3.95. ThresholdRules

Home Prev	cOS Stream 4.00.05 CLI Reference Guide	Next

Description

The threshold rules are a self-contained set of rules meant to broadly define how to apply threshold actions. The major purpose of such threshold actions is to prevent excessive amounts of flows to be opened, though other usages are also possible.

Properties

Comments: Text describing the current object. (Optional)

	Note
	This object type does not have an identifier and is identified by the name of the type only. There can only be one instance of this type.

3.95.1. ThresholdRule

Description

A threshold rule specifies a filter for matching specific network traffic, how to evaluate the traffic, and what actions to take if the traffic exceeds given threshold definitions.

Properties

Name: Specifies a symbolic name for the rule. (Optional)
SourceInterface: Specifies the name of the receiving interface to be compared to the received packet.
DestinationInterface: Specifies the destination interface to be compared to the received packet.
SourceNetwork: Specifies the sender span of IP addresses to be compared to the received packet.
DestinationNetwork: Specifies the destination span of IP addresses to be compared to the received packet.
Service: Specifies a service that will be used as a filter parameter when matching traffic with this rule.
Comments: Text describing the current object. (Optional)

	Note
	If no `Index` is specified when creating an instance of this type, the object will be placed last in the list and the `Index` will be equal to the length of the list.

3.95.1.1. ThresholdSet

Description

A threshold set specifies what action to take if all the threshold definitions within the set are exceeded.

Properties

Name: Specifies a symbolic name for the threshold set. (Optional)
Action: Specifies the action to take when a threshold set is triggered.
ActionLog: Specifies the log behavior when a threshold set is triggered. (Default: ObeyRule)
ActionLogSeverity: Specifies with what severity log events will be sent to the specified log receivers. (Default: Warning)
Probability: Static probability (1-100 percent), that the flow open attempt will be dropped.
Timeout: Seconds before an IP is removed from the blacklist. In case 0 is chosen the blacklist rule will be in effect until a shutdown of the firewall or until it is manually removed via CLI.
Comments: Text describing the current object. (Optional)

	Note
	If no `Index` is specified when creating an instance of this type, the object will be placed last in the list and the `Index` will be equal to the length of the list.

ThresholdDefinition

Description

A threshold definition specifies how to evaluate network traffic, a threshold limit for that measurement and for how long the limit can be exceeded before the action specified for the threshold set is taken. Note that, if multiple threshold definitions are configured for the threshold set, the limits of all definitions must be exceeded before the action is executed.

Properties

Name: Specifies a symbolic name for the threshold. (Optional)
Type: Specifies the type of measurement for the threshold.
Limit: Maximum threshold limit.
Interval: Interval during which the threshold limit applies. (Optional)
Duration: Duration that the threshold limit may be exceeded without triggering. (Optional)
Grouping: Grouping is a way to partition the traffic matched by the threshold rule into smaller equally-sized units. (Default: None)
GroupingIP4NetworkSize: If users are grouped according to source or destination network, the size of the network has to be specified by this setting. (Default: 16)
GroupingIP6NetworkSize: If users are grouped according to source or destination network, the size of the network has to be specified by this setting. (Default: 64)
Scope: Enable dynamic balancing of groups. (Default: Group)
ThresholdLog: Enable log messages when the threshold definition triggers and when it stops triggering. (Default: Yes)
ThresholdLogSeverity: Specifies with what severity log events will be sent to the specified log receivers. (Default: Default)
Comments: Text describing the current object. (Optional)

	Note
	If no `Index` is specified when creating an instance of this type, the object will be placed last in the list and the `Index` will be equal to the length of the list.