| Name |
Enter the name of the GLID between 1-26 characters. If you are using PBSLB, you can enter the GLID name only in number.
If you are trying to recreate a deleted template that was previously associated to a few zones, an Associated Zones link appears next to the Name field. This Associated Zones link displays the zones with which the template was previously associated.
|
| Description |
Enter a description of the GLID parameters between 1-63 characters.
|
| Rate Unit |
Enter GLID rate unit for rate limit from System Global Setting or Per Second. |
| Concurrent Connections |
Enter the connection limit for GLID between 1-16000000 characters. If you are using PBSLB, specify the GLID range between 1-1048575 characters.
It is advisable to specify the maximum number of concurrent connections.
|
| New Connections |
Enter the connection rate limit allowed per rate-interval on the TPS device between 1-16000000 characters.
It is advisable to specify the maximum range for new connections.
|
| Kibit Rate |
Enter the Kibits rate limit per rate-interval allowed within a DDoS Mitigation between 1-16000000 characters. It is advisable to specify the maximum number of Kibits.
The GLID action for overlimit traffic is applied to bits received after the limit is reached. There are no default bandwidth rate limits. To set a bandwidth limit, you must configure the limit in a GLID and apply (bind) the GLID to a DDoS Mitigation rule. Separate bandwidth limits are configurable for each Layer 4 type (TCP, UDP, ICMP, and Other).
|
NOTE:
|
If a GLID bound to a DDoS Mitigation rule does not specify a packet rate limit or a bandwidth rate limit, the rate for the matching traffic is unlimited. |
|
NOTE:
|
If there is no GLID bound to a rule, ACOS applies the applicable packet rate limit to the matching traffic. |
|
| Packet Rate |
Enter the packet rate limit allowed per rate-interval between 1-16000000 characters.
It is advisable to specify the maximum number of packets.
|
| Fragmented Packet Rate |
Enter the fragmented packet rate allowed per rate-interval between 1-16000000 characters.
It is advisable to specify the maximum number of fragmented packets rate.
|
| SYN Cookie Failures |
Enter the SYN-cookie threshold for the GLID allowed per interval between 1-16 characters.
It is advisable to specify the maximum number of SYN-cookie threshold. A SYN-cookie failure occurs when the sequence number in a TCP ACK from a client does not pass the SYN-cookie check.
|
| Over Limit Action |
Select one of the actions to be taken when traffic exceeds one or more of the limits configured:
Over limit action is applicable when GLID is used by Protected Destination Entry. When GLID is referred by Protected Zone, the action specified within the zone service is applicable.
|
| Action Type |
Take any of the following actions as per requirement:
- Edit—Allows you to edit a GLID setting.
- Duplicate—Allows you to duplicate a configured GLID setting.
- Push—Applies the GLID configuration to the TPS device.
- Used in Zones—Displays on which zone the GLID setting is applied.
- Delete—Allows you to delete the configured GLID.
- Drop (default)
- Blacklist Source Entry
-
Send Flowspec
|
NOTE:
|
With Send Flowspec, when this GLID is configured on a zone or zone-service or src-port, upon violation, Flowspec rules will automatically get created for all the zone IPs. |
|
| Blacklist Timeout |
Specifies the amount of time the source entry is Blacklisted for. The supported value is 1-16 minute.
|
NOTE:
|
This option appears when Blacklist Source Entry is selected as the Action Type. |
|
| Traffic Filtering Action |
Select one of the following options that must be applied if
the traffic matches the configuration:
- Deny—The router denies or blocks the traffic.
- Rate—The router can apply the rate limiter, in bytes per second, to apply to the traffic.
|
| Traffic Rate |
Specify the maximum number of traffic rate limit.
|
| Flowspec Timeout |
Specify the time duration (in minutes) for Flowspec to timeout.
|
