260 lines
5.3 KiB
YAML
260 lines
5.3 KiB
YAML
external_resources:
|
|
cm:
|
|
## @param external_resources.cm.connection value in [direct, local_cache], default: direct
|
|
##
|
|
connectivity: direct
|
|
direct:
|
|
address: 10.X.X.X
|
|
port: 7002
|
|
local_cache:
|
|
cache_name: tsg_traffic_cm_local_cache_1
|
|
port_num: 1
|
|
|
|
olap:
|
|
kafka_brokers:
|
|
sasl_username:
|
|
sasl_password:
|
|
addresses:
|
|
- address:
|
|
port:
|
|
hos_servers:
|
|
use: yes
|
|
addresses:
|
|
- address:
|
|
port:
|
|
token:
|
|
|
|
nat_gateway:
|
|
address: 10.0.X.X
|
|
connection_table_listen_port: 5671
|
|
data_listen_port: 3544
|
|
|
|
reachability_test_server:
|
|
address: 10.0.Y.Y
|
|
link_table_listen_port: 8888
|
|
connection_table_listen_port: 5672
|
|
data_listen_port: 3542
|
|
|
|
device:
|
|
tags:
|
|
- key1: value1
|
|
- key2: value2
|
|
|
|
session_id_generator:
|
|
snowflake_worker_id_base: 1
|
|
snowflake_worker_id_offset: 1
|
|
|
|
firewall:
|
|
enable: yes
|
|
rapidjson_chunk_capacity: 2048
|
|
enable_smartoffload: no
|
|
|
|
appsketch:
|
|
enable: yes
|
|
builtin_engine: yes
|
|
user_defined_signature: yes
|
|
|
|
encrypt_traffic_identify:
|
|
voice_bahavior_engine: yes
|
|
|
|
sessionrecord:
|
|
enable: yes
|
|
interim_record:
|
|
enable: yes
|
|
intervals_in_sec: 120
|
|
transaction_record:
|
|
enable: yes
|
|
contains_app_id:
|
|
enable: no
|
|
contains_nat_linkinfo:
|
|
enable: no
|
|
contains_dns_resource_record:
|
|
enable: no
|
|
|
|
session_manager:
|
|
tcp_session_max: 20021
|
|
tcp_session_unordered_pkt_max: 128
|
|
tcp_session_timeout_in_sec: 30
|
|
udp_session_timeout_in_sec: 60
|
|
tcp_session_opening_timeout_in_sec: 60
|
|
tcp_session_closing_timeout_in_sec: 30
|
|
udp_session_max: 5021
|
|
tcp_duplicated_packet_filter: yes
|
|
udp_duplicated_packet_filter: yes
|
|
inject_duplicated_packet_filter: yes
|
|
|
|
traffic_mirror:
|
|
enable_raw_traffic: yes
|
|
enable_decrypted_traffic: yes
|
|
|
|
ddos_event:
|
|
enable: yes
|
|
tcp_traffic_report_ratio: 0.0008
|
|
udp_traffic_report_ratio: 0.0008
|
|
icmp_traffic_report_ratio: 0.0008
|
|
dns_traffic_report_ratio: 0.0008
|
|
|
|
packet_capture:
|
|
enable: yes
|
|
|
|
proxy:
|
|
enable: yes
|
|
|
|
voip_record:
|
|
enable_sip: yes
|
|
enable_rtp: yes
|
|
|
|
radius_record:
|
|
enable: yes
|
|
|
|
bgp_record:
|
|
enable: yes
|
|
|
|
gtpc_record:
|
|
enable: yes
|
|
|
|
overload_protection:
|
|
enable: yes
|
|
detect_interval_in_ms: 500
|
|
detect_smooth_avg_window: 2
|
|
detect_threshold_cpu_usages: 90
|
|
recovery_detect_cycle_in_sec: 30
|
|
|
|
wannat:
|
|
enable: yes
|
|
link_table_report_interval: 30
|
|
wan_gateway_listen_port_range_left_edge: 3545
|
|
|
|
vsys_id: 1
|
|
|
|
etherfabric_settings:
|
|
keepalive:
|
|
ip: 10.254.19.1
|
|
mask: 255.255.255.0
|
|
|
|
sapp_affinity: [5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76]
|
|
tfe_affinity: [77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92]
|
|
sce_affinity: [92]
|
|
shaping_affinity: [93]
|
|
pktio_affinity: [94]
|
|
inject_adapter_affinity: [95]
|
|
|
|
tfe_rps_mask: "00000000"
|
|
|
|
nic_policy_log_name: eth0
|
|
nic_raw_name: eth0
|
|
nic_mirror_name:
|
|
firewall: eth0
|
|
proxy: eth0
|
|
|
|
define_enable_val_yes: yes
|
|
define_enable_val_no: no
|
|
|
|
coredump:
|
|
format: "minidump"
|
|
collect: "local"
|
|
sentry_url: "www.testing.com"
|
|
|
|
session_id_generator:
|
|
snowflake_worker_id_base: 1
|
|
snowflake_worker_id_offset: 1
|
|
|
|
decoders:
|
|
DNS: yes
|
|
QUIC: yes
|
|
HTTP: yes
|
|
HTTP_GZIP: yes
|
|
MAIL: yes
|
|
MAIL_BASE64: yes
|
|
FTP: yes
|
|
SSL: yes
|
|
SSL_CERT: yes
|
|
SSL_JA3: yes
|
|
RTP: yes
|
|
SIP: yes
|
|
SSH: yes
|
|
RADIUS: yes
|
|
SOCKS: yes
|
|
STRATUM: yes
|
|
RDP: yes
|
|
BGP: yes
|
|
DTLS: yes
|
|
GTPC: yes
|
|
|
|
configHash: "defaulthash"
|
|
|
|
shaping:
|
|
enable: yes
|
|
inject_adapter:
|
|
enable: yes
|
|
|
|
service_chaining:
|
|
enable: yes
|
|
|
|
sce_config:
|
|
steering_nic: nf_0_sce
|
|
endpoint_nic: endpoint_0_sce
|
|
endpoint_ip: 127.0.0.1
|
|
endpoint_gateway: 127.0.0.1
|
|
endpoint_netip: 127.0.0.1
|
|
endpoint_mask: 24
|
|
affinity: [1]
|
|
|
|
proxy_config:
|
|
proxy_nic: nf_1_proxy
|
|
|
|
sid:
|
|
firewall: 1000
|
|
proxy: 1001
|
|
sce: 1002
|
|
shaping: 1003
|
|
|
|
shaping_config:
|
|
shaping_nic: nf_1_shaping_engine
|
|
|
|
inject_adapter_config:
|
|
inject_adapter_nic: nf_1_shaping_engine
|
|
|
|
app_symbol_index: 1
|
|
distmode: 2
|
|
|
|
debug:
|
|
firewall:
|
|
enable_liveness_probe: yes
|
|
enable_interactive_startup: no
|
|
enable_prestart_script: no
|
|
enable_mount_host_filesystem: no
|
|
#default: /etc/tsg-os/${service_function_name}/firewall_prestart_script.sh
|
|
prestart_script: ""
|
|
proxy:
|
|
enable_liveness_probe: yes
|
|
enable_interactive_startup: no
|
|
enable_prestart_script: no
|
|
enable_mount_host_filesystem: no
|
|
#default: /etc/tsg-os/${service_function_name}/proxy_prestart_script.sh
|
|
prestart_script: ""
|
|
service_chaining:
|
|
enable_liveness_probe: yes
|
|
enable_interactive_startup: no
|
|
enable_prestart_script: no
|
|
enable_mount_host_filesystem: no
|
|
#default: /etc/tsg-os/${service_function_name}/service_chaining_prestart_script.sh
|
|
prestart_script: ""
|
|
shaping:
|
|
enable_liveness_probe: yes
|
|
enable_interactive_startup: no
|
|
enable_prestart_script: no
|
|
enable_mount_host_filesystem: no
|
|
#default: /etc/tsg-os/${service_function_name}/shaping_prestart_script.sh
|
|
prestart_script: ""
|
|
inject_adapter:
|
|
enable_liveness_probe: yes
|
|
enable_interactive_startup: no
|
|
enable_prestart_script: no
|
|
enable_mount_host_filesystem: no
|
|
#default: /etc/tsg-os/${service_function_name}/shaping_prestart_script.sh
|
|
prestart_script: ""
|
|
|
|
session_flags:
|
|
enable: yes
|