.. _slb_common: slb common ========== SLB related commands common Specification -------------------- ===================================== =================================================== **Parameter** **Value** ===================================== =================================================== **Type** *Configuration Resource* **Element Name** common **Element URI** /axapi/v3/slb/common **Element Attributes** common_attributes **Partition Visibility** shared **Operational Data URI** /axapi/v3/slb/common/oper **Schema** :download:`common schema ` ===================================== =================================================== **Operations Allowed:** .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html
OperationMethodURIPayload
Create Object .. raw:: html POST .. raw:: html /axapi/v3/slb/common .. raw:: html :ref:`2726_common_attributes` .. raw:: html
Get Object .. raw:: html GET .. raw:: html /axapi/v3/slb/common .. raw:: html :ref:`2726_common_attributes` .. raw:: html
Modify Object .. raw:: html POST .. raw:: html /axapi/v3/slb/common .. raw:: html :ref:`2726_common_attributes` .. raw:: html
Replace Object .. raw:: html PUT .. raw:: html /axapi/v3/slb/common .. raw:: html :ref:`2726_common_attributes` .. raw:: html
Delete Object .. raw:: html DELETE .. raw:: html /axapi/v3/slb/common .. raw:: html :ref:`2726_common_attributes` .. raw:: html
.. _2726_common_attributes: common attributes ----------------- **N5-new** **Description** HW assisted N5 SSL module with TLS 1.3 and TLS 1.2 support using OpenSSL 1.1.1 **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** N5-new,software, software-tls13, QAT, N5-old, and software-tls13-offload are mutually exclusive **N5-old** **Description** HW assisted N5 SSL module with TLS 1.2 support using OpenSSL 0.9.7 **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** N5-old,software, software-tls13, QAT, N5-new, and software-tls13-offload are mutually exclusive **QAT** **Description** HW assisted QAT SSL module **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** QAT,software, software-tls13, N5-new, N5-old, and software-tls13-offload are mutually exclusive **aflex-table-entry-aging-interval** **Description** aFleX table entry aging interval in second **Type:** number **Range:** 1-3600 **Default:** 1 **aflex-table-entry-sync** **Description:** aflex-table-entry-sync is a **JSON Block**. Please see below for :ref:`2726_aflex-table-entry-sync` **Type:** Object **Reference Object:** :doc:`/axapi/v3/slb/common/aflex-table-entry-sync ` **after-disable** **Description** Graceful shutdown after disable server/port and/or virtual server/port **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **allow-in-gateway-mode** **Description** Use source NAT gateway for L3 traffic for gateway mode **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **attack-resp-code** **Description** Custom response code **Type:** number **Range:** 400-599 **Default:** 410 **auto-nat-no-ip-refresh** **Description** 'enable': enable; 'disable': disable; **Type:** string **Supported Values:** enable, disable **Default:** enable **auto-translate-port** **Description** Auto Translate Port range **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **buff-thresh** **Description** Set buffer threshold **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **buff-thresh-hw-buff** **Description** Set hardware buffer threshold **Type:** number **Range:** 1-2147483647 **buff-thresh-relieve-thresh** **Description** Relieve threshold **Type:** number **Range:** 0-2147483647 **buff-thresh-sys-buff-high** **Description** Set high water mark of system buffer **Type:** number **Range:** 0-2147483647 **buff-thresh-sys-buff-low** **Description** Set low water mark of system buffer **Type:** number **Range:** 0-2147483647 **cache-expire-time** **Description** Cache expiration time, default is 1 minute **Type:** number **Range:** 1-480 **Default:** 1 **cancel-stream-loop-limit** **Description** Set global cancel stream loop limit (cancel stream loop limit, default is 5) **Type:** number **Range:** 0-50 **Default:** 5 **cert-pinning** **Description:** cert-pinning is a **JSON Block**. Please see below for :ref:`2726_cert-pinning` **Type:** Object **Reference Object:** :doc:`/axapi/v3/slb/common/cert-pinning ` **clientside-ip** **Description** Clientside IP address **Type:** string **Format:** ipv4-address **clientside-ipv6** **Description** Clientside IPv6 address **Type:** string **Format:** ipv6-address **compress-block-size** **Description** Set compression block size (Compression block size in bytes) **Type:** number **Range:** 6000-131008 **conn-rate-limit** **Description:** conn-rate-limit is a **JSON Block**. Please see below for :ref:`2726_conn-rate-limit` **Type:** Object **Reference Object:** :doc:`/axapi/v3/slb/common/conn-rate-limit ` **custom-message** **Description** Block message **Type:** string **Format:** string-rlx **Maximum Length:** 1023 characters **Maximum Length:** 1 characters **Mutual Exclusion:** custom-message and custom-page are mutually exclusive **custom-page** **Description** Specify the custom webpage name **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** custom-page and custom-message are mutually exclusive **custom-signal-clist** **Description** Provide custom signal names **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/class-list ` **ddos-pkt-count-thresh** **Description** Set packet count threshold for DDOS, default is 100 **Type:** number **Range:** 1-256 **Default:** 100 **ddos-pkt-size-thresh** **Description** Set data packet size threshold for DDOS, default is 64 bytes **Type:** number **Range:** 1-256 **Default:** 64 **ddos-protection** **Description:** ddos-protection is a **JSON Block**. Please see below for :ref:`2726_ddos-protection` **Type:** Object **disable-adaptive-resource-check** **Description** Disable adaptive resource check based on buffer usage **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **disable-persist-scoring** **Description** Disable Persist Scoring **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **disable-port-masking** **Description** Disable masking of ports for CPU hashing **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **disable-server-auto-reselect** **Description** Disable auto reselection of server **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dns-cache-age** **Description** Set DNS cache entry age, default is 300 seconds (1-1000000 seconds, default is 300 seconds) **Type:** number **Range:** 1-1000000 **Default:** 300 **dns-cache-age-min-threshold** **Description** Set DNS cache entry age minimum threshold, default is 0 seconds (1-1000000 seconds, default is 0 seconds) **Type:** number **Range:** 0-1000000 **Default:** 0 **dns-cache-aging-weight** **Description** Set DNS cache entry weight, default is 1 **Type:** number **Range:** 1-7 **Default:** 1 **dns-cache-enable** **Description** Enable DNS cache **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dns-cache-entry-size** **Description** Set DNS cache entry size, default is 256 bytes (1-4096 bytes, default is 256 bytes) **Type:** number **Range:** 1-4096 **Default:** 256 **dns-cache-sync** **Description** Enable DNS cache HA sync **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dns-cache-sync-entry-size** **Description** Only sync DNS cache with smaller size (1-4096 bytes, default is 256 bytes) **Type:** number **Range:** 1-4096 **Default:** 256 **dns-cache-sync-ttl-threshold** **Description** Only sync DNS cache with longer TTL (0-10000000 seconds, default is 0 second) **Type:** number **Range:** 0-10000000 **Default:** 0 **dns-cache-ttl-adjustment-enable** **Description** Enable DNS cache response ttl adjustment **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dns-negative-cache-enable** **Description** Enable DNS negative cache **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dns-persistent-cache-enable** **Description** Enable persistent DNS cache **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dns-persistent-cache-hit-threshold** **Description** Only save DNS cache with larger hit count (0-10000000, default is 0) **Type:** number **Range:** 0-10000000 **Default:** 0 **dns-persistent-cache-ttl-threshold** **Description** Only save DNS cache with longer TTL (0-10000000 seconds, default is 0 second) **Type:** number **Range:** 0-10000000 **Default:** 0 **dns-response-rate-limiting** **Description:** dns-response-rate-limiting is a **JSON Block**. Please see below for :ref:`2726_dns-response-rate-limiting` **Type:** Object **Reference Object:** :doc:`/axapi/v3/slb/common/dns-response-rate-limiting ` **dns-vip-stateless** **Description** Enable DNS VIP stateless mode **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **drop-icmp-to-vip-when-vip-down** **Description** Drop ICMP to VIP when VIP down **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dsr-health-check-enable** **Description** Enable dsr-health-check (direct server return health check) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **ecmp-hash** **Description** 'system-default': Use system default ecmp hashing algorithm; 'connection-based': Use connection information for hashing; **Type:** string **Supported Values:** system-default, connection-based **Default:** system-default **enable-ddos** **Description** Enable DDoS protection **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **enable-fast-path-rerouting** **Description** Enable Fast-Path Rerouting **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **enable-l7-req-acct** **Description** Enable L7 request accounting **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **entity** **Description** 'server': Graceful shutdown server/port only; 'virtual-server': Graceful shutdown virtual server/port only; **Type:** string **Supported Values:** server, virtual-server **exclude-destination** **Description** 'local': Maximum local rate; 'remote': Maximum remote rate; (Maximum rates) **Type:** string **Supported Values:** local, remote **extended-stats** **Description** Enable global slb extended statistics **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **fast-path-disable** **Description** Disable fast path in SLB processing **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **gateway-health-check** **Description** Enable gateway health check **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **graceful-shutdown** **Description** 1-65535, in unit of seconds **Type:** number **Range:** 1-65535 **graceful-shutdown-enable** **Description** Enable graceful shutdown **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **health-check-to-all-vip** **Description** **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **honor-server-response-ttl** **Description** Honor the server reponse TTL **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **http-fast-enable** **Description** Enable Http Fast in SLB processing **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **hw-compression** **Description** Use hardware compression **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **hw-syn-rr** **Description** Configure hardware SYN round robin (range 1-500000) **Type:** number **Range:** 1-500000 **interval** **Description** Specify the healthcheck interval, default is 5 seconds (Interval Value, in seconds (default 5)) **Type:** number **Range:** 1-180 **Default:** 5 **ipv4-offset** **Description** IPv4 Octet Offset for Hash **Type:** number **Range:** 0-3 **Default:** 0 **ipv6-subnet** **Description** IPv6 Octet Valid Subnet Length for Hash **Type:** number **Range:** 0-15 **Default:** 0 **l2l3-trunk-lb-disable** **Description** Disable L2/L3 trunk LB **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **log-for-reset-unknown-conn** **Description** Log when rate exceed **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **low-latency** **Description** Enable low latency mode **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **max-buff-queued-per-conn** **Description** Set per connection buffer threshold (Buffer value range 128-4096) **Type:** number **Range:** 128-4096 **Default:** 1000 **max-http-header-count** **Description** Set maximum number of HTTP headers allowed **Type:** number **Range:** 90-255 **Default:** 90 **max-local-rate** **Description** Set maximum local rate **Type:** number **Range:** 1-100 **Default:** 32 **max-persistent-cache** **Description** Define maximum persistent cache (Maximum persistent cache entry) **Type:** number **max-remote-rate** **Description** Set maximum remote rate **Type:** number **Range:** 1-1000000 **Default:** 15000 **monitor-mode-enable** **Description** Enable NG-WAF monitor mode **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **msl-time** **Description** Configure maximum session life, default is 2 seconds (1-39 seconds, default is 2 seconds) **Type:** number **Range:** 1-39 **Default:** 2 **mss-table** **Description** Set MSS table (128-750, default is 536) **Type:** number **Range:** 128-750 **Default:** 536 **multi-cpu** **Description** Specific NGWAF CPU **Type:** number **Range:** 0-28 **Default:** 0 **ngwaf-proxy-ipv4** **Description** IPv4 address **Type:** string **Format:** ipv4-address **Mutual Exclusion:** ngwaf-proxy-ipv4 and ngwaf-proxy-ipv6 are mutually exclusive **ngwaf-proxy-ipv6** **Description** IPv6 address **Type:** string **Format:** ipv6-address **Mutual Exclusion:** ngwaf-proxy-ipv6 and ngwaf-proxy-ipv4 are mutually exclusive **ngwaf-proxy-port** **Description** Port **Type:** number **Range:** 1-65534 **no-auto-up-on-aflex** **Description** Don't automatically mark vport up when aFleX is bound **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **odd-even-nat-enable** **Description** Enable odd even nat pool allocation in dual blade systems **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **one-server-conn-hm-rate** **Description** One Server Conn Health Check Rate **Type:** number **Range:** 1-60 **override-port** **Description** Enable override port in DSR health check mode **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **pbslb-entry-age** **Description** Set global pbslb entry age (minute) **Type:** number **Range:** 1-127 **Default:** 6 **pbslb-overflow-glid** **Description** Apply global limit id to overflow pbslb entry **Type:** string **Format:** string-rlx **Maximum Length:** 1023 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **per-thr-percent** **Description** Percentage of default session count to use for per thread session table size **Type:** number **Range:** 1-100 **ping-sweep-detection** **Description** 'enable': Enable ping sweep detection; 'disable': Disable ping sweep detection(default); **Type:** string **Supported Values:** enable, disable **Default:** disable **pkt-rate-for-reset-unknown-conn** **Description** **Type:** number **Range:** 1-1048575 **player-id-check-enable** **Description** Enable the Player id check **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **port** **Description** Serverside port number for SNI transmission **Type:** number **Range:** 1-65535 **port-scan-detection** **Description** 'enable': Enable port scan detection; 'disable': Disable port scan detection(default); **Type:** string **Supported Values:** enable, disable **Default:** disable **pre-process-enable** **Description** Enable NG-WAF pre-processing **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **quic** **Description:** quic is a **JSON Block**. Please see below for :ref:`2726_quic` **Type:** Object **Reference Object:** :doc:`/axapi/v3/slb/common/quic ` **range** **Description** auto translate port range **Type:** number **Range:** 1-3 **range-end** **Description** port range end **Type:** number **Range:** 0-65535 **range-start** **Description** port range start **Type:** number **Range:** 0-65535 **rate-limit-logging** **Description** Configure rate limit logging **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **recursive-ns-cache** **Description** 'honor-packet-ttl': Honor the lowest TTL among NS records in the server response; 'honor-age-config': Honor the ttl/age settings based on acos dns cache configuration; **Type:** string **Supported Values:** honor-packet-ttl, honor-age-config **Default:** honor-packet-ttl **reset-stale-session** **Description** Send reset if session in delete queue receives a SYN packet **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **resolve-port-conflict** **Description** Enable client port service port conflicts **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **response-type** **Description** 'single-answer': Only cache DNS response with single answer; 'round-robin': Round robin; **Type:** string **Supported Values:** single-answer, round-robin **scale-out** **Description** Enable SLB scale out **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **scale-out-traffic-map** **Description** Set SLB scaleout traffic-map **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **serverside-ip** **Description** Serverside IP address **Type:** string **Format:** ipv4-address **serverside-ipv6** **Description** Serverside IPv6 address **Type:** string **Format:** ipv6-address **service-group-on-no-dest-nat-vports** **Description** 'allow-same': Allow the binding service-group on no-dest-nat virtual ports; 'enforce-different': Enforce that the same service-group can not be bound on different no-dest-nat virtual ports; **Type:** string **Supported Values:** allow-same, enforce-different **Default:** enforce-different **show-slb-server-legacy-cmd** **Description** Enable show slb server legacy command **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **show-slb-service-group-legacy-cmd** **Description** Enable show slb service-group legacy command **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **show-slb-virtual-server-legacy-cmd** **Description** Enable show slb virtual-server legacy command **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **snat-gwy-for-l3** **Description** Use source NAT gateway for L3 traffic for transparent mode **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **snat-on-vip** **Description** Enable source NAT traffic against VIP **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **snat-preserve** **Description:** snat-preserve is a **JSON Block**. Please see below for :ref:`2726_snat-preserve` **Type:** Object **software** **Description** Software **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** software,software-tls13, QAT, N5-new, N5-old, and software-tls13-offload are mutually exclusive **software-tls13** **Description** Software TLS1.3 **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** software-tls13,software, QAT, N5-new, N5-old, and software-tls13-offload are mutually exclusive **software-tls13-offload** **Description** Software TLS1.3 with CPU Offload Support **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** software-tls13-offload,software, software-tls13, QAT, N5-new, and N5-old are mutually exclusive **sort-res** **Description** Enable SLB sorting of resource names **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **ssl-module-usage-enable** **Description** Enable SSL module usage calculations for QAT **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **ssl-n5-delay-tx-enable** **Description** Enable delay transmission for N5-new **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **ssl-ratelimit-cfg** **Description:** ssl-ratelimit-cfg is a **JSON Block**. Please see below for :ref:`2726_ssl-ratelimit-cfg` **Type:** Object **ssli-cert-not-ready-inspect-limit** **Description** SSLI asynchronized connection max number, default is 2000 (set to 0 for unlimited size) **Type:** number **Range:** 0-2147483647 **Default:** 2000 **ssli-cert-not-ready-inspect-timeout** **Description** SSLI asynchronized connection timeout, default is 10 seconds (seconds, set to 0 for never timeout) **Type:** number **Range:** 0-2147483647 **Default:** 10 **ssli-silent-termination-enable** **Description** Terminate the SSLi sessions silently without sending RST/FIN packet **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **ssli-sni-hash-enable** **Description** Enable SSLi SNI hash table **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **stateless-sg-multi-binding** **Description** Enable stateless service groups to be assigned to multiple L2/L3 DSR VIPs **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **stats-data-disable** **Description** Disable global slb data statistics **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **substitute-source-mac** **Description** Substitute Source MAC Address to that of the outgoing interface **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **timeout** **Description** Specify the healthcheck timeout value, default is 15 seconds (Timeout Value, in seconds (default 15)) **Type:** number **Range:** 1-360 **Default:** 15 **traffic-map-type** **Description** 'vport': traffic-map per vport; 'global': global traffic-map; **Type:** string **Supported Values:** vport, global **Default:** vport **ttl-threshold** **Description** Only cache DNS response with longer TTL **Type:** number **Range:** 1-10000000 **use-default-sess-count** **Description** Use default session count **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **use-https-proxy** **Description** NG-WAF connects to Cloud through proxy server **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **use-mgmt-port** **Description** Use management port to connect **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **use-mss-tab** **Description** Use MSS based on internal table for SLB processing **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **vport-global** **Description** Configure periodic showtech vport paging global limit **Type:** number **Range:** 0-512 **vport-l3v** **Description** Configure periodic showtech vport paging l3v limit **Type:** number **Range:** 0-128 .. _2726_aflex-table-entry-sync: aflex-table-entry-sync ^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **aflex-table-entry-sync-enable** **Description** Enable aflex table sync **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **aflex-table-entry-sync-max-key-len** **Description** aflex table entry max key length to sync **Type:** number **Range:** 0-1000 **Default:** 1000 **aflex-table-entry-sync-max-value-len** **Description** aflex table entry max value length to sync **Type:** number **Range:** 0-1000 **Default:** 1000 **aflex-table-entry-sync-min-lifetime** **Description** aflex table entry minimum lifetime to sync **Type:** number **Range:** 0-65535 **Default:** 0 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _2726_cert-pinning: cert-pinning ^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **candidate-list-feedback-opt-in** **Description:** candidate-list-feedback-opt-in is a **JSON Block**. Please see below for :ref:`2726_cert-pinning_candidate-list-feedback-opt-in` **Type:** Object **Reference Object:** :doc:`/axapi/v3/slb/common/cert-pinning/candidate-list-feedback-opt-in ` **ttl** **Description** The ttl of local cert pinning candidate list, multiple of 10 minutes, default is 144 (1440 minutes) **Type:** number **Range:** 1-1008 **Default:** 144 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _2726_cert-pinning_candidate-list-feedback-opt-in: cert-pinning_candidate-list-feedback-opt-in ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **daily** **Description** Every day **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** daily and weekly are mutually exclusive **day-time** **Description** Time of day to update (hh:mm) in 24 hour local time **Type:** string **Format:** time-hhmm **enable** **Description** Enable the feedback function **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **schedule** **Description** schedule the uploading time, default is daily 00:00 **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **use-mgmt-port** **Description** Use management port to connect **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **week-day** **Description** 'Monday': Monday; 'Tuesday': Tuesday; 'Wednesday': Wednesday; 'Thursday': Thursday; 'Friday': Friday; 'Saturday': Saturday; 'Sunday': Sunday; **Type:** string **Supported Values:** Monday, Tuesday, Wednesday, Thursday, Friday, Saturday, Sunday **week-time** **Description** Time of day to update (hh:mm) in 24 hour local time **Type:** string **Format:** time-hhmm **weekly** **Description** Every week **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** weekly and daily are mutually exclusive .. _2726_dns-response-rate-limiting: dns-response-rate-limiting ^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **max-table-entries** **Description** Maximum number of entries allowed **Type:** number **Range:** 1000-4194304 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _2726_ssl-ratelimit-cfg: ssl-ratelimit-cfg ^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **disable-rate** **Description** Disable HW SSL Rate limit for N5-new **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** disable-rate, tls12-rate, and tls13-rate are mutually exclusive **tls12-rate** **Description** Enabling Rateliming for TLS1.2 HW requests per chip in 1K - default 120 **Type:** number **Range:** 1-1000 **Default:** 120 **Mutual Exclusion:** tls12-rate and disable-rate are mutually exclusive **tls13-rate** **Description** Enabling Rateliming for TLS1.3 HW requests per chip in 1K - default 72 **Type:** number **Range:** 1-200 **Default:** 72 **Mutual Exclusion:** tls13-rate and disable-rate are mutually exclusive .. _2726_quic: quic ^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **cid-len** **Description** Length of CID **Type:** number **Range:** 4-20 **Default:** 4 **cpu-offset** **Description** Offset for Encoded CPU **Type:** number **Range:** 0-15 **Default:** 12 **enable-hash** **Description** Enable CID Hashing **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **enable-signature** **Description** Enable CID Signature Validation **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **quic-lb-offset** **Description** Offset for QUIC-LB **Type:** number **Range:** 0-15 **Default:** 8 **signature** **Description** Set CID Signature **Type:** string **Maximum Length:** 128 characters **Maximum Length:** 1 characters **signature-len** **Description** Offset for CID Signature **Type:** number **Range:** 1-4 **Default:** 3 **signature-offset** **Description** Offset for CID Signature **Type:** number **Range:** 0-15 **Default:** 4 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _2726_conn-rate-limit: conn-rate-limit ^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **src-ip-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/slb/common/conn-rate-limit/src-ip/{disable-ipv6-support}+{protocol} ` .. _2726_conn-rate-limit_src-ip-list: conn-rate-limit_src-ip-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **disable-ipv6-support** **Description** **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exceed-action** **Description** Set action if threshold exceeded **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **limit** **Description** Set max connections per period **Type:** number **Range:** 1-1000000 **limit-period** **Description** '100': 100 ms; '1000': 1000 ms; **Type:** string **Supported Values:** 100, 1000 **lock-out** **Description** Set lockout period in seconds if threshold exceeded **Type:** number **Range:** 1-3600 **log** **Description** Send log if threshold exceeded **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **protocol** **Description** 'tcp': Set TCP connection rate limit; 'udp': Set UDP packet rate limit; **Type:** string **Supported Values:** tcp, udp **shared** **Description** Set threshold shared amongst all virtual ports **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _2726_ddos-protection: ddos-protection ^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **ipd-enable-toggle** **Description** 'enable': Enable SLB DDoS protection; 'disable': Disable SLB DDoS protection (default); **Type:** string **Supported Values:** enable, disable **Default:** disable **logging** **Description:** logging is a **JSON Block**. Please see below for :ref:`2726_ddos-protection_logging` **Type:** Object **packets-per-second** **Description:** packets-per-second is a **JSON Block**. Please see below for :ref:`2726_ddos-protection_packets-per-second` **Type:** Object .. _2726_ddos-protection_packets-per-second: ddos-protection_packets-per-second ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **ipd-tcp** **Description** Configure packets-per-second threshold per TCP port (default: 200) **Type:** number **Range:** 0-65535 **Default:** 200 **ipd-udp** **Description** Configure packets-per-second threshold per UDP port (default: 200) **Type:** number **Range:** 0-65535 **Default:** 200 .. _2726_ddos-protection_logging: ddos-protection_logging ^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **ipd-logging-toggle** **Description** 'enable': Enable SLB DDoS protection logging (default); 'disable': Disable SLB DDoS protection logging; **Type:** string **Supported Values:** enable, disable **Default:** enable .. _2726_snat-preserve: snat-preserve ^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **range** **Type:** List .. _2726_snat-preserve_range: snat-preserve_range ^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **port1** **Description** start port **Type:** number **Range:** 1025-65535 **Default:** 1025 **port2** **Description** end port which is greater than start **Type:** number **Range:** 1025-65535 **Default:** 1025