security debug matcherΒΆ

security debug matcher(1)				BIG-IP TMSH Manual				 security debug matcher(1)

NAME
       debug - Configures Debuggability drop redirect mode.

MODULE
       security firewall

SYNTAX
       Configure drop redirect feature or display stats using the following syntax.

   MODIFY
	modify debug
	  matcher {
	   drop-redirect {
	     drop-redirect-mode {
		 disable
		 redirect-all
		 redirect-hw-only
		 redirect-sw-only
	      }
	    }
	  }

   DISPLAY
	show debug
	  drop-redirect-stats

DESCRIPTION
       Debuggability drop redirection feature redirects HW dropped packets to a specified interface. This interface may be set
       using sys db variable debug.hwdropredirect.interface. The feature can also redirect only certain types of drops. This can
       be done by using sys db variable debug.doshwdropredirect.disables.

       Full List of HW Redirect Modes # Disable GlobalDoSVector drop redirects	    bit-0 # Disable sPVADoSVector drop redirects
       bit-1 # Disable sPVAIPBlacklist drop redirects	   bit-2 # Disable sPVAIPRateLimit drop redirects      bit-3 # Disable
       NeuronBlacklist drop redirects	   bit-4 # Disable DuplicateSYN drop redirects	       bit-5

       Once an interface is set-up, redirect-hw-only mode can be enabled as the following example.

EXAMPLES
       modify security debug matcher drop-redirect drop-redirect-mode redirect-hw-only

       Configures dropped packets to be redirected to a specified interface.

BIG-IP							    2018-01-10					 security debug matcher(1)