ddos dst zone

Configure a static zone entry

zone Specification

   
Type Collection
Object Key(s) zone-name
Collection Name zone-list
Collection URI /axapi/v3/ddos/dst/zone
Element Name zone
Element URI /axapi/v3/ddos/dst/zone/{zone-name}
Element Attributes zone_attributes
Statistics Data URI /axapi/v3/ddos/dst/zone/{zone-name}/stats
Operational Data URI /axapi/v3/ddos/dst/zone/{zone-name}/oper
Schema zone schema

Operations Allowed:

OperationMethodURIPayload

Create Object

POST

/axapi/v3/ddos/dst/zone

zone attributes

Create List

POST

/axapi/v3/ddos/dst/zone

zone attributes

Get Object

GET

/axapi/v3/ddos/dst/zone/{zone-name}

zone attributes

Get List

GET

/axapi/v3/ddos/dst/zone

zone-list

Modify Object

POST

/axapi/v3/ddos/dst/zone/{zone-name}

zone attributes

Replace Object

PUT

/axapi/v3/ddos/dst/zone/{zone-name}

zone attributes

Replace List

PUT

/axapi/v3/ddos/dst/zone

zone-list

Delete Object

DELETE

/axapi/v3/ddos/dst/zone/{zone-name}

zone attributes

zone-list

zone-list is JSON List of zone attributes

zone-list : [

zone attributes

advertised-enable

Description BGP advertised

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

capture-config-list

description

Description Description for this Destination Zone

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

dest-nat-ip

Description Destination NAT IP address

Type: string

Format: ipv4-address

dest-nat-ipv6

Description Destination NAT IPv6 address

Type: string

Format: ipv6-address

drop-frag-pkt

Description Drop fragmented packets

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

force-operational-mode

Description Force configure operational mode

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

glid

Description Global limit ID for the whole zone

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

ip

Type: List

ip-proto

Description: ip-proto is a JSON Block. Please see below for ip-proto

Type: Object

Refernce Object: /axapi/v3/ddos/dst/zone/{zone-name}/ip-proto

ipv6

Type: List

log-enable

Description Enable logging

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

log-periodic

Description Enable log periodic

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

operational-mode

Description ‘idle’: Idle mode; ‘monitor’: Monitor mode; ‘learning’: Learning mode;

Type: string

Supported Values: idle, monitor, learning

Default: idle

per-addr-glid

Description Global limit ID per address

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

port

Description: port is a JSON Block. Please see below for port

Type: Object

Refernce Object: /axapi/v3/ddos/dst/zone/{zone-name}/port

port-range-list

reporting-disabled

Description Disable Reporting

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

sflow-common

Description Enable sFlow counter polling packets, tcp-basic, tcp-stateful and http. WARNING: Zone level Sflow polling might induce heavy CP

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: sflow-commonsflow-packets, sflow-layer-4, sflow-tcp-basic, sflow-tcp-stateful and sflow-http are mutually exclusive

sflow-http

Description Enable sFlow HTTP counter polling. WARNING: Zone level Sflow polling might induce heavy CPU load depending on the total number

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: sflow-http and sflow-common are mutually exclusive

sflow-layer-4

Description Enable sFlow Layer 4 counter polling. WARNING: Zone level Sflow polling might induce heavy CPU load depending on the number of

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: sflow-layer-4 and sflow-common are mutually exclusive

sflow-packets

Description Enable sFlow packet-level counter polling. WARNING: Zone level Sflow polling might induce heavy CPU load depending on the total

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: sflow-packets and sflow-common are mutually exclusive

sflow-tcp

Description: sflow-tcp is a JSON Block. Please see below for sflow-tcp

Type: Object

source-nat-pool

Description Configure source NAT

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

src-port

Description: src-port is a JSON Block. Please see below for src-port

Type: Object

Refernce Object: /axapi/v3/ddos/dst/zone/{zone-name}/src-port

src-port-range-list

telemetry-enable

Description Enable from-l3-peer flag for the zone, thus all the ip entries in the zone will be dynamically created/deleted based on the BGP

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

traffic-distribution-mode

Description ‘default’: Distribute traffic to one blade only; ‘source-ip-based’: Distribute traffic between blades, based on source ip;

Type: string

Supported Values: default, source-ip-based

Default: default

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-name

Description

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

zone-profile

Description Apply threshold profile

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/ddos/zone-profile

zone-template

Description: zone-template is a JSON Block. Please see below for zone-template

Type: Object

ip

Specification  
Type list
Block object keys  

expand-ip-subnet

Description Expand this subnet to individual IP address

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

expand-ip-subnet-mode

Description ‘dynamic’: Dynamic learning;

Type: string

Supported Values: dynamic

ip-addr

Description Specify IP address

Type: string

Format: ipv4-address

subnet-ip-addr

Description IP Subnet

Type: string

Format: ipv4-cidr

ip-proto

Specification  
Type object

proto-name-list

proto-number-list

proto-tcp-udp-list

ip-proto_proto-number-list

Specification  
Type list
Block object keys  

age

Description Idle age for ip entry

Type: number

Range: 2-1023

Default: 5

apply-policy-on-overflow

Description Enable this flag to apply overflow policy when dynamic entry count overflows

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

deny

Description Blacklist and Drop all incoming packets for this ip-proto

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

drop-frag-pkt

Description Drop fragmented packets

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dynamic-entry-overflow-policy-list

enable-top-k

Description Enable ddos top-k detection

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

glid-cfg

Description: glid-cfg is a JSON Block. Please see below for ip-proto_proto-number-list_glid-cfg

Type: Object

level-list

manual-mode-enable

Description Toggle manual mode to use fix templates

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

manual-mode-list

max-dynamic-entry-count

Description Maximum count for dynamic source zone service entry

Type: number

Range: 0-2147483647

port-ind

Description: port-ind is a JSON Block. Please see below for ip-proto_proto-number-list_port-ind

Type: Object

Refernce Object: /axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}/port-ind

protocol-num

Description Protocol Number

Type: number

Range: 0-255

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

ip-proto_proto-number-list_port-ind

Specification  
Type object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

ip-proto_proto-number-list_dynamic-entry-overflow-policy-list

Specification  
Type list
Block object keys  

dummy-name

Description ‘configuration’: Configure overflow policy;

Type: string

Supported Values: configuration

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-template

Description: zone-template is a JSON Block. Please see below for ip-proto_proto-number-list_dynamic-entry-overflow-policy-list_zone-template

Type: Object

ip-proto_proto-number-list_dynamic-entry-overflow-policy-list_zone-template

Specification  
Type object

encap

Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

ip-proto

Description DDOS ip-proto template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

ip-proto_proto-number-list_level-list

Specification  
Type list
Block object keys  

indicator-list

level-num

Description ‘0’: Default policy level; ‘1’: Policy level 1; ‘2’: Policy level 2; ‘3’: Policy level 3; ‘4’: Policy level 4;

Type: string

Supported Values: 0, 1, 2, 3, 4

src-default-glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

src-escalation-score

Description Source activation score of this level

Type: number

Range: 1-1000000

src-violation-actions

Description Violation actions apply due to source escalate from this level

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/ddos/violation-actions

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-escalation-score

Description Zone activation score of this level

Type: number

Range: 1-1000000

zone-template

Description: zone-template is a JSON Block. Please see below for ip-proto_proto-number-list_level-list_zone-template

Type: Object

zone-violation-actions

Description Violation actions apply due to zone escalate from this level

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/ddos/violation-actions

ip-proto_proto-number-list_level-list_zone-template

Specification  
Type object

encap

Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

ip-proto

Description DDOS ip-proto template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

ip-proto_proto-number-list_level-list_indicator-list

Specification  
Type list
Block object keys  

data-packet-size

Description Expected minimal data size

Type: number

Range: 0-2147483647

score

Description Score corresponding to the indicator

Type: number

Range: 1-1000000

src-threshold-num

Description Indicator per-src threshold

Type: number

Range: 0-2147483647

src-threshold-str

Description Indicator per-src threshold

Type: string

Maximum Length: 128 characters

Maximum Length: 1 characters

src-violation-actions

Description Violation actions to use when this src indicator threshold reaches

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/ddos/violation-actions

type

Description ‘pkt-rate’: rate of incoming packets; ‘pkt-drop-rate’: rate of packets got dropped; ‘pkt-drop-ratio’: ratio of incoming packet rate divided by the rate of dropping packets; ‘bytes-to-bytes-from-ratio’: ratio of incoming packet rate divided by the rate of outgoing packets; ‘frag-rate’: rate of incoming fragmented packets;

Type: string

Supported Values: pkt-rate, pkt-drop-rate, pkt-drop-ratio, bytes-to-bytes-from-ratio, frag-rate

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-threshold-num

Description Threshold for the entire zone

Type: number

Range: 0-2147483647

zone-threshold-str

Description Threshold for the entire zone

Type: string

Maximum Length: 128 characters

Maximum Length: 1 characters

zone-violation-actions

Description Violation actions to use when this zone indicator threshold reaches

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/ddos/violation-actions

ip-proto_proto-number-list_glid-cfg

Specification  
Type object

glid

Description Global limit ID for the whole zone

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

glid-action

Description ‘drop’: Drop packets for glid exceed (Default); ‘blacklist-src’: Blacklist-src for glid exceed; ‘ignore’: Do nothing for glid exceed;

Type: string

Supported Values: drop, blacklist-src, ignore

per-addr-glid

Description Global limit ID per address

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

ip-proto_proto-number-list_manual-mode-list

Specification  
Type list
Block object keys  

config

Description ‘configuration’: Manual-mode configuration;

Type: string

Supported Values: configuration

src-default-glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-template

Description: zone-template is a JSON Block. Please see below for ip-proto_proto-number-list_manual-mode-list_zone-template

Type: Object

ip-proto_proto-number-list_manual-mode-list_zone-template

Specification  
Type object

encap

Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

ip-proto

Description DDOS ip-proto template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

ip-proto_proto-name-list

Specification  
Type list
Block object keys  

age

Description Idle age for ip entry

Type: number

Range: 2-1023

Default: 5

apply-policy-on-overflow

Description Enable this flag to apply overflow policy when dynamic entry count overflows

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

deny

Description Blacklist and Drop all incoming packets for ip-proto icmp-v4

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

drop-frag-pkt

Description Drop fragmented packets

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dynamic-entry-overflow-policy-list

enable-top-k

Description Enable ddos top-k detection

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

glid-cfg

Description: glid-cfg is a JSON Block. Please see below for ip-proto_proto-name-list_glid-cfg

Type: Object

key-cfg

Type: List

level-list

manual-mode-enable

Description Toggle manual mode to use fix templates

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

manual-mode-list

max-dynamic-entry-count

Description Maximum count for dynamic source zone service entry

Type: number

Range: 0-2147483647

port-ind

Description: port-ind is a JSON Block. Please see below for ip-proto_proto-name-list_port-ind

Type: Object

Refernce Object: /axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol}/port-ind

protocol

Description ‘icmp-v4’: ip-proto icmp-v4; ‘icmp-v6’: ip-proto icmp-v6; ‘other’: ip-proto other; ‘gre’: ip-proto gre; ‘ipv4-encap’: ip-proto IPv4 Encapsulation; ‘ipv6-encap’: ip-proto IPv6 Encapsulation;

Type: string

Supported Values: icmp-v4, icmp-v6, other, gre, ipv4-encap, ipv6-encap

tunnel-decap

Description Enable tunnel decapsulation

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

tunnel-rate-limit

Description Enable DDOS-protection on tunnel traffic

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

ip-proto_proto-name-list_port-ind

Specification  
Type object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

ip-proto_proto-name-list_key-cfg

Specification  
Type list
Block object keys  

key

Description Only decapsulate GRE packet with this hexadecimal key

Type: string

Maximum Length: 8 characters

Maximum Length: 1 characters

ip-proto_proto-name-list_glid-cfg

Specification  
Type object

glid

Description Global limit ID for the whole zone

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

glid-action

Description ‘drop’: Drop packets for glid exceed (Default); ‘blacklist-src’: Blacklist-src for glid exceed; ‘ignore’: Do nothing for glid exceed;

Type: string

Supported Values: drop, blacklist-src, ignore

per-addr-glid

Description Global limit ID per address

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

ip-proto_proto-name-list_dynamic-entry-overflow-policy-list

Specification  
Type list
Block object keys  

dummy-name

Description ‘configuration’: Configure overflow policy;

Type: string

Supported Values: configuration

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-template

Description: zone-template is a JSON Block. Please see below for ip-proto_proto-name-list_dynamic-entry-overflow-policy-list_zone-template

Type: Object

ip-proto_proto-name-list_dynamic-entry-overflow-policy-list_zone-template

Specification  
Type object

encap

Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

icmp-v4

Description DDOS icmp-v4 template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

icmp-v6

Description DDOS icmp-v6 template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

ip-proto

Description DDOS ip-proto template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

ip-proto_proto-name-list_level-list

Specification  
Type list
Block object keys  

indicator-list

level-num

Description ‘0’: Default policy level; ‘1’: Policy level 1; ‘2’: Policy level 2; ‘3’: Policy level 3; ‘4’: Policy level 4;

Type: string

Supported Values: 0, 1, 2, 3, 4

src-default-glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

src-escalation-score

Description Source activation score of this level

Type: number

Range: 1-1000000

src-violation-actions

Description Violation actions apply due to source escalate from this level

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/ddos/violation-actions

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-escalation-score

Description Zone activation score of this level

Type: number

Range: 1-1000000

zone-template

Description: zone-template is a JSON Block. Please see below for ip-proto_proto-name-list_level-list_zone-template

Type: Object

zone-violation-actions

Description Violation actions apply due to zone escalate from this level

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/ddos/violation-actions

ip-proto_proto-name-list_level-list_zone-template

Specification  
Type object

encap

Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

icmp-v4

Description DDOS icmp-v4 template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

icmp-v6

Description DDOS icmp-v6 template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

ip-proto

Description DDOS ip-proto template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

ip-proto_proto-name-list_level-list_indicator-list

Specification  
Type list
Block object keys  

data-packet-size

Description Expected minimal data size

Type: number

Range: 0-2147483647

score

Description Score corresponding to the indicator

Type: number

Range: 1-1000000

src-threshold-num

Description Indicator per-src threshold

Type: number

Range: 0-2147483647

src-threshold-str

Description Indicator per-src threshold

Type: string

Maximum Length: 128 characters

Maximum Length: 1 characters

src-violation-actions

Description Violation actions to use when this src indicator threshold reaches

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/ddos/violation-actions

type

Description ‘pkt-rate’: rate of incoming packets; ‘pkt-drop-rate’: rate of packets got dropped; ‘pkt-drop-ratio’: ratio of incoming packet rate divided by the rate of dropping packets; ‘bytes-to-bytes-from-ratio’: ratio of incoming packet rate divided by the rate of outgoing packets; ‘frag-rate’: rate of incoming fragmented packets;

Type: string

Supported Values: pkt-rate, pkt-drop-rate, pkt-drop-ratio, bytes-to-bytes-from-ratio, frag-rate

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-threshold-num

Description Threshold for the entire zone

Type: number

Range: 0-2147483647

zone-threshold-str

Description Threshold for the entire zone

Type: string

Maximum Length: 128 characters

Maximum Length: 1 characters

zone-violation-actions

Description Violation actions to use when this zone indicator threshold reaches

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/ddos/violation-actions

ip-proto_proto-name-list_manual-mode-list

Specification  
Type list
Block object keys  

config

Description ‘configuration’: Manual-mode configuration;

Type: string

Supported Values: configuration

src-default-glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-template

Description: zone-template is a JSON Block. Please see below for ip-proto_proto-name-list_manual-mode-list_zone-template

Type: Object

ip-proto_proto-name-list_manual-mode-list_zone-template

Specification  
Type object

encap

Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

icmp-v4

Description DDOS icmp-v4 template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

icmp-v6

Description DDOS icmp-v6 template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

ip-proto

Description DDOS ip-proto template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

ip-proto_proto-tcp-udp-list

Specification  
Type list
Block object keys  

drop-frag-pkt

Description Drop fragmented packets

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

glid-cfg

Description: glid-cfg is a JSON Block. Please see below for ip-proto_proto-tcp-udp-list_glid-cfg

Type: Object

protocol

Description ‘tcp’: ip-proto tcp; ‘udp’: ip-proto udp;

Type: string

Supported Values: tcp, udp

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

ip-proto_proto-tcp-udp-list_glid-cfg

Specification  
Type object

glid

Description Global limit ID for the whole zone

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

glid-action

Description ‘drop’: Drop packets for glid exceed (Default); ‘blacklist-src’: Blacklist-src for glid exceed; ‘ignore’: Do nothing for glid exceed;

Type: string

Supported Values: drop, blacklist-src, ignore

per-addr-glid

Description Global limit ID per address

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

port-range-list

Specification  
Type list
Block object keys  

age

Description Idle age for ip entry

Type: number

Range: 2-1023

Default: 5

apply-policy-on-overflow

Description Enable this flag to apply overflow policy when dynamic entry count overflows

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

default-action-list

Description Configure default-action-list

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/ddos/action-list

deny

Description Blacklist and Drop all incoming packets for protocol

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dynamic-entry-overflow-policy-list

enable-class-list-overflow

Description Apply class-list overflow policy upon exceeding dynamic entry count specified under zone port or each class-list

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

enable-top-k

Description Enable ddos top-k detection

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

glid-cfg

Description: glid-cfg is a JSON Block. Please see below for port-range-list_glid-cfg

Type: Object

level-list

manual-mode-enable

Description Toggle manual mode to use fix templates

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

manual-mode-list

max-dynamic-entry-count

Description Maximum count for dynamic source zone service entry

Type: number

Range: 0-2147483647

port-ind

Description: port-ind is a JSON Block. Please see below for port-range-list_port-ind

Type: Object

Refernce Object: /axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/port-ind

port-range-end

Description Port-Range End Port Number

Type: number

Range: 1-65535

port-range-start

Description Port-Range Start Port Number

Type: number

Range: 1-65535

protocol

Description ‘dns-tcp’: DNS-TCP Port; ‘dns-udp’: DNS-UDP Port; ‘http’: HTTP Port; ‘tcp’: TCP Port; ‘udp’: UDP Port; ‘ssl-l4’: SSL-L4 Port;

Type: string

Supported Values: dns-tcp, dns-udp, http, tcp, udp, ssl-l4

sflow-common

Description Enable all sFlow polling options under this zone port

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: sflow-commonsflow-packets, sflow-tcp-basic, sflow-tcp-stateful and sflow-http are mutually exclusive

sflow-http

Description Enable sFlow HTTP counter polling

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: sflow-http and sflow-common are mutually exclusive

sflow-packets

Description Enable sFlow packet-level counter polling

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: sflow-packets and sflow-common are mutually exclusive

sflow-tcp

Description: sflow-tcp is a JSON Block. Please see below for port-range-list_sflow-tcp

Type: Object

src-based-policy-list

stateful

Description Enable stateful tracking of sessions (Default is stateless)

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

port-range-list_dynamic-entry-overflow-policy-list

Specification  
Type list
Block object keys  

action

Description ‘bypass’: Always permit for the Source to bypass all feature & limit checks; ‘deny’: Blacklist incoming packets for service;

Type: string

Supported Values: bypass, deny

dummy-name

Description ‘configuration’: Configure overflow policy;

Type: string

Supported Values: configuration

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

log-enable

Description Enable logging

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

log-periodic

Description Enable log periodic

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-template

Description: zone-template is a JSON Block. Please see below for port-range-list_dynamic-entry-overflow-policy-list_zone-template

Type: Object

port-range-list_dynamic-entry-overflow-policy-list_zone-template

Specification  
Type object

dns

Description DDOS dns template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

encap

Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

http

Description DDOS http template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

logging

Description DDOS logging template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

ssl-l4

Description DDOS ssl-l4 template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

tcp

Description DDOS tcp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

udp

Description DDOS udp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

port-range-list_glid-cfg

Specification  
Type object

glid

Description Global limit ID for the whole zone

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

glid-action

Description ‘drop’: Drop packets for glid exceed (Default if default-action-list is not configured); ‘blacklist-src’: Blacklist-src for glid exceed; ‘ignore’: Do nothing for glid exceed;

Type: string

Supported Values: drop, blacklist-src, ignore

per-addr-glid

Description Global limit ID per address

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

port-range-list_level-list

Specification  
Type list
Block object keys  

indicator-list

level-num

Description ‘0’: Default policy level; ‘1’: Policy level 1; ‘2’: Policy level 2; ‘3’: Policy level 3; ‘4’: Policy level 4;

Type: string

Supported Values: 0, 1, 2, 3, 4

src-default-glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

src-escalation-score

Description Source activation score of this level

Type: number

Range: 1-1000000

src-violation-actions

Description Violation actions apply due to source escalate from this level

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/ddos/violation-actions

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-escalation-score

Description Zone activation score of this level

Type: number

Range: 1-1000000

zone-template

Description: zone-template is a JSON Block. Please see below for port-range-list_level-list_zone-template

Type: Object

zone-violation-actions

Description Violation actions apply due to zone escalate from this level

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/ddos/violation-actions

port-range-list_level-list_zone-template

Specification  
Type object

dns

Description DDOS dns template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

encap

Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

http

Description DDOS http template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

ssl-l4

Description DDOS ssl-l4 template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

tcp

Description DDOS tcp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

udp

Description DDOS udp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

port-range-list_level-list_indicator-list

Specification  
Type list
Block object keys  

data-packet-size

Description Expected minimal data size

Type: number

Range: 0-2147483647

score

Description Score corresponding to the indicator

Type: number

Range: 1-1000000

src-threshold-num

Description Indicator per-src threshold

Type: number

Range: 0-2147483647

src-threshold-str

Description Indicator per-src threshold

Type: string

Maximum Length: 128 characters

Maximum Length: 1 characters

src-violation-actions

Description Violation actions to use when this src indicator threshold reaches

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/ddos/violation-actions

tcp-window-size

Description Expected minimal window size

Type: number

Range: 0-2147483647

type

Description ‘pkt-rate’: rate of incoming packets; ‘pkt-drop-rate’: rate of packets got dropped; ‘pkt-drop-ratio’: ratio of incoming packet rate divided by the rate of dropping packets; ‘bytes-to-bytes-from-ratio’: ratio of incoming packet rate divided by the rate of outgoing packets; ‘concurrent-conns’: number of concurrent connections; ‘conn-miss-rate’: rate of incoming packets for which no previously established connection exists; ‘syn-rate’: rate on incoming SYN packets; ‘fin-rate’: rate on incoming FIN packets; ‘rst-rate’: rate of incoming RST packets; ‘small-window-ack-rate’: rate of small window advertisement; ‘empty-ack-rate’: rate of incoming packets which have no payload; ‘small-payload-rate’: rate of short payload packet; ‘syn-fin-ratio’: ratio of incoming SYN packet rate divided by the rate of incoming FIN packets;

Type: string

Supported Values: pkt-rate, pkt-drop-rate, pkt-drop-ratio, bytes-to-bytes-from-ratio, concurrent-conns, conn-miss-rate, syn-rate, fin-rate, rst-rate, small-window-ack-rate, empty-ack-rate, small-payload-rate, syn-fin-ratio

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-threshold-num

Description Threshold for the entire zone

Type: number

Range: 0-2147483647

zone-threshold-str

Description Threshold for the entire zone

Type: string

Maximum Length: 128 characters

Maximum Length: 1 characters

zone-violation-actions

Description Violation actions to use when this zone indicator threshold reaches

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/ddos/violation-actions

port-range-list_manual-mode-list

Specification  
Type list
Block object keys  

config

Description ‘configuration’: Manual-mode configuration;

Type: string

Supported Values: configuration

src-default-glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-template

Description: zone-template is a JSON Block. Please see below for port-range-list_manual-mode-list_zone-template

Type: Object

port-range-list_manual-mode-list_zone-template

Specification  
Type object

dns

Description DDOS dns template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

encap

Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

http

Description DDOS http template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

ssl-l4

Description DDOS ssl-l4 template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

tcp

Description DDOS tcp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

udp

Description DDOS udp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

port-range-list_src-based-policy-list

Specification  
Type list
Block object keys  

policy-class-list-list

src-based-policy-name

Description Specify name of the policy

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

port-range-list_src-based-policy-list_policy-class-list-list

Specification  
Type list
Block object keys  

action

Description ‘bypass’: Always permit for the Source to bypass all feature & limit checks; ‘deny’: Blacklist incoming packets for service;

Type: string

Supported Values: bypass, deny

class-list-name

Description Class-list name

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

class-list-overflow-policy-list

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

max-dynamic-entry-count

Description Maximum count for dynamic source zone service entry allowed for this class-list

Type: number

Range: 0-2147483647

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-template

Description: zone-template is a JSON Block. Please see below for port-range-list_src-based-policy-list_policy-class-list-list_zone-template

Type: Object

port-range-list_src-based-policy-list_policy-class-list-list_zone-template

Specification  
Type object

dns

Description DDOS dns template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

encap

Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

http

Description DDOS http template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

logging

Description DDOS logging template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

ssl-l4

Description DDOS ssl-l4 template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

tcp

Description DDOS tcp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

udp

Description DDOS udp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

port-range-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list

Specification  
Type list
Block object keys  

action

Description ‘bypass’: Always permit for the Source to bypass all feature & limit checks; ‘deny’: Blacklist incoming packets for service;

Type: string

Supported Values: bypass, deny

dummy-name

Description ‘configuration’: Configure overflow policy for class-list;

Type: string

Supported Values: configuration

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

log-enable

Description Enable logging

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

log-periodic

Description Enable log periodic

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-template

Description: zone-template is a JSON Block. Please see below for port-range-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list_zone-template

Type: Object

port-range-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list_zone-template

Specification  
Type object

dns

Description DDOS dns template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

encap

Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

http

Description DDOS http template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

logging

Description DDOS logging template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

ssl-l4

Description DDOS ssl-l4 template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

tcp

Description DDOS tcp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

udp

Description DDOS udp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

port-range-list_port-ind

Specification  
Type object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

port-range-list_sflow-tcp

Specification  
Type object

sflow-tcp-basic

Description Enable sFlow basic TCP counter polling

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: sflow-tcp-basic and sflow-common are mutually exclusive

sflow-tcp-stateful

Description Enable sFlow stateful TCP counter polling

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: sflow-tcp-stateful and sflow-common are mutually exclusive

port

Specification  
Type object

zone-service-list

zone-service-other-list

port_zone-service-list

Specification  
Type list
Block object keys  

apply-policy-on-overflow

Description Enable this flag to apply overflow policy when dynamic entry count overflows

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

capture-config

Description: capture-config is a JSON Block. Please see below for port_zone-service-list_capture-config

Type: Object

default-action-list

Description Configure default-action-list

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/ddos/action-list

deny

Description Blacklist and Drop all incoming packets for protocol

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dynamic-entry-overflow-policy-list

enable-class-list-overflow

Description Apply class-list overflow policy upon exceeding dynamic entry count specified for zone-port or class-list

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

enable-top-k

Description Enable ddos top-k detection

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

glid-cfg

Description: glid-cfg is a JSON Block. Please see below for port_zone-service-list_glid-cfg

Type: Object

level-list

manual-mode-enable

Description Toggle manual mode to use fix templates

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

manual-mode-list

max-dynamic-entry-count

Description Maximum count for dynamic source zone service entry

Type: number

Range: 0-2147483647

port-ind

Description: port-ind is a JSON Block. Please see below for port_zone-service-list_port-ind

Type: Object

Refernce Object: /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/port-ind

port-num

Description Port Number

Type: number

Range: 1-65535

protocol

Description ‘dns-tcp’: DNS-TCP Port; ‘dns-udp’: DNS-UDP Port; ‘http’: HTTP Port; ‘tcp’: TCP Port; ‘udp’: UDP Port; ‘ssl-l4’: SSL-L4 Port;

Type: string

Supported Values: dns-tcp, dns-udp, http, tcp, udp, ssl-l4

sflow-common

Description Enable all sFlow polling options under this zone port

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: sflow-commonsflow-packets, sflow-tcp-basic, sflow-tcp-stateful and sflow-http are mutually exclusive

sflow-http

Description Enable sFlow HTTP counter polling

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: sflow-http and sflow-common are mutually exclusive

sflow-packets

Description Enable sFlow packet-level counter polling

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: sflow-packets and sflow-common are mutually exclusive

sflow-tcp

Description: sflow-tcp is a JSON Block. Please see below for port_zone-service-list_sflow-tcp

Type: Object

src-based-policy-list

stateful

Description Enable stateful tracking of sessions (Default is stateless)

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

port_zone-service-list_dynamic-entry-overflow-policy-list

Specification  
Type list
Block object keys  

action

Description ‘bypass’: Always permit for the Source to bypass all feature & limit checks; ‘deny’: Blacklist incoming packets for service;

Type: string

Supported Values: bypass, deny

dummy-name

Description ‘configuration’: Configure overflow policy;

Type: string

Supported Values: configuration

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

log-enable

Description Enable logging

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

log-periodic

Description Enable log periodic

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-template

Description: zone-template is a JSON Block. Please see below for port_zone-service-list_dynamic-entry-overflow-policy-list_zone-template

Type: Object

port_zone-service-list_dynamic-entry-overflow-policy-list_zone-template

Specification  
Type object

dns

Description DDOS dns template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

encap

Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

http

Description DDOS http template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

logging

Description DDOS logging template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

ssl-l4

Description DDOS ssl-l4 template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

tcp

Description DDOS tcp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

udp

Description DDOS udp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

port_zone-service-list_glid-cfg

Specification  
Type object

glid

Description Global limit ID for the whole zone

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

glid-action

Description ‘drop’: Drop packets for glid exceed (Default if default-action-list is not configured); ‘blacklist-src’: Blacklist-src for glid exceed; ‘ignore’: Do nothing for glid exceed;

Type: string

Supported Values: drop, blacklist-src, ignore

per-addr-glid

Description Global limit ID per address

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

port_zone-service-list_level-list

Specification  
Type list
Block object keys  

indicator-list

level-num

Description ‘0’: Default policy level; ‘1’: Policy level 1; ‘2’: Policy level 2; ‘3’: Policy level 3; ‘4’: Policy level 4;

Type: string

Supported Values: 0, 1, 2, 3, 4

src-default-glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

src-escalation-score

Description Source activation score of this level

Type: number

Range: 1-1000000

src-violation-actions

Description Violation actions apply due to source escalate from this level

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/ddos/violation-actions

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-escalation-score

Description Zone activation score of this level

Type: number

Range: 1-1000000

zone-template

Description: zone-template is a JSON Block. Please see below for port_zone-service-list_level-list_zone-template

Type: Object

zone-violation-actions

Description Violation actions apply due to zone escalate from this level

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/ddos/violation-actions

port_zone-service-list_level-list_zone-template

Specification  
Type object

dns

Description DDOS dns template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

encap

Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

http

Description DDOS http template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

ssl-l4

Description DDOS ssl-l4 template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

tcp

Description DDOS tcp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

udp

Description DDOS udp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

port_zone-service-list_level-list_indicator-list

Specification  
Type list
Block object keys  

data-packet-size

Description Expected minimal data size

Type: number

Range: 0-2147483647

score

Description Score corresponding to the indicator

Type: number

Range: 1-1000000

src-threshold-num

Description Indicator per-src threshold

Type: number

Range: 0-2147483647

src-threshold-str

Description Indicator per-src threshold

Type: string

Maximum Length: 128 characters

Maximum Length: 1 characters

src-violation-actions

Description Violation actions to use when this src indicator threshold reaches

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/ddos/violation-actions

tcp-window-size

Description Expected minimal window size

Type: number

Range: 0-2147483647

type

Description ‘pkt-rate’: rate of incoming packets; ‘pkt-drop-rate’: rate of packets got dropped; ‘pkt-drop-ratio’: ratio of incoming packet rate divided by the rate of dropping packets; ‘bytes-to-bytes-from-ratio’: ratio of incoming packet rate divided by the rate of outgoing packets; ‘concurrent-conns’: number of concurrent connections; ‘conn-miss-rate’: rate of incoming packets for which no previously established connection exists; ‘syn-rate’: rate on incoming SYN packets; ‘fin-rate’: rate on incoming FIN packets; ‘rst-rate’: rate of incoming RST packets; ‘small-window-ack-rate’: rate of small window advertisement; ‘empty-ack-rate’: rate of incoming packets which have no payload; ‘small-payload-rate’: rate of short payload packet; ‘syn-fin-ratio’: ratio of incoming SYN packet rate divided by the rate of incoming FIN packets;

Type: string

Supported Values: pkt-rate, pkt-drop-rate, pkt-drop-ratio, bytes-to-bytes-from-ratio, concurrent-conns, conn-miss-rate, syn-rate, fin-rate, rst-rate, small-window-ack-rate, empty-ack-rate, small-payload-rate, syn-fin-ratio

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-threshold-num

Description Threshold for the entire zone

Type: number

Range: 0-2147483647

zone-threshold-str

Description Threshold for the entire zone

Type: string

Maximum Length: 128 characters

Maximum Length: 1 characters

zone-violation-actions

Description Violation actions to use when this zone indicator threshold reaches

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/ddos/violation-actions

port_zone-service-list_manual-mode-list

Specification  
Type list
Block object keys  

config

Description ‘configuration’: Manual-mode configuration;

Type: string

Supported Values: configuration

src-default-glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-template

Description: zone-template is a JSON Block. Please see below for port_zone-service-list_manual-mode-list_zone-template

Type: Object

port_zone-service-list_manual-mode-list_zone-template

Specification  
Type object

dns

Description DDOS dns template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

encap

Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

http

Description DDOS http template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

ssl-l4

Description DDOS ssl-l4 template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

tcp

Description DDOS tcp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

udp

Description DDOS udp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

port_zone-service-list_src-based-policy-list

Specification  
Type list
Block object keys  

policy-class-list-list

src-based-policy-name

Description Specify name of the policy

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

port_zone-service-list_src-based-policy-list_policy-class-list-list

Specification  
Type list
Block object keys  

action

Description ‘bypass’: Always permit for the Source to bypass all feature & limit checks; ‘deny’: Blacklist incoming packets for service;

Type: string

Supported Values: bypass, deny

class-list-name

Description Class-list name

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

class-list-overflow-policy-list

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

log-enable

Description Enable logging

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

log-periodic

Description Enable log periodic

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

max-dynamic-entry-count

Description Maximum count for dynamic source zone service entry allowed for this class-list

Type: number

Range: 0-2147483647

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-template

Description: zone-template is a JSON Block. Please see below for port_zone-service-list_src-based-policy-list_policy-class-list-list_zone-template

Type: Object

port_zone-service-list_src-based-policy-list_policy-class-list-list_zone-template

Specification  
Type object

dns

Description DDOS dns template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

encap

Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

http

Description DDOS http template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

logging

Description DDOS logging template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

ssl-l4

Description DDOS ssl-l4 template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

tcp

Description DDOS tcp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

udp

Description DDOS udp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

port_zone-service-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list

Specification  
Type list
Block object keys  

action

Description ‘bypass’: Always permit for the Source to bypass all feature & limit checks; ‘deny’: Blacklist incoming packets for service;

Type: string

Supported Values: bypass, deny

dummy-name

Description ‘configuration’: Configure overflow policy for class-list;

Type: string

Supported Values: configuration

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

log-enable

Description Enable logging

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

log-periodic

Description Enable log periodic

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-template

Description: zone-template is a JSON Block. Please see below for port_zone-service-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list_zone-template

Type: Object

port_zone-service-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list_zone-template

Specification  
Type object

dns

Description DDOS dns template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

encap

Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

http

Description DDOS http template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

logging

Description DDOS logging template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

ssl-l4

Description DDOS ssl-l4 template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

tcp

Description DDOS tcp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

udp

Description DDOS udp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

port_zone-service-list_port-ind

Specification  
Type object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

port_zone-service-list_sflow-tcp

Specification  
Type object

sflow-tcp-basic

Description Enable sFlow basic TCP counter polling

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: sflow-tcp-basic and sflow-common are mutually exclusive

sflow-tcp-stateful

Description Enable sFlow stateful TCP counter polling

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: sflow-tcp-stateful and sflow-common are mutually exclusive

port_zone-service-list_capture-config

Specification  
Type object

capture-config-mode

Description ‘drop’: Apply capture-config to dropped packets; ‘forward’: Apply capture-config to forwarded packets; ‘all’: Apply capture-config to both dropped and forwarded packets;

Type: string

Supported Values: drop, forward, all

capture-config-name

Description Capture-config name

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

port_zone-service-other-list

Specification  
Type list
Block object keys  

age

Description Idle age for ip entry

Type: number

Range: 2-1023

Default: 5

apply-policy-on-overflow

Description Enable this flag to apply overflow policy when dynamic entry count overflows

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

default-action-list

Description Configure default-action-list

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/ddos/action-list

deny

Description Blacklist and Drop all incoming packets for protocol

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dynamic-entry-overflow-policy-list

enable-class-list-overflow

Description Apply class-list overflow policy upon exceeding dynamic entry count specified for this zone port or each class-list

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

enable-top-k

Description Enable ddos top-k detection

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

glid-cfg

Description: glid-cfg is a JSON Block. Please see below for port_zone-service-other-list_glid-cfg

Type: Object

level-list

manual-mode-enable

Description Toggle manual mode to use fix templates

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

manual-mode-list

max-dynamic-entry-count

Description Maximum count for dynamic source zone service entry

Type: number

Range: 0-2147483647

port-ind

Description: port-ind is a JSON Block. Please see below for port_zone-service-other-list_port-ind

Type: Object

Refernce Object: /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}/port-ind

port-other

Description ‘other’: other;

Type: string

Supported Values: other

protocol

Description ‘tcp’: TCP Port; ‘udp’: UDP Port;

Type: string

Supported Values: tcp, udp

sflow-common

Description Enable all sFlow polling options under this zone port

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: sflow-commonsflow-packets, sflow-tcp-basic and sflow-tcp-stateful are mutually exclusive

sflow-packets

Description Enable sFlow packet-level counter polling

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: sflow-packets and sflow-common are mutually exclusive

sflow-tcp

Description: sflow-tcp is a JSON Block. Please see below for port_zone-service-other-list_sflow-tcp

Type: Object

src-based-policy-list

stateful

Description Enable stateful tracking of sessions (Default is stateless)

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

port_zone-service-other-list_src-based-policy-list

Specification  
Type list
Block object keys  

policy-class-list-list

src-based-policy-name

Description Specify name of the policy

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

port_zone-service-other-list_src-based-policy-list_policy-class-list-list

Specification  
Type list
Block object keys  

action

Description ‘bypass’: Always permit for the Source to bypass all feature & limit checks; ‘deny’: Blacklist incoming packets for service;

Type: string

Supported Values: bypass, deny

class-list-name

Description Class-list name

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

class-list-overflow-policy-list

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

max-dynamic-entry-count

Description Maximum count for dynamic source zone service entry allowed for this class-list

Type: number

Range: 0-2147483647

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-template

Description: zone-template is a JSON Block. Please see below for port_zone-service-other-list_src-based-policy-list_policy-class-list-list_zone-template

Type: Object

port_zone-service-other-list_src-based-policy-list_policy-class-list-list_zone-template

Specification  
Type object

dns

Description DDOS dns template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

encap

Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

http

Description DDOS http template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

logging

Description DDOS logging template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

ssl-l4

Description DDOS ssl-l4 template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

tcp

Description DDOS tcp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

udp

Description DDOS udp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

port_zone-service-other-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list

Specification  
Type list
Block object keys  

action

Description ‘bypass’: Always permit for the Source to bypass all feature & limit checks; ‘deny’: Blacklist incoming packets for service;

Type: string

Supported Values: bypass, deny

dummy-name

Description ‘configuration’: Configure overflow policy for class-list;

Type: string

Supported Values: configuration

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

log-enable

Description Enable logging

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

log-periodic

Description Enable log periodic

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-template

port_zone-service-other-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list_zone-template

Specification  
Type object

dns

Description DDOS dns template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

encap

Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

http

Description DDOS http template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

logging

Description DDOS logging template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

ssl-l4

Description DDOS ssl-l4 template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

tcp

Description DDOS tcp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

udp

Description DDOS udp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

port_zone-service-other-list_port-ind

Specification  
Type object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

port_zone-service-other-list_dynamic-entry-overflow-policy-list

Specification  
Type list
Block object keys  

action

Description ‘bypass’: Always permit for the Source to bypass all feature & limit checks; ‘deny’: Blacklist incoming packets for service;

Type: string

Supported Values: bypass, deny

dummy-name

Description ‘configuration’: Configure overflow policy;

Type: string

Supported Values: configuration

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

log-enable

Description Enable logging

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

log-periodic

Description Enable log periodic

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-template

Description: zone-template is a JSON Block. Please see below for port_zone-service-other-list_dynamic-entry-overflow-policy-list_zone-template

Type: Object

port_zone-service-other-list_dynamic-entry-overflow-policy-list_zone-template

Specification  
Type object

dns

Description DDOS dns template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

encap

Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

http

Description DDOS http template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

logging

Description DDOS logging template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

ssl-l4

Description DDOS ssl-l4 template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

tcp

Description DDOS tcp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

udp

Description DDOS udp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

port_zone-service-other-list_glid-cfg

Specification  
Type object

glid

Description Global limit ID for the whole zone

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

glid-action

Description ‘drop’: Drop packets for glid exceed (Default if default-action-list is not configured); ‘blacklist-src’: Blacklist-src for glid exceed; ‘ignore’: Do nothing for glid exceed;

Type: string

Supported Values: drop, blacklist-src, ignore

per-addr-glid

Description Global limit ID per address

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

port_zone-service-other-list_level-list

Specification  
Type list
Block object keys  

indicator-list

level-num

Description ‘0’: Default policy level; ‘1’: Policy level 1; ‘2’: Policy level 2; ‘3’: Policy level 3; ‘4’: Policy level 4;

Type: string

Supported Values: 0, 1, 2, 3, 4

src-default-glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

src-escalation-score

Description Source activation score of this level

Type: number

Range: 1-1000000

src-violation-actions

Description Violation actions apply due to source escalate from this level

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/ddos/violation-actions

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-escalation-score

Description Zone activation score of this level

Type: number

Range: 1-1000000

zone-template

Description: zone-template is a JSON Block. Please see below for port_zone-service-other-list_level-list_zone-template

Type: Object

zone-violation-actions

Description Violation actions apply due to zone escalate from this level

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/ddos/violation-actions

port_zone-service-other-list_level-list_zone-template

Specification  
Type object

encap

Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

tcp

Description DDOS tcp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

udp

Description DDOS udp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

port_zone-service-other-list_level-list_indicator-list

Specification  
Type list
Block object keys  

data-packet-size

Description Expected minimal data size

Type: number

Range: 0-2147483647

score

Description Score corresponding to the indicator

Type: number

Range: 1-1000000

src-threshold-num

Description Indicator per-src threshold

Type: number

Range: 0-2147483647

src-threshold-str

Description Indicator per-src threshold

Type: string

Maximum Length: 128 characters

Maximum Length: 1 characters

src-violation-actions

Description Violation actions to use when this src indicator threshold reaches

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/ddos/violation-actions

tcp-window-size

Description Expected minimal window size

Type: number

Range: 0-2147483647

type

Description ‘pkt-rate’: rate of incoming packets; ‘pkt-drop-rate’: rate of packets got dropped; ‘pkt-drop-ratio’: ratio of incoming packet rate divided by the rate of dropping packets; ‘bytes-to-bytes-from-ratio’: ratio of incoming packet rate divided by the rate of outgoing packets; ‘concurrent-conns’: number of concurrent connections; ‘conn-miss-rate’: rate of incoming packets for which no previously established connection exists; ‘syn-rate’: rate on incoming SYN packets; ‘fin-rate’: rate on incoming FIN packets; ‘rst-rate’: rate of incoming RST packets; ‘small-window-ack-rate’: rate of small window advertisement; ‘empty-ack-rate’: rate of incoming packets which have no payload; ‘small-payload-rate’: rate of short payload packet; ‘syn-fin-ratio’: ratio of incoming SYN packet rate divided by the rate of incoming FIN packets;

Type: string

Supported Values: pkt-rate, pkt-drop-rate, pkt-drop-ratio, bytes-to-bytes-from-ratio, concurrent-conns, conn-miss-rate, syn-rate, fin-rate, rst-rate, small-window-ack-rate, empty-ack-rate, small-payload-rate, syn-fin-ratio

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-threshold-num

Description Threshold for the entire zone

Type: number

Range: 0-2147483647

zone-threshold-str

Description Threshold for the entire zone

Type: string

Maximum Length: 128 characters

Maximum Length: 1 characters

zone-violation-actions

Description Violation actions to use when this zone indicator threshold reaches

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/ddos/violation-actions

port_zone-service-other-list_sflow-tcp

Specification  
Type object

sflow-tcp-basic

Description Enable sFlow basic TCP counter polling

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: sflow-tcp-basic and sflow-common are mutually exclusive

sflow-tcp-stateful

Description Enable sFlow stateful TCP counter polling

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: sflow-tcp-stateful and sflow-common are mutually exclusive

port_zone-service-other-list_manual-mode-list

Specification  
Type list
Block object keys  

config

Description ‘configuration’: Manual-mode configuration;

Type: string

Supported Values: configuration

src-default-glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-template

Description: zone-template is a JSON Block. Please see below for port_zone-service-other-list_manual-mode-list_zone-template

Type: Object

port_zone-service-other-list_manual-mode-list_zone-template

Specification  
Type object

encap

Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

tcp

Description DDOS tcp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

udp

Description DDOS udp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

capture-config-list

Specification  
Type list
Block object keys  

mode

Description ‘drop’: Apply capture-config to dropped packets; ‘forward’: Apply capture-config to forwarded packets; ‘all’: Apply capture-config to both dropped and forwarded packets;

Type: string

Supported Values: drop, forward, all

name

Description Capture-config name

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/capture-config

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-template

Specification  
Type object

logging

Description DDOS logging template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

src-port-range-list

Specification  
Type list
Block object keys  

capture-config

Description: capture-config is a JSON Block. Please see below for src-port-range-list_capture-config

Type: Object

default-action-list

Description Configure default-action-list

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/ddos/action-list

deny

Description Blacklist and Drop all incoming packets for protocol

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

glid-cfg

Description: glid-cfg is a JSON Block. Please see below for src-port-range-list_glid-cfg

Type: Object

protocol

Description ‘udp’: UDP port; ‘tcp’: TCP Port;

Type: string

Supported Values: udp, tcp

src-port-range-end

Description Src Port-Range End Port Number

Type: number

Range: 2-65535

src-port-range-start

Description Src Port-Range Start Port Number

Type: number

Range: 1-65535

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-template

Description: zone-template is a JSON Block. Please see below for src-port-range-list_zone-template

Type: Object

src-port-range-list_capture-config

Specification  
Type object

capture-config-mode

Description ‘drop’: Apply capture-config to dropped packets; ‘forward’: Apply capture-config to forwarded packets; ‘all’: Apply capture-config to both dropped and forwarded packets;

Type: string

Supported Values: drop, forward, all

capture-config-name

Description Capture-config name

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

src-port-range-list_glid-cfg

Specification  
Type object

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

glid-action

Description ‘drop’: Drop packets for glid exceed (Default); ‘blacklist-src’: Blacklist-src for glid exceed; ‘ignore’: Do nothing for glid exceed;

Type: string

Supported Values: drop, blacklist-src, ignore

src-port-range-list_zone-template

Specification  
Type object

src-tcp

Description DDOS tcp src template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

src-udp

Description DDOS udp src template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

src-port

Specification  
Type object

zone-src-port-list

zone-src-port-other-list

src-port_zone-src-port-list

Specification  
Type list
Block object keys  

default-action-list

Description Configure default-action-list

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/ddos/action-list

deny

Description Blacklist and Drop all incoming packets for protocol

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

glid-cfg

Description: glid-cfg is a JSON Block. Please see below for src-port_zone-src-port-list_glid-cfg

Type: Object

port-num

Description Source Port Number

Type: number

Range: 1-65535

protocol

Description ‘udp’: UDP port; ‘tcp’: TCP Port;

Type: string

Supported Values: udp, tcp

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-template

Description: zone-template is a JSON Block. Please see below for src-port_zone-src-port-list_zone-template

Type: Object

src-port_zone-src-port-list_glid-cfg

Specification  
Type object

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

glid-action

Description ‘drop’: Drop packets for glid exceed (Default); ‘blacklist-src’: Blacklist-src for glid exceed; ‘ignore’: Do nothing for glid exceed;

Type: string

Supported Values: drop, blacklist-src, ignore

src-port_zone-src-port-list_zone-template

Specification  
Type object

src-tcp

Description DDOS tcp src template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

src-udp

Description DDOS udp src template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

src-port_zone-src-port-other-list

Specification  
Type list
Block object keys  

default-action-list

Description Configure default-action-list

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/ddos/action-list

deny

Description Blacklist and Drop all incoming packets for protocol

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

glid-cfg

Description: glid-cfg is a JSON Block. Please see below for src-port_zone-src-port-other-list_glid-cfg

Type: Object

port-other

Description ‘other’: other;

Type: string

Supported Values: other

protocol

Description ‘udp’: UDP port; ‘tcp’: TCP Port;

Type: string

Supported Values: udp, tcp

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-template

Description: zone-template is a JSON Block. Please see below for src-port_zone-src-port-other-list_zone-template

Type: Object

src-port_zone-src-port-other-list_glid-cfg

Specification  
Type object

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

glid-action

Description ‘drop’: Drop packets for glid exceed (Default); ‘blacklist-src’: Blacklist-src for glid exceed; ‘ignore’: Do nothing for glid exceed;

Type: string

Supported Values: drop, blacklist-src, ignore

src-port_zone-src-port-other-list_zone-template

Specification  
Type object

src-tcp

Description DDOS tcp src template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

src-udp

Description DDOS udp src template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

sflow-tcp

Specification  
Type object

sflow-tcp-basic

Description Enable sFlow basic TCP counter polling. WARNING: Zone level Sflow polling might induce heavy CPU load depending on the total nu

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: sflow-tcp-basic and sflow-common are mutually exclusive

sflow-tcp-stateful

Description Enable sFlow stateful TCP counter polling. WARNING: Zone level Sflow polling might induce heavy CPU load depending on the total

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: sflow-tcp-stateful and sflow-common are mutually exclusive

ipv6

Specification  
Type list
Block object keys  

expand-ipv6-subnet

Description Expand this subnet to individual IPv6 address

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

expand-ipv6-subnet-mode

Description ‘dynamic’: Dynamic learning;

Type: string

Supported Values: dynamic

ip6-addr

Description Specify IPv6 address

Type: string

Format: ipv6-address

subnet-ipv6-addr

Description IPV6 Subnet

Type: string

Format: ipv6-address-plen

stats data

  Counter Size Description
       
  dst_entry_conn_limit_exceed 8 Entry Limit: Conn Exceeded
  egress_bytes 8 Outbound: Bytes Received
  zone_other_drop 8 OTHER Total Packets Dropped
  dst_drop 8 Inbound: Packets Dropped
  zone_payload_too_big 8 UDP Payload Too Large
  zone_src_port_conn_limit_exceed 8 SrcPort Limit: Conn Exceeded
  zone_udp_filter_action_default_pass 8 UDP Filter Action Default Pass
  src_tcp_unauth_drop 8 Src TCP Auth: Unauth Dropped
  zone_frag_src_rate_drop 8 OTHER Src Rate: Frag Exceeded
  dst_other_bytes_rcv 8 OTHER Total Bytes Received
  zone_udp_pkt_sent 8 UDP Total Packets Forwarded
  secondary_entry_learning_thre_exceed 8 Per Addr Entry Count Overflow
  src_tcp_retransmit_excd 8 Src TCP Retransmit Exceeded
  tcp_syn_cookie_fail 8 TCP Auth: SYN Cookie Failed
  src_udp_filter_action_drop 8 Src UDP Filter Action Drop
  zone_tcp_filter_action_drop 8 TCP Filter Action Drop
  src_udp_ntp_monlist_req 8 Src UDP NTP Monlist Request
  zone_other_src_rate_drop 8 OTHER Src Rate: Total Exceeded
  zone_pkt_sent 8 Inbound: Packets Forwarded
  dst_tcp_conn_close_w_idle 8 TCP Idle Connections Closed
  secondary_dst_entry_conn_limit_exceed 8 Per Addr Limit: Conn Exceeded
  dst_udp_session_aged 8 UDP Sessions Aged
  tcp_rexmit_syn_limit_drop 8 TCP SYN Retransmit Exceeded Drop
  zone_other_kibit_rate_drop 8 OTHER Dst IP-Proto Rate: KiBit Exceeded
  src_other_filter_action_blacklist 8 Src OTHER Filter Action Blacklist
  src_tcp_zero_window_excd 8 Src TCP Zero-Window Exceeded
  src_tcp_syn_cookie_sent 8 Src TCP Auth: SYN Cookie Sent
  zone_udp_pkt_rate_exceed 8 UDP Dst IP-Proto Rate: Packet Exceeded
  src_udp_retry_init 8 Src UDP Auth: Retry Init
  zone_udp_conn_rate_exceed 8 UDP Dst IP-Proto Rate: Conn Exceeded
  zone_tcp_any_exceed 8 TCP Dst IP-Proto Rate: Total Exceeded
  secondary_dst_entry_kbit_rate_exceed 8 Per Addr Rate: KiBit Exceeded
  zone_port_pkt_rate_exceed 8 Port Rate: Packet Exceeded
  dst_udp_retry_fail 8 UDP Auth: Retry Failed
  zone_tcp_syn_drop 8 TCP SYN Packets Dropped
  src_tcp_action_on_syn_fail 8 Src TCP Auth: SYN Retry Failed
  zone_tcp_action_on_ack_pass 8 TCP Auth: ACK Retry Passed
  dst_l4_udp_blacklist_drop 8 Dst UDP IP-Proto Blacklist Dropped
  zone_udp_filter_action_drop 8 UDP Filter Action Drop
  src_udp_filter_action_default_pass 8 Src UDP Filter Action Default Pass
  dst_clist_overflow_policy_at_learning 8 Dst Src-Based Overflow Policy Hit
  src_tcp_action_on_syn_gap_drop 8 Src TCP Auth: SYN Retry-Gap Failed
  src_tcp_out_of_seq_excd 8 Src TCP Out-Of-Seq Exceeded
  zone_tcp_pkt_rate_exceed 8 TCP Dst IP-Proto Rate: Packet Exceeded
  outbound_bytes_sent 8 Outbound: Bytes Forwarded
  src_tcp_rst_cookie_fail 8 Src TCP Auth: RST Cookie Failed
  zone_icmp_src_rate_drop 8 ICMP Src Rate: Total Exceeded
  tcp_rexmit_syn_limit_bl 8 TCP SYN Retransmit Exceeded Blacklist
  dst_l4_icmp_blacklist_drop 8 Dst ICMP IP-Proto Blacklist Dropped
  zone_port_conn_rate_exceed 8 Port Rate: Conn Exceeded
  src_udp_retry_gap_drop 8 UDP Auth: Src Retry-Gap Failed
  zone_icmp_pkt_rate_exceed 8 ICMP Dst Rate: Packet Exceeded
  zone_tcp_bytes_drop 8 TCP Total Bytes Dropped
  dst_tcp_conn_close_half_open 8 TCP Half Open Connections Closed
  dst_entry_conn_rate_exceed 8 Entry Rate: Conn Exceeded
  zone_port_undef_drop 8 Dst Port Undefined Dropped
  zone_tcp_filter_action_blacklist 8 TCP Filter Action Blacklist
  secondary_entry_learn 8 Per Addr Entry Learned
  zone_tcp_filter_action_whitelist 8 TCP Filter Action WL
  src_tcp_filter_action_default_pass 8 Src TCP Filter Action Default Pass
  tcp_invalid_syn 8 TCP Invalid SYN Received
  outbound_bytes_drop 8 Outbound: Bytes Dropped
  zone_tcp_action_on_syn_pass 8 TCP Auth: SYN Retry Passed
  dst_other_bytes_sent 8 OTHER Total Bytes Forwarded
  zone_tcp_src_rate_drop 8 TCP Src Rate: Total Exceeded
  src_udp_max_payload 8 Src UDP Payload Too Large
  src_tcp_conn_prate_excd 8 Src TCP Rate: Conn Pkt Exceeded
  zone_udp_retry_pass 8 UDP Auth: Retry Passed
  tcp_rst_rcvd 8 TCP RST Received
  icmp_fwd_recv 8 ICMP Inbound Packets Received
  src_udp_filter_action_whitelist 8 Src UDP Filter Action WL
  zone_tcp_action_on_syn_gap_drop 8 TCP Auth: SYN Retry-Gap Failed
  src_udp_filter_action_blacklist 8 Src UDP Filter Action Blacklist
  zone_other_pkt_sent 8 OTHER Total Packets Forwarded
  secondary_dst_entry_frag_pkt_rate_exceed 8 Per Addr Rate: Frag Packet Exceeded
  ingress_packets 8 Inbound: Packets Received
  tcp_syn_rcvd 8 TCP Inbound SYN Received
  zone_tcp_filter_not_match 8 TCP Filter No Match
  zone_tcp_rst_cookie_fail 8 TCP Auth: RST Cookie Failed
  src_other_filter_action_whitelist 8 Src OTHER Filter Action WL
  dst_entry_frag_pkt_rate_exceed 8 Entry Rate: Frag Packet Exceeded
  dst_drop_frag_pkt 8 Fragmented Packets Dropped
  zone_src_port_kbit_rate_exceed 8 SrcPort Rate: KiBit Exceeded
  zone_udp_bytes_drop 8 UDP Total Bytes Dropped
  dst_tcp_conn_close_w_rst 8 TCP RST Connections Closed
  src_tcp_wellknown_sport_drop 8 Src TCP SrcPort Wellknown
  src_tcp_action_on_ack_init 8 Src TCP Auth: ACK Retry Init
  outbound_pkt_sent 8 Outbound: Packets Forwarded
  zone_other_filter_action_whitelist 8 OTHER Filter Action WL
  zone_tcp_syn 8 TCP Total SYN Received
  zone_other_filter_action_default_pass 8 OTHER Filter Action Default Pass
  zone_other_pkt_rate_exceed 8 OTHER Dst IP-Proto Rate: Packet Exceeded
  zone_udp_src_rate_drop 8 UDP Src Rate: Total Exceeded
  zone_tcp_pkt_sent 8 TCP Total Packets Forwarded
  zone_tcp_action_on_ack_gap_drop 8 TCP Auth: ACK Retry Retry-Gap Failed
  zone_tcp_filter_match 8 TCP Filter Match
  src_udp_conn_prate_excd 8 Src UDP Rate: Conn Pkt Exceeded
  dst_tcp_conn_close_w_fin 8 TCP FIN Connections Closed
  src_tcp_action_on_ack_gap_drop 8 Src TCP Auth: ACK Retry Retry-Gap Failed
  secondary_entry_aged 8 Per Addr Entry Aged
  src_tcp_filter_action_drop 8 Src TCP Filter Action Drop
  zone_tcp_conn_prate_excd 8 TCP Rate: Conn Pkt Exceeded
  zone_tcp_src_drop 8 TCP Src Packets Dropped
  src_udp_min_payload 8 Src UDP Payload Too Small
  dst_tcp_bytes_rcv 8 TCP Total Bytes Received
  zone_other_filter_action_blacklist 8 OTHER Filter Action Blacklist
  zone_udp_filter_not_match 8 UDP Filter No Match
  zone_port_bl 8 Dst Port Blacklist Packets Dropped
  secondary_entry_hit 8 Per Addr Entry Hit
  zone_src_port_conn_rate_exceed 8 SrcPort Rate: Conn Exceeded
  zone_tcp_action_on_syn_init 8 TCP Auth: SYN Retry Init
  dst_tcp_conn_close 8 TCP Connections Closed
  zone_udp_ntp_monlist_resp 8 UDP NTP Monlist Response
  zone_other_bytes_drop 8 OTHER Total Bytes Dropped
  zone_udp_wellknown_sport_drop 8 UDP SrcPort Wellknown
  zone_frag_rcvd 8 Fragmented Packets Received
  zone_port_kbit_rate_exceed 8 Port Rate: KiBit Exceeded
  zone_icmp_bytes_drop 8 ICMP Total Bytes Dropped
  zone_tcp_action_on_ack_init 8 TCP Auth: ACK Retry Init
  src_tcp_syn_auth_fail 8 Src TCP Auth: SYN Auth Failed
  zone_tcp_conn_rate_exceed 8 TCP Dst IP-Proto Rate: Conn Exceeded
  dst_icmp_bytes_sent 8 ICMP Total Bytes Forwarded
  inbound_bytes_sent 8 Inbound: Bytes Forwarded
  zone_src_port_pkt_rate_exceed 8 SrcPort Rate: Packet Exceeded
  secondary_entry_miss 8 Per Addr Entry Missed
  zone_tcp_pkt_rcvd 8 TCP Total Packets Received
  zone_udp_filter_match 8 UDP Filter Match
  zone_ip_proto_kbit_rate_exceed 8 IP-Proto Rate: KiBit Exceeded
  src_frag_drop 8 Src Fragmented Packets Dropped
  zone_udp_conn_prate_excd 8 UDP Rate: Conn Pkt Exceeded
  zone_udp_src_drop 8 UDP Src Packets Dropped
  dst_tcp_session_aged 8 TCP Sessions Aged
  zone_udp_kibit_rate_drop 8 UDP Dst IP-Proto Rate: KiBit Exceeded
  zone_icmp_pkt_rcvd 8 ICMP Total Packets Received
  src_tcp_syn_cookie_fail 8 Src TCP Auth: SYN Cookie Failed
  zone_other_filter_action_drop 8 OTHER Filter Action Drop
  zone_other_filter_not_match 8 OTHER Filter No Match
  zone_tcp_auth 8 TCP Auth: SYN Cookie Sent
  dst_tcp_conn_create_from_syn 8 TCP Connections Created From SYN
  zone_blackhole_inject 8 Dst Blackhole Inject
  dst_udp_bytes_sent 8 UDP Total Bytes Forwarded
  secondary_dst_entry_pkt_rate_exceed 8 Per Addr Rate: Packet Exceeded
  zone_frag_pkt_rate_exceed 8 OTHER Dst IP-Proto Rate: Frag Exceeded
  zone_tcp_drop 8 TCP Total Packets Dropped
  zone_tcp_unauth_drop 8 TCP Auth: Unauth Dropped
  dst_tcp_conn_create_from_ack 8 TCP Connections Created From ACK
  zone_udp_pkt_rcvd 8 UDP Total Packets Received
  dst_tcp_bytes_sent 8 TCP Total Bytes Forwarded
  zone_icmp_kibit_rate_drop 8 ICMP Dst Rate: KiBit Exceeded
  tcp_ack_rcvd 8 TCP ACK Received
  zone_frag_drop 8 OTHER Total Frag Packets Dropped
  zone_tcp_retransmit_excd 8 TCP Retransmit Exceeded
  src_tcp_filter_action_whitelist 8 Src TCP Filter Action WL
  zone_tcp_session_created 8 TCP Sessions Created
  src_tcp_filter_action_blacklist 8 Src TCP Filter Action Blacklist
  zone_tcp_conn_limit_exceed 8 TCP Dst IP-Proto Limit: Conn Exceeded
  zone_udp_drop 8 UDP Total Packets Dropped
  zone_ip_proto_pkt_rate_exceed 8 IP-Proto Rate: Packet Exceeded
  udp_fwd_recv 8 UDP Inbound Packets Received
  dst_icmp_bytes_rcv 8 ICMP Total Bytes Received
  zone_udp_ntp_monlist_req 8 UDP NTP Monlist Request
  zone_icmp_pkt_sent 8 ICMP Total Packets Forwarded
  dst_entry_kbit_rate_exceed_count 8 Entry Rate: KiBit Exceeded Count
  dst_udp_bytes_rcv 8 UDP Total Bytes Received
  egress_packets 8 Outbound: Packets Received
  zone_tcp_zero_window_excd 8 TCP Zero-Window Exceeded
  zone_port_conn_limit_exceed 8 Port Limit: Conn Exceeded
  inbound_bytes_drop 8 Inbound: Bytes Dropped
  dst_l4_tcp_blacklist_drop 8 Dst TCP IP-Proto Blacklist Dropped
  zone_payload_too_small 8 UDP Payload Too Small
  zone_udp_any_exceed 8 UDP Dst IP-Proto Rate: Total Exceeded
  dst_udp_auth_drop 8 UDP Auth: Dropped
  src_other_filter_action_default_pass 8 Src OTHER Filter Action Default Pass
  zone_other_src_drop 8 OTHER Src Packets Dropped
  zone_tcp_action_on_syn_fail 8 TCP Auth: SYN Retry Failed
  zone_other_filter_match 8 OTHER Filter Match
  dst_tcp_auth_drop 8 TCP Auth: Dropped
  zone_port_kbit_rate_exceed_pkt 8 Port Rate: KiBit Pkt Exceeded
  src_tcp_action_on_ack_fail 8 Src TCP Auth: ACK Retry Failed
  dst_entry_pkt_rate_exceed 8 Entry Rate: Packet Exceeded
  zone_udp_session_created 8 UDP Sessions Created
  zone_udp_conn_limit_exceed 8 UDP Dst IP-Proto Limit: Conn Exceeded
  ingress_bytes 8 Inbound: Bytes Received
  zone_out_no_route 8 Dst IPv4/v6 Out No Route
  dst_tcp_auth_resp 8 TCP Auth: Responded
  zone_tcp_out_of_seq_excd 8 TCP Out-Of-Seq Exceeded
  zone_tcp_kibit_rate_drop 8 TCP Dst IP-Proto Rate: KiBit Exceeded
  tcp_fin_rcvd 8 TCP FIN Received
  dst_udp_retry_gap_drop 8 UDP Auth: Retry-Gap Failed
  src_tcp_action_on_syn_init 8 Src TCP Auth: SYN Retry Init
  src_udp_ntp_monlist_resp 8 Src UDP NTP Monlist Response
  tcp_syn_ack_rcvd 8 TCP SYN ACK Received
  zone_tcp_wellknown_sport_drop 8 TCP SrcPort Wellknown
  src_udp_wellknown_sport_drop 8 Src UDP SrcPort Wellknown
  zone_udp_filter_action_blacklist 8 UDP Filter Action Blacklist
  zone_udp_filter_action_whitelist 8 UDP Filter Action WL
  zone_icmp_drop 8 ICMP Total Packets Dropped
  zone_tcp_filter_action_default_pass 8 TCP Filter Action Default Pass
  zone_udp_retry_init 8 UDP Auth: Retry Init
  dst_entry_kbit_rate_exceed 8 Entry Rate: KiBit Exceeded
  secondary_dst_entry_conn_rate_exceed 8 Per Addr Rate: Conn Exceeded
  zone_icmp_src_drop 8 ICMP Src Packets Dropped
  zone_other_pkt_rcvd 8 OTHER Total Packets Received
  zone_tcp_action_on_ack_fail 8 TCP Auth: ACK Retry Failed
  outbound_drop 8 Outbound: Packets Dropped
  dst_l4_other_blacklist_drop 8 Dst OTHER IP-Proto Blacklist Dropped
  dst_frag_timeout_drop 8 Fragment Reassemble Timeout Drop
  tcp_fwd_recv 8 TCP Inbound Packets Received
  zone_blackhole_withdraw 8 Dst Blackhole Withdraw
  src_other_filter_action_drop 8 Src OTHER Filter Action Drop
  zone_src_port_bl 8 Dst SrcPort Blacklist Packets Dropped
  zone_tcp_auth_pass 8 TCP Auth: SYN Auth Passed

operational data

  Counter Size Description
       
  all-ports flag all-ports
  protocol string protocol
  addresses flag addresses
  all-ip-protos flag all-ip-protos
  entry-displayed-count number entry-displayed-count
  subnet-ip-addr ipv4-cidr subnet-ip-addr
  ddos_entry_list   ddos_entry_list
  service-displayed-count number service-displayed-count
  ip-proto-num number ip-proto-num
  port-range-start number port-range-start
  dynamic-expand-subnet flag dynamic-expand-subnet
  port-num number port-num
  all-addresses flag all-addresses
  subnet-ipv6-addr ipv6-address-plen subnet-ipv6-addr
  port-range-end number port-range-end