ddos dst zone¶
Configure a static zone entry
zone Specification¶
Type Collection Object Key(s) zone-name Collection Name zone-list Collection URI /axapi/v3/ddos/dst/zone Element Name zone Element URI /axapi/v3/ddos/dst/zone/{zone-name} Element Attributes zone_attributes Statistics Data URI /axapi/v3/ddos/dst/zone/{zone-name}/stats Operational Data URI /axapi/v3/ddos/dst/zone/{zone-name}/oper Schema zone schemaOperations Allowed:
| Operation | Method | URI | Payload | |
|---|---|---|---|---|
Create Object | POST | /axapi/v3/ddos/dst/zone | ||
Create List | POST | /axapi/v3/ddos/dst/zone | ||
Get Object | GET | /axapi/v3/ddos/dst/zone/{zone-name} | ||
Get List | GET | /axapi/v3/ddos/dst/zone | ||
Modify Object | POST | /axapi/v3/ddos/dst/zone/{zone-name} | ||
Replace Object | PUT | /axapi/v3/ddos/dst/zone/{zone-name} | ||
Replace List | PUT | /axapi/v3/ddos/dst/zone | ||
Delete Object | DELETE | /axapi/v3/ddos/dst/zone/{zone-name} |
zone-list¶
zone-list is JSON List of zone attributes
zone-list : [
]
zone attributes¶
advertised-enable
Description BGP advertised
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
capture-config-list
Type: List
Refernce Object: /axapi/v3/ddos/dst/zone/{zone-name}/capture-config/{name}
description
Description Description for this Destination Zone
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
dest-nat-ip
Description Destination NAT IP address
Type: string
Format: ipv4-address
dest-nat-ipv6
Description Destination NAT IPv6 address
Type: string
Format: ipv6-address
drop-frag-pkt
Description Drop fragmented packets
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
force-operational-mode
Description Force configure operational mode
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid
Description Global limit ID for the whole zone
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/glid
ip
Type: Listip-proto
Description: ip-proto is a JSON Block. Please see below for ip-proto
Type: Object
Refernce Object: /axapi/v3/ddos/dst/zone/{zone-name}/ip-proto
ipv6
Type: Listlog-enable
Description Enable logging
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
log-periodic
Description Enable log periodic
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
operational-mode
Description ‘idle’: Idle mode; ‘monitor’: Monitor mode; ‘learning’: Learning mode;
Type: string
Supported Values: idle, monitor, learning
Default: idle
per-addr-glid
Description Global limit ID per address
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/glid
port
Description: port is a JSON Block. Please see below for port
Type: Object
Refernce Object: /axapi/v3/ddos/dst/zone/{zone-name}/port
port-range-list
Type: List
Refernce Object: /axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}
reporting-disabled
Description Disable Reporting
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sflow-common
Description Enable sFlow counter polling packets, tcp-basic, tcp-stateful and http. WARNING: Zone level Sflow polling might induce heavy CP
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: sflow-commonsflow-packets, sflow-layer-4, sflow-tcp-basic, sflow-tcp-stateful and sflow-http are mutually exclusive
sflow-http
Description Enable sFlow HTTP counter polling. WARNING: Zone level Sflow polling might induce heavy CPU load depending on the total number
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: sflow-http and sflow-common are mutually exclusive
sflow-layer-4
Description Enable sFlow Layer 4 counter polling. WARNING: Zone level Sflow polling might induce heavy CPU load depending on the number of
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: sflow-layer-4 and sflow-common are mutually exclusive
sflow-packets
Description Enable sFlow packet-level counter polling. WARNING: Zone level Sflow polling might induce heavy CPU load depending on the total
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: sflow-packets and sflow-common are mutually exclusive
sflow-tcp
Description: sflow-tcp is a JSON Block. Please see below for sflow-tcp
Type: Object
source-nat-pool
Description Configure source NAT
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
src-port
Description: src-port is a JSON Block. Please see below for src-port
Type: Object
Refernce Object: /axapi/v3/ddos/dst/zone/{zone-name}/src-port
src-port-range-list
Type: List
Refernce Object: /axapi/v3/ddos/dst/zone/{zone-name}/src-port-range/{src-port-range-start}+{src-port-range-end}+{protocol}
telemetry-enable
Description Enable from-l3-peer flag for the zone, thus all the ip entries in the zone will be dynamically created/deleted based on the BGP
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
traffic-distribution-mode
Description ‘default’: Distribute traffic to one blade only; ‘source-ip-based’: Distribute traffic between blades, based on source ip;
Type: string
Supported Values: default, source-ip-based
Default: default
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-name
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
zone-profile
Description Apply threshold profile
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/ddos/zone-profile
zone-template
Description: zone-template is a JSON Block. Please see below for zone-template
Type: Object
ip¶
Specification Type list Block object keys expand-ip-subnet
Description Expand this subnet to individual IP address
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
expand-ip-subnet-mode
Description ‘dynamic’: Dynamic learning;
Type: string
Supported Values: dynamic
ip-addr
Description Specify IP address
Type: string
Format: ipv4-address
subnet-ip-addr
Description IP Subnet
Type: string
Format: ipv4-cidr
ip-proto¶
Specification Type object proto-name-list
Type: List
Refernce Object: /axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol}
proto-number-list
Type: List
Refernce Object: /axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}
proto-tcp-udp-list
Type: List
Refernce Object: /axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-tcp-udp/{protocol}
ip-proto_proto-number-list¶
Specification Type list Block object keys age
Description Idle age for ip entry
Type: number
Range: 2-1023
Default: 5
apply-policy-on-overflow
Description Enable this flag to apply overflow policy when dynamic entry count overflows
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
deny
Description Blacklist and Drop all incoming packets for this ip-proto
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
drop-frag-pkt
Description Drop fragmented packets
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dynamic-entry-overflow-policy-list
enable-top-k
Description Enable ddos top-k detection
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid-cfg
Description: glid-cfg is a JSON Block. Please see below for ip-proto_proto-number-list_glid-cfg
Type: Object
level-list
Type: List
Refernce Object: /axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}/level/{level-num}
manual-mode-enable
Description Toggle manual mode to use fix templates
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
manual-mode-list
Type: List
Refernce Object: /axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}/manual-mode/{config}
max-dynamic-entry-count
Description Maximum count for dynamic source zone service entry
Type: number
Range: 0-2147483647
port-ind
Description: port-ind is a JSON Block. Please see below for ip-proto_proto-number-list_port-ind
Type: Object
Refernce Object: /axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}/port-ind
protocol-num
Description Protocol Number
Type: number
Range: 0-255
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
ip-proto_proto-number-list_port-ind¶
Specification Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
ip-proto_proto-number-list_dynamic-entry-overflow-policy-list¶
Specification Type list Block object keys dummy-name
Description ‘configuration’: Configure overflow policy;
Type: string
Supported Values: configuration
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/glid
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template
Description: zone-template is a JSON Block. Please see below for ip-proto_proto-number-list_dynamic-entry-overflow-policy-list_zone-template
Type: Object
ip-proto_proto-number-list_dynamic-entry-overflow-policy-list_zone-template¶
Specification Type object encap
Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
ip-proto
Description DDOS ip-proto template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
ip-proto_proto-number-list_level-list¶
Specification Type list Block object keys indicator-list
Type: List
Refernce Object: /axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-number/{protocol-num}/level/{level-num}/indicator/{type}
level-num
Description ‘0’: Default policy level; ‘1’: Policy level 1; ‘2’: Policy level 2; ‘3’: Policy level 3; ‘4’: Policy level 4;
Type: string
Supported Values: 0, 1, 2, 3, 4
src-default-glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/glid
src-escalation-score
Description Source activation score of this level
Type: number
Range: 1-1000000
src-violation-actions
Description Violation actions apply due to source escalate from this level
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/ddos/violation-actions
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-escalation-score
Description Zone activation score of this level
Type: number
Range: 1-1000000
zone-template
Description: zone-template is a JSON Block. Please see below for ip-proto_proto-number-list_level-list_zone-template
Type: Object
zone-violation-actions
Description Violation actions apply due to zone escalate from this level
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/ddos/violation-actions
ip-proto_proto-number-list_level-list_zone-template¶
Specification Type object encap
Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
ip-proto
Description DDOS ip-proto template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
ip-proto_proto-number-list_level-list_indicator-list¶
Specification Type list Block object keys data-packet-size
Description Expected minimal data size
Type: number
Range: 0-2147483647
score
Description Score corresponding to the indicator
Type: number
Range: 1-1000000
src-threshold-num
Description Indicator per-src threshold
Type: number
Range: 0-2147483647
src-threshold-str
Description Indicator per-src threshold
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
src-violation-actions
Description Violation actions to use when this src indicator threshold reaches
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/ddos/violation-actions
type
Description ‘pkt-rate’: rate of incoming packets; ‘pkt-drop-rate’: rate of packets got dropped; ‘pkt-drop-ratio’: ratio of incoming packet rate divided by the rate of dropping packets; ‘bytes-to-bytes-from-ratio’: ratio of incoming packet rate divided by the rate of outgoing packets; ‘frag-rate’: rate of incoming fragmented packets;
Type: string
Supported Values: pkt-rate, pkt-drop-rate, pkt-drop-ratio, bytes-to-bytes-from-ratio, frag-rate
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-threshold-num
Description Threshold for the entire zone
Type: number
Range: 0-2147483647
zone-threshold-str
Description Threshold for the entire zone
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
zone-violation-actions
Description Violation actions to use when this zone indicator threshold reaches
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/ddos/violation-actions
ip-proto_proto-number-list_glid-cfg¶
Specification Type object glid
Description Global limit ID for the whole zone
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/glid
glid-action
Description ‘drop’: Drop packets for glid exceed (Default); ‘blacklist-src’: Blacklist-src for glid exceed; ‘ignore’: Do nothing for glid exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
per-addr-glid
Description Global limit ID per address
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/glid
ip-proto_proto-number-list_manual-mode-list¶
Specification Type list Block object keys config
Description ‘configuration’: Manual-mode configuration;
Type: string
Supported Values: configuration
src-default-glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/glid
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template
Description: zone-template is a JSON Block. Please see below for ip-proto_proto-number-list_manual-mode-list_zone-template
Type: Object
ip-proto_proto-number-list_manual-mode-list_zone-template¶
Specification Type object encap
Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
ip-proto
Description DDOS ip-proto template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
ip-proto_proto-name-list¶
Specification Type list Block object keys age
Description Idle age for ip entry
Type: number
Range: 2-1023
Default: 5
apply-policy-on-overflow
Description Enable this flag to apply overflow policy when dynamic entry count overflows
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
deny
Description Blacklist and Drop all incoming packets for ip-proto icmp-v4
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
drop-frag-pkt
Description Drop fragmented packets
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dynamic-entry-overflow-policy-list
Type: List
Refernce Object: /axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol}/dynamic-entry-overflow-policy/{dummy-name}
enable-top-k
Description Enable ddos top-k detection
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid-cfg
Description: glid-cfg is a JSON Block. Please see below for ip-proto_proto-name-list_glid-cfg
Type: Object
key-cfg
Type: Listlevel-list
Type: List
Refernce Object: /axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol}/level/{level-num}
manual-mode-enable
Description Toggle manual mode to use fix templates
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
manual-mode-list
Type: List
Refernce Object: /axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol}/manual-mode/{config}
max-dynamic-entry-count
Description Maximum count for dynamic source zone service entry
Type: number
Range: 0-2147483647
port-ind
Description: port-ind is a JSON Block. Please see below for ip-proto_proto-name-list_port-ind
Type: Object
Refernce Object: /axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol}/port-ind
protocol
Description ‘icmp-v4’: ip-proto icmp-v4; ‘icmp-v6’: ip-proto icmp-v6; ‘other’: ip-proto other; ‘gre’: ip-proto gre; ‘ipv4-encap’: ip-proto IPv4 Encapsulation; ‘ipv6-encap’: ip-proto IPv6 Encapsulation;
Type: string
Supported Values: icmp-v4, icmp-v6, other, gre, ipv4-encap, ipv6-encap
tunnel-decap
Description Enable tunnel decapsulation
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
tunnel-rate-limit
Description Enable DDOS-protection on tunnel traffic
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
ip-proto_proto-name-list_port-ind¶
Specification Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
ip-proto_proto-name-list_key-cfg¶
Specification Type list Block object keys key
Description Only decapsulate GRE packet with this hexadecimal key
Type: string
Maximum Length: 8 characters
Maximum Length: 1 characters
ip-proto_proto-name-list_glid-cfg¶
Specification Type object glid
Description Global limit ID for the whole zone
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/glid
glid-action
Description ‘drop’: Drop packets for glid exceed (Default); ‘blacklist-src’: Blacklist-src for glid exceed; ‘ignore’: Do nothing for glid exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
per-addr-glid
Description Global limit ID per address
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/glid
ip-proto_proto-name-list_dynamic-entry-overflow-policy-list¶
Specification Type list Block object keys dummy-name
Description ‘configuration’: Configure overflow policy;
Type: string
Supported Values: configuration
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/glid
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template
Description: zone-template is a JSON Block. Please see below for ip-proto_proto-name-list_dynamic-entry-overflow-policy-list_zone-template
Type: Object
ip-proto_proto-name-list_dynamic-entry-overflow-policy-list_zone-template¶
Specification Type object encap
Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
icmp-v4
Description DDOS icmp-v4 template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
icmp-v6
Description DDOS icmp-v6 template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
ip-proto
Description DDOS ip-proto template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
ip-proto_proto-name-list_level-list¶
Specification Type list Block object keys indicator-list
Type: List
Refernce Object: /axapi/v3/ddos/dst/zone/{zone-name}/ip-proto/proto-name/{protocol}/level/{level-num}/indicator/{type}
level-num
Description ‘0’: Default policy level; ‘1’: Policy level 1; ‘2’: Policy level 2; ‘3’: Policy level 3; ‘4’: Policy level 4;
Type: string
Supported Values: 0, 1, 2, 3, 4
src-default-glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/glid
src-escalation-score
Description Source activation score of this level
Type: number
Range: 1-1000000
src-violation-actions
Description Violation actions apply due to source escalate from this level
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/ddos/violation-actions
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-escalation-score
Description Zone activation score of this level
Type: number
Range: 1-1000000
zone-template
Description: zone-template is a JSON Block. Please see below for ip-proto_proto-name-list_level-list_zone-template
Type: Object
zone-violation-actions
Description Violation actions apply due to zone escalate from this level
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/ddos/violation-actions
ip-proto_proto-name-list_level-list_zone-template¶
Specification Type object encap
Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
icmp-v4
Description DDOS icmp-v4 template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
icmp-v6
Description DDOS icmp-v6 template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
ip-proto
Description DDOS ip-proto template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
ip-proto_proto-name-list_level-list_indicator-list¶
Specification Type list Block object keys data-packet-size
Description Expected minimal data size
Type: number
Range: 0-2147483647
score
Description Score corresponding to the indicator
Type: number
Range: 1-1000000
src-threshold-num
Description Indicator per-src threshold
Type: number
Range: 0-2147483647
src-threshold-str
Description Indicator per-src threshold
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
src-violation-actions
Description Violation actions to use when this src indicator threshold reaches
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/ddos/violation-actions
type
Description ‘pkt-rate’: rate of incoming packets; ‘pkt-drop-rate’: rate of packets got dropped; ‘pkt-drop-ratio’: ratio of incoming packet rate divided by the rate of dropping packets; ‘bytes-to-bytes-from-ratio’: ratio of incoming packet rate divided by the rate of outgoing packets; ‘frag-rate’: rate of incoming fragmented packets;
Type: string
Supported Values: pkt-rate, pkt-drop-rate, pkt-drop-ratio, bytes-to-bytes-from-ratio, frag-rate
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-threshold-num
Description Threshold for the entire zone
Type: number
Range: 0-2147483647
zone-threshold-str
Description Threshold for the entire zone
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
zone-violation-actions
Description Violation actions to use when this zone indicator threshold reaches
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/ddos/violation-actions
ip-proto_proto-name-list_manual-mode-list¶
Specification Type list Block object keys config
Description ‘configuration’: Manual-mode configuration;
Type: string
Supported Values: configuration
src-default-glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/glid
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template
Description: zone-template is a JSON Block. Please see below for ip-proto_proto-name-list_manual-mode-list_zone-template
Type: Object
ip-proto_proto-name-list_manual-mode-list_zone-template¶
Specification Type object encap
Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
icmp-v4
Description DDOS icmp-v4 template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
icmp-v6
Description DDOS icmp-v6 template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
ip-proto
Description DDOS ip-proto template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
ip-proto_proto-tcp-udp-list¶
Specification Type list Block object keys drop-frag-pkt
Description Drop fragmented packets
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid-cfg
Description: glid-cfg is a JSON Block. Please see below for ip-proto_proto-tcp-udp-list_glid-cfg
Type: Object
protocol
Description ‘tcp’: ip-proto tcp; ‘udp’: ip-proto udp;
Type: string
Supported Values: tcp, udp
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
ip-proto_proto-tcp-udp-list_glid-cfg¶
Specification Type object glid
Description Global limit ID for the whole zone
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/glid
glid-action
Description ‘drop’: Drop packets for glid exceed (Default); ‘blacklist-src’: Blacklist-src for glid exceed; ‘ignore’: Do nothing for glid exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
per-addr-glid
Description Global limit ID per address
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/glid
port-range-list¶
Specification Type list Block object keys age
Description Idle age for ip entry
Type: number
Range: 2-1023
Default: 5
apply-policy-on-overflow
Description Enable this flag to apply overflow policy when dynamic entry count overflows
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
default-action-list
Description Configure default-action-list
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/ddos/action-list
deny
Description Blacklist and Drop all incoming packets for protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dynamic-entry-overflow-policy-list
enable-class-list-overflow
Description Apply class-list overflow policy upon exceeding dynamic entry count specified under zone port or each class-list
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
enable-top-k
Description Enable ddos top-k detection
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid-cfg
Description: glid-cfg is a JSON Block. Please see below for port-range-list_glid-cfg
Type: Object
level-list
Type: List
Refernce Object: /axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/level/{level-num}
manual-mode-enable
Description Toggle manual mode to use fix templates
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
manual-mode-list
max-dynamic-entry-count
Description Maximum count for dynamic source zone service entry
Type: number
Range: 0-2147483647
port-ind
Description: port-ind is a JSON Block. Please see below for port-range-list_port-ind
Type: Object
Refernce Object: /axapi/v3/ddos/dst/zone/{zone-name}/port-range/{port-range-start}+{port-range-end}+{protocol}/port-ind
port-range-end
Description Port-Range End Port Number
Type: number
Range: 1-65535
port-range-start
Description Port-Range Start Port Number
Type: number
Range: 1-65535
protocol
Description ‘dns-tcp’: DNS-TCP Port; ‘dns-udp’: DNS-UDP Port; ‘http’: HTTP Port; ‘tcp’: TCP Port; ‘udp’: UDP Port; ‘ssl-l4’: SSL-L4 Port;
Type: string
Supported Values: dns-tcp, dns-udp, http, tcp, udp, ssl-l4
sflow-common
Description Enable all sFlow polling options under this zone port
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: sflow-commonsflow-packets, sflow-tcp-basic, sflow-tcp-stateful and sflow-http are mutually exclusive
sflow-http
Description Enable sFlow HTTP counter polling
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: sflow-http and sflow-common are mutually exclusive
sflow-packets
Description Enable sFlow packet-level counter polling
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: sflow-packets and sflow-common are mutually exclusive
sflow-tcp
Description: sflow-tcp is a JSON Block. Please see below for port-range-list_sflow-tcp
Type: Object
src-based-policy-list
stateful
Description Enable stateful tracking of sessions (Default is stateless)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
port-range-list_dynamic-entry-overflow-policy-list¶
Specification Type list Block object keys action
Description ‘bypass’: Always permit for the Source to bypass all feature & limit checks; ‘deny’: Blacklist incoming packets for service;
Type: string
Supported Values: bypass, deny
dummy-name
Description ‘configuration’: Configure overflow policy;
Type: string
Supported Values: configuration
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/glid
log-enable
Description Enable logging
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
log-periodic
Description Enable log periodic
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template
Description: zone-template is a JSON Block. Please see below for port-range-list_dynamic-entry-overflow-policy-list_zone-template
Type: Object
port-range-list_dynamic-entry-overflow-policy-list_zone-template¶
Specification Type object dns
Description DDOS dns template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
encap
Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
http
Description DDOS http template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
logging
Description DDOS logging template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
ssl-l4
Description DDOS ssl-l4 template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
tcp
Description DDOS tcp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
udp
Description DDOS udp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
port-range-list_glid-cfg¶
Specification Type object glid
Description Global limit ID for the whole zone
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/glid
glid-action
Description ‘drop’: Drop packets for glid exceed (Default if default-action-list is not configured); ‘blacklist-src’: Blacklist-src for glid exceed; ‘ignore’: Do nothing for glid exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
per-addr-glid
Description Global limit ID per address
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/glid
port-range-list_level-list¶
Specification Type list Block object keys indicator-list
level-num
Description ‘0’: Default policy level; ‘1’: Policy level 1; ‘2’: Policy level 2; ‘3’: Policy level 3; ‘4’: Policy level 4;
Type: string
Supported Values: 0, 1, 2, 3, 4
src-default-glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/glid
src-escalation-score
Description Source activation score of this level
Type: number
Range: 1-1000000
src-violation-actions
Description Violation actions apply due to source escalate from this level
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/ddos/violation-actions
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-escalation-score
Description Zone activation score of this level
Type: number
Range: 1-1000000
zone-template
Description: zone-template is a JSON Block. Please see below for port-range-list_level-list_zone-template
Type: Object
zone-violation-actions
Description Violation actions apply due to zone escalate from this level
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/ddos/violation-actions
port-range-list_level-list_zone-template¶
Specification Type object dns
Description DDOS dns template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
encap
Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
http
Description DDOS http template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
ssl-l4
Description DDOS ssl-l4 template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
tcp
Description DDOS tcp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
udp
Description DDOS udp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
port-range-list_level-list_indicator-list¶
Specification Type list Block object keys data-packet-size
Description Expected minimal data size
Type: number
Range: 0-2147483647
score
Description Score corresponding to the indicator
Type: number
Range: 1-1000000
src-threshold-num
Description Indicator per-src threshold
Type: number
Range: 0-2147483647
src-threshold-str
Description Indicator per-src threshold
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
src-violation-actions
Description Violation actions to use when this src indicator threshold reaches
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/ddos/violation-actions
tcp-window-size
Description Expected minimal window size
Type: number
Range: 0-2147483647
type
Description ‘pkt-rate’: rate of incoming packets; ‘pkt-drop-rate’: rate of packets got dropped; ‘pkt-drop-ratio’: ratio of incoming packet rate divided by the rate of dropping packets; ‘bytes-to-bytes-from-ratio’: ratio of incoming packet rate divided by the rate of outgoing packets; ‘concurrent-conns’: number of concurrent connections; ‘conn-miss-rate’: rate of incoming packets for which no previously established connection exists; ‘syn-rate’: rate on incoming SYN packets; ‘fin-rate’: rate on incoming FIN packets; ‘rst-rate’: rate of incoming RST packets; ‘small-window-ack-rate’: rate of small window advertisement; ‘empty-ack-rate’: rate of incoming packets which have no payload; ‘small-payload-rate’: rate of short payload packet; ‘syn-fin-ratio’: ratio of incoming SYN packet rate divided by the rate of incoming FIN packets;
Type: string
Supported Values: pkt-rate, pkt-drop-rate, pkt-drop-ratio, bytes-to-bytes-from-ratio, concurrent-conns, conn-miss-rate, syn-rate, fin-rate, rst-rate, small-window-ack-rate, empty-ack-rate, small-payload-rate, syn-fin-ratio
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-threshold-num
Description Threshold for the entire zone
Type: number
Range: 0-2147483647
zone-threshold-str
Description Threshold for the entire zone
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
zone-violation-actions
Description Violation actions to use when this zone indicator threshold reaches
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/ddos/violation-actions
port-range-list_manual-mode-list¶
Specification Type list Block object keys config
Description ‘configuration’: Manual-mode configuration;
Type: string
Supported Values: configuration
src-default-glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/glid
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template
Description: zone-template is a JSON Block. Please see below for port-range-list_manual-mode-list_zone-template
Type: Object
port-range-list_manual-mode-list_zone-template¶
Specification Type object dns
Description DDOS dns template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
encap
Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
http
Description DDOS http template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
ssl-l4
Description DDOS ssl-l4 template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
tcp
Description DDOS tcp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
udp
Description DDOS udp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
port-range-list_src-based-policy-list¶
Specification Type list Block object keys policy-class-list-list
src-based-policy-name
Description Specify name of the policy
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
port-range-list_src-based-policy-list_policy-class-list-list¶
Specification Type list Block object keys action
Description ‘bypass’: Always permit for the Source to bypass all feature & limit checks; ‘deny’: Blacklist incoming packets for service;
Type: string
Supported Values: bypass, deny
class-list-name
Description Class-list name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
class-list-overflow-policy-list
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/glid
max-dynamic-entry-count
Description Maximum count for dynamic source zone service entry allowed for this class-list
Type: number
Range: 0-2147483647
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template
Description: zone-template is a JSON Block. Please see below for port-range-list_src-based-policy-list_policy-class-list-list_zone-template
Type: Object
port-range-list_src-based-policy-list_policy-class-list-list_zone-template¶
Specification Type object dns
Description DDOS dns template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
encap
Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
http
Description DDOS http template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
logging
Description DDOS logging template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
ssl-l4
Description DDOS ssl-l4 template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
tcp
Description DDOS tcp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
udp
Description DDOS udp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
port-range-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list¶
Specification Type list Block object keys action
Description ‘bypass’: Always permit for the Source to bypass all feature & limit checks; ‘deny’: Blacklist incoming packets for service;
Type: string
Supported Values: bypass, deny
dummy-name
Description ‘configuration’: Configure overflow policy for class-list;
Type: string
Supported Values: configuration
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/glid
log-enable
Description Enable logging
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
log-periodic
Description Enable log periodic
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template
Description: zone-template is a JSON Block. Please see below for port-range-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list_zone-template
Type: Object
port-range-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list_zone-template¶
Specification Type object dns
Description DDOS dns template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
encap
Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
http
Description DDOS http template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
logging
Description DDOS logging template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
ssl-l4
Description DDOS ssl-l4 template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
tcp
Description DDOS tcp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
udp
Description DDOS udp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
port-range-list_port-ind¶
Specification Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
port-range-list_sflow-tcp¶
Specification Type object sflow-tcp-basic
Description Enable sFlow basic TCP counter polling
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: sflow-tcp-basic and sflow-common are mutually exclusive
sflow-tcp-stateful
Description Enable sFlow stateful TCP counter polling
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: sflow-tcp-stateful and sflow-common are mutually exclusive
port¶
Specification Type object zone-service-list
Type: List
Refernce Object: /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}
zone-service-other-list
Type: List
Refernce Object: /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}
port_zone-service-list¶
Specification Type list Block object keys apply-policy-on-overflow
Description Enable this flag to apply overflow policy when dynamic entry count overflows
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
capture-config
Description: capture-config is a JSON Block. Please see below for port_zone-service-list_capture-config
Type: Object
default-action-list
Description Configure default-action-list
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/ddos/action-list
deny
Description Blacklist and Drop all incoming packets for protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dynamic-entry-overflow-policy-list
enable-class-list-overflow
Description Apply class-list overflow policy upon exceeding dynamic entry count specified for zone-port or class-list
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
enable-top-k
Description Enable ddos top-k detection
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid-cfg
Description: glid-cfg is a JSON Block. Please see below for port_zone-service-list_glid-cfg
Type: Object
level-list
Type: List
Refernce Object: /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/level/{level-num}
manual-mode-enable
Description Toggle manual mode to use fix templates
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
manual-mode-list
Type: List
Refernce Object: /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/manual-mode/{config}
max-dynamic-entry-count
Description Maximum count for dynamic source zone service entry
Type: number
Range: 0-2147483647
port-ind
Description: port-ind is a JSON Block. Please see below for port_zone-service-list_port-ind
Type: Object
Refernce Object: /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/port-ind
port-num
Description Port Number
Type: number
Range: 1-65535
protocol
Description ‘dns-tcp’: DNS-TCP Port; ‘dns-udp’: DNS-UDP Port; ‘http’: HTTP Port; ‘tcp’: TCP Port; ‘udp’: UDP Port; ‘ssl-l4’: SSL-L4 Port;
Type: string
Supported Values: dns-tcp, dns-udp, http, tcp, udp, ssl-l4
sflow-common
Description Enable all sFlow polling options under this zone port
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: sflow-commonsflow-packets, sflow-tcp-basic, sflow-tcp-stateful and sflow-http are mutually exclusive
sflow-http
Description Enable sFlow HTTP counter polling
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: sflow-http and sflow-common are mutually exclusive
sflow-packets
Description Enable sFlow packet-level counter polling
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: sflow-packets and sflow-common are mutually exclusive
sflow-tcp
Description: sflow-tcp is a JSON Block. Please see below for port_zone-service-list_sflow-tcp
Type: Object
src-based-policy-list
stateful
Description Enable stateful tracking of sessions (Default is stateless)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
port_zone-service-list_dynamic-entry-overflow-policy-list¶
Specification Type list Block object keys action
Description ‘bypass’: Always permit for the Source to bypass all feature & limit checks; ‘deny’: Blacklist incoming packets for service;
Type: string
Supported Values: bypass, deny
dummy-name
Description ‘configuration’: Configure overflow policy;
Type: string
Supported Values: configuration
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/glid
log-enable
Description Enable logging
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
log-periodic
Description Enable log periodic
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template
Description: zone-template is a JSON Block. Please see below for port_zone-service-list_dynamic-entry-overflow-policy-list_zone-template
Type: Object
port_zone-service-list_dynamic-entry-overflow-policy-list_zone-template¶
Specification Type object dns
Description DDOS dns template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
encap
Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
http
Description DDOS http template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
logging
Description DDOS logging template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
ssl-l4
Description DDOS ssl-l4 template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
tcp
Description DDOS tcp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
udp
Description DDOS udp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
port_zone-service-list_glid-cfg¶
Specification Type object glid
Description Global limit ID for the whole zone
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/glid
glid-action
Description ‘drop’: Drop packets for glid exceed (Default if default-action-list is not configured); ‘blacklist-src’: Blacklist-src for glid exceed; ‘ignore’: Do nothing for glid exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
per-addr-glid
Description Global limit ID per address
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/glid
port_zone-service-list_level-list¶
Specification Type list Block object keys indicator-list
Type: List
Refernce Object: /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service/{port-num}+{protocol}/level/{level-num}/indicator/{type}
level-num
Description ‘0’: Default policy level; ‘1’: Policy level 1; ‘2’: Policy level 2; ‘3’: Policy level 3; ‘4’: Policy level 4;
Type: string
Supported Values: 0, 1, 2, 3, 4
src-default-glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/glid
src-escalation-score
Description Source activation score of this level
Type: number
Range: 1-1000000
src-violation-actions
Description Violation actions apply due to source escalate from this level
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/ddos/violation-actions
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-escalation-score
Description Zone activation score of this level
Type: number
Range: 1-1000000
zone-template
Description: zone-template is a JSON Block. Please see below for port_zone-service-list_level-list_zone-template
Type: Object
zone-violation-actions
Description Violation actions apply due to zone escalate from this level
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/ddos/violation-actions
port_zone-service-list_level-list_zone-template¶
Specification Type object dns
Description DDOS dns template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
encap
Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
http
Description DDOS http template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
ssl-l4
Description DDOS ssl-l4 template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
tcp
Description DDOS tcp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
udp
Description DDOS udp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
port_zone-service-list_level-list_indicator-list¶
Specification Type list Block object keys data-packet-size
Description Expected minimal data size
Type: number
Range: 0-2147483647
score
Description Score corresponding to the indicator
Type: number
Range: 1-1000000
src-threshold-num
Description Indicator per-src threshold
Type: number
Range: 0-2147483647
src-threshold-str
Description Indicator per-src threshold
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
src-violation-actions
Description Violation actions to use when this src indicator threshold reaches
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/ddos/violation-actions
tcp-window-size
Description Expected minimal window size
Type: number
Range: 0-2147483647
type
Description ‘pkt-rate’: rate of incoming packets; ‘pkt-drop-rate’: rate of packets got dropped; ‘pkt-drop-ratio’: ratio of incoming packet rate divided by the rate of dropping packets; ‘bytes-to-bytes-from-ratio’: ratio of incoming packet rate divided by the rate of outgoing packets; ‘concurrent-conns’: number of concurrent connections; ‘conn-miss-rate’: rate of incoming packets for which no previously established connection exists; ‘syn-rate’: rate on incoming SYN packets; ‘fin-rate’: rate on incoming FIN packets; ‘rst-rate’: rate of incoming RST packets; ‘small-window-ack-rate’: rate of small window advertisement; ‘empty-ack-rate’: rate of incoming packets which have no payload; ‘small-payload-rate’: rate of short payload packet; ‘syn-fin-ratio’: ratio of incoming SYN packet rate divided by the rate of incoming FIN packets;
Type: string
Supported Values: pkt-rate, pkt-drop-rate, pkt-drop-ratio, bytes-to-bytes-from-ratio, concurrent-conns, conn-miss-rate, syn-rate, fin-rate, rst-rate, small-window-ack-rate, empty-ack-rate, small-payload-rate, syn-fin-ratio
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-threshold-num
Description Threshold for the entire zone
Type: number
Range: 0-2147483647
zone-threshold-str
Description Threshold for the entire zone
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
zone-violation-actions
Description Violation actions to use when this zone indicator threshold reaches
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/ddos/violation-actions
port_zone-service-list_manual-mode-list¶
Specification Type list Block object keys config
Description ‘configuration’: Manual-mode configuration;
Type: string
Supported Values: configuration
src-default-glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/glid
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template
Description: zone-template is a JSON Block. Please see below for port_zone-service-list_manual-mode-list_zone-template
Type: Object
port_zone-service-list_manual-mode-list_zone-template¶
Specification Type object dns
Description DDOS dns template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
encap
Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
http
Description DDOS http template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
ssl-l4
Description DDOS ssl-l4 template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
tcp
Description DDOS tcp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
udp
Description DDOS udp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
port_zone-service-list_src-based-policy-list¶
Specification Type list Block object keys policy-class-list-list
src-based-policy-name
Description Specify name of the policy
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
port_zone-service-list_src-based-policy-list_policy-class-list-list¶
Specification Type list Block object keys action
Description ‘bypass’: Always permit for the Source to bypass all feature & limit checks; ‘deny’: Blacklist incoming packets for service;
Type: string
Supported Values: bypass, deny
class-list-name
Description Class-list name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
class-list-overflow-policy-list
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/glid
log-enable
Description Enable logging
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
log-periodic
Description Enable log periodic
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
max-dynamic-entry-count
Description Maximum count for dynamic source zone service entry allowed for this class-list
Type: number
Range: 0-2147483647
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template
Description: zone-template is a JSON Block. Please see below for port_zone-service-list_src-based-policy-list_policy-class-list-list_zone-template
Type: Object
port_zone-service-list_src-based-policy-list_policy-class-list-list_zone-template¶
Specification Type object dns
Description DDOS dns template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
encap
Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
http
Description DDOS http template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
logging
Description DDOS logging template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
ssl-l4
Description DDOS ssl-l4 template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
tcp
Description DDOS tcp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
udp
Description DDOS udp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
port_zone-service-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list¶
Specification Type list Block object keys action
Description ‘bypass’: Always permit for the Source to bypass all feature & limit checks; ‘deny’: Blacklist incoming packets for service;
Type: string
Supported Values: bypass, deny
dummy-name
Description ‘configuration’: Configure overflow policy for class-list;
Type: string
Supported Values: configuration
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/glid
log-enable
Description Enable logging
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
log-periodic
Description Enable log periodic
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template
Description: zone-template is a JSON Block. Please see below for port_zone-service-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list_zone-template
Type: Object
port_zone-service-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list_zone-template¶
Specification Type object dns
Description DDOS dns template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
encap
Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
http
Description DDOS http template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
logging
Description DDOS logging template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
ssl-l4
Description DDOS ssl-l4 template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
tcp
Description DDOS tcp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
udp
Description DDOS udp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
port_zone-service-list_port-ind¶
Specification Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
port_zone-service-list_sflow-tcp¶
Specification Type object sflow-tcp-basic
Description Enable sFlow basic TCP counter polling
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: sflow-tcp-basic and sflow-common are mutually exclusive
sflow-tcp-stateful
Description Enable sFlow stateful TCP counter polling
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: sflow-tcp-stateful and sflow-common are mutually exclusive
port_zone-service-list_capture-config¶
Specification Type object capture-config-mode
Description ‘drop’: Apply capture-config to dropped packets; ‘forward’: Apply capture-config to forwarded packets; ‘all’: Apply capture-config to both dropped and forwarded packets;
Type: string
Supported Values: drop, forward, all
capture-config-name
Description Capture-config name
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
port_zone-service-other-list¶
Specification Type list Block object keys age
Description Idle age for ip entry
Type: number
Range: 2-1023
Default: 5
apply-policy-on-overflow
Description Enable this flag to apply overflow policy when dynamic entry count overflows
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
default-action-list
Description Configure default-action-list
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/ddos/action-list
deny
Description Blacklist and Drop all incoming packets for protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dynamic-entry-overflow-policy-list
enable-class-list-overflow
Description Apply class-list overflow policy upon exceeding dynamic entry count specified for this zone port or each class-list
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
enable-top-k
Description Enable ddos top-k detection
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid-cfg
Description: glid-cfg is a JSON Block. Please see below for port_zone-service-other-list_glid-cfg
Type: Object
level-list
Type: List
Refernce Object: /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}/level/{level-num}
manual-mode-enable
Description Toggle manual mode to use fix templates
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
manual-mode-list
Type: List
Refernce Object: /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}/manual-mode/{config}
max-dynamic-entry-count
Description Maximum count for dynamic source zone service entry
Type: number
Range: 0-2147483647
port-ind
Description: port-ind is a JSON Block. Please see below for port_zone-service-other-list_port-ind
Type: Object
Refernce Object: /axapi/v3/ddos/dst/zone/{zone-name}/port/zone-service-other/{port-other}+{protocol}/port-ind
port-other
Description ‘other’: other;
Type: string
Supported Values: other
protocol
Description ‘tcp’: TCP Port; ‘udp’: UDP Port;
Type: string
Supported Values: tcp, udp
sflow-common
Description Enable all sFlow polling options under this zone port
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: sflow-commonsflow-packets, sflow-tcp-basic and sflow-tcp-stateful are mutually exclusive
sflow-packets
Description Enable sFlow packet-level counter polling
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: sflow-packets and sflow-common are mutually exclusive
sflow-tcp
Description: sflow-tcp is a JSON Block. Please see below for port_zone-service-other-list_sflow-tcp
Type: Object
src-based-policy-list
stateful
Description Enable stateful tracking of sessions (Default is stateless)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
port_zone-service-other-list_src-based-policy-list¶
Specification Type list Block object keys policy-class-list-list
src-based-policy-name
Description Specify name of the policy
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
port_zone-service-other-list_src-based-policy-list_policy-class-list-list¶
Specification Type list Block object keys action
Description ‘bypass’: Always permit for the Source to bypass all feature & limit checks; ‘deny’: Blacklist incoming packets for service;
Type: string
Supported Values: bypass, deny
class-list-name
Description Class-list name
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
class-list-overflow-policy-list
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/glid
max-dynamic-entry-count
Description Maximum count for dynamic source zone service entry allowed for this class-list
Type: number
Range: 0-2147483647
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template
Description: zone-template is a JSON Block. Please see below for port_zone-service-other-list_src-based-policy-list_policy-class-list-list_zone-template
Type: Object
port_zone-service-other-list_src-based-policy-list_policy-class-list-list_zone-template¶
Specification Type object dns
Description DDOS dns template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
encap
Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
http
Description DDOS http template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
logging
Description DDOS logging template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
ssl-l4
Description DDOS ssl-l4 template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
tcp
Description DDOS tcp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
udp
Description DDOS udp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
port_zone-service-other-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list¶
Specification Type list Block object keys action
Description ‘bypass’: Always permit for the Source to bypass all feature & limit checks; ‘deny’: Blacklist incoming packets for service;
Type: string
Supported Values: bypass, deny
dummy-name
Description ‘configuration’: Configure overflow policy for class-list;
Type: string
Supported Values: configuration
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/glid
log-enable
Description Enable logging
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
log-periodic
Description Enable log periodic
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template
Description: zone-template is a JSON Block. Please see below for port_zone-service-other-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list_zone-template
Type: Object
port_zone-service-other-list_src-based-policy-list_policy-class-list-list_class-list-overflow-policy-list_zone-template¶
Specification Type object dns
Description DDOS dns template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
encap
Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
http
Description DDOS http template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
logging
Description DDOS logging template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
ssl-l4
Description DDOS ssl-l4 template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
tcp
Description DDOS tcp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
udp
Description DDOS udp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
port_zone-service-other-list_port-ind¶
Specification Type object uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
port_zone-service-other-list_dynamic-entry-overflow-policy-list¶
Specification Type list Block object keys action
Description ‘bypass’: Always permit for the Source to bypass all feature & limit checks; ‘deny’: Blacklist incoming packets for service;
Type: string
Supported Values: bypass, deny
dummy-name
Description ‘configuration’: Configure overflow policy;
Type: string
Supported Values: configuration
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/glid
log-enable
Description Enable logging
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
log-periodic
Description Enable log periodic
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template
Description: zone-template is a JSON Block. Please see below for port_zone-service-other-list_dynamic-entry-overflow-policy-list_zone-template
Type: Object
port_zone-service-other-list_dynamic-entry-overflow-policy-list_zone-template¶
Specification Type object dns
Description DDOS dns template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
encap
Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
http
Description DDOS http template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
logging
Description DDOS logging template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
ssl-l4
Description DDOS ssl-l4 template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
tcp
Description DDOS tcp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
udp
Description DDOS udp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
port_zone-service-other-list_glid-cfg¶
Specification Type object glid
Description Global limit ID for the whole zone
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/glid
glid-action
Description ‘drop’: Drop packets for glid exceed (Default if default-action-list is not configured); ‘blacklist-src’: Blacklist-src for glid exceed; ‘ignore’: Do nothing for glid exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
per-addr-glid
Description Global limit ID per address
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/glid
port_zone-service-other-list_level-list¶
Specification Type list Block object keys indicator-list
level-num
Description ‘0’: Default policy level; ‘1’: Policy level 1; ‘2’: Policy level 2; ‘3’: Policy level 3; ‘4’: Policy level 4;
Type: string
Supported Values: 0, 1, 2, 3, 4
src-default-glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/glid
src-escalation-score
Description Source activation score of this level
Type: number
Range: 1-1000000
src-violation-actions
Description Violation actions apply due to source escalate from this level
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/ddos/violation-actions
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-escalation-score
Description Zone activation score of this level
Type: number
Range: 1-1000000
zone-template
Description: zone-template is a JSON Block. Please see below for port_zone-service-other-list_level-list_zone-template
Type: Object
zone-violation-actions
Description Violation actions apply due to zone escalate from this level
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/ddos/violation-actions
port_zone-service-other-list_level-list_zone-template¶
Specification Type object encap
Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
tcp
Description DDOS tcp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
udp
Description DDOS udp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
port_zone-service-other-list_level-list_indicator-list¶
Specification Type list Block object keys data-packet-size
Description Expected minimal data size
Type: number
Range: 0-2147483647
score
Description Score corresponding to the indicator
Type: number
Range: 1-1000000
src-threshold-num
Description Indicator per-src threshold
Type: number
Range: 0-2147483647
src-threshold-str
Description Indicator per-src threshold
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
src-violation-actions
Description Violation actions to use when this src indicator threshold reaches
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/ddos/violation-actions
tcp-window-size
Description Expected minimal window size
Type: number
Range: 0-2147483647
type
Description ‘pkt-rate’: rate of incoming packets; ‘pkt-drop-rate’: rate of packets got dropped; ‘pkt-drop-ratio’: ratio of incoming packet rate divided by the rate of dropping packets; ‘bytes-to-bytes-from-ratio’: ratio of incoming packet rate divided by the rate of outgoing packets; ‘concurrent-conns’: number of concurrent connections; ‘conn-miss-rate’: rate of incoming packets for which no previously established connection exists; ‘syn-rate’: rate on incoming SYN packets; ‘fin-rate’: rate on incoming FIN packets; ‘rst-rate’: rate of incoming RST packets; ‘small-window-ack-rate’: rate of small window advertisement; ‘empty-ack-rate’: rate of incoming packets which have no payload; ‘small-payload-rate’: rate of short payload packet; ‘syn-fin-ratio’: ratio of incoming SYN packet rate divided by the rate of incoming FIN packets;
Type: string
Supported Values: pkt-rate, pkt-drop-rate, pkt-drop-ratio, bytes-to-bytes-from-ratio, concurrent-conns, conn-miss-rate, syn-rate, fin-rate, rst-rate, small-window-ack-rate, empty-ack-rate, small-payload-rate, syn-fin-ratio
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-threshold-num
Description Threshold for the entire zone
Type: number
Range: 0-2147483647
zone-threshold-str
Description Threshold for the entire zone
Type: string
Maximum Length: 128 characters
Maximum Length: 1 characters
zone-violation-actions
Description Violation actions to use when this zone indicator threshold reaches
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/ddos/violation-actions
port_zone-service-other-list_sflow-tcp¶
Specification Type object sflow-tcp-basic
Description Enable sFlow basic TCP counter polling
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: sflow-tcp-basic and sflow-common are mutually exclusive
sflow-tcp-stateful
Description Enable sFlow stateful TCP counter polling
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: sflow-tcp-stateful and sflow-common are mutually exclusive
port_zone-service-other-list_manual-mode-list¶
Specification Type list Block object keys config
Description ‘configuration’: Manual-mode configuration;
Type: string
Supported Values: configuration
src-default-glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/glid
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template
Description: zone-template is a JSON Block. Please see below for port_zone-service-other-list_manual-mode-list_zone-template
Type: Object
port_zone-service-other-list_manual-mode-list_zone-template¶
Specification Type object encap
Description DDOS encap template (IPv6-over-IPv4 / IPv4-over-IPv6 are not supported.)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
tcp
Description DDOS tcp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
udp
Description DDOS udp template
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
capture-config-list¶
Specification Type list Block object keys mode
Description ‘drop’: Apply capture-config to dropped packets; ‘forward’: Apply capture-config to forwarded packets; ‘all’: Apply capture-config to both dropped and forwarded packets;
Type: string
Supported Values: drop, forward, all
name
Description Capture-config name
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/capture-config
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template¶
Specification Type object logging
Description DDOS logging template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
src-port-range-list¶
Specification Type list Block object keys capture-config
Description: capture-config is a JSON Block. Please see below for src-port-range-list_capture-config
Type: Object
default-action-list
Description Configure default-action-list
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/ddos/action-list
deny
Description Blacklist and Drop all incoming packets for protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid-cfg
Description: glid-cfg is a JSON Block. Please see below for src-port-range-list_glid-cfg
Type: Object
protocol
Description ‘udp’: UDP port; ‘tcp’: TCP Port;
Type: string
Supported Values: udp, tcp
src-port-range-end
Description Src Port-Range End Port Number
Type: number
Range: 2-65535
src-port-range-start
Description Src Port-Range Start Port Number
Type: number
Range: 1-65535
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template
Description: zone-template is a JSON Block. Please see below for src-port-range-list_zone-template
Type: Object
src-port-range-list_capture-config¶
Specification Type object capture-config-mode
Description ‘drop’: Apply capture-config to dropped packets; ‘forward’: Apply capture-config to forwarded packets; ‘all’: Apply capture-config to both dropped and forwarded packets;
Type: string
Supported Values: drop, forward, all
capture-config-name
Description Capture-config name
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
src-port-range-list_glid-cfg¶
Specification Type object glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/glid
glid-action
Description ‘drop’: Drop packets for glid exceed (Default); ‘blacklist-src’: Blacklist-src for glid exceed; ‘ignore’: Do nothing for glid exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
src-port-range-list_zone-template¶
Specification Type object src-tcp
Description DDOS tcp src template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
src-udp
Description DDOS udp src template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
src-port¶
Specification Type object zone-src-port-list
Type: List
Refernce Object: /axapi/v3/ddos/dst/zone/{zone-name}/src-port/zone-src-port/{port-num}+{protocol}
zone-src-port-other-list
Type: List
Refernce Object: /axapi/v3/ddos/dst/zone/{zone-name}/src-port/zone-src-port-other/{port-other}+{protocol}
src-port_zone-src-port-list¶
Specification Type list Block object keys default-action-list
Description Configure default-action-list
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/ddos/action-list
deny
Description Blacklist and Drop all incoming packets for protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid-cfg
Description: glid-cfg is a JSON Block. Please see below for src-port_zone-src-port-list_glid-cfg
Type: Object
port-num
Description Source Port Number
Type: number
Range: 1-65535
protocol
Description ‘udp’: UDP port; ‘tcp’: TCP Port;
Type: string
Supported Values: udp, tcp
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template
Description: zone-template is a JSON Block. Please see below for src-port_zone-src-port-list_zone-template
Type: Object
src-port_zone-src-port-list_glid-cfg¶
Specification Type object glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/glid
glid-action
Description ‘drop’: Drop packets for glid exceed (Default); ‘blacklist-src’: Blacklist-src for glid exceed; ‘ignore’: Do nothing for glid exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
src-port_zone-src-port-list_zone-template¶
Specification Type object src-tcp
Description DDOS tcp src template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
src-udp
Description DDOS udp src template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
src-port_zone-src-port-other-list¶
Specification Type list Block object keys default-action-list
Description Configure default-action-list
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/ddos/action-list
deny
Description Blacklist and Drop all incoming packets for protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid-cfg
Description: glid-cfg is a JSON Block. Please see below for src-port_zone-src-port-other-list_glid-cfg
Type: Object
port-other
Description ‘other’: other;
Type: string
Supported Values: other
protocol
Description ‘udp’: UDP port; ‘tcp’: TCP Port;
Type: string
Supported Values: udp, tcp
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zone-template
Description: zone-template is a JSON Block. Please see below for src-port_zone-src-port-other-list_zone-template
Type: Object
src-port_zone-src-port-other-list_glid-cfg¶
Specification Type object glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Refernce Object: /axapi/v3/glid
glid-action
Description ‘drop’: Drop packets for glid exceed (Default); ‘blacklist-src’: Blacklist-src for glid exceed; ‘ignore’: Do nothing for glid exceed;
Type: string
Supported Values: drop, blacklist-src, ignore
src-port_zone-src-port-other-list_zone-template¶
Specification Type object src-tcp
Description DDOS tcp src template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
src-udp
Description DDOS udp src template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
sflow-tcp¶
Specification Type object sflow-tcp-basic
Description Enable sFlow basic TCP counter polling. WARNING: Zone level Sflow polling might induce heavy CPU load depending on the total nu
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: sflow-tcp-basic and sflow-common are mutually exclusive
sflow-tcp-stateful
Description Enable sFlow stateful TCP counter polling. WARNING: Zone level Sflow polling might induce heavy CPU load depending on the total
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: sflow-tcp-stateful and sflow-common are mutually exclusive
ipv6¶
Specification Type list Block object keys expand-ipv6-subnet
Description Expand this subnet to individual IPv6 address
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
expand-ipv6-subnet-mode
Description ‘dynamic’: Dynamic learning;
Type: string
Supported Values: dynamic
ip6-addr
Description Specify IPv6 address
Type: string
Format: ipv6-address
subnet-ipv6-addr
Description IPV6 Subnet
Type: string
Format: ipv6-address-plen
stats data¶
| Counter | Size | Description | |
|---|---|---|---|
| dst_entry_conn_limit_exceed | 8 | Entry Limit: Conn Exceeded | |
| egress_bytes | 8 | Outbound: Bytes Received | |
| zone_other_drop | 8 | OTHER Total Packets Dropped | |
| dst_drop | 8 | Inbound: Packets Dropped | |
| zone_payload_too_big | 8 | UDP Payload Too Large | |
| zone_src_port_conn_limit_exceed | 8 | SrcPort Limit: Conn Exceeded | |
| zone_udp_filter_action_default_pass | 8 | UDP Filter Action Default Pass | |
| src_tcp_unauth_drop | 8 | Src TCP Auth: Unauth Dropped | |
| zone_frag_src_rate_drop | 8 | OTHER Src Rate: Frag Exceeded | |
| dst_other_bytes_rcv | 8 | OTHER Total Bytes Received | |
| zone_udp_pkt_sent | 8 | UDP Total Packets Forwarded | |
| secondary_entry_learning_thre_exceed | 8 | Per Addr Entry Count Overflow | |
| src_tcp_retransmit_excd | 8 | Src TCP Retransmit Exceeded | |
| tcp_syn_cookie_fail | 8 | TCP Auth: SYN Cookie Failed | |
| src_udp_filter_action_drop | 8 | Src UDP Filter Action Drop | |
| zone_tcp_filter_action_drop | 8 | TCP Filter Action Drop | |
| src_udp_ntp_monlist_req | 8 | Src UDP NTP Monlist Request | |
| zone_other_src_rate_drop | 8 | OTHER Src Rate: Total Exceeded | |
| zone_pkt_sent | 8 | Inbound: Packets Forwarded | |
| dst_tcp_conn_close_w_idle | 8 | TCP Idle Connections Closed | |
| secondary_dst_entry_conn_limit_exceed | 8 | Per Addr Limit: Conn Exceeded | |
| dst_udp_session_aged | 8 | UDP Sessions Aged | |
| tcp_rexmit_syn_limit_drop | 8 | TCP SYN Retransmit Exceeded Drop | |
| zone_other_kibit_rate_drop | 8 | OTHER Dst IP-Proto Rate: KiBit Exceeded | |
| src_other_filter_action_blacklist | 8 | Src OTHER Filter Action Blacklist | |
| src_tcp_zero_window_excd | 8 | Src TCP Zero-Window Exceeded | |
| src_tcp_syn_cookie_sent | 8 | Src TCP Auth: SYN Cookie Sent | |
| zone_udp_pkt_rate_exceed | 8 | UDP Dst IP-Proto Rate: Packet Exceeded | |
| src_udp_retry_init | 8 | Src UDP Auth: Retry Init | |
| zone_udp_conn_rate_exceed | 8 | UDP Dst IP-Proto Rate: Conn Exceeded | |
| zone_tcp_any_exceed | 8 | TCP Dst IP-Proto Rate: Total Exceeded | |
| secondary_dst_entry_kbit_rate_exceed | 8 | Per Addr Rate: KiBit Exceeded | |
| zone_port_pkt_rate_exceed | 8 | Port Rate: Packet Exceeded | |
| dst_udp_retry_fail | 8 | UDP Auth: Retry Failed | |
| zone_tcp_syn_drop | 8 | TCP SYN Packets Dropped | |
| src_tcp_action_on_syn_fail | 8 | Src TCP Auth: SYN Retry Failed | |
| zone_tcp_action_on_ack_pass | 8 | TCP Auth: ACK Retry Passed | |
| dst_l4_udp_blacklist_drop | 8 | Dst UDP IP-Proto Blacklist Dropped | |
| zone_udp_filter_action_drop | 8 | UDP Filter Action Drop | |
| src_udp_filter_action_default_pass | 8 | Src UDP Filter Action Default Pass | |
| dst_clist_overflow_policy_at_learning | 8 | Dst Src-Based Overflow Policy Hit | |
| src_tcp_action_on_syn_gap_drop | 8 | Src TCP Auth: SYN Retry-Gap Failed | |
| src_tcp_out_of_seq_excd | 8 | Src TCP Out-Of-Seq Exceeded | |
| zone_tcp_pkt_rate_exceed | 8 | TCP Dst IP-Proto Rate: Packet Exceeded | |
| outbound_bytes_sent | 8 | Outbound: Bytes Forwarded | |
| src_tcp_rst_cookie_fail | 8 | Src TCP Auth: RST Cookie Failed | |
| zone_icmp_src_rate_drop | 8 | ICMP Src Rate: Total Exceeded | |
| tcp_rexmit_syn_limit_bl | 8 | TCP SYN Retransmit Exceeded Blacklist | |
| dst_l4_icmp_blacklist_drop | 8 | Dst ICMP IP-Proto Blacklist Dropped | |
| zone_port_conn_rate_exceed | 8 | Port Rate: Conn Exceeded | |
| src_udp_retry_gap_drop | 8 | UDP Auth: Src Retry-Gap Failed | |
| zone_icmp_pkt_rate_exceed | 8 | ICMP Dst Rate: Packet Exceeded | |
| zone_tcp_bytes_drop | 8 | TCP Total Bytes Dropped | |
| dst_tcp_conn_close_half_open | 8 | TCP Half Open Connections Closed | |
| dst_entry_conn_rate_exceed | 8 | Entry Rate: Conn Exceeded | |
| zone_port_undef_drop | 8 | Dst Port Undefined Dropped | |
| zone_tcp_filter_action_blacklist | 8 | TCP Filter Action Blacklist | |
| secondary_entry_learn | 8 | Per Addr Entry Learned | |
| zone_tcp_filter_action_whitelist | 8 | TCP Filter Action WL | |
| src_tcp_filter_action_default_pass | 8 | Src TCP Filter Action Default Pass | |
| tcp_invalid_syn | 8 | TCP Invalid SYN Received | |
| outbound_bytes_drop | 8 | Outbound: Bytes Dropped | |
| zone_tcp_action_on_syn_pass | 8 | TCP Auth: SYN Retry Passed | |
| dst_other_bytes_sent | 8 | OTHER Total Bytes Forwarded | |
| zone_tcp_src_rate_drop | 8 | TCP Src Rate: Total Exceeded | |
| src_udp_max_payload | 8 | Src UDP Payload Too Large | |
| src_tcp_conn_prate_excd | 8 | Src TCP Rate: Conn Pkt Exceeded | |
| zone_udp_retry_pass | 8 | UDP Auth: Retry Passed | |
| tcp_rst_rcvd | 8 | TCP RST Received | |
| icmp_fwd_recv | 8 | ICMP Inbound Packets Received | |
| src_udp_filter_action_whitelist | 8 | Src UDP Filter Action WL | |
| zone_tcp_action_on_syn_gap_drop | 8 | TCP Auth: SYN Retry-Gap Failed | |
| src_udp_filter_action_blacklist | 8 | Src UDP Filter Action Blacklist | |
| zone_other_pkt_sent | 8 | OTHER Total Packets Forwarded | |
| secondary_dst_entry_frag_pkt_rate_exceed | 8 | Per Addr Rate: Frag Packet Exceeded | |
| ingress_packets | 8 | Inbound: Packets Received | |
| tcp_syn_rcvd | 8 | TCP Inbound SYN Received | |
| zone_tcp_filter_not_match | 8 | TCP Filter No Match | |
| zone_tcp_rst_cookie_fail | 8 | TCP Auth: RST Cookie Failed | |
| src_other_filter_action_whitelist | 8 | Src OTHER Filter Action WL | |
| dst_entry_frag_pkt_rate_exceed | 8 | Entry Rate: Frag Packet Exceeded | |
| dst_drop_frag_pkt | 8 | Fragmented Packets Dropped | |
| zone_src_port_kbit_rate_exceed | 8 | SrcPort Rate: KiBit Exceeded | |
| zone_udp_bytes_drop | 8 | UDP Total Bytes Dropped | |
| dst_tcp_conn_close_w_rst | 8 | TCP RST Connections Closed | |
| src_tcp_wellknown_sport_drop | 8 | Src TCP SrcPort Wellknown | |
| src_tcp_action_on_ack_init | 8 | Src TCP Auth: ACK Retry Init | |
| outbound_pkt_sent | 8 | Outbound: Packets Forwarded | |
| zone_other_filter_action_whitelist | 8 | OTHER Filter Action WL | |
| zone_tcp_syn | 8 | TCP Total SYN Received | |
| zone_other_filter_action_default_pass | 8 | OTHER Filter Action Default Pass | |
| zone_other_pkt_rate_exceed | 8 | OTHER Dst IP-Proto Rate: Packet Exceeded | |
| zone_udp_src_rate_drop | 8 | UDP Src Rate: Total Exceeded | |
| zone_tcp_pkt_sent | 8 | TCP Total Packets Forwarded | |
| zone_tcp_action_on_ack_gap_drop | 8 | TCP Auth: ACK Retry Retry-Gap Failed | |
| zone_tcp_filter_match | 8 | TCP Filter Match | |
| src_udp_conn_prate_excd | 8 | Src UDP Rate: Conn Pkt Exceeded | |
| dst_tcp_conn_close_w_fin | 8 | TCP FIN Connections Closed | |
| src_tcp_action_on_ack_gap_drop | 8 | Src TCP Auth: ACK Retry Retry-Gap Failed | |
| secondary_entry_aged | 8 | Per Addr Entry Aged | |
| src_tcp_filter_action_drop | 8 | Src TCP Filter Action Drop | |
| zone_tcp_conn_prate_excd | 8 | TCP Rate: Conn Pkt Exceeded | |
| zone_tcp_src_drop | 8 | TCP Src Packets Dropped | |
| src_udp_min_payload | 8 | Src UDP Payload Too Small | |
| dst_tcp_bytes_rcv | 8 | TCP Total Bytes Received | |
| zone_other_filter_action_blacklist | 8 | OTHER Filter Action Blacklist | |
| zone_udp_filter_not_match | 8 | UDP Filter No Match | |
| zone_port_bl | 8 | Dst Port Blacklist Packets Dropped | |
| secondary_entry_hit | 8 | Per Addr Entry Hit | |
| zone_src_port_conn_rate_exceed | 8 | SrcPort Rate: Conn Exceeded | |
| zone_tcp_action_on_syn_init | 8 | TCP Auth: SYN Retry Init | |
| dst_tcp_conn_close | 8 | TCP Connections Closed | |
| zone_udp_ntp_monlist_resp | 8 | UDP NTP Monlist Response | |
| zone_other_bytes_drop | 8 | OTHER Total Bytes Dropped | |
| zone_udp_wellknown_sport_drop | 8 | UDP SrcPort Wellknown | |
| zone_frag_rcvd | 8 | Fragmented Packets Received | |
| zone_port_kbit_rate_exceed | 8 | Port Rate: KiBit Exceeded | |
| zone_icmp_bytes_drop | 8 | ICMP Total Bytes Dropped | |
| zone_tcp_action_on_ack_init | 8 | TCP Auth: ACK Retry Init | |
| src_tcp_syn_auth_fail | 8 | Src TCP Auth: SYN Auth Failed | |
| zone_tcp_conn_rate_exceed | 8 | TCP Dst IP-Proto Rate: Conn Exceeded | |
| dst_icmp_bytes_sent | 8 | ICMP Total Bytes Forwarded | |
| inbound_bytes_sent | 8 | Inbound: Bytes Forwarded | |
| zone_src_port_pkt_rate_exceed | 8 | SrcPort Rate: Packet Exceeded | |
| secondary_entry_miss | 8 | Per Addr Entry Missed | |
| zone_tcp_pkt_rcvd | 8 | TCP Total Packets Received | |
| zone_udp_filter_match | 8 | UDP Filter Match | |
| zone_ip_proto_kbit_rate_exceed | 8 | IP-Proto Rate: KiBit Exceeded | |
| src_frag_drop | 8 | Src Fragmented Packets Dropped | |
| zone_udp_conn_prate_excd | 8 | UDP Rate: Conn Pkt Exceeded | |
| zone_udp_src_drop | 8 | UDP Src Packets Dropped | |
| dst_tcp_session_aged | 8 | TCP Sessions Aged | |
| zone_udp_kibit_rate_drop | 8 | UDP Dst IP-Proto Rate: KiBit Exceeded | |
| zone_icmp_pkt_rcvd | 8 | ICMP Total Packets Received | |
| src_tcp_syn_cookie_fail | 8 | Src TCP Auth: SYN Cookie Failed | |
| zone_other_filter_action_drop | 8 | OTHER Filter Action Drop | |
| zone_other_filter_not_match | 8 | OTHER Filter No Match | |
| zone_tcp_auth | 8 | TCP Auth: SYN Cookie Sent | |
| dst_tcp_conn_create_from_syn | 8 | TCP Connections Created From SYN | |
| zone_blackhole_inject | 8 | Dst Blackhole Inject | |
| dst_udp_bytes_sent | 8 | UDP Total Bytes Forwarded | |
| secondary_dst_entry_pkt_rate_exceed | 8 | Per Addr Rate: Packet Exceeded | |
| zone_frag_pkt_rate_exceed | 8 | OTHER Dst IP-Proto Rate: Frag Exceeded | |
| zone_tcp_drop | 8 | TCP Total Packets Dropped | |
| zone_tcp_unauth_drop | 8 | TCP Auth: Unauth Dropped | |
| dst_tcp_conn_create_from_ack | 8 | TCP Connections Created From ACK | |
| zone_udp_pkt_rcvd | 8 | UDP Total Packets Received | |
| dst_tcp_bytes_sent | 8 | TCP Total Bytes Forwarded | |
| zone_icmp_kibit_rate_drop | 8 | ICMP Dst Rate: KiBit Exceeded | |
| tcp_ack_rcvd | 8 | TCP ACK Received | |
| zone_frag_drop | 8 | OTHER Total Frag Packets Dropped | |
| zone_tcp_retransmit_excd | 8 | TCP Retransmit Exceeded | |
| src_tcp_filter_action_whitelist | 8 | Src TCP Filter Action WL | |
| zone_tcp_session_created | 8 | TCP Sessions Created | |
| src_tcp_filter_action_blacklist | 8 | Src TCP Filter Action Blacklist | |
| zone_tcp_conn_limit_exceed | 8 | TCP Dst IP-Proto Limit: Conn Exceeded | |
| zone_udp_drop | 8 | UDP Total Packets Dropped | |
| zone_ip_proto_pkt_rate_exceed | 8 | IP-Proto Rate: Packet Exceeded | |
| udp_fwd_recv | 8 | UDP Inbound Packets Received | |
| dst_icmp_bytes_rcv | 8 | ICMP Total Bytes Received | |
| zone_udp_ntp_monlist_req | 8 | UDP NTP Monlist Request | |
| zone_icmp_pkt_sent | 8 | ICMP Total Packets Forwarded | |
| dst_entry_kbit_rate_exceed_count | 8 | Entry Rate: KiBit Exceeded Count | |
| dst_udp_bytes_rcv | 8 | UDP Total Bytes Received | |
| egress_packets | 8 | Outbound: Packets Received | |
| zone_tcp_zero_window_excd | 8 | TCP Zero-Window Exceeded | |
| zone_port_conn_limit_exceed | 8 | Port Limit: Conn Exceeded | |
| inbound_bytes_drop | 8 | Inbound: Bytes Dropped | |
| dst_l4_tcp_blacklist_drop | 8 | Dst TCP IP-Proto Blacklist Dropped | |
| zone_payload_too_small | 8 | UDP Payload Too Small | |
| zone_udp_any_exceed | 8 | UDP Dst IP-Proto Rate: Total Exceeded | |
| dst_udp_auth_drop | 8 | UDP Auth: Dropped | |
| src_other_filter_action_default_pass | 8 | Src OTHER Filter Action Default Pass | |
| zone_other_src_drop | 8 | OTHER Src Packets Dropped | |
| zone_tcp_action_on_syn_fail | 8 | TCP Auth: SYN Retry Failed | |
| zone_other_filter_match | 8 | OTHER Filter Match | |
| dst_tcp_auth_drop | 8 | TCP Auth: Dropped | |
| zone_port_kbit_rate_exceed_pkt | 8 | Port Rate: KiBit Pkt Exceeded | |
| src_tcp_action_on_ack_fail | 8 | Src TCP Auth: ACK Retry Failed | |
| dst_entry_pkt_rate_exceed | 8 | Entry Rate: Packet Exceeded | |
| zone_udp_session_created | 8 | UDP Sessions Created | |
| zone_udp_conn_limit_exceed | 8 | UDP Dst IP-Proto Limit: Conn Exceeded | |
| ingress_bytes | 8 | Inbound: Bytes Received | |
| zone_out_no_route | 8 | Dst IPv4/v6 Out No Route | |
| dst_tcp_auth_resp | 8 | TCP Auth: Responded | |
| zone_tcp_out_of_seq_excd | 8 | TCP Out-Of-Seq Exceeded | |
| zone_tcp_kibit_rate_drop | 8 | TCP Dst IP-Proto Rate: KiBit Exceeded | |
| tcp_fin_rcvd | 8 | TCP FIN Received | |
| dst_udp_retry_gap_drop | 8 | UDP Auth: Retry-Gap Failed | |
| src_tcp_action_on_syn_init | 8 | Src TCP Auth: SYN Retry Init | |
| src_udp_ntp_monlist_resp | 8 | Src UDP NTP Monlist Response | |
| tcp_syn_ack_rcvd | 8 | TCP SYN ACK Received | |
| zone_tcp_wellknown_sport_drop | 8 | TCP SrcPort Wellknown | |
| src_udp_wellknown_sport_drop | 8 | Src UDP SrcPort Wellknown | |
| zone_udp_filter_action_blacklist | 8 | UDP Filter Action Blacklist | |
| zone_udp_filter_action_whitelist | 8 | UDP Filter Action WL | |
| zone_icmp_drop | 8 | ICMP Total Packets Dropped | |
| zone_tcp_filter_action_default_pass | 8 | TCP Filter Action Default Pass | |
| zone_udp_retry_init | 8 | UDP Auth: Retry Init | |
| dst_entry_kbit_rate_exceed | 8 | Entry Rate: KiBit Exceeded | |
| secondary_dst_entry_conn_rate_exceed | 8 | Per Addr Rate: Conn Exceeded | |
| zone_icmp_src_drop | 8 | ICMP Src Packets Dropped | |
| zone_other_pkt_rcvd | 8 | OTHER Total Packets Received | |
| zone_tcp_action_on_ack_fail | 8 | TCP Auth: ACK Retry Failed | |
| outbound_drop | 8 | Outbound: Packets Dropped | |
| dst_l4_other_blacklist_drop | 8 | Dst OTHER IP-Proto Blacklist Dropped | |
| dst_frag_timeout_drop | 8 | Fragment Reassemble Timeout Drop | |
| tcp_fwd_recv | 8 | TCP Inbound Packets Received | |
| zone_blackhole_withdraw | 8 | Dst Blackhole Withdraw | |
| src_other_filter_action_drop | 8 | Src OTHER Filter Action Drop | |
| zone_src_port_bl | 8 | Dst SrcPort Blacklist Packets Dropped | |
| zone_tcp_auth_pass | 8 | TCP Auth: SYN Auth Passed |
operational data¶
| Counter | Size | Description | |
|---|---|---|---|
| all-ports | flag | all-ports | |
| protocol | string | protocol | |
| addresses | flag | addresses | |
| all-ip-protos | flag | all-ip-protos | |
| entry-displayed-count | number | entry-displayed-count | |
| subnet-ip-addr | ipv4-cidr | subnet-ip-addr | |
| ddos_entry_list | ddos_entry_list | ||
| service-displayed-count | number | service-displayed-count | |
| ip-proto-num | number | ip-proto-num | |
| port-range-start | number | port-range-start | |
| dynamic-expand-subnet | flag | dynamic-expand-subnet | |
| port-num | number | port-num | |
| all-addresses | flag | all-addresses | |
| subnet-ipv6-addr | ipv6-address-plen | subnet-ipv6-addr | |
| port-range-end | number | port-range-end |