.. _fw: fw == Firewall fw Specification ---------------- ===================================== =========================================== **Parameter** **Value** ===================================== =========================================== **Type** *Intermediate Resource* **Element Name** fw **Element URI** /axapi/v3/fw **Element Attributes** fw_attributes **Partition Visibility** shared **Schema** :download:`fw schema ` ===================================== =========================================== **Operations Allowed:** .. raw:: html .. raw:: html .. raw:: html .. raw:: html
OperationMethodURIPayload
Get Object .. raw:: html GET .. raw:: html /axapi/v3/fw .. raw:: html fw_attributes .. raw:: html
.. _1694_fw_attributes: fw attributes ------------- **active-rule-set** **Description:** active-rule-set is a **JSON Block**. Please see below for :ref:`1694_active-rule-set` **Type:** Object **Reference Object:** :doc:`/axapi/v3/fw/active-rule-set ` **alg** **Description:** alg is a **JSON Block**. Please see below for :ref:`1694_alg` **Type:** Object **Reference Object:** :doc:`/axapi/v3/fw/alg ` **app** **Description:** app is a **JSON Block**. Please see below for :ref:`1694_app` **Type:** Object **Reference Object:** :doc:`/axapi/v3/fw/app ` **apply-changes** **Description:** apply-changes is a **JSON Block**. Please see below for :ref:`1694_apply-changes` **Type:** Object **Reference Object:** :doc:`/axapi/v3/fw/apply-changes ` **clear-session-filter** **Description:** clear-session-filter is a **JSON Block**. Please see below for :ref:`1694_clear-session-filter` **Type:** Object **Reference Object:** :doc:`/axapi/v3/fw/clear-session-filter ` **ddos-protection** **Description:** ddos-protection is a **JSON Block**. Please see below for :ref:`1694_ddos-protection` **Type:** Object **Reference Object:** :doc:`/axapi/v3/fw/ddos-protection ` **full-cone-session** **Description:** full-cone-session is a **JSON Block**. Please see below for :ref:`1694_full-cone-session` **Type:** Object **Reference Object:** :doc:`/axapi/v3/fw/full-cone-session ` **global** **Description:** global is a **JSON Block**. Please see below for :ref:`1694_global` **Type:** Object **Reference Object:** :doc:`/axapi/v3/fw/global ` **gtp** **Description:** gtp is a **JSON Block**. Please see below for :ref:`1694_gtp` **Type:** Object **Reference Object:** :doc:`/axapi/v3/fw/gtp ` **helper-sessions** **Description:** helper-sessions is a **JSON Block**. Please see below for :ref:`1694_helper-sessions` **Type:** Object **Reference Object:** :doc:`/axapi/v3/fw/helper-sessions ` **hw-accelerate** **Description:** hw-accelerate is a **JSON Block**. Please see below for :ref:`1694_hw-accelerate` **Type:** Object **Reference Object:** :doc:`/axapi/v3/fw/hw-accelerate ` **limit-entry** **Description:** limit-entry is a **JSON Block**. Please see below for :ref:`1694_limit-entry` **Type:** Object **Reference Object:** :doc:`/axapi/v3/fw/limit-entry ` **local-log** **Description:** local-log is a **JSON Block**. Please see below for :ref:`1694_local-log` **Type:** Object **Reference Object:** :doc:`/axapi/v3/fw/local-log ` **logging** **Description:** logging is a **JSON Block**. Please see below for :ref:`1694_logging` **Type:** Object **Reference Object:** :doc:`/axapi/v3/fw/logging ` **match** **Description:** match is a **JSON Block**. Please see below for :ref:`1694_match` **Type:** Object **Reference Object:** :doc:`/axapi/v3/fw/match ` **per-instance** **Description:** per-instance is a **JSON Block**. Please see below for :ref:`1694_per-instance` **Type:** Object **Reference Object:** :doc:`/axapi/v3/fw/per-instance ` **radius** **Description:** radius is a **JSON Block**. Please see below for :ref:`1694_radius` **Type:** Object **Reference Object:** :doc:`/axapi/v3/fw/radius ` **rate-limit** **Description:** rate-limit is a **JSON Block**. Please see below for :ref:`1694_rate-limit` **Type:** Object **Reference Object:** :doc:`/axapi/v3/fw/rate-limit ` **resource-usage** **Description:** resource-usage is a **JSON Block**. Please see below for :ref:`1694_resource-usage` **Type:** Object **Reference Object:** :doc:`/axapi/v3/fw/resource-usage ` **server-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/fw/server/{name} ` **service-group-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/fw/service-group/{name} ` **session-aging-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/fw/session-aging/{name} ` **status** **Description:** status is a **JSON Block**. Please see below for :ref:`1694_status` **Type:** Object **Reference Object:** :doc:`/axapi/v3/fw/status ` **system-status** **Description:** system-status is a **JSON Block**. Please see below for :ref:`1694_system-status` **Type:** Object **Reference Object:** :doc:`/axapi/v3/fw/system-status ` **tap-monitor** **Description:** tap-monitor is a **JSON Block**. Please see below for :ref:`1694_tap-monitor` **Type:** Object **Reference Object:** :doc:`/axapi/v3/fw/tap-monitor ` **tcp** **Description:** tcp is a **JSON Block**. Please see below for :ref:`1694_tcp` **Type:** Object **Reference Object:** :doc:`/axapi/v3/fw/tcp ` **tcp-rst-close-immediate** **Description:** tcp-rst-close-immediate is a **JSON Block**. Please see below for :ref:`1694_tcp-rst-close-immediate` **Type:** Object **Reference Object:** :doc:`/axapi/v3/fw/tcp-rst-close-immediate ` **tcp-window-check** **Description:** tcp-window-check is a **JSON Block**. Please see below for :ref:`1694_tcp-window-check` **Type:** Object **Reference Object:** :doc:`/axapi/v3/fw/tcp-window-check ` **template** **Description:** template is a **JSON Block**. Please see below for :ref:`1694_template` **Type:** Object **Reference Object:** :doc:`/axapi/v3/fw/template ` **top-k-rules** **Description:** top-k-rules is a **JSON Block**. Please see below for :ref:`1694_top-k-rules` **Type:** Object **Reference Object:** :doc:`/axapi/v3/fw/top-k-rules ` **urpf** **Description:** urpf is a **JSON Block**. Please see below for :ref:`1694_urpf` **Type:** Object **Reference Object:** :doc:`/axapi/v3/fw/urpf ` **vrid** **Description:** vrid is a **JSON Block**. Please see below for :ref:`1694_vrid` **Type:** Object **Reference Object:** :doc:`/axapi/v3/fw/vrid ` .. _1694_apply-changes: apply-changes ^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **forced** **Description** Force recompile rule-set **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1694_alg: alg ^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dns** **Description:** dns is a **JSON Block**. Please see below for :ref:`1694_alg_dns` **Type:** Object **Reference Object:** :doc:`/axapi/v3/fw/alg/dns ` **esp** **Description:** esp is a **JSON Block**. Please see below for :ref:`1694_alg_esp` **Type:** Object **Reference Object:** :doc:`/axapi/v3/fw/alg/esp ` **ftp** **Description:** ftp is a **JSON Block**. Please see below for :ref:`1694_alg_ftp` **Type:** Object **Reference Object:** :doc:`/axapi/v3/fw/alg/ftp ` **icmp** **Description:** icmp is a **JSON Block**. Please see below for :ref:`1694_alg_icmp` **Type:** Object **Reference Object:** :doc:`/axapi/v3/fw/alg/icmp ` **pptp** **Description:** pptp is a **JSON Block**. Please see below for :ref:`1694_alg_pptp` **Type:** Object **Reference Object:** :doc:`/axapi/v3/fw/alg/pptp ` **rtsp** **Description:** rtsp is a **JSON Block**. Please see below for :ref:`1694_alg_rtsp` **Type:** Object **Reference Object:** :doc:`/axapi/v3/fw/alg/rtsp ` **sip** **Description:** sip is a **JSON Block**. Please see below for :ref:`1694_alg_sip` **Type:** Object **Reference Object:** :doc:`/axapi/v3/fw/alg/sip ` **tftp** **Description:** tftp is a **JSON Block**. Please see below for :ref:`1694_alg_tftp` **Type:** Object **Reference Object:** :doc:`/axapi/v3/fw/alg/tftp ` **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1694_alg_ftp: alg_ftp ^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **default-port-disable** **Description** 'default-port-disable': Disable FTP ALG default port 21; **Type:** string **Supported Values:** default-port-disable **sampling-enable** **Type:** List **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1694_alg_ftp_sampling-enable: alg_ftp_sampling-enable ^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'client-port-request': PORT Requests From Client; 'client-eprt-request': EPRT Requests From Client; 'server-pasv-reply': PASV Replies From Server; 'server-epsv-reply': EPSV Replies From Server; 'port-retransmits': PORT Retransmits; 'pasv-retransmits': PASV Retransmits; 'smp-app-type-mismatch': SMP App Type Mismatch; 'retransmit-sanity-check-failure': Retransmit Sanity Check Failure; 'smp-conn-alloc-failure': SMP Helper Conn Alloc Failure; 'port-helper-created': PORT Helper Created; 'pasv-helper-created': PASV Helper Created; 'port-helper-acquire-in-del-q': PORT Helper Acquire In Del Queue; 'port-helper-acquire-already-used': PORT Helper Acquire Already Used; 'pasv-helper-acquire-in-del-q': PASV Helper Acquire In Del Queue; 'pasv-helper-acquire-already-used': PASV Helper Acquire Already Used; 'port-helper-freed-used': PORT Helper Freed Used; 'port-helper-freed-unused': PORT Helper Freed Unused; 'pasv-helper-freed-used': PASV Helper Freed Used; 'pasv-helper-freed-unused': PASV Helper Freed Unused; **Type:** string **Supported Values:** all, client-port-request, client-eprt-request, server-pasv-reply, server-epsv-reply, port-retransmits, pasv-retransmits, smp-app-type-mismatch, retransmit-sanity-check-failure, smp-conn-alloc-failure, port-helper-created, pasv-helper-created, port-helper-acquire-in-del-q, port-helper-acquire-already-used, pasv-helper-acquire-in-del-q, pasv-helper-acquire-already-used, port-helper-freed-used, port-helper-freed-unused, pasv-helper-freed-used, pasv-helper-freed-unused .. _1694_alg_sip: alg_sip ^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **default-port-disable** **Description** 'default-port-disable': Disable SIP ALG default port 5060; **Type:** string **Supported Values:** default-port-disable **sampling-enable** **Type:** List **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1694_alg_sip_sampling-enable: alg_sip_sampling-enable ^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'stat-request': Request Received; 'stat-response': Response Received; 'method-register': Method REGISTER; 'method-invite': Method INVITE; 'method-ack': Method ACK; 'method-cancel': Method CANCEL; 'method-bye': Method BYE; 'method-options': Method OPTIONS; 'method-prack': Method PRACK; 'method-subscribe': Method SUBSCRIBE; 'method-notify': Method NOTIFY; 'method-publish': Method PUBLISH; 'method-info': Method INFO; 'method-refer': Method REFER; 'method-message': Method MESSAGE; 'method-update': Method UPDATE; 'method-unknown': Method Unknown; 'parse-error': Message Parse Error; 'keep-alive': Keep Alive; 'contact-error': Contact Process Error; 'sdp-error': SDP Process Error; 'rtp-port-no-op': RTP Port No Op; 'rtp-rtcp-port-success': RTP RTCP Port Success; 'rtp-port-failure': RTP Port Failure; 'rtcp-port-failure': RTCP Port Failure; 'contact-port-no-op': Contact Port No Op; 'contact-port-success': Contact Port Success; 'contact-port-failure': Contact Port Failure; 'contact-new': Contact Alloc; 'contact-alloc-failure': Contact Alloc Failure; 'contact-eim': Contact EIM; 'contact-eim-set': Contact EIM Set; 'rtp-new': RTP Alloc; 'rtp-alloc-failure': RTP Alloc Failure; 'rtp-eim': RTP EIM; 'helper-found': SMP Helper Conn Found; 'helper-created': SMP Helper Conn Created; 'helper-deleted': SMP Helper Conn Already Deleted; 'helper-freed': SMP Helper Conn Freed; 'helper-failure': SMP Helper Failure; **Type:** string **Supported Values:** all, stat-request, stat-response, method-register, method-invite, method-ack, method-cancel, method-bye, method-options, method-prack, method-subscribe, method-notify, method-publish, method-info, method-refer, method-message, method-update, method-unknown, parse-error, keep-alive, contact-error, sdp-error, rtp-port-no-op, rtp-rtcp-port-success, rtp-port-failure, rtcp-port-failure, contact-port-no-op, contact-port-success, contact-port-failure, contact-new, contact-alloc-failure, contact-eim, contact-eim-set, rtp-new, rtp-alloc-failure, rtp-eim, helper-found, helper-created, helper-deleted, helper-freed, helper-failure .. _1694_alg_esp: alg_esp ^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **default-port-disable** **Description** 'default-port-disable': Disable ESP ALG default port 500; **Type:** string **Supported Values:** default-port-disable **sampling-enable** **Type:** List **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1694_alg_esp_sampling-enable: alg_esp_sampling-enable ^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'session-created': ESP Sessions Created; 'helper-created': ESP Helper Sessions Created; 'helper-freed': ESP Helper Sessions Freed; 'helper-freed-used': ESP Helper Sessions freed used; 'helper-freed-unused': ESP Helper Sessions freed unused; 'helper-already-used': ESP Helper Session already used; 'helper-in-rml': ESP Helper Session in Remove List; **Type:** string **Supported Values:** all, session-created, helper-created, helper-freed, helper-freed-used, helper-freed-unused, helper-already-used, helper-in-rml .. _1694_alg_pptp: alg_pptp ^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **default-port-disable** **Description** 'default-port-disable': Disable PPTP ALG default port 1723; **Type:** string **Supported Values:** default-port-disable **sampling-enable** **Type:** List **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1694_alg_pptp_sampling-enable: alg_pptp_sampling-enable ^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'calls-established': Calls Established; 'call-req-pns-call-id-mismatch': Call ID Mismatch on Call Request; 'call-reply-pns-call-id-mismatch': Call ID Mismatch on Call Reply; 'gre-session-created': GRE Session Created; 'gre-session-freed': GRE Session Freed; 'call-req-retransmit': Call Request Retransmit; 'call-req-new': Call Request New; 'call-req-ext-alloc-failure': Call Request Ext Alloc Failure; 'call-reply-call-id-unknown': Call Reply Unknown Client Call ID; 'call-reply-retransmit': Call Reply Retransmit; 'call-reply-ext-ext-alloc-failure': Call Request Ext Alloc Failure; 'smp-app-type-mismatch': SMP App Type Mismatch; 'smp-client-call-id-mismatch': SMP Client Call ID Mismatch; 'smp-sessions-created': SMP Session Created; 'smp-sessions-freed': SMP Session Freed; 'smp-alloc-failure': SMP Session Alloc Failure; 'gre-conn-creation-failure': GRE Conn Alloc Failure; 'gre-conn-ext-creation-failure': GRE Conn Ext Alloc Failure; 'gre-no-fwd-route': GRE No Fwd Route; 'gre-no-rev-route': GRE No Rev Route; 'gre-no-control-conn': GRE No Control Conn; 'gre-conn-already-exists': GRE Conn Already Exists; 'gre-free-no-ext': GRE Free No Ext; 'gre-free-no-smp': GRE Free No SMP; 'gre-free-smp-app-type-mismatch': GRE Free SMP App Type Mismatch; 'control-freed': Control Session Freed; 'control-free-no-ext': Control Free No Ext; 'control-free-no-smp': Control Free No SMP; 'control-free-smp-app-type-mismatch': Control Free SMP App Type Mismatch; **Type:** string **Supported Values:** all, calls-established, call-req-pns-call-id-mismatch, call-reply-pns-call-id-mismatch, gre-session-created, gre-session-freed, call-req-retransmit, call-req-new, call-req-ext-alloc-failure, call-reply-call-id-unknown, call-reply-retransmit, call-reply-ext-ext-alloc-failure, smp-app-type-mismatch, smp-client-call-id-mismatch, smp-sessions-created, smp-sessions-freed, smp-alloc-failure, gre-conn-creation-failure, gre-conn-ext-creation-failure, gre-no-fwd-route, gre-no-rev-route, gre-no-control-conn, gre-conn-already-exists, gre-free-no-ext, gre-free-no-smp, gre-free-smp-app-type-mismatch, control-freed, control-free-no-ext, control-free-no-smp, control-free-smp-app-type-mismatch .. _1694_alg_rtsp: alg_rtsp ^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **default-port-disable** **Description** 'default-port-disable': Disable RTSP ALG default port 554; **Type:** string **Supported Values:** default-port-disable **sampling-enable** **Type:** List **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1694_alg_rtsp_sampling-enable: alg_rtsp_sampling-enable ^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'transport-inserted': Transport Created; 'transport-freed': Transport Freed; 'transport-alloc-failure': Transport Alloc Failure; 'data-session-created': Data Session Created; 'data-session-freed': Data Session Freed; 'ext-creation-failure': Extension Creation Failure; 'transport-add-to-ext': Transport Added to Extension; 'transport-removed-from-ext': Transport Removed from Extension; 'transport-too-many': Too Many Transports for Control Conn; 'transport-already-in-ext': Transport Already in Extension; 'transport-exists': Transport Already Exists; 'transport-link-ext-failure-control': Transport Link to Extension Failure Control; 'transport-link-ext-data': Transport Link to Extension Data; 'transport-link-ext-failure-data': Transport Link to Extension Failure Data; 'transport-inserted-shadow': Transport Inserted Shadow; 'transport-creation-race': Transport Create Race; 'transport-alloc-failure-shadow': Transport Alloc Failure Shadow; 'transport-put-in-del-q': Transport Put in Delete Queue; 'transport-freed-shadow': Transport Freed Shadow; 'transport-acquired-from-control': Transport Acquired Control; 'transport-found-from-prev-control': Transport Found From Prev Control; 'transport-acquire-failure-from-control': Transport Acquire Failure Control; 'transport-released-from-control': Transport Released Control; 'transport-double-release-from-control': Transport Double Release Control; 'transport-acquired-from-data': Transport Acquired Data; 'transport-acquire-failure-from-data': Transport Acquire Failure Data; 'transport-released-from-data': Transport Released Data; 'transport-double-release-from-data': Transport Double Release Data; 'transport-retry-lookup-on-data-free': Transport Retry Lookup Data; 'transport-not-found-on-data-free': Transport Not Found Data; 'data-session-created-shadow': Data Session Created Shadow; 'data-session-freed-shadow': Data Session Freed Shadow; 'ha-control-ext-creation-failure': HA Control Extension Creation Failure; 'ha-control-session-created': HA Control Session Created; 'ha-data-session-created': HA Data Session Created; **Type:** string **Supported Values:** all, transport-inserted, transport-freed, transport-alloc-failure, data-session-created, data-session-freed, ext-creation-failure, transport-add-to-ext, transport-removed-from-ext, transport-too-many, transport-already-in-ext, transport-exists, transport-link-ext-failure-control, transport-link-ext-data, transport-link-ext-failure-data, transport-inserted-shadow, transport-creation-race, transport-alloc-failure-shadow, transport-put-in-del-q, transport-freed-shadow, transport-acquired-from-control, transport-found-from-prev-control, transport-acquire-failure-from-control, transport-released-from-control, transport-double-release-from-control, transport-acquired-from-data, transport-acquire-failure-from-data, transport-released-from-data, transport-double-release-from-data, transport-retry-lookup-on-data-free, transport-not-found-on-data-free, data-session-created-shadow, data-session-freed-shadow, ha-control-ext-creation-failure, ha-control-session-created, ha-data-session-created .. _1694_alg_dns: alg_dns ^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **default-port-disable** **Description** 'default-port-disable': Disable DNS ALG default port 53; **Type:** string **Supported Values:** default-port-disable **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1694_alg_tftp: alg_tftp ^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **default-port-disable** **Description** 'default-port-disable': Disable TFTP ALG default port 69; **Type:** string **Supported Values:** default-port-disable **sampling-enable** **Type:** List **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1694_alg_tftp_sampling-enable: alg_tftp_sampling-enable ^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'session-created': TFTP Client Sessions Created; 'helper-created': TFTP Helper Sessions created; 'helper-freed': TFTP Helper Sessions freed; 'helper-freed-used': TFTP Helper Sessions freed used; 'helper-freed-unused': TFTP Helper Sessions freed unused; 'helper-already-used': TFTP Helper Session already used; 'helper-in-rml': TFTP Helper Session in Remove List; **Type:** string **Supported Values:** all, session-created, helper-created, helper-freed, helper-freed-used, helper-freed-unused, helper-already-used, helper-in-rml .. _1694_alg_icmp: alg_icmp ^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **disable** **Description** 'disable': Disable ICMP ALG which allows ICMP errors to pass the firewall; **Type:** string **Supported Values:** disable **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1694_app: app ^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **sampling-enable** **Type:** List **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1694_app_sampling-enable: app_sampling-enable ^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'dummy': Entry for a10countergen; **Type:** string **Supported Values:** all, dummy .. _1694_global: global ^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **alg-processing** **Description** 'honor-rule-set': Honors firewall rule-sets (Default); 'override-rule-set': Override firewall rule-sets; **Type:** string **Supported Values:** honor-rule-set, override-rule-set **Default:** honor-rule-set **allow-non-syn-session-create** **Description** Allow TCP non-syn packets to trigger session creation **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **disable-app-list** **Type:** List **disable-application-metrics** **Description** Disable exporting application protocol/category statistics to Harmony Controller **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **disable-ip-fw-sessions** **Description** disable create sessions for non TCP/UDP/ICMP **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **disable-undetermined-rule-logs** **Description** disable logs with undetermined rules **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dsr-mode-support** **Description** 'ipv4': support dsr for ipv4 traffic; 'ipv6': support dsr for ipv6 traffic; 'all': support dsr for both ipv4 and ipv6; **Type:** string **Supported Values:** ipv4, ipv6, all **extended-matching** **Description** 'disable': Disable extended matching; **Type:** string **Supported Values:** disable **inbound-refresh** **Description** 'enable': enable; 'disable': disable; **Type:** string **Supported Values:** enable, disable **Default:** enable **inbound-refresh-full-cone** **Description** 'enable': enable; 'disable': disable; **Type:** string **Supported Values:** enable, disable **Default:** enable **listen-on-port-timeout** **Description** STUN timeout (default: 2 minutes) **Type:** number **Range:** 0-60 **Default:** 2 **natip-ddos-protection** **Description** 'enable': Enable; 'disable': Disable; **Type:** string **Supported Values:** enable, disable **Default:** enable **permit-default-action** **Description** 'forward': Forward; 'next-service-mode': Service to be applied chosen based on configuration; **Type:** string **Supported Values:** forward, next-service-mode **respond-to-user-mac** **Description** Use the user's source MAC for the next hop rather than the routing table (default: off) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **sampling-enable** **Type:** List **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1694_global_disable-app-list: global_disable-app-list ^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **disable-application-category** **Description** 'aaa': Protocol/application used for AAA (Authentification, Authorization and Accounting) purposes.; 'adult-content': Adult content protocol/application.; 'advertising': Advertising networks and applications.; 'application-enforcing-tls': Application known to enforce HSTS and thus use of TLS.; 'analytics-and-statistics': User analytics and statistics protocol/application.; 'anonymizers-and-proxies': Traffic-anonymization protocol/application.; 'audio-chat': Protocol/application used for Audio Chat.; 'basic': Covers all protocols required for basic classification, including most networking protocols as well as standard protocols like HTTP.; 'blog': Blogging platform protocol/application.; 'cdn': Protocol/application used for Content-Delivery Networks.; 'certification-authority': Certification Authority for SSL/TLS certificate.; 'chat': Protocol/application used for Text Chat.; 'classified-ads': Protocol/application used for Classified Advertisements.; 'cloud-based-services': SaaS and/or PaaS cloud based services.; 'crowdfunding': Service for funding a project or venture by raising small amounts of money from a large number of people, typically via the Internet.; 'cryptocurrency': Services for mining cryptocurrencies, for example a Crypto Web Browser (an application that mines crypto currency in the background while its user browses the web).; 'database': Database-specific protocols.; 'disposable-email': Service offering Disposable Email Accounts (DEA). DEA is a technique to share temporary email address between many users.; 'ebook-reader': Services for e-book readers, i.e. connected devices that display electronic books (typically using e-ink displays to reduce glare and eye strain).; 'education': Protocols offering education services and online courses.; 'email': Native email protocol.; 'enterprise': Protocol/application used in an enterprise network.; 'file-management': Protocol/application designed specifically for file management and exchange. This can include bona fide network protocols (like SMB) as well as web/cloud services (like Dropbox).; 'file-transfer': Protocol that offers file transferring as a secondary feature. This typically includes IM, WebMail, and other protocols that allow file transfers in addition to their principal function.; 'forum': Online forum protocol/application.; 'gaming': Protocol/application used by games.; 'healthcare': Protocols offering medical services, i.e protocols used in medical environment.; 'instant-messaging-and-multimedia-conferencing': Protocol/application used for Instant Messaging or Multi-Conferencing.; 'internet-of-things': Internet Of Things protocol/application.; 'map-service': Digital Maps service (web site and their related API).; 'mobile': Mobile-specific protocol/application.; 'multimedia-streaming': Protocol/application used for multimedia streaming.; 'networking': Protocol used for (inter) networking purpose.; 'news-portal': Protocol/application used for News Portals.; 'payment-service': Application offering online services for accepting electronic payments by a variety of payment methods (credit card, bank-based payments such as direct debit, bank transfer, etc).; 'peer-to-peer': Protocol/application used for Peer-to-peer purposes.; 'remote-access': Protocol/application used for remote access.; 'scada': SCADA (Supervisory control and data acquisition) protocols, all generations.; 'social-networks': Social networking application.; 'software-update': Auto-update protocol.; 'speedtest': Speedtest application allowing to access quality of Internet connection (upload, download, latency, etc).; 'standards-based': Protocol issued from standardized bodies such as IETF, ITU, IEEE, ETSI, OIF.; 'transportation': Transportation services, for example smartphone applications that allow users to hail a taxi.; 'video-chat': Protocol/application used for Video Chat.; 'voip': Application used for Voice-Over-IP.; 'vpn-tunnels': Protocol/application used for VPN or tunneling purposes.; 'web': Application based on HTTP/HTTPS.; 'web-e-commerce': Protocol/application used for E-commerce websites.; 'web-search-engines': Protocol/application used for Web search portals.; 'web-websites': Protocol/application used for Company Websites.; 'webmails': Web-based e-mail application.; 'web-ext-adult': Web Extension Adult; 'web-ext-auctions': Web Extension Auctions; 'web-ext-blogs': Web Extension Blogs; 'web-ext-business-and-economy': Web Extension Business and Economy; 'web-ext-cdns': Web Extension CDNs; 'web-ext-collaboration': Web Extension Collaboration; 'web-ext-computer-and-internet-info': Web Extension Computer and Internet Info; 'web-ext-computer-and-internet-security': Web Extension Computer and Internet Security; 'web-ext-dating': Web Extension Dating; 'web-ext-educational-institutions': Web Extension Educational Institutions; 'web-ext-entertainment-and-arts': Web Extension Entertainment and Arts; 'web-ext-fashion-and-beauty': Web Extension Fashion and Beauty; 'web-ext-file-share': Web Extension File Share; 'web-ext-financial-services': Web Extension Financial Services; 'web-ext-gambling': Web Extension Gambling; 'web-ext-games': Web Extension Games; 'web-ext-government': Web Extension Government; 'web-ext-health-and-medicine': Web Extension Health and Medicine; 'web-ext-individual-stock-advice-and-tools': Web Extension Individual Stock Advice and Tools; 'web-ext-internet-portals': Web Extension Internet Portals; 'web-ext-job-search': Web Extension Job Search; 'web-ext-local-information': Web Extension Local Information; 'web-ext-malware': Web Extension Malware; 'web-ext-motor-vehicles': Web Extension Motor Vehicles; 'web-ext-music': Web Extension Music; 'web-ext-news': Web Extension News; 'web-ext-p2p': Web Extension P2P; 'web-ext-parked-sites': Web Extension Parked Sites; 'web-ext-proxy-avoid-and-anonymizers': Web Extension Proxy Avoid and Anonymizers; 'web-ext-real-estate': Web Extension Real Estate; 'web-ext-reference-and-research': Web Extension Reference and Research; 'web-ext-search-engines': Web Extension Search Engines; 'web-ext-shopping': Web Extension Shopping; 'web-ext-social-network': Web Extension Social Network; 'web-ext-society': Web Extension Society; 'web-ext-software': Web Extension Software; 'web-ext-sports': Web Extension Sports; 'web-ext-streaming-media': Web Extension Streaming Media; 'web-ext-training-and-tools': Web Extension Training and Tools; 'web-ext-translation': Web Extension Translation; 'web-ext-travel': Web Extension Travel; 'web-ext-web-advertisements': Web Extension Web Advertisements; 'web-ext-web-based-email': Web Extension Web based Email; 'web-ext-web-hosting': Web Extension Web Hosting; 'web-ext-web-service': Web Extension Web Service; **Type:** string **Supported Values:** aaa, adult-content, advertising, application-enforcing-tls, analytics-and-statistics, anonymizers-and-proxies, audio-chat, basic, blog, cdn, certification-authority, chat, classified-ads, cloud-based-services, crowdfunding, cryptocurrency, database, disposable-email, ebook-reader, education, email, enterprise, file-management, file-transfer, forum, gaming, healthcare, instant-messaging-and-multimedia-conferencing, internet-of-things, map-service, mobile, multimedia-streaming, networking, news-portal, payment-service, peer-to-peer, remote-access, scada, social-networks, software-update, speedtest, standards-based, transportation, video-chat, voip, vpn-tunnels, web, web-e-commerce, web-search-engines, web-websites, webmails, web-ext-adult, web-ext-auctions, web-ext-blogs, web-ext-business-and-economy, web-ext-cdns, web-ext-collaboration, web-ext-computer-and-internet-info, web-ext-computer-and-internet-security, web-ext-dating, web-ext-educational-institutions, web-ext-entertainment-and-arts, web-ext-fashion-and-beauty, web-ext-file-share, web-ext-financial-services, web-ext-gambling, web-ext-games, web-ext-government, web-ext-health-and-medicine, web-ext-individual-stock-advice-and-tools, web-ext-internet-portals, web-ext-job-search, web-ext-local-information, web-ext-malware, web-ext-motor-vehicles, web-ext-music, web-ext-news, web-ext-p2p, web-ext-parked-sites, web-ext-proxy-avoid-and-anonymizers, web-ext-real-estate, web-ext-reference-and-research, web-ext-search-engines, web-ext-shopping, web-ext-social-network, web-ext-society, web-ext-software, web-ext-sports, web-ext-streaming-media, web-ext-training-and-tools, web-ext-translation, web-ext-travel, web-ext-web-advertisements, web-ext-web-based-email, web-ext-web-hosting, web-ext-web-service **disable-application-protocol** **Description** Disable specific application protocol **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _1694_global_sampling-enable: global_sampling-enable ^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'tcp_fullcone_created': TCP Full-cone Created; 'tcp_fullcone_freed': TCP Full-cone Freed; 'udp_fullcone_created': UDP Full-cone Created; 'udp_fullcone_freed': UDP Full-cone Freed; 'fullcone_creation_failure': Full-Cone Creation Failure; 'data_session_created': Data Session Created; 'data_session_created_local': Data Session Created Local; 'dyn_blist_sess_sp': Dynamic Blacklist Session (Slowpath); 'data_session_freed': Data Session Freed; 'data_session_freed_local': Data Session Freed Local; 'dyn_blist_sess_created': Dynamic Blacklist Session Created; 'dyn_blist_sess_freed': Dynamic Blacklist Freed; 'dyn_blist_pkt_drop': Dynamic Blacklist - Packet Drop; 'dyn_blist_pkt_rate_low': Dynamic Blacklist - Pkt Rate Low; 'dyn_blist_pkt_rate_high': Dynamic Blacklist - Pkt Rate High; 'dyn_blist_version_mismatch': Dynamic Blacklist - Version Mismatch; 'dyn_blist_no_active_policy': Dynamic Blacklist - No Active Policy; 'fullcone_in_del_q': Full-cone session found in delete queue; 'fullcone_retry_lookup': Full-cone session retry look-up; 'fullcone_not_found': Full-cone session not found; 'fullcone_overflow_eim': Full-cone Session EIM Overflow; 'fullcone_overflow_eif': Full-cone Session EIF Overflow; 'udp_fullcone_created_shadow': Total UDP Full-cone sessions created; 'tcp_fullcone_created_shadow': Total TCP Full-cone sessions created; 'udp_fullcone_freed_shadow': Total UDP Full-cone sessions freed; 'tcp_fullcone_freed_shadow': Total TCP Full-cone sessions freed; 'fullcone_created': Total Full-cone sessions created; 'fullcone_freed': Total Full-cone sessions freed; 'fullcone_ext_too_many': Fullcone Extension Too Many; 'fullcone_ext_mem_allocated': Fullcone Extension Memory Allocated; 'fullcone_ext_mem_alloc_failure': Fullcone Extension Memory Allocate Failure; 'fullcone_ext_mem_alloc_init_faulure': Fullcone Extension Initialization Failure; 'fullcone_ext_mem_freed': Fullcone Extension Memory Freed; 'fullcone_ext_added': Fullcone Extension Added; 'ha_fullcone_failure': HA Full-cone Session Failure; 'data_session_created_shadow': Shadow Data Sessions Created; 'data_session_created_shadow_local': Shadow Data Sessions Created Local; 'data_session_freed_shadow': Shadow Data Sessions Freed; 'data_session_freed_shadow_local': Shadow Data Sessions Freed Local; 'active_fullcone_session': Total Active Full-cone sessions; 'limit-entry-failure': Limit Entry Creation Failure; 'limit-entry-allocated': Limit Entry Allocated; 'limit-entry-mem-freed': Limit Entry Freed; 'limit-entry-created': Limit Entry Created; 'limit-entry-found': Limit Entry Found; 'limit-entry-not-in-bucket': Limit Entry Not in Bucket; 'limit-entry-marked-deleted': Limit Entry Marked Deleted; 'undetermined-rule-counter': Undetermined rule detected; 'non_syn_pkt_fwd_allowed': Non-SYN pkt forward allowed; 'invalid-lid-drop': Invalid Lid Drop; 'src-session-limit-exceeded': Concurrent Session Limit Exceeded; 'uplink-pps-limit-exceeded': Uplink PPS Limit Exceeded; 'downlink-pps-limit-exceeded': Downlink PPS Limit Exceeded; 'total-pps-limit-exceeded': Total PPS Limit Exceeded; 'uplink-throughput-limit-exceeded': Uplink Throughput Limit Exceeded; 'downlink-throughput-limit-exceeded': Downlink Throughput Limit Exceeded; 'total-throughput-limit-exceeded': Total Throughput Limit Exceeded; 'cps-limit-exceeded': Connections Per Second Limit Exceeded; 'limit-exceeded': Per Second Limit Exceeded (Deprecated); 'limit-entry-per-cpu-mem-allocated': Limit Entry Memory Allocated (Deprecated); 'limit-entry-per-cpu-mem-allocation-failed': Limit Entry Memory Allocation Failed (Deprecated); 'limit-entry-per-cpu-mem-freed': Limit Entry Memory Freed (Deprecated); 'alg_default_port_disable': alg_default_port_disable; 'no_fwd_route': No Forward Route; 'no_rev_route': No Reverse Route; 'no_fwd_l2_dst': No Forward Mac Entry; 'no_rev_l2_dst': No Reverse Mac Entry; 'l2_dst_in_out_same': L2 route to same port as received; 'l2_vlan_changed': L2 forwarding vlan changed after session create; 'urpf_pkt_drop': URPF check packet drop; 'fwd_ingress_packets_tcp': Forward Ingress Packets TCP; 'fwd_egress_packets_tcp': Forward Egress Packets TCP; 'rev_ingress_packets_tcp': Reverse Ingress Packets TCP; 'rev_egress_packets_tcp': Reverse Egress Packets TCP; 'fwd_ingress_bytes_tcp': Forward Ingress Bytes TCP; 'fwd_egress_bytes_tcp': Forward Egress Bytes TCP; 'rev_ingress_bytes_tcp': Reverse Ingress Bytes TCP; 'rev_egress_bytes_tcp': Reverse Egress Bytes TCP; 'fwd_ingress_packets_udp': Forward Ingress Packets UDP; 'fwd_egress_packets_udp': Forward Egress Packets UDP; 'rev_ingress_packets_udp': Reverse Ingress Packets UDP; 'rev_egress_packets_udp': Reverse Egress Packets UDP; 'fwd_ingress_bytes_udp': Forward Ingress Bytes UDP; 'fwd_egress_bytes_udp': Forward Egress Bytes UDP; 'rev_ingress_bytes_udp': Reverse Ingress Bytes UDP; 'rev_egress_bytes_udp': Reverse Egress Bytes UDP; 'fwd_ingress_packets_icmp': Forward Ingress Packets ICMP; 'fwd_egress_packets_icmp': Forward Egress Packets ICMP; 'rev_ingress_packets_icmp': Reverse Ingress Packets ICMP; 'rev_egress_packets_icmp': Reverse Egress Packets ICMP; 'fwd_ingress_bytes_icmp': Forward Ingress Bytes ICMP; 'fwd_egress_bytes_icmp': Forward Egress Bytes ICMP; 'rev_ingress_bytes_icmp': Reverse Ingress Bytes ICMP; 'rev_egress_bytes_icmp': Reverse Egress Bytes ICMP; 'fwd_ingress_packets_others': Forward Ingress Packets OTHERS; 'fwd_egress_packets_others': Forward Egress Packets OTHERS; 'rev_ingress_packets_others': Reverse Ingress Packets OTHERS; 'rev_egress_packets_others': Reverse Egress Packets OTHERS; 'fwd_ingress_bytes_others': Forward Ingress Bytes OTHERS; 'fwd_egress_bytes_others': Forward Egress Bytes OTHERS; 'rev_ingress_bytes_others': Reverse Ingress Bytes OTHERS; 'rev_egress_bytes_others': Reverse Egress Bytes OTHERS; 'fwd_ingress_pkt_size_range1': Forward Ingress Packet size between 0 and 200; 'fwd_ingress_pkt_size_range2': Forward Ingress Packet size between 201 and 800; 'fwd_ingress_pkt_size_range3': Forward Ingress Packet size between 801 and 1550; 'fwd_ingress_pkt_size_range4': Forward Ingress Packet size between 1551 and 9000; 'fwd_egress_pkt_size_range1': Forward Egress Packet size between 0 and 200; 'fwd_egress_pkt_size_range2': Forward Egress Packet size between 201 and 800; 'fwd_egress_pkt_size_range3': Forward Egress Packet size between 801 and 1550; 'fwd_egress_pkt_size_range4': Forward Egress Packet size between 1551 and 9000; 'rev_ingress_pkt_size_range1': Reverse Ingress Packet size between 0 and 200; 'rev_ingress_pkt_size_range2': Reverse Ingress Packet size between 201 and 800; 'rev_ingress_pkt_size_range3': Reverse Ingress Packet size between 801 and 1550; 'rev_ingress_pkt_size_range4': Reverse Ingress Packet size between 1551 and 9000; 'rev_egress_pkt_size_range1': Reverse Egress Packet size between 0 and 200; 'rev_egress_pkt_size_range2': Reverse Egress Packet size between 201 and 800; 'rev_egress_pkt_size_range3': Reverse Egress Packet size between 801 and 1550; 'rev_egress_pkt_size_range4': Reverse Egress Packet size between 1551 and 9000; **Type:** string **Supported Values:** all, tcp_fullcone_created, tcp_fullcone_freed, udp_fullcone_created, udp_fullcone_freed, fullcone_creation_failure, data_session_created, data_session_created_local, dyn_blist_sess_sp, data_session_freed, data_session_freed_local, dyn_blist_sess_created, dyn_blist_sess_freed, dyn_blist_pkt_drop, dyn_blist_pkt_rate_low, dyn_blist_pkt_rate_high, dyn_blist_version_mismatch, dyn_blist_no_active_policy, fullcone_in_del_q, fullcone_retry_lookup, fullcone_not_found, fullcone_overflow_eim, fullcone_overflow_eif, udp_fullcone_created_shadow, tcp_fullcone_created_shadow, udp_fullcone_freed_shadow, tcp_fullcone_freed_shadow, fullcone_created, fullcone_freed, fullcone_ext_too_many, fullcone_ext_mem_allocated, fullcone_ext_mem_alloc_failure, fullcone_ext_mem_alloc_init_faulure, fullcone_ext_mem_freed, fullcone_ext_added, ha_fullcone_failure, data_session_created_shadow, data_session_created_shadow_local, data_session_freed_shadow, data_session_freed_shadow_local, active_fullcone_session, limit-entry-failure, limit-entry-allocated, limit-entry-mem-freed, limit-entry-created, limit-entry-found, limit-entry-not-in-bucket, limit-entry-marked-deleted, undetermined-rule-counter, non_syn_pkt_fwd_allowed, invalid-lid-drop, src-session-limit-exceeded, uplink-pps-limit-exceeded, downlink-pps-limit-exceeded, total-pps-limit-exceeded, uplink-throughput-limit-exceeded, downlink-throughput-limit-exceeded, total-throughput-limit-exceeded, cps-limit-exceeded, limit-exceeded, limit-entry-per-cpu-mem-allocated, limit-entry-per-cpu-mem-allocation-failed, limit-entry-per-cpu-mem-freed, alg_default_port_disable, no_fwd_route, no_rev_route, no_fwd_l2_dst, no_rev_l2_dst, l2_dst_in_out_same, l2_vlan_changed, urpf_pkt_drop, fwd_ingress_packets_tcp, fwd_egress_packets_tcp, rev_ingress_packets_tcp, rev_egress_packets_tcp, fwd_ingress_bytes_tcp, fwd_egress_bytes_tcp, rev_ingress_bytes_tcp, rev_egress_bytes_tcp, fwd_ingress_packets_udp, fwd_egress_packets_udp, rev_ingress_packets_udp, rev_egress_packets_udp, fwd_ingress_bytes_udp, fwd_egress_bytes_udp, rev_ingress_bytes_udp, rev_egress_bytes_udp, fwd_ingress_packets_icmp, fwd_egress_packets_icmp, rev_ingress_packets_icmp, rev_egress_packets_icmp, fwd_ingress_bytes_icmp, fwd_egress_bytes_icmp, rev_ingress_bytes_icmp, rev_egress_bytes_icmp, fwd_ingress_packets_others, fwd_egress_packets_others, rev_ingress_packets_others, rev_egress_packets_others, fwd_ingress_bytes_others, fwd_egress_bytes_others, rev_ingress_bytes_others, rev_egress_bytes_others, fwd_ingress_pkt_size_range1, fwd_ingress_pkt_size_range2, fwd_ingress_pkt_size_range3, fwd_ingress_pkt_size_range4, fwd_egress_pkt_size_range1, fwd_egress_pkt_size_range2, fwd_egress_pkt_size_range3, fwd_egress_pkt_size_range4, rev_ingress_pkt_size_range1, rev_ingress_pkt_size_range2, rev_ingress_pkt_size_range3, rev_ingress_pkt_size_range4, rev_egress_pkt_size_range1, rev_egress_pkt_size_range2, rev_egress_pkt_size_range3, rev_egress_pkt_size_range4 .. _1694_tcp-rst-close-immediate: tcp-rst-close-immediate ^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **status** **Description** 'enable': Enable TCP RST close immediate (default); 'disable': Disable TCP RST close immediate; **Type:** string **Supported Values:** enable, disable **Default:** enable **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1694_tcp: tcp ^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **mss-clamp** **Description:** mss-clamp is a **JSON Block**. Please see below for :ref:`1694_tcp_mss-clamp` **Type:** Object **Reference Object:** :doc:`/axapi/v3/fw/tcp/mss-clamp ` **reset-on-error** **Description:** reset-on-error is a **JSON Block**. Please see below for :ref:`1694_tcp_reset-on-error` **Type:** Object **Reference Object:** :doc:`/axapi/v3/fw/tcp/reset-on-error ` **syn-cookie** **Description:** syn-cookie is a **JSON Block**. Please see below for :ref:`1694_tcp_syn-cookie` **Type:** Object **Reference Object:** :doc:`/axapi/v3/fw/tcp/syn-cookie ` .. _1694_tcp_mss-clamp: tcp_mss-clamp ^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **min** **Description** Specify the min value allowed for the TCP MSS (Specify the min value allowed for the TCP MSS (default: ((576 - 60 - 60)))) **Type:** number **Range:** 0-1460 **Default:** 456 **mss-clamp-type** **Description** 'fixed': Specify a fixed max value for the TCP MSS; 'subtract': Specify the value to subtract from the TCP MSS; **Type:** string **Supported Values:** fixed, subtract **mss-subtract** **Description** Specify the value to subtract from the TCP MSS (default: not configured) **Type:** number **Range:** 0-1460 **mss-value** **Description** The max value allowed for the TCP MSS (default: not configured)} **Type:** number **Range:** 0-1460 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1694_tcp_reset-on-error: tcp_reset-on-error ^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **enable** **Description** Enable send TCP reset on error **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **outbound** **Description** 'enable': Enable send TCP reset on error; **Type:** string **Supported Values:** enable **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1694_tcp_syn-cookie: tcp_syn-cookie ^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **sampling-enable** **Type:** List **syn-cookie-enable** **Description** Enable Firewall Syn-Cookie Protection **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **syn-cookie-on-threshold** **Description** on-threshold for Syn-cookie (Decimal number) **Type:** number **Range:** 1-1000000 **syn-cookie-on-timeout** **Description** on-timeout for Syn-cookie (Timeout in seconds, default is 120 seconds (2 minutes)) **Type:** number **Range:** 1-300000 **Default:** 120 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1694_tcp_syn-cookie_sampling-enable: tcp_syn-cookie_sampling-enable ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'syn_ack_sent': SYN cookie SYN ACK sent; 'verification_passed': SYN cookie verification passed; 'verification_failed': SYN cookie verification failed; 'conn_setup_failed': SYN cookie connection setup failed; **Type:** string **Supported Values:** all, syn_ack_sent, verification_passed, verification_failed, conn_setup_failed .. _1694_hw-accelerate: hw-accelerate ^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **sampling-enable** **Type:** List **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1694_hw-accelerate_sampling-enable: hw-accelerate_sampling-enable ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'entry-create': HW Entries Created; 'entry-create-failure': HW Entry Creation Failed; 'entry-create-fail-server-down': HW Entry Creation Failed - server down; 'entry-create-fail-max-entry': HW Entry Creation Failed - max entries exceeded; 'entry-free': HW Entries Freed; 'entry-free-opp-entry': HW Entries Freed - opposite tuple entry aged-out; 'entry-free-no-hw-prog': HW Entry Freed - no HW prog; 'entry-free-no-conn': HW Entry Freed - no matched conn; 'entry-free-no-sw-entry': HW Entry Freed - no software entry; 'entry-counter': HW Entries Count; 'entry-age-out': HW Entries Aged Out; 'entry-age-out-idle': HW Entries Aged Out - idle timeout; 'entry-age-out-tcp-fin': HW Entries Aged Out - TCP FIN; 'entry-age-out-tcp-rst': HW Entries Aged Out - TCP RST; 'entry-age-out-invalid-dst': HW Entries Aged Out - invalid dst; 'entry-force-hw-invalidate': HW Entries Force HW Invalidate; 'entry-invalidate-server-down': HW Entries Invalidate due to server down; 'tcam-create': TCAM Flows Created; 'tcam-free': TCAM Flows Freed; 'tcam-counter': TCAM Flow Count; **Type:** string **Supported Values:** all, entry-create, entry-create-failure, entry-create-fail-server-down, entry-create-fail-max-entry, entry-free, entry-free-opp-entry, entry-free-no-hw-prog, entry-free-no-conn, entry-free-no-sw-entry, entry-counter, entry-age-out, entry-age-out-idle, entry-age-out-tcp-fin, entry-age-out-tcp-rst, entry-age-out-invalid-dst, entry-force-hw-invalidate, entry-invalidate-server-down, tcam-create, tcam-free, tcam-counter .. _1694_radius: radius ^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **server** **Description:** server is a **JSON Block**. Please see below for :ref:`1694_radius_server` **Type:** Object **Reference Object:** :doc:`/axapi/v3/fw/radius/server ` .. _1694_radius_server: radius_server ^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **accounting-interim-update** **Description** 'ignore': Ignore (default); 'append-entry': Append the AVPs to existing entry; 'replace-entry': Replace the AVPs of existing entry; **Type:** string **Supported Values:** ignore, append-entry, replace-entry **Default:** ignore **accounting-on** **Description** 'ignore': Ignore (default); 'delete-entries-using-attribute': Delete entries matching attribute in RADIUS Table; **Type:** string **Supported Values:** ignore, delete-entries-using-attribute **Default:** ignore **accounting-start** **Description** 'ignore': Ignore; 'append-entry': Append the AVPs to existing entry (default); 'replace-entry': Replace the AVPs of existing entry; **Type:** string **Supported Values:** ignore, append-entry, replace-entry **Default:** append-entry **accounting-stop** **Description** 'ignore': Ignore; 'delete-entry': Delete the entry (default); **Type:** string **Supported Values:** ignore, delete-entry **Default:** delete-entry **attribute** **Type:** List **attribute-name** **Description** 'msisdn': Clear using MSISDN; 'imei': Clear using IMEI; 'imsi': Clear using IMSI; **Type:** string **Supported Values:** msisdn, imei, imsi **Mutual Exclusion:** attribute-name and custom-attribute-name are mutually exclusive **custom-attribute-name** **Description** Clear using customized attribute **Type:** string **Maximum Length:** 15 characters **Maximum Length:** 1 characters **Mutual Exclusion:** custom-attribute-name and attribute-name are mutually exclusive **encrypted** **Description** Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED secret string) **listen-port** **Description** Configure the listen port of RADIUS server (Port number) **Type:** number **Range:** 1024-65535 **remote** **Description:** remote is a **JSON Block**. Please see below for :ref:`1694_radius_server_remote` **Type:** Object **sampling-enable** **Type:** List **secret** **Description** Configure shared secret **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **secret-string** **Description** The RADIUS secret **Type:** string **Format:** password **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **vrid** **Description** Join a VRRP-A failover group **Type:** number **Range:** 1-31 .. _1694_radius_server_remote: radius_server_remote ^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **ip-list** **Type:** List .. _1694_radius_server_remote_ip-list: radius_server_remote_ip-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **ip-list-encrypted** **Description** Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED secret string) **ip-list-name** **Description** IP-list name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **ip-list-secret** **Description** Configure shared secret **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **ip-list-secret-string** **Description** The RADIUS secret **Type:** string **Format:** password **Maximum Length:** 127 characters **Maximum Length:** 1 characters .. _1694_radius_server_sampling-enable: radius_server_sampling-enable ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'msisdn-received': MSISDN Received; 'imei-received': IMEI Received; 'imsi-received': IMSI Received; 'custom-received': Custom attribute Received; 'radius-request-received': RADIUS Request Received; 'radius-request-dropped': RADIUS Request Dropped (Malformed Packet); 'request-bad-secret-dropped': RADIUS Request Bad Secret Dropped; 'request-no-key-vap-dropped': RADIUS Request No Key Attribute Dropped; 'request-malformed-dropped': RADIUS Request Malformed Dropped; 'request-ignored': RADIUS Request Table Full Dropped; 'radius-table-full': RADIUS Request Dropped (Table Full); 'secret-not-configured-dropped': RADIUS Secret Not Configured Dropped; 'ha-standby-dropped': HA Standby Dropped; 'ipv6-prefix-length-mismatch': Framed IPV6 Prefix Length Mismatch; 'invalid-key': Radius Request has Invalid Key Field; 'smp-mem-allocated': RADIUS SMP Memory Allocated; 'smp-mem-alloc-failed': RADIUS SMP Memory Allocation Failed; 'smp-mem-freed': RADIUS SMP Memory Freed; 'smp-created': RADIUS SMP Created; 'smp-in-rml': RADIUS SMP in RML; 'smp-deleted': RADIUS SMP Deleted; 'mem-allocated': RADIUS Memory Allocated; 'mem-alloc-failed': RADIUS Memory Allocation Failed; 'mem-freed': RADIUS Memory Freed; 'ha-sync-create-sent': HA Record Sync Create Sent; 'ha-sync-delete-sent': HA Record Sync Delete Sent; 'ha-sync-create-recv': HA Record Sync Create Received; 'ha-sync-delete-recv': HA Record Sync Delete Received; 'acct-on-filters-full': RADIUS Acct On Request Ignored(Filters Full); 'acct-on-dup-request': Duplicate RADIUS Acct On Request; 'ip-mismatch-delete': Radius Entry IP Mismatch Delete; 'ip-add-race-drop': Radius Entry IP Add Race Drop; 'ha-sync-no-key-vap-dropped': HA Record Sync No key dropped; 'inter-card-msg-fail-drop': Inter-Card Message Fail Drop; 'radius-packets-redirected': RADIUS packets redirected (SO); 'radius-packets-redirect-fail-dropped': RADIUS packets dropped due to redirect failure (SO); 'radius-packets-process-local': RADIUS packets processed locally without redirection (SO); 'radius-packets-dropped-not-lo': RADIUS packets dropped dest not loopback (SO); 'radius-inter-card-dup-redir': RADIUS packet dropped as redirected by other blade (SO); **Type:** string **Supported Values:** all, msisdn-received, imei-received, imsi-received, custom-received, radius-request-received, radius-request-dropped, request-bad-secret-dropped, request-no-key-vap-dropped, request-malformed-dropped, request-ignored, radius-table-full, secret-not-configured-dropped, ha-standby-dropped, ipv6-prefix-length-mismatch, invalid-key, smp-mem-allocated, smp-mem-alloc-failed, smp-mem-freed, smp-created, smp-in-rml, smp-deleted, mem-allocated, mem-alloc-failed, mem-freed, ha-sync-create-sent, ha-sync-delete-sent, ha-sync-create-recv, ha-sync-delete-recv, acct-on-filters-full, acct-on-dup-request, ip-mismatch-delete, ip-add-race-drop, ha-sync-no-key-vap-dropped, inter-card-msg-fail-drop, radius-packets-redirected, radius-packets-redirect-fail-dropped, radius-packets-process-local, radius-packets-dropped-not-lo, radius-inter-card-dup-redir .. _1694_radius_server_attribute: radius_server_attribute ^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **attribute-value** **Description** 'inside-ipv6-prefix': Framed IPv6 Prefix; 'inside-ip': Inside IP address; 'inside-ipv6': Inside IPv6 address; 'imei': International Mobile Equipment Identity (IMEI); 'imsi': International Mobile Subscriber Identity (IMSI); 'msisdn': Mobile Subscriber Integrated Services Digital Network-Number (MSISDN); 'custom1': Customized attribute 1; 'custom2': Customized attribute 2; 'custom3': Customized attribute 3; 'custom4': Customized attribute 4; 'custom5': Customized attribute 5; 'custom6': Customized attribute 6; **Type:** string **Supported Values:** inside-ipv6-prefix, inside-ip, inside-ipv6, imei, imsi, msisdn, custom1, custom2, custom3, custom4, custom5, custom6 **custom-number** **Description** RADIUS attribute number **Type:** number **Range:** 1-255 **custom-vendor** **Description** RADIUS vendor attribute information (RADIUS vendor ID) **Type:** number **Range:** 1-65535 **name** **Description** Customized attribute name **Type:** string **Maximum Length:** 15 characters **Maximum Length:** 1 characters **number** **Description** RADIUS attribute number **Type:** number **Range:** 1-255 **prefix-length** **Description** '32': Prefix length 32; '48': Prefix length 48; '64': Prefix length 64; '80': Prefix length 80; '96': Prefix length 96; '112': Prefix length 112; **Type:** string **Supported Values:** 32, 48, 64, 80, 96, 112 **prefix-number** **Description** RADIUS attribute number **Type:** number **Range:** 1-255 **prefix-vendor** **Description** RADIUS vendor attribute information (RADIUS vendor ID) **Type:** number **Range:** 1-65535 **value** **Description** 'hexadecimal': Type of attribute value is hexadecimal; **Type:** string **Supported Values:** hexadecimal **vendor** **Description** RADIUS vendor attribute information (RADIUS vendor ID) **Type:** number **Range:** 1-65535 .. _1694_clear-session-filter: clear-session-filter ^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **status** **Description** 'disable': Disable clear L4 session filter for fw (Default: disabled); 'enable': Enable clear L4 session filter for fw; **Type:** string **Supported Values:** disable, enable **Default:** disable **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1694_per-instance: per-instance ^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1694_system-status: system-status ^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1694_vrid: vrid ^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **vrid** **Description** Vrrp group (VRRP-A vrid) **Type:** number **Range:** 1-31 .. _1694_limit-entry: limit-entry ^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1694_rate-limit: rate-limit ^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **summary** **Description:** summary is a **JSON Block**. Please see below for :ref:`1694_rate-limit_summary` **Type:** Object **Reference Object:** :doc:`/axapi/v3/fw/rate-limit/summary ` **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1694_rate-limit_summary: rate-limit_summary ^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1694_gtp: gtp ^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **apn-log-periodicity** **Description** Periodic Logging Frequency(In Minutes) **Type:** number **Range:** 1-30 **apn-prefix** **Description:** apn-prefix is a **JSON Block**. Please see below for :ref:`1694_gtp_apn-prefix` **Type:** Object **Reference Object:** :doc:`/axapi/v3/fw/gtp/apn-prefix ` **apn-prefix-list** **Description** Class List (Class List Name) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **echo-timeout** **Description** echo message timeout (minutes) (echo-timeout (default 120)) **Type:** number **Range:** 1-261 **Default:** 120 **gtp-value** **Description** 'enable': Enable GTP Inspection; **Type:** string **Supported Values:** enable **insertion-mode** **Description** 'monitor': Enable inline view-only mode; 'skip-state-checks': Enable skip stateful checks mode; **Type:** string **Supported Values:** monitor, skip-state-checks **ne-v4-log-periodicity** **Description** Periodic Logging Frequency(In Minutes) **Type:** number **Range:** 1-30 **ne-v6-log-periodicity** **Description** Periodic Logging Frequency(In Minutes) **Type:** number **Range:** 1-30 **network-element** **Description:** network-element is a **JSON Block**. Please see below for :ref:`1694_gtp_network-element` **Type:** Object **Reference Object:** :doc:`/axapi/v3/fw/gtp/network-element ` **network-element-list-v4** **Description** Class List (Class List Name) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **network-element-list-v6** **Description** Class List (Class List Name) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **path-mgmt-logging** **Description** 'enable-log': Enable Log for Path Management; **Type:** string **Supported Values:** enable-log **sampling-enable** **Type:** List **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1694_gtp_network-element: gtp_network-element ^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1694_gtp_apn-prefix: gtp_apn-prefix ^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1694_gtp_sampling-enable: gtp_sampling-enable ^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'out-of-session-memory': Out of Tunnel Memory; 'no-fwd-route': No Forward Route; 'no-rev-route': No Reverse Route; 'gtp-smp-created': GTP SMP Created; 'gtp-smp-marked-deleted': GTP SMP Marked Deleted; 'gtp-smp-deleted': GTP SMP Deleted; 'smp-creation-failed': GTP-U SMP Helper Session Creation Failed; 'gtp-smp-path-created': GTP SMP PATH Created; 'gtp-smp-path-freed': GTP SMP PATH MEM freed; 'gtp-smp-path-allocated': GTP SMP PATH MEM allocated; 'gtp-smp-path-creation-failed': GTP SMP PATH creation Failed; 'gtp-smp-path-check-failed': GTP SMP PATH check Failed; 'gtp-smp-check-failed': GTP SMP check Failed; 'gtp-smp-session-count-check-failed': GTP-U session count is not in range of 0-11 in GTP-C SMP; 'gtp-c-ref-count-smp-exceeded': GTP-C session count on C-smp exceeded 2; 'gtp-u-smp-in-rml-with-sess': GTP-U smp is marked RML with U-session; 'gtp-u-pkt-fwd-conn-create': GTP-U pkt fwded while creating conn with gtp toggling; 'gtp-c-pkt-fwd-conn-create': GTP-C pkt fwded while creating conn with gtp toggling; 'gtp-echo-pkt-fwd-conn-create': GTP-ECHO pkt fwded while creating conn with gtp toggling; 'gtp-tunnel-rate-limit-entry-create-success': GTP Tunnel Level Rate Limit Entry Create Success; 'gtp-tunnel-rate-limit-entry-create-failure': GTP Tunnel Level Rate Limit Entry Create Failure; 'gtp-tunnel-rate-limit-entry-deleted': GTP Tunnel Level Rate Limit Entry Deleted; 'gtp-rate-limit-smp-created': GTP Rate Limit SMP Created; 'gtp-rate-limit-smp-freed': GTP Rate Limit SMP Freed; 'gtp-rate-limit-smp-create-failure': GTP Rate Limit SMP Create Failure; 'gtp-rate-limit-t3-ctr-create-failure': GTP Rate Limit Dynamic Counters Create Failure; 'gtp-rate-limit-entry-create-failure': GTP Rate Limit Entry Create Failure; 'gtp-echo-conn-created': GTP Echo Request Conn Created; 'gtp-echo-conn-deleted': GTP Echo Request conn Deleted; 'gtp-node-restart-echo': GTP Node Restoration due to Recovery IE in Echo; 'gtp-c-echo-path-failure': GTP-C Path Failure due to Echo; 'drop-vld-gtp-echo-out-of-state-': GTP Echo Out of State Drop; 'drop-vld-gtp-echo-ie-len-exceed-msg-len': GTP Echo IE Length Exceeds Message Length; 'gtp-create-session-request-retransmit': GTP-C Retransmitted Create Session Request; 'gtp-add-bearer-request-retransmit': GTP-C Retransmitted Add Bearer Request; 'gtp-delete-session-request-retransmit': GTP-C Retransmitted Delete Session Request; 'gtp-handover-request-retransmit': GTP Handover Request Retransmit; 'gtp-del-bearer-request-retransmit': GTP-C Retransmitted Delete Bearer Request; 'gtp-add-bearer-response-retransmit': GTP-C Retransmitted Add Bearer Response; 'gtp-create-session-request-retx-drop': GTP-C Retransmitted Create Session Request dropped; 'gtp-u-out-of-state-drop': GTP-U Out of state Drop; 'gtp-c-handover-request-out-of-state-drop': GTP-C Handover Request Out of state Drop; 'gtp-v1-c-nsapi-not-found-in-delete-req': GTPv1-C NSAPI Not Found in GTP Request; 'gtp-v2-c-bearer-not-found-in-delete-req': GTPv2-C Bearer Not Found in GTP Request; 'gtp-v2-c-bearer-not-found-in-delete-resp': GTPv2-C Bearer Not Found in GTP Response; 'gtp-multiple-handover-request': GTP Multiple Handover Request; 'gtp-rr-message-drop': GTP Message Dropped in RR Mode; 'gtp-rr-echo-message-dcmsg': GTP Echo Message Sent to home CPU in RR Mode; 'gtp-rr-c-message-dcmsg': GTP-C Message Sent to home CPU in RR Mode; 'drop-gtp-frag-or-jumbo-pkt': GTP Fragmented or JUMBO packet Drop; 'response-with-reject-cause-forwarded': GTP-C Response with Reject Cause Forwarded; 'gtp-c-message-forwarded-without-conn': GTP-C Message Forwarded without Conn; 'gtp-v0-c-ver-not-supp': GTPv0-C Version not supported indication; 'gtp-v1-c-ver-not-supp': GTPv1-C Version not supported indication; 'gtp-v2-c-ver-not-supp': GTPv2-C Version not supported indication; 'gtp-v1-extn-hdt-notif': GTPV1 Supported Extension header notification; 'gtp-u-error-ind': GTP-U Error Indication; 'gtp-c-handover-in-progress-with-conn': GTP-C mesg matching conn with HO In Progress; 'gtp-ho-in-progress-handover-request': GTP-C ho mesg matching conn with HO In Progress; 'gtp-correct-conn-ho-in-progress-handover-request': GTP-C ho mesg matching correct conn(reuse teid) with HO In Progress; 'gtp-wrong-conn-ho-in-progress-handover-request': GTP-C ho mesg matching wrong conn(new teid) with HO In Progress; 'gtp-ho-in-progress-handover-response': GTP-C ho response matching a conn with HO In Progress; 'gtp-ho-in-progress-c-mesg': GTP-C other than ho mesg matching conn with HO In Progress; 'gtp-unset-ho-flag-reuse-teid': GTP-C SGW reuse teid with ho and unset ho flag; 'gtp-refresh-c-conn-reuse-teid': GTP-C SGW reuse teid with ho and refresh old conn; 'gtp-rematch-smp-matching-conn': GTP-C rematch smp with packet matching conn; 'gtp-wrong-conn-handover-request': GTP-C ho mesg matching wrong conn(new teid) with no HO flag; 'gtp-refresh-conn-set-ho-flag-latest': GTP-C SGW refresh old conn and set ho flag on latest smp; 'gtp-c-process-pkt-drop': GTP-C process pkt drop; 'gtp-c-fwd-pkt-drop': GTP-C fwd pkt drop; 'gtp-c-rev-pkt-drop': GTP-C rev pkt drop; 'gtp-c-fwd-v1-other': GTP-C fwd v1 other messages; 'gtp-c-fwd-v2-other': GTP-C fwd v2 other messages; 'gtp-c-rev-v1-other': GTP-C rev v1 other messages; 'gtp-c-rev-v2-other': GTP-C rev v2 other messages; 'gtp-c-going-thru-fw-lookup': GTP-C mesg going thru fw lookup can be resp or l5 mesg not matching smp; 'gtp-c-conn-create-pkt-drop': GTP-C conn creation drop; 'gtp-c-pkt-fwd-conn-create-no-fteid': GTP-C pkt fwded while creating conn when no FTEID; 'gtp-inter-pu-mstr-to-bld-dcmsg-fail': GTP inter-PU dcmsg failed from Master to Blade; 'gtp-inter-pu-mstr-to-bld-dcmsg-sent': GTP inter-PU Master to Blade dcmsg sent; 'gtp-inter-pu-mstr-to-bld-dcmsg-recv': GTP inter-PU dcmsg received on blade; 'gtp-inter-pu-mstr-to-bld-query-sent': GTP inter-PU query sent from Master to Blade; 'gtp-inter-pu-mstr-to-bld-query-recv': GTP inter-PU GTP-C query received on Blade; 'gtp-inter-pu-mstr-to-bld-query-resp-sent': GTP inter-PU GTP-C query response sent from Master to Blade; 'gtp-inter-pu-bld-to-mstr-dcmsg-fail': GTP inter-PU dcmsg failed from Blade to Master; 'gtp-inter-pu-bld-to-mstr-dcmsg-sent': GTP inter-PU Blade to Master dcmsg sent; 'gtp-inter-pu-bld-to-mstr-dcmsg-recv': GTP inter-PU dcmsg received on Master; 'gtp-inter-pu-bld-to-mstr-query-sent': GTP inter-PU query sent from Blade to Master; 'gtp-inter-pu-bld-to-mstr-query-recv': GTP inter-PU GTP-C query received on Master; 'gtp-inter-pu-bld-to-mstr-query-resp-sent': GTP inter-PU GTP-C query response sent from Blade to Master; 'gtp-mstr-to-bld-query-resp-fail': GTP inter-PU dcmsg of query response failed from Master to Blade; 'gtp-bld-to-mstr-query-resp-fail': GTP inter-PU dcmsg of query response failed from Blade to Master; 'gtp-c-smp-refer-stale-idx': GTP-C SMP referring stale C-conn idx; 'gtp-smp-dec-sess-count-check-failed': GTP-U session count is 0 in GTP-C SMP; 'gtp-c-freed-conn-check': GTP-C freed conn accessed; 'gtp-c-conn-not-in-rml-when-freed': GTP-C conn not in rml when tuple is freed; 'gtp-v0-c-uplink-ingress-packets': GTPv0-C Uplink Ingress Packets; 'gtp-v0-c-uplink-egress-packets': GTPv0-C Uplink Egress Packets; 'gtp-v0-c-downlink-ingress-packets': GTPv0-C Downlink Ingress Packets; 'gtp-v0-c-downlink-egress-packets': GTPv0-C Downlink Egress Packets; 'gtp-v0-c-uplink-ingress-bytes': GTPv0-C Uplink Ingress Bytes; 'gtp-v0-c-uplink-egress-bytes': GTPv0-C Uplink Egress Bytes; 'gtp-v0-c-downlink-ingress-bytes': GTPv0-C Downlink Ingress Bytes; 'gtp-v0-c-downlink-egress-bytes': GTPv0-C Downlink Egress Bytes; 'gtp-v1-c-uplink-ingress-packets': GTPv1-C Uplink Ingress Packets; 'gtp-v1-c-uplink-egress-packets': GTPv1-C Uplink Egress Packets; **Type:** string **Supported Values:** all, out-of-session-memory, no-fwd-route, no-rev-route, gtp-smp-created, gtp-smp-marked-deleted, gtp-smp-deleted, smp-creation-failed, gtp-smp-path-created, gtp-smp-path-freed, gtp-smp-path-allocated, gtp-smp-path-creation-failed, gtp-smp-path-check-failed, gtp-smp-check-failed, gtp-smp-session-count-check-failed, gtp-c-ref-count-smp-exceeded, gtp-u-smp-in-rml-with-sess, gtp-u-pkt-fwd-conn-create, gtp-c-pkt-fwd-conn-create, gtp-echo-pkt-fwd-conn-create, gtp-tunnel-rate-limit-entry-create-success, gtp-tunnel-rate-limit-entry-create-failure, gtp-tunnel-rate-limit-entry-deleted, gtp-rate-limit-smp-created, gtp-rate-limit-smp-freed, gtp-rate-limit-smp-create-failure, gtp-rate-limit-t3-ctr-create-failure, gtp-rate-limit-entry-create-failure, gtp-echo-conn-created, gtp-echo-conn-deleted, gtp-node-restart-echo, gtp-c-echo-path-failure, drop-vld-gtp-echo-out-of-state-, drop-vld-gtp-echo-ie-len-exceed-msg-len, gtp-create-session-request-retransmit, gtp-add-bearer-request-retransmit, gtp-delete-session-request-retransmit, gtp-handover-request-retransmit, gtp-del-bearer-request-retransmit, gtp-add-bearer-response-retransmit, gtp-create-session-request-retx-drop, gtp-u-out-of-state-drop, gtp-c-handover-request-out-of-state-drop, gtp-v1-c-nsapi-not-found-in-delete-req, gtp-v2-c-bearer-not-found-in-delete-req, gtp-v2-c-bearer-not-found-in-delete-resp, gtp-multiple-handover-request, gtp-rr-message-drop, gtp-rr-echo-message-dcmsg, gtp-rr-c-message-dcmsg, drop-gtp-frag-or-jumbo-pkt, response-with-reject-cause-forwarded, gtp-c-message-forwarded-without-conn, gtp-v0-c-ver-not-supp, gtp-v1-c-ver-not-supp, gtp-v2-c-ver-not-supp, gtp-v1-extn-hdt-notif, gtp-u-error-ind, gtp-c-handover-in-progress-with-conn, gtp-ho-in-progress-handover-request, gtp-correct-conn-ho-in-progress-handover-request, gtp-wrong-conn-ho-in-progress-handover-request, gtp-ho-in-progress-handover-response, gtp-ho-in-progress-c-mesg, gtp-unset-ho-flag-reuse-teid, gtp-refresh-c-conn-reuse-teid, gtp-rematch-smp-matching-conn, gtp-wrong-conn-handover-request, gtp-refresh-conn-set-ho-flag-latest, gtp-c-process-pkt-drop, gtp-c-fwd-pkt-drop, gtp-c-rev-pkt-drop, gtp-c-fwd-v1-other, gtp-c-fwd-v2-other, gtp-c-rev-v1-other, gtp-c-rev-v2-other, gtp-c-going-thru-fw-lookup, gtp-c-conn-create-pkt-drop, gtp-c-pkt-fwd-conn-create-no-fteid, gtp-inter-pu-mstr-to-bld-dcmsg-fail, gtp-inter-pu-mstr-to-bld-dcmsg-sent, gtp-inter-pu-mstr-to-bld-dcmsg-recv, gtp-inter-pu-mstr-to-bld-query-sent, gtp-inter-pu-mstr-to-bld-query-recv, gtp-inter-pu-mstr-to-bld-query-resp-sent, gtp-inter-pu-bld-to-mstr-dcmsg-fail, gtp-inter-pu-bld-to-mstr-dcmsg-sent, gtp-inter-pu-bld-to-mstr-dcmsg-recv, gtp-inter-pu-bld-to-mstr-query-sent, gtp-inter-pu-bld-to-mstr-query-recv, gtp-inter-pu-bld-to-mstr-query-resp-sent, gtp-mstr-to-bld-query-resp-fail, gtp-bld-to-mstr-query-resp-fail, gtp-c-smp-refer-stale-idx, gtp-smp-dec-sess-count-check-failed, gtp-c-freed-conn-check, gtp-c-conn-not-in-rml-when-freed, gtp-v0-c-uplink-ingress-packets, gtp-v0-c-uplink-egress-packets, gtp-v0-c-downlink-ingress-packets, gtp-v0-c-downlink-egress-packets, gtp-v0-c-uplink-ingress-bytes, gtp-v0-c-uplink-egress-bytes, gtp-v0-c-downlink-ingress-bytes, gtp-v0-c-downlink-egress-bytes, gtp-v1-c-uplink-ingress-packets, gtp-v1-c-uplink-egress-packets **counters2** **Description** 'gtp-v1-c-downlink-ingress-packets': GTPv1-C Downlink Ingress Packets; 'gtp-v1-c-downlink-egress-packets': GTPv1-C Downlink Egress Packets; 'gtp-v1-c-uplink-ingress-bytes': GTPv1-C Uplink Ingress Bytes; 'gtp-v1-c-uplink-egress-bytes': GTPv1-C Uplink Egress Bytes; 'gtp-v1-c-downlink-ingress-bytes': GTPv1-C Downlink Ingress Bytes; 'gtp-v1-c-downlink-egress-bytes': GTPv1-C Downlink Egress Bytes; 'gtp-v2-c-uplink-ingress-packets': GTPv2-C Uplink Ingress Packets; 'gtp-v2-c-uplink-egress-packets': GTPv2-C Uplink Egress Packets; 'gtp-v2-c-downlink-ingress-packets': GTPv2-C Downlink Ingress Packets; 'gtp-v2-c-downlink-egress-packets': GTPv2-C Downlink Egress Packets; 'gtp-v2-c-uplink-ingress-bytes': GTPv2-C Uplink Ingress Bytes; 'gtp-v2-c-uplink-egress-bytes': GTPv2-C Uplink Egress Bytes; 'gtp-v2-c-downlink-ingress-bytes': GTPv2-C Downlink Ingress Bytes; 'gtp-v2-c-downlink-egress-bytes': GTPv2-C Downlink Egress Bytes; 'gtp-u-uplink-ingress-packets': GTP-U Uplink Ingress Packets; 'gtp-u-uplink-egress-packets': GTP-U Uplink Egress Packets; 'gtp-u-downlink-ingress-packets': GTP-U Downlink Ingress Packets; 'gtp-u-downlink-egress-packets': GTP-U Downlink Egress Packets; 'gtp-u-uplink-ingress-bytes': GTP-U Uplink Ingress Bytes; 'gtp-u-uplink-egress-bytes': GTP-U Uplink Egress Bytes; 'gtp-u-downlink-ingress-bytes': GTP-U Downlink Ingress Bytes; 'gtp-u-downlink-egress-bytes': GTP-U Downlink Egress Bytes; 'gtp-v0-c-create-synced': GTPv0-C Tunnel Create Synced; 'gtp-v1-c-create-synced': GTPv1-C Tunnel Create Synced; 'gtp-v2-c-create-synced': GTPv2-C Tunnel Create Synced; 'gtp-v0-c-delete-synced': GTPv0-C Tunnel Delete Synced; 'gtp-v1-c-delete-synced': GTPv1-C Tunnel Delete Synced; 'gtp-v2-c-delete-synced': GTPv2-C Tunnel Delete Synced; 'gtp-v0-c-create-sync-rx': GTPv0-C Tunnel Create Sync Received on Standby; 'gtp-v1-c-create-sync-rx': GTPv1-C Tunnel Create Sync Received on Standby; 'gtp-v2-c-create-sync-rx': GTPv2-C Tunnel Create Sync Received on Standby; 'gtp-v0-c-delete-sync-rx': GTPv0-C Tunnel Delete Sync Received on Standby; 'gtp-v1-c-delete-sync-rx': GTPv1-C Tunnel Delete Sync Received on Standby; 'gtp-v2-c-delete-sync-rx': GTPv2-C Tunnel Delete Sync Received on Standby; 'gtp-handover-synced': GTP Handover Synced; 'gtp-handover-sync-rx': GTP Handover Sync Received on Standby; 'gtp-smp-add-bearer-synced': GTP SMP Add Bearer Synced; 'gtp-smp-del-bearer-synced': GTP SMP Del Bearer Synced; 'gtp-smp-additional-bearer-synced': GTP SMP Additional Bearer Synced; 'gtp-smp-add-bearer-sync-rx': GTP SMP Add Bearer Sync Received on Standby; 'gtp-smp-del-bearer-sync-rx': GTP SMP Del Bearer Sync Received on Standby; 'gtp-smp-additional-bearer-sync-rx': GTP SMP Additional Bearer Sync Received on Standby; 'gtp-add-bearer-sync-not-rx-on-standby': GTP Add Bearer Sync Not Received on Standby; 'gtp-add-bearer-sync-with-periodic-update-on-standby': GTP Bearer Added on Standby with Periodic Sync; 'gtp-delete-bearer-sync-with-periodic-update-on-standby': GTP Bearer Deleted on Standy with Periodic Sync; 'gtp-v0-c-echo-create-synced': GTPv0-C Echo Create Synced; 'gtp-v1-c-echo-create-synced': GTPv1-C Echo Create Synced; 'gtp-v2-c-echo-create-synced': GTPv2-C Echo Create Synced; 'gtp-v0-c-echo-create-sync-rx': GTPv0-C-Echo Create Sync Received on Standby; 'gtp-v1-c-echo-create-sync-rx': GTPv1-C-Echo Create Sync Received on Standby; 'gtp-v2-c-echo-create-sync-rx': GTPv2-C-Echo Create Sync Received on Standby; 'gtp-v0-c-echo-del-synced': GTPv0-C Echo Delete Synced; 'gtp-v1-c-echo-del-synced': GTPv1-C Echo Delete Synced; 'gtp-v2-c-echo-del-synced': GTPv2-C Echo Delete Synced; 'gtp-v0-c-echo-del-sync-rx': GTPv0-C-Echo Delete Sync Received on Standby; 'gtp-v1-c-echo-del-sync-rx': GTPv1-C-Echo Delete Sync Received on Standby; 'gtp-v2-c-echo-del-sync-rx': GTPv2-C-Echo Delete Sync Received on Standby; 'drop-gtp-conn-creation-standby': GTP Conn creation on Standby Drop; 'gtp-u-synced-before-control': GTP-U Tunnel synced before corresponding GTP-C; 'gtp-c-l5-synced-before-l3': GTP-C L5 conn synced before corresponding L3 GTP-C conn; 'gtp-smp-path-del-synced': GTP SMP path delete Synced; 'gtp-smp-path-del-sync-rx': GTP SMP path delete Sync Received on Standby; 'gtp-not-enabled-on-standby': GTP Not Enabled on Standby; 'gtp-ip-version-v4-v6': GTP IP versions of V4&V6 in FTEID; 'drop-gtp-ip-version-mismatch-fteid': GTP IP version mismatch for req & response FTEIDs; 'drop-gtp-ip-version-mismatch-ho-fteid': GTP IP version mismatch in Handover SGW FTEID; 'gtp-u-message-length-mismatch': GTP-U Message Length Mismatch Across Layers; 'gtp-path-message-length-mismatch': GTP-Path Message Length Mismatch Across Layers; 'drop-gtp-missing-cond-ie-bearer-ctx': Missing conditional IE in bearer context Drop; 'drop-gtp-bearer-not-found-in-resp': GTP Bearer not found in response; 'gtp-stateless-forward': GTP Stateless Forward; 'gtp-l3-conn-deleted': GTP L3 conn deleted; 'gtp-l5-conn-created': GTP L5 conn created; 'gtp-monitor-forward': GTP messages forwarded via monitor mode; 'gtp-u_inner-ip-not-present': GTP-U inner IP not present; 'gtp-ext_hdr-incorrect-length': GTP Extension header incorrect length; **Type:** string **Supported Values:** gtp-v1-c-downlink-ingress-packets, gtp-v1-c-downlink-egress-packets, gtp-v1-c-uplink-ingress-bytes, gtp-v1-c-uplink-egress-bytes, gtp-v1-c-downlink-ingress-bytes, gtp-v1-c-downlink-egress-bytes, gtp-v2-c-uplink-ingress-packets, gtp-v2-c-uplink-egress-packets, gtp-v2-c-downlink-ingress-packets, gtp-v2-c-downlink-egress-packets, gtp-v2-c-uplink-ingress-bytes, gtp-v2-c-uplink-egress-bytes, gtp-v2-c-downlink-ingress-bytes, gtp-v2-c-downlink-egress-bytes, gtp-u-uplink-ingress-packets, gtp-u-uplink-egress-packets, gtp-u-downlink-ingress-packets, gtp-u-downlink-egress-packets, gtp-u-uplink-ingress-bytes, gtp-u-uplink-egress-bytes, gtp-u-downlink-ingress-bytes, gtp-u-downlink-egress-bytes, gtp-v0-c-create-synced, gtp-v1-c-create-synced, gtp-v2-c-create-synced, gtp-v0-c-delete-synced, gtp-v1-c-delete-synced, gtp-v2-c-delete-synced, gtp-v0-c-create-sync-rx, gtp-v1-c-create-sync-rx, gtp-v2-c-create-sync-rx, gtp-v0-c-delete-sync-rx, gtp-v1-c-delete-sync-rx, gtp-v2-c-delete-sync-rx, gtp-handover-synced, gtp-handover-sync-rx, gtp-smp-add-bearer-synced, gtp-smp-del-bearer-synced, gtp-smp-additional-bearer-synced, gtp-smp-add-bearer-sync-rx, gtp-smp-del-bearer-sync-rx, gtp-smp-additional-bearer-sync-rx, gtp-add-bearer-sync-not-rx-on-standby, gtp-add-bearer-sync-with-periodic-update-on-standby, gtp-delete-bearer-sync-with-periodic-update-on-standby, gtp-v0-c-echo-create-synced, gtp-v1-c-echo-create-synced, gtp-v2-c-echo-create-synced, gtp-v0-c-echo-create-sync-rx, gtp-v1-c-echo-create-sync-rx, gtp-v2-c-echo-create-sync-rx, gtp-v0-c-echo-del-synced, gtp-v1-c-echo-del-synced, gtp-v2-c-echo-del-synced, gtp-v0-c-echo-del-sync-rx, gtp-v1-c-echo-del-sync-rx, gtp-v2-c-echo-del-sync-rx, drop-gtp-conn-creation-standby, gtp-u-synced-before-control, gtp-c-l5-synced-before-l3, gtp-smp-path-del-synced, gtp-smp-path-del-sync-rx, gtp-not-enabled-on-standby, gtp-ip-version-v4-v6, drop-gtp-ip-version-mismatch-fteid, drop-gtp-ip-version-mismatch-ho-fteid, gtp-u-message-length-mismatch, gtp-path-message-length-mismatch, drop-gtp-missing-cond-ie-bearer-ctx, drop-gtp-bearer-not-found-in-resp, gtp-stateless-forward, gtp-l3-conn-deleted, gtp-l5-conn-created, gtp-monitor-forward, gtp-u_inner-ip-not-present, gtp-ext_hdr-incorrect-length .. _1694_template: template ^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **logging-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/fw/template/logging/{name} ` .. _1694_template_logging-list: template_logging-list ^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **facility** **Description** 'kernel': 0: Kernel; 'user': 1: User-level; 'mail': 2: Mail; 'daemon': 3: System daemons; 'security-authorization': 4: Security/authorization; 'syslog': 5: Syslog internal; 'line-printer': 6: Line printer; 'news': 7: Network news; 'uucp': 8: UUCP subsystem; 'cron': 9: Time-related; 'security-authorization-private': 10: Private security/authorization; 'ftp': 11: FTP; 'ntp': 12: NTP; 'audit': 13: Audit; 'alert': 14: Alert; 'clock': 15: Clock-related; 'local0': 16: Local use 0; 'local1': 17: Local use 1; 'local2': 18: Local use 2; 'local3': 19: Local use 3; 'local4': 20: Local use 4; 'local5': 21: Local use 5; 'local6': 22: Local use 6; 'local7': 23: Local use 7; **Type:** string **Supported Values:** kernel, user, mail, daemon, security-authorization, syslog, line-printer, news, uucp, cron, security-authorization-private, ftp, ntp, audit, alert, clock, local0, local1, local2, local3, local4, local5, local6, local7 **Default:** local0 **format** **Description** 'ascii': A10 Text logging format (ASCII); 'cef': Common Event Format for logging (default); **Type:** string **Supported Values:** ascii, cef **Default:** cef **include-dest-fqdn** **Description** Include destination FQDN string **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **include-http** **Description:** include-http is a **JSON Block**. Please see below for :ref:`1694_template_logging-list_include-http` **Type:** Object **include-radius-attribute** **Description:** include-radius-attribute is a **JSON Block**. Please see below for :ref:`1694_template_logging-list_include-radius-attribute` **Type:** Object **log** **Description:** log is a **JSON Block**. Please see below for :ref:`1694_template_logging-list_log` **Type:** Object **merged-style** **Description** Merge creation and deletion of session logs to one **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **name** **Description** Logging Template Name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **resolution** **Description** 'seconds': Logging timestamp resolution in seconds (default); '10-milliseconds': Logging timestamp resolution in 10s of milli-seconds; **Type:** string **Supported Values:** seconds, 10-milliseconds **Default:** seconds **rule** **Description:** rule is a **JSON Block**. Please see below for :ref:`1694_template_logging-list_rule` **Type:** Object **service-group** **Description** Bind a Service Group to the logging template (Service Group Name) **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **session-periodic-log** **Description:** session-periodic-log is a **JSON Block**. Please see below for :ref:`1694_template_logging-list_session-periodic-log` **Type:** Object **Reference Object:** :doc:`/axapi/v3/fw/template/logging/{name}/session-periodic-log ` **severity** **Description** 'emergency': 0: Emergency; 'alert': 1: Alert; 'critical': 2: Critical; 'error': 3: Error; 'warning': 4: Warning; 'notice': 5: Notice; 'informational': 6: Informational; 'debug': 7: Debug; **Type:** string **Supported Values:** emergency, alert, critical, error, warning, notice, informational, debug **Default:** informational **source-address** **Description:** source-address is a **JSON Block**. Please see below for :ref:`1694_template_logging-list_source-address` **Type:** Object **Reference Object:** :doc:`/axapi/v3/fw/template/logging/{name}/source-address ` **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1694_template_logging-list_session-periodic-log: template_logging-list_session-periodic-log ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **interval** **Description** Logging time interval (minutes) for long lived sessions **Type:** number **Range:** 1-60 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1694_template_logging-list_source-address: template_logging-list_source-address ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **ip** **Description** Specify source IP address **Type:** string **Format:** ipv4-address **ipv6** **Description** Specify source IPv6 address **Type:** string **Format:** ipv6-address **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1694_template_logging-list_include-radius-attribute: template_logging-list_include-radius-attribute ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **attr-cfg** **Type:** List **framed-ipv6-prefix** **Description** Include radius attributes for the prefix **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **insert-if-not-existing** **Description** Configure what string is to be inserted for custom RADIUS attributes **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **no-quote** **Description** No quotation marks for RADIUS attributes in logs **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **prefix-length** **Description** '32': Prefix length 32; '48': Prefix length 48; '64': Prefix length 64; '80': Prefix length 80; '96': Prefix length 96; '112': Prefix length 112; **Type:** string **Supported Values:** 32, 48, 64, 80, 96, 112 **zero-in-custom-attr** **Description** Insert 0000 for standard and custom attributes in log string **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1694_template_logging-list_include-radius-attribute_attr-cfg: template_logging-list_include-radius-attribute_attr-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **attr** **Description** 'imei': Include IMEI; 'imsi': Include IMSI; 'msisdn': Include MSISDN; 'custom1': Customized attribute 1; 'custom2': Customized attribute 2; 'custom3': Customized attribute 3; 'custom4': Customized attribute 4; 'custom5': Customized attribute 5; 'custom6': Customized attribute 6; **Type:** string **Supported Values:** imei, imsi, msisdn, custom1, custom2, custom3, custom4, custom5, custom6 **attr-event** **Description** 'http-requests': Include in HTTP request logs; 'sessions': Include in session logs; 'limit-policy': Include in limit policy logs; **Type:** string **Supported Values:** http-requests, sessions, limit-policy .. _1694_template_logging-list_rule: template_logging-list_rule ^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **rule-http-requests** **Description:** rule-http-requests is a **JSON Block**. Please see below for :ref:`1694_template_logging-list_rule_rule-http-requests` **Type:** Object .. _1694_template_logging-list_rule_rule-http-requests: template_logging-list_rule_rule-http-requests ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dest-port** **Type:** List **disable-sequence-check** **Description** Disable http packet sequence check and don't drop out of order packets **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **include-all-headers** **Description** Include all configured headers despite of absence in HTTP request **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **log-every-http-request** **Description** Log every HTTP request in an HTTP 1.1 session (Default: Log the first HTTP request in a session) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **max-url-len** **Description** Max length of URL log (Max URL length (Default: 128 char)) **Type:** number **Range:** 100-1000 **Default:** 128 .. _1694_template_logging-list_rule_rule-http-requests_dest-port: template_logging-list_rule_rule-http-requests_dest-port ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **dest-port-number** **Description** **Type:** number **Range:** 1-65535 **include-byte-count** **Description** Include the byte count of HTTP Request/Response in FW session deletion logs **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1694_template_logging-list_include-http: template_logging-list_include-http ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **file-extension** **Description** HTTP file extension **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **header-cfg** **Type:** List **l4-session-info** **Description** Log the L4 session information of the HTTP request **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **method** **Description** Log the HTTP Request Method **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **request-number** **Description** HTTP Request Number **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1694_template_logging-list_include-http_header-cfg: template_logging-list_include-http_header-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **custom-header-name** **Description** Header name **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **custom-max-length** **Description** Max length for a HTTP request log (Max header length (Default: 100 char)) **Type:** number **Range:** 100-1000 **Default:** 100 **http-header** **Description** 'cookie': Log HTTP Cookie Header; 'referer': Log HTTP Referer Header; 'user-agent': Log HTTP User-Agent Header; 'header1': Log HTTP Header 1; 'header2': Log HTTP Header 2; 'header3': Log HTTP Header 3; **Type:** string **Supported Values:** cookie, referer, user-agent, header1, header2, header3 **max-length** **Description** Max length for a HTTP request log (Max header length (Default: 100 char)) **Type:** number **Range:** 100-1000 **Default:** 100 .. _1694_template_logging-list_log: template_logging-list_log ^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **http-requests** **Description** 'host': Log the HTTP Host Header; 'url': Log the HTTP Request URL; **Type:** string **Supported Values:** host, url .. _1694_match: match ^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1694_status: status ^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1694_full-cone-session: full-cone-session ^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1694_urpf: urpf ^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **status** **Description** 'loose': Perform loose check; 'strict': Perform strict check; 'disable': Disable check; **Type:** string **Supported Values:** loose, strict, disable **Default:** loose **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1694_tap-monitor: tap-monitor ^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **status** **Description** 'enable': Enable tap monitor mode; 'disable': Disable tap monitor mode (Default:Disable); **Type:** string **Supported Values:** enable, disable **Default:** disable **tap-port-cfg** **Type:** List **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1694_tap-monitor_tap-port-cfg: tap-monitor_tap-port-cfg ^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **tap-eth** **Description** Ethernet interface number **Type:** number **Format:** interface **tap-vlan** **Description** Vlan number **Type:** number **Range:** 2-4096 .. _1694_local-log: local-log ^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **local-logging** **Description** Enable local logging **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1694_resource-usage: resource-usage ^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1694_active-rule-set: active-rule-set ^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **name** **Description** Rule set name **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/rule-set ` **override-nat-aging** **Description** Override NAT idle-timeout **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **session-aging** **Description** Session Aging Template **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/fw/session-aging ` **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1694_logging: logging ^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **gtp** **Description:** gtp is a **JSON Block**. Please see below for :ref:`1694_logging_gtp` **Type:** Object **Reference Object:** :doc:`/axapi/v3/fw/logging/gtp ` **name** **Description** Logging Template Name **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/fw/template/logging ` **sampling-enable** **Type:** List **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1694_logging_gtp: logging_gtp ^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **sampling-enable** **Type:** List **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1694_logging_gtp_sampling-enable: logging_gtp_sampling-enable ^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'log_type_gtp_invalid_teid': Log Event Type GTP Invalid TEID; 'log_gtp_type_reserved_ie_present': Log Event Type GTP Reserved IE Present; 'log_type_gtp_mandatory_ie_missing': Log Event Type GTP Mandatory IE Missing; 'log_type_gtp_mandatory_ie_inside_grouped_ie_missing': Log Event Type GTP Mandatory IE Missing Inside Grouped IE; 'log_type_gtp_msisdn_filtering': Log Event Type GTP MSISDN Filtering; 'log_type_gtp_out_of_order_ie': Log Event Type GTP Out of Order IE V1; 'log_type_gtp_out_of_state_ie': Log Event Type GTP Out of State IE; 'log_type_enduser_ip_spoofed': Log Event Type GTP Enduser IP Spoofed; 'log_type_crosslayer_correlation': Log Event GTP Crosslayer Correlation; 'log_type_message_not_supported': Log Event GTP Reserved Message Found; 'log_type_out_of_state': Log Event GTP Out of State Message; 'log_type_max_msg_length': Log Event GTP Message Length Exceeded Max; 'log_type_gtp_message_filtering': Log Event Type GTP Message Filtering; 'log_type_gtp_apn_filtering': Log Event Type GTP Apn Filtering; 'log_type_gtp_rat_type_filtering': Log Event GTP RAT Type Filtering; 'log_type_country_code_mismatch': Log Event GTP Country Code Mismatch; 'log_type_gtp_in_gtp_filtering': Log Event GTP in GTP Filtering; 'log_type_gtp_node_restart': Log Event GTP SGW/PGW restarted; 'log_type_gtp_seq_num_mismatch': Log Event GTP Response Sequence number Mismatch; 'log_type_gtp_rate_limit_periodic': Log Event GTP Rate Limit Periodic; 'log_type_gtp_rate_limit_periodic': Log Event GTP Invalid message length across layers; 'log_type_gtp_rate_limit_periodic': Log Event GTP Protocol flag in header; 'log_type_gtp_rate_limit_periodic': Log Event GTP invalid spare bits in header; 'log_type_gtp_rate_limit_periodic': Log Event GTP invalid piggyback flag in header; 'log_type_gtp_rate_limit_periodic': Log Event invalid GTP version; 'log_type_gtp_rate_limit_periodic': Log Event mismatch of GTP message and ports; **Type:** string **Supported Values:** all, log_type_gtp_invalid_teid, log_gtp_type_reserved_ie_present, log_type_gtp_mandatory_ie_missing, log_type_gtp_mandatory_ie_inside_grouped_ie_missing, log_type_gtp_msisdn_filtering, log_type_gtp_out_of_order_ie, log_type_gtp_out_of_state_ie, log_type_enduser_ip_spoofed, log_type_crosslayer_correlation, log_type_message_not_supported, log_type_out_of_state, log_type_max_msg_length, log_type_gtp_message_filtering, log_type_gtp_apn_filtering, log_type_gtp_rat_type_filtering, log_type_country_code_mismatch, log_type_gtp_in_gtp_filtering, log_type_gtp_node_restart, log_type_gtp_seq_num_mismatch, log_type_gtp_rate_limit_periodic, log_type_gtp_invalid_message_length, log_type_gtp_hdr_invalid_protocol_flag, log_type_gtp_hdr_invalid_spare_bits, log_type_gtp_hdr_invalid_piggy_flag, log_type_gtp_invalid_version, log_type_gtp_invalid_ports .. _1694_logging_sampling-enable: logging_sampling-enable ^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'log_message_sent': Log Packet Sent; 'log_type_reset': Log Event Type Reset; 'log_type_deny': Log Event Type Deny; 'log_type_session_closed': Log Event Type Session Close; 'log_type_session_opened': Log Event Type Session Open; 'rule_not_logged': Firewall Rule Not Logged; 'log-dropped': Log Packets Dropped; 'tcp-session-created': TCP Session Created; 'tcp-session-deleted': TCP Session Deleted; 'udp-session-created': UDP Session Created; 'udp-session-deleted': UDP Session Deleted; 'icmp-session-deleted': ICMP Session Deleted; 'icmp-session-created': ICMP Session Created; 'icmpv6-session-deleted': ICMPV6 Session Deleted; 'icmpv6-session-created': ICMPV6 Session Created; 'other-session-deleted': Other Session Deleted; 'other-session-created': Other Session Created; 'http-request-logged': HTTP Request Logged; 'http-logging-invalid-format': HTTP Logging Invalid Format Error; 'dcmsg_permit': Dcmsg Permit; 'alg_override_permit': Alg Override Permit; 'template_error': Template Error; 'ipv4-frag-applied': IPv4 Fragmentation Applied; 'ipv4-frag-failed': IPv4 Fragmentation Failed; 'ipv6-frag-applied': IPv6 Fragmentation Applied; 'ipv6-frag-failed': IPv6 Fragmentation Failed; 'out-of-buffers': Out of Buffers; 'add-msg-failed': Add Message to Buffer Failed; 'tcp-logging-conn-established': TCP Logging Conn Established; 'tcp-logging-conn-create-failed': TCP Logging Conn Create Failed; 'tcp-logging-conn-dropped': TCP Logging Conn Dropped; 'log-message-too-long': Log message too long; 'http-out-of-order-dropped': HTTP out-of-order dropped; 'http-alloc-failed': HTTP Request Info Allocation Failed; 'sctp-session-created': SCTP Session Created; 'sctp-session-deleted': SCTP Session Deleted; 'log_type_sctp_inner_proto_filter': Log Event Type SCTP Inner Proto Filter; 'tcp-logging-port-allocated': TCP Logging Port Allocated; 'tcp-logging-port-freed': TCP Logging Port Freed; 'tcp-logging-port-allocation-failed': TCP Logging Port Allocation Failed; 'iddos-blackhole-entry-create': iDDoS IP Entry Created; 'iddos-blackhole-entry-delete': iDDoS IP Entry Deleted; 'session-limit-exceeded': Session Limit Exceeded; **Type:** string **Supported Values:** all, log_message_sent, log_type_reset, log_type_deny, log_type_session_closed, log_type_session_opened, rule_not_logged, log-dropped, tcp-session-created, tcp-session-deleted, udp-session-created, udp-session-deleted, icmp-session-deleted, icmp-session-created, icmpv6-session-deleted, icmpv6-session-created, other-session-deleted, other-session-created, http-request-logged, http-logging-invalid-format, dcmsg_permit, alg_override_permit, template_error, ipv4-frag-applied, ipv4-frag-failed, ipv6-frag-applied, ipv6-frag-failed, out-of-buffers, add-msg-failed, tcp-logging-conn-established, tcp-logging-conn-create-failed, tcp-logging-conn-dropped, log-message-too-long, http-out-of-order-dropped, http-alloc-failed, sctp-session-created, sctp-session-deleted, log_type_sctp_inner_proto_filter, tcp-logging-port-allocated, tcp-logging-port-freed, tcp-logging-port-allocation-failed, iddos-blackhole-entry-create, iddos-blackhole-entry-delete, session-limit-exceeded .. _1694_tcp-window-check: tcp-window-check ^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **sampling-enable** **Type:** List **status** **Description** 'enable': Enable TCP window check (default); 'disable': Disable TCP window check; **Type:** string **Supported Values:** enable, disable **Default:** enable **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1694_tcp-window-check_sampling-enable: tcp-window-check_sampling-enable ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'outside-window': packet dropped counter for outside of tcp window; **Type:** string **Supported Values:** all, outside-window .. _1694_service-group-list: service-group-list ^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **health-check** **Description** Health Check (Monitor Name) **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/health/monitor ` **member-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/fw/service-group/{name}/member/{name}+{port} ` **name** **Description** FW Service Name **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **packet-capture-template** **Description** Name of the packet capture template to be bind with this object **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/visibility/packet-capture/object-templates/fw-service-group-tmpl ` **protocol** **Description** 'tcp': TCP LB service; 'udp': UDP LB service; **Type:** string **Supported Values:** tcp, udp **sampling-enable** **Type:** List **traffic-replication-mirror-ip-repl** **Description** Replaces IP with server-IP **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1694_service-group-list_sampling-enable: service-group-list_sampling-enable ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'server_selection_fail_drop': Service selection fail drop; 'server_selection_fail_reset': Service selection fail reset; 'service_peak_conn': Service peak connection; **Type:** string **Supported Values:** all, server_selection_fail_drop, server_selection_fail_reset, service_peak_conn .. _1694_service-group-list_member-list: service-group-list_member-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **name** **Description** Member name **Type:** string **Format:** comp-string **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/fw/server ` **packet-capture-template** **Description** Name of the packet capture template to be bind with this object **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/visibility/packet-capture/object-templates/fw-service-group-mem-tmpl ` **port** **Description** Port number **Type:** number **Range:** 1-65534 **Reference Object:** :doc:`/axapi/v3/fw/server/port ` **sampling-enable** **Type:** List **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1694_service-group-list_member-list_sampling-enable: service-group-list_member-list_sampling-enable ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'curr_conn': Current connections; 'total_fwd_bytes': Total forward bytes; 'total_fwd_pkts': Total forward packets; 'total_rev_bytes': Total reverse bytes; 'total_rev_pkts': Total reverse packets; 'total_conn': Total connections; 'total_rev_pkts_inspected': Total reverse packets inspected; 'total_rev_pkts_inspected_status_code_2xx': Total reverse packets inspected status code 2xx; 'total_rev_pkts_inspected_status_code_non_5xx': Total reverse packets inspected status code non 5xx; 'curr_req': Current requests; 'total_req': Total requests; 'total_req_succ': Total requests success; 'peak_conn': Peak connections; 'response_time': Response time; 'fastest_rsp_time': Fastest response time; 'slowest_rsp_time': Slowest response time; 'curr_ssl_conn': Current SSL connections; 'total_ssl_conn': Total SSL connections; 'curr_conn_overflow': Current connection counter overflow count; 'state_flaps': State flaps count; **Type:** string **Supported Values:** all, curr_conn, total_fwd_bytes, total_fwd_pkts, total_rev_bytes, total_rev_pkts, total_conn, total_rev_pkts_inspected, total_rev_pkts_inspected_status_code_2xx, total_rev_pkts_inspected_status_code_non_5xx, curr_req, total_req, total_req_succ, peak_conn, response_time, fastest_rsp_time, slowest_rsp_time, curr_ssl_conn, total_ssl_conn, curr_conn_overflow, state_flaps .. _1694_helper-sessions: helper-sessions ^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **idle-timeout** **Description** helper-sessions idle-timeout time (Idle-timeout in minutes (default: 1 minute)) **Type:** number **Range:** 1-255 **Default:** 1 **limit** **Description** Limit number of helper-sessions (Limit helper-sessions number) **Type:** number **mode** **Description** 'disable': Disable helper-sessions; **Type:** string **Supported Values:** disable **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1694_server-list: server-list ^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **action** **Description** 'enable': Enable this Real Server; 'disable': Disable this Real Server; **Type:** string **Supported Values:** enable, disable **Default:** enable **fqdn-name** **Description** Server hostname **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **health-check** **Description** Health Check Monitor (Health monitor name) **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** health-check and health-check-disable are mutually exclusive **Reference Object:** :doc:`/axapi/v3/health/monitor ` **health-check-disable** **Description** Disable configured health check configuration **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** health-check-disable and health-check are mutually exclusive **host** **Description** IP Address **Type:** string **Format:** ipv4-address **name** **Description** Server Name **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **port-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/fw/server/{name}/port/{port-number}+{protocol} ` **resolve-as** **Description** 'resolve-to-ipv4': Use A Query only to resolve FQDN; 'resolve-to-ipv6': Use AAAA Query only to resolve FQDN; 'resolve-to-ipv4-and-ipv6': Use A as well as AAAA Query to resolve FQDN; **Type:** string **Supported Values:** resolve-to-ipv4, resolve-to-ipv6, resolve-to-ipv4-and-ipv6 **Default:** resolve-to-ipv4 **sampling-enable** **Type:** List **server-ipv6-addr** **Description** IPV6 address **Type:** string **Format:** ipv6-address **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1694_server-list_port-list: server-list_port-list ^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **action** **Description** 'enable': enable; 'disable': disable; **Type:** string **Supported Values:** enable, disable **Default:** enable **health-check** **Description** Health Check (Monitor Name) **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** health-check and health-check-disable are mutually exclusive **Reference Object:** :doc:`/axapi/v3/health/monitor ` **health-check-disable** **Description** Disable health check **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** health-check-disable and health-check are mutually exclusive **packet-capture-template** **Description** Name of the packet capture template to be bind with this object **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/visibility/packet-capture/object-templates/fw-server-port-tmpl ` **port-number** **Description** Port Number **Type:** number **Range:** 1-65534 **protocol** **Description** 'tcp': TCP Port; 'udp': UDP Port; **Type:** string **Supported Values:** tcp, udp **sampling-enable** **Type:** List **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1694_server-list_port-list_sampling-enable: server-list_port-list_sampling-enable ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'curr_conn': Current connections; 'curr_req': Current requests; 'total_req': Total requests; 'total_req_succ': Total request success; 'total_fwd_bytes': Forward bytes; 'total_fwd_pkts': Forward packets; 'total_rev_bytes': Reverse bytes; 'total_rev_pkts': Reverse packets; 'total_conn': Total connections; 'last_total_conn': Last total connections; 'peak_conn': Peak connections; 'es_resp_200': Response status 200; 'es_resp_300': Response status 300; 'es_resp_400': Response status 400; 'es_resp_500': Response status 500; 'es_resp_other': Response status other; 'es_req_count': Total proxy request; 'es_resp_count': Total proxy Response; 'es_resp_invalid_http': Total non-http response; 'total_rev_pkts_inspected': Total reverse packets inspected; 'total_rev_pkts_inspected_good_status_code': Total reverse packets with good status code inspected; 'response_time': Response time; 'fastest_rsp_time': Fastest response time; 'slowest_rsp_time': Slowest response time; **Type:** string **Supported Values:** all, curr_conn, curr_req, total_req, total_req_succ, total_fwd_bytes, total_fwd_pkts, total_rev_bytes, total_rev_pkts, total_conn, last_total_conn, peak_conn, es_resp_200, es_resp_300, es_resp_400, es_resp_500, es_resp_other, es_req_count, es_resp_count, es_resp_invalid_http, total_rev_pkts_inspected, total_rev_pkts_inspected_good_status_code, response_time, fastest_rsp_time, slowest_rsp_time .. _1694_server-list_sampling-enable: server-list_sampling-enable ^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'curr-conn': Current connections; 'total-conn': Total connections; 'fwd-pkt': Forward packets; 'rev-pkt': Reverse Packets; 'peak-conn': Peak connections; **Type:** string **Supported Values:** all, curr-conn, total-conn, fwd-pkt, rev-pkt, peak-conn .. _1694_session-aging-list: session-aging-list ^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **icmp-idle-timeout** **Description** Idle Timeout time (default 2 seconds) (Second, default 2) **Type:** number **Range:** 2-15000 **Default:** 2 **ip-idle-timeout** **Description** Idle Timeout time(sec), default is 30 (Second) **Type:** number **Range:** 1-2097151 **Default:** 30 **name** **Description** session-aging Template (session-aging Template name) **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **tcp** **Description:** tcp is a **JSON Block**. Please see below for :ref:`1694_session-aging-list_tcp` **Type:** Object **Reference Object:** :doc:`/axapi/v3/fw/session-aging/{name}/tcp ` **udp** **Description:** udp is a **JSON Block**. Please see below for :ref:`1694_session-aging-list_udp` **Type:** Object **Reference Object:** :doc:`/axapi/v3/fw/session-aging/{name}/udp ` **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1694_session-aging-list_udp: session-aging-list_udp ^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **port-cfg** **Type:** List **udp-idle-timeout** **Description** Idle Timeout (sec), default is 120 (number) **Type:** number **Range:** 1-2097151 **Default:** 120 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1694_session-aging-list_udp_port-cfg: session-aging-list_udp_port-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **udp-idle-timeout** **Description** Idle Timeout (sec), default is 120 (number) **Type:** number **Range:** 1-2097151 **Default:** 120 **udp-port** **Description** **Type:** number **Range:** 1-65535 .. _1694_session-aging-list_tcp: session-aging-list_tcp ^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **force-delete-timeout** **Description** The maximum time that a session can stay in the system before being deleted, default is off (number (second)) **Type:** number **Range:** 1-31 **Mutual Exclusion:** force-delete-timeout and force-delete-timeout-100ms are mutually exclusive **force-delete-timeout-100ms** **Description** The maximum time that a session can stay in the system before being deleted, default is off (number in 100ms) **Type:** number **Range:** 1-31 **Mutual Exclusion:** force-delete-timeout-100ms and force-delete-timeout are mutually exclusive **half-close-idle-timeout** **Description** TCP Half Close Idle Timeout (sec), default is off (number) **Type:** number **Range:** 60-120 **half-open-idle-timeout** **Description** TCP Half Open Idle Timeout (sec), default is off (number) **Type:** number **Range:** 1-60 **port-cfg** **Type:** List **tcp-idle-timeout** **Description** Idle Timeout (sec), default is 600 (number) **Type:** number **Range:** 1-2097151 **Default:** 600 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1694_session-aging-list_tcp_port-cfg: session-aging-list_tcp_port-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **force-delete-timeout** **Description** The maximum time that a session can stay in the system before being deleted, default is off (number (second)) **Type:** number **Range:** 1-31 **Mutual Exclusion:** force-delete-timeout and force-delete-timeout-100ms are mutually exclusive **force-delete-timeout-100ms** **Description** The maximum time that a session can stay in the system before being deleted, default is off (number in 100ms) **Type:** number **Range:** 1-31 **Mutual Exclusion:** force-delete-timeout-100ms and force-delete-timeout are mutually exclusive **half-close-idle-timeout** **Description** TCP Half Close Idle Timeout (sec), default is off (number) **Type:** number **Range:** 60-120 **half-open-idle-timeout** **Description** TCP Half Open Idle Timeout (sec), default is off (number) **Type:** number **Range:** 1-60 **tcp-idle-timeout** **Description** Idle Timeout (sec), default is 600 (number) **Type:** number **Range:** 1-2097151 **tcp-port** **Description** **Type:** number **Range:** 1-65535 .. _1694_ddos-protection: ddos-protection ^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **action** **Description:** action is a **JSON Block**. Please see below for :ref:`1694_ddos-protection_action` **Type:** Object **dynamic-blacklist** **Description:** dynamic-blacklist is a **JSON Block**. Please see below for :ref:`1694_ddos-protection_dynamic-blacklist` **Type:** Object **logging** **Description:** logging is a **JSON Block**. Please see below for :ref:`1694_ddos-protection_logging` **Type:** Object **sampling-enable** **Type:** List **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1694_ddos-protection_action: ddos-protection_action ^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **action-type** **Description** 'drop': Log, and drop all packets (default); 'redistribute-route': Log, Drop, and Notify upstream router to reroute the packets; **Type:** string **Supported Values:** drop, redistribute-route **Default:** drop **expiration** **Description** To specify time in minutes to revert the action (Expiration time, in minutes (default is 5 mins)) **Type:** number **Range:** 2-144000 **Default:** 5 **expiration-route** **Description** To specify time in minutes to revert the action (Expiration time, in minutes (default is 60 mins)) **Type:** number **Range:** 2-144000 **Default:** 60 **remove-wait-timer** **Description** Max time to wait before removing IP from blackhole (Max value in seconds (default 300)) **Type:** number **Range:** 0-300 **Default:** 300 **route-map** **Description** Route map name **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters **timer-multiply-max** **Description** To specify max value of timer multiplier for attacks lasted long time (Max value of timer multiplier (default is 6)) **Type:** number **Range:** 1-100 **Default:** 6 .. _1694_ddos-protection_logging: ddos-protection_logging ^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **enable-action** **Description** 'local': Enable local logs only; 'remote': Enable logging to remote server & IPFIX; 'both': Enable both local & remote logs; **Type:** string **Supported Values:** local, remote, both **Default:** local **logging-action** **Description** 'enable': enable FW DDoS protection logging; 'disable': Disable both local & remote FW DDoS protection logging; **Type:** string **Supported Values:** enable, disable **Default:** enable .. _1694_ddos-protection_sampling-enable: ddos-protection_sampling-enable ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'ddos_entries_too_many': Too many DDOS entries; 'ddos_entry_added': DDOS entry added; 'ddos_entry_removed': DDOS entry removed; 'ddos_entry_added_to_bgp': DDoS Entry added to BGP; 'ddos_entry_removed_from_bgp': DDoS Entry Removed from BGP; 'ddos_entry_add_to_bgp_failure': DDoS Entry BGP add failures; 'ddos_entry_remove_from_bgp_failure': DDOS entry BGP remove failures; 'ddos_packet_dropped': DDOS Packet Drop; **Type:** string **Supported Values:** all, ddos_entries_too_many, ddos_entry_added, ddos_entry_removed, ddos_entry_added_to_bgp, ddos_entry_removed_from_bgp, ddos_entry_add_to_bgp_failure, ddos_entry_remove_from_bgp_failure, ddos_packet_dropped .. _1694_ddos-protection_dynamic-blacklist: ddos-protection_dynamic-blacklist ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **cpu-threshold** **Description** Core-level CPU usage threshold for dynamic blacklist creation (Core-level CPU usage threshold for dynamic blacklist creation (default is 60)) **Type:** number **Range:** 0-80 **Default:** 60 **dir** **Description** 'inbound': enable in inbound direction; 'outbound': enable in outbound direction; 'both': enable in both directions; **Type:** string **Supported Values:** inbound, outbound, both **Default:** both **dynamic-blacklist-action** **Description** 'enable': Enable protection against volumetric attacks using dynamic blacklist; 'disable': Disable protection against volumetric attacks using dynamic blacklist; **Type:** string **Supported Values:** enable, disable **Default:** disable **timeout** **Description** Timeout value (in seconds) for dynamic blacklist (Timeout value (in seconds) for dynamic blacklist(default is 5 seconds)) **Type:** number **Range:** 1-30 **Default:** 5 .. _1694_top-k-rules: top-k-rules ^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters