security debug matcher
security debug matcher(1) BIG-IP TMSH Manual security debug matcher(1)
NAME
debug - Configures Debuggability drop redirect mode.
MODULE
security firewall
SYNTAX
Configure drop redirect feature or display stats using the following syntax.
MODIFY
modify debug
matcher {
drop-redirect {
drop-redirect-mode {
disable
redirect-all
redirect-hw-only
redirect-sw-only
}
}
}
DISPLAY
show debug
drop-redirect-stats
DESCRIPTION
Debuggability drop redirection feature redirects HW dropped packets to a specified interface. This interface may be set
using sys db variable debug.hwdropredirect.interface. The feature can also redirect only certain types of drops. This can
be done by using sys db variable debug.doshwdropredirect.disables.
Full List of HW Redirect Modes # Disable GlobalDoSVector drop redirects bit-0 # Disable sPVADoSVector drop redirects
bit-1 # Disable sPVAIPBlacklist drop redirects bit-2 # Disable sPVAIPRateLimit drop redirects bit-3 # Disable
NeuronBlacklist drop redirects bit-4 # Disable DuplicateSYN drop redirects bit-5
Once an interface is set-up, redirect-hw-only mode can be enabled as the following example.
EXAMPLES
modify security debug matcher drop-redirect drop-redirect-mode redirect-hw-only
Configures dropped packets to be redirected to a specified interface.
BIG-IP 2018-01-10 security debug matcher(1)