ddos

DDOS feature

ddos Specification

   
Type Intermediate Resource
Element Name ddos
Element URI /axapi/v3/ddos
Element Attributes ddos_attributes
Schema ddos schema

Operations Allowed:

OperationMethodURIPayload

Get Object

GET

/axapi/v3/ddos

ddos_attributes

ddos attributes

action-list-list

Type: List

Refernce Object: /axapi/v3/ddos/action-list/{name}

anomaly

Description: anomaly is a JSON Block. Please see below for anomaly

Type: Object

Refernce Object: /axapi/v3/ddos/anomaly

anomaly-drop

Description: anomaly-drop is a JSON Block. Please see below for anomaly-drop

Type: Object

Refernce Object: /axapi/v3/ddos/anomaly-drop

brief

Description: brief is a JSON Block. Please see below for brief

Type: Object

Refernce Object: /axapi/v3/ddos/brief

detection

Description: detection is a JSON Block. Please see below for detection

Type: Object

Refernce Object: /axapi/v3/ddos/detection

dns-cache-config

Description: dns-cache-config is a JSON Block. Please see below for dns-cache-config

Type: Object

Refernce Object: /axapi/v3/ddos/dns-cache-config

dns-cache-list

Type: List

Refernce Object: /axapi/v3/ddos/dns-cache/{name}

dns-cache-mode

Description: dns-cache-mode is a JSON Block. Please see below for dns-cache-mode

Type: Object

Refernce Object: /axapi/v3/ddos/dns-cache-mode

dns-cache-server

Description: dns-cache-server is a JSON Block. Please see below for dns-cache-server

Type: Object

Refernce Object: /axapi/v3/ddos/dns-cache-server

dst

Description: dst is a JSON Block. Please see below for dst

Type: Object

Refernce Object: /axapi/v3/ddos/dst

dynamic-class-list

Description: dynamic-class-list is a JSON Block. Please see below for dynamic-class-list

Type: Object

Refernce Object: /axapi/v3/ddos/dynamic-class-list

event-filter-list

Type: List

Refernce Object: /axapi/v3/ddos/event-filter/{filter-name}

exec-script

Description: exec-script is a JSON Block. Please see below for exec-script

Type: Object

Refernce Object: /axapi/v3/ddos/exec-script/{protocol}

geo-location

Description: geo-location is a JSON Block. Please see below for geo-location

Type: Object

Refernce Object: /axapi/v3/ddos/geo-location

ip-proto

Description: ip-proto is a JSON Block. Please see below for ip-proto

Type: Object

Refernce Object: /axapi/v3/ddos/ip-proto

l4-icmp

Description: l4-icmp is a JSON Block. Please see below for l4-icmp

Type: Object

Refernce Object: /axapi/v3/ddos/l4-icmp

l4-other

Description: l4-other is a JSON Block. Please see below for l4-other

Type: Object

Refernce Object: /axapi/v3/ddos/l4-other

l4-ssl

Description: l4-ssl is a JSON Block. Please see below for l4-ssl

Type: Object

Refernce Object: /axapi/v3/ddos/l4-ssl

l4-sync

Description: l4-sync is a JSON Block. Please see below for l4-sync

Type: Object

Refernce Object: /axapi/v3/ddos/l4-sync

l4-tcp

Description: l4-tcp is a JSON Block. Please see below for l4-tcp

Type: Object

Refernce Object: /axapi/v3/ddos/l4-tcp

l4-udp

Description: l4-udp is a JSON Block. Please see below for l4-udp

Type: Object

Refernce Object: /axapi/v3/ddos/l4-udp

l7-dns

Description: l7-dns is a JSON Block. Please see below for l7-dns

Type: Object

Refernce Object: /axapi/v3/ddos/l7-dns

l7-http

Description: l7-http is a JSON Block. Please see below for l7-http

Type: Object

Refernce Object: /axapi/v3/ddos/l7-http

local-address

Description: local-address is a JSON Block. Please see below for local-address

Type: Object

Refernce Object: /axapi/v3/ddos/local-address

logging

Description: logging is a JSON Block. Please see below for logging

Type: Object

Refernce Object: /axapi/v3/ddos/logging

long

Description: long is a JSON Block. Please see below for long

Type: Object

Refernce Object: /axapi/v3/ddos/long

notification-template-common

Description: notification-template-common is a JSON Block. Please see below for notification-template-common

Type: Object

Refernce Object: /axapi/v3/ddos/notification-template-common

notification-template-list

Type: List

Refernce Object: /axapi/v3/ddos/notification-template/{name}

port

Description: port is a JSON Block. Please see below for port

Type: Object

Refernce Object: /axapi/v3/ddos/port

protect

Description: protect is a JSON Block. Please see below for protect

Type: Object

Refernce Object: /axapi/v3/ddos/protect

protection

Description: protection is a JSON Block. Please see below for protection

Type: Object

Refernce Object: /axapi/v3/ddos/protection

resource-tracking

Description: resource-tracking is a JSON Block. Please see below for resource-tracking

Type: Object

Refernce Object: /axapi/v3/ddos/resource-tracking

run-time-user-string

Description: run-time-user-string is a JSON Block. Please see below for run-time-user-string

Type: Object

Refernce Object: /axapi/v3/ddos/run-time-user-string

session

Description: session is a JSON Block. Please see below for session

Type: Object

Refernce Object: /axapi/v3/ddos/session

src

Description: src is a JSON Block. Please see below for src

Type: Object

Refernce Object: /axapi/v3/ddos/src

src-based-policy-list

Type: List

Refernce Object: /axapi/v3/ddos/src-based-policy/{name}

src-port-template

Description: src-port-template is a JSON Block. Please see below for src-port-template

Type: Object

Refernce Object: /axapi/v3/ddos/src-port-template

switch

Description: switch is a JSON Block. Please see below for switch

Type: Object

Refernce Object: /axapi/v3/ddos/switch

sync

Description: sync is a JSON Block. Please see below for sync

Type: Object

Refernce Object: /axapi/v3/ddos/sync

system-default

Description: system-default is a JSON Block. Please see below for system-default

Type: Object

Refernce Object: /axapi/v3/ddos/system-default

table

Description: table is a JSON Block. Please see below for table

Type: Object

Refernce Object: /axapi/v3/ddos/table

tap

Description: tap is a JSON Block. Please see below for tap

Type: Object

Refernce Object: /axapi/v3/ddos/tap

template

Description: template is a JSON Block. Please see below for template

Type: Object

Refernce Object: /axapi/v3/ddos/template

tunnel

Description: tunnel is a JSON Block. Please see below for tunnel

Type: Object

Refernce Object: /axapi/v3/ddos/tunnel

use-default-route

Description: use-default-route is a JSON Block. Please see below for use-default-route

Type: Object

Refernce Object: /axapi/v3/ddos/use-default-route

violation-actions-list

Type: List

Refernce Object: /axapi/v3/ddos/violation-actions/{name}

zone-profile-list

Type: List

Refernce Object: /axapi/v3/ddos/zone-profile/{profile-name}

zone-src-port-template

Description: zone-src-port-template is a JSON Block. Please see below for zone-src-port-template

Type: Object

Refernce Object: /axapi/v3/ddos/zone-src-port-template

zone-template

Description: zone-template is a JSON Block. Please see below for zone-template

Type: Object

Refernce Object: /axapi/v3/ddos/zone-template

geo-location

Specification  
Type object

delete

Description: delete is a JSON Block. Please see below for geo-location_delete

Type: Object

Refernce Object: /axapi/v3/ddos/geo-location/delete

load

Description: load is a JSON Block. Please see below for geo-location_load

Type: Object

Refernce Object: /axapi/v3/ddos/geo-location/load

geo-location_load

Specification  
Type object

iana

Description Load built-in IANA table

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

load-file-config

Type: List

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

geo-location_load_load-file-config

Specification  
Type list
Block object keys  

load-file-name

Description Geo-location file name

Type: string

Maximum Length: 128 characters

Maximum Length: 1 characters

geo-location_delete

Specification  
Type object

delete-all

Description

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

delete-file-name

Description Geo-location file name

Type: string

Maximum Length: 128 characters

Maximum Length: 1 characters

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

tap

Specification  
Type object

ethernet-start-cfg

Type: List

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

tap_ethernet-start-cfg

Specification  
Type list
Block object keys  

ethernet-end

Description

Type: number

Format: interface

ethernet-start

Description Traffic receive from the ethernet port will be dropped

Type: number

Format: interface

ip-proto

Specification  
Type object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

run-time-user-string

Specification  
Type object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

value

Description Add run time user string

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

dynamic-class-list

Specification  
Type object

class-list-name

Description Specify name of the class list

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

sync

Specification  
Type object

enable

Description Enable

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

local-ip

Description Local IP address for White list sync

Type: string

Format: ipv4-address

peer-ip-cfg

Type: List

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

sync_peer-ip-cfg

Specification  
Type list
Block object keys  

peer-ip

Description IP Address

Type: string

Format: ipv4-address

brief

Specification  
Type object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

detection

Specification  
Type object

agent-list

Type: List

Refernce Object: /axapi/v3/ddos/detection/agent/{agent-name}

ddos-script

Description: ddos-script is a JSON Block. Please see below for detection_ddos-script

Type: Object

Refernce Object: /axapi/v3/ddos/detection/ddos-script

disable

Description Disable DDoS detection (default: enabled)

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

settings

Description: settings is a JSON Block. Please see below for detection_settings

Type: Object

Refernce Object: /axapi/v3/ddos/detection/settings

stat

Description: stat is a JSON Block. Please see below for detection_stat

Type: Object

Refernce Object: /axapi/v3/ddos/detection/stat

statistics

Description: statistics is a JSON Block. Please see below for detection_statistics

Type: Object

Refernce Object: /axapi/v3/ddos/detection/statistics

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

detection_stat

Specification  
Type object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

detection_statistics

Specification  
Type object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

detection_settings

Specification  
Type object

dedicated-cpus

Description Configure the number of dedicated cores for detection

Type: number

Range: 1-32

detector-mode

Description ‘standalone’: Standalone detector; ‘on-box’: Mitigator and Detector on the same box(Default);

Type: string

Supported Values: standalone, on-box

Default: on-box

pkt-sampling

Description: pkt-sampling is a JSON Block. Please see below for detection_settings_pkt-sampling

Type: Object

standalone-settings

Description: standalone-settings is a JSON Block. Please see below for detection_settings_standalone-settings

Type: Object

Refernce Object: /axapi/v3/ddos/detection/settings/standalone-settings

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

detection_settings_pkt-sampling

Specification  
Type object

assign-index

Description Lower index is more aggressive sampling

Type: number

Range: 1-64

assign-rate

Description Assign rate to given index

Type: number

Range: 1-50000000

override-rate

Description Sample 1 in X packets (default: X=1)

Type: number

Range: 1-50000000

detection_settings_standalone-settings

Specification  
Type object

netflow

Description: netflow is a JSON Block. Please see below for detection_settings_standalone-settings_netflow

Type: Object

Refernce Object: /axapi/v3/ddos/detection/settings/standalone-settings/netflow

sflow

Description: sflow is a JSON Block. Please see below for detection_settings_standalone-settings_sflow

Type: Object

Refernce Object: /axapi/v3/ddos/detection/settings/standalone-settings/sflow

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

detection_settings_standalone-settings_netflow

Specification  
Type object

listening-port

Description Netflow port to receive packets (Netflow port number(default 9996))

Type: number

Range: 1-65535

Default: 9996

template-active-timeout

Description Configure active timeout of the netflow templates received in mins (Template active timeout(mins)(default 30mins))

Type: number

Range: 2-300

Default: 30

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

detection_settings_standalone-settings_sflow

Specification  
Type object

listening-port

Description sFlow port to receive packets (sFlow port number(default 6343))

Type: number

Range: 1-65535

Default: 6343

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

detection_ddos-script

Specification  
Type object

action

Description ‘delete’: delete;

Type: string

Supported Values: delete

file

Description startup-config local file name

Type: string

Maximum Length: 63 characters

Maximum Length: 1 characters

detection_agent-list

Specification  
Type list
Block object keys  

agent-name

Description Specify name for the agent

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

agent-v4-addr

Description Configure agent’s IPv4 address

Type: string

Format: ipv4-address

agent-v6-addr

Description Configure agent’s IPv6 address

Type: string

Format: ipv6-address

netflow

Description: netflow is a JSON Block. Please see below for detection_agent-list_netflow

Type: Object

Refernce Object: /axapi/v3/ddos/detection/agent/{agent-name}/netflow

sflow

Description: sflow is a JSON Block. Please see below for detection_agent-list_sflow

Type: Object

Refernce Object: /axapi/v3/ddos/detection/agent/{agent-name}/sflow

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

detection_agent-list_sflow

Specification  
Type object

sflow-pkt-samples-collection

Description ‘enable’: Enable sflow packet samples collection(default); ‘disable’: Disable sflow packet samples collection;

Type: string

Supported Values: enable, disable

Default: enable

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

detection_agent-list_netflow

Specification  
Type object

netflow-samples-collection

Description ‘enable’: Enable Netflow flow samples collection(default); ‘disable’: Disable Netflow flow samples collection;

Type: string

Supported Values: enable, disable

Default: enable

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

session

Specification  
Type object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

long

Specification  
Type object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

exec-script

Specification  
Type object

alert-type

Description 1: UDP Pkt Rate 2: TCP Pkt Rate 3: ICMP Pkt Rate

Type: number

Range: 1-3

level

Description Current Level

Type: number

Range: 1-4

mock

Description Use mock data

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

port-num

Description Port Number

Type: number

Range: 1-65535

protocol

Description ‘dns-tcp’: DNS-TCP Port; ‘dns-udp’: DNS-UDP Port; ‘http’: HTTP Port; ‘tcp’: TCP Port; ‘udp’: UDP Port; ‘ssl-l4’: SSL-L4 Port;

Type: string

Supported Values: dns-tcp, dns-udp, http, tcp, udp, ssl-l4

script

Description Specify script to execute

Type: string

Maximum Length: 63 characters

Maximum Length: 1 characters

src-ip

Type: List

src-ipv6

Type: List

threshold

Description Threshold

Type: number

Range: 1-3000

timeout

Description Timeout (Default: 10)

Type: number

Range: 1-31

zone

Description DST Zone name

Type: string

Maximum Length: 63 characters

Maximum Length: 1 characters

exec-script_src-ip

Specification  
Type list
Block object keys  

ip-addr

Description Specify IP address

Type: string

Format: ipv4-address

subnet-ip-addr

Description IP Subnet

Type: string

Format: ipv4-cidr

exec-script_src-ipv6

Specification  
Type list
Block object keys  

ip6-addr

Description Specify IPv6 address

Type: string

Format: ipv6-address

subnet-ipv6-addr

Description IPV6 Subnet

Type: string

Format: ipv6-address-plen

l4-ssl

Specification  
Type object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

table

Specification  
Type object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

port

Specification  
Type object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

dns-cache-mode

Specification  
Type object

enable

Description Enable DNS Cache mode

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

l4-icmp

Specification  
Type object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

anomaly-drop

Specification  
Type object

security-attack-layer-3

Description: security-attack-layer-3 is a JSON Block. Please see below for anomaly-drop_security-attack-layer-3

Type: Object

Refernce Object: /axapi/v3/ddos/anomaly-drop/security-attack-layer-3

security-attack-layer-4-tcp

Description: security-attack-layer-4-tcp is a JSON Block. Please see below for anomaly-drop_security-attack-layer-4-tcp

Type: Object

Refernce Object: /axapi/v3/ddos/anomaly-drop/security-attack-layer-4-tcp

security-attack-layer-4-udp

Description: security-attack-layer-4-udp is a JSON Block. Please see below for anomaly-drop_security-attack-layer-4-udp

Type: Object

Refernce Object: /axapi/v3/ddos/anomaly-drop/security-attack-layer-4-udp

anomaly-drop_security-attack-layer-3

Specification  
Type object

toggle

Description ‘enable’: enable; ‘disable’: disable;

Type: string

Supported Values: enable, disable

Default: enable

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

anomaly-drop_security-attack-layer-4-tcp

Specification  
Type object

toggle

Description ‘enable’: enable; ‘disable’: disable;

Type: string

Supported Values: enable, disable

Default: enable

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

anomaly-drop_security-attack-layer-4-udp

Specification  
Type object

toggle

Description ‘enable’: enable; ‘disable’: disable;

Type: string

Supported Values: enable, disable

Default: enable

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

l4-other

Specification  
Type object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

dst

Specification  
Type object

default-list

dynamic-entry-overflow-policy-list

entry-list

Type: List

Refernce Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}

interface-ip-list

Type: List

Refernce Object: /axapi/v3/ddos/dst/interface-ip/{addr}

interface-ipv6-list

Type: List

Refernce Object: /axapi/v3/ddos/dst/interface-ipv6/{addr}

zone-list

Type: List

Refernce Object: /axapi/v3/ddos/dst/zone/{zone-name}

dst_interface-ip-list

Specification  
Type list
Block object keys  

addr

Description IP address of interface

Type: string

Format: ipv4-address

ip-proto-list

l4-type-list

log-enable

Description Enable logging of limit exceed drops

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

log-periodic

Description Enable periodic log while event is continuing

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

port-list

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

dst_interface-ip-list_port-list

Specification  
Type list
Block object keys  

deny

Description Blacklist and Drop all incoming packets for protocol

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

port-num

Description Port Number

Type: number

Range: 1-65535

protocol

Description ‘tcp’: tcp; ‘udp’: udp;

Type: string

Supported Values: tcp, udp

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

dst_interface-ip-list_ip-proto-list

Specification  
Type list
Block object keys  

deny

Description Blacklist and Drop all incoming packets for protocol

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

port-num

Description IP protocol number

Type: number

Range: 0-255

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

dst_interface-ip-list_l4-type-list

Specification  
Type list
Block object keys  

deny

Description Blacklist and Drop all incoming packets for protocol

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

drop-frag-pkt

Description Drop fragmented packets

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

protocol

Description ‘tcp’: tcp; ‘udp’: udp; ‘icmp’: icmp; ‘other’: other;

Type: string

Supported Values: tcp, udp, icmp, other

tunnel-decap

Description: tunnel-decap is a JSON Block. Please see below for dst_interface-ip-list_l4-type-list_tunnel-decap

Type: Object

tunnel-rate-limit

Description: tunnel-rate-limit is a JSON Block. Please see below for dst_interface-ip-list_l4-type-list_tunnel-rate-limit

Type: Object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

dst_interface-ip-list_l4-type-list_tunnel-decap

Specification  
Type object

gre-decap

Description Enable GRE Tunnel decapsulation

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

ip-decap

Description Enable IP Tunnel decapsulation

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

key-cfg

Type: List

dst_interface-ip-list_l4-type-list_tunnel-decap_key-cfg

Specification  
Type list
Block object keys  

key

Description Only decapsulate GRE packet with this hexadecimal key

Type: string

Maximum Length: 8 characters

Maximum Length: 1 characters

dst_interface-ip-list_l4-type-list_tunnel-rate-limit

Specification  
Type object

gre-rate-limit

Description Enable inner IP rate limiting on GRE traffic

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

ip-rate-limit

Description Enable inner IP rate limiting on IPinIP traffic

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dst_default-list

Specification  
Type list
Block object keys  

age

Description Idle age for ip entry

Type: number

Range: 5-1023

apply-policy-on-overflow

Description Enable this flag to apply overflow policy when dynamic entry count overflows

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

default-address-type

Description ‘ip’: ip; ‘ipv6’: ipv6;

Type: string

Supported Values: ip, ipv6

disable

Description Disable

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

drop-disable

Description Disable certain drops during packet processing

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

drop-disable-fwd-immediate

Description Immediately forward L4 drops

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

drop-frag-pkt

Description Drop fragmented packets

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

exceed-log-cfg

Description: exceed-log-cfg is a JSON Block. Please see below for dst_default-list_exceed-log-cfg

Type: Object

exceed-log-dep-cfg

Description: exceed-log-dep-cfg is a JSON Block. Please see below for dst_default-list_exceed-log-dep-cfg

Type: Object

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

ip-proto-list

l4-type-list

log-periodic

Description Enable periodic log while event is continuing

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

max-dynamic-entry-count

Description Maximum count for dynamic dst entry

Type: number

Range: 0-2147483647

port-list

src-port-list

template

Description: template is a JSON Block. Please see below for dst_default-list_template

Type: Object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

dst_default-list_port-list

Specification  
Type list
Block object keys  

deny

Description Blacklist and Drop all incoming packets for protocol

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

port-num

Description Port Number

Type: number

Range: 0-65535

protocol

Description ‘dns-tcp’: dns-tcp; ‘dns-udp’: dns-udp; ‘http’: http; ‘tcp’: tcp; ‘udp’: udp; ‘ssl-l4’: ssl-l4;

Type: string

Supported Values: dns-tcp, dns-udp, http, tcp, udp, ssl-l4

template

Description: template is a JSON Block. Please see below for dst_default-list_port-list_template

Type: Object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

dst_default-list_port-list_template

Specification  
Type object

dns

Description DDOS dns template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

http

Description DDOS http template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

ssl-l4

Description DDOS ssl-l4 template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

tcp

Description DDOS tcp template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

udp

Description DDOS udp template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

dst_default-list_template

Specification  
Type object

logging

Description DDOS logging template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

dst_default-list_ip-proto-list

Specification  
Type list
Block object keys  

deny

Description Blacklist and Drop all incoming packets for protocol

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

port-num

Description Protocol Number

Type: number

Range: 0-255

template

Description: template is a JSON Block. Please see below for dst_default-list_ip-proto-list_template

Type: Object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

dst_default-list_ip-proto-list_template

Specification  
Type object

other

Description DDOS other template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

dst_default-list_src-port-list

Specification  
Type list
Block object keys  

deny

Description Blacklist and Drop all incoming packets for protocol

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

port-num

Description Port Number

Type: number

Range: 0-65535

protocol

Description ‘udp’: udp; ‘tcp’: tcp;

Type: string

Supported Values: udp, tcp

template

Description: template is a JSON Block. Please see below for dst_default-list_src-port-list_template

Type: Object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

dst_default-list_src-port-list_template

Specification  
Type object

src-tcp

Description DDOS tcp src template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

src-udp

Description DDOS udp src template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

dst_default-list_exceed-log-dep-cfg

Specification  
Type object

exceed-log-enable

Description (Deprecated)Enable logging of limit exceed drop’s

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

log-with-sflow-dep

Description Turn on sflow sample with log

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dst_default-list_l4-type-list

Specification  
Type list
Block object keys  

deny

Description Blacklist and Drop all incoming packets for protocol

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

drop-frag-pkt

Description Drop fragmented packets

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

drop-on-no-port-match

Description ‘disable’: disable; ‘enable’: enable;

Type: string

Supported Values: disable, enable

Default: enable

exceed-action

Description: exceed-action is a JSON Block. Please see below for dst_default-list_l4-type-list_exceed-action

Type: Object

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

max-rexmit-syn-per-flow

Description Maximum number of re-transmit SYN per flow

Type: number

Range: 1-6

protocol

Description ‘tcp’: tcp; ‘udp’: udp; ‘icmp’: icmp; ‘other’: other;

Type: string

Supported Values: tcp, udp, icmp, other

stateful

Description Enable stateful tracking of sessions (Default is stateless)

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

syn-auth

Description ‘send-rst’: Send RST to client upon client ACK; ‘force-rst-by-ack’: Force client RST via the use of ACK; ‘force-rst-by-synack’: Force client RST via the use of bad SYN|ACK; ‘disable’: Disable TCP SYN Authentication;

Type: string

Supported Values: send-rst, force-rst-by-ack, force-rst-by-synack, disable

Default: send-rst

syn-cookie

Description Enable SYN Cookie

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

tcp-reset-client

Description Send reset to client when rate exceeds or session ages out

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

tcp-reset-server

Description Send reset to server when rate exceeds or session ages out

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

tunnel-decap

Description: tunnel-decap is a JSON Block. Please see below for dst_default-list_l4-type-list_tunnel-decap

Type: Object

tunnel-rate-limit

Description: tunnel-rate-limit is a JSON Block. Please see below for dst_default-list_l4-type-list_tunnel-rate-limit

Type: Object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

dst_default-list_l4-type-list_tunnel-rate-limit

Specification  
Type object

gre-rate-limit

Description Enable inner IP rate limiting on GRE traffic

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

ip-rate-limit

Description Enable inner IP rate limiting on IPinIP traffic

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dst_default-list_l4-type-list_exceed-action

Specification  
Type object

exceed-drop

Description Drop the packet

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dst_default-list_l4-type-list_tunnel-decap

Specification  
Type object

gre-decap

Description Enable GRE Tunnel decapsulation

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

ip-decap

Description Enable IP Tunnel decapsulation

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

key-cfg

Type: List

dst_default-list_l4-type-list_tunnel-decap_key-cfg

Specification  
Type list
Block object keys  

key

Description Only decapsulate GRE packet with this hexadecimal key

Type: string

Maximum Length: 8 characters

Maximum Length: 1 characters

dst_default-list_exceed-log-cfg

Specification  
Type object

log-enable

Description Enable logging of limit exceed drop’s

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

with-sflow-sample

Description Turn on sflow sample with log

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dst_interface-ipv6-list

Specification  
Type list
Block object keys  

addr

Description IPv6 address of interface

Type: string

Format: ipv6-address

ip-proto-list

l4-type-list

log-enable

Description Enable logging of limit exceed drops

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

port-list

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

dst_interface-ipv6-list_port-list

Specification  
Type list
Block object keys  

deny

Description Blacklist and Drop all incoming packets for protocol

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

port-num

Description Port Number

Type: number

Range: 1-65535

protocol

Description ‘tcp’: tcp; ‘udp’: udp;

Type: string

Supported Values: tcp, udp

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

dst_interface-ipv6-list_ip-proto-list

Specification  
Type list
Block object keys  

deny

Description Blacklist and Drop all incoming packets for protocol

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

port-num

Description IP protocol number

Type: number

Range: 0-255

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

dst_interface-ipv6-list_l4-type-list

Specification  
Type list
Block object keys  

deny

Description Blacklist and Drop all incoming packets for protocol

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

drop-frag-pkt

Description Drop fragmented packets

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

protocol

Description ‘tcp’: tcp; ‘udp’: udp; ‘icmp’: icmp; ‘other’: other;

Type: string

Supported Values: tcp, udp, icmp, other

tunnel-decap

Description: tunnel-decap is a JSON Block. Please see below for dst_interface-ipv6-list_l4-type-list_tunnel-decap

Type: Object

tunnel-rate-limit

Description: tunnel-rate-limit is a JSON Block. Please see below for dst_interface-ipv6-list_l4-type-list_tunnel-rate-limit

Type: Object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

dst_interface-ipv6-list_l4-type-list_tunnel-decap

Specification  
Type object

gre-decap

Description Enable GRE Tunnel decapsulation

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

ip-decap

Description Enable IP Tunnel decapsulation

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

key-cfg

Type: List

dst_interface-ipv6-list_l4-type-list_tunnel-decap_key-cfg

Specification  
Type list
Block object keys  

key

Description Only decapsulate GRE packet with this hexadecimal key

Type: string

Maximum Length: 8 characters

Maximum Length: 1 characters

dst_interface-ipv6-list_l4-type-list_tunnel-rate-limit

Specification  
Type object

gre-rate-limit

Description Enable inner IP rate limiting on GRE traffic

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

ip-rate-limit

Description Enable inner IP rate limiting on IPinIP traffic

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dst_entry-list

Specification  
Type list
Block object keys  

advertised-enable

Description BGP advertised

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

blackhole-on-glid-exceed

Description Blackhole destination entry for X minutes upon glid limit exceeded

Type: number

Range: 1-30

capture-config-list

description

Description Description for this Destination Entry

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

dest-nat-ip

Description Destination NAT IP address

Type: string

Format: ipv4-address

dest-nat-ipv6

Description Destination NAT IPv6 address

Type: string

Format: ipv6-address

drop-disable

Description Disable certain drops during packet processing

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

drop-disable-fwd-immediate

Description Immediately forward L4 drops

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

drop-frag-pkt

Description Drop fragmented packets

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

drop-on-no-src-dst-default

Description Drop if no match with src-based-policy class-list, and default is not configured

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dst-entry-name

Description

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

dynamic-entry-overflow-policy-list

exceed-log-cfg

Description: exceed-log-cfg is a JSON Block. Please see below for dst_entry-list_exceed-log-cfg

Type: Object

exceed-log-dep-cfg

Description: exceed-log-dep-cfg is a JSON Block. Please see below for dst_entry-list_exceed-log-dep-cfg

Type: Object

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

ip-addr

Description

Type: string

Format: ipv4-address

ip-proto-list

ipv6-addr

Description

Type: string

Format: ipv6-address

l4-type-list

log-periodic

Description Enable periodic log while event is continuing

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

operational-mode

Description ‘protection’: Protection mode; ‘bypass’: Bypass mode;

Type: string

Supported Values: protection, bypass

Default: protection

port-list

port-range-list

reporting-disabled

Description Disable Reporting

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

sflow

Description: sflow is a JSON Block. Please see below for dst_entry-list_sflow

Type: Object

source-nat-pool

Description Configure source NAT

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

src-dst-pair

Description: src-dst-pair is a JSON Block. Please see below for dst_entry-list_src-dst-pair

Type: Object

Refernce Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair

src-dst-pair-class-list-list

src-dst-pair-policy-list

src-dst-pair-settings-list

src-port-list

src-port-range-list

subnet-ip-addr

Description IP Subnet

Type: string

Format: ipv4-cidr

subnet-ipv6-addr

Description IPV6 Subnet

Type: string

Format: ipv6-address-plen

template

Description: template is a JSON Block. Please see below for dst_entry-list_template

Type: Object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

dst_entry-list_port-list

Specification  
Type list
Block object keys  

capture-config

Description: capture-config is a JSON Block. Please see below for dst_entry-list_port-list_capture-config

Type: Object

deny

Description Blacklist and Drop all incoming packets for protocol

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

detection-enable

Description Enable ddos detection

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

enable-top-k

Description Enable ddos top-k entries

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

port-ind

Description: port-ind is a JSON Block. Please see below for dst_entry-list_port-list_port-ind

Type: Object

Refernce Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/port/{port-num}+{protocol}/port-ind

port-num

Description Port Number

Type: number

Range: 0-65535

protocol

Description ‘dns-tcp’: DNS-TCP Port; ‘dns-udp’: DNS-UDP Port; ‘http’: HTTP Port; ‘tcp’: TCP Port; ‘udp’: UDP Port; ‘ssl-l4’: SSL-L4 Port;

Type: string

Supported Values: dns-tcp, dns-udp, http, tcp, udp, ssl-l4

sflow

Description: sflow is a JSON Block. Please see below for dst_entry-list_port-list_sflow

Type: Object

template

Description: template is a JSON Block. Please see below for dst_entry-list_port-list_template

Type: Object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

dst_entry-list_port-list_sflow

Specification  
Type object

polling

Description: polling is a JSON Block. Please see below for dst_entry-list_port-list_sflow_polling

Type: Object

dst_entry-list_port-list_sflow_polling

Specification  
Type object

sflow-http

Description Enable sFlow HTTP counter polling

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

sflow-packets

Description Enable sFlow packet-level counter polling

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

sflow-tcp

Description: sflow-tcp is a JSON Block. Please see below for dst_entry-list_port-list_sflow_polling_sflow-tcp

Type: Object

dst_entry-list_port-list_sflow_polling_sflow-tcp

Specification  
Type object

sflow-tcp-basic

Description Enable sFlow basic TCP counter polling

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

sflow-tcp-stateful

Description Enable sFlow stateful TCP counter polling

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dst_entry-list_port-list_capture-config

Specification  
Type object

capture-config-mode

Description ‘drop’: Apply capture-config to dropped packets; ‘forward’: Apply capture-config to forwarded packets; ‘all’: Apply capture-config to both dropped and forwarded packets;

Type: string

Supported Values: drop, forward, all

capture-config-name

Description Capture-config name

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

dst_entry-list_port-list_port-ind

Specification  
Type object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

dst_entry-list_port-list_template

Specification  
Type object

dns

Description DDOS dns template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

http

Description DDOS http template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

ssl-l4

Description DDOS SSL-L4 template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

tcp

Description DDOS tcp template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

udp

Description DDOS udp template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

dst_entry-list_capture-config-list

Specification  
Type list
Block object keys  

mode

Description ‘drop’: Apply capture-config to dropped packets; ‘forward’: Apply capture-config to forwarded packets; ‘all’: Apply capture-config to both dropped and forwarded packets;

Type: string

Supported Values: drop, forward, all

name

Description Capture-config name

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/capture-config

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

dst_entry-list_dynamic-entry-overflow-policy-list

Specification  
Type list
Block object keys  

app-type-src-dst-list

bypass

Description Always permit for the Source to bypass all feature & limit checks

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dummy-name

Description ‘configuration’: Configure src dst dynamic entry count overflow policy;

Type: string

Supported Values: configuration

exceed-log-cfg

Description: exceed-log-cfg is a JSON Block. Please see below for dst_entry-list_dynamic-entry-overflow-policy-list_exceed-log-cfg

Type: Object

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

l4-type-src-dst-list

log-periodic

Description Enable periodic log while event is continuing

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

template

Description: template is a JSON Block. Please see below for dst_entry-list_dynamic-entry-overflow-policy-list_template

Type: Object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

dst_entry-list_dynamic-entry-overflow-policy-list_template

Specification  
Type object

logging

Description DDOS logging template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

dst_entry-list_dynamic-entry-overflow-policy-list_app-type-src-dst-list

Specification  
Type list
Block object keys  

protocol

Description ‘dns’: dns; ‘http’: http; ‘ssl-l4’: ssl-l4;

Type: string

Supported Values: dns, http, ssl-l4

template

Description: template is a JSON Block. Please see below for dst_entry-list_dynamic-entry-overflow-policy-list_app-type-src-dst-list_template

Type: Object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

dst_entry-list_dynamic-entry-overflow-policy-list_app-type-src-dst-list_template

Specification  
Type object

dns

Description DDOS dns template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

http

Description DDOS http template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

ssl-l4

Description DDOS SSL-L4 template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

dst_entry-list_dynamic-entry-overflow-policy-list_l4-type-src-dst-list

Specification  
Type list
Block object keys  

deny

Description Blacklist and Drop all incoming packets for protocol

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

protocol

Description ‘tcp’: tcp; ‘udp’: udp; ‘icmp’: icmp; ‘other’: other;

Type: string

Supported Values: tcp, udp, icmp, other

template

Description: template is a JSON Block. Please see below for dst_entry-list_dynamic-entry-overflow-policy-list_l4-type-src-dst-list_template

Type: Object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

dst_entry-list_dynamic-entry-overflow-policy-list_l4-type-src-dst-list_template

Specification  
Type object

other

Description DDOS OTHER template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

tcp

Description DDOS TCP template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

template-icmp-v4

Description DDOS icmp-v4 template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

template-icmp-v6

Description DDOS icmp-v6 template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

udp

Description DDOS UDP template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

dst_entry-list_dynamic-entry-overflow-policy-list_exceed-log-cfg

Specification  
Type object

log-enable

Description Enable logging of limit exceed drop’s

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dst_entry-list_port-range-list

Specification  
Type list
Block object keys  

capture-config

Description: capture-config is a JSON Block. Please see below for dst_entry-list_port-range-list_capture-config

Type: Object

deny

Description Blacklist and Drop all incoming packets for protocol

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

detection-enable

Description Enable ddos detection

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

enable-top-k

Description Enable ddos top-k entries

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

port-range-end

Description Port-Range End Port Number

Type: number

Range: 1-65535

port-range-start

Description Port-Range Start Port Number

Type: number

Range: 1-65535

protocol

Description ‘dns-tcp’: DNS-TCP Port; ‘dns-udp’: DNS-UDP Port; ‘http’: HTTP Port; ‘tcp’: TCP Port; ‘udp’: UDP Port; ‘ssl-l4’: SSL-L4 Port;

Type: string

Supported Values: dns-tcp, dns-udp, http, tcp, udp, ssl-l4

sflow

Description: sflow is a JSON Block. Please see below for dst_entry-list_port-range-list_sflow

Type: Object

template

Description: template is a JSON Block. Please see below for dst_entry-list_port-range-list_template

Type: Object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

dst_entry-list_port-range-list_capture-config

Specification  
Type object

capture-config-mode

Description ‘drop’: Apply capture-config to dropped packets; ‘forward’: Apply capture-config to forwarded packets; ‘all’: Apply capture-config to both dropped and forwarded packets;

Type: string

Supported Values: drop, forward, all

capture-config-name

Description Capture-config name

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

dst_entry-list_port-range-list_sflow

Specification  
Type object

polling

Description: polling is a JSON Block. Please see below for dst_entry-list_port-range-list_sflow_polling

Type: Object

dst_entry-list_port-range-list_sflow_polling

Specification  
Type object

sflow-http

Description Enable sFlow HTTP counter polling

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

sflow-packets

Description Enable sFlow packet-level counter polling

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

sflow-tcp

Description: sflow-tcp is a JSON Block. Please see below for dst_entry-list_port-range-list_sflow_polling_sflow-tcp

Type: Object

dst_entry-list_port-range-list_sflow_polling_sflow-tcp

Specification  
Type object

sflow-tcp-basic

Description Enable sFlow basic TCP counter polling

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

sflow-tcp-stateful

Description Enable sFlow stateful TCP counter polling

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dst_entry-list_port-range-list_template

Specification  
Type object

dns

Description DDOS dns template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

http

Description DDOS http template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

ssl-l4

Description DDOS SSL-L4 template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

tcp

Description DDOS tcp template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

udp

Description DDOS udp template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

dst_entry-list_src-dst-pair-class-list-list

Specification  
Type list
Block object keys  

app-type-src-dst-list

cid-list

class-list-name

Description Class-list name

Type: string

Maximum Length: 63 characters

Maximum Length: 1 characters

exceed-log-cfg

Description: exceed-log-cfg is a JSON Block. Please see below for dst_entry-list_src-dst-pair-class-list-list_exceed-log-cfg

Type: Object

l4-type-src-dst-list

log-periodic

Description Enable periodic log while event is continuing

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

dst_entry-list_src-dst-pair-class-list-list_cid-list

Specification  
Type list
Block object keys  

app-type-src-dst-cid-list

cid-num

Description Class-list id

Type: number

Range: 1-32

exceed-log-cfg

Description: exceed-log-cfg is a JSON Block. Please see below for dst_entry-list_src-dst-pair-class-list-list_cid-list_exceed-log-cfg

Type: Object

l4-type-src-dst-cid-list

log-periodic

Description Enable periodic log while event is continuing

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

dst_entry-list_src-dst-pair-class-list-list_cid-list_app-type-src-dst-cid-list

Specification  
Type list
Block object keys  

protocol

Description ‘dns’: dns; ‘http’: http; ‘ssl-l4’: ssl-l4;

Type: string

Supported Values: dns, http, ssl-l4

template

Description: template is a JSON Block. Please see below for dst_entry-list_src-dst-pair-class-list-list_cid-list_app-type-src-dst-cid-list_template

Type: Object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

dst_entry-list_src-dst-pair-class-list-list_cid-list_app-type-src-dst-cid-list_template

Specification  
Type object

dns

Description DDOS dns template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

http

Description DDOS http template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

ssl-l4

Description DDOS SSL-L4 template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

dst_entry-list_src-dst-pair-class-list-list_cid-list_l4-type-src-dst-cid-list

Specification  
Type list
Block object keys  

deny

Description Blacklist and Drop all incoming packets for protocol

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

protocol

Description ‘tcp’: tcp; ‘udp’: udp; ‘icmp’: icmp; ‘other’: other;

Type: string

Supported Values: tcp, udp, icmp, other

template

Description: template is a JSON Block. Please see below for dst_entry-list_src-dst-pair-class-list-list_cid-list_l4-type-src-dst-cid-list_template

Type: Object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

dst_entry-list_src-dst-pair-class-list-list_cid-list_l4-type-src-dst-cid-list_template

Specification  
Type object

other

Description DDOS OTHER template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

tcp

Description DDOS TCP template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

template-icmp-v4

Description DDOS icmp-v4 template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

template-icmp-v6

Description DDOS icmp-v6 template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

udp

Description DDOS UDP template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

dst_entry-list_src-dst-pair-class-list-list_cid-list_exceed-log-cfg

Specification  
Type object

log-enable

Description Enable logging of limit exceed drop’s

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dst_entry-list_src-dst-pair-class-list-list_app-type-src-dst-list

Specification  
Type list
Block object keys  

protocol

Description ‘dns’: dns; ‘http’: http; ‘ssl-l4’: ssl-l4;

Type: string

Supported Values: dns, http, ssl-l4

template

Description: template is a JSON Block. Please see below for dst_entry-list_src-dst-pair-class-list-list_app-type-src-dst-list_template

Type: Object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

dst_entry-list_src-dst-pair-class-list-list_app-type-src-dst-list_template

Specification  
Type object

dns

Description DDOS dns template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

http

Description DDOS http template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

ssl-l4

Description DDOS SSL-L4 template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

dst_entry-list_src-dst-pair-class-list-list_l4-type-src-dst-list

Specification  
Type list
Block object keys  

deny

Description Blacklist and Drop all incoming packets for protocol

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

protocol

Description ‘tcp’: tcp; ‘udp’: udp; ‘icmp’: icmp; ‘other’: other;

Type: string

Supported Values: tcp, udp, icmp, other

template

Description: template is a JSON Block. Please see below for dst_entry-list_src-dst-pair-class-list-list_l4-type-src-dst-list_template

Type: Object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

dst_entry-list_src-dst-pair-class-list-list_l4-type-src-dst-list_template

Specification  
Type object

other

Description DDOS OTHER template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

tcp

Description DDOS TCP template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

template-icmp-v4

Description DDOS icmp-v4 template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

template-icmp-v6

Description DDOS icmp-v6 template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

udp

Description DDOS UDP template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

dst_entry-list_src-dst-pair-class-list-list_exceed-log-cfg

Specification  
Type object

log-enable

Description Enable logging of limit exceed drop’s

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dst_entry-list_template

Specification  
Type object

logging

Description DDOS logging template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

dst_entry-list_l4-type-list

Specification  
Type list
Block object keys  

deny

Description Blacklist and Drop all incoming packets for protocol

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

detection-enable

Description Enable ddos detection

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

drop-frag-pkt

Description Drop fragmented packets

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

drop-on-no-port-match

Description ‘disable’: disable; ‘enable’: enable;

Type: string

Supported Values: disable, enable

Default: enable

enable-top-k

Description Enable ddos top-k entries

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

exceed-action

Description ‘drop’: Drop the packet; ‘black-list’: Add the source IP into black list;

Type: string

Supported Values: drop, black-list

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

max-rexmit-syn-per-flow

Description Maximum number of re-transmit SYN per flow

Type: number

Range: 1-6

port-ind

Description: port-ind is a JSON Block. Please see below for dst_entry-list_l4-type-list_port-ind

Type: Object

Refernce Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/l4-type/{protocol}/port-ind

protocol

Description ‘tcp’: L4-Type TCP; ‘udp’: L4-Type UDP; ‘icmp’: L4-Type ICMP; ‘other’: L4-Type OTHER;

Type: string

Supported Values: tcp, udp, icmp, other

stateful

Description Enable stateful tracking of sessions (Default is stateless)

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

syn-auth

Description ‘send-rst’: Send RST to client upon client ACK; ‘force-rst-by-ack’: Force client RST via the use of ACK; ‘force-rst-by-synack’: Force client RST via the use of bad SYN|ACK; ‘disable’: Disable TCP SYN Authentication;

Type: string

Supported Values: send-rst, force-rst-by-ack, force-rst-by-synack, disable

Default: send-rst

syn-cookie

Description Enable SYN Cookie

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

tcp-reset-client

Description Send reset to client when rate exceeds or session ages out

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

tcp-reset-server

Description Send reset to server when rate exceeds or session ages out

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

template

Description: template is a JSON Block. Please see below for dst_entry-list_l4-type-list_template

Type: Object

tunnel-decap

Description: tunnel-decap is a JSON Block. Please see below for dst_entry-list_l4-type-list_tunnel-decap

Type: Object

tunnel-rate-limit

Description: tunnel-rate-limit is a JSON Block. Please see below for dst_entry-list_l4-type-list_tunnel-rate-limit

Type: Object

undefined-port-hit-statistics

Description: undefined-port-hit-statistics is a JSON Block. Please see below for dst_entry-list_l4-type-list_undefined-port-hit-statistics

Type: Object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

dst_entry-list_l4-type-list_template

Specification  
Type object

template-icmp-v4

Description DDOS icmp-v4 template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

template-icmp-v6

Description DDOS icmp-v6 template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

dst_entry-list_l4-type-list_port-ind

Specification  
Type object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

dst_entry-list_l4-type-list_undefined-port-hit-statistics

Specification  
Type object

reset-interval

Description Configure port scanning counter reset interval (minutes), Default 60 mins

Type: number

Range: 1-64000

Default: 60

undefined-port-hit-statistics

Description Enable port scanning statistics

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dst_entry-list_l4-type-list_tunnel-rate-limit

Specification  
Type object

gre-rate-limit

Description Enable inner IP rate limiting on GRE traffic

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

ip-rate-limit

Description Enable inner IP rate limiting on IPinIP traffic

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dst_entry-list_l4-type-list_tunnel-decap

Specification  
Type object

gre-decap

Description Enable GRE Tunnel decapsulation

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

ip-decap

Description Enable IP Tunnel decapsulation

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

key-cfg

Type: List

dst_entry-list_l4-type-list_tunnel-decap_key-cfg

Specification  
Type list
Block object keys  

key

Description Only decapsulate GRE packet with this hexadecimal key

Type: string

Maximum Length: 8 characters

Maximum Length: 1 characters

dst_entry-list_src-dst-pair-settings-list

Specification  
Type list
Block object keys  

age

Description Idle age for ip entry

Type: number

Range: 2-1023

Default: 5

all-types

Description ‘all-types’: Settings for all types (default or class-list);

Type: string

Supported Values: all-types

apply-policy-on-overflow

Description Enable this flag to apply overflow policy when dynamic entry count overflows

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

enable-class-list-overflow

Description Apply class-list overflow policy upon exceeding dynamic entry count specified for DST entry or each class-list

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

l4-type-src-dst-list

max-dynamic-entry-count

Description Maximum count for dynamic src-dst entry

Type: number

Range: 0-2147483647

traffic-distribution-mode

Description ‘default’: Distribute traffic to one blade only; ‘source-ip-based’: Distribute traffic between blades, based on source ip;

Type: string

Supported Values: default, source-ip-based

Default: default

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

dst_entry-list_src-dst-pair-settings-list_l4-type-src-dst-list

Specification  
Type list
Block object keys  

apply-policy-on-overflow

Description Enable this flag to apply overflow policy when dynamic entry count overflows

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

max-dynamic-entry-count

Description Maximum count for dynamic src-dst entry

Type: number

Range: 0-2147483647

protocol

Description ‘tcp’: tcp; ‘udp’: udp; ‘icmp’: icmp; ‘other’: other;

Type: string

Supported Values: tcp, udp, icmp, other

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

dst_entry-list_src-port-range-list

Specification  
Type list
Block object keys  

deny

Description Blacklist and Drop all incoming packets for protocol

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

protocol

Description ‘udp’: UDP Port; ‘tcp’: TCP Port;

Type: string

Supported Values: udp, tcp

src-port-range-end

Description Src Port-Range End Port Number

Type: number

Range: 2-65535

src-port-range-start

Description Src Port-Range Start Port Number

Type: number

Range: 1-65535

template

Description: template is a JSON Block. Please see below for dst_entry-list_src-port-range-list_template

Type: Object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

dst_entry-list_src-port-range-list_template

Specification  
Type object

src-tcp

Description DDOS tcp src template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

src-udp

Description DDOS udp src template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

dst_entry-list_src-port-list

Specification  
Type list
Block object keys  

deny

Description Blacklist and Drop all incoming packets for protocol

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

port-num

Description Port Number

Type: number

Range: 0-65535

protocol

Description ‘udp’: UDP Port; ‘tcp’: TCP Port;

Type: string

Supported Values: udp, tcp

template

Description: template is a JSON Block. Please see below for dst_entry-list_src-port-list_template

Type: Object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

dst_entry-list_src-port-list_template

Specification  
Type object

src-tcp

Description DDOS tcp src template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

src-udp

Description DDOS udp src template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

dst_entry-list_ip-proto-list

Specification  
Type list
Block object keys  

deny

Description Blacklist and Drop all incoming packets for protocol

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

port-num

Description Protocol Number

Type: number

Range: 0-255

template

Description: template is a JSON Block. Please see below for dst_entry-list_ip-proto-list_template

Type: Object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

dst_entry-list_ip-proto-list_template

Specification  
Type object

other

Description DDOS other template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

dst_entry-list_exceed-log-cfg

Specification  
Type object

log-enable

Description Enable logging of limit exceed drop’s

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

log-with-sflow

Description Turn on sflow sample with log

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dst_entry-list_sflow

Specification  
Type object

polling

Description: polling is a JSON Block. Please see below for dst_entry-list_sflow_polling

Type: Object

dst_entry-list_sflow_polling

Specification  
Type object

sflow-http

Description Enable sFlow HTTP counter polling. WARNING: Entry level Sflow polling might induce heavy CPU load depending on the total number

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

sflow-layer-4

Description Enable sFlow Layer 4 counter polling. WARNING: Entry level Sflow polling might induce heavy CPU load depending on the total num

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

sflow-packets

Description Enable sFlow packet-level counter polling. WARNING: Entry level Sflow polling might induce heavy CPU load depending on the tota

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

sflow-tcp

Description: sflow-tcp is a JSON Block. Please see below for dst_entry-list_sflow_polling_sflow-tcp

Type: Object

sflow-undef-port-hit-stats

Description Enable sFlow undefined-port-hit-statistics polling

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

sflow-undef-port-hit-stats-brief

Description Enable sFlow undefined-port-hit-statistics polling in brief mode

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dst_entry-list_sflow_polling_sflow-tcp

Specification  
Type object

sflow-tcp-basic

Description Enable sFlow basic TCP counter polling. WARNING: Entry level Sflow polling might induce heavy CPU load depending on the total n

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

sflow-tcp-stateful

Description Enable sFlow stateful TCP counter polling. WARNING: Entry level Sflow polling might induce heavy CPU load depending on the tota

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dst_entry-list_src-dst-pair

Specification  
Type object

app-type-src-dst-list

bypass

Description Always permit for the Source to bypass all feature & limit checks

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

default

Description Configure default

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

exceed-log-cfg

Description: exceed-log-cfg is a JSON Block. Please see below for dst_entry-list_src-dst-pair_exceed-log-cfg

Type: Object

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

l4-type-src-dst-list

log-periodic

Description Enable periodic log while event is continuing

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

template

Description: template is a JSON Block. Please see below for dst_entry-list_src-dst-pair_template

Type: Object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

dst_entry-list_src-dst-pair_template

Specification  
Type object

logging

Description DDOS logging template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

dst_entry-list_src-dst-pair_app-type-src-dst-list

Specification  
Type list
Block object keys  

protocol

Description ‘dns’: dns; ‘http’: http; ‘ssl-l4’: ssl-l4;

Type: string

Supported Values: dns, http, ssl-l4

template

Description: template is a JSON Block. Please see below for dst_entry-list_src-dst-pair_app-type-src-dst-list_template

Type: Object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

dst_entry-list_src-dst-pair_app-type-src-dst-list_template

Specification  
Type object

dns

Description DDOS dns template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

http

Description DDOS http template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

ssl-l4

Description DDOS SSL-L4 template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

dst_entry-list_src-dst-pair_l4-type-src-dst-list

Specification  
Type list
Block object keys  

deny

Description Blacklist and Drop all incoming packets for protocol

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

protocol

Description ‘tcp’: tcp; ‘udp’: udp; ‘icmp’: icmp; ‘other’: other;

Type: string

Supported Values: tcp, udp, icmp, other

template

Description: template is a JSON Block. Please see below for dst_entry-list_src-dst-pair_l4-type-src-dst-list_template

Type: Object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

dst_entry-list_src-dst-pair_l4-type-src-dst-list_template

Specification  
Type object

other

Description DDOS OTHER template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

tcp

Description DDOS TCP template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

template-icmp-v4

Description DDOS icmp-v4 template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

template-icmp-v6

Description DDOS icmp-v6 template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

udp

Description DDOS UDP template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

dst_entry-list_src-dst-pair_exceed-log-cfg

Specification  
Type object

log-enable

Description Enable logging of limit exceed drop’s

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dst_entry-list_src-dst-pair-policy-list

Specification  
Type list
Block object keys  

policy-class-list-list

src-based-policy-name

Description Src-based-policy name

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

dst_entry-list_src-dst-pair-policy-list_policy-class-list-list

Specification  
Type list
Block object keys  

app-type-src-dst-list

bypass

Description Always permit for the Source to bypass all feature & limit checks

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

class-list-name

Description Class-list name

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

class-list-overflow-policy-list

exceed-log-cfg

Description: exceed-log-cfg is a JSON Block. Please see below for dst_entry-list_src-dst-pair-policy-list_policy-class-list-list_exceed-log-cfg

Type: Object

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

l4-type-src-dst-list

log-periodic

Description Enable periodic log while event is continuing

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

max-dynamic-entry-count

Description Maximum count for dynamic src-dst entry under class-list

Type: number

Range: 0-2147483647

template

Description: template is a JSON Block. Please see below for dst_entry-list_src-dst-pair-policy-list_policy-class-list-list_template

Type: Object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

dst_entry-list_src-dst-pair-policy-list_policy-class-list-list_template

Specification  
Type object

logging

Description DDOS logging template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

dst_entry-list_src-dst-pair-policy-list_policy-class-list-list_app-type-src-dst-list

Specification  
Type list
Block object keys  

protocol

Description ‘dns’: dns; ‘http’: http; ‘ssl-l4’: ssl-l4;

Type: string

Supported Values: dns, http, ssl-l4

template

Description: template is a JSON Block. Please see below for dst_entry-list_src-dst-pair-policy-list_policy-class-list-list_app-type-src-dst-list_template

Type: Object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

dst_entry-list_src-dst-pair-policy-list_policy-class-list-list_app-type-src-dst-list_template

Specification  
Type object

dns

Description DDOS dns template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

http

Description DDOS http template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

ssl-l4

Description DDOS SSL-L4 template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

dst_entry-list_src-dst-pair-policy-list_policy-class-list-list_l4-type-src-dst-list

Specification  
Type list
Block object keys  

deny

Description Blacklist and Drop all incoming packets for protocol

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

protocol

Description ‘tcp’: tcp; ‘udp’: udp; ‘icmp’: icmp; ‘other’: other;

Type: string

Supported Values: tcp, udp, icmp, other

template

Description: template is a JSON Block. Please see below for dst_entry-list_src-dst-pair-policy-list_policy-class-list-list_l4-type-src-dst-list_template

Type: Object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

dst_entry-list_src-dst-pair-policy-list_policy-class-list-list_l4-type-src-dst-list_template

Specification  
Type object

other

Description DDOS OTHER template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

tcp

Description DDOS TCP template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

template-icmp-v4

Description DDOS icmp-v4 template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

template-icmp-v6

Description DDOS icmp-v6 template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

udp

Description DDOS UDP template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

dst_entry-list_src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list

Specification  
Type list
Block object keys  

app-type-src-dst-overflow-list

bypass

Description Always permit for the Source to bypass all feature & limit checks

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dummy-name

Description ‘configuration’: Configure src dst dynamic entry count overflow policy for class-list;

Type: string

Supported Values: configuration

exceed-log-cfg

Description: exceed-log-cfg is a JSON Block. Please see below for dst_entry-list_src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list_exceed-log-cfg

Type: Object

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

l4-type-src-dst-overflow-list

log-periodic

Description Enable periodic log while event is continuing

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

template

Description: template is a JSON Block. Please see below for dst_entry-list_src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list_template

Type: Object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

dst_entry-list_src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list_template

Specification  
Type object

logging

Description DDOS logging template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

dst_entry-list_src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list_l4-type-src-dst-overflow-list

Specification  
Type list
Block object keys  

deny

Description Blacklist and Drop all incoming packets for protocol

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

protocol

Description ‘tcp’: tcp; ‘udp’: udp; ‘icmp’: icmp; ‘other’: other;

Type: string

Supported Values: tcp, udp, icmp, other

template

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

dst_entry-list_src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list_l4-type-src-dst-overflow-list_template

Specification  
Type object

other

Description DDOS OTHER template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

tcp

Description DDOS TCP template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

template-icmp-v4

Description DDOS icmp-v4 template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

template-icmp-v6

Description DDOS icmp-v6 template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

udp

Description DDOS UDP template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

dst_entry-list_src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list_app-type-src-dst-overflow-list

Specification  
Type list
Block object keys  

protocol

Description ‘dns’: dns; ‘http’: http; ‘ssl-l4’: ssl-l4;

Type: string

Supported Values: dns, http, ssl-l4

template

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

dst_entry-list_src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list_app-type-src-dst-overflow-list_template

Specification  
Type object

dns

Description DDOS dns template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

http

Description DDOS http template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

ssl-l4

Description DDOS SSL-L4 template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

dst_entry-list_src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list_exceed-log-cfg

Specification  
Type object

log-enable

Description Enable logging of limit exceed drop’s

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dst_entry-list_src-dst-pair-policy-list_policy-class-list-list_exceed-log-cfg

Specification  
Type object

log-enable

Description Enable logging of limit exceed drop’s

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dst_entry-list_exceed-log-dep-cfg

Specification  
Type object

exceed-log-enable

Description (Deprecated)Enable logging of limit exceed drop’s

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

log-with-sflow-dep

Description Turn on sflow sample with log

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dst_dynamic-entry-overflow-policy-list

Specification  
Type list
Block object keys  

default-address-type

Description ‘ip’: ip; ‘ipv6’: ipv6;

Type: string

Supported Values: ip, ipv6

drop-disable

Description Disable certain drops during packet processing

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

drop-disable-fwd-immediate

Description Immediately forward L4 drops

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

exceed-log-cfg

Description: exceed-log-cfg is a JSON Block. Please see below for dst_dynamic-entry-overflow-policy-list_exceed-log-cfg

Type: Object

exceed-log-dep-cfg

Description: exceed-log-dep-cfg is a JSON Block. Please see below for dst_dynamic-entry-overflow-policy-list_exceed-log-dep-cfg

Type: Object

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

ip-proto-list

l4-type-list

log-periodic

Description Enable periodic log while event is continuing

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

port-list

src-port-list

template

Description: template is a JSON Block. Please see below for dst_dynamic-entry-overflow-policy-list_template

Type: Object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

dst_dynamic-entry-overflow-policy-list_port-list

Specification  
Type list
Block object keys  

deny

Description Blacklist and Drop all incoming packets for protocol

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

port-num

Description Port Number

Type: number

Range: 0-65535

protocol

Description ‘dns-tcp’: dns-tcp; ‘dns-udp’: dns-udp; ‘http’: http; ‘tcp’: tcp; ‘udp’: udp; ‘ssl-l4’: ssl-l4;

Type: string

Supported Values: dns-tcp, dns-udp, http, tcp, udp, ssl-l4

template

Description: template is a JSON Block. Please see below for dst_dynamic-entry-overflow-policy-list_port-list_template

Type: Object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

dst_dynamic-entry-overflow-policy-list_port-list_template

Specification  
Type object

dns

Description DDOS dns template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

http

Description DDOS http template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

ssl-l4

Description DDOS ssl-l4 template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

tcp

Description DDOS tcp template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

udp

Description DDOS udp template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

dst_dynamic-entry-overflow-policy-list_template

Specification  
Type object

logging

Description DDOS logging template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

dst_dynamic-entry-overflow-policy-list_ip-proto-list

Specification  
Type list
Block object keys  

deny

Description Blacklist and Drop all incoming packets for protocol

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

port-num

Description Protocol Number

Type: number

Range: 0-255

template

Description: template is a JSON Block. Please see below for dst_dynamic-entry-overflow-policy-list_ip-proto-list_template

Type: Object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

dst_dynamic-entry-overflow-policy-list_ip-proto-list_template

Specification  
Type object

other

Description DDOS other template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

dst_dynamic-entry-overflow-policy-list_src-port-list

Specification  
Type list
Block object keys  

deny

Description Blacklist and Drop all incoming packets for protocol

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

port-num

Description Port Number

Type: number

Range: 0-65535

protocol

Description ‘udp’: udp; ‘tcp’: tcp;

Type: string

Supported Values: udp, tcp

template

Description: template is a JSON Block. Please see below for dst_dynamic-entry-overflow-policy-list_src-port-list_template

Type: Object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

dst_dynamic-entry-overflow-policy-list_src-port-list_template

Specification  
Type object

src-tcp

Description DDOS tcp src template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

src-udp

Description DDOS udp src template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

dst_dynamic-entry-overflow-policy-list_exceed-log-cfg

Specification  
Type object

log-enable

Description Enable logging of limit exceed drop’s

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

with-sflow-sample

Description Turn on sflow sample with log

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dst_dynamic-entry-overflow-policy-list_exceed-log-dep-cfg

Specification  
Type object

exceed-log-enable

Description (Deprecated)Enable logging of limit exceed drop’s

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

log-with-sflow-dep

Description Turn on sflow sample with log

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dst_dynamic-entry-overflow-policy-list_l4-type-list

Specification  
Type list
Block object keys  

deny

Description Blacklist and Drop all incoming packets for protocol

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

drop-frag-pkt

Description Drop fragmented packets

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

drop-on-no-port-match

Description ‘disable’: disable; ‘enable’: enable;

Type: string

Supported Values: disable, enable

Default: enable

exceed-action

Description: exceed-action is a JSON Block. Please see below for dst_dynamic-entry-overflow-policy-list_l4-type-list_exceed-action

Type: Object

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

max-rexmit-syn-per-flow

Description Maximum number of re-transmit SYN per flow

Type: number

Range: 1-6

protocol

Description ‘tcp’: tcp; ‘udp’: udp; ‘icmp’: icmp; ‘other’: other;

Type: string

Supported Values: tcp, udp, icmp, other

stateful

Description Enable stateful tracking of sessions (Default is stateless)

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

syn-auth

Description ‘send-rst’: Send RST to client upon client ACK; ‘force-rst-by-ack’: Force client RST via the use of ACK; ‘force-rst-by-synack’: Force client RST via the use of bad SYN|ACK; ‘disable’: Disable TCP SYN Authentication;

Type: string

Supported Values: send-rst, force-rst-by-ack, force-rst-by-synack, disable

Default: send-rst

syn-cookie

Description Enable SYN Cookie

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

tcp-reset-client

Description Send reset to client when rate exceeds or session ages out

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

tcp-reset-server

Description Send reset to server when rate exceeds or session ages out

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

tunnel-decap

Description: tunnel-decap is a JSON Block. Please see below for dst_dynamic-entry-overflow-policy-list_l4-type-list_tunnel-decap

Type: Object

tunnel-rate-limit

Description: tunnel-rate-limit is a JSON Block. Please see below for dst_dynamic-entry-overflow-policy-list_l4-type-list_tunnel-rate-limit

Type: Object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

dst_dynamic-entry-overflow-policy-list_l4-type-list_tunnel-rate-limit

Specification  
Type object

gre-rate-limit

Description Enable inner IP rate limiting on GRE traffic

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

ip-rate-limit

Description Enable inner IP rate limiting on IPinIP traffic

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dst_dynamic-entry-overflow-policy-list_l4-type-list_exceed-action

Specification  
Type object

exceed-drop

Description Drop the packet

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dst_dynamic-entry-overflow-policy-list_l4-type-list_tunnel-decap

Specification  
Type object

gre-decap

Description Enable GRE Tunnel decapsulation

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

ip-decap

Description Enable IP Tunnel decapsulation

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

key-cfg

Type: List

dst_dynamic-entry-overflow-policy-list_l4-type-list_tunnel-decap_key-cfg

Specification  
Type list
Block object keys  

key

Description Only decapsulate GRE packet with this hexadecimal key

Type: string

Maximum Length: 8 characters

Maximum Length: 1 characters

dst_zone-list

Specification  
Type list
Block object keys  

advertised-enable

Description BGP advertised

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

capture-config-list

description

Description Description for this Destination Zone

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

dest-nat-ip

Description Destination NAT IP address

Type: string

Format: ipv4-address

dest-nat-ipv6

Description Destination NAT IPv6 address

Type: string

Format: ipv6-address

drop-frag-pkt

Description Drop fragmented packets

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

force-operational-mode

Description Force configure operational mode

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

glid

Description Global limit ID for the whole zone

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

ip

Type: List

ip-proto

Description: ip-proto is a JSON Block. Please see below for dst_zone-list_ip-proto

Type: Object

Refernce Object: /axapi/v3/ddos/dst/zone/{zone-name}/ip-proto

ipv6

Type: List

log-enable

Description Enable logging

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

log-periodic

Description Enable log periodic

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

operational-mode

Description ‘idle’: Idle mode; ‘monitor’: Monitor mode; ‘learning’: Learning mode;

Type: string

Supported Values: idle, monitor, learning

Default: idle

per-addr-glid

Description Global limit ID per address

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

port

Description: port is a JSON Block. Please see below for dst_zone-list_port

Type: Object

Refernce Object: /axapi/v3/ddos/dst/zone/{zone-name}/port

port-range-list

reporting-disabled

Description Disable Reporting

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

sflow-common

Description Enable sFlow counter polling packets, tcp-basic, tcp-stateful and http. WARNING: Zone level Sflow polling might induce heavy CP

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: sflow-commonsflow-packets, sflow-layer-4, sflow-tcp-basic, sflow-tcp-stateful and sflow-http are mutually exclusive

sflow-http

Description Enable sFlow HTTP counter polling. WARNING: Zone level Sflow polling might induce heavy CPU load depending on the total number

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: sflow-http and sflow-common are mutually exclusive

sflow-layer-4

Description Enable sFlow Layer 4 counter polling. WARNING: Zone level Sflow polling might induce heavy CPU load depending on the number of

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: sflow-layer-4 and sflow-common are mutually exclusive

sflow-packets

Description Enable sFlow packet-level counter polling. WARNING: Zone level Sflow polling might induce heavy CPU load depending on the total

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: sflow-packets and sflow-common are mutually exclusive

sflow-tcp

Description: sflow-tcp is a JSON Block. Please see below for dst_zone-list_sflow-tcp

Type: Object

source-nat-pool

Description Configure source NAT

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

src-port

Description: src-port is a JSON Block. Please see below for dst_zone-list_src-port

Type: Object

Refernce Object: /axapi/v3/ddos/dst/zone/{zone-name}/src-port

src-port-range-list

telemetry-enable

Description Enable from-l3-peer flag for the zone, thus all the ip entries in the zone will be dynamically created/deleted based on the BGP

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

traffic-distribution-mode

Description ‘default’: Distribute traffic to one blade only; ‘source-ip-based’: Distribute traffic between blades, based on source ip;

Type: string

Supported Values: default, source-ip-based

Default: default

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-name

Description

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

zone-profile

Description Apply threshold profile

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/ddos/zone-profile

zone-template

Description: zone-template is a JSON Block. Please see below for dst_zone-list_zone-template

Type: Object

dst_zone-list_ip

Specification  
Type list
Block object keys  

expand-ip-subnet

Description Expand this subnet to individual IP address

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

expand-ip-subnet-mode

Description ‘dynamic’: Dynamic learning;

Type: string

Supported Values: dynamic

ip-addr

Description Specify IP address

Type: string

Format: ipv4-address

subnet-ip-addr

Description IP Subnet

Type: string

Format: ipv4-cidr

dst_zone-list_ip-proto

Specification  
Type object

proto-name-list

proto-number-list

proto-tcp-udp-list

dst_zone-list_ip-proto_proto-number-list

Specification  
Type list
Block object keys  

age

Description Idle age for ip entry

Type: number

Range: 2-1023

Default: 5

apply-policy-on-overflow

Description Enable this flag to apply overflow policy when dynamic entry count overflows

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

deny

Description Blacklist and Drop all incoming packets for this ip-proto

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

drop-frag-pkt

Description Drop fragmented packets

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dynamic-entry-overflow-policy-list

enable-top-k

Description Enable ddos top-k detection

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

glid-cfg

Description: glid-cfg is a JSON Block. Please see below for dst_zone-list_ip-proto_proto-number-list_glid-cfg

Type: Object

level-list

manual-mode-enable

Description Toggle manual mode to use fix templates

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

manual-mode-list

max-dynamic-entry-count

Description Maximum count for dynamic source zone service entry

Type: number

Range: 0-2147483647

port-ind

Description: port-ind is a JSON Block. Please see below for dst_zone-list_ip-proto_proto-number-list_port-ind

Type: Object

Refernce Object: /axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}/port-ind

protocol-num

Description Protocol Number

Type: number

Range: 0-255

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

dst_zone-list_ip-proto_proto-number-list_port-ind

Specification  
Type object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

dst_zone-list_ip-proto_proto-number-list_dynamic-entry-overflow-policy-list

Specification  
Type list
Block object keys  

dummy-name

Description ‘configuration’: Configure overflow policy;

Type: string

Supported Values: configuration

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-template

Description: zone-template is a JSON Block. Please see below for dst_zone-list_ip-proto_proto-number-list_dynamic-entry-overflow-policy-list_zone-template

Type: Object

dst_zone-list_ip-proto_proto-number-list_dynamic-entry-overflow-policy-list_zone-template

Specification  
Type object

encap

Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

ip-proto

Description DDOS ip-proto template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

dst_zone-list_ip-proto_proto-number-list_level-list

Specification  
Type list
Block object keys  

indicator-list

level-num

Description ‘0’: Default policy level; ‘1’: Policy level 1; ‘2’: Policy level 2; ‘3’: Policy level 3; ‘4’: Policy level 4;

Type: string

Supported Values: 0, 1, 2, 3, 4

src-default-glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

src-escalation-score

Description Source activation score of this level

Type: number

Range: 1-1000000

src-violation-actions

Description Violation actions apply due to source escalate from this level

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/ddos/violation-actions

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-escalation-score

Description Zone activation score of this level

Type: number

Range: 1-1000000

zone-template

Description: zone-template is a JSON Block. Please see below for dst_zone-list_ip-proto_proto-number-list_level-list_zone-template

Type: Object

zone-violation-actions

Description Violation actions apply due to zone escalate from this level

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/ddos/violation-actions

dst_zone-list_ip-proto_proto-number-list_level-list_zone-template

Specification  
Type object

encap

Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

ip-proto

Description DDOS ip-proto template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

dst_zone-list_ip-proto_proto-number-list_level-list_indicator-list

Specification  
Type list
Block object keys  

data-packet-size

Description Expected minimal data size

Type: number

Range: 0-2147483647

score

Description Score corresponding to the indicator

Type: number

Range: 1-1000000

src-threshold-num

Description Indicator per-src threshold

Type: number

Range: 0-2147483647

src-threshold-str

Description Indicator per-src threshold

Type: string

Maximum Length: 128 characters

Maximum Length: 1 characters

src-violation-actions

Description Violation actions to use when this src indicator threshold reaches

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/ddos/violation-actions

type

Description ‘pkt-rate’: rate of incoming packets; ‘pkt-drop-rate’: rate of packets got dropped; ‘pkt-drop-ratio’: ratio of incoming packet rate divided by the rate of dropping packets; ‘bytes-to-bytes-from-ratio’: ratio of incoming packet rate divided by the rate of outgoing packets; ‘frag-rate’: rate of incoming fragmented packets;

Type: string

Supported Values: pkt-rate, pkt-drop-rate, pkt-drop-ratio, bytes-to-bytes-from-ratio, frag-rate

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-threshold-num

Description Threshold for the entire zone

Type: number

Range: 0-2147483647

zone-threshold-str

Description Threshold for the entire zone

Type: string

Maximum Length: 128 characters

Maximum Length: 1 characters

zone-violation-actions

Description Violation actions to use when this zone indicator threshold reaches

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/ddos/violation-actions

dst_zone-list_ip-proto_proto-number-list_glid-cfg

Specification  
Type object

glid

Description Global limit ID for the whole zone

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

glid-action

Description ‘drop’: Drop packets for glid exceed (Default); ‘blacklist-src’: Blacklist-src for glid exceed; ‘ignore’: Do nothing for glid exceed;

Type: string

Supported Values: drop, blacklist-src, ignore

per-addr-glid

Description Global limit ID per address

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

dst_zone-list_ip-proto_proto-number-list_manual-mode-list

Specification  
Type list
Block object keys  

config

Description ‘configuration’: Manual-mode configuration;

Type: string

Supported Values: configuration

src-default-glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-template

Description: zone-template is a JSON Block. Please see below for dst_zone-list_ip-proto_proto-number-list_manual-mode-list_zone-template

Type: Object

dst_zone-list_ip-proto_proto-number-list_manual-mode-list_zone-template

Specification  
Type object

encap

Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

ip-proto

Description DDOS ip-proto template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

dst_zone-list_ip-proto_proto-name-list

Specification  
Type list
Block object keys  

age

Description Idle age for ip entry

Type: number

Range: 2-1023

Default: 5

apply-policy-on-overflow

Description Enable this flag to apply overflow policy when dynamic entry count overflows

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

deny

Description Blacklist and Drop all incoming packets for ip-proto icmp-v4

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

drop-frag-pkt

Description Drop fragmented packets

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dynamic-entry-overflow-policy-list

enable-top-k

Description Enable ddos top-k detection

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

glid-cfg

Description: glid-cfg is a JSON Block. Please see below for dst_zone-list_ip-proto_proto-name-list_glid-cfg

Type: Object

key-cfg

Type: List

level-list

manual-mode-enable

Description Toggle manual mode to use fix templates

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

manual-mode-list

max-dynamic-entry-count

Description Maximum count for dynamic source zone service entry

Type: number

Range: 0-2147483647

port-ind

Description: port-ind is a JSON Block. Please see below for dst_zone-list_ip-proto_proto-name-list_port-ind

Type: Object

Refernce Object: /axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol}/port-ind

protocol

Description ‘icmp-v4’: ip-proto icmp-v4; ‘icmp-v6’: ip-proto icmp-v6; ‘other’: ip-proto other; ‘gre’: ip-proto gre; ‘ipv4-encap’: ip-proto IPv4 Encapsulation; ‘ipv6-encap’: ip-proto IPv6 Encapsulation;

Type: string

Supported Values: icmp-v4, icmp-v6, other, gre, ipv4-encap, ipv6-encap

tunnel-decap

Description Enable tunnel decapsulation

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

tunnel-rate-limit

Description Enable DDOS-protection on tunnel traffic

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

dst_zone-list_ip-proto_proto-name-list_port-ind

Specification  
Type object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

dst_zone-list_ip-proto_proto-name-list_key-cfg

Specification  
Type list
Block object keys  

key

Description Only decapsulate GRE packet with this hexadecimal key

Type: string

Maximum Length: 8 characters

Maximum Length: 1 characters

dst_zone-list_ip-proto_proto-name-list_glid-cfg

Specification  
Type object

glid

Description Global limit ID for the whole zone

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

glid-action

Description ‘drop’: Drop packets for glid exceed (Default); ‘blacklist-src’: Blacklist-src for glid exceed; ‘ignore’: Do nothing for glid exceed;

Type: string

Supported Values: drop, blacklist-src, ignore

per-addr-glid

Description Global limit ID per address

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

dst_zone-list_ip-proto_proto-name-list_dynamic-entry-overflow-policy-list

Specification  
Type list
Block object keys  

dummy-name

Description ‘configuration’: Configure overflow policy;

Type: string

Supported Values: configuration

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-template

Description: zone-template is a JSON Block. Please see below for dst_zone-list_ip-proto_proto-name-list_dynamic-entry-overflow-policy-list_zone-template

Type: Object

dst_zone-list_ip-proto_proto-name-list_dynamic-entry-overflow-policy-list_zone-template

Specification  
Type object

encap

Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

icmp-v4

Description DDOS icmp-v4 template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

icmp-v6

Description DDOS icmp-v6 template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

ip-proto

Description DDOS ip-proto template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

dst_zone-list_ip-proto_proto-name-list_level-list

Specification  
Type list
Block object keys  

indicator-list

level-num

Description ‘0’: Default policy level; ‘1’: Policy level 1; ‘2’: Policy level 2; ‘3’: Policy level 3; ‘4’: Policy level 4;

Type: string

Supported Values: 0, 1, 2, 3, 4

src-default-glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

src-escalation-score

Description Source activation score of this level

Type: number

Range: 1-1000000

src-violation-actions

Description Violation actions apply due to source escalate from this level

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/ddos/violation-actions

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-escalation-score

Description Zone activation score of this level

Type: number

Range: 1-1000000

zone-template

Description: zone-template is a JSON Block. Please see below for dst_zone-list_ip-proto_proto-name-list_level-list_zone-template

Type: Object

zone-violation-actions

Description Violation actions apply due to zone escalate from this level

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/ddos/violation-actions

dst_zone-list_ip-proto_proto-name-list_level-list_zone-template

Specification  
Type object

encap

Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

icmp-v4

Description DDOS icmp-v4 template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

icmp-v6

Description DDOS icmp-v6 template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

ip-proto

Description DDOS ip-proto template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

dst_zone-list_ip-proto_proto-name-list_level-list_indicator-list

Specification  
Type list
Block object keys  

data-packet-size

Description Expected minimal data size

Type: number

Range: 0-2147483647

score

Description Score corresponding to the indicator

Type: number

Range: 1-1000000

src-threshold-num

Description Indicator per-src threshold

Type: number

Range: 0-2147483647

src-threshold-str

Description Indicator per-src threshold

Type: string

Maximum Length: 128 characters

Maximum Length: 1 characters

src-violation-actions

Description Violation actions to use when this src indicator threshold reaches

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/ddos/violation-actions

type

Description ‘pkt-rate’: rate of incoming packets; ‘pkt-drop-rate’: rate of packets got dropped; ‘pkt-drop-ratio’: ratio of incoming packet rate divided by the rate of dropping packets; ‘bytes-to-bytes-from-ratio’: ratio of incoming packet rate divided by the rate of outgoing packets; ‘frag-rate’: rate of incoming fragmented packets;

Type: string

Supported Values: pkt-rate, pkt-drop-rate, pkt-drop-ratio, bytes-to-bytes-from-ratio, frag-rate

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-threshold-num

Description Threshold for the entire zone

Type: number

Range: 0-2147483647

zone-threshold-str

Description Threshold for the entire zone

Type: string

Maximum Length: 128 characters

Maximum Length: 1 characters

zone-violation-actions

Description Violation actions to use when this zone indicator threshold reaches

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/ddos/violation-actions

dst_zone-list_ip-proto_proto-name-list_manual-mode-list

Specification  
Type list
Block object keys  

config

Description ‘configuration’: Manual-mode configuration;

Type: string

Supported Values: configuration

src-default-glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-template

Description: zone-template is a JSON Block. Please see below for dst_zone-list_ip-proto_proto-name-list_manual-mode-list_zone-template

Type: Object

dst_zone-list_ip-proto_proto-name-list_manual-mode-list_zone-template

Specification  
Type object

encap

Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

icmp-v4

Description DDOS icmp-v4 template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

icmp-v6

Description DDOS icmp-v6 template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

ip-proto

Description DDOS ip-proto template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

dst_zone-list_ip-proto_proto-tcp-udp-list

Specification  
Type list
Block object keys  

drop-frag-pkt

Description Drop fragmented packets

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

glid-cfg

Description: glid-cfg is a JSON Block. Please see below for dst_zone-list_ip-proto_proto-tcp-udp-list_glid-cfg

Type: Object

protocol

Description ‘tcp’: ip-proto tcp; ‘udp’: ip-proto udp;

Type: string

Supported Values: tcp, udp

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

dst_zone-list_ip-proto_proto-tcp-udp-list_glid-cfg

Specification  
Type object

glid

Description Global limit ID for the whole zone

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

glid-action

Description ‘drop’: Drop packets for glid exceed (Default); ‘blacklist-src’: Blacklist-src for glid exceed; ‘ignore’: Do nothing for glid exceed;

Type: string

Supported Values: drop, blacklist-src, ignore

per-addr-glid

Description Global limit ID per address

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

dst_zone-list_port-range-list

Specification  
Type list
Block object keys  

age

Description Idle age for ip entry

Type: number

Range: 2-1023

Default: 5

apply-policy-on-overflow

Description Enable this flag to apply overflow policy when dynamic entry count overflows

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

default-action-list

Description Configure default-action-list

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/ddos/action-list

deny

Description Blacklist and Drop all incoming packets for protocol

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dynamic-entry-overflow-policy-list

enable-class-list-overflow

Description Apply class-list overflow policy upon exceeding dynamic entry count specified under zone port or each class-list

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

enable-top-k

Description Enable ddos top-k detection

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

glid-cfg

Description: glid-cfg is a JSON Block. Please see below for dst_zone-list_port-range-list_glid-cfg

Type: Object

level-list

manual-mode-enable

Description Toggle manual mode to use fix templates

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

manual-mode-list

max-dynamic-entry-count

Description Maximum count for dynamic source zone service entry

Type: number

Range: 0-2147483647

port-ind

port-range-end

Description Port-Range End Port Number

Type: number

Range: 1-65535

port-range-start

Description Port-Range Start Port Number

Type: number

Range: 1-65535

protocol

Description ‘dns-tcp’: DNS-TCP Port; ‘dns-udp’: DNS-UDP Port; ‘http’: HTTP Port; ‘tcp’: TCP Port; ‘udp’: UDP Port; ‘ssl-l4’: SSL-L4 Port;

Type: string

Supported Values: dns-tcp, dns-udp, http, tcp, udp, ssl-l4

sflow-common

Description Enable all sFlow polling options under this zone port

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: sflow-commonsflow-packets, sflow-tcp-basic, sflow-tcp-stateful and sflow-http are mutually exclusive

sflow-http

Description Enable sFlow HTTP counter polling

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: sflow-http and sflow-common are mutually exclusive

sflow-packets

Description Enable sFlow packet-level counter polling

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: sflow-packets and sflow-common are mutually exclusive

sflow-tcp

Description: sflow-tcp is a JSON Block. Please see below for dst_zone-list_port-range-list_sflow-tcp

Type: Object

src-based-policy-list

stateful

Description Enable stateful tracking of sessions (Default is stateless)

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

dst_zone-list_port-range-list_dynamic-entry-overflow-policy-list

Specification  
Type list
Block object keys  

action

Description ‘bypass’: Always permit for the Source to bypass all feature & limit checks; ‘deny’: Blacklist incoming packets for service;

Type: string

Supported Values: bypass, deny

dummy-name

Description ‘configuration’: Configure overflow policy;

Type: string

Supported Values: configuration

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

log-enable

Description Enable logging

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

log-periodic

Description Enable log periodic

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-template

Description: zone-template is a JSON Block. Please see below for dst_zone-list_port-range-list_dynamic-entry-overflow-policy-list_zone-template

Type: Object

dst_zone-list_port-range-list_dynamic-entry-overflow-policy-list_zone-template

Specification  
Type object

dns

Description DDOS dns template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

encap

Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

http

Description DDOS http template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

logging

Description DDOS logging template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

ssl-l4

Description DDOS ssl-l4 template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

tcp

Description DDOS tcp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

udp

Description DDOS udp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

dst_zone-list_port-range-list_glid-cfg

Specification  
Type object

glid

Description Global limit ID for the whole zone

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

glid-action

Description ‘drop’: Drop packets for glid exceed (Default if default-action-list is not configured); ‘blacklist-src’: Blacklist-src for glid exceed; ‘ignore’: Do nothing for glid exceed;

Type: string

Supported Values: drop, blacklist-src, ignore

per-addr-glid

Description Global limit ID per address

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

dst_zone-list_port-range-list_level-list

Specification  
Type list
Block object keys  

indicator-list

level-num

Description ‘0’: Default policy level; ‘1’: Policy level 1; ‘2’: Policy level 2; ‘3’: Policy level 3; ‘4’: Policy level 4;

Type: string

Supported Values: 0, 1, 2, 3, 4

src-default-glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

src-escalation-score

Description Source activation score of this level

Type: number

Range: 1-1000000

src-violation-actions

Description Violation actions apply due to source escalate from this level

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/ddos/violation-actions

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-escalation-score

Description Zone activation score of this level

Type: number

Range: 1-1000000

zone-template

Description: zone-template is a JSON Block. Please see below for dst_zone-list_port-range-list_level-list_zone-template

Type: Object

zone-violation-actions

Description Violation actions apply due to zone escalate from this level

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/ddos/violation-actions

dst_zone-list_port-range-list_level-list_zone-template

Specification  
Type object

dns

Description DDOS dns template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

encap

Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

http

Description DDOS http template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

ssl-l4

Description DDOS ssl-l4 template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

tcp

Description DDOS tcp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

udp

Description DDOS udp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

dst_zone-list_port-range-list_level-list_indicator-list

Specification  
Type list
Block object keys  

data-packet-size

Description Expected minimal data size

Type: number

Range: 0-2147483647

score

Description Score corresponding to the indicator

Type: number

Range: 1-1000000

src-threshold-num

Description Indicator per-src threshold

Type: number

Range: 0-2147483647

src-threshold-str

Description Indicator per-src threshold

Type: string

Maximum Length: 128 characters

Maximum Length: 1 characters

src-violation-actions

Description Violation actions to use when this src indicator threshold reaches

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/ddos/violation-actions

tcp-window-size

Description Expected minimal window size

Type: number

Range: 0-2147483647

type

Description ‘pkt-rate’: rate of incoming packets; ‘pkt-drop-rate’: rate of packets got dropped; ‘pkt-drop-ratio’: ratio of incoming packet rate divided by the rate of dropping packets; ‘bytes-to-bytes-from-ratio’: ratio of incoming packet rate divided by the rate of outgoing packets; ‘concurrent-conns’: number of concurrent connections; ‘conn-miss-rate’: rate of incoming packets for which no previously established connection exists; ‘syn-rate’: rate on incoming SYN packets; ‘fin-rate’: rate on incoming FIN packets; ‘rst-rate’: rate of incoming RST packets; ‘small-window-ack-rate’: rate of small window advertisement; ‘empty-ack-rate’: rate of incoming packets which have no payload; ‘small-payload-rate’: rate of short payload packet; ‘syn-fin-ratio’: ratio of incoming SYN packet rate divided by the rate of incoming FIN packets;

Type: string

Supported Values: pkt-rate, pkt-drop-rate, pkt-drop-ratio, bytes-to-bytes-from-ratio, concurrent-conns, conn-miss-rate, syn-rate, fin-rate, rst-rate, small-window-ack-rate, empty-ack-rate, small-payload-rate, syn-fin-ratio

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-threshold-num

Description Threshold for the entire zone

Type: number

Range: 0-2147483647

zone-threshold-str

Description Threshold for the entire zone

Type: string

Maximum Length: 128 characters

Maximum Length: 1 characters

zone-violation-actions

Description Violation actions to use when this zone indicator threshold reaches

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/ddos/violation-actions

dst_zone-list_port-range-list_manual-mode-list

Specification  
Type list
Block object keys  

config

Description ‘configuration’: Manual-mode configuration;

Type: string

Supported Values: configuration

src-default-glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-template

Description: zone-template is a JSON Block. Please see below for dst_zone-list_port-range-list_manual-mode-list_zone-template

Type: Object

dst_zone-list_port-range-list_manual-mode-list_zone-template

Specification  
Type object

dns

Description DDOS dns template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

encap

Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

http

Description DDOS http template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

ssl-l4

Description DDOS ssl-l4 template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

tcp

Description DDOS tcp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

udp

Description DDOS udp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

dst_zone-list_port-range-list_src-based-policy-list

Specification  
Type list
Block object keys  

policy-class-list-list

src-based-policy-name

Description Specify name of the policy

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

dst_zone-list_port-range-list_src-based-policy-list_policy-class-list-list

Specification  
Type list
Block object keys  

action

Description ‘bypass’: Always permit for the Source to bypass all feature & limit checks; ‘deny’: Blacklist incoming packets for service;

Type: string

Supported Values: bypass, deny

class-list-name

Description Class-list name

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

class-list-overflow-policy-list

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

max-dynamic-entry-count

Description Maximum count for dynamic source zone service entry allowed for this class-list

Type: number

Range: 0-2147483647

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-template

Description: zone-template is a JSON Block. Please see below for dst_zone-list_port-range-list_src-based-policy-list_policy-class-list-list_zone-template

Type: Object

dst_zone-list_port-range-list_src-based-policy-list_policy-class-list-list_zone-template

Specification  
Type object

dns

Description DDOS dns template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

encap

Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

http

Description DDOS http template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

logging

Description DDOS logging template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

ssl-l4

Description DDOS ssl-l4 template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

tcp

Description DDOS tcp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

udp

Description DDOS udp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

dst_zone-list_port-range-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list

Specification  
Type list
Block object keys  

action

Description ‘bypass’: Always permit for the Source to bypass all feature & limit checks; ‘deny’: Blacklist incoming packets for service;

Type: string

Supported Values: bypass, deny

dummy-name

Description ‘configuration’: Configure overflow policy for class-list;

Type: string

Supported Values: configuration

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

log-enable

Description Enable logging

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

log-periodic

Description Enable log periodic

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-template

dst_zone-list_port-range-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list_zone-template

Specification  
Type object

dns

Description DDOS dns template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

encap

Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

http

Description DDOS http template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

logging

Description DDOS logging template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

ssl-l4

Description DDOS ssl-l4 template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

tcp

Description DDOS tcp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

udp

Description DDOS udp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

dst_zone-list_port-range-list_port-ind

Specification  
Type object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

dst_zone-list_port-range-list_sflow-tcp

Specification  
Type object

sflow-tcp-basic

Description Enable sFlow basic TCP counter polling

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: sflow-tcp-basic and sflow-common are mutually exclusive

sflow-tcp-stateful

Description Enable sFlow stateful TCP counter polling

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: sflow-tcp-stateful and sflow-common are mutually exclusive

dst_zone-list_port

Specification  
Type object

zone-service-list

zone-service-other-list

dst_zone-list_port_zone-service-list

Specification  
Type list
Block object keys  

apply-policy-on-overflow

Description Enable this flag to apply overflow policy when dynamic entry count overflows

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

capture-config

Description: capture-config is a JSON Block. Please see below for dst_zone-list_port_zone-service-list_capture-config

Type: Object

default-action-list

Description Configure default-action-list

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/ddos/action-list

deny

Description Blacklist and Drop all incoming packets for protocol

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dynamic-entry-overflow-policy-list

enable-class-list-overflow

Description Apply class-list overflow policy upon exceeding dynamic entry count specified for zone-port or class-list

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

enable-top-k

Description Enable ddos top-k detection

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

glid-cfg

Description: glid-cfg is a JSON Block. Please see below for dst_zone-list_port_zone-service-list_glid-cfg

Type: Object

level-list

manual-mode-enable

Description Toggle manual mode to use fix templates

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

manual-mode-list

max-dynamic-entry-count

Description Maximum count for dynamic source zone service entry

Type: number

Range: 0-2147483647

port-ind

Description: port-ind is a JSON Block. Please see below for dst_zone-list_port_zone-service-list_port-ind

Type: Object

Refernce Object: /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/port-ind

port-num

Description Port Number

Type: number

Range: 1-65535

protocol

Description ‘dns-tcp’: DNS-TCP Port; ‘dns-udp’: DNS-UDP Port; ‘http’: HTTP Port; ‘tcp’: TCP Port; ‘udp’: UDP Port; ‘ssl-l4’: SSL-L4 Port;

Type: string

Supported Values: dns-tcp, dns-udp, http, tcp, udp, ssl-l4

sflow-common

Description Enable all sFlow polling options under this zone port

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: sflow-commonsflow-packets, sflow-tcp-basic, sflow-tcp-stateful and sflow-http are mutually exclusive

sflow-http

Description Enable sFlow HTTP counter polling

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: sflow-http and sflow-common are mutually exclusive

sflow-packets

Description Enable sFlow packet-level counter polling

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: sflow-packets and sflow-common are mutually exclusive

sflow-tcp

Description: sflow-tcp is a JSON Block. Please see below for dst_zone-list_port_zone-service-list_sflow-tcp

Type: Object

src-based-policy-list

stateful

Description Enable stateful tracking of sessions (Default is stateless)

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

dst_zone-list_port_zone-service-list_dynamic-entry-overflow-policy-list

Specification  
Type list
Block object keys  

action

Description ‘bypass’: Always permit for the Source to bypass all feature & limit checks; ‘deny’: Blacklist incoming packets for service;

Type: string

Supported Values: bypass, deny

dummy-name

Description ‘configuration’: Configure overflow policy;

Type: string

Supported Values: configuration

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

log-enable

Description Enable logging

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

log-periodic

Description Enable log periodic

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-template

Description: zone-template is a JSON Block. Please see below for dst_zone-list_port_zone-service-list_dynamic-entry-overflow-policy-list_zone-template

Type: Object

dst_zone-list_port_zone-service-list_dynamic-entry-overflow-policy-list_zone-template

Specification  
Type object

dns

Description DDOS dns template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

encap

Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

http

Description DDOS http template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

logging

Description DDOS logging template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

ssl-l4

Description DDOS ssl-l4 template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

tcp

Description DDOS tcp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

udp

Description DDOS udp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

dst_zone-list_port_zone-service-list_glid-cfg

Specification  
Type object

glid

Description Global limit ID for the whole zone

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

glid-action

Description ‘drop’: Drop packets for glid exceed (Default if default-action-list is not configured); ‘blacklist-src’: Blacklist-src for glid exceed; ‘ignore’: Do nothing for glid exceed;

Type: string

Supported Values: drop, blacklist-src, ignore

per-addr-glid

Description Global limit ID per address

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

dst_zone-list_port_zone-service-list_level-list

Specification  
Type list
Block object keys  

indicator-list

level-num

Description ‘0’: Default policy level; ‘1’: Policy level 1; ‘2’: Policy level 2; ‘3’: Policy level 3; ‘4’: Policy level 4;

Type: string

Supported Values: 0, 1, 2, 3, 4

src-default-glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

src-escalation-score

Description Source activation score of this level

Type: number

Range: 1-1000000

src-violation-actions

Description Violation actions apply due to source escalate from this level

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/ddos/violation-actions

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-escalation-score

Description Zone activation score of this level

Type: number

Range: 1-1000000

zone-template

Description: zone-template is a JSON Block. Please see below for dst_zone-list_port_zone-service-list_level-list_zone-template

Type: Object

zone-violation-actions

Description Violation actions apply due to zone escalate from this level

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/ddos/violation-actions

dst_zone-list_port_zone-service-list_level-list_zone-template

Specification  
Type object

dns

Description DDOS dns template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

encap

Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

http

Description DDOS http template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

ssl-l4

Description DDOS ssl-l4 template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

tcp

Description DDOS tcp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

udp

Description DDOS udp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

dst_zone-list_port_zone-service-list_level-list_indicator-list

Specification  
Type list
Block object keys  

data-packet-size

Description Expected minimal data size

Type: number

Range: 0-2147483647

score

Description Score corresponding to the indicator

Type: number

Range: 1-1000000

src-threshold-num

Description Indicator per-src threshold

Type: number

Range: 0-2147483647

src-threshold-str

Description Indicator per-src threshold

Type: string

Maximum Length: 128 characters

Maximum Length: 1 characters

src-violation-actions

Description Violation actions to use when this src indicator threshold reaches

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/ddos/violation-actions

tcp-window-size

Description Expected minimal window size

Type: number

Range: 0-2147483647

type

Description ‘pkt-rate’: rate of incoming packets; ‘pkt-drop-rate’: rate of packets got dropped; ‘pkt-drop-ratio’: ratio of incoming packet rate divided by the rate of dropping packets; ‘bytes-to-bytes-from-ratio’: ratio of incoming packet rate divided by the rate of outgoing packets; ‘concurrent-conns’: number of concurrent connections; ‘conn-miss-rate’: rate of incoming packets for which no previously established connection exists; ‘syn-rate’: rate on incoming SYN packets; ‘fin-rate’: rate on incoming FIN packets; ‘rst-rate’: rate of incoming RST packets; ‘small-window-ack-rate’: rate of small window advertisement; ‘empty-ack-rate’: rate of incoming packets which have no payload; ‘small-payload-rate’: rate of short payload packet; ‘syn-fin-ratio’: ratio of incoming SYN packet rate divided by the rate of incoming FIN packets;

Type: string

Supported Values: pkt-rate, pkt-drop-rate, pkt-drop-ratio, bytes-to-bytes-from-ratio, concurrent-conns, conn-miss-rate, syn-rate, fin-rate, rst-rate, small-window-ack-rate, empty-ack-rate, small-payload-rate, syn-fin-ratio

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-threshold-num

Description Threshold for the entire zone

Type: number

Range: 0-2147483647

zone-threshold-str

Description Threshold for the entire zone

Type: string

Maximum Length: 128 characters

Maximum Length: 1 characters

zone-violation-actions

Description Violation actions to use when this zone indicator threshold reaches

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/ddos/violation-actions

dst_zone-list_port_zone-service-list_manual-mode-list

Specification  
Type list
Block object keys  

config

Description ‘configuration’: Manual-mode configuration;

Type: string

Supported Values: configuration

src-default-glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-template

Description: zone-template is a JSON Block. Please see below for dst_zone-list_port_zone-service-list_manual-mode-list_zone-template

Type: Object

dst_zone-list_port_zone-service-list_manual-mode-list_zone-template

Specification  
Type object

dns

Description DDOS dns template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

encap

Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

http

Description DDOS http template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

ssl-l4

Description DDOS ssl-l4 template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

tcp

Description DDOS tcp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

udp

Description DDOS udp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

dst_zone-list_port_zone-service-list_src-based-policy-list

Specification  
Type list
Block object keys  

policy-class-list-list

src-based-policy-name

Description Specify name of the policy

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

dst_zone-list_port_zone-service-list_src-based-policy-list_policy-class-list-list

Specification  
Type list
Block object keys  

action

Description ‘bypass’: Always permit for the Source to bypass all feature & limit checks; ‘deny’: Blacklist incoming packets for service;

Type: string

Supported Values: bypass, deny

class-list-name

Description Class-list name

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

class-list-overflow-policy-list

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

log-enable

Description Enable logging

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

log-periodic

Description Enable log periodic

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

max-dynamic-entry-count

Description Maximum count for dynamic source zone service entry allowed for this class-list

Type: number

Range: 0-2147483647

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-template

Description: zone-template is a JSON Block. Please see below for dst_zone-list_port_zone-service-list_src-based-policy-list_policy-class-list-list_zone-template

Type: Object

dst_zone-list_port_zone-service-list_src-based-policy-list_policy-class-list-list_zone-template

Specification  
Type object

dns

Description DDOS dns template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

encap

Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

http

Description DDOS http template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

logging

Description DDOS logging template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

ssl-l4

Description DDOS ssl-l4 template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

tcp

Description DDOS tcp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

udp

Description DDOS udp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

dst_zone-list_port_zone-service-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list

Specification  
Type list
Block object keys  

action

Description ‘bypass’: Always permit for the Source to bypass all feature & limit checks; ‘deny’: Blacklist incoming packets for service;

Type: string

Supported Values: bypass, deny

dummy-name

Description ‘configuration’: Configure overflow policy for class-list;

Type: string

Supported Values: configuration

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

log-enable

Description Enable logging

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

log-periodic

Description Enable log periodic

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-template

dst_zone-list_port_zone-service-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list_zone-template

Specification  
Type object

dns

Description DDOS dns template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

encap

Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

http

Description DDOS http template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

logging

Description DDOS logging template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

ssl-l4

Description DDOS ssl-l4 template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

tcp

Description DDOS tcp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

udp

Description DDOS udp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

dst_zone-list_port_zone-service-list_port-ind

Specification  
Type object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

dst_zone-list_port_zone-service-list_sflow-tcp

Specification  
Type object

sflow-tcp-basic

Description Enable sFlow basic TCP counter polling

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: sflow-tcp-basic and sflow-common are mutually exclusive

sflow-tcp-stateful

Description Enable sFlow stateful TCP counter polling

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: sflow-tcp-stateful and sflow-common are mutually exclusive

dst_zone-list_port_zone-service-list_capture-config

Specification  
Type object

capture-config-mode

Description ‘drop’: Apply capture-config to dropped packets; ‘forward’: Apply capture-config to forwarded packets; ‘all’: Apply capture-config to both dropped and forwarded packets;

Type: string

Supported Values: drop, forward, all

capture-config-name

Description Capture-config name

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

dst_zone-list_port_zone-service-other-list

Specification  
Type list
Block object keys  

age

Description Idle age for ip entry

Type: number

Range: 2-1023

Default: 5

apply-policy-on-overflow

Description Enable this flag to apply overflow policy when dynamic entry count overflows

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

default-action-list

Description Configure default-action-list

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/ddos/action-list

deny

Description Blacklist and Drop all incoming packets for protocol

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dynamic-entry-overflow-policy-list

enable-class-list-overflow

Description Apply class-list overflow policy upon exceeding dynamic entry count specified for this zone port or each class-list

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

enable-top-k

Description Enable ddos top-k detection

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

glid-cfg

Description: glid-cfg is a JSON Block. Please see below for dst_zone-list_port_zone-service-other-list_glid-cfg

Type: Object

level-list

manual-mode-enable

Description Toggle manual mode to use fix templates

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

manual-mode-list

max-dynamic-entry-count

Description Maximum count for dynamic source zone service entry

Type: number

Range: 0-2147483647

port-ind

port-other

Description ‘other’: other;

Type: string

Supported Values: other

protocol

Description ‘tcp’: TCP Port; ‘udp’: UDP Port;

Type: string

Supported Values: tcp, udp

sflow-common

Description Enable all sFlow polling options under this zone port

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: sflow-commonsflow-packets, sflow-tcp-basic and sflow-tcp-stateful are mutually exclusive

sflow-packets

Description Enable sFlow packet-level counter polling

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: sflow-packets and sflow-common are mutually exclusive

sflow-tcp

Description: sflow-tcp is a JSON Block. Please see below for dst_zone-list_port_zone-service-other-list_sflow-tcp

Type: Object

src-based-policy-list

stateful

Description Enable stateful tracking of sessions (Default is stateless)

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

dst_zone-list_port_zone-service-other-list_src-based-policy-list

Specification  
Type list
Block object keys  

policy-class-list-list

src-based-policy-name

Description Specify name of the policy

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

dst_zone-list_port_zone-service-other-list_src-based-policy-list_policy-class-list-list

Specification  
Type list
Block object keys  

action

Description ‘bypass’: Always permit for the Source to bypass all feature & limit checks; ‘deny’: Blacklist incoming packets for service;

Type: string

Supported Values: bypass, deny

class-list-name

Description Class-list name

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

class-list-overflow-policy-list

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

max-dynamic-entry-count

Description Maximum count for dynamic source zone service entry allowed for this class-list

Type: number

Range: 0-2147483647

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-template

Description: zone-template is a JSON Block. Please see below for dst_zone-list_port_zone-service-other-list_src-based-policy-list_policy-class-list-list_zone-template

Type: Object

dst_zone-list_port_zone-service-other-list_src-based-policy-list_policy-class-list-list_zone-template

Specification  
Type object

dns

Description DDOS dns template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

encap

Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

http

Description DDOS http template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

logging

Description DDOS logging template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

ssl-l4

Description DDOS ssl-l4 template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

tcp

Description DDOS tcp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

udp

Description DDOS udp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

dst_zone-list_port_zone-service-other-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list

Specification  
Type list
Block object keys  

action

Description ‘bypass’: Always permit for the Source to bypass all feature & limit checks; ‘deny’: Blacklist incoming packets for service;

Type: string

Supported Values: bypass, deny

dummy-name

Description ‘configuration’: Configure overflow policy for class-list;

Type: string

Supported Values: configuration

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

log-enable

Description Enable logging

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

log-periodic

Description Enable log periodic

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-template

dst_zone-list_port_zone-service-other-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list_zone-template

Specification  
Type object

dns

Description DDOS dns template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

encap

Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

http

Description DDOS http template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

logging

Description DDOS logging template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

ssl-l4

Description DDOS ssl-l4 template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

tcp

Description DDOS tcp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

udp

Description DDOS udp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

dst_zone-list_port_zone-service-other-list_port-ind

Specification  
Type object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

dst_zone-list_port_zone-service-other-list_dynamic-entry-overflow-policy-list

Specification  
Type list
Block object keys  

action

Description ‘bypass’: Always permit for the Source to bypass all feature & limit checks; ‘deny’: Blacklist incoming packets for service;

Type: string

Supported Values: bypass, deny

dummy-name

Description ‘configuration’: Configure overflow policy;

Type: string

Supported Values: configuration

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

log-enable

Description Enable logging

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

log-periodic

Description Enable log periodic

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-template

Description: zone-template is a JSON Block. Please see below for dst_zone-list_port_zone-service-other-list_dynamic-entry-overflow-policy-list_zone-template

Type: Object

dst_zone-list_port_zone-service-other-list_dynamic-entry-overflow-policy-list_zone-template

Specification  
Type object

dns

Description DDOS dns template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

encap

Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

http

Description DDOS http template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

logging

Description DDOS logging template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

ssl-l4

Description DDOS ssl-l4 template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

tcp

Description DDOS tcp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

udp

Description DDOS udp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

dst_zone-list_port_zone-service-other-list_glid-cfg

Specification  
Type object

glid

Description Global limit ID for the whole zone

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

glid-action

Description ‘drop’: Drop packets for glid exceed (Default if default-action-list is not configured); ‘blacklist-src’: Blacklist-src for glid exceed; ‘ignore’: Do nothing for glid exceed;

Type: string

Supported Values: drop, blacklist-src, ignore

per-addr-glid

Description Global limit ID per address

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

dst_zone-list_port_zone-service-other-list_level-list

Specification  
Type list
Block object keys  

indicator-list

level-num

Description ‘0’: Default policy level; ‘1’: Policy level 1; ‘2’: Policy level 2; ‘3’: Policy level 3; ‘4’: Policy level 4;

Type: string

Supported Values: 0, 1, 2, 3, 4

src-default-glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

src-escalation-score

Description Source activation score of this level

Type: number

Range: 1-1000000

src-violation-actions

Description Violation actions apply due to source escalate from this level

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/ddos/violation-actions

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-escalation-score

Description Zone activation score of this level

Type: number

Range: 1-1000000

zone-template

Description: zone-template is a JSON Block. Please see below for dst_zone-list_port_zone-service-other-list_level-list_zone-template

Type: Object

zone-violation-actions

Description Violation actions apply due to zone escalate from this level

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/ddos/violation-actions

dst_zone-list_port_zone-service-other-list_level-list_zone-template

Specification  
Type object

encap

Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

tcp

Description DDOS tcp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

udp

Description DDOS udp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

dst_zone-list_port_zone-service-other-list_level-list_indicator-list

Specification  
Type list
Block object keys  

data-packet-size

Description Expected minimal data size

Type: number

Range: 0-2147483647

score

Description Score corresponding to the indicator

Type: number

Range: 1-1000000

src-threshold-num

Description Indicator per-src threshold

Type: number

Range: 0-2147483647

src-threshold-str

Description Indicator per-src threshold

Type: string

Maximum Length: 128 characters

Maximum Length: 1 characters

src-violation-actions

Description Violation actions to use when this src indicator threshold reaches

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/ddos/violation-actions

tcp-window-size

Description Expected minimal window size

Type: number

Range: 0-2147483647

type

Description ‘pkt-rate’: rate of incoming packets; ‘pkt-drop-rate’: rate of packets got dropped; ‘pkt-drop-ratio’: ratio of incoming packet rate divided by the rate of dropping packets; ‘bytes-to-bytes-from-ratio’: ratio of incoming packet rate divided by the rate of outgoing packets; ‘concurrent-conns’: number of concurrent connections; ‘conn-miss-rate’: rate of incoming packets for which no previously established connection exists; ‘syn-rate’: rate on incoming SYN packets; ‘fin-rate’: rate on incoming FIN packets; ‘rst-rate’: rate of incoming RST packets; ‘small-window-ack-rate’: rate of small window advertisement; ‘empty-ack-rate’: rate of incoming packets which have no payload; ‘small-payload-rate’: rate of short payload packet; ‘syn-fin-ratio’: ratio of incoming SYN packet rate divided by the rate of incoming FIN packets;

Type: string

Supported Values: pkt-rate, pkt-drop-rate, pkt-drop-ratio, bytes-to-bytes-from-ratio, concurrent-conns, conn-miss-rate, syn-rate, fin-rate, rst-rate, small-window-ack-rate, empty-ack-rate, small-payload-rate, syn-fin-ratio

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-threshold-num

Description Threshold for the entire zone

Type: number

Range: 0-2147483647

zone-threshold-str

Description Threshold for the entire zone

Type: string

Maximum Length: 128 characters

Maximum Length: 1 characters

zone-violation-actions

Description Violation actions to use when this zone indicator threshold reaches

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/ddos/violation-actions

dst_zone-list_port_zone-service-other-list_sflow-tcp

Specification  
Type object

sflow-tcp-basic

Description Enable sFlow basic TCP counter polling

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: sflow-tcp-basic and sflow-common are mutually exclusive

sflow-tcp-stateful

Description Enable sFlow stateful TCP counter polling

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: sflow-tcp-stateful and sflow-common are mutually exclusive

dst_zone-list_port_zone-service-other-list_manual-mode-list

Specification  
Type list
Block object keys  

config

Description ‘configuration’: Manual-mode configuration;

Type: string

Supported Values: configuration

src-default-glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-template

Description: zone-template is a JSON Block. Please see below for dst_zone-list_port_zone-service-other-list_manual-mode-list_zone-template

Type: Object

dst_zone-list_port_zone-service-other-list_manual-mode-list_zone-template

Specification  
Type object

encap

Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

tcp

Description DDOS tcp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

udp

Description DDOS udp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

dst_zone-list_capture-config-list

Specification  
Type list
Block object keys  

mode

Description ‘drop’: Apply capture-config to dropped packets; ‘forward’: Apply capture-config to forwarded packets; ‘all’: Apply capture-config to both dropped and forwarded packets;

Type: string

Supported Values: drop, forward, all

name

Description Capture-config name

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/capture-config

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

dst_zone-list_zone-template

Specification  
Type object

logging

Description DDOS logging template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

dst_zone-list_src-port-range-list

Specification  
Type list
Block object keys  

capture-config

Description: capture-config is a JSON Block. Please see below for dst_zone-list_src-port-range-list_capture-config

Type: Object

default-action-list

Description Configure default-action-list

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/ddos/action-list

deny

Description Blacklist and Drop all incoming packets for protocol

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

glid-cfg

Description: glid-cfg is a JSON Block. Please see below for dst_zone-list_src-port-range-list_glid-cfg

Type: Object

protocol

Description ‘udp’: UDP port; ‘tcp’: TCP Port;

Type: string

Supported Values: udp, tcp

src-port-range-end

Description Src Port-Range End Port Number

Type: number

Range: 2-65535

src-port-range-start

Description Src Port-Range Start Port Number

Type: number

Range: 1-65535

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-template

Description: zone-template is a JSON Block. Please see below for dst_zone-list_src-port-range-list_zone-template

Type: Object

dst_zone-list_src-port-range-list_capture-config

Specification  
Type object

capture-config-mode

Description ‘drop’: Apply capture-config to dropped packets; ‘forward’: Apply capture-config to forwarded packets; ‘all’: Apply capture-config to both dropped and forwarded packets;

Type: string

Supported Values: drop, forward, all

capture-config-name

Description Capture-config name

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

dst_zone-list_src-port-range-list_glid-cfg

Specification  
Type object

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

glid-action

Description ‘drop’: Drop packets for glid exceed (Default); ‘blacklist-src’: Blacklist-src for glid exceed; ‘ignore’: Do nothing for glid exceed;

Type: string

Supported Values: drop, blacklist-src, ignore

dst_zone-list_src-port-range-list_zone-template

Specification  
Type object

src-tcp

Description DDOS tcp src template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

src-udp

Description DDOS udp src template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

dst_zone-list_src-port

Specification  
Type object

zone-src-port-list

zone-src-port-other-list

dst_zone-list_src-port_zone-src-port-list

Specification  
Type list
Block object keys  

default-action-list

Description Configure default-action-list

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/ddos/action-list

deny

Description Blacklist and Drop all incoming packets for protocol

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

glid-cfg

Description: glid-cfg is a JSON Block. Please see below for dst_zone-list_src-port_zone-src-port-list_glid-cfg

Type: Object

port-num

Description Source Port Number

Type: number

Range: 1-65535

protocol

Description ‘udp’: UDP port; ‘tcp’: TCP Port;

Type: string

Supported Values: udp, tcp

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-template

Description: zone-template is a JSON Block. Please see below for dst_zone-list_src-port_zone-src-port-list_zone-template

Type: Object

dst_zone-list_src-port_zone-src-port-list_glid-cfg

Specification  
Type object

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

glid-action

Description ‘drop’: Drop packets for glid exceed (Default); ‘blacklist-src’: Blacklist-src for glid exceed; ‘ignore’: Do nothing for glid exceed;

Type: string

Supported Values: drop, blacklist-src, ignore

dst_zone-list_src-port_zone-src-port-list_zone-template

Specification  
Type object

src-tcp

Description DDOS tcp src template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

src-udp

Description DDOS udp src template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

dst_zone-list_src-port_zone-src-port-other-list

Specification  
Type list
Block object keys  

default-action-list

Description Configure default-action-list

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/ddos/action-list

deny

Description Blacklist and Drop all incoming packets for protocol

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

glid-cfg

Description: glid-cfg is a JSON Block. Please see below for dst_zone-list_src-port_zone-src-port-other-list_glid-cfg

Type: Object

port-other

Description ‘other’: other;

Type: string

Supported Values: other

protocol

Description ‘udp’: UDP port; ‘tcp’: TCP Port;

Type: string

Supported Values: udp, tcp

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-template

Description: zone-template is a JSON Block. Please see below for dst_zone-list_src-port_zone-src-port-other-list_zone-template

Type: Object

dst_zone-list_src-port_zone-src-port-other-list_glid-cfg

Specification  
Type object

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

glid-action

Description ‘drop’: Drop packets for glid exceed (Default); ‘blacklist-src’: Blacklist-src for glid exceed; ‘ignore’: Do nothing for glid exceed;

Type: string

Supported Values: drop, blacklist-src, ignore

dst_zone-list_src-port_zone-src-port-other-list_zone-template

Specification  
Type object

src-tcp

Description DDOS tcp src template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

src-udp

Description DDOS udp src template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

dst_zone-list_sflow-tcp

Specification  
Type object

sflow-tcp-basic

Description Enable sFlow basic TCP counter polling. WARNING: Zone level Sflow polling might induce heavy CPU load depending on the total nu

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: sflow-tcp-basic and sflow-common are mutually exclusive

sflow-tcp-stateful

Description Enable sFlow stateful TCP counter polling. WARNING: Zone level Sflow polling might induce heavy CPU load depending on the total

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: sflow-tcp-stateful and sflow-common are mutually exclusive

dst_zone-list_ipv6

Specification  
Type list
Block object keys  

expand-ipv6-subnet

Description Expand this subnet to individual IPv6 address

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

expand-ipv6-subnet-mode

Description ‘dynamic’: Dynamic learning;

Type: string

Supported Values: dynamic

ip6-addr

Description Specify IPv6 address

Type: string

Format: ipv6-address

subnet-ipv6-addr

Description IPV6 Subnet

Type: string

Format: ipv6-address-plen

system-default

Specification  
Type object

limit-list

system-default_limit-list

Specification  
Type list
Block object keys  

default-bit-rate-limit

Description Configure Default Kibit (kibibit / 1024-bit) rate limit

Type: number

Range: 1-16000000

default-conn-limit

Description Configure Default Connection limit

Type: number

Range: 1-16000000

default-conn-rate-limit

Description Configure Default Connection rate limit

Type: number

Range: 1-16000000

default-frag-pkt-rate-limit

Description Configure Default Fragmented packet rate limit

Type: number

Range: 1-16000000

default-over-limit-action

Description: default-over-limit-action is a JSON Block. Please see below for system-default_limit-list_default-over-limit-action

Type: Object

default-pkt-rate-limit

Description Configure Default Packet rate limit

Type: number

Range: 1-16000000

limit-type

Description ‘dst-entry’: dst-entry; ‘dst-icmp’: dst-icmp; ‘dst-other’: dst-other; ‘dst-tcp’: dst-tcp; ‘dst-udp’: dst-udp; ‘src-entry’: src-entry; ‘src-icmp’: src-icmp; ‘src-other’: src-other; ‘src-tcp’: src-tcp; ‘src-udp’: src-udp;

Type: string

Supported Values: dst-entry, dst-icmp, dst-other, dst-tcp, dst-udp, src-entry, src-icmp, src-other, src-tcp, src-udp

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

system-default_limit-list_default-over-limit-action

Specification  
Type object

drop

Description Silently Drop the new connection / new packet when it exceeds limit

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

notification-template-common

Specification  
Type object

default-notification-template

Description Specify the notification template to use as default (Default notification template name)

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/ddos/notification-template

disable-default-template

Description Disable sending notification templates using default-template (Disable default notification template)

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-template

Specification  
Type object

dns-list

Type: List

Refernce Object: /axapi/v3/ddos/zone-template/dns/{name}

encap-list

http-list

icmp-v4-list

icmp-v6-list

ip-proto-list

logging-list

ssl-l4-list

tcp-list

Type: List

Refernce Object: /axapi/v3/ddos/zone-template/tcp/{name}

udp-list

Type: List

Refernce Object: /axapi/v3/ddos/zone-template/udp/{name}

zone-template_logging-list

Specification  
Type list
Block object keys  

enable-action-logging

Description Log action taken

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

log-format-cef

Description Log in CEF format

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

log-format-custom

Description Customize log format

Type: string

Format: string-rlx

Maximum Length: 512 characters

Maximum Length: 1 characters

logging-tmpl-name

Description DDOS Logging Template Name

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Default: default

use-obj-name

Description Show obj name instead of ip in the log

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-template_ip-proto-list

Specification  
Type list
Block object keys  

filter-list

name

Description DDOS Ip-proto Template Name

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-template_ip-proto-list_filter-list

Specification  
Type list
Block object keys  

byte-offset-filter

Description Filter using Berkeley Packet Filter syntax

Type: string

Format: string-rlx

Maximum Length: 1275 characters

Maximum Length: 1 characters

other-filter-action

Description ‘drop’: Drop packets (Default); ‘ignore’: Take no action; ‘blacklist-src’: Blacklist-src; ‘authenticate-src’: Authenticate-src;

Type: string

Supported Values: drop, ignore, blacklist-src, authenticate-src

Mutual Exclusion: other-filter-action and other-filter-action-list-name are mutually exclusive

other-filter-action-list-name

Description Configure action-list to take

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: other-filter-action-list-name and other-filter-action are mutually exclusive

Refernce Object: /axapi/v3/ddos/action-list

other-filter-inverse-match

Description Inverse the result of the matching

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

other-filter-name

Description

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

other-filter-regex

Description Regex Expression

Type: string

Format: string-rlx

Maximum Length: 1275 characters

Maximum Length: 1 characters

other-filter-seq

Description Sequence number

Type: number

Range: 1-200

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-template_ssl-l4-list

Specification  
Type list
Block object keys  

allow-non-tls

Description Allow Non-TLS (SSLv3 and lower) traffic (Warning: security may be compromised)

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

auth-handshake

Description: auth-handshake is a JSON Block. Please see below for zone-template_ssl-l4-list_auth-handshake

Type: Object

dst

Description: dst is a JSON Block. Please see below for zone-template_ssl-l4-list_dst

Type: Object

renegotiation

Description: renegotiation is a JSON Block. Please see below for zone-template_ssl-l4-list_renegotiation

Type: Object

src

Description: src is a JSON Block. Please see below for zone-template_ssl-l4-list_src

Type: Object

ssl-l4-tmpl-name

Description

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-template_ssl-l4-list_auth-handshake

Specification  
Type object

auth-handshake-fail-action

Description ‘drop’: Drop packets (Default); ‘blacklist-src’: Blacklist-src; ‘reset’: Reset client connection;

Type: string

Supported Values: drop, blacklist-src, reset

Mutual Exclusion: auth-handshake-fail-action and auth-handshake-fail-action-list-name are mutually exclusive

auth-handshake-fail-action-list-name

Description Configure action-list to take for failing the authentication

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: auth-handshake-fail-action-list-name and auth-handshake-fail-action are mutually exclusive

Refernce Object: /axapi/v3/ddos/action-list

auth-handshake-pass-action

Description ‘authenticate-src’: authenticate-src (Default);

Type: string

Supported Values: authenticate-src

Mutual Exclusion: auth-handshake-pass-action and auth-handshake-pass-action-list-name are mutually exclusive

auth-handshake-pass-action-list-name

Description Configure action-list to take for passing the authentication

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: auth-handshake-pass-action-list-name and auth-handshake-pass-action are mutually exclusive

Refernce Object: /axapi/v3/ddos/action-list

auth-handshake-timeout

Description Connection timeout (default 5 seconds) and trials (default 5 times) (DST support only)

Type: number

Range: 1-31

Default: 5

auth-handshake-trials

Description Number of failed handshakes before entry marked black

Type: number

Range: 0-15

Default: 5

cert-cfg

Description: cert-cfg is a JSON Block. Please see below for zone-template_ssl-l4-list_auth-handshake_cert-cfg

Type: Object

server-name-list

Type: List

zone-template_ssl-l4-list_auth-handshake_cert-cfg

Specification  
Type object

cert

Description SSL certificate

Type: string

Maximum Length: 255 characters

Maximum Length: 1 characters

key

Description SSL key

Type: string

Maximum Length: 255 characters

Maximum Length: 1 characters

key-encrypted

Description Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string)

key-passphrase

Description Password Phrase

Type: string

Format: password

Maximum Length: 63 characters

Maximum Length: 1 characters

zone-template_ssl-l4-list_auth-handshake_server-name-list

Specification  
Type list
Block object keys  

server-cert

Description Server Certificate associated to SNI (Server Certificate Name)

Type: string

Maximum Length: 255 characters

Maximum Length: 1 characters

server-encrypted

Description Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string)

server-key

Description Server Private Key associated to SNI (Server Private Key Name)

Type: string

Maximum Length: 255 characters

Maximum Length: 1 characters

server-name

Description Server name indication in Client hello extension (Server name String)

Type: string

Maximum Length: 255 characters

Maximum Length: 1 characters

server-passphrase

Description Password Phrase

Type: string

Format: password

Maximum Length: 63 characters

Maximum Length: 1 characters

zone-template_ssl-l4-list_src

Specification  
Type object

rate-limit

Description: rate-limit is a JSON Block. Please see below for zone-template_ssl-l4-list_src_rate-limit

Type: Object

zone-template_ssl-l4-list_src_rate-limit

Specification  
Type object

request

Description: request is a JSON Block. Please see below for zone-template_ssl-l4-list_src_rate-limit_request

Type: Object

zone-template_ssl-l4-list_src_rate-limit_request

Specification  
Type object

src-request-rate-limit

Description

Type: number

Range: 1-16000000

src-request-rate-limit-action

Description ‘drop’: Drop packets (Default); ‘ignore’: Take no action; ‘reset’: Reset client connection;

Type: string

Supported Values: drop, ignore, reset

Mutual Exclusion: src-request-rate-limit-action and src-request-rate-limit-action-list-name are mutually exclusive

src-request-rate-limit-action-list-name

Description Configure action-list to take

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: src-request-rate-limit-action-list-name and src-request-rate-limit-action are mutually exclusive

Refernce Object: /axapi/v3/ddos/action-list

zone-template_ssl-l4-list_dst

Specification  
Type object

rate-limit

Description: rate-limit is a JSON Block. Please see below for zone-template_ssl-l4-list_dst_rate-limit

Type: Object

zone-template_ssl-l4-list_dst_rate-limit

Specification  
Type object

request

Description: request is a JSON Block. Please see below for zone-template_ssl-l4-list_dst_rate-limit_request

Type: Object

zone-template_ssl-l4-list_dst_rate-limit_request

Specification  
Type object

dst-request-rate-limit

Description

Type: number

Range: 1-16000000

dst-request-rate-limit-action

Description ‘drop’: Drop packets (Default); ‘ignore’: Take no action; ‘reset’: Reset client connection;

Type: string

Supported Values: drop, ignore, reset

Mutual Exclusion: dst-request-rate-limit-action and dst-request-rate-limit-action-list-name are mutually exclusive

dst-request-rate-limit-action-list-name

Description Configure action-list to take

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: dst-request-rate-limit-action-list-name and dst-request-rate-limit-action are mutually exclusive

Refernce Object: /axapi/v3/ddos/action-list

zone-template_ssl-l4-list_renegotiation

Specification  
Type object

num-renegotiation

Description Number of renegotiation allowed

Type: number

Range: 0-7

ssl-l4-reneg-action

Description ‘drop’: Drop packets (Default); ‘ignore’: Take no action; ‘blacklist-src’: Blacklist-src; ‘reset’: Reset client connection;

Type: string

Supported Values: drop, ignore, blacklist-src, reset

Mutual Exclusion: ssl-l4-reneg-action and ssl-l4-reneg-action-list-name are mutually exclusive

ssl-l4-reneg-action-list-name

Description Configure action-list to take

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: ssl-l4-reneg-action-list-name and ssl-l4-reneg-action are mutually exclusive

Refernce Object: /axapi/v3/ddos/action-list

zone-template_dns-list

Specification  
Type list
Block object keys  

allow-query-class

Description: allow-query-class is a JSON Block. Please see below for zone-template_dns-list_allow-query-class

Type: Object

allow-record-type

Description: allow-record-type is a JSON Block. Please see below for zone-template_dns-list_allow-record-type

Type: Object

dns-any-check

Description Drop DNS queries of Type ANY

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dns-any-check-action

Description ‘drop’: Drop packets (Default); ‘ignore’: Take no action; ‘blacklist-src’: Blacklist-src; ‘reset’: Reset client connection;

Type: string

Supported Values: drop, ignore, blacklist-src, reset

Mutual Exclusion: dns-any-check-action and dns-any-check-action-list-name are mutually exclusive

dns-any-check-action-list-name

Description Configure action-list to take

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: dns-any-check-action-list-name and dns-any-check-action are mutually exclusive

Refernce Object: /axapi/v3/ddos/action-list

dns-udp-authentication

Description: dns-udp-authentication is a JSON Block. Please see below for zone-template_dns-list_dns-udp-authentication

Type: Object

domain-group-name

Description Apply a domain-group to the DNS template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

dst

Description: dst is a JSON Block. Please see below for zone-template_dns-list_dst

Type: Object

fqdn-label-count-cfg

Description: fqdn-label-count-cfg is a JSON Block. Please see below for zone-template_dns-list_fqdn-label-count-cfg

Type: Object

fqdn-label-len-cfg

Type: List

malformed-query-check

Description: malformed-query-check is a JSON Block. Please see below for zone-template_dns-list_malformed-query-check

Type: Object

Refernce Object: /axapi/v3/ddos/zone-template/dns/{name}/malformed-query-check

name

Description

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

on-no-match

Description ‘permit’: permit; ‘deny’: deny;

Type: string

Supported Values: permit, deny

Default: deny

src

Description: src is a JSON Block. Please see below for zone-template_dns-list_src

Type: Object

symtimeout-cfg

Description: symtimeout-cfg is a JSON Block. Please see below for zone-template_dns-list_symtimeout-cfg

Type: Object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-template_dns-list_src

Specification  
Type object

rate-limit

Description: rate-limit is a JSON Block. Please see below for zone-template_dns-list_src_rate-limit

Type: Object

zone-template_dns-list_src_rate-limit

Specification  
Type object

nxdomain

Description: nxdomain is a JSON Block. Please see below for zone-template_dns-list_src_rate-limit_nxdomain

Type: Object

request

Description: request is a JSON Block. Please see below for zone-template_dns-list_src_rate-limit_request

Type: Object

zone-template_dns-list_src_rate-limit_request

Specification  
Type object

src-dns-request-rate-limit-action

Description ‘drop’: Drop packets (Default); ‘ignore’: Take no action; ‘blacklist-src’: Blacklist-src; ‘reset’: Reset client connection;

Type: string

Supported Values: drop, ignore, blacklist-src, reset

Mutual Exclusion: src-dns-request-rate-limit-action and src-dns-request-rate-limit-action-list-name are mutually exclusive

src-dns-request-rate-limit-action-list-name

Description Configure action-list to take

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: src-dns-request-rate-limit-action-list-name and src-dns-request-rate-limit-action are mutually exclusive

Refernce Object: /axapi/v3/ddos/action-list

type

Description: type is a JSON Block. Please see below for zone-template_dns-list_src_rate-limit_request_type

Type: Object

zone-template_dns-list_src_rate-limit_request_type

Specification  
Type object

A-cfg

Description: A-cfg is a JSON Block. Please see below for zone-template_dns-list_src_rate-limit_request_type_A-cfg

Type: Object

AAAA-cfg

Description: AAAA-cfg is a JSON Block. Please see below for zone-template_dns-list_src_rate-limit_request_type_AAAA-cfg

Type: Object

CNAME-cfg

Description: CNAME-cfg is a JSON Block. Please see below for zone-template_dns-list_src_rate-limit_request_type_CNAME-cfg

Type: Object

MX-cfg

Description: MX-cfg is a JSON Block. Please see below for zone-template_dns-list_src_rate-limit_request_type_MX-cfg

Type: Object

NS-cfg

Description: NS-cfg is a JSON Block. Please see below for zone-template_dns-list_src_rate-limit_request_type_NS-cfg

Type: Object

SRV-cfg

Description: SRV-cfg is a JSON Block. Please see below for zone-template_dns-list_src_rate-limit_request_type_SRV-cfg

Type: Object

dns-type-cfg

Type: List

zone-template_dns-list_src_rate-limit_request_type_SRV-cfg

Specification  
Type object

SRV

Description Service locator

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

src-dns-srv-rate

Description DNS request rate

Type: number

Range: 1-16000000

zone-template_dns-list_src_rate-limit_request_type_CNAME-cfg

Specification  
Type object

CNAME

Description Canonical name record

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

src-dns-cname-rate

Description

Type: number

Range: 1-16000000

zone-template_dns-list_src_rate-limit_request_type_dns-type-cfg

Specification  
Type list
Block object keys  

src-dns-request-type

Description Other type value

Type: number

Range: 1-65535

src-dns-request-type-rate

Description request rate limit

Type: number

Range: 1-16000000

zone-template_dns-list_src_rate-limit_request_type_AAAA-cfg

Specification  
Type object

AAAA

Description IPv6 address record

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

src-dns-aaaa-rate

Description

Type: number

Range: 1-16000000

zone-template_dns-list_src_rate-limit_request_type_A-cfg

Specification  
Type object

A

Description Address record

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

src-dns-a-rate

Description

Type: number

Range: 1-16000000

zone-template_dns-list_src_rate-limit_request_type_MX-cfg

Specification  
Type object

MX

Description Mail exchange record

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

src-dns-mx-rate

Description

Type: number

Range: 1-16000000

zone-template_dns-list_src_rate-limit_request_type_NS-cfg

Specification  
Type object

NS

Description Name server record

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

src-dns-ns-rate

Description

Type: number

Range: 1-16000000

zone-template_dns-list_src_rate-limit_nxdomain

Specification  
Type object

dns-nxdomain-rate

Description Limiting rate

Type: number

Range: 1-16000000

dns-nxdomain-rate-limit-action

Description ‘drop’: Drop packets (Default); ‘ignore’: Take no action; ‘blacklist-src’: Blacklist-src; ‘reset’: Reset client connection;

Type: string

Supported Values: drop, ignore, blacklist-src, reset

Mutual Exclusion: dns-nxdomain-rate-limit-action and dns-nxdomain-rate-limit-action-list-name are mutually exclusive

dns-nxdomain-rate-limit-action-list-name

Description Configure action-list to take

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: dns-nxdomain-rate-limit-action-list-name and dns-nxdomain-rate-limit-action are mutually exclusive

Refernce Object: /axapi/v3/ddos/action-list

zone-template_dns-list_fqdn-label-count-cfg

Specification  
Type object

fqdn-label-count-action

Description ‘drop’: Drop packets (Default); ‘ignore’: Take no action; ‘blacklist-src’: Blacklist-src; ‘reset’: Send reset to client;

Type: string

Supported Values: drop, ignore, blacklist-src, reset

Mutual Exclusion: fqdn-label-count-action and fqdn-label-count-action-list-name are mutually exclusive

fqdn-label-count-action-list-name

Description Configure action-list to take

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: fqdn-label-count-action-list-name and fqdn-label-count-action are mutually exclusive

Refernce Object: /axapi/v3/ddos/action-list

label-count

Description Maximum number of FQDN labels per FQDN

Type: number

Range: 1-10

zone-template_dns-list_malformed-query-check

Specification  
Type object

dns-malformed-query-action

Description ‘drop’: Drop packets (Default); ‘ignore’: Take no action; ‘blacklist-src’: Blacklist-src; ‘reset’: Reset client connection;

Type: string

Supported Values: drop, ignore, blacklist-src, reset

Mutual Exclusion: dns-malformed-query-action and dns-malformed-query-action-list-name are mutually exclusive

dns-malformed-query-action-list-name

Description Configure action-list to take

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: dns-malformed-query-action-list-name and dns-malformed-query-action are mutually exclusive

Refernce Object: /axapi/v3/ddos/action-list

non-query-opcode-check

Description ‘disable’: When malform check is enabled, TPS always drops DNS query with non query opcode, this option disables this opcode check;

Type: string

Supported Values: disable

skip-multi-packet-check

Description Bypass DNS fragmented and TCP segmented Queries(Default: dropped)

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

validation-type

Description ‘basic-header-check’: Basic header validation for DNS TCP/UDP queries; ‘extended-header-check’: Extended header/query validation for DNS TCP/UDP queries; ‘disable’: Disable Malform query validation for DNS TCP/UDP;

Type: string

Supported Values: basic-header-check, extended-header-check, disable

zone-template_dns-list_dst

Specification  
Type object

rate-limit

Description: rate-limit is a JSON Block. Please see below for zone-template_dns-list_dst_rate-limit

Type: Object

zone-template_dns-list_dst_rate-limit

Specification  
Type object

fqdn

Description: fqdn is a JSON Block. Please see below for zone-template_dns-list_dst_rate-limit_fqdn

Type: Object

request

Description: request is a JSON Block. Please see below for zone-template_dns-list_dst_rate-limit_request

Type: Object

zone-template_dns-list_dst_rate-limit_request

Specification  
Type object

dst-dns-request-rate-limit-action

Description ‘drop’: Drop packets (Default); ‘ignore’: Take no action; ‘reset’: Reset client connection; ‘blacklist-src’: Blacklist-src;

Type: string

Supported Values: drop, ignore, reset, blacklist-src

Mutual Exclusion: dst-dns-request-rate-limit-action and dst-dns-request-rate-limit-action-list-name are mutually exclusive

dst-dns-request-rate-limit-action-list-name

Description Configure action-list to take

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: dst-dns-request-rate-limit-action-list-name and dst-dns-request-rate-limit-action are mutually exclusive

Refernce Object: /axapi/v3/ddos/action-list

type

Description: type is a JSON Block. Please see below for zone-template_dns-list_dst_rate-limit_request_type

Type: Object

zone-template_dns-list_dst_rate-limit_request_type

Specification  
Type object

A-cfg

Description: A-cfg is a JSON Block. Please see below for zone-template_dns-list_dst_rate-limit_request_type_A-cfg

Type: Object

AAAA-cfg

Description: AAAA-cfg is a JSON Block. Please see below for zone-template_dns-list_dst_rate-limit_request_type_AAAA-cfg

Type: Object

CNAME-cfg

Description: CNAME-cfg is a JSON Block. Please see below for zone-template_dns-list_dst_rate-limit_request_type_CNAME-cfg

Type: Object

MX-cfg

Description: MX-cfg is a JSON Block. Please see below for zone-template_dns-list_dst_rate-limit_request_type_MX-cfg

Type: Object

NS-cfg

Description: NS-cfg is a JSON Block. Please see below for zone-template_dns-list_dst_rate-limit_request_type_NS-cfg

Type: Object

SRV-cfg

Description: SRV-cfg is a JSON Block. Please see below for zone-template_dns-list_dst_rate-limit_request_type_SRV-cfg

Type: Object

dns-type-cfg

Type: List

zone-template_dns-list_dst_rate-limit_request_type_SRV-cfg

Specification  
Type object

SRV

Description Service locator

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dns-srv-rate

Description DNS request rate

Type: number

Range: 1-16000000

zone-template_dns-list_dst_rate-limit_request_type_CNAME-cfg

Specification  
Type object

CNAME

Description Canonical name record

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dns-cname-rate

Description

Type: number

Range: 1-16000000

zone-template_dns-list_dst_rate-limit_request_type_dns-type-cfg

Specification  
Type list
Block object keys  

dns-request-type

Description Other type value

Type: number

Range: 1-65535

dns-request-type-rate

Description request rate limit

Type: number

Range: 1-16000000

zone-template_dns-list_dst_rate-limit_request_type_AAAA-cfg

Specification  
Type object

AAAA

Description IPv6 address record

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dns-aaaa-rate

Description

Type: number

Range: 1-16000000

zone-template_dns-list_dst_rate-limit_request_type_A-cfg

Specification  
Type object

A

Description Address record

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dns-a-rate

Description

Type: number

Range: 1-16000000

zone-template_dns-list_dst_rate-limit_request_type_MX-cfg

Specification  
Type object

MX

Description Mail exchange record

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dns-mx-rate

Description

Type: number

Range: 1-16000000

zone-template_dns-list_dst_rate-limit_request_type_NS-cfg

Specification  
Type object

NS

Description Name server record

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dns-ns-rate

Description

Type: number

Range: 1-16000000

zone-template_dns-list_dst_rate-limit_fqdn

Specification  
Type object

dns-fqdn-rate-cfg

Type: List

dns-fqdn-rate-limit-action

Description ‘drop’: Drop packets (Default); ‘ignore’: Take no action; ‘reset’: Reset client connection; ‘blacklist-src’: Blacklist-src;

Type: string

Supported Values: drop, ignore, reset, blacklist-src

Mutual Exclusion: dns-fqdn-rate-limit-action and dns-fqdn-rate-limit-action-list-name are mutually exclusive

dns-fqdn-rate-limit-action-list-name

Description Configure action-list to take

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: dns-fqdn-rate-limit-action-list-name and dns-fqdn-rate-limit-action are mutually exclusive

Refernce Object: /axapi/v3/ddos/action-list

zone-template_dns-list_dst_rate-limit_fqdn_dns-fqdn-rate-cfg

Specification  
Type list
Block object keys  

dns-fqdn-rate

Description Limiting rate (Range: 5-8000 for FQDN domain based rate limiting, 5-16000000 for FQDN label count based rate limiting)

Type: number

Range: 5-16000000

fqdn-rate-label-count

Description FQDN label count (Range: 1-8)

Type: number

Range: 1-8

fqdn-rate-suffix

Description Suffix count

Type: number

Range: 1-5

per

Description ‘domain-name’: Domain Name; ‘src-ip’: Source IP address; ‘label-count’: FQDN label count;

Type: string

Supported Values: domain-name, src-ip, label-count

per-domain-per-src-ip

Description Use both Domain Name and Source IP address for rate-limiting

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

zone-template_dns-list_allow-record-type

Specification  
Type object

allow-a-type

Description Address record

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

allow-aaaa-type

Description IPv6 address record

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

allow-cname-type

Description Canonical name record

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

allow-mx-type

Description Mail exchange record

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

allow-ns-type

Description Name server record

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

allow-record-type-action

Description ‘drop’: Drop packets (Default); ‘blacklist-src’: Blacklist-src; ‘reset’: Reset client connection;

Type: string

Supported Values: drop, blacklist-src, reset

Mutual Exclusion: allow-record-type-action and allow-record-type-action-list-name are mutually exclusive

allow-record-type-action-list-name

Description Configure action-list to take

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: allow-record-type-action-list-name and allow-record-type-action are mutually exclusive

Refernce Object: /axapi/v3/ddos/action-list

allow-srv-type

Description Service locator

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

record-num-cfg

Type: List

zone-template_dns-list_allow-record-type_record-num-cfg

Specification  
Type list
Block object keys  

allow-num-type

Description Other record type value

Type: number

Range: 1-65535

zone-template_dns-list_allow-query-class

Specification  
Type object

allow-any-query-class

Description ANY query class

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

allow-chaos-query-class

Description CHAOS query class

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

allow-csnet-query-class

Description CSNET query class

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

allow-hesiod-query-class

Description HESIOD query class

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

allow-internet-query-class

Description INTERNET query class

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

allow-none-query-class

Description NONE query class

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

allow-query-class-action

Description ‘drop’: Drop packets (Default); ‘blacklist-src’: Blacklist-src; ‘reset’: Reset client connection;

Type: string

Supported Values: drop, blacklist-src, reset

Mutual Exclusion: allow-query-class-action and allow-query-class-action-list-name are mutually exclusive

allow-query-class-action-list-name

Description Configure action-list to take when query class doesn’t match

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: allow-query-class-action-list-name and allow-query-class-action are mutually exclusive

Refernce Object: /axapi/v3/ddos/action-list

zone-template_dns-list_dns-udp-authentication

Specification  
Type object

dns-udp-auth-fail-action

Description ‘drop’: Drop packets (Default); ‘blacklist-src’: Blacklist-src;

Type: string

Supported Values: drop, blacklist-src

Mutual Exclusion: dns-udp-auth-fail-action and dns-udp-auth-fail-action-list-name are mutually exclusive

dns-udp-auth-fail-action-list-name

Description Configure action-list to take for failing the authentication. (Applicable to dns-udp retry only)

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: dns-udp-auth-fail-action-list-name and dns-udp-auth-fail-action are mutually exclusive

Refernce Object: /axapi/v3/ddos/action-list

dns-udp-auth-pass-action

Description ‘authenticate-src’: authenticate-src (Default);

Type: string

Supported Values: authenticate-src

Mutual Exclusion: dns-udp-auth-pass-action and dns-udp-auth-pass-action-list-name are mutually exclusive

dns-udp-auth-pass-action-list-name

Description Configure action-list to take for passing the authentication

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: dns-udp-auth-pass-action-list-name and dns-udp-auth-pass-action are mutually exclusive

Refernce Object: /axapi/v3/ddos/action-list

force-tcp-cfg

Description: force-tcp-cfg is a JSON Block. Please see below for zone-template_dns-list_dns-udp-authentication_force-tcp-cfg

Type: Object

min-delay

Description Optional minimum delay (seconds) between DNS retransmits for authentication to pass

Type: number

Range: 1-15

Mutual Exclusion: min-delay and force-tcp are mutually exclusive

udp-timeout

Description UDP authentication timeout in seconds

Type: number

Range: 1-16

Mutual Exclusion: udp-timeout and force-tcp are mutually exclusive

zone-template_dns-list_dns-udp-authentication_force-tcp-cfg

Specification  
Type object

force-tcp

Description Force DNS request over TCP

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: force-tcp udp-timeout and min-delay are mutually exclusive

force-tcp-ignore-client-source-port

Description Allow client to retransmit DNS request using different source port during udp-auth (supported in asymmetric mode only)

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

force-tcp-min-delay

Description Optional minimum delay (seconds) between DNS retransmits for authentication to pass

Type: number

Range: 1-15

force-tcp-timeout

Description UDP authentication timeout in seconds

Type: number

Range: 1-16

zone-template_dns-list_fqdn-label-len-cfg

Specification  
Type list
Block object keys  

fqdn-label-length-action

Description ‘drop’: Drop packets (Default); ‘ignore’: Take no action; ‘blacklist-src’: Blacklist-src; ‘reset’: Reset client connection;

Type: string

Supported Values: drop, ignore, blacklist-src, reset

Mutual Exclusion: fqdn-label-length-action and fqdn-label-length-action-list-name are mutually exclusive

fqdn-label-length-action-list-name

Description Configure action-list to take

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: fqdn-label-length-action-list-name and fqdn-label-length-action are mutually exclusive

Refernce Object: /axapi/v3/ddos/action-list

fqdn-label-suffix

Description Number of suffixes

Type: number

Range: 1-5

label-length

Description Maximum length of FQDN label

Type: number

Range: 1-63

zone-template_dns-list_symtimeout-cfg

Specification  
Type object

sym-timeout

Description Timeout for DNS Symmetric session

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

sym-timeout-value

Description Session timeout value in seconds

Type: number

Range: 1-31

zone-template_icmp-v4-list

Specification  
Type list
Block object keys  

icmp-tmpl-name

Description DDOS ICMPv4 Template Name

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

type-list

type-other

Description: type-other is a JSON Block. Please see below for zone-template_icmp-v4-list_type-other

Type: Object

Refernce Object: /axapi/v3/ddos/zone-template/icmp-v4/{icmp-tmpl-name}/type-other

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-template_icmp-v4-list_type-other

Specification  
Type object

dst

Description: dst is a JSON Block. Please see below for zone-template_icmp-v4-list_type-other_dst

Type: Object

icmp-type-other-action

Description ‘drop’: Reject wildcard ICMP type; ‘blacklist-src’: Blacklist-src wildcard ICMP type; ‘ignore’: Ignore wildcard ICMP type;

Type: string

Supported Values: drop, blacklist-src, ignore

Mutual Exclusion: icmp-type-other-action and icmp-type-other-action-list-name are mutually exclusive

icmp-type-other-action-list-name

Description Configure action-list to take for wildcard ICMP match

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: icmp-type-other-action-list-name and icmp-type-other-action are mutually exclusive

Refernce Object: /axapi/v3/ddos/action-list

src

Description: src is a JSON Block. Please see below for zone-template_icmp-v4-list_type-other_src

Type: Object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-template_icmp-v4-list_type-other_src

Specification  
Type object

src-type-other-rate

Description Specify the whole src rate for wildcard ICMP type

Type: number

Range: 1-16000000

src-type-other-rate-action

Description ‘drop’: Drop packets for rate exceed (Default); ‘blacklist-src’: Blacklist-src for rate exceed; ‘ignore’: Do nothing for rate exceed;

Type: string

Supported Values: drop, blacklist-src, ignore

Mutual Exclusion: src-type-other-rate-action and src-type-other-rate-action-list-name are mutually exclusive

src-type-other-rate-action-list-name

Description Configure action-list to take for rate exceed

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: src-type-other-rate-action-list-name and src-type-other-rate-action are mutually exclusive

Refernce Object: /axapi/v3/ddos/action-list

zone-template_icmp-v4-list_type-other_dst

Specification  
Type object

dst-type-other-rate

Description Specify the whole dst rate for wildcard ICMP type

Type: number

Range: 1-16000000

dst-type-other-rate-action

Description ‘drop’: Drop packets for rate exceed (Default); ‘blacklist-src’: Blacklist-src for rate exceed; ‘ignore’: Do nothing for rate exceed;

Type: string

Supported Values: drop, blacklist-src, ignore

Mutual Exclusion: dst-type-other-rate-action and dst-type-other-rate-action-list-name are mutually exclusive

dst-type-other-rate-action-list-name

Description Configure action-list to take for rate exceed

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: dst-type-other-rate-action-list-name and dst-type-other-rate-action are mutually exclusive

Refernce Object: /axapi/v3/ddos/action-list

zone-template_icmp-v4-list_type-list

Specification  
Type list
Block object keys  

dst-code-other-rate

Description Specify the rate with other code

Type: number

Range: 1-16000000

dst-code-other-rate-action

Description ‘drop’: Drop packets for rate exceed (Default); ‘blacklist-src’: Blacklist-src for rate exceed; ‘ignore’: Do nothing for rate exceed;

Type: string

Supported Values: drop, blacklist-src, ignore

Mutual Exclusion: dst-code-other-rate-action and dst-code-other-rate-action-list-name are mutually exclusive

dst-code-other-rate-action-list-name

Description Configure action-list to take for rate exceed

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: dst-code-other-rate-action-list-name and dst-code-other-rate-action are mutually exclusive

Refernce Object: /axapi/v3/ddos/action-list

icmp-type-action

Description ‘drop’: Reject this ICMP type; ‘blacklist-src’: Blacklist-src this ICMP type; ‘ignore’: Ignore this ICMP type;

Type: string

Supported Values: drop, blacklist-src, ignore

Mutual Exclusion: icmp-type-action and icmp-type-action-list-name are mutually exclusive

icmp-type-action-list-name

Description Configure action-list to take for this ICMP type

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: icmp-type-action-list-name and icmp-type-action are mutually exclusive

Refernce Object: /axapi/v3/ddos/action-list

src-code-other-rate

Description Specify the rate with other code

Type: number

Range: 1-16000000

src-code-other-rate-action

Description ‘drop’: Drop packets for rate exceed (Default); ‘blacklist-src’: Blacklist-src for rate exceed; ‘ignore’: Do nothing for rate exceed;

Type: string

Supported Values: drop, blacklist-src, ignore

Mutual Exclusion: src-code-other-rate-action and src-code-other-rate-action-list-name are mutually exclusive

src-code-other-rate-action-list-name

Description Configure action-list to take for rate exceed

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: src-code-other-rate-action-list-name and src-code-other-rate-action are mutually exclusive

Refernce Object: /axapi/v3/ddos/action-list

type-number

Description Specify ICMP type number

Type: number

Range: 0-255

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

v4-dst-code-cfg

Type: List

v4-dst-rate-cfg

Description: v4-dst-rate-cfg is a JSON Block. Please see below for zone-template_icmp-v4-list_type-list_v4-dst-rate-cfg

Type: Object

v4-src-code-cfg

Type: List

v4-src-rate-cfg

Description: v4-src-rate-cfg is a JSON Block. Please see below for zone-template_icmp-v4-list_type-list_v4-src-rate-cfg

Type: Object

zone-template_icmp-v4-list_type-list_v4-src-rate-cfg

Specification  
Type object

src-type-rate

Description Specify the whole src rate for this type

Type: number

Range: 1-16000000

src-type-rate-action

Description ‘drop’: Drop packets for rate exceed (Default); ‘blacklist-src’: Blacklist-src for rate exceed; ‘ignore’: Do nothing for rate exceed;

Type: string

Supported Values: drop, blacklist-src, ignore

Mutual Exclusion: src-type-rate-action and src-type-rate-action-list-name are mutually exclusive

src-type-rate-action-list-name

Description Configure action-list to take for rate exceed

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: src-type-rate-action-list-name and src-type-rate-action are mutually exclusive

Refernce Object: /axapi/v3/ddos/action-list

zone-template_icmp-v4-list_type-list_v4-dst-code-cfg

Specification  
Type list
Block object keys  

dst-code-number

Description Specify the ICMP code for this dst rate

Type: number

Range: 0-255

dst-code-rate

Description Specify the rate with the code

Type: number

Range: 1-16000000

dst-code-rate-action

Description ‘drop’: Drop packets for rate exceed (Default); ‘blacklist-src’: Blacklist-src for rate exceed; ‘ignore’: Do nothing for rate exceed;

Type: string

Supported Values: drop, blacklist-src, ignore

Mutual Exclusion: dst-code-rate-action and dst-code-rate-action-list-name are mutually exclusive

dst-code-rate-action-list-name

Description Configure action-list to take for rate exceed

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: dst-code-rate-action-list-name and dst-code-rate-action are mutually exclusive

Refernce Object: /axapi/v3/ddos/action-list

zone-template_icmp-v4-list_type-list_v4-src-code-cfg

Specification  
Type list
Block object keys  

src-code-number

Description Specify the ICMP code for this src rate

Type: number

Range: 0-255

src-code-rate

Description Specify the rate with the code

Type: number

Range: 1-16000000

src-code-rate-action

Description ‘drop’: Drop packets for rate exceed (Default); ‘blacklist-src’: Blacklist-src for rate exceed; ‘ignore’: Do nothing for rate exceed;

Type: string

Supported Values: drop, blacklist-src, ignore

Mutual Exclusion: src-code-rate-action and src-code-rate-action-list-name are mutually exclusive

src-code-rate-action-list-name

Description Configure action-list to take for rate exceed

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: src-code-rate-action-list-name and src-code-rate-action are mutually exclusive

Refernce Object: /axapi/v3/ddos/action-list

zone-template_icmp-v4-list_type-list_v4-dst-rate-cfg

Specification  
Type object

dst-type-rate

Description Specify the whole dst rate for this type

Type: number

Range: 1-16000000

dst-type-rate-action

Description ‘drop’: Drop packets for rate exceed (Default); ‘blacklist-src’: Blacklist-src for rate exceed; ‘ignore’: Do nothing for rate exceed;

Type: string

Supported Values: drop, blacklist-src, ignore

Mutual Exclusion: dst-type-rate-action and dst-type-rate-action-list-name are mutually exclusive

dst-type-rate-action-list-name

Description Configure action-list to take for rate exceed

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: dst-type-rate-action-list-name and dst-type-rate-action are mutually exclusive

Refernce Object: /axapi/v3/ddos/action-list

zone-template_tcp-list

Specification  
Type list
Block object keys  

ack-authentication

Description: ack-authentication is a JSON Block. Please see below for zone-template_tcp-list_ack-authentication

Type: Object

action-on-ack-rto-retry-count

Description Take action if ack-auth RTO-authentication fail over retry time(default:5)

Type: number

Range: 2-10

action-on-syn-rto-retry-count

Description Take action if syn-auth RTO-authentication fail over retry time(default:5)

Type: number

Range: 2-10

age

Description Session age in minutes

Type: number

Range: 1-63

allow-syn-otherflags

Description Treat TCP SYN+PSH as a TCP SYN (tcp ports support only)

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

concurrent

Description Enable concurrent port access for non-matching ports (DST support only)

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

conn-rate-limit-on-syn-only

Description Only count SYN-initiated connections towards connection-rate tracking

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

filter-list

known-resp-src-port-cfg

Description: known-resp-src-port-cfg is a JSON Block. Please see below for zone-template_tcp-list_known-resp-src-port-cfg

Type: Object

name

Description

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

out-of-seq-cfg

Description: out-of-seq-cfg is a JSON Block. Please see below for zone-template_tcp-list_out-of-seq-cfg

Type: Object

per-conn-out-of-seq-rate-cfg

Description: per-conn-out-of-seq-rate-cfg is a JSON Block. Please see below for zone-template_tcp-list_per-conn-out-of-seq-rate-cfg

Type: Object

per-conn-pkt-rate-cfg

Description: per-conn-pkt-rate-cfg is a JSON Block. Please see below for zone-template_tcp-list_per-conn-pkt-rate-cfg

Type: Object

per-conn-rate-interval

Description ‘100ms’: 100ms; ‘1sec’: 1sec; ’10sec’: 10sec;

Type: string

Supported Values: 100ms, 1sec, 10sec

Default: 1sec

per-conn-retransmit-rate-cfg

Description: per-conn-retransmit-rate-cfg is a JSON Block. Please see below for zone-template_tcp-list_per-conn-retransmit-rate-cfg

Type: Object

per-conn-zero-win-rate-cfg

Description: per-conn-zero-win-rate-cfg is a JSON Block. Please see below for zone-template_tcp-list_per-conn-zero-win-rate-cfg

Type: Object

retransmit-cfg

Description: retransmit-cfg is a JSON Block. Please see below for zone-template_tcp-list_retransmit-cfg

Type: Object

syn-authentication

Description: syn-authentication is a JSON Block. Please see below for zone-template_tcp-list_syn-authentication

Type: Object

syn-cookie

Description Enable SYN Cookie

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zero-win-cfg

Description: zero-win-cfg is a JSON Block. Please see below for zone-template_tcp-list_zero-win-cfg

Type: Object

zone-template_tcp-list_zero-win-cfg

Specification  
Type object

zero-win

Description Take action if zero window pkts exceed configured threshold

Type: number

Range: 1-250

Mutual Exclusion: zero-win and per-conn-zero-win-rate-limit are mutually exclusive

zero-win-action

Description ‘drop’: Drop packets for zero-win exceed (Default); ‘blacklist-src’: help Blacklist-src for zero-win exceed; ‘ignore’: Ignore zero-win exceed;

Type: string

Supported Values: drop, blacklist-src, ignore

Default: drop

Mutual Exclusion: zero-win-action and zero-win-action-list-name are mutually exclusive

zero-win-action-list-name

Description Configure action-list to take for zero window exceed

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: zero-win-action-list-name and zero-win-action are mutually exclusive

Refernce Object: /axapi/v3/ddos/action-list

zone-template_tcp-list_retransmit-cfg

Specification  
Type object

retransmit

Description Take action if retransmit pkts exceed configured threshold

Type: number

Range: 1-64000

Mutual Exclusion: retransmit and per-conn-retransmit-rate-limit are mutually exclusive

retransmit-action

Description ‘drop’: Drop packets for retrans exceed (Default); ‘blacklist-src’: help Blacklist-src for retrans exceed; ‘ignore’: help Ignore retrans exceed;

Type: string

Supported Values: drop, blacklist-src, ignore

Default: drop

Mutual Exclusion: retransmit-action and retransmit-action-list-name are mutually exclusive

retransmit-action-list-name

Description Configure action-list to take for retransmit exceed

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: retransmit-action-list-name and retransmit-action are mutually exclusive

Refernce Object: /axapi/v3/ddos/action-list

zone-template_tcp-list_syn-authentication

Specification  
Type object

syn-auth-fail-action

Description ‘drop’: Drop packets (Default); ‘blacklist-src’: Blacklist-src; ‘reset’: Send reset to client (Applicable to retransmit-check only);

Type: string

Supported Values: drop, blacklist-src, reset

Mutual Exclusion: syn-auth-fail-action and syn-auth-fail-action-list-name are mutually exclusive

syn-auth-fail-action-list-name

Description Configure action-list to take for failing the authentication.

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: syn-auth-fail-action-list-name and syn-auth-fail-action are mutually exclusive

syn-auth-min-delay

Description Minimum delay (in 100ms intervals) between SYN retransmits for retransmit-check to pass

Type: number

Range: 1-80

Mutual Exclusion: syn-auth-min-delay and syn-auth-type are mutually exclusive

syn-auth-pass-action

Description ‘authenticate-src’: authenticate-src (Default);

Type: string

Supported Values: authenticate-src

Mutual Exclusion: syn-auth-pass-action and syn-auth-pass-action-list-name are mutually exclusive

syn-auth-pass-action-list-name

Description Configure action-list to take for passing the authentication

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: syn-auth-pass-action-list-name and syn-auth-pass-action are mutually exclusive

syn-auth-rto

Description Estimate the RTO and apply the exponential back-off for authentication

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

syn-auth-timeout

Description syn retransmit timeout in seconds(default timeout: 5 seconds)

Type: number

Range: 1-31

Mutual Exclusion: syn-auth-timeout and syn-auth-type are mutually exclusive

syn-auth-type

Description ‘send-rst’: Send reset to client after syn cookie check pass; ‘force-rst-by-ack’: Send client a bad ack after syn cookie check pass; ‘force-rst-by-synack’: Send client a bad synack after syn cookie check pass;

Type: string

Supported Values: send-rst, force-rst-by-ack, force-rst-by-synack

Mutual Exclusion: syn-auth-type syn-auth-timeout and syn-auth-min-delay are mutually exclusive

zone-template_tcp-list_per-conn-retransmit-rate-cfg

Specification  
Type object

per-conn-retransmit-rate-action

Description ‘drop’: Drop packets for retrans rate exceed (Default); ‘blacklist-src’: help Blacklist-src for retrans rate exceed; ‘ignore’: help Ignore retrans rate exceed;

Type: string

Supported Values: drop, blacklist-src, ignore

Default: drop

Mutual Exclusion: per-conn-retransmit-rate-action and per-conn-retransmit-rate-action-list-name are mutually exclusive

per-conn-retransmit-rate-action-list-name

Description Configure action-list to take for retransmit rate exceed

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: per-conn-retransmit-rate-action-list-name and per-conn-retransmit-rate-action are mutually exclusive

Refernce Object: /axapi/v3/ddos/action-list

per-conn-retransmit-rate-limit

Description Take action if retransmit pkt rate exceed configured threshold

Type: number

Range: 1-16000000

Mutual Exclusion: per-conn-retransmit-rate-limit and retransmit are mutually exclusive

zone-template_tcp-list_per-conn-out-of-seq-rate-cfg

Specification  
Type object

per-conn-out-of-seq-rate-action

Description ‘drop’: Drop packets for out-of-seq rate exceed (Default); ‘blacklist-src’: help Blacklist-src for out-of-seq rate exceed; ‘ignore’: help Ignore out-of-seq rate exceed;

Type: string

Supported Values: drop, blacklist-src, ignore

Default: drop

Mutual Exclusion: per-conn-out-of-seq-rate-action and per-conn-out-of-seq-rate-action-list-name are mutually exclusive

per-conn-out-of-seq-rate-action-list-name

Description Configure action-list to take for out-of-seq rate exceed

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: per-conn-out-of-seq-rate-action-list-name and per-conn-out-of-seq-rate-action are mutually exclusive

Refernce Object: /axapi/v3/ddos/action-list

per-conn-out-of-seq-rate-limit

Description Take action if out-of-seq pkt rate exceed configured threshold

Type: number

Range: 1-16000000

Mutual Exclusion: per-conn-out-of-seq-rate-limit and out-of-seq are mutually exclusive

zone-template_tcp-list_ack-authentication

Specification  
Type object

ack-auth-fail-action

Description ‘drop’: Drop packets (Default); ‘blacklist-src’: Blacklist-src; ‘reset’: Send reset to client;

Type: string

Supported Values: drop, blacklist-src, reset

Mutual Exclusion: ack-auth-fail-action and ack-auth-fail-action-list-name are mutually exclusive

ack-auth-fail-action-list-name

Description Configure action-list to take for failing the authentication.

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: ack-auth-fail-action-list-name and ack-auth-fail-action are mutually exclusive

ack-auth-min-delay

Description Minimum delay (in 100ms intervals) between ACK retransmits for retransmit-check to pass

Type: number

Range: 1-80

ack-auth-only

Description Apply retransmit-check only once per source address for authentication purpose

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

ack-auth-pass-action

Description ‘authenticate-src’: authenticate-src (Default);

Type: string

Supported Values: authenticate-src

Mutual Exclusion: ack-auth-pass-action and ack-auth-pass-action-list-name are mutually exclusive

ack-auth-pass-action-list-name

Description Configure action-list to take for passing the authentication

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: ack-auth-pass-action-list-name and ack-auth-pass-action are mutually exclusive

ack-auth-rto

Description Estimate the RTO and apply the exponential back-off for authentication

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

ack-auth-timeout

Description ack retransmit timeout in seconds(default timeout: 5 seconds)

Type: number

Range: 1-31

zone-template_tcp-list_per-conn-zero-win-rate-cfg

Specification  
Type object

per-conn-zero-win-rate-action

Description ‘drop’: Drop packets for zero-win rate exceed (Default); ‘blacklist-src’: help Blacklist-src for zero-win rate exceed; ‘ignore’: Ignore zero-win rate exceed;

Type: string

Supported Values: drop, blacklist-src, ignore

Default: drop

Mutual Exclusion: per-conn-zero-win-rate-action and per-conn-zero-win-rate-action-list-name are mutually exclusive

per-conn-zero-win-rate-action-list-name

Description Configure action-list to take for zero window rate exceed

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: per-conn-zero-win-rate-action-list-name and per-conn-zero-win-rate-action are mutually exclusive

Refernce Object: /axapi/v3/ddos/action-list

per-conn-zero-win-rate-limit

Description Take action if zero window pkt rate exceed configured threshold

Type: number

Range: 1-16000000

Mutual Exclusion: per-conn-zero-win-rate-limit and zero-win are mutually exclusive

zone-template_tcp-list_out-of-seq-cfg

Specification  
Type object

out-of-seq

Description Take action if out-of-seq pkts exceed configured threshold

Type: number

Range: 1-64000

Mutual Exclusion: out-of-seq and per-conn-out-of-seq-rate-limit are mutually exclusive

out-of-seq-action

Description ‘drop’: Drop packets for out-of-seq exceed (Default); ‘blacklist-src’: help Blacklist-src for out-of-seq exceed; ‘ignore’: help Ignore out-of-seq exceed;

Type: string

Supported Values: drop, blacklist-src, ignore

Default: drop

Mutual Exclusion: out-of-seq-action and out-of-seq-action-list-name are mutually exclusive

out-of-seq-action-list-name

Description Configure action-list to take for out-of-seq exceed

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: out-of-seq-action-list-name and out-of-seq-action are mutually exclusive

Refernce Object: /axapi/v3/ddos/action-list

zone-template_tcp-list_filter-list

Specification  
Type list
Block object keys  

byte-offset-filter

Description Filter using Berkeley Packet Filter syntax

Type: string

Format: string-rlx

Maximum Length: 1275 characters

Maximum Length: 1 characters

tcp-filter-action

Description ‘drop’: Drop packets (Default); ‘ignore’: Take no action; ‘blacklist-src’: Blacklist-src; ‘authenticate-src’: Authenticate-src;

Type: string

Supported Values: drop, ignore, blacklist-src, authenticate-src

Mutual Exclusion: tcp-filter-action and tcp-filter-action-list-name are mutually exclusive

tcp-filter-action-list-name

Description Configure action-list to take

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: tcp-filter-action-list-name and tcp-filter-action are mutually exclusive

Refernce Object: /axapi/v3/ddos/action-list

tcp-filter-inverse-match

Description Inverse the result of the matching

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

tcp-filter-name

Description

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

tcp-filter-regex

Description Regex Expression

Type: string

Format: string-rlx

Maximum Length: 1275 characters

Maximum Length: 1 characters

tcp-filter-seq

Description Sequence number

Type: number

Range: 1-200

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-template_tcp-list_per-conn-pkt-rate-cfg

Specification  
Type object

per-conn-pkt-rate-action

Description ‘drop’: Drop packets for per-conn-pkt-rate exceed (Default); ‘blacklist-src’: help Blacklist-src for per-conn-pkt-rate exceed; ‘ignore’: Ignore per-conn-pkt-rate-exceed;

Type: string

Supported Values: drop, blacklist-src, ignore

Default: drop

Mutual Exclusion: per-conn-pkt-rate-action and per-conn-pkt-rate-action-list-name are mutually exclusive

per-conn-pkt-rate-action-list-name

Description Configure action-list to take for per-conn-pkt-rate exceed

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: per-conn-pkt-rate-action-list-name and per-conn-pkt-rate-action are mutually exclusive

Refernce Object: /axapi/v3/ddos/action-list

per-conn-pkt-rate-limit

Description Packet rate limit per connection per rate-interval

Type: number

Range: 1-16000000

zone-template_tcp-list_known-resp-src-port-cfg

Specification  
Type object

exclude-src-resp-port

Description Exclude src port equal to dst port

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

known-resp-src-port

Description Take action if src-port is less than 1024

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

known-resp-src-port-action

Description ‘drop’: Drop packets from well-known src-port(Default); ‘blacklist-src’: Blacklist-src from well-known src-port; ‘ignore’: Ignore well-known src-port;

Type: string

Supported Values: drop, blacklist-src, ignore

Mutual Exclusion: known-resp-src-port-action and known-resp-src-port-action-list-name are mutually exclusive

known-resp-src-port-action-list-name

Description Configure action-list to take for well-known src-port

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: known-resp-src-port-action-list-name and known-resp-src-port-action are mutually exclusive

Refernce Object: /axapi/v3/ddos/action-list

zone-template_encap-list

Specification  
Type list
Block object keys  

encap-tmpl-name

Description DDOS Tunnel Template Name

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

tunnel-encap

Description: tunnel-encap is a JSON Block. Please see below for zone-template_encap-list_tunnel-encap

Type: Object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-template_encap-list_tunnel-encap

Specification  
Type object

gre-cfg

Description: gre-cfg is a JSON Block. Please see below for zone-template_encap-list_tunnel-encap_gre-cfg

Type: Object

ip-cfg

Description: ip-cfg is a JSON Block. Please see below for zone-template_encap-list_tunnel-encap_ip-cfg

Type: Object

zone-template_encap-list_tunnel-encap_ip-cfg

Specification  
Type object

always

Description: always is a JSON Block. Please see below for zone-template_encap-list_tunnel-encap_ip-cfg_always

Type: Object

ip-encap

Description Enable Tunnel encap for IP packets

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

zone-template_encap-list_tunnel-encap_ip-cfg_always

Specification  
Type object

ipv4-addr

Description IPv4 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)

Type: string

Format: ipv4-address

ipv6-addr

Description IPv6 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)

Type: string

Format: ipv6-address

zone-template_encap-list_tunnel-encap_gre-cfg

Specification  
Type object

gre-always

Description: gre-always is a JSON Block. Please see below for zone-template_encap-list_tunnel-encap_gre-cfg_gre-always

Type: Object

gre-encap

Description Enable Tunnel encap for GRE packets

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

zone-template_encap-list_tunnel-encap_gre-cfg_gre-always

Specification  
Type object

gre-ipv4

Description IPv4 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)

Type: string

Format: ipv4-address

gre-ipv6

Description IPv6 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)

Type: string

Format: ipv6-address

key-ipv4

Description Encapsulate with key in hexadecimal

Type: string

Maximum Length: 8 characters

Maximum Length: 1 characters

key-ipv6

Description Encapsulate with key in hexadecimal

Type: string

Maximum Length: 8 characters

Maximum Length: 1 characters

zone-template_udp-list

Specification  
Type list
Block object keys  

age

Description Configure session age(in minutes) for UDP sessions

Type: number

Range: 1-63

filter-list

known-resp-src-port-cfg

Description: known-resp-src-port-cfg is a JSON Block. Please see below for zone-template_udp-list_known-resp-src-port-cfg

Type: Object

max-payload-size-cfg

Description: max-payload-size-cfg is a JSON Block. Please see below for zone-template_udp-list_max-payload-size-cfg

Type: Object

min-payload-size-cfg

Description: min-payload-size-cfg is a JSON Block. Please see below for zone-template_udp-list_min-payload-size-cfg

Type: Object

name

Description DDOS UDP Template Name

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

ntp-monlist-cfg

Description: ntp-monlist-cfg is a JSON Block. Please see below for zone-template_udp-list_ntp-monlist-cfg

Type: Object

per-conn-pkt-rate-cfg

Description: per-conn-pkt-rate-cfg is a JSON Block. Please see below for zone-template_udp-list_per-conn-pkt-rate-cfg

Type: Object

per-conn-rate-interval

Description ‘100ms’: 100ms; ‘1sec’: 1sec;

Type: string

Supported Values: 100ms, 1sec

Default: 1sec

spoof-detect-fail-action

Description ‘drop’: Drop packets (Default); ‘blacklist-src’: Blacklist-src for spoof-detect fail;

Type: string

Supported Values: drop, blacklist-src

Mutual Exclusion: spoof-detect-fail-action and spoof-detect-fail-action-list-name are mutually exclusive

spoof-detect-fail-action-list-name

Description Configure action-list to take for failing the authentication

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: spoof-detect-fail-action-list-name and spoof-detect-fail-action are mutually exclusive

spoof-detect-min-delay

Description Optional minimum delay (seconds) between UDP retransmits for authentication to pass

Type: number

Range: 1-30

spoof-detect-pass-action

Description ‘authenticate-src’: authenticate-src (Default);

Type: string

Supported Values: authenticate-src

Mutual Exclusion: spoof-detect-pass-action and spoof-detect-pass-action-list-name are mutually exclusive

spoof-detect-pass-action-list-name

Description Configure action-list to take for passing the authentication

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: spoof-detect-pass-action-list-name and spoof-detect-pass-action are mutually exclusive

spoof-detect-retry-timeout

Description Timeout in seconds

Type: number

Range: 1-31

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-template_udp-list_max-payload-size-cfg

Specification  
Type object

max-payload-size

Description Maximum UDP payload size for each single packet

Type: number

Range: 1-1470

max-payload-size-action

Description ‘drop’: Drop packets for max-payload-size exceed (Default); ‘blacklist-src’: Blacklist-src for max-payload-size exceed; ‘ignore’: Do nothing for max-payload-size exceed;

Type: string

Supported Values: drop, blacklist-src, ignore

Mutual Exclusion: max-payload-size-action and max-payload-size-action-list-name are mutually exclusive

max-payload-size-action-list-name

Description Configure action-list to take for max-payload-size exceed

Type: string

Format: string-rlx

Maximum Length: 64 characters

Maximum Length: 1 characters

Mutual Exclusion: max-payload-size-action-list-name and max-payload-size-action are mutually exclusive

Refernce Object: /axapi/v3/ddos/action-list

zone-template_udp-list_ntp-monlist-cfg

Specification  
Type object

ntp-monlist

Description Take action for ntp monlist request/response

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

ntp-monlist-action

Description ‘drop’: Drop packets for ntp-monlist (Default); ‘blacklist-src’: Blacklist-src for ntp-monlist; ‘ignore’: Ignore ntp-monlist;

Type: string

Supported Values: drop, blacklist-src, ignore

Mutual Exclusion: ntp-monlist-action and ntp-monlist-action-list-name are mutually exclusive

ntp-monlist-action-list-name

Description Configure action-list to take for ntp-monlist

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: ntp-monlist-action-list-name and ntp-monlist-action are mutually exclusive

Refernce Object: /axapi/v3/ddos/action-list

zone-template_udp-list_known-resp-src-port-cfg

Specification  
Type object

exclude-src-resp-port

Description Exclude src port equal to dst port

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

known-resp-src-port

Description Take action if src-port is less than 1024

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

known-resp-src-port-action

Description ‘drop’: Drop packets from well-known src-port(Default); ‘blacklist-src’: Blacklist-src from well-known src-port; ‘ignore’: Ignore well-known src-port;

Type: string

Supported Values: drop, blacklist-src, ignore

Mutual Exclusion: known-resp-src-port-action and known-resp-src-port-action-list-name are mutually exclusive

known-resp-src-port-action-list-name

Description Configure action-list to take for well-known src-port

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: known-resp-src-port-action-list-name and known-resp-src-port-action are mutually exclusive

Refernce Object: /axapi/v3/ddos/action-list

zone-template_udp-list_min-payload-size-cfg

Specification  
Type object

min-payload-size

Description Minimum UDP payload size for each single packet

Type: number

Range: 1-1470

min-payload-size-action

Description ‘drop’: Drop packets for min-payload-size (Default); ‘blacklist-src’: Blacklist-src for min-payload-size; ‘ignore’: Do nothing for min-payload-size exceed;

Type: string

Supported Values: drop, blacklist-src, ignore

Mutual Exclusion: min-payload-size-action and min-payload-size-action-list-name are mutually exclusive

min-payload-size-action-list-name

Description Configure action-list to take for min-payload-size exceed

Type: string

Format: string-rlx

Maximum Length: 64 characters

Maximum Length: 1 characters

Mutual Exclusion: min-payload-size-action-list-name and min-payload-size-action are mutually exclusive

Refernce Object: /axapi/v3/ddos/action-list

zone-template_udp-list_filter-list

Specification  
Type list
Block object keys  

byte-offset-filter

Description Filter using Berkeley Packet Filter syntax

Type: string

Format: string-rlx

Maximum Length: 1275 characters

Maximum Length: 1 characters

udp-filter-action

Description ‘drop’: Drop packets (Default); ‘ignore’: Take no action; ‘blacklist-src’: Blacklist-src; ‘authenticate-src’: Authenticate-src;

Type: string

Supported Values: drop, ignore, blacklist-src, authenticate-src

Mutual Exclusion: udp-filter-action and udp-filter-action-list-name are mutually exclusive

udp-filter-action-list-name

Description Configure action-list to take

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: udp-filter-action-list-name and udp-filter-action are mutually exclusive

udp-filter-inverse-match

Description Inverse the result of the matching

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

udp-filter-name

Description

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

udp-filter-regex

Description Regex Expression

Type: string

Format: string-rlx

Maximum Length: 1275 characters

Maximum Length: 1 characters

udp-filter-seq

Description Sequence number

Type: number

Range: 1-200

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-template_udp-list_per-conn-pkt-rate-cfg

Specification  
Type object

per-conn-pkt-rate-action

Description ‘drop’: Drop packets for per-conn-pkt-rate exceed (Default); ‘blacklist-src’: help Blacklist-src for per-conn-pkt-rate exceed; ‘ignore’: Ignore per-conn-pkt-rate-exceed;

Type: string

Supported Values: drop, blacklist-src, ignore

Mutual Exclusion: per-conn-pkt-rate-action and per-conn-pkt-rate-action-list-name are mutually exclusive

per-conn-pkt-rate-action-list-name

Description Configure action-list to take for per-conn-pkt-rate exceed

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: per-conn-pkt-rate-action-list-name and per-conn-pkt-rate-action are mutually exclusive

Refernce Object: /axapi/v3/ddos/action-list

per-conn-pkt-rate-limit

Description Packet rate limit per connection per rate-interval

Type: number

Range: 1-16000000

zone-template_http-list

Specification  
Type list
Block object keys  

challenge

Description: challenge is a JSON Block. Please see below for zone-template_http-list_challenge

Type: Object

client-source-ip

Description: client-source-ip is a JSON Block. Please see below for zone-template_http-list_client-source-ip

Type: Object

dst

Description: dst is a JSON Block. Please see below for zone-template_http-list_dst

Type: Object

filter-list

http-tmpl-name

Description DDOS HTTP Template Name

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

idle-timeout

Description: idle-timeout is a JSON Block. Please see below for zone-template_http-list_idle-timeout

Type: Object

malformed-http

Description: malformed-http is a JSON Block. Please see below for zone-template_http-list_malformed-http

Type: Object

Refernce Object: /axapi/v3/ddos/zone-template/http/{http-tmpl-name}/malformed-http

mss-timeout

Description: mss-timeout is a JSON Block. Please see below for zone-template_http-list_mss-timeout

Type: Object

out-of-order-queue-size

Description Set the out-of-order queue size for HTTP packets (asym mode only)

Type: number

Range: 0-15

Default: 3

out-of-order-queue-timeout

Description Set the timeout value for out-of-order queue in HTTP (asym mode only)

Type: number

Range: 0-15

Default: 3

request-header

Description: request-header is a JSON Block. Please see below for zone-template_http-list_request-header

Type: Object

slow-read

Description: slow-read is a JSON Block. Please see below for zone-template_http-list_slow-read

Type: Object

src

Description: src is a JSON Block. Please see below for zone-template_http-list_src

Type: Object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-template_http-list_client-source-ip

Specification  
Type object

client-source-ip

Description Mitigate on src ip specified by http header for example X-Forwarded-For header. Default is disabled

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

http-header-name

Description Set the http header name to parse for client ip. Default is X-Forwarded-For

Type: string

Maximum Length: 63 characters

Maximum Length: 1 characters

Default: X-Forwarded-For

zone-template_http-list_dst

Specification  
Type object

rate-limit

Description: rate-limit is a JSON Block. Please see below for zone-template_http-list_dst_rate-limit

Type: Object

zone-template_http-list_dst_rate-limit

Specification  
Type object

http-post

Description: http-post is a JSON Block. Please see below for zone-template_http-list_dst_rate-limit_http-post

Type: Object

http-request

Description: http-request is a JSON Block. Please see below for zone-template_http-list_dst_rate-limit_http-request

Type: Object

response-size

Description: response-size is a JSON Block. Please see below for zone-template_http-list_dst_rate-limit_response-size

Type: Object

zone-template_http-list_dst_rate-limit_response-size

Specification  
Type object

between-cfg

Type: List

greater-cfg

Type: List

less-cfg

Type: List

response-size-action

Description ‘drop’: Drop packets (Default); ‘ignore’: Take no action; ‘blacklist-src’: Blacklist-src; ‘reset’: Reset client connection;

Type: string

Supported Values: drop, ignore, blacklist-src, reset

Mutual Exclusion: response-size-action and response-size-action-list-name are mutually exclusive

response-size-action-list-name

Description Configure action-list to take

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: response-size-action-list-name and response-size-action are mutually exclusive

Refernce Object: /axapi/v3/ddos/action-list

zone-template_http-list_dst_rate-limit_response-size_between-cfg

Specification  
Type list
Block object keys  

obj-between-rate

Description Response rate limit

Type: number

Range: 1-16000000

obj-between1

Description Response size configuration

Type: number

Range: 1-16000000

obj-between2

Description Response size configuration

Type: number

Range: 1-16000000

zone-template_http-list_dst_rate-limit_response-size_greater-cfg

Specification  
Type list
Block object keys  

obj-greater

Description Response size configuration

Type: number

Range: 1-16000000

obj-greater-rate

Description Response rate limit

Type: number

Range: 1-16000000

zone-template_http-list_dst_rate-limit_response-size_less-cfg

Specification  
Type list
Block object keys  

obj-less

Description Response size configuration

Type: number

Range: 1-16000000

obj-less-rate

Description Response rate limit

Type: number

Range: 1-16000000

zone-template_http-list_dst_rate-limit_http-post

Specification  
Type object

dst-post-rate-limit

Description

Type: number

Range: 1-16000000

dst-post-rate-limit-action

Description ‘drop’: Drop packets(Default); ‘ignore’: Take no action; ‘reset’: Reset client connection; ‘blacklist-src’: Blacklist-src;

Type: string

Supported Values: drop, ignore, reset, blacklist-src

Mutual Exclusion: dst-post-rate-limit-action and dst-post-rate-limit-action-list-name are mutually exclusive

dst-post-rate-limit-action-list-name

Description Configure action-list to take

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: dst-post-rate-limit-action-list-name and dst-post-rate-limit-action are mutually exclusive

Refernce Object: /axapi/v3/ddos/action-list

zone-template_http-list_dst_rate-limit_http-request

Specification  
Type object

dst-request-rate

Description

Type: number

Range: 1-16000000

dst-request-rate-limit-action

Description ‘drop’: Drop packets (Default); ‘ignore’: Take no action; ‘reset’: Reset client connection; ‘blacklist-src’: Blacklist-src;

Type: string

Supported Values: drop, ignore, reset, blacklist-src

Mutual Exclusion: dst-request-rate-limit-action and dst-request-rate-limit-action-list-name are mutually exclusive

dst-request-rate-limit-action-list-name

Description Configure action-list to take

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: dst-request-rate-limit-action-list-name and dst-request-rate-limit-action are mutually exclusive

Refernce Object: /axapi/v3/ddos/action-list

zone-template_http-list_src

Specification  
Type object

rate-limit

Description: rate-limit is a JSON Block. Please see below for zone-template_http-list_src_rate-limit

Type: Object

zone-template_http-list_src_rate-limit

Specification  
Type object

http-post

Description: http-post is a JSON Block. Please see below for zone-template_http-list_src_rate-limit_http-post

Type: Object

http-request

Description: http-request is a JSON Block. Please see below for zone-template_http-list_src_rate-limit_http-request

Type: Object

zone-template_http-list_src_rate-limit_http-post

Specification  
Type object

src-post-rate-limit

Description

Type: number

Range: 1-16000000

src-post-rate-limit-action

Description ‘drop’: Drop packets(Default); ‘ignore’: Take no action; ‘reset’: Reset client connection; ‘blacklist-src’: Blacklist-src;

Type: string

Supported Values: drop, ignore, reset, blacklist-src

Mutual Exclusion: src-post-rate-limit-action and src-post-rate-limit-action-list-name are mutually exclusive

src-post-rate-limit-action-list-name

Description Configure action-list to take

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: src-post-rate-limit-action-list-name and src-post-rate-limit-action are mutually exclusive

Refernce Object: /axapi/v3/ddos/action-list

zone-template_http-list_src_rate-limit_http-request

Specification  
Type object

src-request-rate

Description

Type: number

Range: 1-16000000

src-request-rate-limit-action

Description ‘drop’: Drop packets (Default); ‘ignore’: Take no action; ‘reset’: Reset client connection; ‘blacklist-src’: Blacklist-src;

Type: string

Supported Values: drop, ignore, reset, blacklist-src

Mutual Exclusion: src-request-rate-limit-action and src-request-rate-limit-action-list-name are mutually exclusive

src-request-rate-limit-action-list-name

Description Configure action-list to take

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: src-request-rate-limit-action-list-name and src-request-rate-limit-action are mutually exclusive

Refernce Object: /axapi/v3/ddos/action-list

zone-template_http-list_challenge

Specification  
Type object

challenge-cookie-name

Description Set the cookie name used to send back to client. Default is sto-idd

Type: string

Maximum Length: 63 characters

Maximum Length: 1 characters

Default: sto-idd

challenge-fail-action

Description ‘blacklist-src’: Blacklist-src; ‘reset’: Reset client connection(Default);

Type: string

Supported Values: blacklist-src, reset

Mutual Exclusion: challenge-fail-action and challenge-fail-action-list-name are mutually exclusive

challenge-fail-action-list-name

Description Configure action-list to take for failing the authentication

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: challenge-fail-action-list-name and challenge-fail-action are mutually exclusive

Refernce Object: /axapi/v3/ddos/action-list

challenge-interval

Description Specify the challenge interval. Default is 8 seconds

Type: number

Range: 1-31

Default: 8

challenge-keep-cookie

Description Keep the challenge cookie from client and forward to backend. Default is do not keep

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

challenge-method

Description ‘http-redirect’: http-redirect; ‘javascript’: javascript;

Type: string

Supported Values: http-redirect, javascript

challenge-pass-action

Description ‘authenticate-src’: Authenticate-src (Default);

Type: string

Supported Values: authenticate-src

Mutual Exclusion: challenge-pass-action and challenge-pass-action-list-name are mutually exclusive

challenge-pass-action-list-name

Description Configure action-list to take for passing the authentication

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: challenge-pass-action-list-name and challenge-pass-action are mutually exclusive

Refernce Object: /axapi/v3/ddos/action-list

challenge-redirect-code

Description ‘302’: 302 Found; ‘307’: 307 Temporary Redirect;

Type: string

Supported Values: 302, 307

Default: 302

challenge-uri-encode

Description Encode the challenge phrase in uri instead of in http cookie. Default encoded in http cookie

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

zone-template_http-list_idle-timeout

Specification  
Type object

idle-timeout-action

Description ‘drop’: Drop packets (Default); ‘blacklist-src’: Blacklist-src; ‘reset’: Reset client connection;

Type: string

Supported Values: drop, blacklist-src, reset

Mutual Exclusion: idle-timeout-action and idle-timeout-action-list-name are mutually exclusive

idle-timeout-action-list-name

Description Configure action-list to take

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: idle-timeout-action-list-name and idle-timeout-action are mutually exclusive

Refernce Object: /axapi/v3/ddos/action-list

idle-timeout-value

Description Set the the idle timeout value for HTTP connections

Type: number

Range: 1-63

ignore-zero-payload

Description Don’t reset idle timer on packets with zero payload length from clients

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

zone-template_http-list_slow-read

Specification  
Type object

min-window-count

Description Number of packets

Type: number

Range: 1-31

min-window-size

Description minimum window size

Type: number

Range: 1-65535

slow-read-action

Description ‘drop’: Drop packets (Default); ‘blacklist-src’: Blacklist-src; ‘ignore’: Take no action; ‘reset’: Reset client connection;

Type: string

Supported Values: drop, blacklist-src, ignore, reset

Mutual Exclusion: slow-read-action and slow-read-action-list-name are mutually exclusive

slow-read-action-list-name

Description Configure action-list to take

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: slow-read-action-list-name and slow-read-action are mutually exclusive

Refernce Object: /axapi/v3/ddos/action-list

zone-template_http-list_request-header

Specification  
Type object

header-timeout-action

Description ‘drop’: Drop packets (Default); ‘blacklist-src’: Blacklist-src; ‘reset’: Reset client connection;

Type: string

Supported Values: drop, blacklist-src, reset

Mutual Exclusion: header-timeout-action and header-timeout-action-list-name are mutually exclusive

header-timeout-action-list-name

Description Configure action-list to take

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: header-timeout-action-list-name and header-timeout-action are mutually exclusive

Refernce Object: /axapi/v3/ddos/action-list

timeout

Description

Type: number

Range: 1-63

zone-template_http-list_filter-list

Specification  
Type list
Block object keys  

dst

Description: dst is a JSON Block. Please see below for zone-template_http-list_filter-list_dst

Type: Object

http-agent-cfg

Description: http-agent-cfg is a JSON Block. Please see below for zone-template_http-list_filter-list_http-agent-cfg

Type: Object

http-filter-action

Description ‘drop’: Drop packets (Default); ‘ignore’: Take no action; ‘blacklist-src’: Blacklist-src; ‘authenticate-src’: Authenticate-src; ‘reset’: Reset client connection;

Type: string

Supported Values: drop, ignore, blacklist-src, authenticate-src, reset

Mutual Exclusion: http-filter-action and http-filter-action-list-name are mutually exclusive

http-filter-action-list-name

Description Configure action-list to take

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: http-filter-action-list-name and http-filter-action are mutually exclusive

Refernce Object: /axapi/v3/ddos/action-list

http-filter-name

Description

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

http-filter-seq

Description Sequence number

Type: number

Range: 1-200

http-header-cfg

Description: http-header-cfg is a JSON Block. Please see below for zone-template_http-list_filter-list_http-header-cfg

Type: Object

http-referer-cfg

Description: http-referer-cfg is a JSON Block. Please see below for zone-template_http-list_filter-list_http-referer-cfg

Type: Object

http-uri-cfg

Description: http-uri-cfg is a JSON Block. Please see below for zone-template_http-list_filter-list_http-uri-cfg

Type: Object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-template_http-list_filter-list_http-uri-cfg

Specification  
Type object

uri-contains-cfg

Type: List

uri-ends-cfg

Type: List

uri-equal-cfg

Type: List

uri-starts-cfg

Type: List

zone-template_http-list_filter-list_http-uri-cfg_uri-equal-cfg

Specification  
Type list
Block object keys  

http-filter-uri-equals

Description

Type: string

Format: string-rlx

Maximum Length: 127 characters

Maximum Length: 1 characters

zone-template_http-list_filter-list_http-uri-cfg_uri-starts-cfg

Specification  
Type list
Block object keys  

http-filter-uri-starts-with

Description

Type: string

Format: string-rlx

Maximum Length: 127 characters

Maximum Length: 1 characters

zone-template_http-list_filter-list_http-uri-cfg_uri-ends-cfg

Specification  
Type list
Block object keys  

http-filter-uri-ends-with

Description

Type: string

Format: string-rlx

Maximum Length: 127 characters

Maximum Length: 1 characters

zone-template_http-list_filter-list_http-uri-cfg_uri-contains-cfg

Specification  
Type list
Block object keys  

http-filter-uri-contains

Description

Type: string

Format: string-rlx

Maximum Length: 127 characters

Maximum Length: 1 characters

zone-template_http-list_filter-list_dst

Specification  
Type object

http-filter-rate-limit

Description Set rate limit

Type: number

Range: 1-16000000

zone-template_http-list_filter-list_http-agent-cfg

Specification  
Type object

agent-contains-cfg

Type: List

agent-ends-cfg

Type: List

agent-equals-cfg

Type: List

agent-starts-cfg

Type: List

zone-template_http-list_filter-list_http-agent-cfg_agent-contains-cfg

Specification  
Type list
Block object keys  

http-filter-agent-contains

Description

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

zone-template_http-list_filter-list_http-agent-cfg_agent-ends-cfg

Specification  
Type list
Block object keys  

http-filter-agent-ends-with

Description

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

zone-template_http-list_filter-list_http-agent-cfg_agent-equals-cfg

Specification  
Type list
Block object keys  

http-filter-agent-equals

Description

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

zone-template_http-list_filter-list_http-agent-cfg_agent-starts-cfg

Specification  
Type list
Block object keys  

http-filter-agent-starts-with

Description

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

zone-template_http-list_filter-list_http-header-cfg

Specification  
Type object

http-filter-header-inverse-match

Description

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

http-filter-header-regex

Description Regex Expression

Type: string

Format: string-rlx

Maximum Length: 1275 characters

Maximum Length: 1 characters

zone-template_http-list_filter-list_http-referer-cfg

Specification  
Type object

referer-contains-cfg

Type: List

referer-ends-cfg

Type: List

referer-equals-cfg

Type: List

referer-starts-cfg

Type: List

zone-template_http-list_filter-list_http-referer-cfg_referer-equals-cfg

Specification  
Type list
Block object keys  

http-filter-referer-equals

Description

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

zone-template_http-list_filter-list_http-referer-cfg_referer-starts-cfg

Specification  
Type list
Block object keys  

http-filter-referer-starts-with

Description

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

zone-template_http-list_filter-list_http-referer-cfg_referer-contains-cfg

Specification  
Type list
Block object keys  

http-filter-referer-contains

Description

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

zone-template_http-list_filter-list_http-referer-cfg_referer-ends-cfg

Specification  
Type list
Block object keys  

http-filter-referer-ends-with

Description

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

zone-template_http-list_mss-timeout

Specification  
Type object

mss-percent

Description Configure percentage of mss such that if a packet size is below the mss times mss-percent, packet is considered bad.

Type: number

Range: 1-100

mss-timeout-action

Description ‘drop’: Drop packets (Default); ‘ignore’: Take no action; ‘blacklist-src’: Blacklist-src; ‘reset’: Reset client connection;

Type: string

Supported Values: drop, ignore, blacklist-src, reset

Mutual Exclusion: mss-timeout-action and mss-timeout-action-list-name are mutually exclusive

mss-timeout-action-list-name

Description Configure action-list to take

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: mss-timeout-action-list-name and mss-timeout-action are mutually exclusive

Refernce Object: /axapi/v3/ddos/action-list

number-packets

Description Specify percentage of mss. Default is 0, mss-timeout is not enabled.

Type: number

Range: 1-31

zone-template_http-list_malformed-http

Specification  
Type object

malformed-http

Description ‘check’: Configure malformed HTTP parameters;

Type: string

Supported Values: check

Default: check

malformed-http-action

Description ‘drop’: Drop packets (Default); ‘reset’: Reset client connection; ‘blacklist-src’: Blacklist-src;

Type: string

Supported Values: drop, reset, blacklist-src

Mutual Exclusion: malformed-http-action and malformed-http-action-list-name are mutually exclusive

malformed-http-action-list-name

Description Configure action-list to take

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: malformed-http-action-list-name and malformed-http-action are mutually exclusive

Refernce Object: /axapi/v3/ddos/action-list

malformed-http-bad-chunk-mon-enabled

Description Enabling bad chunk monitoring. Default is disabled

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

malformed-http-max-content-length

Description Set the maxinum content-length header. Default value is 2147483647 bytes

Type: number

Range: 1-2147483647

Default: 2147483647

malformed-http-max-header-name-size

Description Set the maxinum header name length. Default value is 64.

Type: number

Range: 1-64

Default: 64

malformed-http-max-line-size

Description Set the maximum line size. Default value is 32512

Type: number

Range: 1-65280

Default: 32512

malformed-http-max-num-headers

Description Set the maximum number of headers. Default value is 90

Type: number

Range: 1-90

Default: 90

malformed-http-max-req-line-size

Description Set the maximum request line size. Default value is 32512

Type: number

Range: 1-65280

Default: 32512

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-template_icmp-v6-list

Specification  
Type list
Block object keys  

icmp-tmpl-name

Description DDOS ICMPv6 Template Name

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

type-list

type-other

Description: type-other is a JSON Block. Please see below for zone-template_icmp-v6-list_type-other

Type: Object

Refernce Object: /axapi/v3/ddos/zone-template/icmp-v6/{icmp-tmpl-name}/type-other

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-template_icmp-v6-list_type-other

Specification  
Type object

dst

Description: dst is a JSON Block. Please see below for zone-template_icmp-v6-list_type-other_dst

Type: Object

icmp-type-other-action

Description ‘drop’: Reject wildcard ICMP type; ‘blacklist-src’: Blacklist-src wildcard ICMP type; ‘ignore’: Ignore wildcard ICMP type;

Type: string

Supported Values: drop, blacklist-src, ignore

Mutual Exclusion: icmp-type-other-action and icmp-type-other-action-list-name are mutually exclusive

icmp-type-other-action-list-name

Description Configure action-list to take for wildcard ICMP match

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: icmp-type-other-action-list-name and icmp-type-other-action are mutually exclusive

Refernce Object: /axapi/v3/ddos/action-list

src

Description: src is a JSON Block. Please see below for zone-template_icmp-v6-list_type-other_src

Type: Object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-template_icmp-v6-list_type-other_src

Specification  
Type object

src-type-other-rate

Description Specify the whole src rate for wildcard ICMP type

Type: number

Range: 1-16000000

src-type-other-rate-action

Description ‘drop’: Drop packets for rate exceed (Default); ‘blacklist-src’: Blacklist-src for rate exceed; ‘ignore’: Do nothing for rate exceed;

Type: string

Supported Values: drop, blacklist-src, ignore

Mutual Exclusion: src-type-other-rate-action and src-type-other-rate-action-list-name are mutually exclusive

src-type-other-rate-action-list-name

Description Configure action-list to take for rate exceed

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: src-type-other-rate-action-list-name and src-type-other-rate-action are mutually exclusive

Refernce Object: /axapi/v3/ddos/action-list

zone-template_icmp-v6-list_type-other_dst

Specification  
Type object

dst-type-other-rate

Description Specify the whole dst rate for wildcard ICMP type

Type: number

Range: 1-16000000

dst-type-other-rate-action

Description ‘drop’: Drop packets for rate exceed (Default); ‘blacklist-src’: Blacklist-src for rate exceed; ‘ignore’: Do nothing for rate exceed;

Type: string

Supported Values: drop, blacklist-src, ignore

Mutual Exclusion: dst-type-other-rate-action and dst-type-other-rate-action-list-name are mutually exclusive

dst-type-other-rate-action-list-name

Description Configure action-list to take for rate exceed

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: dst-type-other-rate-action-list-name and dst-type-other-rate-action are mutually exclusive

Refernce Object: /axapi/v3/ddos/action-list

zone-template_icmp-v6-list_type-list

Specification  
Type list
Block object keys  

dst-code-other-rate

Description Specify the rate with other code

Type: number

Range: 1-16000000

dst-code-other-rate-action

Description ‘drop’: Drop packets for rate exceed (Default); ‘blacklist-src’: Blacklist-src for rate exceed; ‘ignore’: Do nothing for rate exceed;

Type: string

Supported Values: drop, blacklist-src, ignore

Mutual Exclusion: dst-code-other-rate-action and dst-code-other-rate-action-list-name are mutually exclusive

dst-code-other-rate-action-list-name

Description Configure action-list to take for rate exceed

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: dst-code-other-rate-action-list-name and dst-code-other-rate-action are mutually exclusive

Refernce Object: /axapi/v3/ddos/action-list

icmp-type-action

Description ‘drop’: Reject this ICMP type; ‘blacklist-src’: Blacklist-src this ICMP type; ‘ignore’: Ignore this ICMP type;

Type: string

Supported Values: drop, blacklist-src, ignore

Mutual Exclusion: icmp-type-action and icmp-type-action-list-name are mutually exclusive

icmp-type-action-list-name

Description Configure action-list to take for this ICMP type

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: icmp-type-action-list-name and icmp-type-action are mutually exclusive

Refernce Object: /axapi/v3/ddos/action-list

src-code-other-rate

Description Specify the rate with other code

Type: number

Range: 1-16000000

src-code-other-rate-action

Description ‘drop’: Drop packets for rate exceed (Default); ‘blacklist-src’: Blacklist-src for rate exceed; ‘ignore’: Do nothing for rate exceed;

Type: string

Supported Values: drop, blacklist-src, ignore

Mutual Exclusion: src-code-other-rate-action and src-code-other-rate-action-list-name are mutually exclusive

src-code-other-rate-action-list-name

Description Configure action-list to take for rate exceed

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: src-code-other-rate-action-list-name and src-code-other-rate-action are mutually exclusive

Refernce Object: /axapi/v3/ddos/action-list

type-number

Description Specify ICMP type number

Type: number

Range: 0-255

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

v6-dst-code-cfg

Type: List

v6-dst-rate-cfg

Description: v6-dst-rate-cfg is a JSON Block. Please see below for zone-template_icmp-v6-list_type-list_v6-dst-rate-cfg

Type: Object

v6-src-code-cfg

Type: List

v6-src-rate-cfg

Description: v6-src-rate-cfg is a JSON Block. Please see below for zone-template_icmp-v6-list_type-list_v6-src-rate-cfg

Type: Object

zone-template_icmp-v6-list_type-list_v6-dst-rate-cfg

Specification  
Type object

dst-type-rate

Description Specify the whole dst rate for this type

Type: number

Range: 1-16000000

dst-type-rate-action

Description ‘drop’: Drop packets for rate exceed (Default); ‘blacklist-src’: Blacklist-src for rate exceed; ‘ignore’: Do nothing for rate exceed;

Type: string

Supported Values: drop, blacklist-src, ignore

Mutual Exclusion: dst-type-rate-action and dst-type-rate-action-list-name are mutually exclusive

dst-type-rate-action-list-name

Description Configure action-list to take for rate exceed

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: dst-type-rate-action-list-name and dst-type-rate-action are mutually exclusive

Refernce Object: /axapi/v3/ddos/action-list

zone-template_icmp-v6-list_type-list_v6-src-rate-cfg

Specification  
Type object

src-type-rate

Description Specify the whole src rate for this type

Type: number

Range: 1-16000000

src-type-rate-action

Description ‘drop’: Drop packets for rate exceed (Default); ‘blacklist-src’: Blacklist-src for rate exceed; ‘ignore’: Do nothing for rate exceed;

Type: string

Supported Values: drop, blacklist-src, ignore

Mutual Exclusion: src-type-rate-action and src-type-rate-action-list-name are mutually exclusive

src-type-rate-action-list-name

Description Configure action-list to take for rate exceed

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: src-type-rate-action-list-name and src-type-rate-action are mutually exclusive

Refernce Object: /axapi/v3/ddos/action-list

zone-template_icmp-v6-list_type-list_v6-src-code-cfg

Specification  
Type list
Block object keys  

src-code-number

Description Specify the ICMP code for this src rate

Type: number

Range: 0-255

src-code-rate

Description Specify the rate with the code

Type: number

Range: 1-16000000

src-code-rate-action

Description ‘drop’: Drop packets for rate exceed (Default); ‘blacklist-src’: Blacklist-src for rate exceed; ‘ignore’: Do nothing for rate exceed;

Type: string

Supported Values: drop, blacklist-src, ignore

Mutual Exclusion: src-code-rate-action and src-code-rate-action-list-name are mutually exclusive

src-code-rate-action-list-name

Description Configure action-list to take for rate exceed

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: src-code-rate-action-list-name and src-code-rate-action are mutually exclusive

Refernce Object: /axapi/v3/ddos/action-list

zone-template_icmp-v6-list_type-list_v6-dst-code-cfg

Specification  
Type list
Block object keys  

dst-code-number

Description Specify the ICMP code for this dst rate

Type: number

Range: 0-255

dst-code-rate

Description Specify the rate with the code

Type: number

Range: 1-16000000

dst-code-rate-action

Description ‘drop’: Drop packets for rate exceed (Default); ‘blacklist-src’: Blacklist-src for rate exceed; ‘ignore’: Do nothing for rate exceed;

Type: string

Supported Values: drop, blacklist-src, ignore

Mutual Exclusion: dst-code-rate-action and dst-code-rate-action-list-name are mutually exclusive

dst-code-rate-action-list-name

Description Configure action-list to take for rate exceed

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: dst-code-rate-action-list-name and dst-code-rate-action are mutually exclusive

Refernce Object: /axapi/v3/ddos/action-list

zone-profile-list

Specification  
Type list
Block object keys  

ip-proto

Description: ip-proto is a JSON Block. Please see below for zone-profile-list_ip-proto

Type: Object

Refernce Object: /axapi/v3/ddos/zone-profile/{profile-name}/ip-proto

port-list

port-range-list

profile-name

Description Profile for DDoS zone thresholds

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-profile-list_port-range-list

Specification  
Type list
Block object keys  

indicator-list

port-range-end

Description Port-Range End Port Number

Type: number

Range: 2-65535

port-range-start

Description Port-Range Start Port Number

Type: number

Range: 1-65535

protocol

Description ‘dns-tcp’: DNS-TCP Port; ‘dns-udp’: DNS-UDP Port; ‘http’: HTTP Port; ‘tcp’: TCP Port; ‘udp’: UDP Port; ‘ssl-l4’: SSL-L4 Port;

Type: string

Supported Values: dns-tcp, dns-udp, http, tcp, udp, ssl-l4

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-profile-list_port-range-list_indicator-list

Specification  
Type list
Block object keys  

indicator-name

Description ‘pkt-rate’: pkt-rate; ‘pkt-drop-rate’: pkt-drop-rate; ‘pkt-drop-ratio’: pkt-drop-ratio; ‘bytes-to-bytes-from-ratio’: bytes-to-bytes-from-ratio; ‘concurrent-conns’: concurrent-conns; ‘conn-miss-rate’: conn-miss-rate; ‘syn-rate’: syn-rate; ‘fin-rate’: fin-rate; ‘rst-rate’: rst-rate; ‘small-window-ack-rate’: small-window-ack-rate; ‘empty-ack-rate’: empty-ack-rate; ‘small-payload-rate’: small-payload-rate; ‘syn-fin-ratio’: syn-fin-ratio;

Type: string

Supported Values: pkt-rate, pkt-drop-rate, pkt-drop-ratio, bytes-to-bytes-from-ratio, concurrent-conns, conn-miss-rate, syn-rate, fin-rate, rst-rate, small-window-ack-rate, empty-ack-rate, small-payload-rate, syn-fin-ratio

src-threshold-cfg

Description: src-threshold-cfg is a JSON Block. Please see below for zone-profile-list_port-range-list_indicator-list_src-threshold-cfg

Type: Object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-threshold-cfg

Description: zone-threshold-cfg is a JSON Block. Please see below for zone-profile-list_port-range-list_indicator-list_zone-threshold-cfg

Type: Object

zone-profile-list_port-range-list_indicator-list_src-threshold-cfg

Specification  
Type object

src-threshold-num

Description Indicator per-src threshold

Type: number

Range: 0-2147483647

src-threshold-str

Description Indicator per-src threshold

Type: string

Maximum Length: 128 characters

Maximum Length: 1 characters

zone-profile-list_port-range-list_indicator-list_zone-threshold-cfg

Specification  
Type object

zone-threshold-num

Description Threshold for the entire zone

Type: number

Range: 0-2147483647

zone-threshold-str

Description Threshold for the entire zone

Type: string

Maximum Length: 128 characters

Maximum Length: 1 characters

zone-profile-list_port-list

Specification  
Type list
Block object keys  

indicator-list

port-num

Description Port Number

Type: number

Range: 1-65534

port-protocol

Description ‘dns-tcp’: dns-tcp; ‘dns-udp’: dns-udp; ‘http’: http; ‘tcp’: tcp; ‘udp’: udp; ‘ssl-l4’: ssl-l4;

Type: string

Supported Values: dns-tcp, dns-udp, http, tcp, udp, ssl-l4

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-profile-list_port-list_indicator-list

Specification  
Type list
Block object keys  

indicator-name

Description ‘pkt-rate’: pkt-rate; ‘pkt-drop-rate’: pkt-drop-rate; ‘pkt-drop-ratio’: pkt-drop-ratio; ‘bytes-to-bytes-from-ratio’: bytes-to-bytes-from-ratio; ‘concurrent-conns’: concurrent-conns; ‘conn-miss-rate’: conn-miss-rate; ‘syn-rate’: syn-rate; ‘fin-rate’: fin-rate; ‘rst-rate’: rst-rate; ‘small-window-ack-rate’: small-window-ack-rate; ‘empty-ack-rate’: empty-ack-rate; ‘small-payload-rate’: small-payload-rate; ‘syn-fin-ratio’: syn-fin-ratio;

Type: string

Supported Values: pkt-rate, pkt-drop-rate, pkt-drop-ratio, bytes-to-bytes-from-ratio, concurrent-conns, conn-miss-rate, syn-rate, fin-rate, rst-rate, small-window-ack-rate, empty-ack-rate, small-payload-rate, syn-fin-ratio

src-threshold-cfg

Description: src-threshold-cfg is a JSON Block. Please see below for zone-profile-list_port-list_indicator-list_src-threshold-cfg

Type: Object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-threshold-cfg

Description: zone-threshold-cfg is a JSON Block. Please see below for zone-profile-list_port-list_indicator-list_zone-threshold-cfg

Type: Object

zone-profile-list_port-list_indicator-list_src-threshold-cfg

Specification  
Type object

src-threshold-num

Description Indicator per-src threshold

Type: number

Range: 0-2147483647

src-threshold-str

Description Indicator per-src threshold

Type: string

Maximum Length: 128 characters

Maximum Length: 1 characters

zone-profile-list_port-list_indicator-list_zone-threshold-cfg

Specification  
Type object

zone-threshold-num

Description Threshold for the entire zone

Type: number

Range: 0-2147483647

zone-threshold-str

Description Threshold for the entire zone

Type: string

Maximum Length: 128 characters

Maximum Length: 1 characters

zone-profile-list_ip-proto

Specification  
Type object

proto-name-list

proto-number-list

zone-profile-list_ip-proto_proto-number-list

Specification  
Type list
Block object keys  

indicator-list

protocol-num

Description Protocol Number

Type: number

Range: 0-255

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-profile-list_ip-proto_proto-number-list_indicator-list

Specification  
Type list
Block object keys  

indicator-name

Description ‘pkt-rate’: pkt-rate; ‘pkt-drop-rate’: pkt-drop-rate; ‘pkt-drop-ratio’: pkt-drop-ratio; ‘bytes-to-bytes-from-ratio’: bytes-to-bytes-from-ratio; ‘frag-rate’: frag-rate;

Type: string

Supported Values: pkt-rate, pkt-drop-rate, pkt-drop-ratio, bytes-to-bytes-from-ratio, frag-rate

src-threshold-cfg

Description: src-threshold-cfg is a JSON Block. Please see below for zone-profile-list_ip-proto_proto-number-list_indicator-list_src-threshold-cfg

Type: Object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-threshold-cfg

Description: zone-threshold-cfg is a JSON Block. Please see below for zone-profile-list_ip-proto_proto-number-list_indicator-list_zone-threshold-cfg

Type: Object

zone-profile-list_ip-proto_proto-number-list_indicator-list_src-threshold-cfg

Specification  
Type object

src-threshold-num

Description Indicator per-src threshold

Type: number

Range: 0-2147483647

src-threshold-str

Description Indicator per-src threshold

Type: string

Maximum Length: 128 characters

Maximum Length: 1 characters

zone-profile-list_ip-proto_proto-number-list_indicator-list_zone-threshold-cfg

Specification  
Type object

zone-threshold-num

Description Threshold for the entire zone

Type: number

Range: 0-2147483647

zone-threshold-str

Description Threshold for the entire zone

Type: string

Maximum Length: 128 characters

Maximum Length: 1 characters

zone-profile-list_ip-proto_proto-name-list

Specification  
Type list
Block object keys  

indicator-list

protocol

Description ‘icmp-v4’: ip-proto icmp-v4; ‘icmp-v6’: ip-proto icmp-v6; ‘gre’: ip-proto gre; ‘ipv4-encap’: ip-proto IPv4 Encapsulation; ‘ipv6-encap’: ip-proto IPv6 Encapsulation;

Type: string

Supported Values: icmp-v4, icmp-v6, gre, ipv4-encap, ipv6-encap

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-profile-list_ip-proto_proto-name-list_indicator-list

Specification  
Type list
Block object keys  

indicator-name

Description ‘pkt-rate’: pkt-rate; ‘pkt-drop-rate’: pkt-drop-rate; ‘pkt-drop-ratio’: pkt-drop-ratio; ‘bytes-to-bytes-from-ratio’: bytes-to-bytes-from-ratio; ‘frag-rate’: frag-rate;

Type: string

Supported Values: pkt-rate, pkt-drop-rate, pkt-drop-ratio, bytes-to-bytes-from-ratio, frag-rate

src-threshold-cfg

Description: src-threshold-cfg is a JSON Block. Please see below for zone-profile-list_ip-proto_proto-name-list_indicator-list_src-threshold-cfg

Type: Object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-threshold-cfg

Description: zone-threshold-cfg is a JSON Block. Please see below for zone-profile-list_ip-proto_proto-name-list_indicator-list_zone-threshold-cfg

Type: Object

zone-profile-list_ip-proto_proto-name-list_indicator-list_src-threshold-cfg

Specification  
Type object

src-threshold-num

Description Indicator per-src threshold

Type: number

Range: 0-2147483647

src-threshold-str

Description Indicator per-src threshold

Type: string

Maximum Length: 128 characters

Maximum Length: 1 characters

zone-profile-list_ip-proto_proto-name-list_indicator-list_zone-threshold-cfg

Specification  
Type object

zone-threshold-num

Description Threshold for the entire zone

Type: number

Range: 0-2147483647

zone-threshold-str

Description Threshold for the entire zone

Type: string

Maximum Length: 128 characters

Maximum Length: 1 characters

dns-cache-config

Specification  
Type object

enable-cache-warm-up-bgp-advertise

Description Enable route injection during cold boot

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

max-concurrent-zone-transfers

Description: max-concurrent-zone-transfers is a JSON Block. Please see below for dns-cache-config_max-concurrent-zone-transfers

Type: Object

Refernce Object: /axapi/v3/ddos/dns-cache-config/max-concurrent-zone-transfers

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

dns-cache-config_max-concurrent-zone-transfers

Specification  
Type object

operational-mode

Description Number of concurrent zone transfers after boot (default 5)

Type: number

Range: 1-65535

Default: 5

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

warm-up-mode

Description Number of concurrent zone transfers during cold boot (default 65535)

Type: number

Range: 100-65535

Default: 65535

template

Specification  
Type object

dns-list

Type: List

Refernce Object: /axapi/v3/ddos/template/dns/{name}

http-list

icmp-v4-list

icmp-v6-list

logging-list

monitor-list

Type: List

Refernce Object: /axapi/v3/ddos/template/monitor/{id}

other-list

Type: List

Refernce Object: /axapi/v3/ddos/template/other/{name}

ssl-l4-list

tcp-list

Type: List

Refernce Object: /axapi/v3/ddos/template/tcp/{name}

udp-list

Type: List

Refernce Object: /axapi/v3/ddos/template/udp/{name}

template_logging-list

Specification  
Type list
Block object keys  

enable-action-logging

Description Log action taken

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

log-format-cef

Description Log in CEF format

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

log-format-custom

Description Customize log format

Type: string

Format: string-rlx

Maximum Length: 512 characters

Maximum Length: 1 characters

logging-tmpl-name

Description DDOS Logging Template Name

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Default: default

use-obj-name

Description Show obj name instead of ip in the log

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

template_icmp-v6-list

Specification  
Type list
Block object keys  

icmp-tmpl-name

Description DDOS ICMPv6 Template Name

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

type-list

type-other

Description: type-other is a JSON Block. Please see below for template_icmp-v6-list_type-other

Type: Object

Refernce Object: /axapi/v3/ddos/template/icmp-v6/{icmp-tmpl-name}/type-other

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

template_icmp-v6-list_type-other

Specification  
Type object

type-other-deny

Description Deny all other type

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: type-other-deny and type-other-rate are mutually exclusive

type-other-rate

Description Specify rate with other type

Type: number

Range: 1-16000000

Mutual Exclusion: type-other-rate and type-other-deny are mutually exclusive

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

template_icmp-v6-list_type-list

Specification  
Type list
Block object keys  

code

Type: List

code-other

Description: code-other is a JSON Block. Please see below for template_icmp-v6-list_type-list_code-other

Type: Object

type-deny

Description Reject this ICMP type

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: type-deny type-rate and code-other-rate are mutually exclusive

type-number

Description Specify ICMP type number

Type: number

Range: 0-255

type-rate

Description Specify the whole rate with this type

Type: number

Range: 1-16000000

Mutual Exclusion: type-rate and type-deny are mutually exclusive

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

template_icmp-v6-list_type-list_code

Specification  
Type list
Block object keys  

code-number

Description Specify the ICMP code

Type: number

Range: 0-255

code-rate

Description Specify the rate with the code

Type: number

Range: 1-16000000

template_icmp-v6-list_type-list_code-other

Specification  
Type object

code-other-rate

Description Specify rate with other code

Type: number

Range: 1-16000000

Mutual Exclusion: code-other-rate and type-deny are mutually exclusive

template_ssl-l4-list

Specification  
Type list
Block object keys  

action

Description ‘drop’: drop; ‘reset’: reset;

Type: string

Supported Values: drop, reset

Default: drop

allow-non-tls

Description Allow Non-TLS (SSLv3 and lower) traffic (Warning: security may be compromised)

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

auth-config-cfg

Description: auth-config-cfg is a JSON Block. Please see below for template_ssl-l4-list_auth-config-cfg

Type: Object

cert-cfg

Description: cert-cfg is a JSON Block. Please see below for template_ssl-l4-list_cert-cfg

Type: Object

renegotiation

Description Configure renegotiation limiting for SSL (Number of renegotiation allowed)

Type: number

Range: 0-7

request-rate-limit

Description Configure rate limiting for SSL

Type: number

Range: 1-16000000

server-name-list

Type: List

ssl-l4-tmpl-name

Description

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

template_ssl-l4-list_cert-cfg

Specification  
Type object

cert

Description SSL certificate

Type: string

Maximum Length: 255 characters

Maximum Length: 1 characters

key

Description SSL key

Type: string

Maximum Length: 255 characters

Maximum Length: 1 characters

key-encrypted

Description Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string)

key-passphrase

Description Password Phrase

Type: string

Format: password

Maximum Length: 63 characters

Maximum Length: 1 characters

template_ssl-l4-list_auth-config-cfg

Specification  
Type object

auth-handshake-fail-action

Description ‘blacklist-src’: Blacklist-src when auth handshake fails;

Type: string

Supported Values: blacklist-src

timeout

Description Connection timeout

Type: number

Range: 1-31

Default: 5

trials

Description Number of failed handshakes

Type: number

Range: 0-15

Default: 5

template_ssl-l4-list_server-name-list

Specification  
Type list
Block object keys  

server-cert

Description Server Certificate associated to SNI (Server Certificate Name)

Type: string

Maximum Length: 255 characters

Maximum Length: 1 characters

server-encrypted

Description Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED password string)

server-key

Description Server Private Key associated to SNI (Server Private Key Name)

Type: string

Maximum Length: 255 characters

Maximum Length: 1 characters

server-name

Description Server name indication in Client hello extension (Server name String)

Type: string

Maximum Length: 255 characters

Maximum Length: 1 characters

server-passphrase

Description Password Phrase

Type: string

Format: password

Maximum Length: 63 characters

Maximum Length: 1 characters

template_dns-list

Specification  
Type list
Block object keys  

action

Description ‘drop’: Drop packets (Default action); ‘reset’: Send Client RST for TCP connections;

Type: string

Supported Values: drop, reset

Default: drop

allow-query-class

Description: allow-query-class is a JSON Block. Please see below for template_dns-list_allow-query-class

Type: Object

allow-record-type

Description: allow-record-type is a JSON Block. Please see below for template_dns-list_allow-record-type

Type: Object

dns-any-check

Description Drop DNS queries of Type ANY

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dns-auth-cfg

Description: dns-auth-cfg is a JSON Block. Please see below for template_dns-list_dns-auth-cfg

Type: Object

dns-request-rate-limit

Description: dns-request-rate-limit is a JSON Block. Please see below for template_dns-list_dns-request-rate-limit

Type: Object

domain-group-name

Description Apply a domain-group to the DNS template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

fqdn-cfg

Type: List

fqdn-label-count

Description Maximum number of length of FQDN labels

Type: number

Range: 1-10

fqdn-label-len-cfg

Type: List

malformed-query-check

Description: malformed-query-check is a JSON Block. Please see below for template_dns-list_malformed-query-check

Type: Object

Refernce Object: /axapi/v3/ddos/template/dns/{name}/malformed-query-check

name

Description

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

nxdomain-cfg

Description: nxdomain-cfg is a JSON Block. Please see below for template_dns-list_nxdomain-cfg

Type: Object

on-no-match

Description ‘permit’: permit; ‘deny’: deny;

Type: string

Supported Values: permit, deny

Default: deny

symtimeout-cfg

Description: symtimeout-cfg is a JSON Block. Please see below for template_dns-list_symtimeout-cfg

Type: Object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

template_dns-list_fqdn-cfg

Specification  
Type list
Block object keys  

dns-fqdn-rate

Description Limiting rate (Range: 5-8000 for FQDN domain based rate limiting, 5-16000000 for FQDN label count based rate limiting)

Type: number

Range: 5-16000000

dns-fqdn-rate-limit

Description DNS Rate limiting on the basis of FQDN

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

fqdn-rate-label-count

Description FQDN label count (Range: 1-8)

Type: number

Range: 1-8

fqdn-rate-suffix

Description Suffix count

Type: number

Range: 1-5

fqdn-rate-suffix-by

Description Number of suffixes

Type: number

Range: 1-5

per

Description ‘domain-name’: Domain Name; ‘src-ip’: Source IP address; ‘label-count’: FQDN label count;

Type: string

Supported Values: domain-name, src-ip, label-count

Mutual Exclusion: per and by are mutually exclusive

per-domain-per-src-ip

Description Use both Domain Name and Source IP address for rate-limiting

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

template_dns-list_malformed-query-check

Specification  
Type object

non-query-opcode-check

Description ‘disable’: When malform check is enabled, TPS always drops DNS query with non query opcode, this option disables this opcode check;

Type: string

Supported Values: disable

skip-multi-packet-check

Description Bypass DNS fragmented and TCP segmented Queries(Default: dropped)

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

validation-type

Description ‘basic-header-check’: Basic header validation for DNS TCP/UDP queries; ‘extended-header-check’: Extended header/query validation for DNS TCP/UDP queries; ‘disable’: Disable Malform query validation for DNS TCP/UDP;

Type: string

Supported Values: basic-header-check, extended-header-check, disable

template_dns-list_allow-query-class

Specification  
Type object

allow-any-query-class

Description ANY query class

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

allow-chaos-query-class

Description CHAOS query class

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

allow-csnet-query-class

Description CSNET query class

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

allow-hesiod-query-class

Description HESIOD query class

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

allow-internet-query-class

Description INTERNET query class

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

allow-none-query-class

Description NONE query class

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

template_dns-list_allow-record-type

Specification  
Type object

allow-a-type

Description Address record

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

allow-aaaa-type

Description IPv6 address record

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

allow-cname-type

Description Canonical name record

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

allow-mx-type

Description Mail exchange record

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

allow-ns-type

Description Name server record

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

allow-srv-type

Description Service locator

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

record-num-cfg

Type: List

template_dns-list_allow-record-type_record-num-cfg

Specification  
Type list
Block object keys  

allow-num-type

Description Other record type value

Type: number

Range: 1-65535

template_dns-list_dns-request-rate-limit

Specification  
Type object

type

Description: type is a JSON Block. Please see below for template_dns-list_dns-request-rate-limit_type

Type: Object

template_dns-list_dns-request-rate-limit_type

Specification  
Type object

A-cfg

Description: A-cfg is a JSON Block. Please see below for template_dns-list_dns-request-rate-limit_type_A-cfg

Type: Object

AAAA-cfg

Description: AAAA-cfg is a JSON Block. Please see below for template_dns-list_dns-request-rate-limit_type_AAAA-cfg

Type: Object

CNAME-cfg

Description: CNAME-cfg is a JSON Block. Please see below for template_dns-list_dns-request-rate-limit_type_CNAME-cfg

Type: Object

MX-cfg

Description: MX-cfg is a JSON Block. Please see below for template_dns-list_dns-request-rate-limit_type_MX-cfg

Type: Object

NS-cfg

Description: NS-cfg is a JSON Block. Please see below for template_dns-list_dns-request-rate-limit_type_NS-cfg

Type: Object

SRV-cfg

Description: SRV-cfg is a JSON Block. Please see below for template_dns-list_dns-request-rate-limit_type_SRV-cfg

Type: Object

dns-type-cfg

Type: List

template_dns-list_dns-request-rate-limit_type_SRV-cfg

Specification  
Type object

SRV

Description Service locator

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dns-srv-rate

Description DNS request rate

Type: number

Range: 1-16000000

template_dns-list_dns-request-rate-limit_type_CNAME-cfg

Specification  
Type object

CNAME

Description Canonical name record

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dns-cname-rate

Description

Type: number

Range: 1-16000000

template_dns-list_dns-request-rate-limit_type_dns-type-cfg

Specification  
Type list
Block object keys  

dns-request-type

Description Other type value

Type: number

Range: 1-65535

dns-request-type-rate

Description request rate limit

Type: number

Range: 1-16000000

template_dns-list_dns-request-rate-limit_type_AAAA-cfg

Specification  
Type object

AAAA

Description IPv6 address record

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dns-aaaa-rate

Description

Type: number

Range: 1-16000000

template_dns-list_dns-request-rate-limit_type_A-cfg

Specification  
Type object

A

Description Address record

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dns-a-rate

Description

Type: number

Range: 1-16000000

template_dns-list_dns-request-rate-limit_type_MX-cfg

Specification  
Type object

MX

Description Mail exchange record

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dns-mx-rate

Description

Type: number

Range: 1-16000000

template_dns-list_dns-request-rate-limit_type_NS-cfg

Specification  
Type object

NS

Description Name server record

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dns-ns-rate

Description

Type: number

Range: 1-16000000

template_dns-list_nxdomain-cfg

Specification  
Type object

dns-nxdomain-rate

Description Limiting rate

Type: number

Range: 1-16000000

dns-nxdomain-rate-limit

Description DNS NXDOMAIN Rate Limiting (SRC support only)

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dns-nxdomain-rate-limit-action

Description ‘drop’: Drop queries if rate is exceeded; ‘black-list’: Black-List source if rate is exceeded;

Type: string

Supported Values: drop, black-list

template_dns-list_dns-auth-cfg

Specification  
Type object

dns-auth

Description DNS authentication

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dns-auth-type

Description ‘udp’: Drop DNS request and monitor client retry; ‘force-tcp’: Force DNS request over TCP;

Type: string

Supported Values: udp, force-tcp

force-tcp-ignore-client-source-port

Description Allow client to retransmit DNS request using different source port during udp-auth (supported in asymmetric mode only)

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

force-tcp-min-retry-gap

Description Minimum sec gap in between 2 dns-udp packets for auth to pass

Type: number

Range: 1-15

force-tcp-timeout

Description TCP authentication timeout in seconds

Type: number

Range: 1-16

min-retry-gap

Description Optional minimum sec gap in between 2 dns-udp packets for auth to pass

Type: number

Range: 1-15

udp-timeout

Description UDP authentication timeout in seconds

Type: number

Range: 1-16

with-udp-auth

Description Monitor client retry

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

template_dns-list_fqdn-label-len-cfg

Specification  
Type list
Block object keys  

fqdn-label-length

Description Maximum FQDN label length

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

fqdn-label-suffix

Description Number of suffixes

Type: number

Range: 1-5

label-length

Description Maximum length of FQDN label

Type: number

Range: 1-63

template_dns-list_symtimeout-cfg

Specification  
Type object

sym-timeout

Description Timeout for DNS Symmetric session

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

sym-timeout-value

Description Session timeout value in seconds

Type: number

Range: 1-31

template_icmp-v4-list

Specification  
Type list
Block object keys  

icmp-tmpl-name

Description DDOS ICMPv4 Template Name

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

type-list

type-other

Description: type-other is a JSON Block. Please see below for template_icmp-v4-list_type-other

Type: Object

Refernce Object: /axapi/v3/ddos/template/icmp-v4/{icmp-tmpl-name}/type-other

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

template_icmp-v4-list_type-other

Specification  
Type object

type-other-deny

Description Deny all other type

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: type-other-deny and type-other-rate are mutually exclusive

type-other-rate

Description Specify rate with other type

Type: number

Range: 1-16000000

Mutual Exclusion: type-other-rate and type-other-deny are mutually exclusive

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

template_icmp-v4-list_type-list

Specification  
Type list
Block object keys  

code

Type: List

code-other

Description: code-other is a JSON Block. Please see below for template_icmp-v4-list_type-list_code-other

Type: Object

type-deny

Description Reject this ICMP type

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: type-deny type-rate and code-other-rate are mutually exclusive

type-number

Description Specify ICMP type number

Type: number

Range: 0-255

type-rate

Description Specify the whole rate with this type

Type: number

Range: 1-16000000

Mutual Exclusion: type-rate and type-deny are mutually exclusive

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

template_icmp-v4-list_type-list_code

Specification  
Type list
Block object keys  

code-number

Description Specify the ICMP code

Type: number

Range: 0-255

code-rate

Description Specify the rate with the code

Type: number

Range: 1-16000000

template_icmp-v4-list_type-list_code-other

Specification  
Type object

code-other-rate

Description Specify rate with other code

Type: number

Range: 1-16000000

Mutual Exclusion: code-other-rate and type-deny are mutually exclusive

template_monitor-list

Specification  
Type list
Block object keys  

clear-cfg

Type: List

id

Description Monitor template ID Number

Type: number

Range: 1-16

link-disable-cfg

Type: List

link-down-cfg

Type: List

link-enable-cfg

Type: List

link-up-cfg

Type: List

monitor-relation

Description ‘monitor-and’: Configures the monitors in current template to work with AND logic; ‘monitor-or’: Configures the monitors in current template to work with OR logic;

Type: string

Supported Values: monitor-and, monitor-or

Default: monitor-and

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

template_monitor-list_clear-cfg

Specification  
Type list
Block object keys  

clear-all-sequence

Description Sequence number (Specify the action sequence number)

Type: number

Range: 1-16

clear-sequence

Description Specify the action sequence number

Type: number

Range: 1-16

sessions

Description ‘all’: Clear all sessions; ‘sequence’: Sequence number;

Type: string

Supported Values: all, sequence

template_tcp-list

Specification  
Type list
Block object keys  

action-cfg

Description: action-cfg is a JSON Block. Please see below for template_tcp-list_action-cfg

Type: Object

action-on-ack-rto-retry-count

Description Take action if action-on-ack RTO-authentication fail over retry time(default:5)

Type: number

Range: 2-10

action-on-syn-rto-retry-count

Description Take action if action-on-syn RTO-authentication fail over retry time(default:5)

Type: number

Range: 2-10

action-syn-cfg

Description: action-syn-cfg is a JSON Block. Please see below for template_tcp-list_action-syn-cfg

Type: Object

age

Description Session age in minutes

Type: number

Range: 1-63

allow-syn-otherflags

Description Treat TCP SYN+PSH as a TCP SYN (tcp ports support only)

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

black-list-out-of-seq

Description Black list Src IP if out of seq pkts exceed configured threshold

Type: number

Range: 1-64000

Mutual Exclusion: black-list-out-of-seq and per-conn-out-of-seq-rate-limit are mutually exclusive

black-list-retransmit

Description Black list Src IP if retransmit pkts exceed configured threshold

Type: number

Range: 1-64000

Mutual Exclusion: black-list-retransmit and per-conn-retransmit-rate-limit are mutually exclusive

black-list-zero-win

Description Black list Src IP if zero window pkts exceed configured threshold

Type: number

Range: 1-250

Mutual Exclusion: black-list-zero-win and per-conn-zero-win-rate-limit are mutually exclusive

concurrent

Description Enable concurrent port access for non-matching ports (DST support only)

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

conn-rate-limit-on-syn-only

Description Only count SYN-initiated connections towards connection-rate tracking

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

drop-known-resp-src-port-cfg

Description: drop-known-resp-src-port-cfg is a JSON Block. Please see below for template_tcp-list_drop-known-resp-src-port-cfg

Type: Object

filter-list

name

Description

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

per-conn-out-of-seq-rate-action

Description ‘drop’: Drop packets for out-of-seq rate exceed (Default); ‘blacklist-src’: help Blacklist-src for out-of-seq rate exceed; ‘ignore’: help Ignore out-of-seq rate exceed;

Type: string

Supported Values: drop, blacklist-src, ignore

Default: drop

per-conn-out-of-seq-rate-limit

Description Take action if out-of-seq pkt rate exceed configured threshold

Type: number

Range: 1-16000000

Mutual Exclusion: per-conn-out-of-seq-rate-limit and black-list-out-of-seq are mutually exclusive

per-conn-pkt-rate-action

Description ‘drop’: Drop packets for per-conn-pkt-rate exceed (Default); ‘blacklist-src’: help Blacklist-src for per-conn-pkt-rate exceed; ‘ignore’: Ignore per-conn-pkt-rate-exceed;

Type: string

Supported Values: drop, blacklist-src, ignore

Default: drop

per-conn-pkt-rate-limit

Description Packet rate limit per connection per rate-interval

Type: number

Range: 1-16000000

per-conn-rate-interval

Description ‘100ms’: 100ms; ‘1sec’: 1sec; ’10sec’: 10sec;

Type: string

Supported Values: 100ms, 1sec, 10sec

Default: 1sec

per-conn-retransmit-rate-action

Description ‘drop’: Drop packets for retransmit rate exceed (Default); ‘blacklist-src’: help Blacklist-src for retransmit rate exceed; ‘ignore’: help Ignore retransmit rate exceed;

Type: string

Supported Values: drop, blacklist-src, ignore

Default: drop

per-conn-retransmit-rate-limit

Description Take action if retransmit pkt rate exceed configured threshold

Type: number

Range: 1-16000000

Mutual Exclusion: per-conn-retransmit-rate-limit and black-list-retransmit are mutually exclusive

per-conn-zero-win-rate-action

Description ‘drop’: Drop packets for zero-win rate exceed (Default); ‘blacklist-src’: help Blacklist-src for zero-win rate exceed; ‘ignore’: help Ignore zero-win rate exceed;

Type: string

Supported Values: drop, blacklist-src, ignore

Default: drop

per-conn-zero-win-rate-limit

Description Take action if zero window pkt rate exceed configured threshold

Type: number

Range: 1-16000000

Mutual Exclusion: per-conn-zero-win-rate-limit and black-list-zero-win are mutually exclusive

syn-auth

Description ‘send-rst’: Send RST to client upon client ACK; ‘force-rst-by-ack’: Force client RST via the use of ACK; ‘force-rst-by-synack’: Force client RST via the use of bad SYN|ACK; ‘disable’: Disable TCP SYN Authentication;

Type: string

Supported Values: send-rst, force-rst-by-ack, force-rst-by-synack, disable

Default: send-rst

syn-cookie

Description Enable SYN Cookie

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

tunnel-encap

Description: tunnel-encap is a JSON Block. Please see below for template_tcp-list_tunnel-encap

Type: Object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

template_tcp-list_tunnel-encap

Specification  
Type object

gre-cfg

Description: gre-cfg is a JSON Block. Please see below for template_tcp-list_tunnel-encap_gre-cfg

Type: Object

ip-cfg

Description: ip-cfg is a JSON Block. Please see below for template_tcp-list_tunnel-encap_ip-cfg

Type: Object

template_tcp-list_tunnel-encap_ip-cfg

Specification  
Type object

always

Description: always is a JSON Block. Please see below for template_tcp-list_tunnel-encap_ip-cfg_always

Type: Object

ip-encap

Description Enable Tunnel encap for IP packets

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

template_tcp-list_tunnel-encap_ip-cfg_always

Specification  
Type object

ipv4-addr

Description IPv4 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)

Type: string

Format: ipv4-address

ipv6-addr

Description IPv6 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)

Type: string

Format: ipv6-address

preserve-src-ipv4

Description Use original source ip for encapsulation

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

preserve-src-ipv6

Description Use original source ip for encapsulation

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

template_tcp-list_tunnel-encap_gre-cfg

Specification  
Type object

gre-always

Description: gre-always is a JSON Block. Please see below for template_tcp-list_tunnel-encap_gre-cfg_gre-always

Type: Object

gre-encap

Description Enable Tunnel encap for GRE packets

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

template_tcp-list_tunnel-encap_gre-cfg_gre-always

Specification  
Type object

gre-ipv4

Description IPv4 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)

Type: string

Format: ipv4-address

gre-ipv6

Description IPv6 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)

Type: string

Format: ipv6-address

key-ipv4

Description Encapsulate with key in hexadecimal

Type: string

Maximum Length: 8 characters

Maximum Length: 1 characters

key-ipv6

Description Encapsulate with key in hexadecimal

Type: string

Maximum Length: 8 characters

Maximum Length: 1 characters

preserve-src-ipv4-gre

Description Use original source ip for encapsulation

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

preserve-src-ipv6-gre

Description Use original source ip for encapsulation

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

template_tcp-list_action-cfg

Specification  
Type object

action-on-ack

Description Monitor tcp ack for age-out session

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

authenticate-only

Description Apply action-on-ack once per source address for authentication purpose

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

min-retry-gap

Description Min gap between 2 ACKs for action-on-ack pass in 100ms interval

Type: number

Range: 1-80

reset

Description Send RST to client

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

rto-authentication

Description Estimate the RTO and apply the exponential back-off for authentication

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

timeout

Description ACK retry timeout in sec

Type: number

Range: 1-31

template_tcp-list_filter-list

Specification  
Type list
Block object keys  

byte-offset-filter

Description Filter Expression using Berkeley Packet Filter syntax

Type: string

Format: string-rlx

Maximum Length: 1275 characters

Maximum Length: 1 characters

tcp-filter-action

Description ‘blacklist-src’: Also blacklist the source when action is taken; ‘whitelist-src’: Whitelist the source after filter passes, packets are dropped until then; ‘count-only’: Take no action and continue processing the next filter;

Type: string

Supported Values: blacklist-src, whitelist-src, count-only

tcp-filter-regex

Description Regex Expression

Type: string

Format: string-rlx

Maximum Length: 1275 characters

Maximum Length: 1 characters

tcp-filter-seq

Description Sequence number

Type: number

Range: 1-5

tcp-filter-unmatched

Description action taken when it does not match

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

template_tcp-list_action-syn-cfg

Specification  
Type object

action-on-syn

Description Monitor tcp syn for age-out session

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

action-on-syn-gap

Description Min gap between 2 SYNs for action-on-syn pass in 100ms interval

Type: number

Range: 1-80

action-on-syn-reset

Description Send RST to client

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

action-on-syn-rto

Description Estimate the RTO and apply the exponential back-off for authentication

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

action-on-syn-timeout

Description SYN retry timeout in sec

Type: number

Range: 1-31

template_tcp-list_drop-known-resp-src-port-cfg

Specification  
Type object

drop-known-resp-src-port

Description Drop well-known if src-port is less than 1024

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

exclude-src-resp-port

Description excluding src port equal destination port

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

template_other-list

Specification  
Type list
Block object keys  

filter-list

name

Description DDOS OTHER Template Name

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

template_other-list_filter-list

Specification  
Type list
Block object keys  

byte-offset-filter

Description Filter Expression using Berkeley Packet Filter syntax

Type: string

Format: string-rlx

Maximum Length: 1275 characters

Maximum Length: 1 characters

other-filter-action

Description ‘blacklist-src’: Also blacklist the source when action is taken; ‘whitelist-src’: Whitelist the source after filter passes, packets are dropped until then; ‘count-only’: Take no action and continue processing the next filter;

Type: string

Supported Values: blacklist-src, whitelist-src, count-only

other-filter-regex

Description Regex Expression

Type: string

Format: string-rlx

Maximum Length: 1275 characters

Maximum Length: 1 characters

other-filter-seq

Description Sequence number

Type: number

Range: 1-5

other-filter-unmatched

Description action taken when it does not match

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

template_udp-list

Specification  
Type list
Block object keys  

age

Description Configure session age(in minutes) for UDP sessions

Type: number

Range: 1-63

drop-known-resp-src-port-cfg

Description: drop-known-resp-src-port-cfg is a JSON Block. Please see below for template_udp-list_drop-known-resp-src-port-cfg

Type: Object

drop-ntp-monlist

Description Drop NTP monlist request/response

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

filter-list

max-payload-size

Description Maximum UDP payload size for each single packet

Type: number

Range: 1-1470

min-payload-size

Description Minimum UDP payload size for each single packet

Type: number

Range: 1-1470

name

Description DDOS UDP Template Name

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

per-conn-pkt-rate-limit

Description Packet rate limit per connection per rate-interval

Type: number

Range: 1-16000000

per-conn-rate-interval

Description ‘100ms’: 100ms; ‘1sec’: 1sec;

Type: string

Supported Values: 100ms, 1sec

Default: 1sec

spoof-detect-cfg

Description: spoof-detect-cfg is a JSON Block. Please see below for template_udp-list_spoof-detect-cfg

Type: Object

tunnel-encap

Description: tunnel-encap is a JSON Block. Please see below for template_udp-list_tunnel-encap

Type: Object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

template_udp-list_tunnel-encap

Specification  
Type object

always

Description: always is a JSON Block. Please see below for template_udp-list_tunnel-encap_always

Type: Object

gre-always

Description: gre-always is a JSON Block. Please see below for template_udp-list_tunnel-encap_gre-always

Type: Object

gre-encap

Description Enable Tunnel encap for GRE packets

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: gre-encap and ip-encap are mutually exclusive

ip-encap

Description Enable Tunnel encap for IP packets

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: ip-encap and gre-encap are mutually exclusive

template_udp-list_tunnel-encap_gre-always

Specification  
Type object

gre-ipv4

Description IPv4 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)

Type: string

Format: ipv4-address

gre-ipv6

Description IPv6 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)

Type: string

Format: ipv6-address

key-ipv4

Description Encapsulate with key in hexidecimal

Type: string

Maximum Length: 8 characters

Maximum Length: 1 characters

key-ipv6

Description Encapsulate with key in hexidecimal

Type: string

Maximum Length: 8 characters

Maximum Length: 1 characters

preserve-src-ipv4-gre

Description Use original source ip for encapsulation

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

preserve-src-ipv6-gre

Description Use original source ip for encapsulation

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

template_udp-list_tunnel-encap_always

Specification  
Type object

ipv4-addr

Description IPv4 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)

Type: string

Format: ipv4-address

ipv6-addr

Description IPv6 address (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)

Type: string

Format: ipv6-address

preserve-src-ipv4

Description Use original source ip for encapsulation

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

preserve-src-ipv6

Description Use original source ip for encapsulation

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

template_udp-list_drop-known-resp-src-port-cfg

Specification  
Type object

drop-known-resp-src-port

Description Drop well-known if src-port is less than 1024

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

exclude-src-resp-port

Description excluding src port equal destination port

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

template_udp-list_filter-list

Specification  
Type list
Block object keys  

byte-offset-filter

Description Filter Expression using Berkeley Packet Filter syntax

Type: string

Format: string-rlx

Maximum Length: 1275 characters

Maximum Length: 1 characters

udp-filter-action

Description ‘blacklist-src’: Also blacklist the source when action is taken; ‘whitelist-src’: Whitelist the source after filter passes, packets are dropped until then; ‘count-only’: Take no action and continue processing the next filter;

Type: string

Supported Values: blacklist-src, whitelist-src, count-only

udp-filter-regex

Description Regex Expression

Type: string

Format: string-rlx

Maximum Length: 1275 characters

Maximum Length: 1 characters

udp-filter-seq

Description Sequence number

Type: number

Range: 1-5

udp-filter-unmatched

Description action taken when it does not match

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

template_udp-list_spoof-detect-cfg

Specification  
Type object

min-retry-gap

Description Optional minimum sec gap between 2 UDP packets for spoof-detect pass

Type: number

Range: 1-30

spoof-detect

Description Force client to retry on udp

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

spoof-detect-retry-timeout

Description timeout in seconds

Type: number

Range: 1-31

Default: 5

Mutual Exclusion: spoof-detect-retry-timeout and spoof-detect-retry-timeout-val-only are mutually exclusive

template_http-list

Specification  
Type list
Block object keys  

action

Description ‘drop’: Drop packets for the connection; ‘reset’: Send RST for the connection;

Type: string

Supported Values: drop, reset

Default: drop

agent-filter

Description: agent-filter is a JSON Block. Please see below for template_http-list_agent-filter

Type: Object

challenge-cookie-name

Description Set the cookie name used to send back to client. Default is sto-idd

Type: string

Maximum Length: 63 characters

Maximum Length: 1 characters

Default: sto-idd

challenge-interval

Description Specify the challenge interval. Default is 8 seconds

Type: number

Range: 1-31

Default: 8

challenge-keep-cookie

Description Keep the challenge cookie from client and forward to backend. Default is do not keep

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

challenge-method

Description ‘http-redirect’: http-redirect; ‘javascript’: javascript;

Type: string

Supported Values: http-redirect, javascript

challenge-redirect-code

Description ‘302’: 302 Found; ‘307’: 307 Temporary Redirect;

Type: string

Supported Values: 302, 307

Default: 302

challenge-uri-encode

Description Encode the challenge phrase in uri instead of in http cookie. Default encoded in http cookie

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

filter-header-list

http-tmpl-name

Description DDOS HTTP Template Name

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

idle-timeout

Description Set the the idle timeout value for HTTP connections

Type: number

Range: 1-63

ignore-zero-payload

Description Don’t reset idle timer on packets with zero payload length from clients

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

malformed-http

Description: malformed-http is a JSON Block. Please see below for template_http-list_malformed-http

Type: Object

mss-cfg

Description: mss-cfg is a JSON Block. Please see below for template_http-list_mss-cfg

Type: Object

out-of-order-queue-size

Description Set the out-of-order queue size for HTTP packets (asym mode only)

Type: number

Range: 0-15

Default: 3

out-of-order-queue-timeout

Description Set the timeout value for out-of-order queue in HTTP (asym mode only)

Type: number

Range: 0-15

Default: 3

post-rate-limit

Description Configure rate limiting for HTTP POST request

Type: number

Range: 1-16000000

referer-filter

Description: referer-filter is a JSON Block. Please see below for template_http-list_referer-filter

Type: Object

request-header

Description: request-header is a JSON Block. Please see below for template_http-list_request-header

Type: Object

request-rate-limit

Description: request-rate-limit is a JSON Block. Please see below for template_http-list_request-rate-limit

Type: Object

response-rate-limit

Description: response-rate-limit is a JSON Block. Please see below for template_http-list_response-rate-limit

Type: Object

slow-read-drop

Description: slow-read-drop is a JSON Block. Please see below for template_http-list_slow-read-drop

Type: Object

use-hdr-ip-cfg

Description: use-hdr-ip-cfg is a JSON Block. Please see below for template_http-list_use-hdr-ip-cfg

Type: Object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

template_http-list_request-rate-limit

Specification  
Type object

request-rate

Description HTTP request rate limit

Type: number

Range: 1-16000000

uri

Type: List

template_http-list_request-rate-limit_uri

Specification  
Type list
Block object keys  

contains-cfg

Description: contains-cfg is a JSON Block. Please see below for template_http-list_request-rate-limit_uri_contains-cfg

Type: Object

ends-cfg

Description: ends-cfg is a JSON Block. Please see below for template_http-list_request-rate-limit_uri_ends-cfg

Type: Object

equal-cfg

Description: equal-cfg is a JSON Block. Please see below for template_http-list_request-rate-limit_uri_equal-cfg

Type: Object

starts-cfg

Description: starts-cfg is a JSON Block. Please see below for template_http-list_request-rate-limit_uri_starts-cfg

Type: Object

template_http-list_request-rate-limit_uri_equal-cfg

Specification  
Type object

url-equals

Description Request rate-limit HTTP URI matching a specified pattern

Type: string

Format: string-rlx

Maximum Length: 127 characters

Maximum Length: 1 characters

url-equals-rate

Description Request rate limit

Type: number

Range: 1-16000000

template_http-list_request-rate-limit_uri_starts-cfg

Specification  
Type object

url-starts-with

Description Request rate-limit HTTP URI strting with a specified pattern

Type: string

Format: string-rlx

Maximum Length: 127 characters

Maximum Length: 1 characters

url-starts-with-rate

Description Request rate limit

Type: number

Range: 1-16000000

template_http-list_request-rate-limit_uri_contains-cfg

Specification  
Type object

url-contains

Description Request rate-limit HTTP URI containing a specified pattern

Type: string

Format: string-rlx

Maximum Length: 127 characters

Maximum Length: 1 characters

url-contains-rate

Description Request rate limit

Type: number

Range: 1-16000000

template_http-list_request-rate-limit_uri_ends-cfg

Specification  
Type object

url-ends-with

Description Request rate-limit HTTP URI ending with a specified pattern

Type: string

Format: string-rlx

Maximum Length: 127 characters

Maximum Length: 1 characters

url-ends-with-rate

Description Request rate limit

Type: number

Range: 1-16000000

template_http-list_use-hdr-ip-cfg

Specification  
Type object

l7-hdr-name

Description Set the http header name to parse for client ip. Default is X-Forwarded-For

Type: string

Maximum Length: 63 characters

Maximum Length: 1 characters

Default: X-Forwarded-For

use-hdr-ip-as-source

Description Mitigate on src ip specified by http header for example X-Forwarded-For header. Default is disabled

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

template_http-list_malformed-http

Specification  
Type object

malformed-http-bad-chunk-mon-enabled

Description Enabling bad chunk monitoring. Default is disabled

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

malformed-http-enabled

Description Enabling ddos malformed http protection. Default value is disabled.

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

malformed-http-max-content-length

Description Set the maximum content-length header. Default value is 2147483647 bytes

Type: number

Range: 1-2147483647

Default: 2147483647

malformed-http-max-header-name-size

Description Set the maxinum header name length. Default value is 64.

Type: number

Range: 1-64

Default: 64

malformed-http-max-line-size

Description Set the maximum line size. Default value is 32512

Type: number

Range: 1-65280

Default: 32512

malformed-http-max-num-headers

Description Set the maximum number of headers. Default value is 90

Type: number

Range: 1-90

Default: 90

malformed-http-max-req-line-size

Description Set the maximum request line size. Default value is 32512

Type: number

Range: 1-65280

Default: 32512

template_http-list_request-header

Specification  
Type object

timeout

Description

Type: number

Range: 1-63

template_http-list_agent-filter

Specification  
Type object

agent-contains-cfg

Type: List

agent-ends-cfg

Type: List

agent-equals-cfg

Type: List

agent-filter-blacklist

Description Blacklist the source if the user-agent matches

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

agent-starts-cfg

Type: List

template_http-list_agent-filter_agent-contains-cfg

Specification  
Type list
Block object keys  

agent-contains

Description

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

template_http-list_agent-filter_agent-ends-cfg

Specification  
Type list
Block object keys  

agent-ends-with

Description

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

template_http-list_agent-filter_agent-equals-cfg

Specification  
Type list
Block object keys  

agent-equals

Description

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

template_http-list_agent-filter_agent-starts-cfg

Specification  
Type list
Block object keys  

agent-starts-with

Description

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

template_http-list_filter-header-list

Specification  
Type list
Block object keys  

http-filter-header-blacklist

Description Also blacklist the source when action is taken

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

http-filter-header-count-only

Description Take no action and continue processing the next filter

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

http-filter-header-regex

Description Regex Expression

Type: string

Format: string-rlx

Maximum Length: 1275 characters

Maximum Length: 1 characters

http-filter-header-seq

Description Sequence number

Type: number

Range: 1-5

http-filter-header-unmatched

Description action taken when it does not match

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

http-filter-header-whitelist

Description Whitelist the source after filter passes, packets are dropped until then

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

template_http-list_response-rate-limit

Specification  
Type object

obj-size

Description: obj-size is a JSON Block. Please see below for template_http-list_response-rate-limit_obj-size

Type: Object

template_http-list_response-rate-limit_obj-size

Specification  
Type object

between-cfg

Type: List

greater-cfg

Type: List

less-cfg

Type: List

template_http-list_response-rate-limit_obj-size_between-cfg

Specification  
Type list
Block object keys  

obj-between-rate

Description Response rate limit

Type: number

Range: 1-16000000

obj-between1

Description Response size configuration

Type: number

Range: 1-16000000

obj-between2

Description Response size configuration

Type: number

Range: 1-16000000

template_http-list_response-rate-limit_obj-size_greater-cfg

Specification  
Type list
Block object keys  

obj-greater

Description Response size configuration

Type: number

Range: 1-16000000

obj-greater-rate

Description Response rate limit

Type: number

Range: 1-16000000

template_http-list_response-rate-limit_obj-size_less-cfg

Specification  
Type list
Block object keys  

obj-less

Description Response size configuration

Type: number

Range: 1-16000000

obj-less-rate

Description Response rate limit

Type: number

Range: 1-16000000

template_http-list_mss-cfg

Specification  
Type object

mss-percent

Description Configure percentage of mss such that if a packet size is below the mss times mss-percent, packet is considered bad.

Type: number

Range: 1-100

mss-timeout

Description Configure DDOS detection based on mss and packet size

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

number-packets

Description Specify percentage of mss. Default is 0, mss-timeout is not enabled.

Type: number

Range: 1-31

template_http-list_referer-filter

Specification  
Type object

ref-filter-blacklist

Description Blacklist the source if the referer matches

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

referer-contains-cfg

Type: List

referer-ends-cfg

Type: List

referer-equals-cfg

Type: List

referer-starts-cfg

Type: List

template_http-list_referer-filter_referer-equals-cfg

Specification  
Type list
Block object keys  

referer-equals

Description

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

template_http-list_referer-filter_referer-starts-cfg

Specification  
Type list
Block object keys  

referer-starts-with

Description

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

template_http-list_referer-filter_referer-contains-cfg

Specification  
Type list
Block object keys  

referer-contains

Description

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

template_http-list_referer-filter_referer-ends-cfg

Specification  
Type list
Block object keys  

referer-ends-with

Description

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

template_http-list_slow-read-drop

Specification  
Type object

min-window-count

Description Number of packets

Type: number

Range: 1-31

min-window-size

Description minimum window size

Type: number

Range: 1-65535

l4-sync

Specification  
Type object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

anomaly

Specification  
Type object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

src-based-policy-list

Specification  
Type list
Block object keys  

name

Description Specify name of the policy

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

policy-class-list-list

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

src-based-policy-list_policy-class-list-list

Specification  
Type list
Block object keys  

class-list-name

Description Class-list name

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

local-address

Specification  
Type object

ip-list

Type: List

Refernce Object: /axapi/v3/ddos/local-address/ip/{ip-addr}

ipv6-list

local-address_ip-list

Specification  
Type list
Block object keys  

ip-addr

Description DDoS IPv4 Address for syn cookie usage

Type: string

Format: ipv4-address

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

local-address_ipv6-list

Specification  
Type list
Block object keys  

ipv6-addr

Description DDoS IPv6 Address for syn cookie usage

Type: string

Format: ipv6-address

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

l4-tcp

Specification  
Type object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

violation-actions-list

Specification  
Type list
Block object keys  

blackhole

Description Blackhole the zone (in minute, 0 means infinite)

Type: number

Range: 0-30

blacklist-src

Description Blacklist-src (in min) (applied only for source action)

Type: number

Range: 1-30

execute-script

Description Specify DDOS script to run (applied only for zone action)

Type: string

Maximum Length: 63 characters

Maximum Length: 1 characters

execute-script-timeout

Description Timeout for script execution (in seconds) (applied only for zone action)

Type: number

Range: 5-20

name

Description DDOS violation-actions name

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

notification-template

Description Specify the notification template name

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/ddos/notification-template

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

protection

Specification  
Type object

disable-on-reboot

Description Disable DDoS protection upon reboot/reload

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

enable-now

Description Override disable-on-reboot to enable runtime DDOS protection

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

fast-aging

Description: fast-aging is a JSON Block. Please see below for protection_fast-aging

Type: Object

force-routing-on-transp

Description Force use of routing in transparent mode

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

mpls

Description Enable MPLS packet inspection

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

rate-interval

Description ‘100ms’: 100ms; ‘1sec’: 1sec;

Type: string

Supported Values: 100ms, 1sec

Default: 100ms

src-dst-entry-limit

Description ‘8M’: 8 Million; ‘16M’: 16 Million; ‘unlimited’: Unlimited; ‘platform-default’: Half of platform maximum;

Type: string

Supported Values: 8M, 16M, unlimited, platform-default

Default: 16M

sync-accuracy

Description ‘High’: Enforced limit will be the same as configured value, but has worst under-commit issue in certain situations; ‘Medium’: Enforced limit is close to configured value, but has worse under-commit issue in certain situations; ‘Low’: Enforced limit is less close to configured value, but has least under-commit issue in certain situations;

Type: string

Supported Values: High, Medium, Low

Default: Medium

toggle

Description ‘enable’: enable; ‘disable’: disable;

Type: string

Supported Values: enable, disable

Default: disable

use-route

Description Use route table, default use receive hop for device initiated traffic

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

protection_fast-aging

Specification  
Type object

half-open-conn-ratio

Description Minimum half-open session to total session ratio before session fast aging will take effect (default 25)

Type: number

Range: 1-99

Default: 25

half-open-conn-threshold

Description Minimum half-open session (percentage) before session fast aging will take effect (default 1)

Type: number

Range: 1-99

Default: 1

notification-template-list

Specification  
Type list
Block object keys  

api

Description: api is a JSON Block. Please see below for notification-template-list_api

Type: Object

Refernce Object: /axapi/v3/ddos/notification-template/{name}/api

disable

Description Disable the notification template (Disable notification temaplate)

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

name

Description DDOS nofitication template name

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

notification-template-list_api

Specification  
Type object

authentication

Description: authentication is a JSON Block. Please see below for notification-template-list_api_authentication

Type: Object

Refernce Object: /axapi/v3/ddos/notification-template/{name}/api/authentication

disable-authentication

Description Disable authentication to communicate to the host

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

host-ipv4-address

Description Configure the host IPv4 address to send notification (IPv4 address of the host)

Type: string

Format: ipv4-address

Mutual Exclusion: host-ipv4-address and host-ipv6-address are mutually exclusive

host-ipv6-address

Description Configure the host IPv6 address to send notification (IPv6 address of the host)

Type: string

Format: ipv6-address

Mutual Exclusion: host-ipv6-address and host-ipv4-address are mutually exclusive

http-port

Description Configure the http port to use(default 80) (http port(default 80))

Type: number

Range: 1-65535

Default: 80

http-protocol

Description ‘http’: Use http protocol; ‘https’: Use https protocol(default); (http protocol)

Type: string

Supported Values: http, https

Default: https

https-port

Description Configure the https port to use(default 443) (https port(default 443))

Type: number

Range: 1-65535

Default: 443

relative-uri

Description Configure the relative uri for the api (api relative uri)

Type: string

Format: string-rlx

Maximum Length: 127 characters

Maximum Length: 1 characters

timeout

Description Configure the api execution timeout(default 10secs) (api timeout)

Type: number

Range: 5-60

Default: 10

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

notification-template-list_api_authentication

Specification  
Type object

auth-password

Description Configure the authentication user password (Authentication password)

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

auth-password-val

Description Configure the authentication user password (Authentication password)

Type: string

Format: password

Maximum Length: 63 characters

Maximum Length: 1 characters

auth-username

Description Configure the authentication user name

Type: string

Maximum Length: 63 characters

Maximum Length: 1 characters

encrypted

Description Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED secret string)

relative-login-uri

Description Configure the authentication login uri

Type: string

Format: string-rlx

Maximum Length: 127 characters

Maximum Length: 1 characters

relative-logoff-uri

Description Configure the authentication logoff uri

Type: string

Format: string-rlx

Maximum Length: 127 characters

Maximum Length: 1 characters

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

src-port-template

Specification  
Type object

tcp-list

Type: List

Refernce Object: /axapi/v3/ddos/src-port-template/tcp/{name}

udp-list

Type: List

Refernce Object: /axapi/v3/ddos/src-port-template/udp/{name}

src-port-template_udp-list

Specification  
Type list
Block object keys  

drop-ntp-monlist

Description Drop NTP monlist request/response

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

filter-list

max-payload-size

Description Maximum UDP payload size for each single packet

Type: number

Range: 1-1470

min-payload-size

Description Minimum UDP payload size for each single packet

Type: number

Range: 1-1470

name

Description DDOS UDP Template Name

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

src-port-template_udp-list_filter-list

Specification  
Type list
Block object keys  

byte-offset-filter

Description Filter Expression using Berkeley Packet Filter syntax

Type: string

Format: string-rlx

Maximum Length: 1275 characters

Maximum Length: 1 characters

udp-filter-action

Description ‘blacklist-src’: Also blacklist the source when action is taken; ‘whitelist-src’: Whitelist the source after filter passes, packets are dropped until then; ‘count-only’: Take no action and continue processing the next filter;

Type: string

Supported Values: blacklist-src, whitelist-src, count-only

udp-filter-regex

Description Regex Expression

Type: string

Format: string-rlx

Maximum Length: 1275 characters

Maximum Length: 1 characters

udp-filter-seq

Description Sequence number

Type: number

Range: 1-5

udp-filter-unmatched

Description action taken when it does not match

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

src-port-template_tcp-list

Specification  
Type list
Block object keys  

filter-list

name

Description

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

src-port-template_tcp-list_filter-list

Specification  
Type list
Block object keys  

byte-offset-filter

Description Filter Expression using Berkeley Packet Filter syntax

Type: string

Format: string-rlx

Maximum Length: 1275 characters

Maximum Length: 1 characters

tcp-filter-action

Description ‘blacklist-src’: Also blacklist the source when action is taken; ‘whitelist-src’: Whitelist the source after filter passes, packets are dropped until then; ‘count-only’: Take no action and continue processing the next filter;

Type: string

Supported Values: blacklist-src, whitelist-src, count-only

tcp-filter-regex

Description Regex Expression

Type: string

Format: string-rlx

Maximum Length: 1275 characters

Maximum Length: 1 characters

tcp-filter-seq

Description Sequence number

Type: number

Range: 1-5

tcp-filter-unmatched

Description action taken when it does not match

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

src

Specification  
Type object

default-list

dynamic-entry-overflow-policy-list

entry-list

Type: List

Refernce Object: /axapi/v3/ddos/src/entry/{src-entry-name}

geo-location-list

src_dynamic-entry-overflow-policy-list

Specification  
Type list
Block object keys  

app-type-list

default-address-type

Description ‘ip’: ip; ‘ipv6’: ipv6;

Type: string

Supported Values: ip, ipv6

exceed-log-cfg

Description: exceed-log-cfg is a JSON Block. Please see below for src_dynamic-entry-overflow-policy-list_exceed-log-cfg

Type: Object

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

l4-type-list

log-periodic

Description Enable periodic log while event is continuing

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

template

Description: template is a JSON Block. Please see below for src_dynamic-entry-overflow-policy-list_template

Type: Object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

src_dynamic-entry-overflow-policy-list_app-type-list

Specification  
Type list
Block object keys  

protocol

Description ‘dns’: dns; ‘http’: http; ‘ssl-l4’: ssl-l4;

Type: string

Supported Values: dns, http, ssl-l4

template

Description: template is a JSON Block. Please see below for src_dynamic-entry-overflow-policy-list_app-type-list_template

Type: Object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

src_dynamic-entry-overflow-policy-list_app-type-list_template

Specification  
Type object

dns

Description DDOS dns template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

http

Description DDOS http template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

ssl-l4

Description DDOS SSL-L4 template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

src_dynamic-entry-overflow-policy-list_template

Specification  
Type object

logging

Description DDOS logging template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

src_dynamic-entry-overflow-policy-list_l4-type-list

Specification  
Type list
Block object keys  

deny

Description Blacklist and Drop all incoming packets for protocol

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

protocol

Description ‘tcp’: tcp; ‘udp’: udp; ‘icmp’: icmp; ‘other’: other;

Type: string

Supported Values: tcp, udp, icmp, other

template

Description: template is a JSON Block. Please see below for src_dynamic-entry-overflow-policy-list_l4-type-list_template

Type: Object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

src_dynamic-entry-overflow-policy-list_l4-type-list_template

Specification  
Type object

other

Description DDOS OTHER template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

tcp

Description DDOS TCP template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

template-icmp-v4

Description DDOS icmp-v4 template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

template-icmp-v6

Description DDOS icmp-v6 template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

udp

Description DDOS UDP template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

src_dynamic-entry-overflow-policy-list_exceed-log-cfg

Specification  
Type object

log-enable

Description Enable logging of limit exceed drop’s

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

with-sflow-sample

Description Turn on sflow sample with log

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

src_entry-list

Specification  
Type list
Block object keys  

app-type-list

bypass

Description Always permit for the Source to bypass all feature & limit checks

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

description

Description Description for this Source Entry

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

exceed-log-cfg

Description: exceed-log-cfg is a JSON Block. Please see below for src_entry-list_exceed-log-cfg

Type: Object

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

ip-addr

Description

Type: string

Format: ipv4-address

ipv6-addr

Description

Type: string

Format: ipv6-address

l4-type-list

log-periodic

Description Enable periodic log while event is continuing

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

src-entry-name

Description

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

subnet-ip-addr

Description IP Subnet

Type: string

Format: ipv4-cidr

subnet-ipv6-addr

Description IPV6 Subnet

Type: string

Format: ipv6-address-plen

template

Description: template is a JSON Block. Please see below for src_entry-list_template

Type: Object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

src_entry-list_app-type-list

Specification  
Type list
Block object keys  

protocol

Description ‘dns’: dns; ‘http’: http; ‘ssl-l4’: ssl-l4;

Type: string

Supported Values: dns, http, ssl-l4

template

Description: template is a JSON Block. Please see below for src_entry-list_app-type-list_template

Type: Object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

src_entry-list_app-type-list_template

Specification  
Type object

dns

Description DDOS dns template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

http

Description DDOS http template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

ssl-l4

Description DDOS SSL-L4 template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

src_entry-list_l4-type-list

Specification  
Type list
Block object keys  

action

Description ‘permit’: Whitelist incoming packets for protocol; ‘deny’: Blacklist incoming packets for protocol;

Type: string

Supported Values: permit, deny

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

protocol

Description ‘tcp’: tcp; ‘udp’: udp; ‘icmp’: icmp; ‘other’: other;

Type: string

Supported Values: tcp, udp, icmp, other

template

Description: template is a JSON Block. Please see below for src_entry-list_l4-type-list_template

Type: Object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

src_entry-list_l4-type-list_template

Specification  
Type object

other

Description DDOS OTHER template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

tcp

Description DDOS TCP template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

template-icmp-v4

Description DDOS icmp-v4 template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

template-icmp-v6

Description DDOS icmp-v6 template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

udp

Description DDOS UDP template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

src_entry-list_exceed-log-cfg

Specification  
Type object

log-enable

Description Enable logging of limit exceed drop’s

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

src_entry-list_template

Specification  
Type object

logging

Description DDOS logging template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

src_default-list

Specification  
Type list
Block object keys  

age

Description Idle age for ip entry

Type: number

Range: 2-1023

Default: 5

app-type-list

apply-policy-on-overflow

Description Enable this flag to apply overflow policy when dynamic entry count overflows

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

default-address-type

Description ‘ip’: ip; ‘ipv6’: ipv6;

Type: string

Supported Values: ip, ipv6

disable

Description Disable

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

exceed-log-cfg

Description: exceed-log-cfg is a JSON Block. Please see below for src_default-list_exceed-log-cfg

Type: Object

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

l4-type-list

log-periodic

Description Enable periodic log while event is continuing

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

max-dynamic-entry-count

Description Maximum count for dynamic src entry

Type: number

Range: 0-2147483647

template

Description: template is a JSON Block. Please see below for src_default-list_template

Type: Object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

src_default-list_app-type-list

Specification  
Type list
Block object keys  

protocol

Description ‘dns’: dns; ‘http’: http; ‘ssl-l4’: ssl-l4;

Type: string

Supported Values: dns, http, ssl-l4

template

Description: template is a JSON Block. Please see below for src_default-list_app-type-list_template

Type: Object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

src_default-list_app-type-list_template

Specification  
Type object

dns

Description DDOS dns template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

http

Description DDOS http template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

ssl-l4

Description DDOS SSL-L4 template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

src_default-list_template

Specification  
Type object

logging

Description DDOS logging template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

src_default-list_l4-type-list

Specification  
Type list
Block object keys  

deny

Description Blacklist and Drop all incoming packets for protocol

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

protocol

Description ‘tcp’: tcp; ‘udp’: udp; ‘icmp’: icmp; ‘other’: other;

Type: string

Supported Values: tcp, udp, icmp, other

template

Description: template is a JSON Block. Please see below for src_default-list_l4-type-list_template

Type: Object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

src_default-list_l4-type-list_template

Specification  
Type object

other

Description DDOS OTHER template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

tcp

Description DDOS TCP template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

template-icmp-v4

Description DDOS icmp-v4 template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

template-icmp-v6

Description DDOS icmp-v6 template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

udp

Description DDOS UDP template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

src_default-list_exceed-log-cfg

Specification  
Type object

log-enable

Description Enable logging of limit exceed drop’s

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

src_geo-location-list

Specification  
Type list
Block object keys  

app-type-list

bypass

Description Always permit for the Source to bypass all feature & limit checks

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

description

Description Description for this Geolocation Entry

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

geolocation-name

Description Geolocation Name

Type: string

Format: string-rlx

Maximum Length: 15 characters

Maximum Length: 1 characters

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

l4-type-list

log-periodic

Description Enable periodic log while event is continuing

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

template

Description: template is a JSON Block. Please see below for src_geo-location-list_template

Type: Object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

src_geo-location-list_app-type-list

Specification  
Type list
Block object keys  

protocol

Description ‘dns’: dns; ‘http’: http; ‘ssl-l4’: ssl-l4;

Type: string

Supported Values: dns, http, ssl-l4

template

Description: template is a JSON Block. Please see below for src_geo-location-list_app-type-list_template

Type: Object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

src_geo-location-list_app-type-list_template

Specification  
Type object

dns

Description DDOS DNS template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

http

Description DDOS HTTP template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

ssl-l4

Description DDOS SSL-L4 template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

src_geo-location-list_l4-type-list

Specification  
Type list
Block object keys  

action

Description ‘permit’: Whitelist incoming packets for protocol; ‘deny’: Blacklist incoming packets for protocol;

Type: string

Supported Values: permit, deny

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

protocol

Description ‘tcp’: tcp; ‘udp’: udp; ‘icmp’: icmp; ‘other’: other;

Type: string

Supported Values: tcp, udp, icmp, other

template

Description: template is a JSON Block. Please see below for src_geo-location-list_l4-type-list_template

Type: Object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

src_geo-location-list_l4-type-list_template

Specification  
Type object

other

Description DDOS OTHER template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

tcp

Description DDOS TCP template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

template-icmp-v4

Description DDOS ICMP template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

udp

Description DDOS UDP template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

src_geo-location-list_template

Specification  
Type object

logging

Description DDOS logging template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

protect

Specification  
Type object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

resource-tracking

Specification  
Type object

cpu

Description: cpu is a JSON Block. Please see below for resource-tracking_cpu

Type: Object

Refernce Object: /axapi/v3/ddos/resource-tracking/cpu

resource-tracking_cpu

Specification  
Type object

enable

Description Enable CPU usage tracking per dst object (default: disabled)

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

logging

Specification  
Type object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

l7-dns

Specification  
Type object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

tunnel

Specification  
Type object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

use-default-route

Specification  
Type object

ethernet-start-cfg

Type: List

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

use-default-route_ethernet-start-cfg

Specification  
Type list
Block object keys  

ethernet-end

Description

Type: number

Format: interface

ethernet-start

Description Traffic receive from the ethernet port will use default route

Type: number

Format: interface

event-filter-list

Specification  
Type list
Block object keys  

black-list

Description: black-list is a JSON Block. Please see below for event-filter-list_black-list

Type: Object

drop

Description: drop is a JSON Block. Please see below for event-filter-list_drop

Type: Object

filter-name

Description

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

l4-type-list

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

white-list

Description: white-list is a JSON Block. Please see below for event-filter-list_white-list

Type: Object

event-filter-list_black-list

Specification  
Type object

black-list-dst

Description Dst entry/port is black-listed

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

black-list-src

Description Src entry/port is black-listed

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

event-filter-list_drop

Specification  
Type object

drop-black-list

Description Packet is dropped because of black-list

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

drop-dst

Description Packet is dropped because of dst

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

drop-src

Description Packet is dropped because of src

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

event-filter-list_white-list

Specification  
Type object

white-list-dst

Description Dst entry/port is white-listed

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

white-list-src

Description Src entry/port is white-listed

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

event-filter-list_l4-type-list

Specification  
Type list
Block object keys  

out-of-seq

Description TCP out-of-seq pkts

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

protocol

Description ‘tcp’: tcp; ‘udp’: udp;

Type: string

Supported Values: tcp, udp

retrans-syn-cfg

Description: retrans-syn-cfg is a JSON Block. Please see below for event-filter-list_l4-type-list_retrans-syn-cfg

Type: Object

tcp-auth

Description: tcp-auth is a JSON Block. Please see below for event-filter-list_l4-type-list_tcp-auth

Type: Object

udp-auth

Description: udp-auth is a JSON Block. Please see below for event-filter-list_l4-type-list_udp-auth

Type: Object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zero-window

Description TCP zero window pkts

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

event-filter-list_l4-type-list_tcp-auth

Specification  
Type object

tcp-auth-fail

Description Packet that fails syn-auth/action-on-ack

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

tcp-auth-init

Description Packet that inits syn-auth/action-on-ack

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

tcp-auth-pass

Description Packet that passes syn-auth/action-on-ack

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

event-filter-list_l4-type-list_udp-auth

Specification  
Type object

udp-auth-init

Description Packet that inits spoof-detect

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

udp-auth-pass

Description Packet that passes spoof-detect

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

event-filter-list_l4-type-list_retrans-syn-cfg

Specification  
Type object

retrans-syn

Description TCP SYN retransmission

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

retrans-syn-exceed

Description TCP SYN retransmission exceed

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dns-cache-server

Specification  
Type object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

switch

Specification  
Type object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

l7-http

Specification  
Type object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

action-list-list

Specification  
Type list
Block object keys  

action

Description: action is a JSON Block. Please see below for action-list-list_action

Type: Object

capture-config

Description capture-config name

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/capture-config

name

Description DDOS action-list name

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-template

Description: zone-template is a JSON Block. Please see below for action-list-list_zone-template

Type: Object

action-list-list_action

Specification  
Type object

action

Description ‘drop’: Drop Packet (Default); ‘ignore’: Continue processing the packet; ‘reset’: Reset the connection; ‘authenticate-src’: Authenticate the source IP; ‘blacklist-src’: Black-list the source IP;

Type: string

Supported Values: drop, ignore, reset, authenticate-src, blacklist-src

blacklist-src-value

Description blacklist duration in minutes

Type: number

Range: 1-30

action-list-list_zone-template

Specification  
Type object

logging

Description DDOS logging zone-template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

zone-src-port-template

Specification  
Type object

tcp-list

udp-list

zone-src-port-template_udp-list

Specification  
Type list
Block object keys  

filter-list

max-payload-size-cfg

Description: max-payload-size-cfg is a JSON Block. Please see below for zone-src-port-template_udp-list_max-payload-size-cfg

Type: Object

min-payload-size-cfg

Description: min-payload-size-cfg is a JSON Block. Please see below for zone-src-port-template_udp-list_min-payload-size-cfg

Type: Object

name

Description DDOS UDP Template Name

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

ntp-monlist-cfg

Description: ntp-monlist-cfg is a JSON Block. Please see below for zone-src-port-template_udp-list_ntp-monlist-cfg

Type: Object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-src-port-template_udp-list_ntp-monlist-cfg

Specification  
Type object

ntp-monlist

Description Take action for ntp monlist request/response

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

ntp-monlist-action

Description ‘drop’: Drop packets for ntp-monlist (Default); ‘blacklist-src’: Blacklist-src for ntp-monlist; ‘ignore’: Ignore ntp-monlist;

Type: string

Supported Values: drop, blacklist-src, ignore

Mutual Exclusion: ntp-monlist-action and ntp-monlist-action-list-name are mutually exclusive

ntp-monlist-action-list-name

Description Configure action-list to take for ntp-monlist

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: ntp-monlist-action-list-name and ntp-monlist-action are mutually exclusive

Refernce Object: /axapi/v3/ddos/action-list

zone-src-port-template_udp-list_max-payload-size-cfg

Specification  
Type object

max-payload-size

Description Maximum UDP payload size for each single packet

Type: number

Range: 1-1470

max-payload-size-action

Description ‘drop’: Drop packets for max-payload-size exceed (Default); ‘blacklist-src’: Blacklist-src for max-payload-size exceed; ‘ignore’: Do nothing for max-payload-size exceed;

Type: string

Supported Values: drop, blacklist-src, ignore

Mutual Exclusion: max-payload-size-action and max-payload-size-action-list-name are mutually exclusive

max-payload-size-action-list-name

Description Configure action-list to take for max-payload-size exceed

Type: string

Format: string-rlx

Maximum Length: 64 characters

Maximum Length: 1 characters

Mutual Exclusion: max-payload-size-action-list-name and max-payload-size-action are mutually exclusive

Refernce Object: /axapi/v3/ddos/action-list

zone-src-port-template_udp-list_min-payload-size-cfg

Specification  
Type object

min-payload-size

Description Minimum UDP payload size for each single packet

Type: number

Range: 1-1470

min-payload-size-action

Description ‘drop’: Drop packets for min-payload-size (Default); ‘blacklist-src’: Blacklist-src for min-payload-size; ‘ignore’: Do nothing for min-payload-size exceed;

Type: string

Supported Values: drop, blacklist-src, ignore

Mutual Exclusion: min-payload-size-action and min-payload-size-action-list-name are mutually exclusive

min-payload-size-action-list-name

Description Configure action-list to take for min-payload-size exceed

Type: string

Format: string-rlx

Maximum Length: 64 characters

Maximum Length: 1 characters

Mutual Exclusion: min-payload-size-action-list-name and min-payload-size-action are mutually exclusive

Refernce Object: /axapi/v3/ddos/action-list

zone-src-port-template_udp-list_filter-list

Specification  
Type list
Block object keys  

byte-offset-filter

Description Filter using Berkeley Packet Filter syntax

Type: string

Format: string-rlx

Maximum Length: 1275 characters

Maximum Length: 1 characters

udp-filter-action

Description ‘drop’: Drop packets (Default); ‘ignore’: Take no action; ‘blacklist-src’: Blacklist-src; ‘authenticate-src’: Authenticate-src;

Type: string

Supported Values: drop, ignore, blacklist-src, authenticate-src

Mutual Exclusion: udp-filter-action and udp-filter-action-list-name are mutually exclusive

udp-filter-action-list-name

Description Configure action-list to take

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: udp-filter-action-list-name and udp-filter-action are mutually exclusive

udp-filter-inverse-match

Description Inverse the result of the matching

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

udp-filter-name

Description

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

udp-filter-regex

Description Regex Expression

Type: string

Format: string-rlx

Maximum Length: 1275 characters

Maximum Length: 1 characters

udp-filter-seq

Description Sequence number

Type: number

Range: 1-200

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-src-port-template_tcp-list

Specification  
Type list
Block object keys  

filter-list

name

Description

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-src-port-template_tcp-list_filter-list

Specification  
Type list
Block object keys  

byte-offset-filter

Description Filter using Berkeley Packet Filter syntax

Type: string

Format: string-rlx

Maximum Length: 1275 characters

Maximum Length: 1 characters

tcp-filter-action

Description ‘drop’: Drop packets (Default); ‘ignore’: Take no action; ‘blacklist-src’: Blacklist-src; ‘authenticate-src’: Authenticate-src;

Type: string

Supported Values: drop, ignore, blacklist-src, authenticate-src

Mutual Exclusion: tcp-filter-action and tcp-filter-action-list-name are mutually exclusive

tcp-filter-action-list-name

Description Configure action-list to take

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Mutual Exclusion: tcp-filter-action-list-name and tcp-filter-action are mutually exclusive

Refernce Object: /axapi/v3/ddos/action-list

tcp-filter-inverse-match

Description Inverse the result of the matching

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

tcp-filter-name

Description

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

tcp-filter-regex

Description Regex Expression

Type: string

Format: string-rlx

Maximum Length: 1275 characters

Maximum Length: 1 characters

tcp-filter-seq

Description Sequence number

Type: number

Range: 1-200

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

l4-udp

Specification  
Type object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

dns-cache-list

Specification  
Type list
Block object keys  

any-query-action-str

Description ‘respond-refuse’: Send refuse response (default); ‘respond-empty’: Send empty response; ‘drop’: Drop the request;

Type: string

Supported Values: respond-refuse, respond-empty, drop

Default: respond-refuse

domain-group

Description: domain-group is a JSON Block. Please see below for dns-cache-list_domain-group

Type: Object

Refernce Object: /axapi/v3/ddos/dns-cache/{name}/domain-group

fqdn-manual-override-action-list

name

Description

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

dns-cache-list_domain-group

Specification  
Type object

domain-list-policy-list

name

Description DNS domain group

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

dns-cache-list_domain-group_domain-list-policy-list

Specification  
Type list
Block object keys  

client-ipv4

Description Client ipv4 address

Type: string

Format: ipv4-address

client-ipv6

Description Client ipv6 address

Type: string

Format: ipv6-address

force

Description Force update even the serial is the same

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

manual-refresh

Description Manually refresh the particular zone

Type: string

Format: string-rlx

Maximum Length: 255 characters

Maximum Length: 1 characters

name

Description DNS domain list policy

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

oversize-answer-response

Description ‘set-truncate-bit’: Set the TC bit for oversize answer(default); ‘disable-truncate-bit’: Do not set TC bit for oversize answer;

Type: string

Supported Values: set-truncate-bit, disable-truncate-bit

Default: set-truncate-bit

refresh-interval-hours

Description Zone transfer refresh rate in hours (Default 4). 0 means no refresh

Type: number

Range: 0-24

Default: 4

resolve-cname-record

Description Always try to resolve domain in CNAME record answer section

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

respond-with-authority

Description Respond with authority section for all requests under this list

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

server-ipv4

Description Master ipv4 address

Type: string

Format: ipv4-address

server-ipv6

Description Master ipv6 address

Type: string

Format: ipv6-address

server-v4-port

Description Port number (default 53)

Type: number

Range: 1-65535

Default: 53

server-v6-port

Description Port number (default 53)

Type: number

Range: 1-65535

Default: 53

ttl-override

Description Override the TTL value for zone transfer

Type: number

Range: 1-2147483647

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

dns-cache-list_fqdn-manual-override-action-list

Specification  
Type list
Block object keys  

action

Description ‘default’: Default; ‘forward’: Forward to DNS server; ‘drop’: Drop the request;

Type: string

Supported Values: default, forward, drop

fqdn-name

Description Specify fqdn name

Type: string

Format: string-rlx

Maximum Length: 255 characters

Maximum Length: 1 characters