-ratio **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_packet-anomaly-detection: dst_zone-list_packet-anomaly-detection ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_ip-proto: dst_zone-list_ip-proto ^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **proto-name-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol} ` **proto-number-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num} ` **proto-tcp-udp-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-tcp-udp/{protocol} ` .. _1278_dst_zone-list_ip-proto_proto-number-list: dst_zone-list_ip-proto_proto-number-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **age** **Description** Idle age for ip entry **Type:** number **Range:** 2-1023 **Default:** 5 **apply-policy-on-overflow** **Description** Enable this flag to apply overflow policy when dynamic entry count overflows **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **deny** **Description** Blacklist and Drop all incoming packets for this ip-proto **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **drop-frag-pkt** **Description** Drop fragmented packets **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dynamic-entry-overflow-policy-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}/dynamic-entry-overflow-policy/{dummy-name} ` **enable-class-list-overflow** **Description** Apply class-list overflow policy upon exceeding dynamic entry count specified for zone-port or class-list **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **enable-top-k** **Description** Enable ddos top-k source IP detection **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **enable-top-k-destination** **Description** Enable ddos top-k destination IP detection **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **esp-inspect** **Description:** esp-inspect is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_ip-proto_proto-number-list_esp-inspect` **Type:** Object **faster-de-escalation** **Description** De-escalate faster in standalone mode **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid-cfg** **Description:** glid-cfg is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_ip-proto_proto-number-list_glid-cfg` **Type:** Object **ip-filtering-policy** **Description** Configure IP Filter **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/ip-filtering-policy ` **ip-filtering-policy-oper** **Description:** ip-filtering-policy-oper is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_ip-proto_proto-number-list_ip-filtering-policy-oper` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}/ip-filtering-policy-oper ` **level-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}/level/{level-num} ` **manual-mode-enable** **Description** Toggle manual mode to use fix templates **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **manual-mode-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}/manual-mode/{config} ` **max-dynamic-entry-count** **Description** Maximum count for dynamic source zone service entry **Type:** number **Range:** 0-2147483647 **port-ind** **Description:** port-ind is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_ip-proto_proto-number-list_port-ind` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}/port-ind ` **progression-tracking** **Description:** progression-tracking is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_ip-proto_proto-number-list_progression-tracking` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}/progression-tracking ` **protocol-num** **Description** Protocol Number **Type:** number **Range:** 0-255 **set-counter-base-val** **Description** Set T2 counter value of current context to specified value **Type:** number **Range:** 1-4294967295 **src-based-policy-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}/src-based-policy/{src-based-policy-name} ` **topk-destinations** **Description:** topk-destinations is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_ip-proto_proto-number-list_topk-destinations` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}/topk-destinations ` **topk-dst-num-records** **Description** Maximum number of records to show in topk **Type:** number **Range:** 1-100 **Default:** 20 **topk-num-records** **Description** Maximum number of records to show in topk **Type:** number **Range:** 1-100 **Default:** 20 **topk-sources** **Description:** topk-sources is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_ip-proto_proto-number-list_topk-sources` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}/topk-sources ` **unlimited-dynamic-entry-count** **Description** No limit for maximum dynamic src entry count **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_ip-proto_proto-number-list_dynamic-entry-overflow-policy-list: dst_zone-list_ip-proto_proto-number-list_dynamic-entry-overflow-policy-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **action** **Description** 'bypass': Always permit for the Source to bypass all feature & limit checks; 'deny': Blacklist incoming packets for service; **Type:** string **Supported Values:** bypass, deny **dummy-name** **Description** 'configuration': Configure overflow policy; **Type:** string **Supported Values:** configuration **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-template** **Description:** zone-template is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_ip-proto_proto-number-list_dynamic-entry-overflow-policy-list_zone-template` **Type:** Object .. _1278_dst_zone-list_ip-proto_proto-number-list_dynamic-entry-overflow-policy-list_zone-template: dst_zone-list_ip-proto_proto-number-list_dynamic-entry-overflow-policy-list_zone-template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **ip-proto** **Description** DDOS ip-proto template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_ip-proto_proto-number-list_ip-filtering-policy-oper: dst_zone-list_ip-proto_proto-number-list_ip-filtering-policy-oper ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_ip-proto_proto-number-list_glid-cfg: dst_zone-list_ip-proto_proto-number-list_glid-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **action-list** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **glid** **Description** Global limit ID for the whole zone **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **glid-action** **Description** 'drop': Drop packets for glid exceed (Default); 'ignore': Do nothing for glid exceed; **Type:** string **Supported Values:** drop, ignore **per-addr-glid** **Description** Global limit ID per address **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` .. _1278_dst_zone-list_ip-proto_proto-number-list_level-list: dst_zone-list_ip-proto_proto-number-list_level-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **glid-action** **Description** 'drop': Drop packets for glid exceed (Default); 'blacklist-src': Blacklist-src for glid exceed; 'ignore': Do nothing for glid exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **indicator-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}/level/{level-num}/indicator/{type} ` **level-num** **Description** '0': Default policy level; '1': Policy level 1; '2': Policy level 2; '3': Policy level 3; '4': Policy level 4; **Type:** string **Supported Values:** 0, 1, 2, 3, 4 **src-default-glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **src-escalation-score** **Description** Source activation score of this level **Type:** number **Range:** 1-1000000 **src-violation-actions** **Description** Violation actions apply due to source escalate from this level **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/violation-actions ` **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-escalation-score** **Description** Zone activation score of this level **Type:** number **Range:** 1-1000000 **zone-template** **Description:** zone-template is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_ip-proto_proto-number-list_level-list_zone-template` **Type:** Object **zone-violation-actions** **Description** Violation actions apply due to zone escalate from this level **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/violation-actions ` .. _1278_dst_zone-list_ip-proto_proto-number-list_level-list_zone-template: dst_zone-list_ip-proto_proto-number-list_level-list_zone-template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **encap** **Description** DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **ip-proto** **Description** DDOS ip-proto template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_ip-proto_proto-number-list_level-list_indicator-list: dst_zone-list_ip-proto_proto-number-list_level-list_indicator-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **data-packet-size** **Description** Expected minimal data size **Type:** number **Range:** 1-1500 **score** **Description** Score corresponding to the indicator **Type:** number **Range:** 1-1000000 **src-threshold-large-num** **Description** Indicator per-src threshold **Type:** number **Range:** 1-10995116277760 **src-threshold-num** **Description** Indicator per-src threshold **Type:** number **Range:** 1-2147483647 **src-threshold-str** **Description** Indicator per-src threshold (Non-zero floating point) **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters **src-violation-actions** **Description** Violation actions to use when this src indicator threshold reaches **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/violation-actions ` **type** **Description** 'pkt-rate': rate of incoming packets; 'pkt-drop-rate': rate of packets got dropped; 'bit-rate': rate of incoming bits; 'pkt-drop-ratio': ratio of incoming packet rate divided by the rate of dropping packets; 'bytes-to-bytes-from-ratio': ratio of incoming packet rate divided by the rate of outgoing packets; 'frag-rate': rate of incoming fragmented packets; 'cpu-utilization': average data CPU utilization; 'interface-utilization': outside interface utilization; **Type:** string **Supported Values:** pkt-rate, pkt-drop-rate, bit-rate, pkt-drop-ratio, bytes-to-bytes-from-ratio, frag-rate, cpu-utilization, interface-utilization **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-threshold-large-num** **Description** Threshold for the entire zone **Type:** number **Range:** 1-10995116277760 **zone-threshold-num** **Description** Threshold for the entire zone **Type:** number **Range:** 1-2147483647 **zone-threshold-str** **Description** Threshold for the entire zone (Non-zero floating point) **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters **zone-violation-actions** **Description** Violation actions to use when this zone indicator threshold reaches **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/violation-actions ` .. _1278_dst_zone-list_ip-proto_proto-number-list_manual-mode-list: dst_zone-list_ip-proto_proto-number-list_manual-mode-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **config** **Description** 'configuration': Manual-mode configuration; **Type:** string **Supported Values:** configuration **glid-action** **Description** 'drop': Drop packets for glid exceed (Default); 'blacklist-src': Blacklist-src for glid exceed; 'ignore': Do nothing for glid exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **src-default-glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-template** **Description:** zone-template is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_ip-proto_proto-number-list_manual-mode-list_zone-template` **Type:** Object .. _1278_dst_zone-list_ip-proto_proto-number-list_manual-mode-list_zone-template: dst_zone-list_ip-proto_proto-number-list_manual-mode-list_zone-template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **encap** **Description** DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **ip-proto** **Description** DDOS ip-proto template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_ip-proto_proto-number-list_src-based-policy-list: dst_zone-list_ip-proto_proto-number-list_src-based-policy-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **policy-class-list-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}/src-based-policy/{src-based-policy-name}/policy-class-list/{class-list-name} ` **src-based-policy-name** **Description** Specify name of the policy **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_ip-proto_proto-number-list_src-based-policy-list_policy-class-list-list: dst_zone-list_ip-proto_proto-number-list_src-based-policy-list_policy-class-list-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **action** **Description** 'bypass': Always permit for the Source to bypass all feature & limit checks; 'deny': Blacklist incoming packets for service; **Type:** string **Supported Values:** bypass, deny **class-list-name** **Description** Class-list name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **class-list-overflow-policy-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}/src-based-policy/{src-based-policy-name}/policy-class-list/{class-list-name}/class-list-overflow-policy/{dummy-name} ` **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **glid-action** **Description** 'drop': Drop packets for glid exceed (Default); 'blacklist-src': Blacklist-src for glid exceed; 'ignore': Do nothing for glid exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **log-enable** **Description** Enable logging **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **log-periodic** **Description** Enable log periodic **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **max-dynamic-entry-count** **Description** Maximum count for dynamic source zone service entry allowed for this class-list **Type:** number **Range:** 0-2147483647 **sampling-enable** **Type:** List **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-template** **Description:** zone-template is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_ip-proto_proto-number-list_src-based-policy-list_policy-class-list-list_zone-template` **Type:** Object .. _1278_dst_zone-list_ip-proto_proto-number-list_src-based-policy-list_policy-class-list-list_sampling-enable: dst_zone-list_ip-proto_proto-number-list_src-based-policy-list_policy-class-list-list_sampling-enable ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'packet_received': Packets Received; 'packet_dropped': Packets Dropped; 'entry_learned': Entry Learned; 'entry_count_overflow': Entry Count Overflow; **Type:** string **Supported Values:** all, packet_received, packet_dropped, entry_learned, entry_count_overflow .. _1278_dst_zone-list_ip-proto_proto-number-list_src-based-policy-list_policy-class-list-list_zone-template: dst_zone-list_ip-proto_proto-number-list_src-based-policy-list_policy-class-list-list_zone-template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **ip-proto** **Description** DDOS ip-proto template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **logging** **Description** DDOS logging template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_ip-proto_proto-number-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list: dst_zone-list_ip-proto_proto-number-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **action** **Description** 'bypass': Always permit for the Source to bypass all feature & limit checks; 'deny': Blacklist incoming packets for service; **Type:** string **Supported Values:** bypass, deny **dummy-name** **Description** 'configuration': Configure overflow policy for class-list; **Type:** string **Supported Values:** configuration **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **log-enable** **Description** Enable logging **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **log-periodic** **Description** Enable log periodic **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-template** **Description:** zone-template is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_ip-proto_proto-number-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list_zone-template` **Type:** Object .. _1278_dst_zone-list_ip-proto_proto-number-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list_zone-template: dst_zone-list_ip-proto_proto-number-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list_zone-template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **ip-proto** **Description** DDOS ip-proto template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_ip-proto_proto-number-list_port-ind: dst_zone-list_ip-proto_proto-number-list_port-ind ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **sampling-enable** **Type:** List **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_ip-proto_proto-number-list_port-ind_sampling-enable: dst_zone-list_ip-proto_proto-number-list_port-ind_sampling-enable ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'ip-proto-type': IP Protocol Type; 'ddet_ind_pkt_rate_current': Pkt Rate Current; 'ddet_ind_pkt_rate_min': Pkt Rate Min; 'ddet_ind_pkt_rate_max': Pkt Rate Max; 'ddet_ind_pkt_rate_adaptive_threshold': Pkt Rate Adaptive Threshold; 'ddet_ind_pkt_drop_rate_current': Pkt Drop Rate Current; 'ddet_ind_pkt_drop_rate_min': Pkt Drop Rate Min; 'ddet_ind_pkt_drop_rate_max': Pkt Drop Rate Max; 'ddet_ind_pkt_drop_rate_adaptive_threshold': Pkt Drop Rate Adaptive Threshold; 'ddet_ind_syn_rate_current': TCP SYN Rate Current; 'ddet_ind_syn_rate_min': TCP SYN Rate Min; 'ddet_ind_syn_rate_max': TCP SYN Rate Max; 'ddet_ind_syn_rate_adaptive_threshold': TCP SYN Rate Adaptive Threshold; 'ddet_ind_fin_rate_current': TCP FIN Rate Current; 'ddet_ind_fin_rate_min': TCP FIN Rate Min; 'ddet_ind_fin_rate_max': TCP FIN Rate Max; 'ddet_ind_fin_rate_adaptive_threshold': TCP FIN Rate Adaptive Threshold; 'ddet_ind_rst_rate_current': TCP RST Rate Current; 'ddet_ind_rst_rate_min': TCP RST Rate Min; 'ddet_ind_rst_rate_max': TCP RST Rate Max; 'ddet_ind_rst_rate_adaptive_threshold': TCP RST Rate Adaptive Threshold; 'ddet_ind_small_window_ack_rate_current': TCP Small Window ACK Rate Current; 'ddet_ind_small_window_ack_rate_min': TCP Small Window ACK Rate Min; 'ddet_ind_small_window_ack_rate_max': TCP Small Window ACK Rate Max; 'ddet_ind_small_window_ack_rate_adaptive_threshold': TCP Small Window ACK Rate Adaptive Threshold; 'ddet_ind_empty_ack_rate_current': TCP Empty ACK Rate Current; 'ddet_ind_empty_ack_rate_min': TCP Empty ACK Rate Min; 'ddet_ind_empty_ack_rate_max': TCP Empty ACK Rate Max; 'ddet_ind_empty_ack_rate_adaptive_threshold': TCP Empty ACK Rate Adaptive Threshold; 'ddet_ind_small_payload_rate_current': TCP Small Payload Rate Current; 'ddet_ind_small_payload_rate_min': TCP Small Payload Rate Min; 'ddet_ind_small_payload_rate_max': TCP Small Payload Rate Max; 'ddet_ind_small_payload_rate_adaptive_threshold': TCP Small Payload Rate Adaptive Threshold; 'ddet_ind_pkt_drop_ratio_current': Pkt Drop / Pkt Rcvd Current; 'ddet_ind_pkt_drop_ratio_min': Pkt Drop / Pkt Rcvd Min; 'ddet_ind_pkt_drop_ratio_max': Pkt Drop / Pkt Rcvd Max; 'ddet_ind_pkt_drop_ratio_adaptive_threshold': Pkt Drop / Pkt Rcvd Adaptive Threshold; 'ddet_ind_inb_per_outb_current': Bytes-to / Bytes-from Current; 'ddet_ind_inb_per_outb_min': Bytes-to / Bytes-from Min; 'ddet_ind_inb_per_outb_max': Bytes-to / Bytes-from Max; 'ddet_ind_inb_per_outb_adaptive_threshold': Bytes-to / Bytes-from Adaptive Threshold; 'ddet_ind_syn_per_fin_rate_current': TCP SYN Rate / FIN Rate Current; 'ddet_ind_syn_per_fin_rate_min': TCP SYN Rate / FIN Rate Min; 'ddet_ind_syn_per_fin_rate_max': TCP SYN Rate / FIN Rate Max; 'ddet_ind_syn_per_fin_rate_adaptive_threshold': TCP SYN Rate / FIN Rate Adaptive Threshold; 'ddet_ind_conn_miss_rate_current': TCP Session Miss Rate Current; 'ddet_ind_conn_miss_rate_min': TCP Session Miss Rate Min; 'ddet_ind_conn_miss_rate_max': TCP Session Miss Rate Max; 'ddet_ind_conn_miss_rate_adaptive_threshold': TCP Session Miss Rate Adaptive Threshold; 'ddet_ind_concurrent_conns_current': TCP/UDP Concurrent Sessions Current; 'ddet_ind_concurrent_conns_min': TCP/UDP Concurrent Sessions Min; 'ddet_ind_concurrent_conns_max': TCP/UDP Concurrent Sessions Max; 'ddet_ind_concurrent_conns_adaptive_threshold': TCP/UDP Concurrent Sessions Adaptive Threshold; 'ddet_ind_data_cpu_util_current': Data CPU Utilization Current; 'ddet_ind_data_cpu_util_min': Data CPU Utilization Min; 'ddet_ind_data_cpu_util_max': Data CPU Utilization Max; 'ddet_ind_data_cpu_util_adaptive_threshold': Data CPU Utilization Adaptive Threshold; 'ddet_ind_outside_intf_util_current': Outside Interface Utilization Current; 'ddet_ind_outside_intf_util_min': Outside Interface Utilization Min; 'ddet_ind_outside_intf_util_max': Outside Interface Utilization Max; 'ddet_ind_outside_intf_util_adaptive_threshold': Outside Interface Utilization Adaptive Threshold; 'ddet_ind_frag_rate_current': Frag Pkt Rate Current; 'ddet_ind_frag_rate_min': Frag Pkt Rate Min; 'ddet_ind_frag_rate_max': Frag Pkt Rate Max; 'ddet_ind_frag_rate_adaptive_threshold': Frag Pkt Rate Adaptive Threshold; 'ddet_ind_bit_rate_current': Bit Rate Current; 'ddet_ind_bit_rate_min': Bit Rate Min; 'ddet_ind_bit_rate_max': Bit Rate Max; 'ddet_ind_bit_rate_adaptive_threshold': Bit Rate Adaptive Threshold; **Type:** string **Supported Values:** all, ip-proto-type, ddet_ind_pkt_rate_current, ddet_ind_pkt_rate_min, ddet_ind_pkt_rate_max, ddet_ind_pkt_rate_adaptive_threshold, ddet_ind_pkt_drop_rate_current, ddet_ind_pkt_drop_rate_min, ddet_ind_pkt_drop_rate_max, ddet_ind_pkt_drop_rate_adaptive_threshold, ddet_ind_syn_rate_current, ddet_ind_syn_rate_min, ddet_ind_syn_rate_max, ddet_ind_syn_rate_adaptive_threshold, ddet_ind_fin_rate_current, ddet_ind_fin_rate_min, ddet_ind_fin_rate_max, ddet_ind_fin_rate_adaptive_threshold, ddet_ind_rst_rate_current, ddet_ind_rst_rate_min, ddet_ind_rst_rate_max, ddet_ind_rst_rate_adaptive_threshold, ddet_ind_small_window_ack_rate_current, ddet_ind_small_window_ack_rate_min, ddet_ind_small_window_ack_rate_max, ddet_ind_small_window_ack_rate_adaptive_threshold, ddet_ind_empty_ack_rate_current, ddet_ind_empty_ack_rate_min, ddet_ind_empty_ack_rate_max, ddet_ind_empty_ack_rate_adaptive_threshold, ddet_ind_small_payload_rate_current, ddet_ind_small_payload_rate_min, ddet_ind_small_payload_rate_max, ddet_ind_small_payload_rate_adaptive_threshold, ddet_ind_pkt_drop_ratio_current, ddet_ind_pkt_drop_ratio_min, ddet_ind_pkt_drop_ratio_max, ddet_ind_pkt_drop_ratio_adaptive_threshold, ddet_ind_inb_per_outb_current, ddet_ind_inb_per_outb_min, ddet_ind_inb_per_outb_max, ddet_ind_inb_per_outb_adaptive_threshold, ddet_ind_syn_per_fin_rate_current, ddet_ind_syn_per_fin_rate_min, ddet_ind_syn_per_fin_rate_max, ddet_ind_syn_per_fin_rate_adaptive_threshold, ddet_ind_conn_miss_rate_current, ddet_ind_conn_miss_rate_min, ddet_ind_conn_miss_rate_max, ddet_ind_conn_miss_rate_adaptive_threshold, ddet_ind_concurrent_conns_current, ddet_ind_concurrent_conns_min, ddet_ind_concurrent_conns_max, ddet_ind_concurrent_conns_adaptive_threshold, ddet_ind_data_cpu_util_current, ddet_ind_data_cpu_util_min, ddet_ind_data_cpu_util_max, ddet_ind_data_cpu_util_adaptive_threshold, ddet_ind_outside_intf_util_current, ddet_ind_outside_intf_util_min, ddet_ind_outside_intf_util_max, ddet_ind_outside_intf_util_adaptive_threshold, ddet_ind_frag_rate_current, ddet_ind_frag_rate_min, ddet_ind_frag_rate_max, ddet_ind_frag_rate_adaptive_threshold, ddet_ind_bit_rate_current, ddet_ind_bit_rate_min, ddet_ind_bit_rate_max, ddet_ind_bit_rate_adaptive_threshold .. _1278_dst_zone-list_ip-proto_proto-number-list_topk-sources: dst_zone-list_ip-proto_proto-number-list_topk-sources ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_ip-proto_proto-number-list_esp-inspect: dst_zone-list_ip-proto_proto-number-list_esp-inspect ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **auth-algorithm** **Description** 'AUTH_NULL': No Integrity Check Value; 'HMAC-SHA-1-96': 96 bit Auth Algo; 'HMAC-SHA-256-96': 96 bit Auth Algo; 'HMAC-SHA-256-128': 128 bit Auth Algo; 'HMAC-SHA-384-192': 192 bit Auth Algo; 'HMAC-SHA-512-256': 256 bit Auth Algo; 'HMAC-MD5-96': 96 bit Auth Algo; 'MAC-RIPEMD-160-96': 96 bit Auth Algo; **Type:** string **Supported Values:** AUTH_NULL, HMAC-SHA-1-96, HMAC-SHA-256-96, HMAC-SHA-256-128, HMAC-SHA-384-192, HMAC-SHA-512-256, HMAC-MD5-96, MAC-RIPEMD-160-96 **encrypt-algorithm** **Description** 'NULL': Null Encryption Algorithm; **Type:** string **Supported Values:** NULL **mode** **Description** 'transport': Transport mode; **Type:** string **Supported Values:** transport .. _1278_dst_zone-list_ip-proto_proto-number-list_topk-destinations: dst_zone-list_ip-proto_proto-number-list_topk-destinations ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_ip-proto_proto-number-list_progression-tracking: dst_zone-list_ip-proto_proto-number-list_progression-tracking ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_ip-proto_proto-name-list: dst_zone-list_ip-proto_proto-name-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **age** **Description** Idle age for ip entry **Type:** number **Range:** 2-1023 **Default:** 5 **apply-policy-on-overflow** **Description** Enable this flag to apply overflow policy when dynamic entry count overflows **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **deny** **Description** Blacklist and Drop all incoming packets for ip-proto icmp-v4 **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **drop-frag-pkt** **Description** Drop fragmented packets **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dynamic-entry-overflow-policy-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol}/dynamic-entry-overflow-policy/{dummy-name} ` **enable-class-list-overflow** **Description** Apply class-list overflow policy upon exceeding dynamic entry count specified for zone-port or class-list **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **enable-top-k** **Description** Enable ddos top-k source IP detection **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **enable-top-k-destination** **Description** Enable ddos top-k destination IP detection **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **faster-de-escalation** **Description** De-escalate faster in standalone mode **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid-cfg** **Description:** glid-cfg is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_ip-proto_proto-name-list_glid-cfg` **Type:** Object **ip-filtering-policy** **Description** Configure IP Filter **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/ip-filtering-policy ` **ip-filtering-policy-oper** **Description:** ip-filtering-policy-oper is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_ip-proto_proto-name-list_ip-filtering-policy-oper` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol}/ip-filtering-policy-oper ` **key-cfg** **Type:** List **level-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol}/level/{level-num} ` **manual-mode-enable** **Description** Toggle manual mode to use fix templates **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **manual-mode-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol}/manual-mode/{config} ` **max-dynamic-entry-count** **Description** Maximum count for dynamic source zone service entry **Type:** number **Range:** 0-2147483647 **port-ind** **Description:** port-ind is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_ip-proto_proto-name-list_port-ind` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol}/port-ind ` **progression-tracking** **Description:** progression-tracking is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_ip-proto_proto-name-list_progression-tracking` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol}/progression-tracking ` **protocol** **Description** 'icmp-v4': ip-proto icmp-v4; 'icmp-v6': ip-proto icmp-v6; 'other': ip-proto other; 'gre': ip-proto gre; 'ipv4-encap': ip-proto IPv4 Encapsulation; 'ipv6-encap': ip-proto IPv6 Encapsulation; **Type:** string **Supported Values:** icmp-v4, icmp-v6, other, gre, ipv4-encap, ipv6-encap **set-counter-base-val** **Description** Set T2 counter value of current context to specified value **Type:** number **Range:** 1-4294967295 **src-based-policy-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol}/src-based-policy/{src-based-policy-name} ` **topk-destinations** **Description:** topk-destinations is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_ip-proto_proto-name-list_topk-destinations` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol}/topk-destinations ` **topk-dst-num-records** **Description** Maximum number of records to show in topk **Type:** number **Range:** 1-100 **Default:** 20 **topk-num-records** **Description** Maximum number of records to show in topk **Type:** number **Range:** 1-100 **Default:** 20 **topk-sources** **Description:** topk-sources is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_ip-proto_proto-name-list_topk-sources` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol}/topk-sources ` **tunnel-decap** **Description** Enable tunnel decapsulation **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **tunnel-rate-limit** **Description** Enable DDOS-protection on tunnel traffic **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **unlimited-dynamic-entry-count** **Description** No limit for maximum dynamic src entry count **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_ip-proto_proto-name-list_dynamic-entry-overflow-policy-list: dst_zone-list_ip-proto_proto-name-list_dynamic-entry-overflow-policy-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **action** **Description** 'bypass': Always permit for the Source to bypass all feature & limit checks; 'deny': Blacklist incoming packets for service; **Type:** string **Supported Values:** bypass, deny **dummy-name** **Description** 'configuration': Configure overflow policy; **Type:** string **Supported Values:** configuration **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-template** **Description:** zone-template is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_ip-proto_proto-name-list_dynamic-entry-overflow-policy-list_zone-template` **Type:** Object .. _1278_dst_zone-list_ip-proto_proto-name-list_dynamic-entry-overflow-policy-list_zone-template: dst_zone-list_ip-proto_proto-name-list_dynamic-entry-overflow-policy-list_zone-template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **encap** **Description** DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **icmp-v4** **Description** DDOS icmp-v4 template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **icmp-v6** **Description** DDOS icmp-v6 template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **ip-proto** **Description** DDOS ip-proto template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_ip-proto_proto-name-list_ip-filtering-policy-oper: dst_zone-list_ip-proto_proto-name-list_ip-filtering-policy-oper ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_ip-proto_proto-name-list_key-cfg: dst_zone-list_ip-proto_proto-name-list_key-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **key** **Description** Only decapsulate GRE packet with this key (Hexadecimal 0x0-0xFFFFFFFF,decimal 0-4294967295) **Type:** string **Maximum Length:** 10 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_ip-proto_proto-name-list_glid-cfg: dst_zone-list_ip-proto_proto-name-list_glid-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **action-list** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **glid** **Description** Global limit ID for the whole zone **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **glid-action** **Description** 'drop': Drop packets for glid exceed (Default); 'ignore': Do nothing for glid exceed; **Type:** string **Supported Values:** drop, ignore **per-addr-glid** **Description** Global limit ID per address **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` .. _1278_dst_zone-list_ip-proto_proto-name-list_level-list: dst_zone-list_ip-proto_proto-name-list_level-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **glid-action** **Description** 'drop': Drop packets for glid exceed (Default); 'blacklist-src': Blacklist-src for glid exceed; 'ignore': Do nothing for glid exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **indicator-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol}/level/{level-num}/indicator/{type} ` **level-num** **Description** '0': Default policy level; '1': Policy level 1; '2': Policy level 2; '3': Policy level 3; '4': Policy level 4; **Type:** string **Supported Values:** 0, 1, 2, 3, 4 **src-default-glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **src-escalation-score** **Description** Source activation score of this level **Type:** number **Range:** 1-1000000 **src-violation-actions** **Description** Violation actions apply due to source escalate from this level **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/violation-actions ` **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-escalation-score** **Description** Zone activation score of this level **Type:** number **Range:** 1-1000000 **zone-template** **Description:** zone-template is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_ip-proto_proto-name-list_level-list_zone-template` **Type:** Object **zone-violation-actions** **Description** Violation actions apply due to zone escalate from this level **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/violation-actions ` .. _1278_dst_zone-list_ip-proto_proto-name-list_level-list_zone-template: dst_zone-list_ip-proto_proto-name-list_level-list_zone-template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **encap** **Description** DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **icmp-v4** **Description** DDOS icmp-v4 template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **icmp-v6** **Description** DDOS icmp-v6 template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **ip-proto** **Description** DDOS ip-proto template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_ip-proto_proto-name-list_level-list_indicator-list: dst_zone-list_ip-proto_proto-name-list_level-list_indicator-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **data-packet-size** **Description** Expected minimal data size **Type:** number **Range:** 1-1500 **score** **Description** Score corresponding to the indicator **Type:** number **Range:** 1-1000000 **src-threshold-large-num** **Description** Indicator per-src threshold **Type:** number **Range:** 1-10995116277760 **src-threshold-num** **Description** Indicator per-src threshold **Type:** number **Range:** 1-2147483647 **src-threshold-str** **Description** Indicator per-src threshold (Non-zero floating point) **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters **src-violation-actions** **Description** Violation actions to use when this src indicator threshold reaches **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/violation-actions ` **type** **Description** 'pkt-rate': rate of incoming packets; 'pkt-drop-rate': rate of packets got dropped; 'bit-rate': rate of incoming bits; 'pkt-drop-ratio': ratio of incoming packet rate divided by the rate of dropping packets; 'bytes-to-bytes-from-ratio': ratio of incoming packet rate divided by the rate of outgoing packets; 'frag-rate': rate of incoming fragmented packets; 'cpu-utilization': average data CPU utilization; 'interface-utilization': outside interface utilization; **Type:** string **Supported Values:** pkt-rate, pkt-drop-rate, bit-rate, pkt-drop-ratio, bytes-to-bytes-from-ratio, frag-rate, cpu-utilization, interface-utilization **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-threshold-large-num** **Description** Threshold for the entire zone **Type:** number **Range:** 1-10995116277760 **zone-threshold-num** **Description** Threshold for the entire zone **Type:** number **Range:** 1-2147483647 **zone-threshold-str** **Description** Threshold for the entire zone (Non-zero floating point) **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters **zone-violation-actions** **Description** Violation actions to use when this zone indicator threshold reaches **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/violation-actions ` .. _1278_dst_zone-list_ip-proto_proto-name-list_manual-mode-list: dst_zone-list_ip-proto_proto-name-list_manual-mode-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **config** **Description** 'configuration': Manual-mode configuration; **Type:** string **Supported Values:** configuration **glid-action** **Description** 'drop': Drop packets for glid exceed (Default); 'blacklist-src': Blacklist-src for glid exceed; 'ignore': Do nothing for glid exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **src-default-glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-template** **Description:** zone-template is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_ip-proto_proto-name-list_manual-mode-list_zone-template` **Type:** Object .. _1278_dst_zone-list_ip-proto_proto-name-list_manual-mode-list_zone-template: dst_zone-list_ip-proto_proto-name-list_manual-mode-list_zone-template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **encap** **Description** DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **icmp-v4** **Description** DDOS icmp-v4 template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **icmp-v6** **Description** DDOS icmp-v6 template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **ip-proto** **Description** DDOS ip-proto template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_ip-proto_proto-name-list_src-based-policy-list: dst_zone-list_ip-proto_proto-name-list_src-based-policy-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **policy-class-list-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol}/src-based-policy/{src-based-policy-name}/policy-class-list/{class-list-name} ` **src-based-policy-name** **Description** Specify name of the policy **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_ip-proto_proto-name-list_src-based-policy-list_policy-class-list-list: dst_zone-list_ip-proto_proto-name-list_src-based-policy-list_policy-class-list-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **action** **Description** 'bypass': Always permit for the Source to bypass all feature & limit checks; 'deny': Blacklist incoming packets for service; **Type:** string **Supported Values:** bypass, deny **class-list-name** **Description** Class-list name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **class-list-overflow-policy-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol}/src-based-policy/{src-based-policy-name}/policy-class-list/{class-list-name}/class-list-overflow-policy/{dummy-name} ` **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **glid-action** **Description** 'drop': Drop packets for glid exceed (Default); 'blacklist-src': Blacklist-src for glid exceed; 'ignore': Do nothing for glid exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **log-enable** **Description** Enable logging **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **log-periodic** **Description** Enable log periodic **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **max-dynamic-entry-count** **Description** Maximum count for dynamic source zone service entry allowed for this class-list **Type:** number **Range:** 0-2147483647 **sampling-enable** **Type:** List **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-template** **Description:** zone-template is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_ip-proto_proto-name-list_src-based-policy-list_policy-class-list-list_zone-template` **Type:** Object .. _1278_dst_zone-list_ip-proto_proto-name-list_src-based-policy-list_policy-class-list-list_sampling-enable: dst_zone-list_ip-proto_proto-name-list_src-based-policy-list_policy-class-list-list_sampling-enable ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'packet_received': Packets Received; 'packet_dropped': Packets Dropped; 'entry_learned': Entry Learned; 'entry_count_overflow': Entry Count Overflow; **Type:** string **Supported Values:** all, packet_received, packet_dropped, entry_learned, entry_count_overflow .. _1278_dst_zone-list_ip-proto_proto-name-list_src-based-policy-list_policy-class-list-list_zone-template: dst_zone-list_ip-proto_proto-name-list_src-based-policy-list_policy-class-list-list_zone-template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **encap** **Description** DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **icmp-v4** **Description** DDOS icmp-v4 template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **icmp-v6** **Description** DDOS icmp-v6 template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **ip-proto** **Description** DDOS ip-proto template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **logging** **Description** DDOS logging template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_ip-proto_proto-name-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list: dst_zone-list_ip-proto_proto-name-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **action** **Description** 'bypass': Always permit for the Source to bypass all feature & limit checks; 'deny': Blacklist incoming packets for service; **Type:** string **Supported Values:** bypass, deny **dummy-name** **Description** 'configuration': Configure overflow policy for class-list; **Type:** string **Supported Values:** configuration **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **log-enable** **Description** Enable logging **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **log-periodic** **Description** Enable log periodic **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-template** **Description:** zone-template is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_ip-proto_proto-name-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list_zone-template` **Type:** Object .. _1278_dst_zone-list_ip-proto_proto-name-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list_zone-template: dst_zone-list_ip-proto_proto-name-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list_zone-template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **encap** **Description** DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **icmp-v4** **Description** DDOS icmp-v4 template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **icmp-v6** **Description** DDOS icmp-v6 template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **ip-proto** **Description** DDOS ip-proto template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_ip-proto_proto-name-list_port-ind: dst_zone-list_ip-proto_proto-name-list_port-ind ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **sampling-enable** **Type:** List **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_ip-proto_proto-name-list_port-ind_sampling-enable: dst_zone-list_ip-proto_proto-name-list_port-ind_sampling-enable ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'ip-proto-type': IP Protocol Type; 'ddet_ind_pkt_rate_current': Pkt Rate Current; 'ddet_ind_pkt_rate_min': Pkt Rate Min; 'ddet_ind_pkt_rate_max': Pkt Rate Max; 'ddet_ind_pkt_rate_adaptive_threshold': Pkt Rate Adaptive Threshold; 'ddet_ind_pkt_drop_rate_current': Pkt Drop Rate Current; 'ddet_ind_pkt_drop_rate_min': Pkt Drop Rate Min; 'ddet_ind_pkt_drop_rate_max': Pkt Drop Rate Max; 'ddet_ind_pkt_drop_rate_adaptive_threshold': Pkt Drop Rate Adaptive Threshold; 'ddet_ind_syn_rate_current': TCP SYN Rate Current; 'ddet_ind_syn_rate_min': TCP SYN Rate Min; 'ddet_ind_syn_rate_max': TCP SYN Rate Max; 'ddet_ind_syn_rate_adaptive_threshold': TCP SYN Rate Adaptive Threshold; 'ddet_ind_fin_rate_current': TCP FIN Rate Current; 'ddet_ind_fin_rate_min': TCP FIN Rate Min; 'ddet_ind_fin_rate_max': TCP FIN Rate Max; 'ddet_ind_fin_rate_adaptive_threshold': TCP FIN Rate Adaptive Threshold; 'ddet_ind_rst_rate_current': TCP RST Rate Current; 'ddet_ind_rst_rate_min': TCP RST Rate Min; 'ddet_ind_rst_rate_max': TCP RST Rate Max; 'ddet_ind_rst_rate_adaptive_threshold': TCP RST Rate Adaptive Threshold; 'ddet_ind_small_window_ack_rate_current': TCP Small Window ACK Rate Current; 'ddet_ind_small_window_ack_rate_min': TCP Small Window ACK Rate Min; 'ddet_ind_small_window_ack_rate_max': TCP Small Window ACK Rate Max; 'ddet_ind_small_window_ack_rate_adaptive_threshold': TCP Small Window ACK Rate Adaptive Threshold; 'ddet_ind_empty_ack_rate_current': TCP Empty ACK Rate Current; 'ddet_ind_empty_ack_rate_min': TCP Empty ACK Rate Min; 'ddet_ind_empty_ack_rate_max': TCP Empty ACK Rate Max; 'ddet_ind_empty_ack_rate_adaptive_threshold': TCP Empty ACK Rate Adaptive Threshold; 'ddet_ind_small_payload_rate_current': TCP Small Payload Rate Current; 'ddet_ind_small_payload_rate_min': TCP Small Payload Rate Min; 'ddet_ind_small_payload_rate_max': TCP Small Payload Rate Max; 'ddet_ind_small_payload_rate_adaptive_threshold': TCP Small Payload Rate Adaptive Threshold; 'ddet_ind_pkt_drop_ratio_current': Pkt Drop / Pkt Rcvd Current; 'ddet_ind_pkt_drop_ratio_min': Pkt Drop / Pkt Rcvd Min; 'ddet_ind_pkt_drop_ratio_max': Pkt Drop / Pkt Rcvd Max; 'ddet_ind_pkt_drop_ratio_adaptive_threshold': Pkt Drop / Pkt Rcvd Adaptive Threshold; 'ddet_ind_inb_per_outb_current': Bytes-to / Bytes-from Current; 'ddet_ind_inb_per_outb_min': Bytes-to / Bytes-from Min; 'ddet_ind_inb_per_outb_max': Bytes-to / Bytes-from Max; 'ddet_ind_inb_per_outb_adaptive_threshold': Bytes-to / Bytes-from Adaptive Threshold; 'ddet_ind_syn_per_fin_rate_current': TCP SYN Rate / FIN Rate Current; 'ddet_ind_syn_per_fin_rate_min': TCP SYN Rate / FIN Rate Min; 'ddet_ind_syn_per_fin_rate_max': TCP SYN Rate / FIN Rate Max; 'ddet_ind_syn_per_fin_rate_adaptive_threshold': TCP SYN Rate / FIN Rate Adaptive Threshold; 'ddet_ind_conn_miss_rate_current': TCP Session Miss Rate Current; 'ddet_ind_conn_miss_rate_min': TCP Session Miss Rate Min; 'ddet_ind_conn_miss_rate_max': TCP Session Miss Rate Max; 'ddet_ind_conn_miss_rate_adaptive_threshold': TCP Session Miss Rate Adaptive Threshold; 'ddet_ind_concurrent_conns_current': TCP/UDP Concurrent Sessions Current; 'ddet_ind_concurrent_conns_min': TCP/UDP Concurrent Sessions Min; 'ddet_ind_concurrent_conns_max': TCP/UDP Concurrent Sessions Max; 'ddet_ind_concurrent_conns_adaptive_threshold': TCP/UDP Concurrent Sessions Adaptive Threshold; 'ddet_ind_data_cpu_util_current': Data CPU Utilization Current; 'ddet_ind_data_cpu_util_min': Data CPU Utilization Min; 'ddet_ind_data_cpu_util_max': Data CPU Utilization Max; 'ddet_ind_data_cpu_util_adaptive_threshold': Data CPU Utilization Adaptive Threshold; 'ddet_ind_outside_intf_util_current': Outside Interface Utilization Current; 'ddet_ind_outside_intf_util_min': Outside Interface Utilization Min; 'ddet_ind_outside_intf_util_max': Outside Interface Utilization Max; 'ddet_ind_outside_intf_util_adaptive_threshold': Outside Interface Utilization Adaptive Threshold; 'ddet_ind_frag_rate_current': Frag Pkt Rate Current; 'ddet_ind_frag_rate_min': Frag Pkt Rate Min; 'ddet_ind_frag_rate_max': Frag Pkt Rate Max; 'ddet_ind_frag_rate_adaptive_threshold': Frag Pkt Rate Adaptive Threshold; 'ddet_ind_bit_rate_current': Bit Rate Current; 'ddet_ind_bit_rate_min': Bit Rate Min; 'ddet_ind_bit_rate_max': Bit Rate Max; 'ddet_ind_bit_rate_adaptive_threshold': Bit Rate Adaptive Threshold; **Type:** string **Supported Values:** all, ip-proto-type, ddet_ind_pkt_rate_current, ddet_ind_pkt_rate_min, ddet_ind_pkt_rate_max, ddet_ind_pkt_rate_adaptive_threshold, ddet_ind_pkt_drop_rate_current, ddet_ind_pkt_drop_rate_min, ddet_ind_pkt_drop_rate_max, ddet_ind_pkt_drop_rate_adaptive_threshold, ddet_ind_syn_rate_current, ddet_ind_syn_rate_min, ddet_ind_syn_rate_max, ddet_ind_syn_rate_adaptive_threshold, ddet_ind_fin_rate_current, ddet_ind_fin_rate_min, ddet_ind_fin_rate_max, ddet_ind_fin_rate_adaptive_threshold, ddet_ind_rst_rate_current, ddet_ind_rst_rate_min, ddet_ind_rst_rate_max, ddet_ind_rst_rate_adaptive_threshold, ddet_ind_small_window_ack_rate_current, ddet_ind_small_window_ack_rate_min, ddet_ind_small_window_ack_rate_max, ddet_ind_small_window_ack_rate_adaptive_threshold, ddet_ind_empty_ack_rate_current, ddet_ind_empty_ack_rate_min, ddet_ind_empty_ack_rate_max, ddet_ind_empty_ack_rate_adaptive_threshold, ddet_ind_small_payload_rate_current, ddet_ind_small_payload_rate_min, ddet_ind_small_payload_rate_max, ddet_ind_small_payload_rate_adaptive_threshold, ddet_ind_pkt_drop_ratio_current, ddet_ind_pkt_drop_ratio_min, ddet_ind_pkt_drop_ratio_max, ddet_ind_pkt_drop_ratio_adaptive_threshold, ddet_ind_inb_per_outb_current, ddet_ind_inb_per_outb_min, ddet_ind_inb_per_outb_max, ddet_ind_inb_per_outb_adaptive_threshold, ddet_ind_syn_per_fin_rate_current, ddet_ind_syn_per_fin_rate_min, ddet_ind_syn_per_fin_rate_max, ddet_ind_syn_per_fin_rate_adaptive_threshold, ddet_ind_conn_miss_rate_current, ddet_ind_conn_miss_rate_min, ddet_ind_conn_miss_rate_max, ddet_ind_conn_miss_rate_adaptive_threshold, ddet_ind_concurrent_conns_current, ddet_ind_concurrent_conns_min, ddet_ind_concurrent_conns_max, ddet_ind_concurrent_conns_adaptive_threshold, ddet_ind_data_cpu_util_current, ddet_ind_data_cpu_util_min, ddet_ind_data_cpu_util_max, ddet_ind_data_cpu_util_adaptive_threshold, ddet_ind_outside_intf_util_current, ddet_ind_outside_intf_util_min, ddet_ind_outside_intf_util_max, ddet_ind_outside_intf_util_adaptive_threshold, ddet_ind_frag_rate_current, ddet_ind_frag_rate_min, ddet_ind_frag_rate_max, ddet_ind_frag_rate_adaptive_threshold, ddet_ind_bit_rate_current, ddet_ind_bit_rate_min, ddet_ind_bit_rate_max, ddet_ind_bit_rate_adaptive_threshold .. _1278_dst_zone-list_ip-proto_proto-name-list_topk-sources: dst_zone-list_ip-proto_proto-name-list_topk-sources ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_ip-proto_proto-name-list_topk-destinations: dst_zone-list_ip-proto_proto-name-list_topk-destinations ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_ip-proto_proto-name-list_progression-tracking: dst_zone-list_ip-proto_proto-name-list_progression-tracking ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_ip-proto_proto-tcp-udp-list: dst_zone-list_ip-proto_proto-tcp-udp-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **deny** **Description** Blacklist and Drop all incoming packets for this ip-proto **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **drop-frag-pkt** **Description** Drop fragmented packets **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid-cfg** **Description:** glid-cfg is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_ip-proto_proto-tcp-udp-list_glid-cfg` **Type:** Object **ip-filtering-policy** **Description** Configure IP Filter **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/ip-filtering-policy ` **ip-filtering-policy-oper** **Description:** ip-filtering-policy-oper is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_ip-proto_proto-tcp-udp-list_ip-filtering-policy-oper` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-tcp-udp/{protocol}/ip-filtering-policy-oper ` **protocol** **Description** 'tcp': ip-proto tcp; 'udp': ip-proto udp; **Type:** string **Supported Values:** tcp, udp **set-counter-base-val** **Description** Set T2 counter value of current context to specified value **Type:** number **Range:** 1-4294967295 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_ip-proto_proto-tcp-udp-list_ip-filtering-policy-oper: dst_zone-list_ip-proto_proto-tcp-udp-list_ip-filtering-policy-oper ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_ip-proto_proto-tcp-udp-list_glid-cfg: dst_zone-list_ip-proto_proto-tcp-udp-list_glid-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **action-list** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **glid** **Description** Global limit ID for the whole zone **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **glid-action** **Description** 'drop': Drop packets for glid exceed (Default); 'ignore': Do nothing for glid exceed; **Type:** string **Supported Values:** drop, ignore **per-addr-glid** **Description** Global limit ID per address **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` .. _1278_dst_zone-list_port-range-list: dst_zone-list_port-range-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **age** **Description** Idle age for ip entry **Type:** number **Range:** 2-1023 **Default:** 5 **apply-policy-on-overflow** **Description** Enable this flag to apply overflow policy when dynamic entry count overflows **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **default-action-list** **Description** Configure default-action-list **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **deny** **Description** Blacklist and Drop all incoming packets for protocol **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dynamic-entry-overflow-policy-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/dynamic-entry-overflow-policy/{dummy-name} ` **enable-class-list-overflow** **Description** Apply class-list overflow policy upon exceeding dynamic entry count specified under zone port or each class-list **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **enable-top-k** **Description** Enable ddos top-k source IP detection **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **enable-top-k-destination** **Description** Enable ddos top-k destination IP detection **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **faster-de-escalation** **Description** De-escalate faster in standalone mode **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid-cfg** **Description:** glid-cfg is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_port-range-list_glid-cfg` **Type:** Object **ip-filtering-policy** **Description** Configure IP Filter **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/ip-filtering-policy ` **ip-filtering-policy-oper** **Description:** ip-filtering-policy-oper is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_port-range-list_ip-filtering-policy-oper` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/ip-filtering-policy-oper ` **ips** **Description:** ips is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_port-range-list_ips` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/ips ` **level-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/level/{level-num} ` **manual-mode-enable** **Description** Toggle manual mode to use fix templates **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **manual-mode-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/manual-mode/{config} ` **max-dynamic-entry-count** **Description** Maximum count for dynamic source zone service entry **Type:** number **Range:** 0-2147483647 **outbound-only** **Description** Only allow outbound traffic **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **pattern-recognition** **Description:** pattern-recognition is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_port-range-list_pattern-recognition` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/pattern-recognition ` **pattern-recognition-pu-details** **Description:** pattern-recognition-pu-details is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_port-range-list_pattern-recognition-pu-details` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/pattern-recognition-pu-details ` **port-ind** **Description:** port-ind is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_port-range-list_port-ind` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/port-ind ` **port-range-end** **Description** Port-Range End Port Number **Type:** number **Range:** 1-65535 **port-range-start** **Description** Port-Range Start Port Number **Type:** number **Range:** 1-65535 **progression-tracking** **Description:** progression-tracking is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_port-range-list_progression-tracking` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/progression-tracking ` **protocol** **Description** 'dns-tcp': DNS-TCP Port; 'dns-udp': DNS-UDP Port; 'http': HTTP Port; 'tcp': TCP Port; 'udp': UDP Port; 'ssl-l4': SSL-L4 Port; 'sip-udp': SIP-UDP Port; 'sip-tcp': SIP-TCP Port; 'quic': QUIC Port; **Type:** string **Supported Values:** dns-tcp, dns-udp, http, tcp, udp, ssl-l4, sip-udp, sip-tcp, quic **set-counter-base-val** **Description** Set T2 counter value of current context to specified value **Type:** number **Range:** 1-4294967295 **sflow-common** **Description** Enable all sFlow polling options under this zone port **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** sflow-common,sflow-packets, sflow-tcp-basic, sflow-tcp-stateful, and sflow-http are mutually exclusive **sflow-http** **Description** Enable sFlow HTTP counter polling **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** sflow-http and sflow-common are mutually exclusive **sflow-packets** **Description** Enable sFlow packet-level counter polling **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** sflow-packets and sflow-common are mutually exclusive **sflow-tcp** **Description:** sflow-tcp is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_port-range-list_sflow-tcp` **Type:** Object **src-based-policy-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/src-based-policy/{src-based-policy-name} ` **stateful** **Description** Enable stateful tracking of sessions (Default is stateless) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **topk-destinations** **Description:** topk-destinations is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_port-range-list_topk-destinations` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/topk-destinations ` **topk-dst-num-records** **Description** Maximum number of records to show in topk **Type:** number **Range:** 1-100 **Default:** 20 **topk-num-records** **Description** Maximum number of records to show in topk **Type:** number **Range:** 1-100 **Default:** 20 **topk-sources** **Description:** topk-sources is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_port-range-list_topk-sources` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/topk-sources ` **unlimited-dynamic-entry-count** **Description** No limit for maximum dynamic src entry count **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_port-range-list_pattern-recognition: dst_zone-list_port-range-list_pattern-recognition ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **algorithm** **Description** 'heuristic': heuristic algorithm; **Type:** string **Supported Values:** heuristic **app-payload-offset** **Description** Set offset of the payload, default 0 **Type:** number **Range:** 0-1500 **capture-traffic** **Description** 'all': Capture all packets; 'dropped': Capture dropped packets (default); **Type:** string **Supported Values:** all, dropped **filter-inactive-threshold** **Description** Extracted filter inactive threshold **Type:** number **Range:** 5-255 **filter-threshold** **Description** Extracted filter threshold **Type:** number **Range:** 0-100 **mode** **Description** 'capture-never-expire': War-time capture without rate exceeding and never expires; 'manual': Manual mode; **Type:** string **Supported Values:** capture-never-expire, manual **sensitivity** **Description** 'high': High Sensitivity; 'medium': Medium Sensitivity; 'low': Low Sensitivity; **Type:** string **Supported Values:** high, medium, low **triggered-by** **Description** 'zone-escalation': Zone escalation trigger pattern recognition; 'packet-rate-exceeds': Packet rate limit exceeds trigger pattern recognition (default); **Type:** string **Supported Values:** zone-escalation, packet-rate-exceeds **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_port-range-list_progression-tracking: dst_zone-list_port-range-list_progression-tracking ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_port-range-list_ips: dst_zone-list_port-range-list_ips ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **sampling-enable** **Type:** List **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_port-range-list_ips_sampling-enable: dst_zone-list_port-range-list_ips_sampling-enable ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'ips_matched_total': IPS Matched Total; 'ips_matched_action_pass': IPS Matched Action Pass; 'ips_matched_action_drop': IPS Matched Action Drop; 'ips_matched_action_blacklist': IPS Matched Action Blacklist; 'ips_matched_severity_high': IPS Matched Severity High; 'ips_matched_severity_medium': IPS Matched Severity Medium; 'ips_matched_severity_low': IPS Matched Severity Low; 'src_ips_matched_action_pass': Src IPS Matched Action Pass; 'src_ips_matched_action_drop': Src IPS Matched Action Drop; 'src_ips_matched_action_blacklist': Src IPS Matched Action Blacklist; 'src_ips_matched_severity_high': Src IPS Matched Severity High; 'src_ips_matched_severity_medium': Src IPS Matched Severity Medium; 'src_ips_matched_severity_low': Src IPS Matched Severity Low; **Type:** string **Supported Values:** all, ips_matched_total, ips_matched_action_pass, ips_matched_action_drop, ips_matched_action_blacklist, ips_matched_severity_high, ips_matched_severity_medium, ips_matched_severity_low, src_ips_matched_action_pass, src_ips_matched_action_drop, src_ips_matched_action_blacklist, src_ips_matched_severity_high, src_ips_matched_severity_medium, src_ips_matched_severity_low .. _1278_dst_zone-list_port-range-list_glid-cfg: dst_zone-list_port-range-list_glid-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **action-list** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **glid** **Description** Global limit ID for the whole zone **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **glid-action** **Description** 'drop': Drop packets for glid exceed (Default if default-action-list is not configured); 'ignore': Do nothing for glid exceed; **Type:** string **Supported Values:** drop, ignore **per-addr-glid** **Description** Global limit ID per address **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` .. _1278_dst_zone-list_port-range-list_level-list: dst_zone-list_port-range-list_level-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **apply-extracted-filters** **Description** Apply extracted filters from this level **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **close-sessions-for-unauth-sources** **Description** Close session for unauthenticated sources **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid-action** **Description** 'drop': Drop packets for glid exceed (Default); 'blacklist-src': Blacklist-src for glid exceed; 'ignore': Do nothing for glid exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **indicator-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/level/{level-num}/indicator/{type} ` **level-num** **Description** '0': Default policy level; '1': Policy level 1; '2': Policy level 2; '3': Policy level 3; '4': Policy level 4; **Type:** string **Supported Values:** 0, 1, 2, 3, 4 **src-default-glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **src-escalation-score** **Description** Source activation score of this level **Type:** number **Range:** 1-1000000 **src-violation-actions** **Description** Violation actions apply due to source escalate from this level **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/violation-actions ` **start-pattern-recognition** **Description** Start pattern recognition from this level **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-escalation-score** **Description** Zone activation score of this level **Type:** number **Range:** 1-1000000 **zone-template** **Description:** zone-template is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_port-range-list_level-list_zone-template` **Type:** Object **zone-violation-actions** **Description** Violation actions apply due to zone escalate from this level **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/violation-actions ` .. _1278_dst_zone-list_port-range-list_level-list_zone-template: dst_zone-list_port-range-list_level-list_zone-template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dns** **Description** DDOS dns template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **encap** **Description** DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **http** **Description** DDOS http template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **quic** **Description** DDOS quic template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **sip** **Description** DDOS sip template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **ssl-l4** **Description** DDOS ssl-l4 template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **tcp** **Description** DDOS tcp template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **udp** **Description** DDOS udp template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_port-range-list_level-list_indicator-list: dst_zone-list_port-range-list_level-list_indicator-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **data-packet-size** **Description** Expected minimal data size **Type:** number **Range:** 1-1500 **score** **Description** Score corresponding to the indicator **Type:** number **Range:** 1-1000000 **src-threshold-large-num** **Description** Indicator per-src threshold **Type:** number **Range:** 1-10995116277760 **src-threshold-num** **Description** Indicator per-src threshold **Type:** number **Range:** 1-2147483647 **src-threshold-str** **Description** Indicator per-src threshold (Non-zero floating point) **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters **src-violation-actions** **Description** Violation actions to use when this src indicator threshold reaches **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/violation-actions ` **tcp-window-size** **Description** Expected minimal window size **Type:** number **Range:** 1-500 **type** **Description** 'pkt-rate': rate of incoming packets; 'pkt-drop-rate': rate of packets got dropped; 'bit-rate': rate of incoming bits; 'pkt-drop-ratio': ratio of incoming packet rate divided by the rate of dropping packets; 'bytes-to-bytes-from-ratio': ratio of incoming packet rate divided by the rate of outgoing packets; 'concurrent-conns': number of concurrent connections; 'conn-miss-rate': rate of incoming packets for which no previously established connection exists; 'syn-rate': rate on incoming SYN packets; 'fin-rate': rate on incoming FIN packets; 'rst-rate': rate of incoming RST packets; 'small-window-ack-rate': rate of small window advertisement; 'empty-ack-rate': rate of incoming packets which have no payload; 'small-payload-rate': rate of short payload packet; 'syn-fin-ratio': ratio of incoming SYN packet rate divided by the rate of incoming FIN packets; 'cpu-utilization': average data CPU utilization; 'interface-utilization': outside interface utilization; **Type:** string **Supported Values:** pkt-rate, pkt-drop-rate, bit-rate, pkt-drop-ratio, bytes-to-bytes-from-ratio, concurrent-conns, conn-miss-rate, syn-rate, fin-rate, rst-rate, small-window-ack-rate, empty-ack-rate, small-payload-rate, syn-fin-ratio, cpu-utilization, interface-utilization **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-threshold-large-num** **Description** Threshold for the entire zone **Type:** number **Range:** 1-10995116277760 **zone-threshold-num** **Description** Threshold for the entire zone **Type:** number **Range:** 1-2147483647 **zone-threshold-str** **Description** Threshold for the entire zone (Non-zero floating point) **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters **zone-violation-actions** **Description** Violation actions to use when this zone indicator threshold reaches **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/violation-actions ` .. _1278_dst_zone-list_port-range-list_manual-mode-list: dst_zone-list_port-range-list_manual-mode-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **close-sessions-for-unauth-sources** **Description** Close session for unauthenticated sources **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **config** **Description** 'configuration': Manual-mode configuration; **Type:** string **Supported Values:** configuration **glid-action** **Description** 'drop': Drop packets for glid exceed (Default); 'blacklist-src': Blacklist-src for glid exceed; 'ignore': Do nothing for glid exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **src-default-glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-template** **Description:** zone-template is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_port-range-list_manual-mode-list_zone-template` **Type:** Object .. _1278_dst_zone-list_port-range-list_manual-mode-list_zone-template: dst_zone-list_port-range-list_manual-mode-list_zone-template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dns** **Description** DDOS dns template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **encap** **Description** DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **http** **Description** DDOS http template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **quic** **Description** DDOS quic template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **sip** **Description** DDOS sip template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **ssl-l4** **Description** DDOS ssl-l4 template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **tcp** **Description** DDOS tcp template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **udp** **Description** DDOS udp template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_port-range-list_src-based-policy-list: dst_zone-list_port-range-list_src-based-policy-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **policy-class-list-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/src-based-policy/{src-based-policy-name}/policy-class-list/{class-list-name} ` **src-based-policy-name** **Description** Specify name of the policy **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_port-range-list_src-based-policy-list_policy-class-list-list: dst_zone-list_port-range-list_src-based-policy-list_policy-class-list-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **action** **Description** 'bypass': Always permit for the Source to bypass all feature & limit checks; 'deny': Blacklist incoming packets for service; **Type:** string **Supported Values:** bypass, deny **class-list-name** **Description** Class-list name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **class-list-overflow-policy-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/src-based-policy/{src-based-policy-name}/policy-class-list/{class-list-name}/class-list-overflow-policy/{dummy-name} ` **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **glid-action** **Description** 'drop': Drop packets for glid exceed (Default); 'blacklist-src': Blacklist-src for glid exceed; 'ignore': Do nothing for glid exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **max-dynamic-entry-count** **Description** Maximum count for dynamic source zone service entry allowed for this class-list **Type:** number **Range:** 0-2147483647 **sampling-enable** **Type:** List **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-template** **Description:** zone-template is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_port-range-list_src-based-policy-list_policy-class-list-list_zone-template` **Type:** Object .. _1278_dst_zone-list_port-range-list_src-based-policy-list_policy-class-list-list_zone-template: dst_zone-list_port-range-list_src-based-policy-list_policy-class-list-list_zone-template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dns** **Description** DDOS dns template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **encap** **Description** DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **http** **Description** DDOS http template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **logging** **Description** DDOS logging template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **quic** **Description** DDOS quic template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **sip** **Description** DDOS sip template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **ssl-l4** **Description** DDOS ssl-l4 template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **tcp** **Description** DDOS tcp template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **udp** **Description** DDOS udp template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_port-range-list_src-based-policy-list_policy-class-list-list_sampling-enable: dst_zone-list_port-range-list_src-based-policy-list_policy-class-list-list_sampling-enable ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'packet_received': Packets Received; 'packet_dropped': Packets Dropped; 'entry_learned': Entry Learned; 'entry_count_overflow': Entry Count Overflow; **Type:** string **Supported Values:** all, packet_received, packet_dropped, entry_learned, entry_count_overflow .. _1278_dst_zone-list_port-range-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list: dst_zone-list_port-range-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **action** **Description** 'bypass': Always permit for the Source to bypass all feature & limit checks; 'deny': Blacklist incoming packets for service; **Type:** string **Supported Values:** bypass, deny **dummy-name** **Description** 'configuration': Configure overflow policy for class-list; **Type:** string **Supported Values:** configuration **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **log-enable** **Description** Enable logging **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **log-periodic** **Description** Enable log periodic **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-template** **Description:** zone-template is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_port-range-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list_zone-template` **Type:** Object .. _1278_dst_zone-list_port-range-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list_zone-template: dst_zone-list_port-range-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list_zone-template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dns** **Description** DDOS dns template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **encap** **Description** DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **http** **Description** DDOS http template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **logging** **Description** DDOS logging template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **quic** **Description** DDOS quic template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **sip** **Description** DDOS sip template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **ssl-l4** **Description** DDOS ssl-l4 template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **tcp** **Description** DDOS tcp template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **udp** **Description** DDOS udp template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_port-range-list_pattern-recognition-pu-details: dst_zone-list_port-range-list_pattern-recognition-pu-details ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_port-range-list_port-ind: dst_zone-list_port-range-list_port-ind ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **sampling-enable** **Type:** List **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_port-range-list_port-ind_sampling-enable: dst_zone-list_port-range-list_port-ind_sampling-enable ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'ip-proto-type': IP Protocol Type; 'ddet_ind_pkt_rate_current': Pkt Rate Current; 'ddet_ind_pkt_rate_min': Pkt Rate Min; 'ddet_ind_pkt_rate_max': Pkt Rate Max; 'ddet_ind_pkt_rate_adaptive_threshold': Pkt Rate Adaptive Threshold; 'ddet_ind_pkt_drop_rate_current': Pkt Drop Rate Current; 'ddet_ind_pkt_drop_rate_min': Pkt Drop Rate Min; 'ddet_ind_pkt_drop_rate_max': Pkt Drop Rate Max; 'ddet_ind_pkt_drop_rate_adaptive_threshold': Pkt Drop Rate Adaptive Threshold; 'ddet_ind_syn_rate_current': TCP SYN Rate Current; 'ddet_ind_syn_rate_min': TCP SYN Rate Min; 'ddet_ind_syn_rate_max': TCP SYN Rate Max; 'ddet_ind_syn_rate_adaptive_threshold': TCP SYN Rate Adaptive Threshold; 'ddet_ind_fin_rate_current': TCP FIN Rate Current; 'ddet_ind_fin_rate_min': TCP FIN Rate Min; 'ddet_ind_fin_rate_max': TCP FIN Rate Max; 'ddet_ind_fin_rate_adaptive_threshold': TCP FIN Rate Adaptive Threshold; 'ddet_ind_rst_rate_current': TCP RST Rate Current; 'ddet_ind_rst_rate_min': TCP RST Rate Min; 'ddet_ind_rst_rate_max': TCP RST Rate Max; 'ddet_ind_rst_rate_adaptive_threshold': TCP RST Rate Adaptive Threshold; 'ddet_ind_small_window_ack_rate_current': TCP Small Window ACK Rate Current; 'ddet_ind_small_window_ack_rate_min': TCP Small Window ACK Rate Min; 'ddet_ind_small_window_ack_rate_max': TCP Small Window ACK Rate Max; 'ddet_ind_small_window_ack_rate_adaptive_threshold': TCP Small Window ACK Rate Adaptive Threshold; 'ddet_ind_empty_ack_rate_current': TCP Empty ACK Rate Current; 'ddet_ind_empty_ack_rate_min': TCP Empty ACK Rate Min; 'ddet_ind_empty_ack_rate_max': TCP Empty ACK Rate Max; 'ddet_ind_empty_ack_rate_adaptive_threshold': TCP Empty ACK Rate Adaptive Threshold; 'ddet_ind_small_payload_rate_current': TCP Small Payload Rate Current; 'ddet_ind_small_payload_rate_min': TCP Small Payload Rate Min; 'ddet_ind_small_payload_rate_max': TCP Small Payload Rate Max; 'ddet_ind_small_payload_rate_adaptive_threshold': TCP Small Payload Rate Adaptive Threshold; 'ddet_ind_pkt_drop_ratio_current': Pkt Drop / Pkt Rcvd Current; 'ddet_ind_pkt_drop_ratio_min': Pkt Drop / Pkt Rcvd Min; 'ddet_ind_pkt_drop_ratio_max': Pkt Drop / Pkt Rcvd Max; 'ddet_ind_pkt_drop_ratio_adaptive_threshold': Pkt Drop / Pkt Rcvd Adaptive Threshold; 'ddet_ind_inb_per_outb_current': Bytes-to / Bytes-from Current; 'ddet_ind_inb_per_outb_min': Bytes-to / Bytes-from Min; 'ddet_ind_inb_per_outb_max': Bytes-to / Bytes-from Max; 'ddet_ind_inb_per_outb_adaptive_threshold': Bytes-to / Bytes-from Adaptive Threshold; 'ddet_ind_syn_per_fin_rate_current': TCP SYN Rate / FIN Rate Current; 'ddet_ind_syn_per_fin_rate_min': TCP SYN Rate / FIN Rate Min; 'ddet_ind_syn_per_fin_rate_max': TCP SYN Rate / FIN Rate Max; 'ddet_ind_syn_per_fin_rate_adaptive_threshold': TCP SYN Rate / FIN Rate Adaptive Threshold; 'ddet_ind_conn_miss_rate_current': TCP Session Miss Rate Current; 'ddet_ind_conn_miss_rate_min': TCP Session Miss Rate Min; 'ddet_ind_conn_miss_rate_max': TCP Session Miss Rate Max; 'ddet_ind_conn_miss_rate_adaptive_threshold': TCP Session Miss Rate Adaptive Threshold; 'ddet_ind_concurrent_conns_current': TCP/UDP Concurrent Sessions Current; 'ddet_ind_concurrent_conns_min': TCP/UDP Concurrent Sessions Min; 'ddet_ind_concurrent_conns_max': TCP/UDP Concurrent Sessions Max; 'ddet_ind_concurrent_conns_adaptive_threshold': TCP/UDP Concurrent Sessions Adaptive Threshold; 'ddet_ind_data_cpu_util_current': Data CPU Utilization Current; 'ddet_ind_data_cpu_util_min': Data CPU Utilization Min; 'ddet_ind_data_cpu_util_max': Data CPU Utilization Max; 'ddet_ind_data_cpu_util_adaptive_threshold': Data CPU Utilization Adaptive Threshold; 'ddet_ind_outside_intf_util_current': Outside Interface Utilization Current; 'ddet_ind_outside_intf_util_min': Outside Interface Utilization Min; 'ddet_ind_outside_intf_util_max': Outside Interface Utilization Max; 'ddet_ind_outside_intf_util_adaptive_threshold': Outside Interface Utilization Adaptive Threshold; 'ddet_ind_frag_rate_current': Frag Pkt Rate Current; 'ddet_ind_frag_rate_min': Frag Pkt Rate Min; 'ddet_ind_frag_rate_max': Frag Pkt Rate Max; 'ddet_ind_frag_rate_adaptive_threshold': Frag Pkt Rate Adaptive Threshold; 'ddet_ind_bit_rate_current': Bit Rate Current; 'ddet_ind_bit_rate_min': Bit Rate Min; 'ddet_ind_bit_rate_max': Bit Rate Max; 'ddet_ind_bit_rate_adaptive_threshold': Bit Rate Adaptive Threshold; **Type:** string **Supported Values:** all, ip-proto-type, ddet_ind_pkt_rate_current, ddet_ind_pkt_rate_min, ddet_ind_pkt_rate_max, ddet_ind_pkt_rate_adaptive_threshold, ddet_ind_pkt_drop_rate_current, ddet_ind_pkt_drop_rate_min, ddet_ind_pkt_drop_rate_max, ddet_ind_pkt_drop_rate_adaptive_threshold, ddet_ind_syn_rate_current, ddet_ind_syn_rate_min, ddet_ind_syn_rate_max, ddet_ind_syn_rate_adaptive_threshold, ddet_ind_fin_rate_current, ddet_ind_fin_rate_min, ddet_ind_fin_rate_max, ddet_ind_fin_rate_adaptive_threshold, ddet_ind_rst_rate_current, ddet_ind_rst_rate_min, ddet_ind_rst_rate_max, ddet_ind_rst_rate_adaptive_threshold, ddet_ind_small_window_ack_rate_current, ddet_ind_small_window_ack_rate_min, ddet_ind_small_window_ack_rate_max, ddet_ind_small_window_ack_rate_adaptive_threshold, ddet_ind_empty_ack_rate_current, ddet_ind_empty_ack_rate_min, ddet_ind_empty_ack_rate_max, ddet_ind_empty_ack_rate_adaptive_threshold, ddet_ind_small_payload_rate_current, ddet_ind_small_payload_rate_min, ddet_ind_small_payload_rate_max, ddet_ind_small_payload_rate_adaptive_threshold, ddet_ind_pkt_drop_ratio_current, ddet_ind_pkt_drop_ratio_min, ddet_ind_pkt_drop_ratio_max, ddet_ind_pkt_drop_ratio_adaptive_threshold, ddet_ind_inb_per_outb_current, ddet_ind_inb_per_outb_min, ddet_ind_inb_per_outb_max, ddet_ind_inb_per_outb_adaptive_threshold, ddet_ind_syn_per_fin_rate_current, ddet_ind_syn_per_fin_rate_min, ddet_ind_syn_per_fin_rate_max, ddet_ind_syn_per_fin_rate_adaptive_threshold, ddet_ind_conn_miss_rate_current, ddet_ind_conn_miss_rate_min, ddet_ind_conn_miss_rate_max, ddet_ind_conn_miss_rate_adaptive_threshold, ddet_ind_concurrent_conns_current, ddet_ind_concurrent_conns_min, ddet_ind_concurrent_conns_max, ddet_ind_concurrent_conns_adaptive_threshold, ddet_ind_data_cpu_util_current, ddet_ind_data_cpu_util_min, ddet_ind_data_cpu_util_max, ddet_ind_data_cpu_util_adaptive_threshold, ddet_ind_outside_intf_util_current, ddet_ind_outside_intf_util_min, ddet_ind_outside_intf_util_max, ddet_ind_outside_intf_util_adaptive_threshold, ddet_ind_frag_rate_current, ddet_ind_frag_rate_min, ddet_ind_frag_rate_max, ddet_ind_frag_rate_adaptive_threshold, ddet_ind_bit_rate_current, ddet_ind_bit_rate_min, ddet_ind_bit_rate_max, ddet_ind_bit_rate_adaptive_threshold .. _1278_dst_zone-list_port-range-list_sflow-tcp: dst_zone-list_port-range-list_sflow-tcp ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **sflow-tcp-basic** **Description** Enable sFlow basic TCP counter polling **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** sflow-tcp-basic and sflow-common are mutually exclusive **sflow-tcp-stateful** **Description** Enable sFlow stateful TCP counter polling **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** sflow-tcp-stateful and sflow-common are mutually exclusive .. _1278_dst_zone-list_port-range-list_topk-sources: dst_zone-list_port-range-list_topk-sources ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_port-range-list_ip-filtering-policy-oper: dst_zone-list_port-range-list_ip-filtering-policy-oper ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_port-range-list_dynamic-entry-overflow-policy-list: dst_zone-list_port-range-list_dynamic-entry-overflow-policy-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **action** **Description** 'bypass': Always permit for the Source to bypass all feature & limit checks; 'deny': Blacklist incoming packets for service; **Type:** string **Supported Values:** bypass, deny **dummy-name** **Description** 'configuration': Configure overflow policy; **Type:** string **Supported Values:** configuration **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **log-enable** **Description** Enable logging **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **log-periodic** **Description** Enable log periodic **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-template** **Description:** zone-template is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_port-range-list_dynamic-entry-overflow-policy-list_zone-template` **Type:** Object .. _1278_dst_zone-list_port-range-list_dynamic-entry-overflow-policy-list_zone-template: dst_zone-list_port-range-list_dynamic-entry-overflow-policy-list_zone-template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dns** **Description** DDOS dns template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **encap** **Description** DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **http** **Description** DDOS http template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **logging** **Description** DDOS logging template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **quic** **Description** DDOS quic template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **sip** **Description** DDOS sip template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **ssl-l4** **Description** DDOS ssl-l4 template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **tcp** **Description** DDOS tcp template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **udp** **Description** DDOS udp template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_port-range-list_topk-destinations: dst_zone-list_port-range-list_topk-destinations ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_collector: dst_zone-list_collector ^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **sflow-name** **Description** Name of configured custom sFlow collector **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/sflow/collector/custom ` .. _1278_dst_zone-list_topk-destinations: dst_zone-list_topk-destinations ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_capture-config-list: dst_zone-list_capture-config-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **mode** **Description** 'drop': Apply capture-config to dropped packets; 'forward': Apply capture-config to forwarded packets; 'all': Apply capture-config to both dropped and forwarded packets; **Type:** string **Supported Values:** drop, forward, all **name** **Description** Capture-config name **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/capture-config ` **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_zone-template: dst_zone-list_zone-template ^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **logging** **Description** DDOS logging template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_web-gui: dst_zone-list_web-gui ^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **activated-after-learning** **Description** Activate it after learning **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **create-time** **Description** Configure create time **Type:** string **Maximum Length:** 13 characters **Maximum Length:** 1 characters **learning** **Description:** learning is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_web-gui_learning` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/web-gui/learning ` **modify-time** **Description** Configure modify time **Type:** string **Maximum Length:** 13 characters **Maximum Length:** 1 characters **protection** **Description:** protection is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_web-gui_protection` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/web-gui/protection ` **sensitivity** **Description** '5': Low; '3': Medium; '1.5': High; **Type:** string **Supported Values:** 5, 3, 1.5 **Default:** 3 **status** **Description** 'newly': newly; 'learning': learning; 'learned': learned; 'activated': activated; **Type:** string **Supported Values:** newly, learning, learned, activated **Default:** newly **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_web-gui_protection: dst_zone-list_web-gui_protection ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **ip-proto** **Description:** ip-proto is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_web-gui_protection_ip-proto` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/web-gui/protection/ip-proto ` **port** **Description:** port is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_web-gui_protection_port` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/web-gui/protection/port ` **port-range-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/web-gui/protection/port-range/{port-range-start}+{port-range-end}+{protocol} ` .. _1278_dst_zone-list_web-gui_protection_port-range-list: dst_zone-list_web-gui_protection_port-range-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **pbe** **Description** Peak Bandwidth Expected **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters **port-range-end** **Description** Port-Range End Port Number **Type:** number **Range:** 1-65535 **port-range-start** **Description** Port-Range Start Port Number **Type:** number **Range:** 1-65535 **protocol** **Description** 'dns-tcp': DNS-TCP Port; 'dns-udp': DNS-UDP Port; 'http': HTTP Port; 'tcp': TCP Port; 'udp': UDP Port; 'ssl-l4': SSL-L4 Port; **Type:** string **Supported Values:** dns-tcp, dns-udp, http, tcp, udp, ssl-l4 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_web-gui_protection_port: dst_zone-list_web-gui_protection_port ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **zone-service-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/web-gui/protection/port/zone-service/{port-num}+{protocol} ` **zone-service-other-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/web-gui/protection/port/zone-service-other/{port-other}+{protocol} ` .. _1278_dst_zone-list_web-gui_protection_port_zone-service-list: dst_zone-list_web-gui_protection_port_zone-service-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **pbe** **Description** Peak Bandwidth Expected **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters **port-num** **Description** Port Number **Type:** number **Range:** 1-65535 **protocol** **Description** 'dns-tcp': DNS-TCP Port; 'dns-udp': DNS-UDP Port; 'http': HTTP Port; 'tcp': TCP Port; 'udp': UDP Port; 'ssl-l4': SSL-L4 Port; **Type:** string **Supported Values:** dns-tcp, dns-udp, http, tcp, udp, ssl-l4 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_web-gui_protection_port_zone-service-other-list: dst_zone-list_web-gui_protection_port_zone-service-other-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **pbe** **Description** Peak Bandwidth Expected **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters **port-other** **Description** 'other': other; **Type:** string **Supported Values:** other **protocol** **Description** 'tcp': TCP Port; 'udp': UDP Port; **Type:** string **Supported Values:** tcp, udp **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_web-gui_protection_ip-proto: dst_zone-list_web-gui_protection_ip-proto ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **proto-name-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/web-gui/protection/ip-proto/proto-name/{protocol} ` .. _1278_dst_zone-list_web-gui_protection_ip-proto_proto-name-list: dst_zone-list_web-gui_protection_ip-proto_proto-name-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **pbe** **Description** Peak Bandwidth Expected **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters **protocol** **Description** 'icmp-v4': ip-proto icmp-v4; 'icmp-v6': ip-proto icmp-v6; **Type:** string **Supported Values:** icmp-v4, icmp-v6 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_web-gui_learning: dst_zone-list_web-gui_learning ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **duration** **Description** '1minute': 1 minute; '6hour': 6 hours; '12hour': 12 hours; '24hour': 24 hours; '7day': 7 days; **Type:** string **Supported Values:** 1minute, 6hour, 12hour, 24hour, 7day **Default:** 6hour **starting-time** **Description** Configure learning starting time **Type:** string **Maximum Length:** 13 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_hw-blacklist-blocking: dst_zone-list_hw-blacklist-blocking ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dst-enable** **Description** Enable Dst side hardware blocking **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **src-enable** **Description** Enable Src side hardware blocking **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_port: dst_zone-list_port ^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **zone-service-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol} ` **zone-service-other-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol} ` .. _1278_dst_zone-list_port_zone-service-list: dst_zone-list_port_zone-service-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **age** **Description** Idle age for ip entry **Type:** number **Range:** 2-1023 **Default:** 5 **apply-policy-on-overflow** **Description** Enable this flag to apply overflow policy when dynamic entry count overflows **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **capture-config** **Description:** capture-config is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_port_zone-service-list_capture-config` **Type:** Object **default-action-list** **Description** Configure default-action-list **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **deny** **Description** Blacklist and Drop all incoming packets for protocol **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dynamic-entry-overflow-policy-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/dynamic-entry-overflow-policy/{dummy-name} ` **enable-class-list-overflow** **Description** Apply class-list overflow policy upon exceeding dynamic entry count specified for zone-port or class-list **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **enable-top-k** **Description** Enable ddos top-k source IP detection **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **enable-top-k-destination** **Description** Enable ddos top-k destination IP detection **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **faster-de-escalation** **Description** De-escalate faster in standalone mode **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid-cfg** **Description:** glid-cfg is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_port_zone-service-list_glid-cfg` **Type:** Object **ip-filtering-policy** **Description** Configure IP Filter **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/ip-filtering-policy ` **ip-filtering-policy-oper** **Description:** ip-filtering-policy-oper is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_port_zone-service-list_ip-filtering-policy-oper` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/ip-filtering-policy-oper ` **ips** **Description:** ips is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_port_zone-service-list_ips` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/ips ` **level-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/level/{level-num} ` **manual-mode-enable** **Description** Toggle manual mode to use fix templates **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **manual-mode-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/manual-mode/{config} ` **max-dynamic-entry-count** **Description** Maximum count for dynamic source zone service entry **Type:** number **Range:** 0-2147483647 **outbound-only** **Description** Only allow outbound traffic **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **pattern-recognition** **Description:** pattern-recognition is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_port_zone-service-list_pattern-recognition` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/pattern-recognition ` **pattern-recognition-pu-details** **Description:** pattern-recognition-pu-details is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_port_zone-service-list_pattern-recognition-pu-details` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/pattern-recognition-pu-details ` **port-ind** **Description:** port-ind is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_port_zone-service-list_port-ind` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/port-ind ` **port-num** **Description** Port Number **Type:** number **Range:** 1-65535 **progression-tracking** **Description:** progression-tracking is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_port_zone-service-list_progression-tracking` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/progression-tracking ` **protocol** **Description** 'dns-tcp': DNS-TCP Port; 'dns-udp': DNS-UDP Port; 'http': HTTP Port; 'tcp': TCP Port; 'udp': UDP Port; 'ssl-l4': SSL-L4 Port; 'sip-udp': SIP-UDP Port; 'sip-tcp': SIP-TCP Port; 'quic': QUIC Port; **Type:** string **Supported Values:** dns-tcp, dns-udp, http, tcp, udp, ssl-l4, sip-udp, sip-tcp, quic **set-counter-base-val** **Description** Set T2 counter value of current context to specified value **Type:** number **Range:** 1-4294967295 **sflow-common** **Description** Enable all sFlow polling options under this zone port **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** sflow-common,sflow-packets, sflow-tcp-basic, sflow-tcp-stateful, and sflow-http are mutually exclusive **sflow-http** **Description** Enable sFlow HTTP counter polling **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** sflow-http and sflow-common are mutually exclusive **sflow-packets** **Description** Enable sFlow packet-level counter polling **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** sflow-packets and sflow-common are mutually exclusive **sflow-tcp** **Description:** sflow-tcp is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_port_zone-service-list_sflow-tcp` **Type:** Object **signature-extraction** **Description:** signature-extraction is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_port_zone-service-list_signature-extraction` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/signature-extraction ` **src-based-policy-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/src-based-policy/{src-based-policy-name} ` **stateful** **Description** Enable stateful tracking of sessions (Default is stateless) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **topk-destinations** **Description:** topk-destinations is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_port_zone-service-list_topk-destinations` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/topk-destinations ` **topk-dst-num-records** **Description** Maximum number of records to show in topk **Type:** number **Range:** 1-100 **Default:** 20 **topk-num-records** **Description** Maximum number of records to show in topk **Type:** number **Range:** 1-100 **Default:** 20 **topk-sources** **Description:** topk-sources is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_port_zone-service-list_topk-sources` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/topk-sources ` **unlimited-dynamic-entry-count** **Description** No limit for maximum dynamic src entry count **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_port_zone-service-list_pattern-recognition: dst_zone-list_port_zone-service-list_pattern-recognition ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **algorithm** **Description** 'heuristic': heuristic algorithm; **Type:** string **Supported Values:** heuristic **app-payload-offset** **Description** Set offset of the payload **Type:** number **Range:** 0-1500 **Default:** 0 **capture-traffic** **Description** 'all': Capture all packets; 'dropped': Capture dropped packets (default); **Type:** string **Supported Values:** all, dropped **filter-inactive-threshold** **Description** Extracted filter inactive threshold **Type:** number **Range:** 5-255 **filter-threshold** **Description** Extracted filter threshold **Type:** number **Range:** 0-100 **mode** **Description** 'capture-never-expire': War-time capture without rate exceeding and never expires; 'manual': Manual mode; **Type:** string **Supported Values:** capture-never-expire, manual **sensitivity** **Description** 'high': High Sensitivity; 'medium': Medium Sensitivity; 'low': Low Sensitivity; **Type:** string **Supported Values:** high, medium, low **triggered-by** **Description** 'zone-escalation': Zone escalation trigger pattern recognition; 'packet-rate-exceeds': Packet rate limit exceeds trigger pattern recognition (default); **Type:** string **Supported Values:** zone-escalation, packet-rate-exceeds **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_port_zone-service-list_ips: dst_zone-list_port_zone-service-list_ips ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **sampling-enable** **Type:** List **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_port_zone-service-list_ips_sampling-enable: dst_zone-list_port_zone-service-list_ips_sampling-enable ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'ips_matched_total': IPS Matched Total; 'ips_matched_action_pass': IPS Matched Action Pass; 'ips_matched_action_drop': IPS Matched Action Drop; 'ips_matched_action_blacklist': IPS Matched Action Blacklist; 'ips_matched_severity_high': IPS Matched Severity High; 'ips_matched_severity_medium': IPS Matched Severity Medium; 'ips_matched_severity_low': IPS Matched Severity Low; 'src_ips_matched_action_pass': Src IPS Matched Action Pass; 'src_ips_matched_action_drop': Src IPS Matched Action Drop; 'src_ips_matched_action_blacklist': Src IPS Matched Action Blacklist; 'src_ips_matched_severity_high': Src IPS Matched Severity High; 'src_ips_matched_severity_medium': Src IPS Matched Severity Medium; 'src_ips_matched_severity_low': Src IPS Matched Severity Low; **Type:** string **Supported Values:** all, ips_matched_total, ips_matched_action_pass, ips_matched_action_drop, ips_matched_action_blacklist, ips_matched_severity_high, ips_matched_severity_medium, ips_matched_severity_low, src_ips_matched_action_pass, src_ips_matched_action_drop, src_ips_matched_action_blacklist, src_ips_matched_severity_high, src_ips_matched_severity_medium, src_ips_matched_severity_low .. _1278_dst_zone-list_port_zone-service-list_ip-filtering-policy-oper: dst_zone-list_port_zone-service-list_ip-filtering-policy-oper ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_port_zone-service-list_glid-cfg: dst_zone-list_port_zone-service-list_glid-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **action-list** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **glid** **Description** Global limit ID for the whole zone **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **glid-action** **Description** 'drop': Drop packets for glid exceed (Default if default-action-list is not configured); 'ignore': Do nothing for glid exceed; **Type:** string **Supported Values:** drop, ignore **per-addr-glid** **Description** Global limit ID per address **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` .. _1278_dst_zone-list_port_zone-service-list_signature-extraction: dst_zone-list_port_zone-service-list_signature-extraction ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **algorithm** **Description** 'heuristic': heuristic algorithm; **Type:** string **Supported Values:** heuristic **manual-mode** **Description** Enable manual mode **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_port_zone-service-list_level-list: dst_zone-list_port_zone-service-list_level-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **apply-extracted-filters** **Description** Apply extracted filters from this level **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **close-sessions-for-unauth-sources** **Description** Close session for unauthenticated sources **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid-action** **Description** 'drop': Drop packets for glid exceed (Default); 'blacklist-src': Blacklist-src for glid exceed; 'ignore': Do nothing for glid exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **indicator-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/level/{level-num}/indicator/{type} ` **level-num** **Description** '0': Default policy level; '1': Policy level 1; '2': Policy level 2; '3': Policy level 3; '4': Policy level 4; **Type:** string **Supported Values:** 0, 1, 2, 3, 4 **src-default-glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **src-escalation-score** **Description** Source activation score of this level **Type:** number **Range:** 1-1000000 **src-violation-actions** **Description** Violation actions apply due to source escalate from this level **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/violation-actions ` **start-pattern-recognition** **Description** Start pattern recognition from this level **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **start-signature-extraction** **Description** Start signature extraction from this level **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-escalation-score** **Description** Zone activation score of this level **Type:** number **Range:** 1-1000000 **zone-template** **Description:** zone-template is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_port_zone-service-list_level-list_zone-template` **Type:** Object **zone-violation-actions** **Description** Violation actions apply due to zone escalate from this level **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/violation-actions ` .. _1278_dst_zone-list_port_zone-service-list_level-list_zone-template: dst_zone-list_port_zone-service-list_level-list_zone-template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dns** **Description** DDOS dns template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **encap** **Description** DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **http** **Description** DDOS http template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **quic** **Description** DDOS quic template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **sip** **Description** DDOS sip template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **ssl-l4** **Description** DDOS ssl-l4 template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **tcp** **Description** DDOS tcp template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **udp** **Description** DDOS udp template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_port_zone-service-list_level-list_indicator-list: dst_zone-list_port_zone-service-list_level-list_indicator-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **data-packet-size** **Description** Expected minimal data size **Type:** number **Range:** 1-1500 **score** **Description** Score corresponding to the indicator **Type:** number **Range:** 1-1000000 **src-threshold-large-num** **Description** Indicator per-src threshold **Type:** number **Range:** 1-10995116277760 **src-threshold-num** **Description** Indicator per-src threshold **Type:** number **Range:** 1-2147483647 **src-threshold-str** **Description** Indicator per-src threshold (Non-zero floating point) **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters **src-violation-actions** **Description** Violation actions to use when this src indicator threshold reaches **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/violation-actions ` **tcp-window-size** **Description** Expected minimal window size **Type:** number **Range:** 1-500 **type** **Description** 'pkt-rate': rate of incoming packets; 'pkt-drop-rate': rate of packets got dropped; 'bit-rate': rate of incoming bits; 'pkt-drop-ratio': ratio of incoming packet rate divided by the rate of dropping packets; 'bytes-to-bytes-from-ratio': ratio of incoming packet rate divided by the rate of outgoing packets; 'concurrent-conns': number of concurrent connections; 'conn-miss-rate': rate of incoming packets for which no previously established connection exists; 'syn-rate': rate on incoming SYN packets; 'fin-rate': rate on incoming FIN packets; 'rst-rate': rate of incoming RST packets; 'small-window-ack-rate': rate of small window advertisement; 'empty-ack-rate': rate of incoming packets which have no payload; 'small-payload-rate': rate of short payload packet; 'syn-fin-ratio': ratio of incoming SYN packet rate divided by the rate of incoming FIN packets; 'cpu-utilization': average data CPU utilization; 'interface-utilization': outside interface utilization; **Type:** string **Supported Values:** pkt-rate, pkt-drop-rate, bit-rate, pkt-drop-ratio, bytes-to-bytes-from-ratio, concurrent-conns, conn-miss-rate, syn-rate, fin-rate, rst-rate, small-window-ack-rate, empty-ack-rate, small-payload-rate, syn-fin-ratio, cpu-utilization, interface-utilization **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-threshold-large-num** **Description** Threshold for the entire zone **Type:** number **Range:** 1-10995116277760 **zone-threshold-num** **Description** Threshold for the entire zone **Type:** number **Range:** 1-2147483647 **zone-threshold-str** **Description** Threshold for the entire zone (Non-zero floating point) **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters **zone-violation-actions** **Description** Violation actions to use when this zone indicator threshold reaches **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/violation-actions ` .. _1278_dst_zone-list_port_zone-service-list_manual-mode-list: dst_zone-list_port_zone-service-list_manual-mode-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **close-sessions-for-unauth-sources** **Description** Close session for unauthenticated sources **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **config** **Description** 'configuration': Manual-mode configuration; **Type:** string **Supported Values:** configuration **glid-action** **Description** 'drop': Drop packets for glid exceed (Default); 'blacklist-src': Blacklist-src for glid exceed; 'ignore': Do nothing for glid exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **src-default-glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-template** **Description:** zone-template is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_port_zone-service-list_manual-mode-list_zone-template` **Type:** Object .. _1278_dst_zone-list_port_zone-service-list_manual-mode-list_zone-template: dst_zone-list_port_zone-service-list_manual-mode-list_zone-template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dns** **Description** DDOS dns template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **encap** **Description** DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **http** **Description** DDOS http template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **quic** **Description** DDOS quic template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **sip** **Description** DDOS sip template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **ssl-l4** **Description** DDOS ssl-l4 template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **tcp** **Description** DDOS tcp template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **udp** **Description** DDOS udp template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_port_zone-service-list_src-based-policy-list: dst_zone-list_port_zone-service-list_src-based-policy-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **policy-class-list-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/src-based-policy/{src-based-policy-name}/policy-class-list/{class-list-name} ` **src-based-policy-name** **Description** Specify name of the policy **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_port_zone-service-list_src-based-policy-list_policy-class-list-list: dst_zone-list_port_zone-service-list_src-based-policy-list_policy-class-list-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **action** **Description** 'bypass': Always permit for the Source to bypass all feature & limit checks; 'deny': Blacklist incoming packets for service; **Type:** string **Supported Values:** bypass, deny **class-list-name** **Description** Class-list name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **class-list-overflow-policy-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/src-based-policy/{src-based-policy-name}/policy-class-list/{class-list-name}/class-list-overflow-policy/{dummy-name} ` **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **glid-action** **Description** 'drop': Drop packets for glid exceed (Default); 'blacklist-src': Blacklist-src for glid exceed; 'ignore': Do nothing for glid exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **log-enable** **Description** Enable logging **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **log-periodic** **Description** Enable log periodic **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **max-dynamic-entry-count** **Description** Maximum count for dynamic source zone service entry allowed for this class-list **Type:** number **Range:** 0-2147483647 **sampling-enable** **Type:** List **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-template** **Description:** zone-template is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_port_zone-service-list_src-based-policy-list_policy-class-list-list_zone-template` **Type:** Object .. _1278_dst_zone-list_port_zone-service-list_src-based-policy-list_policy-class-list-list_sampling-enable: dst_zone-list_port_zone-service-list_src-based-policy-list_policy-class-list-list_sampling-enable ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'packet_received': Packets Received; 'packet_dropped': Packets Dropped; 'entry_learned': Entry Learned; 'entry_count_overflow': Entry Count Overflow; **Type:** string **Supported Values:** all, packet_received, packet_dropped, entry_learned, entry_count_overflow .. _1278_dst_zone-list_port_zone-service-list_src-based-policy-list_policy-class-list-list_zone-template: dst_zone-list_port_zone-service-list_src-based-policy-list_policy-class-list-list_zone-template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dns** **Description** DDOS dns template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **encap** **Description** DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **http** **Description** DDOS http template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **logging** **Description** DDOS logging template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **quic** **Description** DDOS quic template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **sip** **Description** DDOS sip template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **ssl-l4** **Description** DDOS ssl-l4 template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **tcp** **Description** DDOS tcp template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **udp** **Description** DDOS udp template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_port_zone-service-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list: dst_zone-list_port_zone-service-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **action** **Description** 'bypass': Always permit for the Source to bypass all feature & limit checks; 'deny': Blacklist incoming packets for service; **Type:** string **Supported Values:** bypass, deny **dummy-name** **Description** 'configuration': Configure overflow policy for class-list; **Type:** string **Supported Values:** configuration **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **log-enable** **Description** Enable logging **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **log-periodic** **Description** Enable log periodic **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-template** **Description:** zone-template is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_port_zone-service-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list_zone-template` **Type:** Object .. _1278_dst_zone-list_port_zone-service-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list_zone-template: dst_zone-list_port_zone-service-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list_zone-template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dns** **Description** DDOS dns template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **encap** **Description** DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **http** **Description** DDOS http template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **logging** **Description** DDOS logging template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **quic** **Description** DDOS quic template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **sip** **Description** DDOS sip template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **ssl-l4** **Description** DDOS ssl-l4 template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **tcp** **Description** DDOS tcp template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **udp** **Description** DDOS udp template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_port_zone-service-list_pattern-recognition-pu-details: dst_zone-list_port_zone-service-list_pattern-recognition-pu-details ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_port_zone-service-list_port-ind: dst_zone-list_port_zone-service-list_port-ind ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **sampling-enable** **Type:** List **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_port_zone-service-list_port-ind_sampling-enable: dst_zone-list_port_zone-service-list_port-ind_sampling-enable ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'ip-proto-type': IP Protocol Type; 'ddet_ind_pkt_rate_current': Pkt Rate Current; 'ddet_ind_pkt_rate_min': Pkt Rate Min; 'ddet_ind_pkt_rate_max': Pkt Rate Max; 'ddet_ind_pkt_rate_adaptive_threshold': Pkt Rate Adaptive Threshold; 'ddet_ind_pkt_drop_rate_current': Pkt Drop Rate Current; 'ddet_ind_pkt_drop_rate_min': Pkt Drop Rate Min; 'ddet_ind_pkt_drop_rate_max': Pkt Drop Rate Max; 'ddet_ind_pkt_drop_rate_adaptive_threshold': Pkt Drop Rate Adaptive Threshold; 'ddet_ind_syn_rate_current': TCP SYN Rate Current; 'ddet_ind_syn_rate_min': TCP SYN Rate Min; 'ddet_ind_syn_rate_max': TCP SYN Rate Max; 'ddet_ind_syn_rate_adaptive_threshold': TCP SYN Rate Adaptive Threshold; 'ddet_ind_fin_rate_current': TCP FIN Rate Current; 'ddet_ind_fin_rate_min': TCP FIN Rate Min; 'ddet_ind_fin_rate_max': TCP FIN Rate Max; 'ddet_ind_fin_rate_adaptive_threshold': TCP FIN Rate Adaptive Threshold; 'ddet_ind_rst_rate_current': TCP RST Rate Current; 'ddet_ind_rst_rate_min': TCP RST Rate Min; 'ddet_ind_rst_rate_max': TCP RST Rate Max; 'ddet_ind_rst_rate_adaptive_threshold': TCP RST Rate Adaptive Threshold; 'ddet_ind_small_window_ack_rate_current': TCP Small Window ACK Rate Current; 'ddet_ind_small_window_ack_rate_min': TCP Small Window ACK Rate Min; 'ddet_ind_small_window_ack_rate_max': TCP Small Window ACK Rate Max; 'ddet_ind_small_window_ack_rate_adaptive_threshold': TCP Small Window ACK Rate Adaptive Threshold; 'ddet_ind_empty_ack_rate_current': TCP Empty ACK Rate Current; 'ddet_ind_empty_ack_rate_min': TCP Empty ACK Rate Min; 'ddet_ind_empty_ack_rate_max': TCP Empty ACK Rate Max; 'ddet_ind_empty_ack_rate_adaptive_threshold': TCP Empty ACK Rate Adaptive Threshold; 'ddet_ind_small_payload_rate_current': TCP Small Payload Rate Current; 'ddet_ind_small_payload_rate_min': TCP Small Payload Rate Min; 'ddet_ind_small_payload_rate_max': TCP Small Payload Rate Max; 'ddet_ind_small_payload_rate_adaptive_threshold': TCP Small Payload Rate Adaptive Threshold; 'ddet_ind_pkt_drop_ratio_current': Pkt Drop / Pkt Rcvd Current; 'ddet_ind_pkt_drop_ratio_min': Pkt Drop / Pkt Rcvd Min; 'ddet_ind_pkt_drop_ratio_max': Pkt Drop / Pkt Rcvd Max; 'ddet_ind_pkt_drop_ratio_adaptive_threshold': Pkt Drop / Pkt Rcvd Adaptive Threshold; 'ddet_ind_inb_per_outb_current': Bytes-to / Bytes-from Current; 'ddet_ind_inb_per_outb_min': Bytes-to / Bytes-from Min; 'ddet_ind_inb_per_outb_max': Bytes-to / Bytes-from Max; 'ddet_ind_inb_per_outb_adaptive_threshold': Bytes-to / Bytes-from Adaptive Threshold; 'ddet_ind_syn_per_fin_rate_current': TCP SYN Rate / FIN Rate Current; 'ddet_ind_syn_per_fin_rate_min': TCP SYN Rate / FIN Rate Min; 'ddet_ind_syn_per_fin_rate_max': TCP SYN Rate / FIN Rate Max; 'ddet_ind_syn_per_fin_rate_adaptive_threshold': TCP SYN Rate / FIN Rate Adaptive Threshold; 'ddet_ind_conn_miss_rate_current': TCP Session Miss Rate Current; 'ddet_ind_conn_miss_rate_min': TCP Session Miss Rate Min; 'ddet_ind_conn_miss_rate_max': TCP Session Miss Rate Max; 'ddet_ind_conn_miss_rate_adaptive_threshold': TCP Session Miss Rate Adaptive Threshold; 'ddet_ind_concurrent_conns_current': TCP/UDP Concurrent Sessions Current; 'ddet_ind_concurrent_conns_min': TCP/UDP Concurrent Sessions Min; 'ddet_ind_concurrent_conns_max': TCP/UDP Concurrent Sessions Max; 'ddet_ind_concurrent_conns_adaptive_threshold': TCP/UDP Concurrent Sessions Adaptive Threshold; 'ddet_ind_data_cpu_util_current': Data CPU Utilization Current; 'ddet_ind_data_cpu_util_min': Data CPU Utilization Min; 'ddet_ind_data_cpu_util_max': Data CPU Utilization Max; 'ddet_ind_data_cpu_util_adaptive_threshold': Data CPU Utilization Adaptive Threshold; 'ddet_ind_outside_intf_util_current': Outside Interface Utilization Current; 'ddet_ind_outside_intf_util_min': Outside Interface Utilization Min; 'ddet_ind_outside_intf_util_max': Outside Interface Utilization Max; 'ddet_ind_outside_intf_util_adaptive_threshold': Outside Interface Utilization Adaptive Threshold; 'ddet_ind_frag_rate_current': Frag Pkt Rate Current; 'ddet_ind_frag_rate_min': Frag Pkt Rate Min; 'ddet_ind_frag_rate_max': Frag Pkt Rate Max; 'ddet_ind_frag_rate_adaptive_threshold': Frag Pkt Rate Adaptive Threshold; 'ddet_ind_bit_rate_current': Bit Rate Current; 'ddet_ind_bit_rate_min': Bit Rate Min; 'ddet_ind_bit_rate_max': Bit Rate Max; 'ddet_ind_bit_rate_adaptive_threshold': Bit Rate Adaptive Threshold; **Type:** string **Supported Values:** all, ip-proto-type, ddet_ind_pkt_rate_current, ddet_ind_pkt_rate_min, ddet_ind_pkt_rate_max, ddet_ind_pkt_rate_adaptive_threshold, ddet_ind_pkt_drop_rate_current, ddet_ind_pkt_drop_rate_min, ddet_ind_pkt_drop_rate_max, ddet_ind_pkt_drop_rate_adaptive_threshold, ddet_ind_syn_rate_current, ddet_ind_syn_rate_min, ddet_ind_syn_rate_max, ddet_ind_syn_rate_adaptive_threshold, ddet_ind_fin_rate_current, ddet_ind_fin_rate_min, ddet_ind_fin_rate_max, ddet_ind_fin_rate_adaptive_threshold, ddet_ind_rst_rate_current, ddet_ind_rst_rate_min, ddet_ind_rst_rate_max, ddet_ind_rst_rate_adaptive_threshold, ddet_ind_small_window_ack_rate_current, ddet_ind_small_window_ack_rate_min, ddet_ind_small_window_ack_rate_max, ddet_ind_small_window_ack_rate_adaptive_threshold, ddet_ind_empty_ack_rate_current, ddet_ind_empty_ack_rate_min, ddet_ind_empty_ack_rate_max, ddet_ind_empty_ack_rate_adaptive_threshold, ddet_ind_small_payload_rate_current, ddet_ind_small_payload_rate_min, ddet_ind_small_payload_rate_max, ddet_ind_small_payload_rate_adaptive_threshold, ddet_ind_pkt_drop_ratio_current, ddet_ind_pkt_drop_ratio_min, ddet_ind_pkt_drop_ratio_max, ddet_ind_pkt_drop_ratio_adaptive_threshold, ddet_ind_inb_per_outb_current, ddet_ind_inb_per_outb_min, ddet_ind_inb_per_outb_max, ddet_ind_inb_per_outb_adaptive_threshold, ddet_ind_syn_per_fin_rate_current, ddet_ind_syn_per_fin_rate_min, ddet_ind_syn_per_fin_rate_max, ddet_ind_syn_per_fin_rate_adaptive_threshold, ddet_ind_conn_miss_rate_current, ddet_ind_conn_miss_rate_min, ddet_ind_conn_miss_rate_max, ddet_ind_conn_miss_rate_adaptive_threshold, ddet_ind_concurrent_conns_current, ddet_ind_concurrent_conns_min, ddet_ind_concurrent_conns_max, ddet_ind_concurrent_conns_adaptive_threshold, ddet_ind_data_cpu_util_current, ddet_ind_data_cpu_util_min, ddet_ind_data_cpu_util_max, ddet_ind_data_cpu_util_adaptive_threshold, ddet_ind_outside_intf_util_current, ddet_ind_outside_intf_util_min, ddet_ind_outside_intf_util_max, ddet_ind_outside_intf_util_adaptive_threshold, ddet_ind_frag_rate_current, ddet_ind_frag_rate_min, ddet_ind_frag_rate_max, ddet_ind_frag_rate_adaptive_threshold, ddet_ind_bit_rate_current, ddet_ind_bit_rate_min, ddet_ind_bit_rate_max, ddet_ind_bit_rate_adaptive_threshold .. _1278_dst_zone-list_port_zone-service-list_sflow-tcp: dst_zone-list_port_zone-service-list_sflow-tcp ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **sflow-tcp-basic** **Description** Enable sFlow basic TCP counter polling **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** sflow-tcp-basic and sflow-common are mutually exclusive **sflow-tcp-stateful** **Description** Enable sFlow stateful TCP counter polling **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** sflow-tcp-stateful and sflow-common are mutually exclusive .. _1278_dst_zone-list_port_zone-service-list_topk-sources: dst_zone-list_port_zone-service-list_topk-sources ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_port_zone-service-list_dynamic-entry-overflow-policy-list: dst_zone-list_port_zone-service-list_dynamic-entry-overflow-policy-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **action** **Description** 'bypass': Always permit for the Source to bypass all feature & limit checks; 'deny': Blacklist incoming packets for service; **Type:** string **Supported Values:** bypass, deny **dummy-name** **Description** 'configuration': Configure overflow policy; **Type:** string **Supported Values:** configuration **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **log-enable** **Description** Enable logging **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **log-periodic** **Description** Enable log periodic **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-template** **Description:** zone-template is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_port_zone-service-list_dynamic-entry-overflow-policy-list_zone-template` **Type:** Object .. _1278_dst_zone-list_port_zone-service-list_dynamic-entry-overflow-policy-list_zone-template: dst_zone-list_port_zone-service-list_dynamic-entry-overflow-policy-list_zone-template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dns** **Description** DDOS dns template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **encap** **Description** DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **http** **Description** DDOS http template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **logging** **Description** DDOS logging template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **quic** **Description** DDOS quic template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **sip** **Description** DDOS sip template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **ssl-l4** **Description** DDOS ssl-l4 template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **tcp** **Description** DDOS tcp template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **udp** **Description** DDOS udp template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_port_zone-service-list_capture-config: dst_zone-list_port_zone-service-list_capture-config ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **capture-config-mode** **Description** 'drop': Apply capture-config to dropped packets; 'forward': Apply capture-config to forwarded packets; 'all': Apply capture-config to both dropped and forwarded packets; **Type:** string **Supported Values:** drop, forward, all **capture-config-name** **Description** Capture-config name **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_port_zone-service-list_topk-destinations: dst_zone-list_port_zone-service-list_topk-destinations ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_port_zone-service-list_progression-tracking: dst_zone-list_port_zone-service-list_progression-tracking ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_port_zone-service-other-list: dst_zone-list_port_zone-service-other-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **age** **Description** Idle age for ip entry **Type:** number **Range:** 2-1023 **Default:** 5 **apply-policy-on-overflow** **Description** Enable this flag to apply overflow policy when dynamic entry count overflows **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **default-action-list** **Description** Configure default-action-list **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **deny** **Description** Blacklist and Drop all incoming packets for protocol **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dynamic-entry-overflow-policy-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}/dynamic-entry-overflow-policy/{dummy-name} ` **enable-class-list-overflow** **Description** Apply class-list overflow policy upon exceeding dynamic entry count specified for this zone port or each class-list **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **enable-top-k** **Description** Enable ddos top-k source IP detection **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **enable-top-k-destination** **Description** Enable ddos top-k destination IP detection **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **faster-de-escalation** **Description** De-escalate faster in standalone mode **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid-cfg** **Description:** glid-cfg is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_port_zone-service-other-list_glid-cfg` **Type:** Object **ip-filtering-policy** **Description** Configure IP Filter **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/ip-filtering-policy ` **ip-filtering-policy-oper** **Description:** ip-filtering-policy-oper is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_port_zone-service-other-list_ip-filtering-policy-oper` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}/ip-filtering-policy-oper ` **level-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}/level/{level-num} ` **manual-mode-enable** **Description** Toggle manual mode to use fix templates **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **manual-mode-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}/manual-mode/{config} ` **max-dynamic-entry-count** **Description** Maximum count for dynamic source zone service entry **Type:** number **Range:** 0-2147483647 **outbound-only** **Description** Only allow outbound traffic **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **pattern-recognition** **Description:** pattern-recognition is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_port_zone-service-other-list_pattern-recognition` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}/pattern-recognition ` **pattern-recognition-pu-details** **Description:** pattern-recognition-pu-details is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_port_zone-service-other-list_pattern-recognition-pu-details` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}/pattern-recognition-pu-details ` **port-ind** **Description:** port-ind is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_port_zone-service-other-list_port-ind` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}/port-ind ` **port-other** **Description** 'other': other; **Type:** string **Supported Values:** other **progression-tracking** **Description:** progression-tracking is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_port_zone-service-other-list_progression-tracking` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}/progression-tracking ` **protocol** **Description** 'tcp': TCP Port; 'udp': UDP Port; **Type:** string **Supported Values:** tcp, udp **set-counter-base-val** **Description** Set T2 counter value of current context to specified value **Type:** number **Range:** 1-4294967295 **sflow-common** **Description** Enable all sFlow polling options under this zone port **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** sflow-common,sflow-packets, sflow-tcp-basic, and sflow-tcp-stateful are mutually exclusive **sflow-packets** **Description** Enable sFlow packet-level counter polling **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** sflow-packets and sflow-common are mutually exclusive **sflow-tcp** **Description:** sflow-tcp is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_port_zone-service-other-list_sflow-tcp` **Type:** Object **src-based-policy-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}/src-based-policy/{src-based-policy-name} ` **stateful** **Description** Enable stateful tracking of sessions (Default is stateless) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **topk-destinations** **Description:** topk-destinations is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_port_zone-service-other-list_topk-destinations` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}/topk-destinations ` **topk-dst-num-records** **Description** Maximum number of records to show in topk **Type:** number **Range:** 1-100 **Default:** 20 **topk-num-records** **Description** Maximum number of records to show in topk **Type:** number **Range:** 1-100 **Default:** 20 **topk-sources** **Description:** topk-sources is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_port_zone-service-other-list_topk-sources` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}/topk-sources ` **unlimited-dynamic-entry-count** **Description** No limit for maximum dynamic src entry count **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_port_zone-service-other-list_pattern-recognition: dst_zone-list_port_zone-service-other-list_pattern-recognition ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **algorithm** **Description** 'heuristic': heuristic algorithm; **Type:** string **Supported Values:** heuristic **capture-traffic** **Description** 'all': Capture all packets; 'dropped': Capture dropped packets (default); **Type:** string **Supported Values:** all, dropped **filter-inactive-threshold** **Description** Extracted filter inactive threshold **Type:** number **Range:** 5-255 **filter-threshold** **Description** Extracted filter threshold **Type:** number **Range:** 0-100 **mode** **Description** 'capture-never-expire': War-time capture without rate exceeding and never expires; 'manual': Manual mode; **Type:** string **Supported Values:** capture-never-expire, manual **sensitivity** **Description** 'high': High Sensitivity; 'medium': Medium Sensitivity; 'low': Low Sensitivity; **Type:** string **Supported Values:** high, medium, low **triggered-by** **Description** 'zone-escalation': Zone escalation trigger pattern recognition; 'packet-rate-exceeds': Packet rate limit exceeds trigger pattern recognition (default); **Type:** string **Supported Values:** zone-escalation, packet-rate-exceeds **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_port_zone-service-other-list_dynamic-entry-overflow-policy-list: dst_zone-list_port_zone-service-other-list_dynamic-entry-overflow-policy-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **action** **Description** 'bypass': Always permit for the Source to bypass all feature & limit checks; 'deny': Blacklist incoming packets for service; **Type:** string **Supported Values:** bypass, deny **dummy-name** **Description** 'configuration': Configure overflow policy; **Type:** string **Supported Values:** configuration **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **log-enable** **Description** Enable logging **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **log-periodic** **Description** Enable log periodic **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-template** **Description:** zone-template is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_port_zone-service-other-list_dynamic-entry-overflow-policy-list_zone-template` **Type:** Object .. _1278_dst_zone-list_port_zone-service-other-list_dynamic-entry-overflow-policy-list_zone-template: dst_zone-list_port_zone-service-other-list_dynamic-entry-overflow-policy-list_zone-template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dns** **Description** DDOS dns template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **encap** **Description** DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **http** **Description** DDOS http template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **logging** **Description** DDOS logging template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **sip** **Description** DDOS sip template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **ssl-l4** **Description** DDOS ssl-l4 template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **tcp** **Description** DDOS tcp template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **udp** **Description** DDOS udp template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_port_zone-service-other-list_ip-filtering-policy-oper: dst_zone-list_port_zone-service-other-list_ip-filtering-policy-oper ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_port_zone-service-other-list_glid-cfg: dst_zone-list_port_zone-service-other-list_glid-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **action-list** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **glid** **Description** Global limit ID for the whole zone **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **glid-action** **Description** 'drop': Drop packets for glid exceed (Default if default-action-list is not configured); 'ignore': Do nothing for glid exceed; **Type:** string **Supported Values:** drop, ignore **per-addr-glid** **Description** Global limit ID per address **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` .. _1278_dst_zone-list_port_zone-service-other-list_level-list: dst_zone-list_port_zone-service-other-list_level-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **apply-extracted-filters** **Description** Apply extracted filters from this level **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **close-sessions-for-unauth-sources** **Description** Close session for unauthenticated sources **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid-action** **Description** 'drop': Drop packets for glid exceed (Default); 'blacklist-src': Blacklist-src for glid exceed; 'ignore': Do nothing for glid exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **indicator-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}/level/{level-num}/indicator/{type} ` **level-num** **Description** '0': Default policy level; '1': Policy level 1; '2': Policy level 2; '3': Policy level 3; '4': Policy level 4; **Type:** string **Supported Values:** 0, 1, 2, 3, 4 **src-default-glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **src-escalation-score** **Description** Source activation score of this level **Type:** number **Range:** 1-1000000 **src-violation-actions** **Description** Violation actions apply due to source escalate from this level **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/violation-actions ` **start-pattern-recognition** **Description** Start pattern recognition from this level **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-escalation-score** **Description** Zone activation score of this level **Type:** number **Range:** 1-1000000 **zone-template** **Description:** zone-template is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_port_zone-service-other-list_level-list_zone-template` **Type:** Object **zone-violation-actions** **Description** Violation actions apply due to zone escalate from this level **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/violation-actions ` .. _1278_dst_zone-list_port_zone-service-other-list_level-list_zone-template: dst_zone-list_port_zone-service-other-list_level-list_zone-template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **encap** **Description** DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **tcp** **Description** DDOS tcp template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **udp** **Description** DDOS udp template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_port_zone-service-other-list_level-list_indicator-list: dst_zone-list_port_zone-service-other-list_level-list_indicator-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **data-packet-size** **Description** Expected minimal data size **Type:** number **Range:** 1-1500 **score** **Description** Score corresponding to the indicator **Type:** number **Range:** 1-1000000 **src-threshold-large-num** **Description** Indicator per-src threshold **Type:** number **Range:** 1-10995116277760 **src-threshold-num** **Description** Indicator per-src threshold **Type:** number **Range:** 1-2147483647 **src-threshold-str** **Description** Indicator per-src threshold (Non-zero floating point) **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters **src-violation-actions** **Description** Violation actions to use when this src indicator threshold reaches **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/violation-actions ` **tcp-window-size** **Description** Expected minimal window size **Type:** number **Range:** 1-500 **type** **Description** 'pkt-rate': rate of incoming packets; 'pkt-drop-rate': rate of packets got dropped; 'bit-rate': rate of incoming bits; 'pkt-drop-ratio': ratio of incoming packet rate divided by the rate of dropping packets; 'bytes-to-bytes-from-ratio': ratio of incoming packet rate divided by the rate of outgoing packets; 'concurrent-conns': number of concurrent connections; 'conn-miss-rate': rate of incoming packets for which no previously established connection exists; 'syn-rate': rate on incoming SYN packets; 'fin-rate': rate on incoming FIN packets; 'rst-rate': rate of incoming RST packets; 'small-window-ack-rate': rate of small window advertisement; 'empty-ack-rate': rate of incoming packets which have no payload; 'small-payload-rate': rate of short payload packet; 'syn-fin-ratio': ratio of incoming SYN packet rate divided by the rate of incoming FIN packets; 'cpu-utilization': average data CPU utilization; 'interface-utilization': outside interface utilization; **Type:** string **Supported Values:** pkt-rate, pkt-drop-rate, bit-rate, pkt-drop-ratio, bytes-to-bytes-from-ratio, concurrent-conns, conn-miss-rate, syn-rate, fin-rate, rst-rate, small-window-ack-rate, empty-ack-rate, small-payload-rate, syn-fin-ratio, cpu-utilization, interface-utilization **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-threshold-large-num** **Description** Threshold for the entire zone **Type:** number **Range:** 1-10995116277760 **zone-threshold-num** **Description** Threshold for the entire zone **Type:** number **Range:** 1-2147483647 **zone-threshold-str** **Description** Threshold for the entire zone (Non-zero floating point) **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters **zone-violation-actions** **Description** Violation actions to use when this zone indicator threshold reaches **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/violation-actions ` .. _1278_dst_zone-list_port_zone-service-other-list_manual-mode-list: dst_zone-list_port_zone-service-other-list_manual-mode-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **close-sessions-for-unauth-sources** **Description** Close session for unauthenticated sources **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **config** **Description** 'configuration': Manual-mode configuration; **Type:** string **Supported Values:** configuration **glid-action** **Description** 'drop': Drop packets for glid exceed (Default); 'blacklist-src': Blacklist-src for glid exceed; 'ignore': Do nothing for glid exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **src-default-glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-template** **Description:** zone-template is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_port_zone-service-other-list_manual-mode-list_zone-template` **Type:** Object .. _1278_dst_zone-list_port_zone-service-other-list_manual-mode-list_zone-template: dst_zone-list_port_zone-service-other-list_manual-mode-list_zone-template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **encap** **Description** DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **tcp** **Description** DDOS tcp template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **udp** **Description** DDOS udp template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_port_zone-service-other-list_src-based-policy-list: dst_zone-list_port_zone-service-other-list_src-based-policy-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **policy-class-list-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}/src-based-policy/{src-based-policy-name}/policy-class-list/{class-list-name} ` **src-based-policy-name** **Description** Specify name of the policy **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_port_zone-service-other-list_src-based-policy-list_policy-class-list-list: dst_zone-list_port_zone-service-other-list_src-based-policy-list_policy-class-list-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **action** **Description** 'bypass': Always permit for the Source to bypass all feature & limit checks; 'deny': Blacklist incoming packets for service; **Type:** string **Supported Values:** bypass, deny **class-list-name** **Description** Class-list name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **class-list-overflow-policy-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}/src-based-policy/{src-based-policy-name}/policy-class-list/{class-list-name}/class-list-overflow-policy/{dummy-name} ` **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **glid-action** **Description** 'drop': Drop packets for glid exceed (Default); 'blacklist-src': Blacklist-src for glid exceed; 'ignore': Do nothing for glid exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **max-dynamic-entry-count** **Description** Maximum count for dynamic source zone service entry allowed for this class-list **Type:** number **Range:** 0-2147483647 **sampling-enable** **Type:** List **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-template** **Description:** zone-template is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_port_zone-service-other-list_src-based-policy-list_policy-class-list-list_zone-template` **Type:** Object .. _1278_dst_zone-list_port_zone-service-other-list_src-based-policy-list_policy-class-list-list_zone-template: dst_zone-list_port_zone-service-other-list_src-based-policy-list_policy-class-list-list_zone-template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **encap** **Description** DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **logging** **Description** DDOS logging template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **tcp** **Description** DDOS tcp template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **udp** **Description** DDOS udp template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_port_zone-service-other-list_src-based-policy-list_policy-class-list-list_sampling-enable: dst_zone-list_port_zone-service-other-list_src-based-policy-list_policy-class-list-list_sampling-enable ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'packet_received': Packets Received; 'packet_dropped': Packets Dropped; 'entry_learned': Entry Learned; 'entry_count_overflow': Entry Count Overflow; **Type:** string **Supported Values:** all, packet_received, packet_dropped, entry_learned, entry_count_overflow .. _1278_dst_zone-list_port_zone-service-other-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list: dst_zone-list_port_zone-service-other-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **action** **Description** 'bypass': Always permit for the Source to bypass all feature & limit checks; 'deny': Blacklist incoming packets for service; **Type:** string **Supported Values:** bypass, deny **dummy-name** **Description** 'configuration': Configure overflow policy for class-list; **Type:** string **Supported Values:** configuration **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **log-enable** **Description** Enable logging **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **log-periodic** **Description** Enable log periodic **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-template** **Description:** zone-template is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_port_zone-service-other-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list_zone-template` **Type:** Object .. _1278_dst_zone-list_port_zone-service-other-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list_zone-template: dst_zone-list_port_zone-service-other-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list_zone-template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dns** **Description** DDOS dns template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **encap** **Description** DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **http** **Description** DDOS http template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **logging** **Description** DDOS logging template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **sip** **Description** DDOS sip template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **ssl-l4** **Description** DDOS ssl-l4 template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **tcp** **Description** DDOS tcp template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **udp** **Description** DDOS udp template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_port_zone-service-other-list_pattern-recognition-pu-details: dst_zone-list_port_zone-service-other-list_pattern-recognition-pu-details ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_port_zone-service-other-list_port-ind: dst_zone-list_port_zone-service-other-list_port-ind ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **sampling-enable** **Type:** List **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_port_zone-service-other-list_port-ind_sampling-enable: dst_zone-list_port_zone-service-other-list_port-ind_sampling-enable ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'ip-proto-type': IP Protocol Type; 'ddet_ind_pkt_rate_current': Pkt Rate Current; 'ddet_ind_pkt_rate_min': Pkt Rate Min; 'ddet_ind_pkt_rate_max': Pkt Rate Max; 'ddet_ind_pkt_rate_adaptive_threshold': Pkt Rate Adaptive Threshold; 'ddet_ind_pkt_drop_rate_current': Pkt Drop Rate Current; 'ddet_ind_pkt_drop_rate_min': Pkt Drop Rate Min; 'ddet_ind_pkt_drop_rate_max': Pkt Drop Rate Max; 'ddet_ind_pkt_drop_rate_adaptive_threshold': Pkt Drop Rate Adaptive Threshold; 'ddet_ind_syn_rate_current': TCP SYN Rate Current; 'ddet_ind_syn_rate_min': TCP SYN Rate Min; 'ddet_ind_syn_rate_max': TCP SYN Rate Max; 'ddet_ind_syn_rate_adaptive_threshold': TCP SYN Rate Adaptive Threshold; 'ddet_ind_fin_rate_current': TCP FIN Rate Current; 'ddet_ind_fin_rate_min': TCP FIN Rate Min; 'ddet_ind_fin_rate_max': TCP FIN Rate Max; 'ddet_ind_fin_rate_adaptive_threshold': TCP FIN Rate Adaptive Threshold; 'ddet_ind_rst_rate_current': TCP RST Rate Current; 'ddet_ind_rst_rate_min': TCP RST Rate Min; 'ddet_ind_rst_rate_max': TCP RST Rate Max; 'ddet_ind_rst_rate_adaptive_threshold': TCP RST Rate Adaptive Threshold; 'ddet_ind_small_window_ack_rate_current': TCP Small Window ACK Rate Current; 'ddet_ind_small_window_ack_rate_min': TCP Small Window ACK Rate Min; 'ddet_ind_small_window_ack_rate_max': TCP Small Window ACK Rate Max; 'ddet_ind_small_window_ack_rate_adaptive_threshold': TCP Small Window ACK Rate Adaptive Threshold; 'ddet_ind_empty_ack_rate_current': TCP Empty ACK Rate Current; 'ddet_ind_empty_ack_rate_min': TCP Empty ACK Rate Min; 'ddet_ind_empty_ack_rate_max': TCP Empty ACK Rate Max; 'ddet_ind_empty_ack_rate_adaptive_threshold': TCP Empty ACK Rate Adaptive Threshold; 'ddet_ind_small_payload_rate_current': TCP Small Payload Rate Current; 'ddet_ind_small_payload_rate_min': TCP Small Payload Rate Min; 'ddet_ind_small_payload_rate_max': TCP Small Payload Rate Max; 'ddet_ind_small_payload_rate_adaptive_threshold': TCP Small Payload Rate Adaptive Threshold; 'ddet_ind_pkt_drop_ratio_current': Pkt Drop / Pkt Rcvd Current; 'ddet_ind_pkt_drop_ratio_min': Pkt Drop / Pkt Rcvd Min; 'ddet_ind_pkt_drop_ratio_max': Pkt Drop / Pkt Rcvd Max; 'ddet_ind_pkt_drop_ratio_adaptive_threshold': Pkt Drop / Pkt Rcvd Adaptive Threshold; 'ddet_ind_inb_per_outb_current': Bytes-to / Bytes-from Current; 'ddet_ind_inb_per_outb_min': Bytes-to / Bytes-from Min; 'ddet_ind_inb_per_outb_max': Bytes-to / Bytes-from Max; 'ddet_ind_inb_per_outb_adaptive_threshold': Bytes-to / Bytes-from Adaptive Threshold; 'ddet_ind_syn_per_fin_rate_current': TCP SYN Rate / FIN Rate Current; 'ddet_ind_syn_per_fin_rate_min': TCP SYN Rate / FIN Rate Min; 'ddet_ind_syn_per_fin_rate_max': TCP SYN Rate / FIN Rate Max; 'ddet_ind_syn_per_fin_rate_adaptive_threshold': TCP SYN Rate / FIN Rate Adaptive Threshold; 'ddet_ind_conn_miss_rate_current': TCP Session Miss Rate Current; 'ddet_ind_conn_miss_rate_min': TCP Session Miss Rate Min; 'ddet_ind_conn_miss_rate_max': TCP Session Miss Rate Max; 'ddet_ind_conn_miss_rate_adaptive_threshold': TCP Session Miss Rate Adaptive Threshold; 'ddet_ind_concurrent_conns_current': TCP/UDP Concurrent Sessions Current; 'ddet_ind_concurrent_conns_min': TCP/UDP Concurrent Sessions Min; 'ddet_ind_concurrent_conns_max': TCP/UDP Concurrent Sessions Max; 'ddet_ind_concurrent_conns_adaptive_threshold': TCP/UDP Concurrent Sessions Adaptive Threshold; 'ddet_ind_data_cpu_util_current': Data CPU Utilization Current; 'ddet_ind_data_cpu_util_min': Data CPU Utilization Min; 'ddet_ind_data_cpu_util_max': Data CPU Utilization Max; 'ddet_ind_data_cpu_util_adaptive_threshold': Data CPU Utilization Adaptive Threshold; 'ddet_ind_outside_intf_util_current': Outside Interface Utilization Current; 'ddet_ind_outside_intf_util_min': Outside Interface Utilization Min; 'ddet_ind_outside_intf_util_max': Outside Interface Utilization Max; 'ddet_ind_outside_intf_util_adaptive_threshold': Outside Interface Utilization Adaptive Threshold; 'ddet_ind_frag_rate_current': Frag Pkt Rate Current; 'ddet_ind_frag_rate_min': Frag Pkt Rate Min; 'ddet_ind_frag_rate_max': Frag Pkt Rate Max; 'ddet_ind_frag_rate_adaptive_threshold': Frag Pkt Rate Adaptive Threshold; 'ddet_ind_bit_rate_current': Bit Rate Current; 'ddet_ind_bit_rate_min': Bit Rate Min; 'ddet_ind_bit_rate_max': Bit Rate Max; 'ddet_ind_bit_rate_adaptive_threshold': Bit Rate Adaptive Threshold; **Type:** string **Supported Values:** all, ip-proto-type, ddet_ind_pkt_rate_current, ddet_ind_pkt_rate_min, ddet_ind_pkt_rate_max, ddet_ind_pkt_rate_adaptive_threshold, ddet_ind_pkt_drop_rate_current, ddet_ind_pkt_drop_rate_min, ddet_ind_pkt_drop_rate_max, ddet_ind_pkt_drop_rate_adaptive_threshold, ddet_ind_syn_rate_current, ddet_ind_syn_rate_min, ddet_ind_syn_rate_max, ddet_ind_syn_rate_adaptive_threshold, ddet_ind_fin_rate_current, ddet_ind_fin_rate_min, ddet_ind_fin_rate_max, ddet_ind_fin_rate_adaptive_threshold, ddet_ind_rst_rate_current, ddet_ind_rst_rate_min, ddet_ind_rst_rate_max, ddet_ind_rst_rate_adaptive_threshold, ddet_ind_small_window_ack_rate_current, ddet_ind_small_window_ack_rate_min, ddet_ind_small_window_ack_rate_max, ddet_ind_small_window_ack_rate_adaptive_threshold, ddet_ind_empty_ack_rate_current, ddet_ind_empty_ack_rate_min, ddet_ind_empty_ack_rate_max, ddet_ind_empty_ack_rate_adaptive_threshold, ddet_ind_small_payload_rate_current, ddet_ind_small_payload_rate_min, ddet_ind_small_payload_rate_max, ddet_ind_small_payload_rate_adaptive_threshold, ddet_ind_pkt_drop_ratio_current, ddet_ind_pkt_drop_ratio_min, ddet_ind_pkt_drop_ratio_max, ddet_ind_pkt_drop_ratio_adaptive_threshold, ddet_ind_inb_per_outb_current, ddet_ind_inb_per_outb_min, ddet_ind_inb_per_outb_max, ddet_ind_inb_per_outb_adaptive_threshold, ddet_ind_syn_per_fin_rate_current, ddet_ind_syn_per_fin_rate_min, ddet_ind_syn_per_fin_rate_max, ddet_ind_syn_per_fin_rate_adaptive_threshold, ddet_ind_conn_miss_rate_current, ddet_ind_conn_miss_rate_min, ddet_ind_conn_miss_rate_max, ddet_ind_conn_miss_rate_adaptive_threshold, ddet_ind_concurrent_conns_current, ddet_ind_concurrent_conns_min, ddet_ind_concurrent_conns_max, ddet_ind_concurrent_conns_adaptive_threshold, ddet_ind_data_cpu_util_current, ddet_ind_data_cpu_util_min, ddet_ind_data_cpu_util_max, ddet_ind_data_cpu_util_adaptive_threshold, ddet_ind_outside_intf_util_current, ddet_ind_outside_intf_util_min, ddet_ind_outside_intf_util_max, ddet_ind_outside_intf_util_adaptive_threshold, ddet_ind_frag_rate_current, ddet_ind_frag_rate_min, ddet_ind_frag_rate_max, ddet_ind_frag_rate_adaptive_threshold, ddet_ind_bit_rate_current, ddet_ind_bit_rate_min, ddet_ind_bit_rate_max, ddet_ind_bit_rate_adaptive_threshold .. _1278_dst_zone-list_port_zone-service-other-list_sflow-tcp: dst_zone-list_port_zone-service-other-list_sflow-tcp ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **sflow-tcp-basic** **Description** Enable sFlow basic TCP counter polling **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** sflow-tcp-basic and sflow-common are mutually exclusive **sflow-tcp-stateful** **Description** Enable sFlow stateful TCP counter polling **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** sflow-tcp-stateful and sflow-common are mutually exclusive .. _1278_dst_zone-list_port_zone-service-other-list_topk-sources: dst_zone-list_port_zone-service-other-list_topk-sources ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_port_zone-service-other-list_topk-destinations: dst_zone-list_port_zone-service-other-list_topk-destinations ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_port_zone-service-other-list_progression-tracking: dst_zone-list_port_zone-service-other-list_progression-tracking ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_ipv6: dst_zone-list_ipv6 ^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **expand-ipv6-subnet** **Description** Expand this subnet to individual IPv6 address **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **expand-ipv6-subnet-mode** **Description** 'default': Default learning mechanism (Default: Dynamic); 'dynamic': Dynamic learning; 'static': Static learning; **Type:** string **Supported Values:** default, dynamic, static **Default:** default **ip6-addr** **Description** Specify IPv6 address **Type:** string **Format:** ipv6-address **subnet-ipv6-addr** **Description** IPV6 Subnet **Type:** string **Format:** ipv6-address-plen .. _1278_dst_zone-list_src-port-range-list: dst_zone-list_src-port-range-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **capture-config** **Description:** capture-config is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_src-port-range-list_capture-config` **Type:** Object **default-action-list** **Description** Configure default-action-list **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **deny** **Description** Blacklist and Drop all incoming packets for protocol **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid-cfg** **Description:** glid-cfg is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_src-port-range-list_glid-cfg` **Type:** Object **level-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/src-port-range/{src-port-range-start}+{src-port-range-end}+{protocol}/level/{level-num} ` **port-ind** **Description:** port-ind is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_src-port-range-list_port-ind` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/src-port-range/{src-port-range-start}+{src-port-range-end}+{protocol}/port-ind ` **protocol** **Description** 'udp': UDP port; 'tcp': TCP Port; **Type:** string **Supported Values:** udp, tcp **set-counter-base-val** **Description** Set T2 counter value of current context to specified value **Type:** number **Range:** 1-4294967295 **src-port-range-end** **Description** Src Port-Range End Port Number **Type:** number **Range:** 2-65535 **src-port-range-start** **Description** Src Port-Range Start Port Number **Type:** number **Range:** 1-65535 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-template** **Description:** zone-template is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_src-port-range-list_zone-template` **Type:** Object .. _1278_dst_zone-list_src-port-range-list_capture-config: dst_zone-list_src-port-range-list_capture-config ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **capture-config-mode** **Description** 'drop': Apply capture-config to dropped packets; 'forward': Apply capture-config to forwarded packets; 'all': Apply capture-config to both dropped and forwarded packets; **Type:** string **Supported Values:** drop, forward, all **capture-config-name** **Description** Capture-config name **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_src-port-range-list_glid-cfg: dst_zone-list_src-port-range-list_glid-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **glid-action** **Description** 'drop': Drop packets for glid exceed (Default); 'ignore': Do nothing for glid exceed; **Type:** string **Supported Values:** drop, ignore .. _1278_dst_zone-list_src-port-range-list_zone-template: dst_zone-list_src-port-range-list_zone-template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **src-tcp** **Description** DDOS tcp src template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **src-udp** **Description** DDOS udp src template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_src-port-range-list_port-ind: dst_zone-list_src-port-range-list_port-ind ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_src-port-range-list_level-list: dst_zone-list_src-port-range-list_level-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **indicator-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/src-port-range/{src-port-range-start}+{src-port-range-end}+{protocol}/level/{level-num}/indicator/{type} ` **level-num** **Description** '0': Default policy level; '1': Policy level 1; **Type:** string **Supported Values:** 0, 1 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_src-port-range-list_level-list_indicator-list: dst_zone-list_src-port-range-list_level-list_indicator-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **type** **Description** 'pkt-rate': rate of incoming packets; 'bit-rate': rate of incoming bits; **Type:** string **Supported Values:** pkt-rate, bit-rate **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-threshold-large-num** **Description** Threshold of the entire zone for the port-range **Type:** number **Range:** 1-10995116277760 **zone-threshold-num** **Description** Threshold of the entire zone for the port-range **Type:** number **Range:** 1-2147483647 .. _1278_dst_zone-list_sflow-tcp: dst_zone-list_sflow-tcp ^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **sflow-tcp-basic** **Description** Enable sFlow basic TCP counter polling. WARNING: Zone level Sflow polling might induce heavy CPU load depending on the total nu **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** sflow-tcp-basic and sflow-common are mutually exclusive **sflow-tcp-stateful** **Description** Enable sFlow stateful TCP counter polling. WARNING: Zone level Sflow polling might induce heavy CPU load depending on the total **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** sflow-tcp-stateful and sflow-common are mutually exclusive .. _1278_dst_zone-list_src-port: dst_zone-list_src-port ^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **zone-src-port-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/src-port/zone-src-port/{port-num}+{protocol} ` **zone-src-port-other-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/src-port/zone-src-port-other/{port-other}+{protocol} ` .. _1278_dst_zone-list_src-port_zone-src-port-list: dst_zone-list_src-port_zone-src-port-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **default-action-list** **Description** Configure default-action-list **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **deny** **Description** Blacklist and Drop all incoming packets for protocol **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid-cfg** **Description:** glid-cfg is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_src-port_zone-src-port-list_glid-cfg` **Type:** Object **level-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/src-port/zone-src-port/{port-num}+{protocol}/level/{level-num} ` **outbound-src-tracking** **Description** 'enable': enable; 'disable': disable; **Type:** string **Supported Values:** enable, disable **Default:** disable **port-ind** **Description:** port-ind is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_src-port_zone-src-port-list_port-ind` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/src-port/zone-src-port/{port-num}+{protocol}/port-ind ` **port-num** **Description** Source Port Number **Type:** number **Range:** 1-65535 **protocol** **Description** 'dns-udp': DNS-UDP Port; 'dns-tcp': DNS-TCP Port; 'udp': UDP port; 'tcp': TCP Port; **Type:** string **Supported Values:** dns-udp, dns-tcp, udp, tcp **set-counter-base-val** **Description** Set T2 counter value of current context to specified value **Type:** number **Range:** 1-4294967295 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-template** **Description:** zone-template is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_src-port_zone-src-port-list_zone-template` **Type:** Object .. _1278_dst_zone-list_src-port_zone-src-port-list_glid-cfg: dst_zone-list_src-port_zone-src-port-list_glid-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **glid-action** **Description** 'drop': Drop packets for glid exceed (Default); 'ignore': Do nothing for glid exceed; **Type:** string **Supported Values:** drop, ignore .. _1278_dst_zone-list_src-port_zone-src-port-list_zone-template: dst_zone-list_src-port_zone-src-port-list_zone-template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **src-dns** **Description** DDOS dns src template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **src-tcp** **Description** DDOS tcp src template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **src-udp** **Description** DDOS udp src template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_src-port_zone-src-port-list_port-ind: dst_zone-list_src-port_zone-src-port-list_port-ind ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_src-port_zone-src-port-list_level-list: dst_zone-list_src-port_zone-src-port-list_level-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **indicator-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/src-port/zone-src-port/{port-num}+{protocol}/level/{level-num}/indicator/{type} ` **level-num** **Description** '0': Default policy level; '1': Policy level 1; **Type:** string **Supported Values:** 0, 1 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_src-port_zone-src-port-list_level-list_indicator-list: dst_zone-list_src-port_zone-src-port-list_level-list_indicator-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **type** **Description** 'pkt-rate': rate of incoming packets; 'bit-rate': rate of incoming bits; **Type:** string **Supported Values:** pkt-rate, bit-rate **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-threshold-large-num** **Description** Threshold of the entire zone for the src-port **Type:** number **Range:** 1-10995116277760 **zone-threshold-num** **Description** Threshold of the entire zone for the src-port **Type:** number **Range:** 1-2147483647 .. _1278_dst_zone-list_src-port_zone-src-port-other-list: dst_zone-list_src-port_zone-src-port-other-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **default-action-list** **Description** Configure default-action-list **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **deny** **Description** Blacklist and Drop all incoming packets for protocol **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid-cfg** **Description:** glid-cfg is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_src-port_zone-src-port-other-list_glid-cfg` **Type:** Object **level-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/src-port/zone-src-port-other/{port-other}+{protocol}/level/{level-num} ` **port-ind** **Description:** port-ind is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_src-port_zone-src-port-other-list_port-ind` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/src-port/zone-src-port-other/{port-other}+{protocol}/port-ind ` **port-other** **Description** 'other': other; **Type:** string **Supported Values:** other **protocol** **Description** 'udp': UDP port; 'tcp': TCP Port; **Type:** string **Supported Values:** udp, tcp **set-counter-base-val** **Description** Set T2 counter value of current context to specified value **Type:** number **Range:** 1-4294967295 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-template** **Description:** zone-template is a **JSON Block**. Please see below for :ref:`1278_dst_zone-list_src-port_zone-src-port-other-list_zone-template` **Type:** Object .. _1278_dst_zone-list_src-port_zone-src-port-other-list_glid-cfg: dst_zone-list_src-port_zone-src-port-other-list_glid-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **glid-action** **Description** 'drop': Drop packets for glid exceed (Default); 'ignore': Do nothing for glid exceed; **Type:** string **Supported Values:** drop, ignore .. _1278_dst_zone-list_src-port_zone-src-port-other-list_zone-template: dst_zone-list_src-port_zone-src-port-other-list_zone-template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **src-tcp** **Description** DDOS tcp src template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **src-udp** **Description** DDOS udp src template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_src-port_zone-src-port-other-list_port-ind: dst_zone-list_src-port_zone-src-port-other-list_port-ind ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_src-port_zone-src-port-other-list_level-list: dst_zone-list_src-port_zone-src-port-other-list_level-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **indicator-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/src-port/zone-src-port-other/{port-other}+{protocol}/level/{level-num}/indicator/{type} ` **level-num** **Description** '0': Default policy level; '1': Policy level 1; **Type:** string **Supported Values:** 0, 1 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dst_zone-list_src-port_zone-src-port-other-list_level-list_indicator-list: dst_zone-list_src-port_zone-src-port-other-list_level-list_indicator-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **type** **Description** 'pkt-rate': rate of incoming packets; 'bit-rate': rate of incoming bits; **Type:** string **Supported Values:** pkt-rate, bit-rate **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-threshold-large-num** **Description** Threshold of the entire zone for the src-port **Type:** number **Range:** 1-10995116277760 **zone-threshold-num** **Description** Threshold of the entire zone for the src-port **Type:** number **Range:** 1-2147483647 .. _1278_dst_zone-list_sampling-enable: dst_zone-list_sampling-enable ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'zone_tcp_any_exceed': TCP Dst IP-Proto Rate: Total Exceeded; 'zone_tcp_pkt_rate_exceed': TCP Dst IP-Proto Rate: Packet Exceeded; 'zone_tcp_conn_rate_exceed': TCP Dst IP-Proto Rate: Conn Exceeded; 'zone_udp_any_exceed': UDP Dst IP-Proto Rate: Total Exceeded; 'zone_udp_pkt_rate_exceed': UDP Dst IP-Proto Rate: Packet Exceeded; 'zone_udp_conn_limit_exceed': UDP Dst IP-Proto Limit: Conn Exceeded; 'zone_udp_conn_rate_exceed': UDP Dst IP-Proto Rate: Conn Exceeded; 'zone_icmp_pkt_rate_exceed': ICMP Dst Rate: Packet Exceeded; 'zone_other_pkt_rate_exceed': OTHER Dst IP-Proto Rate: Packet Exceeded; 'zone_other_frag_pkt_rate_exceed': OTHER Dst IP-Proto Rate: Frag Exceeded; 'zone_port_pkt_rate_exceed': Port Rate: Packet Exceeded; 'zone_port_conn_limit_exceed': Port Limit: Conn Exceeded; 'zone_port_conn_rate_exceed': Port Rate: Conn Exceeded; 'zone_pkt_sent': Inbound: Packets Forwarded; 'zone_udp_pkt_sent': UDP Total Packets Forwarded; 'zone_tcp_pkt_sent': TCP Total Packets Forwarded; 'zone_icmp_pkt_sent': ICMP Total Packets Forwarded; 'zone_other_pkt_sent': OTHER Total Packets Forwarded; 'zone_tcp_conn_limit_exceed': TCP Dst IP-Proto Limit: Conn Exceeded; 'zone_tcp_pkt_rcvd': TCP Total Packets Received; 'zone_udp_pkt_rcvd': UDP Total Packets Received; 'zone_icmp_pkt_rcvd': ICMP Total Packets Received; 'zone_other_pkt_rcvd': OTHER Total Packets Received; 'zone_udp_filter_match': UDP Filter Match; 'zone_udp_filter_not_match': UDP Filter Not Matched on Pkt; 'zone_udp_filter_action_blacklist': UDP Filter Action Blacklist; 'zone_udp_filter_action_drop': UDP Filter Action Drop; 'zone_tcp_syn': TCP Total SYN Received; 'zone_tcp_syn_drop': TCP SYN Packets Dropped; 'zone_tcp_src_rate_drop': TCP Src Rate: Total Exceeded; 'zone_udp_src_rate_drop': UDP Src Rate: Total Exceeded; 'zone_icmp_src_rate_drop': ICMP Src Rate: Total Exceeded; 'zone_other_frag_src_rate_drop': OTHER Src Rate: Frag Exceeded; 'zone_other_src_rate_drop': OTHER Src Rate: Total Exceeded; 'zone_tcp_drop': TCP Total Packets Dropped; 'zone_udp_drop': UDP Total Packets Dropped; 'zone_icmp_drop': ICMP Total Packets Dropped; 'zone_frag_drop': Fragmented Packets Dropped; 'zone_other_drop': OTHER Total Packets Dropped; 'zone_tcp_auth': TCP Auth: SYN Cookie Sent; 'zone_udp_filter_action_default_pass': UDP Filter Action Default Pass; 'zone_tcp_filter_match': TCP Filter Match; 'zone_tcp_filter_not_match': TCP Filter Not Matched on Pkt; 'zone_tcp_filter_action_blacklist': TCP Filter Action Blacklist; 'zone_tcp_filter_action_drop': TCP Filter Action Drop; 'zone_tcp_filter_action_default_pass': TCP Filter Action Default Pass; 'zone_udp_filter_action_whitelist': UDP Filter Action WL; 'zone_over_limit_on': Zone overlimit Trigger ON; 'zone_over_limit_off': Zone overlimit Trigger OFF; 'zone_port_over_limit_on': Zone port overlimit Trigger ON; 'zone_port_over_limit_off': Zone port overlimit Trigger OFF; 'zone_over_limit_action': Zone overlimit action; 'zone_port_over_limit_action': Zone port overlimit action; 'scanning_detected_drop': Scanning Detected drop (deprecated); 'scanning_detected_blacklist': Scanning Detected blacklist (deprecated); 'zone_udp_kibit_rate_drop': UDP Dst IP-Proto Rate: KiBit Exceeded; 'zone_tcp_kibit_rate_drop': TCP Dst IP-Proto Rate: KiBit Exceeded; 'zone_icmp_kibit_rate_drop': ICMP Dst Rate: KiBit Exceeded; 'zone_other_kibit_rate_drop': OTHER Dst IP-Proto Rate: KiBit Exceeded; 'zone_port_undef_drop': Dst Port Undefined Dropped; 'zone_port_bl': Dst Port Blacklist Packets Dropped; 'zone_src_port_bl': Dst SrcPort Blacklist Packets Dropped; 'zone_port_kbit_rate_exceed': Port Rate: KiBit Exceeded; 'zone_tcp_src_drop': TCP Src Packets Dropped; 'zone_udp_src_drop': UDP Src Packets Dropped; 'zone_icmp_src_drop': ICMP Src Packets Dropped; 'zone_other_src_drop': OTHER Src Packets Dropped; 'tcp_syn_rcvd': TCP Inbound SYN Received; 'tcp_syn_ack_rcvd': TCP SYN ACK Received; 'tcp_ack_rcvd': TCP ACK Received; 'tcp_fin_rcvd': TCP FIN Received; 'tcp_rst_rcvd': TCP RST Received; 'ingress_bytes': Inbound: Bytes Received; 'egress_bytes': Outbound: Bytes Received; 'ingress_packets': Inbound: Packets Received; 'egress_packets': Outbound: Packets Received; 'tcp_fwd_recv': TCP Inbound Packets Received; 'udp_fwd_recv': UDP Inbound Packets Received; 'icmp_fwd_recv': ICMP Inbound Packets Received; 'tcp_syn_cookie_fail': TCP Auth: SYN Cookie Failed; 'zone_tcp_session_created': TCP Sessions Created; 'zone_udp_session_created': UDP Sessions Created; 'zone_tcp_filter_action_whitelist': TCP Filter Action WL; 'zone_other_filter_match': OTHER Filter Match; 'zone_other_filter_not_match': OTHER Filter Not Matched on Pkt; 'zone_other_filter_action_blacklist': OTHER Filter Action Blacklist; 'zone_other_filter_action_drop': OTHER Filter Action Drop; 'zone_other_filter_action_whitelist': OTHER Filter Action WL; 'zone_other_filter_action_default_pass': OTHER Filter Action Default Pass; 'zone_blackhole_inject': Dst Blackhole Inject; 'zone_blackhole_withdraw': Dst Blackhole Withdraw; 'zone_tcp_out_of_seq_excd': TCP Out-Of-Seq Exceeded; 'zone_tcp_retransmit_excd': TCP Retransmit Exceeded; 'zone_tcp_zero_window_excd': TCP Zero-Window Exceeded; 'zone_tcp_conn_prate_excd': TCP Rate: Conn Pkt Exceeded; 'zone_tcp_action_on_ack_init': TCP Auth: ACK Retry Init; 'zone_tcp_action_on_ack_gap_drop': TCP Auth: ACK Retry Retry-Gap Dropped; 'zone_tcp_action_on_ack_fail': TCP Auth: ACK Retry Dropped; 'zone_tcp_action_on_ack_pass': TCP Auth: ACK Retry Passed; 'zone_tcp_action_on_syn_init': TCP Auth: SYN Retry Init; 'zone_tcp_action_on_syn_gap_drop': TCP Auth: SYN Retry-Gap Dropped; 'zone_tcp_action_on_syn_fail': TCP Auth: SYN Retry Dropped; 'zone_tcp_action_on_syn_pass': TCP Auth: SYN Retry Passed; 'zone_payload_too_small': UDP Payload Too Small; 'zone_payload_too_big': UDP Payload Too Large; 'zone_udp_conn_prate_excd': UDP Rate: Conn Pkt Exceeded; 'zone_udp_ntp_monlist_req': UDP NTP Monlist Request; 'zone_udp_ntp_monlist_resp': UDP NTP Monlist Response; 'zone_udp_wellknown_sport_drop': UDP SrcPort Wellknown; 'zone_udp_retry_init': UDP Auth: Retry Init; 'zone_udp_retry_pass': UDP Auth: Retry Passed; 'zone_tcp_bytes_drop': TCP Total Bytes Dropped; 'zone_udp_bytes_drop': UDP Total Bytes Dropped; 'zone_icmp_bytes_drop': ICMP Total Bytes Dropped; 'zone_other_bytes_drop': OTHER Total Bytes Dropped; 'zone_out_no_route': Dst IPv4/v6 Out No Route; 'outbound_bytes_sent': Outbound: Bytes Forwarded; 'outbound_drop': Outbound: Packets Dropped; 'outbound_bytes_drop': Outbound: Bytes Dropped; 'outbound_pkt_sent': Outbound: Packets Forwarded; 'inbound_bytes_sent': Inbound: Bytes Forwarded; 'inbound_bytes_drop': Inbound: Bytes Dropped; 'zone_src_port_pkt_rate_exceed': SrcPort Rate: Packet Exceeded; 'zone_src_port_kbit_rate_exceed': SrcPort Rate: KiBit Exceeded; 'zone_src_port_conn_limit_exceed': SrcPort Limit: Conn Exceeded; 'zone_src_port_conn_rate_exceed': SrcPort Rate: Conn Exceeded; 'zone_ip_proto_pkt_rate_exceed': IP-Proto Rate: Packet Exceeded; 'zone_ip_proto_kbit_rate_exceed': IP-Proto Rate: KiBit Exceeded; 'zone_tcp_port_any_exceed': TCP Port Rate: Total Exceed; 'zone_udp_port_any_exceed': UDP Port Rate: Total Exceed; 'zone_tcp_auth_pass': TCP Auth: SYN Auth Passed; 'zone_tcp_rst_cookie_fail': TCP Auth: RST Cookie Failed; 'zone_tcp_unauth_drop': TCP Auth: Unauth Dropped; 'src_tcp_syn_auth_fail': Src TCP Auth: SYN Auth Failed; 'src_tcp_syn_cookie_sent': Src TCP Auth: SYN Cookie Sent; 'src_tcp_syn_cookie_fail': Src TCP Auth: SYN Cookie Failed; 'src_tcp_rst_cookie_fail': Src TCP Auth: RST Cookie Failed; **Type:** string **Supported Values:** all, zone_tcp_any_exceed, zone_tcp_pkt_rate_exceed, zone_tcp_conn_rate_exceed, zone_udp_any_exceed, zone_udp_pkt_rate_exceed, zone_udp_conn_limit_exceed, zone_udp_conn_rate_exceed, zone_icmp_pkt_rate_exceed, zone_other_pkt_rate_exceed, zone_other_frag_pkt_rate_exceed, zone_port_pkt_rate_exceed, zone_port_conn_limit_exceed, zone_port_conn_rate_exceed, zone_pkt_sent, zone_udp_pkt_sent, zone_tcp_pkt_sent, zone_icmp_pkt_sent, zone_other_pkt_sent, zone_tcp_conn_limit_exceed, zone_tcp_pkt_rcvd, zone_udp_pkt_rcvd, zone_icmp_pkt_rcvd, zone_other_pkt_rcvd, zone_udp_filter_match, zone_udp_filter_not_match, zone_udp_filter_action_blacklist, zone_udp_filter_action_drop, zone_tcp_syn, zone_tcp_syn_drop, zone_tcp_src_rate_drop, zone_udp_src_rate_drop, zone_icmp_src_rate_drop, zone_other_frag_src_rate_drop, zone_other_src_rate_drop, zone_tcp_drop, zone_udp_drop, zone_icmp_drop, zone_frag_drop, zone_other_drop, zone_tcp_auth, zone_udp_filter_action_default_pass, zone_tcp_filter_match, zone_tcp_filter_not_match, zone_tcp_filter_action_blacklist, zone_tcp_filter_action_drop, zone_tcp_filter_action_default_pass, zone_udp_filter_action_whitelist, zone_over_limit_on, zone_over_limit_off, zone_port_over_limit_on, zone_port_over_limit_off, zone_over_limit_action, zone_port_over_limit_action, scanning_detected_drop, scanning_detected_blacklist, zone_udp_kibit_rate_drop, zone_tcp_kibit_rate_drop, zone_icmp_kibit_rate_drop, zone_other_kibit_rate_drop, zone_port_undef_drop, zone_port_bl, zone_src_port_bl, zone_port_kbit_rate_exceed, zone_tcp_src_drop, zone_udp_src_drop, zone_icmp_src_drop, zone_other_src_drop, tcp_syn_rcvd, tcp_syn_ack_rcvd, tcp_ack_rcvd, tcp_fin_rcvd, tcp_rst_rcvd, ingress_bytes, egress_bytes, ingress_packets, egress_packets, tcp_fwd_recv, udp_fwd_recv, icmp_fwd_recv, tcp_syn_cookie_fail, zone_tcp_session_created, zone_udp_session_created, zone_tcp_filter_action_whitelist, zone_other_filter_match, zone_other_filter_not_match, zone_other_filter_action_blacklist, zone_other_filter_action_drop, zone_other_filter_action_whitelist, zone_other_filter_action_default_pass, zone_blackhole_inject, zone_blackhole_withdraw, zone_tcp_out_of_seq_excd, zone_tcp_retransmit_excd, zone_tcp_zero_window_excd, zone_tcp_conn_prate_excd, zone_tcp_action_on_ack_init, zone_tcp_action_on_ack_gap_drop, zone_tcp_action_on_ack_fail, zone_tcp_action_on_ack_pass, zone_tcp_action_on_syn_init, zone_tcp_action_on_syn_gap_drop, zone_tcp_action_on_syn_fail, zone_tcp_action_on_syn_pass, zone_payload_too_small, zone_payload_too_big, zone_udp_conn_prate_excd, zone_udp_ntp_monlist_req, zone_udp_ntp_monlist_resp, zone_udp_wellknown_sport_drop, zone_udp_retry_init, zone_udp_retry_pass, zone_tcp_bytes_drop, zone_udp_bytes_drop, zone_icmp_bytes_drop, zone_other_bytes_drop, zone_out_no_route, outbound_bytes_sent, outbound_drop, outbound_bytes_drop, outbound_pkt_sent, inbound_bytes_sent, inbound_bytes_drop, zone_src_port_pkt_rate_exceed, zone_src_port_kbit_rate_exceed, zone_src_port_conn_limit_exceed, zone_src_port_conn_rate_exceed, zone_ip_proto_pkt_rate_exceed, zone_ip_proto_kbit_rate_exceed, zone_tcp_port_any_exceed, zone_udp_port_any_exceed, zone_tcp_auth_pass, zone_tcp_rst_cookie_fail, zone_tcp_unauth_drop, src_tcp_syn_auth_fail, src_tcp_syn_cookie_sent, src_tcp_syn_cookie_fail, src_tcp_rst_cookie_fail **counters2** **Description** 'src_tcp_unauth_drop': Src TCP Auth: Unauth Dropped; 'src_tcp_action_on_syn_init': Src TCP Auth: SYN Retry Init; 'src_tcp_action_on_syn_gap_drop': Src TCP Auth: SYN Retry-Gap Dropped; 'src_tcp_action_on_syn_fail': Src TCP Auth: SYN Retry Dropped; 'src_tcp_action_on_ack_init': Src TCP Auth: ACK Retry Init; 'src_tcp_action_on_ack_gap_drop': Src TCP Auth: ACK Retry Retry-Gap Dropped; 'src_tcp_action_on_ack_fail': Src TCP Auth: ACK Retry Dropped; 'src_tcp_out_of_seq_excd': Src TCP Out-Of-Seq Exceeded; 'src_tcp_retransmit_excd': Src TCP Retransmit Exceeded; 'src_tcp_zero_window_excd': Src TCP Zero-Window Exceeded; 'src_tcp_conn_prate_excd': Src TCP Rate: Conn Pkt Exceeded; 'src_udp_min_payload': Src UDP Payload Too Small; 'src_udp_max_payload': Src UDP Payload Too Large; 'src_udp_conn_prate_excd': Src UDP Rate: Conn Pkt Exceeded; 'src_udp_ntp_monlist_req': Src UDP NTP Monlist Request; 'src_udp_ntp_monlist_resp': Src UDP NTP Monlist Response; 'src_udp_wellknown_sport_drop': Src UDP SrcPort Wellknown; 'src_udp_retry_init': Src UDP Auth: Retry Init; 'dst_udp_retry_gap_drop': UDP Auth: Retry-Gap Dropped; 'dst_udp_retry_fail': UDP Auth: Retry Timeout; 'dst_tcp_session_aged': TCP Sessions Aged; 'dst_udp_session_aged': UDP Sessions Aged; 'dst_tcp_conn_close': TCP Connections Closed; 'dst_tcp_conn_close_half_open': TCP Half Open Connections Closed; 'dst_drop_frag_pkt': Fragmented Packets Dropped; 'src_tcp_filter_action_blacklist': Src TCP Filter Action Blacklist; 'src_tcp_filter_action_whitelist': Src TCP Filter Action WL; 'src_tcp_filter_action_drop': Src TCP Filter Action Drop; 'src_tcp_filter_action_default_pass': Src TCP Filter Action Default Pass; 'src_udp_filter_action_blacklist': Src UDP Filter Action Blacklist; 'src_udp_filter_action_whitelist': Src UDP Filter Action WL; 'src_udp_filter_action_drop': Src UDP Filter Action Drop; 'src_udp_filter_action_default_pass': Src UDP Filter Action Default Pass; 'src_other_filter_action_blacklist': Src OTHER Filter Action Blacklist; 'src_other_filter_action_whitelist': Src OTHER Filter Action WL; 'src_other_filter_action_drop': Src OTHER Filter Action Drop; 'src_other_filter_action_default_pass': Src OTHER Filter Action Default Pass; 'tcp_invalid_syn': TCP Invalid SYN Received; 'dst_tcp_conn_close_w_rst': TCP RST Connections Closed; 'dst_tcp_conn_close_w_fin': TCP FIN Connections Closed; 'dst_tcp_conn_close_w_idle': TCP Idle Connections Closed; 'dst_tcp_conn_create_from_syn': TCP Connections Created From SYN; 'dst_tcp_conn_create_from_ack': TCP Connections Created From ACK; 'src_frag_drop': Src Fragmented Packets Dropped; 'zone_port_kbit_rate_exceed_pkt': Port Rate: KiBit Pkt Exceeded; 'dst_tcp_bytes_rcv': TCP Total Bytes Received; 'dst_udp_bytes_rcv': UDP Total Bytes Received; 'dst_icmp_bytes_rcv': ICMP Total Bytes Received; 'dst_other_bytes_rcv': OTHER Total Bytes Received; 'dst_tcp_bytes_sent': TCP Total Bytes Forwarded; 'dst_udp_bytes_sent': UDP Total Bytes Forwarded; 'dst_icmp_bytes_sent': ICMP Total Bytes Forwarded; 'dst_other_bytes_sent': OTHER Total Bytes Forwarded; 'dst_udp_auth_drop': UDP Auth: Dropped; 'dst_tcp_auth_drop': TCP Auth: Dropped; 'dst_tcp_auth_resp': TCP Auth: Responded; 'dst_drop': Inbound: Packets Dropped; 'dst_entry_pkt_rate_exceed': Entry Rate: Packet Exceeded; 'dst_entry_kbit_rate_exceed': Entry Rate: KiBit Exceeded; 'dst_entry_conn_limit_exceed': Entry Limit: Conn Exceeded; 'dst_entry_conn_rate_exceed': Entry Rate: Conn Exceeded; 'dst_entry_frag_pkt_rate_exceed': Entry Rate: Frag Packet Exceeded; 'dst_l4_tcp_blacklist_drop': Dst TCP IP-Proto Blacklist Dropped; 'dst_l4_udp_blacklist_drop': Dst UDP IP-Proto Blacklist Dropped; 'dst_l4_icmp_blacklist_drop': Dst ICMP IP-Proto Blacklist Dropped; 'dst_l4_other_blacklist_drop': Dst OTHER IP-Proto Blacklist Dropped; 'dst_frag_timeout_drop': Fragment Reassemble Timeout Drop; 'dst_icmp_any_exceed': ICMP Rate: Total Exceed; 'dst_other_any_exceed': OTHER Rate: Total Exceed; 'tcp_rexmit_syn_limit_drop': TCP SYN Retransmit Exceeded Drop; 'tcp_rexmit_syn_limit_bl': TCP SYN Retransmit Exceeded Blacklist; 'dst_clist_overflow_policy_at_learning': Dst Src-Based Overflow Policy Hit; 'zone_frag_rcvd': Fragmented Packets Received; 'zone_tcp_wellknown_sport_drop': TCP SrcPort Wellknown; 'src_tcp_wellknown_sport_drop': Src TCP SrcPort Wellknown; 'secondary_dst_entry_pkt_rate_exceed': Per Addr Rate: Packet Exceeded; 'secondary_dst_entry_kbit_rate_exceed': Per Addr Rate: KiBit Exceeded; 'secondary_dst_entry_conn_limit_exceed': Per Addr Limit: Conn Exceeded; 'secondary_dst_entry_conn_rate_exceed': Per Addr Rate: Conn Exceeded; 'secondary_dst_entry_frag_pkt_rate_exceed': Per Addr Rate: Frag Packet Exceeded; 'src_udp_retry_gap_drop': Src UDP Auth: Retry-Gap Dropped; 'dst_entry_kbit_rate_exceed_count': Entry Rate: KiBit Exceeded Count; 'secondary_entry_learn': Per Addr Entry Learned; 'secondary_entry_hit': Per Addr Entry Hit; 'secondary_entry_miss': Per Addr Entry Missed; 'secondary_entry_aged': Per Addr Entry Aged; 'secondary_entry_learning_thre_exceed': Per Addr Entry Count Overflow; 'zone_port_undef_hit': Dst Port undefined Hit; 'zone_tcp_action_on_ack_timeout': TCP Auth: ACK Retry Timeout; 'zone_tcp_action_on_ack_reset': TCP Auth: ACK Retry Timeout Reset; 'zone_tcp_action_on_ack_blacklist': TCP Auth: ACK Retry Timeout Blacklisted; 'src_tcp_action_on_ack_timeout': Src TCP Auth: ACK Retry Timeout; 'src_tcp_action_on_ack_reset': Src TCP Auth: ACK Retry Timeout Reset; 'src_tcp_action_on_ack_blacklist': Src TCP Auth: ACK Retry Timeout Blacklisted; 'zone_tcp_action_on_syn_timeout': TCP Auth: SYN Retry Timeout; 'zone_tcp_action_on_syn_reset': TCP Auth: SYN Retry Timeout Reset; 'zone_tcp_action_on_syn_blacklist': TCP Auth: SYN Retry Timeout Blacklisted; 'src_tcp_action_on_syn_timeout': Src TCP Auth: SYN Retry Timeout; 'src_tcp_action_on_syn_reset': Src TCP Auth: SYN Retry Timeout Reset; 'src_tcp_action_on_syn_blacklist': Src TCP Auth: SYN Retry Timeout Blacklisted; 'zone_udp_frag_pkt_rate_exceed': UDP Dst IP-Proto Rate: Frag Exceeded; 'zone_udp_frag_src_rate_drop': UDP Src Rate: Frag Exceeded; 'zone_tcp_frag_pkt_rate_exceed': TCP Dst IP-Proto Rate: Frag Exceeded; 'zone_tcp_frag_src_rate_drop': TCP Src Rate: Frag Exceeded; 'zone_icmp_frag_pkt_rate_exceed': ICMP Dst IP-Proto Rate: Frag Exceeded; 'zone_icmp_frag_src_rate_drop': ICMP Src Rate: Frag Exceeded; 'sflow_internal_samples_packed': Sflow Internal Samples Packed; 'sflow_external_samples_packed': Sflow External Samples Packed; 'sflow_internal_packets_sent': Sflow Internal Packets Sent; 'sflow_external_packets_sent': Sflow External Packets Sent; 'dns_outbound_total_query': DNS Outbound Total Query; 'dns_outbound_query_malformed': DNS Outbound Query Malformed; 'dns_outbound_query_resp_chk_failed': DNS Outbound Query Resp Check Failed; 'dns_outbound_query_resp_chk_blacklisted': DNS Outbound Query Resp Check Blacklisted; 'dns_outbound_query_resp_chk_refused_sent': DNS Outbound Query Resp Check REFUSED Sent; 'dns_outbound_query_resp_chk_reset_sent': DNS Outbound Query Resp Check RESET Sent; 'dns_outbound_query_resp_chk_no_resp_sent': DNS Outbound Query Resp Check No Response Sent; 'dns_outbound_query_resp_size_exceed': DNS Outbound Query Response Size Exceed; 'dns_outbound_query_sess_timed_out': DNS Outbound Query Session Timed Out; 'source_entry_total': Source Entry Total Count; 'source_entry_udp': Source Entry UDP Count; 'source_entry_tcp': Source Entry TCP Count; 'source_entry_icmp': Source Entry ICMP Count; 'source_entry_other': Source Entry OTHER Count; 'dst_exceed_action_tunnel': Entry Exceed Action: Tunnel; **Type:** string **Supported Values:** src_tcp_unauth_drop, src_tcp_action_on_syn_init, src_tcp_action_on_syn_gap_drop, src_tcp_action_on_syn_fail, src_tcp_action_on_ack_init, src_tcp_action_on_ack_gap_drop, src_tcp_action_on_ack_fail, src_tcp_out_of_seq_excd, src_tcp_retransmit_excd, src_tcp_zero_window_excd, src_tcp_conn_prate_excd, src_udp_min_payload, src_udp_max_payload, src_udp_conn_prate_excd, src_udp_ntp_monlist_req, src_udp_ntp_monlist_resp, src_udp_wellknown_sport_drop, src_udp_retry_init, dst_udp_retry_gap_drop, dst_udp_retry_fail, dst_tcp_session_aged, dst_udp_session_aged, dst_tcp_conn_close, dst_tcp_conn_close_half_open, dst_drop_frag_pkt, src_tcp_filter_action_blacklist, src_tcp_filter_action_whitelist, src_tcp_filter_action_drop, src_tcp_filter_action_default_pass, src_udp_filter_action_blacklist, src_udp_filter_action_whitelist, src_udp_filter_action_drop, src_udp_filter_action_default_pass, src_other_filter_action_blacklist, src_other_filter_action_whitelist, src_other_filter_action_drop, src_other_filter_action_default_pass, tcp_invalid_syn, dst_tcp_conn_close_w_rst, dst_tcp_conn_close_w_fin, dst_tcp_conn_close_w_idle, dst_tcp_conn_create_from_syn, dst_tcp_conn_create_from_ack, src_frag_drop, zone_port_kbit_rate_exceed_pkt, dst_tcp_bytes_rcv, dst_udp_bytes_rcv, dst_icmp_bytes_rcv, dst_other_bytes_rcv, dst_tcp_bytes_sent, dst_udp_bytes_sent, dst_icmp_bytes_sent, dst_other_bytes_sent, dst_udp_auth_drop, dst_tcp_auth_drop, dst_tcp_auth_resp, dst_drop, dst_entry_pkt_rate_exceed, dst_entry_kbit_rate_exceed, dst_entry_conn_limit_exceed, dst_entry_conn_rate_exceed, dst_entry_frag_pkt_rate_exceed, dst_l4_tcp_blacklist_drop, dst_l4_udp_blacklist_drop, dst_l4_icmp_blacklist_drop, dst_l4_other_blacklist_drop, dst_frag_timeout_drop, dst_icmp_any_exceed, dst_other_any_exceed, tcp_rexmit_syn_limit_drop, tcp_rexmit_syn_limit_bl, dst_clist_overflow_policy_at_learning, zone_frag_rcvd, zone_tcp_wellknown_sport_drop, src_tcp_wellknown_sport_drop, secondary_dst_entry_pkt_rate_exceed, secondary_dst_entry_kbit_rate_exceed, secondary_dst_entry_conn_limit_exceed, secondary_dst_entry_conn_rate_exceed, secondary_dst_entry_frag_pkt_rate_exceed, src_udp_retry_gap_drop, dst_entry_kbit_rate_exceed_count, secondary_entry_learn, secondary_entry_hit, secondary_entry_miss, secondary_entry_aged, secondary_entry_learning_thre_exceed, zone_port_undef_hit, zone_tcp_action_on_ack_timeout, zone_tcp_action_on_ack_reset, zone_tcp_action_on_ack_blacklist, src_tcp_action_on_ack_timeout, src_tcp_action_on_ack_reset, src_tcp_action_on_ack_blacklist, zone_tcp_action_on_syn_timeout, zone_tcp_action_on_syn_reset, zone_tcp_action_on_syn_blacklist, src_tcp_action_on_syn_timeout, src_tcp_action_on_syn_reset, src_tcp_action_on_syn_blacklist, zone_udp_frag_pkt_rate_exceed, zone_udp_frag_src_rate_drop, zone_tcp_frag_pkt_rate_exceed, zone_tcp_frag_src_rate_drop, zone_icmp_frag_pkt_rate_exceed, zone_icmp_frag_src_rate_drop, sflow_internal_samples_packed, sflow_external_samples_packed, sflow_internal_packets_sent, sflow_external_packets_sent, dns_outbound_total_query, dns_outbound_query_malformed, dns_outbound_query_resp_chk_failed, dns_outbound_query_resp_chk_blacklisted, dns_outbound_query_resp_chk_refused_sent, dns_outbound_query_resp_chk_reset_sent, dns_outbound_query_resp_chk_no_resp_sent, dns_outbound_query_resp_size_exceed, dns_outbound_query_sess_timed_out, source_entry_total, source_entry_udp, source_entry_tcp, source_entry_icmp, source_entry_other, dst_exceed_action_tunnel **counters3** **Description** 'dst_udp_retry_timeout_blacklist': UDP Auth: Retry Timeout Blacklisted; 'src_udp_auth_timeout': Src UDP Auth: Retry Timeout; 'zone_src_udp_retry_timeout_blacklist': Src UDP Auth: Retry Timeout Blacklisted; 'src_udp_retry_pass': Src UDP Retry Passed; 'secondary_port_learn': Per Addr Port Learned; 'secondary_port_aged': Per Addr Port Aged; 'dst_entry_outbound_udp_session_created': Outbound: UDP Sessions Created; 'dst_entry_outbound_udp_session_aged': Outbound: UDP Sessions Aged; 'dst_entry_outbound_tcp_session_created': Outbound: TCP Sessions Created; 'dst_entry_outbound_tcp_session_aged': Outbound: TCP Sessions Aged; 'dst_entry_outbound_pkt_rate_exceed': Outbound Rate: Packet Exceeded; 'dst_entry_outbound_kbit_rate_exceed': Outbound Rate: KiBit Exceeded; 'dst_entry_outbound_kbit_rate_exceed_count': Outbound Rate: KiBit Exceeded Count; 'dst_entry_outbound_conn_limit_exceed': Outbound Limit: Conn Exceeded; 'dst_entry_outbound_conn_rate_exceed': Outbound Rate: Conn Exceeded; 'dst_entry_outbound_frag_pkt_rate_exceed': Outbound Rate: Frag Packet Exceeded; 'prog_first_req_time_exceed': Req-Resp: First Request Time Exceed; 'prog_req_resp_time_exceed': Req-Resp: Request to Response Time Exceed; 'prog_request_len_exceed': Req-Resp: Request Length Exceed; 'prog_response_len_exceed': Req-Resp: Response Length Exceed; 'prog_resp_req_ratio_exceed': Req-Resp: Response to Request Ratio Exceed; 'prog_resp_req_time_exceed': Req-Resp: Response to Request Time Exceed; 'entry_sync_message_received': Entry Sync Message Received; 'entry_sync_message_sent': Entry Sync Message Sent; 'prog_conn_sent_exceed': Connection: Sent Exceed; 'prog_conn_rcvd_exceed': Connection: Received Exceed; 'prog_conn_time_exceed': Connection: Time Exceed; 'prog_conn_rcvd_sent_ratio_exceed': Connection: Reveived to Sent Ratio Exceed; 'prog_win_sent_exceed': Time Window: Sent Exceed; 'prog_win_rcvd_exceed': Time Window: Received Exceed; 'prog_win_rcvd_sent_ratio_exceed': Time Window: Received to Sent Exceed; 'prog_exceed_drop': Req-Resp: Violation Exceed Dropped; 'prog_exceed_bl': Req-Resp: Violation Exceed Blacklisted; 'prog_conn_exceed_drop': Connection: Violation Exceed Dropped; 'prog_conn_exceed_bl': Connection: Violation Exceed Blacklisted; 'prog_win_exceed_drop': Time Window: Violation Exceed Dropped; 'prog_win_exceed_bl': Time Window: Violation Exceed Blacklisted; 'east_west_inbound_rcv_pkt': East West: Inbound Packets Received; 'east_west_inbound_drop_pkt': East West: Inbound Packets Dropped; 'east_west_inbound_fwd_pkt': East West: Inbound Packets Forwarded; 'east_west_inbound_rcv_byte': East West: Inbound Bytes Received; 'east_west_inbound_drop_byte': East West: Inbound Bytes Dropped; 'east_west_inbound_fwd_byte': East West: Inbound Bytes Forwarded; 'east_west_outbound_rcv_pkt': East West: Outbound Packets Received; 'east_west_outbound_drop_pkt': East West: Outbound Packets Dropped; 'east_west_outbound_fwd_pkt': East West: Outbound Packets Forwarded; 'east_west_outbound_rcv_byte': East West: Outbound Bytes Received; 'east_west_outbound_drop_byte': East West: Outbound Bytes Dropped; 'east_west_outbound_fwd_byte': East West: Outbound Bytes Forwarded; 'dst_exceed_action_drop': Entry Exceed Action: Dropped; 'prog_conn_samples': Sample Collected: Connection; 'prog_req_samples': Sample Collected: Req-Resp; 'prog_win_samples': Sample Collected: Time Window; 'victim_ip_learned': Victim Identification: IP Entry Learned; 'victim_ip_aged': Victim Identification: IP Entry Aged; **Type:** string **Supported Values:** dst_udp_retry_timeout_blacklist, src_udp_auth_timeout, zone_src_udp_retry_timeout_blacklist, src_udp_retry_pass, secondary_port_learn, secondary_port_aged, dst_entry_outbound_udp_session_created, dst_entry_outbound_udp_session_aged, dst_entry_outbound_tcp_session_created, dst_entry_outbound_tcp_session_aged, dst_entry_outbound_pkt_rate_exceed, dst_entry_outbound_kbit_rate_exceed, dst_entry_outbound_kbit_rate_exceed_count, dst_entry_outbound_conn_limit_exceed, dst_entry_outbound_conn_rate_exceed, dst_entry_outbound_frag_pkt_rate_exceed, prog_first_req_time_exceed, prog_req_resp_time_exceed, prog_request_len_exceed, prog_response_len_exceed, prog_resp_req_ratio_exceed, prog_resp_req_time_exceed, entry_sync_message_received, entry_sync_message_sent, prog_conn_sent_exceed, prog_conn_rcvd_exceed, prog_conn_time_exceed, prog_conn_rcvd_sent_ratio_exceed, prog_win_sent_exceed, prog_win_rcvd_exceed, prog_win_rcvd_sent_ratio_exceed, prog_exceed_drop, prog_exceed_bl, prog_conn_exceed_drop, prog_conn_exceed_bl, prog_win_exceed_drop, prog_win_exceed_bl, east_west_inbound_rcv_pkt, east_west_inbound_drop_pkt, east_west_inbound_fwd_pkt, east_west_inbound_rcv_byte, east_west_inbound_drop_byte, east_west_inbound_fwd_byte, east_west_outbound_rcv_pkt, east_west_outbound_drop_pkt, east_west_outbound_fwd_pkt, east_west_outbound_rcv_byte, east_west_outbound_drop_byte, east_west_outbound_fwd_byte, dst_exceed_action_drop, prog_conn_samples, prog_req_samples, prog_win_samples, victim_ip_learned, victim_ip_aged, prog_conn_samples_processed, prog_req_samples_processed, prog_win_samples_processed, dst_src_learn_overflow, dst_tcp_auth_rst .. _1278_dst_zone-list_enable-top-k: dst_zone-list_enable-top-k ^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **topk-num-records** **Description** Maximum number of records to show in topk **Type:** number **Range:** 1-100 **Default:** 20 **topk-type** **Description** 'destination': Topk destination IP; **Type:** string **Supported Values:** destination .. _1278_system-default: system-default ^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **limit-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/system-default/limit/{limit-type} ` **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_system-default_limit-list: system-default_limit-list ^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **default-bit-rate-limit** **Description** Configure Default Kibit (kibibit / 1024-bit) rate limit **Type:** number **Range:** 1-16000000 **default-conn-limit** **Description** Configure Default Connection limit **Type:** number **Range:** 1-16000000 **default-conn-rate-limit** **Description** Configure Default Connection rate limit **Type:** number **Range:** 1-16000000 **default-frag-pkt-rate-limit** **Description** Configure Default Fragmented packet rate limit **Type:** number **Range:** 1-16000000 **default-over-limit-action** **Description:** default-over-limit-action is a **JSON Block**. Please see below for :ref:`1278_system-default_limit-list_default-over-limit-action` **Type:** Object **default-pkt-rate-limit** **Description** Configure Default Packet rate limit **Type:** number **Range:** 1-16000000 **limit-type** **Description** 'dst-entry': dst-entry; 'dst-icmp': dst-icmp; 'dst-other': dst-other; 'dst-tcp': dst-tcp; 'dst-udp': dst-udp; 'src-entry': src-entry; 'src-icmp': src-icmp; 'src-other': src-other; 'src-tcp': src-tcp; 'src-udp': src-udp; **Type:** string **Supported Values:** dst-entry, dst-icmp, dst-other, dst-tcp, dst-udp, src-entry, src-icmp, src-other, src-tcp, src-udp **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_system-default_limit-list_default-over-limit-action: system-default_limit-list_default-over-limit-action ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **drop** **Description** Silently Drop the new connection / new packet when it exceeds limit **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1278_notification-template-common: notification-template-common ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **default-template** **Type:** List **on-box-gui-notification** **Description** 'enable': enable; 'disable': disable; **Type:** string **Supported Values:** enable, disable **Default:** enable **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_notification-template-common_default-template: notification-template-common_default-template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **default-notification-template** **Description** Specify the notification template name (Default notification template name) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/notification-template ` .. _1278_zone-template: zone-template ^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dns-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/zone-template/dns/{name} ` **encap-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/zone-template/encap/{encap-tmpl-name} ` **http-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/zone-template/http/{http-tmpl-name} ` **icmp-v4-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/zone-template/icmp-v4/{icmp-tmpl-name} ` **icmp-v6-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/zone-template/icmp-v6/{icmp-tmpl-name} ` **ip-proto-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/zone-template/ip-proto/{name} ` **logging-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/zone-template/logging/{logging-tmpl-name} ` **quic-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/zone-template/quic/{quic-tmpl-name} ` **sip-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/zone-template/sip/{sip-tmpl-name} ` **ssl-l4-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/zone-template/ssl-l4/{ssl-l4-tmpl-name} ` **tcp-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/zone-template/tcp/{name} ` **udp-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/zone-template/udp/{name} ` .. _1278_zone-template_logging-list: zone-template_logging-list ^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **enable-action-logging** **Description** Log action taken **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **log-format-cef** **Description** Log in CEF format **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **log-format-custom** **Description** Customize log format **Type:** string **Format:** string-rlx **Maximum Length:** 512 characters **Maximum Length:** 1 characters **logging-tmpl-name** **Description** DDOS Logging Template Name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Default:** default **use-obj-name** **Description** Show obj name instead of ip in the log **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_zone-template_tcp-list: zone-template_tcp-list ^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **ack-authentication** **Description:** ack-authentication is a **JSON Block**. Please see below for :ref:`1278_zone-template_tcp-list_ack-authentication` **Type:** Object **ack-authentication-synack-reset** **Description** Reset client TCP SYN+ACK for authentication (DST support only) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **action-on-ack-rto-retry-count** **Description** Take action if ack-auth RTO-authentication fail over retry time(default:5) **Type:** number **Range:** 2-10 **action-on-syn-rto-retry-count** **Description** Take action if syn-auth RTO-authentication fail over retry time(default:5) **Type:** number **Range:** 2-10 **age** **Description** Session age in minutes **Type:** number **Range:** 1-63 **Default:** 2 **allow-syn-otherflags** **Description** Treat TCP SYN+PSH as a TCP SYN (DST tcp ports support only) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **allow-synack-skip-authentications** **Description** Allow create sessions on SYNACK without syn-auth and ack-auth (ASYM Mode only) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **allow-tcp-tfo** **Description** Allow TCP Fast Open **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **concurrent** **Description** Enable concurrent port access for non-matching ports (DST support only) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **conn-rate-limit-on-syn-only** **Description** Only count SYN-initiated connections towards connection-rate tracking **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **create-conn-on-syn-only** **Description** Enable connection establishment on SYN only **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dst** **Description:** dst is a **JSON Block**. Please see below for :ref:`1278_zone-template_tcp-list_dst` **Type:** Object **filter-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/zone-template/tcp/{name}/filter/{tcp-filter-name} ` **filter-match-type** **Description** 'default': Stop matching on drop/blacklist action; 'stop-on-first-match': Stop matching on first match; **Type:** string **Supported Values:** default, stop-on-first-match **Default:** default **known-resp-src-port-cfg** **Description:** known-resp-src-port-cfg is a **JSON Block**. Please see below for :ref:`1278_zone-template_tcp-list_known-resp-src-port-cfg` **Type:** Object **max-rexmit-syn-per-flow-cfg** **Description:** max-rexmit-syn-per-flow-cfg is a **JSON Block**. Please see below for :ref:`1278_zone-template_tcp-list_max-rexmit-syn-per-flow-cfg` **Type:** Object **name** **Description** **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **out-of-seq-cfg** **Description:** out-of-seq-cfg is a **JSON Block**. Please see below for :ref:`1278_zone-template_tcp-list_out-of-seq-cfg` **Type:** Object **per-conn-out-of-seq-rate-cfg** **Description:** per-conn-out-of-seq-rate-cfg is a **JSON Block**. Please see below for :ref:`1278_zone-template_tcp-list_per-conn-out-of-seq-rate-cfg` **Type:** Object **per-conn-pkt-rate-cfg** **Description:** per-conn-pkt-rate-cfg is a **JSON Block**. Please see below for :ref:`1278_zone-template_tcp-list_per-conn-pkt-rate-cfg` **Type:** Object **per-conn-rate-interval** **Description** '100ms': 100ms; '1sec': 1sec; '10sec': 10sec; **Type:** string **Supported Values:** 100ms, 1sec, 10sec **Default:** 1sec **per-conn-retransmit-rate-cfg** **Description:** per-conn-retransmit-rate-cfg is a **JSON Block**. Please see below for :ref:`1278_zone-template_tcp-list_per-conn-retransmit-rate-cfg` **Type:** Object **per-conn-zero-win-rate-cfg** **Description:** per-conn-zero-win-rate-cfg is a **JSON Block**. Please see below for :ref:`1278_zone-template_tcp-list_per-conn-zero-win-rate-cfg` **Type:** Object **progression-tracking** **Description:** progression-tracking is a **JSON Block**. Please see below for :ref:`1278_zone-template_tcp-list_progression-tracking` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/zone-template/tcp/{name}/progression-tracking ` **retransmit-cfg** **Description:** retransmit-cfg is a **JSON Block**. Please see below for :ref:`1278_zone-template_tcp-list_retransmit-cfg` **Type:** Object **src** **Description:** src is a **JSON Block**. Please see below for :ref:`1278_zone-template_tcp-list_src` **Type:** Object **syn-authentication** **Description:** syn-authentication is a **JSON Block**. Please see below for :ref:`1278_zone-template_tcp-list_syn-authentication` **Type:** Object **syn-cookie** **Description** Enable SYN Cookie **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **synack-rate-limit** **Description** Config SYNACK rate limit **Type:** number **Range:** 1-16000000 **Mutual Exclusion:** synack-rate-limit and track-together-with-syn are mutually exclusive **track-together-with-syn** **Description** SYNACK will be counted in Dst Syn-rate limit **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** track-together-with-syn and synack-rate-limit are mutually exclusive **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zero-win-cfg** **Description:** zero-win-cfg is a **JSON Block**. Please see below for :ref:`1278_zone-template_tcp-list_zero-win-cfg` **Type:** Object .. _1278_zone-template_tcp-list_syn-authentication: zone-template_tcp-list_syn-authentication ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **allow-ra** **Description** Allow RA packets to be used for auth **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **syn-auth-fail-action** **Description** 'drop': Drop packets (Default); 'blacklist-src': Blacklist-src; 'reset': Send reset to client (Applicable to retransmit-check only); **Type:** string **Supported Values:** drop, blacklist-src, reset **Mutual Exclusion:** syn-auth-fail-action and syn-auth-fail-action-list-name are mutually exclusive **syn-auth-fail-action-list-name** **Description** Configure action-list to take for failing the authentication. **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** syn-auth-fail-action-list-name and syn-auth-fail-action are mutually exclusive **syn-auth-min-delay** **Description** Minimum delay (in 100ms intervals) between SYN retransmits for retransmit-check to pass **Type:** number **Range:** 1-80 **Mutual Exclusion:** syn-auth-min-delay and syn-auth-type are mutually exclusive **syn-auth-pass-action** **Description** 'authenticate-src': authenticate-src (Default); **Type:** string **Supported Values:** authenticate-src **Mutual Exclusion:** syn-auth-pass-action and syn-auth-pass-action-list-name are mutually exclusive **syn-auth-pass-action-list-name** **Description** Configure action-list to take for passing the authentication **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** syn-auth-pass-action-list-name and syn-auth-pass-action are mutually exclusive **syn-auth-rto** **Description** Estimate the RTO and apply the exponential back-off for authentication **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **syn-auth-timeout** **Description** syn retransmit timeout in seconds(default timeout: 5 seconds) **Type:** number **Range:** 1-31 **Mutual Exclusion:** syn-auth-timeout and syn-auth-type are mutually exclusive **syn-auth-type** **Description** 'send-rst': Send reset to client after syn cookie check pass; 'force-rst-by-ack': Send client a bad ack after syn cookie check pass; 'force-rst-by-synack': Send client a bad synack after syn cookie check pass; **Type:** string **Supported Values:** send-rst, force-rst-by-ack, force-rst-by-synack, send-rst-once **Mutual Exclusion:** syn-auth-type, syn-auth-timeout, and syn-auth-min-delay are mutually exclusive .. _1278_zone-template_tcp-list_ack-authentication: zone-template_tcp-list_ack-authentication ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **ack-auth-fail-action** **Description** 'drop': Drop packets (Default); 'blacklist-src': Blacklist-src; 'reset': Send reset to client; **Type:** string **Supported Values:** drop, blacklist-src, reset **Mutual Exclusion:** ack-auth-fail-action and ack-auth-fail-action-list-name are mutually exclusive **ack-auth-fail-action-list-name** **Description** Configure action-list to take for failing the authentication. **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** ack-auth-fail-action-list-name and ack-auth-fail-action are mutually exclusive **ack-auth-min-delay** **Description** Minimum delay (in 100ms intervals) between ACK retransmits for retransmit-check to pass **Type:** number **Range:** 1-80 **ack-auth-only** **Description** Apply retransmit-check only once per source address for authentication purpose **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **ack-auth-pass-action** **Description** 'authenticate-src': authenticate-src (Default); **Type:** string **Supported Values:** authenticate-src **Mutual Exclusion:** ack-auth-pass-action and ack-auth-pass-action-list-name are mutually exclusive **ack-auth-pass-action-list-name** **Description** Configure action-list to take for passing the authentication **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** ack-auth-pass-action-list-name and ack-auth-pass-action are mutually exclusive **ack-auth-rto** **Description** Estimate the RTO and apply the exponential back-off for authentication **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **ack-auth-timeout** **Description** ack retransmit timeout in seconds(default timeout: 5 seconds) **Type:** number **Range:** 1-31 .. _1278_zone-template_tcp-list_retransmit-cfg: zone-template_tcp-list_retransmit-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **retransmit** **Description** Take action if retransmit pkts exceed configured threshold **Type:** number **Range:** 1-64000 **Mutual Exclusion:** retransmit and per-conn-retransmit-rate-limit are mutually exclusive **retransmit-action** **Description** 'drop': Drop packets for retrans exceed (Default); 'blacklist-src': help Blacklist-src for retrans exceed; 'ignore': help Ignore retrans exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **Default:** drop **Mutual Exclusion:** retransmit-action and retransmit-action-list-name are mutually exclusive **retransmit-action-list-name** **Description** Configure action-list to take for retransmit exceed **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** retransmit-action-list-name and retransmit-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` .. _1278_zone-template_tcp-list_dst: zone-template_tcp-list_dst ^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **rate-limit** **Description:** rate-limit is a **JSON Block**. Please see below for :ref:`1278_zone-template_tcp-list_dst_rate-limit` **Type:** Object .. _1278_zone-template_tcp-list_dst_rate-limit: zone-template_tcp-list_dst_rate-limit ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **syn-rate-limit** **Description:** syn-rate-limit is a **JSON Block**. Please see below for :ref:`1278_zone-template_tcp-list_dst_rate-limit_syn-rate-limit` **Type:** Object .. _1278_zone-template_tcp-list_dst_rate-limit_syn-rate-limit: zone-template_tcp-list_dst_rate-limit_syn-rate-limit ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dst-syn-rate-action** **Description** 'drop': Drop packets for syn-rate exceed (Default); 'ignore': Ignore syn-rate-exceed; **Type:** string **Supported Values:** drop, ignore **Default:** drop **dst-syn-rate-limit** **Description** **Type:** number **Range:** 1-16000000 .. _1278_zone-template_tcp-list_per-conn-retransmit-rate-cfg: zone-template_tcp-list_per-conn-retransmit-rate-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **per-conn-retransmit-rate-action** **Description** 'drop': Drop packets for retrans rate exceed (Default); 'blacklist-src': help Blacklist-src for retrans rate exceed; 'ignore': help Ignore retrans rate exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **Default:** drop **Mutual Exclusion:** per-conn-retransmit-rate-action and per-conn-retransmit-rate-action-list-name are mutually exclusive **per-conn-retransmit-rate-action-list-name** **Description** Configure action-list to take for retransmit rate exceed **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** per-conn-retransmit-rate-action-list-name and per-conn-retransmit-rate-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **per-conn-retransmit-rate-limit** **Description** Take action if retransmit pkt rate exceed configured threshold **Type:** number **Range:** 1-16000000 **Mutual Exclusion:** per-conn-retransmit-rate-limit and retransmit are mutually exclusive .. _1278_zone-template_tcp-list_per-conn-zero-win-rate-cfg: zone-template_tcp-list_per-conn-zero-win-rate-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **per-conn-zero-win-rate-action** **Description** 'drop': Drop packets for zero-win rate exceed (Default); 'blacklist-src': help Blacklist-src for zero-win rate exceed; 'ignore': Ignore zero-win rate exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **Default:** drop **Mutual Exclusion:** per-conn-zero-win-rate-action and per-conn-zero-win-rate-action-list-name are mutually exclusive **per-conn-zero-win-rate-action-list-name** **Description** Configure action-list to take for zero window rate exceed **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** per-conn-zero-win-rate-action-list-name and per-conn-zero-win-rate-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **per-conn-zero-win-rate-limit** **Description** Take action if zero window pkt rate exceed configured threshold **Type:** number **Range:** 1-16000000 **Mutual Exclusion:** per-conn-zero-win-rate-limit and zero-win are mutually exclusive .. _1278_zone-template_tcp-list_per-conn-pkt-rate-cfg: zone-template_tcp-list_per-conn-pkt-rate-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **per-conn-pkt-rate-action** **Description** 'drop': Drop packets for per-conn-pkt-rate exceed (Default); 'blacklist-src': help Blacklist-src for per-conn-pkt-rate exceed; 'ignore': Ignore per-conn-pkt-rate-exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **Default:** drop **Mutual Exclusion:** per-conn-pkt-rate-action and per-conn-pkt-rate-action-list-name are mutually exclusive **per-conn-pkt-rate-action-list-name** **Description** Configure action-list to take for per-conn-pkt-rate exceed **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** per-conn-pkt-rate-action-list-name and per-conn-pkt-rate-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **per-conn-pkt-rate-limit** **Description** Packet rate limit per connection per rate-interval **Type:** number **Range:** 1-16000000 .. _1278_zone-template_tcp-list_max-rexmit-syn-per-flow-cfg: zone-template_tcp-list_max-rexmit-syn-per-flow-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **max-rexmit-syn-per-flow** **Description** Maximum number of re-transmit SYN per flow **Type:** number **Range:** 1-6 **max-rexmit-syn-per-flow-action** **Description** 'drop': Drop SYN packets for max-rexmit-syn-per-flow exceed (Default); 'blacklist-src': help Blacklist-src for max-rexmit-syn-per-flow exceed; **Type:** string **Supported Values:** drop, blacklist-src **Default:** drop **max-rexmit-syn-per-flow-action-list-name** **Description** Configure action-list to take for max-rexmit-syn-per-flow exceed **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` .. _1278_zone-template_tcp-list_src: zone-template_tcp-list_src ^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **rate-limit** **Description:** rate-limit is a **JSON Block**. Please see below for :ref:`1278_zone-template_tcp-list_src_rate-limit` **Type:** Object .. _1278_zone-template_tcp-list_src_rate-limit: zone-template_tcp-list_src_rate-limit ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **syn-rate-limit** **Description:** syn-rate-limit is a **JSON Block**. Please see below for :ref:`1278_zone-template_tcp-list_src_rate-limit_syn-rate-limit` **Type:** Object .. _1278_zone-template_tcp-list_src_rate-limit_syn-rate-limit: zone-template_tcp-list_src_rate-limit_syn-rate-limit ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **src-syn-rate-action** **Description** 'drop': Drop packets for syn-rate exceed (Default); 'blacklist-src': Blacklist-src for syn-rate exceed; 'ignore': Ignore syn-rate-exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **Default:** drop **Mutual Exclusion:** src-syn-rate-action and src-syn-rate-action-list-name are mutually exclusive **src-syn-rate-action-list-name** **Description** Configure action-list to take for syn-rate exceed **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** src-syn-rate-action-list-name and src-syn-rate-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **src-syn-rate-limit** **Description** **Type:** number **Range:** 1-16000000 .. _1278_zone-template_tcp-list_progression-tracking: zone-template_tcp-list_progression-tracking ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **connection-tracking** **Description:** connection-tracking is a **JSON Block**. Please see below for :ref:`1278_zone-template_tcp-list_progression-tracking_connection-tracking` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/zone-template/tcp/{name}/progression-tracking/connection-tracking ` **first-request-max-time** **Description** Set the maximum wait time from connection creation until the first data is transmitted over the connection (100 ms) **Type:** number **Range:** 1-65535 **ignore-TLS-handshake** **Description** Ignore TLS handshake **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **profiling-connection-life-model** **Description** Enable auto-config progression tracking learning for connection model **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **profiling-request-response-model** **Description** Enable auto-config progression tracking learning for Request Response model **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **profiling-time-window-model** **Description** Enable auto-config progression tracking learning for time window model **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **progression-tracking-action** **Description** 'drop': Drop packets for progression tracking violation exceed (Default); 'blacklist-src': Blacklist-src for progression tracking violation exceed; **Type:** string **Supported Values:** drop, blacklist-src **Default:** drop **Mutual Exclusion:** progression-tracking-action and progression-tracking-action-list-name are mutually exclusive **progression-tracking-action-list-name** **Description** Configure action-list to take when progression tracking violation exceed **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** progression-tracking-action-list-name and progression-tracking-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **progression-tracking-enabled** **Description** 'enable-check': Enable Progression Tracking Check; **Type:** string **Supported Values:** enable-check **request-length-max** **Description** Set the maximum request length **Type:** number **Range:** 1-65535 **request-length-min** **Description** Set the minimum request length **Type:** number **Range:** 1-65535 **request-response-model** **Description** 'enable': Enable Request Response Model; 'disable': Disable Request Response Model; **Type:** string **Supported Values:** enable, disable **Default:** enable **request-to-response-max-time** **Description** Set the maximum request to response time (100 ms) **Type:** number **Range:** 1-65535 **response-length-max** **Description** Set the maximum response length **Type:** number **Range:** 1-4294967295 **response-length-min** **Description** Set the minimum response length **Type:** number **Range:** 1-65535 **response-request-max-ratio** **Description** Set the maximum response to request ratio (in unit of 0.1% [1:1000]) **Type:** number **Range:** 1-4294967295 **response-request-min-ratio** **Description** Set the minimum response to request ratio (in unit of 0.1% [1:1000]) **Type:** number **Range:** 1-65535 **response-to-request-max-time** **Description** Set the maximum response to request time (100 ms) **Type:** number **Range:** 1-65535 **time-window-tracking** **Description:** time-window-tracking is a **JSON Block**. Please see below for :ref:`1278_zone-template_tcp-list_progression-tracking_time-window-tracking` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/zone-template/tcp/{name}/progression-tracking/time-window-tracking ` **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **violation** **Description** Set the violation threshold **Type:** number **Range:** 1-255 .. _1278_zone-template_tcp-list_progression-tracking_connection-tracking: zone-template_tcp-list_progression-tracking_connection-tracking ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **conn-duration-max** **Description** Set the maximum duration time (in unit of 100ms, up to 24 hours) **Type:** number **Range:** 1-2147483647 **conn-duration-min** **Description** Set the minimum duration time (in unit of 100ms, up to 24 hours) **Type:** number **Range:** 1-864000 **conn-rcvd-max** **Description** Set the maximum total received byte **Type:** number **Range:** 1-2147483647 **conn-rcvd-min** **Description** Set the minimum total received byte **Type:** number **Range:** 1-2147483647 **conn-rcvd-sent-ratio-max** **Description** Set the maximum received to sent ratio (in unit of milli-, 0.001) **Type:** number **Range:** 1-2147483647 **conn-rcvd-sent-ratio-min** **Description** Set the minimum received to sent ratio (in unit of milli-, 0.001) **Type:** number **Range:** 1-65535 **conn-sent-max** **Description** Set the maximum total sent byte **Type:** number **Range:** 1-2147483647 **conn-sent-min** **Description** Set the minimum total sent byte **Type:** number **Range:** 1-65535 **conn-violation** **Description** Set the violation threshold **Type:** number **Range:** 1-255 **progression-tracking-conn-action** **Description** 'drop': Drop packets for progression tracking violation exceed (Default); 'blacklist-src': Blacklist-src for progression tracking violation exceed; **Type:** string **Supported Values:** drop, blacklist-src **Default:** drop **Mutual Exclusion:** progression-tracking-conn-action and progression-tracking-conn-action-list-name are mutually exclusive **progression-tracking-conn-action-list-name** **Description** Configure action-list to take when progression tracking violation exceed **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** progression-tracking-conn-action-list-name and progression-tracking-conn-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **progression-tracking-conn-enabled** **Description** 'enable-check': Enable General Progression Tracking per Connection; **Type:** string **Supported Values:** enable-check **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_zone-template_tcp-list_progression-tracking_time-window-tracking: zone-template_tcp-list_progression-tracking_time-window-tracking ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **progression-tracking-win-enabled** **Description** 'enable-check': Enable Progression Tracking per Time Window; **Type:** string **Supported Values:** enable-check **progression-tracking-windows-action** **Description** 'drop': Drop packets for progression tracking violation exceed (Default); 'blacklist-src': Blacklist-src for progression tracking violation exceed; **Type:** string **Supported Values:** drop, blacklist-src **Default:** drop **Mutual Exclusion:** progression-tracking-windows-action and progression-tracking-windows-action-list-name are mutually exclusive **progression-tracking-windows-action-list-name** **Description** Configure action-list to take when progression tracking violation exceed **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** progression-tracking-windows-action-list-name and progression-tracking-windows-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **window-rcvd-max** **Description** Set the maximum total received byte **Type:** number **Range:** 1-65535 **window-rcvd-min** **Description** Set the minimum total received byte **Type:** number **Range:** 1-65535 **window-rcvd-sent-ratio-max** **Description** Set the maximum received to sent ratio (in unit of 0.1% [1:1000]) **Type:** number **Range:** 1-65535 **window-rcvd-sent-ratio-min** **Description** Set the minimum received to sent ratio (in unit of 0.1% [1:1000]) **Type:** number **Range:** 1-65535 **window-sent-max** **Description** Set the maximum total sent byte **Type:** number **Range:** 1-65535 **window-sent-min** **Description** Set the minimum total sent byte **Type:** number **Range:** 1-65535 **window-violation** **Description** Set the violation threshold **Type:** number **Range:** 1-255 .. _1278_zone-template_tcp-list_filter-list: zone-template_tcp-list_filter-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **byte-offset-filter** **Description** Filter using Berkeley Packet Filter syntax **Type:** string **Format:** string-rlx **Maximum Length:** 1275 characters **Maximum Length:** 1 characters **tcp-filter-action** **Description** 'drop': Drop packets (Default); 'ignore': Take no action; 'blacklist-src': Blacklist-src; 'authenticate-src': Authenticate-src; **Type:** string **Supported Values:** drop, ignore, blacklist-src, authenticate-src **Default:** drop **Mutual Exclusion:** tcp-filter-action and tcp-filter-action-list-name are mutually exclusive **tcp-filter-action-list-name** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** tcp-filter-action-list-name and tcp-filter-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **tcp-filter-inverse-match** **Description** Inverse the result of the matching **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **tcp-filter-name** **Description** **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **tcp-filter-regex** **Description** Regex Expression **Type:** string **Format:** string-rlx **Maximum Length:** 1275 characters **Maximum Length:** 1 characters **tcp-filter-seq** **Description** Sequence number **Type:** number **Range:** 1-200 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_zone-template_tcp-list_known-resp-src-port-cfg: zone-template_tcp-list_known-resp-src-port-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **exclude-src-resp-port** **Description** Exclude src port equal to dst port **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **known-resp-src-port** **Description** Take action if src-port is less than 1024 **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **known-resp-src-port-action** **Description** 'drop': Drop packets from well-known src-port(Default); 'blacklist-src': Blacklist-src from well-known src-port; 'ignore': Ignore well-known src-port; **Type:** string **Supported Values:** drop, blacklist-src, ignore **Mutual Exclusion:** known-resp-src-port-action and known-resp-src-port-action-list-name are mutually exclusive **known-resp-src-port-action-list-name** **Description** Configure action-list to take for well-known src-port **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** known-resp-src-port-action-list-name and known-resp-src-port-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` .. _1278_zone-template_tcp-list_zero-win-cfg: zone-template_tcp-list_zero-win-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **zero-win** **Description** Take action if zero window pkts exceed configured threshold **Type:** number **Range:** 1-250 **Mutual Exclusion:** zero-win and per-conn-zero-win-rate-limit are mutually exclusive **zero-win-action** **Description** 'drop': Drop packets for zero-win exceed (Default); 'blacklist-src': help Blacklist-src for zero-win exceed; 'ignore': Ignore zero-win exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **Default:** drop **Mutual Exclusion:** zero-win-action and zero-win-action-list-name are mutually exclusive **zero-win-action-list-name** **Description** Configure action-list to take for zero window exceed **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** zero-win-action-list-name and zero-win-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` .. _1278_zone-template_tcp-list_per-conn-out-of-seq-rate-cfg: zone-template_tcp-list_per-conn-out-of-seq-rate-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **per-conn-out-of-seq-rate-action** **Description** 'drop': Drop packets for out-of-seq rate exceed (Default); 'blacklist-src': help Blacklist-src for out-of-seq rate exceed; 'ignore': help Ignore out-of-seq rate exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **Default:** drop **Mutual Exclusion:** per-conn-out-of-seq-rate-action and per-conn-out-of-seq-rate-action-list-name are mutually exclusive **per-conn-out-of-seq-rate-action-list-name** **Description** Configure action-list to take for out-of-seq rate exceed **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** per-conn-out-of-seq-rate-action-list-name and per-conn-out-of-seq-rate-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **per-conn-out-of-seq-rate-limit** **Description** Take action if out-of-seq pkt rate exceed configured threshold **Type:** number **Range:** 1-16000000 **Mutual Exclusion:** per-conn-out-of-seq-rate-limit and out-of-seq are mutually exclusive .. _1278_zone-template_tcp-list_out-of-seq-cfg: zone-template_tcp-list_out-of-seq-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **out-of-seq** **Description** Take action if out-of-seq pkts exceed configured threshold **Type:** number **Range:** 1-64000 **Mutual Exclusion:** out-of-seq and per-conn-out-of-seq-rate-limit are mutually exclusive **out-of-seq-action** **Description** 'drop': Drop packets for out-of-seq exceed (Default); 'blacklist-src': help Blacklist-src for out-of-seq exceed; 'ignore': help Ignore out-of-seq exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **Default:** drop **Mutual Exclusion:** out-of-seq-action and out-of-seq-action-list-name are mutually exclusive **out-of-seq-action-list-name** **Description** Configure action-list to take for out-of-seq exceed **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** out-of-seq-action-list-name and out-of-seq-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` .. _1278_zone-template_quic-list: zone-template_quic-list ^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **fixed-bit-check-disable** **Description** Disable fixed-bit malform check **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **quic-tmpl-name** **Description** **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **version-supported-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/zone-template/quic/{quic-tmpl-name}/version-supported/{version-start}+{version-end} ` .. _1278_zone-template_quic-list_version-supported-list: zone-template_quic-list_version-supported-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **malformed-check** **Description:** malformed-check is a **JSON Block**. Please see below for :ref:`1278_zone-template_quic-list_version-supported-list_malformed-check` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/zone-template/quic/{quic-tmpl-name}/version-supported/{version-start}+{version-end}/malformed-check ` **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **version-action** **Description** 'drop': Drop packets; 'blacklist-src': Blacklist-src; **Type:** string **Supported Values:** drop, blacklist-src **Mutual Exclusion:** version-action and version-action-list-name are mutually exclusive **version-action-list-name** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** version-action-list-name and version-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **version-end** **Description** Version supported range end **Type:** string **Format:** time **Maximum Length:** 4294967295 characters **Maximum Length:** 1 characters **version-start** **Description** Configure versions supported **Type:** string **Format:** time **Maximum Length:** 4294967295 characters **Maximum Length:** 1 characters .. _1278_zone-template_quic-list_version-supported-list_malformed-check: zone-template_quic-list_version-supported-list_malformed-check ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **malformed-check-action** **Description** 'drop': Drop packets (Default); 'blacklist-src': Blacklist-src; **Type:** string **Supported Values:** drop, blacklist-src **Mutual Exclusion:** malformed-check-action and malformed-check-action-list-name are mutually exclusive **malformed-check-action-list-name** **Description** Configure action-list to take. Overwrites version action **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** malformed-check-action-list-name and malformed-check-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **malformed-enable** **Description** 'enable': Enable malformed check; **Type:** string **Supported Values:** enable **Default:** enable **max-destination-cid-length** **Description** Set the maximum destination CID length **Type:** number **Range:** 0-255 **Default:** 255 **max-source-cid-length** **Description** Set the maximum source CID length **Type:** number **Range:** 0-255 **Default:** 255 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_zone-template_ssl-l4-list: zone-template_ssl-l4-list ^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **allow-non-tls** **Description** Allow Non-TLS (SSLv3 and lower) traffic (Warning: security may be compromised) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **auth-handshake** **Description:** auth-handshake is a **JSON Block**. Please see below for :ref:`1278_zone-template_ssl-l4-list_auth-handshake` **Type:** Object **disable** **Description** Disable this template **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dst** **Description:** dst is a **JSON Block**. Please see below for :ref:`1278_zone-template_ssl-l4-list_dst` **Type:** Object **multi-pu-threshold-distribution** **Description:** multi-pu-threshold-distribution is a **JSON Block**. Please see below for :ref:`1278_zone-template_ssl-l4-list_multi-pu-threshold-distribution` **Type:** Object **renegotiation** **Description:** renegotiation is a **JSON Block**. Please see below for :ref:`1278_zone-template_ssl-l4-list_renegotiation` **Type:** Object **src** **Description:** src is a **JSON Block**. Please see below for :ref:`1278_zone-template_ssl-l4-list_src` **Type:** Object **ssl-l4-tmpl-name** **Description** **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **ssl-traffic-check** **Description:** ssl-traffic-check is a **JSON Block**. Please see below for :ref:`1278_zone-template_ssl-l4-list_ssl-traffic-check` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/zone-template/ssl-l4/{ssl-l4-tmpl-name}/ssl-traffic-check ` **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_zone-template_ssl-l4-list_auth-handshake: zone-template_ssl-l4-list_auth-handshake ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **auth-handshake-fail-action** **Description** 'drop': Drop packets (Default); 'blacklist-src': Blacklist-src; 'reset': Reset client connection; **Type:** string **Supported Values:** drop, blacklist-src, reset **Mutual Exclusion:** auth-handshake-fail-action and auth-handshake-fail-action-list-name are mutually exclusive **auth-handshake-fail-action-list-name** **Description** Configure action-list to take for failing the authentication **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** auth-handshake-fail-action-list-name and auth-handshake-fail-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **auth-handshake-pass-action** **Description** 'authenticate-src': authenticate-src (Default); **Type:** string **Supported Values:** authenticate-src **Mutual Exclusion:** auth-handshake-pass-action and auth-handshake-pass-action-list-name are mutually exclusive **auth-handshake-pass-action-list-name** **Description** Configure action-list to take for passing the authentication **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** auth-handshake-pass-action-list-name and auth-handshake-pass-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **auth-handshake-timeout** **Description** Connection timeout (default 5 seconds) and trials (default 5 times) (DST support only) **Type:** number **Range:** 1-31 **Default:** 5 **auth-handshake-trials** **Description** Number of failed handshakes before entry marked black **Type:** number **Range:** 0-15 **Default:** 5 **cert-cfg** **Description:** cert-cfg is a **JSON Block**. Please see below for :ref:`1278_zone-template_ssl-l4-list_auth-handshake_cert-cfg` **Type:** Object **server-name-list** **Type:** List .. _1278_zone-template_ssl-l4-list_auth-handshake_cert-cfg: zone-template_ssl-l4-list_auth-handshake_cert-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **cert** **Description** SSL certificate **Type:** string **Maximum Length:** 255 characters **Maximum Length:** 1 characters **key** **Description** SSL key **Type:** string **Maximum Length:** 255 characters **Maximum Length:** 1 characters **key-encrypted** **Description** Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string) **key-passphrase** **Description** Password Phrase **Type:** string **Format:** password **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _1278_zone-template_ssl-l4-list_auth-handshake_server-name-list: zone-template_ssl-l4-list_auth-handshake_server-name-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **server-cert** **Description** Server Certificate associated to SNI (Server Certificate Name) **Type:** string **Maximum Length:** 255 characters **Maximum Length:** 1 characters **server-encrypted** **Description** Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string) **server-key** **Description** Server Private Key associated to SNI (Server Private Key Name) **Type:** string **Maximum Length:** 255 characters **Maximum Length:** 1 characters **server-name** **Description** Server name indication in Client hello extension (Server name String) **Type:** string **Maximum Length:** 255 characters **Maximum Length:** 1 characters **server-passphrase** **Description** Password Phrase **Type:** string **Format:** password **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _1278_zone-template_ssl-l4-list_src: zone-template_ssl-l4-list_src ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **rate-limit** **Description:** rate-limit is a **JSON Block**. Please see below for :ref:`1278_zone-template_ssl-l4-list_src_rate-limit` **Type:** Object .. _1278_zone-template_ssl-l4-list_src_rate-limit: zone-template_ssl-l4-list_src_rate-limit ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **request** **Description:** request is a **JSON Block**. Please see below for :ref:`1278_zone-template_ssl-l4-list_src_rate-limit_request` **Type:** Object .. _1278_zone-template_ssl-l4-list_src_rate-limit_request: zone-template_ssl-l4-list_src_rate-limit_request ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **src-request-rate-limit** **Description** **Type:** number **Range:** 1-16000000 **src-request-rate-limit-action** **Description** 'drop': Drop packets (Default); 'ignore': Take no action; 'reset': Reset client connection; **Type:** string **Supported Values:** drop, ignore, reset **Mutual Exclusion:** src-request-rate-limit-action and src-request-rate-limit-action-list-name are mutually exclusive **src-request-rate-limit-action-list-name** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** src-request-rate-limit-action-list-name and src-request-rate-limit-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` .. _1278_zone-template_ssl-l4-list_dst: zone-template_ssl-l4-list_dst ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **rate-limit** **Description:** rate-limit is a **JSON Block**. Please see below for :ref:`1278_zone-template_ssl-l4-list_dst_rate-limit` **Type:** Object .. _1278_zone-template_ssl-l4-list_dst_rate-limit: zone-template_ssl-l4-list_dst_rate-limit ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **request** **Description:** request is a **JSON Block**. Please see below for :ref:`1278_zone-template_ssl-l4-list_dst_rate-limit_request` **Type:** Object .. _1278_zone-template_ssl-l4-list_dst_rate-limit_request: zone-template_ssl-l4-list_dst_rate-limit_request ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dst-request-rate-limit** **Description** **Type:** number **Range:** 1-16000000 **dst-request-rate-limit-action** **Description** 'drop': Drop packets (Default); 'ignore': Take no action; 'reset': Reset client connection; **Type:** string **Supported Values:** drop, ignore, reset **Mutual Exclusion:** dst-request-rate-limit-action and dst-request-rate-limit-action-list-name are mutually exclusive **dst-request-rate-limit-action-list-name** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** dst-request-rate-limit-action-list-name and dst-request-rate-limit-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` .. _1278_zone-template_ssl-l4-list_ssl-traffic-check: zone-template_ssl-l4-list_ssl-traffic-check ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **check-resumed-connection** **Description** Apply checks to SSL connections initialized by ACK packets **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **header-action** **Description** 'drop': Drop packets with bad ssl header; 'ignore': Forward packets with bad ssl header; **Type:** string **Supported Values:** drop, ignore **header-inspection** **Description** Inspect ssl header **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_zone-template_ssl-l4-list_multi-pu-threshold-distribution: zone-template_ssl-l4-list_multi-pu-threshold-distribution ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **multi-pu-threshold-distribution-disable** **Description** 'disable': Destination side rate limit only. Default: Enable; **Type:** string **Supported Values:** disable **Mutual Exclusion:** multi-pu-threshold-distribution-disable and multi-pu-threshold-distribution-value are mutually exclusive **multi-pu-threshold-distribution-value** **Description** Destination side rate limit only. Default: 0 **Type:** number **Range:** 1-16000000 **Mutual Exclusion:** multi-pu-threshold-distribution-value and multi-pu-threshold-distribution-disable are mutually exclusive .. _1278_zone-template_ssl-l4-list_renegotiation: zone-template_ssl-l4-list_renegotiation ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **num-renegotiation** **Description** Number of renegotiation allowed **Type:** number **Range:** 0-7 **ssl-l4-reneg-action** **Description** 'drop': Drop packets (Default); 'ignore': Take no action; 'blacklist-src': Blacklist-src; 'reset': Reset client connection; **Type:** string **Supported Values:** drop, ignore, blacklist-src, reset **Mutual Exclusion:** ssl-l4-reneg-action and ssl-l4-reneg-action-list-name are mutually exclusive **ssl-l4-reneg-action-list-name** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** ssl-l4-reneg-action-list-name and ssl-l4-reneg-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` .. _1278_zone-template_ip-proto-list: zone-template_ip-proto-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **filter-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/zone-template/ip-proto/{name}/filter/{other-filter-name} ` **filter-match-type** **Description** 'default': Stop matching on drop/blacklist action; 'stop-on-first-match': Stop matching on first match; **Type:** string **Supported Values:** default, stop-on-first-match **Default:** default **name** **Description** DDOS Ip-proto Template Name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_zone-template_ip-proto-list_filter-list: zone-template_ip-proto-list_filter-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **byte-offset-filter** **Description** Filter using Berkeley Packet Filter syntax **Type:** string **Format:** string-rlx **Maximum Length:** 1275 characters **Maximum Length:** 1 characters **other-filter-action** **Description** 'drop': Drop packets (Default); 'ignore': Take no action; 'blacklist-src': Blacklist-src; 'authenticate-src': Authenticate-src; **Type:** string **Supported Values:** drop, ignore, blacklist-src, authenticate-src **Mutual Exclusion:** other-filter-action and other-filter-action-list-name are mutually exclusive **other-filter-action-list-name** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** other-filter-action-list-name and other-filter-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **other-filter-inverse-match** **Description** Inverse the result of the matching **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **other-filter-name** **Description** **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **other-filter-regex** **Description** Regex Expression **Type:** string **Format:** string-rlx **Maximum Length:** 1275 characters **Maximum Length:** 1 characters **other-filter-seq** **Description** Sequence number **Type:** number **Range:** 1-200 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_zone-template_dns-list: zone-template_dns-list ^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **allow-query-class** **Description:** allow-query-class is a **JSON Block**. Please see below for :ref:`1278_zone-template_dns-list_allow-query-class` **Type:** Object **allow-record-type** **Description:** allow-record-type is a **JSON Block**. Please see below for :ref:`1278_zone-template_dns-list_allow-record-type` **Type:** Object **dns-any-check** **Description** Drop DNS queries of Type ANY **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dns-any-check-action** **Description** 'drop': Drop packets (Default); 'ignore': Take no action; 'blacklist-src': Blacklist-src; 'reset': Reset client connection; **Type:** string **Supported Values:** drop, ignore, blacklist-src, reset **Default:** drop **Mutual Exclusion:** dns-any-check-action and dns-any-check-action-list-name are mutually exclusive **dns-any-check-action-list-name** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** dns-any-check-action-list-name and dns-any-check-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **dns-udp-authentication** **Description:** dns-udp-authentication is a **JSON Block**. Please see below for :ref:`1278_zone-template_dns-list_dns-udp-authentication` **Type:** Object **domain-group-name** **Description** Apply a domain-group to the DNS template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **dst** **Description:** dst is a **JSON Block**. Please see below for :ref:`1278_zone-template_dns-list_dst` **Type:** Object **fqdn-label-count-cfg** **Description:** fqdn-label-count-cfg is a **JSON Block**. Please see below for :ref:`1278_zone-template_dns-list_fqdn-label-count-cfg` **Type:** Object **fqdn-label-len-cfg** **Type:** List **malformed-query-check** **Description:** malformed-query-check is a **JSON Block**. Please see below for :ref:`1278_zone-template_dns-list_malformed-query-check` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/zone-template/dns/{name}/malformed-query-check ` **multi-pu-threshold-distribution** **Description:** multi-pu-threshold-distribution is a **JSON Block**. Please see below for :ref:`1278_zone-template_dns-list_multi-pu-threshold-distribution` **Type:** Object **name** **Description** **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **on-no-match** **Description** 'permit': permit; 'deny': deny (default); **Type:** string **Supported Values:** permit, deny **Default:** deny **src** **Description:** src is a **JSON Block**. Please see below for :ref:`1278_zone-template_dns-list_src` **Type:** Object **symtimeout-cfg** **Description:** symtimeout-cfg is a **JSON Block**. Please see below for :ref:`1278_zone-template_dns-list_symtimeout-cfg` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_zone-template_dns-list_src: zone-template_dns-list_src ^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **rate-limit** **Description:** rate-limit is a **JSON Block**. Please see below for :ref:`1278_zone-template_dns-list_src_rate-limit` **Type:** Object .. _1278_zone-template_dns-list_src_rate-limit: zone-template_dns-list_src_rate-limit ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **nxdomain** **Description:** nxdomain is a **JSON Block**. Please see below for :ref:`1278_zone-template_dns-list_src_rate-limit_nxdomain` **Type:** Object **request** **Description:** request is a **JSON Block**. Please see below for :ref:`1278_zone-template_dns-list_src_rate-limit_request` **Type:** Object .. _1278_zone-template_dns-list_src_rate-limit_request: zone-template_dns-list_src_rate-limit_request ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **src-dns-request-rate-limit-action** **Description** 'drop': Drop packets (Default); 'ignore': Take no action; 'blacklist-src': Blacklist-src; 'reset': Reset client connection; **Type:** string **Supported Values:** drop, ignore, blacklist-src, reset **Mutual Exclusion:** src-dns-request-rate-limit-action and src-dns-request-rate-limit-action-list-name are mutually exclusive **src-dns-request-rate-limit-action-list-name** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** src-dns-request-rate-limit-action-list-name and src-dns-request-rate-limit-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **type** **Description:** type is a **JSON Block**. Please see below for :ref:`1278_zone-template_dns-list_src_rate-limit_request_type` **Type:** Object .. _1278_zone-template_dns-list_src_rate-limit_request_type: zone-template_dns-list_src_rate-limit_request_type ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **A-cfg** **Description:** A-cfg is a **JSON Block**. Please see below for :ref:`1278_zone-template_dns-list_src_rate-limit_request_type_A-cfg` **Type:** Object **AAAA-cfg** **Description:** AAAA-cfg is a **JSON Block**. Please see below for :ref:`1278_zone-template_dns-list_src_rate-limit_request_type_AAAA-cfg` **Type:** Object **CNAME-cfg** **Description:** CNAME-cfg is a **JSON Block**. Please see below for :ref:`1278_zone-template_dns-list_src_rate-limit_request_type_CNAME-cfg` **Type:** Object **MX-cfg** **Description:** MX-cfg is a **JSON Block**. Please see below for :ref:`1278_zone-template_dns-list_src_rate-limit_request_type_MX-cfg` **Type:** Object **NS-cfg** **Description:** NS-cfg is a **JSON Block**. Please see below for :ref:`1278_zone-template_dns-list_src_rate-limit_request_type_NS-cfg` **Type:** Object **SRV-cfg** **Description:** SRV-cfg is a **JSON Block**. Please see below for :ref:`1278_zone-template_dns-list_src_rate-limit_request_type_SRV-cfg` **Type:** Object **dns-type-cfg** **Type:** List .. _1278_zone-template_dns-list_src_rate-limit_request_type_SRV-cfg: zone-template_dns-list_src_rate-limit_request_type_SRV-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **SRV** **Description** Service locator **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **src-dns-srv-rate** **Description** DNS request rate **Type:** number **Range:** 1-16000000 .. _1278_zone-template_dns-list_src_rate-limit_request_type_CNAME-cfg: zone-template_dns-list_src_rate-limit_request_type_CNAME-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **CNAME** **Description** Canonical name record **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **src-dns-cname-rate** **Description** **Type:** number **Range:** 1-16000000 .. _1278_zone-template_dns-list_src_rate-limit_request_type_dns-type-cfg: zone-template_dns-list_src_rate-limit_request_type_dns-type-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **src-dns-request-type** **Description** Other type value **Type:** number **Range:** 1-65535 **src-dns-request-type-rate** **Description** request rate limit **Type:** number **Range:** 1-16000000 .. _1278_zone-template_dns-list_src_rate-limit_request_type_AAAA-cfg: zone-template_dns-list_src_rate-limit_request_type_AAAA-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **AAAA** **Description** IPv6 address record **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **src-dns-aaaa-rate** **Description** **Type:** number **Range:** 1-16000000 .. _1278_zone-template_dns-list_src_rate-limit_request_type_A-cfg: zone-template_dns-list_src_rate-limit_request_type_A-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **A** **Description** Address record **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **src-dns-a-rate** **Description** **Type:** number **Range:** 1-16000000 .. _1278_zone-template_dns-list_src_rate-limit_request_type_MX-cfg: zone-template_dns-list_src_rate-limit_request_type_MX-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **MX** **Description** Mail exchange record **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **src-dns-mx-rate** **Description** **Type:** number **Range:** 1-16000000 .. _1278_zone-template_dns-list_src_rate-limit_request_type_NS-cfg: zone-template_dns-list_src_rate-limit_request_type_NS-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **NS** **Description** Name server record **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **src-dns-ns-rate** **Description** **Type:** number **Range:** 1-16000000 .. _1278_zone-template_dns-list_src_rate-limit_nxdomain: zone-template_dns-list_src_rate-limit_nxdomain ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dns-nxdomain-rate** **Description** Limiting rate **Type:** number **Range:** 1-16000000 **dns-nxdomain-rate-limit-action** **Description** 'drop': Drop packets (Default); 'ignore': Take no action; 'blacklist-src': Blacklist-src; 'reset': Reset client connection; **Type:** string **Supported Values:** drop, ignore, blacklist-src, reset **Mutual Exclusion:** dns-nxdomain-rate-limit-action and dns-nxdomain-rate-limit-action-list-name are mutually exclusive **dns-nxdomain-rate-limit-action-list-name** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** dns-nxdomain-rate-limit-action-list-name and dns-nxdomain-rate-limit-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` .. _1278_zone-template_dns-list_fqdn-label-count-cfg: zone-template_dns-list_fqdn-label-count-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **fqdn-label-count-action** **Description** 'drop': Drop packets (Default); 'ignore': Take no action; 'blacklist-src': Blacklist-src; 'reset': Send reset to client; **Type:** string **Supported Values:** drop, ignore, blacklist-src, reset **Mutual Exclusion:** fqdn-label-count-action and fqdn-label-count-action-list-name are mutually exclusive **fqdn-label-count-action-list-name** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** fqdn-label-count-action-list-name and fqdn-label-count-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **label-count** **Description** Maximum number of FQDN labels per FQDN **Type:** number **Range:** 1-10 .. _1278_zone-template_dns-list_malformed-query-check: zone-template_dns-list_malformed-query-check ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dns-malformed-query-action** **Description** 'drop': Drop packets (Default); 'ignore': Take no action; 'blacklist-src': Blacklist-src; 'reset': Reset client connection; **Type:** string **Supported Values:** drop, ignore, blacklist-src, reset **Mutual Exclusion:** dns-malformed-query-action and dns-malformed-query-action-list-name are mutually exclusive **dns-malformed-query-action-list-name** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** dns-malformed-query-action-list-name and dns-malformed-query-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **non-query-opcode-check** **Description** 'disable': When malform check is enabled, TPS always drops DNS query with non query opcode, this option disables this opcode check; **Type:** string **Supported Values:** disable **skip-multi-packet-check** **Description** Bypass DNS fragmented and TCP segmented Queries(Default: dropped) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **validation-type** **Description** 'basic-header-check': Basic header validation for DNS TCP/UDP queries; 'extended-header-check': Extended header/query validation for DNS TCP/UDP queries; 'disable': Disable Malform query validation for DNS TCP/UDP; **Type:** string **Supported Values:** basic-header-check, extended-header-check, disable .. _1278_zone-template_dns-list_dst: zone-template_dns-list_dst ^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **rate-limit** **Description:** rate-limit is a **JSON Block**. Please see below for :ref:`1278_zone-template_dns-list_dst_rate-limit` **Type:** Object .. _1278_zone-template_dns-list_dst_rate-limit: zone-template_dns-list_dst_rate-limit ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **domain-group-rate-exceed-action** **Description** 'drop': Drop the query (default); 'tunnel-encap-packet': Encapsulate the query and send on a tunnel; **Type:** string **Supported Values:** drop, tunnel-encap-packet **Default:** drop **domain-group-rate-per-service** **Description** Enable per service domain rate checking **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **encap-template** **Description** DDOS encap template to sepcify the tunnel endpoint **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **fqdn** **Description:** fqdn is a **JSON Block**. Please see below for :ref:`1278_zone-template_dns-list_dst_rate-limit_fqdn` **Type:** Object **request** **Description:** request is a **JSON Block**. Please see below for :ref:`1278_zone-template_dns-list_dst_rate-limit_request` **Type:** Object .. _1278_zone-template_dns-list_dst_rate-limit_request: zone-template_dns-list_dst_rate-limit_request ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dst-dns-request-rate-limit-action** **Description** 'drop': Drop packets (Default); 'ignore': Take no action; 'reset': Reset client connection; 'blacklist-src': Blacklist-src; **Type:** string **Supported Values:** drop, ignore, reset, blacklist-src **Mutual Exclusion:** dst-dns-request-rate-limit-action and dst-dns-request-rate-limit-action-list-name are mutually exclusive **dst-dns-request-rate-limit-action-list-name** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** dst-dns-request-rate-limit-action-list-name and dst-dns-request-rate-limit-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **type** **Description:** type is a **JSON Block**. Please see below for :ref:`1278_zone-template_dns-list_dst_rate-limit_request_type` **Type:** Object .. _1278_zone-template_dns-list_dst_rate-limit_request_type: zone-template_dns-list_dst_rate-limit_request_type ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **A-cfg** **Description:** A-cfg is a **JSON Block**. Please see below for :ref:`1278_zone-template_dns-list_dst_rate-limit_request_type_A-cfg` **Type:** Object **AAAA-cfg** **Description:** AAAA-cfg is a **JSON Block**. Please see below for :ref:`1278_zone-template_dns-list_dst_rate-limit_request_type_AAAA-cfg` **Type:** Object **CNAME-cfg** **Description:** CNAME-cfg is a **JSON Block**. Please see below for :ref:`1278_zone-template_dns-list_dst_rate-limit_request_type_CNAME-cfg` **Type:** Object **MX-cfg** **Description:** MX-cfg is a **JSON Block**. Please see below for :ref:`1278_zone-template_dns-list_dst_rate-limit_request_type_MX-cfg` **Type:** Object **NS-cfg** **Description:** NS-cfg is a **JSON Block**. Please see below for :ref:`1278_zone-template_dns-list_dst_rate-limit_request_type_NS-cfg` **Type:** Object **SRV-cfg** **Description:** SRV-cfg is a **JSON Block**. Please see below for :ref:`1278_zone-template_dns-list_dst_rate-limit_request_type_SRV-cfg` **Type:** Object **dns-type-cfg** **Type:** List .. _1278_zone-template_dns-list_dst_rate-limit_request_type_SRV-cfg: zone-template_dns-list_dst_rate-limit_request_type_SRV-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **SRV** **Description** Service locator **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dns-srv-rate** **Description** DNS request rate **Type:** number **Range:** 1-16000000 .. _1278_zone-template_dns-list_dst_rate-limit_request_type_CNAME-cfg: zone-template_dns-list_dst_rate-limit_request_type_CNAME-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **CNAME** **Description** Canonical name record **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dns-cname-rate** **Description** **Type:** number **Range:** 1-16000000 .. _1278_zone-template_dns-list_dst_rate-limit_request_type_dns-type-cfg: zone-template_dns-list_dst_rate-limit_request_type_dns-type-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **dns-request-type** **Description** Other type value **Type:** number **Range:** 1-65535 **dns-request-type-rate** **Description** request rate limit **Type:** number **Range:** 1-16000000 .. _1278_zone-template_dns-list_dst_rate-limit_request_type_AAAA-cfg: zone-template_dns-list_dst_rate-limit_request_type_AAAA-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **AAAA** **Description** IPv6 address record **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dns-aaaa-rate** **Description** **Type:** number **Range:** 1-16000000 .. _1278_zone-template_dns-list_dst_rate-limit_request_type_A-cfg: zone-template_dns-list_dst_rate-limit_request_type_A-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **A** **Description** Address record **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dns-a-rate** **Description** **Type:** number **Range:** 1-16000000 .. _1278_zone-template_dns-list_dst_rate-limit_request_type_MX-cfg: zone-template_dns-list_dst_rate-limit_request_type_MX-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **MX** **Description** Mail exchange record **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dns-mx-rate** **Description** **Type:** number **Range:** 1-16000000 .. _1278_zone-template_dns-list_dst_rate-limit_request_type_NS-cfg: zone-template_dns-list_dst_rate-limit_request_type_NS-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **NS** **Description** Name server record **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dns-ns-rate** **Description** **Type:** number **Range:** 1-16000000 .. _1278_zone-template_dns-list_dst_rate-limit_fqdn: zone-template_dns-list_dst_rate-limit_fqdn ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dns-fqdn-rate-cfg** **Type:** List **dns-fqdn-rate-limit-action** **Description** 'drop': Drop packets (Default); 'ignore': Take no action; 'reset': Reset client connection; 'blacklist-src': Blacklist-src; **Type:** string **Supported Values:** drop, ignore, reset, blacklist-src **Mutual Exclusion:** dns-fqdn-rate-limit-action and dns-fqdn-rate-limit-action-list-name are mutually exclusive **dns-fqdn-rate-limit-action-list-name** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** dns-fqdn-rate-limit-action-list-name and dns-fqdn-rate-limit-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` .. _1278_zone-template_dns-list_dst_rate-limit_fqdn_dns-fqdn-rate-cfg: zone-template_dns-list_dst_rate-limit_fqdn_dns-fqdn-rate-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **dns-fqdn-rate** **Description** Limiting rate (Range: 5-8000 for FQDN domain based rate limiting, 5-16000000 for FQDN label count based rate limiting) **Type:** number **Range:** 5-16000000 **fqdn-rate-label-count** **Description** FQDN label count (Range: 1-8) **Type:** number **Range:** 1-8 **fqdn-rate-suffix** **Description** Suffix count **Type:** number **Range:** 1-5 **per** **Description** 'domain-name': Domain Name; 'src-ip': Source IP address; 'label-count': FQDN label count; **Type:** string **Supported Values:** domain-name, src-ip, label-count **per-domain-per-src-ip** **Description** Use both Domain Name and Source IP address for rate-limiting **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1278_zone-template_dns-list_allow-record-type: zone-template_dns-list_allow-record-type ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **allow-a-type** **Description** Address record **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **allow-aaaa-type** **Description** IPv6 address record **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **allow-cname-type** **Description** Canonical name record **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **allow-mx-type** **Description** Mail exchange record **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **allow-ns-type** **Description** Name server record **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **allow-record-type-action** **Description** 'drop': Drop packets (Default); 'blacklist-src': Blacklist-src; 'reset': Reset client connection; **Type:** string **Supported Values:** drop, blacklist-src, reset **Mutual Exclusion:** allow-record-type-action and allow-record-type-action-list-name are mutually exclusive **allow-record-type-action-list-name** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** allow-record-type-action-list-name and allow-record-type-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **allow-srv-type** **Description** Service locator **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **record-num-cfg** **Type:** List .. _1278_zone-template_dns-list_allow-record-type_record-num-cfg: zone-template_dns-list_allow-record-type_record-num-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **allow-num-type** **Description** Other record type value **Type:** number **Range:** 1-65535 .. _1278_zone-template_dns-list_allow-query-class: zone-template_dns-list_allow-query-class ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **allow-any-query-class** **Description** ANY query class **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **allow-chaos-query-class** **Description** CHAOS query class **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **allow-csnet-query-class** **Description** CSNET query class **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **allow-hesiod-query-class** **Description** HESIOD query class **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **allow-internet-query-class** **Description** INTERNET query class **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **allow-none-query-class** **Description** NONE query class **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **allow-query-class-action** **Description** 'drop': Drop packets (Default); 'blacklist-src': Blacklist-src; 'reset': Reset client connection; **Type:** string **Supported Values:** drop, blacklist-src, reset **Mutual Exclusion:** allow-query-class-action and allow-query-class-action-list-name are mutually exclusive **allow-query-class-action-list-name** **Description** Configure action-list to take when query class doesn't match **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** allow-query-class-action-list-name and allow-query-class-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` .. _1278_zone-template_dns-list_dns-udp-authentication: zone-template_dns-list_dns-udp-authentication ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dns-udp-auth-fail-action** **Description** 'drop': Drop packets (Default); 'blacklist-src': Blacklist-src; **Type:** string **Supported Values:** drop, blacklist-src **Mutual Exclusion:** dns-udp-auth-fail-action and dns-udp-auth-fail-action-list-name are mutually exclusive **dns-udp-auth-fail-action-list-name** **Description** Configure action-list to take for failing the authentication. (Applicable to dns-udp retry only) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** dns-udp-auth-fail-action-list-name and dns-udp-auth-fail-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **dns-udp-auth-pass-action** **Description** 'authenticate-src': authenticate-src (Default); **Type:** string **Supported Values:** authenticate-src **Mutual Exclusion:** dns-udp-auth-pass-action and dns-udp-auth-pass-action-list-name are mutually exclusive **dns-udp-auth-pass-action-list-name** **Description** Configure action-list to take for passing the authentication **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** dns-udp-auth-pass-action-list-name and dns-udp-auth-pass-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **force-tcp-cfg** **Description:** force-tcp-cfg is a **JSON Block**. Please see below for :ref:`1278_zone-template_dns-list_dns-udp-authentication_force-tcp-cfg` **Type:** Object **min-delay** **Description** Optional minimum delay between DNS retransmits for authentication to pass, unit is specified by min-delay-interval **Type:** number **Range:** 1-80 **Mutual Exclusion:** min-delay and force-tcp are mutually exclusive **min-delay-interval** **Description** '100ms': 100ms; '1sec': 1sec; **Type:** string **Supported Values:** 100ms, 1sec **udp-timeout** **Description** UDP authentication timeout in seconds **Type:** number **Range:** 1-16 **Mutual Exclusion:** udp-timeout and force-tcp are mutually exclusive .. _1278_zone-template_dns-list_dns-udp-authentication_force-tcp-cfg: zone-template_dns-list_dns-udp-authentication_force-tcp-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **force-tcp** **Description** Force DNS request over TCP **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** force-tcp, udp-timeout, and min-delay are mutually exclusive **force-tcp-ignore-client-source-port** **Description** Allow client to retransmit DNS request using different source port during udp-auth (supported in asymmetric mode only) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **force-tcp-min-delay** **Description** Optional minimum delay (seconds) between DNS retransmits for authentication to pass **Type:** number **Range:** 1-15 **force-tcp-timeout** **Description** UDP authentication timeout in seconds **Type:** number **Range:** 1-16 .. _1278_zone-template_dns-list_multi-pu-threshold-distribution: zone-template_dns-list_multi-pu-threshold-distribution ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **multi-pu-threshold-distribution-disable** **Description** 'disable': Destination side rate limit only. Default: Enable; **Type:** string **Supported Values:** disable **Mutual Exclusion:** multi-pu-threshold-distribution-disable and multi-pu-threshold-distribution-value are mutually exclusive **multi-pu-threshold-distribution-value** **Description** Destination side rate limit only. Default: 0 **Type:** number **Range:** 1-16000000 **Mutual Exclusion:** multi-pu-threshold-distribution-value and multi-pu-threshold-distribution-disable are mutually exclusive .. _1278_zone-template_dns-list_fqdn-label-len-cfg: zone-template_dns-list_fqdn-label-len-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **fqdn-label-length-action** **Description** 'drop': Drop packets (Default); 'ignore': Take no action; 'blacklist-src': Blacklist-src; 'reset': Reset client connection; **Type:** string **Supported Values:** drop, ignore, blacklist-src, reset **Mutual Exclusion:** fqdn-label-length-action and fqdn-label-length-action-list-name are mutually exclusive **fqdn-label-length-action-list-name** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** fqdn-label-length-action-list-name and fqdn-label-length-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **fqdn-label-suffix** **Description** Number of suffixes **Type:** number **Range:** 1-5 **label-length** **Description** Maximum length of FQDN label **Type:** number **Range:** 1-63 .. _1278_zone-template_dns-list_symtimeout-cfg: zone-template_dns-list_symtimeout-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **sym-timeout** **Description** Timeout for DNS Symmetric session **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **sym-timeout-value** **Description** Session timeout value in seconds **Type:** number **Range:** 1-31 .. _1278_zone-template_icmp-v4-list: zone-template_icmp-v4-list ^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **filter-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/zone-template/icmp-v4/{icmp-tmpl-name}/filter/{icmp-filter-name} ` **filter-match-type** **Description** 'default': Stop matching on drop/blacklist action; 'stop-on-first-match': Stop matching on first match; **Type:** string **Supported Values:** default, stop-on-first-match **Default:** default **icmp-tmpl-name** **Description** DDOS ICMPv4 Template Name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **type-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/zone-template/icmp-v4/{icmp-tmpl-name}/type/{type-number} ` **type-other** **Description:** type-other is a **JSON Block**. Please see below for :ref:`1278_zone-template_icmp-v4-list_type-other` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/zone-template/icmp-v4/{icmp-tmpl-name}/type-other ` **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_zone-template_icmp-v4-list_type-list: zone-template_icmp-v4-list_type-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **dst-code-other-rate** **Description** Specify the rate with other code **Type:** number **Range:** 1-16000000 **dst-code-other-rate-action** **Description** 'drop': Drop packets for rate exceed (Default); 'blacklist-src': Blacklist-src for rate exceed; 'ignore': Do nothing for rate exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **Mutual Exclusion:** dst-code-other-rate-action and dst-code-other-rate-action-list-name are mutually exclusive **dst-code-other-rate-action-list-name** **Description** Configure action-list to take for rate exceed **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** dst-code-other-rate-action-list-name and dst-code-other-rate-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **icmp-type-action** **Description** 'drop': Reject this ICMP type; 'blacklist-src': Blacklist-src this ICMP type; 'ignore': Ignore this ICMP type; **Type:** string **Supported Values:** drop, blacklist-src, ignore **Mutual Exclusion:** icmp-type-action and icmp-type-action-list-name are mutually exclusive **icmp-type-action-list-name** **Description** Configure action-list to take for this ICMP type **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** icmp-type-action-list-name and icmp-type-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **src-code-other-rate** **Description** Specify the rate with other code **Type:** number **Range:** 1-16000000 **src-code-other-rate-action** **Description** 'drop': Drop packets for rate exceed (Default); 'blacklist-src': Blacklist-src for rate exceed; 'ignore': Do nothing for rate exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **Mutual Exclusion:** src-code-other-rate-action and src-code-other-rate-action-list-name are mutually exclusive **src-code-other-rate-action-list-name** **Description** Configure action-list to take for rate exceed **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** src-code-other-rate-action-list-name and src-code-other-rate-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **type-number** **Description** Specify ICMP type number **Type:** number **Range:** 0-255 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **v4-dst-code-cfg** **Type:** List **v4-dst-rate-cfg** **Description:** v4-dst-rate-cfg is a **JSON Block**. Please see below for :ref:`1278_zone-template_icmp-v4-list_type-list_v4-dst-rate-cfg` **Type:** Object **v4-src-code-cfg** **Type:** List **v4-src-rate-cfg** **Description:** v4-src-rate-cfg is a **JSON Block**. Please see below for :ref:`1278_zone-template_icmp-v4-list_type-list_v4-src-rate-cfg` **Type:** Object .. _1278_zone-template_icmp-v4-list_type-list_v4-src-rate-cfg: zone-template_icmp-v4-list_type-list_v4-src-rate-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **src-type-rate** **Description** Specify the whole src rate for this type **Type:** number **Range:** 1-16000000 **src-type-rate-action** **Description** 'drop': Drop packets for rate exceed (Default); 'blacklist-src': Blacklist-src for rate exceed; 'ignore': Do nothing for rate exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **Mutual Exclusion:** src-type-rate-action and src-type-rate-action-list-name are mutually exclusive **src-type-rate-action-list-name** **Description** Configure action-list to take for rate exceed **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** src-type-rate-action-list-name and src-type-rate-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` .. _1278_zone-template_icmp-v4-list_type-list_v4-dst-code-cfg: zone-template_icmp-v4-list_type-list_v4-dst-code-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **dst-code-number** **Description** Specify the ICMP code for this dst rate **Type:** number **Range:** 0-255 **dst-code-rate** **Description** Specify the rate with the code **Type:** number **Range:** 1-16000000 **dst-code-rate-action** **Description** 'drop': Drop packets for rate exceed (Default); 'blacklist-src': Blacklist-src for rate exceed; 'ignore': Do nothing for rate exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **Mutual Exclusion:** dst-code-rate-action and dst-code-rate-action-list-name are mutually exclusive **dst-code-rate-action-list-name** **Description** Configure action-list to take for rate exceed **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** dst-code-rate-action-list-name and dst-code-rate-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` .. _1278_zone-template_icmp-v4-list_type-list_v4-src-code-cfg: zone-template_icmp-v4-list_type-list_v4-src-code-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **src-code-number** **Description** Specify the ICMP code for this src rate **Type:** number **Range:** 0-255 **src-code-rate** **Description** Specify the rate with the code **Type:** number **Range:** 1-16000000 **src-code-rate-action** **Description** 'drop': Drop packets for rate exceed (Default); 'blacklist-src': Blacklist-src for rate exceed; 'ignore': Do nothing for rate exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **Mutual Exclusion:** src-code-rate-action and src-code-rate-action-list-name are mutually exclusive **src-code-rate-action-list-name** **Description** Configure action-list to take for rate exceed **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** src-code-rate-action-list-name and src-code-rate-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` .. _1278_zone-template_icmp-v4-list_type-list_v4-dst-rate-cfg: zone-template_icmp-v4-list_type-list_v4-dst-rate-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dst-type-rate** **Description** Specify the whole dst rate for this type **Type:** number **Range:** 1-16000000 **dst-type-rate-action** **Description** 'drop': Drop packets for rate exceed (Default); 'blacklist-src': Blacklist-src for rate exceed; 'ignore': Do nothing for rate exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **Mutual Exclusion:** dst-type-rate-action and dst-type-rate-action-list-name are mutually exclusive **dst-type-rate-action-list-name** **Description** Configure action-list to take for rate exceed **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** dst-type-rate-action-list-name and dst-type-rate-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` .. _1278_zone-template_icmp-v4-list_type-other: zone-template_icmp-v4-list_type-other ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dst** **Description:** dst is a **JSON Block**. Please see below for :ref:`1278_zone-template_icmp-v4-list_type-other_dst` **Type:** Object **icmp-type-other-action** **Description** 'drop': Reject wildcard ICMP type; 'blacklist-src': Blacklist-src wildcard ICMP type; 'ignore': Ignore wildcard ICMP type; **Type:** string **Supported Values:** drop, blacklist-src, ignore **Mutual Exclusion:** icmp-type-other-action and icmp-type-other-action-list-name are mutually exclusive **icmp-type-other-action-list-name** **Description** Configure action-list to take for wildcard ICMP match **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** icmp-type-other-action-list-name and icmp-type-other-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **src** **Description:** src is a **JSON Block**. Please see below for :ref:`1278_zone-template_icmp-v4-list_type-other_src` **Type:** Object **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_zone-template_icmp-v4-list_type-other_src: zone-template_icmp-v4-list_type-other_src ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **src-type-other-rate** **Description** Specify the whole src rate for wildcard ICMP type **Type:** number **Range:** 1-16000000 **src-type-other-rate-action** **Description** 'drop': Drop packets for rate exceed (Default); 'blacklist-src': Blacklist-src for rate exceed; 'ignore': Do nothing for rate exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **Mutual Exclusion:** src-type-other-rate-action and src-type-other-rate-action-list-name are mutually exclusive **src-type-other-rate-action-list-name** **Description** Configure action-list to take for rate exceed **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** src-type-other-rate-action-list-name and src-type-other-rate-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` .. _1278_zone-template_icmp-v4-list_type-other_dst: zone-template_icmp-v4-list_type-other_dst ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dst-type-other-rate** **Description** Specify the whole dst rate for wildcard ICMP type **Type:** number **Range:** 1-16000000 **dst-type-other-rate-action** **Description** 'drop': Drop packets for rate exceed (Default); 'blacklist-src': Blacklist-src for rate exceed; 'ignore': Do nothing for rate exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **Mutual Exclusion:** dst-type-other-rate-action and dst-type-other-rate-action-list-name are mutually exclusive **dst-type-other-rate-action-list-name** **Description** Configure action-list to take for rate exceed **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** dst-type-other-rate-action-list-name and dst-type-other-rate-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` .. _1278_zone-template_icmp-v4-list_filter-list: zone-template_icmp-v4-list_filter-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **byte-offset-filter** **Description** filter using Berkeley packet filter syntax **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **icmp-filter-action** **Description** 'drop': Drop packets (Default); 'ignore': Take no action; 'blacklist-src': Blacklist-src; **Type:** string **Supported Values:** drop, ignore, blacklist-src **Default:** drop **Mutual Exclusion:** icmp-filter-action and icmp-filter-action-list-name are mutually exclusive **icmp-filter-action-list-name** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** icmp-filter-action-list-name and icmp-filter-action are mutually exclusive **icmp-filter-inverse-match** **Description** Inverse the result of matching **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **icmp-filter-name** **Description** **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **icmp-filter-regex** **Description** Regex Expression **Type:** string **Format:** string-rlx **Maximum Length:** 1275 characters **Maximum Length:** 1 characters **icmp-filter-seq** **Description** sequence number **Type:** number **Range:** 1-200 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_zone-template_encap-list: zone-template_encap-list ^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **encap-tmpl-name** **Description** DDOS Tunnel Template Name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **preserve-source-ip** **Description** Use original source ip for encapsulation **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **tunnel-encap** **Description:** tunnel-encap is a **JSON Block**. Please see below for :ref:`1278_zone-template_encap-list_tunnel-encap` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_zone-template_encap-list_tunnel-encap: zone-template_encap-list_tunnel-encap ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **gre-cfg** **Description:** gre-cfg is a **JSON Block**. Please see below for :ref:`1278_zone-template_encap-list_tunnel-encap_gre-cfg` **Type:** Object **ip-cfg** **Description:** ip-cfg is a **JSON Block**. Please see below for :ref:`1278_zone-template_encap-list_tunnel-encap_ip-cfg` **Type:** Object .. _1278_zone-template_encap-list_tunnel-encap_ip-cfg: zone-template_encap-list_tunnel-encap_ip-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **always** **Description:** always is a **JSON Block**. Please see below for :ref:`1278_zone-template_encap-list_tunnel-encap_ip-cfg_always` **Type:** Object **ip-encap** **Description** Enable Tunnel encapsulation using IP in IP **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1278_zone-template_encap-list_tunnel-encap_ip-cfg_always: zone-template_encap-list_tunnel-encap_ip-cfg_always ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **ipv4-addr** **Description** IPv4 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.) **Type:** string **Format:** ipv4-address **ipv6-addr** **Description** IPv6 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.) **Type:** string **Format:** ipv6-address .. _1278_zone-template_encap-list_tunnel-encap_gre-cfg: zone-template_encap-list_tunnel-encap_gre-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **gre-always** **Description:** gre-always is a **JSON Block**. Please see below for :ref:`1278_zone-template_encap-list_tunnel-encap_gre-cfg_gre-always` **Type:** Object **gre-encap** **Description** Enable Tunnel encapsulation using GRE **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1278_zone-template_encap-list_tunnel-encap_gre-cfg_gre-always: zone-template_encap-list_tunnel-encap_gre-cfg_gre-always ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **gre-ipv4** **Description** IPv4 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.) **Type:** string **Format:** ipv4-address **gre-ipv6** **Description** IPv6 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.) **Type:** string **Format:** ipv6-address **key-ipv4** **Description** Encapsulate with key (Hexadecimal 0x0-0xFFFFFFFF,decimal 0-4294967295) **Type:** string **Maximum Length:** 10 characters **Maximum Length:** 1 characters **key-ipv6** **Description** Encapsulate with key (Hexadecimal 0x0-0xFFFFFFFF,decimal 0-4294967295) **Type:** string **Maximum Length:** 10 characters **Maximum Length:** 1 characters .. _1278_zone-template_udp-list: zone-template_udp-list ^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **age** **Description** Configure session age(in minutes) for UDP sessions **Type:** number **Range:** 1-63 **Default:** 2 **filter-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/zone-template/udp/{name}/filter/{udp-filter-name} ` **filter-match-type** **Description** 'default': Stop matching on drop/blacklist action; 'stop-on-first-match': Stop matching on first match; **Type:** string **Supported Values:** default, stop-on-first-match **Default:** default **known-resp-src-port-cfg** **Description:** known-resp-src-port-cfg is a **JSON Block**. Please see below for :ref:`1278_zone-template_udp-list_known-resp-src-port-cfg` **Type:** Object **max-payload-size-cfg** **Description:** max-payload-size-cfg is a **JSON Block**. Please see below for :ref:`1278_zone-template_udp-list_max-payload-size-cfg` **Type:** Object **min-payload-size-cfg** **Description:** min-payload-size-cfg is a **JSON Block**. Please see below for :ref:`1278_zone-template_udp-list_min-payload-size-cfg` **Type:** Object **name** **Description** DDOS UDP Template Name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **ntp-monlist-cfg** **Description:** ntp-monlist-cfg is a **JSON Block**. Please see below for :ref:`1278_zone-template_udp-list_ntp-monlist-cfg` **Type:** Object **per-conn-pkt-rate-cfg** **Description:** per-conn-pkt-rate-cfg is a **JSON Block**. Please see below for :ref:`1278_zone-template_udp-list_per-conn-pkt-rate-cfg` **Type:** Object **per-conn-rate-interval** **Description** '100ms': 100ms; '1sec': 1sec; **Type:** string **Supported Values:** 100ms, 1sec **Default:** 1sec **previous-salt-timeout** **Description** Token-Authentication previous salt-prefix timeout in minutes, default is 1 min **Type:** number **Range:** 1-10080 **Default:** 1 **public-ipv4-addr** **Description** IP address **Type:** string **Format:** ipv4-address **public-ipv6-addr** **Description** IPV6 address **Type:** string **Format:** ipv6-address **spoof-detect-fail-action** **Description** 'drop': Drop packets (Default); 'blacklist-src': Blacklist-src for spoof-detect fail; **Type:** string **Supported Values:** drop, blacklist-src **Mutual Exclusion:** spoof-detect-fail-action and spoof-detect-fail-action-list-name are mutually exclusive **spoof-detect-fail-action-list-name** **Description** Configure action-list to take for failing the authentication **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** spoof-detect-fail-action-list-name and spoof-detect-fail-action are mutually exclusive **spoof-detect-min-delay** **Description** Optional minimum delay between UDP retransmits for authentication to pass, unit is specified by min-delay-interval **Type:** number **Range:** 1-80 **spoof-detect-min-delay-interval** **Description** '100ms': 100ms; '1sec': 1sec; **Type:** string **Supported Values:** 100ms, 1sec **Default:** 1sec **spoof-detect-pass-action** **Description** 'authenticate-src': authenticate-src (Default); **Type:** string **Supported Values:** authenticate-src **Mutual Exclusion:** spoof-detect-pass-action and spoof-detect-pass-action-list-name are mutually exclusive **spoof-detect-pass-action-list-name** **Description** Configure action-list to take for passing the authentication **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** spoof-detect-pass-action-list-name and spoof-detect-pass-action are mutually exclusive **spoof-detect-retry-timeout** **Description** Timeout in seconds **Type:** number **Range:** 1-31 **token-authentication** **Description** Enable Token Authentication **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **token-authentication-formula** **Description** 'md5_Salt-SrcIp-SrcPort-DstIp-DstPort': md5 of Salt-SrcIp-SrcPort-DstIp-DstPort; 'md5_Salt-DstIp-DstPort': md5 of Salt-DstIp-DstPort; 'md5_Salt-SrcIp-DstIp': md5 of Salt-SrcIp-DstIp; 'md5_Salt-SrcPort-DstPort': md5 of Salt-SrcPort-DstPort; 'md5_Salt-UintDstIp-DstPort': Using the uint value of IP for md5 of Salt-DstIp-DstPort; 'sha1_Salt-SrcIp-SrcPort-DstIp-DstPort': sha1 of Salt-SrcIp-SrcPort-DstIp-DstPort; 'sha1_Salt-DstIp-DstPort': sha1 of Salt-DstIp-DstPort; 'sha1_Salt-SrcIp-DstIp': sha1 of Salt-SrcIp-DstIp; 'sha1_Salt-SrcPort-DstPort': sha1 of Salt-SrcPort-DstPort; 'sha1_Salt-UintDstIp-DstPort': Using the uint value of IP for sha1 of Salt-DstIp-DstPort; **Type:** string **Supported Values:** md5_Salt-SrcIp-SrcPort-DstIp-DstPort, md5_Salt-DstIp-DstPort, md5_Salt-SrcIp-DstIp, md5_Salt-SrcPort-DstPort, md5_Salt-UintDstIp-DstPort, sha1_Salt-SrcIp-SrcPort-DstIp-DstPort, sha1_Salt-DstIp-DstPort, sha1_Salt-SrcIp-DstIp, sha1_Salt-SrcPort-DstPort, sha1_Salt-UintDstIp-DstPort **token-authentication-hw-assist-disable** **Description** token-authentication disable hardware assistance **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **token-authentication-public-address** **Description** The server public IP address **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **token-authentication-salt-prefix** **Description** token-authentication salt-prefix **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **token-authentication-salt-prefix-curr** **Description** **Type:** number **Range:** 1-4294967295 **token-authentication-salt-prefix-prev** **Description** **Type:** number **Range:** 1-4294967295 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_zone-template_udp-list_ntp-monlist-cfg: zone-template_udp-list_ntp-monlist-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **ntp-monlist** **Description** Take action for ntp monlist request/response **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **ntp-monlist-action** **Description** 'drop': Drop packets for ntp-monlist (Default); 'blacklist-src': Blacklist-src for ntp-monlist; 'ignore': Ignore ntp-monlist; **Type:** string **Supported Values:** drop, blacklist-src, ignore **Default:** drop **Mutual Exclusion:** ntp-monlist-action and ntp-monlist-action-list-name are mutually exclusive **ntp-monlist-action-list-name** **Description** Configure action-list to take for ntp-monlist **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** ntp-monlist-action-list-name and ntp-monlist-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` .. _1278_zone-template_udp-list_known-resp-src-port-cfg: zone-template_udp-list_known-resp-src-port-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **exclude-src-resp-port** **Description** Exclude src port equal to dst port **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **known-resp-src-port** **Description** Take action if src-port is less than 1024 **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **known-resp-src-port-action** **Description** 'drop': Drop packets from well-known src-port(Default); 'blacklist-src': Blacklist-src from well-known src-port; 'ignore': Ignore well-known src-port; **Type:** string **Supported Values:** drop, blacklist-src, ignore **Mutual Exclusion:** known-resp-src-port-action and known-resp-src-port-action-list-name are mutually exclusive **known-resp-src-port-action-list-name** **Description** Configure action-list to take for well-known src-port **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** known-resp-src-port-action-list-name and known-resp-src-port-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` .. _1278_zone-template_udp-list_per-conn-pkt-rate-cfg: zone-template_udp-list_per-conn-pkt-rate-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **per-conn-pkt-rate-action** **Description** 'drop': Drop packets for per-conn-pkt-rate exceed (Default); 'blacklist-src': help Blacklist-src for per-conn-pkt-rate exceed; 'ignore': Ignore per-conn-pkt-rate-exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **Default:** drop **Mutual Exclusion:** per-conn-pkt-rate-action and per-conn-pkt-rate-action-list-name are mutually exclusive **per-conn-pkt-rate-action-list-name** **Description** Configure action-list to take for per-conn-pkt-rate exceed **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** per-conn-pkt-rate-action-list-name and per-conn-pkt-rate-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **per-conn-pkt-rate-limit** **Description** Packet rate limit per connection per rate-interval **Type:** number **Range:** 1-16000000 .. _1278_zone-template_udp-list_min-payload-size-cfg: zone-template_udp-list_min-payload-size-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **min-payload-size** **Description** Minimum UDP payload size for each single packet **Type:** number **Range:** 1-1470 **min-payload-size-action** **Description** 'drop': Drop packets for min-payload-size (Default); 'blacklist-src': Blacklist-src for min-payload-size; 'ignore': Do nothing for min-payload-size exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **Default:** drop **Mutual Exclusion:** min-payload-size-action and min-payload-size-action-list-name are mutually exclusive **min-payload-size-action-list-name** **Description** Configure action-list to take for min-payload-size exceed **Type:** string **Format:** string-rlx **Maximum Length:** 64 characters **Maximum Length:** 1 characters **Mutual Exclusion:** min-payload-size-action-list-name and min-payload-size-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` .. _1278_zone-template_udp-list_filter-list: zone-template_udp-list_filter-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **byte-offset-filter** **Description** Filter using Berkeley Packet Filter syntax **Type:** string **Format:** string-rlx **Maximum Length:** 1275 characters **Maximum Length:** 1 characters **udp-filter-action** **Description** 'drop': Drop packets (Default); 'ignore': Take no action; 'blacklist-src': Blacklist-src; 'authenticate-src': Authenticate-src; **Type:** string **Supported Values:** drop, ignore, blacklist-src, authenticate-src **Default:** drop **Mutual Exclusion:** udp-filter-action and udp-filter-action-list-name are mutually exclusive **udp-filter-action-list-name** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** udp-filter-action-list-name and udp-filter-action are mutually exclusive **udp-filter-inverse-match** **Description** Inverse the result of the matching **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **udp-filter-name** **Description** **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **udp-filter-regex** **Description** Regex Expression **Type:** string **Format:** string-rlx **Maximum Length:** 1275 characters **Maximum Length:** 1 characters **udp-filter-seq** **Description** Sequence number **Type:** number **Range:** 1-200 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_zone-template_udp-list_max-payload-size-cfg: zone-template_udp-list_max-payload-size-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **max-payload-size** **Description** Maximum UDP payload size for each single packet **Type:** number **Range:** 1-1470 **max-payload-size-action** **Description** 'drop': Drop packets for max-payload-size exceed (Default); 'blacklist-src': Blacklist-src for max-payload-size exceed; 'ignore': Do nothing for max-payload-size exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **Default:** drop **Mutual Exclusion:** max-payload-size-action and max-payload-size-action-list-name are mutually exclusive **max-payload-size-action-list-name** **Description** Configure action-list to take for max-payload-size exceed **Type:** string **Format:** string-rlx **Maximum Length:** 64 characters **Maximum Length:** 1 characters **Mutual Exclusion:** max-payload-size-action-list-name and max-payload-size-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` .. _1278_zone-template_http-list: zone-template_http-list ^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **challenge** **Description:** challenge is a **JSON Block**. Please see below for :ref:`1278_zone-template_http-list_challenge` **Type:** Object **client-source-ip** **Description:** client-source-ip is a **JSON Block**. Please see below for :ref:`1278_zone-template_http-list_client-source-ip` **Type:** Object **disable** **Description** Disable this template **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **disallow-connect-method** **Description** Do not allow HTTP Connect method (asymmetric mode only) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dst** **Description:** dst is a **JSON Block**. Please see below for :ref:`1278_zone-template_http-list_dst` **Type:** Object **filter-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/zone-template/http/{http-tmpl-name}/filter/{http-filter-name} ` **http-tmpl-name** **Description** DDOS HTTP Template Name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **idle-timeout** **Description:** idle-timeout is a **JSON Block**. Please see below for :ref:`1278_zone-template_http-list_idle-timeout` **Type:** Object **malformed-http** **Description:** malformed-http is a **JSON Block**. Please see below for :ref:`1278_zone-template_http-list_malformed-http` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/zone-template/http/{http-tmpl-name}/malformed-http ` **mss-timeout** **Description:** mss-timeout is a **JSON Block**. Please see below for :ref:`1278_zone-template_http-list_mss-timeout` **Type:** Object **multi-pu-threshold-distribution** **Description:** multi-pu-threshold-distribution is a **JSON Block**. Please see below for :ref:`1278_zone-template_http-list_multi-pu-threshold-distribution` **Type:** Object **non-http-bypass** **Description** Bypass non-http traffic instead of dropping **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **out-of-order-queue-size** **Description** Set the number of packets for the out-of-order HTTP queue (asym mode only) **Type:** number **Range:** 0-15 **Default:** 3 **out-of-order-queue-timeout** **Description** Set the timeout value in seconds for out-of-order queue in HTTP (asym mode only) **Type:** number **Range:** 0-15 **Default:** 3 **request-header** **Description:** request-header is a **JSON Block**. Please see below for :ref:`1278_zone-template_http-list_request-header` **Type:** Object **slow-read** **Description:** slow-read is a **JSON Block**. Please see below for :ref:`1278_zone-template_http-list_slow-read` **Type:** Object **src** **Description:** src is a **JSON Block**. Please see below for :ref:`1278_zone-template_http-list_src` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_zone-template_http-list_client-source-ip: zone-template_http-list_client-source-ip ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **client-source-ip** **Description** Mitigate on src ip specified by http header for example X-Forwarded-For header. Default is disabled **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **http-header-name** **Description** Set the http header name to parse for client ip. Default is X-Forwarded-For **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Default:** X-Forwarded-For .. _1278_zone-template_http-list_dst: zone-template_http-list_dst ^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **rate-limit** **Description:** rate-limit is a **JSON Block**. Please see below for :ref:`1278_zone-template_http-list_dst_rate-limit` **Type:** Object .. _1278_zone-template_http-list_dst_rate-limit: zone-template_http-list_dst_rate-limit ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **http-post** **Description:** http-post is a **JSON Block**. Please see below for :ref:`1278_zone-template_http-list_dst_rate-limit_http-post` **Type:** Object **http-request** **Description:** http-request is a **JSON Block**. Please see below for :ref:`1278_zone-template_http-list_dst_rate-limit_http-request` **Type:** Object **response-size** **Description:** response-size is a **JSON Block**. Please see below for :ref:`1278_zone-template_http-list_dst_rate-limit_response-size` **Type:** Object .. _1278_zone-template_http-list_dst_rate-limit_response-size: zone-template_http-list_dst_rate-limit_response-size ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **between-cfg** **Type:** List **greater-cfg** **Type:** List **less-cfg** **Type:** List **response-size-action** **Description** 'drop': Drop packets (Default); 'ignore': Take no action; 'blacklist-src': Blacklist-src; 'reset': Reset client connection; **Type:** string **Supported Values:** drop, ignore, blacklist-src, reset **Mutual Exclusion:** response-size-action and response-size-action-list-name are mutually exclusive **response-size-action-list-name** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** response-size-action-list-name and response-size-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` .. _1278_zone-template_http-list_dst_rate-limit_response-size_between-cfg: zone-template_http-list_dst_rate-limit_response-size_between-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **obj-between-rate** **Description** Response rate limit **Type:** number **Range:** 1-16000000 **obj-between1** **Description** Response size configuration **Type:** number **Range:** 1-16000000 **obj-between2** **Description** Response size configuration **Type:** number **Range:** 1-16000000 .. _1278_zone-template_http-list_dst_rate-limit_response-size_greater-cfg: zone-template_http-list_dst_rate-limit_response-size_greater-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **obj-greater** **Description** Response size configuration **Type:** number **Range:** 1-16000000 **obj-greater-rate** **Description** Response rate limit **Type:** number **Range:** 1-16000000 .. _1278_zone-template_http-list_dst_rate-limit_response-size_less-cfg: zone-template_http-list_dst_rate-limit_response-size_less-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **obj-less** **Description** Response size configuration **Type:** number **Range:** 1-16000000 **obj-less-rate** **Description** Response rate limit **Type:** number **Range:** 1-16000000 .. _1278_zone-template_http-list_dst_rate-limit_http-post: zone-template_http-list_dst_rate-limit_http-post ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dst-post-rate-limit** **Description** **Type:** number **Range:** 1-16000000 **dst-post-rate-limit-action** **Description** 'drop': Drop packets(Default); 'ignore': Take no action; 'reset': Reset client connection; 'blacklist-src': Blacklist-src; **Type:** string **Supported Values:** drop, ignore, reset, blacklist-src **Default:** drop **Mutual Exclusion:** dst-post-rate-limit-action and dst-post-rate-limit-action-list-name are mutually exclusive **dst-post-rate-limit-action-list-name** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** dst-post-rate-limit-action-list-name and dst-post-rate-limit-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` .. _1278_zone-template_http-list_dst_rate-limit_http-request: zone-template_http-list_dst_rate-limit_http-request ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dst-request-rate** **Description** **Type:** number **Range:** 1-16000000 **dst-request-rate-limit-action** **Description** 'drop': Drop packets (Default); 'ignore': Take no action; 'reset': Reset client connection; 'blacklist-src': Blacklist-src; **Type:** string **Supported Values:** drop, ignore, reset, blacklist-src **Default:** drop **Mutual Exclusion:** dst-request-rate-limit-action and dst-request-rate-limit-action-list-name are mutually exclusive **dst-request-rate-limit-action-list-name** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** dst-request-rate-limit-action-list-name and dst-request-rate-limit-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` .. _1278_zone-template_http-list_src: zone-template_http-list_src ^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **rate-limit** **Description:** rate-limit is a **JSON Block**. Please see below for :ref:`1278_zone-template_http-list_src_rate-limit` **Type:** Object .. _1278_zone-template_http-list_src_rate-limit: zone-template_http-list_src_rate-limit ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **http-post** **Description:** http-post is a **JSON Block**. Please see below for :ref:`1278_zone-template_http-list_src_rate-limit_http-post` **Type:** Object **http-request** **Description:** http-request is a **JSON Block**. Please see below for :ref:`1278_zone-template_http-list_src_rate-limit_http-request` **Type:** Object .. _1278_zone-template_http-list_src_rate-limit_http-post: zone-template_http-list_src_rate-limit_http-post ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **src-post-rate-limit** **Description** **Type:** number **Range:** 1-16000000 **src-post-rate-limit-action** **Description** 'drop': Drop packets(Default); 'ignore': Take no action; 'reset': Reset client connection; 'blacklist-src': Blacklist-src; **Type:** string **Supported Values:** drop, ignore, reset, blacklist-src **Default:** drop **Mutual Exclusion:** src-post-rate-limit-action and src-post-rate-limit-action-list-name are mutually exclusive **src-post-rate-limit-action-list-name** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** src-post-rate-limit-action-list-name and src-post-rate-limit-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` .. _1278_zone-template_http-list_src_rate-limit_http-request: zone-template_http-list_src_rate-limit_http-request ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **src-request-rate** **Description** **Type:** number **Range:** 1-16000000 **src-request-rate-limit-action** **Description** 'drop': Drop packets (Default); 'ignore': Take no action; 'reset': Reset client connection; 'blacklist-src': Blacklist-src; **Type:** string **Supported Values:** drop, ignore, reset, blacklist-src **Default:** drop **Mutual Exclusion:** src-request-rate-limit-action and src-request-rate-limit-action-list-name are mutually exclusive **src-request-rate-limit-action-list-name** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** src-request-rate-limit-action-list-name and src-request-rate-limit-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` .. _1278_zone-template_http-list_challenge: zone-template_http-list_challenge ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **challenge-cookie-name** **Description** Set the cookie name used to send back to client. Default is sto-idd **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Default:** sto-idd **challenge-fail-action** **Description** 'blacklist-src': Blacklist-src; 'reset': Reset client connection(Default); **Type:** string **Supported Values:** blacklist-src, reset **Default:** reset **Mutual Exclusion:** challenge-fail-action and challenge-fail-action-list-name are mutually exclusive **challenge-fail-action-list-name** **Description** Configure action-list to take for failing the authentication **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** challenge-fail-action-list-name and challenge-fail-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **challenge-interval** **Description** Specify the challenge interval. Default is 8 seconds **Type:** number **Range:** 1-31 **Default:** 8 **challenge-keep-cookie** **Description** Keep the challenge cookie from client and forward to backend. Default is do not keep **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **challenge-method** **Description** 'http-redirect': http-redirect; 'javascript': javascript; **Type:** string **Supported Values:** http-redirect, javascript **challenge-pass-action** **Description** 'authenticate-src': Authenticate-src (Default); **Type:** string **Supported Values:** authenticate-src **Mutual Exclusion:** challenge-pass-action and challenge-pass-action-list-name are mutually exclusive **challenge-pass-action-list-name** **Description** Configure action-list to take for passing the authentication **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** challenge-pass-action-list-name and challenge-pass-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **challenge-redirect-code** **Description** '302': 302 Found; '307': 307 Temporary Redirect; **Type:** string **Supported Values:** 302, 307 **Default:** 302 **challenge-uri-encode** **Description** Encode the challenge phrase in uri instead of in http cookie. Default encoded in http cookie **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1278_zone-template_http-list_idle-timeout: zone-template_http-list_idle-timeout ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **idle-timeout-action** **Description** 'drop': Drop packets (Default); 'blacklist-src': Blacklist-src; 'reset': Reset client connection; **Type:** string **Supported Values:** drop, blacklist-src, reset **Mutual Exclusion:** idle-timeout-action and idle-timeout-action-list-name are mutually exclusive **idle-timeout-action-list-name** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** idle-timeout-action-list-name and idle-timeout-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **idle-timeout-value** **Description** Set the the idle timeout value in seconds for HTTP connections **Type:** number **Range:** 1-63 **ignore-zero-payload** **Description** Don't reset idle timer on packets with zero payload length from clients **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1278_zone-template_http-list_slow-read: zone-template_http-list_slow-read ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **min-window-count** **Description** Number of packets **Type:** number **Range:** 1-31 **min-window-size** **Description** minimum window size **Type:** number **Range:** 1-65535 **slow-read-action** **Description** 'drop': Drop packets (Default); 'blacklist-src': Blacklist-src; 'ignore': Take no action; 'reset': Reset client connection; **Type:** string **Supported Values:** drop, blacklist-src, ignore, reset **Mutual Exclusion:** slow-read-action and slow-read-action-list-name are mutually exclusive **slow-read-action-list-name** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** slow-read-action-list-name and slow-read-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` .. _1278_zone-template_http-list_multi-pu-threshold-distribution: zone-template_http-list_multi-pu-threshold-distribution ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **multi-pu-threshold-distribution-disable** **Description** 'disable': Destination side rate limit only. Default: Enable; **Type:** string **Supported Values:** disable **Mutual Exclusion:** multi-pu-threshold-distribution-disable and multi-pu-threshold-distribution-value are mutually exclusive **multi-pu-threshold-distribution-value** **Description** Destination side rate limit only. Default: 0 **Type:** number **Range:** 1-16000000 **Mutual Exclusion:** multi-pu-threshold-distribution-value and multi-pu-threshold-distribution-disable are mutually exclusive .. _1278_zone-template_http-list_filter-list: zone-template_http-list_filter-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **dst** **Description:** dst is a **JSON Block**. Please see below for :ref:`1278_zone-template_http-list_filter-list_dst` **Type:** Object **http-agent-cfg** **Description:** http-agent-cfg is a **JSON Block**. Please see below for :ref:`1278_zone-template_http-list_filter-list_http-agent-cfg` **Type:** Object **http-filter-action** **Description** 'drop': Drop packets (Default); 'ignore': Take no action; 'blacklist-src': Blacklist-src; 'authenticate-src': Authenticate-src; 'reset': Reset client connection; **Type:** string **Supported Values:** drop, ignore, blacklist-src, authenticate-src, reset **Mutual Exclusion:** http-filter-action and http-filter-action-list-name are mutually exclusive **http-filter-action-list-name** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** http-filter-action-list-name and http-filter-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **http-filter-name** **Description** **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **http-filter-seq** **Description** Sequence number **Type:** number **Range:** 1-200 **http-header-cfg** **Description:** http-header-cfg is a **JSON Block**. Please see below for :ref:`1278_zone-template_http-list_filter-list_http-header-cfg` **Type:** Object **http-referer-cfg** **Description:** http-referer-cfg is a **JSON Block**. Please see below for :ref:`1278_zone-template_http-list_filter-list_http-referer-cfg` **Type:** Object **http-uri-cfg** **Description:** http-uri-cfg is a **JSON Block**. Please see below for :ref:`1278_zone-template_http-list_filter-list_http-uri-cfg` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_zone-template_http-list_filter-list_http-uri-cfg: zone-template_http-list_filter-list_http-uri-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uri-contains-cfg** **Type:** List **uri-ends-cfg** **Type:** List **uri-equal-cfg** **Type:** List **uri-starts-cfg** **Type:** List .. _1278_zone-template_http-list_filter-list_http-uri-cfg_uri-equal-cfg: zone-template_http-list_filter-list_http-uri-cfg_uri-equal-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **http-filter-uri-equals** **Description** **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters .. _1278_zone-template_http-list_filter-list_http-uri-cfg_uri-starts-cfg: zone-template_http-list_filter-list_http-uri-cfg_uri-starts-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **http-filter-uri-starts-with** **Description** **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters .. _1278_zone-template_http-list_filter-list_http-uri-cfg_uri-ends-cfg: zone-template_http-list_filter-list_http-uri-cfg_uri-ends-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **http-filter-uri-ends-with** **Description** **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters .. _1278_zone-template_http-list_filter-list_http-uri-cfg_uri-contains-cfg: zone-template_http-list_filter-list_http-uri-cfg_uri-contains-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **http-filter-uri-contains** **Description** **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters .. _1278_zone-template_http-list_filter-list_dst: zone-template_http-list_filter-list_dst ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **http-filter-rate-limit** **Description** Set rate limit **Type:** number **Range:** 1-16000000 .. _1278_zone-template_http-list_filter-list_http-agent-cfg: zone-template_http-list_filter-list_http-agent-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **agent-contains-cfg** **Type:** List **agent-ends-cfg** **Type:** List **agent-equals-cfg** **Type:** List **agent-starts-cfg** **Type:** List .. _1278_zone-template_http-list_filter-list_http-agent-cfg_agent-contains-cfg: zone-template_http-list_filter-list_http-agent-cfg_agent-contains-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **http-filter-agent-contains** **Description** **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _1278_zone-template_http-list_filter-list_http-agent-cfg_agent-ends-cfg: zone-template_http-list_filter-list_http-agent-cfg_agent-ends-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **http-filter-agent-ends-with** **Description** **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _1278_zone-template_http-list_filter-list_http-agent-cfg_agent-equals-cfg: zone-template_http-list_filter-list_http-agent-cfg_agent-equals-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **http-filter-agent-equals** **Description** **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _1278_zone-template_http-list_filter-list_http-agent-cfg_agent-starts-cfg: zone-template_http-list_filter-list_http-agent-cfg_agent-starts-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **http-filter-agent-starts-with** **Description** **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _1278_zone-template_http-list_filter-list_http-header-cfg: zone-template_http-list_filter-list_http-header-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **http-filter-header-inverse-match** **Description** **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **http-filter-header-regex** **Description** Regex Expression **Type:** string **Format:** string-rlx **Maximum Length:** 1275 characters **Maximum Length:** 1 characters .. _1278_zone-template_http-list_filter-list_http-referer-cfg: zone-template_http-list_filter-list_http-referer-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **referer-contains-cfg** **Type:** List **referer-ends-cfg** **Type:** List **referer-equals-cfg** **Type:** List **referer-starts-cfg** **Type:** List .. _1278_zone-template_http-list_filter-list_http-referer-cfg_referer-equals-cfg: zone-template_http-list_filter-list_http-referer-cfg_referer-equals-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **http-filter-referer-equals** **Description** **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _1278_zone-template_http-list_filter-list_http-referer-cfg_referer-starts-cfg: zone-template_http-list_filter-list_http-referer-cfg_referer-starts-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **http-filter-referer-starts-with** **Description** **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _1278_zone-template_http-list_filter-list_http-referer-cfg_referer-contains-cfg: zone-template_http-list_filter-list_http-referer-cfg_referer-contains-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **http-filter-referer-contains** **Description** **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _1278_zone-template_http-list_filter-list_http-referer-cfg_referer-ends-cfg: zone-template_http-list_filter-list_http-referer-cfg_referer-ends-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **http-filter-referer-ends-with** **Description** **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _1278_zone-template_http-list_mss-timeout: zone-template_http-list_mss-timeout ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **mss-percent** **Description** Configure percentage of mss such that if a packet size is below the mss times mss-percent, packet is considered bad. **Type:** number **Range:** 1-100 **mss-timeout-action** **Description** 'drop': Drop packets (Default); 'ignore': Take no action; 'blacklist-src': Blacklist-src; 'reset': Reset client connection; **Type:** string **Supported Values:** drop, ignore, blacklist-src, reset **Mutual Exclusion:** mss-timeout-action and mss-timeout-action-list-name are mutually exclusive **mss-timeout-action-list-name** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** mss-timeout-action-list-name and mss-timeout-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **number-packets** **Description** Specify percentage of mss. Default is 0, mss-timeout is not enabled. **Type:** number **Range:** 1-31 .. _1278_zone-template_http-list_malformed-http: zone-template_http-list_malformed-http ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **malformed-http** **Description** 'check': Configure malformed HTTP parameters; **Type:** string **Supported Values:** check **Default:** check **malformed-http-action** **Description** 'drop': Drop packets (Default); 'reset': Reset client connection; 'blacklist-src': Blacklist-src; **Type:** string **Supported Values:** drop, reset, blacklist-src **Mutual Exclusion:** malformed-http-action and malformed-http-action-list-name are mutually exclusive **malformed-http-action-list-name** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** malformed-http-action-list-name and malformed-http-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **malformed-http-bad-chunk-mon-enabled** **Description** Enabling bad chunk monitoring. Default is disabled **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **malformed-http-max-content-length** **Description** Set the maxinum content-length header. Default value is 4294967295 bytes **Type:** number **Range:** 1-4294967295 **Default:** 4294967295 **malformed-http-max-header-name-size** **Description** Set the maxinum header name length. Default value is 64. **Type:** number **Range:** 1-64 **Default:** 64 **malformed-http-max-line-size** **Description** Set the maximum line size. Default value is 32512 **Type:** number **Range:** 1-65280 **Default:** 32512 **malformed-http-max-num-headers** **Description** Set the maximum number of headers. Default value is 90 **Type:** number **Range:** 1-90 **Default:** 90 **malformed-http-max-req-line-size** **Description** Set the maximum request line size. Default value is 32512 **Type:** number **Range:** 1-65280 **Default:** 32512 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_zone-template_http-list_request-header: zone-template_http-list_request-header ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **header-timeout-action** **Description** 'drop': Drop packets (Default); 'blacklist-src': Blacklist-src; 'reset': Reset client connection; **Type:** string **Supported Values:** drop, blacklist-src, reset **Default:** drop **Mutual Exclusion:** header-timeout-action and header-timeout-action-list-name are mutually exclusive **header-timeout-action-list-name** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** header-timeout-action-list-name and header-timeout-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **timeout** **Description** **Type:** number **Range:** 1-63 .. _1278_zone-template_sip-list: zone-template_sip-list ^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **dst** **Description:** dst is a **JSON Block**. Please see below for :ref:`1278_zone-template_sip-list_dst` **Type:** Object **filter-header-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/zone-template/sip/{sip-tmpl-name}/filter-header/{sip-filter-name} ` **idle-timeout** **Description:** idle-timeout is a **JSON Block**. Please see below for :ref:`1278_zone-template_sip-list_idle-timeout` **Type:** Object **malformed-sip** **Description:** malformed-sip is a **JSON Block**. Please see below for :ref:`1278_zone-template_sip-list_malformed-sip` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/zone-template/sip/{sip-tmpl-name}/malformed-sip ` **multi-pu-threshold-distribution** **Description:** multi-pu-threshold-distribution is a **JSON Block**. Please see below for :ref:`1278_zone-template_sip-list_multi-pu-threshold-distribution` **Type:** Object **sip-tmpl-name** **Description** DDOS SIP Template Name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **src** **Description:** src is a **JSON Block**. Please see below for :ref:`1278_zone-template_sip-list_src` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_zone-template_sip-list_src: zone-template_sip-list_src ^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **sip-request-rate-limit** **Description:** sip-request-rate-limit is a **JSON Block**. Please see below for :ref:`1278_zone-template_sip-list_src_sip-request-rate-limit` **Type:** Object .. _1278_zone-template_sip-list_src_sip-request-rate-limit: zone-template_sip-list_src_sip-request-rate-limit ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **method** **Description:** method is a **JSON Block**. Please see below for :ref:`1278_zone-template_sip-list_src_sip-request-rate-limit_method` **Type:** Object **src-sip-rate-action** **Description** 'drop': Drop packets(Default); 'ignore': Take no action; 'reset': Reset (sip-tcp) client connection; 'blacklist-src': Blacklist-src; **Type:** string **Supported Values:** drop, ignore, reset, blacklist-src **Default:** drop **Mutual Exclusion:** src-sip-rate-action and src-sip-rate-action-list-name are mutually exclusive **src-sip-rate-action-list-name** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** src-sip-rate-action-list-name and src-sip-rate-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` .. _1278_zone-template_sip-list_src_sip-request-rate-limit_method: zone-template_sip-list_src_sip-request-rate-limit_method ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **bye-cfg** **Description:** bye-cfg is a **JSON Block**. Please see below for :ref:`1278_zone-template_sip-list_src_sip-request-rate-limit_method_bye-cfg` **Type:** Object **invite-cfg** **Description:** invite-cfg is a **JSON Block**. Please see below for :ref:`1278_zone-template_sip-list_src_sip-request-rate-limit_method_invite-cfg` **Type:** Object **message-cfg** **Description:** message-cfg is a **JSON Block**. Please see below for :ref:`1278_zone-template_sip-list_src_sip-request-rate-limit_method_message-cfg` **Type:** Object **notify-cfg** **Description:** notify-cfg is a **JSON Block**. Please see below for :ref:`1278_zone-template_sip-list_src_sip-request-rate-limit_method_notify-cfg` **Type:** Object **options-cfg** **Description:** options-cfg is a **JSON Block**. Please see below for :ref:`1278_zone-template_sip-list_src_sip-request-rate-limit_method_options-cfg` **Type:** Object **refer-cfg** **Description:** refer-cfg is a **JSON Block**. Please see below for :ref:`1278_zone-template_sip-list_src_sip-request-rate-limit_method_refer-cfg` **Type:** Object **register-cfg** **Description:** register-cfg is a **JSON Block**. Please see below for :ref:`1278_zone-template_sip-list_src_sip-request-rate-limit_method_register-cfg` **Type:** Object **subscribe-cfg** **Description:** subscribe-cfg is a **JSON Block**. Please see below for :ref:`1278_zone-template_sip-list_src_sip-request-rate-limit_method_subscribe-cfg` **Type:** Object **update-cfg** **Description:** update-cfg is a **JSON Block**. Please see below for :ref:`1278_zone-template_sip-list_src_sip-request-rate-limit_method_update-cfg` **Type:** Object .. _1278_zone-template_sip-list_src_sip-request-rate-limit_method_options-cfg: zone-template_sip-list_src_sip-request-rate-limit_method_options-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **OPTIONS** **Description** OPTIONS method **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **src-sip-options-rate** **Description** **Type:** number **Range:** 1-16000000 .. _1278_zone-template_sip-list_src_sip-request-rate-limit_method_refer-cfg: zone-template_sip-list_src_sip-request-rate-limit_method_refer-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **REFER** **Description** REFER method **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **src-sip-refer-rate** **Description** **Type:** number **Range:** 1-16000000 .. _1278_zone-template_sip-list_src_sip-request-rate-limit_method_bye-cfg: zone-template_sip-list_src_sip-request-rate-limit_method_bye-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **BYE** **Description** BYE method **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **src-sip-bye-rate** **Description** **Type:** number **Range:** 1-16000000 .. _1278_zone-template_sip-list_src_sip-request-rate-limit_method_subscribe-cfg: zone-template_sip-list_src_sip-request-rate-limit_method_subscribe-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **SUBSCRIBE** **Description** SUBSCRIBE method **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **src-sip-subscribe-rate** **Description** **Type:** number **Range:** 1-16000000 .. _1278_zone-template_sip-list_src_sip-request-rate-limit_method_register-cfg: zone-template_sip-list_src_sip-request-rate-limit_method_register-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **REGISTER** **Description** REGISTER method **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **src-sip-register-rate** **Description** **Type:** number **Range:** 1-16000000 .. _1278_zone-template_sip-list_src_sip-request-rate-limit_method_invite-cfg: zone-template_sip-list_src_sip-request-rate-limit_method_invite-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **INVITE** **Description** INVITE method **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **src-sip-invite-rate** **Description** **Type:** number **Range:** 1-16000000 .. _1278_zone-template_sip-list_src_sip-request-rate-limit_method_message-cfg: zone-template_sip-list_src_sip-request-rate-limit_method_message-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **MESSAGE** **Description** MESSAGE method **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **src-sip-message-rate** **Description** **Type:** number **Range:** 1-16000000 .. _1278_zone-template_sip-list_src_sip-request-rate-limit_method_update-cfg: zone-template_sip-list_src_sip-request-rate-limit_method_update-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **UPDATE** **Description** UPDATE method **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **src-sip-update-rate** **Description** **Type:** number **Range:** 1-16000000 .. _1278_zone-template_sip-list_src_sip-request-rate-limit_method_notify-cfg: zone-template_sip-list_src_sip-request-rate-limit_method_notify-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **NOTIFY** **Description** NOTIFY method **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **src-sip-notify-rate** **Description** **Type:** number **Range:** 1-16000000 .. _1278_zone-template_sip-list_dst: zone-template_sip-list_dst ^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **sip-request-rate-limit** **Description:** sip-request-rate-limit is a **JSON Block**. Please see below for :ref:`1278_zone-template_sip-list_dst_sip-request-rate-limit` **Type:** Object .. _1278_zone-template_sip-list_dst_sip-request-rate-limit: zone-template_sip-list_dst_sip-request-rate-limit ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dst-sip-rate-action** **Description** 'drop': Drop packets(Default); 'ignore': Take no action; 'reset': Reset (sip-tcp) client connection; 'blacklist-src': Blacklist-src; **Type:** string **Supported Values:** drop, ignore, reset, blacklist-src **Default:** drop **Mutual Exclusion:** dst-sip-rate-action and dst-sip-rate-action-list-name are mutually exclusive **dst-sip-rate-action-list-name** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** dst-sip-rate-action-list-name and dst-sip-rate-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **method** **Description:** method is a **JSON Block**. Please see below for :ref:`1278_zone-template_sip-list_dst_sip-request-rate-limit_method` **Type:** Object .. _1278_zone-template_sip-list_dst_sip-request-rate-limit_method: zone-template_sip-list_dst_sip-request-rate-limit_method ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **bye-cfg** **Description:** bye-cfg is a **JSON Block**. Please see below for :ref:`1278_zone-template_sip-list_dst_sip-request-rate-limit_method_bye-cfg` **Type:** Object **invite-cfg** **Description:** invite-cfg is a **JSON Block**. Please see below for :ref:`1278_zone-template_sip-list_dst_sip-request-rate-limit_method_invite-cfg` **Type:** Object **message-cfg** **Description:** message-cfg is a **JSON Block**. Please see below for :ref:`1278_zone-template_sip-list_dst_sip-request-rate-limit_method_message-cfg` **Type:** Object **notify-cfg** **Description:** notify-cfg is a **JSON Block**. Please see below for :ref:`1278_zone-template_sip-list_dst_sip-request-rate-limit_method_notify-cfg` **Type:** Object **options-cfg** **Description:** options-cfg is a **JSON Block**. Please see below for :ref:`1278_zone-template_sip-list_dst_sip-request-rate-limit_method_options-cfg` **Type:** Object **refer-cfg** **Description:** refer-cfg is a **JSON Block**. Please see below for :ref:`1278_zone-template_sip-list_dst_sip-request-rate-limit_method_refer-cfg` **Type:** Object **register-cfg** **Description:** register-cfg is a **JSON Block**. Please see below for :ref:`1278_zone-template_sip-list_dst_sip-request-rate-limit_method_register-cfg` **Type:** Object **subscribe-cfg** **Description:** subscribe-cfg is a **JSON Block**. Please see below for :ref:`1278_zone-template_sip-list_dst_sip-request-rate-limit_method_subscribe-cfg` **Type:** Object **update-cfg** **Description:** update-cfg is a **JSON Block**. Please see below for :ref:`1278_zone-template_sip-list_dst_sip-request-rate-limit_method_update-cfg` **Type:** Object .. _1278_zone-template_sip-list_dst_sip-request-rate-limit_method_options-cfg: zone-template_sip-list_dst_sip-request-rate-limit_method_options-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **OPTIONS** **Description** OPTIONS method **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dst-sip-options-rate** **Description** **Type:** number **Range:** 1-16000000 .. _1278_zone-template_sip-list_dst_sip-request-rate-limit_method_refer-cfg: zone-template_sip-list_dst_sip-request-rate-limit_method_refer-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **REFER** **Description** REFER method **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dst-sip-refer-rate** **Description** **Type:** number **Range:** 1-16000000 .. _1278_zone-template_sip-list_dst_sip-request-rate-limit_method_bye-cfg: zone-template_sip-list_dst_sip-request-rate-limit_method_bye-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **BYE** **Description** BYE method **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dst-sip-bye-rate** **Description** **Type:** number **Range:** 1-16000000 .. _1278_zone-template_sip-list_dst_sip-request-rate-limit_method_subscribe-cfg: zone-template_sip-list_dst_sip-request-rate-limit_method_subscribe-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **SUBSCRIBE** **Description** SUBSCRIBE method **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dst-sip-subscribe-rate** **Description** **Type:** number **Range:** 1-16000000 .. _1278_zone-template_sip-list_dst_sip-request-rate-limit_method_register-cfg: zone-template_sip-list_dst_sip-request-rate-limit_method_register-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **REGISTER** **Description** REGISTER method **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dst-sip-register-rate** **Description** **Type:** number **Range:** 1-16000000 .. _1278_zone-template_sip-list_dst_sip-request-rate-limit_method_invite-cfg: zone-template_sip-list_dst_sip-request-rate-limit_method_invite-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **INVITE** **Description** INVITE method **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dst-sip-invite-rate** **Description** **Type:** number **Range:** 1-16000000 .. _1278_zone-template_sip-list_dst_sip-request-rate-limit_method_message-cfg: zone-template_sip-list_dst_sip-request-rate-limit_method_message-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **MESSAGE** **Description** MESSAGE method **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dst-sip-message-rate** **Description** **Type:** number **Range:** 1-16000000 .. _1278_zone-template_sip-list_dst_sip-request-rate-limit_method_update-cfg: zone-template_sip-list_dst_sip-request-rate-limit_method_update-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **UPDATE** **Description** UPDATE method **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dst-sip-update-rate** **Description** **Type:** number **Range:** 1-16000000 .. _1278_zone-template_sip-list_dst_sip-request-rate-limit_method_notify-cfg: zone-template_sip-list_dst_sip-request-rate-limit_method_notify-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **NOTIFY** **Description** NOTIFY method **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dst-sip-notify-rate** **Description** **Type:** number **Range:** 1-16000000 .. _1278_zone-template_sip-list_idle-timeout: zone-template_sip-list_idle-timeout ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **idle-timeout-action** **Description** 'drop': Drop packets (Default); 'blacklist-src': Blacklist-src; 'reset': Reset (sip-tcp) client connection; **Type:** string **Supported Values:** drop, blacklist-src, reset **Mutual Exclusion:** idle-timeout-action and idle-timeout-action-list-name are mutually exclusive **idle-timeout-action-list-name** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** idle-timeout-action-list-name and idle-timeout-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **idle-timeout-value** **Description** Set the the idle timeout value for SIP-TCP connections **Type:** number **Range:** 1-63 **ignore-zero-payload** **Description** Don't reset idle timer on packets with zero payload length from clients **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1278_zone-template_sip-list_multi-pu-threshold-distribution: zone-template_sip-list_multi-pu-threshold-distribution ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **multi-pu-threshold-distribution-disable** **Description** 'disable': Destination side rate limit only. Default: Enable; **Type:** string **Supported Values:** disable **Mutual Exclusion:** multi-pu-threshold-distribution-disable and multi-pu-threshold-distribution-value are mutually exclusive **multi-pu-threshold-distribution-value** **Description** Destination side rate limit only. Default: 0 **Type:** number **Range:** 1-16000000 **Mutual Exclusion:** multi-pu-threshold-distribution-value and multi-pu-threshold-distribution-disable are mutually exclusive .. _1278_zone-template_sip-list_malformed-sip: zone-template_sip-list_malformed-sip ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **malformed-sip-action** **Description** 'drop': Drop packets (Default); 'reset': Reset (sip-tcp) client connection; 'blacklist-src': Blacklist-src; **Type:** string **Supported Values:** drop, reset, blacklist-src **Default:** drop **Mutual Exclusion:** malformed-sip-action and malformed-sip-action-list-name are mutually exclusive **malformed-sip-action-list-name** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** malformed-sip-action-list-name and malformed-sip-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **malformed-sip-call-id-max-length** **Description** Set the maximum call-id length. Default value is 32511 **Type:** number **Range:** 1-32511 **Default:** 32511 **malformed-sip-check** **Description** 'enable-check': Enable malformed SIP parameters; **Type:** string **Supported Values:** enable-check **malformed-sip-max-header-name-length** **Description** Set the maximum header name length. Default value is 63 **Type:** number **Range:** 1-63 **Default:** 63 **malformed-sip-max-header-value-length** **Description** Set the maximum header value length. Default value is 32511 **Type:** number **Range:** 1-32511 **Default:** 32511 **malformed-sip-max-line-size** **Description** Set the maximum line size. Default value is 32511 **Type:** number **Range:** 1-32511 **Default:** 32511 **malformed-sip-max-uri-length** **Description** Set the maximum uri size. Default value is 32511 **Type:** number **Range:** 1-32511 **Default:** 32511 **malformed-sip-sdp-max-length** **Description** Set the maxinum SDP content length. Default value is 32511 **Type:** number **Range:** 1-32511 **Default:** 32511 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_zone-template_sip-list_filter-header-list: zone-template_sip-list_filter-header-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **sip-filter-action** **Description** 'drop': Drop packets (Default); 'ignore': Take no action; 'blacklist-src': Blacklist-src; 'authenticate-src': Authenticate-src; 'reset': Reset client connection(for sip-tcp); **Type:** string **Supported Values:** drop, ignore, blacklist-src, authenticate-src, reset **Mutual Exclusion:** sip-filter-action and sip-filter-action-list-name are mutually exclusive **sip-filter-action-list-name** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** sip-filter-action-list-name and sip-filter-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **sip-filter-header-seq** **Description** Sequence number **Type:** number **Range:** 1-200 **sip-filter-name** **Description** **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **sip-header-cfg** **Description:** sip-header-cfg is a **JSON Block**. Please see below for :ref:`1278_zone-template_sip-list_filter-header-list_sip-header-cfg` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_zone-template_sip-list_filter-header-list_sip-header-cfg: zone-template_sip-list_filter-header-list_sip-header-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **sip-filter-header-inverse-match** **Description** **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **sip-filter-header-regex** **Description** Regex Expression **Type:** string **Format:** string-rlx **Maximum Length:** 1275 characters **Maximum Length:** 1 characters .. _1278_zone-template_icmp-v6-list: zone-template_icmp-v6-list ^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **filter-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/zone-template/icmp-v6/{icmp-tmpl-name}/filter/{icmp-filter-name} ` **filter-match-type** **Description** 'default': Stop matching on drop/blacklist action; 'stop-on-first-match': Stop matching on first match; **Type:** string **Supported Values:** default, stop-on-first-match **Default:** default **icmp-tmpl-name** **Description** DDOS ICMPv6 Template Name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **type-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/zone-template/icmp-v6/{icmp-tmpl-name}/type/{type-number} ` **type-other** **Description:** type-other is a **JSON Block**. Please see below for :ref:`1278_zone-template_icmp-v6-list_type-other` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/zone-template/icmp-v6/{icmp-tmpl-name}/type-other ` **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_zone-template_icmp-v6-list_type-list: zone-template_icmp-v6-list_type-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **dst-code-other-rate** **Description** Specify the rate with other code **Type:** number **Range:** 1-16000000 **dst-code-other-rate-action** **Description** 'drop': Drop packets for rate exceed (Default); 'blacklist-src': Blacklist-src for rate exceed; 'ignore': Do nothing for rate exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **Mutual Exclusion:** dst-code-other-rate-action and dst-code-other-rate-action-list-name are mutually exclusive **dst-code-other-rate-action-list-name** **Description** Configure action-list to take for rate exceed **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** dst-code-other-rate-action-list-name and dst-code-other-rate-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **icmp-type-action** **Description** 'drop': Reject this ICMP type; 'blacklist-src': Blacklist-src this ICMP type; 'ignore': Ignore this ICMP type; **Type:** string **Supported Values:** drop, blacklist-src, ignore **Mutual Exclusion:** icmp-type-action and icmp-type-action-list-name are mutually exclusive **icmp-type-action-list-name** **Description** Configure action-list to take for this ICMP type **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** icmp-type-action-list-name and icmp-type-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **src-code-other-rate** **Description** Specify the rate with other code **Type:** number **Range:** 1-16000000 **src-code-other-rate-action** **Description** 'drop': Drop packets for rate exceed (Default); 'blacklist-src': Blacklist-src for rate exceed; 'ignore': Do nothing for rate exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **Mutual Exclusion:** src-code-other-rate-action and src-code-other-rate-action-list-name are mutually exclusive **src-code-other-rate-action-list-name** **Description** Configure action-list to take for rate exceed **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** src-code-other-rate-action-list-name and src-code-other-rate-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **type-number** **Description** Specify ICMP type number **Type:** number **Range:** 0-255 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **v6-dst-code-cfg** **Type:** List **v6-dst-rate-cfg** **Description:** v6-dst-rate-cfg is a **JSON Block**. Please see below for :ref:`1278_zone-template_icmp-v6-list_type-list_v6-dst-rate-cfg` **Type:** Object **v6-src-code-cfg** **Type:** List **v6-src-rate-cfg** **Description:** v6-src-rate-cfg is a **JSON Block**. Please see below for :ref:`1278_zone-template_icmp-v6-list_type-list_v6-src-rate-cfg` **Type:** Object .. _1278_zone-template_icmp-v6-list_type-list_v6-dst-rate-cfg: zone-template_icmp-v6-list_type-list_v6-dst-rate-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dst-type-rate** **Description** Specify the whole dst rate for this type **Type:** number **Range:** 1-16000000 **dst-type-rate-action** **Description** 'drop': Drop packets for rate exceed (Default); 'blacklist-src': Blacklist-src for rate exceed; 'ignore': Do nothing for rate exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **Mutual Exclusion:** dst-type-rate-action and dst-type-rate-action-list-name are mutually exclusive **dst-type-rate-action-list-name** **Description** Configure action-list to take for rate exceed **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** dst-type-rate-action-list-name and dst-type-rate-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` .. _1278_zone-template_icmp-v6-list_type-list_v6-src-rate-cfg: zone-template_icmp-v6-list_type-list_v6-src-rate-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **src-type-rate** **Description** Specify the whole src rate for this type **Type:** number **Range:** 1-16000000 **src-type-rate-action** **Description** 'drop': Drop packets for rate exceed (Default); 'blacklist-src': Blacklist-src for rate exceed; 'ignore': Do nothing for rate exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **Mutual Exclusion:** src-type-rate-action and src-type-rate-action-list-name are mutually exclusive **src-type-rate-action-list-name** **Description** Configure action-list to take for rate exceed **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** src-type-rate-action-list-name and src-type-rate-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` .. _1278_zone-template_icmp-v6-list_type-list_v6-src-code-cfg: zone-template_icmp-v6-list_type-list_v6-src-code-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **src-code-number** **Description** Specify the ICMP code for this src rate **Type:** number **Range:** 0-255 **src-code-rate** **Description** Specify the rate with the code **Type:** number **Range:** 1-16000000 **src-code-rate-action** **Description** 'drop': Drop packets for rate exceed (Default); 'blacklist-src': Blacklist-src for rate exceed; 'ignore': Do nothing for rate exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **Mutual Exclusion:** src-code-rate-action and src-code-rate-action-list-name are mutually exclusive **src-code-rate-action-list-name** **Description** Configure action-list to take for rate exceed **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** src-code-rate-action-list-name and src-code-rate-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` .. _1278_zone-template_icmp-v6-list_type-list_v6-dst-code-cfg: zone-template_icmp-v6-list_type-list_v6-dst-code-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **dst-code-number** **Description** Specify the ICMP code for this dst rate **Type:** number **Range:** 0-255 **dst-code-rate** **Description** Specify the rate with the code **Type:** number **Range:** 1-16000000 **dst-code-rate-action** **Description** 'drop': Drop packets for rate exceed (Default); 'blacklist-src': Blacklist-src for rate exceed; 'ignore': Do nothing for rate exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **Mutual Exclusion:** dst-code-rate-action and dst-code-rate-action-list-name are mutually exclusive **dst-code-rate-action-list-name** **Description** Configure action-list to take for rate exceed **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** dst-code-rate-action-list-name and dst-code-rate-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` .. _1278_zone-template_icmp-v6-list_type-other: zone-template_icmp-v6-list_type-other ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dst** **Description:** dst is a **JSON Block**. Please see below for :ref:`1278_zone-template_icmp-v6-list_type-other_dst` **Type:** Object **icmp-type-other-action** **Description** 'drop': Reject wildcard ICMP type; 'blacklist-src': Blacklist-src wildcard ICMP type; 'ignore': Ignore wildcard ICMP type; **Type:** string **Supported Values:** drop, blacklist-src, ignore **Mutual Exclusion:** icmp-type-other-action and icmp-type-other-action-list-name are mutually exclusive **icmp-type-other-action-list-name** **Description** Configure action-list to take for wildcard ICMP match **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** icmp-type-other-action-list-name and icmp-type-other-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **src** **Description:** src is a **JSON Block**. Please see below for :ref:`1278_zone-template_icmp-v6-list_type-other_src` **Type:** Object **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_zone-template_icmp-v6-list_type-other_src: zone-template_icmp-v6-list_type-other_src ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **src-type-other-rate** **Description** Specify the whole src rate for wildcard ICMP type **Type:** number **Range:** 1-16000000 **src-type-other-rate-action** **Description** 'drop': Drop packets for rate exceed (Default); 'blacklist-src': Blacklist-src for rate exceed; 'ignore': Do nothing for rate exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **Mutual Exclusion:** src-type-other-rate-action and src-type-other-rate-action-list-name are mutually exclusive **src-type-other-rate-action-list-name** **Description** Configure action-list to take for rate exceed **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** src-type-other-rate-action-list-name and src-type-other-rate-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` .. _1278_zone-template_icmp-v6-list_type-other_dst: zone-template_icmp-v6-list_type-other_dst ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dst-type-other-rate** **Description** Specify the whole dst rate for wildcard ICMP type **Type:** number **Range:** 1-16000000 **dst-type-other-rate-action** **Description** 'drop': Drop packets for rate exceed (Default); 'blacklist-src': Blacklist-src for rate exceed; 'ignore': Do nothing for rate exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **Mutual Exclusion:** dst-type-other-rate-action and dst-type-other-rate-action-list-name are mutually exclusive **dst-type-other-rate-action-list-name** **Description** Configure action-list to take for rate exceed **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** dst-type-other-rate-action-list-name and dst-type-other-rate-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` .. _1278_zone-template_icmp-v6-list_filter-list: zone-template_icmp-v6-list_filter-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **byte-offset-filter** **Description** filter using Berkeley packet filter syntax **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **icmp-filter-action** **Description** 'drop': Drop packets (Default); 'ignore': Take no action; 'blacklist-src': Blacklist-src; **Type:** string **Supported Values:** drop, ignore, blacklist-src **Default:** drop **Mutual Exclusion:** icmp-filter-action and icmp-filter-action-list-name are mutually exclusive **icmp-filter-action-list-name** **Description** list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** icmp-filter-action-list-name and icmp-filter-action are mutually exclusive **icmp-filter-inverse-match** **Description** Inverse the result of matching **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **icmp-filter-name** **Description** **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **icmp-filter-regex** **Description** Regex Expression **Type:** string **Format:** string-rlx **Maximum Length:** 1275 characters **Maximum Length:** 1 characters **icmp-filter-seq** **Description** sequence number **Type:** number **Range:** 1-200 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_interface-http-health-check: interface-http-health-check ^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **challenge-method** **Description** 'http-redirect': http-redirect; 'javascript': javascript; **Type:** string **Supported Values:** http-redirect, javascript **challenge-redirect-code** **Description** '302': 302 Found; '307': 307 Temporary Redirect; **Type:** string **Supported Values:** 302, 307 **Default:** 302 **challenge-uri-encode** **Description** Encode the challenge phrase in uri instead of in http cookie. Default encoded in http cookie **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **enable** **Description** 'enable': enable; **Type:** string **Supported Values:** enable **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_zone-profile-list: zone-profile-list ^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **ip-proto** **Description:** ip-proto is a **JSON Block**. Please see below for :ref:`1278_zone-profile-list_ip-proto` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/zone-profile/{profile-name}/ip-proto ` **port-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/zone-profile/{profile-name}/port/{port-num}+{port-protocol} ` **port-range-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/zone-profile/{profile-name}/port-range/{port-range-start}+{port-range-end}+{protocol} ` **profile-name** **Description** Profile for DDoS zone thresholds **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_zone-profile-list_port-list: zone-profile-list_port-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **indicator-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/zone-profile/{profile-name}/port/{port-num}+{port-protocol}/indicator/{indicator-name} ` **port-num** **Description** Port Number **Type:** number **Range:** 1-65535 **port-protocol** **Description** 'dns-tcp': dns-tcp; 'dns-udp': dns-udp; 'sip-tcp': sip-tcp; 'sip-udp': sip-udp; 'http': http; 'tcp': tcp; 'udp': udp; 'ssl-l4': ssl-l4; 'quic': quic; **Type:** string **Supported Values:** dns-tcp, dns-udp, sip-tcp, sip-udp, http, tcp, udp, ssl-l4, quic **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_zone-profile-list_port-list_indicator-list: zone-profile-list_port-list_indicator-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **indicator-name** **Description** 'pkt-rate': pkt-rate; 'pkt-drop-rate': pkt-drop-rate; 'bit-rate': bit-rate; 'pkt-drop-ratio': pkt-drop-ratio; 'bytes-to-bytes-from-ratio': bytes-to-bytes-from-ratio; 'concurrent-conns': concurrent-conns; 'conn-miss-rate': conn-miss-rate; 'syn-rate': syn-rate; 'fin-rate': fin-rate; 'rst-rate': rst-rate; 'small-window-ack-rate': small-window-ack-rate; 'empty-ack-rate': empty-ack-rate; 'small-payload-rate': small-payload-rate; 'syn-fin-ratio': syn-fin-ratio; 'cpu-utilization': cpu-utilization; 'interface-utilization': interface-utilization; **Type:** string **Supported Values:** pkt-rate, pkt-drop-rate, bit-rate, pkt-drop-ratio, bytes-to-bytes-from-ratio, concurrent-conns, conn-miss-rate, syn-rate, fin-rate, rst-rate, small-window-ack-rate, empty-ack-rate, small-payload-rate, syn-fin-ratio, cpu-utilization, interface-utilization **src-threshold-cfg** **Description:** src-threshold-cfg is a **JSON Block**. Please see below for :ref:`1278_zone-profile-list_port-list_indicator-list_src-threshold-cfg` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-threshold-cfg** **Description:** zone-threshold-cfg is a **JSON Block**. Please see below for :ref:`1278_zone-profile-list_port-list_indicator-list_zone-threshold-cfg` **Type:** Object .. _1278_zone-profile-list_port-list_indicator-list_src-threshold-cfg: zone-profile-list_port-list_indicator-list_src-threshold-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **src-threshold-large-num** **Description** Indicator per-src threshold **Type:** number **Range:** 1-10995116277760 **src-threshold-num** **Description** Indicator per-src threshold **Type:** number **Range:** 1-2147483647 **src-threshold-str** **Description** Indicator per-src threshold (Non-zero floating point) **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1278_zone-profile-list_port-list_indicator-list_zone-threshold-cfg: zone-profile-list_port-list_indicator-list_zone-threshold-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **zone-threshold-large-num** **Description** Threshold for the entire zone **Type:** number **Range:** 1-10995116277760 **zone-threshold-num** **Description** Threshold for the entire zone **Type:** number **Range:** 1-2147483647 **zone-threshold-str** **Description** Threshold for the entire zone (Non-zero floating point) **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1278_zone-profile-list_ip-proto: zone-profile-list_ip-proto ^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **proto-name-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/zone-profile/{profile-name}/ip-proto/proto-name/{protocol} ` **proto-number-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/zone-profile/{profile-name}/ip-proto/proto-number/{protocol-num} ` .. _1278_zone-profile-list_ip-proto_proto-number-list: zone-profile-list_ip-proto_proto-number-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **indicator-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/zone-profile/{profile-name}/ip-proto/proto-number/{protocol-num}/indicator/{indicator-name} ` **protocol-num** **Description** Protocol Number **Type:** number **Range:** 0-255 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_zone-profile-list_ip-proto_proto-number-list_indicator-list: zone-profile-list_ip-proto_proto-number-list_indicator-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **indicator-name** **Description** 'pkt-rate': pkt-rate; 'pkt-drop-rate': pkt-drop-rate; 'bit-rate': bit-rate; 'pkt-drop-ratio': pkt-drop-ratio; 'bytes-to-bytes-from-ratio': bytes-to-bytes-from-ratio; 'frag-rate': frag-rate; 'cpu-utilization': cpu-utilization; 'interface-utilization': interface-utilization; **Type:** string **Supported Values:** pkt-rate, pkt-drop-rate, bit-rate, pkt-drop-ratio, bytes-to-bytes-from-ratio, frag-rate, cpu-utilization, interface-utilization **src-threshold-cfg** **Description:** src-threshold-cfg is a **JSON Block**. Please see below for :ref:`1278_zone-profile-list_ip-proto_proto-number-list_indicator-list_src-threshold-cfg` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-threshold-cfg** **Description:** zone-threshold-cfg is a **JSON Block**. Please see below for :ref:`1278_zone-profile-list_ip-proto_proto-number-list_indicator-list_zone-threshold-cfg` **Type:** Object .. _1278_zone-profile-list_ip-proto_proto-number-list_indicator-list_src-threshold-cfg: zone-profile-list_ip-proto_proto-number-list_indicator-list_src-threshold-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **src-threshold-large-num** **Description** Indicator per-src threshold **Type:** number **Range:** 1-10995116277760 **src-threshold-num** **Description** Indicator per-src threshold **Type:** number **Range:** 1-2147483647 **src-threshold-str** **Description** Indicator per-src threshold (Non-zero floating point) **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1278_zone-profile-list_ip-proto_proto-number-list_indicator-list_zone-threshold-cfg: zone-profile-list_ip-proto_proto-number-list_indicator-list_zone-threshold-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **zone-threshold-large-num** **Description** Threshold for the entire zone **Type:** number **Range:** 1-10995116277760 **zone-threshold-num** **Description** Threshold for the entire zone **Type:** number **Range:** 1-2147483647 **zone-threshold-str** **Description** Threshold for the entire zone (Non-zero floating point) **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1278_zone-profile-list_ip-proto_proto-name-list: zone-profile-list_ip-proto_proto-name-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **indicator-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/zone-profile/{profile-name}/ip-proto/proto-name/{protocol}/indicator/{indicator-name} ` **protocol** **Description** 'icmp-v4': ip-proto icmp-v4; 'icmp-v6': ip-proto icmp-v6; 'gre': ip-proto gre; 'ipv4-encap': ip-proto IPv4 Encapsulation; 'ipv6-encap': ip-proto IPv6 Encapsulation; **Type:** string **Supported Values:** icmp-v4, icmp-v6, gre, ipv4-encap, ipv6-encap **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_zone-profile-list_ip-proto_proto-name-list_indicator-list: zone-profile-list_ip-proto_proto-name-list_indicator-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **indicator-name** **Description** 'pkt-rate': pkt-rate; 'pkt-drop-rate': pkt-drop-rate; 'bit-rate': bit-rate; 'pkt-drop-ratio': pkt-drop-ratio; 'bytes-to-bytes-from-ratio': bytes-to-bytes-from-ratio; 'frag-rate': frag-rate; 'cpu-utilization': cpu-utilization; 'interface-utilization': interface-utilization; **Type:** string **Supported Values:** pkt-rate, pkt-drop-rate, bit-rate, pkt-drop-ratio, bytes-to-bytes-from-ratio, frag-rate, cpu-utilization, interface-utilization **src-threshold-cfg** **Description:** src-threshold-cfg is a **JSON Block**. Please see below for :ref:`1278_zone-profile-list_ip-proto_proto-name-list_indicator-list_src-threshold-cfg` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-threshold-cfg** **Description:** zone-threshold-cfg is a **JSON Block**. Please see below for :ref:`1278_zone-profile-list_ip-proto_proto-name-list_indicator-list_zone-threshold-cfg` **Type:** Object .. _1278_zone-profile-list_ip-proto_proto-name-list_indicator-list_src-threshold-cfg: zone-profile-list_ip-proto_proto-name-list_indicator-list_src-threshold-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **src-threshold-large-num** **Description** Indicator per-src threshold **Type:** number **Range:** 1-10995116277760 **src-threshold-num** **Description** Indicator per-src threshold **Type:** number **Range:** 1-2147483647 **src-threshold-str** **Description** Indicator per-src threshold (Non-zero floating point) **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1278_zone-profile-list_ip-proto_proto-name-list_indicator-list_zone-threshold-cfg: zone-profile-list_ip-proto_proto-name-list_indicator-list_zone-threshold-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **zone-threshold-large-num** **Description** Threshold for the entire zone **Type:** number **Range:** 1-10995116277760 **zone-threshold-num** **Description** Threshold for the entire zone **Type:** number **Range:** 1-2147483647 **zone-threshold-str** **Description** Threshold for the entire zone (Non-zero floating point) **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1278_zone-profile-list_port-range-list: zone-profile-list_port-range-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **indicator-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/zone-profile/{profile-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/indicator/{indicator-name} ` **port-range-end** **Description** Port-Range End Port Number **Type:** number **Range:** 2-65535 **port-range-start** **Description** Port-Range Start Port Number **Type:** number **Range:** 1-65535 **protocol** **Description** 'dns-tcp': DNS-TCP Port; 'dns-udp': DNS-UDP Port; 'http': HTTP Port; 'tcp': TCP Port; 'udp': UDP Port; 'ssl-l4': SSL-L4 Port; 'sip-tcp': SIP-TCP Port; 'sip-udp': SIP-UDP Port; 'quic': QUIC Port; **Type:** string **Supported Values:** dns-tcp, dns-udp, http, tcp, udp, ssl-l4, sip-tcp, sip-udp, quic **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_zone-profile-list_port-range-list_indicator-list: zone-profile-list_port-range-list_indicator-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **indicator-name** **Description** 'pkt-rate': pkt-rate; 'pkt-drop-rate': pkt-drop-rate; 'bit-rate': bit-rate; 'pkt-drop-ratio': pkt-drop-ratio; 'bytes-to-bytes-from-ratio': bytes-to-bytes-from-ratio; 'concurrent-conns': concurrent-conns; 'conn-miss-rate': conn-miss-rate; 'syn-rate': syn-rate; 'fin-rate': fin-rate; 'rst-rate': rst-rate; 'small-window-ack-rate': small-window-ack-rate; 'empty-ack-rate': empty-ack-rate; 'small-payload-rate': small-payload-rate; 'syn-fin-ratio': syn-fin-ratio; 'cpu-utilization': cpu-utilization; 'interface-utilization': interface-utilization; **Type:** string **Supported Values:** pkt-rate, pkt-drop-rate, bit-rate, pkt-drop-ratio, bytes-to-bytes-from-ratio, concurrent-conns, conn-miss-rate, syn-rate, fin-rate, rst-rate, small-window-ack-rate, empty-ack-rate, small-payload-rate, syn-fin-ratio, cpu-utilization, interface-utilization **src-threshold-cfg** **Description:** src-threshold-cfg is a **JSON Block**. Please see below for :ref:`1278_zone-profile-list_port-range-list_indicator-list_src-threshold-cfg` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-threshold-cfg** **Description:** zone-threshold-cfg is a **JSON Block**. Please see below for :ref:`1278_zone-profile-list_port-range-list_indicator-list_zone-threshold-cfg` **Type:** Object .. _1278_zone-profile-list_port-range-list_indicator-list_src-threshold-cfg: zone-profile-list_port-range-list_indicator-list_src-threshold-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **src-threshold-large-num** **Description** Indicator per-src threshold **Type:** number **Range:** 1-10995116277760 **src-threshold-num** **Description** Indicator per-src threshold **Type:** number **Range:** 1-2147483647 **src-threshold-str** **Description** Indicator per-src threshold (Non-zero floating point) **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1278_zone-profile-list_port-range-list_indicator-list_zone-threshold-cfg: zone-profile-list_port-range-list_indicator-list_zone-threshold-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **zone-threshold-large-num** **Description** Threshold for the entire zone **Type:** number **Range:** 1-10995116277760 **zone-threshold-num** **Description** Threshold for the entire zone **Type:** number **Range:** 1-2147483647 **zone-threshold-str** **Description** Threshold for the entire zone (Non-zero floating point) **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1278_dns-cache-config: dns-cache-config ^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **disable-zone-transfer-in-oper-mode** **Description** Disable operational refreshing zone transfer **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **disable-zone-transfer-in-warm-up-mode** **Description** Disable warm up zone transfer **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **enable-cache-warm-up-bgp-advertise** **Description** Enable route injection during cold boot **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **max-concurrent-zone-transfers** **Description:** max-concurrent-zone-transfers is a **JSON Block**. Please see below for :ref:`1278_dns-cache-config_max-concurrent-zone-transfers` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dns-cache-config/max-concurrent-zone-transfers ` **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dns-cache-config_max-concurrent-zone-transfers: dns-cache-config_max-concurrent-zone-transfers ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **operational-mode** **Description** Number of concurrent zone transfers after boot **Type:** number **Range:** 1-3120 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **warm-up-mode** **Description** Number of concurrent zone transfers during cold boot (default 65472) **Type:** number **Range:** 100-65535 **Default:** 65472 .. _1278_signature-extraction: signature-extraction ^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **enable** **Description** Enable Automatic Signature Extraction **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_template: template ^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dns-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/template/dns/{name} ` **encap-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/template/encap/{encap-tmpl-name} ` **http-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/template/http/{http-tmpl-name} ` **icmp-v4-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/template/icmp-v4/{icmp-tmpl-name} ` **icmp-v6-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/template/icmp-v6/{icmp-tmpl-name} ` **logging-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/template/logging/{logging-tmpl-name} ` **other-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/template/other/{name} ` **sip-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/template/sip/{sip-tmpl-name} ` **ssl-l4-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/template/ssl-l4/{ssl-l4-tmpl-name} ` **tcp-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/template/tcp/{name} ` **udp-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/template/udp/{name} ` .. _1278_template_logging-list: template_logging-list ^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **enable-action-logging** **Description** Log action taken **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **log-format-cef** **Description** Log in CEF format **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **log-format-custom** **Description** Customize log format **Type:** string **Format:** string-rlx **Maximum Length:** 512 characters **Maximum Length:** 1 characters **logging-tmpl-name** **Description** DDOS Logging Template Name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Default:** default **use-obj-name** **Description** Show obj name instead of ip in the log **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_template_encap-list: template_encap-list ^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **encap-tmpl-name** **Description** DDOS Tunnel Template Name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **preserve-source-ip** **Description** Use original source ip for encapsulation **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **tunnel-encap** **Description:** tunnel-encap is a **JSON Block**. Please see below for :ref:`1278_template_encap-list_tunnel-encap` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_template_encap-list_tunnel-encap: template_encap-list_tunnel-encap ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **gre-cfg** **Description:** gre-cfg is a **JSON Block**. Please see below for :ref:`1278_template_encap-list_tunnel-encap_gre-cfg` **Type:** Object **ip-cfg** **Description:** ip-cfg is a **JSON Block**. Please see below for :ref:`1278_template_encap-list_tunnel-encap_ip-cfg` **Type:** Object .. _1278_template_encap-list_tunnel-encap_ip-cfg: template_encap-list_tunnel-encap_ip-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **always** **Description:** always is a **JSON Block**. Please see below for :ref:`1278_template_encap-list_tunnel-encap_ip-cfg_always` **Type:** Object **ip-encap** **Description** Enable Tunnel encap for IP packets **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1278_template_encap-list_tunnel-encap_ip-cfg_always: template_encap-list_tunnel-encap_ip-cfg_always ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **ipv4-addr** **Description** IPv4 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.) **Type:** string **Format:** ipv4-address **ipv6-addr** **Description** IPv6 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.) **Type:** string **Format:** ipv6-address .. _1278_template_encap-list_tunnel-encap_gre-cfg: template_encap-list_tunnel-encap_gre-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **gre-always** **Description:** gre-always is a **JSON Block**. Please see below for :ref:`1278_template_encap-list_tunnel-encap_gre-cfg_gre-always` **Type:** Object **gre-encap** **Description** Enable Tunnel encap for GRE packets **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1278_template_encap-list_tunnel-encap_gre-cfg_gre-always: template_encap-list_tunnel-encap_gre-cfg_gre-always ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **gre-ipv4** **Description** IPv4 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.) **Type:** string **Format:** ipv4-address **gre-ipv6** **Description** IPv6 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.) **Type:** string **Format:** ipv6-address **key-ipv4** **Description** Encapsulate with key (Hexadecimal 0x0-0xFFFFFFFF,decimal 0-4294967295) **Type:** string **Maximum Length:** 10 characters **Maximum Length:** 1 characters **key-ipv6** **Description** Encapsulate with key (Hexadecimal 0x0-0xFFFFFFFF,decimal 0-4294967295) **Type:** string **Maximum Length:** 10 characters **Maximum Length:** 1 characters .. _1278_template_ssl-l4-list: template_ssl-l4-list ^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **action** **Description** 'drop': drop; 'reset': reset; **Type:** string **Supported Values:** drop, reset **Default:** drop **allow-non-tls** **Description** Allow Non-TLS (SSLv3 and lower) traffic (Warning: security may be compromised) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **auth-config-cfg** **Description:** auth-config-cfg is a **JSON Block**. Please see below for :ref:`1278_template_ssl-l4-list_auth-config-cfg` **Type:** Object **cert-cfg** **Description:** cert-cfg is a **JSON Block**. Please see below for :ref:`1278_template_ssl-l4-list_cert-cfg` **Type:** Object **disable** **Description** Disable this template **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **multi-pu-threshold-distribution** **Description:** multi-pu-threshold-distribution is a **JSON Block**. Please see below for :ref:`1278_template_ssl-l4-list_multi-pu-threshold-distribution` **Type:** Object **renegotiation** **Description** Configure renegotiation limiting for SSL (Number of renegotiation allowed) **Type:** number **Range:** 0-7 **request-rate-limit** **Description** Configure rate limiting for SSL **Type:** number **Range:** 1-16000000 **server-name-list** **Type:** List **ssl-l4-tmpl-name** **Description** **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **ssl-traffic-check** **Description:** ssl-traffic-check is a **JSON Block**. Please see below for :ref:`1278_template_ssl-l4-list_ssl-traffic-check` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/template/ssl-l4/{ssl-l4-tmpl-name}/ssl-traffic-check ` **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_template_ssl-l4-list_cert-cfg: template_ssl-l4-list_cert-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **cert** **Description** SSL certificate **Type:** string **Maximum Length:** 255 characters **Maximum Length:** 1 characters **key** **Description** SSL key **Type:** string **Maximum Length:** 255 characters **Maximum Length:** 1 characters **key-encrypted** **Description** Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string) **key-passphrase** **Description** Password Phrase **Type:** string **Format:** password **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _1278_template_ssl-l4-list_auth-config-cfg: template_ssl-l4-list_auth-config-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **auth-handshake-fail-action** **Description** 'blacklist-src': Blacklist-src when auth handshake fails; **Type:** string **Supported Values:** blacklist-src **timeout** **Description** Connection timeout **Type:** number **Range:** 1-31 **Default:** 5 **trials** **Description** Number of failed handshakes **Type:** number **Range:** 0-15 **Default:** 5 .. _1278_template_ssl-l4-list_ssl-traffic-check: template_ssl-l4-list_ssl-traffic-check ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **check-resumed-connection** **Description** Apply checks to SSL connections initialized by ACK packets **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **header-action** **Description** 'drop': Drop packets with bad ssl header; 'ignore': Forward packets with bad ssl header; **Type:** string **Supported Values:** drop, ignore **header-inspection** **Description** Inspect ssl header **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_template_ssl-l4-list_multi-pu-threshold-distribution: template_ssl-l4-list_multi-pu-threshold-distribution ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **multi-pu-threshold-distribution-disable** **Description** 'disable': Destination side rate limit only. Default: Enable; **Type:** string **Supported Values:** disable **Mutual Exclusion:** multi-pu-threshold-distribution-disable and multi-pu-threshold-distribution-value are mutually exclusive **multi-pu-threshold-distribution-value** **Description** Destination side rate limit only. Default: 0 **Type:** number **Range:** 1-16000000 **Mutual Exclusion:** multi-pu-threshold-distribution-value and multi-pu-threshold-distribution-disable are mutually exclusive .. _1278_template_ssl-l4-list_server-name-list: template_ssl-l4-list_server-name-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **server-cert** **Description** Server Certificate associated to SNI (Server Certificate Name) **Type:** string **Maximum Length:** 255 characters **Maximum Length:** 1 characters **server-encrypted** **Description** Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string) **server-key** **Description** Server Private Key associated to SNI (Server Private Key Name) **Type:** string **Maximum Length:** 255 characters **Maximum Length:** 1 characters **server-name** **Description** Server name indication in Client hello extension (Server name String) **Type:** string **Maximum Length:** 255 characters **Maximum Length:** 1 characters **server-passphrase** **Description** Password Phrase **Type:** string **Format:** password **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _1278_template_dns-list: template_dns-list ^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **action** **Description** 'drop': Drop packets (Default action); 'reset': Send Client RST for TCP connections; **Type:** string **Supported Values:** drop, reset **Default:** drop **allow-query-class** **Description:** allow-query-class is a **JSON Block**. Please see below for :ref:`1278_template_dns-list_allow-query-class` **Type:** Object **allow-record-type** **Description:** allow-record-type is a **JSON Block**. Please see below for :ref:`1278_template_dns-list_allow-record-type` **Type:** Object **dns-any-check** **Description** Drop DNS queries of Type ANY **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dns-auth-cfg** **Description:** dns-auth-cfg is a **JSON Block**. Please see below for :ref:`1278_template_dns-list_dns-auth-cfg` **Type:** Object **dns-request-rate-limit** **Description:** dns-request-rate-limit is a **JSON Block**. Please see below for :ref:`1278_template_dns-list_dns-request-rate-limit` **Type:** Object **domain-group-name** **Description** Apply a domain-group to the DNS template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **domain-group-rate-exceed-action** **Description** 'drop': Drop the query (default); 'tunnel-encap-packet': Encapsulate the query and send on a tunnel; **Type:** string **Supported Values:** drop, tunnel-encap-packet **Default:** drop **domain-group-rate-per-service** **Description** Enable per service domain rate checking **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **encap-template** **Description** DDOS encap template to sepcify the tunnel endpoint **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **fqdn-cfg** **Type:** List **fqdn-label-count** **Description** Maximum number of length of FQDN labels **Type:** number **Range:** 1-10 **fqdn-label-len-cfg** **Type:** List **malformed-query-check** **Description:** malformed-query-check is a **JSON Block**. Please see below for :ref:`1278_template_dns-list_malformed-query-check` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/template/dns/{name}/malformed-query-check ` **multi-pu-threshold-distribution** **Description:** multi-pu-threshold-distribution is a **JSON Block**. Please see below for :ref:`1278_template_dns-list_multi-pu-threshold-distribution` **Type:** Object **name** **Description** **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **nxdomain-cfg** **Description:** nxdomain-cfg is a **JSON Block**. Please see below for :ref:`1278_template_dns-list_nxdomain-cfg` **Type:** Object **on-no-match** **Description** 'permit': permit; 'deny': deny (default); **Type:** string **Supported Values:** permit, deny **Default:** deny **query-rate-threshold-for-cache-serving** **Description** This is for DNS cache mode only, it sets a DNS query rate threshold such that queries under the rate threshold would be forward **Type:** number **Range:** 1-16000000 **symtimeout-cfg** **Description:** symtimeout-cfg is a **JSON Block**. Please see below for :ref:`1278_template_dns-list_symtimeout-cfg` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_template_dns-list_dns-request-rate-limit: template_dns-list_dns-request-rate-limit ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **type** **Description:** type is a **JSON Block**. Please see below for :ref:`1278_template_dns-list_dns-request-rate-limit_type` **Type:** Object .. _1278_template_dns-list_dns-request-rate-limit_type: template_dns-list_dns-request-rate-limit_type ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **A-cfg** **Description:** A-cfg is a **JSON Block**. Please see below for :ref:`1278_template_dns-list_dns-request-rate-limit_type_A-cfg` **Type:** Object **AAAA-cfg** **Description:** AAAA-cfg is a **JSON Block**. Please see below for :ref:`1278_template_dns-list_dns-request-rate-limit_type_AAAA-cfg` **Type:** Object **CNAME-cfg** **Description:** CNAME-cfg is a **JSON Block**. Please see below for :ref:`1278_template_dns-list_dns-request-rate-limit_type_CNAME-cfg` **Type:** Object **MX-cfg** **Description:** MX-cfg is a **JSON Block**. Please see below for :ref:`1278_template_dns-list_dns-request-rate-limit_type_MX-cfg` **Type:** Object **NS-cfg** **Description:** NS-cfg is a **JSON Block**. Please see below for :ref:`1278_template_dns-list_dns-request-rate-limit_type_NS-cfg` **Type:** Object **SRV-cfg** **Description:** SRV-cfg is a **JSON Block**. Please see below for :ref:`1278_template_dns-list_dns-request-rate-limit_type_SRV-cfg` **Type:** Object **dns-type-cfg** **Type:** List .. _1278_template_dns-list_dns-request-rate-limit_type_SRV-cfg: template_dns-list_dns-request-rate-limit_type_SRV-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **SRV** **Description** Service locator **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dns-srv-rate** **Description** DNS request rate **Type:** number **Range:** 1-16000000 .. _1278_template_dns-list_dns-request-rate-limit_type_CNAME-cfg: template_dns-list_dns-request-rate-limit_type_CNAME-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **CNAME** **Description** Canonical name record **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dns-cname-rate** **Description** **Type:** number **Range:** 1-16000000 .. _1278_template_dns-list_dns-request-rate-limit_type_dns-type-cfg: template_dns-list_dns-request-rate-limit_type_dns-type-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **dns-request-type** **Description** Other type value **Type:** number **Range:** 1-65535 **dns-request-type-rate** **Description** request rate limit **Type:** number **Range:** 1-16000000 .. _1278_template_dns-list_dns-request-rate-limit_type_AAAA-cfg: template_dns-list_dns-request-rate-limit_type_AAAA-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **AAAA** **Description** IPv6 address record **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dns-aaaa-rate** **Description** **Type:** number **Range:** 1-16000000 .. _1278_template_dns-list_dns-request-rate-limit_type_A-cfg: template_dns-list_dns-request-rate-limit_type_A-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **A** **Description** Address record **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dns-a-rate** **Description** **Type:** number **Range:** 1-16000000 .. _1278_template_dns-list_dns-request-rate-limit_type_MX-cfg: template_dns-list_dns-request-rate-limit_type_MX-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **MX** **Description** Mail exchange record **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dns-mx-rate** **Description** **Type:** number **Range:** 1-16000000 .. _1278_template_dns-list_dns-request-rate-limit_type_NS-cfg: template_dns-list_dns-request-rate-limit_type_NS-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **NS** **Description** Name server record **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dns-ns-rate** **Description** **Type:** number **Range:** 1-16000000 .. _1278_template_dns-list_multi-pu-threshold-distribution: template_dns-list_multi-pu-threshold-distribution ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **multi-pu-threshold-distribution-disable** **Description** 'disable': Destination side rate limit only. Default: Enable; **Type:** string **Supported Values:** disable **Mutual Exclusion:** multi-pu-threshold-distribution-disable and multi-pu-threshold-distribution-value are mutually exclusive **multi-pu-threshold-distribution-value** **Description** Destination side rate limit only. Default: 0 **Type:** number **Range:** 1-16000000 **Mutual Exclusion:** multi-pu-threshold-distribution-value and multi-pu-threshold-distribution-disable are mutually exclusive .. _1278_template_dns-list_nxdomain-cfg: template_dns-list_nxdomain-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dns-nxdomain-rate** **Description** Limiting rate **Type:** number **Range:** 1-16000000 **dns-nxdomain-rate-limit** **Description** DNS NXDOMAIN Rate Limiting (SRC support only) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dns-nxdomain-rate-limit-action** **Description** 'drop': Drop queries if rate is exceeded; 'black-list': Black-List source if rate is exceeded; **Type:** string **Supported Values:** drop, black-list .. _1278_template_dns-list_fqdn-cfg: template_dns-list_fqdn-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **by** **Description** 'domain-name': Domain Name; 'src-ip': Source IP address; 'both': Use both Domain Name and Source IP address for rate-limiting; **Type:** string **Supported Values:** domain-name, src-ip, both **Mutual Exclusion:** by and per are mutually exclusive **dns-fqdn-rate** **Description** Limiting rate (Range: 5-8000 for FQDN domain based rate limiting, 5-16000000 for FQDN label count based rate limiting) **Type:** number **Range:** 5-16000000 **dns-fqdn-rate-limit** **Description** DNS Rate limiting on the basis of FQDN **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **fqdn-rate-label-count** **Description** FQDN label count (Range: 1-8) **Type:** number **Range:** 1-8 **fqdn-rate-suffix** **Description** Suffix count **Type:** number **Range:** 1-5 **fqdn-rate-suffix-by** **Description** Number of suffixes **Type:** number **Range:** 1-5 **per** **Description** 'domain-name': Domain Name; 'src-ip': Source IP address; 'label-count': FQDN label count; **Type:** string **Supported Values:** domain-name, src-ip, label-count **Mutual Exclusion:** per and by are mutually exclusive **per-domain-per-src-ip** **Description** Use both Domain Name and Source IP address for rate-limiting **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1278_template_dns-list_dns-auth-cfg: template_dns-list_dns-auth-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dns-auth** **Description** DNS authentication **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dns-auth-type** **Description** 'udp': Drop DNS request and monitor client retry; 'force-tcp': Force DNS request over TCP; **Type:** string **Supported Values:** udp, force-tcp **force-tcp-ignore-client-source-port** **Description** Allow client to retransmit DNS request using different source port during udp-auth (supported in asymmetric mode only) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **force-tcp-min-retry-gap** **Description** Minimum sec gap in between 2 dns-udp packets for auth to pass **Type:** number **Range:** 1-15 **force-tcp-timeout** **Description** TCP authentication timeout in seconds **Type:** number **Range:** 1-16 **min-retry-gap** **Description** Optional minimum sec gap in between 2 dns-udp packets for auth to pass, unit is specified by min-retry-gap-interval **Type:** number **Range:** 1-80 **min-retry-gap-interval** **Description** '100ms': 100ms; '1sec': 1sec; **Type:** string **Supported Values:** 100ms, 1sec **Default:** 1sec **udp-timeout** **Description** UDP authentication timeout in seconds **Type:** number **Range:** 1-16 **udp-timeout-val-only** **Description** UDP authentication timeout in seconds **Type:** number **Range:** 1-16 **with-udp-auth** **Description** Monitor client retry **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1278_template_dns-list_symtimeout-cfg: template_dns-list_symtimeout-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **sym-timeout** **Description** Timeout for DNS Symmetric session **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **sym-timeout-value** **Description** Session timeout value in seconds **Type:** number **Range:** 1-31 .. _1278_template_dns-list_allow-query-class: template_dns-list_allow-query-class ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **allow-any-query-class** **Description** ANY query class **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **allow-chaos-query-class** **Description** CHAOS query class **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **allow-csnet-query-class** **Description** CSNET query class **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **allow-hesiod-query-class** **Description** HESIOD query class **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **allow-internet-query-class** **Description** INTERNET query class **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **allow-none-query-class** **Description** NONE query class **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1278_template_dns-list_fqdn-label-len-cfg: template_dns-list_fqdn-label-len-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **fqdn-label-length** **Description** Maximum FQDN label length **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **fqdn-label-suffix** **Description** Number of suffixes **Type:** number **Range:** 1-5 **label-length** **Description** Maximum length of FQDN label **Type:** number **Range:** 1-63 .. _1278_template_dns-list_allow-record-type: template_dns-list_allow-record-type ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **allow-a-type** **Description** Address record **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **allow-aaaa-type** **Description** IPv6 address record **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **allow-cname-type** **Description** Canonical name record **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **allow-mx-type** **Description** Mail exchange record **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **allow-ns-type** **Description** Name server record **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **allow-srv-type** **Description** Service locator **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **record-num-cfg** **Type:** List .. _1278_template_dns-list_allow-record-type_record-num-cfg: template_dns-list_allow-record-type_record-num-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **allow-num-type** **Description** Other record type value **Type:** number **Range:** 1-65535 .. _1278_template_dns-list_malformed-query-check: template_dns-list_malformed-query-check ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **non-query-opcode-check** **Description** 'disable': When malform check is enabled, TPS always drops DNS query with non query opcode, this option disables this opcode check; **Type:** string **Supported Values:** disable **skip-multi-packet-check** **Description** Bypass DNS fragmented and TCP segmented Queries(Default: dropped) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **validation-type** **Description** 'basic-header-check': Basic header validation for DNS TCP/UDP queries; 'extended-header-check': Extended header/query validation for DNS TCP/UDP queries; 'disable': Disable Malform query validation for DNS TCP/UDP; **Type:** string **Supported Values:** basic-header-check, extended-header-check, disable .. _1278_template_icmp-v4-list: template_icmp-v4-list ^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **icmp-tmpl-name** **Description** DDOS ICMPv4 Template Name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **type-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/template/icmp-v4/{icmp-tmpl-name}/type/{type-number} ` **type-other** **Description:** type-other is a **JSON Block**. Please see below for :ref:`1278_template_icmp-v4-list_type-other` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/template/icmp-v4/{icmp-tmpl-name}/type-other ` **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_template_icmp-v4-list_type-other: template_icmp-v4-list_type-other ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **type-other-deny** **Description** Deny all other type **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** type-other-deny and type-other-rate are mutually exclusive **type-other-rate** **Description** Specify rate with other type **Type:** number **Range:** 1-16000000 **Mutual Exclusion:** type-other-rate and type-other-deny are mutually exclusive **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_template_icmp-v4-list_type-list: template_icmp-v4-list_type-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **code** **Type:** List **code-other** **Description:** code-other is a **JSON Block**. Please see below for :ref:`1278_template_icmp-v4-list_type-list_code-other` **Type:** Object **type-deny** **Description** Reject this ICMP type **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** type-deny, type-rate, and code-other-rate are mutually exclusive **type-number** **Description** Specify ICMP type number **Type:** number **Range:** 0-255 **type-rate** **Description** Specify the whole rate with this type **Type:** number **Range:** 1-16000000 **Mutual Exclusion:** type-rate and type-deny are mutually exclusive **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_template_icmp-v4-list_type-list_code: template_icmp-v4-list_type-list_code ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **code-number** **Description** Specify the ICMP code **Type:** number **Range:** 0-255 **code-rate** **Description** Specify the rate with the code **Type:** number **Range:** 1-16000000 .. _1278_template_icmp-v4-list_type-list_code-other: template_icmp-v4-list_type-list_code-other ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **code-other-rate** **Description** Specify rate with other code **Type:** number **Range:** 1-16000000 **Mutual Exclusion:** code-other-rate and type-deny are mutually exclusive .. _1278_template_tcp-list: template_tcp-list ^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **ack-authentication-synack-reset** **Description** Enable Reset client TCP SYN+ACK for authentication (DST support only) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **action-cfg** **Description:** action-cfg is a **JSON Block**. Please see below for :ref:`1278_template_tcp-list_action-cfg` **Type:** Object **action-on-ack-rto-retry-count** **Description** Take action if action-on-ack RTO-authentication fail over retry time(default:5) **Type:** number **Range:** 2-10 **action-on-syn-rto-retry-count** **Description** Take action if action-on-syn RTO-authentication fail over retry time(default:5) **Type:** number **Range:** 2-10 **action-syn-cfg** **Description:** action-syn-cfg is a **JSON Block**. Please see below for :ref:`1278_template_tcp-list_action-syn-cfg` **Type:** Object **age** **Description** Session age in minutes **Type:** number **Range:** 1-63 **allow-ra** **Description** Allow RA packets to be used for auth **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **allow-syn-otherflags** **Description** Treat TCP SYN+PSH as a TCP SYN (DST tcp ports support only) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **allow-synack-skip-authentications** **Description** Allow create sessions on SYNACK without syn-auth and ack-auth (ASYM Mode only) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **allow-tcp-tfo** **Description** Allow TCP Fast Open **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **black-list-out-of-seq** **Description** Black list Src IP if out of seq pkts exceed configured threshold **Type:** number **Range:** 1-64000 **Mutual Exclusion:** black-list-out-of-seq and per-conn-out-of-seq-rate-limit are mutually exclusive **black-list-retransmit** **Description** Black list Src IP if retransmit pkts exceed configured threshold **Type:** number **Range:** 1-64000 **Mutual Exclusion:** black-list-retransmit and per-conn-retransmit-rate-limit are mutually exclusive **black-list-zero-win** **Description** Black list Src IP if zero window pkts exceed configured threshold **Type:** number **Range:** 1-250 **Mutual Exclusion:** black-list-zero-win and per-conn-zero-win-rate-limit are mutually exclusive **conn-rate-limit-on-syn-only** **Description** Only count SYN-initiated connections towards connection-rate tracking **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **create-conn-on-syn-only** **Description** Enable connection establishment on SYN only **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **drop-known-resp-src-port-cfg** **Description:** drop-known-resp-src-port-cfg is a **JSON Block**. Please see below for :ref:`1278_template_tcp-list_drop-known-resp-src-port-cfg` **Type:** Object **dst** **Description:** dst is a **JSON Block**. Please see below for :ref:`1278_template_tcp-list_dst` **Type:** Object **filter-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/template/tcp/{name}/filter/{tcp-filter-seq} ` **name** **Description** **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **per-conn-out-of-seq-rate-action** **Description** 'drop': Drop packets for out-of-seq rate exceed (Default); 'blacklist-src': help Blacklist-src for out-of-seq rate exceed; 'ignore': help Ignore out-of-seq rate exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **Default:** drop **per-conn-out-of-seq-rate-limit** **Description** Take action if out-of-seq pkt rate exceed configured threshold **Type:** number **Range:** 1-16000000 **Mutual Exclusion:** per-conn-out-of-seq-rate-limit and black-list-out-of-seq are mutually exclusive **per-conn-pkt-rate-action** **Description** 'drop': Drop packets for per-conn-pkt-rate exceed (Default); 'blacklist-src': help Blacklist-src for per-conn-pkt-rate exceed; 'ignore': Ignore per-conn-pkt-rate-exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **Default:** drop **per-conn-pkt-rate-limit** **Description** Packet rate limit per connection per rate-interval **Type:** number **Range:** 1-16000000 **per-conn-rate-interval** **Description** '100ms': 100ms; '1sec': 1sec; '10sec': 10sec; **Type:** string **Supported Values:** 100ms, 1sec, 10sec **Default:** 1sec **per-conn-retransmit-rate-action** **Description** 'drop': Drop packets for retransmit rate exceed (Default); 'blacklist-src': help Blacklist-src for retransmit rate exceed; 'ignore': help Ignore retransmit rate exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **Default:** drop **per-conn-retransmit-rate-limit** **Description** Take action if retransmit pkt rate exceed configured threshold **Type:** number **Range:** 1-16000000 **Mutual Exclusion:** per-conn-retransmit-rate-limit and black-list-retransmit are mutually exclusive **per-conn-zero-win-rate-action** **Description** 'drop': Drop packets for zero-win rate exceed (Default); 'blacklist-src': help Blacklist-src for zero-win rate exceed; 'ignore': help Ignore zero-win rate exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **Default:** drop **per-conn-zero-win-rate-limit** **Description** Take action if zero window pkt rate exceed configured threshold **Type:** number **Range:** 1-16000000 **Mutual Exclusion:** per-conn-zero-win-rate-limit and black-list-zero-win are mutually exclusive **progression-tracking** **Description:** progression-tracking is a **JSON Block**. Please see below for :ref:`1278_template_tcp-list_progression-tracking` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/template/tcp/{name}/progression-tracking ` **src** **Description:** src is a **JSON Block**. Please see below for :ref:`1278_template_tcp-list_src` **Type:** Object **syn-auth** **Description** 'send-rst': Send RST to client upon client ACK; 'force-rst-by-ack': Force client RST via the use of ACK; 'force-rst-by-synack': Force client RST via the use of bad SYN|ACK; 'disable': Disable TCP SYN Authentication; **Type:** string **Supported Values:** send-rst, force-rst-by-ack, force-rst-by-synack, disable, send-rst-once **Default:** send-rst **syn-cookie** **Description** Enable SYN Cookie **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **synack-rate-limit** **Description** Config SYNACK rate limit **Type:** number **Range:** 1-16000000 **Mutual Exclusion:** synack-rate-limit and track-together-with-syn are mutually exclusive **track-together-with-syn** **Description** SYNACK will be counted in Dst Syn-rate limit **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** track-together-with-syn and synack-rate-limit are mutually exclusive **tunnel-encap** **Description:** tunnel-encap is a **JSON Block**. Please see below for :ref:`1278_template_tcp-list_tunnel-encap` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_template_tcp-list_tunnel-encap: template_tcp-list_tunnel-encap ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **gre-cfg** **Description:** gre-cfg is a **JSON Block**. Please see below for :ref:`1278_template_tcp-list_tunnel-encap_gre-cfg` **Type:** Object **ip-cfg** **Description:** ip-cfg is a **JSON Block**. Please see below for :ref:`1278_template_tcp-list_tunnel-encap_ip-cfg` **Type:** Object .. _1278_template_tcp-list_tunnel-encap_ip-cfg: template_tcp-list_tunnel-encap_ip-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **always** **Description:** always is a **JSON Block**. Please see below for :ref:`1278_template_tcp-list_tunnel-encap_ip-cfg_always` **Type:** Object **ip-encap** **Description** Enable Tunnel encapsulation using IP in IP **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1278_template_tcp-list_tunnel-encap_ip-cfg_always: template_tcp-list_tunnel-encap_ip-cfg_always ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **ipv4-addr** **Description** IPv4 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.) **Type:** string **Format:** ipv4-address **ipv6-addr** **Description** IPv6 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.) **Type:** string **Format:** ipv6-address **preserve-src-ipv4** **Description** Use original source ip for encapsulation **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **preserve-src-ipv6** **Description** Use original source ip for encapsulation **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1278_template_tcp-list_tunnel-encap_gre-cfg: template_tcp-list_tunnel-encap_gre-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **gre-always** **Description:** gre-always is a **JSON Block**. Please see below for :ref:`1278_template_tcp-list_tunnel-encap_gre-cfg_gre-always` **Type:** Object **gre-encap** **Description** Enable Tunnel encapsulation using GRE **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1278_template_tcp-list_tunnel-encap_gre-cfg_gre-always: template_tcp-list_tunnel-encap_gre-cfg_gre-always ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **gre-ipv4** **Description** IPv4 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.) **Type:** string **Format:** ipv4-address **gre-ipv6** **Description** IPv6 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.) **Type:** string **Format:** ipv6-address **key-ipv4** **Description** Encapsulate with key (Hexadecimal 0x0-0xFFFFFFFF,decimal 0-4294967295) **Type:** string **Maximum Length:** 10 characters **Maximum Length:** 1 characters **key-ipv6** **Description** Encapsulate with key (Hexadecimal 0x0-0xFFFFFFFF,decimal 0-4294967295) **Type:** string **Maximum Length:** 10 characters **Maximum Length:** 1 characters **preserve-src-ipv4-gre** **Description** Use original source ip for encapsulation **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **preserve-src-ipv6-gre** **Description** Use original source ip for encapsulation **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1278_template_tcp-list_dst: template_tcp-list_dst ^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **rate-limit** **Description:** rate-limit is a **JSON Block**. Please see below for :ref:`1278_template_tcp-list_dst_rate-limit` **Type:** Object .. _1278_template_tcp-list_dst_rate-limit: template_tcp-list_dst_rate-limit ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **syn-rate-limit** **Description:** syn-rate-limit is a **JSON Block**. Please see below for :ref:`1278_template_tcp-list_dst_rate-limit_syn-rate-limit` **Type:** Object .. _1278_template_tcp-list_dst_rate-limit_syn-rate-limit: template_tcp-list_dst_rate-limit_syn-rate-limit ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dst-syn-rate-action** **Description** 'drop': Drop packets for syn-rate exceed (Default); 'ignore': Ignore syn-rate-exceed; **Type:** string **Supported Values:** drop, ignore **Default:** drop **dst-syn-rate-limit** **Description** **Type:** number **Range:** 1-16000000 .. _1278_template_tcp-list_action-cfg: template_tcp-list_action-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **action-on-ack** **Description** Monitor tcp ack for age-out session **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **authenticate-only** **Description** Apply action-on-ack once per source address for authentication purpose **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **min-retry-gap** **Description** Min gap between 2 ACKs for action-on-ack pass in 100ms interval **Type:** number **Range:** 1-80 **reset** **Description** Send RST to client **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **rto-authentication** **Description** Estimate the RTO and apply the exponential back-off for authentication **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **timeout** **Description** ACK retry timeout in sec **Type:** number **Range:** 1-31 .. _1278_template_tcp-list_progression-tracking: template_tcp-list_progression-tracking ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **connection-tracking** **Description:** connection-tracking is a **JSON Block**. Please see below for :ref:`1278_template_tcp-list_progression-tracking_connection-tracking` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/template/tcp/{name}/progression-tracking/connection-tracking ` **first-request-max-time** **Description** Set the maximum wait time from connection creation until the first data is transmitted over the connection (100 ms) **Type:** number **Range:** 1-65535 **profiling-connection-life-model** **Description** Enable auto-config progression tracking learning for connection model **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **profiling-request-response-model** **Description** Enable auto-config progression tracking learning for request response model **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **profiling-time-window-model** **Description** Enable auto-config progression tracking learning for time window model **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **progression-tracking-action** **Description** 'drop': Drop packets for progression tracking violation exceed (Default); 'blacklist-src': Blacklist-src for progression tracking violation exceed; **Type:** string **Supported Values:** drop, blacklist-src **Default:** drop **Mutual Exclusion:** progression-tracking-action and progression-tracking-action-list-name are mutually exclusive **progression-tracking-action-list-name** **Description** Configure action-list to take when progression tracking violation exceed **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** progression-tracking-action-list-name and progression-tracking-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **progression-tracking-enabled** **Description** 'enable-check': Enable Progression Tracking Check; **Type:** string **Supported Values:** enable-check **request-length-max** **Description** Set the maximum request length **Type:** number **Range:** 1-65535 **request-length-min** **Description** Set the minimum request length **Type:** number **Range:** 1-65535 **request-response-model** **Description** 'enable': Enable Request Response Model; 'disable': Disable Request Response Model; **Type:** string **Supported Values:** enable, disable **Default:** enable **request-to-response-max-time** **Description** Set the maximum request to response time (100 ms) **Type:** number **Range:** 1-65535 **response-length-max** **Description** Set the maximum response length **Type:** number **Range:** 1-4294967295 **response-length-min** **Description** Set the minimum response length **Type:** number **Range:** 1-65535 **response-request-max-ratio** **Description** Set the maximum response to request ratio (in unit of 0.1% [1:1000]) **Type:** number **Range:** 1-4294967295 **response-request-min-ratio** **Description** Set the minimum response to request ratio (in unit of 0.1% [1:1000]) **Type:** number **Range:** 1-65535 **response-to-request-max-time** **Description** Set the maximum response to request time (100 ms) **Type:** number **Range:** 1-65535 **time-window-tracking** **Description:** time-window-tracking is a **JSON Block**. Please see below for :ref:`1278_template_tcp-list_progression-tracking_time-window-tracking` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/template/tcp/{name}/progression-tracking/time-window-tracking ` **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **violation** **Description** Set the violation threshold **Type:** number **Range:** 1-255 .. _1278_template_tcp-list_progression-tracking_connection-tracking: template_tcp-list_progression-tracking_connection-tracking ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **conn-duration-max** **Description** Set the maximum duration time (in unit of 100ms, up to 24 hours) **Type:** number **Range:** 1-864000 **conn-duration-min** **Description** Set the minimum duration time (in unit of 100ms, up to 24 hours) **Type:** number **Range:** 1-864000 **conn-rcvd-max** **Description** Set the maximum total received byte **Type:** number **Range:** 1-65535 **conn-rcvd-min** **Description** Set the minimum total received byte **Type:** number **Range:** 1-65535 **conn-rcvd-sent-ratio-max** **Description** Set the maximum received to sent ratio (in unit of 0.1% [1:1000]) **Type:** number **Range:** 1-65535 **conn-rcvd-sent-ratio-min** **Description** Set the minimum received to sent ratio (in unit of 0.1% [1:1000]) **Type:** number **Range:** 1-65535 **conn-sent-max** **Description** Set the maximum total sent byte **Type:** number **Range:** 1-65535 **conn-sent-min** **Description** Set the minimum total sent byte **Type:** number **Range:** 1-65535 **conn-violation** **Description** Set the violation threshold **Type:** number **Range:** 1-255 **progression-tracking-conn-action** **Description** 'drop': Drop packets for progression tracking violation exceed (Default); 'blacklist-src': Blacklist-src for progression tracking violation exceed; **Type:** string **Supported Values:** drop, blacklist-src **Default:** drop **Mutual Exclusion:** progression-tracking-conn-action and progression-tracking-conn-action-list-name are mutually exclusive **progression-tracking-conn-action-list-name** **Description** Configure action-list to take when progression tracking violation exceed **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** progression-tracking-conn-action-list-name and progression-tracking-conn-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **progression-tracking-conn-enabled** **Description** 'enable-check': Enable General Progression Tracking per Connection; **Type:** string **Supported Values:** enable-check **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_template_tcp-list_progression-tracking_time-window-tracking: template_tcp-list_progression-tracking_time-window-tracking ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **progression-tracking-win-enabled** **Description** 'enable-check': Enable Progression Tracking per Time Window; **Type:** string **Supported Values:** enable-check **progression-tracking-windows-action** **Description** 'drop': Drop packets for progression tracking violation exceed (Default); 'blacklist-src': Blacklist-src for progression tracking violation exceed; **Type:** string **Supported Values:** drop, blacklist-src **Default:** drop **Mutual Exclusion:** progression-tracking-windows-action and progression-tracking-windows-action-list-name are mutually exclusive **progression-tracking-windows-action-list-name** **Description** Configure action-list to take when progression tracking violation exceed **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** progression-tracking-windows-action-list-name and progression-tracking-windows-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **window-rcvd-max** **Description** Set the maximum total received byte **Type:** number **Range:** 1-65535 **window-rcvd-min** **Description** Set the minimum total received byte **Type:** number **Range:** 1-65535 **window-rcvd-sent-ratio-max** **Description** Set the maximum received to sent ratio (in unit of 0.1% [1:1000]) **Type:** number **Range:** 1-65535 **window-rcvd-sent-ratio-min** **Description** Set the minimum received to sent ratio (in unit of 0.1% [1:1000]) **Type:** number **Range:** 1-65535 **window-sent-max** **Description** Set the maximum total sent byte **Type:** number **Range:** 1-65535 **window-sent-min** **Description** Set the minimum total sent byte **Type:** number **Range:** 1-65535 **window-violation** **Description** Set the violation threshold **Type:** number **Range:** 1-255 .. _1278_template_tcp-list_filter-list: template_tcp-list_filter-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **byte-offset-filter** **Description** Filter Expression using Berkeley Packet Filter syntax **Type:** string **Format:** string-rlx **Maximum Length:** 1275 characters **Maximum Length:** 1 characters **tcp-filter-action** **Description** 'blacklist-src': Also blacklist the source when action is taken; 'whitelist-src': Whitelist the source after filter passes, packets are dropped until then; 'count-only': Take no action and continue processing the next filter; **Type:** string **Supported Values:** blacklist-src, whitelist-src, count-only **tcp-filter-regex** **Description** Regex Expression **Type:** string **Format:** string-rlx **Maximum Length:** 1275 characters **Maximum Length:** 1 characters **tcp-filter-seq** **Description** Sequence number **Type:** number **Range:** 1-5 **tcp-filter-unmatched** **Description** action taken when it does not match **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_template_tcp-list_src: template_tcp-list_src ^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **rate-limit** **Description:** rate-limit is a **JSON Block**. Please see below for :ref:`1278_template_tcp-list_src_rate-limit` **Type:** Object .. _1278_template_tcp-list_src_rate-limit: template_tcp-list_src_rate-limit ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **syn-rate-limit** **Description:** syn-rate-limit is a **JSON Block**. Please see below for :ref:`1278_template_tcp-list_src_rate-limit_syn-rate-limit` **Type:** Object .. _1278_template_tcp-list_src_rate-limit_syn-rate-limit: template_tcp-list_src_rate-limit_syn-rate-limit ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **src-syn-rate-action** **Description** 'drop': Drop packets for syn-rate exceed (Default); 'blacklist-src': Blacklist-src for syn-rate exceed; 'ignore': Ignore syn-rate-exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **Default:** drop **src-syn-rate-limit** **Description** **Type:** number **Range:** 1-16000000 .. _1278_template_tcp-list_action-syn-cfg: template_tcp-list_action-syn-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **action-on-syn** **Description** Monitor tcp syn for age-out session **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **action-on-syn-gap** **Description** Min gap between 2 SYNs for action-on-syn pass in 100ms interval **Type:** number **Range:** 1-80 **action-on-syn-reset** **Description** Send RST to client **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **action-on-syn-rto** **Description** Estimate the RTO and apply the exponential back-off for authentication **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **action-on-syn-timeout** **Description** SYN retry timeout in sec **Type:** number **Range:** 1-31 .. _1278_template_tcp-list_drop-known-resp-src-port-cfg: template_tcp-list_drop-known-resp-src-port-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **drop-known-resp-src-port** **Description** Drop well-known if src-port is less than 1024 **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exclude-src-resp-port** **Description** excluding src port equal destination port **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1278_template_other-list: template_other-list ^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **filter-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/template/other/{name}/filter/{other-filter-seq} ` **name** **Description** DDOS OTHER Template Name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_template_other-list_filter-list: template_other-list_filter-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **byte-offset-filter** **Description** Filter Expression using Berkeley Packet Filter syntax **Type:** string **Format:** string-rlx **Maximum Length:** 1275 characters **Maximum Length:** 1 characters **other-filter-action** **Description** 'blacklist-src': Also blacklist the source when action is taken; 'whitelist-src': Whitelist the source after filter passes, packets are dropped until then; 'count-only': Take no action and continue processing the next filter; **Type:** string **Supported Values:** blacklist-src, whitelist-src, count-only **other-filter-regex** **Description** Regex Expression **Type:** string **Format:** string-rlx **Maximum Length:** 1275 characters **Maximum Length:** 1 characters **other-filter-seq** **Description** Sequence number **Type:** number **Range:** 1-5 **other-filter-unmatched** **Description** action taken when it does not match **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_template_udp-list: template_udp-list ^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **age** **Description** Configure session age(in minutes) for UDP sessions **Type:** number **Range:** 1-63 **drop-known-resp-src-port-cfg** **Description:** drop-known-resp-src-port-cfg is a **JSON Block**. Please see below for :ref:`1278_template_udp-list_drop-known-resp-src-port-cfg` **Type:** Object **drop-ntp-monlist** **Description** Drop NTP monlist request/response **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **filter-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/template/udp/{name}/filter/{udp-filter-seq} ` **max-payload-size** **Description** Maximum UDP payload size for each single packet **Type:** number **Range:** 1-1470 **min-payload-size** **Description** Minimum UDP payload size for each single packet **Type:** number **Range:** 1-1470 **name** **Description** DDOS UDP Template Name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **per-conn-pkt-rate-limit** **Description** Packet rate limit per connection per rate-interval **Type:** number **Range:** 1-16000000 **per-conn-rate-interval** **Description** '100ms': 100ms; '1sec': 1sec; **Type:** string **Supported Values:** 100ms, 1sec **Default:** 1sec **previous-salt-timeout** **Description** Token-Authentication previous salt-prefix timeout in minutes, default is 1 min **Type:** number **Range:** 1-10080 **Default:** 1 **public-ipv4-addr** **Description** IP address **Type:** string **Format:** ipv4-address **public-ipv6-addr** **Description** IPV6 address **Type:** string **Format:** ipv6-address **spoof-detect-cfg** **Description:** spoof-detect-cfg is a **JSON Block**. Please see below for :ref:`1278_template_udp-list_spoof-detect-cfg` **Type:** Object **token-authentication** **Description** Enable Token Authentication **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **token-authentication-formula** **Description** 'md5_Salt-SrcIp-SrcPort-DstIp-DstPort': md5 of Salt-SrcIp-SrcPort-DstIp-DstPort; 'md5_Salt-DstIp-DstPort': md5 of Salt-DstIp-DstPort; 'md5_Salt-SrcIp-DstIp': md5 of Salt-SrcIp-DstIp; 'md5_Salt-SrcPort-DstPort': md5 of Salt-SrcPort-DstPort; 'md5_Salt-UintDstIp-DstPort': Using the uint value of IP for md5 of Salt-DstIp-DstPort; 'sha1_Salt-SrcIp-SrcPort-DstIp-DstPort': sha1 of Salt-SrcIp-SrcPort-DstIp-DstPort; 'sha1_Salt-DstIp-DstPort': sha1 of Salt-DstIp-DstPort; 'sha1_Salt-SrcIp-DstIp': sha1 of Salt-SrcIp-DstIp; 'sha1_Salt-SrcPort-DstPort': sha1 of Salt-SrcPort-DstPort; 'sha1_Salt-UintDstIp-DstPort': Using the uint value of IP for sha1 of Salt-DstIp-DstPort; **Type:** string **Supported Values:** md5_Salt-SrcIp-SrcPort-DstIp-DstPort, md5_Salt-DstIp-DstPort, md5_Salt-SrcIp-DstIp, md5_Salt-SrcPort-DstPort, md5_Salt-UintDstIp-DstPort, sha1_Salt-SrcIp-SrcPort-DstIp-DstPort, sha1_Salt-DstIp-DstPort, sha1_Salt-SrcIp-DstIp, sha1_Salt-SrcPort-DstPort, sha1_Salt-UintDstIp-DstPort **token-authentication-hw-assist-disable** **Description** token-authentication disable hardware assistance **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **token-authentication-public-address** **Description** The server public IP address **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **token-authentication-salt-prefix** **Description** token-authentication salt-prefix **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **token-authentication-salt-prefix-curr** **Description** **Type:** number **Range:** 1-4294967295 **token-authentication-salt-prefix-prev** **Description** **Type:** number **Range:** 1-4294967295 **tunnel-encap** **Description:** tunnel-encap is a **JSON Block**. Please see below for :ref:`1278_template_udp-list_tunnel-encap` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_template_udp-list_tunnel-encap: template_udp-list_tunnel-encap ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **always** **Description:** always is a **JSON Block**. Please see below for :ref:`1278_template_udp-list_tunnel-encap_always` **Type:** Object **gre-always** **Description:** gre-always is a **JSON Block**. Please see below for :ref:`1278_template_udp-list_tunnel-encap_gre-always` **Type:** Object **gre-encap** **Description** Enable Tunnel encapsulation using GRE **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** gre-encap and ip-encap are mutually exclusive **ip-encap** **Description** Enable Tunnel encapsulation using IP in IP **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** ip-encap and gre-encap are mutually exclusive .. _1278_template_udp-list_tunnel-encap_gre-always: template_udp-list_tunnel-encap_gre-always ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **gre-ipv4** **Description** IPv4 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.) **Type:** string **Format:** ipv4-address **gre-ipv6** **Description** IPv6 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.) **Type:** string **Format:** ipv6-address **key-ipv4** **Description** Encapsulate with key (Hexadecimal 0x0-0xFFFFFFFF,decimal 0-4294967295) **Type:** string **Maximum Length:** 10 characters **Maximum Length:** 1 characters **key-ipv6** **Description** Encapsulate with key (Hexadecimal 0x0-0xFFFFFFFF,decimal 0-4294967295) **Type:** string **Maximum Length:** 10 characters **Maximum Length:** 1 characters **preserve-src-ipv4-gre** **Description** Use original source ip for encapsulation **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **preserve-src-ipv6-gre** **Description** Use original source ip for encapsulation **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1278_template_udp-list_tunnel-encap_always: template_udp-list_tunnel-encap_always ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **ipv4-addr** **Description** IPv4 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.) **Type:** string **Format:** ipv4-address **ipv6-addr** **Description** IPv6 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.) **Type:** string **Format:** ipv6-address **preserve-src-ipv4** **Description** Use original source ip for encapsulation **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **preserve-src-ipv6** **Description** Use original source ip for encapsulation **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1278_template_udp-list_spoof-detect-cfg: template_udp-list_spoof-detect-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **min-retry-gap** **Description** Optional minimum gap between 2 UDP packets for spoof-detect pass, unit is specified by min-retry-gap-interval **Type:** number **Range:** 1-80 **min-retry-gap-interval** **Description** '100ms': 100ms; '1sec': 1sec; **Type:** string **Supported Values:** 100ms, 1sec **Default:** 1sec **spoof-detect** **Description** Force client to retry on udp **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **spoof-detect-retry-timeout** **Description** timeout in seconds **Type:** number **Range:** 1-31 **Default:** 5 **Mutual Exclusion:** spoof-detect-retry-timeout and spoof-detect-retry-timeout-val-only are mutually exclusive **spoof-detect-retry-timeout-val-only** **Description** timeout in seconds **Type:** number **Range:** 1-31 **Default:** 5 **Mutual Exclusion:** spoof-detect-retry-timeout-val-only and spoof-detect-retry-timeout are mutually exclusive .. _1278_template_udp-list_drop-known-resp-src-port-cfg: template_udp-list_drop-known-resp-src-port-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **drop-known-resp-src-port** **Description** Drop well-known if src-port is less than 1024 **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exclude-src-resp-port** **Description** excluding src port equal destination port **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1278_template_udp-list_filter-list: template_udp-list_filter-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **byte-offset-filter** **Description** Filter Expression using Berkeley Packet Filter syntax **Type:** string **Format:** string-rlx **Maximum Length:** 1275 characters **Maximum Length:** 1 characters **udp-filter-action** **Description** 'blacklist-src': Also blacklist the source when action is taken; 'whitelist-src': Whitelist the source after filter passes, packets are dropped until then; 'count-only': Take no action and continue processing the next filter; **Type:** string **Supported Values:** blacklist-src, whitelist-src, count-only **udp-filter-regex** **Description** Regex Expression **Type:** string **Format:** string-rlx **Maximum Length:** 1275 characters **Maximum Length:** 1 characters **udp-filter-seq** **Description** Sequence number **Type:** number **Range:** 1-5 **udp-filter-unmatched** **Description** action taken when it does not match **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_template_http-list: template_http-list ^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **action** **Description** 'drop': Drop packets for the connection; 'reset': Send RST for the connection; **Type:** string **Supported Values:** drop, reset **Default:** drop **agent-filter** **Description:** agent-filter is a **JSON Block**. Please see below for :ref:`1278_template_http-list_agent-filter` **Type:** Object **challenge-cookie-name** **Description** Set the cookie name used to send back to client. Default is sto-idd **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Default:** sto-idd **challenge-interval** **Description** Specify the challenge interval. Default is 8 seconds **Type:** number **Range:** 1-31 **Default:** 8 **challenge-keep-cookie** **Description** Keep the challenge cookie from client and forward to backend. Default is do not keep **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **challenge-method** **Description** 'http-redirect': http-redirect; 'javascript': javascript; **Type:** string **Supported Values:** http-redirect, javascript **challenge-redirect-code** **Description** '302': 302 Found; '307': 307 Temporary Redirect; **Type:** string **Supported Values:** 302, 307 **Default:** 302 **challenge-uri-encode** **Description** Encode the challenge phrase in uri instead of in http cookie. Default encoded in http cookie **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **disable** **Description** Disable this template **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **disallow-connect-method** **Description** Do not allow HTTP Connect method (asymmetric mode only) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **filter-header-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/template/http/{http-tmpl-name}/filter-header/{http-filter-header-seq} ` **http-tmpl-name** **Description** DDOS HTTP Template Name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **idle-timeout** **Description** Set the the idle timeout value in seconds for HTTP connections **Type:** number **Range:** 1-63 **ignore-zero-payload** **Description** Don't reset idle timer on packets with zero payload length from clients **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **malformed-http** **Description:** malformed-http is a **JSON Block**. Please see below for :ref:`1278_template_http-list_malformed-http` **Type:** Object **mss-cfg** **Description:** mss-cfg is a **JSON Block**. Please see below for :ref:`1278_template_http-list_mss-cfg` **Type:** Object **multi-pu-threshold-distribution** **Description:** multi-pu-threshold-distribution is a **JSON Block**. Please see below for :ref:`1278_template_http-list_multi-pu-threshold-distribution` **Type:** Object **non-http-bypass** **Description** Bypass non-http traffic instead of dropping **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **out-of-order-queue-size** **Description** Set the number of packets for the out-of-order HTTP queue (asym mode only) **Type:** number **Range:** 0-15 **Default:** 3 **out-of-order-queue-timeout** **Description** Set the timeout value in seconds for out-of-order queue in HTTP (asym mode only) **Type:** number **Range:** 0-15 **Default:** 3 **post-rate-limit** **Description** Configure rate limiting for HTTP POST request **Type:** number **Range:** 1-16000000 **referer-filter** **Description:** referer-filter is a **JSON Block**. Please see below for :ref:`1278_template_http-list_referer-filter` **Type:** Object **request-header** **Description:** request-header is a **JSON Block**. Please see below for :ref:`1278_template_http-list_request-header` **Type:** Object **request-rate-limit** **Description:** request-rate-limit is a **JSON Block**. Please see below for :ref:`1278_template_http-list_request-rate-limit` **Type:** Object **response-rate-limit** **Description:** response-rate-limit is a **JSON Block**. Please see below for :ref:`1278_template_http-list_response-rate-limit` **Type:** Object **slow-read-drop** **Description:** slow-read-drop is a **JSON Block**. Please see below for :ref:`1278_template_http-list_slow-read-drop` **Type:** Object **use-hdr-ip-cfg** **Description:** use-hdr-ip-cfg is a **JSON Block**. Please see below for :ref:`1278_template_http-list_use-hdr-ip-cfg` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_template_http-list_request-rate-limit: template_http-list_request-rate-limit ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **request-rate** **Description** HTTP request rate limit **Type:** number **Range:** 1-16000000 **uri** **Type:** List .. _1278_template_http-list_request-rate-limit_uri: template_http-list_request-rate-limit_uri ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **contains-cfg** **Description:** contains-cfg is a **JSON Block**. Please see below for :ref:`1278_template_http-list_request-rate-limit_uri_contains-cfg` **Type:** Object **ends-cfg** **Description:** ends-cfg is a **JSON Block**. Please see below for :ref:`1278_template_http-list_request-rate-limit_uri_ends-cfg` **Type:** Object **equal-cfg** **Description:** equal-cfg is a **JSON Block**. Please see below for :ref:`1278_template_http-list_request-rate-limit_uri_equal-cfg` **Type:** Object **starts-cfg** **Description:** starts-cfg is a **JSON Block**. Please see below for :ref:`1278_template_http-list_request-rate-limit_uri_starts-cfg` **Type:** Object .. _1278_template_http-list_request-rate-limit_uri_equal-cfg: template_http-list_request-rate-limit_uri_equal-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **url-equals** **Description** Request rate-limit HTTP URI matching a specified pattern **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **url-equals-rate** **Description** Request rate limit **Type:** number **Range:** 1-16000000 .. _1278_template_http-list_request-rate-limit_uri_starts-cfg: template_http-list_request-rate-limit_uri_starts-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **url-starts-with** **Description** Request rate-limit HTTP URI strting with a specified pattern **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **url-starts-with-rate** **Description** Request rate limit **Type:** number **Range:** 1-16000000 .. _1278_template_http-list_request-rate-limit_uri_contains-cfg: template_http-list_request-rate-limit_uri_contains-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **url-contains** **Description** Request rate-limit HTTP URI containing a specified pattern **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **url-contains-rate** **Description** Request rate limit **Type:** number **Range:** 1-16000000 .. _1278_template_http-list_request-rate-limit_uri_ends-cfg: template_http-list_request-rate-limit_uri_ends-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **url-ends-with** **Description** Request rate-limit HTTP URI ending with a specified pattern **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **url-ends-with-rate** **Description** Request rate limit **Type:** number **Range:** 1-16000000 .. _1278_template_http-list_multi-pu-threshold-distribution: template_http-list_multi-pu-threshold-distribution ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **multi-pu-threshold-distribution-disable** **Description** 'disable': Destination side rate limit only. Default: Enable; **Type:** string **Supported Values:** disable **Mutual Exclusion:** multi-pu-threshold-distribution-disable and multi-pu-threshold-distribution-value are mutually exclusive **multi-pu-threshold-distribution-value** **Description** Destination side rate limit only. Default: 0 **Type:** number **Range:** 1-16000000 **Mutual Exclusion:** multi-pu-threshold-distribution-value and multi-pu-threshold-distribution-disable are mutually exclusive .. _1278_template_http-list_malformed-http: template_http-list_malformed-http ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **malformed-http-bad-chunk-mon-enabled** **Description** Enabling bad chunk monitoring. Default is disabled **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **malformed-http-enabled** **Description** Enabling ddos malformed http protection. Default value is disabled. **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **malformed-http-max-content-length** **Description** Set the maximum content-length header. Default value is 4294967295 bytes **Type:** number **Range:** 1-4294967295 **Default:** 4294967295 **malformed-http-max-header-name-size** **Description** Set the maxinum header name length. Default value is 64. **Type:** number **Range:** 1-64 **Default:** 64 **malformed-http-max-line-size** **Description** Set the maximum line size. Default value is 32512 **Type:** number **Range:** 1-65280 **Default:** 32512 **malformed-http-max-num-headers** **Description** Set the maximum number of headers. Default value is 90 **Type:** number **Range:** 1-90 **Default:** 90 **malformed-http-max-req-line-size** **Description** Set the maximum request line size. Default value is 32512 **Type:** number **Range:** 1-65280 **Default:** 32512 .. _1278_template_http-list_request-header: template_http-list_request-header ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **timeout** **Description** **Type:** number **Range:** 1-63 .. _1278_template_http-list_agent-filter: template_http-list_agent-filter ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **agent-contains-cfg** **Type:** List **agent-ends-cfg** **Type:** List **agent-equals-cfg** **Type:** List **agent-filter-blacklist** **Description** Blacklist the source if the user-agent matches **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **agent-starts-cfg** **Type:** List .. _1278_template_http-list_agent-filter_agent-contains-cfg: template_http-list_agent-filter_agent-contains-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **agent-contains** **Description** **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _1278_template_http-list_agent-filter_agent-ends-cfg: template_http-list_agent-filter_agent-ends-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **agent-ends-with** **Description** **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _1278_template_http-list_agent-filter_agent-equals-cfg: template_http-list_agent-filter_agent-equals-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **agent-equals** **Description** **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _1278_template_http-list_agent-filter_agent-starts-cfg: template_http-list_agent-filter_agent-starts-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **agent-starts-with** **Description** **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _1278_template_http-list_filter-header-list: template_http-list_filter-header-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **http-filter-header-blacklist** **Description** Also blacklist the source when action is taken **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **http-filter-header-count-only** **Description** Take no action and continue processing the next filter **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **http-filter-header-regex** **Description** Regex Expression **Type:** string **Format:** string-rlx **Maximum Length:** 1275 characters **Maximum Length:** 1 characters **http-filter-header-seq** **Description** Sequence number **Type:** number **Range:** 1-5 **http-filter-header-unmatched** **Description** action taken when it does not match **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **http-filter-header-whitelist** **Description** Whitelist the source after filter passes, packets are dropped until then **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_template_http-list_response-rate-limit: template_http-list_response-rate-limit ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **obj-size** **Description:** obj-size is a **JSON Block**. Please see below for :ref:`1278_template_http-list_response-rate-limit_obj-size` **Type:** Object .. _1278_template_http-list_response-rate-limit_obj-size: template_http-list_response-rate-limit_obj-size ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **between-cfg** **Type:** List **greater-cfg** **Type:** List **less-cfg** **Type:** List .. _1278_template_http-list_response-rate-limit_obj-size_between-cfg: template_http-list_response-rate-limit_obj-size_between-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **obj-between-rate** **Description** Response rate limit **Type:** number **Range:** 1-16000000 **obj-between1** **Description** Response size configuration **Type:** number **Range:** 1-16000000 **obj-between2** **Description** Response size configuration **Type:** number **Range:** 1-16000000 .. _1278_template_http-list_response-rate-limit_obj-size_greater-cfg: template_http-list_response-rate-limit_obj-size_greater-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **obj-greater** **Description** Response size configuration **Type:** number **Range:** 1-16000000 **obj-greater-rate** **Description** Response rate limit **Type:** number **Range:** 1-16000000 .. _1278_template_http-list_response-rate-limit_obj-size_less-cfg: template_http-list_response-rate-limit_obj-size_less-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **obj-less** **Description** Response size configuration **Type:** number **Range:** 1-16000000 **obj-less-rate** **Description** Response rate limit **Type:** number **Range:** 1-16000000 .. _1278_template_http-list_mss-cfg: template_http-list_mss-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **mss-percent** **Description** Configure percentage of mss such that if a packet size is below the mss times mss-percent, packet is considered bad. **Type:** number **Range:** 1-100 **mss-timeout** **Description** Configure DDOS detection based on mss and packet size **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **number-packets** **Description** Specify percentage of mss. Default is 0, mss-timeout is not enabled. **Type:** number **Range:** 1-31 .. _1278_template_http-list_referer-filter: template_http-list_referer-filter ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **ref-filter-blacklist** **Description** Blacklist the source if the referer matches **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **referer-contains-cfg** **Type:** List **referer-ends-cfg** **Type:** List **referer-equals-cfg** **Type:** List **referer-starts-cfg** **Type:** List .. _1278_template_http-list_referer-filter_referer-equals-cfg: template_http-list_referer-filter_referer-equals-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **referer-equals** **Description** **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _1278_template_http-list_referer-filter_referer-starts-cfg: template_http-list_referer-filter_referer-starts-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **referer-starts-with** **Description** **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _1278_template_http-list_referer-filter_referer-contains-cfg: template_http-list_referer-filter_referer-contains-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **referer-contains** **Description** **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _1278_template_http-list_referer-filter_referer-ends-cfg: template_http-list_referer-filter_referer-ends-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **referer-ends-with** **Description** **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _1278_template_http-list_slow-read-drop: template_http-list_slow-read-drop ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **min-window-count** **Description** Number of packets **Type:** number **Range:** 1-31 **min-window-size** **Description** minimum window size **Type:** number **Range:** 1-65535 .. _1278_template_http-list_use-hdr-ip-cfg: template_http-list_use-hdr-ip-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **l7-hdr-name** **Description** Set the http header name to parse for client ip. Default is X-Forwarded-For **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Default:** X-Forwarded-For **use-hdr-ip-as-source** **Description** Mitigate on src ip specified by http header for example X-Forwarded-For header. Default is disabled **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1278_template_sip-list: template_sip-list ^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **action** **Description** 'drop': Drop packets for sip connection; 'reset': Send RST for sip-tcp connection; **Type:** string **Supported Values:** drop, reset **Default:** drop **dst** **Description:** dst is a **JSON Block**. Please see below for :ref:`1278_template_sip-list_dst` **Type:** Object **filter-header-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/template/sip/{sip-tmpl-name}/filter-header/{sip-filter-header-seq} ` **idle-timeout** **Description** Set the the idle timeout value for sip-tcp connections **Type:** number **Range:** 1-63 **ignore-zero-payload** **Description** Don't reset idle timer on packets with zero payload length from clients **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **malformed-sip** **Description:** malformed-sip is a **JSON Block**. Please see below for :ref:`1278_template_sip-list_malformed-sip` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/template/sip/{sip-tmpl-name}/malformed-sip ` **multi-pu-threshold-distribution** **Description:** multi-pu-threshold-distribution is a **JSON Block**. Please see below for :ref:`1278_template_sip-list_multi-pu-threshold-distribution` **Type:** Object **sip-tmpl-name** **Description** DDOS SIP Template Name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **src** **Description:** src is a **JSON Block**. Please see below for :ref:`1278_template_sip-list_src` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_template_sip-list_src: template_sip-list_src ^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **sip-request-rate-limit** **Description:** sip-request-rate-limit is a **JSON Block**. Please see below for :ref:`1278_template_sip-list_src_sip-request-rate-limit` **Type:** Object .. _1278_template_sip-list_src_sip-request-rate-limit: template_sip-list_src_sip-request-rate-limit ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **method** **Description:** method is a **JSON Block**. Please see below for :ref:`1278_template_sip-list_src_sip-request-rate-limit_method` **Type:** Object .. _1278_template_sip-list_src_sip-request-rate-limit_method: template_sip-list_src_sip-request-rate-limit_method ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **bye-cfg** **Description:** bye-cfg is a **JSON Block**. Please see below for :ref:`1278_template_sip-list_src_sip-request-rate-limit_method_bye-cfg` **Type:** Object **invite-cfg** **Description:** invite-cfg is a **JSON Block**. Please see below for :ref:`1278_template_sip-list_src_sip-request-rate-limit_method_invite-cfg` **Type:** Object **message-cfg** **Description:** message-cfg is a **JSON Block**. Please see below for :ref:`1278_template_sip-list_src_sip-request-rate-limit_method_message-cfg` **Type:** Object **notify-cfg** **Description:** notify-cfg is a **JSON Block**. Please see below for :ref:`1278_template_sip-list_src_sip-request-rate-limit_method_notify-cfg` **Type:** Object **options-cfg** **Description:** options-cfg is a **JSON Block**. Please see below for :ref:`1278_template_sip-list_src_sip-request-rate-limit_method_options-cfg` **Type:** Object **refer-cfg** **Description:** refer-cfg is a **JSON Block**. Please see below for :ref:`1278_template_sip-list_src_sip-request-rate-limit_method_refer-cfg` **Type:** Object **register-cfg** **Description:** register-cfg is a **JSON Block**. Please see below for :ref:`1278_template_sip-list_src_sip-request-rate-limit_method_register-cfg` **Type:** Object **subscribe-cfg** **Description:** subscribe-cfg is a **JSON Block**. Please see below for :ref:`1278_template_sip-list_src_sip-request-rate-limit_method_subscribe-cfg` **Type:** Object **update-cfg** **Description:** update-cfg is a **JSON Block**. Please see below for :ref:`1278_template_sip-list_src_sip-request-rate-limit_method_update-cfg` **Type:** Object .. _1278_template_sip-list_src_sip-request-rate-limit_method_options-cfg: template_sip-list_src_sip-request-rate-limit_method_options-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **src-sip-options-cfg-flag** **Description** OPTIONS method **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **src-sip-options-rate** **Description** **Type:** number **Range:** 1-16000000 .. _1278_template_sip-list_src_sip-request-rate-limit_method_refer-cfg: template_sip-list_src_sip-request-rate-limit_method_refer-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **src-sip-refer-cfg-flag** **Description** REFER method **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **src-sip-refer-rate** **Description** **Type:** number **Range:** 1-16000000 .. _1278_template_sip-list_src_sip-request-rate-limit_method_bye-cfg: template_sip-list_src_sip-request-rate-limit_method_bye-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **src-sip-bye-cfg-flag** **Description** BYE method **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **src-sip-bye-rate** **Description** **Type:** number **Range:** 1-16000000 .. _1278_template_sip-list_src_sip-request-rate-limit_method_subscribe-cfg: template_sip-list_src_sip-request-rate-limit_method_subscribe-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **src-sip-subscribe-cfg-flag** **Description** SUBSCRIBE method **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **src-sip-subscribe-rate** **Description** **Type:** number **Range:** 1-16000000 .. _1278_template_sip-list_src_sip-request-rate-limit_method_register-cfg: template_sip-list_src_sip-request-rate-limit_method_register-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **src-sip-register-cfg-flag** **Description** REGISTER method **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **src-sip-register-rate** **Description** **Type:** number **Range:** 1-16000000 .. _1278_template_sip-list_src_sip-request-rate-limit_method_invite-cfg: template_sip-list_src_sip-request-rate-limit_method_invite-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **src-sip-invite-cfg-flag** **Description** INVITE method **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **src-sip-invite-rate** **Description** **Type:** number **Range:** 1-16000000 .. _1278_template_sip-list_src_sip-request-rate-limit_method_message-cfg: template_sip-list_src_sip-request-rate-limit_method_message-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **src-sip-message-cfg-flag** **Description** MESSAGE method **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **src-sip-message-rate** **Description** **Type:** number **Range:** 1-16000000 .. _1278_template_sip-list_src_sip-request-rate-limit_method_update-cfg: template_sip-list_src_sip-request-rate-limit_method_update-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **src-sip-update-cfg-flag** **Description** UPDATE method **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **src-sip-update-rate** **Description** **Type:** number **Range:** 1-16000000 .. _1278_template_sip-list_src_sip-request-rate-limit_method_notify-cfg: template_sip-list_src_sip-request-rate-limit_method_notify-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **src-sip-notify-cfg-flag** **Description** NOTIFY method **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **src-sip-notify-rate** **Description** **Type:** number **Range:** 1-16000000 .. _1278_template_sip-list_dst: template_sip-list_dst ^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **sip-request-rate-limit** **Description:** sip-request-rate-limit is a **JSON Block**. Please see below for :ref:`1278_template_sip-list_dst_sip-request-rate-limit` **Type:** Object .. _1278_template_sip-list_dst_sip-request-rate-limit: template_sip-list_dst_sip-request-rate-limit ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **method** **Description:** method is a **JSON Block**. Please see below for :ref:`1278_template_sip-list_dst_sip-request-rate-limit_method` **Type:** Object .. _1278_template_sip-list_dst_sip-request-rate-limit_method: template_sip-list_dst_sip-request-rate-limit_method ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **bye-cfg** **Description:** bye-cfg is a **JSON Block**. Please see below for :ref:`1278_template_sip-list_dst_sip-request-rate-limit_method_bye-cfg` **Type:** Object **invite-cfg** **Description:** invite-cfg is a **JSON Block**. Please see below for :ref:`1278_template_sip-list_dst_sip-request-rate-limit_method_invite-cfg` **Type:** Object **message-cfg** **Description:** message-cfg is a **JSON Block**. Please see below for :ref:`1278_template_sip-list_dst_sip-request-rate-limit_method_message-cfg` **Type:** Object **notify-cfg** **Description:** notify-cfg is a **JSON Block**. Please see below for :ref:`1278_template_sip-list_dst_sip-request-rate-limit_method_notify-cfg` **Type:** Object **options-cfg** **Description:** options-cfg is a **JSON Block**. Please see below for :ref:`1278_template_sip-list_dst_sip-request-rate-limit_method_options-cfg` **Type:** Object **refer-cfg** **Description:** refer-cfg is a **JSON Block**. Please see below for :ref:`1278_template_sip-list_dst_sip-request-rate-limit_method_refer-cfg` **Type:** Object **register-cfg** **Description:** register-cfg is a **JSON Block**. Please see below for :ref:`1278_template_sip-list_dst_sip-request-rate-limit_method_register-cfg` **Type:** Object **subscribe-cfg** **Description:** subscribe-cfg is a **JSON Block**. Please see below for :ref:`1278_template_sip-list_dst_sip-request-rate-limit_method_subscribe-cfg` **Type:** Object **update-cfg** **Description:** update-cfg is a **JSON Block**. Please see below for :ref:`1278_template_sip-list_dst_sip-request-rate-limit_method_update-cfg` **Type:** Object .. _1278_template_sip-list_dst_sip-request-rate-limit_method_options-cfg: template_sip-list_dst_sip-request-rate-limit_method_options-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dst-sip-options-cfg-flag** **Description** OPTIONS method **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dst-sip-options-rate** **Description** **Type:** number **Range:** 1-16000000 .. _1278_template_sip-list_dst_sip-request-rate-limit_method_refer-cfg: template_sip-list_dst_sip-request-rate-limit_method_refer-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dst-sip-refer-cfg-flag** **Description** REFER method **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dst-sip-refer-rate** **Description** **Type:** number **Range:** 1-16000000 .. _1278_template_sip-list_dst_sip-request-rate-limit_method_bye-cfg: template_sip-list_dst_sip-request-rate-limit_method_bye-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dst-sip-bye-cfg-flag** **Description** BYE method **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dst-sip-bye-rate** **Description** **Type:** number **Range:** 1-16000000 .. _1278_template_sip-list_dst_sip-request-rate-limit_method_subscribe-cfg: template_sip-list_dst_sip-request-rate-limit_method_subscribe-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dst-sip-subscribe-cfg-flag** **Description** SUBSCRIBE method **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dst-sip-subscribe-rate** **Description** **Type:** number **Range:** 1-16000000 .. _1278_template_sip-list_dst_sip-request-rate-limit_method_register-cfg: template_sip-list_dst_sip-request-rate-limit_method_register-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dst-sip-register-cfg-flag** **Description** REGISTER method **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dst-sip-register-rate** **Description** **Type:** number **Range:** 1-16000000 .. _1278_template_sip-list_dst_sip-request-rate-limit_method_invite-cfg: template_sip-list_dst_sip-request-rate-limit_method_invite-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dst-sip-invite-cfg-flag** **Description** INVITE method **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dst-sip-invite-rate** **Description** **Type:** number **Range:** 1-16000000 .. _1278_template_sip-list_dst_sip-request-rate-limit_method_message-cfg: template_sip-list_dst_sip-request-rate-limit_method_message-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dst-sip-message-cfg-flag** **Description** MESSAGE method **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dst-sip-message-rate** **Description** **Type:** number **Range:** 1-16000000 .. _1278_template_sip-list_dst_sip-request-rate-limit_method_update-cfg: template_sip-list_dst_sip-request-rate-limit_method_update-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dst-sip-update-cfg-flag** **Description** UPDATE method **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dst-sip-update-rate** **Description** **Type:** number **Range:** 1-16000000 .. _1278_template_sip-list_dst_sip-request-rate-limit_method_notify-cfg: template_sip-list_dst_sip-request-rate-limit_method_notify-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dst-sip-notify-cfg-flag** **Description** NOTIFY method **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dst-sip-notify-rate** **Description** **Type:** number **Range:** 1-16000000 .. _1278_template_sip-list_multi-pu-threshold-distribution: template_sip-list_multi-pu-threshold-distribution ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **multi-pu-threshold-distribution-disable** **Description** 'disable': Destination side rate limit only. Default: Enable; **Type:** string **Supported Values:** disable **Mutual Exclusion:** multi-pu-threshold-distribution-disable and multi-pu-threshold-distribution-value are mutually exclusive **multi-pu-threshold-distribution-value** **Description** Destination side rate limit only. Default: 0 **Type:** number **Range:** 1-16000000 **Mutual Exclusion:** multi-pu-threshold-distribution-value and multi-pu-threshold-distribution-disable are mutually exclusive .. _1278_template_sip-list_malformed-sip: template_sip-list_malformed-sip ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **malformed-sip-call-id-max-length** **Description** Set the maximum call-id length. Default value is 32511 **Type:** number **Range:** 1-32511 **Default:** 32511 **malformed-sip-check** **Description** 'enable-check': Enable malformed SIP parameters; **Type:** string **Supported Values:** enable-check **malformed-sip-max-header-name-length** **Description** Set the maximum header name length. Default value is 63 **Type:** number **Range:** 1-63 **Default:** 63 **malformed-sip-max-header-value-length** **Description** Set the maximum header value length. Default value is 32511 **Type:** number **Range:** 1-32511 **Default:** 32511 **malformed-sip-max-line-size** **Description** Set the maximum line size. Default value is 32511 **Type:** number **Range:** 1-32511 **Default:** 32511 **malformed-sip-max-uri-length** **Description** Set the maximum uri size. Default value is 32511 **Type:** number **Range:** 1-32511 **Default:** 32511 **malformed-sip-sdp-max-length** **Description** Set the maxinum SDP content length. Default value is 32511 **Type:** number **Range:** 1-32511 **Default:** 32511 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_template_sip-list_filter-header-list: template_sip-list_filter-header-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **sip-filter-header-blacklist** **Description** Also blacklist the source when action is taken **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **sip-filter-header-count-only** **Description** Take no action and continue processing the next filter **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **sip-filter-header-regex** **Description** Regex Expression **Type:** string **Format:** string-rlx **Maximum Length:** 1275 characters **Maximum Length:** 1 characters **sip-filter-header-seq** **Description** Sequence number **Type:** number **Range:** 1-5 **sip-filter-header-unmatched** **Description** action taken when it does not match **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **sip-filter-header-whitelist** **Description** Whitelist the source after filter passes, packets are dropped until then **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_template_icmp-v6-list: template_icmp-v6-list ^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **icmp-tmpl-name** **Description** DDOS ICMPv6 Template Name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **type-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/template/icmp-v6/{icmp-tmpl-name}/type/{type-number} ` **type-other** **Description:** type-other is a **JSON Block**. Please see below for :ref:`1278_template_icmp-v6-list_type-other` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/template/icmp-v6/{icmp-tmpl-name}/type-other ` **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_template_icmp-v6-list_type-other: template_icmp-v6-list_type-other ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **type-other-deny** **Description** Deny all other type **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** type-other-deny and type-other-rate are mutually exclusive **type-other-rate** **Description** Specify rate with other type **Type:** number **Range:** 1-16000000 **Mutual Exclusion:** type-other-rate and type-other-deny are mutually exclusive **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_template_icmp-v6-list_type-list: template_icmp-v6-list_type-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **code** **Type:** List **code-other** **Description:** code-other is a **JSON Block**. Please see below for :ref:`1278_template_icmp-v6-list_type-list_code-other` **Type:** Object **type-deny** **Description** Reject this ICMP type **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** type-deny, type-rate, and code-other-rate are mutually exclusive **type-number** **Description** Specify ICMP type number **Type:** number **Range:** 0-255 **type-rate** **Description** Specify the whole rate with this type **Type:** number **Range:** 1-16000000 **Mutual Exclusion:** type-rate and type-deny are mutually exclusive **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_template_icmp-v6-list_type-list_code: template_icmp-v6-list_type-list_code ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **code-number** **Description** Specify the ICMP code **Type:** number **Range:** 0-255 **code-rate** **Description** Specify the rate with the code **Type:** number **Range:** 1-16000000 .. _1278_template_icmp-v6-list_type-list_code-other: template_icmp-v6-list_type-list_code-other ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **code-other-rate** **Description** Specify rate with other code **Type:** number **Range:** 1-16000000 **Mutual Exclusion:** code-other-rate and type-deny are mutually exclusive .. _1278_l4-sync: l4-sync ^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_outbound-policy-list: outbound-policy-list ^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **asn-based-tracking** **Description:** asn-based-tracking is a **JSON Block**. Please see below for :ref:`1278_outbound-policy-list_asn-based-tracking` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/outbound-policy/{name}/asn-based-tracking ` **country-based-tracking** **Description:** country-based-tracking is a **JSON Block**. Please see below for :ref:`1278_outbound-policy-list_country-based-tracking` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/outbound-policy/{name}/country-based-tracking ` **name** **Description** Specify name of the policy **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **policy-class-list-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/outbound-policy/{name}/policy-class-list/{class-list-name} ` **policy-default-class-list** **Description:** policy-default-class-list is a **JSON Block**. Please see below for :ref:`1278_outbound-policy-list_policy-default-class-list` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/outbound-policy/{name}/policy-default-class-list ` **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_outbound-policy-list_country-based-tracking: outbound-policy-list_country-based-tracking ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **configuration** **Description** 'configuration': Configure country based tracking; **Type:** string **Supported Values:** configuration **packet-rate-triggered** **Description** Triggered by 1/2 packet rate limitation in per-country-glid. **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **per-country-glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_outbound-policy-list_policy-default-class-list: outbound-policy-list_policy-default-class-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **class-list-glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **configuration** **Description** Default class-list configuration **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_outbound-policy-list_asn-based-tracking: outbound-policy-list_asn-based-tracking ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **configuration** **Description** 'configuration': Configure asn based tracking; **Type:** string **Supported Values:** configuration **packet-rate-triggered** **Description** Triggered by 1/2 packet rate limitation in per-asn-glid. **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **per-asn-glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_outbound-policy-list_policy-class-list-list: outbound-policy-list_policy-class-list-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **class-list-glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **class-list-name** **Description** Class-list name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/class-list ` **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_geo-location: geo-location ^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **db** **Description:** db is a **JSON Block**. Please see below for :ref:`1278_geo-location_db` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/geo-location/db ` **file** **Description:** file is a **JSON Block**. Please see below for :ref:`1278_geo-location_file` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/geo-location/file ` .. _1278_geo-location_db: geo-location_db ^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_geo-location_file: geo-location_file ^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_src-port-template: src-port-template ^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dns-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/src-port-template/dns/{name} ` **tcp-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/src-port-template/tcp/{name} ` **udp-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/src-port-template/udp/{name} ` .. _1278_src-port-template_udp-list: src-port-template_udp-list ^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **drop-ntp-monlist** **Description** Drop NTP monlist request/response **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **filter-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/src-port-template/udp/{name}/filter/{udp-filter-seq} ` **max-payload-size** **Description** Maximum UDP payload size for each single packet **Type:** number **Range:** 1-1470 **min-payload-size** **Description** Minimum UDP payload size for each single packet **Type:** number **Range:** 1-1470 **name** **Description** DDOS UDP Template Name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_src-port-template_udp-list_filter-list: src-port-template_udp-list_filter-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **byte-offset-filter** **Description** Filter Expression using Berkeley Packet Filter syntax **Type:** string **Format:** string-rlx **Maximum Length:** 1275 characters **Maximum Length:** 1 characters **udp-filter-action** **Description** 'blacklist-src': Also blacklist the source when action is taken; 'whitelist-src': Whitelist the source after filter passes, packets are dropped until then; 'count-only': Take no action and continue processing the next filter; **Type:** string **Supported Values:** blacklist-src, whitelist-src, count-only **udp-filter-regex** **Description** Regex Expression **Type:** string **Format:** string-rlx **Maximum Length:** 1275 characters **Maximum Length:** 1 characters **udp-filter-seq** **Description** Sequence number **Type:** number **Range:** 1-5 **udp-filter-unmatched** **Description** action taken when it does not match **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_src-port-template_dns-list: src-port-template_dns-list ^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **name** **Description** **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **query-resolution-check** **Description:** query-resolution-check is a **JSON Block**. Please see below for :ref:`1278_src-port-template_dns-list_query-resolution-check` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/src-port-template/dns/{name}/query-resolution-check ` **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_src-port-template_dns-list_query-resolution-check: src-port-template_dns-list_query-resolution-check ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **big-response-action** **Description** 'default': Default, No action for future connections; 'blacklist-src': Blacklist the external server for future connections; **Type:** string **Supported Values:** default, blacklist-src **Default:** default **big-response-size** **Description** Max DNS response size (in Bytes) **Type:** number **Range:** 1-4096 **domain-lockup-action** **Description** 'default': Default, No action for future connections; 'blacklist-src': Blacklist the external server for future connections; **Type:** string **Supported Values:** default, blacklist-src **Default:** default **session-timeout-value** **Description** max session timeout (secs) between DNS external server and Protected object **Type:** number **Range:** 1-30 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_src-port-template_tcp-list: src-port-template_tcp-list ^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **filter-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/src-port-template/tcp/{name}/filter/{tcp-filter-seq} ` **name** **Description** **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_src-port-template_tcp-list_filter-list: src-port-template_tcp-list_filter-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **byte-offset-filter** **Description** Filter Expression using Berkeley Packet Filter syntax **Type:** string **Format:** string-rlx **Maximum Length:** 1275 characters **Maximum Length:** 1 characters **tcp-filter-action** **Description** 'blacklist-src': Also blacklist the source when action is taken; 'whitelist-src': Whitelist the source after filter passes, packets are dropped until then; 'count-only': Take no action and continue processing the next filter; **Type:** string **Supported Values:** blacklist-src, whitelist-src, count-only **tcp-filter-regex** **Description** Regex Expression **Type:** string **Format:** string-rlx **Maximum Length:** 1275 characters **Maximum Length:** 1 characters **tcp-filter-seq** **Description** Sequence number **Type:** number **Range:** 1-5 **tcp-filter-unmatched** **Description** action taken when it does not match **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_local-address: local-address ^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **ip-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/local-address/ip/{ip-addr} ` **ipv6-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/local-address/ipv6/{ipv6-addr} ` .. _1278_local-address_ip-list: local-address_ip-list ^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **ip-addr** **Description** DDoS IPv4 Address for syn cookie usage **Type:** string **Format:** ipv4-address **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_local-address_ipv6-list: local-address_ipv6-list ^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **ipv6-addr** **Description** DDoS IPv6 Address for syn cookie usage **Type:** string **Format:** ipv6-address **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_l4-tcp: l4-tcp ^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_reporting: reporting ^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **toggle** **Description** 'disable-on-limit-reached': Disable reporting on DST/Port entry when the max reporting count is reached; 'reject-on-limit-reached': Reject the configuration when the max reporting count is reached; **Type:** string **Supported Values:** disable-on-limit-reached, reject-on-limit-reached **Default:** reject-on-limit-reached **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_ip-filtering-policy-list: ip-filtering-policy-list ^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **default-action** **Description** 'drop': Drop all the packets not meet any rule; 'permit': Forward all the packets not meet any rule (Default); **Type:** string **Supported Values:** drop, permit **Default:** permit **name** **Description** DDOS ip-filtering-policy name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **rule-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/ip-filtering-policy/{name}/rule/{seq} ` **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_ip-filtering-policy-list_rule-list: ip-filtering-policy-list_rule-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **action** **Description** 'drop': Drop the packet (default); 'permit': Let the packet skip all afterword address filters; 'blacklist': Blacklist with glid; 'bypass': Bypass all the ddos process; **Type:** string **Supported Values:** drop, permit, blacklist, bypass **Default:** drop **dst-ip** **Description** IPv4 Subnet address **Type:** string **Format:** ipv4-cidr **Mutual Exclusion:** dst-ip, src-ipv6, and dst-ipv6 are mutually exclusive **dst-ipv6** **Description** IPv6 Subnet address **Type:** string **Format:** ipv6-address-plen **Mutual Exclusion:** dst-ipv6, src-ip, and dst-ip are mutually exclusive **dst-port** **Description** Match only packets with the port number **Type:** number **Range:** 1-65535 **Mutual Exclusion:** dst-port and dst-port-start are mutually exclusive **dst-port-end** **Description** Ending Port Number **Type:** number **Range:** 1-65535 **dst-port-start** **Description** Match only packets in the range of port numbers (Starting Port Number) **Type:** number **Range:** 1-65535 **Mutual Exclusion:** dst-port-start and dst-port are mutually exclusive **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **icmp-code** **Description** ICMP code **Type:** number **Range:** 0-255 **icmp-type** **Description** ICMP message type **Type:** number **Range:** 0-255 **proto-num** **Description** IP proto number **Type:** number **Range:** 0-255 **protocol** **Description** 'tcp': TCP; 'udp': UDP; 'icmp-v4': ICMP; 'icmp-v6': ICMPv6; 'number': Specify IP protocol number; **Type:** string **Supported Values:** tcp, udp, icmp-v4, icmp-v6, number **seq** **Description** Sequence number **Type:** number **Range:** 1-200 **src-ip** **Description** IPv4 Subnet address **Type:** string **Format:** ipv4-cidr **Mutual Exclusion:** src-ip, src-ipv6, and dst-ipv6 are mutually exclusive **src-ipv6** **Description** IPv6 Subnet address **Type:** string **Format:** ipv6-address-plen **Mutual Exclusion:** src-ipv6, src-ip, and dst-ip are mutually exclusive **src-port** **Description** Match only packets with the port number **Type:** number **Range:** 1-65535 **Mutual Exclusion:** src-port and src-port-start are mutually exclusive **src-port-end** **Description** Ending Port Number **Type:** number **Range:** 1-65535 **src-port-start** **Description** Match only packets in the range of port numbers (Starting Port Number) **Type:** number **Range:** 1-65535 **Mutual Exclusion:** src-port-start and src-port are mutually exclusive **tcp-flag** **Description** 'match-all': not = 0 match = 1; 'none-of': not = 1 match = 0; 'match-any': not = 0 match = 0; **Type:** string **Supported Values:** match-all, none-of, match-any **tcp-flags-bitmask** **Description** Bitmask in Hex **Type:** string **Format:** time **Maximum Length:** 255 characters **Maximum Length:** 1 characters **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_violation-actions-list: violation-actions-list ^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **blackhole** **Description** Blackhole the zone (in minute, 0 means infinite) **Type:** number **Range:** 0-30 **blacklist-src** **Description** Blacklist-src (in min) (applied only for source action) **Type:** number **Range:** 1-30 **execute-script** **Description** Specify DDOS script to run (applied only for zone action) **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **execute-script-timeout** **Description** Timeout for script execution (in seconds) (applied only for zone action) **Type:** number **Range:** 5-20 **name** **Description** DDOS violation-actions name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **notification** **Type:** List **send-notification-only** **Description** Forces TPS to only send out notification for the violation-action **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_violation-actions-list_notification: violation-actions-list_notification ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **notification-template** **Description** Specify the notification template name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/notification-template ` .. _1278_protection: protection ^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **blacklist-reason-tracking** **Description** Enable blacklist reason tracking **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **close-sess-for-unauth-src-without-rst** **Description** When closing unauthenticated sessions, don't send TCP RST for established TCP sessions. (Default disabled / sending TCP RST for **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **disable-advanced-core-analysis** **Description** Disable advanced context info in coredump file **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **disable-delay-dynamic-src-learning** **Description** Disable delay dynamic src entry learning **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **disable-on-reboot** **Description** Disable DDoS protection upon reboot/reload **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **disallow-rst-ack-in-syn-auth** **Description** Disallow RST-ACK passing syn-auth **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **enable-now** **Description** Override disable-on-reboot to enable runtime DDOS protection **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **fast-aging** **Description:** fast-aging is a **JSON Block**. Please see below for :ref:`1278_protection_fast-aging` **Type:** Object **fast-path-disable** **Description** Disable fast path in SLB processing **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **force-routing-on-transp** **Description** Force use of routing in transparent mode **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **force-traffic-to-same-blade-disable** **Description** Allow traffic to be distributed among blades on Chassis **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **hw-blocking-enable** **Description** Enable hardware blacklist blocking for src or dst default entries (default disabled) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **hw-blocking-threshold-limit** **Description** Threshold to initiate hardware blocking (default 10000) **Type:** number **Range:** 1-16000000 **Default:** 10000 **ipv6-src-hash-mask-bits** **Description:** ipv6-src-hash-mask-bits is a **JSON Block**. Please see below for :ref:`1278_protection_ipv6-src-hash-mask-bits` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/protection/ipv6-src-hash-mask-bits ` **mpls** **Description** Enable MPLS packet inspection **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **multi-pu-zone-distribution** **Description:** multi-pu-zone-distribution is a **JSON Block**. Please see below for :ref:`1278_protection_multi-pu-zone-distribution` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/protection/multi-pu-zone-distribution ` **non-zero-win-size-syncookie** **Description** Send syn-cookie with fix TCP window size if SYN packet has zero window size (default disabled) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **progression-tracking** **Description** 'enable': enable; 'disable': disable; **Type:** string **Supported Values:** enable, disable **Default:** enable **rate-interval** **Description** '100ms': 100ms; '1sec': 1sec; **Type:** string **Supported Values:** 100ms, 1sec **Default:** 100ms **rexmit-syn-log** **Description** Enable ddos per flow rexmit syn exceeded log **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **src-dst-entry-limit** **Description** '8M': 8 Million; '16M': 16 Million; 'unlimited': Unlimited; 'platform-default': Half of platform maximum; **Type:** string **Supported Values:** 8M, 16M, unlimited, platform-default **Default:** 16M **src-ip-hash-bit** **Description** Configure which bit hashed on **Type:** number **Range:** 0-31 **Default:** 2 **src-ipv6-hash-bit** **Description** Configure which bit hashed on **Type:** number **Range:** 0-127 **Default:** 2 **src-zone-port-entry-limit** **Description** '8M': 8 Million; '16M': 16 Million; 'unlimited': Unlimited; 'platform-default': Half of platform maximum; **Type:** string **Supported Values:** 8M, 16M, unlimited, platform-default **Default:** 16M **toggle** **Description** 'enable': enable; 'disable': disable; **Type:** string **Supported Values:** enable, disable **Default:** disable **use-route** **Description** Use route table, default use receive hop for device initiated traffic **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_protection_fast-aging: protection_fast-aging ^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **half-open-conn-ratio** **Description** Minimum half-open session to total session ratio before session fast aging will take effect (default 25) **Type:** number **Range:** 1-99 **Default:** 25 **half-open-conn-threshold** **Description** Minimum half-open session (percentage) before session fast aging will take effect (default 1) **Type:** number **Range:** 1-99 **Default:** 1 .. _1278_protection_ipv6-src-hash-mask-bits: protection_ipv6-src-hash-mask-bits ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **mask-bit-offset-1** **Description** Configure mask bits **Type:** number **Range:** 0-127 **mask-bit-offset-2** **Description** Configure mask bits **Type:** number **Range:** 0-127 **mask-bit-offset-3** **Description** Configure mask bits **Type:** number **Range:** 0-127 **mask-bit-offset-4** **Description** Configure mask bits **Type:** number **Range:** 0-127 **mask-bit-offset-5** **Description** Configure mask bits **Type:** number **Range:** 0-127 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_protection_multi-pu-zone-distribution: protection_multi-pu-zone-distribution ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **cpu-threshold-per-entry** **Description** Entry/zone percentage threshold of CPU usage for source hash mode. Requires distribution-method cpu-usage. Default:60 **Type:** number **Range:** 30-100 **Default:** 60 **cpu-threshold-per-pu** **Description** Per PU percentage threshold of average CPU usage to start check entry usage. Requires distribution-method cpu-usage. Default:80 **Type:** number **Range:** 60-100 **Default:** 80 **distribution-method** **Description** 'cpu-usage': Entry/Zone distribution based on CPU usage percentage; 'traffic-rate': Entry/Zone distribution based on traffic kbit/pkt rate (Default); **Type:** string **Supported Values:** cpu-usage, traffic-rate **Default:** traffic-rate **rate-kbit-threshold** **Description** DDOS DST Entry/Zone kbit rate threshold for source hash mode **Type:** number **Range:** 1-150000000 **Default:** 150000000 **rate-pkt-threshold** **Description** DDOS DST Entry/Zone packet rate threshold for source hash mode **Type:** number **Range:** 1-55000000 **Default:** 55000000 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_notification-template-list: notification-template-list ^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **api** **Description:** api is a **JSON Block**. Please see below for :ref:`1278_notification-template-list_api` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/notification-template/{name}/api ` **debug-mode** **Description** Enable debug mode **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **disable** **Description** Disable the notification template (Disable notification temaplate) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **name** **Description** DDOS nofitication template name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **test-connectivity** **Description** Test connectivity to notification receiver **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **verbose** **Description** Dump zone IPs to the payload **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1278_notification-template-list_api: notification-template-list_api ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **authentication** **Description:** authentication is a **JSON Block**. Please see below for :ref:`1278_notification-template-list_api_authentication` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/notification-template/{name}/api/authentication ` **disable-authentication** **Description** Disable authentication to communicate to the host **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **host-ipv4-address** **Description** Configure the host IPv4 address to send notification (IPv4 address of the host) **Type:** string **Format:** ipv4-address **Mutual Exclusion:** host-ipv4-address, host-ipv6-address, and hostname are mutually exclusive **host-ipv6-address** **Description** Configure the host IPv6 address to send notification (IPv6 address of the host) **Type:** string **Format:** ipv6-address **Mutual Exclusion:** host-ipv6-address, host-ipv4-address, and hostname are mutually exclusive **hostname** **Description** host name(e.g www.a10networks.com) **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Mutual Exclusion:** hostname, host-ipv4-address, and host-ipv6-address are mutually exclusive **http-port** **Description** Configure the http port to use(default 80) (http port(default 80)) **Type:** number **Range:** 1-65535 **Default:** 80 **http-protocol** **Description** 'http': Use http protocol; 'https': Use https protocol(default); (http protocol) **Type:** string **Supported Values:** http, https **Default:** https **https-port** **Description** Configure the https port to use(default 443) (https port(default 443)) **Type:** number **Range:** 1-65535 **Default:** 443 **relative-uri** **Description** Configure the relative uri for the api(e.g /example , default /) (api relative uri) **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Default:** / **timeout** **Description** Configure the api execution timeout(default 10secs) (api timeout) **Type:** number **Range:** 5-60 **Default:** 10 **use-mgmt-port** **Description** Use management port to send out notification **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_notification-template-list_api_authentication: notification-template-list_api_authentication ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **api-key** **Description** Configure api-key as a mode of authentication **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **api-key-encrypted** **Description** Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED secret string) **api-key-string** **Description** Configure api-key as a mode of authentication **Type:** string **Format:** password **Maximum Length:** 64 characters **Maximum Length:** 1 characters **auth-password** **Description** Configure the authentication user password (Authentication password) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **auth-password-val** **Description** Configure the authentication user password (Authentication password) **Type:** string **Format:** password **Maximum Length:** 63 characters **Maximum Length:** 1 characters **auth-username** **Description** Configure the authentication user name **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **encrypted** **Description** Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED secret string) **relative-login-uri** **Description** Configure the authentication login uri **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **relative-logoff-uri** **Description** Configure the authentication logoff uri **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_notification-template-debug-log: notification-template-debug-log ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_logging: logging ^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_l7-sip: l7-sip ^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_resource-usage: resource-usage ^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_src: src ^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **default-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/src/default/{default-address-type} ` **dynamic-entries-resource-usage** **Description:** dynamic-entries-resource-usage is a **JSON Block**. Please see below for :ref:`1278_src_dynamic-entries-resource-usage` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/src/dynamic-entries-resource-usage ` **dynamic-entry** **Description:** dynamic-entry is a **JSON Block**. Please see below for :ref:`1278_src_dynamic-entry` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/src/dynamic-entry ` **dynamic-entry-overflow-policy-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/src/dynamic-entry-overflow-policy/{default-address-type} ` **entry-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/src/entry/{src-entry-name} ` **geo-location-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/src/geo-location/{geolocation-name} ` .. _1278_src_default-list: src_default-list ^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **age** **Description** Idle age for ip entry **Type:** number **Range:** 2-1023 **Default:** 5 **app-type-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/src/default/{default-address-type}/app-type/{protocol} ` **apply-policy-on-overflow** **Description** Enable this flag to apply overflow policy when dynamic entry count overflows **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **default-address-type** **Description** 'ip': ip; 'ipv6': ipv6; **Type:** string **Supported Values:** ip, ipv6 **disable** **Description** Disable **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exceed-log-cfg** **Description:** exceed-log-cfg is a **JSON Block**. Please see below for :ref:`1278_src_default-list_exceed-log-cfg` **Type:** Object **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **l4-type-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/src/default/{default-address-type}/l4-type/{protocol} ` **log-periodic** **Description** Enable periodic log while event is continuing **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **max-dynamic-entry-count** **Description** Maximum count for dynamic src entry **Type:** number **Range:** 0-2147483647 **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1278_src_default-list_template` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_src_default-list_app-type-list: src_default-list_app-type-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **protocol** **Description** 'dns': dns; 'http': http; 'ssl-l4': ssl-l4; 'sip': sip; **Type:** string **Supported Values:** dns, http, ssl-l4, sip **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1278_src_default-list_app-type-list_template` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_src_default-list_app-type-list_template: src_default-list_app-type-list_template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dns** **Description** DDOS dns template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **http** **Description** DDOS http template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **sip** **Description** DDOS sip template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **ssl-l4** **Description** DDOS SSL-L4 template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1278_src_default-list_template: src_default-list_template ^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **logging** **Description** DDOS logging template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1278_src_default-list_l4-type-list: src_default-list_l4-type-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **deny** **Description** Blacklist and Drop all incoming packets for protocol **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **protocol** **Description** 'tcp': tcp; 'udp': udp; 'icmp': icmp; 'other': other; **Type:** string **Supported Values:** tcp, udp, icmp, other **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1278_src_default-list_l4-type-list_template` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_src_default-list_l4-type-list_template: src_default-list_l4-type-list_template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **other** **Description** DDOS OTHER template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **tcp** **Description** DDOS TCP template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **template-icmp-v4** **Description** DDOS icmp-v4 template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **template-icmp-v6** **Description** DDOS icmp-v6 template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **udp** **Description** DDOS UDP template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1278_src_default-list_exceed-log-cfg: src_default-list_exceed-log-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **log-enable** **Description** Enable logging of limit exceed drop's **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1278_src_dynamic-entries-resource-usage: src_dynamic-entries-resource-usage ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_src_entry-list: src_entry-list ^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **app-type-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/src/entry/{src-entry-name}/app-type/{protocol} ` **bypass** **Description** Always permit for the Source to bypass all feature & limit checks **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **description** **Description** Description for this Source Entry **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **exceed-log-cfg** **Description:** exceed-log-cfg is a **JSON Block**. Please see below for :ref:`1278_src_entry-list_exceed-log-cfg` **Type:** Object **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **hw-blacklist-blocking** **Description:** hw-blacklist-blocking is a **JSON Block**. Please see below for :ref:`1278_src_entry-list_hw-blacklist-blocking` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/src/entry/{src-entry-name}/hw-blacklist-blocking ` **ip-addr** **Description** **Type:** string **Format:** ipv4-address **ipv6-addr** **Description** **Type:** string **Format:** ipv6-address **l4-type-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/src/entry/{src-entry-name}/l4-type/{protocol} ` **log-periodic** **Description** Enable periodic log while event is continuing **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **src-entry-name** **Description** **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **subnet-ip-addr** **Description** IP Subnet **Type:** string **Format:** ipv4-cidr **subnet-ipv6-addr** **Description** IPV6 Subnet **Type:** string **Format:** ipv6-address-plen **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1278_src_entry-list_template` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_src_entry-list_app-type-list: src_entry-list_app-type-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **protocol** **Description** 'dns': dns; 'http': http; 'ssl-l4': ssl-l4; 'sip': sip; **Type:** string **Supported Values:** dns, http, ssl-l4, sip **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1278_src_entry-list_app-type-list_template` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_src_entry-list_app-type-list_template: src_entry-list_app-type-list_template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dns** **Description** DDOS dns template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **http** **Description** DDOS http template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **sip** **Description** DDOS sip template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **ssl-l4** **Description** DDOS SSL-L4 template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1278_src_entry-list_hw-blacklist-blocking: src_entry-list_hw-blacklist-blocking ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **src-enable** **Description** Enable Src side hardware blocking **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_src_entry-list_l4-type-list: src_entry-list_l4-type-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **action** **Description** 'permit': Whitelist incoming packets for protocol; 'deny': Blacklist incoming packets for protocol; **Type:** string **Supported Values:** permit, deny **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **protocol** **Description** 'tcp': tcp; 'udp': udp; 'icmp': icmp; 'other': other; **Type:** string **Supported Values:** tcp, udp, icmp, other **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1278_src_entry-list_l4-type-list_template` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_src_entry-list_l4-type-list_template: src_entry-list_l4-type-list_template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **other** **Description** DDOS OTHER template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **tcp** **Description** DDOS TCP template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **template-icmp-v4** **Description** DDOS icmp-v4 template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **template-icmp-v6** **Description** DDOS icmp-v6 template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **udp** **Description** DDOS UDP template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1278_src_entry-list_exceed-log-cfg: src_entry-list_exceed-log-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **log-enable** **Description** Enable logging of limit exceed drop's **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1278_src_entry-list_template: src_entry-list_template ^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **logging** **Description** DDOS logging template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1278_src_geo-location-list: src_geo-location-list ^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **app-type-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/src/geo-location/{geolocation-name}/app-type/{protocol} ` **bypass** **Description** Always permit for the Source to bypass all feature & limit checks **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **description** **Description** Description for this Geolocation Entry **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **geolocation-name** **Description** Geolocation Name **Type:** string **Format:** string-rlx **Maximum Length:** 15 characters **Maximum Length:** 1 characters **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **l4-type-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/src/geo-location/{geolocation-name}/l4-type/{protocol} ` **log-periodic** **Description** Enable periodic log while event is continuing **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1278_src_geo-location-list_template` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_src_geo-location-list_app-type-list: src_geo-location-list_app-type-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **protocol** **Description** 'dns': dns; 'http': http; 'ssl-l4': ssl-l4; 'sip': sip; **Type:** string **Supported Values:** dns, http, ssl-l4, sip **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1278_src_geo-location-list_app-type-list_template` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_src_geo-location-list_app-type-list_template: src_geo-location-list_app-type-list_template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dns** **Description** DDOS DNS template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **http** **Description** DDOS HTTP template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **sip** **Description** DDOS sip template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **ssl-l4** **Description** DDOS SSL-L4 template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1278_src_geo-location-list_l4-type-list: src_geo-location-list_l4-type-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **action** **Description** 'permit': Whitelist incoming packets for protocol; 'deny': Blacklist incoming packets for protocol; **Type:** string **Supported Values:** permit, deny **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **protocol** **Description** 'tcp': tcp; 'udp': udp; 'icmp': icmp; 'other': other; **Type:** string **Supported Values:** tcp, udp, icmp, other **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1278_src_geo-location-list_l4-type-list_template` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_src_geo-location-list_l4-type-list_template: src_geo-location-list_l4-type-list_template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **other** **Description** DDOS OTHER template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **tcp** **Description** DDOS TCP template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **template-icmp-v4** **Description** DDOS ICMP template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **udp** **Description** DDOS UDP template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1278_src_geo-location-list_template: src_geo-location-list_template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **logging** **Description** DDOS logging template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1278_src_dynamic-entry-overflow-policy-list: src_dynamic-entry-overflow-policy-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **app-type-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/src/dynamic-entry-overflow-policy/{default-address-type}/app-type/{protocol} ` **default-address-type** **Description** 'ip': ip; 'ipv6': ipv6; **Type:** string **Supported Values:** ip, ipv6 **exceed-log-cfg** **Description:** exceed-log-cfg is a **JSON Block**. Please see below for :ref:`1278_src_dynamic-entry-overflow-policy-list_exceed-log-cfg` **Type:** Object **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **l4-type-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/src/dynamic-entry-overflow-policy/{default-address-type}/l4-type/{protocol} ` **log-periodic** **Description** Enable periodic log while event is continuing **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1278_src_dynamic-entry-overflow-policy-list_template` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_src_dynamic-entry-overflow-policy-list_app-type-list: src_dynamic-entry-overflow-policy-list_app-type-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **protocol** **Description** 'dns': dns; 'http': http; 'ssl-l4': ssl-l4; 'sip': sip; **Type:** string **Supported Values:** dns, http, ssl-l4, sip **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1278_src_dynamic-entry-overflow-policy-list_app-type-list_template` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_src_dynamic-entry-overflow-policy-list_app-type-list_template: src_dynamic-entry-overflow-policy-list_app-type-list_template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dns** **Description** DDOS dns template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **http** **Description** DDOS http template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **sip** **Description** DDOS sip template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **ssl-l4** **Description** DDOS SSL-L4 template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1278_src_dynamic-entry-overflow-policy-list_template: src_dynamic-entry-overflow-policy-list_template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **logging** **Description** DDOS logging template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1278_src_dynamic-entry-overflow-policy-list_l4-type-list: src_dynamic-entry-overflow-policy-list_l4-type-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **deny** **Description** Blacklist and Drop all incoming packets for protocol **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **protocol** **Description** 'tcp': tcp; 'udp': udp; 'icmp': icmp; 'other': other; **Type:** string **Supported Values:** tcp, udp, icmp, other **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1278_src_dynamic-entry-overflow-policy-list_l4-type-list_template` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_src_dynamic-entry-overflow-policy-list_l4-type-list_template: src_dynamic-entry-overflow-policy-list_l4-type-list_template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **other** **Description** DDOS OTHER template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **tcp** **Description** DDOS TCP template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **template-icmp-v4** **Description** DDOS icmp-v4 template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **template-icmp-v6** **Description** DDOS icmp-v6 template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **udp** **Description** DDOS UDP template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1278_src_dynamic-entry-overflow-policy-list_exceed-log-cfg: src_dynamic-entry-overflow-policy-list_exceed-log-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **log-enable** **Description** Enable logging of limit exceed drop's **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **with-sflow-sample** **Description** Turn on sflow sample with log **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1278_src_dynamic-entry: src_dynamic-entry ^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_protect: protect ^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_resource-tracking: resource-tracking ^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **cpu** **Description:** cpu is a **JSON Block**. Please see below for :ref:`1278_resource-tracking_cpu` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/resource-tracking/cpu ` .. _1278_resource-tracking_cpu: resource-tracking_cpu ^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **enable** **Description** Enable CPU usage tracking per dst object (default: disabled) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_network-object-list: network-object-list ^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **anomaly-detection-trigger** **Description** 'all': Use both learned and static thresholds (static thresholds take precedence); 'static-threshold-only': Use static thresholds only; **Type:** string **Supported Values:** all, static-threshold-only **Default:** all **histogram-enable** **Description** Enable histogram statistics (Default: Disabled) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **host-anomaly-threshold** **Description:** host-anomaly-threshold is a **JSON Block**. Please see below for :ref:`1278_network-object-list_host-anomaly-threshold` **Type:** Object **ip** **Type:** List **ipv6** **Type:** List **network-object-anomaly-threshold** **Description:** network-object-anomaly-threshold is a **JSON Block**. Please see below for :ref:`1278_network-object-list_network-object-anomaly-threshold` **Type:** Object **notification** **Description:** notification is a **JSON Block**. Please see below for :ref:`1278_network-object-list_notification` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/network-object/{object-name}/notification ` **object-name** **Description** **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **operational-mode** **Description** 'monitor': Monitor mode; 'learning': Learning mode; **Type:** string **Supported Values:** monitor, learning **Default:** learning **relative-auto-break-down-threshold** **Description:** relative-auto-break-down-threshold is a **JSON Block**. Please see below for :ref:`1278_network-object-list_relative-auto-break-down-threshold` **Type:** Object **sampling-enable** **Type:** List **service-break-down-threshold-local** **Description:** service-break-down-threshold-local is a **JSON Block**. Please see below for :ref:`1278_network-object-list_service-break-down-threshold-local` **Type:** Object **service-discovery** **Description** 'disable': Disable service discovery for hosts (default: enabled); **Type:** string **Supported Values:** disable **static-auto-break-down-threshold** **Description:** static-auto-break-down-threshold is a **JSON Block**. Please see below for :ref:`1278_network-object-list_static-auto-break-down-threshold` **Type:** Object **sub-network-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/network-object/{object-name}/sub-network/{subnet-ip-addr} ` **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_network-object-list_network-object-anomaly-threshold: network-object-list_network-object-anomaly-threshold ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **network-object-byte-rate** **Description** Byte rate of the network-object **Type:** number **Range:** 100-10995116277760 **network-object-pkt-rate** **Description** Packet rate of the network-object **Type:** number **Range:** 1-10995116277760 .. _1278_network-object-list_ip: network-object-list_ip ^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **subnet-ip-addr** **Description** IP Subnet, supported prefix range is from 8 to 31 **Type:** string **Format:** ipv4-cidr .. _1278_network-object-list_service-break-down-threshold-local: network-object-list_service-break-down-threshold-local ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **svc-percentage** **Description** percentage of parent ip node **Type:** number **Range:** 5-99 .. _1278_network-object-list_relative-auto-break-down-threshold: network-object-list_relative-auto-break-down-threshold ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **network-percentage** **Description** percentage of parent node **Type:** number **Range:** 1-99 **permil** **Description** permil of root node **Type:** number **Range:** 1-999 .. _1278_network-object-list_sampling-enable: network-object-list_sampling-enable ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'subnet_learned': Subnet Entry Learned; 'subnet_aged': Subnet Entry Aged; 'subnet_create_fail': Subnet Entry Create Failures; 'ip_learned': IP Entry Learned; 'ip_aged': IP Entry Aged; 'ip_create_fail': IP Entry Create Failures; 'service_learned': Service Entry Learned; 'service_aged': Service Entry Aged; 'service_create_fail': Service Entry Create Failures; **Type:** string **Supported Values:** all, subnet_learned, subnet_aged, subnet_create_fail, ip_learned, ip_aged, ip_create_fail, service_learned, service_aged, service_create_fail .. _1278_network-object-list_ipv6: network-object-list_ipv6 ^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **subnet-ipv6-addr** **Description** IPV6 Subnet, supported prefix range is from 40 to 63 **Type:** string **Format:** ipv6-address-plen .. _1278_network-object-list_sub-network-list: network-object-list_sub-network-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **host-anomaly-threshold** **Description:** host-anomaly-threshold is a **JSON Block**. Please see below for :ref:`1278_network-object-list_sub-network-list_host-anomaly-threshold` **Type:** Object **sub-network-anomaly-threshold** **Description:** sub-network-anomaly-threshold is a **JSON Block**. Please see below for :ref:`1278_network-object-list_sub-network-list_sub-network-anomaly-threshold` **Type:** Object **subnet-ip-addr** **Description** IPv4 Subnet/host, supported prefix range is from 24 to 32 **Type:** string **Format:** ipv4-cidr **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_network-object-list_sub-network-list_sub-network-anomaly-threshold: network-object-list_sub-network-list_sub-network-anomaly-threshold ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **static-sub-network-byte-rate** **Description** Byte rate of the sub-network **Type:** number **Range:** 100-4294967295 **static-sub-network-pkt-rate** **Description** Packet rate of the sub-network **Type:** number **Range:** 1-2147483647 .. _1278_network-object-list_sub-network-list_host-anomaly-threshold: network-object-list_sub-network-list_host-anomaly-threshold ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **static-byte-rate-threshold** **Description** Byte rate of per host **Type:** number **Range:** 100-4294967295 **static-pkt-rate-threshold** **Description** Packet rate of per host **Type:** number **Range:** 1-2147483647 .. _1278_network-object-list_notification: network-object-list_notification ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **configuration** **Description** 'configuration': configuration; **Type:** string **Supported Values:** configuration **notification** **Type:** List **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_network-object-list_notification_notification: network-object-list_notification_notification ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **notification-template-name** **Description** Specify the notification template name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/notification-template ` .. _1278_network-object-list_host-anomaly-threshold: network-object-list_host-anomaly-threshold ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **host-byte-rate** **Description** Byte rate of per host **Type:** number **Range:** 100-4294967295 **host-pkt-rate** **Description** Packet rate of per host **Type:** number **Range:** 1-2147483647 .. _1278_network-object-list_static-auto-break-down-threshold: network-object-list_static-auto-break-down-threshold ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **network-pkt-rate** **Description** packet rate of current node **Type:** number **Range:** 100-2000000 .. _1278_l7-dns: l7-dns ^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_tunnel: tunnel ^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_anomaly: anomaly ^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_use-default-route: use-default-route ^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **ethernet-start-cfg** **Type:** List **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_use-default-route_ethernet-start-cfg: use-default-route_ethernet-start-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **ethernet-end** **Description** **Type:** number **Format:** interface **ethernet-start** **Description** Traffic receive from the ethernet port will use default route **Type:** number **Format:** interface .. _1278_event-filter-list: event-filter-list ^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **black-list** **Description:** black-list is a **JSON Block**. Please see below for :ref:`1278_event-filter-list_black-list` **Type:** Object **drop** **Description:** drop is a **JSON Block**. Please see below for :ref:`1278_event-filter-list_drop` **Type:** Object **filter-name** **Description** **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **l4-type-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/event-filter/{filter-name}/l4-type/{protocol} ` **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **white-list** **Description:** white-list is a **JSON Block**. Please see below for :ref:`1278_event-filter-list_white-list` **Type:** Object .. _1278_event-filter-list_black-list: event-filter-list_black-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **black-list-dst** **Description** Dst entry/port is black-listed **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **black-list-src** **Description** Src entry/port is black-listed **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1278_event-filter-list_drop: event-filter-list_drop ^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **drop-black-list** **Description** Packet is dropped because of black-list **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **drop-dst** **Description** Packet is dropped because of dst **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **drop-src** **Description** Packet is dropped because of src **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1278_event-filter-list_white-list: event-filter-list_white-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **white-list-dst** **Description** Dst entry/port is white-listed **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **white-list-src** **Description** Src entry/port is white-listed **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1278_event-filter-list_l4-type-list: event-filter-list_l4-type-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **out-of-seq** **Description** TCP out-of-seq pkts **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **protocol** **Description** 'tcp': tcp; 'udp': udp; **Type:** string **Supported Values:** tcp, udp **retrans-syn-cfg** **Description:** retrans-syn-cfg is a **JSON Block**. Please see below for :ref:`1278_event-filter-list_l4-type-list_retrans-syn-cfg` **Type:** Object **tcp-auth** **Description:** tcp-auth is a **JSON Block**. Please see below for :ref:`1278_event-filter-list_l4-type-list_tcp-auth` **Type:** Object **udp-auth** **Description:** udp-auth is a **JSON Block**. Please see below for :ref:`1278_event-filter-list_l4-type-list_udp-auth` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zero-window** **Description** TCP zero window pkts **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1278_event-filter-list_l4-type-list_tcp-auth: event-filter-list_l4-type-list_tcp-auth ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **tcp-auth-fail** **Description** Packet that fails syn-auth/action-on-ack **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **tcp-auth-init** **Description** Packet that inits syn-auth/action-on-ack **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **tcp-auth-pass** **Description** Packet that passes syn-auth/action-on-ack **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1278_event-filter-list_l4-type-list_udp-auth: event-filter-list_l4-type-list_udp-auth ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **udp-auth-init** **Description** Packet that inits spoof-detect **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **udp-auth-pass** **Description** Packet that passes spoof-detect **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1278_event-filter-list_l4-type-list_retrans-syn-cfg: event-filter-list_l4-type-list_retrans-syn-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **retrans-syn** **Description** TCP SYN retransmission **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **retrans-syn-exceed** **Description** TCP SYN retransmission exceed **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1278_dns-cache-server: dns-cache-server ^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_switch: switch ^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_l7-http: l7-http ^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_action-list-list: action-list-list ^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **action** **Description:** action is a **JSON Block**. Please see below for :ref:`1278_action-list-list_action` **Type:** Object **capture-config** **Description** capture-config name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/capture-config ` **name** **Description** DDOS action-list name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-template** **Description:** zone-template is a **JSON Block**. Please see below for :ref:`1278_action-list-list_zone-template` **Type:** Object .. _1278_action-list-list_zone-template: action-list-list_zone-template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **encap** **Description** DDOS encap template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/zone-template/encap ` **logging** **Description** DDOS logging zone-template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/zone-template/logging ` .. _1278_action-list-list_action: action-list-list_action ^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **action** **Description** 'drop': Drop Packet (Default); 'ignore': Continue processing the packet; 'reset': Reset the connection; 'authenticate-src': Authenticate the source IP; 'blacklist-src': Black-list the source IP; 'tunnel-encap-packet': Encapsulate packet for tunneling. encap template need to be bound; **Type:** string **Supported Values:** drop, ignore, reset, authenticate-src, blacklist-src, tunnel-encap-packet **blacklist-src-value** **Description** blacklist duration in minutes **Type:** number **Range:** 1-30 **scrub-packet** **Description** allow packets to go through other DDoS checks before sent out **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **stateless** **Description** encapsulate all packests **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1278_zone-src-port-template: zone-src-port-template ^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dns-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/zone-src-port-template/dns/{name} ` **tcp-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/zone-src-port-template/tcp/{name} ` **udp-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/zone-src-port-template/udp/{name} ` .. _1278_zone-src-port-template_udp-list: zone-src-port-template_udp-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **filter-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/zone-src-port-template/udp/{name}/filter/{udp-filter-name} ` **filter-match-type** **Description** 'default': Stop matching on drop/blacklist action; 'stop-on-first-match': Stop matching on first match; **Type:** string **Supported Values:** default, stop-on-first-match **Default:** default **max-payload-size-cfg** **Description:** max-payload-size-cfg is a **JSON Block**. Please see below for :ref:`1278_zone-src-port-template_udp-list_max-payload-size-cfg` **Type:** Object **min-payload-size-cfg** **Description:** min-payload-size-cfg is a **JSON Block**. Please see below for :ref:`1278_zone-src-port-template_udp-list_min-payload-size-cfg` **Type:** Object **name** **Description** DDOS UDP Template Name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **ntp-monlist-cfg** **Description:** ntp-monlist-cfg is a **JSON Block**. Please see below for :ref:`1278_zone-src-port-template_udp-list_ntp-monlist-cfg` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_zone-src-port-template_udp-list_ntp-monlist-cfg: zone-src-port-template_udp-list_ntp-monlist-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **ntp-monlist** **Description** Take action for ntp monlist request/response **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **ntp-monlist-action** **Description** 'drop': Drop packets for ntp-monlist (Default); 'blacklist-src': Blacklist-src for ntp-monlist; 'ignore': Ignore ntp-monlist; **Type:** string **Supported Values:** drop, blacklist-src, ignore **Mutual Exclusion:** ntp-monlist-action and ntp-monlist-action-list-name are mutually exclusive **ntp-monlist-action-list-name** **Description** Configure action-list to take for ntp-monlist **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** ntp-monlist-action-list-name and ntp-monlist-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` .. _1278_zone-src-port-template_udp-list_max-payload-size-cfg: zone-src-port-template_udp-list_max-payload-size-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **max-payload-size** **Description** Maximum UDP payload size for each single packet **Type:** number **Range:** 1-1470 **max-payload-size-action** **Description** 'drop': Drop packets for max-payload-size exceed (Default); 'blacklist-src': Blacklist-src for max-payload-size exceed; 'ignore': Do nothing for max-payload-size exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **Mutual Exclusion:** max-payload-size-action and max-payload-size-action-list-name are mutually exclusive **max-payload-size-action-list-name** **Description** Configure action-list to take for max-payload-size exceed **Type:** string **Format:** string-rlx **Maximum Length:** 64 characters **Maximum Length:** 1 characters **Mutual Exclusion:** max-payload-size-action-list-name and max-payload-size-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` .. _1278_zone-src-port-template_udp-list_min-payload-size-cfg: zone-src-port-template_udp-list_min-payload-size-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **min-payload-size** **Description** Minimum UDP payload size for each single packet **Type:** number **Range:** 1-1470 **min-payload-size-action** **Description** 'drop': Drop packets for min-payload-size (Default); 'blacklist-src': Blacklist-src for min-payload-size; 'ignore': Do nothing for min-payload-size exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **Mutual Exclusion:** min-payload-size-action and min-payload-size-action-list-name are mutually exclusive **min-payload-size-action-list-name** **Description** Configure action-list to take for min-payload-size exceed **Type:** string **Format:** string-rlx **Maximum Length:** 64 characters **Maximum Length:** 1 characters **Mutual Exclusion:** min-payload-size-action-list-name and min-payload-size-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` .. _1278_zone-src-port-template_udp-list_filter-list: zone-src-port-template_udp-list_filter-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **byte-offset-filter** **Description** Filter using Berkeley Packet Filter syntax **Type:** string **Format:** string-rlx **Maximum Length:** 1275 characters **Maximum Length:** 1 characters **udp-filter-action** **Description** 'drop': Drop packets (Default); 'ignore': Take no action; 'blacklist-src': Blacklist-src; 'authenticate-src': Authenticate-src; **Type:** string **Supported Values:** drop, ignore, blacklist-src, authenticate-src **Mutual Exclusion:** udp-filter-action and udp-filter-action-list-name are mutually exclusive **udp-filter-action-list-name** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** udp-filter-action-list-name and udp-filter-action are mutually exclusive **udp-filter-inverse-match** **Description** Inverse the result of the matching **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **udp-filter-name** **Description** **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **udp-filter-regex** **Description** Regex Expression **Type:** string **Format:** string-rlx **Maximum Length:** 1275 characters **Maximum Length:** 1 characters **udp-filter-seq** **Description** Sequence number **Type:** number **Range:** 1-200 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_zone-src-port-template_dns-list: zone-src-port-template_dns-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **name** **Description** **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **query-resolution-check** **Description:** query-resolution-check is a **JSON Block**. Please see below for :ref:`1278_zone-src-port-template_dns-list_query-resolution-check` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/zone-src-port-template/dns/{name}/query-resolution-check ` **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_zone-src-port-template_dns-list_query-resolution-check: zone-src-port-template_dns-list_query-resolution-check ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **big-response-action** **Description** 'default': Default, No action for future connections; 'blacklist-src': Blacklist the external server for future connections; **Type:** string **Supported Values:** default, blacklist-src **Default:** default **big-response-size** **Description** Max DNS response size (in Bytes) **Type:** number **Range:** 1-4096 **domain-lockup-action** **Description** 'default': Default, No action for future connections; 'blacklist-src': Blacklist the external server for future connections; **Type:** string **Supported Values:** default, blacklist-src **Default:** default **session-timeout-value** **Description** max session timeout (secs) between DNS external server and Protected object **Type:** number **Range:** 1-30 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_zone-src-port-template_tcp-list: zone-src-port-template_tcp-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **filter-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/zone-src-port-template/tcp/{name}/filter/{tcp-filter-name} ` **filter-match-type** **Description** 'default': Stop matching on drop/blacklist action; 'stop-on-first-match': Stop matching on first match; **Type:** string **Supported Values:** default, stop-on-first-match **Default:** default **name** **Description** **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_zone-src-port-template_tcp-list_filter-list: zone-src-port-template_tcp-list_filter-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **byte-offset-filter** **Description** Filter using Berkeley Packet Filter syntax **Type:** string **Format:** string-rlx **Maximum Length:** 1275 characters **Maximum Length:** 1 characters **tcp-filter-action** **Description** 'drop': Drop packets (Default); 'ignore': Take no action; 'blacklist-src': Blacklist-src; 'authenticate-src': Authenticate-src; **Type:** string **Supported Values:** drop, ignore, blacklist-src, authenticate-src **Mutual Exclusion:** tcp-filter-action and tcp-filter-action-list-name are mutually exclusive **tcp-filter-action-list-name** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** tcp-filter-action-list-name and tcp-filter-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **tcp-filter-inverse-match** **Description** Inverse the result of the matching **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **tcp-filter-name** **Description** **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **tcp-filter-regex** **Description** Regex Expression **Type:** string **Format:** string-rlx **Maximum Length:** 1275 characters **Maximum Length:** 1 characters **tcp-filter-seq** **Description** Sequence number **Type:** number **Range:** 1-200 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_l4-udp: l4-udp ^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dns-cache-list: dns-cache-list ^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **any-query-action-str** **Description** 'respond-refuse': Send refuse response (default); 'respond-empty': Send empty response; 'drop': Drop the request; **Type:** string **Supported Values:** respond-refuse, respond-empty, drop **Default:** respond-refuse **default-serving-action** **Description** 'serve-from-cache': Serve DNS records; 'forward': Forward to DNS server; 'drop': Drop the request; **Type:** string **Supported Values:** serve-from-cache, forward, drop **Default:** serve-from-cache **domain-group** **Description:** domain-group is a **JSON Block**. Please see below for :ref:`1278_dns-cache-list_domain-group` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dns-cache/{name}/domain-group ` **fqdn-manual-override-action-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dns-cache/{name}/fqdn-manual-override-action/{fqdn-name} ` **name** **Description** DNS Cache Instance Name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **neg-cache-action-follow-q-rate** **Description** Negative cached response queries counted toward query-rate-threshold **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **non-authoritative-zone-query-action-str** **Description** 'default': Default action: respond-refuse; 'forward': Forward to DNS server; 'respond-refuse': Send refuse response; 'drop': Drop the request; **Type:** string **Supported Values:** default, forward, respond-refuse, drop **Default:** respond-refuse **sampling-enable** **Type:** List **sharded-domain-group-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dns-cache/{name}/sharded-domain-group/{name} ` **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-domain-lookup-miss-action** **Description** 'respond-nxdomain': Send NxDomain response; 'drop': Drop the request; **Type:** string **Supported Values:** respond-nxdomain, drop **Default:** respond-nxdomain **zone-manual-override-action-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dns-cache/{name}/zone-manual-override-action/{zone-name} ` **zone-transfer** **Description:** zone-transfer is a **JSON Block**. Please see below for :ref:`1278_dns-cache-list_zone-transfer` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dns-cache/{name}/zone-transfer ` .. _1278_dns-cache-list_domain-group: dns-cache-list_domain-group ^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **domain-list-policy-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dns-cache/{name}/domain-group/domain-list-policy/{name} ` **name** **Description** DNS domain group **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dns-cache-list_domain-group_domain-list-policy-list: dns-cache-list_domain-group_domain-list-policy-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **cache-all-records** **Description** cache all fqdn records including uncommon types **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **client-ipv4** **Description** Client ipv4 address **Type:** string **Format:** ipv4-address **client-ipv6** **Description** Client ipv6 address **Type:** string **Format:** ipv6-address **force** **Description** Force update even the serial is the same **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **manual-refresh** **Description** Manually refresh the particular zone **Type:** string **Format:** string-rlx **Maximum Length:** 253 characters **Maximum Length:** 1 characters **name** **Description** DNS domain list policy **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **oversize-answer-response** **Description** 'set-truncate-bit': Set the TC bit for oversize answer(default); 'disable-truncate-bit': Do not set TC bit for oversize answer; **Type:** string **Supported Values:** set-truncate-bit, disable-truncate-bit **Default:** set-truncate-bit **packet-capturing** **Description:** packet-capturing is a **JSON Block**. Please see below for :ref:`1278_dns-cache-list_domain-group_domain-list-policy-list_packet-capturing` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dns-cache/{name}/domain-group/domain-list-policy/{name}/packet-capturing ` **refresh-interval-hours** **Description** Zone transfer refresh rate in hours (Default 4). 0 means no refresh **Type:** number **Range:** 0-24 **Default:** 4 **resolve-cname-record** **Description** Always try to resolve domain in CNAME record answer section **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **respond-with-authority** **Description** Respond with authority section for all requests under this list **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **server-ipv4** **Description** Master ipv4 address **Type:** string **Format:** ipv4-address **server-ipv6** **Description** Master ipv6 address **Type:** string **Format:** ipv6-address **server-v4-port** **Description** Port number (default 53) **Type:** number **Range:** 1-65535 **Default:** 53 **server-v6-port** **Description** Port number (default 53) **Type:** number **Range:** 1-65535 **Default:** 53 **ttl-override** **Description** Override the TTL value for zone transfer **Type:** number **Range:** 1-2147483647 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dns-cache-list_domain-group_domain-list-policy-list_packet-capturing: dns-cache-list_domain-group_domain-list-policy-list_packet-capturing ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **root-zone-list** **Type:** List **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dns-cache-list_domain-group_domain-list-policy-list_packet-capturing_root-zone-list: dns-cache-list_domain-group_domain-list-policy-list_packet-capturing_root-zone-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **capture-config** **Description** Capture-config name **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/capture-config ` **capture-mode** **Description** 'regular': Capture packet anyway; 'capture-on-failure': Capture packet if last XFR was failed; **Type:** string **Supported Values:** regular, capture-on-failure **root-zone** **Description** Specify root zone to be captured **Type:** string **Format:** string-rlx **Maximum Length:** 253 characters **Maximum Length:** 1 characters .. _1278_dns-cache-list_fqdn-manual-override-action-list: dns-cache-list_fqdn-manual-override-action-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **action** **Description** 'default': Default; 'forward': Forward to DNS server; 'drop': Drop the request; 'serve-from-cache': Serve DNS records; **Type:** string **Supported Values:** default, forward, drop, serve-from-cache **fqdn-name** **Description** Specify fqdn name **Type:** string **Format:** string-rlx **Maximum Length:** 253 characters **Maximum Length:** 1 characters .. _1278_dns-cache-list_zone-transfer: dns-cache-list_zone-transfer ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dns-cache-list_sampling-enable: dns-cache-list_sampling-enable ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'total-cached-fqdn': total-cached-fqdn; 'total-cached-records': total-cached-records; 'fqdn-a': fqdn-a; 'fqdn-aaaa': fqdn-aaaa; 'fqdn-cname': fqdn-cname; 'fqdn-ns': fqdn-ns; 'fqdn-mx': fqdn-mx; 'fqdn-soa': fqdn-soa; 'fqdn-srv': fqdn-srv; 'fqdn-txt': fqdn-txt; 'fqdn-ptr': fqdn-ptr; 'fqdn-other': fqdn-other; 'fqdn-wildcard': fqdn-wildcard; 'fqdn-delegation': fqdn-delegation; 'shard-size': shard-size; 'resp-ext-size': resp-ext-size; 'a-record': a-record; 'aaaa-record': aaaa-record; 'cname-record': cname-record; 'ns-record': ns-record; 'mx-record': mx-record; 'soa-record': soa-record; 'srv-record': srv-record; 'txt-record': txt-record; 'ptr-record': ptr-record; 'other-record': other-record; 'fqdn-in-shard-filter': fqdn-in-shard-filter; **Type:** string **Supported Values:** all, total-cached-fqdn, total-cached-records, fqdn-a, fqdn-aaaa, fqdn-cname, fqdn-ns, fqdn-mx, fqdn-soa, fqdn-srv, fqdn-txt, fqdn-ptr, fqdn-other, fqdn-wildcard, fqdn-delegation, shard-size, resp-ext-size, a-record, aaaa-record, cname-record, ns-record, mx-record, soa-record, srv-record, txt-record, ptr-record, other-record, fqdn-in-shard-filter .. _1278_dns-cache-list_zone-manual-override-action-list: dns-cache-list_zone-manual-override-action-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **action** **Description** 'default': Default; 'forward': Forward to DNS server; 'drop': Drop the request; 'serve-from-cache': Serve DNS records; **Type:** string **Supported Values:** default, forward, drop, serve-from-cache **zone-name** **Description** Specify zone name **Type:** string **Format:** string-rlx **Maximum Length:** 253 characters **Maximum Length:** 1 characters .. _1278_dns-cache-list_sharded-domain-group-list: dns-cache-list_sharded-domain-group-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **encap-template** **Description** DDOS encap template to sepcify the tunnel endpoint **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **match-action** **Description** 'forward': Forward query to server (default); 'tunnel-encap': Encapsulate the query and send on a tunnel; **Type:** string **Supported Values:** forward, tunnel-encap **Default:** forward **name** **Description** DNS sharded domain group **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **sharded-domain-list-policy-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dns-cache/{name}/sharded-domain-group/{name}/sharded-domain-list-policy/{name} ` **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dns-cache-list_sharded-domain-group-list_sharded-domain-list-policy-list: dns-cache-list_sharded-domain-group-list_sharded-domain-list-policy-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **client-ipv4** **Description** Client ipv4 address **Type:** string **Format:** ipv4-address **client-ipv6** **Description** Client ipv6 address **Type:** string **Format:** ipv6-address **force** **Description** Force update even the serial is the same **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **manual-refresh** **Description** Manually refresh the particular zone **Type:** string **Format:** string-rlx **Maximum Length:** 253 characters **Maximum Length:** 1 characters **name** **Description** DNS sharded domain list policy **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **packet-capturing** **Description:** packet-capturing is a **JSON Block**. Please see below for :ref:`1278_dns-cache-list_sharded-domain-group-list_sharded-domain-list-policy-list_packet-capturing` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dns-cache/{name}/sharded-domain-group/{name}/sharded-domain-list-policy/{name}/packet-capturing ` **refresh-interval-hours** **Description** Zone transfer refresh rate in hours (Default 4). 0 means no refresh **Type:** number **Range:** 0-24 **Default:** 4 **server-ipv4** **Description** Master ipv4 address **Type:** string **Format:** ipv4-address **server-ipv6** **Description** Master ipv6 address **Type:** string **Format:** ipv6-address **server-v4-port** **Description** Port number (default 53) **Type:** number **Range:** 1-65535 **Default:** 53 **server-v6-port** **Description** Port number (default 53) **Type:** number **Range:** 1-65535 **Default:** 53 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dns-cache-list_sharded-domain-group-list_sharded-domain-list-policy-list_packet-capturing: dns-cache-list_sharded-domain-group-list_sharded-domain-list-policy-list_packet-capturing ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **root-zone-list** **Type:** List **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1278_dns-cache-list_sharded-domain-group-list_sharded-domain-list-policy-list_packet-capturing_root-zone-list: dns-cache-list_sharded-domain-group-list_sharded-domain-list-policy-list_packet-capturing_root-zone-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **capture-config** **Description** Capture-config name **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/capture-config ` **capture-mode** **Description** 'regular': Capture packet anyway; 'capture-on-failure': Capture packet if last XFR was failed; **Type:** string **Supported Values:** regular, capture-on-failure **root-zone** **Description** Specify root zone to be captured **Type:** string **Format:** string-rlx **Maximum Length:** 253 characters **Maximum Length:** 1 characters