Description
A Threshold Rule defines a filter for matching specific network traffic. When the filter criterion is met, the Threshold Rule
Actions are evaluated and possible actions taken.
Properties
- Index
- The index of the object, starting at 1. (Identifier)
- Name
- Specifies a symbolic name for the rule. (Optional)
- SourceInterface
- Specifies the name of the receiving interface to be compared to the received packet.
- DestinationInterface
- Specifies the destination interface to be compared to the received packet.
- SourceNetwork
- Specifies the sender span of IP addresses to be compared to the received packet.
- DestinationNetwork
- Specifies the span of IP addresses to be compared to the destination IP of the received packet.
- SourceUserGroup
- Specifies user group destination address needs to be part of. (Optional)
- DestinationUserGroup
- Specifies user group destination address needs to be part of. (Optional)
- Service
- Specifies a service that will be used as a filter parameter when matching traffic with this rule.
- Schedule
- By adding a schedule to a rule, the firewall will only allow that rule to trigger at those designated times. (Optional)
- Attribute
- Special Attribute of the current object. (Optional)
- Comments
- Text describing the current object. (Optional)
![[Note]](images/note.png) |
Note |
If no Index is specified when creating an instance of this type, the object will be placed last in the list and the Index will be equal to the length of the list.
|
Description
A Threshold Rule Action specifies what thresholds to measure, and what action to take if those thresholds are reached.
Properties
- Action
- Protect or Audit. (Default: Protect)
- GroupBy
- Specifies whether the threshold should be host- or network-based. (Default: SourceIP)
- Threshold
- Specifies the threshold.
- ThresholdUnit
- Specifies the threshold unit. (Default: ConnsSec)
- ZoneDefense
- When enabled, the source will be blocked in configured ZoneDefense switches. (Default: No)
- BlackList
- When enabled, the source will be added to the Blacklist for the configured number of seconds. (Default: No)
- BlackListTimeToBlock
- The number of seconds that the dynamic blacklist should remain. (Optional)
- BlackListBlockOnlyService
- Only block the service that triggered the blacklisting. (Default: No)
- BlackListIgnoreEstablished
- Do not drop existing connection. (Default: No)
- Attribute
- Special Attribute of the current object. (Optional)
- LogEnabled
- Enable logging. (Default: Yes)
- LogSeverity
- Specifies with what severity log events will be sent to the specified log receivers. (Default: Default)
- Comments
- Text describing the current object. (Optional)
|
Note |
If no Index is specified when creating an instance of this type, the object will be placed last in the list and the Index will be equal to the length of the list.
|
cOS Core 15.00.01 CLI Reference Guide
