security debug matcher

security debug matcher(1)     BIG-IP TMSH Manual     security debug matcher(1)



NAME
       debug - Configures Debuggability drop redirect mode.

MODULE
       security firewall

SYNTAX
       Configure drop redirect feature or display stats using the following
       syntax.

   MODIFY
	modify debug
	  matcher {
	   drop-redirect {
	     drop-redirect-mode {
		 disable
		 redirect-all
		 redirect-hw-only
		 redirect-sw-only
	      }
	    }
	  }

   DISPLAY
	show debug
	  drop-redirect-stats

DESCRIPTION
       Debuggability drop redirection feature redirects HW dropped packets to
       a specified interface. This interface may be set using sys db variable
       debug.hwdropredirect.interface. The feature can also redirect only
       certain types of drops. This can be done by using sys db variable
       debug.doshwdropredirect.disables.

       Full List of HW Redirect Modes # Disable GlobalDoSVector drop redirects
       bit-0 # Disable sPVADoSVector drop redirects	   bit-1 # Disable
       sPVAIPBlacklist drop redirects	   bit-2 # Disable sPVAIPRateLimit
       drop redirects	   bit-3 # Disable NeuronBlacklist drop redirects
       bit-4 # Disable DuplicateSYN drop redirects	   bit-5

       Once an interface is set-up, redirect-hw-only mode can be enabled as
       the following example.

EXAMPLES
       modify security debug matcher drop-redirect drop-redirect-mode
       redirect-hw-only

       Configures dropped packets to be redirected to a specified interface.



BIG-IP				  2018-01-10	     security debug matcher(1)