fw

Firewall

fw Specification

   
Type Intermediate Resource
Element Name fw
Element URI /axapi/v3/fw
Element Attributes fw_attributes
Schema fw schema

Operations Allowed:

OperationMethodURIPayload

Get Object

GET

/axapi/v3/fw

fw_attributes

fw attributes

active-rule-set

Description: active-rule-set is a JSON Block. Please see below for active-rule-set

Type: Object

Refernce Object: /axapi/v3/fw/active-rule-set

alg-list

Type: List

Refernce Object: /axapi/v3/fw/alg/{name}+{name2}

apply-changes

Description: apply-changes is a JSON Block. Please see below for apply-changes

Type: Object

Refernce Object: /axapi/v3/fw/apply-changes

global

Description: global is a JSON Block. Please see below for global

Type: Object

Refernce Object: /axapi/v3/fw/global

helper-sessions

Description: helper-sessions is a JSON Block. Please see below for helper-sessions

Type: Object

Refernce Object: /axapi/v3/fw/helper-sessions

logging

Description: logging is a JSON Block. Please see below for logging

Type: Object

Refernce Object: /axapi/v3/fw/logging

session-aging-list

Type: List

Refernce Object: /axapi/v3/fw/session-aging/{name}

tcp-rst-close-immediate

Description: tcp-rst-close-immediate is a JSON Block. Please see below for tcp-rst-close-immediate

Type: Object

Refernce Object: /axapi/v3/fw/tcp-rst-close-immediate

tcp-window-check

Description: tcp-window-check is a JSON Block. Please see below for tcp-window-check

Type: Object

Refernce Object: /axapi/v3/fw/tcp-window-check

vrid

Description: vrid is a JSON Block. Please see below for vrid

Type: Object

Refernce Object: /axapi/v3/fw/vrid

active-rule-set

Specification  
Type object

name

Description Rule set name

Type: string

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/rule-set

session-aging

Description Session Aging Template

Type: string

Maximum Length: 128 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/fw/session-aging

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

vrid

Specification  
Type object

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

vrid

Description Vrrp group (VRRP-A vrid)

Type: number

Range: 1-31

logging

Specification  
Type object

name

Description Logging Template Name

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

Refernce Object: /axapi/v3/slb/template/logging

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

tcp-window-check

Specification  
Type object

sampling-enable

Type: List

status

Description ‘enable’: Enable TCP window check (default); ‘disable’: Disable TCP window check;

Type: string

Supported Values: enable, disable

Default: enable

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

tcp-window-check_sampling-enable

Specification  
Type list
Block object keys  

counters1

Description ‘all’: all; ‘outside-window’: packet dropped for outside of tcp window;

Type: string

Supported Values: all, outside-window

apply-changes

Specification  
Type object

apply-changes

Description Invoke rule-set recompile immediately

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

global

Specification  
Type object

alg-processing

Description ‘honor-rule-set’: Honors firewall rule-sets; ‘override-rule-set’: Override firewall rule-sets;

Type: string

Supported Values: honor-rule-set, override-rule-set

Default: honor-rule-set

disable-ip-fw-sessions

Description disable create sessions for non TCP/UDP/ICMP

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

helper-sessions

Specification  
Type object

idle-timeout

Description helper-sessions idle-timeout time (Idle-timeout in minutes (default: 1 minute))

Type: number

Range: 1-255

Default: 1

limit

Description Limit number of helper-sessions (Limit helper-sessions number)

Type: number

mode

Description ‘disable’: Disable helper-sessions;

Type: string

Supported Values: disable

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

alg-list

Specification  
Type list
Block object keys  

name

Description ‘FTP’: Disable FTP ALG default port 21; ‘TFTP’: Disable TFTP ALG default port 69; ‘SIP’: Disable SIP ALG default port 5060; ‘DNS’: Disable DNS ALG default port 53;

Type: string

Supported Values: FTP, TFTP, SIP, DNS

name2

Description ‘ICMP’: Disable ICMP ALG which allow ICMP errors pass firewall;

Type: string

Supported Values: ICMP

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

session-aging-list

Specification  
Type list
Block object keys  

alive-if-active

Description keep connection alive if active traffic

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

force-delete-timeout

Description The maximum time that a session can stay in the system before being deleted, default is off (number (second))

Type: number

Range: 1-31

Mutual Exclusion: force-delete-timeout and force-delete-timeout-100ms are mutually exclusive

force-delete-timeout-100ms

Description The maximum time that a session can stay in the system before being deleted, default is off (number in 100ms)

Type: number

Range: 1-31

Mutual Exclusion: force-delete-timeout-100ms and force-delete-timeout are mutually exclusive

half-close-idle-timeout

Description TCP Half Close Idle Timeout (sec), default is off (number)

Type: number

Range: 60-120

half-open-idle-timeout

Description TCP Half Open Idle Timeout (sec), default is off (number)

Type: number

Range: 1-60

icmp-idle-timeout

Description Idle Timeout value (default 2 seconds) (idle timeout in second, default 2)

Type: number

Range: 2-15000

Default: 2

ip-idle-timeout

Description Idle Timeout (sec), default is 30 (number)

Type: number

Range: 1-2097151

Default: 30

name

Description session-aging Template (session-aging Template name)

Type: string

Maximum Length: 63 characters

Maximum Length: 1 characters

tcp-idle-timeout

Description Idle Timeout (sec), default is 600 (number)

Type: number

Range: 1-2097151

Default: 600

udp-idle-timeout

Description Idle Timeout value (default 120 seconds) (idle timeout in second, default 120)

Type: number

Range: 1-2097151

Default: 120

user-tag

Description Customized tag

Type: string

Format: string-rlx

Maximum Length: 127 characters

Maximum Length: 1 characters

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

tcp-rst-close-immediate

Specification  
Type object

status

Description ‘enable’: Enable TCP RST close immediate (default); ‘disable’: Disable TCP RST close immediate;

Type: string

Supported Values: enable, disable

Default: enable

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters