ddos dst

Create dest-ip limit entry

dst Specification

   
Type Intermediate Resource
Element Name dst
Element URI /axapi/v3/ddos/dst
Element Attributes dst_attributes
Schema dst schema

Operations Allowed:

OperationMethodURIPayload

Get Object

GET

/axapi/v3/ddos/dst

dst_attributes

dst attributes

default-list

dynamic-entry-overflow-policy-list

entry-list

Type: List

Refernce Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}

interface-ip-list

Type: List

Refernce Object: /axapi/v3/ddos/dst/interface-ip/{addr}

interface-ipv6-list

Type: List

Refernce Object: /axapi/v3/ddos/dst/interface-ipv6/{addr}

zone-list

Type: List

Refernce Object: /axapi/v3/ddos/dst/zone/{zone-name}

interface-ip-list

Specification  
Type list
Block object keys  

addr

Description IP address of interface

Type: string

Format: ipv4-address

ip-proto-list

l4-type-list

log-enable

Description Enable logging of limit exceed drops

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

log-periodic

Description Enable periodic log while event is continuing

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

port-list

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

interface-ip-list_port-list

Specification  
Type list
Block object keys  

deny

Description Blacklist and Drop all incoming packets for protocol

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

port-num

Description Port Number

Type: number

Range: 1-65535

protocol

Description ‘tcp’: tcp; ‘udp’: udp;

Type: string

Supported Values: tcp, udp

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

interface-ip-list_ip-proto-list

Specification  
Type list
Block object keys  

deny

Description Blacklist and Drop all incoming packets for protocol

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

port-num

Description IP protocol number

Type: number

Range: 0-255

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

interface-ip-list_l4-type-list

Specification  
Type list
Block object keys  

deny

Description Blacklist and Drop all incoming packets for protocol

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

drop-frag-pkt

Description Drop fragmented packets

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

protocol

Description ‘tcp’: tcp; ‘udp’: udp; ‘icmp’: icmp; ‘other’: other;

Type: string

Supported Values: tcp, udp, icmp, other

tunnel-decap

Description: tunnel-decap is a JSON Block. Please see below for interface-ip-list_l4-type-list_tunnel-decap

Type: Object

tunnel-rate-limit

Description: tunnel-rate-limit is a JSON Block. Please see below for interface-ip-list_l4-type-list_tunnel-rate-limit

Type: Object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

interface-ip-list_l4-type-list_tunnel-decap

Specification  
Type object

gre-decap

Description Enable GRE Tunnel decapsulation

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

ip-decap

Description Enable IP Tunnel decapsulation

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

key-cfg

Type: List

interface-ip-list_l4-type-list_tunnel-decap_key-cfg

Specification  
Type list
Block object keys  

key

Description Only decapsulate GRE packet with this hexadecimal key

Type: string

Maximum Length: 8 characters

Maximum Length: 1 characters

interface-ip-list_l4-type-list_tunnel-rate-limit

Specification  
Type object

gre-rate-limit

Description Enable inner IP rate limiting on GRE traffic

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

ip-rate-limit

Description Enable inner IP rate limiting on IPinIP traffic

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

default-list

Specification  
Type list
Block object keys  

age

Description Idle age for ip entry

Type: number

Range: 5-1023

apply-policy-on-overflow

Description Enable this flag to apply overflow policy when dynamic entry count overflows

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

default-address-type

Description ‘ip’: ip; ‘ipv6’: ipv6;

Type: string

Supported Values: ip, ipv6

disable

Description Disable

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

drop-disable

Description Disable certain drops during packet processing

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

drop-disable-fwd-immediate

Description Immediately forward L4 drops

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

drop-frag-pkt

Description Drop fragmented packets

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

exceed-log-cfg

Description: exceed-log-cfg is a JSON Block. Please see below for default-list_exceed-log-cfg

Type: Object

exceed-log-dep-cfg

Description: exceed-log-dep-cfg is a JSON Block. Please see below for default-list_exceed-log-dep-cfg

Type: Object

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

ip-proto-list

l4-type-list

log-periodic

Description Enable periodic log while event is continuing

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

max-dynamic-entry-count

Description Maximum count for dynamic dst entry

Type: number

Range: 0-2147483647

port-list

src-port-list

template

Description: template is a JSON Block. Please see below for default-list_template

Type: Object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

default-list_port-list

Specification  
Type list
Block object keys  

deny

Description Blacklist and Drop all incoming packets for protocol

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

port-num

Description Port Number

Type: number

Range: 0-65535

protocol

Description ‘dns-tcp’: dns-tcp; ‘dns-udp’: dns-udp; ‘http’: http; ‘tcp’: tcp; ‘udp’: udp; ‘ssl-l4’: ssl-l4;

Type: string

Supported Values: dns-tcp, dns-udp, http, tcp, udp, ssl-l4

template

Description: template is a JSON Block. Please see below for default-list_port-list_template

Type: Object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

default-list_port-list_template

Specification  
Type object

dns

Description DDOS dns template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

http

Description DDOS http template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

ssl-l4

Description DDOS ssl-l4 template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

tcp

Description DDOS tcp template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

udp

Description DDOS udp template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

default-list_template

Specification  
Type object

logging

Description DDOS logging template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

default-list_ip-proto-list

Specification  
Type list
Block object keys  

deny

Description Blacklist and Drop all incoming packets for protocol

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

port-num

Description Protocol Number

Type: number

Range: 0-255

template

Description: template is a JSON Block. Please see below for default-list_ip-proto-list_template

Type: Object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

default-list_ip-proto-list_template

Specification  
Type object

other

Description DDOS other template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

default-list_src-port-list

Specification  
Type list
Block object keys  

deny

Description Blacklist and Drop all incoming packets for protocol

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

port-num

Description Port Number

Type: number

Range: 0-65535

protocol

Description ‘udp’: udp; ‘tcp’: tcp;

Type: string

Supported Values: udp, tcp

template

Description: template is a JSON Block. Please see below for default-list_src-port-list_template

Type: Object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

default-list_src-port-list_template

Specification  
Type object

src-tcp

Description DDOS tcp src template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

src-udp

Description DDOS udp src template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

default-list_exceed-log-dep-cfg

Specification  
Type object

exceed-log-enable

Description (Deprecated)Enable logging of limit exceed drop’s

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

log-with-sflow-dep

Description Turn on sflow sample with log

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

default-list_l4-type-list

Specification  
Type list
Block object keys  

deny

Description Blacklist and Drop all incoming packets for protocol

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

drop-frag-pkt

Description Drop fragmented packets

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

drop-on-no-port-match

Description ‘disable’: disable; ‘enable’: enable;

Type: string

Supported Values: disable, enable

Default: enable

exceed-action

Description: exceed-action is a JSON Block. Please see below for default-list_l4-type-list_exceed-action

Type: Object

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

max-rexmit-syn-per-flow

Description Maximum number of re-transmit SYN per flow

Type: number

Range: 1-6

protocol

Description ‘tcp’: tcp; ‘udp’: udp; ‘icmp’: icmp; ‘other’: other;

Type: string

Supported Values: tcp, udp, icmp, other

stateful

Description Enable stateful tracking of sessions (Default is stateless)

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

syn-auth

Description ‘send-rst’: Send RST to client upon client ACK; ‘force-rst-by-ack’: Force client RST via the use of ACK; ‘force-rst-by-synack’: Force client RST via the use of bad SYN|ACK; ‘disable’: Disable TCP SYN Authentication;

Type: string

Supported Values: send-rst, force-rst-by-ack, force-rst-by-synack, disable

Default: send-rst

syn-cookie

Description Enable SYN Cookie

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

tcp-reset-client

Description Send reset to client when rate exceeds or session ages out

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

tcp-reset-server

Description Send reset to server when rate exceeds or session ages out

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

tunnel-decap

Description: tunnel-decap is a JSON Block. Please see below for default-list_l4-type-list_tunnel-decap

Type: Object

tunnel-rate-limit

Description: tunnel-rate-limit is a JSON Block. Please see below for default-list_l4-type-list_tunnel-rate-limit

Type: Object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

default-list_l4-type-list_tunnel-rate-limit

Specification  
Type object

gre-rate-limit

Description Enable inner IP rate limiting on GRE traffic

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

ip-rate-limit

Description Enable inner IP rate limiting on IPinIP traffic

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

default-list_l4-type-list_exceed-action

Specification  
Type object

exceed-drop

Description Drop the packet

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

default-list_l4-type-list_tunnel-decap

Specification  
Type object

gre-decap

Description Enable GRE Tunnel decapsulation

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

ip-decap

Description Enable IP Tunnel decapsulation

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

key-cfg

Type: List

default-list_l4-type-list_tunnel-decap_key-cfg

Specification  
Type list
Block object keys  

key

Description Only decapsulate GRE packet with this hexadecimal key

Type: string

Maximum Length: 8 characters

Maximum Length: 1 characters

default-list_exceed-log-cfg

Specification  
Type object

log-enable

Description Enable logging of limit exceed drop’s

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

with-sflow-sample

Description Turn on sflow sample with log

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

interface-ipv6-list

Specification  
Type list
Block object keys  

addr

Description IPv6 address of interface

Type: string

Format: ipv6-address

ip-proto-list

l4-type-list

log-enable

Description Enable logging of limit exceed drops

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

port-list

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

interface-ipv6-list_port-list

Specification  
Type list
Block object keys  

deny

Description Blacklist and Drop all incoming packets for protocol

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

port-num

Description Port Number

Type: number

Range: 1-65535

protocol

Description ‘tcp’: tcp; ‘udp’: udp;

Type: string

Supported Values: tcp, udp

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

interface-ipv6-list_ip-proto-list

Specification  
Type list
Block object keys  

deny

Description Blacklist and Drop all incoming packets for protocol

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

port-num

Description IP protocol number

Type: number

Range: 0-255

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

interface-ipv6-list_l4-type-list

Specification  
Type list
Block object keys  

deny

Description Blacklist and Drop all incoming packets for protocol

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

drop-frag-pkt

Description Drop fragmented packets

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

protocol

Description ‘tcp’: tcp; ‘udp’: udp; ‘icmp’: icmp; ‘other’: other;

Type: string

Supported Values: tcp, udp, icmp, other

tunnel-decap

Description: tunnel-decap is a JSON Block. Please see below for interface-ipv6-list_l4-type-list_tunnel-decap

Type: Object

tunnel-rate-limit

Description: tunnel-rate-limit is a JSON Block. Please see below for interface-ipv6-list_l4-type-list_tunnel-rate-limit

Type: Object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

interface-ipv6-list_l4-type-list_tunnel-decap

Specification  
Type object

gre-decap

Description Enable GRE Tunnel decapsulation

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

ip-decap

Description Enable IP Tunnel decapsulation

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

key-cfg

Type: List

interface-ipv6-list_l4-type-list_tunnel-decap_key-cfg

Specification  
Type list
Block object keys  

key

Description Only decapsulate GRE packet with this hexadecimal key

Type: string

Maximum Length: 8 characters

Maximum Length: 1 characters

interface-ipv6-list_l4-type-list_tunnel-rate-limit

Specification  
Type object

gre-rate-limit

Description Enable inner IP rate limiting on GRE traffic

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

ip-rate-limit

Description Enable inner IP rate limiting on IPinIP traffic

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

entry-list

Specification  
Type list
Block object keys  

advertised-enable

Description BGP advertised

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

blackhole-on-glid-exceed

Description Blackhole destination entry for X minutes upon glid limit exceeded

Type: number

Range: 1-30

capture-config-list

description

Description Description for this Destination Entry

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

dest-nat-ip

Description Destination NAT IP address

Type: string

Format: ipv4-address

dest-nat-ipv6

Description Destination NAT IPv6 address

Type: string

Format: ipv6-address

drop-disable

Description Disable certain drops during packet processing

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

drop-disable-fwd-immediate

Description Immediately forward L4 drops

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

drop-frag-pkt

Description Drop fragmented packets

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

drop-on-no-src-dst-default

Description Drop if no match with src-based-policy class-list, and default is not configured

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dst-entry-name

Description

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

dynamic-entry-overflow-policy-list

exceed-log-cfg

Description: exceed-log-cfg is a JSON Block. Please see below for entry-list_exceed-log-cfg

Type: Object

exceed-log-dep-cfg

Description: exceed-log-dep-cfg is a JSON Block. Please see below for entry-list_exceed-log-dep-cfg

Type: Object

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

ip-addr

Description

Type: string

Format: ipv4-address

ip-proto-list

ipv6-addr

Description

Type: string

Format: ipv6-address

l4-type-list

log-periodic

Description Enable periodic log while event is continuing

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

operational-mode

Description ‘protection’: Protection mode; ‘bypass’: Bypass mode;

Type: string

Supported Values: protection, bypass

Default: protection

port-list

port-range-list

reporting-disabled

Description Disable Reporting

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

sflow

Description: sflow is a JSON Block. Please see below for entry-list_sflow

Type: Object

source-nat-pool

Description Configure source NAT

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

src-dst-pair

Description: src-dst-pair is a JSON Block. Please see below for entry-list_src-dst-pair

Type: Object

Refernce Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/src-dst-pair

src-dst-pair-class-list-list

src-dst-pair-policy-list

src-dst-pair-settings-list

src-port-list

src-port-range-list

subnet-ip-addr

Description IP Subnet

Type: string

Format: ipv4-cidr

subnet-ipv6-addr

Description IPV6 Subnet

Type: string

Format: ipv6-address-plen

template

Description: template is a JSON Block. Please see below for entry-list_template

Type: Object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

entry-list_port-list

Specification  
Type list
Block object keys  

capture-config

Description: capture-config is a JSON Block. Please see below for entry-list_port-list_capture-config

Type: Object

deny

Description Blacklist and Drop all incoming packets for protocol

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

detection-enable

Description Enable ddos detection

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

enable-top-k

Description Enable ddos top-k entries

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

port-ind

Description: port-ind is a JSON Block. Please see below for entry-list_port-list_port-ind

Type: Object

Refernce Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/port/{port-num}+{protocol}/port-ind

port-num

Description Port Number

Type: number

Range: 0-65535

protocol

Description ‘dns-tcp’: DNS-TCP Port; ‘dns-udp’: DNS-UDP Port; ‘http’: HTTP Port; ‘tcp’: TCP Port; ‘udp’: UDP Port; ‘ssl-l4’: SSL-L4 Port;

Type: string

Supported Values: dns-tcp, dns-udp, http, tcp, udp, ssl-l4

sflow

Description: sflow is a JSON Block. Please see below for entry-list_port-list_sflow

Type: Object

template

Description: template is a JSON Block. Please see below for entry-list_port-list_template

Type: Object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

entry-list_port-list_sflow

Specification  
Type object

polling

Description: polling is a JSON Block. Please see below for entry-list_port-list_sflow_polling

Type: Object

entry-list_port-list_sflow_polling

Specification  
Type object

sflow-http

Description Enable sFlow HTTP counter polling

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

sflow-packets

Description Enable sFlow packet-level counter polling

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

sflow-tcp

Description: sflow-tcp is a JSON Block. Please see below for entry-list_port-list_sflow_polling_sflow-tcp

Type: Object

entry-list_port-list_sflow_polling_sflow-tcp

Specification  
Type object

sflow-tcp-basic

Description Enable sFlow basic TCP counter polling

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

sflow-tcp-stateful

Description Enable sFlow stateful TCP counter polling

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

entry-list_port-list_capture-config

Specification  
Type object

capture-config-mode

Description ‘drop’: Apply capture-config to dropped packets; ‘forward’: Apply capture-config to forwarded packets; ‘all’: Apply capture-config to both dropped and forwarded packets;

Type: string

Supported Values: drop, forward, all

capture-config-name

Description Capture-config name

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

entry-list_port-list_port-ind

Specification  
Type object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

entry-list_port-list_template

Specification  
Type object

dns

Description DDOS dns template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

http

Description DDOS http template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

ssl-l4

Description DDOS SSL-L4 template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

tcp

Description DDOS tcp template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

udp

Description DDOS udp template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

entry-list_capture-config-list

Specification  
Type list
Block object keys  

mode

Description ‘drop’: Apply capture-config to dropped packets; ‘forward’: Apply capture-config to forwarded packets; ‘all’: Apply capture-config to both dropped and forwarded packets;

Type: string

Supported Values: drop, forward, all

name

Description Capture-config name

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/capture-config

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

entry-list_dynamic-entry-overflow-policy-list

Specification  
Type list
Block object keys  

app-type-src-dst-list

bypass

Description Always permit for the Source to bypass all feature & limit checks

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dummy-name

Description ‘configuration’: Configure src dst dynamic entry count overflow policy;

Type: string

Supported Values: configuration

exceed-log-cfg

Description: exceed-log-cfg is a JSON Block. Please see below for entry-list_dynamic-entry-overflow-policy-list_exceed-log-cfg

Type: Object

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

l4-type-src-dst-list

log-periodic

Description Enable periodic log while event is continuing

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

template

Description: template is a JSON Block. Please see below for entry-list_dynamic-entry-overflow-policy-list_template

Type: Object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

entry-list_dynamic-entry-overflow-policy-list_template

Specification  
Type object

logging

Description DDOS logging template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

entry-list_dynamic-entry-overflow-policy-list_app-type-src-dst-list

Specification  
Type list
Block object keys  

protocol

Description ‘dns’: dns; ‘http’: http; ‘ssl-l4’: ssl-l4;

Type: string

Supported Values: dns, http, ssl-l4

template

Description: template is a JSON Block. Please see below for entry-list_dynamic-entry-overflow-policy-list_app-type-src-dst-list_template

Type: Object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

entry-list_dynamic-entry-overflow-policy-list_app-type-src-dst-list_template

Specification  
Type object

dns

Description DDOS dns template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

http

Description DDOS http template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

ssl-l4

Description DDOS SSL-L4 template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

entry-list_dynamic-entry-overflow-policy-list_l4-type-src-dst-list

Specification  
Type list
Block object keys  

deny

Description Blacklist and Drop all incoming packets for protocol

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

protocol

Description ‘tcp’: tcp; ‘udp’: udp; ‘icmp’: icmp; ‘other’: other;

Type: string

Supported Values: tcp, udp, icmp, other

template

Description: template is a JSON Block. Please see below for entry-list_dynamic-entry-overflow-policy-list_l4-type-src-dst-list_template

Type: Object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

entry-list_dynamic-entry-overflow-policy-list_l4-type-src-dst-list_template

Specification  
Type object

other

Description DDOS OTHER template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

tcp

Description DDOS TCP template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

template-icmp-v4

Description DDOS icmp-v4 template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

template-icmp-v6

Description DDOS icmp-v6 template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

udp

Description DDOS UDP template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

entry-list_dynamic-entry-overflow-policy-list_exceed-log-cfg

Specification  
Type object

log-enable

Description Enable logging of limit exceed drop’s

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

entry-list_port-range-list

Specification  
Type list
Block object keys  

capture-config

Description: capture-config is a JSON Block. Please see below for entry-list_port-range-list_capture-config

Type: Object

deny

Description Blacklist and Drop all incoming packets for protocol

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

detection-enable

Description Enable ddos detection

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

enable-top-k

Description Enable ddos top-k entries

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

port-range-end

Description Port-Range End Port Number

Type: number

Range: 1-65535

port-range-start

Description Port-Range Start Port Number

Type: number

Range: 1-65535

protocol

Description ‘dns-tcp’: DNS-TCP Port; ‘dns-udp’: DNS-UDP Port; ‘http’: HTTP Port; ‘tcp’: TCP Port; ‘udp’: UDP Port; ‘ssl-l4’: SSL-L4 Port;

Type: string

Supported Values: dns-tcp, dns-udp, http, tcp, udp, ssl-l4

sflow

Description: sflow is a JSON Block. Please see below for entry-list_port-range-list_sflow

Type: Object

template

Description: template is a JSON Block. Please see below for entry-list_port-range-list_template

Type: Object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

entry-list_port-range-list_capture-config

Specification  
Type object

capture-config-mode

Description ‘drop’: Apply capture-config to dropped packets; ‘forward’: Apply capture-config to forwarded packets; ‘all’: Apply capture-config to both dropped and forwarded packets;

Type: string

Supported Values: drop, forward, all

capture-config-name

Description Capture-config name

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

entry-list_port-range-list_sflow

Specification  
Type object

polling

Description: polling is a JSON Block. Please see below for entry-list_port-range-list_sflow_polling

Type: Object

entry-list_port-range-list_sflow_polling

Specification  
Type object

sflow-http

Description Enable sFlow HTTP counter polling

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

sflow-packets

Description Enable sFlow packet-level counter polling

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

sflow-tcp

Description: sflow-tcp is a JSON Block. Please see below for entry-list_port-range-list_sflow_polling_sflow-tcp

Type: Object

entry-list_port-range-list_sflow_polling_sflow-tcp

Specification  
Type object

sflow-tcp-basic

Description Enable sFlow basic TCP counter polling

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

sflow-tcp-stateful

Description Enable sFlow stateful TCP counter polling

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

entry-list_port-range-list_template

Specification  
Type object

dns

Description DDOS dns template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

http

Description DDOS http template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

ssl-l4

Description DDOS SSL-L4 template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

tcp

Description DDOS tcp template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

udp

Description DDOS udp template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

entry-list_src-dst-pair-class-list-list

Specification  
Type list
Block object keys  

app-type-src-dst-list

cid-list

class-list-name

Description Class-list name

Type: string

Maximum Length: 63 characters

Maximum Length: 1 characters

exceed-log-cfg

Description: exceed-log-cfg is a JSON Block. Please see below for entry-list_src-dst-pair-class-list-list_exceed-log-cfg

Type: Object

l4-type-src-dst-list

log-periodic

Description Enable periodic log while event is continuing

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

entry-list_src-dst-pair-class-list-list_cid-list

Specification  
Type list
Block object keys  

app-type-src-dst-cid-list

cid-num

Description Class-list id

Type: number

Range: 1-32

exceed-log-cfg

Description: exceed-log-cfg is a JSON Block. Please see below for entry-list_src-dst-pair-class-list-list_cid-list_exceed-log-cfg

Type: Object

l4-type-src-dst-cid-list

log-periodic

Description Enable periodic log while event is continuing

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

entry-list_src-dst-pair-class-list-list_cid-list_app-type-src-dst-cid-list

Specification  
Type list
Block object keys  

protocol

Description ‘dns’: dns; ‘http’: http; ‘ssl-l4’: ssl-l4;

Type: string

Supported Values: dns, http, ssl-l4

template

Description: template is a JSON Block. Please see below for entry-list_src-dst-pair-class-list-list_cid-list_app-type-src-dst-cid-list_template

Type: Object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

entry-list_src-dst-pair-class-list-list_cid-list_app-type-src-dst-cid-list_template

Specification  
Type object

dns

Description DDOS dns template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

http

Description DDOS http template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

ssl-l4

Description DDOS SSL-L4 template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

entry-list_src-dst-pair-class-list-list_cid-list_l4-type-src-dst-cid-list

Specification  
Type list
Block object keys  

deny

Description Blacklist and Drop all incoming packets for protocol

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

protocol

Description ‘tcp’: tcp; ‘udp’: udp; ‘icmp’: icmp; ‘other’: other;

Type: string

Supported Values: tcp, udp, icmp, other

template

Description: template is a JSON Block. Please see below for entry-list_src-dst-pair-class-list-list_cid-list_l4-type-src-dst-cid-list_template

Type: Object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

entry-list_src-dst-pair-class-list-list_cid-list_l4-type-src-dst-cid-list_template

Specification  
Type object

other

Description DDOS OTHER template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

tcp

Description DDOS TCP template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

template-icmp-v4

Description DDOS icmp-v4 template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

template-icmp-v6

Description DDOS icmp-v6 template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

udp

Description DDOS UDP template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

entry-list_src-dst-pair-class-list-list_cid-list_exceed-log-cfg

Specification  
Type object

log-enable

Description Enable logging of limit exceed drop’s

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

entry-list_src-dst-pair-class-list-list_app-type-src-dst-list

Specification  
Type list
Block object keys  

protocol

Description ‘dns’: dns; ‘http’: http; ‘ssl-l4’: ssl-l4;

Type: string

Supported Values: dns, http, ssl-l4

template

Description: template is a JSON Block. Please see below for entry-list_src-dst-pair-class-list-list_app-type-src-dst-list_template

Type: Object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

entry-list_src-dst-pair-class-list-list_app-type-src-dst-list_template

Specification  
Type object

dns

Description DDOS dns template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

http

Description DDOS http template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

ssl-l4

Description DDOS SSL-L4 template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

entry-list_src-dst-pair-class-list-list_l4-type-src-dst-list

Specification  
Type list
Block object keys  

deny

Description Blacklist and Drop all incoming packets for protocol

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

protocol

Description ‘tcp’: tcp; ‘udp’: udp; ‘icmp’: icmp; ‘other’: other;

Type: string

Supported Values: tcp, udp, icmp, other

template

Description: template is a JSON Block. Please see below for entry-list_src-dst-pair-class-list-list_l4-type-src-dst-list_template

Type: Object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

entry-list_src-dst-pair-class-list-list_l4-type-src-dst-list_template

Specification  
Type object

other

Description DDOS OTHER template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

tcp

Description DDOS TCP template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

template-icmp-v4

Description DDOS icmp-v4 template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

template-icmp-v6

Description DDOS icmp-v6 template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

udp

Description DDOS UDP template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

entry-list_src-dst-pair-class-list-list_exceed-log-cfg

Specification  
Type object

log-enable

Description Enable logging of limit exceed drop’s

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

entry-list_template

Specification  
Type object

logging

Description DDOS logging template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

entry-list_l4-type-list

Specification  
Type list
Block object keys  

deny

Description Blacklist and Drop all incoming packets for protocol

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

detection-enable

Description Enable ddos detection

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

drop-frag-pkt

Description Drop fragmented packets

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

drop-on-no-port-match

Description ‘disable’: disable; ‘enable’: enable;

Type: string

Supported Values: disable, enable

Default: enable

enable-top-k

Description Enable ddos top-k entries

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

exceed-action

Description ‘drop’: Drop the packet; ‘black-list’: Add the source IP into black list;

Type: string

Supported Values: drop, black-list

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

max-rexmit-syn-per-flow

Description Maximum number of re-transmit SYN per flow

Type: number

Range: 1-6

port-ind

Description: port-ind is a JSON Block. Please see below for entry-list_l4-type-list_port-ind

Type: Object

Refernce Object: /axapi/v3/ddos/dst/entry/{dst-entry-name}/l4-type/{protocol}/port-ind

protocol

Description ‘tcp’: L4-Type TCP; ‘udp’: L4-Type UDP; ‘icmp’: L4-Type ICMP; ‘other’: L4-Type OTHER;

Type: string

Supported Values: tcp, udp, icmp, other

stateful

Description Enable stateful tracking of sessions (Default is stateless)

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

syn-auth

Description ‘send-rst’: Send RST to client upon client ACK; ‘force-rst-by-ack’: Force client RST via the use of ACK; ‘force-rst-by-synack’: Force client RST via the use of bad SYN|ACK; ‘disable’: Disable TCP SYN Authentication;

Type: string

Supported Values: send-rst, force-rst-by-ack, force-rst-by-synack, disable

Default: send-rst

syn-cookie

Description Enable SYN Cookie

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

tcp-reset-client

Description Send reset to client when rate exceeds or session ages out

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

tcp-reset-server

Description Send reset to server when rate exceeds or session ages out

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

template

Description: template is a JSON Block. Please see below for entry-list_l4-type-list_template

Type: Object

tunnel-decap

Description: tunnel-decap is a JSON Block. Please see below for entry-list_l4-type-list_tunnel-decap

Type: Object

tunnel-rate-limit

Description: tunnel-rate-limit is a JSON Block. Please see below for entry-list_l4-type-list_tunnel-rate-limit

Type: Object

undefined-port-hit-statistics

Description: undefined-port-hit-statistics is a JSON Block. Please see below for entry-list_l4-type-list_undefined-port-hit-statistics

Type: Object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

entry-list_l4-type-list_template

Specification  
Type object

template-icmp-v4

Description DDOS icmp-v4 template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

template-icmp-v6

Description DDOS icmp-v6 template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

entry-list_l4-type-list_port-ind

Specification  
Type object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

entry-list_l4-type-list_undefined-port-hit-statistics

Specification  
Type object

reset-interval

Description Configure port scanning counter reset interval (minutes), Default 60 mins

Type: number

Range: 1-64000

Default: 60

undefined-port-hit-statistics

Description Enable port scanning statistics

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

entry-list_l4-type-list_tunnel-rate-limit

Specification  
Type object

gre-rate-limit

Description Enable inner IP rate limiting on GRE traffic

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

ip-rate-limit

Description Enable inner IP rate limiting on IPinIP traffic

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

entry-list_l4-type-list_tunnel-decap

Specification  
Type object

gre-decap

Description Enable GRE Tunnel decapsulation

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

ip-decap

Description Enable IP Tunnel decapsulation

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

key-cfg

Type: List

entry-list_l4-type-list_tunnel-decap_key-cfg

Specification  
Type list
Block object keys  

key

Description Only decapsulate GRE packet with this hexadecimal key

Type: string

Maximum Length: 8 characters

Maximum Length: 1 characters

entry-list_src-dst-pair-settings-list

Specification  
Type list
Block object keys  

age

Description Idle age for ip entry

Type: number

Range: 2-1023

Default: 5

all-types

Description ‘all-types’: Settings for all types (default or class-list);

Type: string

Supported Values: all-types

apply-policy-on-overflow

Description Enable this flag to apply overflow policy when dynamic entry count overflows

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

enable-class-list-overflow

Description Apply class-list overflow policy upon exceeding dynamic entry count specified for DST entry or each class-list

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

l4-type-src-dst-list

max-dynamic-entry-count

Description Maximum count for dynamic src-dst entry

Type: number

Range: 0-2147483647

traffic-distribution-mode

Description ‘default’: Distribute traffic to one blade only; ‘source-ip-based’: Distribute traffic between blades, based on source ip;

Type: string

Supported Values: default, source-ip-based

Default: default

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

entry-list_src-dst-pair-settings-list_l4-type-src-dst-list

Specification  
Type list
Block object keys  

apply-policy-on-overflow

Description Enable this flag to apply overflow policy when dynamic entry count overflows

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

max-dynamic-entry-count

Description Maximum count for dynamic src-dst entry

Type: number

Range: 0-2147483647

protocol

Description ‘tcp’: tcp; ‘udp’: udp; ‘icmp’: icmp; ‘other’: other;

Type: string

Supported Values: tcp, udp, icmp, other

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

entry-list_src-port-range-list

Specification  
Type list
Block object keys  

deny

Description Blacklist and Drop all incoming packets for protocol

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

protocol

Description ‘udp’: UDP Port; ‘tcp’: TCP Port;

Type: string

Supported Values: udp, tcp

src-port-range-end

Description Src Port-Range End Port Number

Type: number

Range: 2-65535

src-port-range-start

Description Src Port-Range Start Port Number

Type: number

Range: 1-65535

template

Description: template is a JSON Block. Please see below for entry-list_src-port-range-list_template

Type: Object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

entry-list_src-port-range-list_template

Specification  
Type object

src-tcp

Description DDOS tcp src template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

src-udp

Description DDOS udp src template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

entry-list_src-port-list

Specification  
Type list
Block object keys  

deny

Description Blacklist and Drop all incoming packets for protocol

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

port-num

Description Port Number

Type: number

Range: 0-65535

protocol

Description ‘udp’: UDP Port; ‘tcp’: TCP Port;

Type: string

Supported Values: udp, tcp

template

Description: template is a JSON Block. Please see below for entry-list_src-port-list_template

Type: Object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

entry-list_src-port-list_template

Specification  
Type object

src-tcp

Description DDOS tcp src template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

src-udp

Description DDOS udp src template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

entry-list_ip-proto-list

Specification  
Type list
Block object keys  

deny

Description Blacklist and Drop all incoming packets for protocol

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

port-num

Description Protocol Number

Type: number

Range: 0-255

template

Description: template is a JSON Block. Please see below for entry-list_ip-proto-list_template

Type: Object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

entry-list_ip-proto-list_template

Specification  
Type object

other

Description DDOS other template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

entry-list_exceed-log-cfg

Specification  
Type object

log-enable

Description Enable logging of limit exceed drop’s

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

log-with-sflow

Description Turn on sflow sample with log

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

entry-list_sflow

Specification  
Type object

polling

Description: polling is a JSON Block. Please see below for entry-list_sflow_polling

Type: Object

entry-list_sflow_polling

Specification  
Type object

sflow-http

Description Enable sFlow HTTP counter polling. WARNING: Entry level Sflow polling might induce heavy CPU load depending on the total number

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

sflow-layer-4

Description Enable sFlow Layer 4 counter polling. WARNING: Entry level Sflow polling might induce heavy CPU load depending on the total num

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

sflow-packets

Description Enable sFlow packet-level counter polling. WARNING: Entry level Sflow polling might induce heavy CPU load depending on the tota

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

sflow-tcp

Description: sflow-tcp is a JSON Block. Please see below for entry-list_sflow_polling_sflow-tcp

Type: Object

sflow-undef-port-hit-stats

Description Enable sFlow undefined-port-hit-statistics polling

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

sflow-undef-port-hit-stats-brief

Description Enable sFlow undefined-port-hit-statistics polling in brief mode

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

entry-list_sflow_polling_sflow-tcp

Specification  
Type object

sflow-tcp-basic

Description Enable sFlow basic TCP counter polling. WARNING: Entry level Sflow polling might induce heavy CPU load depending on the total n

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

sflow-tcp-stateful

Description Enable sFlow stateful TCP counter polling. WARNING: Entry level Sflow polling might induce heavy CPU load depending on the tota

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

entry-list_src-dst-pair

Specification  
Type object

app-type-src-dst-list

bypass

Description Always permit for the Source to bypass all feature & limit checks

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

default

Description Configure default

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

exceed-log-cfg

Description: exceed-log-cfg is a JSON Block. Please see below for entry-list_src-dst-pair_exceed-log-cfg

Type: Object

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

l4-type-src-dst-list

log-periodic

Description Enable periodic log while event is continuing

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

template

Description: template is a JSON Block. Please see below for entry-list_src-dst-pair_template

Type: Object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

entry-list_src-dst-pair_template

Specification  
Type object

logging

Description DDOS logging template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

entry-list_src-dst-pair_app-type-src-dst-list

Specification  
Type list
Block object keys  

protocol

Description ‘dns’: dns; ‘http’: http; ‘ssl-l4’: ssl-l4;

Type: string

Supported Values: dns, http, ssl-l4

template

Description: template is a JSON Block. Please see below for entry-list_src-dst-pair_app-type-src-dst-list_template

Type: Object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

entry-list_src-dst-pair_app-type-src-dst-list_template

Specification  
Type object

dns

Description DDOS dns template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

http

Description DDOS http template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

ssl-l4

Description DDOS SSL-L4 template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

entry-list_src-dst-pair_l4-type-src-dst-list

Specification  
Type list
Block object keys  

deny

Description Blacklist and Drop all incoming packets for protocol

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

protocol

Description ‘tcp’: tcp; ‘udp’: udp; ‘icmp’: icmp; ‘other’: other;

Type: string

Supported Values: tcp, udp, icmp, other

template

Description: template is a JSON Block. Please see below for entry-list_src-dst-pair_l4-type-src-dst-list_template

Type: Object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

entry-list_src-dst-pair_l4-type-src-dst-list_template

Specification  
Type object

other

Description DDOS OTHER template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

tcp

Description DDOS TCP template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

template-icmp-v4

Description DDOS icmp-v4 template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

template-icmp-v6

Description DDOS icmp-v6 template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

udp

Description DDOS UDP template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

entry-list_src-dst-pair_exceed-log-cfg

Specification  
Type object

log-enable

Description Enable logging of limit exceed drop’s

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

entry-list_src-dst-pair-policy-list

Specification  
Type list
Block object keys  

policy-class-list-list

src-based-policy-name

Description Src-based-policy name

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

entry-list_src-dst-pair-policy-list_policy-class-list-list

Specification  
Type list
Block object keys  

app-type-src-dst-list

bypass

Description Always permit for the Source to bypass all feature & limit checks

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

class-list-name

Description Class-list name

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

class-list-overflow-policy-list

exceed-log-cfg

Description: exceed-log-cfg is a JSON Block. Please see below for entry-list_src-dst-pair-policy-list_policy-class-list-list_exceed-log-cfg

Type: Object

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

l4-type-src-dst-list

log-periodic

Description Enable periodic log while event is continuing

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

max-dynamic-entry-count

Description Maximum count for dynamic src-dst entry under class-list

Type: number

Range: 0-2147483647

template

Description: template is a JSON Block. Please see below for entry-list_src-dst-pair-policy-list_policy-class-list-list_template

Type: Object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

entry-list_src-dst-pair-policy-list_policy-class-list-list_template

Specification  
Type object

logging

Description DDOS logging template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

entry-list_src-dst-pair-policy-list_policy-class-list-list_app-type-src-dst-list

Specification  
Type list
Block object keys  

protocol

Description ‘dns’: dns; ‘http’: http; ‘ssl-l4’: ssl-l4;

Type: string

Supported Values: dns, http, ssl-l4

template

Description: template is a JSON Block. Please see below for entry-list_src-dst-pair-policy-list_policy-class-list-list_app-type-src-dst-list_template

Type: Object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

entry-list_src-dst-pair-policy-list_policy-class-list-list_app-type-src-dst-list_template

Specification  
Type object

dns

Description DDOS dns template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

http

Description DDOS http template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

ssl-l4

Description DDOS SSL-L4 template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

entry-list_src-dst-pair-policy-list_policy-class-list-list_l4-type-src-dst-list

Specification  
Type list
Block object keys  

deny

Description Blacklist and Drop all incoming packets for protocol

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

protocol

Description ‘tcp’: tcp; ‘udp’: udp; ‘icmp’: icmp; ‘other’: other;

Type: string

Supported Values: tcp, udp, icmp, other

template

Description: template is a JSON Block. Please see below for entry-list_src-dst-pair-policy-list_policy-class-list-list_l4-type-src-dst-list_template

Type: Object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

entry-list_src-dst-pair-policy-list_policy-class-list-list_l4-type-src-dst-list_template

Specification  
Type object

other

Description DDOS OTHER template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

tcp

Description DDOS TCP template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

template-icmp-v4

Description DDOS icmp-v4 template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

template-icmp-v6

Description DDOS icmp-v6 template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

udp

Description DDOS UDP template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

entry-list_src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list

Specification  
Type list
Block object keys  

app-type-src-dst-overflow-list

bypass

Description Always permit for the Source to bypass all feature & limit checks

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dummy-name

Description ‘configuration’: Configure src dst dynamic entry count overflow policy for class-list;

Type: string

Supported Values: configuration

exceed-log-cfg

Description: exceed-log-cfg is a JSON Block. Please see below for entry-list_src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list_exceed-log-cfg

Type: Object

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

l4-type-src-dst-overflow-list

log-periodic

Description Enable periodic log while event is continuing

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

template

Description: template is a JSON Block. Please see below for entry-list_src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list_template

Type: Object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

entry-list_src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list_template

Specification  
Type object

logging

Description DDOS logging template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

entry-list_src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list_l4-type-src-dst-overflow-list

Specification  
Type list
Block object keys  

deny

Description Blacklist and Drop all incoming packets for protocol

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

protocol

Description ‘tcp’: tcp; ‘udp’: udp; ‘icmp’: icmp; ‘other’: other;

Type: string

Supported Values: tcp, udp, icmp, other

template

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

entry-list_src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list_l4-type-src-dst-overflow-list_template

Specification  
Type object

other

Description DDOS OTHER template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

tcp

Description DDOS TCP template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

template-icmp-v4

Description DDOS icmp-v4 template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

template-icmp-v6

Description DDOS icmp-v6 template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

udp

Description DDOS UDP template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

entry-list_src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list_app-type-src-dst-overflow-list

Specification  
Type list
Block object keys  

protocol

Description ‘dns’: dns; ‘http’: http; ‘ssl-l4’: ssl-l4;

Type: string

Supported Values: dns, http, ssl-l4

template

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

entry-list_src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list_app-type-src-dst-overflow-list_template

Specification  
Type object

dns

Description DDOS dns template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

http

Description DDOS http template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

ssl-l4

Description DDOS SSL-L4 template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

entry-list_src-dst-pair-policy-list_policy-class-list-list_class-list-overflow-policy-list_exceed-log-cfg

Specification  
Type object

log-enable

Description Enable logging of limit exceed drop’s

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

entry-list_src-dst-pair-policy-list_policy-class-list-list_exceed-log-cfg

Specification  
Type object

log-enable

Description Enable logging of limit exceed drop’s

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

entry-list_exceed-log-dep-cfg

Specification  
Type object

exceed-log-enable

Description (Deprecated)Enable logging of limit exceed drop’s

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

log-with-sflow-dep

Description Turn on sflow sample with log

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dynamic-entry-overflow-policy-list

Specification  
Type list
Block object keys  

default-address-type

Description ‘ip’: ip; ‘ipv6’: ipv6;

Type: string

Supported Values: ip, ipv6

drop-disable

Description Disable certain drops during packet processing

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

drop-disable-fwd-immediate

Description Immediately forward L4 drops

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

exceed-log-cfg

Description: exceed-log-cfg is a JSON Block. Please see below for dynamic-entry-overflow-policy-list_exceed-log-cfg

Type: Object

exceed-log-dep-cfg

Description: exceed-log-dep-cfg is a JSON Block. Please see below for dynamic-entry-overflow-policy-list_exceed-log-dep-cfg

Type: Object

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

ip-proto-list

l4-type-list

log-periodic

Description Enable periodic log while event is continuing

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

port-list

src-port-list

template

Description: template is a JSON Block. Please see below for dynamic-entry-overflow-policy-list_template

Type: Object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

dynamic-entry-overflow-policy-list_port-list

Specification  
Type list
Block object keys  

deny

Description Blacklist and Drop all incoming packets for protocol

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

port-num

Description Port Number

Type: number

Range: 0-65535

protocol

Description ‘dns-tcp’: dns-tcp; ‘dns-udp’: dns-udp; ‘http’: http; ‘tcp’: tcp; ‘udp’: udp; ‘ssl-l4’: ssl-l4;

Type: string

Supported Values: dns-tcp, dns-udp, http, tcp, udp, ssl-l4

template

Description: template is a JSON Block. Please see below for dynamic-entry-overflow-policy-list_port-list_template

Type: Object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

dynamic-entry-overflow-policy-list_port-list_template

Specification  
Type object

dns

Description DDOS dns template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

http

Description DDOS http template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

ssl-l4

Description DDOS ssl-l4 template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

tcp

Description DDOS tcp template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

udp

Description DDOS udp template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

dynamic-entry-overflow-policy-list_template

Specification  
Type object

logging

Description DDOS logging template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

dynamic-entry-overflow-policy-list_ip-proto-list

Specification  
Type list
Block object keys  

deny

Description Blacklist and Drop all incoming packets for protocol

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

port-num

Description Protocol Number

Type: number

Range: 0-255

template

Description: template is a JSON Block. Please see below for dynamic-entry-overflow-policy-list_ip-proto-list_template

Type: Object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

dynamic-entry-overflow-policy-list_ip-proto-list_template

Specification  
Type object

other

Description DDOS other template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

dynamic-entry-overflow-policy-list_src-port-list

Specification  
Type list
Block object keys  

deny

Description Blacklist and Drop all incoming packets for protocol

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

port-num

Description Port Number

Type: number

Range: 0-65535

protocol

Description ‘udp’: udp; ‘tcp’: tcp;

Type: string

Supported Values: udp, tcp

template

Description: template is a JSON Block. Please see below for dynamic-entry-overflow-policy-list_src-port-list_template

Type: Object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

dynamic-entry-overflow-policy-list_src-port-list_template

Specification  
Type object

src-tcp

Description DDOS tcp src template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

src-udp

Description DDOS udp src template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

dynamic-entry-overflow-policy-list_exceed-log-cfg

Specification  
Type object

log-enable

Description Enable logging of limit exceed drop’s

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

with-sflow-sample

Description Turn on sflow sample with log

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dynamic-entry-overflow-policy-list_exceed-log-dep-cfg

Specification  
Type object

exceed-log-enable

Description (Deprecated)Enable logging of limit exceed drop’s

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

log-with-sflow-dep

Description Turn on sflow sample with log

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dynamic-entry-overflow-policy-list_l4-type-list

Specification  
Type list
Block object keys  

deny

Description Blacklist and Drop all incoming packets for protocol

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

drop-frag-pkt

Description Drop fragmented packets

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

drop-on-no-port-match

Description ‘disable’: disable; ‘enable’: enable;

Type: string

Supported Values: disable, enable

Default: enable

exceed-action

Description: exceed-action is a JSON Block. Please see below for dynamic-entry-overflow-policy-list_l4-type-list_exceed-action

Type: Object

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

max-rexmit-syn-per-flow

Description Maximum number of re-transmit SYN per flow

Type: number

Range: 1-6

protocol

Description ‘tcp’: tcp; ‘udp’: udp; ‘icmp’: icmp; ‘other’: other;

Type: string

Supported Values: tcp, udp, icmp, other

stateful

Description Enable stateful tracking of sessions (Default is stateless)

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

syn-auth

Description ‘send-rst’: Send RST to client upon client ACK; ‘force-rst-by-ack’: Force client RST via the use of ACK; ‘force-rst-by-synack’: Force client RST via the use of bad SYN|ACK; ‘disable’: Disable TCP SYN Authentication;

Type: string

Supported Values: send-rst, force-rst-by-ack, force-rst-by-synack, disable

Default: send-rst

syn-cookie

Description Enable SYN Cookie

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

tcp-reset-client

Description Send reset to client when rate exceeds or session ages out

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

tcp-reset-server

Description Send reset to server when rate exceeds or session ages out

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

tunnel-decap

Description: tunnel-decap is a JSON Block. Please see below for dynamic-entry-overflow-policy-list_l4-type-list_tunnel-decap

Type: Object

tunnel-rate-limit

Description: tunnel-rate-limit is a JSON Block. Please see below for dynamic-entry-overflow-policy-list_l4-type-list_tunnel-rate-limit

Type: Object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

dynamic-entry-overflow-policy-list_l4-type-list_tunnel-rate-limit

Specification  
Type object

gre-rate-limit

Description Enable inner IP rate limiting on GRE traffic

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

ip-rate-limit

Description Enable inner IP rate limiting on IPinIP traffic

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dynamic-entry-overflow-policy-list_l4-type-list_exceed-action

Specification  
Type object

exceed-drop

Description Drop the packet

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dynamic-entry-overflow-policy-list_l4-type-list_tunnel-decap

Specification  
Type object

gre-decap

Description Enable GRE Tunnel decapsulation

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

ip-decap

Description Enable IP Tunnel decapsulation

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

key-cfg

Type: List

dynamic-entry-overflow-policy-list_l4-type-list_tunnel-decap_key-cfg

Specification  
Type list
Block object keys  

key

Description Only decapsulate GRE packet with this hexadecimal key

Type: string

Maximum Length: 8 characters

Maximum Length: 1 characters

zone-list

Specification  
Type list
Block object keys  

advertised-enable

Description BGP advertised

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

capture-config-list

description

Description Description for this Destination Zone

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

dest-nat-ip

Description Destination NAT IP address

Type: string

Format: ipv4-address

dest-nat-ipv6

Description Destination NAT IPv6 address

Type: string

Format: ipv6-address

drop-frag-pkt

Description Drop fragmented packets

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

force-operational-mode

Description Force configure operational mode

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

glid

Description Global limit ID for the whole zone

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

ip

Type: List

ip-proto

Description: ip-proto is a JSON Block. Please see below for zone-list_ip-proto

Type: Object

Refernce Object: /axapi/v3/ddos/dst/zone/{zone-name}/ip-proto

ipv6

Type: List

log-enable

Description Enable logging

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

log-periodic

Description Enable log periodic

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

operational-mode

Description ‘idle’: Idle mode; ‘monitor’: Monitor mode; ‘learning’: Learning mode;

Type: string

Supported Values: idle, monitor, learning

Default: idle

per-addr-glid

Description Global limit ID per address

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

port

Description: port is a JSON Block. Please see below for zone-list_port

Type: Object

Refernce Object: /axapi/v3/ddos/dst/zone/{zone-name}/port

port-range-list

reporting-disabled

Description Disable Reporting

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

sflow-common

Description Enable sFlow counter polling packets, tcp-basic, tcp-stateful and http. WARNING: Zone level Sflow polling might induce heavy CP

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: sflow-commonsflow-packets, sflow-layer-4, sflow-tcp-basic, sflow-tcp-stateful and sflow-http are mutually exclusive

sflow-http

Description Enable sFlow HTTP counter polling. WARNING: Zone level Sflow polling might induce heavy CPU load depending on the total number

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: sflow-http and sflow-common are mutually exclusive

sflow-layer-4

Description Enable sFlow Layer 4 counter polling. WARNING: Zone level Sflow polling might induce heavy CPU load depending on the number of

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: sflow-layer-4 and sflow-common are mutually exclusive

sflow-packets

Description Enable sFlow packet-level counter polling. WARNING: Zone level Sflow polling might induce heavy CPU load depending on the total

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: sflow-packets and sflow-common are mutually exclusive

sflow-tcp

Description: sflow-tcp is a JSON Block. Please see below for zone-list_sflow-tcp

Type: Object

source-nat-pool

Description Configure source NAT

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

src-port

Description: src-port is a JSON Block. Please see below for zone-list_src-port

Type: Object

Refernce Object: /axapi/v3/ddos/dst/zone/{zone-name}/src-port

src-port-range-list

telemetry-enable

Description Enable from-l3-peer flag for the zone, thus all the ip entries in the zone will be dynamically created/deleted based on the BGP

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

traffic-distribution-mode

Description ‘default’: Distribute traffic to one blade only; ‘source-ip-based’: Distribute traffic between blades, based on source ip;

Type: string

Supported Values: default, source-ip-based

Default: default

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-name

Description

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

zone-profile

Description Apply threshold profile

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/ddos/zone-profile

zone-template

Description: zone-template is a JSON Block. Please see below for zone-list_zone-template

Type: Object

zone-list_ip

Specification  
Type list
Block object keys  

expand-ip-subnet

Description Expand this subnet to individual IP address

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

expand-ip-subnet-mode

Description ‘dynamic’: Dynamic learning;

Type: string

Supported Values: dynamic

ip-addr

Description Specify IP address

Type: string

Format: ipv4-address

subnet-ip-addr

Description IP Subnet

Type: string

Format: ipv4-cidr

zone-list_ip-proto

Specification  
Type object

proto-name-list

proto-number-list

proto-tcp-udp-list

zone-list_ip-proto_proto-number-list

Specification  
Type list
Block object keys  

age

Description Idle age for ip entry

Type: number

Range: 2-1023

Default: 5

apply-policy-on-overflow

Description Enable this flag to apply overflow policy when dynamic entry count overflows

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

deny

Description Blacklist and Drop all incoming packets for this ip-proto

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

drop-frag-pkt

Description Drop fragmented packets

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dynamic-entry-overflow-policy-list

enable-top-k

Description Enable ddos top-k detection

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

glid-cfg

Description: glid-cfg is a JSON Block. Please see below for zone-list_ip-proto_proto-number-list_glid-cfg

Type: Object

level-list

manual-mode-enable

Description Toggle manual mode to use fix templates

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

manual-mode-list

max-dynamic-entry-count

Description Maximum count for dynamic source zone service entry

Type: number

Range: 0-2147483647

port-ind

Description: port-ind is a JSON Block. Please see below for zone-list_ip-proto_proto-number-list_port-ind

Type: Object

Refernce Object: /axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}/port-ind

protocol-num

Description Protocol Number

Type: number

Range: 0-255

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-list_ip-proto_proto-number-list_port-ind

Specification  
Type object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-list_ip-proto_proto-number-list_dynamic-entry-overflow-policy-list

Specification  
Type list
Block object keys  

dummy-name

Description ‘configuration’: Configure overflow policy;

Type: string

Supported Values: configuration

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-template

Description: zone-template is a JSON Block. Please see below for zone-list_ip-proto_proto-number-list_dynamic-entry-overflow-policy-list_zone-template

Type: Object

zone-list_ip-proto_proto-number-list_dynamic-entry-overflow-policy-list_zone-template

Specification  
Type object

encap

Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

ip-proto

Description DDOS ip-proto template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

zone-list_ip-proto_proto-number-list_level-list

Specification  
Type list
Block object keys  

indicator-list

level-num

Description ‘0’: Default policy level; ‘1’: Policy level 1; ‘2’: Policy level 2; ‘3’: Policy level 3; ‘4’: Policy level 4;

Type: string

Supported Values: 0, 1, 2, 3, 4

src-default-glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

src-escalation-score

Description Source activation score of this level

Type: number

Range: 1-1000000

src-violation-actions

Description Violation actions apply due to source escalate from this level

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/ddos/violation-actions

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-escalation-score

Description Zone activation score of this level

Type: number

Range: 1-1000000

zone-template

Description: zone-template is a JSON Block. Please see below for zone-list_ip-proto_proto-number-list_level-list_zone-template

Type: Object

zone-violation-actions

Description Violation actions apply due to zone escalate from this level

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/ddos/violation-actions

zone-list_ip-proto_proto-number-list_level-list_zone-template

Specification  
Type object

encap

Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

ip-proto

Description DDOS ip-proto template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

zone-list_ip-proto_proto-number-list_level-list_indicator-list

Specification  
Type list
Block object keys  

data-packet-size

Description Expected minimal data size

Type: number

Range: 0-2147483647

score

Description Score corresponding to the indicator

Type: number

Range: 1-1000000

src-threshold-num

Description Indicator per-src threshold

Type: number

Range: 0-2147483647

src-threshold-str

Description Indicator per-src threshold

Type: string

Maximum Length: 128 characters

Maximum Length: 1 characters

src-violation-actions

Description Violation actions to use when this src indicator threshold reaches

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/ddos/violation-actions

type

Description ‘pkt-rate’: rate of incoming packets; ‘pkt-drop-rate’: rate of packets got dropped; ‘pkt-drop-ratio’: ratio of incoming packet rate divided by the rate of dropping packets; ‘bytes-to-bytes-from-ratio’: ratio of incoming packet rate divided by the rate of outgoing packets; ‘frag-rate’: rate of incoming fragmented packets;

Type: string

Supported Values: pkt-rate, pkt-drop-rate, pkt-drop-ratio, bytes-to-bytes-from-ratio, frag-rate

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-threshold-num

Description Threshold for the entire zone

Type: number

Range: 0-2147483647

zone-threshold-str

Description Threshold for the entire zone

Type: string

Maximum Length: 128 characters

Maximum Length: 1 characters

zone-violation-actions

Description Violation actions to use when this zone indicator threshold reaches

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/ddos/violation-actions

zone-list_ip-proto_proto-number-list_glid-cfg

Specification  
Type object

glid

Description Global limit ID for the whole zone

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

glid-action

Description ‘drop’: Drop packets for glid exceed (Default); ‘blacklist-src’: Blacklist-src for glid exceed; ‘ignore’: Do nothing for glid exceed;

Type: string

Supported Values: drop, blacklist-src, ignore

per-addr-glid

Description Global limit ID per address

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

zone-list_ip-proto_proto-number-list_manual-mode-list

Specification  
Type list
Block object keys  

config

Description ‘configuration’: Manual-mode configuration;

Type: string

Supported Values: configuration

src-default-glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-template

Description: zone-template is a JSON Block. Please see below for zone-list_ip-proto_proto-number-list_manual-mode-list_zone-template

Type: Object

zone-list_ip-proto_proto-number-list_manual-mode-list_zone-template

Specification  
Type object

encap

Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

ip-proto

Description DDOS ip-proto template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

zone-list_ip-proto_proto-name-list

Specification  
Type list
Block object keys  

age

Description Idle age for ip entry

Type: number

Range: 2-1023

Default: 5

apply-policy-on-overflow

Description Enable this flag to apply overflow policy when dynamic entry count overflows

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

deny

Description Blacklist and Drop all incoming packets for ip-proto icmp-v4

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

drop-frag-pkt

Description Drop fragmented packets

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dynamic-entry-overflow-policy-list

enable-top-k

Description Enable ddos top-k detection

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

glid-cfg

Description: glid-cfg is a JSON Block. Please see below for zone-list_ip-proto_proto-name-list_glid-cfg

Type: Object

key-cfg

Type: List

level-list

manual-mode-enable

Description Toggle manual mode to use fix templates

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

manual-mode-list

max-dynamic-entry-count

Description Maximum count for dynamic source zone service entry

Type: number

Range: 0-2147483647

port-ind

Description: port-ind is a JSON Block. Please see below for zone-list_ip-proto_proto-name-list_port-ind

Type: Object

Refernce Object: /axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol}/port-ind

protocol

Description ‘icmp-v4’: ip-proto icmp-v4; ‘icmp-v6’: ip-proto icmp-v6; ‘other’: ip-proto other; ‘gre’: ip-proto gre; ‘ipv4-encap’: ip-proto IPv4 Encapsulation; ‘ipv6-encap’: ip-proto IPv6 Encapsulation;

Type: string

Supported Values: icmp-v4, icmp-v6, other, gre, ipv4-encap, ipv6-encap

tunnel-decap

Description Enable tunnel decapsulation

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

tunnel-rate-limit

Description Enable DDOS-protection on tunnel traffic

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-list_ip-proto_proto-name-list_port-ind

Specification  
Type object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-list_ip-proto_proto-name-list_key-cfg

Specification  
Type list
Block object keys  

key

Description Only decapsulate GRE packet with this hexadecimal key

Type: string

Maximum Length: 8 characters

Maximum Length: 1 characters

zone-list_ip-proto_proto-name-list_glid-cfg

Specification  
Type object

glid

Description Global limit ID for the whole zone

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

glid-action

Description ‘drop’: Drop packets for glid exceed (Default); ‘blacklist-src’: Blacklist-src for glid exceed; ‘ignore’: Do nothing for glid exceed;

Type: string

Supported Values: drop, blacklist-src, ignore

per-addr-glid

Description Global limit ID per address

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

zone-list_ip-proto_proto-name-list_dynamic-entry-overflow-policy-list

Specification  
Type list
Block object keys  

dummy-name

Description ‘configuration’: Configure overflow policy;

Type: string

Supported Values: configuration

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-template

Description: zone-template is a JSON Block. Please see below for zone-list_ip-proto_proto-name-list_dynamic-entry-overflow-policy-list_zone-template

Type: Object

zone-list_ip-proto_proto-name-list_dynamic-entry-overflow-policy-list_zone-template

Specification  
Type object

encap

Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

icmp-v4

Description DDOS icmp-v4 template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

icmp-v6

Description DDOS icmp-v6 template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

ip-proto

Description DDOS ip-proto template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

zone-list_ip-proto_proto-name-list_level-list

Specification  
Type list
Block object keys  

indicator-list

level-num

Description ‘0’: Default policy level; ‘1’: Policy level 1; ‘2’: Policy level 2; ‘3’: Policy level 3; ‘4’: Policy level 4;

Type: string

Supported Values: 0, 1, 2, 3, 4

src-default-glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

src-escalation-score

Description Source activation score of this level

Type: number

Range: 1-1000000

src-violation-actions

Description Violation actions apply due to source escalate from this level

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/ddos/violation-actions

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-escalation-score

Description Zone activation score of this level

Type: number

Range: 1-1000000

zone-template

Description: zone-template is a JSON Block. Please see below for zone-list_ip-proto_proto-name-list_level-list_zone-template

Type: Object

zone-violation-actions

Description Violation actions apply due to zone escalate from this level

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/ddos/violation-actions

zone-list_ip-proto_proto-name-list_level-list_zone-template

Specification  
Type object

encap

Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

icmp-v4

Description DDOS icmp-v4 template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

icmp-v6

Description DDOS icmp-v6 template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

ip-proto

Description DDOS ip-proto template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

zone-list_ip-proto_proto-name-list_level-list_indicator-list

Specification  
Type list
Block object keys  

data-packet-size

Description Expected minimal data size

Type: number

Range: 0-2147483647

score

Description Score corresponding to the indicator

Type: number

Range: 1-1000000

src-threshold-num

Description Indicator per-src threshold

Type: number

Range: 0-2147483647

src-threshold-str

Description Indicator per-src threshold

Type: string

Maximum Length: 128 characters

Maximum Length: 1 characters

src-violation-actions

Description Violation actions to use when this src indicator threshold reaches

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/ddos/violation-actions

type

Description ‘pkt-rate’: rate of incoming packets; ‘pkt-drop-rate’: rate of packets got dropped; ‘pkt-drop-ratio’: ratio of incoming packet rate divided by the rate of dropping packets; ‘bytes-to-bytes-from-ratio’: ratio of incoming packet rate divided by the rate of outgoing packets; ‘frag-rate’: rate of incoming fragmented packets;

Type: string

Supported Values: pkt-rate, pkt-drop-rate, pkt-drop-ratio, bytes-to-bytes-from-ratio, frag-rate

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-threshold-num

Description Threshold for the entire zone

Type: number

Range: 0-2147483647

zone-threshold-str

Description Threshold for the entire zone

Type: string

Maximum Length: 128 characters

Maximum Length: 1 characters

zone-violation-actions

Description Violation actions to use when this zone indicator threshold reaches

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/ddos/violation-actions

zone-list_ip-proto_proto-name-list_manual-mode-list

Specification  
Type list
Block object keys  

config

Description ‘configuration’: Manual-mode configuration;

Type: string

Supported Values: configuration

src-default-glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-template

Description: zone-template is a JSON Block. Please see below for zone-list_ip-proto_proto-name-list_manual-mode-list_zone-template

Type: Object

zone-list_ip-proto_proto-name-list_manual-mode-list_zone-template

Specification  
Type object

encap

Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

icmp-v4

Description DDOS icmp-v4 template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

icmp-v6

Description DDOS icmp-v6 template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

ip-proto

Description DDOS ip-proto template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

zone-list_ip-proto_proto-tcp-udp-list

Specification  
Type list
Block object keys  

drop-frag-pkt

Description Drop fragmented packets

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

glid-cfg

Description: glid-cfg is a JSON Block. Please see below for zone-list_ip-proto_proto-tcp-udp-list_glid-cfg

Type: Object

protocol

Description ‘tcp’: ip-proto tcp; ‘udp’: ip-proto udp;

Type: string

Supported Values: tcp, udp

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-list_ip-proto_proto-tcp-udp-list_glid-cfg

Specification  
Type object

glid

Description Global limit ID for the whole zone

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

glid-action

Description ‘drop’: Drop packets for glid exceed (Default); ‘blacklist-src’: Blacklist-src for glid exceed; ‘ignore’: Do nothing for glid exceed;

Type: string

Supported Values: drop, blacklist-src, ignore

per-addr-glid

Description Global limit ID per address

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

zone-list_port-range-list

Specification  
Type list
Block object keys  

age

Description Idle age for ip entry

Type: number

Range: 2-1023

Default: 5

apply-policy-on-overflow

Description Enable this flag to apply overflow policy when dynamic entry count overflows

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

default-action-list

Description Configure default-action-list

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/ddos/action-list

deny

Description Blacklist and Drop all incoming packets for protocol

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dynamic-entry-overflow-policy-list

enable-class-list-overflow

Description Apply class-list overflow policy upon exceeding dynamic entry count specified under zone port or each class-list

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

enable-top-k

Description Enable ddos top-k detection

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

glid-cfg

Description: glid-cfg is a JSON Block. Please see below for zone-list_port-range-list_glid-cfg

Type: Object

level-list

manual-mode-enable

Description Toggle manual mode to use fix templates

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

manual-mode-list

max-dynamic-entry-count

Description Maximum count for dynamic source zone service entry

Type: number

Range: 0-2147483647

port-ind

Description: port-ind is a JSON Block. Please see below for zone-list_port-range-list_port-ind

Type: Object

Refernce Object: /axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/port-ind

port-range-end

Description Port-Range End Port Number

Type: number

Range: 1-65535

port-range-start

Description Port-Range Start Port Number

Type: number

Range: 1-65535

protocol

Description ‘dns-tcp’: DNS-TCP Port; ‘dns-udp’: DNS-UDP Port; ‘http’: HTTP Port; ‘tcp’: TCP Port; ‘udp’: UDP Port; ‘ssl-l4’: SSL-L4 Port;

Type: string

Supported Values: dns-tcp, dns-udp, http, tcp, udp, ssl-l4

sflow-common

Description Enable all sFlow polling options under this zone port

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: sflow-commonsflow-packets, sflow-tcp-basic, sflow-tcp-stateful and sflow-http are mutually exclusive

sflow-http

Description Enable sFlow HTTP counter polling

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: sflow-http and sflow-common are mutually exclusive

sflow-packets

Description Enable sFlow packet-level counter polling

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: sflow-packets and sflow-common are mutually exclusive

sflow-tcp

Description: sflow-tcp is a JSON Block. Please see below for zone-list_port-range-list_sflow-tcp

Type: Object

src-based-policy-list

stateful

Description Enable stateful tracking of sessions (Default is stateless)

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-list_port-range-list_dynamic-entry-overflow-policy-list

Specification  
Type list
Block object keys  

action

Description ‘bypass’: Always permit for the Source to bypass all feature & limit checks; ‘deny’: Blacklist incoming packets for service;

Type: string

Supported Values: bypass, deny

dummy-name

Description ‘configuration’: Configure overflow policy;

Type: string

Supported Values: configuration

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

log-enable

Description Enable logging

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

log-periodic

Description Enable log periodic

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-template

Description: zone-template is a JSON Block. Please see below for zone-list_port-range-list_dynamic-entry-overflow-policy-list_zone-template

Type: Object

zone-list_port-range-list_dynamic-entry-overflow-policy-list_zone-template

Specification  
Type object

dns

Description DDOS dns template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

encap

Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

http

Description DDOS http template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

logging

Description DDOS logging template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

ssl-l4

Description DDOS ssl-l4 template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

tcp

Description DDOS tcp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

udp

Description DDOS udp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

zone-list_port-range-list_glid-cfg

Specification  
Type object

glid

Description Global limit ID for the whole zone

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

glid-action

Description ‘drop’: Drop packets for glid exceed (Default if default-action-list is not configured); ‘blacklist-src’: Blacklist-src for glid exceed; ‘ignore’: Do nothing for glid exceed;

Type: string

Supported Values: drop, blacklist-src, ignore

per-addr-glid

Description Global limit ID per address

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

zone-list_port-range-list_level-list

Specification  
Type list
Block object keys  

indicator-list

level-num

Description ‘0’: Default policy level; ‘1’: Policy level 1; ‘2’: Policy level 2; ‘3’: Policy level 3; ‘4’: Policy level 4;

Type: string

Supported Values: 0, 1, 2, 3, 4

src-default-glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

src-escalation-score

Description Source activation score of this level

Type: number

Range: 1-1000000

src-violation-actions

Description Violation actions apply due to source escalate from this level

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/ddos/violation-actions

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-escalation-score

Description Zone activation score of this level

Type: number

Range: 1-1000000

zone-template

Description: zone-template is a JSON Block. Please see below for zone-list_port-range-list_level-list_zone-template

Type: Object

zone-violation-actions

Description Violation actions apply due to zone escalate from this level

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/ddos/violation-actions

zone-list_port-range-list_level-list_zone-template

Specification  
Type object

dns

Description DDOS dns template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

encap

Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

http

Description DDOS http template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

ssl-l4

Description DDOS ssl-l4 template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

tcp

Description DDOS tcp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

udp

Description DDOS udp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

zone-list_port-range-list_level-list_indicator-list

Specification  
Type list
Block object keys  

data-packet-size

Description Expected minimal data size

Type: number

Range: 0-2147483647

score

Description Score corresponding to the indicator

Type: number

Range: 1-1000000

src-threshold-num

Description Indicator per-src threshold

Type: number

Range: 0-2147483647

src-threshold-str

Description Indicator per-src threshold

Type: string

Maximum Length: 128 characters

Maximum Length: 1 characters

src-violation-actions

Description Violation actions to use when this src indicator threshold reaches

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/ddos/violation-actions

tcp-window-size

Description Expected minimal window size

Type: number

Range: 0-2147483647

type

Description ‘pkt-rate’: rate of incoming packets; ‘pkt-drop-rate’: rate of packets got dropped; ‘pkt-drop-ratio’: ratio of incoming packet rate divided by the rate of dropping packets; ‘bytes-to-bytes-from-ratio’: ratio of incoming packet rate divided by the rate of outgoing packets; ‘concurrent-conns’: number of concurrent connections; ‘conn-miss-rate’: rate of incoming packets for which no previously established connection exists; ‘syn-rate’: rate on incoming SYN packets; ‘fin-rate’: rate on incoming FIN packets; ‘rst-rate’: rate of incoming RST packets; ‘small-window-ack-rate’: rate of small window advertisement; ‘empty-ack-rate’: rate of incoming packets which have no payload; ‘small-payload-rate’: rate of short payload packet; ‘syn-fin-ratio’: ratio of incoming SYN packet rate divided by the rate of incoming FIN packets;

Type: string

Supported Values: pkt-rate, pkt-drop-rate, pkt-drop-ratio, bytes-to-bytes-from-ratio, concurrent-conns, conn-miss-rate, syn-rate, fin-rate, rst-rate, small-window-ack-rate, empty-ack-rate, small-payload-rate, syn-fin-ratio

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-threshold-num

Description Threshold for the entire zone

Type: number

Range: 0-2147483647

zone-threshold-str

Description Threshold for the entire zone

Type: string

Maximum Length: 128 characters

Maximum Length: 1 characters

zone-violation-actions

Description Violation actions to use when this zone indicator threshold reaches

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/ddos/violation-actions

zone-list_port-range-list_manual-mode-list

Specification  
Type list
Block object keys  

config

Description ‘configuration’: Manual-mode configuration;

Type: string

Supported Values: configuration

src-default-glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-template

Description: zone-template is a JSON Block. Please see below for zone-list_port-range-list_manual-mode-list_zone-template

Type: Object

zone-list_port-range-list_manual-mode-list_zone-template

Specification  
Type object

dns

Description DDOS dns template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

encap

Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

http

Description DDOS http template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

ssl-l4

Description DDOS ssl-l4 template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

tcp

Description DDOS tcp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

udp

Description DDOS udp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

zone-list_port-range-list_src-based-policy-list

Specification  
Type list
Block object keys  

policy-class-list-list

src-based-policy-name

Description Specify name of the policy

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-list_port-range-list_src-based-policy-list_policy-class-list-list

Specification  
Type list
Block object keys  

action

Description ‘bypass’: Always permit for the Source to bypass all feature & limit checks; ‘deny’: Blacklist incoming packets for service;

Type: string

Supported Values: bypass, deny

class-list-name

Description Class-list name

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

class-list-overflow-policy-list

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

max-dynamic-entry-count

Description Maximum count for dynamic source zone service entry allowed for this class-list

Type: number

Range: 0-2147483647

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-template

Description: zone-template is a JSON Block. Please see below for zone-list_port-range-list_src-based-policy-list_policy-class-list-list_zone-template

Type: Object

zone-list_port-range-list_src-based-policy-list_policy-class-list-list_zone-template

Specification  
Type object

dns

Description DDOS dns template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

encap

Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

http

Description DDOS http template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

logging

Description DDOS logging template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

ssl-l4

Description DDOS ssl-l4 template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

tcp

Description DDOS tcp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

udp

Description DDOS udp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

zone-list_port-range-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list

Specification  
Type list
Block object keys  

action

Description ‘bypass’: Always permit for the Source to bypass all feature & limit checks; ‘deny’: Blacklist incoming packets for service;

Type: string

Supported Values: bypass, deny

dummy-name

Description ‘configuration’: Configure overflow policy for class-list;

Type: string

Supported Values: configuration

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

log-enable

Description Enable logging

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

log-periodic

Description Enable log periodic

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-template

Description: zone-template is a JSON Block. Please see below for zone-list_port-range-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list_zone-template

Type: Object

zone-list_port-range-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list_zone-template

Specification  
Type object

dns

Description DDOS dns template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

encap

Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

http

Description DDOS http template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

logging

Description DDOS logging template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

ssl-l4

Description DDOS ssl-l4 template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

tcp

Description DDOS tcp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

udp

Description DDOS udp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

zone-list_port-range-list_port-ind

Specification  
Type object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-list_port-range-list_sflow-tcp

Specification  
Type object

sflow-tcp-basic

Description Enable sFlow basic TCP counter polling

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: sflow-tcp-basic and sflow-common are mutually exclusive

sflow-tcp-stateful

Description Enable sFlow stateful TCP counter polling

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: sflow-tcp-stateful and sflow-common are mutually exclusive

zone-list_port

Specification  
Type object

zone-service-list

zone-service-other-list

zone-list_port_zone-service-list

Specification  
Type list
Block object keys  

apply-policy-on-overflow

Description Enable this flag to apply overflow policy when dynamic entry count overflows

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

capture-config

Description: capture-config is a JSON Block. Please see below for zone-list_port_zone-service-list_capture-config

Type: Object

default-action-list

Description Configure default-action-list

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/ddos/action-list

deny

Description Blacklist and Drop all incoming packets for protocol

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dynamic-entry-overflow-policy-list

enable-class-list-overflow

Description Apply class-list overflow policy upon exceeding dynamic entry count specified for zone-port or class-list

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

enable-top-k

Description Enable ddos top-k detection

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

glid-cfg

Description: glid-cfg is a JSON Block. Please see below for zone-list_port_zone-service-list_glid-cfg

Type: Object

level-list

manual-mode-enable

Description Toggle manual mode to use fix templates

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

manual-mode-list

max-dynamic-entry-count

Description Maximum count for dynamic source zone service entry

Type: number

Range: 0-2147483647

port-ind

Description: port-ind is a JSON Block. Please see below for zone-list_port_zone-service-list_port-ind

Type: Object

Refernce Object: /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/port-ind

port-num

Description Port Number

Type: number

Range: 1-65535

protocol

Description ‘dns-tcp’: DNS-TCP Port; ‘dns-udp’: DNS-UDP Port; ‘http’: HTTP Port; ‘tcp’: TCP Port; ‘udp’: UDP Port; ‘ssl-l4’: SSL-L4 Port;

Type: string

Supported Values: dns-tcp, dns-udp, http, tcp, udp, ssl-l4

sflow-common

Description Enable all sFlow polling options under this zone port

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: sflow-commonsflow-packets, sflow-tcp-basic, sflow-tcp-stateful and sflow-http are mutually exclusive

sflow-http

Description Enable sFlow HTTP counter polling

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: sflow-http and sflow-common are mutually exclusive

sflow-packets

Description Enable sFlow packet-level counter polling

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: sflow-packets and sflow-common are mutually exclusive

sflow-tcp

Description: sflow-tcp is a JSON Block. Please see below for zone-list_port_zone-service-list_sflow-tcp

Type: Object

src-based-policy-list

stateful

Description Enable stateful tracking of sessions (Default is stateless)

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-list_port_zone-service-list_dynamic-entry-overflow-policy-list

Specification  
Type list
Block object keys  

action

Description ‘bypass’: Always permit for the Source to bypass all feature & limit checks; ‘deny’: Blacklist incoming packets for service;

Type: string

Supported Values: bypass, deny

dummy-name

Description ‘configuration’: Configure overflow policy;

Type: string

Supported Values: configuration

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

log-enable

Description Enable logging

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

log-periodic

Description Enable log periodic

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-template

Description: zone-template is a JSON Block. Please see below for zone-list_port_zone-service-list_dynamic-entry-overflow-policy-list_zone-template

Type: Object

zone-list_port_zone-service-list_dynamic-entry-overflow-policy-list_zone-template

Specification  
Type object

dns

Description DDOS dns template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

encap

Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

http

Description DDOS http template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

logging

Description DDOS logging template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

ssl-l4

Description DDOS ssl-l4 template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

tcp

Description DDOS tcp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

udp

Description DDOS udp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

zone-list_port_zone-service-list_glid-cfg

Specification  
Type object

glid

Description Global limit ID for the whole zone

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

glid-action

Description ‘drop’: Drop packets for glid exceed (Default if default-action-list is not configured); ‘blacklist-src’: Blacklist-src for glid exceed; ‘ignore’: Do nothing for glid exceed;

Type: string

Supported Values: drop, blacklist-src, ignore

per-addr-glid

Description Global limit ID per address

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

zone-list_port_zone-service-list_level-list

Specification  
Type list
Block object keys  

indicator-list

level-num

Description ‘0’: Default policy level; ‘1’: Policy level 1; ‘2’: Policy level 2; ‘3’: Policy level 3; ‘4’: Policy level 4;

Type: string

Supported Values: 0, 1, 2, 3, 4

src-default-glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

src-escalation-score

Description Source activation score of this level

Type: number

Range: 1-1000000

src-violation-actions

Description Violation actions apply due to source escalate from this level

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/ddos/violation-actions

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-escalation-score

Description Zone activation score of this level

Type: number

Range: 1-1000000

zone-template

Description: zone-template is a JSON Block. Please see below for zone-list_port_zone-service-list_level-list_zone-template

Type: Object

zone-violation-actions

Description Violation actions apply due to zone escalate from this level

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/ddos/violation-actions

zone-list_port_zone-service-list_level-list_zone-template

Specification  
Type object

dns

Description DDOS dns template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

encap

Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

http

Description DDOS http template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

ssl-l4

Description DDOS ssl-l4 template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

tcp

Description DDOS tcp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

udp

Description DDOS udp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

zone-list_port_zone-service-list_level-list_indicator-list

Specification  
Type list
Block object keys  

data-packet-size

Description Expected minimal data size

Type: number

Range: 0-2147483647

score

Description Score corresponding to the indicator

Type: number

Range: 1-1000000

src-threshold-num

Description Indicator per-src threshold

Type: number

Range: 0-2147483647

src-threshold-str

Description Indicator per-src threshold

Type: string

Maximum Length: 128 characters

Maximum Length: 1 characters

src-violation-actions

Description Violation actions to use when this src indicator threshold reaches

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/ddos/violation-actions

tcp-window-size

Description Expected minimal window size

Type: number

Range: 0-2147483647

type

Description ‘pkt-rate’: rate of incoming packets; ‘pkt-drop-rate’: rate of packets got dropped; ‘pkt-drop-ratio’: ratio of incoming packet rate divided by the rate of dropping packets; ‘bytes-to-bytes-from-ratio’: ratio of incoming packet rate divided by the rate of outgoing packets; ‘concurrent-conns’: number of concurrent connections; ‘conn-miss-rate’: rate of incoming packets for which no previously established connection exists; ‘syn-rate’: rate on incoming SYN packets; ‘fin-rate’: rate on incoming FIN packets; ‘rst-rate’: rate of incoming RST packets; ‘small-window-ack-rate’: rate of small window advertisement; ‘empty-ack-rate’: rate of incoming packets which have no payload; ‘small-payload-rate’: rate of short payload packet; ‘syn-fin-ratio’: ratio of incoming SYN packet rate divided by the rate of incoming FIN packets;

Type: string

Supported Values: pkt-rate, pkt-drop-rate, pkt-drop-ratio, bytes-to-bytes-from-ratio, concurrent-conns, conn-miss-rate, syn-rate, fin-rate, rst-rate, small-window-ack-rate, empty-ack-rate, small-payload-rate, syn-fin-ratio

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-threshold-num

Description Threshold for the entire zone

Type: number

Range: 0-2147483647

zone-threshold-str

Description Threshold for the entire zone

Type: string

Maximum Length: 128 characters

Maximum Length: 1 characters

zone-violation-actions

Description Violation actions to use when this zone indicator threshold reaches

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/ddos/violation-actions

zone-list_port_zone-service-list_manual-mode-list

Specification  
Type list
Block object keys  

config

Description ‘configuration’: Manual-mode configuration;

Type: string

Supported Values: configuration

src-default-glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-template

Description: zone-template is a JSON Block. Please see below for zone-list_port_zone-service-list_manual-mode-list_zone-template

Type: Object

zone-list_port_zone-service-list_manual-mode-list_zone-template

Specification  
Type object

dns

Description DDOS dns template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

encap

Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

http

Description DDOS http template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

ssl-l4

Description DDOS ssl-l4 template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

tcp

Description DDOS tcp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

udp

Description DDOS udp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

zone-list_port_zone-service-list_src-based-policy-list

Specification  
Type list
Block object keys  

policy-class-list-list

src-based-policy-name

Description Specify name of the policy

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-list_port_zone-service-list_src-based-policy-list_policy-class-list-list

Specification  
Type list
Block object keys  

action

Description ‘bypass’: Always permit for the Source to bypass all feature & limit checks; ‘deny’: Blacklist incoming packets for service;

Type: string

Supported Values: bypass, deny

class-list-name

Description Class-list name

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

class-list-overflow-policy-list

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

log-enable

Description Enable logging

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

log-periodic

Description Enable log periodic

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

max-dynamic-entry-count

Description Maximum count for dynamic source zone service entry allowed for this class-list

Type: number

Range: 0-2147483647

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-template

Description: zone-template is a JSON Block. Please see below for zone-list_port_zone-service-list_src-based-policy-list_policy-class-list-list_zone-template

Type: Object

zone-list_port_zone-service-list_src-based-policy-list_policy-class-list-list_zone-template

Specification  
Type object

dns

Description DDOS dns template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

encap

Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

http

Description DDOS http template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

logging

Description DDOS logging template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

ssl-l4

Description DDOS ssl-l4 template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

tcp

Description DDOS tcp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

udp

Description DDOS udp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

zone-list_port_zone-service-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list

Specification  
Type list
Block object keys  

action

Description ‘bypass’: Always permit for the Source to bypass all feature & limit checks; ‘deny’: Blacklist incoming packets for service;

Type: string

Supported Values: bypass, deny

dummy-name

Description ‘configuration’: Configure overflow policy for class-list;

Type: string

Supported Values: configuration

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

log-enable

Description Enable logging

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

log-periodic

Description Enable log periodic

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-template

zone-list_port_zone-service-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list_zone-template

Specification  
Type object

dns

Description DDOS dns template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

encap

Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

http

Description DDOS http template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

logging

Description DDOS logging template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

ssl-l4

Description DDOS ssl-l4 template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

tcp

Description DDOS tcp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

udp

Description DDOS udp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

zone-list_port_zone-service-list_port-ind

Specification  
Type object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-list_port_zone-service-list_sflow-tcp

Specification  
Type object

sflow-tcp-basic

Description Enable sFlow basic TCP counter polling

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: sflow-tcp-basic and sflow-common are mutually exclusive

sflow-tcp-stateful

Description Enable sFlow stateful TCP counter polling

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: sflow-tcp-stateful and sflow-common are mutually exclusive

zone-list_port_zone-service-list_capture-config

Specification  
Type object

capture-config-mode

Description ‘drop’: Apply capture-config to dropped packets; ‘forward’: Apply capture-config to forwarded packets; ‘all’: Apply capture-config to both dropped and forwarded packets;

Type: string

Supported Values: drop, forward, all

capture-config-name

Description Capture-config name

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

zone-list_port_zone-service-other-list

Specification  
Type list
Block object keys  

age

Description Idle age for ip entry

Type: number

Range: 2-1023

Default: 5

apply-policy-on-overflow

Description Enable this flag to apply overflow policy when dynamic entry count overflows

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

default-action-list

Description Configure default-action-list

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/ddos/action-list

deny

Description Blacklist and Drop all incoming packets for protocol

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dynamic-entry-overflow-policy-list

enable-class-list-overflow

Description Apply class-list overflow policy upon exceeding dynamic entry count specified for this zone port or each class-list

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

enable-top-k

Description Enable ddos top-k detection

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

glid-cfg

Description: glid-cfg is a JSON Block. Please see below for zone-list_port_zone-service-other-list_glid-cfg

Type: Object

level-list

manual-mode-enable

Description Toggle manual mode to use fix templates

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

manual-mode-list

max-dynamic-entry-count

Description Maximum count for dynamic source zone service entry

Type: number

Range: 0-2147483647

port-ind

port-other

Description ‘other’: other;

Type: string

Supported Values: other

protocol

Description ‘tcp’: TCP Port; ‘udp’: UDP Port;

Type: string

Supported Values: tcp, udp

sflow-common

Description Enable all sFlow polling options under this zone port

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: sflow-commonsflow-packets, sflow-tcp-basic and sflow-tcp-stateful are mutually exclusive

sflow-packets

Description Enable sFlow packet-level counter polling

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: sflow-packets and sflow-common are mutually exclusive

sflow-tcp

Description: sflow-tcp is a JSON Block. Please see below for zone-list_port_zone-service-other-list_sflow-tcp

Type: Object

src-based-policy-list

stateful

Description Enable stateful tracking of sessions (Default is stateless)

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-list_port_zone-service-other-list_src-based-policy-list

Specification  
Type list
Block object keys  

policy-class-list-list

src-based-policy-name

Description Specify name of the policy

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-list_port_zone-service-other-list_src-based-policy-list_policy-class-list-list

Specification  
Type list
Block object keys  

action

Description ‘bypass’: Always permit for the Source to bypass all feature & limit checks; ‘deny’: Blacklist incoming packets for service;

Type: string

Supported Values: bypass, deny

class-list-name

Description Class-list name

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

class-list-overflow-policy-list

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

max-dynamic-entry-count

Description Maximum count for dynamic source zone service entry allowed for this class-list

Type: number

Range: 0-2147483647

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-template

Description: zone-template is a JSON Block. Please see below for zone-list_port_zone-service-other-list_src-based-policy-list_policy-class-list-list_zone-template

Type: Object

zone-list_port_zone-service-other-list_src-based-policy-list_policy-class-list-list_zone-template

Specification  
Type object

dns

Description DDOS dns template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

encap

Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

http

Description DDOS http template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

logging

Description DDOS logging template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

ssl-l4

Description DDOS ssl-l4 template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

tcp

Description DDOS tcp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

udp

Description DDOS udp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

zone-list_port_zone-service-other-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list

Specification  
Type list
Block object keys  

action

Description ‘bypass’: Always permit for the Source to bypass all feature & limit checks; ‘deny’: Blacklist incoming packets for service;

Type: string

Supported Values: bypass, deny

dummy-name

Description ‘configuration’: Configure overflow policy for class-list;

Type: string

Supported Values: configuration

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

log-enable

Description Enable logging

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

log-periodic

Description Enable log periodic

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-template

zone-list_port_zone-service-other-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list_zone-template

Specification  
Type object

dns

Description DDOS dns template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

encap

Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

http

Description DDOS http template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

logging

Description DDOS logging template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

ssl-l4

Description DDOS ssl-l4 template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

tcp

Description DDOS tcp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

udp

Description DDOS udp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

zone-list_port_zone-service-other-list_port-ind

Specification  
Type object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-list_port_zone-service-other-list_dynamic-entry-overflow-policy-list

Specification  
Type list
Block object keys  

action

Description ‘bypass’: Always permit for the Source to bypass all feature & limit checks; ‘deny’: Blacklist incoming packets for service;

Type: string

Supported Values: bypass, deny

dummy-name

Description ‘configuration’: Configure overflow policy;

Type: string

Supported Values: configuration

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

log-enable

Description Enable logging

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

log-periodic

Description Enable log periodic

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-template

Description: zone-template is a JSON Block. Please see below for zone-list_port_zone-service-other-list_dynamic-entry-overflow-policy-list_zone-template

Type: Object

zone-list_port_zone-service-other-list_dynamic-entry-overflow-policy-list_zone-template

Specification  
Type object

dns

Description DDOS dns template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

encap

Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

http

Description DDOS http template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

logging

Description DDOS logging template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

ssl-l4

Description DDOS ssl-l4 template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

tcp

Description DDOS tcp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

udp

Description DDOS udp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

zone-list_port_zone-service-other-list_glid-cfg

Specification  
Type object

glid

Description Global limit ID for the whole zone

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

glid-action

Description ‘drop’: Drop packets for glid exceed (Default if default-action-list is not configured); ‘blacklist-src’: Blacklist-src for glid exceed; ‘ignore’: Do nothing for glid exceed;

Type: string

Supported Values: drop, blacklist-src, ignore

per-addr-glid

Description Global limit ID per address

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

zone-list_port_zone-service-other-list_level-list

Specification  
Type list
Block object keys  

indicator-list

level-num

Description ‘0’: Default policy level; ‘1’: Policy level 1; ‘2’: Policy level 2; ‘3’: Policy level 3; ‘4’: Policy level 4;

Type: string

Supported Values: 0, 1, 2, 3, 4

src-default-glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

src-escalation-score

Description Source activation score of this level

Type: number

Range: 1-1000000

src-violation-actions

Description Violation actions apply due to source escalate from this level

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/ddos/violation-actions

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-escalation-score

Description Zone activation score of this level

Type: number

Range: 1-1000000

zone-template

Description: zone-template is a JSON Block. Please see below for zone-list_port_zone-service-other-list_level-list_zone-template

Type: Object

zone-violation-actions

Description Violation actions apply due to zone escalate from this level

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/ddos/violation-actions

zone-list_port_zone-service-other-list_level-list_zone-template

Specification  
Type object

encap

Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

tcp

Description DDOS tcp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

udp

Description DDOS udp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

zone-list_port_zone-service-other-list_level-list_indicator-list

Specification  
Type list
Block object keys  

data-packet-size

Description Expected minimal data size

Type: number

Range: 0-2147483647

score

Description Score corresponding to the indicator

Type: number

Range: 1-1000000

src-threshold-num

Description Indicator per-src threshold

Type: number

Range: 0-2147483647

src-threshold-str

Description Indicator per-src threshold

Type: string

Maximum Length: 128 characters

Maximum Length: 1 characters

src-violation-actions

Description Violation actions to use when this src indicator threshold reaches

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/ddos/violation-actions

tcp-window-size

Description Expected minimal window size

Type: number

Range: 0-2147483647

type

Description ‘pkt-rate’: rate of incoming packets; ‘pkt-drop-rate’: rate of packets got dropped; ‘pkt-drop-ratio’: ratio of incoming packet rate divided by the rate of dropping packets; ‘bytes-to-bytes-from-ratio’: ratio of incoming packet rate divided by the rate of outgoing packets; ‘concurrent-conns’: number of concurrent connections; ‘conn-miss-rate’: rate of incoming packets for which no previously established connection exists; ‘syn-rate’: rate on incoming SYN packets; ‘fin-rate’: rate on incoming FIN packets; ‘rst-rate’: rate of incoming RST packets; ‘small-window-ack-rate’: rate of small window advertisement; ‘empty-ack-rate’: rate of incoming packets which have no payload; ‘small-payload-rate’: rate of short payload packet; ‘syn-fin-ratio’: ratio of incoming SYN packet rate divided by the rate of incoming FIN packets;

Type: string

Supported Values: pkt-rate, pkt-drop-rate, pkt-drop-ratio, bytes-to-bytes-from-ratio, concurrent-conns, conn-miss-rate, syn-rate, fin-rate, rst-rate, small-window-ack-rate, empty-ack-rate, small-payload-rate, syn-fin-ratio

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-threshold-num

Description Threshold for the entire zone

Type: number

Range: 0-2147483647

zone-threshold-str

Description Threshold for the entire zone

Type: string

Maximum Length: 128 characters

Maximum Length: 1 characters

zone-violation-actions

Description Violation actions to use when this zone indicator threshold reaches

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/ddos/violation-actions

zone-list_port_zone-service-other-list_sflow-tcp

Specification  
Type object

sflow-tcp-basic

Description Enable sFlow basic TCP counter polling

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: sflow-tcp-basic and sflow-common are mutually exclusive

sflow-tcp-stateful

Description Enable sFlow stateful TCP counter polling

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: sflow-tcp-stateful and sflow-common are mutually exclusive

zone-list_port_zone-service-other-list_manual-mode-list

Specification  
Type list
Block object keys  

config

Description ‘configuration’: Manual-mode configuration;

Type: string

Supported Values: configuration

src-default-glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-template

Description: zone-template is a JSON Block. Please see below for zone-list_port_zone-service-other-list_manual-mode-list_zone-template

Type: Object

zone-list_port_zone-service-other-list_manual-mode-list_zone-template

Specification  
Type object

encap

Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

tcp

Description DDOS tcp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

udp

Description DDOS udp template

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

zone-list_capture-config-list

Specification  
Type list
Block object keys  

mode

Description ‘drop’: Apply capture-config to dropped packets; ‘forward’: Apply capture-config to forwarded packets; ‘all’: Apply capture-config to both dropped and forwarded packets;

Type: string

Supported Values: drop, forward, all

name

Description Capture-config name

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/capture-config

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-list_zone-template

Specification  
Type object

logging

Description DDOS logging template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

zone-list_src-port-range-list

Specification  
Type list
Block object keys  

capture-config

Description: capture-config is a JSON Block. Please see below for zone-list_src-port-range-list_capture-config

Type: Object

default-action-list

Description Configure default-action-list

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/ddos/action-list

deny

Description Blacklist and Drop all incoming packets for protocol

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

glid-cfg

Description: glid-cfg is a JSON Block. Please see below for zone-list_src-port-range-list_glid-cfg

Type: Object

protocol

Description ‘udp’: UDP port; ‘tcp’: TCP Port;

Type: string

Supported Values: udp, tcp

src-port-range-end

Description Src Port-Range End Port Number

Type: number

Range: 2-65535

src-port-range-start

Description Src Port-Range Start Port Number

Type: number

Range: 1-65535

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-template

Description: zone-template is a JSON Block. Please see below for zone-list_src-port-range-list_zone-template

Type: Object

zone-list_src-port-range-list_capture-config

Specification  
Type object

capture-config-mode

Description ‘drop’: Apply capture-config to dropped packets; ‘forward’: Apply capture-config to forwarded packets; ‘all’: Apply capture-config to both dropped and forwarded packets;

Type: string

Supported Values: drop, forward, all

capture-config-name

Description Capture-config name

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

zone-list_src-port-range-list_glid-cfg

Specification  
Type object

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

glid-action

Description ‘drop’: Drop packets for glid exceed (Default); ‘blacklist-src’: Blacklist-src for glid exceed; ‘ignore’: Do nothing for glid exceed;

Type: string

Supported Values: drop, blacklist-src, ignore

zone-list_src-port-range-list_zone-template

Specification  
Type object

src-tcp

Description DDOS tcp src template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

src-udp

Description DDOS udp src template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

zone-list_src-port

Specification  
Type object

zone-src-port-list

zone-src-port-other-list

zone-list_src-port_zone-src-port-list

Specification  
Type list
Block object keys  

default-action-list

Description Configure default-action-list

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/ddos/action-list

deny

Description Blacklist and Drop all incoming packets for protocol

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

glid-cfg

Description: glid-cfg is a JSON Block. Please see below for zone-list_src-port_zone-src-port-list_glid-cfg

Type: Object

port-num

Description Source Port Number

Type: number

Range: 1-65535

protocol

Description ‘udp’: UDP port; ‘tcp’: TCP Port;

Type: string

Supported Values: udp, tcp

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-template

Description: zone-template is a JSON Block. Please see below for zone-list_src-port_zone-src-port-list_zone-template

Type: Object

zone-list_src-port_zone-src-port-list_glid-cfg

Specification  
Type object

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

glid-action

Description ‘drop’: Drop packets for glid exceed (Default); ‘blacklist-src’: Blacklist-src for glid exceed; ‘ignore’: Do nothing for glid exceed;

Type: string

Supported Values: drop, blacklist-src, ignore

zone-list_src-port_zone-src-port-list_zone-template

Specification  
Type object

src-tcp

Description DDOS tcp src template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

src-udp

Description DDOS udp src template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

zone-list_src-port_zone-src-port-other-list

Specification  
Type list
Block object keys  

default-action-list

Description Configure default-action-list

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/ddos/action-list

deny

Description Blacklist and Drop all incoming packets for protocol

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

glid-cfg

Description: glid-cfg is a JSON Block. Please see below for zone-list_src-port_zone-src-port-other-list_glid-cfg

Type: Object

port-other

Description ‘other’: other;

Type: string

Supported Values: other

protocol

Description ‘udp’: UDP port; ‘tcp’: TCP Port;

Type: string

Supported Values: udp, tcp

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zone-template

Description: zone-template is a JSON Block. Please see below for zone-list_src-port_zone-src-port-other-list_zone-template

Type: Object

zone-list_src-port_zone-src-port-other-list_glid-cfg

Specification  
Type object

glid

Description Global limit ID

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/glid

glid-action

Description ‘drop’: Drop packets for glid exceed (Default); ‘blacklist-src’: Blacklist-src for glid exceed; ‘ignore’: Do nothing for glid exceed;

Type: string

Supported Values: drop, blacklist-src, ignore

zone-list_src-port_zone-src-port-other-list_zone-template

Specification  
Type object

src-tcp

Description DDOS tcp src template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

src-udp

Description DDOS udp src template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

zone-list_sflow-tcp

Specification  
Type object

sflow-tcp-basic

Description Enable sFlow basic TCP counter polling. WARNING: Zone level Sflow polling might induce heavy CPU load depending on the total nu

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: sflow-tcp-basic and sflow-common are mutually exclusive

sflow-tcp-stateful

Description Enable sFlow stateful TCP counter polling. WARNING: Zone level Sflow polling might induce heavy CPU load depending on the total

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: sflow-tcp-stateful and sflow-common are mutually exclusive

zone-list_ipv6

Specification  
Type list
Block object keys  

expand-ipv6-subnet

Description Expand this subnet to individual IPv6 address

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

expand-ipv6-subnet-mode

Description ‘dynamic’: Dynamic learning;

Type: string

Supported Values: dynamic

ip6-addr

Description Specify IPv6 address

Type: string

Format: ipv6-address

subnet-ipv6-addr

Description IPV6 Subnet

Type: string

Format: ipv6-address-plen