security debug matcherΒΆ

security debug matcher(1)			  BIG-IP TMSH Manual			    security debug matcher(1)

NAME
       debug - Configures Debuggability drop redirect mode.

MODULE
       security firewall

SYNTAX
       Configure drop redirect feature or display stats using the following syntax.

   MODIFY
	modify debug
	  matcher {
	   drop-redirect {
	     drop-redirect-mode {
		 disable
		 redirect-all
		 redirect-hw-only
		 redirect-sw-only
	      }
	    }
	  }

   DISPLAY
	show debug
	  drop-redirect-stats

DESCRIPTION
       Debuggability drop redirection feature redirects HW dropped packets to a specified interface. This interface
       may be set using sys db variable debug.hwdropredirect.interface. The feature can also redirect only certain
       types of drops. This can be done by using sys db variable debug.doshwdropredirect.disables.

       Full List of HW Redirect Modes # Disable GlobalDoSVector drop redirects	    bit-0 # Disable sPVADoSVector
       drop redirects	     bit-1 # Disable sPVAIPBlacklist drop redirects	 bit-2 # Disable sPVAIPRateLimit drop
       redirects      bit-3 # Disable NeuronBlacklist drop redirects	  bit-4 # Disable DuplicateSYN drop redirects
       bit-5

       Once an interface is set-up, redirect-hw-only mode can be enabled as the following example.

EXAMPLES
       modify security debug matcher drop-redirect drop-redirect-mode redirect-hw-only

       Configures dropped packets to be redirected to a specified interface.

BIG-IP						      2018-01-10			    security debug matcher(1)