.. _ddos_dst: ddos dst ======== Create dest-ip limit entry dst Specification ----------------- ===================================== ================================================= **Parameter** **Value** ===================================== ================================================= **Type** *Intermediate Resource* **Element Name** dst **Element URI** /axapi/v3/ddos/dst **Element Attributes** dst_attributes **Partition Visibility** shared **Schema** :download:`dst schema ` ===================================== ================================================= **Operations Allowed:** .. raw:: html .. raw:: html .. raw:: html .. raw:: html
OperationMethodURIPayload
Get Object .. raw:: html GET .. raw:: html /axapi/v3/ddos/dst .. raw:: html dst_attributes .. raw:: html
.. _1048_dst_attributes: dst attributes -------------- **default-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/default/{default-address-type} ` **dynamic-entries-resource-usage** **Description:** dynamic-entries-resource-usage is a **JSON Block**. Please see below for :ref:`1048_dynamic-entries-resource-usage` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/dynamic-entries-resource-usage ` **dynamic-entry** **Description:** dynamic-entry is a **JSON Block**. Please see below for :ref:`1048_dynamic-entry` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/dynamic-entry ` **dynamic-entry-overflow-policy-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/dynamic-entry-overflow-policy/{default-address-type} ` **entry-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name} ` **interface-ip-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/interface-ip/{addr} ` **interface-ipv6-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/interface-ipv6/{addr} ` **zone-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name} ` .. _1048_interface-ip-list: interface-ip-list ^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **addr** **Description** IP address of interface **Type:** string **Format:** ipv4-address **ip-proto-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/interface-ip/{addr}/ip-proto/{port-num} ` **l4-type-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/interface-ip/{addr}/l4-type/{protocol} ` **log-enable** **Description** Enable logging of limit exceed drops **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **log-periodic** **Description** Enable periodic log while event is continuing **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **port-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/interface-ip/{addr}/port/{port-num}+{protocol} ` **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_interface-ip-list_port-list: interface-ip-list_port-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **deny** **Description** Blacklist and Drop all incoming packets for protocol **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **port-num** **Description** Port Number **Type:** number **Range:** 1-65535 **protocol** **Description** 'tcp': tcp; 'udp': udp; 'http-probe': http port for interface health check; **Type:** string **Supported Values:** tcp, udp, http-probe **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_interface-ip-list_ip-proto-list: interface-ip-list_ip-proto-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **deny** **Description** Blacklist and Drop all incoming packets for protocol **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **port-num** **Description** IP protocol number **Type:** number **Range:** 0-255 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_interface-ip-list_l4-type-list: interface-ip-list_l4-type-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **deny** **Description** Blacklist and Drop all incoming packets for protocol **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **drop-frag-pkt** **Description** Drop fragmented packets **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **protocol** **Description** 'tcp': tcp; 'udp': udp; 'icmp': icmp; 'other': other; **Type:** string **Supported Values:** tcp, udp, icmp, other **tunnel-decap** **Description:** tunnel-decap is a **JSON Block**. Please see below for :ref:`1048_interface-ip-list_l4-type-list_tunnel-decap` **Type:** Object **tunnel-rate-limit** **Description:** tunnel-rate-limit is a **JSON Block**. Please see below for :ref:`1048_interface-ip-list_l4-type-list_tunnel-rate-limit` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_interface-ip-list_l4-type-list_tunnel-decap: interface-ip-list_l4-type-list_tunnel-decap ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **gre-decap** **Description** Enable GRE Tunnel decapsulation **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **ip-decap** **Description** Enable IP Tunnel decapsulation **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **key-cfg** **Type:** List .. _1048_interface-ip-list_l4-type-list_tunnel-decap_key-cfg: interface-ip-list_l4-type-list_tunnel-decap_key-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **key** **Description** Only decapsulate GRE packet with this key (Hexadecimal 0x0-0xFFFFFFFF,decimal 0-4294967295) **Type:** string **Maximum Length:** 10 characters **Maximum Length:** 1 characters .. _1048_interface-ip-list_l4-type-list_tunnel-rate-limit: interface-ip-list_l4-type-list_tunnel-rate-limit ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **gre-rate-limit** **Description** Enable inner IP rate limiting on GRE traffic **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **ip-rate-limit** **Description** Enable inner IP rate limiting on IPinIP traffic **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1048_default-list: default-list ^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **age** **Description** Idle age for ip entry **Type:** number **Range:** 5-1023 **apply-policy-on-overflow** **Description** Enable this flag to apply overflow policy when dynamic entry count overflows **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **default-address-type** **Description** 'ip': ip; 'ipv6': ipv6; **Type:** string **Supported Values:** ip, ipv6 **deny** **Description** Blacklist and Drop all incoming packets **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **disable** **Description** Disable **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **drop-disable** **Description** Disable certain drops during packet processing **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **drop-disable-fwd-immediate** **Description** Immediately forward L4 drops **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **drop-frag-pkt** **Description** Drop fragmented packets **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exceed-log-cfg** **Description:** exceed-log-cfg is a **JSON Block**. Please see below for :ref:`1048_default-list_exceed-log-cfg` **Type:** Object **exceed-log-dep-cfg** **Description:** exceed-log-dep-cfg is a **JSON Block**. Please see below for :ref:`1048_default-list_exceed-log-dep-cfg` **Type:** Object **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **inbound-forward-dscp** **Description** To set dscp value for inbound packets (DSCP Value for the clear traffic marking) **Type:** number **Range:** 1-63 **ip-proto-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/default/{default-address-type}/ip-proto/{port-num} ` **l4-type-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/default/{default-address-type}/l4-type/{protocol} ` **log-periodic** **Description** Enable periodic log while event is continuing **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **max-dynamic-entry-count** **Description** Maximum count for dynamic dst entry **Type:** number **Range:** 0-2147483647 **outbound-forward-dscp** **Description** To set dscp value for outbound **Type:** number **Range:** 1-63 **port-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/default/{default-address-type}/port/{port-num}+{protocol} ` **src-port-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/default/{default-address-type}/src-port/{port-num}+{protocol} ` **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1048_default-list_template` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_default-list_port-list: default-list_port-list ^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **deny** **Description** Blacklist and Drop all incoming packets for protocol **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **port-num** **Description** Port Number **Type:** number **Range:** 0-65535 **protocol** **Description** 'dns-tcp': dns-tcp; 'dns-udp': dns-udp; 'http': http; 'tcp': tcp; 'udp': udp; 'ssl-l4': ssl-l4; 'sip-udp': sip-udp; 'sip-tcp': sip-tcp; **Type:** string **Supported Values:** dns-tcp, dns-udp, http, tcp, udp, ssl-l4, sip-udp, sip-tcp **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1048_default-list_port-list_template` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_default-list_port-list_template: default-list_port-list_template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dns** **Description** DDOS dns template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **http** **Description** DDOS http template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **sip** **Description** DDOS sip template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **ssl-l4** **Description** DDOS ssl-l4 template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **tcp** **Description** DDOS tcp template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **udp** **Description** DDOS udp template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1048_default-list_template: default-list_template ^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **logging** **Description** DDOS logging template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1048_default-list_l4-type-list: default-list_l4-type-list ^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **deny** **Description** Blacklist and Drop all incoming packets for protocol **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **disable-syn-auth** **Description** Disable TCP SYN Authentication **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **drop-frag-pkt** **Description** Drop fragmented packets **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **drop-on-no-port-match** **Description** 'disable': disable; 'enable': enable; **Type:** string **Supported Values:** disable, enable **Default:** enable **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **max-rexmit-syn-per-flow** **Description** Maximum number of re-transmit SYN per flow. Exceed action set to Drop **Type:** number **Range:** 1-6 **protocol** **Description** 'tcp': tcp; 'udp': udp; 'icmp': icmp; 'other': other; **Type:** string **Supported Values:** tcp, udp, icmp, other **stateful** **Description** Enable stateful tracking of sessions (Default is stateless) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **syn-auth** **Description** 'send-rst': Send RST to client upon client ACK; 'force-rst-by-ack': Force client RST via the use of ACK; 'force-rst-by-synack': Force client RST via the use of bad SYN|ACK; 'disable': Disable TCP SYN Authentication; **Type:** string **Supported Values:** send-rst, force-rst-by-ack, force-rst-by-synack, disable **Default:** send-rst **syn-cookie** **Description** Enable SYN Cookie **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **tcp-reset-client** **Description** Send reset to client when rate exceeds or session ages out **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **tcp-reset-server** **Description** Send reset to server when rate exceeds or session ages out **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **tunnel-decap** **Description:** tunnel-decap is a **JSON Block**. Please see below for :ref:`1048_default-list_l4-type-list_tunnel-decap` **Type:** Object **tunnel-rate-limit** **Description:** tunnel-rate-limit is a **JSON Block**. Please see below for :ref:`1048_default-list_l4-type-list_tunnel-rate-limit` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_default-list_l4-type-list_tunnel-rate-limit: default-list_l4-type-list_tunnel-rate-limit ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **gre-rate-limit** **Description** Enable inner IP rate limiting on GRE traffic **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **ip-rate-limit** **Description** Enable inner IP rate limiting on IPinIP traffic **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1048_default-list_l4-type-list_tunnel-decap: default-list_l4-type-list_tunnel-decap ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **gre-decap** **Description** Enable GRE Tunnel decapsulation **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **ip-decap** **Description** Enable IP Tunnel decapsulation **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **key-cfg** **Type:** List .. _1048_default-list_l4-type-list_tunnel-decap_key-cfg: default-list_l4-type-list_tunnel-decap_key-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **key** **Description** Only decapsulate GRE packet with this key (Hexadecimal 0x0-0xFFFFFFFF,decimal 0-4294967295) **Type:** string **Maximum Length:** 10 characters **Maximum Length:** 1 characters .. _1048_default-list_src-port-list: default-list_src-port-list ^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **deny** **Description** Blacklist and Drop all incoming packets for protocol **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **port-num** **Description** Port Number **Type:** number **Range:** 0-65535 **protocol** **Description** 'udp': udp; 'tcp': tcp; **Type:** string **Supported Values:** udp, tcp **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1048_default-list_src-port-list_template` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_default-list_src-port-list_template: default-list_src-port-list_template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **src-tcp** **Description** DDOS tcp src template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **src-udp** **Description** DDOS udp src template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1048_default-list_ip-proto-list: default-list_ip-proto-list ^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **deny** **Description** Blacklist and Drop all incoming packets for protocol **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **port-num** **Description** Protocol Number **Type:** number **Range:** 0-255 **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1048_default-list_ip-proto-list_template` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_default-list_ip-proto-list_template: default-list_ip-proto-list_template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **other** **Description** DDOS other template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1048_default-list_exceed-log-cfg: default-list_exceed-log-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **log-enable** **Description** Enable logging of limit exceed drop's **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **with-sflow-sample** **Description** Turn on sflow sample with log **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1048_default-list_exceed-log-dep-cfg: default-list_exceed-log-dep-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **exceed-log-enable** **Description** (Deprecated)Enable logging of limit exceed drop's **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **log-with-sflow-dep** **Description** Turn on sflow sample with log **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1048_dynamic-entries-resource-usage: dynamic-entries-resource-usage ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_interface-ipv6-list: interface-ipv6-list ^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **addr** **Description** IPv6 address of interface **Type:** string **Format:** ipv6-address **ip-proto-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/interface-ipv6/{addr}/ip-proto/{port-num} ` **l4-type-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/interface-ipv6/{addr}/l4-type/{protocol} ` **log-enable** **Description** Enable logging of limit exceed drops **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **port-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/interface-ipv6/{addr}/port/{port-num}+{protocol} ` **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_interface-ipv6-list_port-list: interface-ipv6-list_port-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **deny** **Description** Blacklist and Drop all incoming packets for protocol **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **port-num** **Description** Port Number **Type:** number **Range:** 1-65535 **protocol** **Description** 'tcp': tcp; 'udp': udp; 'http-probe': http port for interface health check; **Type:** string **Supported Values:** tcp, udp, http-probe **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_interface-ipv6-list_ip-proto-list: interface-ipv6-list_ip-proto-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **deny** **Description** Blacklist and Drop all incoming packets for protocol **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **port-num** **Description** IP protocol number **Type:** number **Range:** 0-255 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_interface-ipv6-list_l4-type-list: interface-ipv6-list_l4-type-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **deny** **Description** Blacklist and Drop all incoming packets for protocol **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **drop-frag-pkt** **Description** Drop fragmented packets **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **protocol** **Description** 'tcp': tcp; 'udp': udp; 'icmp': icmp; 'other': other; **Type:** string **Supported Values:** tcp, udp, icmp, other **tunnel-decap** **Description:** tunnel-decap is a **JSON Block**. Please see below for :ref:`1048_interface-ipv6-list_l4-type-list_tunnel-decap` **Type:** Object **tunnel-rate-limit** **Description:** tunnel-rate-limit is a **JSON Block**. Please see below for :ref:`1048_interface-ipv6-list_l4-type-list_tunnel-rate-limit` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_interface-ipv6-list_l4-type-list_tunnel-decap: interface-ipv6-list_l4-type-list_tunnel-decap ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **gre-decap** **Description** Enable GRE Tunnel decapsulation **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **ip-decap** **Description** Enable IP Tunnel decapsulation **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **key-cfg** **Type:** List .. _1048_interface-ipv6-list_l4-type-list_tunnel-decap_key-cfg: interface-ipv6-list_l4-type-list_tunnel-decap_key-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **key** **Description** Only decapsulate GRE packet with this key (Hexadecimal 0x0-0xFFFFFFFF,decimal 0-4294967295) **Type:** string **Maximum Length:** 10 characters **Maximum Length:** 1 characters .. _1048_interface-ipv6-list_l4-type-list_tunnel-rate-limit: interface-ipv6-list_l4-type-list_tunnel-rate-limit ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **gre-rate-limit** **Description** Enable inner IP rate limiting on GRE traffic **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **ip-rate-limit** **Description** Enable inner IP rate limiting on IPinIP traffic **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1048_entry-list: entry-list ^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **advertised-enable** **Description** BGP advertised **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **blackhole-on-glid-exceed** **Description** Blackhole destination entry for X minutes upon glid limit exceeded **Type:** number **Range:** 1-30 **capture-config-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/capture-config/{name} ` **description** **Description** Description for this Destination Entry **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **dest-nat-ip** **Description** Destination NAT IP address **Type:** string **Format:** ipv4-address **dest-nat-ipv6** **Description** Destination NAT IPv6 address **Type:** string **Format:** ipv6-address **drop-disable** **Description** Disable certain drops during packet processing **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **drop-disable-fwd-immediate** **Description** Immediately forward L4 drops **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **drop-frag-pkt** **Description** Drop fragmented packets **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **drop-on-no-src-dst-default** **Description** Drop if no match with src-based-policy class-list, and default is not configured **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dst-entry-name** **Description** **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **dynamic-entry-overflow-policy-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/dynamic-entry-overflow-policy/{dummy-name} ` **enable-top-k** **Type:** List **exceed-log-cfg** **Description:** exceed-log-cfg is a **JSON Block**. Please see below for :ref:`1048_entry-list_exceed-log-cfg` **Type:** Object **exceed-log-dep-cfg** **Description:** exceed-log-dep-cfg is a **JSON Block**. Please see below for :ref:`1048_entry-list_exceed-log-dep-cfg` **Type:** Object **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **glid-exceed-action** **Description:** glid-exceed-action is a **JSON Block**. Please see below for :ref:`1048_entry-list_glid-exceed-action` **Type:** Object **hw-blacklist-blocking** **Description:** hw-blacklist-blocking is a **JSON Block**. Please see below for :ref:`1048_entry-list_hw-blacklist-blocking` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/hw-blacklist-blocking ` **inbound-forward-dscp** **Description** To set dscp value for inbound packets (DSCP Value for the clear traffic marking) **Type:** number **Range:** 1-63 **ip-addr** **Description** **Type:** string **Format:** ipv4-address **ip-proto-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/ip-proto/{port-num} ` **ipv6-addr** **Description** **Type:** string **Format:** ipv6-address **l4-type-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/l4-type/{protocol} ` **log-periodic** **Description** Enable periodic log while event is continuing **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **operational-mode** **Description** 'protection': Protection mode; 'bypass': Bypass mode; **Type:** string **Supported Values:** protection, bypass **Default:** protection **outbound-forward-dscp** **Description** To set dscp value for outbound **Type:** number **Range:** 1-63 **pattern-recognition-hw-filter-enable** **Description** to enable pattern recognition hardware filter **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **pattern-recognition-sensitivity** **Description** 'high': High sensitive pattern recognition; 'medium': Medium sensitive pattern recognition; 'low': Low sensitive pattern recognition; **Type:** string **Supported Values:** high, medium, low **port-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/port/{port-num}+{protocol} ` **port-range-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/port-range/{port-range-start}+{port-range-end}+{protocol} ` **reporting-disabled** **Description** Disable Reporting **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **sampling-enable** **Type:** List **set-counter-base-val** **Description** Set T2 counter value of current context to specified value **Type:** number **Range:** 1-4294967295 **sflow** **Description:** sflow is a **JSON Block**. Please see below for :ref:`1048_entry-list_sflow` **Type:** Object **source-nat-pool** **Description** Configure source NAT **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **src-dst-pair** **Description:** src-dst-pair is a **JSON Block**. Please see below for :ref:`1048_entry-list_src-dst-pair` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair ` **src-dst-pair-class-list-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair-class-list/{class-list-name} ` **src-dst-pair-policy-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair-policy/{src-based-policy-name} ` **src-dst-pair-settings-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair-settings/{all-types} ` **src-port-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-port/{port-num}+{protocol} ` **src-port-range-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-port-range/{src-port-range-start}+{src-port-range-end}+{protocol} ` **subnet-ip-addr** **Description** IP Subnet **Type:** string **Format:** ipv4-cidr **subnet-ipv6-addr** **Description** IPV6 Subnet **Type:** string **Format:** ipv6-address-plen **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1048_entry-list_template` **Type:** Object **topk-destinations** **Description:** topk-destinations is a **JSON Block**. Please see below for :ref:`1048_entry-list_topk-destinations` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/topk-destinations ` **traffic-distribution-mode** **Description** 'default': Distribute traffic to one slot using default distribution mechanism; 'source-ip-based': Distribute traffic between slots, based on source ip; **Type:** string **Supported Values:** default, source-ip-based **Default:** default **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_entry-list_port-list: entry-list_port-list ^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **capture-config** **Description:** capture-config is a **JSON Block**. Please see below for :ref:`1048_entry-list_port-list_capture-config` **Type:** Object **deny** **Description** Blacklist and Drop all incoming packets for protocol **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **detection-enable** **Description** Enable ddos detection **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dns-cache** **Description** DNS Cache Instance **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/dns-cache ` **enable-top-k** **Description** Enable ddos top-k entries **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **glid-exceed-action** **Description:** glid-exceed-action is a **JSON Block**. Please see below for :ref:`1048_entry-list_port-list_glid-exceed-action` **Type:** Object **ip-filtering-policy** **Description** Configure IP Filter **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/ip-filtering-policy ` **ip-filtering-policy-oper** **Description:** ip-filtering-policy-oper is a **JSON Block**. Please see below for :ref:`1048_entry-list_port-list_ip-filtering-policy-oper` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/port/{port-num}+{protocol}/ip-filtering-policy-oper ` **pattern-recognition** **Description:** pattern-recognition is a **JSON Block**. Please see below for :ref:`1048_entry-list_port-list_pattern-recognition` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/port/{port-num}+{protocol}/pattern-recognition ` **pattern-recognition-pu-details** **Description:** pattern-recognition-pu-details is a **JSON Block**. Please see below for :ref:`1048_entry-list_port-list_pattern-recognition-pu-details` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/port/{port-num}+{protocol}/pattern-recognition-pu-details ` **port-ind** **Description:** port-ind is a **JSON Block**. Please see below for :ref:`1048_entry-list_port-list_port-ind` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/port/{port-num}+{protocol}/port-ind ` **port-num** **Description** Port Number **Type:** number **Range:** 0-65535 **progression-tracking** **Description:** progression-tracking is a **JSON Block**. Please see below for :ref:`1048_entry-list_port-list_progression-tracking` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/port/{port-num}+{protocol}/progression-tracking ` **protocol** **Description** 'dns-tcp': DNS-TCP Port; 'dns-udp': DNS-UDP Port; 'http': HTTP Port; 'tcp': TCP Port; 'udp': UDP Port; 'ssl-l4': SSL-L4 Port; 'sip-udp': SIP-UDP Port; 'sip-tcp': SIP-TCP Port; **Type:** string **Supported Values:** dns-tcp, dns-udp, http, tcp, udp, ssl-l4, sip-udp, sip-tcp **set-counter-base-val** **Description** Set T2 counter value of current context to specified value **Type:** number **Range:** 1-4294967295 **sflow** **Description:** sflow is a **JSON Block**. Please see below for :ref:`1048_entry-list_port-list_sflow` **Type:** Object **signature-extraction** **Description:** signature-extraction is a **JSON Block**. Please see below for :ref:`1048_entry-list_port-list_signature-extraction` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/port/{port-num}+{protocol}/signature-extraction ` **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1048_entry-list_port-list_template` **Type:** Object **topk-num-records** **Description** Maximum number of records to show in topk **Type:** number **Range:** 1-100 **Default:** 20 **topk-sources** **Description:** topk-sources is a **JSON Block**. Please see below for :ref:`1048_entry-list_port-list_topk-sources` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/port/{port-num}+{protocol}/topk-sources ` **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_entry-list_port-list_pattern-recognition: entry-list_port-list_pattern-recognition ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **algorithm** **Description** 'heuristic': heuristic algorithm; **Type:** string **Supported Values:** heuristic **filter-inactive-threshold** **Description** Extracted filter inactive threshold **Type:** number **Range:** 5-255 **filter-threshold** **Description** Extracted filter threshold **Type:** number **Range:** 0-100 **mode** **Description** 'capture-never-expire': War-time capture without rate exceeding and never expires; 'manual': Manual mode; **Type:** string **Supported Values:** capture-never-expire, manual **sensitivity** **Description** 'high': High Sensitivity; 'medium': Medium Sensitivity; 'low': Low Sensitivity; **Type:** string **Supported Values:** high, medium, low **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_entry-list_port-list_signature-extraction: entry-list_port-list_signature-extraction ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **algorithm** **Description** 'heuristic': heuristic algorithm; **Type:** string **Supported Values:** heuristic **manual-mode** **Description** Enable manual mode **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_entry-list_port-list_template: entry-list_port-list_template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dns** **Description** DDOS dns template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **http** **Description** DDOS http template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **sip** **Description** DDOS sip template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **ssl-l4** **Description** DDOS SSL-L4 template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **tcp** **Description** DDOS tcp template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **udp** **Description** DDOS udp template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1048_entry-list_port-list_glid-exceed-action: entry-list_port-list_glid-exceed-action ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **stateless-encap-action-cfg** **Description:** stateless-encap-action-cfg is a **JSON Block**. Please see below for :ref:`1048_entry-list_port-list_glid-exceed-action_stateless-encap-action-cfg` **Type:** Object .. _1048_entry-list_port-list_glid-exceed-action_stateless-encap-action-cfg: entry-list_port-list_glid-exceed-action_stateless-encap-action-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **encap-template** **Description** Apply legacy encap template for encap action **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/template/encap ` **stateless-encap-action** **Description** 'stateless-tunnel-encap': Encapsulate all packets; 'stateless-tunnel-encap-scrubbed': Encapsulate all packets and allow packets to go through other DDoS checks before sent (conn-limit exceeded packet can not be scrubbed, it will default to stateless-tunnel-encap); **Type:** string **Supported Values:** stateless-tunnel-encap, stateless-tunnel-encap-scrubbed .. _1048_entry-list_port-list_pattern-recognition-pu-details: entry-list_port-list_pattern-recognition-pu-details ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_entry-list_port-list_port-ind: entry-list_port-list_port-ind ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **sampling-enable** **Type:** List **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_entry-list_port-list_port-ind_sampling-enable: entry-list_port-list_port-ind_sampling-enable ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'ip-proto-type': IP Protocol Type; 'ddet_ind_pkt_rate_current': Pkt Rate Current; 'ddet_ind_pkt_rate_min': Pkt Rate Min; 'ddet_ind_pkt_rate_max': Pkt Rate Max; 'ddet_ind_pkt_drop_rate_current': Pkt Drop Rate Current; 'ddet_ind_pkt_drop_rate_min': Pkt Drop Rate Min; 'ddet_ind_pkt_drop_rate_max': Pkt Drop Rate Max; 'ddet_ind_syn_rate_current': TCP SYN Rate Current; 'ddet_ind_syn_rate_min': TCP SYN Rate Min; 'ddet_ind_syn_rate_max': TCP SYN Rate Max; 'ddet_ind_fin_rate_current': TCP FIN Rate Current; 'ddet_ind_fin_rate_min': TCP FIN Rate Min; 'ddet_ind_fin_rate_max': TCP FIN Rate Max; 'ddet_ind_rst_rate_current': TCP RST Rate Current; 'ddet_ind_rst_rate_min': TCP RST Rate Min; 'ddet_ind_rst_rate_max': TCP RST Rate Max; 'ddet_ind_small_window_ack_rate_current': TCP Small Window ACK Rate Current; 'ddet_ind_small_window_ack_rate_min': TCP Small Window ACK Rate Min; 'ddet_ind_small_window_ack_rate_max': TCP Small Window ACK Rate Max; 'ddet_ind_empty_ack_rate_current': TCP Empty ACK Rate Current; 'ddet_ind_empty_ack_rate_min': TCP Empty ACK Rate Min; 'ddet_ind_empty_ack_rate_max': TCP Empty ACK Rate Max; 'ddet_ind_small_payload_rate_current': TCP Small Payload Rate Current; 'ddet_ind_small_payload_rate_min': TCP Small Payload Rate Min; 'ddet_ind_small_payload_rate_max': TCP Small Payload Rate Max; 'ddet_ind_pkt_drop_ratio_current': Pkt Drop / Pkt Rcvd Current; 'ddet_ind_pkt_drop_ratio_min': Pkt Drop / Pkt Rcvd Min; 'ddet_ind_pkt_drop_ratio_max': Pkt Drop / Pkt Rcvd Max; 'ddet_ind_inb_per_outb_current': Bytes-to / Bytes-from Current; 'ddet_ind_inb_per_outb_min': Bytes-to / Bytes-from Min; 'ddet_ind_inb_per_outb_max': Bytes-to / Bytes-from Max; 'ddet_ind_syn_per_fin_rate_current': TCP SYN Rate / FIN Rate Current; 'ddet_ind_syn_per_fin_rate_min': TCP SYN Rate / FIN Rate Min; 'ddet_ind_syn_per_fin_rate_max': TCP SYN Rate / FIN Rate Max; 'ddet_ind_conn_miss_rate_current': TCP Session Miss Rate Current; 'ddet_ind_conn_miss_rate_min': TCP Session Miss Rate Min; 'ddet_ind_conn_miss_rate_max': TCP Session Miss Rate Max; 'ddet_ind_concurrent_conns_current': TCP/UDP Concurrent Sessions Current; 'ddet_ind_concurrent_conns_min': TCP/UDP Concurrent Sessions Min; 'ddet_ind_concurrent_conns_max': TCP/UDP Concurrent Sessions Max; 'ddet_ind_data_cpu_util_current': Data CPU Utilization Current; 'ddet_ind_data_cpu_util_min': Data CPU Utilization Min; 'ddet_ind_data_cpu_util_max': Data CPU Utilization Max; 'ddet_ind_outside_intf_util_current': Outside Interface Utilization Current; 'ddet_ind_outside_intf_util_min': Outside Interface Utilization Min; 'ddet_ind_outside_intf_util_max': Outside Interface Utilization Max; 'ddet_ind_frag_rate_current': Frag Pkt Rate Current; 'ddet_ind_frag_rate_min': Frag Pkt Rate Min; 'ddet_ind_frag_rate_max': Frag Pkt Rate Max; 'ddet_ind_bit_rate_current': Bit Rate Current; 'ddet_ind_bit_rate_min': Bit Rate Min; 'ddet_ind_bit_rate_max': Bit Rate Max; **Type:** string **Supported Values:** all, ip-proto-type, ddet_ind_pkt_rate_current, ddet_ind_pkt_rate_min, ddet_ind_pkt_rate_max, ddet_ind_pkt_drop_rate_current, ddet_ind_pkt_drop_rate_min, ddet_ind_pkt_drop_rate_max, ddet_ind_syn_rate_current, ddet_ind_syn_rate_min, ddet_ind_syn_rate_max, ddet_ind_fin_rate_current, ddet_ind_fin_rate_min, ddet_ind_fin_rate_max, ddet_ind_rst_rate_current, ddet_ind_rst_rate_min, ddet_ind_rst_rate_max, ddet_ind_small_window_ack_rate_current, ddet_ind_small_window_ack_rate_min, ddet_ind_small_window_ack_rate_max, ddet_ind_empty_ack_rate_current, ddet_ind_empty_ack_rate_min, ddet_ind_empty_ack_rate_max, ddet_ind_small_payload_rate_current, ddet_ind_small_payload_rate_min, ddet_ind_small_payload_rate_max, ddet_ind_pkt_drop_ratio_current, ddet_ind_pkt_drop_ratio_min, ddet_ind_pkt_drop_ratio_max, ddet_ind_inb_per_outb_current, ddet_ind_inb_per_outb_min, ddet_ind_inb_per_outb_max, ddet_ind_syn_per_fin_rate_current, ddet_ind_syn_per_fin_rate_min, ddet_ind_syn_per_fin_rate_max, ddet_ind_conn_miss_rate_current, ddet_ind_conn_miss_rate_min, ddet_ind_conn_miss_rate_max, ddet_ind_concurrent_conns_current, ddet_ind_concurrent_conns_min, ddet_ind_concurrent_conns_max, ddet_ind_data_cpu_util_current, ddet_ind_data_cpu_util_min, ddet_ind_data_cpu_util_max, ddet_ind_outside_intf_util_current, ddet_ind_outside_intf_util_min, ddet_ind_outside_intf_util_max, ddet_ind_frag_rate_current, ddet_ind_frag_rate_min, ddet_ind_frag_rate_max, ddet_ind_bit_rate_current, ddet_ind_bit_rate_min, ddet_ind_bit_rate_max .. _1048_entry-list_port-list_progression-tracking: entry-list_port-list_progression-tracking ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_entry-list_port-list_topk-sources: entry-list_port-list_topk-sources ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_entry-list_port-list_ip-filtering-policy-oper: entry-list_port-list_ip-filtering-policy-oper ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_entry-list_port-list_sflow: entry-list_port-list_sflow ^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **polling** **Description:** polling is a **JSON Block**. Please see below for :ref:`1048_entry-list_port-list_sflow_polling` **Type:** Object .. _1048_entry-list_port-list_sflow_polling: entry-list_port-list_sflow_polling ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **sflow-http** **Description** Enable sFlow HTTP counter polling **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **sflow-packets** **Description** Enable sFlow packet-level counter polling **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **sflow-tcp** **Description:** sflow-tcp is a **JSON Block**. Please see below for :ref:`1048_entry-list_port-list_sflow_polling_sflow-tcp` **Type:** Object .. _1048_entry-list_port-list_sflow_polling_sflow-tcp: entry-list_port-list_sflow_polling_sflow-tcp ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **sflow-tcp-basic** **Description** Enable sFlow basic TCP counter polling **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **sflow-tcp-stateful** **Description** Enable sFlow stateful TCP counter polling **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1048_entry-list_port-list_capture-config: entry-list_port-list_capture-config ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **capture-config-mode** **Description** 'drop': Apply capture-config to dropped packets; 'forward': Apply capture-config to forwarded packets; 'all': Apply capture-config to both dropped and forwarded packets; **Type:** string **Supported Values:** drop, forward, all **capture-config-name** **Description** Capture-config name **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1048_entry-list_capture-config-list: entry-list_capture-config-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **mode** **Description** 'drop': Apply capture-config to dropped packets; 'forward': Apply capture-config to forwarded packets; 'all': Apply capture-config to both dropped and forwarded packets; **Type:** string **Supported Values:** drop, forward, all **name** **Description** Capture-config name **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/capture-config ` **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_entry-list_dynamic-entry-overflow-policy-list: entry-list_dynamic-entry-overflow-policy-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **app-type-src-dst-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/dynamic-entry-overflow-policy/{dummy-name}/app-type-src-dst/{protocol} ` **bypass** **Description** Always permit for the Source to bypass all feature & limit checks **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dummy-name** **Description** 'configuration': Configure src dst dynamic entry count overflow policy; **Type:** string **Supported Values:** configuration **exceed-log-cfg** **Description:** exceed-log-cfg is a **JSON Block**. Please see below for :ref:`1048_entry-list_dynamic-entry-overflow-policy-list_exceed-log-cfg` **Type:** Object **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **l4-type-src-dst-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/dynamic-entry-overflow-policy/{dummy-name}/l4-type-src-dst/{protocol} ` **log-periodic** **Description** Enable periodic log while event is continuing **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1048_entry-list_dynamic-entry-overflow-policy-list_template` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_entry-list_dynamic-entry-overflow-policy-list_template: entry-list_dynamic-entry-overflow-policy-list_template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **logging** **Description** DDOS logging template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1048_entry-list_dynamic-entry-overflow-policy-list_app-type-src-dst-list: entry-list_dynamic-entry-overflow-policy-list_app-type-src-dst-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **protocol** **Description** 'dns': dns; 'http': http; 'ssl-l4': ssl-l4; 'sip': sip; **Type:** string **Supported Values:** dns, http, ssl-l4, sip **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1048_entry-list_dynamic-entry-overflow-policy-list_app-type-src-dst-list_template` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_entry-list_dynamic-entry-overflow-policy-list_app-type-src-dst-list_template: entry-list_dynamic-entry-overflow-policy-list_app-type-src-dst-list_template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dns** **Description** DDOS dns template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **http** **Description** DDOS http template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **sip** **Description** DDOS sip template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **ssl-l4** **Description** DDOS SSL-L4 template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1048_entry-list_dynamic-entry-overflow-policy-list_l4-type-src-dst-list: entry-list_dynamic-entry-overflow-policy-list_l4-type-src-dst-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **deny** **Description** Blacklist and Drop all incoming packets for protocol **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **protocol** **Description** 'tcp': tcp; 'udp': udp; 'icmp': icmp; 'other': other; **Type:** string **Supported Values:** tcp, udp, icmp, other **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1048_entry-list_dynamic-entry-overflow-policy-list_l4-type-src-dst-list_template` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_entry-list_dynamic-entry-overflow-policy-list_l4-type-src-dst-list_template: entry-list_dynamic-entry-overflow-policy-list_l4-type-src-dst-list_template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **other** **Description** DDOS OTHER template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **tcp** **Description** DDOS TCP template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **template-icmp-v4** **Description** DDOS icmp-v4 template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **template-icmp-v6** **Description** DDOS icmp-v6 template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **udp** **Description** DDOS UDP template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1048_entry-list_dynamic-entry-overflow-policy-list_exceed-log-cfg: entry-list_dynamic-entry-overflow-policy-list_exceed-log-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **log-enable** **Description** Enable logging of limit exceed drop's **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1048_entry-list_port-range-list: entry-list_port-range-list ^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **capture-config** **Description:** capture-config is a **JSON Block**. Please see below for :ref:`1048_entry-list_port-range-list_capture-config` **Type:** Object **deny** **Description** Blacklist and Drop all incoming packets for protocol **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **detection-enable** **Description** Enable ddos detection **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **enable-top-k** **Description** Enable ddos top-k entries **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **glid-exceed-action** **Description:** glid-exceed-action is a **JSON Block**. Please see below for :ref:`1048_entry-list_port-range-list_glid-exceed-action` **Type:** Object **ip-filtering-policy** **Description** Configure IP Filter **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/ip-filtering-policy ` **ip-filtering-policy-oper** **Description:** ip-filtering-policy-oper is a **JSON Block**. Please see below for :ref:`1048_entry-list_port-range-list_ip-filtering-policy-oper` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/ip-filtering-policy-oper ` **pattern-recognition** **Description:** pattern-recognition is a **JSON Block**. Please see below for :ref:`1048_entry-list_port-range-list_pattern-recognition` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/pattern-recognition ` **pattern-recognition-pu-details** **Description:** pattern-recognition-pu-details is a **JSON Block**. Please see below for :ref:`1048_entry-list_port-range-list_pattern-recognition-pu-details` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/pattern-recognition-pu-details ` **port-ind** **Description:** port-ind is a **JSON Block**. Please see below for :ref:`1048_entry-list_port-range-list_port-ind` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/port-ind ` **port-range-end** **Description** Port-Range End Port Number **Type:** number **Range:** 1-65535 **port-range-start** **Description** Port-Range Start Port Number **Type:** number **Range:** 1-65535 **progression-tracking** **Description:** progression-tracking is a **JSON Block**. Please see below for :ref:`1048_entry-list_port-range-list_progression-tracking` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/progression-tracking ` **protocol** **Description** 'dns-tcp': DNS-TCP Port; 'dns-udp': DNS-UDP Port; 'http': HTTP Port; 'tcp': TCP Port; 'udp': UDP Port; 'ssl-l4': SSL-L4 Port; 'sip-udp': SIP-UDP Port; 'sip-tcp': SIP-TCP Port; **Type:** string **Supported Values:** dns-tcp, dns-udp, http, tcp, udp, ssl-l4, sip-udp, sip-tcp **set-counter-base-val** **Description** Set T2 counter value of current context to specified value **Type:** number **Range:** 1-4294967295 **sflow** **Description:** sflow is a **JSON Block**. Please see below for :ref:`1048_entry-list_port-range-list_sflow` **Type:** Object **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1048_entry-list_port-range-list_template` **Type:** Object **topk-num-records** **Description** Maximum number of records to show in topk **Type:** number **Range:** 1-100 **Default:** 20 **topk-sources** **Description:** topk-sources is a **JSON Block**. Please see below for :ref:`1048_entry-list_port-range-list_topk-sources` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/topk-sources ` **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_entry-list_port-range-list_pattern-recognition: entry-list_port-range-list_pattern-recognition ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **algorithm** **Description** 'heuristic': heuristic algorithm; **Type:** string **Supported Values:** heuristic **filter-inactive-threshold** **Description** Extracted filter inactive threshold **Type:** number **Range:** 5-255 **filter-threshold** **Description** Extracted filter threshold **Type:** number **Range:** 0-100 **mode** **Description** 'capture-never-expire': War-time capture without rate exceeding and never expires; 'manual': Manual mode; **Type:** string **Supported Values:** capture-never-expire, manual **sensitivity** **Description** 'high': High Sensitivity; 'medium': Medium Sensitivity; 'low': Low Sensitivity; **Type:** string **Supported Values:** high, medium, low **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_entry-list_port-range-list_template: entry-list_port-range-list_template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dns** **Description** DDOS dns template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **http** **Description** DDOS http template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **sip** **Description** DDOS sip template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **ssl-l4** **Description** DDOS SSL-L4 template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **tcp** **Description** DDOS tcp template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **udp** **Description** DDOS udp template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1048_entry-list_port-range-list_glid-exceed-action: entry-list_port-range-list_glid-exceed-action ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **stateless-encap-action-cfg** **Description:** stateless-encap-action-cfg is a **JSON Block**. Please see below for :ref:`1048_entry-list_port-range-list_glid-exceed-action_stateless-encap-action-cfg` **Type:** Object .. _1048_entry-list_port-range-list_glid-exceed-action_stateless-encap-action-cfg: entry-list_port-range-list_glid-exceed-action_stateless-encap-action-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **encap-template** **Description** Apply legacy encap template for encap action **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/template/encap ` **stateless-encap-action** **Description** 'stateless-tunnel-encap': Encapsulate all packets; 'stateless-tunnel-encap-scrubbed': Encapsulate all packets and allow packets to go through other DDoS checks before sent (conn-limit exceeded packet can not be scrubbed, it will default to stateless-tunnel-encap); **Type:** string **Supported Values:** stateless-tunnel-encap, stateless-tunnel-encap-scrubbed .. _1048_entry-list_port-range-list_pattern-recognition-pu-details: entry-list_port-range-list_pattern-recognition-pu-details ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_entry-list_port-range-list_port-ind: entry-list_port-range-list_port-ind ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **sampling-enable** **Type:** List **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_entry-list_port-range-list_port-ind_sampling-enable: entry-list_port-range-list_port-ind_sampling-enable ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'ip-proto-type': IP Protocol Type; 'ddet_ind_pkt_rate_current': Pkt Rate Current; 'ddet_ind_pkt_rate_min': Pkt Rate Min; 'ddet_ind_pkt_rate_max': Pkt Rate Max; 'ddet_ind_pkt_drop_rate_current': Pkt Drop Rate Current; 'ddet_ind_pkt_drop_rate_min': Pkt Drop Rate Min; 'ddet_ind_pkt_drop_rate_max': Pkt Drop Rate Max; 'ddet_ind_syn_rate_current': TCP SYN Rate Current; 'ddet_ind_syn_rate_min': TCP SYN Rate Min; 'ddet_ind_syn_rate_max': TCP SYN Rate Max; 'ddet_ind_fin_rate_current': TCP FIN Rate Current; 'ddet_ind_fin_rate_min': TCP FIN Rate Min; 'ddet_ind_fin_rate_max': TCP FIN Rate Max; 'ddet_ind_rst_rate_current': TCP RST Rate Current; 'ddet_ind_rst_rate_min': TCP RST Rate Min; 'ddet_ind_rst_rate_max': TCP RST Rate Max; 'ddet_ind_small_window_ack_rate_current': TCP Small Window ACK Rate Current; 'ddet_ind_small_window_ack_rate_min': TCP Small Window ACK Rate Min; 'ddet_ind_small_window_ack_rate_max': TCP Small Window ACK Rate Max; 'ddet_ind_empty_ack_rate_current': TCP Empty ACK Rate Current; 'ddet_ind_empty_ack_rate_min': TCP Empty ACK Rate Min; 'ddet_ind_empty_ack_rate_max': TCP Empty ACK Rate Max; 'ddet_ind_small_payload_rate_current': TCP Small Payload Rate Current; 'ddet_ind_small_payload_rate_min': TCP Small Payload Rate Min; 'ddet_ind_small_payload_rate_max': TCP Small Payload Rate Max; 'ddet_ind_pkt_drop_ratio_current': Pkt Drop / Pkt Rcvd Current; 'ddet_ind_pkt_drop_ratio_min': Pkt Drop / Pkt Rcvd Min; 'ddet_ind_pkt_drop_ratio_max': Pkt Drop / Pkt Rcvd Max; 'ddet_ind_inb_per_outb_current': Bytes-to / Bytes-from Current; 'ddet_ind_inb_per_outb_min': Bytes-to / Bytes-from Min; 'ddet_ind_inb_per_outb_max': Bytes-to / Bytes-from Max; 'ddet_ind_syn_per_fin_rate_current': TCP SYN Rate / FIN Rate Current; 'ddet_ind_syn_per_fin_rate_min': TCP SYN Rate / FIN Rate Min; 'ddet_ind_syn_per_fin_rate_max': TCP SYN Rate / FIN Rate Max; 'ddet_ind_conn_miss_rate_current': TCP Session Miss Rate Current; 'ddet_ind_conn_miss_rate_min': TCP Session Miss Rate Min; 'ddet_ind_conn_miss_rate_max': TCP Session Miss Rate Max; 'ddet_ind_concurrent_conns_current': TCP/UDP Concurrent Sessions Current; 'ddet_ind_concurrent_conns_min': TCP/UDP Concurrent Sessions Min; 'ddet_ind_concurrent_conns_max': TCP/UDP Concurrent Sessions Max; 'ddet_ind_data_cpu_util_current': Data CPU Utilization Current; 'ddet_ind_data_cpu_util_min': Data CPU Utilization Min; 'ddet_ind_data_cpu_util_max': Data CPU Utilization Max; 'ddet_ind_outside_intf_util_current': Outside Interface Utilization Current; 'ddet_ind_outside_intf_util_min': Outside Interface Utilization Min; 'ddet_ind_outside_intf_util_max': Outside Interface Utilization Max; 'ddet_ind_frag_rate_current': Frag Pkt Rate Current; 'ddet_ind_frag_rate_min': Frag Pkt Rate Min; 'ddet_ind_frag_rate_max': Frag Pkt Rate Max; 'ddet_ind_bit_rate_current': Bit Rate Current; 'ddet_ind_bit_rate_min': Bit Rate Min; 'ddet_ind_bit_rate_max': Bit Rate Max; **Type:** string **Supported Values:** all, ip-proto-type, ddet_ind_pkt_rate_current, ddet_ind_pkt_rate_min, ddet_ind_pkt_rate_max, ddet_ind_pkt_drop_rate_current, ddet_ind_pkt_drop_rate_min, ddet_ind_pkt_drop_rate_max, ddet_ind_syn_rate_current, ddet_ind_syn_rate_min, ddet_ind_syn_rate_max, ddet_ind_fin_rate_current, ddet_ind_fin_rate_min, ddet_ind_fin_rate_max, ddet_ind_rst_rate_current, ddet_ind_rst_rate_min, ddet_ind_rst_rate_max, ddet_ind_small_window_ack_rate_current, ddet_ind_small_window_ack_rate_min, ddet_ind_small_window_ack_rate_max, ddet_ind_empty_ack_rate_current, ddet_ind_empty_ack_rate_min, ddet_ind_empty_ack_rate_max, ddet_ind_small_payload_rate_current, ddet_ind_small_payload_rate_min, ddet_ind_small_payload_rate_max, ddet_ind_pkt_drop_ratio_current, ddet_ind_pkt_drop_ratio_min, ddet_ind_pkt_drop_ratio_max, ddet_ind_inb_per_outb_current, ddet_ind_inb_per_outb_min, ddet_ind_inb_per_outb_max, ddet_ind_syn_per_fin_rate_current, ddet_ind_syn_per_fin_rate_min, ddet_ind_syn_per_fin_rate_max, ddet_ind_conn_miss_rate_current, ddet_ind_conn_miss_rate_min, ddet_ind_conn_miss_rate_max, ddet_ind_concurrent_conns_current, ddet_ind_concurrent_conns_min, ddet_ind_concurrent_conns_max, ddet_ind_data_cpu_util_current, ddet_ind_data_cpu_util_min, ddet_ind_data_cpu_util_max, ddet_ind_outside_intf_util_current, ddet_ind_outside_intf_util_min, ddet_ind_outside_intf_util_max, ddet_ind_frag_rate_current, ddet_ind_frag_rate_min, ddet_ind_frag_rate_max, ddet_ind_bit_rate_current, ddet_ind_bit_rate_min, ddet_ind_bit_rate_max .. _1048_entry-list_port-range-list_progression-tracking: entry-list_port-range-list_progression-tracking ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_entry-list_port-range-list_topk-sources: entry-list_port-range-list_topk-sources ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_entry-list_port-range-list_ip-filtering-policy-oper: entry-list_port-range-list_ip-filtering-policy-oper ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_entry-list_port-range-list_sflow: entry-list_port-range-list_sflow ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **polling** **Description:** polling is a **JSON Block**. Please see below for :ref:`1048_entry-list_port-range-list_sflow_polling` **Type:** Object .. _1048_entry-list_port-range-list_sflow_polling: entry-list_port-range-list_sflow_polling ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **sflow-http** **Description** Enable sFlow HTTP counter polling **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **sflow-packets** **Description** Enable sFlow packet-level counter polling **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **sflow-tcp** **Description:** sflow-tcp is a **JSON Block**. Please see below for :ref:`1048_entry-list_port-range-list_sflow_polling_sflow-tcp` **Type:** Object .. _1048_entry-list_port-range-list_sflow_polling_sflow-tcp: entry-list_port-range-list_sflow_polling_sflow-tcp ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **sflow-tcp-basic** **Description** Enable sFlow basic TCP counter polling **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **sflow-tcp-stateful** **Description** Enable sFlow stateful TCP counter polling **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1048_entry-list_port-range-list_capture-config: entry-list_port-range-list_capture-config ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **capture-config-mode** **Description** 'drop': Apply capture-config to dropped packets; 'forward': Apply capture-config to forwarded packets; 'all': Apply capture-config to both dropped and forwarded packets; **Type:** string **Supported Values:** drop, forward, all **capture-config-name** **Description** Capture-config name **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1048_entry-list_hw-blacklist-blocking: entry-list_hw-blacklist-blocking ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dst-enable** **Description** Enable Dst side hardware blocking **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **src-enable** **Description** Enable Src side hardware blocking **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_entry-list_src-dst-pair-class-list-list: entry-list_src-dst-pair-class-list-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **app-type-src-dst-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair-class-list/{class-list-name}/app-type-src-dst/{protocol} ` **cid-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair-class-list/{class-list-name}/cid/{cid-num} ` **class-list-name** **Description** Class-list name **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **exceed-log-cfg** **Description:** exceed-log-cfg is a **JSON Block**. Please see below for :ref:`1048_entry-list_src-dst-pair-class-list-list_exceed-log-cfg` **Type:** Object **l4-type-src-dst-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair-class-list/{class-list-name}/l4-type-src-dst/{protocol} ` **log-periodic** **Description** Enable periodic log while event is continuing **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_entry-list_src-dst-pair-class-list-list_cid-list: entry-list_src-dst-pair-class-list-list_cid-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **app-type-src-dst-cid-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair-class-list/{class-list-name}/cid/{cid-num}/app-type-src-dst-cid/{protocol} ` **cid-num** **Description** Class-list id **Type:** number **Range:** 1-32 **exceed-log-cfg** **Description:** exceed-log-cfg is a **JSON Block**. Please see below for :ref:`1048_entry-list_src-dst-pair-class-list-list_cid-list_exceed-log-cfg` **Type:** Object **l4-type-src-dst-cid-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair-class-list/{class-list-name}/cid/{cid-num}/l4-type-src-dst-cid/{protocol} ` **log-periodic** **Description** Enable periodic log while event is continuing **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_entry-list_src-dst-pair-class-list-list_cid-list_app-type-src-dst-cid-list: entry-list_src-dst-pair-class-list-list_cid-list_app-type-src-dst-cid-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **protocol** **Description** 'dns': dns; 'http': http; 'ssl-l4': ssl-l4; 'sip': sip; **Type:** string **Supported Values:** dns, http, ssl-l4, sip **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1048_entry-list_src-dst-pair-class-list-list_cid-list_app-type-src-dst-cid-list_template` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_entry-list_src-dst-pair-class-list-list_cid-list_app-type-src-dst-cid-list_template: entry-list_src-dst-pair-class-list-list_cid-list_app-type-src-dst-cid-list_template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dns** **Description** DDOS dns template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **http** **Description** DDOS http template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **sip** **Description** DDOS sip template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **ssl-l4** **Description** DDOS SSL-L4 template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1048_entry-list_src-dst-pair-class-list-list_cid-list_l4-type-src-dst-cid-list: entry-list_src-dst-pair-class-list-list_cid-list_l4-type-src-dst-cid-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **deny** **Description** Blacklist and Drop all incoming packets for protocol **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **protocol** **Description** 'tcp': tcp; 'udp': udp; 'icmp': icmp; 'other': other; **Type:** string **Supported Values:** tcp, udp, icmp, other **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1048_entry-list_src-dst-pair-class-list-list_cid-list_l4-type-src-dst-cid-list_template` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_entry-list_src-dst-pair-class-list-list_cid-list_l4-type-src-dst-cid-list_template: entry-list_src-dst-pair-class-list-list_cid-list_l4-type-src-dst-cid-list_template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **other** **Description** DDOS OTHER template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **tcp** **Description** DDOS TCP template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **template-icmp-v4** **Description** DDOS icmp-v4 template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **template-icmp-v6** **Description** DDOS icmp-v6 template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **udp** **Description** DDOS UDP template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1048_entry-list_src-dst-pair-class-list-list_cid-list_exceed-log-cfg: entry-list_src-dst-pair-class-list-list_cid-list_exceed-log-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **log-enable** **Description** Enable logging of limit exceed drop's **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1048_entry-list_src-dst-pair-class-list-list_app-type-src-dst-list: entry-list_src-dst-pair-class-list-list_app-type-src-dst-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **protocol** **Description** 'dns': dns; 'http': http; 'ssl-l4': ssl-l4; 'sip': sip; **Type:** string **Supported Values:** dns, http, ssl-l4, sip **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1048_entry-list_src-dst-pair-class-list-list_app-type-src-dst-list_template` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_entry-list_src-dst-pair-class-list-list_app-type-src-dst-list_template: entry-list_src-dst-pair-class-list-list_app-type-src-dst-list_template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dns** **Description** DDOS dns template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **http** **Description** DDOS http template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **sip** **Description** DDOS sip template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **ssl-l4** **Description** DDOS SSL-L4 template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1048_entry-list_src-dst-pair-class-list-list_l4-type-src-dst-list: entry-list_src-dst-pair-class-list-list_l4-type-src-dst-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **deny** **Description** Blacklist and Drop all incoming packets for protocol **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **protocol** **Description** 'tcp': tcp; 'udp': udp; 'icmp': icmp; 'other': other; **Type:** string **Supported Values:** tcp, udp, icmp, other **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1048_entry-list_src-dst-pair-class-list-list_l4-type-src-dst-list_template` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_entry-list_src-dst-pair-class-list-list_l4-type-src-dst-list_template: entry-list_src-dst-pair-class-list-list_l4-type-src-dst-list_template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **other** **Description** DDOS OTHER template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **tcp** **Description** DDOS TCP template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **template-icmp-v4** **Description** DDOS icmp-v4 template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **template-icmp-v6** **Description** DDOS icmp-v6 template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **udp** **Description** DDOS UDP template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1048_entry-list_src-dst-pair-class-list-list_exceed-log-cfg: entry-list_src-dst-pair-class-list-list_exceed-log-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **log-enable** **Description** Enable logging of limit exceed drop's **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1048_entry-list_template: entry-list_template ^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **logging** **Description** DDOS logging template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1048_entry-list_glid-exceed-action: entry-list_glid-exceed-action ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **stateless-encap-action-cfg** **Description:** stateless-encap-action-cfg is a **JSON Block**. Please see below for :ref:`1048_entry-list_glid-exceed-action_stateless-encap-action-cfg` **Type:** Object .. _1048_entry-list_glid-exceed-action_stateless-encap-action-cfg: entry-list_glid-exceed-action_stateless-encap-action-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **encap-template** **Description** Apply legacy encap template for encap action **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/template/encap ` **stateless-encap-action** **Description** 'stateless-tunnel-encap': Encapsulate all packets; 'stateless-tunnel-encap-scrubbed': Encapsulate all packets and allow packets to go through other DDoS checks before sent (conn-limit exceeded packet can not be scrubbed, it will default to stateless-tunnel-encap); **Type:** string **Supported Values:** stateless-tunnel-encap, stateless-tunnel-encap-scrubbed .. _1048_entry-list_l4-type-list: entry-list_l4-type-list ^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **deny** **Description** Blacklist and Drop all incoming packets for protocol **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **detection-enable** **Description** Enable ddos detection **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **disable-syn-auth** **Description** Disable TCP SYN Authentication **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **drop-frag-pkt** **Description** Drop fragmented packets **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **drop-on-no-port-match** **Description** 'disable': disable; 'enable': enable; **Type:** string **Supported Values:** disable, enable **Default:** enable **enable-top-k** **Description** Enable ddos top-k entries **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **glid-exceed-action** **Description:** glid-exceed-action is a **JSON Block**. Please see below for :ref:`1048_entry-list_l4-type-list_glid-exceed-action` **Type:** Object **ip-filtering-policy** **Description** Configure IP Filter **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/ip-filtering-policy ` **ip-filtering-policy-oper** **Description:** ip-filtering-policy-oper is a **JSON Block**. Please see below for :ref:`1048_entry-list_l4-type-list_ip-filtering-policy-oper` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/l4-type/{protocol}/ip-filtering-policy-oper ` **max-rexmit-syn-per-flow** **Description** Maximum number of re-transmit SYN per flow **Type:** number **Range:** 1-6 **max-rexmit-syn-per-flow-exceed-action** **Description** 'drop': Drop the packet; 'black-list': Add the source IP into black list; **Type:** string **Supported Values:** drop, black-list **port-ind** **Description:** port-ind is a **JSON Block**. Please see below for :ref:`1048_entry-list_l4-type-list_port-ind` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/l4-type/{protocol}/port-ind ` **progression-tracking** **Description:** progression-tracking is a **JSON Block**. Please see below for :ref:`1048_entry-list_l4-type-list_progression-tracking` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/l4-type/{protocol}/progression-tracking ` **protocol** **Description** 'tcp': L4-Type TCP; 'udp': L4-Type UDP; 'icmp': L4-Type ICMP; 'other': L4-Type OTHER; **Type:** string **Supported Values:** tcp, udp, icmp, other **set-counter-base-val** **Description** Set T2 counter value of current context to specified value **Type:** number **Range:** 1-4294967295 **stateful** **Description** Enable stateful tracking of sessions (Default is stateless) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **syn-auth** **Description** 'send-rst': Send RST to client upon client ACK; 'force-rst-by-ack': Force client RST via the use of ACK; 'force-rst-by-synack': Force client RST via the use of bad SYN|ACK; 'disable': Disable TCP SYN Authentication; **Type:** string **Supported Values:** send-rst, force-rst-by-ack, force-rst-by-synack, disable **Default:** send-rst **syn-cookie** **Description** Enable SYN Cookie **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **tcp-reset-client** **Description** Send reset to client when rate exceeds or session ages out **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **tcp-reset-server** **Description** Send reset to server when rate exceeds or session ages out **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1048_entry-list_l4-type-list_template` **Type:** Object **topk-num-records** **Description** Maximum number of records to show in topk **Type:** number **Range:** 1-100 **Default:** 20 **topk-sources** **Description:** topk-sources is a **JSON Block**. Please see below for :ref:`1048_entry-list_l4-type-list_topk-sources` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/l4-type/{protocol}/topk-sources ` **tunnel-decap** **Description:** tunnel-decap is a **JSON Block**. Please see below for :ref:`1048_entry-list_l4-type-list_tunnel-decap` **Type:** Object **tunnel-rate-limit** **Description:** tunnel-rate-limit is a **JSON Block**. Please see below for :ref:`1048_entry-list_l4-type-list_tunnel-rate-limit` **Type:** Object **undefined-port-hit-statistics** **Description:** undefined-port-hit-statistics is a **JSON Block**. Please see below for :ref:`1048_entry-list_l4-type-list_undefined-port-hit-statistics` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_entry-list_l4-type-list_undefined-port-hit-statistics: entry-list_l4-type-list_undefined-port-hit-statistics ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **reset-interval** **Description** Configure port scanning counter reset interval (minutes), Default 60 mins **Type:** number **Range:** 1-64000 **Default:** 60 **undefined-port-hit-statistics** **Description** Enable port scanning statistics **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1048_entry-list_l4-type-list_template: entry-list_l4-type-list_template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **template-icmp-v4** **Description** DDOS icmp-v4 template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **template-icmp-v6** **Description** DDOS icmp-v6 template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1048_entry-list_l4-type-list_glid-exceed-action: entry-list_l4-type-list_glid-exceed-action ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **stateless-encap-action-cfg** **Description:** stateless-encap-action-cfg is a **JSON Block**. Please see below for :ref:`1048_entry-list_l4-type-list_glid-exceed-action_stateless-encap-action-cfg` **Type:** Object .. _1048_entry-list_l4-type-list_glid-exceed-action_stateless-encap-action-cfg: entry-list_l4-type-list_glid-exceed-action_stateless-encap-action-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **encap-template** **Description** Apply legacy encap template for encap action **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/template/encap ` **stateless-encap-action** **Description** 'stateless-tunnel-encap': Encapsulate all packets; 'stateless-tunnel-encap-scrubbed': Encapsulate all packets and allow packets to go through other DDoS checks before sent (conn-limit exceeded packet can not be scrubbed, it will default to stateless-tunnel-encap); **Type:** string **Supported Values:** stateless-tunnel-encap, stateless-tunnel-encap-scrubbed .. _1048_entry-list_l4-type-list_tunnel-decap: entry-list_l4-type-list_tunnel-decap ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **gre-decap** **Description** Enable GRE Tunnel decapsulation **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **ip-decap** **Description** Enable IP Tunnel decapsulation **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **key-cfg** **Type:** List .. _1048_entry-list_l4-type-list_tunnel-decap_key-cfg: entry-list_l4-type-list_tunnel-decap_key-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **key** **Description** Only decapsulate GRE packet with this key (Hexadecimal 0x0-0xFFFFFFFF,decimal 0-4294967295) **Type:** string **Maximum Length:** 10 characters **Maximum Length:** 1 characters .. _1048_entry-list_l4-type-list_port-ind: entry-list_l4-type-list_port-ind ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **sampling-enable** **Type:** List **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_entry-list_l4-type-list_port-ind_sampling-enable: entry-list_l4-type-list_port-ind_sampling-enable ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'ip-proto-type': IP Protocol Type; 'ddet_ind_pkt_rate_current': Pkt Rate Current; 'ddet_ind_pkt_rate_min': Pkt Rate Min; 'ddet_ind_pkt_rate_max': Pkt Rate Max; 'ddet_ind_pkt_drop_rate_current': Pkt Drop Rate Current; 'ddet_ind_pkt_drop_rate_min': Pkt Drop Rate Min; 'ddet_ind_pkt_drop_rate_max': Pkt Drop Rate Max; 'ddet_ind_syn_rate_current': TCP SYN Rate Current; 'ddet_ind_syn_rate_min': TCP SYN Rate Min; 'ddet_ind_syn_rate_max': TCP SYN Rate Max; 'ddet_ind_fin_rate_current': TCP FIN Rate Current; 'ddet_ind_fin_rate_min': TCP FIN Rate Min; 'ddet_ind_fin_rate_max': TCP FIN Rate Max; 'ddet_ind_rst_rate_current': TCP RST Rate Current; 'ddet_ind_rst_rate_min': TCP RST Rate Min; 'ddet_ind_rst_rate_max': TCP RST Rate Max; 'ddet_ind_small_window_ack_rate_current': TCP Small Window ACK Rate Current; 'ddet_ind_small_window_ack_rate_min': TCP Small Window ACK Rate Min; 'ddet_ind_small_window_ack_rate_max': TCP Small Window ACK Rate Max; 'ddet_ind_empty_ack_rate_current': TCP Empty ACK Rate Current; 'ddet_ind_empty_ack_rate_min': TCP Empty ACK Rate Min; 'ddet_ind_empty_ack_rate_max': TCP Empty ACK Rate Max; 'ddet_ind_small_payload_rate_current': TCP Small Payload Rate Current; 'ddet_ind_small_payload_rate_min': TCP Small Payload Rate Min; 'ddet_ind_small_payload_rate_max': TCP Small Payload Rate Max; 'ddet_ind_pkt_drop_ratio_current': Pkt Drop / Pkt Rcvd Current; 'ddet_ind_pkt_drop_ratio_min': Pkt Drop / Pkt Rcvd Min; 'ddet_ind_pkt_drop_ratio_max': Pkt Drop / Pkt Rcvd Max; 'ddet_ind_inb_per_outb_current': Bytes-to / Bytes-from Current; 'ddet_ind_inb_per_outb_min': Bytes-to / Bytes-from Min; 'ddet_ind_inb_per_outb_max': Bytes-to / Bytes-from Max; 'ddet_ind_syn_per_fin_rate_current': TCP SYN Rate / FIN Rate Current; 'ddet_ind_syn_per_fin_rate_min': TCP SYN Rate / FIN Rate Min; 'ddet_ind_syn_per_fin_rate_max': TCP SYN Rate / FIN Rate Max; 'ddet_ind_conn_miss_rate_current': TCP Session Miss Rate Current; 'ddet_ind_conn_miss_rate_min': TCP Session Miss Rate Min; 'ddet_ind_conn_miss_rate_max': TCP Session Miss Rate Max; 'ddet_ind_concurrent_conns_current': TCP/UDP Concurrent Sessions Current; 'ddet_ind_concurrent_conns_min': TCP/UDP Concurrent Sessions Min; 'ddet_ind_concurrent_conns_max': TCP/UDP Concurrent Sessions Max; 'ddet_ind_data_cpu_util_current': Data CPU Utilization Current; 'ddet_ind_data_cpu_util_min': Data CPU Utilization Min; 'ddet_ind_data_cpu_util_max': Data CPU Utilization Max; 'ddet_ind_outside_intf_util_current': Outside Interface Utilization Current; 'ddet_ind_outside_intf_util_min': Outside Interface Utilization Min; 'ddet_ind_outside_intf_util_max': Outside Interface Utilization Max; 'ddet_ind_frag_rate_current': Frag Pkt Rate Current; 'ddet_ind_frag_rate_min': Frag Pkt Rate Min; 'ddet_ind_frag_rate_max': Frag Pkt Rate Max; 'ddet_ind_bit_rate_current': Bit Rate Current; 'ddet_ind_bit_rate_min': Bit Rate Min; 'ddet_ind_bit_rate_max': Bit Rate Max; **Type:** string **Supported Values:** all, ip-proto-type, ddet_ind_pkt_rate_current, ddet_ind_pkt_rate_min, ddet_ind_pkt_rate_max, ddet_ind_pkt_drop_rate_current, ddet_ind_pkt_drop_rate_min, ddet_ind_pkt_drop_rate_max, ddet_ind_syn_rate_current, ddet_ind_syn_rate_min, ddet_ind_syn_rate_max, ddet_ind_fin_rate_current, ddet_ind_fin_rate_min, ddet_ind_fin_rate_max, ddet_ind_rst_rate_current, ddet_ind_rst_rate_min, ddet_ind_rst_rate_max, ddet_ind_small_window_ack_rate_current, ddet_ind_small_window_ack_rate_min, ddet_ind_small_window_ack_rate_max, ddet_ind_empty_ack_rate_current, ddet_ind_empty_ack_rate_min, ddet_ind_empty_ack_rate_max, ddet_ind_small_payload_rate_current, ddet_ind_small_payload_rate_min, ddet_ind_small_payload_rate_max, ddet_ind_pkt_drop_ratio_current, ddet_ind_pkt_drop_ratio_min, ddet_ind_pkt_drop_ratio_max, ddet_ind_inb_per_outb_current, ddet_ind_inb_per_outb_min, ddet_ind_inb_per_outb_max, ddet_ind_syn_per_fin_rate_current, ddet_ind_syn_per_fin_rate_min, ddet_ind_syn_per_fin_rate_max, ddet_ind_conn_miss_rate_current, ddet_ind_conn_miss_rate_min, ddet_ind_conn_miss_rate_max, ddet_ind_concurrent_conns_current, ddet_ind_concurrent_conns_min, ddet_ind_concurrent_conns_max, ddet_ind_data_cpu_util_current, ddet_ind_data_cpu_util_min, ddet_ind_data_cpu_util_max, ddet_ind_outside_intf_util_current, ddet_ind_outside_intf_util_min, ddet_ind_outside_intf_util_max, ddet_ind_frag_rate_current, ddet_ind_frag_rate_min, ddet_ind_frag_rate_max, ddet_ind_bit_rate_current, ddet_ind_bit_rate_min, ddet_ind_bit_rate_max .. _1048_entry-list_l4-type-list_topk-sources: entry-list_l4-type-list_topk-sources ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_entry-list_l4-type-list_ip-filtering-policy-oper: entry-list_l4-type-list_ip-filtering-policy-oper ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_entry-list_l4-type-list_tunnel-rate-limit: entry-list_l4-type-list_tunnel-rate-limit ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **gre-rate-limit** **Description** Enable inner IP rate limiting on GRE traffic **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **ip-rate-limit** **Description** Enable inner IP rate limiting on IPinIP traffic **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1048_entry-list_l4-type-list_progression-tracking: entry-list_l4-type-list_progression-tracking ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_entry-list_topk-destinations: entry-list_topk-destinations ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_entry-list_src-dst-pair-settings-list: entry-list_src-dst-pair-settings-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **age** **Description** Idle age for ip entry **Type:** number **Range:** 2-1023 **Default:** 5 **all-types** **Description** 'all-types': Settings for all types (default or class-list); **Type:** string **Supported Values:** all-types **apply-policy-on-overflow** **Description** Enable this flag to apply overflow policy when dynamic entry count overflows **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **enable-class-list-overflow** **Description** Apply class-list overflow policy upon exceeding dynamic entry count specified for DST entry or each class-list **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **l4-type-src-dst-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair-settings/{all-types}/l4-type-src-dst/{protocol} ` **max-dynamic-entry-count** **Description** Maximum count for dynamic src-dst entry **Type:** number **Range:** 0-2147483647 **src-prefix-len** **Description** Specify src prefix length for IPv6 (default: not set) **Type:** number **Range:** 32-127 **unlimited-dynamic-entry-count** **Description** No limit for maximum dynamic src entry count **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_entry-list_src-dst-pair-settings-list_l4-type-src-dst-list: entry-list_src-dst-pair-settings-list_l4-type-src-dst-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **apply-policy-on-overflow** **Description** Enable this flag to apply overflow policy when dynamic entry count overflows **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **max-dynamic-entry-count** **Description** Maximum count for dynamic src-dst entry **Type:** number **Range:** 0-2147483647 **protocol** **Description** 'tcp': tcp; 'udp': udp; 'icmp': icmp; 'other': other; **Type:** string **Supported Values:** tcp, udp, icmp, other **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_entry-list_src-port-range-list: entry-list_src-port-range-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **deny** **Description** Blacklist and Drop all incoming packets for protocol **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **protocol** **Description** 'udp': UDP Port; 'tcp': TCP Port; **Type:** string **Supported Values:** udp, tcp **set-counter-base-val** **Description** Set T2 counter value of current context to specified value **Type:** number **Range:** 1-4294967295 **src-port-range-end** **Description** Src Port-Range End Port Number **Type:** number **Range:** 2-65535 **src-port-range-start** **Description** Src Port-Range Start Port Number **Type:** number **Range:** 1-65535 **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1048_entry-list_src-port-range-list_template` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_entry-list_src-port-range-list_template: entry-list_src-port-range-list_template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **src-tcp** **Description** DDOS tcp src template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **src-udp** **Description** DDOS udp src template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1048_entry-list_ip-proto-list: entry-list_ip-proto-list ^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **deny** **Description** Blacklist and Drop all incoming packets for protocol **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **esp-inspect** **Description:** esp-inspect is a **JSON Block**. Please see below for :ref:`1048_entry-list_ip-proto-list_esp-inspect` **Type:** Object **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **glid-exceed-action** **Description:** glid-exceed-action is a **JSON Block**. Please see below for :ref:`1048_entry-list_ip-proto-list_glid-exceed-action` **Type:** Object **ip-filtering-policy** **Description** Configure IP Filter **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/ip-filtering-policy ` **ip-filtering-policy-oper** **Description:** ip-filtering-policy-oper is a **JSON Block**. Please see below for :ref:`1048_entry-list_ip-proto-list_ip-filtering-policy-oper` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/ip-proto/{port-num}/ip-filtering-policy-oper ` **port-num** **Description** Protocol Number **Type:** number **Range:** 0-255 **set-counter-base-val** **Description** Set T2 counter value of current context to specified value **Type:** number **Range:** 1-4294967295 **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1048_entry-list_ip-proto-list_template` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_entry-list_ip-proto-list_esp-inspect: entry-list_ip-proto-list_esp-inspect ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **auth-algorithm** **Description** 'AUTH_NULL': No Integrity Check Value; 'HMAC-SHA-1-96': 96 bit Auth Algo; 'HMAC-SHA-256-96': 96 bit Auth Algo; 'HMAC-SHA-256-128': 128 bit Auth Algo; 'HMAC-SHA-384-192': 192 bit Auth Algo; 'HMAC-SHA-512-256': 256 bit Auth Algo; 'HMAC-MD5-96': 96 bit Auth Algo; 'MAC-RIPEMD-160-96': 96 bit Auth Algo; **Type:** string **Supported Values:** AUTH_NULL, HMAC-SHA-1-96, HMAC-SHA-256-96, HMAC-SHA-256-128, HMAC-SHA-384-192, HMAC-SHA-512-256, HMAC-MD5-96, MAC-RIPEMD-160-96 **encrypt-algorithm** **Description** 'NULL': Null Encryption Algorithm; **Type:** string **Supported Values:** NULL **mode** **Description** 'transport': Transport mode; **Type:** string **Supported Values:** transport .. _1048_entry-list_ip-proto-list_template: entry-list_ip-proto-list_template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **other** **Description** DDOS other template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1048_entry-list_ip-proto-list_glid-exceed-action: entry-list_ip-proto-list_glid-exceed-action ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **stateless-encap-action-cfg** **Description:** stateless-encap-action-cfg is a **JSON Block**. Please see below for :ref:`1048_entry-list_ip-proto-list_glid-exceed-action_stateless-encap-action-cfg` **Type:** Object .. _1048_entry-list_ip-proto-list_glid-exceed-action_stateless-encap-action-cfg: entry-list_ip-proto-list_glid-exceed-action_stateless-encap-action-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **encap-template** **Description** Apply legacy encap template for encap action **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/template/encap ` **stateless-encap-action** **Description** 'stateless-tunnel-encap': Encapsulate all packets; 'stateless-tunnel-encap-scrubbed': Encapsulate all packets and allow packets to go through other DDoS checks before sent (conn-limit exceeded packet can not be scrubbed, it will default to stateless-tunnel-encap); **Type:** string **Supported Values:** stateless-tunnel-encap, stateless-tunnel-encap-scrubbed .. _1048_entry-list_ip-proto-list_ip-filtering-policy-oper: entry-list_ip-proto-list_ip-filtering-policy-oper ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_entry-list_src-port-list: entry-list_src-port-list ^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **deny** **Description** Blacklist and Drop all incoming packets for protocol **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **outbound-src-tracking** **Description** 'enable': enable; 'disable': disable; **Type:** string **Supported Values:** enable, disable **Default:** disable **port-num** **Description** Port Number **Type:** number **Range:** 0-65535 **protocol** **Description** 'dns-udp': DNS-UDP Port; 'dns-tcp': DNS-TCP Port; 'udp': UDP Port; 'tcp': TCP Port; **Type:** string **Supported Values:** dns-udp, dns-tcp, udp, tcp **set-counter-base-val** **Description** Set T2 counter value of current context to specified value **Type:** number **Range:** 1-4294967295 **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1048_entry-list_src-port-list_template` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_entry-list_src-port-list_template: entry-list_src-port-list_template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **src-dns** **Description** DDOS dns src template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **src-tcp** **Description** DDOS tcp src template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **src-udp** **Description** DDOS udp src template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1048_entry-list_exceed-log-cfg: entry-list_exceed-log-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **log-enable** **Description** Enable logging of limit exceed drop's **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **log-high-frequency** **Description** Enable High frequency logging for non-event logs per entry **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **log-with-sflow** **Description** Turn on sflow sample with log **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **rate-limit** **Description** Rate limit per second per entry(Default : 1 per second) **Type:** number **Range:** 1-1000 **Default:** 1 .. _1048_entry-list_sflow: entry-list_sflow ^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **collector** **Type:** List **polling** **Description:** polling is a **JSON Block**. Please see below for :ref:`1048_entry-list_sflow_polling` **Type:** Object .. _1048_entry-list_sflow_collector: entry-list_sflow_collector ^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **sflow-name** **Description** Name of configured custom sFlow collector **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/sflow/collector/custom ` .. _1048_entry-list_sflow_polling: entry-list_sflow_polling ^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **sflow-http** **Description** Enable sFlow HTTP counter polling. WARNING: Entry level Sflow polling might induce heavy CPU load depending on the total number **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **sflow-layer-4** **Description** Enable sFlow Layer 4 counter polling. WARNING: Entry level Sflow polling might induce heavy CPU load depending on the total num **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **sflow-packets** **Description** Enable sFlow packet-level counter polling. WARNING: Entry level Sflow polling might induce heavy CPU load depending on the tota **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **sflow-tcp** **Description:** sflow-tcp is a **JSON Block**. Please see below for :ref:`1048_entry-list_sflow_polling_sflow-tcp` **Type:** Object **sflow-undef-port-hit-stats** **Description** Enable sFlow undefined-port-hit-statistics polling **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **sflow-undef-port-hit-stats-brief** **Description** Enable sFlow undefined-port-hit-statistics polling in brief mode **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1048_entry-list_sflow_polling_sflow-tcp: entry-list_sflow_polling_sflow-tcp ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **sflow-tcp-basic** **Description** Enable sFlow basic TCP counter polling. WARNING: Entry level Sflow polling might induce heavy CPU load depending on the total n **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **sflow-tcp-stateful** **Description** Enable sFlow stateful TCP counter polling. WARNING: Entry level Sflow polling might induce heavy CPU load depending on the tota **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1048_entry-list_src-dst-pair: entry-list_src-dst-pair ^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **app-type-src-dst-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair/app-type-src-dst/{protocol} ` **bypass** **Description** Always permit for the Source to bypass all feature & limit checks **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **default** **Description** Configure default **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exceed-log-cfg** **Description:** exceed-log-cfg is a **JSON Block**. Please see below for :ref:`1048_entry-list_src-dst-pair_exceed-log-cfg` **Type:** Object **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **l4-type-src-dst-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair/l4-type-src-dst/{protocol} ` **log-periodic** **Description** Enable periodic log while event is continuing **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1048_entry-list_src-dst-pair_template` **Type:** Object **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_entry-list_src-dst-pair_template: entry-list_src-dst-pair_template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **logging** **Description** DDOS logging template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1048_entry-list_src-dst-pair_app-type-src-dst-list: entry-list_src-dst-pair_app-type-src-dst-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **protocol** **Description** 'dns': dns; 'http': http; 'ssl-l4': ssl-l4; 'sip': sip; **Type:** string **Supported Values:** dns, http, ssl-l4, sip **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1048_entry-list_src-dst-pair_app-type-src-dst-list_template` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_entry-list_src-dst-pair_app-type-src-dst-list_template: entry-list_src-dst-pair_app-type-src-dst-list_template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dns** **Description** DDOS dns template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **http** **Description** DDOS http template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **sip** **Description** DDOS sip template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **ssl-l4** **Description** DDOS SSL-L4 template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1048_entry-list_src-dst-pair_l4-type-src-dst-list: entry-list_src-dst-pair_l4-type-src-dst-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **deny** **Description** Blacklist and Drop all incoming packets for protocol **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **protocol** **Description** 'tcp': tcp; 'udp': udp; 'icmp': icmp; 'other': other; **Type:** string **Supported Values:** tcp, udp, icmp, other **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1048_entry-list_src-dst-pair_l4-type-src-dst-list_template` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_entry-list_src-dst-pair_l4-type-src-dst-list_template: entry-list_src-dst-pair_l4-type-src-dst-list_template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **other** **Description** DDOS OTHER template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **tcp** **Description** DDOS TCP template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **template-icmp-v4** **Description** DDOS icmp-v4 template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **template-icmp-v6** **Description** DDOS icmp-v6 template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **udp** **Description** DDOS UDP template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1048_entry-list_src-dst-pair_exceed-log-cfg: entry-list_src-dst-pair_exceed-log-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **log-enable** **Description** Enable logging of limit exceed drop's **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1048_entry-list_src-dst-pair-policy-list: entry-list_src-dst-pair-policy-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **policy-class-list-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair-policy/{src-based-policy-name}/policy-class-list/{class-list-name} ` **src-based-policy-name** **Description** Src-based-policy name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_entry-list_src-dst-pair-policy-list_policy-class-list-list: entry-list_src-dst-pair-policy-list_policy-class-list-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **app-type-src-dst-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair-policy/{src-based-policy-name}/policy-class-list/{class-list-name}/app-type-src-dst/{protocol} ` **bypass** **Description** Always permit for the Source to bypass all feature & limit checks **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **class-list-name** **Description** Class-list name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **class-list-overflow-policy-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair-policy/{src-based-policy-name}/policy-class-list/{class-list-name}/class-list-overflow-policy/{dummy-name} ` **exceed-log-cfg** **Description:** exceed-log-cfg is a **JSON Block**. Please see below for :ref:`1048_entry-list_src-dst-pair-policy-list_policy-class-list-list_exceed-log-cfg` **Type:** Object **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **l4-type-src-dst-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair-policy/{src-based-policy-name}/policy-class-list/{class-list-name}/l4-type-src-dst/{protocol} ` **log-periodic** **Description** Enable periodic log while event is continuing **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **max-dynamic-entry-count** **Description** Maximum count for dynamic src-dst entry under class-list **Type:** number **Range:** 0-2147483647 **sampling-enable** **Type:** List **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1048_entry-list_src-dst-pair-policy-list_policy-class-list-list_template` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_entry-list_src-dst-pair-policy-list_policy-class-list-list_template: entry-list_src-dst-pair-policy-list_policy-class-list-list_template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **logging** **Description** DDOS logging template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1048_entry-list_src-dst-pair-policy-list_policy-class-list-list_app-type-src-dst-list: entry-list_src-dst-pair-policy-list_policy-class-list-list_app-type-src-dst-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **protocol** **Description** 'dns': dns; 'http': http; 'ssl-l4': ssl-l4; 'sip': sip; **Type:** string **Supported Values:** dns, http, ssl-l4, sip **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1048_entry-list_src-dst-pair-policy-list_policy-class-list-list_app-type-src-dst-list_template` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_entry-list_src-dst-pair-policy-list_policy-class-list-list_app-type-src-dst-list_template: entry-list_src-dst-pair-policy-list_policy-class-list-list_app-type-src-dst-list_template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dns** **Description** DDOS dns template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **http** **Description** DDOS http template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **sip** **Description** DDOS sip template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **ssl-l4** **Description** DDOS SSL-L4 template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1048_entry-list_src-dst-pair-policy-list_policy-class-list-list_sampling-enable: entry-list_src-dst-pair-policy-list_policy-class-list-list_sampling-enable ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'packet_received': Packets Received; 'packet_dropped': Packets Dropped; 'entry_learned': Entry Learned; 'entry_count_overflow': Entry Count Overflow; **Type:** string **Supported Values:** all, packet_received, packet_dropped, entry_learned, entry_count_overflow .. _1048_entry-list_src-dst-pair-policy-list_policy-class-list-list_l4-type-src-dst-list: entry-list_src-dst-pair-policy-list_policy-class-list-list_l4-type-src-dst-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **deny** **Description** Blacklist and Drop all incoming packets for protocol **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **protocol** **Description** 'tcp': tcp; 'udp': udp; 'icmp': icmp; 'other': other; **Type:** string **Supported Values:** tcp, udp, icmp, other **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1048_entry-list_src-dst-pair-policy-list_policy-class-list-list_l4-type-src-dst-list_template` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_entry-list_src-dst-pair-policy-list_policy-class-list-list_l4-type-src-dst-list_template: entry-list_src-dst-pair-policy-list_policy-class-list-list_l4-type-src-dst-list_template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **other** **Description** DDOS OTHER template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **tcp** **Description** DDOS TCP template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **template-icmp-v4** **Description** DDOS icmp-v4 template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **template-icmp-v6** **Description** DDOS icmp-v6 template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **udp** **Description** DDOS UDP template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1048_entry-list_src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list: entry-list_src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **app-type-src-dst-overflow-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair-policy/{src-based-policy-name}/policy-class-list/{class-list-name}/class-list-overflow-policy/{dummy-name}/app-type-src-dst-overflow/{protocol} ` **bypass** **Description** Always permit for the Source to bypass all feature & limit checks **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dummy-name** **Description** 'configuration': Configure src dst dynamic entry count overflow policy for class-list; **Type:** string **Supported Values:** configuration **exceed-log-cfg** **Description:** exceed-log-cfg is a **JSON Block**. Please see below for :ref:`1048_entry-list_src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list_exceed-log-cfg` **Type:** Object **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **l4-type-src-dst-overflow-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair-policy/{src-based-policy-name}/policy-class-list/{class-list-name}/class-list-overflow-policy/{dummy-name}/l4-type-src-dst-overflow/{protocol} ` **log-periodic** **Description** Enable periodic log while event is continuing **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1048_entry-list_src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list_template` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_entry-list_src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list_template: entry-list_src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list_template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **logging** **Description** DDOS logging template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1048_entry-list_src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list_l4-type-src-dst-overflow-list: entry-list_src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list_l4-type-src-dst-overflow-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **deny** **Description** Blacklist and Drop all incoming packets for protocol **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **protocol** **Description** 'tcp': tcp; 'udp': udp; 'icmp': icmp; 'other': other; **Type:** string **Supported Values:** tcp, udp, icmp, other **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1048_entry-list_src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list_l4-type-src-dst-overflow-list_template` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_entry-list_src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list_l4-type-src-dst-overflow-list_template: entry-list_src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list_l4-type-src-dst-overflow-list_template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **other** **Description** DDOS OTHER template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **tcp** **Description** DDOS TCP template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **template-icmp-v4** **Description** DDOS icmp-v4 template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **template-icmp-v6** **Description** DDOS icmp-v6 template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **udp** **Description** DDOS UDP template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1048_entry-list_src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list_app-type-src-dst-overflow-list: entry-list_src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list_app-type-src-dst-overflow-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **protocol** **Description** 'dns': dns; 'http': http; 'ssl-l4': ssl-l4; 'sip': sip; **Type:** string **Supported Values:** dns, http, ssl-l4, sip **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1048_entry-list_src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list_app-type-src-dst-overflow-list_template` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_entry-list_src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list_app-type-src-dst-overflow-list_template: entry-list_src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list_app-type-src-dst-overflow-list_template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dns** **Description** DDOS dns template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **http** **Description** DDOS http template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **sip** **Description** DDOS sip template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **ssl-l4** **Description** DDOS SSL-L4 template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1048_entry-list_src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list_exceed-log-cfg: entry-list_src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list_exceed-log-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **log-enable** **Description** Enable logging of limit exceed drop's **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1048_entry-list_src-dst-pair-policy-list_policy-class-list-list_exceed-log-cfg: entry-list_src-dst-pair-policy-list_policy-class-list-list_exceed-log-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **log-enable** **Description** Enable logging of limit exceed drop's **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1048_entry-list_sampling-enable: entry-list_sampling-enable ^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'dst_tcp_any_exceed': TCP Dst L4-Type Rate: Total Exceeded; 'dst_tcp_pkt_rate_exceed': TCP Dst L4-Type Rate: Packet Exceeded; 'dst_tcp_conn_rate_exceed': TCP Dst L4-Type Rate: Conn Exceeded; 'dst_udp_any_exceed': UDP Dst L4-Type Rate: Total Exceeded; 'dst_udp_pkt_rate_exceed': UDP Dst L4-Type Rate: Packet Exceeded; 'dst_udp_conn_limit_exceed': UDP Dst L4-Type Limit: Conn Exceeded; 'dst_udp_conn_rate_exceed': UDP Dst L4-Type Rate: Conn Exceeded; 'dst_icmp_pkt_rate_exceed': ICMP Dst Rate: Packet Exceeded; 'dst_other_pkt_rate_exceed': OTHER Dst L4-Type Rate: Packet Exceeded; 'dst_other_frag_pkt_rate_exceed': OTHER Dst L4-Type Rate: Frag Exceeded; 'dst_port_pkt_rate_exceed': Port Rate: Packet Exceeded; 'dst_port_conn_limit_exceed': Port Limit: Conn Exceeded; 'dst_port_conn_rate_exceed': Port Rate: Conn Exceeded; 'dst_pkt_sent': Inbound: Packets Forwarded; 'dst_udp_pkt_sent': UDP Total Packets Forwarded; 'dst_tcp_pkt_sent': TCP Total Packets Forwarded; 'dst_icmp_pkt_sent': ICMP Total Packets Forwarded; 'dst_other_pkt_sent': OTHER Total Packets Forwarded; 'dst_tcp_conn_limit_exceed': TCP Dst L4-Type Limit: Conn Exceeded; 'dst_tcp_pkt_rcvd': TCP Total Packets Received; 'dst_udp_pkt_rcvd': UDP Total Packets Received; 'dst_icmp_pkt_rcvd': ICMP Total Packets Received; 'dst_other_pkt_rcvd': OTHER Total Packets Received; 'dst_udp_filter_match': UDP Filter Match; 'dst_udp_filter_not_match': UDP Filter Not Matched on Pkt; 'dst_udp_filter_action_blacklist': UDP Filter Action Blacklist; 'dst_udp_filter_action_drop': UDP Filter Action Drop; 'dst_tcp_syn': TCP Total SYN Received; 'dst_tcp_syn_drop': TCP SYN Packets Dropped; 'dst_tcp_src_rate_drop': TCP Src Rate: Total Exceeded; 'dst_udp_src_rate_drop': UDP Src Rate: Total Exceeded; 'dst_icmp_src_rate_drop': ICMP Src Rate: Total Exceeded; 'dst_other_frag_src_rate_drop': OTHER Src Rate: Frag Exceeded; 'dst_other_src_rate_drop': OTHER Src Rate: Total Exceeded; 'dst_tcp_drop': TCP Total Packets Dropped; 'dst_udp_drop': UDP Total Packets Dropped; 'dst_icmp_drop': ICMP Total Packets Dropped; 'dst_frag_drop': Fragmented Packets Dropped; 'dst_other_drop': OTHER Total Packets Dropped; 'dst_tcp_auth': TCP Auth: SYN Cookie Sent; 'dst_udp_filter_action_default_pass': UDP Filter Action Default Pass; 'dst_tcp_filter_match': TCP Filter Match; 'dst_tcp_filter_not_match': TCP Filter Not Matched on Pkt; 'dst_tcp_filter_action_blacklist': TCP Filter Action Blacklist; 'dst_tcp_filter_action_drop': TCP Filter Action Drop; 'dst_tcp_filter_action_default_pass': TCP Filter Action Default Pass; 'dst_udp_filter_action_whitelist': UDP Filter Action WL; 'dst_over_limit_on': DST overlimit Trigger ON; 'dst_over_limit_off': DST overlimit Trigger OFF; 'dst_port_over_limit_on': DST port overlimit Trigger ON; 'dst_port_over_limit_off': DST port overlimit Trigger OFF; 'dst_over_limit_action': DST overlimit action; 'dst_port_over_limit_action': DST port overlimit action; 'scanning_detected_drop': Scanning Detected drop (deprecated); 'scanning_detected_blacklist': Scanning Detected blacklist (deprecated); 'dst_udp_kibit_rate_drop': UDP Dst L4-Type Rate: KiBit Exceeded; 'dst_tcp_kibit_rate_drop': TCP Dst L4-Type Rate: KiBit Exceeded; 'dst_icmp_kibit_rate_drop': ICMP Dst Rate: KiBit Exceeded; 'dst_other_kibit_rate_drop': OTHER Dst L4-Type Rate: KiBit Exceeded; 'dst_port_undef_drop': Dst Port Undefined Dropped; 'dst_port_bl': Dst Port Blacklist Packets Dropped; 'dst_src_port_bl': Dst SrcPort Blacklist Packets Dropped; 'dst_port_kbit_rate_exceed': Port Rate: KiBit Exceeded; 'dst_tcp_src_drop': TCP Src Packets Dropped; 'dst_udp_src_drop': UDP Src Packets Dropped; 'dst_icmp_src_drop': ICMP Src Packets Dropped; 'dst_other_src_drop': OTHER Src Packets Dropped; 'tcp_syn_rcvd': TCP Inbound SYN Received; 'tcp_syn_ack_rcvd': TCP SYN ACK Received; 'tcp_ack_rcvd': TCP ACK Received; 'tcp_fin_rcvd': TCP FIN Received; 'tcp_rst_rcvd': TCP RST Received; 'ingress_bytes': Inbound: Bytes Received; 'egress_bytes': Outbound: Bytes Received; 'ingress_packets': Inbound: Packets Received; 'egress_packets': Outbound: Packets Received; 'tcp_fwd_recv': TCP Inbound Packets Received; 'udp_fwd_recv': UDP Inbound Packets Received; 'icmp_fwd_recv': ICMP Inbound Packets Received; 'tcp_syn_cookie_fail': TCP Auth: SYN Cookie Failed; 'dst_tcp_session_created': TCP Sessions Created; 'dst_udp_session_created': UDP Sessions Created; 'dst_tcp_filter_action_whitelist': TCP Filter Action WL; 'dst_other_filter_match': OTHER Filter Match; 'dst_other_filter_not_match': OTHER Filter Not Matched on Pkt; 'dst_other_filter_action_blacklist': OTHER Filter Action Blacklist; 'dst_other_filter_action_drop': OTHER Filter Action Drop; 'dst_other_filter_action_whitelist': OTHER Filter Action WL; 'dst_other_filter_action_default_pass': OTHER Filter Action Default Pass; 'dst_blackhole_inject': Dst Blackhole Inject; 'dst_blackhole_withdraw': Dst Blackhole Withdraw; 'dst_tcp_out_of_seq_excd': TCP Out-Of-Seq Exceeded; 'dst_tcp_retransmit_excd': TCP Retransmit Exceeded; 'dst_tcp_zero_window_excd': TCP Zero-Window Exceeded; 'dst_tcp_conn_prate_excd': TCP Rate: Conn Pkt Exceeded; 'dst_tcp_action_on_ack_init': TCP Auth: ACK Retry Init; 'dst_tcp_action_on_ack_gap_drop': TCP Auth: ACK Retry Retry-Gap Dropped; 'dst_tcp_action_on_ack_fail': TCP Auth: ACK Retry Dropped; 'dst_tcp_action_on_ack_pass': TCP Auth: ACK Retry Passed; 'dst_tcp_action_on_syn_init': TCP Auth: SYN Retry Init; 'dst_tcp_action_on_syn_gap_drop': TCP Auth: SYN Retry-Gap Dropped; 'dst_tcp_action_on_syn_fail': TCP Auth: SYN Retry Dropped; 'dst_tcp_action_on_syn_pass': TCP Auth: SYN Retry Passed; 'udp_payload_too_small': UDP Payload Too Small; 'udp_payload_too_big': UDP Payload Too Large; 'dst_udp_conn_prate_excd': UDP Rate: Conn Pkt Exceeded; 'dst_udp_ntp_monlist_req': UDP NTP Monlist Request; 'dst_udp_ntp_monlist_resp': UDP NTP Monlist Response; 'dst_udp_wellknown_sport_drop': UDP SrcPort Wellknown; 'dst_udp_retry_init': UDP Auth: Retry Init; 'dst_udp_retry_pass': UDP Auth: Retry Passed; 'dst_tcp_bytes_drop': TCP Total Bytes Dropped; 'dst_udp_bytes_drop': UDP Total Bytes Dropped; 'dst_icmp_bytes_drop': ICMP Total Bytes Dropped; 'dst_other_bytes_drop': OTHER Total Bytes Dropped; 'dst_out_no_route': Dst IPv4/v6 Out No Route; 'outbound_bytes_sent': Outbound: Bytes Forwarded; 'outbound_pkt_drop': Outbound: Packets Dropped; 'outbound_bytes_drop': Outbound: Bytes Dropped; 'outbound_pkt_sent': Outbound: Packets Forwarded; 'inbound_bytes_sent': Inbound: Bytes Forwarded; 'inbound_bytes_drop': Inbound: Bytes Dropped; 'dst_src_port_pkt_rate_exceed': SrcPort Rate: Packet Exceeded; 'dst_src_port_kbit_rate_exceed': SrcPort Rate: KiBit Exceeded; 'dst_src_port_conn_limit_exceed': SrcPort Limit: Conn Exceeded; 'dst_src_port_conn_rate_exceed': SrcPort Rate: Conn Exceeded; 'dst_ip_proto_pkt_rate_exceed': IP-Proto Rate: Packet Exceeded; 'dst_ip_proto_kbit_rate_exceed': IP-Proto Rate: KiBit Exceeded; 'dst_tcp_port_any_exceed': TCP Port Rate: Total Exceed; 'dst_udp_port_any_exceed': UDP Port Rate: Total Exceed; 'dst_tcp_auth_pass': TCP Auth: SYN Auth Passed; 'dst_tcp_rst_cookie_fail': TCP Auth: RST Cookie Failed; 'dst_tcp_unauth_drop': TCP Auth: Unauth Dropped; 'src_tcp_syn_auth_fail': Src TCP Auth: SYN Auth Failed; 'src_tcp_syn_cookie_sent': Src TCP Auth: SYN Cookie Sent; 'src_tcp_syn_cookie_fail': Src TCP Auth: SYN Cookie Failed; 'src_tcp_rst_cookie_fail': Src TCP Auth: RST Cookie Failed; 'src_tcp_unauth_drop': Src TCP Auth: Unauth Dropped; 'src_tcp_action_on_syn_init': Src TCP Auth: SYN Retry Init; **Type:** string **Supported Values:** all, dst_tcp_any_exceed, dst_tcp_pkt_rate_exceed, dst_tcp_conn_rate_exceed, dst_udp_any_exceed, dst_udp_pkt_rate_exceed, dst_udp_conn_limit_exceed, dst_udp_conn_rate_exceed, dst_icmp_pkt_rate_exceed, dst_other_pkt_rate_exceed, dst_other_frag_pkt_rate_exceed, dst_port_pkt_rate_exceed, dst_port_conn_limit_exceed, dst_port_conn_rate_exceed, dst_pkt_sent, dst_udp_pkt_sent, dst_tcp_pkt_sent, dst_icmp_pkt_sent, dst_other_pkt_sent, dst_tcp_conn_limit_exceed, dst_tcp_pkt_rcvd, dst_udp_pkt_rcvd, dst_icmp_pkt_rcvd, dst_other_pkt_rcvd, dst_udp_filter_match, dst_udp_filter_not_match, dst_udp_filter_action_blacklist, dst_udp_filter_action_drop, dst_tcp_syn, dst_tcp_syn_drop, dst_tcp_src_rate_drop, dst_udp_src_rate_drop, dst_icmp_src_rate_drop, dst_other_frag_src_rate_drop, dst_other_src_rate_drop, dst_tcp_drop, dst_udp_drop, dst_icmp_drop, dst_frag_drop, dst_other_drop, dst_tcp_auth, dst_udp_filter_action_default_pass, dst_tcp_filter_match, dst_tcp_filter_not_match, dst_tcp_filter_action_blacklist, dst_tcp_filter_action_drop, dst_tcp_filter_action_default_pass, dst_udp_filter_action_whitelist, dst_over_limit_on, dst_over_limit_off, dst_port_over_limit_on, dst_port_over_limit_off, dst_over_limit_action, dst_port_over_limit_action, scanning_detected_drop, scanning_detected_blacklist, dst_udp_kibit_rate_drop, dst_tcp_kibit_rate_drop, dst_icmp_kibit_rate_drop, dst_other_kibit_rate_drop, dst_port_undef_drop, dst_port_bl, dst_src_port_bl, dst_port_kbit_rate_exceed, dst_tcp_src_drop, dst_udp_src_drop, dst_icmp_src_drop, dst_other_src_drop, tcp_syn_rcvd, tcp_syn_ack_rcvd, tcp_ack_rcvd, tcp_fin_rcvd, tcp_rst_rcvd, ingress_bytes, egress_bytes, ingress_packets, egress_packets, tcp_fwd_recv, udp_fwd_recv, icmp_fwd_recv, tcp_syn_cookie_fail, dst_tcp_session_created, dst_udp_session_created, dst_tcp_filter_action_whitelist, dst_other_filter_match, dst_other_filter_not_match, dst_other_filter_action_blacklist, dst_other_filter_action_drop, dst_other_filter_action_whitelist, dst_other_filter_action_default_pass, dst_blackhole_inject, dst_blackhole_withdraw, dst_tcp_out_of_seq_excd, dst_tcp_retransmit_excd, dst_tcp_zero_window_excd, dst_tcp_conn_prate_excd, dst_tcp_action_on_ack_init, dst_tcp_action_on_ack_gap_drop, dst_tcp_action_on_ack_fail, dst_tcp_action_on_ack_pass, dst_tcp_action_on_syn_init, dst_tcp_action_on_syn_gap_drop, dst_tcp_action_on_syn_fail, dst_tcp_action_on_syn_pass, udp_payload_too_small, udp_payload_too_big, dst_udp_conn_prate_excd, dst_udp_ntp_monlist_req, dst_udp_ntp_monlist_resp, dst_udp_wellknown_sport_drop, dst_udp_retry_init, dst_udp_retry_pass, dst_tcp_bytes_drop, dst_udp_bytes_drop, dst_icmp_bytes_drop, dst_other_bytes_drop, dst_out_no_route, outbound_bytes_sent, outbound_pkt_drop, outbound_bytes_drop, outbound_pkt_sent, inbound_bytes_sent, inbound_bytes_drop, dst_src_port_pkt_rate_exceed, dst_src_port_kbit_rate_exceed, dst_src_port_conn_limit_exceed, dst_src_port_conn_rate_exceed, dst_ip_proto_pkt_rate_exceed, dst_ip_proto_kbit_rate_exceed, dst_tcp_port_any_exceed, dst_udp_port_any_exceed, dst_tcp_auth_pass, dst_tcp_rst_cookie_fail, dst_tcp_unauth_drop, src_tcp_syn_auth_fail, src_tcp_syn_cookie_sent, src_tcp_syn_cookie_fail, src_tcp_rst_cookie_fail, src_tcp_unauth_drop, src_tcp_action_on_syn_init **counters2** **Description** 'src_tcp_action_on_syn_gap_drop': Src TCP Auth: SYN Retry-Gap Dropped; 'src_tcp_action_on_syn_fail': Src TCP Auth: SYN Retry Dropped; 'src_tcp_action_on_ack_init': Src TCP Auth: ACK Retry Init; 'src_tcp_action_on_ack_gap_drop': Src TCP Auth: ACK Retry Retry-Gap Dropped; 'src_tcp_action_on_ack_fail': Src TCP Auth: ACK Retry Dropped; 'src_tcp_out_of_seq_excd': Src TCP Out-Of-Seq Exceeded; 'src_tcp_retransmit_excd': Src TCP Retransmit Exceeded; 'src_tcp_zero_window_excd': Src TCP Zero-Window Exceeded; 'src_tcp_conn_prate_excd': Src TCP Rate: Conn Pkt Exceeded; 'src_udp_min_payload': Src UDP Payload Too Small; 'src_udp_max_payload': Src UDP Payload Too Large; 'src_udp_conn_prate_excd': Src UDP Rate: Conn Pkt Exceeded; 'src_udp_ntp_monlist_req': Src UDP NTP Monlist Request; 'src_udp_ntp_monlist_resp': Src UDP NTP Monlist Response; 'src_udp_wellknown_sport_drop': Src UDP SrcPort Wellknown; 'src_udp_retry_init': Src UDP Auth: Retry Init; 'dst_udp_retry_gap_drop': UDP Auth: Retry-Gap Dropped; 'dst_udp_retry_fail': UDP Auth: Retry Timeout; 'dst_tcp_session_aged': TCP Sessions Aged; 'dst_udp_session_aged': UDP Sessions Aged; 'dst_tcp_conn_close': TCP Connections Closed; 'dst_tcp_conn_close_half_open': TCP Half Open Connections Closed; 'dst_l4_tcp_auth': TCP Dst L4-Type Auth: SYN Cookie Sent; 'tcp_l4_syn_cookie_fail': TCP Dst L4-Type Auth: SYN Cookie Failed; 'tcp_l4_rst_cookie_fail': TCP Dst L4-Type Auth: RST Cookie Failed; 'tcp_l4_unauth_drop': TCP Dst L4-Type Auth: Unauth Dropped; 'dst_drop_frag_pkt': Dst Fragmented Packets Dropped; 'src_tcp_filter_action_blacklist': Src TCP Filter Action Blacklist; 'src_tcp_filter_action_whitelist': Src TCP Filter Action WL; 'src_tcp_filter_action_drop': Src TCP Filter Action Drop; 'src_tcp_filter_action_default_pass': Src TCP Filter Action Default Pass; 'src_udp_filter_action_blacklist': Src UDP Filter Action Blacklist; 'src_udp_filter_action_whitelist': Src UDP Filter Action WL; 'src_udp_filter_action_drop': Src UDP Filter Action Drop; 'src_udp_filter_action_default_pass': Src UDP Filter Action Default Pass; 'src_other_filter_action_blacklist': Src OTHER Filter Action Blacklist; 'src_other_filter_action_whitelist': Src OTHER Filter Action WL; 'src_other_filter_action_drop': Src OTHER Filter Action Drop; 'src_other_filter_action_default_pass': Src OTHER Filter Action Default Pass; 'tcp_invalid_syn': TCP Invalid SYN Received; 'dst_tcp_conn_close_w_rst': TCP RST Connections Closed; 'dst_tcp_conn_close_w_fin': TCP FIN Connections Closed; 'dst_tcp_conn_close_w_idle': TCP Idle Connections Closed; 'dst_tcp_conn_create_from_syn': TCP Connections Created From SYN; 'dst_tcp_conn_create_from_ack': TCP Connections Created From ACK; 'src_frag_drop': Src Fragmented Packets Dropped; 'dst_l4_tcp_blacklist_drop': Dst L4-type TCP Blacklist Dropped; 'dst_l4_udp_blacklist_drop': Dst L4-type UDP Blacklist Dropped; 'dst_l4_icmp_blacklist_drop': Dst L4-type ICMP Blacklist Dropped; 'dst_l4_other_blacklist_drop': Dst L4-type OTHER Blacklist Dropped; 'src_l4_tcp_blacklist_drop': Src L4-type TCP Blacklist Dropped; 'src_l4_udp_blacklist_drop': Src L4-type UDP Blacklist Dropped; 'src_l4_icmp_blacklist_drop': Src L4-type ICMP Blacklist Dropped; 'src_l4_other_blacklist_drop': Src L4-type OTHER Blacklist Dropped; 'drop_frag_timeout_drop': Fragment Reassemble Timeout Drop; 'dst_port_kbit_rate_exceed_pkt': Port Rate: KiBit Pkt Exceeded; 'dst_tcp_bytes_rcv': TCP Total Bytes Received; 'dst_udp_bytes_rcv': UDP Total Bytes Received; 'dst_icmp_bytes_rcv': ICMP Total Bytes Received; 'dst_other_bytes_rcv': OTHER Total Bytes Received; 'dst_tcp_bytes_sent': TCP Total Bytes Forwarded; 'dst_udp_bytes_sent': UDP Total Bytes Forwarded; 'dst_icmp_bytes_sent': ICMP Total Bytes Forwarded; 'dst_other_bytes_sent': OTHER Total Bytes Forwarded; 'dst_udp_auth_drop': UDP Auth: Dropped; 'dst_tcp_auth_drop': TCP Auth: Dropped; 'dst_tcp_auth_resp': TCP Auth: Responded; 'inbound_pkt_drop': Inbound: Packets Dropped; 'dst_entry_pkt_rate_exceed': Entry Rate: Packet Exceeded; 'dst_entry_kbit_rate_exceed': Entry Rate: KiBit Exceeded; 'dst_entry_conn_limit_exceed': Entry Limit: Conn Exceeded; 'dst_entry_conn_rate_exceed': Entry Rate: Conn Exceeded; 'dst_entry_frag_pkt_rate_exceed': Entry Rate: Frag Packet Exceeded; 'dst_icmp_any_exceed': ICMP Rate: Total Exceed; 'dst_other_any_exceed': OTHER Rate: Total Exceed; 'src_dst_pair_entry_total': Src-Dst Pair Entry Total Count; 'src_dst_pair_entry_udp': Src-Dst Pair Entry UDP Count; 'src_dst_pair_entry_tcp': Src-Dst Pair Entry TCP Count; 'src_dst_pair_entry_icmp': Src-Dst Pair Entry ICMP Count; 'src_dst_pair_entry_other': Src-Dst Pair Entry OTHER Count; 'dst_clist_overflow_policy_at_learning': Dst Src-Based Overflow Policy Hit; 'tcp_rexmit_syn_limit_drop': TCP SYN Retransmit Exceeded Drop; 'tcp_rexmit_syn_limit_bl': TCP SYN Retransmit Exceeded Blacklist; 'dst_tcp_wellknown_sport_drop': TCP SrcPort Wellknown; 'src_tcp_wellknown_sport_drop': Src TCP SrcPort Wellknown; 'dst_frag_rcvd': Fragmented Packets Received; 'no_policy_class_list_match': No Policy Class-list Match; 'src_udp_retry_gap_drop': Src UDP Auth: Retry-Gap Dropped; 'dst_entry_kbit_rate_exceed_count': Entry Rate: KiBit Exceeded Count; 'dst_port_undef_hit': Dst Port Undefined Hit; 'dst_tcp_action_on_ack_timeout': TCP Auth: ACK Retry Timeout; 'dst_tcp_action_on_ack_reset': TCP Auth: ACK Retry Timeout Reset; 'dst_tcp_action_on_ack_blacklist': TCP Auth: ACK Retry Timeout Blacklisted; 'src_tcp_action_on_ack_timeout': Src TCP Auth: ACK Retry Timeout; 'src_tcp_action_on_ack_reset': Src TCP Auth: ACK Retry Timeout Reset; 'src_tcp_action_on_ack_blacklist': Src TCP Auth: ACK Retry Timeout Blacklisted; 'dst_tcp_action_on_syn_timeout': TCP Auth: SYN Retry Timeout; 'dst_tcp_action_on_syn_reset': TCP Auth: SYN Retry Timeout Reset; 'dst_tcp_action_on_syn_blacklist': TCP Auth: SYN Retry Timeout Blacklisted; 'src_tcp_action_on_syn_timeout': Src TCP Auth: SYN Retry Timeout; 'src_tcp_action_on_syn_reset': Src TCP Auth: SYN Retry Timeout Reset; 'src_tcp_action_on_syn_blacklist': Src TCP Auth: SYN Retry Timeout Blacklisted; 'dst_udp_frag_pkt_rate_exceed': UDP Dst L4-Type Rate: Frag Exceeded; 'dst_udp_frag_src_rate_drop': UDP Src Rate: Frag Exceeded; 'dst_tcp_frag_pkt_rate_exceed': TCP Dst L4-Type Rate: Frag Exceeded; 'dst_tcp_frag_src_rate_drop': TCP Src Rate: Frag Exceeded; 'dst_icmp_frag_pkt_rate_exceed': ICMP Dst L4-Type Rate: Frag Exceeded; 'dst_icmp_frag_src_rate_drop': ICMP Src Rate: Frag Exceeded; 'sflow_internal_samples_packed': Sflow Internal Samples Packed; 'sflow_external_samples_packed': Sflow External Samples Packed; 'sflow_internal_packets_sent': Sflow Internal Packets Sent; 'sflow_external_packets_sent': Sflow External Packets Sent; 'dns_outbound_total_query': DNS Outbound Total Query; 'dns_outbound_query_malformed': DNS Outbound Query Malformed; 'dns_outbound_query_resp_chk_failed': DNS Outbound Query Resp Check Failed; 'dns_outbound_query_resp_chk_blacklisted': DNS Outbound Query Resp Check Blacklisted; 'dns_outbound_query_resp_chk_refused_sent': DNS Outbound Query Resp Check REFUSED Sent; 'dns_outbound_query_resp_chk_reset_sent': DNS Outbound Query Resp Check RESET Sent; 'dns_outbound_query_resp_chk_no_resp_sent': DNS Outbound Query Resp Check No Response Sent; 'dns_outbound_query_resp_size_exceed': DNS Outbound Query Response Size Exceed; 'dns_outbound_query_sess_timed_out': DNS Outbound Query Session Timed Out; 'dst_exceed_action_tunnel': Entry Exceed Action: Tunnel; 'src_udp_auth_timeout': Src UDP Auth: Retry Timeout; 'src_udp_retry_pass': Src UDP Retry Passed; **Type:** string **Supported Values:** src_tcp_action_on_syn_gap_drop, src_tcp_action_on_syn_fail, src_tcp_action_on_ack_init, src_tcp_action_on_ack_gap_drop, src_tcp_action_on_ack_fail, src_tcp_out_of_seq_excd, src_tcp_retransmit_excd, src_tcp_zero_window_excd, src_tcp_conn_prate_excd, src_udp_min_payload, src_udp_max_payload, src_udp_conn_prate_excd, src_udp_ntp_monlist_req, src_udp_ntp_monlist_resp, src_udp_wellknown_sport_drop, src_udp_retry_init, dst_udp_retry_gap_drop, dst_udp_retry_fail, dst_tcp_session_aged, dst_udp_session_aged, dst_tcp_conn_close, dst_tcp_conn_close_half_open, dst_l4_tcp_auth, tcp_l4_syn_cookie_fail, tcp_l4_rst_cookie_fail, tcp_l4_unauth_drop, dst_drop_frag_pkt, src_tcp_filter_action_blacklist, src_tcp_filter_action_whitelist, src_tcp_filter_action_drop, src_tcp_filter_action_default_pass, src_udp_filter_action_blacklist, src_udp_filter_action_whitelist, src_udp_filter_action_drop, src_udp_filter_action_default_pass, src_other_filter_action_blacklist, src_other_filter_action_whitelist, src_other_filter_action_drop, src_other_filter_action_default_pass, tcp_invalid_syn, dst_tcp_conn_close_w_rst, dst_tcp_conn_close_w_fin, dst_tcp_conn_close_w_idle, dst_tcp_conn_create_from_syn, dst_tcp_conn_create_from_ack, src_frag_drop, dst_l4_tcp_blacklist_drop, dst_l4_udp_blacklist_drop, dst_l4_icmp_blacklist_drop, dst_l4_other_blacklist_drop, src_l4_tcp_blacklist_drop, src_l4_udp_blacklist_drop, src_l4_icmp_blacklist_drop, src_l4_other_blacklist_drop, drop_frag_timeout_drop, dst_port_kbit_rate_exceed_pkt, dst_tcp_bytes_rcv, dst_udp_bytes_rcv, dst_icmp_bytes_rcv, dst_other_bytes_rcv, dst_tcp_bytes_sent, dst_udp_bytes_sent, dst_icmp_bytes_sent, dst_other_bytes_sent, dst_udp_auth_drop, dst_tcp_auth_drop, dst_tcp_auth_resp, inbound_pkt_drop, dst_entry_pkt_rate_exceed, dst_entry_kbit_rate_exceed, dst_entry_conn_limit_exceed, dst_entry_conn_rate_exceed, dst_entry_frag_pkt_rate_exceed, dst_icmp_any_exceed, dst_other_any_exceed, src_dst_pair_entry_total, src_dst_pair_entry_udp, src_dst_pair_entry_tcp, src_dst_pair_entry_icmp, src_dst_pair_entry_other, dst_clist_overflow_policy_at_learning, tcp_rexmit_syn_limit_drop, tcp_rexmit_syn_limit_bl, dst_tcp_wellknown_sport_drop, src_tcp_wellknown_sport_drop, dst_frag_rcvd, no_policy_class_list_match, src_udp_retry_gap_drop, dst_entry_kbit_rate_exceed_count, dst_port_undef_hit, dst_tcp_action_on_ack_timeout, dst_tcp_action_on_ack_reset, dst_tcp_action_on_ack_blacklist, src_tcp_action_on_ack_timeout, src_tcp_action_on_ack_reset, src_tcp_action_on_ack_blacklist, dst_tcp_action_on_syn_timeout, dst_tcp_action_on_syn_reset, dst_tcp_action_on_syn_blacklist, src_tcp_action_on_syn_timeout, src_tcp_action_on_syn_reset, src_tcp_action_on_syn_blacklist, dst_udp_frag_pkt_rate_exceed, dst_udp_frag_src_rate_drop, dst_tcp_frag_pkt_rate_exceed, dst_tcp_frag_src_rate_drop, dst_icmp_frag_pkt_rate_exceed, dst_icmp_frag_src_rate_drop, sflow_internal_samples_packed, sflow_external_samples_packed, sflow_internal_packets_sent, sflow_external_packets_sent, dns_outbound_total_query, dns_outbound_query_malformed, dns_outbound_query_resp_chk_failed, dns_outbound_query_resp_chk_blacklisted, dns_outbound_query_resp_chk_refused_sent, dns_outbound_query_resp_chk_reset_sent, dns_outbound_query_resp_chk_no_resp_sent, dns_outbound_query_resp_size_exceed, dns_outbound_query_sess_timed_out, dst_exceed_action_tunnel, src_udp_auth_timeout, src_udp_retry_pass **counters3** **Description** 'dst_hw_drop_rule_insert': Dst Hardware Drop Rules Inserted; 'dst_hw_drop_rule_remove': Dst Hardware Drop Rules Removed; 'src_hw_drop_rule_insert': Src Hardware Drop Rules Inserted; 'src_hw_drop_rule_remove': Src Hardware Drop Rules Removed; 'prog_first_req_time_exceed': Req-Resp: First Request Time Exceed; 'prog_req_resp_time_exceed': Req-Resp: Request to Response Time Exceed; 'prog_request_len_exceed': Req-Resp: Request Length Exceed; 'prog_response_len_exceed': Req-Resp: Response Length Exceed; 'prog_resp_req_ratio_exceed': Req-Resp: Response to Request Ratio Exceed; 'prog_resp_req_time_exceed': Req-Resp: Response to Request Time Exceed; 'entry_sync_message_received': Entry Sync Message Received; 'entry_sync_message_sent': Entry Sync Message Sent; 'prog_conn_sent_exceed': Connection: Sent Exceed; 'prog_conn_rcvd_exceed': Connection: Received Exceed; 'prog_conn_time_exceed': Connection: Time Exceed; 'prog_conn_rcvd_sent_ratio_exceed': Connection: Reveived to Sent Ratio Exceed; 'prog_win_sent_exceed': Time Window: Sent Exceed; 'prog_win_rcvd_exceed': Time Window: Received Exceed; 'prog_win_rcvd_sent_ratio_exceed': Time Window: Received to Sent Exceed; 'prog_exceed_drop': Req-Resp: Violation Exceed Dropped; 'prog_exceed_bl': Req-Resp: Violation Exceed Blacklisted; 'prog_conn_exceed_drop': Connection: Violation Exceed Dropped; 'prog_conn_exceed_bl': Connection: Violation Exceed Blacklisted; 'prog_win_exceed_drop': Time Window: Violation Exceed Dropped; 'prog_win_exceed_bl': Time Window: Violation Exceed Blacklisted; 'dst_exceed_action_drop': Entry Exceed Action: Dropped; 'prog_conn_samples': Sample Collected: Connection; 'prog_req_samples': Sample Collected: Req-Resp; 'prog_win_samples': Sample Collected: Time Window; **Type:** string **Supported Values:** dst_hw_drop_rule_insert, dst_hw_drop_rule_remove, src_hw_drop_rule_insert, src_hw_drop_rule_remove, prog_first_req_time_exceed, prog_req_resp_time_exceed, prog_request_len_exceed, prog_response_len_exceed, prog_resp_req_ratio_exceed, prog_resp_req_time_exceed, entry_sync_message_received, entry_sync_message_sent, prog_conn_sent_exceed, prog_conn_rcvd_exceed, prog_conn_time_exceed, prog_conn_rcvd_sent_ratio_exceed, prog_win_sent_exceed, prog_win_rcvd_exceed, prog_win_rcvd_sent_ratio_exceed, prog_exceed_drop, prog_exceed_bl, prog_conn_exceed_drop, prog_conn_exceed_bl, prog_win_exceed_drop, prog_win_exceed_bl, dst_exceed_action_drop, prog_conn_samples, prog_req_samples, prog_win_samples, prog_conn_samples_processed, prog_req_samples_processed, prog_win_samples_processed, src_hw_drop, dst_tcp_auth_rst, dst_src_learn_overflow, tcp_fwd_sent, udp_fwd_sent .. _1048_entry-list_enable-top-k: entry-list_enable-top-k ^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **topk-num-records** **Description** Maximum number of records to show in topk **Type:** number **Range:** 1-100 **Default:** 20 **topk-type** **Description** 'destination': Topk destination IP; **Type:** string **Supported Values:** destination .. _1048_entry-list_exceed-log-dep-cfg: entry-list_exceed-log-dep-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **exceed-log-enable** **Description** (Deprecated)Enable logging of limit exceed drop's **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **log-with-sflow-dep** **Description** Turn on sflow sample with log **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1048_dynamic-entry-overflow-policy-list: dynamic-entry-overflow-policy-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **default-address-type** **Description** 'ip': ip; 'ipv6': ipv6; **Type:** string **Supported Values:** ip, ipv6 **drop-disable** **Description** Disable certain drops during packet processing **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **drop-disable-fwd-immediate** **Description** Immediately forward L4 drops **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exceed-log-cfg** **Description:** exceed-log-cfg is a **JSON Block**. Please see below for :ref:`1048_dynamic-entry-overflow-policy-list_exceed-log-cfg` **Type:** Object **exceed-log-dep-cfg** **Description:** exceed-log-dep-cfg is a **JSON Block**. Please see below for :ref:`1048_dynamic-entry-overflow-policy-list_exceed-log-dep-cfg` **Type:** Object **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **inbound-forward-dscp** **Description** To set dscp value for inbound packets (DSCP Value for the clear traffic marking) **Type:** number **Range:** 1-63 **ip-proto-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/dynamic-entry-overflow-policy/{default-address-type}/ip-proto/{port-num} ` **l4-type-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/dynamic-entry-overflow-policy/{default-address-type}/l4-type/{protocol} ` **log-periodic** **Description** Enable periodic log while event is continuing **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **outbound-forward-dscp** **Description** To set dscp value for outbound **Type:** number **Range:** 1-63 **port-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/dynamic-entry-overflow-policy/{default-address-type}/port/{port-num}+{protocol} ` **src-port-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/dynamic-entry-overflow-policy/{default-address-type}/src-port/{port-num}+{protocol} ` **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1048_dynamic-entry-overflow-policy-list_template` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_dynamic-entry-overflow-policy-list_port-list: dynamic-entry-overflow-policy-list_port-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **deny** **Description** Blacklist and Drop all incoming packets for protocol **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **port-num** **Description** Port Number **Type:** number **Range:** 0-65535 **protocol** **Description** 'dns-tcp': dns-tcp; 'dns-udp': dns-udp; 'http': http; 'tcp': tcp; 'udp': udp; 'ssl-l4': ssl-l4; 'sip-udp': sip-udp; 'sip-tcp': sip-tcp; **Type:** string **Supported Values:** dns-tcp, dns-udp, http, tcp, udp, ssl-l4, sip-udp, sip-tcp **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1048_dynamic-entry-overflow-policy-list_port-list_template` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_dynamic-entry-overflow-policy-list_port-list_template: dynamic-entry-overflow-policy-list_port-list_template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dns** **Description** DDOS dns template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **http** **Description** DDOS http template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **sip** **Description** DDOS sip template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **ssl-l4** **Description** DDOS ssl-l4 template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **tcp** **Description** DDOS tcp template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **udp** **Description** DDOS udp template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1048_dynamic-entry-overflow-policy-list_template: dynamic-entry-overflow-policy-list_template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **logging** **Description** DDOS logging template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1048_dynamic-entry-overflow-policy-list_ip-proto-list: dynamic-entry-overflow-policy-list_ip-proto-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **deny** **Description** Blacklist and Drop all incoming packets for protocol **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **port-num** **Description** Protocol Number **Type:** number **Range:** 0-255 **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1048_dynamic-entry-overflow-policy-list_ip-proto-list_template` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_dynamic-entry-overflow-policy-list_ip-proto-list_template: dynamic-entry-overflow-policy-list_ip-proto-list_template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **other** **Description** DDOS other template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1048_dynamic-entry-overflow-policy-list_exceed-log-cfg: dynamic-entry-overflow-policy-list_exceed-log-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **log-enable** **Description** Enable logging of limit exceed drop's **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **with-sflow-sample** **Description** Turn on sflow sample with log **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1048_dynamic-entry-overflow-policy-list_exceed-log-dep-cfg: dynamic-entry-overflow-policy-list_exceed-log-dep-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **exceed-log-enable** **Description** (Deprecated)Enable logging of limit exceed drop's **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **log-with-sflow-dep** **Description** Turn on sflow sample with log **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1048_dynamic-entry-overflow-policy-list_src-port-list: dynamic-entry-overflow-policy-list_src-port-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **deny** **Description** Blacklist and Drop all incoming packets for protocol **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **port-num** **Description** Port Number **Type:** number **Range:** 0-65535 **protocol** **Description** 'udp': udp; 'tcp': tcp; **Type:** string **Supported Values:** udp, tcp **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1048_dynamic-entry-overflow-policy-list_src-port-list_template` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_dynamic-entry-overflow-policy-list_src-port-list_template: dynamic-entry-overflow-policy-list_src-port-list_template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **src-tcp** **Description** DDOS tcp src template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **src-udp** **Description** DDOS udp src template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1048_dynamic-entry-overflow-policy-list_l4-type-list: dynamic-entry-overflow-policy-list_l4-type-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **deny** **Description** Blacklist and Drop all incoming packets for protocol **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **drop-frag-pkt** **Description** Drop fragmented packets **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **drop-on-no-port-match** **Description** 'disable': disable; 'enable': enable; **Type:** string **Supported Values:** disable, enable **Default:** enable **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **max-rexmit-syn-per-flow** **Description** Maximum number of re-transmit SYN per flow. Exceed action set to Drop **Type:** number **Range:** 1-6 **protocol** **Description** 'tcp': tcp; 'udp': udp; 'icmp': icmp; 'other': other; **Type:** string **Supported Values:** tcp, udp, icmp, other **stateful** **Description** Enable stateful tracking of sessions (Default is stateless) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **syn-auth** **Description** 'send-rst': Send RST to client upon client ACK; 'force-rst-by-ack': Force client RST via the use of ACK; 'force-rst-by-synack': Force client RST via the use of bad SYN|ACK; 'disable': Disable TCP SYN Authentication; **Type:** string **Supported Values:** send-rst, force-rst-by-ack, force-rst-by-synack, disable **Default:** send-rst **syn-cookie** **Description** Enable SYN Cookie **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **tcp-reset-client** **Description** Send reset to client when rate exceeds or session ages out **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **tcp-reset-server** **Description** Send reset to server when rate exceeds or session ages out **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **tunnel-decap** **Description:** tunnel-decap is a **JSON Block**. Please see below for :ref:`1048_dynamic-entry-overflow-policy-list_l4-type-list_tunnel-decap` **Type:** Object **tunnel-rate-limit** **Description:** tunnel-rate-limit is a **JSON Block**. Please see below for :ref:`1048_dynamic-entry-overflow-policy-list_l4-type-list_tunnel-rate-limit` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_dynamic-entry-overflow-policy-list_l4-type-list_tunnel-rate-limit: dynamic-entry-overflow-policy-list_l4-type-list_tunnel-rate-limit ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **gre-rate-limit** **Description** Enable inner IP rate limiting on GRE traffic **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **ip-rate-limit** **Description** Enable inner IP rate limiting on IPinIP traffic **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1048_dynamic-entry-overflow-policy-list_l4-type-list_tunnel-decap: dynamic-entry-overflow-policy-list_l4-type-list_tunnel-decap ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **gre-decap** **Description** Enable GRE Tunnel decapsulation **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **ip-decap** **Description** Enable IP Tunnel decapsulation **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **key-cfg** **Type:** List .. _1048_dynamic-entry-overflow-policy-list_l4-type-list_tunnel-decap_key-cfg: dynamic-entry-overflow-policy-list_l4-type-list_tunnel-decap_key-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **key** **Description** Only decapsulate GRE packet with this key (Hexadecimal 0x0-0xFFFFFFFF,decimal 0-4294967295) **Type:** string **Maximum Length:** 10 characters **Maximum Length:** 1 characters .. _1048_dynamic-entry: dynamic-entry ^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **all-entries** **Description:** all-entries is a **JSON Block**. Please see below for :ref:`1048_dynamic-entry_all-entries` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/dynamic-entry/all-entries ` **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_dynamic-entry_all-entries: dynamic-entry_all-entries ^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **sampling-enable** **Type:** List **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_dynamic-entry_all-entries_sampling-enable: dynamic-entry_all-entries_sampling-enable ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'dst_tcp_any_exceed': TCP Dst L4-Type Rate: Total Exceeded; 'dst_tcp_pkt_rate_exceed': TCP Dst L4-Type Rate: Packet Exceeded; 'dst_tcp_conn_rate_exceed': TCP Dst L4-Type Rate: Conn Exceeded; 'dst_udp_any_exceed': UDP Dst L4-Type Rate: Total Exceeded; 'dst_udp_pkt_rate_exceed': UDP Dst L4-Type Rate: Packet Exceeded; 'dst_udp_conn_limit_exceed': UDP Dst L4-Type Limit: Conn Exceeded; 'dst_udp_conn_rate_exceed': UDP Dst L4-Type Rate: Conn Exceeded; 'dst_icmp_pkt_rate_exceed': ICMP Dst Rate: Packet Exceeded; 'dst_other_pkt_rate_exceed': OTHER Dst L4-Type Rate: Packet Exceeded; 'dst_other_frag_pkt_rate_exceed': OTHER Dst L4-Type Rate: Frag Exceeded; 'dst_port_pkt_rate_exceed': Port Rate: Packet Exceeded; 'dst_port_conn_limit_exceed': Port Limit: Conn Exceeded; 'dst_port_conn_rate_exceed': Port Rate: Conn Exceeded; 'dst_pkt_sent': Inbound: Packets Forwarded; 'dst_udp_pkt_sent': UDP Total Packets Forwarded; 'dst_tcp_pkt_sent': TCP Total Packets Forwarded; 'dst_icmp_pkt_sent': ICMP Total Packets Forwarded; 'dst_other_pkt_sent': OTHER Total Packets Forwarded; 'dst_tcp_conn_limit_exceed': TCP Dst L4-Type Limit: Conn Exceeded; 'dst_tcp_pkt_rcvd': TCP Total Packets Received; 'dst_udp_pkt_rcvd': UDP Total Packets Received; 'dst_icmp_pkt_rcvd': ICMP Total Packets Received; 'dst_other_pkt_rcvd': OTHER Total Packets Received; 'dst_udp_filter_match': UDP Filter Match; 'dst_udp_filter_not_match': UDP Filter Not Matched on Pkt; 'dst_udp_filter_action_blacklist': UDP Filter Action Blacklist; 'dst_udp_filter_action_drop': UDP Filter Action Drop; 'dst_tcp_syn': TCP Total SYN Received; 'dst_tcp_syn_drop': TCP SYN Packets Dropped; 'dst_tcp_src_rate_drop': TCP Src Rate: Total Exceeded; 'dst_udp_src_rate_drop': UDP Src Rate: Total Exceeded; 'dst_icmp_src_rate_drop': ICMP Src Rate: Total Exceeded; 'dst_other_frag_src_rate_drop': OTHER Src Rate: Frag Exceeded; 'dst_other_src_rate_drop': OTHER Src Rate: Total Exceeded; 'dst_tcp_drop': TCP Total Packets Dropped; 'dst_udp_drop': UDP Total Packets Dropped; 'dst_icmp_drop': ICMP Total Packets Dropped; 'dst_frag_drop': Fragmented Packets Dropped; 'dst_other_drop': OTHER Total Packets Dropped; 'dst_tcp_auth': TCP Auth: SYN Cookie Sent; 'dst_udp_filter_action_default_pass': UDP Filter Action Default Pass; 'dst_tcp_filter_match': TCP Filter Match; 'dst_tcp_filter_not_match': TCP Filter Not Matched on Pkt; 'dst_tcp_filter_action_blacklist': TCP Filter Action Blacklist; 'dst_tcp_filter_action_drop': TCP Filter Action Drop; 'dst_tcp_filter_action_default_pass': TCP Filter Action Default Pass; 'dst_udp_filter_action_whitelist': UDP Filter Action WL; 'dst_over_limit_on': DST overlimit Trigger ON; 'dst_over_limit_off': DST overlimit Trigger OFF; 'dst_port_over_limit_on': DST port overlimit Trigger ON; 'dst_port_over_limit_off': DST port overlimit Trigger OFF; 'dst_over_limit_action': DST overlimit action; 'dst_port_over_limit_action': DST port overlimit action; 'scanning_detected_drop': Scanning Detected drop (deprecated); 'scanning_detected_blacklist': Scanning Detected blacklist (deprecated); 'dst_udp_kibit_rate_drop': UDP Dst L4-Type Rate: KiBit Exceeded; 'dst_tcp_kibit_rate_drop': TCP Dst L4-Type Rate: KiBit Exceeded; 'dst_icmp_kibit_rate_drop': ICMP Dst Rate: KiBit Exceeded; 'dst_other_kibit_rate_drop': OTHER Dst L4-Type Rate: KiBit Exceeded; 'dst_port_undef_drop': Dst Port Undefined Dropped; 'dst_port_bl': Dst Port Blacklist Packets Dropped; 'dst_src_port_bl': Dst SrcPort Blacklist Packets Dropped; 'dst_port_kbit_rate_exceed': Port Rate: KiBit Exceeded; 'dst_tcp_src_drop': TCP Src Packets Dropped; 'dst_udp_src_drop': UDP Src Packets Dropped; 'dst_icmp_src_drop': ICMP Src Packets Dropped; 'dst_other_src_drop': OTHER Src Packets Dropped; 'tcp_syn_rcvd': TCP Inbound SYN Received; 'tcp_syn_ack_rcvd': TCP SYN ACK Received; 'tcp_ack_rcvd': TCP ACK Received; 'tcp_fin_rcvd': TCP FIN Received; 'tcp_rst_rcvd': TCP RST Received; 'ingress_bytes': Inbound: Bytes Received; 'egress_bytes': Outbound: Bytes Received; 'ingress_packets': Inbound: Packets Received; 'egress_packets': Outbound: Packets Received; 'tcp_fwd_recv': TCP Inbound Packets Received; 'udp_fwd_recv': UDP Inbound Packets Received; 'icmp_fwd_recv': ICMP Inbound Packets Received; 'tcp_syn_cookie_fail': TCP Auth: SYN Cookie Failed; 'dst_tcp_session_created': TCP Sessions Created; 'dst_udp_session_created': UDP Sessions Created; 'dst_tcp_filter_action_whitelist': TCP Filter Action WL; 'dst_other_filter_match': OTHER Filter Match; 'dst_other_filter_not_match': OTHER Filter Not Matched on Pkt; 'dst_other_filter_action_blacklist': OTHER Filter Action Blacklist; 'dst_other_filter_action_drop': OTHER Filter Action Drop; 'dst_other_filter_action_whitelist': OTHER Filter Action WL; 'dst_other_filter_action_default_pass': OTHER Filter Action Default Pass; 'dst_blackhole_inject': Dst Blackhole Inject; 'dst_blackhole_withdraw': Dst Blackhole Withdraw; 'dst_tcp_out_of_seq_excd': TCP Out-Of-Seq Exceeded; 'dst_tcp_retransmit_excd': TCP Retransmit Exceeded; 'dst_tcp_zero_window_excd': TCP Zero-Window Exceeded; 'dst_tcp_conn_prate_excd': TCP Rate: Conn Pkt Exceeded; 'dst_tcp_action_on_ack_init': TCP Auth: ACK Retry Init; 'dst_tcp_action_on_ack_gap_drop': TCP Auth: ACK Retry Retry-Gap Dropped; 'dst_tcp_action_on_ack_fail': TCP Auth: ACK Retry Dropped; 'dst_tcp_action_on_ack_pass': TCP Auth: ACK Retry Passed; 'dst_tcp_action_on_syn_init': TCP Auth: SYN Retry Init; 'dst_tcp_action_on_syn_gap_drop': TCP Auth: SYN Retry-Gap Dropped; 'dst_tcp_action_on_syn_fail': TCP Auth: SYN Retry Dropped; 'dst_tcp_action_on_syn_pass': TCP Auth: SYN Retry Passed; 'udp_payload_too_small': UDP Payload Too Small; 'udp_payload_too_big': UDP Payload Too Large; 'dst_udp_conn_prate_excd': UDP Rate: Conn Pkt Exceeded; 'dst_udp_ntp_monlist_req': UDP NTP Monlist Request; 'dst_udp_ntp_monlist_resp': UDP NTP Monlist Response; 'dst_udp_wellknown_sport_drop': UDP SrcPort Wellknown; 'dst_udp_retry_init': UDP Auth: Retry Init; 'dst_udp_retry_pass': UDP Auth: Retry Passed; 'dst_tcp_bytes_drop': TCP Total Bytes Dropped; 'dst_udp_bytes_drop': UDP Total Bytes Dropped; 'dst_icmp_bytes_drop': ICMP Total Bytes Dropped; 'dst_other_bytes_drop': OTHER Total Bytes Dropped; 'dst_out_no_route': Dst IPv4/v6 Out No Route; 'outbound_bytes_sent': Outbound: Bytes Forwarded; 'outbound_pkt_drop': Outbound: Packets Dropped; 'outbound_bytes_drop': Outbound: Bytes Dropped; 'outbound_pkt_sent': Outbound: Packets Forwarded; 'inbound_bytes_sent': Inbound: Bytes Forwarded; 'inbound_bytes_drop': Inbound: Bytes Dropped; 'dst_src_port_pkt_rate_exceed': SrcPort Rate: Packet Exceeded; 'dst_src_port_kbit_rate_exceed': SrcPort Rate: KiBit Exceeded; 'dst_src_port_conn_limit_exceed': SrcPort Limit: Conn Exceeded; 'dst_src_port_conn_rate_exceed': SrcPort Rate: Conn Exceeded; 'dst_ip_proto_pkt_rate_exceed': IP-Proto Rate: Packet Exceeded; 'dst_ip_proto_kbit_rate_exceed': IP-Proto Rate: KiBit Exceeded; 'dst_tcp_port_any_exceed': TCP Port Rate: Total Exceed; 'dst_udp_port_any_exceed': UDP Port Rate: Total Exceed; 'dst_tcp_auth_pass': TCP Auth: SYN Auth Passed; 'dst_tcp_rst_cookie_fail': TCP Auth: RST Cookie Failed; 'dst_tcp_unauth_drop': TCP Auth: Unauth Dropped; 'src_tcp_syn_auth_fail': Src TCP Auth: SYN Auth Failed; 'src_tcp_syn_cookie_sent': Src TCP Auth: SYN Cookie Sent; 'src_tcp_syn_cookie_fail': Src TCP Auth: SYN Cookie Failed; 'src_tcp_rst_cookie_fail': Src TCP Auth: RST Cookie Failed; 'src_tcp_unauth_drop': Src TCP Auth: Unauth Dropped; 'src_tcp_action_on_syn_init': Src TCP Auth: SYN Retry Init; **Type:** string **Supported Values:** all, dst_tcp_any_exceed, dst_tcp_pkt_rate_exceed, dst_tcp_conn_rate_exceed, dst_udp_any_exceed, dst_udp_pkt_rate_exceed, dst_udp_conn_limit_exceed, dst_udp_conn_rate_exceed, dst_icmp_pkt_rate_exceed, dst_other_pkt_rate_exceed, dst_other_frag_pkt_rate_exceed, dst_port_pkt_rate_exceed, dst_port_conn_limit_exceed, dst_port_conn_rate_exceed, dst_pkt_sent, dst_udp_pkt_sent, dst_tcp_pkt_sent, dst_icmp_pkt_sent, dst_other_pkt_sent, dst_tcp_conn_limit_exceed, dst_tcp_pkt_rcvd, dst_udp_pkt_rcvd, dst_icmp_pkt_rcvd, dst_other_pkt_rcvd, dst_udp_filter_match, dst_udp_filter_not_match, dst_udp_filter_action_blacklist, dst_udp_filter_action_drop, dst_tcp_syn, dst_tcp_syn_drop, dst_tcp_src_rate_drop, dst_udp_src_rate_drop, dst_icmp_src_rate_drop, dst_other_frag_src_rate_drop, dst_other_src_rate_drop, dst_tcp_drop, dst_udp_drop, dst_icmp_drop, dst_frag_drop, dst_other_drop, dst_tcp_auth, dst_udp_filter_action_default_pass, dst_tcp_filter_match, dst_tcp_filter_not_match, dst_tcp_filter_action_blacklist, dst_tcp_filter_action_drop, dst_tcp_filter_action_default_pass, dst_udp_filter_action_whitelist, dst_over_limit_on, dst_over_limit_off, dst_port_over_limit_on, dst_port_over_limit_off, dst_over_limit_action, dst_port_over_limit_action, scanning_detected_drop, scanning_detected_blacklist, dst_udp_kibit_rate_drop, dst_tcp_kibit_rate_drop, dst_icmp_kibit_rate_drop, dst_other_kibit_rate_drop, dst_port_undef_drop, dst_port_bl, dst_src_port_bl, dst_port_kbit_rate_exceed, dst_tcp_src_drop, dst_udp_src_drop, dst_icmp_src_drop, dst_other_src_drop, tcp_syn_rcvd, tcp_syn_ack_rcvd, tcp_ack_rcvd, tcp_fin_rcvd, tcp_rst_rcvd, ingress_bytes, egress_bytes, ingress_packets, egress_packets, tcp_fwd_recv, udp_fwd_recv, icmp_fwd_recv, tcp_syn_cookie_fail, dst_tcp_session_created, dst_udp_session_created, dst_tcp_filter_action_whitelist, dst_other_filter_match, dst_other_filter_not_match, dst_other_filter_action_blacklist, dst_other_filter_action_drop, dst_other_filter_action_whitelist, dst_other_filter_action_default_pass, dst_blackhole_inject, dst_blackhole_withdraw, dst_tcp_out_of_seq_excd, dst_tcp_retransmit_excd, dst_tcp_zero_window_excd, dst_tcp_conn_prate_excd, dst_tcp_action_on_ack_init, dst_tcp_action_on_ack_gap_drop, dst_tcp_action_on_ack_fail, dst_tcp_action_on_ack_pass, dst_tcp_action_on_syn_init, dst_tcp_action_on_syn_gap_drop, dst_tcp_action_on_syn_fail, dst_tcp_action_on_syn_pass, udp_payload_too_small, udp_payload_too_big, dst_udp_conn_prate_excd, dst_udp_ntp_monlist_req, dst_udp_ntp_monlist_resp, dst_udp_wellknown_sport_drop, dst_udp_retry_init, dst_udp_retry_pass, dst_tcp_bytes_drop, dst_udp_bytes_drop, dst_icmp_bytes_drop, dst_other_bytes_drop, dst_out_no_route, outbound_bytes_sent, outbound_pkt_drop, outbound_bytes_drop, outbound_pkt_sent, inbound_bytes_sent, inbound_bytes_drop, dst_src_port_pkt_rate_exceed, dst_src_port_kbit_rate_exceed, dst_src_port_conn_limit_exceed, dst_src_port_conn_rate_exceed, dst_ip_proto_pkt_rate_exceed, dst_ip_proto_kbit_rate_exceed, dst_tcp_port_any_exceed, dst_udp_port_any_exceed, dst_tcp_auth_pass, dst_tcp_rst_cookie_fail, dst_tcp_unauth_drop, src_tcp_syn_auth_fail, src_tcp_syn_cookie_sent, src_tcp_syn_cookie_fail, src_tcp_rst_cookie_fail, src_tcp_unauth_drop, src_tcp_action_on_syn_init **counters2** **Description** 'src_tcp_action_on_syn_gap_drop': Src TCP Auth: SYN Retry-Gap Dropped; 'src_tcp_action_on_syn_fail': Src TCP Auth: SYN Retry Dropped; 'src_tcp_action_on_ack_init': Src TCP Auth: ACK Retry Init; 'src_tcp_action_on_ack_gap_drop': Src TCP Auth: ACK Retry Retry-Gap Dropped; 'src_tcp_action_on_ack_fail': Src TCP Auth: ACK Retry Dropped; 'src_tcp_out_of_seq_excd': Src TCP Out-Of-Seq Exceeded; 'src_tcp_retransmit_excd': Src TCP Retransmit Exceeded; 'src_tcp_zero_window_excd': Src TCP Zero-Window Exceeded; 'src_tcp_conn_prate_excd': Src TCP Rate: Conn Pkt Exceeded; 'src_udp_min_payload': Src UDP Payload Too Small; 'src_udp_max_payload': Src UDP Payload Too Large; 'src_udp_conn_prate_excd': Src UDP Rate: Conn Pkt Exceeded; 'src_udp_ntp_monlist_req': Src UDP NTP Monlist Request; 'src_udp_ntp_monlist_resp': Src UDP NTP Monlist Response; 'src_udp_wellknown_sport_drop': Src UDP SrcPort Wellknown; 'src_udp_retry_init': Src UDP Auth: Retry Init; 'dst_udp_retry_gap_drop': UDP Auth: Retry-Gap Dropped; 'dst_udp_retry_fail': UDP P Sessions Aged; 'dst_tcp_session_aged': TCP Sessions Aged; 'dst_udp_session_aged': UDP Sessions Aged; 'dst_tcp_conn_close': TCP Connections Closed; 'dst_tcp_conn_close_half_open': TCP Half Open Connections Closed; 'dst_l4_tcp_auth': TCP Dst L4-Type Auth: SYN Cookie Sent; 'tcp_l4_syn_cookie_fail': TCP Dst L4-Type Auth: SYN Cookie Failed; 'tcp_l4_rst_cookie_fail': TCP Dst L4-Type Auth: RST Cookie Failed; 'tcp_l4_unauth_drop': TCP Dst L4-Type Auth: Unauth Dropped; 'dst_drop_frag_pkt': Dst Fragmented Packets Dropped; 'src_tcp_filter_action_blacklist': Src TCP Filter Action Blacklist; 'src_tcp_filter_action_whitelist': Src TCP Filter Action WL; 'src_tcp_filter_action_drop': Src TCP Filter Action Drop; 'src_tcp_filter_action_default_pass': Src TCP Filter Action Default Pass; 'src_udp_filter_action_blacklist': Src UDP Filter Action Blacklist; 'src_udp_filter_action_whitelist': Src UDP Filter Action WL; 'src_udp_filter_action_drop': Src UDP Filter Action Drop; 'src_udp_filter_action_default_pass': Src UDP Filter Action Default Pass; 'src_other_filter_action_blacklist': Src OTHER Filter Action Blacklist; 'src_other_filter_action_whitelist': Src OTHER Filter Action WL; 'src_other_filter_action_drop': Src OTHER Filter Action Drop; 'src_other_filter_action_default_pass': Src OTHER Filter Action Default Pass; 'tcp_invalid_syn': TCP Invalid SYN Received; 'dst_tcp_conn_close_w_rst': TCP RST Connections Closed; 'dst_tcp_conn_close_w_fin': TCP FIN Connections Closed; 'dst_tcp_conn_close_w_idle': TCP Idle Connections Closed; 'dst_tcp_conn_create_from_syn': TCP Connections Created From SYN; 'dst_tcp_conn_create_from_ack': TCP Connections Created From ACK; 'src_frag_drop': Src Fragmented Packets Dropped; 'dst_l4_tcp_blacklist_drop': Dst L4-type TCP Blacklist Dropped; 'dst_l4_udp_blacklist_drop': Dst L4-type UDP Blacklist Dropped; 'dst_l4_icmp_blacklist_drop': No Policy Class-list Match; 'dst_l4_other_blacklist_drop': Dst L4-type OTHER Blacklist Dropped; 'src_l4_tcp_blacklist_drop': Src L4-type TCP Blacklist Dropped; 'src_l4_udp_blacklist_drop': Src L4-type UDP Blacklist Dropped; 'src_l4_icmp_blacklist_drop': Src L4-type ICMP Blacklist Dropped; 'src_l4_other_blacklist_drop': Src L4-type OTHER Blacklist Dropped; 'drop_frag_timeout_drop': Fragment Reassemble Timeout Drop; 'dst_port_kbit_rate_exceed_pkt': Port Rate: KiBit Pkt Exceeded; 'dst_tcp_bytes_rcv': TCP Total Bytes Received; 'dst_udp_bytes_rcv': UDP Total Bytes Received; 'dst_icmp_bytes_rcv': ICMP Total Bytes Received; 'dst_other_bytes_rcv': OTHER Total Bytes Received; 'dst_tcp_bytes_sent': TCP Total Bytes Forwarded; 'dst_udp_bytes_sent': UDP Total Bytes Forwarded; 'dst_icmp_bytes_sent': ICMP Total Bytes Forwarded; 'dst_other_bytes_sent': OTHER Total Bytes Forwarded; 'dst_udp_auth_drop': UDP Auth: Dropped; 'dst_tcp_auth_drop': TCP Auth: Dropped; 'dst_tcp_auth_resp': TCP Auth: Responded; 'inbound_pkt_drop': Inbound: Packets Dropped; 'dst_entry_pkt_rate_exceed': Entry Rate: Packet Exceeded; 'dst_entry_kbit_rate_exceed': Entry Rate: KiBit Exceeded; 'dst_entry_conn_limit_exceed': Entry Limit: Conn Exceeded; 'dst_entry_conn_rate_exceed': Entry Rate: Conn Exceeded; 'dst_entry_frag_pkt_rate_exceed': Entry Rate: Frag Packet Exceeded; 'dst_icmp_any_exceed': ICMP Rate: Total Exceed; 'dst_other_any_exceed': OTHER Rate: Total Exceed; 'src_dst_pair_entry_total': Src-Dst Pair Entry Total Count; 'src_dst_pair_entry_udp': Src-Dst Pair Entry UDP Count; 'src_dst_pair_entry_tcp': Src-Dst Pair Entry TCP Count; 'src_dst_pair_entry_icmp': Src-Dst Pair Entry ICMP Count; 'src_dst_pair_entry_other': Src-Dst Pair Entry OTHER Count; 'dst_clist_overflow_policy_at_learning': Dst Src-Based Overflow Policy Hit; 'tcp_rexmit_syn_limit_drop': TCP SYN Retransmit Exceeded Drop; 'tcp_rexmit_syn_limit_bl': TCP SYN Retransmit Exceeded Blacklist; 'dst_tcp_wellknown_sport_drop': TCP SrcPort Wellknown; 'src_tcp_wellknown_sport_drop': Src TCP SrcPort Wellknown; 'dst_frag_rcvd': Fragmented Packets Received; 'no_policy_class_list_match': No Policy Class-list Match; 'src_udp_retry_gap_drop': Src UDP Auth: Retry-Gap Dropped; 'dst_entry_kbit_rate_exceed_count': Entry Rate: KiBit Exceeded Count; 'dst_port_undef_hit': Dst Port Undefined Hit; 'dst_tcp_action_on_ack_timeout': TCP Auth: ACK Retry Timeout; 'dst_tcp_action_on_ack_reset': TCP Auth: ACK Retry Timeout Reset; 'dst_tcp_action_on_ack_blacklist': TCP Auth: ACK Retry Timeout Blacklisted; 'src_tcp_action_on_ack_timeout': Src TCP Auth: ACK Retry Timeout; 'src_tcp_action_on_ack_reset': Src TCP Auth: ACK Retry Timeout Reset; 'src_tcp_action_on_ack_blacklist': Src TCP Auth: ACK Retry Timeout Blacklisted; 'dst_tcp_action_on_syn_timeout': TCP Auth: SYN Retry Timeout; 'dst_tcp_action_on_syn_reset': TCP Auth: SYN Retry Timeout Reset; 'dst_tcp_action_on_syn_blacklist': TCP Auth: SYN Retry Timeout Blacklisted; 'src_tcp_action_on_syn_timeout': Src TCP Auth: SYN Retry Timeout; 'src_tcp_action_on_syn_reset': Src TCP Auth: SYN Retry Timeout Reset; 'src_tcp_action_on_syn_blacklist': Src TCP Auth: SYN Retry Timeout Blacklisted; 'dst_udp_frag_pkt_rate_exceed': UDP Dst L4-Type Rate: Frag Exceeded; 'dst_udp_frag_src_rate_drop': UDP Src Rate: Frag Exceeded; 'dst_tcp_frag_pkt_rate_exceed': TCP Dst L4-Type Rate: Frag Exceeded; 'dst_tcp_frag_src_rate_drop': TCP Src Rate: Frag Exceeded; 'dst_icmp_frag_pkt_rate_exceed': ICMP Dst L4-Type Rate: Frag Exceeded; 'dst_icmp_frag_src_rate_drop': ICMP Src Rate: Frag Exceeded; 'sflow_internal_samples_packed': Sflow Internal Samples Packed; 'sflow_external_samples_packed': Sflow External Samples Packed; 'sflow_internal_packets_sent': Sflow Internal Packets Sent; 'sflow_external_packets_sent': Sflow External Packets Sent; 'dns_outbound_total_query': DNS Outbound Total Query; 'dns_outbound_query_malformed': DNS Outbound Query Malformed; 'dns_outbound_query_resp_chk_failed': DNS Outbound Query Resp Check Failed; 'dns_outbound_query_resp_chk_blacklisted': DNS Outbound Query Resp Check Blacklisted; 'dns_outbound_query_resp_chk_refused_sent': DNS Outbound Query Resp Check REFUSED Sent; 'dns_outbound_query_resp_chk_reset_sent': DNS Outbound Query Resp Check RESET Sent; 'dns_outbound_query_resp_chk_no_resp_sent': DNS Outbound Query Resp Check No Response Sent; 'dns_outbound_query_resp_size_exceed': DNS Outbound Query Response Size Exceed; 'dns_outbound_query_sess_timed_out': DNS Outbound Query Session Timed Out; 'dst_exceed_action_tunnel': Entry Exceed Action: Tunnel; 'src_udp_auth_timeout': Src UDP Auth: Retry Timeout; 'src_udp_retry_pass': Src UDP Retry Passed; **Type:** string **Supported Values:** src_tcp_action_on_syn_gap_drop, src_tcp_action_on_syn_fail, src_tcp_action_on_ack_init, src_tcp_action_on_ack_gap_drop, src_tcp_action_on_ack_fail, src_tcp_out_of_seq_excd, src_tcp_retransmit_excd, src_tcp_zero_window_excd, src_tcp_conn_prate_excd, src_udp_min_payload, src_udp_max_payload, src_udp_conn_prate_excd, src_udp_ntp_monlist_req, src_udp_ntp_monlist_resp, src_udp_wellknown_sport_drop, src_udp_retry_init, dst_udp_retry_gap_drop, dst_udp_retry_fail, dst_tcp_session_aged, dst_udp_session_aged, dst_tcp_conn_close, dst_tcp_conn_close_half_open, dst_l4_tcp_auth, tcp_l4_syn_cookie_fail, tcp_l4_rst_cookie_fail, tcp_l4_unauth_drop, dst_drop_frag_pkt, src_tcp_filter_action_blacklist, src_tcp_filter_action_whitelist, src_tcp_filter_action_drop, src_tcp_filter_action_default_pass, src_udp_filter_action_blacklist, src_udp_filter_action_whitelist, src_udp_filter_action_drop, src_udp_filter_action_default_pass, src_other_filter_action_blacklist, src_other_filter_action_whitelist, src_other_filter_action_drop, src_other_filter_action_default_pass, tcp_invalid_syn, dst_tcp_conn_close_w_rst, dst_tcp_conn_close_w_fin, dst_tcp_conn_close_w_idle, dst_tcp_conn_create_from_syn, dst_tcp_conn_create_from_ack, src_frag_drop, dst_l4_tcp_blacklist_drop, dst_l4_udp_blacklist_drop, dst_l4_icmp_blacklist_drop, dst_l4_other_blacklist_drop, src_l4_tcp_blacklist_drop, src_l4_udp_blacklist_drop, src_l4_icmp_blacklist_drop, src_l4_other_blacklist_drop, drop_frag_timeout_drop, dst_port_kbit_rate_exceed_pkt, dst_tcp_bytes_rcv, dst_udp_bytes_rcv, dst_icmp_bytes_rcv, dst_other_bytes_rcv, dst_tcp_bytes_sent, dst_udp_bytes_sent, dst_icmp_bytes_sent, dst_other_bytes_sent, dst_udp_auth_drop, dst_tcp_auth_drop, dst_tcp_auth_resp, inbound_pkt_drop, dst_entry_pkt_rate_exceed, dst_entry_kbit_rate_exceed, dst_entry_conn_limit_exceed, dst_entry_conn_rate_exceed, dst_entry_frag_pkt_rate_exceed, dst_icmp_any_exceed, dst_other_any_exceed, src_dst_pair_entry_total, src_dst_pair_entry_udp, src_dst_pair_entry_tcp, src_dst_pair_entry_icmp, src_dst_pair_entry_other, dst_clist_overflow_policy_at_learning, tcp_rexmit_syn_limit_drop, tcp_rexmit_syn_limit_bl, dst_tcp_wellknown_sport_drop, src_tcp_wellknown_sport_drop, dst_frag_rcvd, no_policy_class_list_match, src_udp_retry_gap_drop, dst_entry_kbit_rate_exceed_count, dst_port_undef_hit, dst_tcp_action_on_ack_timeout, dst_tcp_action_on_ack_reset, dst_tcp_action_on_ack_blacklist, src_tcp_action_on_ack_timeout, src_tcp_action_on_ack_reset, src_tcp_action_on_ack_blacklist, dst_tcp_action_on_syn_timeout, dst_tcp_action_on_syn_reset, dst_tcp_action_on_syn_blacklist, src_tcp_action_on_syn_timeout, src_tcp_action_on_syn_reset, src_tcp_action_on_syn_blacklist, dst_udp_frag_pkt_rate_exceed, dst_udp_frag_src_rate_drop, dst_tcp_frag_pkt_rate_exceed, dst_tcp_frag_src_rate_drop, dst_icmp_frag_pkt_rate_exceed, dst_icmp_frag_src_rate_drop, sflow_internal_samples_packed, sflow_external_samples_packed, sflow_internal_packets_sent, sflow_external_packets_sent, dns_outbound_total_query, dns_outbound_query_malformed, dns_outbound_query_resp_chk_failed, dns_outbound_query_resp_chk_blacklisted, dns_outbound_query_resp_chk_refused_sent, dns_outbound_query_resp_chk_reset_sent, dns_outbound_query_resp_chk_no_resp_sent, dns_outbound_query_resp_size_exceed, dns_outbound_query_sess_timed_out, dst_exceed_action_tunnel, src_udp_auth_timeout, src_udp_retry_pass **counters3** **Description** 'dst_hw_drop_rule_insert': Dst Hardware Drop Rules Inserted; 'dst_hw_drop_rule_remove': Dst Hardware Drop Rules Removed; 'src_hw_drop_rule_insert': Src Hardware Drop Rules Inserted; 'src_hw_drop_rule_remove': Src Hardware Drop Rules Removed; 'prog_first_req_time_exceed': Req-Resp: First Request Time Exceed; 'prog_req_resp_time_exceed': Req-Resp: Request to Response Time Exceed; 'prog_request_len_exceed': Req-Resp: Request Length Exceed; 'prog_response_len_exceed': Req-Resp: Response Length Exceed; 'prog_resp_req_ratio_exceed': Req-Resp: Response to Request Ratio Exceed; 'prog_resp_req_time_exceed': Req-Resp: Response to Request Time Exceed; 'entry_sync_message_received': Entry Sync Message Received; 'entry_sync_message_sent': Entry Sync Message Sent; 'prog_conn_sent_exceed': Connection: Sent Exceed; 'prog_conn_rcvd_exceed': Connection: Received Exceed; 'prog_conn_time_exceed': Connection: Time Exceed; 'prog_conn_rcvd_sent_ratio_exceed': Connection: Reveived to Sent Ratio Exceed; 'prog_win_sent_exceed': Time Window: Sent Exceed; 'prog_win_rcvd_exceed': Time Window: Received Exceed; 'prog_win_rcvd_sent_ratio_exceed': Time Window: Received to Sent Exceed; 'prog_exceed_drop': Req-Resp: Violation Exceed Dropped; 'prog_exceed_bl': Req-Resp: Violation Exceed Blacklisted; 'prog_conn_exceed_drop': Connection: Violation Exceed Dropped; 'prog_conn_exceed_bl': Connection: Violation Exceed Blacklisted; 'prog_win_exceed_drop': Time Window: Violation Exceed Dropped; 'prog_win_exceed_bl': Time Window: Violation Exceed Blacklisted; 'dst_exceed_action_drop': Entry Exceed Action: Dropped; 'src_hw_drop': Src Hardware Packets Dropped; 'dst_tcp_auth_rst': TCP Auth: Reset; 'dst_src_learn_overflow': Src Dynamic Entry Count Overflow; 'tcp_fwd_sent': TCP Inbound Packets Forwarded; 'udp_fwd_sent': UDP Inbound Packets Forwarded; **Type:** string **Supported Values:** dst_hw_drop_rule_insert, dst_hw_drop_rule_remove, src_hw_drop_rule_insert, src_hw_drop_rule_remove, prog_first_req_time_exceed, prog_req_resp_time_exceed, prog_request_len_exceed, prog_response_len_exceed, prog_resp_req_ratio_exceed, prog_resp_req_time_exceed, entry_sync_message_received, entry_sync_message_sent, prog_conn_sent_exceed, prog_conn_rcvd_exceed, prog_conn_time_exceed, prog_conn_rcvd_sent_ratio_exceed, prog_win_sent_exceed, prog_win_rcvd_exceed, prog_win_rcvd_sent_ratio_exceed, prog_exceed_drop, prog_exceed_bl, prog_conn_exceed_drop, prog_conn_exceed_bl, prog_win_exceed_drop, prog_win_exceed_bl, dst_exceed_action_drop, src_hw_drop, dst_tcp_auth_rst, dst_src_learn_overflow, tcp_fwd_sent, udp_fwd_sent .. _1048_zone-list: zone-list ^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **action-list** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **advertised-enable** **Description** BGP advertised **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **capture-config-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/capture-config/{name} ` **collector** **Type:** List **continuous-learning** **Description** Continuous learning of detection **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **description** **Description** Description for this Destination Zone **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **dest-nat-ip** **Description** Destination NAT IP address **Type:** string **Format:** ipv4-address **dest-nat-ipv6** **Description** Destination NAT IPv6 address **Type:** string **Format:** ipv6-address **detection** **Description:** detection is a **JSON Block**. Please see below for :ref:`1048_zone-list_detection` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/detection ` **drop-frag-pkt** **Description** Drop fragmented packets **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **enable-top-k** **Type:** List **force-operational-mode** **Description** Force configure operational mode **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid** **Description** Global limit ID for the whole zone **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **hw-blacklist-blocking** **Description:** hw-blacklist-blocking is a **JSON Block**. Please see below for :ref:`1048_zone-list_hw-blacklist-blocking` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/hw-blacklist-blocking ` **inbound-forward-dscp** **Description** To set dscp value for inbound packets (DSCP Value for the clear traffic marking) **Type:** number **Range:** 1-63 **ip** **Type:** List **ip-proto** **Description:** ip-proto is a **JSON Block**. Please see below for :ref:`1048_zone-list_ip-proto` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto ` **ipv6** **Type:** List **is-from-wizard** **Description** Is It Created from Onbox GUI Wizard **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **log-enable** **Description** Enable logging **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **log-high-frequency** **Description** Enable High frequency logging for non-event logs per zone **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **log-periodic** **Description** Enable log periodic **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **non-restrictive** **Description** Non-restrictive mode ignores Zero Thresholds Indicators **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **operational-mode** **Description** 'idle': Idle mode; 'monitor': Monitor mode; 'learning': Learning mode; **Type:** string **Supported Values:** idle, monitor, learning **Default:** idle **outbound-forward-dscp** **Description** To set dscp value for outbound **Type:** number **Range:** 1-63 **outbound-policy** **Description:** outbound-policy is a **JSON Block**. Please see below for :ref:`1048_zone-list_outbound-policy` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/outbound-policy ` **packet-anomaly-detection** **Description:** packet-anomaly-detection is a **JSON Block**. Please see below for :ref:`1048_zone-list_packet-anomaly-detection` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/packet-anomaly-detection ` **pattern-recognition-hw-filter-enable** **Description** to enable pattern recognition hardware filter **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **pattern-recognition-sensitivity** **Description** 'high': High sensitive pattern recognition; 'medium': Medium sensitive pattern recognition; 'low': Low sensitive pattern recognition; **Type:** string **Supported Values:** high, medium, low **per-addr-glid** **Description** Global limit ID per address **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **port** **Description:** port is a **JSON Block**. Please see below for :ref:`1048_zone-list_port` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port ` **port-range-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol} ` **rate-limit** **Description** Rate limit per second per zone(Default : 1 per second) **Type:** number **Range:** 1-1000 **Default:** 1 **reporting-disabled** **Description** Disable Reporting **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **sampling-enable** **Type:** List **set-counter-base-val** **Description** Set T2 counter value of current context to specified value **Type:** number **Range:** 1-4294967295 **sflow-common** **Description** Enable sFlow counter polling packets, tcp-basic, tcp-stateful and http. WARNING: Zone level Sflow polling might induce heavy CP **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** sflow-common,sflow-packets, sflow-layer-4, sflow-tcp-basic, sflow-tcp-stateful, and sflow-http are mutually exclusive **sflow-http** **Description** Enable sFlow HTTP counter polling. WARNING: Zone level Sflow polling might induce heavy CPU load depending on the total number **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** sflow-http and sflow-common are mutually exclusive **sflow-layer-4** **Description** Enable sFlow Layer 4 counter polling. WARNING: Zone level Sflow polling might induce heavy CPU load depending on the number of **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** sflow-layer-4 and sflow-common are mutually exclusive **sflow-packets** **Description** Enable sFlow packet-level counter polling. WARNING: Zone level Sflow polling might induce heavy CPU load depending on the total **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** sflow-packets and sflow-common are mutually exclusive **sflow-tcp** **Description:** sflow-tcp is a **JSON Block**. Please see below for :ref:`1048_zone-list_sflow-tcp` **Type:** Object **source-nat-pool** **Description** Configure source NAT **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **src-port** **Description:** src-port is a **JSON Block**. Please see below for :ref:`1048_zone-list_src-port` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/src-port ` **src-port-range-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/src-port-range/{src-port-range-start}+{src-port-range-end}+{protocol} ` **telemetry-enable** **Description** Enable from-l3-peer flag for the zone, thus all the ip entries in the zone will be dynamically created/deleted based on the BGP **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **topk-destinations** **Description:** topk-destinations is a **JSON Block**. Please see below for :ref:`1048_zone-list_topk-destinations` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/topk-destinations ` **traffic-distribution-mode** **Description** 'default': Distribute traffic to one slot using default distribution mechanism; 'source-ip-based': Distribute traffic between slots, based on source ip; **Type:** string **Supported Values:** default, source-ip-based **Default:** default **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **web-gui** **Description:** web-gui is a **JSON Block**. Please see below for :ref:`1048_zone-list_web-gui` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/web-gui ` **zone-name** **Description** **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **zone-profile** **Description** Apply threshold profile **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/zone-profile ` **zone-template** **Description:** zone-template is a **JSON Block**. Please see below for :ref:`1048_zone-list_zone-template` **Type:** Object .. _1048_zone-list_outbound-policy: zone-list_outbound-policy ^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **name** **Description** Specify name of the outbound policy **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/outbound-policy ` **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_zone-list_ip: zone-list_ip ^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **expand-ip-subnet** **Description** Expand this subnet to individual IP address **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **expand-ip-subnet-mode** **Description** 'default': Default learning mechanism (Default: Dynamic); 'dynamic': Dynamic learning; 'static': Static learning; **Type:** string **Supported Values:** default, dynamic, static **Default:** default **ip-addr** **Description** Specify IP address **Type:** string **Format:** ipv4-address **subnet-ip-addr** **Description** IP Subnet **Type:** string **Format:** ipv4-cidr .. _1048_zone-list_detection: zone-list_detection ^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **notification** **Description:** notification is a **JSON Block**. Please see below for :ref:`1048_zone-list_detection_notification` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/detection/notification ` **outbound-detection** **Description:** outbound-detection is a **JSON Block**. Please see below for :ref:`1048_zone-list_detection_outbound-detection` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/detection/outbound-detection ` **packet-anomaly-detection** **Description:** packet-anomaly-detection is a **JSON Block**. Please see below for :ref:`1048_zone-list_detection_packet-anomaly-detection` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/detection/packet-anomaly-detection ` **service-discovery** **Description:** service-discovery is a **JSON Block**. Please see below for :ref:`1048_zone-list_detection_service-discovery` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/detection/service-discovery ` **settings** **Description** 'settings': settings; **Type:** string **Supported Values:** settings **toggle** **Description** 'enable': Enable detection; 'disable': Disable detection; **Type:** string **Supported Values:** enable, disable **Default:** enable **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **victim-ip-detection** **Description:** victim-ip-detection is a **JSON Block**. Please see below for :ref:`1048_zone-list_detection_victim-ip-detection` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/detection/victim-ip-detection ` .. _1048_zone-list_detection_packet-anomaly-detection: zone-list_detection_packet-anomaly-detection ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **configuration** **Description** 'configuration': configuration; **Type:** string **Supported Values:** configuration **indicator-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/detection/packet-anomaly-detection/indicator/{type} ` **toggle** **Description** 'enable': Enable packet anomaly; 'disable': Disable packet anomaly; **Type:** string **Supported Values:** enable, disable **Default:** enable **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_zone-list_detection_packet-anomaly-detection_indicator-list: zone-list_detection_packet-anomaly-detection_indicator-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **threshold-num** **Description** Threshold for each indicator **Type:** number **Range:** 1-65535 **Default:** 100 **type** **Description** 'port-zero-pkt-rate': Port Zero Packet Rate (default 100 packet per second); **Type:** string **Supported Values:** port-zero-pkt-rate **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_zone-list_detection_victim-ip-detection: zone-list_detection_victim-ip-detection ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **configuration** **Description** 'configuration': configuration; **Type:** string **Supported Values:** configuration **histogram-toggle** **Description** 'histogram-enable': Enable histogram statistics of victim IP detection; 'histogram-disable': Disable histogram statistics of victim IP detection; **Type:** string **Supported Values:** histogram-enable, histogram-disable **Default:** histogram-disable **indicator-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/detection/victim-ip-detection/indicator/{type} ` **toggle** **Description** 'enable': Enable victim IP detection; 'disable': Disable victim IP detection; **Type:** string **Supported Values:** enable, disable **Default:** disable **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_zone-list_detection_victim-ip-detection_indicator-list: zone-list_detection_victim-ip-detection_indicator-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **ip-threshold-num** **Description** Threshold for IP **Type:** number **Range:** 1-2147483647 **type** **Description** 'pkt-rate': rate of incoming packets; 'reverse-pkt-rate': rate of reverse coming packets; 'fwd-byte-rate': rate of incoming bytes; 'rev-byte-rate': rate of reverse coming bytes; **Type:** string **Supported Values:** pkt-rate, reverse-pkt-rate, fwd-byte-rate, rev-byte-rate **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_zone-list_detection_notification: zone-list_detection_notification ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **configuration** **Description** 'configuration': configuration; **Type:** string **Supported Values:** configuration **notification** **Type:** List **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_zone-list_detection_notification_notification: zone-list_detection_notification_notification ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **notification-template-name** **Description** Specify the notification template name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/notification-template ` .. _1048_zone-list_detection_service-discovery: zone-list_detection_service-discovery ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **configuration** **Description** 'configuration': configuration; **Type:** string **Supported Values:** configuration **pkt-rate-threshold** **Description** packet rate threshold for discovery (default 10 packets per second) **Type:** number **Range:** 1-255 **Default:** 10 **toggle** **Description** 'enable': Enable service discovery; 'disable': Disable service discovery; **Type:** string **Supported Values:** enable, disable **Default:** disable **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_zone-list_detection_outbound-detection: zone-list_detection_outbound-detection ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **configuration** **Description** 'configuration': configuration; **Type:** string **Supported Values:** configuration **discovery-method** **Description** 'asn': Autonomous Systems number; 'country': Country; **Type:** string **Supported Values:** asn, country **discovery-record** **Description** Maximum number of top locations **Type:** number **Range:** 1-100 **Default:** 10 **enable-top-k** **Type:** List **indicator-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/detection/outbound-detection/indicator/{type} ` **toggle** **Description** 'enable': Enable outbound detection; 'disable': Disable outbound detection; **Type:** string **Supported Values:** enable, disable **Default:** disable **topk-source-subnet** **Description:** topk-source-subnet is a **JSON Block**. Please see below for :ref:`1048_zone-list_detection_outbound-detection_topk-source-subnet` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/detection/outbound-detection/topk-source-subnet ` **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_zone-list_detection_outbound-detection_topk-source-subnet: zone-list_detection_outbound-detection_topk-source-subnet ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_zone-list_detection_outbound-detection_enable-top-k: zone-list_detection_outbound-detection_enable-top-k ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **topk-netmask** **Description** Subnet mask. The value should be less than or equal to the minimum zone subnet mask + 8 (IPv6 Subnet mask) **Type:** number **Range:** 1-128 **Default:** 128 **topk-num-records** **Description** Maximum number of records to show in topk **Type:** number **Range:** 1-100 **Default:** 20 **topk-type** **Description** 'source-subnet': Topk source subnet; **Type:** string **Supported Values:** source-subnet .. _1048_zone-list_detection_outbound-detection_indicator-list: zone-list_detection_outbound-detection_indicator-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **data-packet-size** **Description** Expected minimal data size **Type:** number **Range:** 1-1500 **tcp-window-size** **Description** Expected minimal window size **Type:** number **Range:** 1-500 **threshold-large-num** **Description** Threshold for each geo-location **Type:** number **Range:** 1-10995116277760 **threshold-num** **Description** Threshold for each geo-location **Type:** number **Range:** 1-2147483647 **threshold-str** **Description** Threshold for each geo-location (Non-zero floating point) **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters **type** **Description** 'pkt-rate': rate of incoming packets; 'pkt-drop-rate': rate of packets got dropped; 'bit-rate': rate of incoming bits; 'pkt-drop-ratio': ratio of incoming packet rate divided by the rate of dropping packets; 'bytes-to-bytes-from-ratio': ratio of incoming packet rate divided by the rate of outgoing packets; 'syn-rate': rate on incoming SYN packets; 'fin-rate': rate on incoming FIN packets; 'rst-rate': rate of incoming RST packets; 'small-window-ack-rate': rate of small window advertisement; 'empty-ack-rate': rate of incoming packets which have no payload; 'small-payload-rate': rate of short payload packet; 'syn-fin-ratio': ratio of incoming SYN packet rate divided by the rate of incoming FIN packets; **Type:** string **Supported Values:** pkt-rate, pkt-drop-rate, bit-rate, pkt-drop-ratio, bytes-to-bytes-from-ratio, syn-rate, fin-rate, rst-rate, small-window-ack-rate, empty-ack-rate, small-payload-rate, syn-fin-ratio **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_zone-list_packet-anomaly-detection: zone-list_packet-anomaly-detection ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_zone-list_ip-proto: zone-list_ip-proto ^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **proto-name-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol} ` **proto-number-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num} ` **proto-tcp-udp-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-tcp-udp/{protocol} ` .. _1048_zone-list_ip-proto_proto-number-list: zone-list_ip-proto_proto-number-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **age** **Description** Idle age for ip entry **Type:** number **Range:** 2-1023 **Default:** 5 **apply-policy-on-overflow** **Description** Enable this flag to apply overflow policy when dynamic entry count overflows **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **deny** **Description** Blacklist and Drop all incoming packets for this ip-proto **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **drop-frag-pkt** **Description** Drop fragmented packets **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dynamic-entry-overflow-policy-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}/dynamic-entry-overflow-policy/{dummy-name} ` **enable-class-list-overflow** **Description** Apply class-list overflow policy upon exceeding dynamic entry count specified for zone-port or class-list **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **enable-top-k** **Description** Enable ddos top-k source IP detection **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **enable-top-k-destination** **Description** Enable ddos top-k destination IP detection **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **esp-inspect** **Description:** esp-inspect is a **JSON Block**. Please see below for :ref:`1048_zone-list_ip-proto_proto-number-list_esp-inspect` **Type:** Object **faster-de-escalation** **Description** De-escalate faster in standalone mode **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid-cfg** **Description:** glid-cfg is a **JSON Block**. Please see below for :ref:`1048_zone-list_ip-proto_proto-number-list_glid-cfg` **Type:** Object **ip-filtering-policy** **Description** Configure IP Filter **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/ip-filtering-policy ` **ip-filtering-policy-oper** **Description:** ip-filtering-policy-oper is a **JSON Block**. Please see below for :ref:`1048_zone-list_ip-proto_proto-number-list_ip-filtering-policy-oper` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}/ip-filtering-policy-oper ` **level-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}/level/{level-num} ` **manual-mode-enable** **Description** Toggle manual mode to use fix templates **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **manual-mode-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}/manual-mode/{config} ` **max-dynamic-entry-count** **Description** Maximum count for dynamic source zone service entry **Type:** number **Range:** 0-2147483647 **port-ind** **Description:** port-ind is a **JSON Block**. Please see below for :ref:`1048_zone-list_ip-proto_proto-number-list_port-ind` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}/port-ind ` **progression-tracking** **Description:** progression-tracking is a **JSON Block**. Please see below for :ref:`1048_zone-list_ip-proto_proto-number-list_progression-tracking` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}/progression-tracking ` **protocol-num** **Description** Protocol Number **Type:** number **Range:** 0-255 **set-counter-base-val** **Description** Set T2 counter value of current context to specified value **Type:** number **Range:** 1-4294967295 **src-based-policy-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}/src-based-policy/{src-based-policy-name} ` **topk-destinations** **Description:** topk-destinations is a **JSON Block**. Please see below for :ref:`1048_zone-list_ip-proto_proto-number-list_topk-destinations` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}/topk-destinations ` **topk-dst-num-records** **Description** Maximum number of records to show in topk **Type:** number **Range:** 1-100 **Default:** 20 **topk-num-records** **Description** Maximum number of records to show in topk **Type:** number **Range:** 1-100 **Default:** 20 **topk-sources** **Description:** topk-sources is a **JSON Block**. Please see below for :ref:`1048_zone-list_ip-proto_proto-number-list_topk-sources` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}/topk-sources ` **unlimited-dynamic-entry-count** **Description** No limit for maximum dynamic src entry count **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_zone-list_ip-proto_proto-number-list_dynamic-entry-overflow-policy-list: zone-list_ip-proto_proto-number-list_dynamic-entry-overflow-policy-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **action** **Description** 'bypass': Always permit for the Source to bypass all feature & limit checks; 'deny': Blacklist incoming packets for service; **Type:** string **Supported Values:** bypass, deny **dummy-name** **Description** 'configuration': Configure overflow policy; **Type:** string **Supported Values:** configuration **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-template** **Description:** zone-template is a **JSON Block**. Please see below for :ref:`1048_zone-list_ip-proto_proto-number-list_dynamic-entry-overflow-policy-list_zone-template` **Type:** Object .. _1048_zone-list_ip-proto_proto-number-list_dynamic-entry-overflow-policy-list_zone-template: zone-list_ip-proto_proto-number-list_dynamic-entry-overflow-policy-list_zone-template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **ip-proto** **Description** DDOS ip-proto template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _1048_zone-list_ip-proto_proto-number-list_ip-filtering-policy-oper: zone-list_ip-proto_proto-number-list_ip-filtering-policy-oper ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_zone-list_ip-proto_proto-number-list_glid-cfg: zone-list_ip-proto_proto-number-list_glid-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **action-list** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **glid** **Description** Global limit ID for the whole zone **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **glid-action** **Description** 'drop': Drop packets for glid exceed (Default); 'ignore': Do nothing for glid exceed; **Type:** string **Supported Values:** drop, ignore **per-addr-glid** **Description** Global limit ID per address **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` .. _1048_zone-list_ip-proto_proto-number-list_level-list: zone-list_ip-proto_proto-number-list_level-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **glid-action** **Description** 'drop': Drop packets for glid exceed (Default); 'blacklist-src': Blacklist-src for glid exceed; 'ignore': Do nothing for glid exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **indicator-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}/level/{level-num}/indicator/{type} ` **level-num** **Description** '0': Default policy level; '1': Policy level 1; '2': Policy level 2; '3': Policy level 3; '4': Policy level 4; **Type:** string **Supported Values:** 0, 1, 2, 3, 4 **src-default-glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **src-escalation-score** **Description** Source activation score of this level **Type:** number **Range:** 1-1000000 **src-violation-actions** **Description** Violation actions apply due to source escalate from this level **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/violation-actions ` **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-escalation-score** **Description** Zone activation score of this level **Type:** number **Range:** 1-1000000 **zone-template** **Description:** zone-template is a **JSON Block**. Please see below for :ref:`1048_zone-list_ip-proto_proto-number-list_level-list_zone-template` **Type:** Object **zone-violation-actions** **Description** Violation actions apply due to zone escalate from this level **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/violation-actions ` .. _1048_zone-list_ip-proto_proto-number-list_level-list_zone-template: zone-list_ip-proto_proto-number-list_level-list_zone-template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **encap** **Description** DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **ip-proto** **Description** DDOS ip-proto template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _1048_zone-list_ip-proto_proto-number-list_level-list_indicator-list: zone-list_ip-proto_proto-number-list_level-list_indicator-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **data-packet-size** **Description** Expected minimal data size **Type:** number **Range:** 1-1500 **score** **Description** Score corresponding to the indicator **Type:** number **Range:** 1-1000000 **src-threshold-large-num** **Description** Indicator per-src threshold **Type:** number **Range:** 1-10995116277760 **src-threshold-num** **Description** Indicator per-src threshold **Type:** number **Range:** 1-2147483647 **src-threshold-str** **Description** Indicator per-src threshold (Non-zero floating point) **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters **src-violation-actions** **Description** Violation actions to use when this src indicator threshold reaches **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/violation-actions ` **type** **Description** 'pkt-rate': rate of incoming packets; 'pkt-drop-rate': rate of packets got dropped; 'bit-rate': rate of incoming bits; 'pkt-drop-ratio': ratio of incoming packet rate divided by the rate of dropping packets; 'bytes-to-bytes-from-ratio': ratio of incoming packet rate divided by the rate of outgoing packets; 'frag-rate': rate of incoming fragmented packets; 'cpu-utilization': average data CPU utilization; 'interface-utilization': outside interface utilization; **Type:** string **Supported Values:** pkt-rate, pkt-drop-rate, bit-rate, pkt-drop-ratio, bytes-to-bytes-from-ratio, frag-rate, cpu-utilization, interface-utilization **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-threshold-large-num** **Description** Threshold for the entire zone **Type:** number **Range:** 1-10995116277760 **zone-threshold-num** **Description** Threshold for the entire zone **Type:** number **Range:** 1-2147483647 **zone-threshold-str** **Description** Threshold for the entire zone (Non-zero floating point) **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters **zone-violation-actions** **Description** Violation actions to use when this zone indicator threshold reaches **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/violation-actions ` .. _1048_zone-list_ip-proto_proto-number-list_manual-mode-list: zone-list_ip-proto_proto-number-list_manual-mode-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **config** **Description** 'configuration': Manual-mode configuration; **Type:** string **Supported Values:** configuration **glid-action** **Description** 'drop': Drop packets for glid exceed (Default); 'blacklist-src': Blacklist-src for glid exceed; 'ignore': Do nothing for glid exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **src-default-glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-template** **Description:** zone-template is a **JSON Block**. Please see below for :ref:`1048_zone-list_ip-proto_proto-number-list_manual-mode-list_zone-template` **Type:** Object .. _1048_zone-list_ip-proto_proto-number-list_manual-mode-list_zone-template: zone-list_ip-proto_proto-number-list_manual-mode-list_zone-template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **encap** **Description** DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **ip-proto** **Description** DDOS ip-proto template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _1048_zone-list_ip-proto_proto-number-list_src-based-policy-list: zone-list_ip-proto_proto-number-list_src-based-policy-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **policy-class-list-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}/src-based-policy/{src-based-policy-name}/policy-class-list/{class-list-name} ` **src-based-policy-name** **Description** Specify name of the policy **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_zone-list_ip-proto_proto-number-list_src-based-policy-list_policy-class-list-list: zone-list_ip-proto_proto-number-list_src-based-policy-list_policy-class-list-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **action** **Description** 'bypass': Always permit for the Source to bypass all feature & limit checks; 'deny': Blacklist incoming packets for service; **Type:** string **Supported Values:** bypass, deny **class-list-name** **Description** Class-list name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **class-list-overflow-policy-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}/src-based-policy/{src-based-policy-name}/policy-class-list/{class-list-name}/class-list-overflow-policy/{dummy-name} ` **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **glid-action** **Description** 'drop': Drop packets for glid exceed (Default); 'blacklist-src': Blacklist-src for glid exceed; 'ignore': Do nothing for glid exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **log-enable** **Description** Enable logging **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **log-periodic** **Description** Enable log periodic **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **max-dynamic-entry-count** **Description** Maximum count for dynamic source zone service entry allowed for this class-list **Type:** number **Range:** 0-2147483647 **sampling-enable** **Type:** List **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-template** **Description:** zone-template is a **JSON Block**. Please see below for :ref:`1048_zone-list_ip-proto_proto-number-list_src-based-policy-list_policy-class-list-list_zone-template` **Type:** Object .. _1048_zone-list_ip-proto_proto-number-list_src-based-policy-list_policy-class-list-list_sampling-enable: zone-list_ip-proto_proto-number-list_src-based-policy-list_policy-class-list-list_sampling-enable ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'packet_received': Packets Received; 'packet_dropped': Packets Dropped; 'entry_learned': Entry Learned; 'entry_count_overflow': Entry Count Overflow; **Type:** string **Supported Values:** all, packet_received, packet_dropped, entry_learned, entry_count_overflow .. _1048_zone-list_ip-proto_proto-number-list_src-based-policy-list_policy-class-list-list_zone-template: zone-list_ip-proto_proto-number-list_src-based-policy-list_policy-class-list-list_zone-template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **ip-proto** **Description** DDOS ip-proto template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **logging** **Description** DDOS logging template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _1048_zone-list_ip-proto_proto-number-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list: zone-list_ip-proto_proto-number-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **action** **Description** 'bypass': Always permit for the Source to bypass all feature & limit checks; 'deny': Blacklist incoming packets for service; **Type:** string **Supported Values:** bypass, deny **dummy-name** **Description** 'configuration': Configure overflow policy for class-list; **Type:** string **Supported Values:** configuration **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **log-enable** **Description** Enable logging **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **log-periodic** **Description** Enable log periodic **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-template** **Description:** zone-template is a **JSON Block**. Please see below for :ref:`1048_zone-list_ip-proto_proto-number-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list_zone-template` **Type:** Object .. _1048_zone-list_ip-proto_proto-number-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list_zone-template: zone-list_ip-proto_proto-number-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list_zone-template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **ip-proto** **Description** DDOS ip-proto template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _1048_zone-list_ip-proto_proto-number-list_port-ind: zone-list_ip-proto_proto-number-list_port-ind ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **sampling-enable** **Type:** List **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_zone-list_ip-proto_proto-number-list_port-ind_sampling-enable: zone-list_ip-proto_proto-number-list_port-ind_sampling-enable ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'ip-proto-type': IP Protocol Type; 'ddet_ind_pkt_rate_current': Pkt Rate Current; 'ddet_ind_pkt_rate_min': Pkt Rate Min; 'ddet_ind_pkt_rate_max': Pkt Rate Max; 'ddet_ind_pkt_rate_adaptive_threshold': Pkt Rate Adaptive Threshold; 'ddet_ind_pkt_drop_rate_current': Pkt Drop Rate Current; 'ddet_ind_pkt_drop_rate_min': Pkt Drop Rate Min; 'ddet_ind_pkt_drop_rate_max': Pkt Drop Rate Max; 'ddet_ind_pkt_drop_rate_adaptive_threshold': Pkt Drop Rate Adaptive Threshold; 'ddet_ind_syn_rate_current': TCP SYN Rate Current; 'ddet_ind_syn_rate_min': TCP SYN Rate Min; 'ddet_ind_syn_rate_max': TCP SYN Rate Max; 'ddet_ind_syn_rate_adaptive_threshold': TCP SYN Rate Adaptive Threshold; 'ddet_ind_fin_rate_current': TCP FIN Rate Current; 'ddet_ind_fin_rate_min': TCP FIN Rate Min; 'ddet_ind_fin_rate_max': TCP FIN Rate Max; 'ddet_ind_fin_rate_adaptive_threshold': TCP FIN Rate Adaptive Threshold; 'ddet_ind_rst_rate_current': TCP RST Rate Current; 'ddet_ind_rst_rate_min': TCP RST Rate Min; 'ddet_ind_rst_rate_max': TCP RST Rate Max; 'ddet_ind_rst_rate_adaptive_threshold': TCP RST Rate Adaptive Threshold; 'ddet_ind_small_window_ack_rate_current': TCP Small Window ACK Rate Current; 'ddet_ind_small_window_ack_rate_min': TCP Small Window ACK Rate Min; 'ddet_ind_small_window_ack_rate_max': TCP Small Window ACK Rate Max; 'ddet_ind_small_window_ack_rate_adaptive_threshold': TCP Small Window ACK Rate Adaptive Threshold; 'ddet_ind_empty_ack_rate_current': TCP Empty ACK Rate Current; 'ddet_ind_empty_ack_rate_min': TCP Empty ACK Rate Min; 'ddet_ind_empty_ack_rate_max': TCP Empty ACK Rate Max; 'ddet_ind_empty_ack_rate_adaptive_threshold': TCP Empty ACK Rate Adaptive Threshold; 'ddet_ind_small_payload_rate_current': TCP Small Payload Rate Current; 'ddet_ind_small_payload_rate_min': TCP Small Payload Rate Min; 'ddet_ind_small_payload_rate_max': TCP Small Payload Rate Max; 'ddet_ind_small_payload_rate_adaptive_threshold': TCP Small Payload Rate Adaptive Threshold; 'ddet_ind_pkt_drop_ratio_current': Pkt Drop / Pkt Rcvd Current; 'ddet_ind_pkt_drop_ratio_min': Pkt Drop / Pkt Rcvd Min; 'ddet_ind_pkt_drop_ratio_max': Pkt Drop / Pkt Rcvd Max; 'ddet_ind_pkt_drop_ratio_adaptive_threshold': Pkt Drop / Pkt Rcvd Adaptive Threshold; 'ddet_ind_inb_per_outb_current': Bytes-to / Bytes-from Current; 'ddet_ind_inb_per_outb_min': Bytes-to / Bytes-from Min; 'ddet_ind_inb_per_outb_max': Bytes-to / Bytes-from Max; 'ddet_ind_inb_per_outb_adaptive_threshold': Bytes-to / Bytes-from Adaptive Threshold; 'ddet_ind_syn_per_fin_rate_current': TCP SYN Rate / FIN Rate Current; 'ddet_ind_syn_per_fin_rate_min': TCP SYN Rate / FIN Rate Min; 'ddet_ind_syn_per_fin_rate_max': TCP SYN Rate / FIN Rate Max; 'ddet_ind_syn_per_fin_rate_adaptive_threshold': TCP SYN Rate / FIN Rate Adaptive Threshold; 'ddet_ind_conn_miss_rate_current': TCP Session Miss Rate Current; 'ddet_ind_conn_miss_rate_min': TCP Session Miss Rate Min; 'ddet_ind_conn_miss_rate_max': TCP Session Miss Rate Max; 'ddet_ind_conn_miss_rate_adaptive_threshold': TCP Session Miss Rate Adaptive Threshold; 'ddet_ind_concurrent_conns_current': TCP/UDP Concurrent Sessions Current; 'ddet_ind_concurrent_conns_min': TCP/UDP Concurrent Sessions Min; 'ddet_ind_concurrent_conns_max': TCP/UDP Concurrent Sessions Max; 'ddet_ind_concurrent_conns_adaptive_threshold': TCP/UDP Concurrent Sessions Adaptive Threshold; 'ddet_ind_data_cpu_util_current': Data CPU Utilization Current; 'ddet_ind_data_cpu_util_min': Data CPU Utilization Min; 'ddet_ind_data_cpu_util_max': Data CPU Utilization Max; 'ddet_ind_data_cpu_util_adaptive_threshold': Data CPU Utilization Adaptive Threshold; 'ddet_ind_outside_intf_util_current': Outside Interface Utilization Current; 'ddet_ind_outside_intf_util_min': Outside Interface Utilization Min; 'ddet_ind_outside_intf_util_max': Outside Interface Utilization Max; 'ddet_ind_outside_intf_util_adaptive_threshold': Outside Interface Utilization Adaptive Threshold; 'ddet_ind_frag_rate_current': Frag Pkt Rate Current; 'ddet_ind_frag_rate_min': Frag Pkt Rate Min; 'ddet_ind_frag_rate_max': Frag Pkt Rate Max; 'ddet_ind_frag_rate_adaptive_threshold': Frag Pkt Rate Adaptive Threshold; 'ddet_ind_bit_rate_current': Bit Rate Current; 'ddet_ind_bit_rate_min': Bit Rate Min; 'ddet_ind_bit_rate_max': Bit Rate Max; 'ddet_ind_bit_rate_adaptive_threshold': Bit Rate Adaptive Threshold; **Type:** string **Supported Values:** all, ip-proto-type, ddet_ind_pkt_rate_current, ddet_ind_pkt_rate_min, ddet_ind_pkt_rate_max, ddet_ind_pkt_rate_adaptive_threshold, ddet_ind_pkt_drop_rate_current, ddet_ind_pkt_drop_rate_min, ddet_ind_pkt_drop_rate_max, ddet_ind_pkt_drop_rate_adaptive_threshold, ddet_ind_syn_rate_current, ddet_ind_syn_rate_min, ddet_ind_syn_rate_max, ddet_ind_syn_rate_adaptive_threshold, ddet_ind_fin_rate_current, ddet_ind_fin_rate_min, ddet_ind_fin_rate_max, ddet_ind_fin_rate_adaptive_threshold, ddet_ind_rst_rate_current, ddet_ind_rst_rate_min, ddet_ind_rst_rate_max, ddet_ind_rst_rate_adaptive_threshold, ddet_ind_small_window_ack_rate_current, ddet_ind_small_window_ack_rate_min, ddet_ind_small_window_ack_rate_max, ddet_ind_small_window_ack_rate_adaptive_threshold, ddet_ind_empty_ack_rate_current, ddet_ind_empty_ack_rate_min, ddet_ind_empty_ack_rate_max, ddet_ind_empty_ack_rate_adaptive_threshold, ddet_ind_small_payload_rate_current, ddet_ind_small_payload_rate_min, ddet_ind_small_payload_rate_max, ddet_ind_small_payload_rate_adaptive_threshold, ddet_ind_pkt_drop_ratio_current, ddet_ind_pkt_drop_ratio_min, ddet_ind_pkt_drop_ratio_max, ddet_ind_pkt_drop_ratio_adaptive_threshold, ddet_ind_inb_per_outb_current, ddet_ind_inb_per_outb_min, ddet_ind_inb_per_outb_max, ddet_ind_inb_per_outb_adaptive_threshold, ddet_ind_syn_per_fin_rate_current, ddet_ind_syn_per_fin_rate_min, ddet_ind_syn_per_fin_rate_max, ddet_ind_syn_per_fin_rate_adaptive_threshold, ddet_ind_conn_miss_rate_current, ddet_ind_conn_miss_rate_min, ddet_ind_conn_miss_rate_max, ddet_ind_conn_miss_rate_adaptive_threshold, ddet_ind_concurrent_conns_current, ddet_ind_concurrent_conns_min, ddet_ind_concurrent_conns_max, ddet_ind_concurrent_conns_adaptive_threshold, ddet_ind_data_cpu_util_current, ddet_ind_data_cpu_util_min, ddet_ind_data_cpu_util_max, ddet_ind_data_cpu_util_adaptive_threshold, ddet_ind_outside_intf_util_current, ddet_ind_outside_intf_util_min, ddet_ind_outside_intf_util_max, ddet_ind_outside_intf_util_adaptive_threshold, ddet_ind_frag_rate_current, ddet_ind_frag_rate_min, ddet_ind_frag_rate_max, ddet_ind_frag_rate_adaptive_threshold, ddet_ind_bit_rate_current, ddet_ind_bit_rate_min, ddet_ind_bit_rate_max, ddet_ind_bit_rate_adaptive_threshold .. _1048_zone-list_ip-proto_proto-number-list_topk-sources: zone-list_ip-proto_proto-number-list_topk-sources ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_zone-list_ip-proto_proto-number-list_esp-inspect: zone-list_ip-proto_proto-number-list_esp-inspect ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **auth-algorithm** **Description** 'AUTH_NULL': No Integrity Check Value; 'HMAC-SHA-1-96': 96 bit Auth Algo; 'HMAC-SHA-256-96': 96 bit Auth Algo; 'HMAC-SHA-256-128': 128 bit Auth Algo; 'HMAC-SHA-384-192': 192 bit Auth Algo; 'HMAC-SHA-512-256': 256 bit Auth Algo; 'HMAC-MD5-96': 96 bit Auth Algo; 'MAC-RIPEMD-160-96': 96 bit Auth Algo; **Type:** string **Supported Values:** AUTH_NULL, HMAC-SHA-1-96, HMAC-SHA-256-96, HMAC-SHA-256-128, HMAC-SHA-384-192, HMAC-SHA-512-256, HMAC-MD5-96, MAC-RIPEMD-160-96 **encrypt-algorithm** **Description** 'NULL': Null Encryption Algorithm; **Type:** string **Supported Values:** NULL **mode** **Description** 'transport': Transport mode; **Type:** string **Supported Values:** transport .. _1048_zone-list_ip-proto_proto-number-list_topk-destinations: zone-list_ip-proto_proto-number-list_topk-destinations ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_zone-list_ip-proto_proto-number-list_progression-tracking: zone-list_ip-proto_proto-number-list_progression-tracking ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_zone-list_ip-proto_proto-name-list: zone-list_ip-proto_proto-name-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **age** **Description** Idle age for ip entry **Type:** number **Range:** 2-1023 **Default:** 5 **apply-policy-on-overflow** **Description** Enable this flag to apply overflow policy when dynamic entry count overflows **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **deny** **Description** Blacklist and Drop all incoming packets for ip-proto icmp-v4 **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **drop-frag-pkt** **Description** Drop fragmented packets **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dynamic-entry-overflow-policy-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol}/dynamic-entry-overflow-policy/{dummy-name} ` **enable-class-list-overflow** **Description** Apply class-list overflow policy upon exceeding dynamic entry count specified for zone-port or class-list **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **enable-top-k** **Description** Enable ddos top-k source IP detection **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **enable-top-k-destination** **Description** Enable ddos top-k destination IP detection **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **faster-de-escalation** **Description** De-escalate faster in standalone mode **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid-cfg** **Description:** glid-cfg is a **JSON Block**. Please see below for :ref:`1048_zone-list_ip-proto_proto-name-list_glid-cfg` **Type:** Object **ip-filtering-policy** **Description** Configure IP Filter **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/ip-filtering-policy ` **ip-filtering-policy-oper** **Description:** ip-filtering-policy-oper is a **JSON Block**. Please see below for :ref:`1048_zone-list_ip-proto_proto-name-list_ip-filtering-policy-oper` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol}/ip-filtering-policy-oper ` **key-cfg** **Type:** List **level-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol}/level/{level-num} ` **manual-mode-enable** **Description** Toggle manual mode to use fix templates **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **manual-mode-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol}/manual-mode/{config} ` **max-dynamic-entry-count** **Description** Maximum count for dynamic source zone service entry **Type:** number **Range:** 0-2147483647 **port-ind** **Description:** port-ind is a **JSON Block**. Please see below for :ref:`1048_zone-list_ip-proto_proto-name-list_port-ind` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol}/port-ind ` **progression-tracking** **Description:** progression-tracking is a **JSON Block**. Please see below for :ref:`1048_zone-list_ip-proto_proto-name-list_progression-tracking` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol}/progression-tracking ` **protocol** **Description** 'icmp-v4': ip-proto icmp-v4; 'icmp-v6': ip-proto icmp-v6; 'other': ip-proto other; 'gre': ip-proto gre; 'ipv4-encap': ip-proto IPv4 Encapsulation; 'ipv6-encap': ip-proto IPv6 Encapsulation; **Type:** string **Supported Values:** icmp-v4, icmp-v6, other, gre, ipv4-encap, ipv6-encap **set-counter-base-val** **Description** Set T2 counter value of current context to specified value **Type:** number **Range:** 1-4294967295 **src-based-policy-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol}/src-based-policy/{src-based-policy-name} ` **topk-destinations** **Description:** topk-destinations is a **JSON Block**. Please see below for :ref:`1048_zone-list_ip-proto_proto-name-list_topk-destinations` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol}/topk-destinations ` **topk-dst-num-records** **Description** Maximum number of records to show in topk **Type:** number **Range:** 1-100 **Default:** 20 **topk-num-records** **Description** Maximum number of records to show in topk **Type:** number **Range:** 1-100 **Default:** 20 **topk-sources** **Description:** topk-sources is a **JSON Block**. Please see below for :ref:`1048_zone-list_ip-proto_proto-name-list_topk-sources` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol}/topk-sources ` **tunnel-decap** **Description** Enable tunnel decapsulation **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **tunnel-rate-limit** **Description** Enable DDOS-protection on tunnel traffic **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **unlimited-dynamic-entry-count** **Description** No limit for maximum dynamic src entry count **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_zone-list_ip-proto_proto-name-list_dynamic-entry-overflow-policy-list: zone-list_ip-proto_proto-name-list_dynamic-entry-overflow-policy-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **action** **Description** 'bypass': Always permit for the Source to bypass all feature & limit checks; 'deny': Blacklist incoming packets for service; **Type:** string **Supported Values:** bypass, deny **dummy-name** **Description** 'configuration': Configure overflow policy; **Type:** string **Supported Values:** configuration **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-template** **Description:** zone-template is a **JSON Block**. Please see below for :ref:`1048_zone-list_ip-proto_proto-name-list_dynamic-entry-overflow-policy-list_zone-template` **Type:** Object .. _1048_zone-list_ip-proto_proto-name-list_dynamic-entry-overflow-policy-list_zone-template: zone-list_ip-proto_proto-name-list_dynamic-entry-overflow-policy-list_zone-template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **encap** **Description** DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **icmp-v4** **Description** DDOS icmp-v4 template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **icmp-v6** **Description** DDOS icmp-v6 template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **ip-proto** **Description** DDOS ip-proto template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _1048_zone-list_ip-proto_proto-name-list_ip-filtering-policy-oper: zone-list_ip-proto_proto-name-list_ip-filtering-policy-oper ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_zone-list_ip-proto_proto-name-list_key-cfg: zone-list_ip-proto_proto-name-list_key-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **key** **Description** Only decapsulate GRE packet with this key (Hexadecimal 0x0-0xFFFFFFFF,decimal 0-4294967295) **Type:** string **Maximum Length:** 10 characters **Maximum Length:** 1 characters .. _1048_zone-list_ip-proto_proto-name-list_glid-cfg: zone-list_ip-proto_proto-name-list_glid-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **action-list** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **glid** **Description** Global limit ID for the whole zone **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **glid-action** **Description** 'drop': Drop packets for glid exceed (Default); 'ignore': Do nothing for glid exceed; **Type:** string **Supported Values:** drop, ignore **per-addr-glid** **Description** Global limit ID per address **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` .. _1048_zone-list_ip-proto_proto-name-list_level-list: zone-list_ip-proto_proto-name-list_level-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **glid-action** **Description** 'drop': Drop packets for glid exceed (Default); 'blacklist-src': Blacklist-src for glid exceed; 'ignore': Do nothing for glid exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **indicator-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol}/level/{level-num}/indicator/{type} ` **level-num** **Description** '0': Default policy level; '1': Policy level 1; '2': Policy level 2; '3': Policy level 3; '4': Policy level 4; **Type:** string **Supported Values:** 0, 1, 2, 3, 4 **src-default-glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **src-escalation-score** **Description** Source activation score of this level **Type:** number **Range:** 1-1000000 **src-violation-actions** **Description** Violation actions apply due to source escalate from this level **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/violation-actions ` **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-escalation-score** **Description** Zone activation score of this level **Type:** number **Range:** 1-1000000 **zone-template** **Description:** zone-template is a **JSON Block**. Please see below for :ref:`1048_zone-list_ip-proto_proto-name-list_level-list_zone-template` **Type:** Object **zone-violation-actions** **Description** Violation actions apply due to zone escalate from this level **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/violation-actions ` .. _1048_zone-list_ip-proto_proto-name-list_level-list_zone-template: zone-list_ip-proto_proto-name-list_level-list_zone-template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **encap** **Description** DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **icmp-v4** **Description** DDOS icmp-v4 template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **icmp-v6** **Description** DDOS icmp-v6 template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **ip-proto** **Description** DDOS ip-proto template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _1048_zone-list_ip-proto_proto-name-list_level-list_indicator-list: zone-list_ip-proto_proto-name-list_level-list_indicator-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **data-packet-size** **Description** Expected minimal data size **Type:** number **Range:** 1-1500 **score** **Description** Score corresponding to the indicator **Type:** number **Range:** 1-1000000 **src-threshold-large-num** **Description** Indicator per-src threshold **Type:** number **Range:** 1-10995116277760 **src-threshold-num** **Description** Indicator per-src threshold **Type:** number **Range:** 1-2147483647 **src-threshold-str** **Description** Indicator per-src threshold (Non-zero floating point) **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters **src-violation-actions** **Description** Violation actions to use when this src indicator threshold reaches **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/violation-actions ` **type** **Description** 'pkt-rate': rate of incoming packets; 'pkt-drop-rate': rate of packets got dropped; 'bit-rate': rate of incoming bits; 'pkt-drop-ratio': ratio of incoming packet rate divided by the rate of dropping packets; 'bytes-to-bytes-from-ratio': ratio of incoming packet rate divided by the rate of outgoing packets; 'frag-rate': rate of incoming fragmented packets; 'cpu-utilization': average data CPU utilization; 'interface-utilization': outside interface utilization; **Type:** string **Supported Values:** pkt-rate, pkt-drop-rate, bit-rate, pkt-drop-ratio, bytes-to-bytes-from-ratio, frag-rate, cpu-utilization, interface-utilization **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-threshold-large-num** **Description** Threshold for the entire zone **Type:** number **Range:** 1-10995116277760 **zone-threshold-num** **Description** Threshold for the entire zone **Type:** number **Range:** 1-2147483647 **zone-threshold-str** **Description** Threshold for the entire zone (Non-zero floating point) **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters **zone-violation-actions** **Description** Violation actions to use when this zone indicator threshold reaches **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/violation-actions ` .. _1048_zone-list_ip-proto_proto-name-list_manual-mode-list: zone-list_ip-proto_proto-name-list_manual-mode-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **config** **Description** 'configuration': Manual-mode configuration; **Type:** string **Supported Values:** configuration **glid-action** **Description** 'drop': Drop packets for glid exceed (Default); 'blacklist-src': Blacklist-src for glid exceed; 'ignore': Do nothing for glid exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **src-default-glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-template** **Description:** zone-template is a **JSON Block**. Please see below for :ref:`1048_zone-list_ip-proto_proto-name-list_manual-mode-list_zone-template` **Type:** Object .. _1048_zone-list_ip-proto_proto-name-list_manual-mode-list_zone-template: zone-list_ip-proto_proto-name-list_manual-mode-list_zone-template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **encap** **Description** DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **icmp-v4** **Description** DDOS icmp-v4 template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **icmp-v6** **Description** DDOS icmp-v6 template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **ip-proto** **Description** DDOS ip-proto template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _1048_zone-list_ip-proto_proto-name-list_src-based-policy-list: zone-list_ip-proto_proto-name-list_src-based-policy-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **policy-class-list-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol}/src-based-policy/{src-based-policy-name}/policy-class-list/{class-list-name} ` **src-based-policy-name** **Description** Specify name of the policy **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_zone-list_ip-proto_proto-name-list_src-based-policy-list_policy-class-list-list: zone-list_ip-proto_proto-name-list_src-based-policy-list_policy-class-list-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **action** **Description** 'bypass': Always permit for the Source to bypass all feature & limit checks; 'deny': Blacklist incoming packets for service; **Type:** string **Supported Values:** bypass, deny **class-list-name** **Description** Class-list name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **class-list-overflow-policy-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol}/src-based-policy/{src-based-policy-name}/policy-class-list/{class-list-name}/class-list-overflow-policy/{dummy-name} ` **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **glid-action** **Description** 'drop': Drop packets for glid exceed (Default); 'blacklist-src': Blacklist-src for glid exceed; 'ignore': Do nothing for glid exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **log-enable** **Description** Enable logging **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **log-periodic** **Description** Enable log periodic **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **max-dynamic-entry-count** **Description** Maximum count for dynamic source zone service entry allowed for this class-list **Type:** number **Range:** 0-2147483647 **sampling-enable** **Type:** List **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-template** **Description:** zone-template is a **JSON Block**. Please see below for :ref:`1048_zone-list_ip-proto_proto-name-list_src-based-policy-list_policy-class-list-list_zone-template` **Type:** Object .. _1048_zone-list_ip-proto_proto-name-list_src-based-policy-list_policy-class-list-list_sampling-enable: zone-list_ip-proto_proto-name-list_src-based-policy-list_policy-class-list-list_sampling-enable ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'packet_received': Packets Received; 'packet_dropped': Packets Dropped; 'entry_learned': Entry Learned; 'entry_count_overflow': Entry Count Overflow; **Type:** string **Supported Values:** all, packet_received, packet_dropped, entry_learned, entry_count_overflow .. _1048_zone-list_ip-proto_proto-name-list_src-based-policy-list_policy-class-list-list_zone-template: zone-list_ip-proto_proto-name-list_src-based-policy-list_policy-class-list-list_zone-template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **encap** **Description** DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **icmp-v4** **Description** DDOS icmp-v4 template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **icmp-v6** **Description** DDOS icmp-v6 template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **ip-proto** **Description** DDOS ip-proto template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **logging** **Description** DDOS logging template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _1048_zone-list_ip-proto_proto-name-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list: zone-list_ip-proto_proto-name-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **action** **Description** 'bypass': Always permit for the Source to bypass all feature & limit checks; 'deny': Blacklist incoming packets for service; **Type:** string **Supported Values:** bypass, deny **dummy-name** **Description** 'configuration': Configure overflow policy for class-list; **Type:** string **Supported Values:** configuration **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **log-enable** **Description** Enable logging **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **log-periodic** **Description** Enable log periodic **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-template** **Description:** zone-template is a **JSON Block**. Please see below for :ref:`1048_zone-list_ip-proto_proto-name-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list_zone-template` **Type:** Object .. _1048_zone-list_ip-proto_proto-name-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list_zone-template: zone-list_ip-proto_proto-name-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list_zone-template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **encap** **Description** DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **icmp-v4** **Description** DDOS icmp-v4 template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **icmp-v6** **Description** DDOS icmp-v6 template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **ip-proto** **Description** DDOS ip-proto template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _1048_zone-list_ip-proto_proto-name-list_port-ind: zone-list_ip-proto_proto-name-list_port-ind ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **sampling-enable** **Type:** List **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_zone-list_ip-proto_proto-name-list_port-ind_sampling-enable: zone-list_ip-proto_proto-name-list_port-ind_sampling-enable ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'ip-proto-type': IP Protocol Type; 'ddet_ind_pkt_rate_current': Pkt Rate Current; 'ddet_ind_pkt_rate_min': Pkt Rate Min; 'ddet_ind_pkt_rate_max': Pkt Rate Max; 'ddet_ind_pkt_rate_adaptive_threshold': Pkt Rate Adaptive Threshold; 'ddet_ind_pkt_drop_rate_current': Pkt Drop Rate Current; 'ddet_ind_pkt_drop_rate_min': Pkt Drop Rate Min; 'ddet_ind_pkt_drop_rate_max': Pkt Drop Rate Max; 'ddet_ind_pkt_drop_rate_adaptive_threshold': Pkt Drop Rate Adaptive Threshold; 'ddet_ind_syn_rate_current': TCP SYN Rate Current; 'ddet_ind_syn_rate_min': TCP SYN Rate Min; 'ddet_ind_syn_rate_max': TCP SYN Rate Max; 'ddet_ind_syn_rate_adaptive_threshold': TCP SYN Rate Adaptive Threshold; 'ddet_ind_fin_rate_current': TCP FIN Rate Current; 'ddet_ind_fin_rate_min': TCP FIN Rate Min; 'ddet_ind_fin_rate_max': TCP FIN Rate Max; 'ddet_ind_fin_rate_adaptive_threshold': TCP FIN Rate Adaptive Threshold; 'ddet_ind_rst_rate_current': TCP RST Rate Current; 'ddet_ind_rst_rate_min': TCP RST Rate Min; 'ddet_ind_rst_rate_max': TCP RST Rate Max; 'ddet_ind_rst_rate_adaptive_threshold': TCP RST Rate Adaptive Threshold; 'ddet_ind_small_window_ack_rate_current': TCP Small Window ACK Rate Current; 'ddet_ind_small_window_ack_rate_min': TCP Small Window ACK Rate Min; 'ddet_ind_small_window_ack_rate_max': TCP Small Window ACK Rate Max; 'ddet_ind_small_window_ack_rate_adaptive_threshold': TCP Small Window ACK Rate Adaptive Threshold; 'ddet_ind_empty_ack_rate_current': TCP Empty ACK Rate Current; 'ddet_ind_empty_ack_rate_min': TCP Empty ACK Rate Min; 'ddet_ind_empty_ack_rate_max': TCP Empty ACK Rate Max; 'ddet_ind_empty_ack_rate_adaptive_threshold': TCP Empty ACK Rate Adaptive Threshold; 'ddet_ind_small_payload_rate_current': TCP Small Payload Rate Current; 'ddet_ind_small_payload_rate_min': TCP Small Payload Rate Min; 'ddet_ind_small_payload_rate_max': TCP Small Payload Rate Max; 'ddet_ind_small_payload_rate_adaptive_threshold': TCP Small Payload Rate Adaptive Threshold; 'ddet_ind_pkt_drop_ratio_current': Pkt Drop / Pkt Rcvd Current; 'ddet_ind_pkt_drop_ratio_min': Pkt Drop / Pkt Rcvd Min; 'ddet_ind_pkt_drop_ratio_max': Pkt Drop / Pkt Rcvd Max; 'ddet_ind_pkt_drop_ratio_adaptive_threshold': Pkt Drop / Pkt Rcvd Adaptive Threshold; 'ddet_ind_inb_per_outb_current': Bytes-to / Bytes-from Current; 'ddet_ind_inb_per_outb_min': Bytes-to / Bytes-from Min; 'ddet_ind_inb_per_outb_max': Bytes-to / Bytes-from Max; 'ddet_ind_inb_per_outb_adaptive_threshold': Bytes-to / Bytes-from Adaptive Threshold; 'ddet_ind_syn_per_fin_rate_current': TCP SYN Rate / FIN Rate Current; 'ddet_ind_syn_per_fin_rate_min': TCP SYN Rate / FIN Rate Min; 'ddet_ind_syn_per_fin_rate_max': TCP SYN Rate / FIN Rate Max; 'ddet_ind_syn_per_fin_rate_adaptive_threshold': TCP SYN Rate / FIN Rate Adaptive Threshold; 'ddet_ind_conn_miss_rate_current': TCP Session Miss Rate Current; 'ddet_ind_conn_miss_rate_min': TCP Session Miss Rate Min; 'ddet_ind_conn_miss_rate_max': TCP Session Miss Rate Max; 'ddet_ind_conn_miss_rate_adaptive_threshold': TCP Session Miss Rate Adaptive Threshold; 'ddet_ind_concurrent_conns_current': TCP/UDP Concurrent Sessions Current; 'ddet_ind_concurrent_conns_min': TCP/UDP Concurrent Sessions Min; 'ddet_ind_concurrent_conns_max': TCP/UDP Concurrent Sessions Max; 'ddet_ind_concurrent_conns_adaptive_threshold': TCP/UDP Concurrent Sessions Adaptive Threshold; 'ddet_ind_data_cpu_util_current': Data CPU Utilization Current; 'ddet_ind_data_cpu_util_min': Data CPU Utilization Min; 'ddet_ind_data_cpu_util_max': Data CPU Utilization Max; 'ddet_ind_data_cpu_util_adaptive_threshold': Data CPU Utilization Adaptive Threshold; 'ddet_ind_outside_intf_util_current': Outside Interface Utilization Current; 'ddet_ind_outside_intf_util_min': Outside Interface Utilization Min; 'ddet_ind_outside_intf_util_max': Outside Interface Utilization Max; 'ddet_ind_outside_intf_util_adaptive_threshold': Outside Interface Utilization Adaptive Threshold; 'ddet_ind_frag_rate_current': Frag Pkt Rate Current; 'ddet_ind_frag_rate_min': Frag Pkt Rate Min; 'ddet_ind_frag_rate_max': Frag Pkt Rate Max; 'ddet_ind_frag_rate_adaptive_threshold': Frag Pkt Rate Adaptive Threshold; 'ddet_ind_bit_rate_current': Bit Rate Current; 'ddet_ind_bit_rate_min': Bit Rate Min; 'ddet_ind_bit_rate_max': Bit Rate Max; 'ddet_ind_bit_rate_adaptive_threshold': Bit Rate Adaptive Threshold; **Type:** string **Supported Values:** all, ip-proto-type, ddet_ind_pkt_rate_current, ddet_ind_pkt_rate_min, ddet_ind_pkt_rate_max, ddet_ind_pkt_rate_adaptive_threshold, ddet_ind_pkt_drop_rate_current, ddet_ind_pkt_drop_rate_min, ddet_ind_pkt_drop_rate_max, ddet_ind_pkt_drop_rate_adaptive_threshold, ddet_ind_syn_rate_current, ddet_ind_syn_rate_min, ddet_ind_syn_rate_max, ddet_ind_syn_rate_adaptive_threshold, ddet_ind_fin_rate_current, ddet_ind_fin_rate_min, ddet_ind_fin_rate_max, ddet_ind_fin_rate_adaptive_threshold, ddet_ind_rst_rate_current, ddet_ind_rst_rate_min, ddet_ind_rst_rate_max, ddet_ind_rst_rate_adaptive_threshold, ddet_ind_small_window_ack_rate_current, ddet_ind_small_window_ack_rate_min, ddet_ind_small_window_ack_rate_max, ddet_ind_small_window_ack_rate_adaptive_threshold, ddet_ind_empty_ack_rate_current, ddet_ind_empty_ack_rate_min, ddet_ind_empty_ack_rate_max, ddet_ind_empty_ack_rate_adaptive_threshold, ddet_ind_small_payload_rate_current, ddet_ind_small_payload_rate_min, ddet_ind_small_payload_rate_max, ddet_ind_small_payload_rate_adaptive_threshold, ddet_ind_pkt_drop_ratio_current, ddet_ind_pkt_drop_ratio_min, ddet_ind_pkt_drop_ratio_max, ddet_ind_pkt_drop_ratio_adaptive_threshold, ddet_ind_inb_per_outb_current, ddet_ind_inb_per_outb_min, ddet_ind_inb_per_outb_max, ddet_ind_inb_per_outb_adaptive_threshold, ddet_ind_syn_per_fin_rate_current, ddet_ind_syn_per_fin_rate_min, ddet_ind_syn_per_fin_rate_max, ddet_ind_syn_per_fin_rate_adaptive_threshold, ddet_ind_conn_miss_rate_current, ddet_ind_conn_miss_rate_min, ddet_ind_conn_miss_rate_max, ddet_ind_conn_miss_rate_adaptive_threshold, ddet_ind_concurrent_conns_current, ddet_ind_concurrent_conns_min, ddet_ind_concurrent_conns_max, ddet_ind_concurrent_conns_adaptive_threshold, ddet_ind_data_cpu_util_current, ddet_ind_data_cpu_util_min, ddet_ind_data_cpu_util_max, ddet_ind_data_cpu_util_adaptive_threshold, ddet_ind_outside_intf_util_current, ddet_ind_outside_intf_util_min, ddet_ind_outside_intf_util_max, ddet_ind_outside_intf_util_adaptive_threshold, ddet_ind_frag_rate_current, ddet_ind_frag_rate_min, ddet_ind_frag_rate_max, ddet_ind_frag_rate_adaptive_threshold, ddet_ind_bit_rate_current, ddet_ind_bit_rate_min, ddet_ind_bit_rate_max, ddet_ind_bit_rate_adaptive_threshold .. _1048_zone-list_ip-proto_proto-name-list_topk-sources: zone-list_ip-proto_proto-name-list_topk-sources ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_zone-list_ip-proto_proto-name-list_topk-destinations: zone-list_ip-proto_proto-name-list_topk-destinations ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_zone-list_ip-proto_proto-name-list_progression-tracking: zone-list_ip-proto_proto-name-list_progression-tracking ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_zone-list_ip-proto_proto-tcp-udp-list: zone-list_ip-proto_proto-tcp-udp-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **deny** **Description** Blacklist and Drop all incoming packets for this ip-proto **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **drop-frag-pkt** **Description** Drop fragmented packets **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid-cfg** **Description:** glid-cfg is a **JSON Block**. Please see below for :ref:`1048_zone-list_ip-proto_proto-tcp-udp-list_glid-cfg` **Type:** Object **ip-filtering-policy** **Description** Configure IP Filter **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/ip-filtering-policy ` **ip-filtering-policy-oper** **Description:** ip-filtering-policy-oper is a **JSON Block**. Please see below for :ref:`1048_zone-list_ip-proto_proto-tcp-udp-list_ip-filtering-policy-oper` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-tcp-udp/{protocol}/ip-filtering-policy-oper ` **protocol** **Description** 'tcp': ip-proto tcp; 'udp': ip-proto udp; **Type:** string **Supported Values:** tcp, udp **set-counter-base-val** **Description** Set T2 counter value of current context to specified value **Type:** number **Range:** 1-4294967295 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_zone-list_ip-proto_proto-tcp-udp-list_ip-filtering-policy-oper: zone-list_ip-proto_proto-tcp-udp-list_ip-filtering-policy-oper ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_zone-list_ip-proto_proto-tcp-udp-list_glid-cfg: zone-list_ip-proto_proto-tcp-udp-list_glid-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **action-list** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **glid** **Description** Global limit ID for the whole zone **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **glid-action** **Description** 'drop': Drop packets for glid exceed (Default); 'ignore': Do nothing for glid exceed; **Type:** string **Supported Values:** drop, ignore **per-addr-glid** **Description** Global limit ID per address **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` .. _1048_zone-list_port-range-list: zone-list_port-range-list ^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **age** **Description** Idle age for ip entry **Type:** number **Range:** 2-1023 **Default:** 5 **apply-policy-on-overflow** **Description** Enable this flag to apply overflow policy when dynamic entry count overflows **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **default-action-list** **Description** Configure default-action-list **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **deny** **Description** Blacklist and Drop all incoming packets for protocol **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dynamic-entry-overflow-policy-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/dynamic-entry-overflow-policy/{dummy-name} ` **enable-class-list-overflow** **Description** Apply class-list overflow policy upon exceeding dynamic entry count specified under zone port or each class-list **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **enable-top-k** **Description** Enable ddos top-k source IP detection **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **enable-top-k-destination** **Description** Enable ddos top-k destination IP detection **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **faster-de-escalation** **Description** De-escalate faster in standalone mode **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid-cfg** **Description:** glid-cfg is a **JSON Block**. Please see below for :ref:`1048_zone-list_port-range-list_glid-cfg` **Type:** Object **ip-filtering-policy** **Description** Configure IP Filter **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/ip-filtering-policy ` **ip-filtering-policy-oper** **Description:** ip-filtering-policy-oper is a **JSON Block**. Please see below for :ref:`1048_zone-list_port-range-list_ip-filtering-policy-oper` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/ip-filtering-policy-oper ` **ips** **Description:** ips is a **JSON Block**. Please see below for :ref:`1048_zone-list_port-range-list_ips` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/ips ` **level-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/level/{level-num} ` **manual-mode-enable** **Description** Toggle manual mode to use fix templates **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **manual-mode-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/manual-mode/{config} ` **max-dynamic-entry-count** **Description** Maximum count for dynamic source zone service entry **Type:** number **Range:** 0-2147483647 **outbound-only** **Description** Only allow outbound traffic **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **pattern-recognition** **Description:** pattern-recognition is a **JSON Block**. Please see below for :ref:`1048_zone-list_port-range-list_pattern-recognition` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/pattern-recognition ` **pattern-recognition-pu-details** **Description:** pattern-recognition-pu-details is a **JSON Block**. Please see below for :ref:`1048_zone-list_port-range-list_pattern-recognition-pu-details` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/pattern-recognition-pu-details ` **port-ind** **Description:** port-ind is a **JSON Block**. Please see below for :ref:`1048_zone-list_port-range-list_port-ind` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/port-ind ` **port-range-end** **Description** Port-Range End Port Number **Type:** number **Range:** 1-65535 **port-range-start** **Description** Port-Range Start Port Number **Type:** number **Range:** 1-65535 **progression-tracking** **Description:** progression-tracking is a **JSON Block**. Please see below for :ref:`1048_zone-list_port-range-list_progression-tracking` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/progression-tracking ` **protocol** **Description** 'dns-tcp': DNS-TCP Port; 'dns-udp': DNS-UDP Port; 'http': HTTP Port; 'tcp': TCP Port; 'udp': UDP Port; 'ssl-l4': SSL-L4 Port; 'sip-udp': SIP-UDP Port; 'sip-tcp': SIP-TCP Port; 'quic': QUIC Port; **Type:** string **Supported Values:** dns-tcp, dns-udp, http, tcp, udp, ssl-l4, sip-udp, sip-tcp, quic **set-counter-base-val** **Description** Set T2 counter value of current context to specified value **Type:** number **Range:** 1-4294967295 **sflow-common** **Description** Enable all sFlow polling options under this zone port **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** sflow-common,sflow-packets, sflow-tcp-basic, sflow-tcp-stateful, and sflow-http are mutually exclusive **sflow-http** **Description** Enable sFlow HTTP counter polling **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** sflow-http and sflow-common are mutually exclusive **sflow-packets** **Description** Enable sFlow packet-level counter polling **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** sflow-packets and sflow-common are mutually exclusive **sflow-tcp** **Description:** sflow-tcp is a **JSON Block**. Please see below for :ref:`1048_zone-list_port-range-list_sflow-tcp` **Type:** Object **src-based-policy-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/src-based-policy/{src-based-policy-name} ` **stateful** **Description** Enable stateful tracking of sessions (Default is stateless) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **topk-destinations** **Description:** topk-destinations is a **JSON Block**. Please see below for :ref:`1048_zone-list_port-range-list_topk-destinations` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/topk-destinations ` **topk-dst-num-records** **Description** Maximum number of records to show in topk **Type:** number **Range:** 1-100 **Default:** 20 **topk-num-records** **Description** Maximum number of records to show in topk **Type:** number **Range:** 1-100 **Default:** 20 **topk-sources** **Description:** topk-sources is a **JSON Block**. Please see below for :ref:`1048_zone-list_port-range-list_topk-sources` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/topk-sources ` **unlimited-dynamic-entry-count** **Description** No limit for maximum dynamic src entry count **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_zone-list_port-range-list_pattern-recognition: zone-list_port-range-list_pattern-recognition ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **algorithm** **Description** 'heuristic': heuristic algorithm; **Type:** string **Supported Values:** heuristic **app-payload-offset** **Description** Set offset of the payload, default 0 **Type:** number **Range:** 0-1500 **capture-traffic** **Description** 'all': Capture all packets; 'dropped': Capture dropped packets (default); **Type:** string **Supported Values:** all, dropped **filter-inactive-threshold** **Description** Extracted filter inactive threshold **Type:** number **Range:** 5-255 **filter-threshold** **Description** Extracted filter threshold **Type:** number **Range:** 0-100 **mode** **Description** 'capture-never-expire': War-time capture without rate exceeding and never expires; 'manual': Manual mode; **Type:** string **Supported Values:** capture-never-expire, manual **sensitivity** **Description** 'high': High Sensitivity; 'medium': Medium Sensitivity; 'low': Low Sensitivity; **Type:** string **Supported Values:** high, medium, low **triggered-by** **Description** 'zone-escalation': Zone escalation trigger pattern recognition; 'packet-rate-exceeds': Packet rate limit exceeds trigger pattern recognition (default); **Type:** string **Supported Values:** zone-escalation, packet-rate-exceeds **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_zone-list_port-range-list_progression-tracking: zone-list_port-range-list_progression-tracking ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_zone-list_port-range-list_ips: zone-list_port-range-list_ips ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **sampling-enable** **Type:** List **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_zone-list_port-range-list_ips_sampling-enable: zone-list_port-range-list_ips_sampling-enable ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'ips_matched_total': IPS Matched Total; 'ips_matched_action_pass': IPS Matched Action Pass; 'ips_matched_action_drop': IPS Matched Action Drop; 'ips_matched_action_blacklist': IPS Matched Action Blacklist; 'ips_matched_severity_high': IPS Matched Severity High; 'ips_matched_severity_medium': IPS Matched Severity Medium; 'ips_matched_severity_low': IPS Matched Severity Low; 'src_ips_matched_action_pass': Src IPS Matched Action Pass; 'src_ips_matched_action_drop': Src IPS Matched Action Drop; 'src_ips_matched_action_blacklist': Src IPS Matched Action Blacklist; 'src_ips_matched_severity_high': Src IPS Matched Severity High; 'src_ips_matched_severity_medium': Src IPS Matched Severity Medium; 'src_ips_matched_severity_low': Src IPS Matched Severity Low; **Type:** string **Supported Values:** all, ips_matched_total, ips_matched_action_pass, ips_matched_action_drop, ips_matched_action_blacklist, ips_matched_severity_high, ips_matched_severity_medium, ips_matched_severity_low, src_ips_matched_action_pass, src_ips_matched_action_drop, src_ips_matched_action_blacklist, src_ips_matched_severity_high, src_ips_matched_severity_medium, src_ips_matched_severity_low .. _1048_zone-list_port-range-list_glid-cfg: zone-list_port-range-list_glid-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **action-list** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **glid** **Description** Global limit ID for the whole zone **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **glid-action** **Description** 'drop': Drop packets for glid exceed (Default if default-action-list is not configured); 'ignore': Do nothing for glid exceed; **Type:** string **Supported Values:** drop, ignore **per-addr-glid** **Description** Global limit ID per address **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` .. _1048_zone-list_port-range-list_level-list: zone-list_port-range-list_level-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **apply-extracted-filters** **Description** Apply extracted filters from this level **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **close-sessions-for-unauth-sources** **Description** Close session for unauthenticated sources **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid-action** **Description** 'drop': Drop packets for glid exceed (Default); 'blacklist-src': Blacklist-src for glid exceed; 'ignore': Do nothing for glid exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **indicator-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/level/{level-num}/indicator/{type} ` **level-num** **Description** '0': Default policy level; '1': Policy level 1; '2': Policy level 2; '3': Policy level 3; '4': Policy level 4; **Type:** string **Supported Values:** 0, 1, 2, 3, 4 **src-default-glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **src-escalation-score** **Description** Source activation score of this level **Type:** number **Range:** 1-1000000 **src-violation-actions** **Description** Violation actions apply due to source escalate from this level **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/violation-actions ` **start-pattern-recognition** **Description** Start pattern recognition from this level **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-escalation-score** **Description** Zone activation score of this level **Type:** number **Range:** 1-1000000 **zone-template** **Description:** zone-template is a **JSON Block**. Please see below for :ref:`1048_zone-list_port-range-list_level-list_zone-template` **Type:** Object **zone-violation-actions** **Description** Violation actions apply due to zone escalate from this level **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/violation-actions ` .. _1048_zone-list_port-range-list_level-list_zone-template: zone-list_port-range-list_level-list_zone-template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dns** **Description** DDOS dns template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **encap** **Description** DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **http** **Description** DDOS http template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **quic** **Description** DDOS quic template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **sip** **Description** DDOS sip template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **ssl-l4** **Description** DDOS ssl-l4 template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **tcp** **Description** DDOS tcp template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **udp** **Description** DDOS udp template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _1048_zone-list_port-range-list_level-list_indicator-list: zone-list_port-range-list_level-list_indicator-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **data-packet-size** **Description** Expected minimal data size **Type:** number **Range:** 1-1500 **score** **Description** Score corresponding to the indicator **Type:** number **Range:** 1-1000000 **src-threshold-large-num** **Description** Indicator per-src threshold **Type:** number **Range:** 1-10995116277760 **src-threshold-num** **Description** Indicator per-src threshold **Type:** number **Range:** 1-2147483647 **src-threshold-str** **Description** Indicator per-src threshold (Non-zero floating point) **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters **src-violation-actions** **Description** Violation actions to use when this src indicator threshold reaches **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/violation-actions ` **tcp-window-size** **Description** Expected minimal window size **Type:** number **Range:** 1-500 **type** **Description** 'pkt-rate': rate of incoming packets; 'pkt-drop-rate': rate of packets got dropped; 'bit-rate': rate of incoming bits; 'pkt-drop-ratio': ratio of incoming packet rate divided by the rate of dropping packets; 'bytes-to-bytes-from-ratio': ratio of incoming packet rate divided by the rate of outgoing packets; 'concurrent-conns': number of concurrent connections; 'conn-miss-rate': rate of incoming packets for which no previously established connection exists; 'syn-rate': rate on incoming SYN packets; 'fin-rate': rate on incoming FIN packets; 'rst-rate': rate of incoming RST packets; 'small-window-ack-rate': rate of small window advertisement; 'empty-ack-rate': rate of incoming packets which have no payload; 'small-payload-rate': rate of short payload packet; 'syn-fin-ratio': ratio of incoming SYN packet rate divided by the rate of incoming FIN packets; 'cpu-utilization': average data CPU utilization; 'interface-utilization': outside interface utilization; **Type:** string **Supported Values:** pkt-rate, pkt-drop-rate, bit-rate, pkt-drop-ratio, bytes-to-bytes-from-ratio, concurrent-conns, conn-miss-rate, syn-rate, fin-rate, rst-rate, small-window-ack-rate, empty-ack-rate, small-payload-rate, syn-fin-ratio, cpu-utilization, interface-utilization **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-threshold-large-num** **Description** Threshold for the entire zone **Type:** number **Range:** 1-10995116277760 **zone-threshold-num** **Description** Threshold for the entire zone **Type:** number **Range:** 1-2147483647 **zone-threshold-str** **Description** Threshold for the entire zone (Non-zero floating point) **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters **zone-violation-actions** **Description** Violation actions to use when this zone indicator threshold reaches **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/violation-actions ` .. _1048_zone-list_port-range-list_manual-mode-list: zone-list_port-range-list_manual-mode-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **close-sessions-for-unauth-sources** **Description** Close session for unauthenticated sources **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **config** **Description** 'configuration': Manual-mode configuration; **Type:** string **Supported Values:** configuration **glid-action** **Description** 'drop': Drop packets for glid exceed (Default); 'blacklist-src': Blacklist-src for glid exceed; 'ignore': Do nothing for glid exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **src-default-glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-template** **Description:** zone-template is a **JSON Block**. Please see below for :ref:`1048_zone-list_port-range-list_manual-mode-list_zone-template` **Type:** Object .. _1048_zone-list_port-range-list_manual-mode-list_zone-template: zone-list_port-range-list_manual-mode-list_zone-template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dns** **Description** DDOS dns template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **encap** **Description** DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **http** **Description** DDOS http template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **quic** **Description** DDOS quic template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **sip** **Description** DDOS sip template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **ssl-l4** **Description** DDOS ssl-l4 template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **tcp** **Description** DDOS tcp template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **udp** **Description** DDOS udp template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _1048_zone-list_port-range-list_src-based-policy-list: zone-list_port-range-list_src-based-policy-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **policy-class-list-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/src-based-policy/{src-based-policy-name}/policy-class-list/{class-list-name} ` **src-based-policy-name** **Description** Specify name of the policy **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_zone-list_port-range-list_src-based-policy-list_policy-class-list-list: zone-list_port-range-list_src-based-policy-list_policy-class-list-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **action** **Description** 'bypass': Always permit for the Source to bypass all feature & limit checks; 'deny': Blacklist incoming packets for service; **Type:** string **Supported Values:** bypass, deny **class-list-name** **Description** Class-list name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **class-list-overflow-policy-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/src-based-policy/{src-based-policy-name}/policy-class-list/{class-list-name}/class-list-overflow-policy/{dummy-name} ` **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **glid-action** **Description** 'drop': Drop packets for glid exceed (Default); 'blacklist-src': Blacklist-src for glid exceed; 'ignore': Do nothing for glid exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **max-dynamic-entry-count** **Description** Maximum count for dynamic source zone service entry allowed for this class-list **Type:** number **Range:** 0-2147483647 **sampling-enable** **Type:** List **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-template** **Description:** zone-template is a **JSON Block**. Please see below for :ref:`1048_zone-list_port-range-list_src-based-policy-list_policy-class-list-list_zone-template` **Type:** Object .. _1048_zone-list_port-range-list_src-based-policy-list_policy-class-list-list_zone-template: zone-list_port-range-list_src-based-policy-list_policy-class-list-list_zone-template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dns** **Description** DDOS dns template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **encap** **Description** DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **http** **Description** DDOS http template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **logging** **Description** DDOS logging template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **quic** **Description** DDOS quic template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **sip** **Description** DDOS sip template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **ssl-l4** **Description** DDOS ssl-l4 template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **tcp** **Description** DDOS tcp template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **udp** **Description** DDOS udp template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _1048_zone-list_port-range-list_src-based-policy-list_policy-class-list-list_sampling-enable: zone-list_port-range-list_src-based-policy-list_policy-class-list-list_sampling-enable ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'packet_received': Packets Received; 'packet_dropped': Packets Dropped; 'entry_learned': Entry Learned; 'entry_count_overflow': Entry Count Overflow; **Type:** string **Supported Values:** all, packet_received, packet_dropped, entry_learned, entry_count_overflow .. _1048_zone-list_port-range-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list: zone-list_port-range-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **action** **Description** 'bypass': Always permit for the Source to bypass all feature & limit checks; 'deny': Blacklist incoming packets for service; **Type:** string **Supported Values:** bypass, deny **dummy-name** **Description** 'configuration': Configure overflow policy for class-list; **Type:** string **Supported Values:** configuration **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **log-enable** **Description** Enable logging **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **log-periodic** **Description** Enable log periodic **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-template** **Description:** zone-template is a **JSON Block**. Please see below for :ref:`1048_zone-list_port-range-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list_zone-template` **Type:** Object .. _1048_zone-list_port-range-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list_zone-template: zone-list_port-range-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list_zone-template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dns** **Description** DDOS dns template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **encap** **Description** DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **http** **Description** DDOS http template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **logging** **Description** DDOS logging template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **quic** **Description** DDOS quic template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **sip** **Description** DDOS sip template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **ssl-l4** **Description** DDOS ssl-l4 template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **tcp** **Description** DDOS tcp template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **udp** **Description** DDOS udp template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _1048_zone-list_port-range-list_pattern-recognition-pu-details: zone-list_port-range-list_pattern-recognition-pu-details ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_zone-list_port-range-list_port-ind: zone-list_port-range-list_port-ind ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **sampling-enable** **Type:** List **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_zone-list_port-range-list_port-ind_sampling-enable: zone-list_port-range-list_port-ind_sampling-enable ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'ip-proto-type': IP Protocol Type; 'ddet_ind_pkt_rate_current': Pkt Rate Current; 'ddet_ind_pkt_rate_min': Pkt Rate Min; 'ddet_ind_pkt_rate_max': Pkt Rate Max; 'ddet_ind_pkt_rate_adaptive_threshold': Pkt Rate Adaptive Threshold; 'ddet_ind_pkt_drop_rate_current': Pkt Drop Rate Current; 'ddet_ind_pkt_drop_rate_min': Pkt Drop Rate Min; 'ddet_ind_pkt_drop_rate_max': Pkt Drop Rate Max; 'ddet_ind_pkt_drop_rate_adaptive_threshold': Pkt Drop Rate Adaptive Threshold; 'ddet_ind_syn_rate_current': TCP SYN Rate Current; 'ddet_ind_syn_rate_min': TCP SYN Rate Min; 'ddet_ind_syn_rate_max': TCP SYN Rate Max; 'ddet_ind_syn_rate_adaptive_threshold': TCP SYN Rate Adaptive Threshold; 'ddet_ind_fin_rate_current': TCP FIN Rate Current; 'ddet_ind_fin_rate_min': TCP FIN Rate Min; 'ddet_ind_fin_rate_max': TCP FIN Rate Max; 'ddet_ind_fin_rate_adaptive_threshold': TCP FIN Rate Adaptive Threshold; 'ddet_ind_rst_rate_current': TCP RST Rate Current; 'ddet_ind_rst_rate_min': TCP RST Rate Min; 'ddet_ind_rst_rate_max': TCP RST Rate Max; 'ddet_ind_rst_rate_adaptive_threshold': TCP RST Rate Adaptive Threshold; 'ddet_ind_small_window_ack_rate_current': TCP Small Window ACK Rate Current; 'ddet_ind_small_window_ack_rate_min': TCP Small Window ACK Rate Min; 'ddet_ind_small_window_ack_rate_max': TCP Small Window ACK Rate Max; 'ddet_ind_small_window_ack_rate_adaptive_threshold': TCP Small Window ACK Rate Adaptive Threshold; 'ddet_ind_empty_ack_rate_current': TCP Empty ACK Rate Current; 'ddet_ind_empty_ack_rate_min': TCP Empty ACK Rate Min; 'ddet_ind_empty_ack_rate_max': TCP Empty ACK Rate Max; 'ddet_ind_empty_ack_rate_adaptive_threshold': TCP Empty ACK Rate Adaptive Threshold; 'ddet_ind_small_payload_rate_current': TCP Small Payload Rate Current; 'ddet_ind_small_payload_rate_min': TCP Small Payload Rate Min; 'ddet_ind_small_payload_rate_max': TCP Small Payload Rate Max; 'ddet_ind_small_payload_rate_adaptive_threshold': TCP Small Payload Rate Adaptive Threshold; 'ddet_ind_pkt_drop_ratio_current': Pkt Drop / Pkt Rcvd Current; 'ddet_ind_pkt_drop_ratio_min': Pkt Drop / Pkt Rcvd Min; 'ddet_ind_pkt_drop_ratio_max': Pkt Drop / Pkt Rcvd Max; 'ddet_ind_pkt_drop_ratio_adaptive_threshold': Pkt Drop / Pkt Rcvd Adaptive Threshold; 'ddet_ind_inb_per_outb_current': Bytes-to / Bytes-from Current; 'ddet_ind_inb_per_outb_min': Bytes-to / Bytes-from Min; 'ddet_ind_inb_per_outb_max': Bytes-to / Bytes-from Max; 'ddet_ind_inb_per_outb_adaptive_threshold': Bytes-to / Bytes-from Adaptive Threshold; 'ddet_ind_syn_per_fin_rate_current': TCP SYN Rate / FIN Rate Current; 'ddet_ind_syn_per_fin_rate_min': TCP SYN Rate / FIN Rate Min; 'ddet_ind_syn_per_fin_rate_max': TCP SYN Rate / FIN Rate Max; 'ddet_ind_syn_per_fin_rate_adaptive_threshold': TCP SYN Rate / FIN Rate Adaptive Threshold; 'ddet_ind_conn_miss_rate_current': TCP Session Miss Rate Current; 'ddet_ind_conn_miss_rate_min': TCP Session Miss Rate Min; 'ddet_ind_conn_miss_rate_max': TCP Session Miss Rate Max; 'ddet_ind_conn_miss_rate_adaptive_threshold': TCP Session Miss Rate Adaptive Threshold; 'ddet_ind_concurrent_conns_current': TCP/UDP Concurrent Sessions Current; 'ddet_ind_concurrent_conns_min': TCP/UDP Concurrent Sessions Min; 'ddet_ind_concurrent_conns_max': TCP/UDP Concurrent Sessions Max; 'ddet_ind_concurrent_conns_adaptive_threshold': TCP/UDP Concurrent Sessions Adaptive Threshold; 'ddet_ind_data_cpu_util_current': Data CPU Utilization Current; 'ddet_ind_data_cpu_util_min': Data CPU Utilization Min; 'ddet_ind_data_cpu_util_max': Data CPU Utilization Max; 'ddet_ind_data_cpu_util_adaptive_threshold': Data CPU Utilization Adaptive Threshold; 'ddet_ind_outside_intf_util_current': Outside Interface Utilization Current; 'ddet_ind_outside_intf_util_min': Outside Interface Utilization Min; 'ddet_ind_outside_intf_util_max': Outside Interface Utilization Max; 'ddet_ind_outside_intf_util_adaptive_threshold': Outside Interface Utilization Adaptive Threshold; 'ddet_ind_frag_rate_current': Frag Pkt Rate Current; 'ddet_ind_frag_rate_min': Frag Pkt Rate Min; 'ddet_ind_frag_rate_max': Frag Pkt Rate Max; 'ddet_ind_frag_rate_adaptive_threshold': Frag Pkt Rate Adaptive Threshold; 'ddet_ind_bit_rate_current': Bit Rate Current; 'ddet_ind_bit_rate_min': Bit Rate Min; 'ddet_ind_bit_rate_max': Bit Rate Max; 'ddet_ind_bit_rate_adaptive_threshold': Bit Rate Adaptive Threshold; **Type:** string **Supported Values:** all, ip-proto-type, ddet_ind_pkt_rate_current, ddet_ind_pkt_rate_min, ddet_ind_pkt_rate_max, ddet_ind_pkt_rate_adaptive_threshold, ddet_ind_pkt_drop_rate_current, ddet_ind_pkt_drop_rate_min, ddet_ind_pkt_drop_rate_max, ddet_ind_pkt_drop_rate_adaptive_threshold, ddet_ind_syn_rate_current, ddet_ind_syn_rate_min, ddet_ind_syn_rate_max, ddet_ind_syn_rate_adaptive_threshold, ddet_ind_fin_rate_current, ddet_ind_fin_rate_min, ddet_ind_fin_rate_max, ddet_ind_fin_rate_adaptive_threshold, ddet_ind_rst_rate_current, ddet_ind_rst_rate_min, ddet_ind_rst_rate_max, ddet_ind_rst_rate_adaptive_threshold, ddet_ind_small_window_ack_rate_current, ddet_ind_small_window_ack_rate_min, ddet_ind_small_window_ack_rate_max, ddet_ind_small_window_ack_rate_adaptive_threshold, ddet_ind_empty_ack_rate_current, ddet_ind_empty_ack_rate_min, ddet_ind_empty_ack_rate_max, ddet_ind_empty_ack_rate_adaptive_threshold, ddet_ind_small_payload_rate_current, ddet_ind_small_payload_rate_min, ddet_ind_small_payload_rate_max, ddet_ind_small_payload_rate_adaptive_threshold, ddet_ind_pkt_drop_ratio_current, ddet_ind_pkt_drop_ratio_min, ddet_ind_pkt_drop_ratio_max, ddet_ind_pkt_drop_ratio_adaptive_threshold, ddet_ind_inb_per_outb_current, ddet_ind_inb_per_outb_min, ddet_ind_inb_per_outb_max, ddet_ind_inb_per_outb_adaptive_threshold, ddet_ind_syn_per_fin_rate_current, ddet_ind_syn_per_fin_rate_min, ddet_ind_syn_per_fin_rate_max, ddet_ind_syn_per_fin_rate_adaptive_threshold, ddet_ind_conn_miss_rate_current, ddet_ind_conn_miss_rate_min, ddet_ind_conn_miss_rate_max, ddet_ind_conn_miss_rate_adaptive_threshold, ddet_ind_concurrent_conns_current, ddet_ind_concurrent_conns_min, ddet_ind_concurrent_conns_max, ddet_ind_concurrent_conns_adaptive_threshold, ddet_ind_data_cpu_util_current, ddet_ind_data_cpu_util_min, ddet_ind_data_cpu_util_max, ddet_ind_data_cpu_util_adaptive_threshold, ddet_ind_outside_intf_util_current, ddet_ind_outside_intf_util_min, ddet_ind_outside_intf_util_max, ddet_ind_outside_intf_util_adaptive_threshold, ddet_ind_frag_rate_current, ddet_ind_frag_rate_min, ddet_ind_frag_rate_max, ddet_ind_frag_rate_adaptive_threshold, ddet_ind_bit_rate_current, ddet_ind_bit_rate_min, ddet_ind_bit_rate_max, ddet_ind_bit_rate_adaptive_threshold .. _1048_zone-list_port-range-list_sflow-tcp: zone-list_port-range-list_sflow-tcp ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **sflow-tcp-basic** **Description** Enable sFlow basic TCP counter polling **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** sflow-tcp-basic and sflow-common are mutually exclusive **sflow-tcp-stateful** **Description** Enable sFlow stateful TCP counter polling **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** sflow-tcp-stateful and sflow-common are mutually exclusive .. _1048_zone-list_port-range-list_topk-sources: zone-list_port-range-list_topk-sources ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_zone-list_port-range-list_ip-filtering-policy-oper: zone-list_port-range-list_ip-filtering-policy-oper ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_zone-list_port-range-list_dynamic-entry-overflow-policy-list: zone-list_port-range-list_dynamic-entry-overflow-policy-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **action** **Description** 'bypass': Always permit for the Source to bypass all feature & limit checks; 'deny': Blacklist incoming packets for service; **Type:** string **Supported Values:** bypass, deny **dummy-name** **Description** 'configuration': Configure overflow policy; **Type:** string **Supported Values:** configuration **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **log-enable** **Description** Enable logging **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **log-periodic** **Description** Enable log periodic **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-template** **Description:** zone-template is a **JSON Block**. Please see below for :ref:`1048_zone-list_port-range-list_dynamic-entry-overflow-policy-list_zone-template` **Type:** Object .. _1048_zone-list_port-range-list_dynamic-entry-overflow-policy-list_zone-template: zone-list_port-range-list_dynamic-entry-overflow-policy-list_zone-template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dns** **Description** DDOS dns template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **encap** **Description** DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **http** **Description** DDOS http template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **logging** **Description** DDOS logging template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **quic** **Description** DDOS quic template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **sip** **Description** DDOS sip template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **ssl-l4** **Description** DDOS ssl-l4 template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **tcp** **Description** DDOS tcp template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **udp** **Description** DDOS udp template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _1048_zone-list_port-range-list_topk-destinations: zone-list_port-range-list_topk-destinations ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_zone-list_collector: zone-list_collector ^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **sflow-name** **Description** Name of configured custom sFlow collector **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/sflow/collector/custom ` .. _1048_zone-list_topk-destinations: zone-list_topk-destinations ^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_zone-list_capture-config-list: zone-list_capture-config-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **mode** **Description** 'drop': Apply capture-config to dropped packets; 'forward': Apply capture-config to forwarded packets; 'all': Apply capture-config to both dropped and forwarded packets; **Type:** string **Supported Values:** drop, forward, all **name** **Description** Capture-config name **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/capture-config ` **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_zone-list_zone-template: zone-list_zone-template ^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **logging** **Description** DDOS logging template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1048_zone-list_web-gui: zone-list_web-gui ^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **activated-after-learning** **Description** Activate it after learning **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **create-time** **Description** Configure create time **Type:** string **Maximum Length:** 13 characters **Maximum Length:** 1 characters **learning** **Description:** learning is a **JSON Block**. Please see below for :ref:`1048_zone-list_web-gui_learning` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/web-gui/learning ` **modify-time** **Description** Configure modify time **Type:** string **Maximum Length:** 13 characters **Maximum Length:** 1 characters **protection** **Description:** protection is a **JSON Block**. Please see below for :ref:`1048_zone-list_web-gui_protection` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/web-gui/protection ` **sensitivity** **Description** '5': Low; '3': Medium; '1.5': High; **Type:** string **Supported Values:** 5, 3, 1.5 **Default:** 3 **status** **Description** 'newly': newly; 'learning': learning; 'learned': learned; 'activated': activated; **Type:** string **Supported Values:** newly, learning, learned, activated **Default:** newly **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_zone-list_web-gui_protection: zone-list_web-gui_protection ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **ip-proto** **Description:** ip-proto is a **JSON Block**. Please see below for :ref:`1048_zone-list_web-gui_protection_ip-proto` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/web-gui/protection/ip-proto ` **port** **Description:** port is a **JSON Block**. Please see below for :ref:`1048_zone-list_web-gui_protection_port` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/web-gui/protection/port ` **port-range-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/web-gui/protection/port-range/{port-range-start}+{port-range-end}+{protocol} ` .. _1048_zone-list_web-gui_protection_port-range-list: zone-list_web-gui_protection_port-range-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **pbe** **Description** Peak Bandwidth Expected **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters **port-range-end** **Description** Port-Range End Port Number **Type:** number **Range:** 1-65535 **port-range-start** **Description** Port-Range Start Port Number **Type:** number **Range:** 1-65535 **protocol** **Description** 'dns-tcp': DNS-TCP Port; 'dns-udp': DNS-UDP Port; 'http': HTTP Port; 'tcp': TCP Port; 'udp': UDP Port; 'ssl-l4': SSL-L4 Port; **Type:** string **Supported Values:** dns-tcp, dns-udp, http, tcp, udp, ssl-l4 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_zone-list_web-gui_protection_port: zone-list_web-gui_protection_port ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **zone-service-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/web-gui/protection/port/zone-service/{port-num}+{protocol} ` **zone-service-other-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/web-gui/protection/port/zone-service-other/{port-other}+{protocol} ` .. _1048_zone-list_web-gui_protection_port_zone-service-list: zone-list_web-gui_protection_port_zone-service-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **pbe** **Description** Peak Bandwidth Expected **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters **port-num** **Description** Port Number **Type:** number **Range:** 1-65535 **protocol** **Description** 'dns-tcp': DNS-TCP Port; 'dns-udp': DNS-UDP Port; 'http': HTTP Port; 'tcp': TCP Port; 'udp': UDP Port; 'ssl-l4': SSL-L4 Port; **Type:** string **Supported Values:** dns-tcp, dns-udp, http, tcp, udp, ssl-l4 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_zone-list_web-gui_protection_port_zone-service-other-list: zone-list_web-gui_protection_port_zone-service-other-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **pbe** **Description** Peak Bandwidth Expected **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters **port-other** **Description** 'other': other; **Type:** string **Supported Values:** other **protocol** **Description** 'tcp': TCP Port; 'udp': UDP Port; **Type:** string **Supported Values:** tcp, udp **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_zone-list_web-gui_protection_ip-proto: zone-list_web-gui_protection_ip-proto ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **proto-name-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/web-gui/protection/ip-proto/proto-name/{protocol} ` .. _1048_zone-list_web-gui_protection_ip-proto_proto-name-list: zone-list_web-gui_protection_ip-proto_proto-name-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **pbe** **Description** Peak Bandwidth Expected **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters **protocol** **Description** 'icmp-v4': ip-proto icmp-v4; 'icmp-v6': ip-proto icmp-v6; **Type:** string **Supported Values:** icmp-v4, icmp-v6 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_zone-list_web-gui_learning: zone-list_web-gui_learning ^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **duration** **Description** '1minute': 1 minute; '6hour': 6 hours; '12hour': 12 hours; '24hour': 24 hours; '7day': 7 days; **Type:** string **Supported Values:** 1minute, 6hour, 12hour, 24hour, 7day **Default:** 6hour **starting-time** **Description** Configure learning starting time **Type:** string **Maximum Length:** 13 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_zone-list_hw-blacklist-blocking: zone-list_hw-blacklist-blocking ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dst-enable** **Description** Enable Dst side hardware blocking **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **src-enable** **Description** Enable Src side hardware blocking **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_zone-list_port: zone-list_port ^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **zone-service-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol} ` **zone-service-other-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol} ` .. _1048_zone-list_port_zone-service-list: zone-list_port_zone-service-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **age** **Description** Idle age for ip entry **Type:** number **Range:** 2-1023 **Default:** 5 **apply-policy-on-overflow** **Description** Enable this flag to apply overflow policy when dynamic entry count overflows **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **capture-config** **Description:** capture-config is a **JSON Block**. Please see below for :ref:`1048_zone-list_port_zone-service-list_capture-config` **Type:** Object **default-action-list** **Description** Configure default-action-list **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **deny** **Description** Blacklist and Drop all incoming packets for protocol **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dynamic-entry-overflow-policy-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/dynamic-entry-overflow-policy/{dummy-name} ` **enable-class-list-overflow** **Description** Apply class-list overflow policy upon exceeding dynamic entry count specified for zone-port or class-list **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **enable-top-k** **Description** Enable ddos top-k source IP detection **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **enable-top-k-destination** **Description** Enable ddos top-k destination IP detection **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **faster-de-escalation** **Description** De-escalate faster in standalone mode **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid-cfg** **Description:** glid-cfg is a **JSON Block**. Please see below for :ref:`1048_zone-list_port_zone-service-list_glid-cfg` **Type:** Object **ip-filtering-policy** **Description** Configure IP Filter **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/ip-filtering-policy ` **ip-filtering-policy-oper** **Description:** ip-filtering-policy-oper is a **JSON Block**. Please see below for :ref:`1048_zone-list_port_zone-service-list_ip-filtering-policy-oper` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/ip-filtering-policy-oper ` **ips** **Description:** ips is a **JSON Block**. Please see below for :ref:`1048_zone-list_port_zone-service-list_ips` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/ips ` **level-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/level/{level-num} ` **manual-mode-enable** **Description** Toggle manual mode to use fix templates **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **manual-mode-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/manual-mode/{config} ` **max-dynamic-entry-count** **Description** Maximum count for dynamic source zone service entry **Type:** number **Range:** 0-2147483647 **outbound-only** **Description** Only allow outbound traffic **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **pattern-recognition** **Description:** pattern-recognition is a **JSON Block**. Please see below for :ref:`1048_zone-list_port_zone-service-list_pattern-recognition` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/pattern-recognition ` **pattern-recognition-pu-details** **Description:** pattern-recognition-pu-details is a **JSON Block**. Please see below for :ref:`1048_zone-list_port_zone-service-list_pattern-recognition-pu-details` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/pattern-recognition-pu-details ` **port-ind** **Description:** port-ind is a **JSON Block**. Please see below for :ref:`1048_zone-list_port_zone-service-list_port-ind` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/port-ind ` **port-num** **Description** Port Number **Type:** number **Range:** 1-65535 **progression-tracking** **Description:** progression-tracking is a **JSON Block**. Please see below for :ref:`1048_zone-list_port_zone-service-list_progression-tracking` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/progression-tracking ` **protocol** **Description** 'dns-tcp': DNS-TCP Port; 'dns-udp': DNS-UDP Port; 'http': HTTP Port; 'tcp': TCP Port; 'udp': UDP Port; 'ssl-l4': SSL-L4 Port; 'sip-udp': SIP-UDP Port; 'sip-tcp': SIP-TCP Port; 'quic': QUIC Port; **Type:** string **Supported Values:** dns-tcp, dns-udp, http, tcp, udp, ssl-l4, sip-udp, sip-tcp, quic **set-counter-base-val** **Description** Set T2 counter value of current context to specified value **Type:** number **Range:** 1-4294967295 **sflow-common** **Description** Enable all sFlow polling options under this zone port **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** sflow-common,sflow-packets, sflow-tcp-basic, sflow-tcp-stateful, and sflow-http are mutually exclusive **sflow-http** **Description** Enable sFlow HTTP counter polling **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** sflow-http and sflow-common are mutually exclusive **sflow-packets** **Description** Enable sFlow packet-level counter polling **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** sflow-packets and sflow-common are mutually exclusive **sflow-tcp** **Description:** sflow-tcp is a **JSON Block**. Please see below for :ref:`1048_zone-list_port_zone-service-list_sflow-tcp` **Type:** Object **signature-extraction** **Description:** signature-extraction is a **JSON Block**. Please see below for :ref:`1048_zone-list_port_zone-service-list_signature-extraction` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/signature-extraction ` **src-based-policy-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/src-based-policy/{src-based-policy-name} ` **stateful** **Description** Enable stateful tracking of sessions (Default is stateless) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **topk-destinations** **Description:** topk-destinations is a **JSON Block**. Please see below for :ref:`1048_zone-list_port_zone-service-list_topk-destinations` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/topk-destinations ` **topk-dst-num-records** **Description** Maximum number of records to show in topk **Type:** number **Range:** 1-100 **Default:** 20 **topk-num-records** **Description** Maximum number of records to show in topk **Type:** number **Range:** 1-100 **Default:** 20 **topk-sources** **Description:** topk-sources is a **JSON Block**. Please see below for :ref:`1048_zone-list_port_zone-service-list_topk-sources` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/topk-sources ` **unlimited-dynamic-entry-count** **Description** No limit for maximum dynamic src entry count **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_zone-list_port_zone-service-list_pattern-recognition: zone-list_port_zone-service-list_pattern-recognition ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **algorithm** **Description** 'heuristic': heuristic algorithm; **Type:** string **Supported Values:** heuristic **app-payload-offset** **Description** Set offset of the payload **Type:** number **Range:** 0-1500 **Default:** 0 **capture-traffic** **Description** 'all': Capture all packets; 'dropped': Capture dropped packets (default); **Type:** string **Supported Values:** all, dropped **filter-inactive-threshold** **Description** Extracted filter inactive threshold **Type:** number **Range:** 5-255 **filter-threshold** **Description** Extracted filter threshold **Type:** number **Range:** 0-100 **mode** **Description** 'capture-never-expire': War-time capture without rate exceeding and never expires; 'manual': Manual mode; **Type:** string **Supported Values:** capture-never-expire, manual **sensitivity** **Description** 'high': High Sensitivity; 'medium': Medium Sensitivity; 'low': Low Sensitivity; **Type:** string **Supported Values:** high, medium, low **triggered-by** **Description** 'zone-escalation': Zone escalation trigger pattern recognition; 'packet-rate-exceeds': Packet rate limit exceeds trigger pattern recognition (default); **Type:** string **Supported Values:** zone-escalation, packet-rate-exceeds **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_zone-list_port_zone-service-list_ips: zone-list_port_zone-service-list_ips ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **sampling-enable** **Type:** List **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_zone-list_port_zone-service-list_ips_sampling-enable: zone-list_port_zone-service-list_ips_sampling-enable ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'ips_matched_total': IPS Matched Total; 'ips_matched_action_pass': IPS Matched Action Pass; 'ips_matched_action_drop': IPS Matched Action Drop; 'ips_matched_action_blacklist': IPS Matched Action Blacklist; 'ips_matched_severity_high': IPS Matched Severity High; 'ips_matched_severity_medium': IPS Matched Severity Medium; 'ips_matched_severity_low': IPS Matched Severity Low; 'src_ips_matched_action_pass': Src IPS Matched Action Pass; 'src_ips_matched_action_drop': Src IPS Matched Action Drop; 'src_ips_matched_action_blacklist': Src IPS Matched Action Blacklist; 'src_ips_matched_severity_high': Src IPS Matched Severity High; 'src_ips_matched_severity_medium': Src IPS Matched Severity Medium; 'src_ips_matched_severity_low': Src IPS Matched Severity Low; **Type:** string **Supported Values:** all, ips_matched_total, ips_matched_action_pass, ips_matched_action_drop, ips_matched_action_blacklist, ips_matched_severity_high, ips_matched_severity_medium, ips_matched_severity_low, src_ips_matched_action_pass, src_ips_matched_action_drop, src_ips_matched_action_blacklist, src_ips_matched_severity_high, src_ips_matched_severity_medium, src_ips_matched_severity_low .. _1048_zone-list_port_zone-service-list_ip-filtering-policy-oper: zone-list_port_zone-service-list_ip-filtering-policy-oper ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_zone-list_port_zone-service-list_glid-cfg: zone-list_port_zone-service-list_glid-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **action-list** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **glid** **Description** Global limit ID for the whole zone **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **glid-action** **Description** 'drop': Drop packets for glid exceed (Default if default-action-list is not configured); 'ignore': Do nothing for glid exceed; **Type:** string **Supported Values:** drop, ignore **per-addr-glid** **Description** Global limit ID per address **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` .. _1048_zone-list_port_zone-service-list_signature-extraction: zone-list_port_zone-service-list_signature-extraction ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **algorithm** **Description** 'heuristic': heuristic algorithm; **Type:** string **Supported Values:** heuristic **manual-mode** **Description** Enable manual mode **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_zone-list_port_zone-service-list_level-list: zone-list_port_zone-service-list_level-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **apply-extracted-filters** **Description** Apply extracted filters from this level **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **close-sessions-for-unauth-sources** **Description** Close session for unauthenticated sources **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid-action** **Description** 'drop': Drop packets for glid exceed (Default); 'blacklist-src': Blacklist-src for glid exceed; 'ignore': Do nothing for glid exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **indicator-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/level/{level-num}/indicator/{type} ` **level-num** **Description** '0': Default policy level; '1': Policy level 1; '2': Policy level 2; '3': Policy level 3; '4': Policy level 4; **Type:** string **Supported Values:** 0, 1, 2, 3, 4 **src-default-glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **src-escalation-score** **Description** Source activation score of this level **Type:** number **Range:** 1-1000000 **src-violation-actions** **Description** Violation actions apply due to source escalate from this level **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/violation-actions ` **start-pattern-recognition** **Description** Start pattern recognition from this level **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **start-signature-extraction** **Description** Start signature extraction from this level **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-escalation-score** **Description** Zone activation score of this level **Type:** number **Range:** 1-1000000 **zone-template** **Description:** zone-template is a **JSON Block**. Please see below for :ref:`1048_zone-list_port_zone-service-list_level-list_zone-template` **Type:** Object **zone-violation-actions** **Description** Violation actions apply due to zone escalate from this level **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/violation-actions ` .. _1048_zone-list_port_zone-service-list_level-list_zone-template: zone-list_port_zone-service-list_level-list_zone-template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dns** **Description** DDOS dns template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **encap** **Description** DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **http** **Description** DDOS http template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **quic** **Description** DDOS quic template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **sip** **Description** DDOS sip template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **ssl-l4** **Description** DDOS ssl-l4 template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **tcp** **Description** DDOS tcp template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **udp** **Description** DDOS udp template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _1048_zone-list_port_zone-service-list_level-list_indicator-list: zone-list_port_zone-service-list_level-list_indicator-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **data-packet-size** **Description** Expected minimal data size **Type:** number **Range:** 1-1500 **score** **Description** Score corresponding to the indicator **Type:** number **Range:** 1-1000000 **src-threshold-large-num** **Description** Indicator per-src threshold **Type:** number **Range:** 1-10995116277760 **src-threshold-num** **Description** Indicator per-src threshold **Type:** number **Range:** 1-2147483647 **src-threshold-str** **Description** Indicator per-src threshold (Non-zero floating point) **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters **src-violation-actions** **Description** Violation actions to use when this src indicator threshold reaches **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/violation-actions ` **tcp-window-size** **Description** Expected minimal window size **Type:** number **Range:** 1-500 **type** **Description** 'pkt-rate': rate of incoming packets; 'pkt-drop-rate': rate of packets got dropped; 'bit-rate': rate of incoming bits; 'pkt-drop-ratio': ratio of incoming packet rate divided by the rate of dropping packets; 'bytes-to-bytes-from-ratio': ratio of incoming packet rate divided by the rate of outgoing packets; 'concurrent-conns': number of concurrent connections; 'conn-miss-rate': rate of incoming packets for which no previously established connection exists; 'syn-rate': rate on incoming SYN packets; 'fin-rate': rate on incoming FIN packets; 'rst-rate': rate of incoming RST packets; 'small-window-ack-rate': rate of small window advertisement; 'empty-ack-rate': rate of incoming packets which have no payload; 'small-payload-rate': rate of short payload packet; 'syn-fin-ratio': ratio of incoming SYN packet rate divided by the rate of incoming FIN packets; 'cpu-utilization': average data CPU utilization; 'interface-utilization': outside interface utilization; **Type:** string **Supported Values:** pkt-rate, pkt-drop-rate, bit-rate, pkt-drop-ratio, bytes-to-bytes-from-ratio, concurrent-conns, conn-miss-rate, syn-rate, fin-rate, rst-rate, small-window-ack-rate, empty-ack-rate, small-payload-rate, syn-fin-ratio, cpu-utilization, interface-utilization **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-threshold-large-num** **Description** Threshold for the entire zone **Type:** number **Range:** 1-10995116277760 **zone-threshold-num** **Description** Threshold for the entire zone **Type:** number **Range:** 1-2147483647 **zone-threshold-str** **Description** Threshold for the entire zone (Non-zero floating point) **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters **zone-violation-actions** **Description** Violation actions to use when this zone indicator threshold reaches **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/violation-actions ` .. _1048_zone-list_port_zone-service-list_manual-mode-list: zone-list_port_zone-service-list_manual-mode-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **close-sessions-for-unauth-sources** **Description** Close session for unauthenticated sources **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **config** **Description** 'configuration': Manual-mode configuration; **Type:** string **Supported Values:** configuration **glid-action** **Description** 'drop': Drop packets for glid exceed (Default); 'blacklist-src': Blacklist-src for glid exceed; 'ignore': Do nothing for glid exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **src-default-glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-template** **Description:** zone-template is a **JSON Block**. Please see below for :ref:`1048_zone-list_port_zone-service-list_manual-mode-list_zone-template` **Type:** Object .. _1048_zone-list_port_zone-service-list_manual-mode-list_zone-template: zone-list_port_zone-service-list_manual-mode-list_zone-template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dns** **Description** DDOS dns template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **encap** **Description** DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **http** **Description** DDOS http template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **quic** **Description** DDOS quic template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **sip** **Description** DDOS sip template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **ssl-l4** **Description** DDOS ssl-l4 template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **tcp** **Description** DDOS tcp template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **udp** **Description** DDOS udp template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _1048_zone-list_port_zone-service-list_src-based-policy-list: zone-list_port_zone-service-list_src-based-policy-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **policy-class-list-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/src-based-policy/{src-based-policy-name}/policy-class-list/{class-list-name} ` **src-based-policy-name** **Description** Specify name of the policy **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_zone-list_port_zone-service-list_src-based-policy-list_policy-class-list-list: zone-list_port_zone-service-list_src-based-policy-list_policy-class-list-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **action** **Description** 'bypass': Always permit for the Source to bypass all feature & limit checks; 'deny': Blacklist incoming packets for service; **Type:** string **Supported Values:** bypass, deny **class-list-name** **Description** Class-list name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **class-list-overflow-policy-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/src-based-policy/{src-based-policy-name}/policy-class-list/{class-list-name}/class-list-overflow-policy/{dummy-name} ` **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **glid-action** **Description** 'drop': Drop packets for glid exceed (Default); 'blacklist-src': Blacklist-src for glid exceed; 'ignore': Do nothing for glid exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **log-enable** **Description** Enable logging **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **log-periodic** **Description** Enable log periodic **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **max-dynamic-entry-count** **Description** Maximum count for dynamic source zone service entry allowed for this class-list **Type:** number **Range:** 0-2147483647 **sampling-enable** **Type:** List **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-template** **Description:** zone-template is a **JSON Block**. Please see below for :ref:`1048_zone-list_port_zone-service-list_src-based-policy-list_policy-class-list-list_zone-template` **Type:** Object .. _1048_zone-list_port_zone-service-list_src-based-policy-list_policy-class-list-list_sampling-enable: zone-list_port_zone-service-list_src-based-policy-list_policy-class-list-list_sampling-enable ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'packet_received': Packets Received; 'packet_dropped': Packets Dropped; 'entry_learned': Entry Learned; 'entry_count_overflow': Entry Count Overflow; **Type:** string **Supported Values:** all, packet_received, packet_dropped, entry_learned, entry_count_overflow .. _1048_zone-list_port_zone-service-list_src-based-policy-list_policy-class-list-list_zone-template: zone-list_port_zone-service-list_src-based-policy-list_policy-class-list-list_zone-template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dns** **Description** DDOS dns template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **encap** **Description** DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **http** **Description** DDOS http template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **logging** **Description** DDOS logging template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **quic** **Description** DDOS quic template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **sip** **Description** DDOS sip template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **ssl-l4** **Description** DDOS ssl-l4 template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **tcp** **Description** DDOS tcp template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **udp** **Description** DDOS udp template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _1048_zone-list_port_zone-service-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list: zone-list_port_zone-service-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **action** **Description** 'bypass': Always permit for the Source to bypass all feature & limit checks; 'deny': Blacklist incoming packets for service; **Type:** string **Supported Values:** bypass, deny **dummy-name** **Description** 'configuration': Configure overflow policy for class-list; **Type:** string **Supported Values:** configuration **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **log-enable** **Description** Enable logging **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **log-periodic** **Description** Enable log periodic **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-template** **Description:** zone-template is a **JSON Block**. Please see below for :ref:`1048_zone-list_port_zone-service-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list_zone-template` **Type:** Object .. _1048_zone-list_port_zone-service-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list_zone-template: zone-list_port_zone-service-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list_zone-template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dns** **Description** DDOS dns template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **encap** **Description** DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **http** **Description** DDOS http template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **logging** **Description** DDOS logging template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **quic** **Description** DDOS quic template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **sip** **Description** DDOS sip template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **ssl-l4** **Description** DDOS ssl-l4 template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **tcp** **Description** DDOS tcp template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **udp** **Description** DDOS udp template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _1048_zone-list_port_zone-service-list_pattern-recognition-pu-details: zone-list_port_zone-service-list_pattern-recognition-pu-details ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_zone-list_port_zone-service-list_port-ind: zone-list_port_zone-service-list_port-ind ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **sampling-enable** **Type:** List **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_zone-list_port_zone-service-list_port-ind_sampling-enable: zone-list_port_zone-service-list_port-ind_sampling-enable ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'ip-proto-type': IP Protocol Type; 'ddet_ind_pkt_rate_current': Pkt Rate Current; 'ddet_ind_pkt_rate_min': Pkt Rate Min; 'ddet_ind_pkt_rate_max': Pkt Rate Max; 'ddet_ind_pkt_rate_adaptive_threshold': Pkt Rate Adaptive Threshold; 'ddet_ind_pkt_drop_rate_current': Pkt Drop Rate Current; 'ddet_ind_pkt_drop_rate_min': Pkt Drop Rate Min; 'ddet_ind_pkt_drop_rate_max': Pkt Drop Rate Max; 'ddet_ind_pkt_drop_rate_adaptive_threshold': Pkt Drop Rate Adaptive Threshold; 'ddet_ind_syn_rate_current': TCP SYN Rate Current; 'ddet_ind_syn_rate_min': TCP SYN Rate Min; 'ddet_ind_syn_rate_max': TCP SYN Rate Max; 'ddet_ind_syn_rate_adaptive_threshold': TCP SYN Rate Adaptive Threshold; 'ddet_ind_fin_rate_current': TCP FIN Rate Current; 'ddet_ind_fin_rate_min': TCP FIN Rate Min; 'ddet_ind_fin_rate_max': TCP FIN Rate Max; 'ddet_ind_fin_rate_adaptive_threshold': TCP FIN Rate Adaptive Threshold; 'ddet_ind_rst_rate_current': TCP RST Rate Current; 'ddet_ind_rst_rate_min': TCP RST Rate Min; 'ddet_ind_rst_rate_max': TCP RST Rate Max; 'ddet_ind_rst_rate_adaptive_threshold': TCP RST Rate Adaptive Threshold; 'ddet_ind_small_window_ack_rate_current': TCP Small Window ACK Rate Current; 'ddet_ind_small_window_ack_rate_min': TCP Small Window ACK Rate Min; 'ddet_ind_small_window_ack_rate_max': TCP Small Window ACK Rate Max; 'ddet_ind_small_window_ack_rate_adaptive_threshold': TCP Small Window ACK Rate Adaptive Threshold; 'ddet_ind_empty_ack_rate_current': TCP Empty ACK Rate Current; 'ddet_ind_empty_ack_rate_min': TCP Empty ACK Rate Min; 'ddet_ind_empty_ack_rate_max': TCP Empty ACK Rate Max; 'ddet_ind_empty_ack_rate_adaptive_threshold': TCP Empty ACK Rate Adaptive Threshold; 'ddet_ind_small_payload_rate_current': TCP Small Payload Rate Current; 'ddet_ind_small_payload_rate_min': TCP Small Payload Rate Min; 'ddet_ind_small_payload_rate_max': TCP Small Payload Rate Max; 'ddet_ind_small_payload_rate_adaptive_threshold': TCP Small Payload Rate Adaptive Threshold; 'ddet_ind_pkt_drop_ratio_current': Pkt Drop / Pkt Rcvd Current; 'ddet_ind_pkt_drop_ratio_min': Pkt Drop / Pkt Rcvd Min; 'ddet_ind_pkt_drop_ratio_max': Pkt Drop / Pkt Rcvd Max; 'ddet_ind_pkt_drop_ratio_adaptive_threshold': Pkt Drop / Pkt Rcvd Adaptive Threshold; 'ddet_ind_inb_per_outb_current': Bytes-to / Bytes-from Current; 'ddet_ind_inb_per_outb_min': Bytes-to / Bytes-from Min; 'ddet_ind_inb_per_outb_max': Bytes-to / Bytes-from Max; 'ddet_ind_inb_per_outb_adaptive_threshold': Bytes-to / Bytes-from Adaptive Threshold; 'ddet_ind_syn_per_fin_rate_current': TCP SYN Rate / FIN Rate Current; 'ddet_ind_syn_per_fin_rate_min': TCP SYN Rate / FIN Rate Min; 'ddet_ind_syn_per_fin_rate_max': TCP SYN Rate / FIN Rate Max; 'ddet_ind_syn_per_fin_rate_adaptive_threshold': TCP SYN Rate / FIN Rate Adaptive Threshold; 'ddet_ind_conn_miss_rate_current': TCP Session Miss Rate Current; 'ddet_ind_conn_miss_rate_min': TCP Session Miss Rate Min; 'ddet_ind_conn_miss_rate_max': TCP Session Miss Rate Max; 'ddet_ind_conn_miss_rate_adaptive_threshold': TCP Session Miss Rate Adaptive Threshold; 'ddet_ind_concurrent_conns_current': TCP/UDP Concurrent Sessions Current; 'ddet_ind_concurrent_conns_min': TCP/UDP Concurrent Sessions Min; 'ddet_ind_concurrent_conns_max': TCP/UDP Concurrent Sessions Max; 'ddet_ind_concurrent_conns_adaptive_threshold': TCP/UDP Concurrent Sessions Adaptive Threshold; 'ddet_ind_data_cpu_util_current': Data CPU Utilization Current; 'ddet_ind_data_cpu_util_min': Data CPU Utilization Min; 'ddet_ind_data_cpu_util_max': Data CPU Utilization Max; 'ddet_ind_data_cpu_util_adaptive_threshold': Data CPU Utilization Adaptive Threshold; 'ddet_ind_outside_intf_util_current': Outside Interface Utilization Current; 'ddet_ind_outside_intf_util_min': Outside Interface Utilization Min; 'ddet_ind_outside_intf_util_max': Outside Interface Utilization Max; 'ddet_ind_outside_intf_util_adaptive_threshold': Outside Interface Utilization Adaptive Threshold; 'ddet_ind_frag_rate_current': Frag Pkt Rate Current; 'ddet_ind_frag_rate_min': Frag Pkt Rate Min; 'ddet_ind_frag_rate_max': Frag Pkt Rate Max; 'ddet_ind_frag_rate_adaptive_threshold': Frag Pkt Rate Adaptive Threshold; 'ddet_ind_bit_rate_current': Bit Rate Current; 'ddet_ind_bit_rate_min': Bit Rate Min; 'ddet_ind_bit_rate_max': Bit Rate Max; 'ddet_ind_bit_rate_adaptive_threshold': Bit Rate Adaptive Threshold; **Type:** string **Supported Values:** all, ip-proto-type, ddet_ind_pkt_rate_current, ddet_ind_pkt_rate_min, ddet_ind_pkt_rate_max, ddet_ind_pkt_rate_adaptive_threshold, ddet_ind_pkt_drop_rate_current, ddet_ind_pkt_drop_rate_min, ddet_ind_pkt_drop_rate_max, ddet_ind_pkt_drop_rate_adaptive_threshold, ddet_ind_syn_rate_current, ddet_ind_syn_rate_min, ddet_ind_syn_rate_max, ddet_ind_syn_rate_adaptive_threshold, ddet_ind_fin_rate_current, ddet_ind_fin_rate_min, ddet_ind_fin_rate_max, ddet_ind_fin_rate_adaptive_threshold, ddet_ind_rst_rate_current, ddet_ind_rst_rate_min, ddet_ind_rst_rate_max, ddet_ind_rst_rate_adaptive_threshold, ddet_ind_small_window_ack_rate_current, ddet_ind_small_window_ack_rate_min, ddet_ind_small_window_ack_rate_max, ddet_ind_small_window_ack_rate_adaptive_threshold, ddet_ind_empty_ack_rate_current, ddet_ind_empty_ack_rate_min, ddet_ind_empty_ack_rate_max, ddet_ind_empty_ack_rate_adaptive_threshold, ddet_ind_small_payload_rate_current, ddet_ind_small_payload_rate_min, ddet_ind_small_payload_rate_max, ddet_ind_small_payload_rate_adaptive_threshold, ddet_ind_pkt_drop_ratio_current, ddet_ind_pkt_drop_ratio_min, ddet_ind_pkt_drop_ratio_max, ddet_ind_pkt_drop_ratio_adaptive_threshold, ddet_ind_inb_per_outb_current, ddet_ind_inb_per_outb_min, ddet_ind_inb_per_outb_max, ddet_ind_inb_per_outb_adaptive_threshold, ddet_ind_syn_per_fin_rate_current, ddet_ind_syn_per_fin_rate_min, ddet_ind_syn_per_fin_rate_max, ddet_ind_syn_per_fin_rate_adaptive_threshold, ddet_ind_conn_miss_rate_current, ddet_ind_conn_miss_rate_min, ddet_ind_conn_miss_rate_max, ddet_ind_conn_miss_rate_adaptive_threshold, ddet_ind_concurrent_conns_current, ddet_ind_concurrent_conns_min, ddet_ind_concurrent_conns_max, ddet_ind_concurrent_conns_adaptive_threshold, ddet_ind_data_cpu_util_current, ddet_ind_data_cpu_util_min, ddet_ind_data_cpu_util_max, ddet_ind_data_cpu_util_adaptive_threshold, ddet_ind_outside_intf_util_current, ddet_ind_outside_intf_util_min, ddet_ind_outside_intf_util_max, ddet_ind_outside_intf_util_adaptive_threshold, ddet_ind_frag_rate_current, ddet_ind_frag_rate_min, ddet_ind_frag_rate_max, ddet_ind_frag_rate_adaptive_threshold, ddet_ind_bit_rate_current, ddet_ind_bit_rate_min, ddet_ind_bit_rate_max, ddet_ind_bit_rate_adaptive_threshold .. _1048_zone-list_port_zone-service-list_sflow-tcp: zone-list_port_zone-service-list_sflow-tcp ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **sflow-tcp-basic** **Description** Enable sFlow basic TCP counter polling **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** sflow-tcp-basic and sflow-common are mutually exclusive **sflow-tcp-stateful** **Description** Enable sFlow stateful TCP counter polling **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** sflow-tcp-stateful and sflow-common are mutually exclusive .. _1048_zone-list_port_zone-service-list_topk-sources: zone-list_port_zone-service-list_topk-sources ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_zone-list_port_zone-service-list_dynamic-entry-overflow-policy-list: zone-list_port_zone-service-list_dynamic-entry-overflow-policy-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **action** **Description** 'bypass': Always permit for the Source to bypass all feature & limit checks; 'deny': Blacklist incoming packets for service; **Type:** string **Supported Values:** bypass, deny **dummy-name** **Description** 'configuration': Configure overflow policy; **Type:** string **Supported Values:** configuration **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **log-enable** **Description** Enable logging **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **log-periodic** **Description** Enable log periodic **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-template** **Description:** zone-template is a **JSON Block**. Please see below for :ref:`1048_zone-list_port_zone-service-list_dynamic-entry-overflow-policy-list_zone-template` **Type:** Object .. _1048_zone-list_port_zone-service-list_dynamic-entry-overflow-policy-list_zone-template: zone-list_port_zone-service-list_dynamic-entry-overflow-policy-list_zone-template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dns** **Description** DDOS dns template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **encap** **Description** DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **http** **Description** DDOS http template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **logging** **Description** DDOS logging template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **quic** **Description** DDOS quic template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **sip** **Description** DDOS sip template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **ssl-l4** **Description** DDOS ssl-l4 template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **tcp** **Description** DDOS tcp template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **udp** **Description** DDOS udp template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _1048_zone-list_port_zone-service-list_capture-config: zone-list_port_zone-service-list_capture-config ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **capture-config-mode** **Description** 'drop': Apply capture-config to dropped packets; 'forward': Apply capture-config to forwarded packets; 'all': Apply capture-config to both dropped and forwarded packets; **Type:** string **Supported Values:** drop, forward, all **capture-config-name** **Description** Capture-config name **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1048_zone-list_port_zone-service-list_topk-destinations: zone-list_port_zone-service-list_topk-destinations ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_zone-list_port_zone-service-list_progression-tracking: zone-list_port_zone-service-list_progression-tracking ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_zone-list_port_zone-service-other-list: zone-list_port_zone-service-other-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **age** **Description** Idle age for ip entry **Type:** number **Range:** 2-1023 **Default:** 5 **apply-policy-on-overflow** **Description** Enable this flag to apply overflow policy when dynamic entry count overflows **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **default-action-list** **Description** Configure default-action-list **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **deny** **Description** Blacklist and Drop all incoming packets for protocol **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dynamic-entry-overflow-policy-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}/dynamic-entry-overflow-policy/{dummy-name} ` **enable-class-list-overflow** **Description** Apply class-list overflow policy upon exceeding dynamic entry count specified for this zone port or each class-list **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **enable-top-k** **Description** Enable ddos top-k source IP detection **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **enable-top-k-destination** **Description** Enable ddos top-k destination IP detection **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **faster-de-escalation** **Description** De-escalate faster in standalone mode **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid-cfg** **Description:** glid-cfg is a **JSON Block**. Please see below for :ref:`1048_zone-list_port_zone-service-other-list_glid-cfg` **Type:** Object **ip-filtering-policy** **Description** Configure IP Filter **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/ip-filtering-policy ` **ip-filtering-policy-oper** **Description:** ip-filtering-policy-oper is a **JSON Block**. Please see below for :ref:`1048_zone-list_port_zone-service-other-list_ip-filtering-policy-oper` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}/ip-filtering-policy-oper ` **level-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}/level/{level-num} ` **manual-mode-enable** **Description** Toggle manual mode to use fix templates **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **manual-mode-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}/manual-mode/{config} ` **max-dynamic-entry-count** **Description** Maximum count for dynamic source zone service entry **Type:** number **Range:** 0-2147483647 **outbound-only** **Description** Only allow outbound traffic **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **pattern-recognition** **Description:** pattern-recognition is a **JSON Block**. Please see below for :ref:`1048_zone-list_port_zone-service-other-list_pattern-recognition` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}/pattern-recognition ` **pattern-recognition-pu-details** **Description:** pattern-recognition-pu-details is a **JSON Block**. Please see below for :ref:`1048_zone-list_port_zone-service-other-list_pattern-recognition-pu-details` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}/pattern-recognition-pu-details ` **port-ind** **Description:** port-ind is a **JSON Block**. Please see below for :ref:`1048_zone-list_port_zone-service-other-list_port-ind` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}/port-ind ` **port-other** **Description** 'other': other; **Type:** string **Supported Values:** other **progression-tracking** **Description:** progression-tracking is a **JSON Block**. Please see below for :ref:`1048_zone-list_port_zone-service-other-list_progression-tracking` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}/progression-tracking ` **protocol** **Description** 'tcp': TCP Port; 'udp': UDP Port; **Type:** string **Supported Values:** tcp, udp **set-counter-base-val** **Description** Set T2 counter value of current context to specified value **Type:** number **Range:** 1-4294967295 **sflow-common** **Description** Enable all sFlow polling options under this zone port **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** sflow-common,sflow-packets, sflow-tcp-basic, and sflow-tcp-stateful are mutually exclusive **sflow-packets** **Description** Enable sFlow packet-level counter polling **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** sflow-packets and sflow-common are mutually exclusive **sflow-tcp** **Description:** sflow-tcp is a **JSON Block**. Please see below for :ref:`1048_zone-list_port_zone-service-other-list_sflow-tcp` **Type:** Object **src-based-policy-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}/src-based-policy/{src-based-policy-name} ` **stateful** **Description** Enable stateful tracking of sessions (Default is stateless) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **topk-destinations** **Description:** topk-destinations is a **JSON Block**. Please see below for :ref:`1048_zone-list_port_zone-service-other-list_topk-destinations` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}/topk-destinations ` **topk-dst-num-records** **Description** Maximum number of records to show in topk **Type:** number **Range:** 1-100 **Default:** 20 **topk-num-records** **Description** Maximum number of records to show in topk **Type:** number **Range:** 1-100 **Default:** 20 **topk-sources** **Description:** topk-sources is a **JSON Block**. Please see below for :ref:`1048_zone-list_port_zone-service-other-list_topk-sources` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}/topk-sources ` **unlimited-dynamic-entry-count** **Description** No limit for maximum dynamic src entry count **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_zone-list_port_zone-service-other-list_pattern-recognition: zone-list_port_zone-service-other-list_pattern-recognition ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **algorithm** **Description** 'heuristic': heuristic algorithm; **Type:** string **Supported Values:** heuristic **capture-traffic** **Description** 'all': Capture all packets; 'dropped': Capture dropped packets (default); **Type:** string **Supported Values:** all, dropped **filter-inactive-threshold** **Description** Extracted filter inactive threshold **Type:** number **Range:** 5-255 **filter-threshold** **Description** Extracted filter threshold **Type:** number **Range:** 0-100 **mode** **Description** 'capture-never-expire': War-time capture without rate exceeding and never expires; 'manual': Manual mode; **Type:** string **Supported Values:** capture-never-expire, manual **sensitivity** **Description** 'high': High Sensitivity; 'medium': Medium Sensitivity; 'low': Low Sensitivity; **Type:** string **Supported Values:** high, medium, low **triggered-by** **Description** 'zone-escalation': Zone escalation trigger pattern recognition; 'packet-rate-exceeds': Packet rate limit exceeds trigger pattern recognition (default); **Type:** string **Supported Values:** zone-escalation, packet-rate-exceeds **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_zone-list_port_zone-service-other-list_dynamic-entry-overflow-policy-list: zone-list_port_zone-service-other-list_dynamic-entry-overflow-policy-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **action** **Description** 'bypass': Always permit for the Source to bypass all feature & limit checks; 'deny': Blacklist incoming packets for service; **Type:** string **Supported Values:** bypass, deny **dummy-name** **Description** 'configuration': Configure overflow policy; **Type:** string **Supported Values:** configuration **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **log-enable** **Description** Enable logging **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **log-periodic** **Description** Enable log periodic **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-template** **Description:** zone-template is a **JSON Block**. Please see below for :ref:`1048_zone-list_port_zone-service-other-list_dynamic-entry-overflow-policy-list_zone-template` **Type:** Object .. _1048_zone-list_port_zone-service-other-list_dynamic-entry-overflow-policy-list_zone-template: zone-list_port_zone-service-other-list_dynamic-entry-overflow-policy-list_zone-template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dns** **Description** DDOS dns template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **encap** **Description** DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **http** **Description** DDOS http template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **logging** **Description** DDOS logging template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **sip** **Description** DDOS sip template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **ssl-l4** **Description** DDOS ssl-l4 template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **tcp** **Description** DDOS tcp template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **udp** **Description** DDOS udp template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _1048_zone-list_port_zone-service-other-list_ip-filtering-policy-oper: zone-list_port_zone-service-other-list_ip-filtering-policy-oper ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_zone-list_port_zone-service-other-list_glid-cfg: zone-list_port_zone-service-other-list_glid-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **action-list** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **glid** **Description** Global limit ID for the whole zone **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **glid-action** **Description** 'drop': Drop packets for glid exceed (Default if default-action-list is not configured); 'ignore': Do nothing for glid exceed; **Type:** string **Supported Values:** drop, ignore **per-addr-glid** **Description** Global limit ID per address **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` .. _1048_zone-list_port_zone-service-other-list_level-list: zone-list_port_zone-service-other-list_level-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **apply-extracted-filters** **Description** Apply extracted filters from this level **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **close-sessions-for-unauth-sources** **Description** Close session for unauthenticated sources **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid-action** **Description** 'drop': Drop packets for glid exceed (Default); 'blacklist-src': Blacklist-src for glid exceed; 'ignore': Do nothing for glid exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **indicator-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}/level/{level-num}/indicator/{type} ` **level-num** **Description** '0': Default policy level; '1': Policy level 1; '2': Policy level 2; '3': Policy level 3; '4': Policy level 4; **Type:** string **Supported Values:** 0, 1, 2, 3, 4 **src-default-glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **src-escalation-score** **Description** Source activation score of this level **Type:** number **Range:** 1-1000000 **src-violation-actions** **Description** Violation actions apply due to source escalate from this level **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/violation-actions ` **start-pattern-recognition** **Description** Start pattern recognition from this level **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-escalation-score** **Description** Zone activation score of this level **Type:** number **Range:** 1-1000000 **zone-template** **Description:** zone-template is a **JSON Block**. Please see below for :ref:`1048_zone-list_port_zone-service-other-list_level-list_zone-template` **Type:** Object **zone-violation-actions** **Description** Violation actions apply due to zone escalate from this level **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/violation-actions ` .. _1048_zone-list_port_zone-service-other-list_level-list_zone-template: zone-list_port_zone-service-other-list_level-list_zone-template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **encap** **Description** DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **tcp** **Description** DDOS tcp template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **udp** **Description** DDOS udp template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _1048_zone-list_port_zone-service-other-list_level-list_indicator-list: zone-list_port_zone-service-other-list_level-list_indicator-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **data-packet-size** **Description** Expected minimal data size **Type:** number **Range:** 1-1500 **score** **Description** Score corresponding to the indicator **Type:** number **Range:** 1-1000000 **src-threshold-large-num** **Description** Indicator per-src threshold **Type:** number **Range:** 1-10995116277760 **src-threshold-num** **Description** Indicator per-src threshold **Type:** number **Range:** 1-2147483647 **src-threshold-str** **Description** Indicator per-src threshold (Non-zero floating point) **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters **src-violation-actions** **Description** Violation actions to use when this src indicator threshold reaches **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/violation-actions ` **tcp-window-size** **Description** Expected minimal window size **Type:** number **Range:** 1-500 **type** **Description** 'pkt-rate': rate of incoming packets; 'pkt-drop-rate': rate of packets got dropped; 'bit-rate': rate of incoming bits; 'pkt-drop-ratio': ratio of incoming packet rate divided by the rate of dropping packets; 'bytes-to-bytes-from-ratio': ratio of incoming packet rate divided by the rate of outgoing packets; 'concurrent-conns': number of concurrent connections; 'conn-miss-rate': rate of incoming packets for which no previously established connection exists; 'syn-rate': rate on incoming SYN packets; 'fin-rate': rate on incoming FIN packets; 'rst-rate': rate of incoming RST packets; 'small-window-ack-rate': rate of small window advertisement; 'empty-ack-rate': rate of incoming packets which have no payload; 'small-payload-rate': rate of short payload packet; 'syn-fin-ratio': ratio of incoming SYN packet rate divided by the rate of incoming FIN packets; 'cpu-utilization': average data CPU utilization; 'interface-utilization': outside interface utilization; **Type:** string **Supported Values:** pkt-rate, pkt-drop-rate, bit-rate, pkt-drop-ratio, bytes-to-bytes-from-ratio, concurrent-conns, conn-miss-rate, syn-rate, fin-rate, rst-rate, small-window-ack-rate, empty-ack-rate, small-payload-rate, syn-fin-ratio, cpu-utilization, interface-utilization **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-threshold-large-num** **Description** Threshold for the entire zone **Type:** number **Range:** 1-10995116277760 **zone-threshold-num** **Description** Threshold for the entire zone **Type:** number **Range:** 1-2147483647 **zone-threshold-str** **Description** Threshold for the entire zone (Non-zero floating point) **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters **zone-violation-actions** **Description** Violation actions to use when this zone indicator threshold reaches **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/violation-actions ` .. _1048_zone-list_port_zone-service-other-list_manual-mode-list: zone-list_port_zone-service-other-list_manual-mode-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **close-sessions-for-unauth-sources** **Description** Close session for unauthenticated sources **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **config** **Description** 'configuration': Manual-mode configuration; **Type:** string **Supported Values:** configuration **glid-action** **Description** 'drop': Drop packets for glid exceed (Default); 'blacklist-src': Blacklist-src for glid exceed; 'ignore': Do nothing for glid exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **src-default-glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-template** **Description:** zone-template is a **JSON Block**. Please see below for :ref:`1048_zone-list_port_zone-service-other-list_manual-mode-list_zone-template` **Type:** Object .. _1048_zone-list_port_zone-service-other-list_manual-mode-list_zone-template: zone-list_port_zone-service-other-list_manual-mode-list_zone-template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **encap** **Description** DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **tcp** **Description** DDOS tcp template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **udp** **Description** DDOS udp template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _1048_zone-list_port_zone-service-other-list_src-based-policy-list: zone-list_port_zone-service-other-list_src-based-policy-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **policy-class-list-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}/src-based-policy/{src-based-policy-name}/policy-class-list/{class-list-name} ` **src-based-policy-name** **Description** Specify name of the policy **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_zone-list_port_zone-service-other-list_src-based-policy-list_policy-class-list-list: zone-list_port_zone-service-other-list_src-based-policy-list_policy-class-list-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **action** **Description** 'bypass': Always permit for the Source to bypass all feature & limit checks; 'deny': Blacklist incoming packets for service; **Type:** string **Supported Values:** bypass, deny **class-list-name** **Description** Class-list name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **class-list-overflow-policy-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}/src-based-policy/{src-based-policy-name}/policy-class-list/{class-list-name}/class-list-overflow-policy/{dummy-name} ` **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **glid-action** **Description** 'drop': Drop packets for glid exceed (Default); 'blacklist-src': Blacklist-src for glid exceed; 'ignore': Do nothing for glid exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **max-dynamic-entry-count** **Description** Maximum count for dynamic source zone service entry allowed for this class-list **Type:** number **Range:** 0-2147483647 **sampling-enable** **Type:** List **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-template** **Description:** zone-template is a **JSON Block**. Please see below for :ref:`1048_zone-list_port_zone-service-other-list_src-based-policy-list_policy-class-list-list_zone-template` **Type:** Object .. _1048_zone-list_port_zone-service-other-list_src-based-policy-list_policy-class-list-list_zone-template: zone-list_port_zone-service-other-list_src-based-policy-list_policy-class-list-list_zone-template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **encap** **Description** DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **logging** **Description** DDOS logging template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **tcp** **Description** DDOS tcp template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **udp** **Description** DDOS udp template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _1048_zone-list_port_zone-service-other-list_src-based-policy-list_policy-class-list-list_sampling-enable: zone-list_port_zone-service-other-list_src-based-policy-list_policy-class-list-list_sampling-enable ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'packet_received': Packets Received; 'packet_dropped': Packets Dropped; 'entry_learned': Entry Learned; 'entry_count_overflow': Entry Count Overflow; **Type:** string **Supported Values:** all, packet_received, packet_dropped, entry_learned, entry_count_overflow .. _1048_zone-list_port_zone-service-other-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list: zone-list_port_zone-service-other-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **action** **Description** 'bypass': Always permit for the Source to bypass all feature & limit checks; 'deny': Blacklist incoming packets for service; **Type:** string **Supported Values:** bypass, deny **dummy-name** **Description** 'configuration': Configure overflow policy for class-list; **Type:** string **Supported Values:** configuration **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **log-enable** **Description** Enable logging **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **log-periodic** **Description** Enable log periodic **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-template** **Description:** zone-template is a **JSON Block**. Please see below for :ref:`1048_zone-list_port_zone-service-other-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list_zone-template` **Type:** Object .. _1048_zone-list_port_zone-service-other-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list_zone-template: zone-list_port_zone-service-other-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list_zone-template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dns** **Description** DDOS dns template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **encap** **Description** DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **http** **Description** DDOS http template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **logging** **Description** DDOS logging template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **sip** **Description** DDOS sip template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **ssl-l4** **Description** DDOS ssl-l4 template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **tcp** **Description** DDOS tcp template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **udp** **Description** DDOS udp template **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters .. _1048_zone-list_port_zone-service-other-list_pattern-recognition-pu-details: zone-list_port_zone-service-other-list_pattern-recognition-pu-details ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_zone-list_port_zone-service-other-list_port-ind: zone-list_port_zone-service-other-list_port-ind ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **sampling-enable** **Type:** List **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_zone-list_port_zone-service-other-list_port-ind_sampling-enable: zone-list_port_zone-service-other-list_port-ind_sampling-enable ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'ip-proto-type': IP Protocol Type; 'ddet_ind_pkt_rate_current': Pkt Rate Current; 'ddet_ind_pkt_rate_min': Pkt Rate Min; 'ddet_ind_pkt_rate_max': Pkt Rate Max; 'ddet_ind_pkt_rate_adaptive_threshold': Pkt Rate Adaptive Threshold; 'ddet_ind_pkt_drop_rate_current': Pkt Drop Rate Current; 'ddet_ind_pkt_drop_rate_min': Pkt Drop Rate Min; 'ddet_ind_pkt_drop_rate_max': Pkt Drop Rate Max; 'ddet_ind_pkt_drop_rate_adaptive_threshold': Pkt Drop Rate Adaptive Threshold; 'ddet_ind_syn_rate_current': TCP SYN Rate Current; 'ddet_ind_syn_rate_min': TCP SYN Rate Min; 'ddet_ind_syn_rate_max': TCP SYN Rate Max; 'ddet_ind_syn_rate_adaptive_threshold': TCP SYN Rate Adaptive Threshold; 'ddet_ind_fin_rate_current': TCP FIN Rate Current; 'ddet_ind_fin_rate_min': TCP FIN Rate Min; 'ddet_ind_fin_rate_max': TCP FIN Rate Max; 'ddet_ind_fin_rate_adaptive_threshold': TCP FIN Rate Adaptive Threshold; 'ddet_ind_rst_rate_current': TCP RST Rate Current; 'ddet_ind_rst_rate_min': TCP RST Rate Min; 'ddet_ind_rst_rate_max': TCP RST Rate Max; 'ddet_ind_rst_rate_adaptive_threshold': TCP RST Rate Adaptive Threshold; 'ddet_ind_small_window_ack_rate_current': TCP Small Window ACK Rate Current; 'ddet_ind_small_window_ack_rate_min': TCP Small Window ACK Rate Min; 'ddet_ind_small_window_ack_rate_max': TCP Small Window ACK Rate Max; 'ddet_ind_small_window_ack_rate_adaptive_threshold': TCP Small Window ACK Rate Adaptive Threshold; 'ddet_ind_empty_ack_rate_current': TCP Empty ACK Rate Current; 'ddet_ind_empty_ack_rate_min': TCP Empty ACK Rate Min; 'ddet_ind_empty_ack_rate_max': TCP Empty ACK Rate Max; 'ddet_ind_empty_ack_rate_adaptive_threshold': TCP Empty ACK Rate Adaptive Threshold; 'ddet_ind_small_payload_rate_current': TCP Small Payload Rate Current; 'ddet_ind_small_payload_rate_min': TCP Small Payload Rate Min; 'ddet_ind_small_payload_rate_max': TCP Small Payload Rate Max; 'ddet_ind_small_payload_rate_adaptive_threshold': TCP Small Payload Rate Adaptive Threshold; 'ddet_ind_pkt_drop_ratio_current': Pkt Drop / Pkt Rcvd Current; 'ddet_ind_pkt_drop_ratio_min': Pkt Drop / Pkt Rcvd Min; 'ddet_ind_pkt_drop_ratio_max': Pkt Drop / Pkt Rcvd Max; 'ddet_ind_pkt_drop_ratio_adaptive_threshold': Pkt Drop / Pkt Rcvd Adaptive Threshold; 'ddet_ind_inb_per_outb_current': Bytes-to / Bytes-from Current; 'ddet_ind_inb_per_outb_min': Bytes-to / Bytes-from Min; 'ddet_ind_inb_per_outb_max': Bytes-to / Bytes-from Max; 'ddet_ind_inb_per_outb_adaptive_threshold': Bytes-to / Bytes-from Adaptive Threshold; 'ddet_ind_syn_per_fin_rate_current': TCP SYN Rate / FIN Rate Current; 'ddet_ind_syn_per_fin_rate_min': TCP SYN Rate / FIN Rate Min; 'ddet_ind_syn_per_fin_rate_max': TCP SYN Rate / FIN Rate Max; 'ddet_ind_syn_per_fin_rate_adaptive_threshold': TCP SYN Rate / FIN Rate Adaptive Threshold; 'ddet_ind_conn_miss_rate_current': TCP Session Miss Rate Current; 'ddet_ind_conn_miss_rate_min': TCP Session Miss Rate Min; 'ddet_ind_conn_miss_rate_max': TCP Session Miss Rate Max; 'ddet_ind_conn_miss_rate_adaptive_threshold': TCP Session Miss Rate Adaptive Threshold; 'ddet_ind_concurrent_conns_current': TCP/UDP Concurrent Sessions Current; 'ddet_ind_concurrent_conns_min': TCP/UDP Concurrent Sessions Min; 'ddet_ind_concurrent_conns_max': TCP/UDP Concurrent Sessions Max; 'ddet_ind_concurrent_conns_adaptive_threshold': TCP/UDP Concurrent Sessions Adaptive Threshold; 'ddet_ind_data_cpu_util_current': Data CPU Utilization Current; 'ddet_ind_data_cpu_util_min': Data CPU Utilization Min; 'ddet_ind_data_cpu_util_max': Data CPU Utilization Max; 'ddet_ind_data_cpu_util_adaptive_threshold': Data CPU Utilization Adaptive Threshold; 'ddet_ind_outside_intf_util_current': Outside Interface Utilization Current; 'ddet_ind_outside_intf_util_min': Outside Interface Utilization Min; 'ddet_ind_outside_intf_util_max': Outside Interface Utilization Max; 'ddet_ind_outside_intf_util_adaptive_threshold': Outside Interface Utilization Adaptive Threshold; 'ddet_ind_frag_rate_current': Frag Pkt Rate Current; 'ddet_ind_frag_rate_min': Frag Pkt Rate Min; 'ddet_ind_frag_rate_max': Frag Pkt Rate Max; 'ddet_ind_frag_rate_adaptive_threshold': Frag Pkt Rate Adaptive Threshold; 'ddet_ind_bit_rate_current': Bit Rate Current; 'ddet_ind_bit_rate_min': Bit Rate Min; 'ddet_ind_bit_rate_max': Bit Rate Max; 'ddet_ind_bit_rate_adaptive_threshold': Bit Rate Adaptive Threshold; **Type:** string **Supported Values:** all, ip-proto-type, ddet_ind_pkt_rate_current, ddet_ind_pkt_rate_min, ddet_ind_pkt_rate_max, ddet_ind_pkt_rate_adaptive_threshold, ddet_ind_pkt_drop_rate_current, ddet_ind_pkt_drop_rate_min, ddet_ind_pkt_drop_rate_max, ddet_ind_pkt_drop_rate_adaptive_threshold, ddet_ind_syn_rate_current, ddet_ind_syn_rate_min, ddet_ind_syn_rate_max, ddet_ind_syn_rate_adaptive_threshold, ddet_ind_fin_rate_current, ddet_ind_fin_rate_min, ddet_ind_fin_rate_max, ddet_ind_fin_rate_adaptive_threshold, ddet_ind_rst_rate_current, ddet_ind_rst_rate_min, ddet_ind_rst_rate_max, ddet_ind_rst_rate_adaptive_threshold, ddet_ind_small_window_ack_rate_current, ddet_ind_small_window_ack_rate_min, ddet_ind_small_window_ack_rate_max, ddet_ind_small_window_ack_rate_adaptive_threshold, ddet_ind_empty_ack_rate_current, ddet_ind_empty_ack_rate_min, ddet_ind_empty_ack_rate_max, ddet_ind_empty_ack_rate_adaptive_threshold, ddet_ind_small_payload_rate_current, ddet_ind_small_payload_rate_min, ddet_ind_small_payload_rate_max, ddet_ind_small_payload_rate_adaptive_threshold, ddet_ind_pkt_drop_ratio_current, ddet_ind_pkt_drop_ratio_min, ddet_ind_pkt_drop_ratio_max, ddet_ind_pkt_drop_ratio_adaptive_threshold, ddet_ind_inb_per_outb_current, ddet_ind_inb_per_outb_min, ddet_ind_inb_per_outb_max, ddet_ind_inb_per_outb_adaptive_threshold, ddet_ind_syn_per_fin_rate_current, ddet_ind_syn_per_fin_rate_min, ddet_ind_syn_per_fin_rate_max, ddet_ind_syn_per_fin_rate_adaptive_threshold, ddet_ind_conn_miss_rate_current, ddet_ind_conn_miss_rate_min, ddet_ind_conn_miss_rate_max, ddet_ind_conn_miss_rate_adaptive_threshold, ddet_ind_concurrent_conns_current, ddet_ind_concurrent_conns_min, ddet_ind_concurrent_conns_max, ddet_ind_concurrent_conns_adaptive_threshold, ddet_ind_data_cpu_util_current, ddet_ind_data_cpu_util_min, ddet_ind_data_cpu_util_max, ddet_ind_data_cpu_util_adaptive_threshold, ddet_ind_outside_intf_util_current, ddet_ind_outside_intf_util_min, ddet_ind_outside_intf_util_max, ddet_ind_outside_intf_util_adaptive_threshold, ddet_ind_frag_rate_current, ddet_ind_frag_rate_min, ddet_ind_frag_rate_max, ddet_ind_frag_rate_adaptive_threshold, ddet_ind_bit_rate_current, ddet_ind_bit_rate_min, ddet_ind_bit_rate_max, ddet_ind_bit_rate_adaptive_threshold .. _1048_zone-list_port_zone-service-other-list_sflow-tcp: zone-list_port_zone-service-other-list_sflow-tcp ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **sflow-tcp-basic** **Description** Enable sFlow basic TCP counter polling **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** sflow-tcp-basic and sflow-common are mutually exclusive **sflow-tcp-stateful** **Description** Enable sFlow stateful TCP counter polling **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** sflow-tcp-stateful and sflow-common are mutually exclusive .. _1048_zone-list_port_zone-service-other-list_topk-sources: zone-list_port_zone-service-other-list_topk-sources ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_zone-list_port_zone-service-other-list_topk-destinations: zone-list_port_zone-service-other-list_topk-destinations ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_zone-list_port_zone-service-other-list_progression-tracking: zone-list_port_zone-service-other-list_progression-tracking ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_zone-list_ipv6: zone-list_ipv6 ^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **expand-ipv6-subnet** **Description** Expand this subnet to individual IPv6 address **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **expand-ipv6-subnet-mode** **Description** 'default': Default learning mechanism (Default: Dynamic); 'dynamic': Dynamic learning; 'static': Static learning; **Type:** string **Supported Values:** default, dynamic, static **Default:** default **ip6-addr** **Description** Specify IPv6 address **Type:** string **Format:** ipv6-address **subnet-ipv6-addr** **Description** IPV6 Subnet **Type:** string **Format:** ipv6-address-plen .. _1048_zone-list_src-port-range-list: zone-list_src-port-range-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **capture-config** **Description:** capture-config is a **JSON Block**. Please see below for :ref:`1048_zone-list_src-port-range-list_capture-config` **Type:** Object **default-action-list** **Description** Configure default-action-list **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **deny** **Description** Blacklist and Drop all incoming packets for protocol **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid-cfg** **Description:** glid-cfg is a **JSON Block**. Please see below for :ref:`1048_zone-list_src-port-range-list_glid-cfg` **Type:** Object **level-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/src-port-range/{src-port-range-start}+{src-port-range-end}+{protocol}/level/{level-num} ` **port-ind** **Description:** port-ind is a **JSON Block**. Please see below for :ref:`1048_zone-list_src-port-range-list_port-ind` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/src-port-range/{src-port-range-start}+{src-port-range-end}+{protocol}/port-ind ` **protocol** **Description** 'udp': UDP port; 'tcp': TCP Port; **Type:** string **Supported Values:** udp, tcp **set-counter-base-val** **Description** Set T2 counter value of current context to specified value **Type:** number **Range:** 1-4294967295 **src-port-range-end** **Description** Src Port-Range End Port Number **Type:** number **Range:** 2-65535 **src-port-range-start** **Description** Src Port-Range Start Port Number **Type:** number **Range:** 1-65535 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-template** **Description:** zone-template is a **JSON Block**. Please see below for :ref:`1048_zone-list_src-port-range-list_zone-template` **Type:** Object .. _1048_zone-list_src-port-range-list_capture-config: zone-list_src-port-range-list_capture-config ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **capture-config-mode** **Description** 'drop': Apply capture-config to dropped packets; 'forward': Apply capture-config to forwarded packets; 'all': Apply capture-config to both dropped and forwarded packets; **Type:** string **Supported Values:** drop, forward, all **capture-config-name** **Description** Capture-config name **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1048_zone-list_src-port-range-list_glid-cfg: zone-list_src-port-range-list_glid-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **glid-action** **Description** 'drop': Drop packets for glid exceed (Default); 'ignore': Do nothing for glid exceed; **Type:** string **Supported Values:** drop, ignore .. _1048_zone-list_src-port-range-list_zone-template: zone-list_src-port-range-list_zone-template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **src-tcp** **Description** DDOS tcp src template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **src-udp** **Description** DDOS udp src template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1048_zone-list_src-port-range-list_port-ind: zone-list_src-port-range-list_port-ind ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_zone-list_src-port-range-list_level-list: zone-list_src-port-range-list_level-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **indicator-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/src-port-range/{src-port-range-start}+{src-port-range-end}+{protocol}/level/{level-num}/indicator/{type} ` **level-num** **Description** '0': Default policy level; '1': Policy level 1; **Type:** string **Supported Values:** 0, 1 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_zone-list_src-port-range-list_level-list_indicator-list: zone-list_src-port-range-list_level-list_indicator-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **type** **Description** 'pkt-rate': rate of incoming packets; 'bit-rate': rate of incoming bits; **Type:** string **Supported Values:** pkt-rate, bit-rate **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-threshold-large-num** **Description** Threshold of the entire zone for the port-range **Type:** number **Range:** 1-10995116277760 **zone-threshold-num** **Description** Threshold of the entire zone for the port-range **Type:** number **Range:** 1-2147483647 .. _1048_zone-list_sflow-tcp: zone-list_sflow-tcp ^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **sflow-tcp-basic** **Description** Enable sFlow basic TCP counter polling. WARNING: Zone level Sflow polling might induce heavy CPU load depending on the total nu **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** sflow-tcp-basic and sflow-common are mutually exclusive **sflow-tcp-stateful** **Description** Enable sFlow stateful TCP counter polling. WARNING: Zone level Sflow polling might induce heavy CPU load depending on the total **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** sflow-tcp-stateful and sflow-common are mutually exclusive .. _1048_zone-list_src-port: zone-list_src-port ^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **zone-src-port-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/src-port/zone-src-port/{port-num}+{protocol} ` **zone-src-port-other-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/src-port/zone-src-port-other/{port-other}+{protocol} ` .. _1048_zone-list_src-port_zone-src-port-list: zone-list_src-port_zone-src-port-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **default-action-list** **Description** Configure default-action-list **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **deny** **Description** Blacklist and Drop all incoming packets for protocol **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid-cfg** **Description:** glid-cfg is a **JSON Block**. Please see below for :ref:`1048_zone-list_src-port_zone-src-port-list_glid-cfg` **Type:** Object **level-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/src-port/zone-src-port/{port-num}+{protocol}/level/{level-num} ` **outbound-src-tracking** **Description** 'enable': enable; 'disable': disable; **Type:** string **Supported Values:** enable, disable **Default:** disable **port-ind** **Description:** port-ind is a **JSON Block**. Please see below for :ref:`1048_zone-list_src-port_zone-src-port-list_port-ind` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/src-port/zone-src-port/{port-num}+{protocol}/port-ind ` **port-num** **Description** Source Port Number **Type:** number **Range:** 1-65535 **protocol** **Description** 'dns-udp': DNS-UDP Port; 'dns-tcp': DNS-TCP Port; 'udp': UDP port; 'tcp': TCP Port; **Type:** string **Supported Values:** dns-udp, dns-tcp, udp, tcp **set-counter-base-val** **Description** Set T2 counter value of current context to specified value **Type:** number **Range:** 1-4294967295 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-template** **Description:** zone-template is a **JSON Block**. Please see below for :ref:`1048_zone-list_src-port_zone-src-port-list_zone-template` **Type:** Object .. _1048_zone-list_src-port_zone-src-port-list_glid-cfg: zone-list_src-port_zone-src-port-list_glid-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **glid-action** **Description** 'drop': Drop packets for glid exceed (Default); 'ignore': Do nothing for glid exceed; **Type:** string **Supported Values:** drop, ignore .. _1048_zone-list_src-port_zone-src-port-list_zone-template: zone-list_src-port_zone-src-port-list_zone-template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **src-dns** **Description** DDOS dns src template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **src-tcp** **Description** DDOS tcp src template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **src-udp** **Description** DDOS udp src template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1048_zone-list_src-port_zone-src-port-list_port-ind: zone-list_src-port_zone-src-port-list_port-ind ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_zone-list_src-port_zone-src-port-list_level-list: zone-list_src-port_zone-src-port-list_level-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **indicator-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/src-port/zone-src-port/{port-num}+{protocol}/level/{level-num}/indicator/{type} ` **level-num** **Description** '0': Default policy level; '1': Policy level 1; **Type:** string **Supported Values:** 0, 1 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_zone-list_src-port_zone-src-port-list_level-list_indicator-list: zone-list_src-port_zone-src-port-list_level-list_indicator-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **type** **Description** 'pkt-rate': rate of incoming packets; 'bit-rate': rate of incoming bits; **Type:** string **Supported Values:** pkt-rate, bit-rate **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-threshold-large-num** **Description** Threshold of the entire zone for the src-port **Type:** number **Range:** 1-10995116277760 **zone-threshold-num** **Description** Threshold of the entire zone for the src-port **Type:** number **Range:** 1-2147483647 .. _1048_zone-list_src-port_zone-src-port-other-list: zone-list_src-port_zone-src-port-other-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **default-action-list** **Description** Configure default-action-list **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **deny** **Description** Blacklist and Drop all incoming packets for protocol **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid-cfg** **Description:** glid-cfg is a **JSON Block**. Please see below for :ref:`1048_zone-list_src-port_zone-src-port-other-list_glid-cfg` **Type:** Object **level-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/src-port/zone-src-port-other/{port-other}+{protocol}/level/{level-num} ` **port-ind** **Description:** port-ind is a **JSON Block**. Please see below for :ref:`1048_zone-list_src-port_zone-src-port-other-list_port-ind` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/src-port/zone-src-port-other/{port-other}+{protocol}/port-ind ` **port-other** **Description** 'other': other; **Type:** string **Supported Values:** other **protocol** **Description** 'udp': UDP port; 'tcp': TCP Port; **Type:** string **Supported Values:** udp, tcp **set-counter-base-val** **Description** Set T2 counter value of current context to specified value **Type:** number **Range:** 1-4294967295 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-template** **Description:** zone-template is a **JSON Block**. Please see below for :ref:`1048_zone-list_src-port_zone-src-port-other-list_zone-template` **Type:** Object .. _1048_zone-list_src-port_zone-src-port-other-list_glid-cfg: zone-list_src-port_zone-src-port-other-list_glid-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **glid-action** **Description** 'drop': Drop packets for glid exceed (Default); 'ignore': Do nothing for glid exceed; **Type:** string **Supported Values:** drop, ignore .. _1048_zone-list_src-port_zone-src-port-other-list_zone-template: zone-list_src-port_zone-src-port-other-list_zone-template ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **src-tcp** **Description** DDOS tcp src template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **src-udp** **Description** DDOS udp src template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1048_zone-list_src-port_zone-src-port-other-list_port-ind: zone-list_src-port_zone-src-port-other-list_port-ind ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_zone-list_src-port_zone-src-port-other-list_level-list: zone-list_src-port_zone-src-port-other-list_level-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **indicator-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/zone/{zone-name}/src-port/zone-src-port-other/{port-other}+{protocol}/level/{level-num}/indicator/{type} ` **level-num** **Description** '0': Default policy level; '1': Policy level 1; **Type:** string **Supported Values:** 0, 1 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1048_zone-list_src-port_zone-src-port-other-list_level-list_indicator-list: zone-list_src-port_zone-src-port-other-list_level-list_indicator-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **type** **Description** 'pkt-rate': rate of incoming packets; 'bit-rate': rate of incoming bits; **Type:** string **Supported Values:** pkt-rate, bit-rate **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zone-threshold-large-num** **Description** Threshold of the entire zone for the src-port **Type:** number **Range:** 1-10995116277760 **zone-threshold-num** **Description** Threshold of the entire zone for the src-port **Type:** number **Range:** 1-2147483647 .. _1048_zone-list_sampling-enable: zone-list_sampling-enable ^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'zone_tcp_any_exceed': TCP Dst IP-Proto Rate: Total Exceeded; 'zone_tcp_pkt_rate_exceed': TCP Dst IP-Proto Rate: Packet Exceeded; 'zone_tcp_conn_rate_exceed': TCP Dst IP-Proto Rate: Conn Exceeded; 'zone_udp_any_exceed': UDP Dst IP-Proto Rate: Total Exceeded; 'zone_udp_pkt_rate_exceed': UDP Dst IP-Proto Rate: Packet Exceeded; 'zone_udp_conn_limit_exceed': UDP Dst IP-Proto Limit: Conn Exceeded; 'zone_udp_conn_rate_exceed': UDP Dst IP-Proto Rate: Conn Exceeded; 'zone_icmp_pkt_rate_exceed': ICMP Dst Rate: Packet Exceeded; 'zone_other_pkt_rate_exceed': OTHER Dst IP-Proto Rate: Packet Exceeded; 'zone_other_frag_pkt_rate_exceed': OTHER Dst IP-Proto Rate: Frag Exceeded; 'zone_port_pkt_rate_exceed': Port Rate: Packet Exceeded; 'zone_port_conn_limit_exceed': Port Limit: Conn Exceeded; 'zone_port_conn_rate_exceed': Port Rate: Conn Exceeded; 'zone_pkt_sent': Inbound: Packets Forwarded; 'zone_udp_pkt_sent': UDP Total Packets Forwarded; 'zone_tcp_pkt_sent': TCP Total Packets Forwarded; 'zone_icmp_pkt_sent': ICMP Total Packets Forwarded; 'zone_other_pkt_sent': OTHER Total Packets Forwarded; 'zone_tcp_conn_limit_exceed': TCP Dst IP-Proto Limit: Conn Exceeded; 'zone_tcp_pkt_rcvd': TCP Total Packets Received; 'zone_udp_pkt_rcvd': UDP Total Packets Received; 'zone_icmp_pkt_rcvd': ICMP Total Packets Received; 'zone_other_pkt_rcvd': OTHER Total Packets Received; 'zone_udp_filter_match': UDP Filter Match; 'zone_udp_filter_not_match': UDP Filter Not Matched on Pkt; 'zone_udp_filter_action_blacklist': UDP Filter Action Blacklist; 'zone_udp_filter_action_drop': UDP Filter Action Drop; 'zone_tcp_syn': TCP Total SYN Received; 'zone_tcp_syn_drop': TCP SYN Packets Dropped; 'zone_tcp_src_rate_drop': TCP Src Rate: Total Exceeded; 'zone_udp_src_rate_drop': UDP Src Rate: Total Exceeded; 'zone_icmp_src_rate_drop': ICMP Src Rate: Total Exceeded; 'zone_other_frag_src_rate_drop': OTHER Src Rate: Frag Exceeded; 'zone_other_src_rate_drop': OTHER Src Rate: Total Exceeded; 'zone_tcp_drop': TCP Total Packets Dropped; 'zone_udp_drop': UDP Total Packets Dropped; 'zone_icmp_drop': ICMP Total Packets Dropped; 'zone_frag_drop': Fragmented Packets Dropped; 'zone_other_drop': OTHER Total Packets Dropped; 'zone_tcp_auth': TCP Auth: SYN Cookie Sent; 'zone_udp_filter_action_default_pass': UDP Filter Action Default Pass; 'zone_tcp_filter_match': TCP Filter Match; 'zone_tcp_filter_not_match': TCP Filter Not Matched on Pkt; 'zone_tcp_filter_action_blacklist': TCP Filter Action Blacklist; 'zone_tcp_filter_action_drop': TCP Filter Action Drop; 'zone_tcp_filter_action_default_pass': TCP Filter Action Default Pass; 'zone_udp_filter_action_whitelist': UDP Filter Action WL; 'zone_over_limit_on': Zone overlimit Trigger ON; 'zone_over_limit_off': Zone overlimit Trigger OFF; 'zone_port_over_limit_on': Zone port overlimit Trigger ON; 'zone_port_over_limit_off': Zone port overlimit Trigger OFF; 'zone_over_limit_action': Zone overlimit action; 'zone_port_over_limit_action': Zone port overlimit action; 'scanning_detected_drop': Scanning Detected drop (deprecated); 'scanning_detected_blacklist': Scanning Detected blacklist (deprecated); 'zone_udp_kibit_rate_drop': UDP Dst IP-Proto Rate: KiBit Exceeded; 'zone_tcp_kibit_rate_drop': TCP Dst IP-Proto Rate: KiBit Exceeded; 'zone_icmp_kibit_rate_drop': ICMP Dst Rate: KiBit Exceeded; 'zone_other_kibit_rate_drop': OTHER Dst IP-Proto Rate: KiBit Exceeded; 'zone_port_undef_drop': Dst Port Undefined Dropped; 'zone_port_bl': Dst Port Blacklist Packets Dropped; 'zone_src_port_bl': Dst SrcPort Blacklist Packets Dropped; 'zone_port_kbit_rate_exceed': Port Rate: KiBit Exceeded; 'zone_tcp_src_drop': TCP Src Packets Dropped; 'zone_udp_src_drop': UDP Src Packets Dropped; 'zone_icmp_src_drop': ICMP Src Packets Dropped; 'zone_other_src_drop': OTHER Src Packets Dropped; 'tcp_syn_rcvd': TCP Inbound SYN Received; 'tcp_syn_ack_rcvd': TCP SYN ACK Received; 'tcp_ack_rcvd': TCP ACK Received; 'tcp_fin_rcvd': TCP FIN Received; 'tcp_rst_rcvd': TCP RST Received; 'ingress_bytes': Inbound: Bytes Received; 'egress_bytes': Outbound: Bytes Received; 'ingress_packets': Inbound: Packets Received; 'egress_packets': Outbound: Packets Received; 'tcp_fwd_recv': TCP Inbound Packets Received; 'udp_fwd_recv': UDP Inbound Packets Received; 'icmp_fwd_recv': ICMP Inbound Packets Received; 'tcp_syn_cookie_fail': TCP Auth: SYN Cookie Failed; 'zone_tcp_session_created': TCP Sessions Created; 'zone_udp_session_created': UDP Sessions Created; 'zone_tcp_filter_action_whitelist': TCP Filter Action WL; 'zone_other_filter_match': OTHER Filter Match; 'zone_other_filter_not_match': OTHER Filter Not Matched on Pkt; 'zone_other_filter_action_blacklist': OTHER Filter Action Blacklist; 'zone_other_filter_action_drop': OTHER Filter Action Drop; 'zone_other_filter_action_whitelist': OTHER Filter Action WL; 'zone_other_filter_action_default_pass': OTHER Filter Action Default Pass; 'zone_blackhole_inject': Dst Blackhole Inject; 'zone_blackhole_withdraw': Dst Blackhole Withdraw; 'zone_tcp_out_of_seq_excd': TCP Out-Of-Seq Exceeded; 'zone_tcp_retransmit_excd': TCP Retransmit Exceeded; 'zone_tcp_zero_window_excd': TCP Zero-Window Exceeded; 'zone_tcp_conn_prate_excd': TCP Rate: Conn Pkt Exceeded; 'zone_tcp_action_on_ack_init': TCP Auth: ACK Retry Init; 'zone_tcp_action_on_ack_gap_drop': TCP Auth: ACK Retry Retry-Gap Dropped; 'zone_tcp_action_on_ack_fail': TCP Auth: ACK Retry Dropped; 'zone_tcp_action_on_ack_pass': TCP Auth: ACK Retry Passed; 'zone_tcp_action_on_syn_init': TCP Auth: SYN Retry Init; 'zone_tcp_action_on_syn_gap_drop': TCP Auth: SYN Retry-Gap Dropped; 'zone_tcp_action_on_syn_fail': TCP Auth: SYN Retry Dropped; 'zone_tcp_action_on_syn_pass': TCP Auth: SYN Retry Passed; 'zone_payload_too_small': UDP Payload Too Small; 'zone_payload_too_big': UDP Payload Too Large; 'zone_udp_conn_prate_excd': UDP Rate: Conn Pkt Exceeded; 'zone_udp_ntp_monlist_req': UDP NTP Monlist Request; 'zone_udp_ntp_monlist_resp': UDP NTP Monlist Response; 'zone_udp_wellknown_sport_drop': UDP SrcPort Wellknown; 'zone_udp_retry_init': UDP Auth: Retry Init; 'zone_udp_retry_pass': UDP Auth: Retry Passed; 'zone_tcp_bytes_drop': TCP Total Bytes Dropped; 'zone_udp_bytes_drop': UDP Total Bytes Dropped; 'zone_icmp_bytes_drop': ICMP Total Bytes Dropped; 'zone_other_bytes_drop': OTHER Total Bytes Dropped; 'zone_out_no_route': Dst IPv4/v6 Out No Route; 'outbound_bytes_sent': Outbound: Bytes Forwarded; 'outbound_drop': Outbound: Packets Dropped; 'outbound_bytes_drop': Outbound: Bytes Dropped; 'outbound_pkt_sent': Outbound: Packets Forwarded; 'inbound_bytes_sent': Inbound: Bytes Forwarded; 'inbound_bytes_drop': Inbound: Bytes Dropped; 'zone_src_port_pkt_rate_exceed': SrcPort Rate: Packet Exceeded; 'zone_src_port_kbit_rate_exceed': SrcPort Rate: KiBit Exceeded; 'zone_src_port_conn_limit_exceed': SrcPort Limit: Conn Exceeded; 'zone_src_port_conn_rate_exceed': SrcPort Rate: Conn Exceeded; 'zone_ip_proto_pkt_rate_exceed': IP-Proto Rate: Packet Exceeded; 'zone_ip_proto_kbit_rate_exceed': IP-Proto Rate: KiBit Exceeded; 'zone_tcp_port_any_exceed': TCP Port Rate: Total Exceed; 'zone_udp_port_any_exceed': UDP Port Rate: Total Exceed; 'zone_tcp_auth_pass': TCP Auth: SYN Auth Passed; 'zone_tcp_rst_cookie_fail': TCP Auth: RST Cookie Failed; 'zone_tcp_unauth_drop': TCP Auth: Unauth Dropped; 'src_tcp_syn_auth_fail': Src TCP Auth: SYN Auth Failed; 'src_tcp_syn_cookie_sent': Src TCP Auth: SYN Cookie Sent; 'src_tcp_syn_cookie_fail': Src TCP Auth: SYN Cookie Failed; 'src_tcp_rst_cookie_fail': Src TCP Auth: RST Cookie Failed; **Type:** string **Supported Values:** all, zone_tcp_any_exceed, zone_tcp_pkt_rate_exceed, zone_tcp_conn_rate_exceed, zone_udp_any_exceed, zone_udp_pkt_rate_exceed, zone_udp_conn_limit_exceed, zone_udp_conn_rate_exceed, zone_icmp_pkt_rate_exceed, zone_other_pkt_rate_exceed, zone_other_frag_pkt_rate_exceed, zone_port_pkt_rate_exceed, zone_port_conn_limit_exceed, zone_port_conn_rate_exceed, zone_pkt_sent, zone_udp_pkt_sent, zone_tcp_pkt_sent, zone_icmp_pkt_sent, zone_other_pkt_sent, zone_tcp_conn_limit_exceed, zone_tcp_pkt_rcvd, zone_udp_pkt_rcvd, zone_icmp_pkt_rcvd, zone_other_pkt_rcvd, zone_udp_filter_match, zone_udp_filter_not_match, zone_udp_filter_action_blacklist, zone_udp_filter_action_drop, zone_tcp_syn, zone_tcp_syn_drop, zone_tcp_src_rate_drop, zone_udp_src_rate_drop, zone_icmp_src_rate_drop, zone_other_frag_src_rate_drop, zone_other_src_rate_drop, zone_tcp_drop, zone_udp_drop, zone_icmp_drop, zone_frag_drop, zone_other_drop, zone_tcp_auth, zone_udp_filter_action_default_pass, zone_tcp_filter_match, zone_tcp_filter_not_match, zone_tcp_filter_action_blacklist, zone_tcp_filter_action_drop, zone_tcp_filter_action_default_pass, zone_udp_filter_action_whitelist, zone_over_limit_on, zone_over_limit_off, zone_port_over_limit_on, zone_port_over_limit_off, zone_over_limit_action, zone_port_over_limit_action, scanning_detected_drop, scanning_detected_blacklist, zone_udp_kibit_rate_drop, zone_tcp_kibit_rate_drop, zone_icmp_kibit_rate_drop, zone_other_kibit_rate_drop, zone_port_undef_drop, zone_port_bl, zone_src_port_bl, zone_port_kbit_rate_exceed, zone_tcp_src_drop, zone_udp_src_drop, zone_icmp_src_drop, zone_other_src_drop, tcp_syn_rcvd, tcp_syn_ack_rcvd, tcp_ack_rcvd, tcp_fin_rcvd, tcp_rst_rcvd, ingress_bytes, egress_bytes, ingress_packets, egress_packets, tcp_fwd_recv, udp_fwd_recv, icmp_fwd_recv, tcp_syn_cookie_fail, zone_tcp_session_created, zone_udp_session_created, zone_tcp_filter_action_whitelist, zone_other_filter_match, zone_other_filter_not_match, zone_other_filter_action_blacklist, zone_other_filter_action_drop, zone_other_filter_action_whitelist, zone_other_filter_action_default_pass, zone_blackhole_inject, zone_blackhole_withdraw, zone_tcp_out_of_seq_excd, zone_tcp_retransmit_excd, zone_tcp_zero_window_excd, zone_tcp_conn_prate_excd, zone_tcp_action_on_ack_init, zone_tcp_action_on_ack_gap_drop, zone_tcp_action_on_ack_fail, zone_tcp_action_on_ack_pass, zone_tcp_action_on_syn_init, zone_tcp_action_on_syn_gap_drop, zone_tcp_action_on_syn_fail, zone_tcp_action_on_syn_pass, zone_payload_too_small, zone_payload_too_big, zone_udp_conn_prate_excd, zone_udp_ntp_monlist_req, zone_udp_ntp_monlist_resp, zone_udp_wellknown_sport_drop, zone_udp_retry_init, zone_udp_retry_pass, zone_tcp_bytes_drop, zone_udp_bytes_drop, zone_icmp_bytes_drop, zone_other_bytes_drop, zone_out_no_route, outbound_bytes_sent, outbound_drop, outbound_bytes_drop, outbound_pkt_sent, inbound_bytes_sent, inbound_bytes_drop, zone_src_port_pkt_rate_exceed, zone_src_port_kbit_rate_exceed, zone_src_port_conn_limit_exceed, zone_src_port_conn_rate_exceed, zone_ip_proto_pkt_rate_exceed, zone_ip_proto_kbit_rate_exceed, zone_tcp_port_any_exceed, zone_udp_port_any_exceed, zone_tcp_auth_pass, zone_tcp_rst_cookie_fail, zone_tcp_unauth_drop, src_tcp_syn_auth_fail, src_tcp_syn_cookie_sent, src_tcp_syn_cookie_fail, src_tcp_rst_cookie_fail **counters2** **Description** 'src_tcp_unauth_drop': Src TCP Auth: Unauth Dropped; 'src_tcp_action_on_syn_init': Src TCP Auth: SYN Retry Init; 'src_tcp_action_on_syn_gap_drop': Src TCP Auth: SYN Retry-Gap Dropped; 'src_tcp_action_on_syn_fail': Src TCP Auth: SYN Retry Dropped; 'src_tcp_action_on_ack_init': Src TCP Auth: ACK Retry Init; 'src_tcp_action_on_ack_gap_drop': Src TCP Auth: ACK Retry Retry-Gap Dropped; 'src_tcp_action_on_ack_fail': Src TCP Auth: ACK Retry Dropped; 'src_tcp_out_of_seq_excd': Src TCP Out-Of-Seq Exceeded; 'src_tcp_retransmit_excd': Src TCP Retransmit Exceeded; 'src_tcp_zero_window_excd': Src TCP Zero-Window Exceeded; 'src_tcp_conn_prate_excd': Src TCP Rate: Conn Pkt Exceeded; 'src_udp_min_payload': Src UDP Payload Too Small; 'src_udp_max_payload': Src UDP Payload Too Large; 'src_udp_conn_prate_excd': Src UDP Rate: Conn Pkt Exceeded; 'src_udp_ntp_monlist_req': Src UDP NTP Monlist Request; 'src_udp_ntp_monlist_resp': Src UDP NTP Monlist Response; 'src_udp_wellknown_sport_drop': Src UDP SrcPort Wellknown; 'src_udp_retry_init': Src UDP Auth: Retry Init; 'dst_udp_retry_gap_drop': UDP Auth: Retry-Gap Dropped; 'dst_udp_retry_fail': UDP Auth: Retry Timeout; 'dst_tcp_session_aged': TCP Sessions Aged; 'dst_udp_session_aged': UDP Sessions Aged; 'dst_tcp_conn_close': TCP Connections Closed; 'dst_tcp_conn_close_half_open': TCP Half Open Connections Closed; 'dst_drop_frag_pkt': Fragmented Packets Dropped; 'src_tcp_filter_action_blacklist': Src TCP Filter Action Blacklist; 'src_tcp_filter_action_whitelist': Src TCP Filter Action WL; 'src_tcp_filter_action_drop': Src TCP Filter Action Drop; 'src_tcp_filter_action_default_pass': Src TCP Filter Action Default Pass; 'src_udp_filter_action_blacklist': Src UDP Filter Action Blacklist; 'src_udp_filter_action_whitelist': Src UDP Filter Action WL; 'src_udp_filter_action_drop': Src UDP Filter Action Drop; 'src_udp_filter_action_default_pass': Src UDP Filter Action Default Pass; 'src_other_filter_action_blacklist': Src OTHER Filter Action Blacklist; 'src_other_filter_action_whitelist': Src OTHER Filter Action WL; 'src_other_filter_action_drop': Src OTHER Filter Action Drop; 'src_other_filter_action_default_pass': Src OTHER Filter Action Default Pass; 'tcp_invalid_syn': TCP Invalid SYN Received; 'dst_tcp_conn_close_w_rst': TCP RST Connections Closed; 'dst_tcp_conn_close_w_fin': TCP FIN Connections Closed; 'dst_tcp_conn_close_w_idle': TCP Idle Connections Closed; 'dst_tcp_conn_create_from_syn': TCP Connections Created From SYN; 'dst_tcp_conn_create_from_ack': TCP Connections Created From ACK; 'src_frag_drop': Src Fragmented Packets Dropped; 'zone_port_kbit_rate_exceed_pkt': Port Rate: KiBit Pkt Exceeded; 'dst_tcp_bytes_rcv': TCP Total Bytes Received; 'dst_udp_bytes_rcv': UDP Total Bytes Received; 'dst_icmp_bytes_rcv': ICMP Total Bytes Received; 'dst_other_bytes_rcv': OTHER Total Bytes Received; 'dst_tcp_bytes_sent': TCP Total Bytes Forwarded; 'dst_udp_bytes_sent': UDP Total Bytes Forwarded; 'dst_icmp_bytes_sent': ICMP Total Bytes Forwarded; 'dst_other_bytes_sent': OTHER Total Bytes Forwarded; 'dst_udp_auth_drop': UDP Auth: Dropped; 'dst_tcp_auth_drop': TCP Auth: Dropped; 'dst_tcp_auth_resp': TCP Auth: Responded; 'dst_drop': Inbound: Packets Dropped; 'dst_entry_pkt_rate_exceed': Entry Rate: Packet Exceeded; 'dst_entry_kbit_rate_exceed': Entry Rate: KiBit Exceeded; 'dst_entry_conn_limit_exceed': Entry Limit: Conn Exceeded; 'dst_entry_conn_rate_exceed': Entry Rate: Conn Exceeded; 'dst_entry_frag_pkt_rate_exceed': Entry Rate: Frag Packet Exceeded; 'dst_l4_tcp_blacklist_drop': Dst TCP IP-Proto Blacklist Dropped; 'dst_l4_udp_blacklist_drop': Dst UDP IP-Proto Blacklist Dropped; 'dst_l4_icmp_blacklist_drop': Dst ICMP IP-Proto Blacklist Dropped; 'dst_l4_other_blacklist_drop': Dst OTHER IP-Proto Blacklist Dropped; 'dst_frag_timeout_drop': Fragment Reassemble Timeout Drop; 'dst_icmp_any_exceed': ICMP Rate: Total Exceed; 'dst_other_any_exceed': OTHER Rate: Total Exceed; 'tcp_rexmit_syn_limit_drop': TCP SYN Retransmit Exceeded Drop; 'tcp_rexmit_syn_limit_bl': TCP SYN Retransmit Exceeded Blacklist; 'dst_clist_overflow_policy_at_learning': Dst Src-Based Overflow Policy Hit; 'zone_frag_rcvd': Fragmented Packets Received; 'zone_tcp_wellknown_sport_drop': TCP SrcPort Wellknown; 'src_tcp_wellknown_sport_drop': Src TCP SrcPort Wellknown; 'secondary_dst_entry_pkt_rate_exceed': Per Addr Rate: Packet Exceeded; 'secondary_dst_entry_kbit_rate_exceed': Per Addr Rate: KiBit Exceeded; 'secondary_dst_entry_conn_limit_exceed': Per Addr Limit: Conn Exceeded; 'secondary_dst_entry_conn_rate_exceed': Per Addr Rate: Conn Exceeded; 'secondary_dst_entry_frag_pkt_rate_exceed': Per Addr Rate: Frag Packet Exceeded; 'src_udp_retry_gap_drop': Src UDP Auth: Retry-Gap Dropped; 'dst_entry_kbit_rate_exceed_count': Entry Rate: KiBit Exceeded Count; 'secondary_entry_learn': Per Addr Entry Learned; 'secondary_entry_hit': Per Addr Entry Hit; 'secondary_entry_miss': Per Addr Entry Missed; 'secondary_entry_aged': Per Addr Entry Aged; 'secondary_entry_learning_thre_exceed': Per Addr Entry Count Overflow; 'zone_port_undef_hit': Dst Port undefined Hit; 'zone_tcp_action_on_ack_timeout': TCP Auth: ACK Retry Timeout; 'zone_tcp_action_on_ack_reset': TCP Auth: ACK Retry Timeout Reset; 'zone_tcp_action_on_ack_blacklist': TCP Auth: ACK Retry Timeout Blacklisted; 'src_tcp_action_on_ack_timeout': Src TCP Auth: ACK Retry Timeout; 'src_tcp_action_on_ack_reset': Src TCP Auth: ACK Retry Timeout Reset; 'src_tcp_action_on_ack_blacklist': Src TCP Auth: ACK Retry Timeout Blacklisted; 'zone_tcp_action_on_syn_timeout': TCP Auth: SYN Retry Timeout; 'zone_tcp_action_on_syn_reset': TCP Auth: SYN Retry Timeout Reset; 'zone_tcp_action_on_syn_blacklist': TCP Auth: SYN Retry Timeout Blacklisted; 'src_tcp_action_on_syn_timeout': Src TCP Auth: SYN Retry Timeout; 'src_tcp_action_on_syn_reset': Src TCP Auth: SYN Retry Timeout Reset; 'src_tcp_action_on_syn_blacklist': Src TCP Auth: SYN Retry Timeout Blacklisted; 'zone_udp_frag_pkt_rate_exceed': UDP Dst IP-Proto Rate: Frag Exceeded; 'zone_udp_frag_src_rate_drop': UDP Src Rate: Frag Exceeded; 'zone_tcp_frag_pkt_rate_exceed': TCP Dst IP-Proto Rate: Frag Exceeded; 'zone_tcp_frag_src_rate_drop': TCP Src Rate: Frag Exceeded; 'zone_icmp_frag_pkt_rate_exceed': ICMP Dst IP-Proto Rate: Frag Exceeded; 'zone_icmp_frag_src_rate_drop': ICMP Src Rate: Frag Exceeded; 'sflow_internal_samples_packed': Sflow Internal Samples Packed; 'sflow_external_samples_packed': Sflow External Samples Packed; 'sflow_internal_packets_sent': Sflow Internal Packets Sent; 'sflow_external_packets_sent': Sflow External Packets Sent; 'dns_outbound_total_query': DNS Outbound Total Query; 'dns_outbound_query_malformed': DNS Outbound Query Malformed; 'dns_outbound_query_resp_chk_failed': DNS Outbound Query Resp Check Failed; 'dns_outbound_query_resp_chk_blacklisted': DNS Outbound Query Resp Check Blacklisted; 'dns_outbound_query_resp_chk_refused_sent': DNS Outbound Query Resp Check REFUSED Sent; 'dns_outbound_query_resp_chk_reset_sent': DNS Outbound Query Resp Check RESET Sent; 'dns_outbound_query_resp_chk_no_resp_sent': DNS Outbound Query Resp Check No Response Sent; 'dns_outbound_query_resp_size_exceed': DNS Outbound Query Response Size Exceed; 'dns_outbound_query_sess_timed_out': DNS Outbound Query Session Timed Out; 'source_entry_total': Source Entry Total Count; 'source_entry_udp': Source Entry UDP Count; 'source_entry_tcp': Source Entry TCP Count; 'source_entry_icmp': Source Entry ICMP Count; 'source_entry_other': Source Entry OTHER Count; 'dst_exceed_action_tunnel': Entry Exceed Action: Tunnel; **Type:** string **Supported Values:** src_tcp_unauth_drop, src_tcp_action_on_syn_init, src_tcp_action_on_syn_gap_drop, src_tcp_action_on_syn_fail, src_tcp_action_on_ack_init, src_tcp_action_on_ack_gap_drop, src_tcp_action_on_ack_fail, src_tcp_out_of_seq_excd, src_tcp_retransmit_excd, src_tcp_zero_window_excd, src_tcp_conn_prate_excd, src_udp_min_payload, src_udp_max_payload, src_udp_conn_prate_excd, src_udp_ntp_monlist_req, src_udp_ntp_monlist_resp, src_udp_wellknown_sport_drop, src_udp_retry_init, dst_udp_retry_gap_drop, dst_udp_retry_fail, dst_tcp_session_aged, dst_udp_session_aged, dst_tcp_conn_close, dst_tcp_conn_close_half_open, dst_drop_frag_pkt, src_tcp_filter_action_blacklist, src_tcp_filter_action_whitelist, src_tcp_filter_action_drop, src_tcp_filter_action_default_pass, src_udp_filter_action_blacklist, src_udp_filter_action_whitelist, src_udp_filter_action_drop, src_udp_filter_action_default_pass, src_other_filter_action_blacklist, src_other_filter_action_whitelist, src_other_filter_action_drop, src_other_filter_action_default_pass, tcp_invalid_syn, dst_tcp_conn_close_w_rst, dst_tcp_conn_close_w_fin, dst_tcp_conn_close_w_idle, dst_tcp_conn_create_from_syn, dst_tcp_conn_create_from_ack, src_frag_drop, zone_port_kbit_rate_exceed_pkt, dst_tcp_bytes_rcv, dst_udp_bytes_rcv, dst_icmp_bytes_rcv, dst_other_bytes_rcv, dst_tcp_bytes_sent, dst_udp_bytes_sent, dst_icmp_bytes_sent, dst_other_bytes_sent, dst_udp_auth_drop, dst_tcp_auth_drop, dst_tcp_auth_resp, dst_drop, dst_entry_pkt_rate_exceed, dst_entry_kbit_rate_exceed, dst_entry_conn_limit_exceed, dst_entry_conn_rate_exceed, dst_entry_frag_pkt_rate_exceed, dst_l4_tcp_blacklist_drop, dst_l4_udp_blacklist_drop, dst_l4_icmp_blacklist_drop, dst_l4_other_blacklist_drop, dst_frag_timeout_drop, dst_icmp_any_exceed, dst_other_any_exceed, tcp_rexmit_syn_limit_drop, tcp_rexmit_syn_limit_bl, dst_clist_overflow_policy_at_learning, zone_frag_rcvd, zone_tcp_wellknown_sport_drop, src_tcp_wellknown_sport_drop, secondary_dst_entry_pkt_rate_exceed, secondary_dst_entry_kbit_rate_exceed, secondary_dst_entry_conn_limit_exceed, secondary_dst_entry_conn_rate_exceed, secondary_dst_entry_frag_pkt_rate_exceed, src_udp_retry_gap_drop, dst_entry_kbit_rate_exceed_count, secondary_entry_learn, secondary_entry_hit, secondary_entry_miss, secondary_entry_aged, secondary_entry_learning_thre_exceed, zone_port_undef_hit, zone_tcp_action_on_ack_timeout, zone_tcp_action_on_ack_reset, zone_tcp_action_on_ack_blacklist, src_tcp_action_on_ack_timeout, src_tcp_action_on_ack_reset, src_tcp_action_on_ack_blacklist, zone_tcp_action_on_syn_timeout, zone_tcp_action_on_syn_reset, zone_tcp_action_on_syn_blacklist, src_tcp_action_on_syn_timeout, src_tcp_action_on_syn_reset, src_tcp_action_on_syn_blacklist, zone_udp_frag_pkt_rate_exceed, zone_udp_frag_src_rate_drop, zone_tcp_frag_pkt_rate_exceed, zone_tcp_frag_src_rate_drop, zone_icmp_frag_pkt_rate_exceed, zone_icmp_frag_src_rate_drop, sflow_internal_samples_packed, sflow_external_samples_packed, sflow_internal_packets_sent, sflow_external_packets_sent, dns_outbound_total_query, dns_outbound_query_malformed, dns_outbound_query_resp_chk_failed, dns_outbound_query_resp_chk_blacklisted, dns_outbound_query_resp_chk_refused_sent, dns_outbound_query_resp_chk_reset_sent, dns_outbound_query_resp_chk_no_resp_sent, dns_outbound_query_resp_size_exceed, dns_outbound_query_sess_timed_out, source_entry_total, source_entry_udp, source_entry_tcp, source_entry_icmp, source_entry_other, dst_exceed_action_tunnel **counters3** **Description** 'dst_udp_retry_timeout_blacklist': UDP Auth: Retry Timeout Blacklisted; 'src_udp_auth_timeout': Src UDP Auth: Retry Timeout; 'zone_src_udp_retry_timeout_blacklist': Src UDP Auth: Retry Timeout Blacklisted; 'src_udp_retry_pass': Src UDP Retry Passed; 'secondary_port_learn': Per Addr Port Learned; 'secondary_port_aged': Per Addr Port Aged; 'dst_entry_outbound_udp_session_created': Outbound: UDP Sessions Created; 'dst_entry_outbound_udp_session_aged': Outbound: UDP Sessions Aged; 'dst_entry_outbound_tcp_session_created': Outbound: TCP Sessions Created; 'dst_entry_outbound_tcp_session_aged': Outbound: TCP Sessions Aged; 'dst_entry_outbound_pkt_rate_exceed': Outbound Rate: Packet Exceeded; 'dst_entry_outbound_kbit_rate_exceed': Outbound Rate: KiBit Exceeded; 'dst_entry_outbound_kbit_rate_exceed_count': Outbound Rate: KiBit Exceeded Count; 'dst_entry_outbound_conn_limit_exceed': Outbound Limit: Conn Exceeded; 'dst_entry_outbound_conn_rate_exceed': Outbound Rate: Conn Exceeded; 'dst_entry_outbound_frag_pkt_rate_exceed': Outbound Rate: Frag Packet Exceeded; 'prog_first_req_time_exceed': Req-Resp: First Request Time Exceed; 'prog_req_resp_time_exceed': Req-Resp: Request to Response Time Exceed; 'prog_request_len_exceed': Req-Resp: Request Length Exceed; 'prog_response_len_exceed': Req-Resp: Response Length Exceed; 'prog_resp_req_ratio_exceed': Req-Resp: Response to Request Ratio Exceed; 'prog_resp_req_time_exceed': Req-Resp: Response to Request Time Exceed; 'entry_sync_message_received': Entry Sync Message Received; 'entry_sync_message_sent': Entry Sync Message Sent; 'prog_conn_sent_exceed': Connection: Sent Exceed; 'prog_conn_rcvd_exceed': Connection: Received Exceed; 'prog_conn_time_exceed': Connection: Time Exceed; 'prog_conn_rcvd_sent_ratio_exceed': Connection: Reveived to Sent Ratio Exceed; 'prog_win_sent_exceed': Time Window: Sent Exceed; 'prog_win_rcvd_exceed': Time Window: Received Exceed; 'prog_win_rcvd_sent_ratio_exceed': Time Window: Received to Sent Exceed; 'prog_exceed_drop': Req-Resp: Violation Exceed Dropped; 'prog_exceed_bl': Req-Resp: Violation Exceed Blacklisted; 'prog_conn_exceed_drop': Connection: Violation Exceed Dropped; 'prog_conn_exceed_bl': Connection: Violation Exceed Blacklisted; 'prog_win_exceed_drop': Time Window: Violation Exceed Dropped; 'prog_win_exceed_bl': Time Window: Violation Exceed Blacklisted; 'east_west_inbound_rcv_pkt': East West: Inbound Packets Received; 'east_west_inbound_drop_pkt': East West: Inbound Packets Dropped; 'east_west_inbound_fwd_pkt': East West: Inbound Packets Forwarded; 'east_west_inbound_rcv_byte': East West: Inbound Bytes Received; 'east_west_inbound_drop_byte': East West: Inbound Bytes Dropped; 'east_west_inbound_fwd_byte': East West: Inbound Bytes Forwarded; 'east_west_outbound_rcv_pkt': East West: Outbound Packets Received; 'east_west_outbound_drop_pkt': East West: Outbound Packets Dropped; 'east_west_outbound_fwd_pkt': East West: Outbound Packets Forwarded; 'east_west_outbound_rcv_byte': East West: Outbound Bytes Received; 'east_west_outbound_drop_byte': East West: Outbound Bytes Dropped; 'east_west_outbound_fwd_byte': East West: Outbound Bytes Forwarded; 'dst_exceed_action_drop': Entry Exceed Action: Dropped; 'prog_conn_samples': Sample Collected: Connection; 'prog_req_samples': Sample Collected: Req-Resp; 'prog_win_samples': Sample Collected: Time Window; 'victim_ip_learned': Victim Identification: IP Entry Learned; 'victim_ip_aged': Victim Identification: IP Entry Aged; **Type:** string **Supported Values:** dst_udp_retry_timeout_blacklist, src_udp_auth_timeout, zone_src_udp_retry_timeout_blacklist, src_udp_retry_pass, secondary_port_learn, secondary_port_aged, dst_entry_outbound_udp_session_created, dst_entry_outbound_udp_session_aged, dst_entry_outbound_tcp_session_created, dst_entry_outbound_tcp_session_aged, dst_entry_outbound_pkt_rate_exceed, dst_entry_outbound_kbit_rate_exceed, dst_entry_outbound_kbit_rate_exceed_count, dst_entry_outbound_conn_limit_exceed, dst_entry_outbound_conn_rate_exceed, dst_entry_outbound_frag_pkt_rate_exceed, prog_first_req_time_exceed, prog_req_resp_time_exceed, prog_request_len_exceed, prog_response_len_exceed, prog_resp_req_ratio_exceed, prog_resp_req_time_exceed, entry_sync_message_received, entry_sync_message_sent, prog_conn_sent_exceed, prog_conn_rcvd_exceed, prog_conn_time_exceed, prog_conn_rcvd_sent_ratio_exceed, prog_win_sent_exceed, prog_win_rcvd_exceed, prog_win_rcvd_sent_ratio_exceed, prog_exceed_drop, prog_exceed_bl, prog_conn_exceed_drop, prog_conn_exceed_bl, prog_win_exceed_drop, prog_win_exceed_bl, east_west_inbound_rcv_pkt, east_west_inbound_drop_pkt, east_west_inbound_fwd_pkt, east_west_inbound_rcv_byte, east_west_inbound_drop_byte, east_west_inbound_fwd_byte, east_west_outbound_rcv_pkt, east_west_outbound_drop_pkt, east_west_outbound_fwd_pkt, east_west_outbound_rcv_byte, east_west_outbound_drop_byte, east_west_outbound_fwd_byte, dst_exceed_action_drop, prog_conn_samples, prog_req_samples, prog_win_samples, victim_ip_learned, victim_ip_aged, prog_conn_samples_processed, prog_req_samples_processed, prog_win_samples_processed, dst_src_learn_overflow, dst_tcp_auth_rst .. _1048_zone-list_enable-top-k: zone-list_enable-top-k ^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **topk-num-records** **Description** Maximum number of records to show in topk **Type:** number **Range:** 1-100 **Default:** 20 **topk-type** **Description** 'destination': Topk destination IP; **Type:** string **Supported Values:** destination