security debug matcher
security debug matcher(1) BIG-IP TMSH Manual security debug matcher(1)
NAME
debug - Configures Debuggability drop redirect mode.
MODULE
security firewall
SYNTAX
Configure drop redirect feature or display stats using the following syntax.
MODIFY
modify debug
matcher {
drop-redirect {
drop-redirect-mode {
disable
redirect-all
redirect-hw-only
redirect-sw-only
}
}
}
DISPLAY
show debug
drop-redirect-stats
DESCRIPTION
Debuggability drop redirection feature redirects HW dropped packets to a specified interface. This interface
may be set using sys db variable debug.hwdropredirect.interface. The feature can also redirect only certain
types of drops. This can be done by using sys db variable debug.doshwdropredirect.disables.
Full List of HW Redirect Modes # Disable GlobalDoSVector drop redirects bit-0 # Disable sPVADoSVector
drop redirects bit-1 # Disable sPVAIPBlacklist drop redirects bit-2 # Disable sPVAIPRateLimit drop
redirects bit-3 # Disable NeuronBlacklist drop redirects bit-4 # Disable DuplicateSYN drop redirects
bit-5
Once an interface is set-up, redirect-hw-only mode can be enabled as the following example.
EXAMPLES
modify security debug matcher drop-redirect drop-redirect-mode redirect-hw-only
Configures dropped packets to be redirected to a specified interface.
BIG-IP 2018-01-10 security debug matcher(1)