{ "id":"/axapi/v3/ddos/dst/entry/{dst-entry-name}", "type":"object", "node-type":"list", "title":"entry", "description":"Configure IP/IPv6 static entry", "properties":{ "dst-entry-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "optional":false }, "ipv6-addr":{ "type":"string", "format":"ipv6-address", "modify-not-allowed":1, "optional":true }, "ip-addr":{ "type":"string", "format":"ipv4-address", "modify-not-allowed":1, "optional":true }, "subnet-ip-addr":{ "type":"string", "format":"ipv4-cidr", "modify-not-allowed":1, "description":"IP Subnet", "optional":true }, "subnet-ipv6-addr":{ "type":"string", "format":"ipv6-address-plen", "modify-not-allowed":1, "description":"IPV6 Subnet", "optional":true }, "description":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "description":"Description for this Destination Entry", "optional":true }, "exceed-log-dep-cfg":{ "type":"object", "properties":{ "exceed-log-enable":{ "type":"number", "format":"flag", "default":0, "description":"(Deprecated)Enable logging of limit exceed drop's" }, "log-with-sflow-dep":{ "type":"number", "format":"flag", "default":0, "description":"Turn on sflow sample with log" } } }, "exceed-log-cfg":{ "type":"object", "properties":{ "log-enable":{ "type":"number", "format":"flag", "default":0, "description":"Enable logging of limit exceed drop's" }, "log-with-sflow":{ "type":"number", "format":"flag", "default":0, "description":"Turn on sflow sample with log" }, "log-high-frequency":{ "type":"number", "format":"flag", "default":0, "description":"Enable High frequency logging for non-event logs per entry" }, "rate-limit":{ "type":"number", "format":"number", "minimum":1, "maximum":1000, "default":1, "description":"Rate limit per second per entry(Default : 1 per second)" } } }, "log-periodic":{ "type":"number", "format":"flag", "default":0, "description":"Enable periodic log while event is continuing", "optional":true }, "drop-frag-pkt":{ "type":"number", "format":"flag", "default":0, "description":"Drop fragmented packets", "optional":true }, "sflow":{ "type":"object", "properties":{ "polling":{ "type":"object", "properties":{ "sflow-packets":{ "type":"number", "format":"flag", "default":0, "description":"Enable sFlow packet-level counter polling. WARNING: Entry level Sflow polling might induce heavy CPU load depending on the tota" }, "sflow-layer-4":{ "type":"number", "format":"flag", "default":0, "description":"Enable sFlow Layer 4 counter polling. WARNING: Entry level Sflow polling might induce heavy CPU load depending on the total num" }, "sflow-tcp":{ "type":"object", "properties":{ "sflow-tcp-basic":{ "type":"number", "format":"flag", "default":0, "description":"Enable sFlow basic TCP counter polling. WARNING: Entry level Sflow polling might induce heavy CPU load depending on the total n" }, "sflow-tcp-stateful":{ "type":"number", "format":"flag", "default":0, "description":"Enable sFlow stateful TCP counter polling. WARNING: Entry level Sflow polling might induce heavy CPU load depending on the tota" } } }, "sflow-http":{ "type":"number", "format":"flag", "default":0, "description":"Enable sFlow HTTP counter polling. WARNING: Entry level Sflow polling might induce heavy CPU load depending on the total number" }, "sflow-undef-port-hit-stats":{ "type":"number", "format":"flag", "default":0, "description":"Enable sFlow undefined-port-hit-statistics polling" }, "sflow-undef-port-hit-stats-brief":{ "type":"number", "format":"flag", "default":0, "description":"Enable sFlow undefined-port-hit-statistics polling in brief mode" } } } } }, "drop-on-no-src-dst-default":{ "type":"number", "format":"flag", "default":0, "description":"Drop if no match with src-based-policy class-list, and default is not configured", "optional":true }, "blackhole-on-glid-exceed":{ "type":"number", "format":"number", "minimum":1, "maximum":30, "description":"Blackhole destination entry for X minutes upon glid limit exceeded", "optional":true }, "source-nat-pool":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "description":"Configure source NAT", "optional":true }, "dest-nat-ip":{ "type":"string", "format":"ipv4-address", "description":"Destination NAT IP address", "optional":true }, "dest-nat-ipv6":{ "type":"string", "format":"ipv6-address", "description":"Destination NAT IPv6 address", "optional":true }, "drop-disable":{ "type":"number", "format":"flag", "default":0, "description":"Disable certain drops during packet processing", "optional":true }, "drop-disable-fwd-immediate":{ "type":"number", "format":"flag", "default":0, "description":"Immediately forward L4 drops", "optional":true }, "template":{ "type":"object", "properties":{ "logging":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "description":"DDOS logging template" } } }, "operational-mode":{ "type":"string", "format":"enum", "default":"protection", "description":"'protection': Protection mode; 'bypass': Bypass mode; ", "enum":[ "protection", "bypass" ], "optional":true }, "reporting-disabled":{ "type":"number", "format":"flag", "default":0, "description":"Disable Reporting", "optional":true }, "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "glid-exceed-action":{ "type":"object", "properties":{ "stateless-encap-action-cfg":{ "type":"object", "properties":{ "stateless-encap-action":{ "type":"string", "format":"enum", "description":"'stateless-tunnel-encap': Encapsulate all packets; 'stateless-tunnel-encap-scrubbed': Encapsulate all packets and allow packets to go through other DDoS checks before sent (conn-limit exceeded packet can not be scrubbed, it will default to stateless-tunnel-encap); ", "enum":[ "stateless-tunnel-encap", "stateless-tunnel-encap-scrubbed" ] }, "encap-template":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "$ref":"/axapi/v3/ddos/template/encap", "description":"Apply legacy encap template for encap action" } } } } }, "advertised-enable":{ "type":"number", "format":"flag", "default":0, "description":"BGP advertised", "optional":true }, "inbound-forward-dscp":{ "type":"number", "format":"number", "minimum":1, "maximum":63, "description":"To set dscp value for inbound packets (DSCP Value for the clear traffic marking)", "optional":true }, "outbound-forward-dscp":{ "type":"number", "format":"number", "minimum":1, "maximum":63, "description":"To set dscp value for outbound", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "capture-config-list":{ "type":"array", "minItems":1, "items":{ "type":"capture-config" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/entry/{dst-entry-name}/capture-config/{name}", "array":[ { "properties":{ "name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "$ref":"/axapi/v3/capture-config", "description":"Capture-config name", "optional":false }, "mode":{ "type":"string", "format":"enum", "description":"'drop': Apply capture-config to dropped packets; 'forward': Apply capture-config to forwarded packets; 'all': Apply capture-config to both dropped and forwarded packets; ", "enum":[ "drop", "forward", "all" ], "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "modify-not-allowed":1, "description":"uuid of the object", "optional":true } }, "required":[ "name" ] } ] }, "l4-type-list":{ "type":"array", "minItems":1, "items":{ "type":"l4-type" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/entry/{dst-entry-name}/l4-type/{protocol}", "array":[ { "properties":{ "protocol":{ "type":"string", "format":"enum", "description":"'tcp': L4-Type TCP; 'udp': L4-Type UDP; 'icmp': L4-Type ICMP; 'other': L4-Type OTHER; ", "enum":[ "tcp", "udp", "icmp", "other" ], "optional":false }, "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "glid-exceed-action":{ "type":"object", "properties":{ "stateless-encap-action-cfg":{ "type":"object", "properties":{ "stateless-encap-action":{ "type":"string", "format":"enum", "description":"'stateless-tunnel-encap': Encapsulate all packets; 'stateless-tunnel-encap-scrubbed': Encapsulate all packets and allow packets to go through other DDoS checks before sent (conn-limit exceeded packet can not be scrubbed, it will default to stateless-tunnel-encap); ", "enum":[ "stateless-tunnel-encap", "stateless-tunnel-encap-scrubbed" ] }, "encap-template":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "$ref":"/axapi/v3/ddos/template/encap", "description":"Apply legacy encap template for encap action" } } } } }, "deny":{ "type":"number", "format":"flag", "default":0, "description":"Blacklist and Drop all incoming packets for protocol", "optional":true }, "max-rexmit-syn-per-flow":{ "type":"number", "format":"number", "minimum":1, "maximum":6, "description":"Maximum number of re-transmit SYN per flow", "optional":true }, "exceed-action":{ "type":"string", "format":"enum", "description":"'drop': Drop the packet; 'black-list': Add the source IP into black list; ", "enum":[ "drop", "black-list" ], "optional":true }, "syn-auth":{ "type":"string", "format":"enum", "default":"send-rst", "description":"'send-rst': Send RST to client upon client ACK; 'force-rst-by-ack': Force client RST via the use of ACK; 'force-rst-by-synack': Force client RST via the use of bad SYN|ACK; 'disable': Disable TCP SYN Authentication; ", "enum":[ "send-rst", "force-rst-by-ack", "force-rst-by-synack", "disable" ], "optional":true }, "syn-cookie":{ "type":"number", "format":"flag", "default":0, "description":"Enable SYN Cookie", "optional":true }, "tcp-reset-client":{ "type":"number", "format":"flag", "default":0, "description":"Send reset to client when rate exceeds or session ages out", "optional":true }, "tcp-reset-server":{ "type":"number", "format":"flag", "default":0, "description":"Send reset to server when rate exceeds or session ages out", "optional":true }, "drop-on-no-port-match":{ "type":"string", "format":"enum", "default":"enable", "description":"'disable': disable; 'enable': enable; ", "enum":[ "disable", "enable" ], "optional":true }, "stateful":{ "type":"number", "format":"flag", "default":0, "description":"Enable stateful tracking of sessions (Default is stateless)", "optional":true }, "tunnel-decap":{ "type":"object", "properties":{ "ip-decap":{ "type":"number", "format":"flag", "default":0, "description":"Enable IP Tunnel decapsulation" }, "gre-decap":{ "type":"number", "format":"flag", "default":0, "description":"Enable GRE Tunnel decapsulation" }, "key-cfg":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "key":{ "type":"string", "format":"string", "minLength":1, "maxLength":10, "description":"Only decapsulate GRE packet with this key (Hexadecimal 0x0-0xFFFFFFFF,decimal 0-4294967295)" }, "optional":true } } ] } } }, "tunnel-rate-limit":{ "type":"object", "properties":{ "ip-rate-limit":{ "type":"number", "format":"flag", "default":0, "description":"Enable inner IP rate limiting on IPinIP traffic" }, "gre-rate-limit":{ "type":"number", "format":"flag", "default":0, "description":"Enable inner IP rate limiting on GRE traffic" } } }, "drop-frag-pkt":{ "type":"number", "format":"flag", "default":0, "description":"Drop fragmented packets", "optional":true }, "undefined-port-hit-statistics":{ "type":"object", "properties":{ "undefined-port-hit-statistics":{ "type":"number", "format":"flag", "default":0, "description":"Enable port scanning statistics" }, "reset-interval":{ "type":"number", "format":"number", "minimum":1, "maximum":64000, "default":60, "description":"Configure port scanning counter reset interval (minutes), Default 60 mins" } } }, "template":{ "type":"object", "properties":{ "template-icmp-v4":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "description":"DDOS icmp-v4 template" }, "template-icmp-v6":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "description":"DDOS icmp-v6 template" } } }, "detection-enable":{ "type":"number", "format":"flag", "default":0, "description":"Enable ddos detection", "optional":true }, "enable-top-k":{ "type":"number", "format":"flag", "default":0, "description":"Enable ddos top-k entries", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "port-ind":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/entry/{dst-entry-name}/l4-type/{protocol}/port-ind", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "modify-not-allowed":1, "description":"uuid of the object" } } } }, "required":[ "protocol" ] } ] }, "port-list":{ "type":"array", "minItems":1, "items":{ "type":"port" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/entry/{dst-entry-name}/port/{port-num}+{protocol}", "array":[ { "properties":{ "port-num":{ "type":"number", "format":"number", "minimum":0, "maximum":65535, "description":"Port Number", "optional":false }, "protocol":{ "type":"string", "format":"enum", "description":"'dns-tcp': DNS-TCP Port; 'dns-udp': DNS-UDP Port; 'http': HTTP Port; 'tcp': TCP Port; 'udp': UDP Port; 'ssl-l4': SSL-L4 Port; 'sip-udp': SIP-UDP Port; 'sip-tcp': SIP-TCP Port; ", "enum":[ "dns-tcp", "dns-udp", "http", "tcp", "udp", "ssl-l4", "sip-udp", "sip-tcp" ], "optional":false }, "detection-enable":{ "type":"number", "format":"flag", "default":0, "description":"Enable ddos detection", "optional":true }, "enable-top-k":{ "type":"number", "format":"flag", "default":0, "description":"Enable ddos top-k entries", "optional":true }, "deny":{ "type":"number", "format":"flag", "default":0, "description":"Blacklist and Drop all incoming packets for protocol", "optional":true }, "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "glid-exceed-action":{ "type":"object", "properties":{ "stateless-encap-action-cfg":{ "type":"object", "properties":{ "stateless-encap-action":{ "type":"string", "format":"enum", "description":"'stateless-tunnel-encap': Encapsulate all packets; 'stateless-tunnel-encap-scrubbed': Encapsulate all packets and allow packets to go through other DDoS checks before sent (conn-limit exceeded packet can not be scrubbed, it will default to stateless-tunnel-encap); ", "enum":[ "stateless-tunnel-encap", "stateless-tunnel-encap-scrubbed" ] }, "encap-template":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "$ref":"/axapi/v3/ddos/template/encap", "description":"Apply legacy encap template for encap action" } } } } }, "dns-cache":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "$ref":"/axapi/v3/ddos/dns-cache", "description":"DNS Cache Instance", "optional":true }, "template":{ "type":"object", "properties":{ "dns":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "description":"DDOS dns template" }, "http":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "description":"DDOS http template" }, "ssl-l4":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "description":"DDOS SSL-L4 template" }, "sip":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "description":"DDOS sip template" }, "tcp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "description":"DDOS tcp template" }, "udp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "description":"DDOS udp template" } } }, "sflow":{ "type":"object", "properties":{ "polling":{ "type":"object", "properties":{ "sflow-packets":{ "type":"number", "format":"flag", "default":0, "description":"Enable sFlow packet-level counter polling" }, "sflow-tcp":{ "type":"object", "properties":{ "sflow-tcp-basic":{ "type":"number", "format":"flag", "default":0, "description":"Enable sFlow basic TCP counter polling" }, "sflow-tcp-stateful":{ "type":"number", "format":"flag", "default":0, "description":"Enable sFlow stateful TCP counter polling" } } }, "sflow-http":{ "type":"number", "format":"flag", "default":0, "description":"Enable sFlow HTTP counter polling" } } } } }, "capture-config":{ "type":"object", "properties":{ "capture-config-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "description":"Capture-config name" }, "capture-config-mode":{ "type":"string", "format":"enum", "description":"'drop': Apply capture-config to dropped packets; 'forward': Apply capture-config to forwarded packets; 'all': Apply capture-config to both dropped and forwarded packets; ", "enum":[ "drop", "forward", "all" ] } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "port-ind":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/entry/{dst-entry-name}/port/{port-num}+{protocol}/port-ind", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "modify-not-allowed":1, "description":"uuid of the object" } } } }, "required":[ "port-num", "protocol" ] } ] }, "port-range-list":{ "type":"array", "minItems":1, "items":{ "type":"port-range" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/entry/{dst-entry-name}/port-range/{port-range-start}+{port-range-end}+{protocol}", "array":[ { "properties":{ "port-range-start":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "description":"Port-Range Start Port Number", "optional":false }, "port-range-end":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "description":"Port-Range End Port Number", "optional":false }, "protocol":{ "type":"string", "format":"enum", "description":"'dns-tcp': DNS-TCP Port; 'dns-udp': DNS-UDP Port; 'http': HTTP Port; 'tcp': TCP Port; 'udp': UDP Port; 'ssl-l4': SSL-L4 Port; 'sip-udp': SIP-UDP Port; 'sip-tcp': SIP-TCP Port; ", "enum":[ "dns-tcp", "dns-udp", "http", "tcp", "udp", "ssl-l4", "sip-udp", "sip-tcp" ], "optional":false }, "deny":{ "type":"number", "format":"flag", "default":0, "description":"Blacklist and Drop all incoming packets for protocol", "optional":true }, "detection-enable":{ "type":"number", "format":"flag", "default":0, "description":"Enable ddos detection", "optional":true }, "enable-top-k":{ "type":"number", "format":"flag", "default":0, "description":"Enable ddos top-k entries", "optional":true }, "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "glid-exceed-action":{ "type":"object", "properties":{ "stateless-encap-action-cfg":{ "type":"object", "properties":{ "stateless-encap-action":{ "type":"string", "format":"enum", "description":"'stateless-tunnel-encap': Encapsulate all packets; 'stateless-tunnel-encap-scrubbed': Encapsulate all packets and allow packets to go through other DDoS checks before sent (conn-limit exceeded packet can not be scrubbed, it will default to stateless-tunnel-encap); ", "enum":[ "stateless-tunnel-encap", "stateless-tunnel-encap-scrubbed" ] }, "encap-template":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "$ref":"/axapi/v3/ddos/template/encap", "description":"Apply legacy encap template for encap action" } } } } }, "template":{ "type":"object", "properties":{ "dns":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "description":"DDOS dns template" }, "http":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "description":"DDOS http template" }, "ssl-l4":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "description":"DDOS SSL-L4 template" }, "sip":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "description":"DDOS sip template" }, "tcp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "description":"DDOS tcp template" }, "udp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "description":"DDOS udp template" } } }, "sflow":{ "type":"object", "properties":{ "polling":{ "type":"object", "properties":{ "sflow-packets":{ "type":"number", "format":"flag", "default":0, "description":"Enable sFlow packet-level counter polling" }, "sflow-tcp":{ "type":"object", "properties":{ "sflow-tcp-basic":{ "type":"number", "format":"flag", "default":0, "description":"Enable sFlow basic TCP counter polling" }, "sflow-tcp-stateful":{ "type":"number", "format":"flag", "default":0, "description":"Enable sFlow stateful TCP counter polling" } } }, "sflow-http":{ "type":"number", "format":"flag", "default":0, "description":"Enable sFlow HTTP counter polling" } } } } }, "capture-config":{ "type":"object", "properties":{ "capture-config-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "description":"Capture-config name" }, "capture-config-mode":{ "type":"string", "format":"enum", "description":"'drop': Apply capture-config to dropped packets; 'forward': Apply capture-config to forwarded packets; 'all': Apply capture-config to both dropped and forwarded packets; ", "enum":[ "drop", "forward", "all" ] } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "modify-not-allowed":1, "description":"uuid of the object", "optional":true } }, "required":[ "port-range-start", "port-range-end", "protocol" ] } ] }, "src-port-list":{ "type":"array", "minItems":1, "items":{ "type":"src-port" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-port/{port-num}+{protocol}", "array":[ { "properties":{ "port-num":{ "type":"number", "format":"number", "minimum":0, "maximum":65535, "description":"Port Number", "optional":false }, "protocol":{ "type":"string", "format":"enum", "description":"'udp': UDP Port; 'tcp': TCP Port; ", "enum":[ "udp", "tcp" ], "optional":false }, "deny":{ "type":"number", "format":"flag", "default":0, "description":"Blacklist and Drop all incoming packets for protocol", "optional":true }, "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "template":{ "type":"object", "properties":{ "src-udp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "description":"DDOS udp src template" }, "src-tcp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "description":"DDOS tcp src template" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "modify-not-allowed":1, "description":"uuid of the object", "optional":true } }, "required":[ "port-num", "protocol" ] } ] }, "src-port-range-list":{ "type":"array", "minItems":1, "items":{ "type":"src-port-range" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-port-range/{src-port-range-start}+{src-port-range-end}+{protocol}", "array":[ { "properties":{ "src-port-range-start":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "description":"Src Port-Range Start Port Number", "optional":false }, "src-port-range-end":{ "type":"number", "format":"number", "minimum":2, "maximum":65535, "description":"Src Port-Range End Port Number", "optional":false }, "protocol":{ "type":"string", "format":"enum", "description":"'udp': UDP Port; 'tcp': TCP Port; ", "enum":[ "udp", "tcp" ], "optional":false }, "deny":{ "type":"number", "format":"flag", "default":0, "description":"Blacklist and Drop all incoming packets for protocol", "optional":true }, "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "template":{ "type":"object", "properties":{ "src-udp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "description":"DDOS udp src template" }, "src-tcp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "description":"DDOS tcp src template" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "modify-not-allowed":1, "description":"uuid of the object", "optional":true } }, "required":[ "src-port-range-start", "src-port-range-end", "protocol" ] } ] }, "ip-proto-list":{ "type":"array", "minItems":1, "items":{ "type":"ip-proto" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/entry/{dst-entry-name}/ip-proto/{port-num}", "array":[ { "properties":{ "port-num":{ "type":"number", "format":"number", "minimum":0, "maximum":255, "description":"Protocol Number", "optional":false }, "deny":{ "type":"number", "format":"flag", "default":0, "description":"Blacklist and Drop all incoming packets for protocol", "optional":true }, "esp-inspect":{ "type":"object", "properties":{ "auth-algorithm":{ "type":"string", "format":"enum", "description":"'AUTH_NULL': No Integrity Check Value; 'HMAC-SHA-1-96': 96 bit Auth Algo; 'HMAC-SHA-256-96': 96 bit Auth Algo; 'HMAC-SHA-256-128': 128 bit Auth Algo; 'HMAC-SHA-384-192': 192 bit Auth Algo; 'HMAC-SHA-512-256': 256 bit Auth Algo; 'HMAC-MD5-96': 96 bit Auth Algo; 'MAC-RIPEMD-160-96': 96 bit Auth Algo; ", "enum":[ "AUTH_NULL", "HMAC-SHA-1-96", "HMAC-SHA-256-96", "HMAC-SHA-256-128", "HMAC-SHA-384-192", "HMAC-SHA-512-256", "HMAC-MD5-96", "MAC-RIPEMD-160-96" ] }, "encrypt-algorithm":{ "type":"string", "format":"enum", "description":"'NULL': Null Encryption Algorithm; ", "enum":[ "NULL" ] }, "mode":{ "type":"string", "format":"enum", "description":"'transport': Transport mode; ", "enum":[ "transport" ] } } }, "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "glid-exceed-action":{ "type":"object", "properties":{ "stateless-encap-action-cfg":{ "type":"object", "properties":{ "stateless-encap-action":{ "type":"string", "format":"enum", "description":"'stateless-tunnel-encap': Encapsulate all packets; 'stateless-tunnel-encap-scrubbed': Encapsulate all packets and allow packets to go through other DDoS checks before sent (conn-limit exceeded packet can not be scrubbed, it will default to stateless-tunnel-encap); ", "enum":[ "stateless-tunnel-encap", "stateless-tunnel-encap-scrubbed" ] }, "encap-template":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "$ref":"/axapi/v3/ddos/template/encap", "description":"Apply legacy encap template for encap action" } } } } }, "template":{ "type":"object", "properties":{ "other":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "description":"DDOS other template" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "modify-not-allowed":1, "description":"uuid of the object", "optional":true } }, "required":[ "port-num" ] } ] }, "src-dst-pair":{ "type":"object", "$ref":"/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair", "properties":{ "default":{ "type":"number", "format":"flag", "default":0, "description":"Configure default" }, "bypass":{ "type":"number", "format":"flag", "default":0, "description":"Always permit for the Source to bypass all feature & limit checks" }, "exceed-log-cfg":{ "type":"object", "properties":{ "log-enable":{ "type":"number", "format":"flag", "default":0, "description":"Enable logging of limit exceed drop's" } } }, "log-periodic":{ "type":"number", "format":"flag", "default":0, "description":"Enable periodic log while event is continuing" }, "template":{ "type":"object", "properties":{ "logging":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "description":"DDOS logging template" } } }, "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "$ref":"/axapi/v3/glid", "description":"Global limit ID" }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "modify-not-allowed":1, "description":"uuid of the object" }, "l4-type-src-dst-list":{ "type":"array", "minItems":1, "items":{ "type":"l4-type-src-dst" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair/l4-type-src-dst/{protocol}", "array":[ { "properties":{ "protocol":{ "type":"string", "format":"enum", "description":"'tcp': tcp; 'udp': udp; 'icmp': icmp; 'other': other; ", "enum":[ "tcp", "udp", "icmp", "other" ], "optional":false }, "deny":{ "type":"number", "format":"flag", "default":0, "description":"Blacklist and Drop all incoming packets for protocol", "optional":true }, "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "template":{ "type":"object", "properties":{ "tcp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "description":"DDOS TCP template" }, "udp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "description":"DDOS UDP template" }, "other":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "description":"DDOS OTHER template" }, "template-icmp-v4":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "description":"DDOS icmp-v4 template" }, "template-icmp-v6":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "description":"DDOS icmp-v6 template" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "modify-not-allowed":1, "description":"uuid of the object", "optional":true } }, "required":[ "protocol" ] } ] }, "app-type-src-dst-list":{ "type":"array", "minItems":1, "items":{ "type":"app-type-src-dst" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair/app-type-src-dst/{protocol}", "array":[ { "properties":{ "protocol":{ "type":"string", "format":"enum", "description":"'dns': dns; 'http': http; 'ssl-l4': ssl-l4; 'sip': sip; ", "enum":[ "dns", "http", "ssl-l4", "sip" ], "optional":false }, "template":{ "type":"object", "properties":{ "ssl-l4":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "description":"DDOS SSL-L4 template" }, "dns":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "description":"DDOS dns template" }, "http":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "description":"DDOS http template" }, "sip":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "description":"DDOS sip template" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "modify-not-allowed":1, "description":"uuid of the object", "optional":true } }, "required":[ "protocol" ] } ] } } }, "src-dst-pair-policy-list":{ "type":"array", "minItems":1, "items":{ "type":"src-dst-pair-policy" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair-policy/{src-based-policy-name}", "array":[ { "properties":{ "src-based-policy-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "description":"Src-based-policy name", "optional":false }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "policy-class-list-list":{ "type":"array", "minItems":1, "items":{ "type":"policy-class-list" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair-policy/{src-based-policy-name}/policy-class-list/{class-list-name}", "array":[ { "properties":{ "class-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "description":"Class-list name", "optional":false }, "bypass":{ "type":"number", "format":"flag", "default":0, "description":"Always permit for the Source to bypass all feature & limit checks", "optional":true }, "exceed-log-cfg":{ "type":"object", "properties":{ "log-enable":{ "type":"number", "format":"flag", "default":0, "description":"Enable logging of limit exceed drop's" } } }, "log-periodic":{ "type":"number", "format":"flag", "default":0, "description":"Enable periodic log while event is continuing", "optional":true }, "template":{ "type":"object", "properties":{ "logging":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "description":"DDOS logging template" } } }, "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "max-dynamic-entry-count":{ "type":"number", "format":"number", "minimum":0, "maximum":2147483647, "description":"Maximum count for dynamic src-dst entry under class-list", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "l4-type-src-dst-list":{ "type":"array", "minItems":1, "items":{ "type":"l4-type-src-dst" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair-policy/{src-based-policy-name}/policy-class-list/{class-list-name}/l4-type-src-dst/{protocol}", "array":[ { "properties":{ "protocol":{ "type":"string", "format":"enum", "description":"'tcp': tcp; 'udp': udp; 'icmp': icmp; 'other': other; ", "enum":[ "tcp", "udp", "icmp", "other" ], "optional":false }, "deny":{ "type":"number", "format":"flag", "default":0, "description":"Blacklist and Drop all incoming packets for protocol", "optional":true }, "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "template":{ "type":"object", "properties":{ "tcp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "description":"DDOS TCP template" }, "udp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "description":"DDOS UDP template" }, "other":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "description":"DDOS OTHER template" }, "template-icmp-v4":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "description":"DDOS icmp-v4 template" }, "template-icmp-v6":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "description":"DDOS icmp-v6 template" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "modify-not-allowed":1, "description":"uuid of the object", "optional":true } }, "required":[ "protocol" ] } ] }, "app-type-src-dst-list":{ "type":"array", "minItems":1, "items":{ "type":"app-type-src-dst" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair-policy/{src-based-policy-name}/policy-class-list/{class-list-name}/app-type-src-dst/{protocol}", "array":[ { "properties":{ "protocol":{ "type":"string", "format":"enum", "description":"'dns': dns; 'http': http; 'ssl-l4': ssl-l4; 'sip': sip; ", "enum":[ "dns", "http", "ssl-l4", "sip" ], "optional":false }, "template":{ "type":"object", "properties":{ "ssl-l4":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "description":"DDOS SSL-L4 template" }, "dns":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "description":"DDOS dns template" }, "http":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "description":"DDOS http template" }, "sip":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "description":"DDOS sip template" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "modify-not-allowed":1, "description":"uuid of the object", "optional":true } }, "required":[ "protocol" ] } ] }, "class-list-overflow-policy-list":{ "type":"array", "minItems":1, "items":{ "type":"class-list-overflow-policy" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair-policy/{src-based-policy-name}/policy-class-list/{class-list-name}/class-list-overflow-policy/{dummy-name}", "array":[ { "properties":{ "dummy-name":{ "type":"string", "format":"enum", "description":"'configuration': Configure src dst dynamic entry count overflow policy for class-list; ", "enum":[ "configuration" ], "optional":false }, "bypass":{ "type":"number", "format":"flag", "default":0, "description":"Always permit for the Source to bypass all feature & limit checks", "optional":true }, "exceed-log-cfg":{ "type":"object", "properties":{ "log-enable":{ "type":"number", "format":"flag", "default":0, "description":"Enable logging of limit exceed drop's" } } }, "log-periodic":{ "type":"number", "format":"flag", "default":0, "description":"Enable periodic log while event is continuing", "optional":true }, "template":{ "type":"object", "properties":{ "logging":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "description":"DDOS logging template" } } }, "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "l4-type-src-dst-overflow-list":{ "type":"array", "minItems":1, "items":{ "type":"l4-type-src-dst-overflow" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair-policy/{src-based-policy-name}/policy-class-list/{class-list-name}/class-list-overflow-policy/{dummy-name}/l4-type-src-dst-overflow/{protocol}", "array":[ { "properties":{ "protocol":{ "type":"string", "format":"enum", "description":"'tcp': tcp; 'udp': udp; 'icmp': icmp; 'other': other; ", "enum":[ "tcp", "udp", "icmp", "other" ], "optional":false }, "deny":{ "type":"number", "format":"flag", "default":0, "description":"Blacklist and Drop all incoming packets for protocol", "optional":true }, "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "template":{ "type":"object", "properties":{ "tcp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "description":"DDOS TCP template" }, "udp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "description":"DDOS UDP template" }, "other":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "description":"DDOS OTHER template" }, "template-icmp-v4":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "description":"DDOS icmp-v4 template" }, "template-icmp-v6":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "description":"DDOS icmp-v6 template" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "modify-not-allowed":1, "description":"uuid of the object", "optional":true } }, "required":[ "protocol" ] } ] }, "app-type-src-dst-overflow-list":{ "type":"array", "minItems":1, "items":{ "type":"app-type-src-dst-overflow" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair-policy/{src-based-policy-name}/policy-class-list/{class-list-name}/class-list-overflow-policy/{dummy-name}/app-type-src-dst-overflow/{protocol}", "array":[ { "properties":{ "protocol":{ "type":"string", "format":"enum", "description":"'dns': dns; 'http': http; 'ssl-l4': ssl-l4; 'sip': sip; ", "enum":[ "dns", "http", "ssl-l4", "sip" ], "optional":false }, "template":{ "type":"object", "properties":{ "ssl-l4":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "description":"DDOS SSL-L4 template" }, "dns":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "description":"DDOS dns template" }, "http":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "description":"DDOS http template" }, "sip":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "description":"DDOS sip template" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "modify-not-allowed":1, "description":"uuid of the object", "optional":true } }, "required":[ "protocol" ] } ] } }, "required":[ "dummy-name" ] } ] } }, "required":[ "class-list-name" ] } ] } }, "required":[ "src-based-policy-name" ] } ] }, "src-dst-pair-settings-list":{ "type":"array", "minItems":1, "items":{ "type":"src-dst-pair-settings" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair-settings/{all-types}", "array":[ { "properties":{ "all-types":{ "type":"string", "format":"enum", "description":"'all-types': Settings for all types (default or class-list); ", "enum":[ "all-types" ], "optional":false }, "age":{ "type":"number", "format":"number", "minimum":2, "maximum":1023, "default":5, "description":"Idle age for ip entry", "optional":true }, "max-dynamic-entry-count":{ "type":"number", "format":"number", "minimum":0, "maximum":2147483647, "description":"Maximum count for dynamic src-dst entry", "optional":true }, "apply-policy-on-overflow":{ "type":"number", "format":"flag", "default":0, "description":"Enable this flag to apply overflow policy when dynamic entry count overflows", "optional":true }, "enable-class-list-overflow":{ "type":"number", "format":"flag", "default":0, "description":"Apply class-list overflow policy upon exceeding dynamic entry count specified for DST entry or each class-list", "optional":true }, "src-prefix-len":{ "type":"number", "format":"number", "minimum":32, "maximum":127, "description":"Specify src prefix length for IPv6 (default: not set)", "optional":true }, "traffic-distribution-mode":{ "type":"string", "format":"enum", "plat-pos-list":["chassis-duo"], "default":"default", "description":"'default': Distribute traffic to one slot only; 'source-ip-based': Distribute traffic between slots, based on source ip; ", "enum":[ "default", "source-ip-based" ], "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "l4-type-src-dst-list":{ "type":"array", "minItems":1, "items":{ "type":"l4-type-src-dst" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair-settings/{all-types}/l4-type-src-dst/{protocol}", "array":[ { "properties":{ "protocol":{ "type":"string", "format":"enum", "description":"'tcp': tcp; 'udp': udp; 'icmp': icmp; 'other': other; ", "enum":[ "tcp", "udp", "icmp", "other" ], "optional":false }, "max-dynamic-entry-count":{ "type":"number", "format":"number", "minimum":0, "maximum":2147483647, "description":"Maximum count for dynamic src-dst entry", "optional":true }, "apply-policy-on-overflow":{ "type":"number", "format":"flag", "default":0, "description":"Enable this flag to apply overflow policy when dynamic entry count overflows", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "modify-not-allowed":1, "description":"uuid of the object", "optional":true } }, "required":[ "protocol" ] } ] } }, "required":[ "all-types" ] } ] }, "src-dst-pair-class-list-list":{ "type":"array", "minItems":1, "items":{ "type":"src-dst-pair-class-list" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair-class-list/{class-list-name}", "array":[ { "properties":{ "class-list-name":{ "type":"string", "format":"string", "minLength":1, "maxLength":63, "description":"Class-list name", "optional":false }, "exceed-log-cfg":{ "type":"object", "properties":{ "log-enable":{ "type":"number", "format":"flag", "default":0, "description":"Enable logging of limit exceed drop's" } } }, "log-periodic":{ "type":"number", "format":"flag", "default":0, "description":"Enable periodic log while event is continuing", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "l4-type-src-dst-list":{ "type":"array", "minItems":1, "items":{ "type":"l4-type-src-dst" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair-class-list/{class-list-name}/l4-type-src-dst/{protocol}", "array":[ { "properties":{ "protocol":{ "type":"string", "format":"enum", "description":"'tcp': tcp; 'udp': udp; 'icmp': icmp; 'other': other; ", "enum":[ "tcp", "udp", "icmp", "other" ], "optional":false }, "deny":{ "type":"number", "format":"flag", "default":0, "description":"Blacklist and Drop all incoming packets for protocol", "optional":true }, "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "template":{ "type":"object", "properties":{ "tcp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "description":"DDOS TCP template" }, "udp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "description":"DDOS UDP template" }, "other":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "description":"DDOS OTHER template" }, "template-icmp-v4":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "description":"DDOS icmp-v4 template" }, "template-icmp-v6":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "description":"DDOS icmp-v6 template" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "modify-not-allowed":1, "description":"uuid of the object", "optional":true } }, "required":[ "protocol" ] } ] }, "app-type-src-dst-list":{ "type":"array", "minItems":1, "items":{ "type":"app-type-src-dst" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair-class-list/{class-list-name}/app-type-src-dst/{protocol}", "array":[ { "properties":{ "protocol":{ "type":"string", "format":"enum", "description":"'dns': dns; 'http': http; 'ssl-l4': ssl-l4; 'sip': sip; ", "enum":[ "dns", "http", "ssl-l4", "sip" ], "optional":false }, "template":{ "type":"object", "properties":{ "ssl-l4":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "description":"DDOS SSL-L4 template" }, "dns":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "description":"DDOS dns template" }, "http":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "description":"DDOS http template" }, "sip":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "description":"DDOS sip template" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "modify-not-allowed":1, "description":"uuid of the object", "optional":true } }, "required":[ "protocol" ] } ] }, "cid-list":{ "type":"array", "minItems":1, "items":{ "type":"cid" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair-class-list/{class-list-name}/cid/{cid-num}", "array":[ { "properties":{ "cid-num":{ "type":"number", "format":"number", "minimum":1, "maximum":32, "description":"Class-list id", "optional":false }, "exceed-log-cfg":{ "type":"object", "properties":{ "log-enable":{ "type":"number", "format":"flag", "default":0, "description":"Enable logging of limit exceed drop's" } } }, "log-periodic":{ "type":"number", "format":"flag", "default":0, "description":"Enable periodic log while event is continuing", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "l4-type-src-dst-cid-list":{ "type":"array", "minItems":1, "items":{ "type":"l4-type-src-dst-cid" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair-class-list/{class-list-name}/cid/{cid-num}/l4-type-src-dst-cid/{protocol}", "array":[ { "properties":{ "protocol":{ "type":"string", "format":"enum", "description":"'tcp': tcp; 'udp': udp; 'icmp': icmp; 'other': other; ", "enum":[ "tcp", "udp", "icmp", "other" ], "optional":false }, "deny":{ "type":"number", "format":"flag", "default":0, "description":"Blacklist and Drop all incoming packets for protocol", "optional":true }, "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "template":{ "type":"object", "properties":{ "tcp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "description":"DDOS TCP template" }, "udp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "description":"DDOS UDP template" }, "other":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "description":"DDOS OTHER template" }, "template-icmp-v4":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "description":"DDOS icmp-v4 template" }, "template-icmp-v6":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "description":"DDOS icmp-v6 template" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "modify-not-allowed":1, "description":"uuid of the object", "optional":true } }, "required":[ "protocol" ] } ] }, "app-type-src-dst-cid-list":{ "type":"array", "minItems":1, "items":{ "type":"app-type-src-dst-cid" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair-class-list/{class-list-name}/cid/{cid-num}/app-type-src-dst-cid/{protocol}", "array":[ { "properties":{ "protocol":{ "type":"string", "format":"enum", "description":"'dns': dns; 'http': http; 'ssl-l4': ssl-l4; 'sip': sip; ", "enum":[ "dns", "http", "ssl-l4", "sip" ], "optional":false }, "template":{ "type":"object", "properties":{ "ssl-l4":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "description":"DDOS SSL-L4 template" }, "dns":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "description":"DDOS dns template" }, "http":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "description":"DDOS http template" }, "sip":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "description":"DDOS sip template" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "modify-not-allowed":1, "description":"uuid of the object", "optional":true } }, "required":[ "protocol" ] } ] } }, "required":[ "cid-num" ] } ] } }, "required":[ "class-list-name" ] } ] }, "dynamic-entry-overflow-policy-list":{ "type":"array", "minItems":1, "items":{ "type":"dynamic-entry-overflow-policy" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/entry/{dst-entry-name}/dynamic-entry-overflow-policy/{dummy-name}", "array":[ { "properties":{ "dummy-name":{ "type":"string", "format":"enum", "description":"'configuration': Configure src dst dynamic entry count overflow policy; ", "enum":[ "configuration" ], "optional":false }, "bypass":{ "type":"number", "format":"flag", "default":0, "description":"Always permit for the Source to bypass all feature & limit checks", "optional":true }, "exceed-log-cfg":{ "type":"object", "properties":{ "log-enable":{ "type":"number", "format":"flag", "default":0, "description":"Enable logging of limit exceed drop's" } } }, "log-periodic":{ "type":"number", "format":"flag", "default":0, "description":"Enable periodic log while event is continuing", "optional":true }, "template":{ "type":"object", "properties":{ "logging":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "description":"DDOS logging template" } } }, "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "l4-type-src-dst-list":{ "type":"array", "minItems":1, "items":{ "type":"l4-type-src-dst" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/entry/{dst-entry-name}/dynamic-entry-overflow-policy/{dummy-name}/l4-type-src-dst/{protocol}", "array":[ { "properties":{ "protocol":{ "type":"string", "format":"enum", "description":"'tcp': tcp; 'udp': udp; 'icmp': icmp; 'other': other; ", "enum":[ "tcp", "udp", "icmp", "other" ], "optional":false }, "deny":{ "type":"number", "format":"flag", "default":0, "description":"Blacklist and Drop all incoming packets for protocol", "optional":true }, "glid":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "$ref":"/axapi/v3/glid", "description":"Global limit ID", "optional":true }, "template":{ "type":"object", "properties":{ "tcp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "description":"DDOS TCP template" }, "udp":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "description":"DDOS UDP template" }, "other":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "description":"DDOS OTHER template" }, "template-icmp-v4":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "description":"DDOS icmp-v4 template" }, "template-icmp-v6":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "description":"DDOS icmp-v6 template" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "modify-not-allowed":1, "description":"uuid of the object", "optional":true } }, "required":[ "protocol" ] } ] }, "app-type-src-dst-list":{ "type":"array", "minItems":1, "items":{ "type":"app-type-src-dst" }, "uniqueItems":true, "$ref":"/axapi/v3/ddos/dst/entry/{dst-entry-name}/dynamic-entry-overflow-policy/{dummy-name}/app-type-src-dst/{protocol}", "array":[ { "properties":{ "protocol":{ "type":"string", "format":"enum", "description":"'dns': dns; 'http': http; 'ssl-l4': ssl-l4; 'sip': sip; ", "enum":[ "dns", "http", "ssl-l4", "sip" ], "optional":false }, "template":{ "type":"object", "properties":{ "ssl-l4":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "description":"DDOS SSL-L4 template" }, "dns":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "description":"DDOS dns template" }, "http":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "description":"DDOS http template" }, "sip":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "description":"DDOS sip template" } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "modify-not-allowed":1, "description":"uuid of the object", "optional":true } }, "required":[ "protocol" ] } ] } }, "required":[ "dummy-name" ] } ] } }, "object-keys":[ "dst-entry-name" ], "required":[ "dst-entry-name" ] }