.. _fw_ddos_protection:

fw ddos-protection
==================

Configure FW DDoS Protection


ddos-protection Specification
-----------------------------

	===================================== ===========================================================
	 **Parameter**                         **Value** 

	===================================== ===========================================================
	 **Type**                              *Configuration Resource*

	 **Element Name**                      ddos-protection

	 **Element URI**                       /axapi/v3/fw/ddos-protection

	 **Element Attributes**                ddos-protection_attributes

	 **Partition Visibility**              shared

	 **Statistics Data URI**               /axapi/v3/fw/ddos-protection/stats

	 **Operational Data URI**              /axapi/v3/fw/ddos-protection/oper

	 **Schema**                             :download:`ddos-protection schema <fw-ddos-protection/fw-ddos-protection.txt>`
	===================================== ===========================================================





	**Operations Allowed:**




.. raw:: html

   <script type="text/javascript">
 function showExample(a,b) { document.getElementById(a+'_div').style.display = 'block'; document.getElementById(a+'_cl').style.display = 'block'; document.getElementById(a+'_eg').style.display = 'none';}
   function closeExample(a,b) { document.getElementById(a+'_div').style.display = 'none'; document.getElementById(a+'_cl').style.display = 'none'; document.getElementById(a+'_eg').style.display = 'block';}
 </script>
   <table width='90%' style='margin-left:5%'>



.. raw:: html

   <tr style='border-bottom: thin solid; border-top: thin solid'><th width=15%>Operation</th><th width=10%>Method</th><th>URI</th><th width=15%>Payload</th><th width=10%></th></tr>




.. raw:: html

   <tr  style='border-bottom: thin solid;'><td valign = 'top'>


Create Object



.. raw:: html

   </td><td valign = 'top'>


POST



.. raw:: html

   </td><td valign = 'top'>


/axapi/v3/fw/ddos-protection



.. raw:: html

   </td><td valign = 'top'>


:ref:`1623_ddos-protection_attributes`



.. raw:: html

   </td><td><button id='post_eg' onClick="showExample('post')">example</button> <button id='post_cl' onClick="closeExample('post')" style='display:none'>close</button></td></tr>




.. raw:: html

   <tr><td colspan=5 style='padding: 0         % 0    %;' valign = 'top'><div id='post_div' style='display:none'>


.. include:: ../artifacts/fw_ddos_protection_POST.txt
   :literal:




.. raw:: html

   </div></td></tr>


.. raw:: html

   <tr  style='border-bottom: thin solid;'><td valign = 'top'>


Get Object



.. raw:: html

   </td><td valign = 'top'>


GET



.. raw:: html

   </td><td valign = 'top'>


/axapi/v3/fw/ddos-protection



.. raw:: html

   </td><td valign = 'top'>


:ref:`1623_ddos-protection_attributes`



.. raw:: html

   </td><td><button id='get_eg' onClick="showExample('get')">example</button> <button id='get_cl' onClick="closeExample('get')" style='display:none'>close</button></td></tr>




.. raw:: html

   <tr><td colspan=5 style='padding: 0         % 0    %;' valign = 'top'><div id='get_div' style='display:none'>


.. include:: ../artifacts/fw_ddos_protection_GET.txt
   :literal:




.. raw:: html

   </div></td></tr>


.. raw:: html

   <tr  style='border-bottom: thin solid;'><td valign = 'top'>


Modify Object



.. raw:: html

   </td><td valign = 'top'>


POST



.. raw:: html

   </td><td valign = 'top'>


/axapi/v3/fw/ddos-protection



.. raw:: html

   </td><td valign = 'top'>


:ref:`1623_ddos-protection_attributes`



.. raw:: html

   </td><td></td></tr>




.. raw:: html

   <tr  style='border-bottom: thin solid;'><td valign = 'top'>


Delete Object



.. raw:: html

   </td><td valign = 'top'>


DELETE



.. raw:: html

   </td><td valign = 'top'>


/axapi/v3/fw/ddos-protection



.. raw:: html

   </td><td valign = 'top'>


:ref:`1623_ddos-protection_attributes`



.. raw:: html

   </td><td><button id='delete_eg' onClick="showExample('delete')">example</button> <button id='delete_cl' onClick="closeExample('delete')" style='display:none'>close</button></td></tr>




.. raw:: html

   <tr><td colspan=5 style='padding: 0         % 0    %;' valign = 'top'><div id='delete_div' style='display:none'>


.. include:: ../artifacts/fw_ddos_protection_DELETE.txt
   :literal:




.. raw:: html

   </div></td></tr>


.. raw:: html

   </table>

.. _1623_ddos-protection_attributes:

ddos-protection attributes
--------------------------

    **action**

        **Description:** action is a **JSON Block**.  Please see below for :ref:`1623_action` 

        **Type:** Object

    **dynamic-blacklist**

        **Description:** dynamic-blacklist is a **JSON Block**.  Please see below for :ref:`1623_dynamic-blacklist` 

        **Type:** Object

    **logging**

        **Description:** logging is a **JSON Block**.  Please see below for :ref:`1623_logging` 

        **Type:** Object

    **sampling-enable**

        **Type:** List

    **uuid**

        **Description** uuid of the object

        **Type:** string

        **Maximum Length:** 64 characters

        **Maximum Length:** 1 characters

.. _1623_action:

action
^^^^^^
	=============================== ===================================================
	**Specification**                 **Value**
	=============================== ===================================================
	 **Type**                        *object*

	=============================== ===================================================

    **action-type**

        **Description** 'drop': Log, and drop all packets (default); 'redistribute-route': Log, Drop, and Notify upstream router to reroute the packets; 

        **Type:** string

        **Supported Values:** drop, redistribute-route

        **Default:** drop

    **expiration**

        **Description** To specify time in minutes to revert the action (Expiration time, in minutes (default is 5 mins))

        **Type:** number

        **Range:** 2-144000

        **Default:** 5

    **expiration-route**

        **Description** To specify time in minutes to revert the action (Expiration time, in minutes (default is 60 mins))

        **Type:** number

        **Range:** 2-144000

        **Default:** 60

    **remove-wait-timer**

        **Description** Max time to wait before removing IP from blackhole (Max value in seconds (default 300))

        **Type:** number

        **Range:** 0-300

        **Default:** 300

    **route-map**

        **Description** Route map name

        **Type:** string

        **Maximum Length:** 128 characters

        **Maximum Length:** 1 characters

    **timer-multiply-max**

        **Description** To specify max value of timer multiplier for attacks lasted long time (Max value of timer multiplier (default is 6))

        **Type:** number

        **Range:** 1-100

        **Default:** 6

.. _1623_logging:

logging
^^^^^^^
	=============================== ===================================================
	**Specification**                 **Value**
	=============================== ===================================================
	 **Type**                        *object*

	=============================== ===================================================

    **enable-action**

        **Description** 'local': Enable local logs only; 'remote': Enable logging to remote server & IPFIX; 'both': Enable both local & remote logs; 

        **Type:** string

        **Supported Values:** local, remote, both

        **Default:** local

    **logging-action**

        **Description** 'enable': enable FW DDoS protection logging; 'disable': Disable both local & remote FW DDoS protection logging; 

        **Type:** string

        **Supported Values:** enable, disable

        **Default:** enable

.. _1623_sampling-enable:

sampling-enable
^^^^^^^^^^^^^^^
	=============================== ===================================================
	**Specification**                 **Value**
	=============================== ===================================================
	 **Type**                        *list*

	 **Block object keys**             

	=============================== ===================================================

    **counters1**

        **Description** 'all': all; 'ddos_entries_too_many': Too many DDOS entries; 'ddos_entry_added': DDOS entry added; 'ddos_entry_removed': DDOS entry removed; 'ddos_entry_added_to_bgp': DDoS Entry added to BGP; 'ddos_entry_removed_from_bgp': DDoS Entry Removed from BGP; 'ddos_entry_add_to_bgp_failure': DDoS Entry BGP add failures; 'ddos_entry_remove_from_bgp_failure': DDOS entry BGP remove failures; 'ddos_packet_dropped': DDOS Packet Drop; 

        **Type:** string

        **Supported Values:** all, ddos_entries_too_many, ddos_entry_added, ddos_entry_removed, ddos_entry_added_to_bgp, ddos_entry_removed_from_bgp, ddos_entry_add_to_bgp_failure, ddos_entry_remove_from_bgp_failure, ddos_packet_dropped

.. _1623_dynamic-blacklist:

dynamic-blacklist
^^^^^^^^^^^^^^^^^
	=============================== ===================================================
	**Specification**                 **Value**
	=============================== ===================================================
	 **Type**                        *object*

	=============================== ===================================================

    **cpu-threshold**

        **Description** Core-level CPU usage threshold for dynamic blacklist creation (Core-level CPU usage threshold for dynamic blacklist creation (default is 60))

        **Type:** number

        **Range:** 0-80

        **Default:** 60

    **dir**

        **Description** 'inbound': enable in inbound direction; 'outbound': enable in outbound direction; 'both': enable in both directions; 

        **Type:** string

        **Supported Values:** inbound, outbound, both

        **Default:** both

    **dynamic-blacklist-action**

        **Description** 'enable': Enable protection against volumetric attacks using dynamic blacklist; 'disable': Disable protection against volumetric attacks using dynamic blacklist; 

        **Type:** string

        **Supported Values:** enable, disable

        **Default:** disable

    **timeout**

        **Description** Timeout value (in seconds) for dynamic blacklist (Timeout value (in seconds) for dynamic blacklist(default is 5 seconds))

        **Type:** number

        **Range:** 1-30

        **Default:** 5