fw

The Data Center Firewall (DCFW) is a Layer 4 firewall that supports the ability to filter incoming traffic at Layer 1-4, meaning that traffic is filtered based on the source and destination IP addresses, in combination with the source and destination port numbers and IP protocol. The primary purpose of a data center firewall within the context of application delivery is to expose and protect the services and internal servers.

fw Specification

Type Intermediate Resource
Element Name fw
Element URI /axapi/v3/fw
Element Attributes fw_attributes
Schema fw schema

Operations Allowed:

Operation Method URI Payload

Get Object

GET

/axapi/v3/fw

fw_attributes

fw Attributes

active-rule-set

Description: active-rule-set is a JSON Block . Please see below for active-rule-set

Type: Object

Reference Object: /axapi/v3/fw/active-rule-set

alg-list

Description: alg-list is a JSON List . Please see below for alg-list

Type: List

Reference Object: /axapi/v3/fw/alg/{name}+{name2}

apply-changes

Description: apply-changes is a JSON Block . Please see below for apply-changes

Type: Object

Reference Object: /axapi/v3/fw/apply-changes

global

Description: global is a JSON Block . Please see below for global

Type: Object

Reference Object: /axapi/v3/fw/global

helper-sessions

Description: helper-sessions is a JSON Block . Please see below for helper-sessions

Type: Object

Reference Object: /axapi/v3/fw/helper-sessions

logging

Description: logging is a JSON Block . Please see below for logging

Type: Object

Reference Object: /axapi/v3/fw/logging

session-aging-list

Description: session-aging-list is a JSON List . Please see below for session-aging-list

Type: List

Reference Object: /axapi/v3/fw/session-aging/{name}

tcp-window-check

Description: tcp-window-check is a JSON Block . Please see below for tcp-window-check

Type: Object

Reference Object: /axapi/v3/fw/tcp-window-check

vrid

Description: vrid is a JSON Block . Please see below for vrid

Type: Object

Reference Object: /axapi/v3/fw/vrid

active-rule-set

Specification
Type object

name

Description: Policy that should be enabled

Type: string

Reference Object: /axapi/v3/rule-set

session-aging

Description: Session Aging Template options

Type: string

Reference Object: /axapi/v3/fw/session-aging

uuid

Description: uuid of the object

Type: string

vrid

Specification
Type object

uuid

Description: uuid of the object

Type: string

vrid

Description: Join a vrrp group (Specify ha VRRP-A vrid)

Type: number

Range: 1-31

logging

Specification
Type object

name

Description: Logging Template Name

Type: string

Format: string-rlx

Reference Object: /axapi/v3/slb/template/logging

uuid

Description: uuid of the object

Type: string

tcp-window-check

Specification
Type object

sampling-enable

Description: sampling-enable is a JSON List . Please see below for l809_sampling-enable

Type: List

status

Description: ‘enable’: Enable TCP window check (default); ‘disable’: Disable TCP window check;

Type: string

Supported Values: enable, disable

Default: enable

uuid

Description: uuid of the object

Type: string

tcp-window-check.sampling-enable

Specification
Type list
Block object keys

counters1

Description: ‘all’: all; ‘outside-window’: packet dropped for outside of tcp window;

Type: string

Supported Values: all, outside-window

apply-changes

Specification
Type object

apply-changes

Description: Invoke rule-set recompile immediately

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

global

Specification
Type object

alg-processing

Description: ‘honor-rule-set’: Honors firewall rule-sets configured; ‘override-rule-set’: Override firewall rule-sets configured;

Type: string

Supported Values: honor-rule-set, override-rule-set

Default: honor-rule-set

disable-ip-fw-sessions

Description: disable sessions for non TCP/UDP/ICMP packets

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

uuid

Description: uuid of the object

Type: string

helper-sessions

Specification
Type object

idle-timeout

Description: Set firewall helper-sessions idle-timeout (Idle-timeout in minutes (default: 1 minute))

Type: number

Range: 1-255

Default: 1

limit

Description: Set maximum number of firewall helper-sessions allowed (Max helper-sessions allowed (Not more than 1/3 of L4 sessions current max))

Type: number

mode

Description: ‘disable’: Disable helper-sessions;

Type: string

Supported Values: disable

uuid

Description: uuid of the object

Type: string

alg-list

Specification
Type list
Block object keys

name

Description: ‘FTP’: Disable FTP ALG default port 21; ‘TFTP’: Disable TFTP ALG default port 69; ‘SIP’: Disable SIP ALG default port 5060; ‘DNS’: Disable DNS ALG default port 53;

Type: string

Supported Values: FTP, TFTP, SIP, DNS

name2

Description: ‘ICMP’: Disable ICMP ALG which allow ICMP errors pass firewall;

Type: string

Supported Values: ICMP

uuid

Description: uuid of the object

Type: string

session-aging-list

Specification
Type list
Block object keys

alive-if-active

Description: keep connection alive if active traffic

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

force-delete-timeout

Description: The maximum time that a session can stay in the system before being deleted, default is off (number (second))

Type: number

Range: 1-31

Mutual Exclusion: force-delete-timeout and force-delete-timeout-100ms are mutually exclusive

force-delete-timeout-100ms

Description: The maximum time that a session can stay in the system before being deleted, default is off (number in 100ms)

Type: number

Range: 1-31

Mutual Exclusion: force-delete-timeout-100ms and force-delete-timeout are mutually exclusive

half-close-idle-timeout

Description: TCP Half Close Idle Timeout (sec), default is off (number)

Type: number

Range: 60-120

half-open-idle-timeout

Description: TCP Half Open Idle Timeout (sec), default is off (number)

Type: number

Range: 1-60

icmp-idle-timeout

Description: Idle Timeout value (default 2 seconds) (idle timeout in second, default 2)

Type: number

Range: 2-15000

Default: 2

ip-idle-timeout

Description: Idle Timeout (sec), default is 30 (number)

Type: number

Range: 1-2097151

Default: 30

name

Description: session-aging Template (session-aging Template name)

Type: string

tcp-idle-timeout

Description: Idle Timeout (sec), default is 600 (number)

Type: number

Range: 1-2097151

Default: 600

udp-idle-timeout

Description: Idle Timeout value (default 120 seconds) (idle timeout in second, default 120)

Type: number

Range: 1-2097151

Default: 120

user-tag

Description: Customized tag

Type: string

Format: string-rlx

uuid

Description: uuid of the object

Type: string