ddos dst zone port-range¶

DDOS Port-Range & Protocol configuration

port-range Specification¶

Parameter Value

Type Collection

Object Key(s) port-range-start, port-range-end, protocol

Collection Name port-range-list

Collection URI /axapi/v3/ddos/dst/zone/{zone-name}/port-range

Element Name port-range

Element URI /axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}

Element Attributes port-range_attributes

Partition Visibility shared

Statistics Data URI /axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/stats

Operational Data URI /axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/oper

Schema port-range schema

Operations Allowed:

Operation	Method	URI	Payload
Create Object	POST	/axapi/v3/ddos/dst/zone/{zone-name}/port-range	port-range attributes
Create List	POST	/axapi/v3/ddos/dst/zone/{zone-name}/port-range	port-range attributes
Get Object	GET	/axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}	port-range attributes
Get List	GET	/axapi/v3/ddos/dst/zone/{zone-name}/port-range	port-range-list
Modify Object	POST	/axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}	port-range attributes
Replace Object	PUT	/axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}	port-range attributes
Replace List	PUT	/axapi/v3/ddos/dst/zone/{zone-name}/port-range	port-range-list
Delete Object	DELETE	/axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}	port-range attributes

port-range-list¶

port-range-list is JSON List of port-range attributes

port-range-list : [

{ port-range attributes },

{ port-range attributes },

…

]

port-range attributes¶

age

Description Idle age for ip entry

Type: number

Range: 2-1023

Default: 5

apply-policy-on-overflow

Description Enable this flag to apply overflow policy when dynamic entry count overflows

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

default-action-list

Description Configure default-action-list

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Reference Object: /axapi/v3/ddos/action-list

deny

Description Blacklist and Drop all incoming packets for protocol

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dynamic-entry-overflow-policy-list

Type: List

Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/dynamic-entry-overflow-policy/{dummy-name}

enable-class-list-overflow

Description Apply class-list overflow policy upon exceeding dynamic entry count specified under zone port or each class-list

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

enable-top-k

Description Enable ddos top-k source IP detection

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

enable-top-k-destination

Description Enable ddos top-k destination IP detection

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

faster-de-escalation

Description De-escalate faster in standalone mode

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

glid-cfg

Description: glid-cfg is a JSON Block. Please see below for glid-cfg

Type: Object

ip-filtering-policy

Description Configure IP Filter

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Reference Object: /axapi/v3/ddos/ip-filtering-policy

ip-filtering-policy-oper

Description: ip-filtering-policy-oper is a JSON Block. Please see below for ip-filtering-policy-oper

Type: Object

Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/ip-filtering-policy-oper

ips

Description: ips is a JSON Block. Please see below for ips

Type: Object

Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/ips

level-list

Type: List

Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/level/{level-num}

manual-mode-enable

Description Toggle manual mode to use fix templates

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

manual-mode-list

Type: List

Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/manual-mode/{config}

max-dynamic-entry-count

Description Maximum count for dynamic source zone service entry

Type: number

Range: 0-2147483647

outbound-only

Description Only allow outbound traffic

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

pattern-recognition

Description: pattern-recognition is a JSON Block. Please see below for pattern-recognition

Type: Object

Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/pattern-recognition

pattern-recognition-pu-details

Description: pattern-recognition-pu-details is a JSON Block. Please see below for pattern-recognition-pu-details

Type: Object

Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/pattern-recognition-pu-details

port-ind

Description: port-ind is a JSON Block. Please see below for port-ind

Type: Object

Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/port-ind

port-range-end

Description Port-Range End Port Number

Type: number

Range: 1-65535

port-range-start

Description Port-Range Start Port Number

Type: number

Range: 1-65535

progression-tracking

Description: progression-tracking is a JSON Block. Please see below for progression-tracking

Type: Object

Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/progression-tracking

protocol

Description ‘dns-tcp’: DNS-TCP Port; ‘dns-udp’: DNS-UDP Port; ‘http’: HTTP Port; ‘tcp’: TCP Port; ‘udp’: UDP Port; ‘ssl-l4’: SSL-L4 Port; ‘sip-udp’: SIP-UDP Port; ‘sip-tcp’: SIP-TCP Port; ‘quic’: QUIC Port;

Type: string

Supported Values: dns-tcp, dns-udp, http, tcp, udp, ssl-l4, sip-udp, sip-tcp, quic

set-counter-base-val

Description Set T2 counter value of current context to specified value

Type: number

Range: 1-4294967295

sflow-common

Description Enable all sFlow polling options under this zone port

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: sflow-common,sflow-packets, sflow-tcp-basic, sflow-tcp-stateful, and sflow-http are mutually exclusive

sflow-http

Description Enable sFlow HTTP counter polling

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: sflow-http and sflow-common are mutually exclusive

sflow-packets

Description Enable sFlow packet-level counter polling

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: sflow-packets and sflow-common are mutually exclusive

sflow-tcp

Description: sflow-tcp is a JSON Block. Please see below for sflow-tcp

Type: Object

src-based-policy-list

Type: List

Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/src-based-policy/{src-based-policy-name}

stateful

Description Enable stateful tracking of sessions (Default is stateless)

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

topk-destinations

Description: topk-destinations is a JSON Block. Please see below for topk-destinations

Type: Object

Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/topk-destinations

topk-dst-num-records

Description Maximum number of records to show in topk

Type: number

Range: 1-100

Default: 20

topk-num-records

Description Maximum number of records to show in topk

Type: number

Range: 1-100

Default: 20

topk-sources

Description: topk-sources is a JSON Block. Please see below for topk-sources

Type: Object

Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/topk-sources

unlimited-dynamic-entry-count

Description No limit for maximum dynamic src entry count

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

user-tag

Description Customized tag

Type: string

Format: string-rlx

Maximum Length: 127 characters

Maximum Length: 1 characters

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

pattern-recognition¶

Specification Value

Type object

algorithm

Description ‘heuristic’: heuristic algorithm;

Type: string

Supported Values: heuristic

app-payload-offset

Description Set offset of the payload, default 0

Type: number

Range: 0-1500

capture-traffic

Description ‘all’: Capture all packets; ‘dropped’: Capture dropped packets (default);

Type: string

Supported Values: all, dropped

filter-inactive-threshold

Description Extracted filter inactive threshold

Type: number

Range: 5-255

filter-threshold

Description Extracted filter threshold

Type: number

Range: 0-100

mode

Description ‘capture-never-expire’: War-time capture without rate exceeding and never expires; ‘manual’: Manual mode;

Type: string

Supported Values: capture-never-expire, manual

sensitivity

Description ‘high’: High Sensitivity; ‘medium’: Medium Sensitivity; ‘low’: Low Sensitivity;

Type: string

Supported Values: high, medium, low

triggered-by

Description ‘zone-escalation’: Zone escalation trigger pattern recognition; ‘packet-rate-exceeds’: Packet rate limit exceeds trigger pattern recognition (default);

Type: string

Supported Values: zone-escalation, packet-rate-exceeds

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

progression-tracking¶

Specification Value

Type object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

ips¶

Specification Value

Type object

sampling-enable

Type: List

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

ips_sampling-enable¶

Specification Value

Type list

Block object keys

counters1

Description ‘all’: all; ‘ips_matched_total’: IPS Matched Total; ‘ips_matched_action_pass’: IPS Matched Action Pass; ‘ips_matched_action_drop’: IPS Matched Action Drop; ‘ips_matched_action_blacklist’: IPS Matched Action Blacklist; ‘ips_matched_severity_high’: IPS Matched Severity High; ‘ips_matched_severity_medium’: IPS Matched Severity Medium; ‘ips_matched_severity_low’: IPS Matched Severity Low; ‘src_ips_matched_action_pass’: Src IPS Matched Action Pass; ‘src_ips_matched_action_drop’: Src IPS Matched Action Drop; ‘src_ips_matched_action_blacklist’: Src IPS Matched Action Blacklist; ‘src_ips_matched_severity_high’: Src IPS Matched Severity High; ‘src_ips_matched_severity_medium’: Src IPS Matched Severity Medium; ‘src_ips_matched_severity_low’: Src IPS Matched Severity Low;

Type: string

Supported Values: all, ips_matched_total, ips_matched_action_pass, ips_matched_action_drop, ips_matched_action_blacklist, ips_matched_severity_high, ips_matched_severity_medium, ips_matched_severity_low, src_ips_matched_action_pass, src_ips_matched_action_drop, src_ips_matched_action_blacklist, src_ips_matched_severity_high, src_ips_matched_severity_medium, src_ips_matched_severity_low

glid-cfg¶

Specification Value

Type object

action-list

Description Configure action-list to take

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Reference Object: /axapi/v3/ddos/action-list

glid

Description Global limit ID for the whole zone

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Reference Object: /axapi/v3/glid

glid-action

Description ‘drop’: Drop packets for glid exceed (Default if default-action-list is not configured); ‘ignore’: Do nothing for glid exceed;

Type: string

Supported Values: drop, ignore

per-addr-glid

Description Global limit ID per address

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Reference Object: /axapi/v3/glid

level-list¶

Specification Value

Type list

Block object keys

apply-extracted-filters

Description Apply extracted filters from this level

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

close-sessions-for-unauth-sources

Description Close session for unauthenticated sources

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

glid-action

Description ‘drop’: Drop packets for glid exceed (Default); ‘blacklist-src’: Blacklist-src for glid exceed; ‘ignore’: Do nothing for glid exceed;

Type: string

Supported Values: drop, blacklist-src, ignore

indicator-list

Type: List

Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/level/{level-num}/indicator/{type}

level-num

Description ‘0’: Default policy level; ‘1’: Policy level 1; ‘2’: Policy level 2; ‘3’: Policy level 3; ‘4’: Policy level 4;

Type: string

Supported Values: 0, 1, 2, 3, 4

src-default-glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Reference Object: /axapi/v3/glid

src-escalation-score

Description Source activation score of this level

Type: number

Range: 1-1000000

src-violation-actions

Description Violation actions apply due to source escalate from this level

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Reference Object: /axapi/v3/ddos/violation-actions

start-pattern-recognition

Description Start pattern recognition from this level

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

user-tag

Description Customized tag

Type: string

Format: string-rlx

Maximum Length: 127 characters

Maximum Length: 1 characters

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-escalation-score

Description Zone activation score of this level

Type: number

Range: 1-1000000

zone-template

Description: zone-template is a JSON Block. Please see below for level-list_zone-template

Type: Object

zone-violation-actions

Description Violation actions apply due to zone escalate from this level

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Reference Object: /axapi/v3/ddos/violation-actions

level-list_zone-template¶

Specification Value

Type object

dns

Description DDOS dns template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

encap

Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

http

Description DDOS http template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

quic

Description DDOS quic template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

sip

Description DDOS sip template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

ssl-l4

Description DDOS ssl-l4 template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

tcp

Description DDOS tcp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

udp

Description DDOS udp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

level-list_indicator-list¶

Specification Value

Type list

Block object keys

data-packet-size

Description Expected minimal data size

Type: number

Range: 1-1500

score

Description Score corresponding to the indicator

Type: number

Range: 1-1000000

src-threshold-large-num

Description Indicator per-src threshold

Type: number

Range: 1-10995116277760

src-threshold-num

Description Indicator per-src threshold

Type: number

Range: 1-2147483647

src-threshold-str

Description Indicator per-src threshold (Non-zero floating point)

Type: string

Maximum Length: 128 characters

Maximum Length: 1 characters

src-violation-actions

Description Violation actions to use when this src indicator threshold reaches

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Reference Object: /axapi/v3/ddos/violation-actions

tcp-window-size

Description Expected minimal window size

Type: number

Range: 1-500

type

Description ‘pkt-rate’: rate of incoming packets; ‘pkt-drop-rate’: rate of packets got dropped; ‘bit-rate’: rate of incoming bits; ‘pkt-drop-ratio’: ratio of incoming packet rate divided by the rate of dropping packets; ‘bytes-to-bytes-from-ratio’: ratio of incoming packet rate divided by the rate of outgoing packets; ‘concurrent-conns’: number of concurrent connections; ‘conn-miss-rate’: rate of incoming packets for which no previously established connection exists; ‘syn-rate’: rate on incoming SYN packets; ‘fin-rate’: rate on incoming FIN packets; ‘rst-rate’: rate of incoming RST packets; ‘small-window-ack-rate’: rate of small window advertisement; ‘empty-ack-rate’: rate of incoming packets which have no payload; ‘small-payload-rate’: rate of short payload packet; ‘syn-fin-ratio’: ratio of incoming SYN packet rate divided by the rate of incoming FIN packets; ‘cpu-utilization’: average data CPU utilization; ‘interface-utilization’: outside interface utilization;

Type: string

Supported Values: pkt-rate, pkt-drop-rate, bit-rate, pkt-drop-ratio, bytes-to-bytes-from-ratio, concurrent-conns, conn-miss-rate, syn-rate, fin-rate, rst-rate, small-window-ack-rate, empty-ack-rate, small-payload-rate, syn-fin-ratio, cpu-utilization, interface-utilization

user-tag

Description Customized tag

Type: string

Format: string-rlx

Maximum Length: 127 characters

Maximum Length: 1 characters

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-threshold-large-num

Description Threshold for the entire zone

Type: number

Range: 1-10995116277760

zone-threshold-num

Description Threshold for the entire zone

Type: number

Range: 1-2147483647

zone-threshold-str

Description Threshold for the entire zone (Non-zero floating point)

Type: string

Maximum Length: 128 characters

Maximum Length: 1 characters

zone-violation-actions

Description Violation actions to use when this zone indicator threshold reaches

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Reference Object: /axapi/v3/ddos/violation-actions

manual-mode-list¶

Specification Value

Type list

Block object keys

close-sessions-for-unauth-sources

Description Close session for unauthenticated sources

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

config

Description ‘configuration’: Manual-mode configuration;

Type: string

Supported Values: configuration

glid-action

Description ‘drop’: Drop packets for glid exceed (Default); ‘blacklist-src’: Blacklist-src for glid exceed; ‘ignore’: Do nothing for glid exceed;

Type: string

Supported Values: drop, blacklist-src, ignore

src-default-glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Reference Object: /axapi/v3/glid

user-tag

Description Customized tag

Type: string

Format: string-rlx

Maximum Length: 127 characters

Maximum Length: 1 characters

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-template

Description: zone-template is a JSON Block. Please see below for manual-mode-list_zone-template

Type: Object

manual-mode-list_zone-template¶

Specification Value

Type object

dns

Description DDOS dns template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

encap

Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

http

Description DDOS http template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

quic

Description DDOS quic template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

sip

Description DDOS sip template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

ssl-l4

Description DDOS ssl-l4 template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

tcp

Description DDOS tcp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

udp

Description DDOS udp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

src-based-policy-list¶

Specification Value

Type list

Block object keys

policy-class-list-list

Type: List

Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/src-based-policy/{src-based-policy-name}/policy-class-list/{class-list-name}

src-based-policy-name

Description Specify name of the policy

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

user-tag

Description Customized tag

Type: string

Format: string-rlx

Maximum Length: 127 characters

Maximum Length: 1 characters

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

src-based-policy-list_policy-class-list-list¶

Specification Value

Type list

Block object keys

action

Description ‘bypass’: Always permit for the Source to bypass all feature & limit checks; ‘deny’: Blacklist incoming packets for service;

Type: string

Supported Values: bypass, deny

class-list-name

Description Class-list name

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

class-list-overflow-policy-list

Type: List

Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/src-based-policy/{src-based-policy-name}/policy-class-list/{class-list-name}/class-list-overflow-policy/{dummy-name}

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Reference Object: /axapi/v3/glid

glid-action

Description ‘drop’: Drop packets for glid exceed (Default); ‘blacklist-src’: Blacklist-src for glid exceed; ‘ignore’: Do nothing for glid exceed;

Type: string

Supported Values: drop, blacklist-src, ignore

max-dynamic-entry-count

Description Maximum count for dynamic source zone service entry allowed for this class-list

Type: number

Range: 0-2147483647

sampling-enable

Type: List

user-tag

Description Customized tag

Type: string

Format: string-rlx

Maximum Length: 127 characters

Maximum Length: 1 characters

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-template

Description: zone-template is a JSON Block. Please see below for src-based-policy-list_policy-class-list-list_zone-template

Type: Object

src-based-policy-list_policy-class-list-list_zone-template¶

Specification Value

Type object

dns

Description DDOS dns template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

encap

Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

http

Description DDOS http template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

logging

Description DDOS logging template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

quic

Description DDOS quic template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

sip

Description DDOS sip template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

ssl-l4

Description DDOS ssl-l4 template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

tcp

Description DDOS tcp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

udp

Description DDOS udp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

src-based-policy-list_policy-class-list-list_sampling-enable¶

Specification Value

Type list

Block object keys

counters1

Description ‘all’: all; ‘packet_received’: Packets Received; ‘packet_dropped’: Packets Dropped; ‘entry_learned’: Entry Learned; ‘entry_count_overflow’: Entry Count Overflow;

Type: string

Supported Values: all, packet_received, packet_dropped, entry_learned, entry_count_overflow

src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list¶

Specification Value

Type list

Block object keys

action

Description ‘bypass’: Always permit for the Source to bypass all feature & limit checks; ‘deny’: Blacklist incoming packets for service;

Type: string

Supported Values: bypass, deny

dummy-name

Description ‘configuration’: Configure overflow policy for class-list;

Type: string

Supported Values: configuration

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Reference Object: /axapi/v3/glid

log-enable

Description Enable logging

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

log-periodic

Description Enable log periodic

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

user-tag

Description Customized tag

Type: string

Format: string-rlx

Maximum Length: 127 characters

Maximum Length: 1 characters

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-template

Description: zone-template is a JSON Block. Please see below for src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list_zone-template

Type: Object

src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list_zone-template¶

Specification Value

Type object

dns

Description DDOS dns template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

encap

Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

http

Description DDOS http template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

logging

Description DDOS logging template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

quic

Description DDOS quic template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

sip

Description DDOS sip template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

ssl-l4

Description DDOS ssl-l4 template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

tcp

Description DDOS tcp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

udp

Description DDOS udp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

pattern-recognition-pu-details¶

Specification Value

Type object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

port-ind¶

Specification Value

Type object

sampling-enable

Type: List

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

port-ind_sampling-enable¶

Specification Value

Type list

Block object keys

counters1

Description ‘all’: all; ‘ip-proto-type’: IP Protocol Type; ‘ddet_ind_pkt_rate_current’: Pkt Rate Current; ‘ddet_ind_pkt_rate_min’: Pkt Rate Min; ‘ddet_ind_pkt_rate_max’: Pkt Rate Max; ‘ddet_ind_pkt_rate_adaptive_threshold’: Pkt Rate Adaptive Threshold; ‘ddet_ind_pkt_drop_rate_current’: Pkt Drop Rate Current; ‘ddet_ind_pkt_drop_rate_min’: Pkt Drop Rate Min; ‘ddet_ind_pkt_drop_rate_max’: Pkt Drop Rate Max; ‘ddet_ind_pkt_drop_rate_adaptive_threshold’: Pkt Drop Rate Adaptive Threshold; ‘ddet_ind_syn_rate_current’: TCP SYN Rate Current; ‘ddet_ind_syn_rate_min’: TCP SYN Rate Min; ‘ddet_ind_syn_rate_max’: TCP SYN Rate Max; ‘ddet_ind_syn_rate_adaptive_threshold’: TCP SYN Rate Adaptive Threshold; ‘ddet_ind_fin_rate_current’: TCP FIN Rate Current; ‘ddet_ind_fin_rate_min’: TCP FIN Rate Min; ‘ddet_ind_fin_rate_max’: TCP FIN Rate Max; ‘ddet_ind_fin_rate_adaptive_threshold’: TCP FIN Rate Adaptive Threshold; ‘ddet_ind_rst_rate_current’: TCP RST Rate Current; ‘ddet_ind_rst_rate_min’: TCP RST Rate Min; ‘ddet_ind_rst_rate_max’: TCP RST Rate Max; ‘ddet_ind_rst_rate_adaptive_threshold’: TCP RST Rate Adaptive Threshold; ‘ddet_ind_small_window_ack_rate_current’: TCP Small Window ACK Rate Current; ‘ddet_ind_small_window_ack_rate_min’: TCP Small Window ACK Rate Min; ‘ddet_ind_small_window_ack_rate_max’: TCP Small Window ACK Rate Max; ‘ddet_ind_small_window_ack_rate_adaptive_threshold’: TCP Small Window ACK Rate Adaptive Threshold; ‘ddet_ind_empty_ack_rate_current’: TCP Empty ACK Rate Current; ‘ddet_ind_empty_ack_rate_min’: TCP Empty ACK Rate Min; ‘ddet_ind_empty_ack_rate_max’: TCP Empty ACK Rate Max; ‘ddet_ind_empty_ack_rate_adaptive_threshold’: TCP Empty ACK Rate Adaptive Threshold; ‘ddet_ind_small_payload_rate_current’: TCP Small Payload Rate Current; ‘ddet_ind_small_payload_rate_min’: TCP Small Payload Rate Min; ‘ddet_ind_small_payload_rate_max’: TCP Small Payload Rate Max; ‘ddet_ind_small_payload_rate_adaptive_threshold’: TCP Small Payload Rate Adaptive Threshold; ‘ddet_ind_pkt_drop_ratio_current’: Pkt Drop / Pkt Rcvd Current; ‘ddet_ind_pkt_drop_ratio_min’: Pkt Drop / Pkt Rcvd Min; ‘ddet_ind_pkt_drop_ratio_max’: Pkt Drop / Pkt Rcvd Max; ‘ddet_ind_pkt_drop_ratio_adaptive_threshold’: Pkt Drop / Pkt Rcvd Adaptive Threshold; ‘ddet_ind_inb_per_outb_current’: Bytes-to / Bytes-from Current; ‘ddet_ind_inb_per_outb_min’: Bytes-to / Bytes-from Min; ‘ddet_ind_inb_per_outb_max’: Bytes-to / Bytes-from Max; ‘ddet_ind_inb_per_outb_adaptive_threshold’: Bytes-to / Bytes-from Adaptive Threshold; ‘ddet_ind_syn_per_fin_rate_current’: TCP SYN Rate / FIN Rate Current; ‘ddet_ind_syn_per_fin_rate_min’: TCP SYN Rate / FIN Rate Min; ‘ddet_ind_syn_per_fin_rate_max’: TCP SYN Rate / FIN Rate Max; ‘ddet_ind_syn_per_fin_rate_adaptive_threshold’: TCP SYN Rate / FIN Rate Adaptive Threshold; ‘ddet_ind_conn_miss_rate_current’: TCP Session Miss Rate Current; ‘ddet_ind_conn_miss_rate_min’: TCP Session Miss Rate Min; ‘ddet_ind_conn_miss_rate_max’: TCP Session Miss Rate Max; ‘ddet_ind_conn_miss_rate_adaptive_threshold’: TCP Session Miss Rate Adaptive Threshold; ‘ddet_ind_concurrent_conns_current’: TCP/UDP Concurrent Sessions Current; ‘ddet_ind_concurrent_conns_min’: TCP/UDP Concurrent Sessions Min; ‘ddet_ind_concurrent_conns_max’: TCP/UDP Concurrent Sessions Max; ‘ddet_ind_concurrent_conns_adaptive_threshold’: TCP/UDP Concurrent Sessions Adaptive Threshold; ‘ddet_ind_data_cpu_util_current’: Data CPU Utilization Current; ‘ddet_ind_data_cpu_util_min’: Data CPU Utilization Min; ‘ddet_ind_data_cpu_util_max’: Data CPU Utilization Max; ‘ddet_ind_data_cpu_util_adaptive_threshold’: Data CPU Utilization Adaptive Threshold; ‘ddet_ind_outside_intf_util_current’: Outside Interface Utilization Current; ‘ddet_ind_outside_intf_util_min’: Outside Interface Utilization Min; ‘ddet_ind_outside_intf_util_max’: Outside Interface Utilization Max; ‘ddet_ind_outside_intf_util_adaptive_threshold’: Outside Interface Utilization Adaptive Threshold; ‘ddet_ind_frag_rate_current’: Frag Pkt Rate Current; ‘ddet_ind_frag_rate_min’: Frag Pkt Rate Min; ‘ddet_ind_frag_rate_max’: Frag Pkt Rate Max; ‘ddet_ind_frag_rate_adaptive_threshold’: Frag Pkt Rate Adaptive Threshold; ‘ddet_ind_bit_rate_current’: Bit Rate Current; ‘ddet_ind_bit_rate_min’: Bit Rate Min; ‘ddet_ind_bit_rate_max’: Bit Rate Max; ‘ddet_ind_bit_rate_adaptive_threshold’: Bit Rate Adaptive Threshold;

Type: string

Supported Values: all, ip-proto-type, ddet_ind_pkt_rate_current, ddet_ind_pkt_rate_min, ddet_ind_pkt_rate_max, ddet_ind_pkt_rate_adaptive_threshold, ddet_ind_pkt_drop_rate_current, ddet_ind_pkt_drop_rate_min, ddet_ind_pkt_drop_rate_max, ddet_ind_pkt_drop_rate_adaptive_threshold, ddet_ind_syn_rate_current, ddet_ind_syn_rate_min, ddet_ind_syn_rate_max, ddet_ind_syn_rate_adaptive_threshold, ddet_ind_fin_rate_current, ddet_ind_fin_rate_min, ddet_ind_fin_rate_max, ddet_ind_fin_rate_adaptive_threshold, ddet_ind_rst_rate_current, ddet_ind_rst_rate_min, ddet_ind_rst_rate_max, ddet_ind_rst_rate_adaptive_threshold, ddet_ind_small_window_ack_rate_current, ddet_ind_small_window_ack_rate_min, ddet_ind_small_window_ack_rate_max, ddet_ind_small_window_ack_rate_adaptive_threshold, ddet_ind_empty_ack_rate_current, ddet_ind_empty_ack_rate_min, ddet_ind_empty_ack_rate_max, ddet_ind_empty_ack_rate_adaptive_threshold, ddet_ind_small_payload_rate_current, ddet_ind_small_payload_rate_min, ddet_ind_small_payload_rate_max, ddet_ind_small_payload_rate_adaptive_threshold, ddet_ind_pkt_drop_ratio_current, ddet_ind_pkt_drop_ratio_min, ddet_ind_pkt_drop_ratio_max, ddet_ind_pkt_drop_ratio_adaptive_threshold, ddet_ind_inb_per_outb_current, ddet_ind_inb_per_outb_min, ddet_ind_inb_per_outb_max, ddet_ind_inb_per_outb_adaptive_threshold, ddet_ind_syn_per_fin_rate_current, ddet_ind_syn_per_fin_rate_min, ddet_ind_syn_per_fin_rate_max, ddet_ind_syn_per_fin_rate_adaptive_threshold, ddet_ind_conn_miss_rate_current, ddet_ind_conn_miss_rate_min, ddet_ind_conn_miss_rate_max, ddet_ind_conn_miss_rate_adaptive_threshold, ddet_ind_concurrent_conns_current, ddet_ind_concurrent_conns_min, ddet_ind_concurrent_conns_max, ddet_ind_concurrent_conns_adaptive_threshold, ddet_ind_data_cpu_util_current, ddet_ind_data_cpu_util_min, ddet_ind_data_cpu_util_max, ddet_ind_data_cpu_util_adaptive_threshold, ddet_ind_outside_intf_util_current, ddet_ind_outside_intf_util_min, ddet_ind_outside_intf_util_max, ddet_ind_outside_intf_util_adaptive_threshold, ddet_ind_frag_rate_current, ddet_ind_frag_rate_min, ddet_ind_frag_rate_max, ddet_ind_frag_rate_adaptive_threshold, ddet_ind_bit_rate_current, ddet_ind_bit_rate_min, ddet_ind_bit_rate_max, ddet_ind_bit_rate_adaptive_threshold

sflow-tcp¶

Specification Value

Type object

sflow-tcp-basic

Description Enable sFlow basic TCP counter polling

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: sflow-tcp-basic and sflow-common are mutually exclusive

sflow-tcp-stateful

Description Enable sFlow stateful TCP counter polling

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: sflow-tcp-stateful and sflow-common are mutually exclusive

topk-sources¶

Specification Value

Type object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

ip-filtering-policy-oper¶

Specification Value

Type object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

dynamic-entry-overflow-policy-list¶

Specification Value

Type list

Block object keys

action

Description ‘bypass’: Always permit for the Source to bypass all feature & limit checks; ‘deny’: Blacklist incoming packets for service;

Type: string

Supported Values: bypass, deny

dummy-name

Description ‘configuration’: Configure overflow policy;

Type: string

Supported Values: configuration

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Reference Object: /axapi/v3/glid

log-enable

Description Enable logging

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

log-periodic

Description Enable log periodic

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

user-tag

Description Customized tag

Type: string

Format: string-rlx

Maximum Length: 127 characters

Maximum Length: 1 characters

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-template

Description: zone-template is a JSON Block. Please see below for dynamic-entry-overflow-policy-list_zone-template

Type: Object

dynamic-entry-overflow-policy-list_zone-template¶

Specification Value

Type object

dns

Description DDOS dns template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

encap

Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

http

Description DDOS http template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

logging

Description DDOS logging template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

quic

Description DDOS quic template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

sip

Description DDOS sip template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

ssl-l4

Description DDOS ssl-l4 template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

tcp

Description DDOS tcp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

udp

Description DDOS udp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

topk-destinations¶

Specification Value

Type object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters