ddos dst zone port zone-service¶
DDOS Port & Protocol configuration
zone-service Specification¶
Parameter Value Type Collection Object Key(s) port-num, protocol Collection Name zone-service-list Collection URI /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service Element Name zone-service Element URI /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol} Element Attributes zone-service_attributes Partition Visibility shared Statistics Data URI /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/stats Operational Data URI /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/oper Schema zone-service schemaOperations Allowed:
| Operation | Method | URI | Payload | |
|---|---|---|---|---|
Create Object | POST | /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service | ||
Create List | POST | /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service | ||
Get Object | GET | /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol} | ||
Get List | GET | /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service | ||
Modify Object | POST | /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol} | ||
Replace Object | PUT | /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol} | ||
Replace List | PUT | /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service | ||
Delete Object | DELETE | /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol} |
zone-service-list¶
zone-service-list is JSON List of zone-service attributes
zone-service-list : [
]
zone-service attributes¶
age
Description Idle age for ip entry
Type: number
Range: 2-1023
Default: 5
apply-policy-on-overflow
Description Enable this flag to apply overflow policy when dynamic entry count overflows
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
capture-config
Description: capture-config is a JSON Block. Please see below for capture-config
Type: Object
default-action-list
Description Configure default-action-list
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/action-list
deny
Description Blacklist and Drop all incoming packets for protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dynamic-entry-count-warn-threshold
Description Set threshold percentage of “max-src-dst-entry” for generating warning logs. Including start and end.
Type: number
Range: 1-100
dynamic-entry-overflow-policy-list
enable-class-list-overflow
Description Apply class-list overflow policy upon exceeding dynamic entry count specified for zone-port or class-list
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
enable-top-k
Description Enable ddos top-k source IP detection
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
enable-top-k-destination
Description Enable ddos top-k destination IP detection
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
faster-de-escalation
Description De-escalate faster in standalone mode
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid-cfg
Description: glid-cfg is a JSON Block. Please see below for glid-cfg
Type: Object
ip-filtering-policy
Description Configure IP Filter
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/ip-filtering-policy
ip-filtering-policy-statistics
Description: ip-filtering-policy-statistics is a JSON Block. Please see below for ip-filtering-policy-statistics
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/ip-filtering-policy-statistics
level-list
Type: List
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/level/{level-num}
manual-mode-enable
Description Toggle manual mode to use fix templates
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
manual-mode-list
Type: List
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/manual-mode/{config}
max-dynamic-entry-count
Description Maximum count for dynamic source zone service entry
Type: number
Range: 0-2147483647
outbound-only
Description Only allow outbound traffic
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
pattern-recognition
Description: pattern-recognition is a JSON Block. Please see below for pattern-recognition
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/pattern-recognition
pattern-recognition-pu-details
Description: pattern-recognition-pu-details is a JSON Block. Please see below for pattern-recognition-pu-details
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/pattern-recognition-pu-details
port-ind
Description: port-ind is a JSON Block. Please see below for port-ind
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/port-ind
port-num
Description Port Number
Type: number
Range: 1-65535
progression-tracking
Description: progression-tracking is a JSON Block. Please see below for progression-tracking
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/progression-tracking
protocol
Description ‘dns-tcp’: DNS-TCP Port; ‘dns-udp’: DNS-UDP Port; ‘http’: HTTP Port; ‘tcp’: TCP Port; ‘udp’: UDP Port; ‘ssl-l4’: SSL-L4 Port; ‘sip-udp’: SIP-UDP Port; ‘sip-tcp’: SIP-TCP Port; ‘quic’: QUIC Port;
Type: string
Supported Values: dns-tcp, dns-udp, http, tcp, udp, ssl-l4, sip-udp, sip-tcp, quic
same-source-dest-port-drop
Description Drop packet with same Source Port and Dest Port
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
set-counter-base-val
Description Set T2 counter value of current context to specified value
Type: number
Range: 1-4294967295
sflow-common
Description Enable all sFlow polling options under this zone port
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: sflow-common,sflow-packets, sflow-ip-filtering-policy, sflow-tcp-basic, sflow-tcp-stateful, and sflow-http are mutually exclusive
sflow-http
Description Enable sFlow HTTP counter polling
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: sflow-http and sflow-common are mutually exclusive
sflow-ip-filtering-policy
Description Enable sFlow IP filtering policy per port per rule counter polling
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: sflow-ip-filtering-policy and sflow-common are mutually exclusive
sflow-packets
Description Enable sFlow packet-level counter polling
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: sflow-packets and sflow-common are mutually exclusive
sflow-tcp
Description: sflow-tcp is a JSON Block. Please see below for sflow-tcp
Type: Object
src-based-policy-list
Type: List
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/src-based-policy/{src-based-policy-name}
stateful
Description Enable stateful tracking of sessions (Default is stateless)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
topk-destinations
Description: topk-destinations is a JSON Block. Please see below for topk-destinations
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/topk-destinations
topk-dst-num-records
Description Maximum number of records to show in topk
Type: number
Range: 1-100
Default: 20
topk-dst-sort-key
Description ‘avg’: window average; ‘max-peak’: max peak;
Type: string
Supported Values: avg, max-peak
Default: avg
topk-num-records
Description Maximum number of records to show in topk
Type: number
Range: 1-100
Default: 20
topk-sort-key
Description ‘avg’: window average; ‘max-peak’: max peak;
Type: string
Supported Values: avg, max-peak
Default: avg
topk-sources
Description: topk-sources is a JSON Block. Please see below for topk-sources
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/topk-sources
unlimited-dynamic-entry-count
Description No limit for maximum dynamic src entry count
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
virtualhosts
Description: virtualhosts is a JSON Block. Please see below for virtualhosts
Type: Object
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/virtualhosts
pattern-recognition¶
Specification Value Type object algorithm
Description ‘heuristic’: heuristic algorithm;
Type: string
Supported Values: heuristic
app-payload-offset
Description Set offset of the payload
Type: number
Range: 0-1500
Default: 0
capture-traffic
Description ‘all’: Capture all packets; ‘dropped’: Capture dropped packets (default);
Type: string
Supported Values: all, dropped
filter-inactive-threshold
Description Extracted filter inactive threshold
Type: number
Range: 5-255
filter-threshold
Description Extracted filter threshold
Type: number
Range: 0-100
mode
Description ‘capture-never-expire’: War-time capture without rate exceeding and never expires; ‘manual’: Manual mode;
Type: string
Supported Values: capture-never-expire, manual
sensitivity
Description ‘high’: High Sensitivity; ‘medium’: Medium Sensitivity; ‘low’: Low Sensitivity;
Type: string
Supported Values: high, medium, low
triggered-by
Description ‘zone-escalation’: Zone escalation trigger pattern recognition; ‘packet-rate-exceeds’: Packet rate limit exceeds trigger pattern recognition (default);
Type: string
Supported Values: zone-escalation, packet-rate-exceeds
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
progression-tracking¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dynamic-entry-overflow-policy-list¶
Specification Value Type list Block object keys action
Description ‘bypass’: Always permit for the Source to bypass all feature & limit checks; ‘deny’: Blacklist incoming packets for service;
Type: string
Supported Values: bypass, deny
dummy-name
Description ‘configuration’: Configure overflow policy;
Type: string
Supported Values: configuration
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
log-enable
Description Enable logging
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
log-periodic
Description Enable log periodic
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template
Description: zone-template is a JSON Block. Please see below for dynamic-entry-overflow-policy-list_zone-template
Type: Object
dynamic-entry-overflow-policy-list_zone-template¶
Specification Value Type object dns
Description DDOS dns template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
encap
Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
http
Description DDOS http template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
logging
Description DDOS logging template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
quic
Description DDOS quic template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
sip
Description DDOS sip template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
ssl-l4
Description DDOS ssl-l4 template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
tcp
Description DDOS tcp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
udp
Description DDOS udp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
glid-cfg¶
Specification Value Type object action-list
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: action-list and glid-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
glid
Description Global limit ID for the whole zone
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
glid-action
Description ‘drop’: Drop packets for glid exceed (Default if default-action-list is not configured); ‘ignore’: Do nothing for glid exceed;
Type: string
Supported Values: drop, ignore
Mutual Exclusion: glid-action and action-list are mutually exclusive
per-addr-glid
Description Global limit ID per address
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
level-list¶
Specification Value Type list Block object keys apply-extracted-filters
Description Apply extracted filters from this level
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
clear-sources-upon-deescalation
Description Clear sources upon de-escalation from level 1 to 0 or manual to 0
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
close-sessions-for-all-sources
Description Close session for all sources
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
close-sessions-for-unauth-sources
Description Close session for unauthenticated sources
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid-action
Description ‘drop’: Drop packets for glid exceed (Default); ‘blacklist-src’: Blacklist-src for glid exceed; ‘ignore’: Do nothing for glid exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
indicator-list
Type: List
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/level/{level-num}/indicator/{type}
level-num
Description ‘0’: Default policy level; ‘1’: Policy level 1; ‘2’: Policy level 2; ‘3’: Policy level 3; ‘4’: Policy level 4;
Type: string
Supported Values: 0, 1, 2, 3, 4
src-default-glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
src-escalation-score
Description Source activation score of this level
Type: number
Range: 1-1000000
src-violation-actions
Description Violation actions apply due to source escalate from this level
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/violation-actions
start-pattern-recognition
Description Start pattern recognition from this level
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
start-signature-extraction
Description Start signature extraction from this level
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-escalation-score
Description Zone activation score of this level
Type: number
Range: 1-1000000
zone-template
Description: zone-template is a JSON Block. Please see below for level-list_zone-template
Type: Object
zone-violation-actions
Description Violation actions apply due to zone escalate from this level
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/violation-actions
level-list_zone-template¶
Specification Value Type object dns
Description DDOS dns template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
encap
Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
http
Description DDOS http template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
quic
Description DDOS quic template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
sip
Description DDOS sip template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
ssl-l4
Description DDOS ssl-l4 template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
tcp
Description DDOS tcp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
udp
Description DDOS udp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
level-list_indicator-list¶
Specification Value Type list Block object keys data-packet-size
Description Expected minimal data size
Type: number
Range: 1-1500
score
Description Score corresponding to the indicator
Type: number
Range: 1-1000000
src-threshold-large-num
Description Indicator per-src threshold
Type: number
Range: 1-10995116277760
src-threshold-num
Description Indicator per-src threshold
Type: number
Range: 1-2147483647
src-threshold-str
Description Indicator per-src threshold (Non-zero floating point)
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
src-violation-actions
Description Violation actions to use when this src indicator threshold reaches
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/violation-actions
tcp-window-size
Description Expected minimal window size
Type: number
Range: 1-500
type
Description ‘pkt-rate’: rate of incoming packets; ‘pkt-drop-rate’: rate of packets got dropped; ‘bit-rate’: rate of incoming bits; ‘pkt-drop-ratio’: ratio of incoming packet rate divided by the rate of dropping packets; ‘bytes-to-bytes-from-ratio’: ratio of incoming packet rate divided by the rate of outgoing packets; ‘concurrent-conns’: number of concurrent connections; ‘conn-miss-rate’: rate of incoming packets for which no previously established connection exists; ‘syn-rate’: rate on incoming SYN packets; ‘fin-rate’: rate on incoming FIN packets; ‘rst-rate’: rate of incoming RST packets; ‘small-window-ack-rate’: rate of small window advertisement; ‘empty-ack-rate’: rate of incoming packets which have no payload; ‘small-payload-rate’: rate of short payload packet; ‘syn-fin-ratio’: ratio of incoming SYN packet rate divided by the rate of incoming FIN packets; ‘cpu-utilization’: average data CPU utilization; ‘interface-utilization’: outside interface utilization;
Type: string
Supported Values: pkt-rate, pkt-drop-rate, bit-rate, pkt-drop-ratio, bytes-to-bytes-from-ratio, concurrent-conns, conn-miss-rate, syn-rate, fin-rate, rst-rate, syn-ack-rate, small-window-ack-rate, empty-ack-rate, small-payload-rate, syn-fin-ratio, cpu-utilization, interface-utilization, learnt-sources
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-threshold-large-num
Description Threshold for the entire zone
Type: number
Range: 1-10995116277760
zone-threshold-num
Description Threshold for the entire zone
Type: number
Range: 1-2147483647
zone-threshold-str
Description Threshold for the entire zone (Non-zero floating point)
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
zone-violation-actions
Description Violation actions to use when this zone indicator threshold reaches
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/ddos/violation-actions
virtualhosts¶
Specification Value Type object source-tracking-all
Description enable creation of source entries for all virtualhosts
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
vhosts-config
Description ‘configuration’: configure virtualhost based mitigation for ssl services;
Type: string
Supported Values: configuration
virtualhost-list
Type: List
Reference Object: /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/virtualhosts/virtualhost/{vhost}
virtualhosts_virtualhost-list¶
Specification Value Type list Block object keys deny
Description Blacklist and Drop all incoming packets for protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid-cfg
Description: glid-cfg is a JSON Block. Please see below for virtualhosts_virtualhost-list_glid-cfg
Type: Object
level-list
servername
Type: Listservername-list
Description Class List to match servername (AC type Class List Name)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
servername-match-any
Description Match any SNI extension
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
servername-no-sni
Description Match when there is no SNI extension found
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
source-tracking
Description ‘follow’: enable creation of source entries when source-tracking-all is enabled (default); ‘enable’: enable creation of source entries on this virtualhost; ‘disable’: disable creation of source entries on this virtualhost;
Type: string
Supported Values: follow, enable, disable
Default: follow
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
vhost
Description name for virtualhost
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
virtualhosts_virtualhost-list_servername¶
Specification Value Type list Block object keys host-match-string
Description SNI String
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
match-type
Description ‘contains’: match servername extension when contains this string; ‘ends-with’: match servername extension when ends with this string; ‘equals’: match servername extension when equals this string; ‘starts-with’: match servername extension when starts with this string;
Type: string
Supported Values: contains, ends-with, equals, starts-with
virtualhosts_virtualhost-list_glid-cfg¶
Specification Value Type object glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
glid-action
Description ‘drop’: Drop packets for glid exceed; ‘ignore’: Do nothing for glid exceed;
Type: string
Supported Values: drop, ignore
virtualhosts_virtualhost-list_level-list¶
Specification Value Type list Block object keys glid-action
Description ‘drop’: Drop packets for glid exceed (Default); ‘blacklist-src’: Blacklist-src for glid exceed; ‘ignore’: Do nothing for glid exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
level-num
Description ‘0’: Default policy level;
Type: string
Supported Values: 0
src-default-glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template
Description: zone-template is a JSON Block. Please see below for virtualhosts_virtualhost-list_level-list_zone-template
Type: Object
virtualhosts_virtualhost-list_level-list_zone-template¶
Specification Value Type object ssl-l4
Description DDOS ssl-l4 template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
tcp
Description DDOS tcp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
manual-mode-list¶
Specification Value Type list Block object keys close-sessions-for-all-sources
Description Close session for all sources
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
close-sessions-for-unauth-sources
Description Close session for unauthenticated sources
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
config
Description ‘configuration’: Manual-mode configuration;
Type: string
Supported Values: configuration
glid-action
Description ‘drop’: Drop packets for glid exceed (Default); ‘blacklist-src’: Blacklist-src for glid exceed; ‘ignore’: Do nothing for glid exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
src-default-glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template
Description: zone-template is a JSON Block. Please see below for manual-mode-list_zone-template
Type: Object
manual-mode-list_zone-template¶
Specification Value Type object dns
Description DDOS dns template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
encap
Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
http
Description DDOS http template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
quic
Description DDOS quic template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
sip
Description DDOS sip template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
ssl-l4
Description DDOS ssl-l4 template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
tcp
Description DDOS tcp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
udp
Description DDOS udp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
src-based-policy-list¶
Specification Value Type list Block object keys policy-class-list-list
src-based-policy-name
Description Specify name of the policy
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
src-based-policy-list_policy-class-list-list¶
Specification Value Type list Block object keys action
Description ‘bypass’: Always permit for the Source to bypass all feature & limit checks; ‘deny’: Blacklist incoming packets for service;
Type: string
Supported Values: bypass, deny
class-list-glid
Description Global limit ID (class-list based)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: class-list-glid,glid, quic, dns, http, ssl-l4, sip, tcp, and udp are mutually exclusive
Reference Object: /axapi/v3/glid
class-list-name
Description Class-list name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
class-list-overflow-policy-list
dynamic-entry-count-warn-threshold
Description Set threshold percentage of “max-src-dst-entry” for generating warning logs. Including start and end.
Type: number
Range: 1-100
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: glid and class-list-glid are mutually exclusive
Reference Object: /axapi/v3/glid
glid-action
Description ‘drop’: Drop packets for glid exceed (Default); ‘blacklist-src’: Blacklist-src for glid exceed; ‘ignore’: Do nothing for glid exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
log-enable
Description Enable logging
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
log-periodic
Description Enable log periodic
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
max-dynamic-entry-count
Description Maximum count for dynamic source zone service entry allowed for this class-list
Type: number
Range: 0-2147483647
sampling-enable
Type: Listuser-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template
Description: zone-template is a JSON Block. Please see below for src-based-policy-list_policy-class-list-list_zone-template
Type: Object
src-based-policy-list_policy-class-list-list_sampling-enable¶
Specification Value Type list Block object keys counters1
Description ‘all’: all; ‘packet_received’: Packets Received; ‘packet_dropped’: Packets Dropped; ‘entry_learned’: Entry Learned; ‘entry_count_overflow’: Entry Count Overflow;
Type: string
Supported Values: all, packet_received, packet_dropped, entry_learned, entry_count_overflow, exceed_drop_pkt_rate_clist, exceed_drop_conn_rate_clist, exceed_drop_conn_limit_clist, exceed_drop_kbit_rate_clist, exceed_drop_kbit_rate_clist_pkt, exceed_drop_frag_rate_clist
src-based-policy-list_policy-class-list-list_zone-template¶
Specification Value Type object dns
Description DDOS dns template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: dns and class-list-glid are mutually exclusive
encap
Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
http
Description DDOS http template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: http and class-list-glid are mutually exclusive
logging
Description DDOS logging template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
quic
Description DDOS quic template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: quic and class-list-glid are mutually exclusive
sip
Description DDOS sip template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: sip and class-list-glid are mutually exclusive
ssl-l4
Description DDOS ssl-l4 template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: ssl-l4 and class-list-glid are mutually exclusive
tcp
Description DDOS tcp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: tcp and class-list-glid are mutually exclusive
udp
Description DDOS udp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: udp and class-list-glid are mutually exclusive
src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list¶
Specification Value Type list Block object keys action
Description ‘bypass’: Always permit for the Source to bypass all feature & limit checks; ‘deny’: Blacklist incoming packets for service;
Type: string
Supported Values: bypass, deny
dummy-name
Description ‘configuration’: Configure overflow policy for class-list;
Type: string
Supported Values: configuration
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
log-enable
Description Enable logging
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
log-periodic
Description Enable log periodic
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template
Description: zone-template is a JSON Block. Please see below for src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list_zone-template
Type: Object
src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list_zone-template¶
Specification Value Type object dns
Description DDOS dns template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
encap
Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
http
Description DDOS http template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
logging
Description DDOS logging template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
quic
Description DDOS quic template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
sip
Description DDOS sip template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
ssl-l4
Description DDOS ssl-l4 template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
tcp
Description DDOS tcp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
udp
Description DDOS udp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
pattern-recognition-pu-details¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
port-ind¶
Specification Value Type object sampling-enable
Type: Listuuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
port-ind_sampling-enable¶
Specification Value Type list Block object keys counters1
Description ‘all’: all; ‘ip-proto-type’: IP Protocol Type; ‘ddet_ind_pkt_rate_current’: Pkt Rate Current; ‘ddet_ind_pkt_rate_min’: Pkt Rate Min; ‘ddet_ind_pkt_rate_max’: Pkt Rate Max; ‘ddet_ind_pkt_rate_adaptive_threshold’: Pkt Rate Adaptive Threshold; ‘ddet_ind_pkt_drop_rate_current’: Pkt Drop Rate Current; ‘ddet_ind_pkt_drop_rate_min’: Pkt Drop Rate Min; ‘ddet_ind_pkt_drop_rate_max’: Pkt Drop Rate Max; ‘ddet_ind_pkt_drop_rate_adaptive_threshold’: Pkt Drop Rate Adaptive Threshold; ‘ddet_ind_syn_rate_current’: TCP SYN Rate Current; ‘ddet_ind_syn_rate_min’: TCP SYN Rate Min; ‘ddet_ind_syn_rate_max’: TCP SYN Rate Max; ‘ddet_ind_syn_rate_adaptive_threshold’: TCP SYN Rate Adaptive Threshold; ‘ddet_ind_fin_rate_current’: TCP FIN Rate Current; ‘ddet_ind_fin_rate_min’: TCP FIN Rate Min; ‘ddet_ind_fin_rate_max’: TCP FIN Rate Max; ‘ddet_ind_fin_rate_adaptive_threshold’: TCP FIN Rate Adaptive Threshold; ‘ddet_ind_rst_rate_current’: TCP RST Rate Current; ‘ddet_ind_rst_rate_min’: TCP RST Rate Min; ‘ddet_ind_rst_rate_max’: TCP RST Rate Max; ‘ddet_ind_rst_rate_adaptive_threshold’: TCP RST Rate Adaptive Threshold; ‘ddet_ind_small_window_ack_rate_current’: TCP Small Window ACK Rate Current; ‘ddet_ind_small_window_ack_rate_min’: TCP Small Window ACK Rate Min; ‘ddet_ind_small_window_ack_rate_max’: TCP Small Window ACK Rate Max; ‘ddet_ind_small_window_ack_rate_adaptive_threshold’: TCP Small Window ACK Rate Adaptive Threshold; ‘ddet_ind_empty_ack_rate_current’: TCP Empty ACK Rate Current; ‘ddet_ind_empty_ack_rate_min’: TCP Empty ACK Rate Min; ‘ddet_ind_empty_ack_rate_max’: TCP Empty ACK Rate Max; ‘ddet_ind_empty_ack_rate_adaptive_threshold’: TCP Empty ACK Rate Adaptive Threshold; ‘ddet_ind_small_payload_rate_current’: TCP Small Payload Rate Current; ‘ddet_ind_small_payload_rate_min’: TCP Small Payload Rate Min; ‘ddet_ind_small_payload_rate_max’: TCP Small Payload Rate Max; ‘ddet_ind_small_payload_rate_adaptive_threshold’: TCP Small Payload Rate Adaptive Threshold; ‘ddet_ind_pkt_drop_ratio_current’: Pkt Drop / Pkt Rcvd Current; ‘ddet_ind_pkt_drop_ratio_min’: Pkt Drop / Pkt Rcvd Min; ‘ddet_ind_pkt_drop_ratio_max’: Pkt Drop / Pkt Rcvd Max; ‘ddet_ind_pkt_drop_ratio_adaptive_threshold’: Pkt Drop / Pkt Rcvd Adaptive Threshold; ‘ddet_ind_inb_per_outb_current’: Bytes-to / Bytes-from Current; ‘ddet_ind_inb_per_outb_min’: Bytes-to / Bytes-from Min; ‘ddet_ind_inb_per_outb_max’: Bytes-to / Bytes-from Max; ‘ddet_ind_inb_per_outb_adaptive_threshold’: Bytes-to / Bytes-from Adaptive Threshold; ‘ddet_ind_syn_per_fin_rate_current’: TCP SYN Rate / FIN Rate Current; ‘ddet_ind_syn_per_fin_rate_min’: TCP SYN Rate / FIN Rate Min; ‘ddet_ind_syn_per_fin_rate_max’: TCP SYN Rate / FIN Rate Max; ‘ddet_ind_syn_per_fin_rate_adaptive_threshold’: TCP SYN Rate / FIN Rate Adaptive Threshold; ‘ddet_ind_conn_miss_rate_current’: TCP Session Miss Rate Current; ‘ddet_ind_conn_miss_rate_min’: TCP Session Miss Rate Min; ‘ddet_ind_conn_miss_rate_max’: TCP Session Miss Rate Max; ‘ddet_ind_conn_miss_rate_adaptive_threshold’: TCP Session Miss Rate Adaptive Threshold; ‘ddet_ind_concurrent_conns_current’: TCP/UDP Concurrent Sessions Current; ‘ddet_ind_concurrent_conns_min’: TCP/UDP Concurrent Sessions Min; ‘ddet_ind_concurrent_conns_max’: TCP/UDP Concurrent Sessions Max; ‘ddet_ind_concurrent_conns_adaptive_threshold’: TCP/UDP Concurrent Sessions Adaptive Threshold; ‘ddet_ind_data_cpu_util_current’: Data CPU Utilization Current; ‘ddet_ind_data_cpu_util_min’: Data CPU Utilization Min; ‘ddet_ind_data_cpu_util_max’: Data CPU Utilization Max; ‘ddet_ind_data_cpu_util_adaptive_threshold’: Data CPU Utilization Adaptive Threshold; ‘ddet_ind_outside_intf_util_current’: Outside Interface Utilization Current; ‘ddet_ind_outside_intf_util_min’: Outside Interface Utilization Min; ‘ddet_ind_outside_intf_util_max’: Outside Interface Utilization Max; ‘ddet_ind_outside_intf_util_adaptive_threshold’: Outside Interface Utilization Adaptive Threshold; ‘ddet_ind_frag_rate_current’: Frag Pkt Rate Current; ‘ddet_ind_frag_rate_min’: Frag Pkt Rate Min; ‘ddet_ind_frag_rate_max’: Frag Pkt Rate Max; ‘ddet_ind_frag_rate_adaptive_threshold’: Frag Pkt Rate Adaptive Threshold; ‘ddet_ind_bit_rate_current’: Bit Rate Current; ‘ddet_ind_bit_rate_min’: Bit Rate Min; ‘ddet_ind_bit_rate_max’: Bit Rate Max; ‘ddet_ind_bit_rate_adaptive_threshold’: Bit Rate Adaptive Threshold;
Type: string
Supported Values: all, ip-proto-type, ddet_ind_pkt_rate_current, ddet_ind_pkt_rate_min, ddet_ind_pkt_rate_max, ddet_ind_pkt_rate_adaptive_threshold, ddet_ind_pkt_drop_rate_current, ddet_ind_pkt_drop_rate_min, ddet_ind_pkt_drop_rate_max, ddet_ind_pkt_drop_rate_adaptive_threshold, ddet_ind_syn_rate_current, ddet_ind_syn_rate_min, ddet_ind_syn_rate_max, ddet_ind_syn_rate_adaptive_threshold, ddet_ind_fin_rate_current, ddet_ind_fin_rate_min, ddet_ind_fin_rate_max, ddet_ind_fin_rate_adaptive_threshold, ddet_ind_rst_rate_current, ddet_ind_rst_rate_min, ddet_ind_rst_rate_max, ddet_ind_rst_rate_adaptive_threshold, ddet_ind_small_window_ack_rate_current, ddet_ind_small_window_ack_rate_min, ddet_ind_small_window_ack_rate_max, ddet_ind_small_window_ack_rate_adaptive_threshold, ddet_ind_empty_ack_rate_current, ddet_ind_empty_ack_rate_min, ddet_ind_empty_ack_rate_max, ddet_ind_empty_ack_rate_adaptive_threshold, ddet_ind_small_payload_rate_current, ddet_ind_small_payload_rate_min, ddet_ind_small_payload_rate_max, ddet_ind_small_payload_rate_adaptive_threshold, ddet_ind_pkt_drop_ratio_current, ddet_ind_pkt_drop_ratio_min, ddet_ind_pkt_drop_ratio_max, ddet_ind_pkt_drop_ratio_adaptive_threshold, ddet_ind_inb_per_outb_current, ddet_ind_inb_per_outb_min, ddet_ind_inb_per_outb_max, ddet_ind_inb_per_outb_adaptive_threshold, ddet_ind_syn_per_fin_rate_current, ddet_ind_syn_per_fin_rate_min, ddet_ind_syn_per_fin_rate_max, ddet_ind_syn_per_fin_rate_adaptive_threshold, ddet_ind_conn_miss_rate_current, ddet_ind_conn_miss_rate_min, ddet_ind_conn_miss_rate_max, ddet_ind_conn_miss_rate_adaptive_threshold, ddet_ind_concurrent_conns_current, ddet_ind_concurrent_conns_min, ddet_ind_concurrent_conns_max, ddet_ind_concurrent_conns_adaptive_threshold, ddet_ind_data_cpu_util_current, ddet_ind_data_cpu_util_min, ddet_ind_data_cpu_util_max, ddet_ind_data_cpu_util_adaptive_threshold, ddet_ind_outside_intf_util_current, ddet_ind_outside_intf_util_min, ddet_ind_outside_intf_util_max, ddet_ind_outside_intf_util_adaptive_threshold, ddet_ind_frag_rate_current, ddet_ind_frag_rate_min, ddet_ind_frag_rate_max, ddet_ind_frag_rate_adaptive_threshold, ddet_ind_bit_rate_current, ddet_ind_bit_rate_min, ddet_ind_bit_rate_max, ddet_ind_bit_rate_adaptive_threshold, ddet_ind_total_szp_current, ddet_ind_total_szp_min, ddet_ind_total_szp_max, ddet_ind_total_szp_adaptive_threshold, ddet_ind_syn_ack_rate_current, ddet_ind_syn_ack_rate_min, ddet_ind_syn_ack_rate_max, ddet_ind_syn_ack_rate_adaptive_threshold
sflow-tcp¶
Specification Value Type object sflow-tcp-basic
Description Enable sFlow basic TCP counter polling
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: sflow-tcp-basic and sflow-common are mutually exclusive
sflow-tcp-stateful
Description Enable sFlow stateful TCP counter polling
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: sflow-tcp-stateful and sflow-common are mutually exclusive
topk-sources¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
capture-config¶
Specification Value Type object capture-config-mode
Description ‘drop’: Apply capture-config to dropped packets; ‘forward’: Apply capture-config to forwarded packets; ‘all’: Apply capture-config to both dropped and forwarded packets;
Type: string
Supported Values: drop, forward, all
capture-config-name
Description Capture-config name
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
topk-destinations¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
ip-filtering-policy-statistics¶
Specification Value Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters