VERSION {500}
MR { 1 }

#
# ATTRIBUTE SYNTAX DESCRIPTION:
#
# datasource: "<table_gid>,<table_gid>"
#            data are sourced from another table object
#
# parseflag: "attribute1,attribute2,..."
#           hidden        -> dont prompt any hint to user
#           movable       -> make the table entry to be moveable
#           must          -> force check the value no matter if the attribute is changed
#           readonly      -> the command is readonly
#           skip          -> the command is not available
#           unchangable   -> the command is not changeable after set
#           keeporder     -> dont alphabetically sort the children when prompting helpmsg
#           static        -> cannot add or delete entry for the table object
#           resourcequota -> setting checked with the resources, such as disk or memory
#
# VALIDATE:  <type> <level|value>;
#           type could be REGEX|RANGE|IP_ADDRESS|IP_ADDRESS_MASK|ISDOMAIN|HOSTNAME|EMAIL_ADDRESS|
#                              URL|USA_SIN|NO_XSS
#           level could be RELAXED|STRICT|ULTIMATE
#
# fmg_not_sync:
# ha_not_sync:  0 -> sync for ha and haconf (default); sync always
#               1 -> half sync object
#               2 -> sync for none; don't sync
#
# condition:  <gid>:<operator>:<value>
#             operator could be eq|ne|lt|le|gt|ge|EQ|NE|LT|LE|GT|GE (capital means AND)
#             extenstion: ba|BA(bit and capital means AND)
#
# filter:  <gid>:<operator>:<arg1>:<arg2>
#            operator could be (capital means AND):
#					eq :  <gid>.value == <arg1>                     => arg1 is value
#					geq :  <gid>.value == <arg1>.value              => arg1 is gid
#					gop :  <gid>.value + <arg2> == <arg1>.value     => arg1 is gid, arg2 is value
# signed_int: signed int
# defaultval: set default value
# subnet_type: network -> with ip correction. ip.saved = ip & mask  (default)
#              host    -> no ip correction. ip must not be ip&mask


# CHOICES 
#	name == value:operator:bit_mask:help
#	     	operator: SET/UNSET/OVERW
#			SET: dst &= ~bit_mask;dst |= value
#			UNSET: dst &= ~value
#			OVERW: dst = value

# move before system global, because system.global default-certificate need
# use this

# MACRO:           $[a-zA-Z][a-zA-Z0-9_]* macro defined on syntax_macro.c
# PLATFORM_VALUES: @{platform_conds:value;...}
#   platforms lists (sequence defined in include/cfgcommon.h PlatIdx):
#     'FWB_Beg' 'FWB_400B' 'FWB_400C' 'FWB_1000B' 'FWB_1000C' 'FWB_3000C' 'FWB_3000CFSX' 'FWB_4000C' 'FWB_VM'
#		'FWB_End'
#   other platform_conds : 'all' 'debug' 'release' '32b' '64b'
#   platform_conds can also support '&' '|' and '()', like '32b&(FWB_400B-FWB_3000C)' means 32bit build from 400B to 3000C
#   the right platform_conds value will overwrite left platform_conds value
#on GUI, this class's java data is under directory for shared

GLOBAL TABLE "system hsm partition" "hsm partition " 9341 {
	ha_not_sync = 2;
#	condition = 128:EQ:1;
	TABLENAME STRING "name" "name" 9342 {
		VALIDATE NO_XSS RELAXED ;
		brieflist = 1 ;
	        ATTR PASSWD "password" "password" 9343 {
		brieflist = 1;
	        }
	}	
}
GLOBAL TABLE "system admin-certificate local" "local certificate file" 9360 {
	TABLENAME STRING "name" "admin-certificate name" 9361 {
		VALIDATE NO_XSS RELAXED;
		brieflist = 1;
		ATTR OPTION "type" "admin-certificate type" 9362 {
			CHOICES {
				certificate == 1;
			}
			defaultval = certificate;
			brieflist = 1;
		}
		ATTR OPTION "status" "admin-certificate status" 9363{
			CHOICES {
					ok == 1;
			}
			defaultval = ok;
			brieflist = 1;
		}
		ATTR STRING "comment" "comment of this certificate" 9364 {
			brieflist = 1;
		}
		ATTR OPTION "flag" "flag of this certificate" 9365 {
			CHOICES {
				0 == 0;
			}
		}
		ATTR USER "certificate" "certificate PEM format string" 9366 {
		}
		ATTR USER "private-key" "private-key PEM format string" 9367 {
			#brieflist = 1;
		}
		ATTR PASSWD "passwd" "private-key password" 9368 {
			#parseflag = "hidden";
		}
	}
}

DOMAIN TABLE "system certificate sign-ca" "local sign-ca" 9380 {
	TABLENAME STRING "name" "sign-ca name" 9381 {
		VALIDATE NO_XSS RELAXED;
		brieflist = 1;
		ATTR OPTION "type" "sign-ca type" 9382 {
			CHOICES {
				certificate == 1;
			}
			defaultval = certificate;
			brieflist = 1;
		}
		ATTR OPTION "status" "sign-ca status" 9383{
			CHOICES {
					ok == 1;
					na == 2;
					pending == 3;
			}
			defaultval = ok;
			brieflist = 1;
		}
		ATTR STRING "comment" "comment of this certificate" 9384 {
			brieflist = 1;
		}
		ATTR INT "flag" "flag of this certificate" 9385 {
		}
		ATTR USER "certificate" "certificate PEM format string" 9386 {
		}
		ATTR USER "private-key" "private-key PEM format string" 9387 {
		}
		ATTR PASSWD "passwd" "private-key password" 9388 {
		}
	}
}

# For ws-security
DOMAIN TABLE "system certificate xml-server-certificate" "XML server certificate" 10200 { 
	TABLENAME STRING "name" "certificate name" 10201 { 
		VALIDATE NO_XSS RELAXED;
		brieflist = 1;
		ATTR USER "certificate" "certificate PEM format string" 10202 {
		}
		ATTR USER "private-key" "private-key PEM format string" 10203 {
		}
		ATTR PASSWD "passwd" "private-key password" 10204 {
		} 
	} 
}

DOMAIN TABLE "system certificate xml-client-certificate" "XML client certificate" 10210 { 
	TABLENAME STRING "name" "certificate name" 10211 { 
		VALIDATE NO_XSS RELAXED;
		brieflist = 1;
		ATTR USER "certificate" "certificate PEM format string" 10212 {
		}
		ATTR USER "secret-key" "secret key string for hmac signature" 10213 {
		}
	}
}

DOMAIN TABLE "system certificate xml-client-certificate-group" "XML client certificate group" 10220 { 
	TABLENAME STRING "name" "name" 10221 { VALIDATE 
		NO_XSS RELAXED;
		brieflist = 1;
		TABLE "members" "members" 10222 { 
			TABLENAME INT "<No.>" "The number of group members" 10223 { 
				ATTR DATASOURCE "name" "name " 10224 { 
					brieflist = 1;
					datasource = "10210"; 
				} 
			} 
		} 
	} 
} 

DOMAIN TABLE "system certificate local" "local certificate file" 870 {
	TABLENAME STRING "name" "certificate name" 871 {
		VALIDATE NO_XSS RELAXED;
		brieflist = 1;
		ATTR OPTION "type" "certificate type" 872 {
			CHOICES {
				certificate == 1;
				csr == 2;
			}
			defaultval = certificate;
			brieflist = 1;
		}
		ATTR OPTION "status" "certificate status" 873 {
			CHOICES {
					ok == 1;
					na == 2;
					pending == 3;
			}
			defaultval = ok;
			brieflist = 1;
		}
		#ATTR PASSWD "password" "certificate password" 874 {
		#	brieflist = 1;
		#}
		ATTR STRING "comment" "comment of this certificate" 875 {
			brieflist = 1;
		}
		ATTR INT "flag" "flag of this certificate" 876 {
		}
		ATTR OPTION "is-hsm" "flag hsm type certificate" 878 {
			ha_not_sync = 2;
			CHOICES {
				    no == 0;
				    yes == 1;
		        }		    
                        defaultval = no ;
                        brieflist = 1;
	        }
                ATTR DATASOURCE "partition-number" "hsm partition number" 879 {
			ha_not_sync = 2;
                       datasource = "9341" ;
                }
		ATTR USER "certificate" "certificate PEM format string" 895 {
		}
		ATTR USER "private-key" "private-key PEM format string" 896 {
			#brieflist = 1;
		}
		ATTR PASSWD "passwd" "private-key password" 897 {
			#parseflag = @{all=hidden};
		}
		#ATTR OPTION "is-from-csr" "the certificate generate by Certificate Signing Request" 889 {
		#	CHOICES {
		#		no == 0;
		#		yes == 1;
		#	}
		#	defaultval = no ;
		#	brieflist = 1 ;
		#}
	}
}

DOMAIN TABLE "system certificate multi-local" "multi local certificate" 1014 {
	TABLENAME STRING "name" "name" 1015 {
		VALIDATE NO_XSS RELAXED;
		brieflist =1;
		ATTR STRING "comment" "comment of this multi certificate" 1016 {
			brieflist = 1;
		}
		ATTR DATASOURCE "rsa-cert" "rsa cert " 1017 {
			brieflist =1;
			datasource = "870";
		}
		ATTR DATASOURCE "dsa-cert" "dsa cert " 1018 {
			brieflist =1;
			datasource = "870";
		}
		ATTR DATASOURCE "ecc-cert" "ecc cert " 1019 {
			brieflist =1;
			datasource = "870";
		}
	}
}

GLOBAL COMPLEX "system global" "system global configuration" 100 {
	ha_not_sync = 1;
	ATTR STRING "hostname" "appliance\'s host name" 101 {
		VALIDATE HOSTNAME RELAXED;
		ha_not_sync = 2;
		brieflist = 1;
		defaultval = "FortiWeb";
	}
	ATTR OPTION_EN "adom-admin" "enable/disable " 102 {
		parseflag = @{all=null;FWB_400B|FWB_1000B|FWB_100D|FWB_VM_PAYG|FWB_KVM_PAYG|FWB_DOCKER=skip};
		defaultval = disable;
		brieflist = 1;
	}
	
	ATTR INT "admin-port" "admin access http port <1, 65535>" 105 {
		VALIDATE RANGE 1:65535;
		defaultval = @{all=80;FWB_AZURE_ONDEMAND|FWB_AZURE|FWB_AZRCLD|FWB_XENAWS|FWB_AWSCLD|FWB_XENAWS_ONDEMAND|FWB_GCP|FWB_GCP_ONDEMAND|FWB_OCI|FWB_OCI_ONDEMAND=8080};
		brieflist = 1;
	}
	ATTR INT "confsync-port" "config sync service port <1, 65535>" 106 {
		VALIDATE RANGE 1:65535;
		defaultval = 995;
		brieflist = 1;
	}
	ATTR INT "admin-sport" "admin access https port <1, 65535>" 107 {
		VALIDATE RANGE 1:65535;
		defaultval = @{all=443;FWB_AZURE_ONDEMAND|FWB_AZURE|FWB_AZRCLD|FWB_XENAWS|FWB_AWSCLD|FWB_XENAWS_ONDEMAND|FWB_GCP|FWB_GCP_ONDEMAND|FWB_OCI|FWB_OCI_ONDEMAND=8443};
		brieflist = 1;
	}
	ATTR OPTION_EN "cli-signature" "CLI added signature:enable/disable" 111 {
		defaultval = disable;
		brieflist = 1;
	}
	ATTR OPTION_EN "dst" "enable/disable daylight saving time" 112 {
		defaultval = disable;
		brieflist = 1;
	}
	ATTR OPTION_EN "ie6workaround" "enable/disable workaround navigation bar freeze on IE6" 113 {
		defaultval = disable;
		brieflist = 1;
	}
	ATTR INT "admintimeout" "Set the idle time-out for firewall administration" 114 {
		defaultval = 5;
		brieflist = 1;
	}
	ATTR INT "refresh" "Statistics refresh interval in Web Interface" 115 {
		VALIDATE RANGE 1:LONG_MAX;
		defaultval = 80;
		brieflist = 1;
	}
	ATTR OPTION "timezone" "time zone" 116 {
		brieflist = 1;
		CHOICES {
			00 == 0 ::: "(GMT-12:00)Eniwetok,Kwajalein";
			01 == 1 ::: "(GMT-11:00)Midway Island, Samoa";
			02 == 2 ::: "(GMT-10:00)Hawaii";
			03 == 3 ::: "(GMT-9:00)Alaska";
			04 == 4 ::: "(GMT-8:00)Pacific Time(US&Canada)";
			05 == 5 ::: "(GMT-7:00)Arizona";
			06 == 6 ::: "(GMT-7:00)Mountain Time(US&Canada)";
			07 == 7 ::: "(GMT-6:00)Central America";
			08 == 8 ::: "(GMT-6:00)Central Time(US&Canada)";
			09 == 9 ::: "(GMT-6:00)Mexico City";
			10 == 10 ::: "(GMT-6:00)Saskatchewan";
			11 == 11 ::: "(GMT-5:00)Bogota,Lima,Quito";
			12 == 12 ::: "(GMT-5:00)Eastern Time(US & Canada)";
			13 == 13 ::: "(GMT-5:00)Indiana(East)";
			14 == 14 ::: "(GMT-4:00)Atlantic Time(Canada)";
			15 == 15 ::: "(GMT-4:00)Caracas,La Paz";
			16 == 16 ::: "(GMT-4:00)Santiago";
			17 == 17 ::: "(GMT-3:30)Newfoundland";
			18 == 18 ::: "(GMT-3:00)Brasilia";
			19 == 19 ::: "(GMT-3:00)Buenos Aires, Georgetown";
			20 == 20 ::: "(GMT-3:00)Greenland";
			21 == 21 ::: "(GMT-2:00)Mid-Atlantic";
			22 == 22 ::: "(GMT-1:00)Azores";
			23 == 23 ::: "(GMT-1:00)Cape Verde Is.";
			24 == 24 ::: "(GMT)Casablanca, Monrouia";
			25 == 25 ::: "(GMT)Greenwich Mean Time: Dublin,Edinburgh,Lisbon,London";
			26 == 26 ::: "(GMT+1:00)Amsterdam,Berlin,Bern,Rome,Stockholm,Vienna";
			27 == 27 ::: "(GMT+1:00)Belgrade,Bratislava,Budapest,Ljubljana,Prague";
			28 == 28 ::: "(GMT+1:00)Brussels,Copenhagen,Madrid,Paris";
			29 == 29 ::: "(GMT+1:00)Rundu,Swakopmund,Walvis Bay,Windhoek";
			30 == 30 ::: "(GMT+1:00)Sarajevo,Skopje,Sofija,Vilnius,Warsaw,Zagreb";
			31 == 31 ::: "(GMT+1:00)West Central Africa";
			32 == 32 ::: "(GMT+2:00)Athens";
			33 == 33 ::: "(GMT+2:00)Bucharest";
			34 == 34 ::: "(GMT+2:00)Cairo";
			35 == 35 ::: "(GMT+2:00)Harare,Pretoria";
			36 == 36 ::: "(GMT+2:00)Helsinki,Riga,Tallinn";
			37 == 37 ::: "(GMT+2:00)Jerusalem";
			38 == 38 ::: "(GMT+3:00)Baghdad";
			39 == 39 ::: "(GMT+3:00)Kuwait,Riyadh";
			40 == 40 ::: "(GMT+3:00)Moscow,St.Petersburg,Volgograd,Minsk";
			41 == 41 ::: "(GMT+3:00)Nairobi";
			75 == 75 ::: "(GMT+3:00)Istanbul";
			42 == 42 ::: "(GMT+3:30)Tehran";
			43 == 43 ::: "(GMT+4:00)Abu Dhabi,Muscat";
			44 == 44 ::: "(GMT+4:00)Baku,Tbilisi,Yerevan";
			45 == 45 ::: "(GMT+4:30)Kabul";
			46 == 46 ::: "(GMT+5:00)Ekaterinburg";
			47 == 47 ::: "(GMT+5:00)Islamabad,Karachi,Tashkent";
			48 == 48 ::: "(GMT+5:30)Calcutta,Chennai,Mumbai,New Delhi";
			49 == 49 ::: "(GMT+5:45)Kathmandu";
			50 == 50 ::: "(GMT+6:00)Astana,Dhaka";
			51 == 51 ::: "(GMT+6:00)Almaty,Novosibirsk";
			52 == 52 ::: "(GMT+6:00)Sri Jayawardenepara";
			53 == 53 ::: "(GMT+6:30)Rangoon";
			54 == 54 ::: "(GMT+7:00)Bangkok,Hanoi,Jakarta";
			55 == 55 ::: "(GMT+7:00)Krasnoyarsk";
			56 == 56 ::: "(GMT+8:00)Beijing,ChongQing,HongKong,Urumgi";
			57 == 57 ::: "(GMT+8:00)Irkutsk,Ulaan Bataar";
			58 == 58 ::: "(GMT+8:00)Kuala Lumpur,Singapore";
			59 == 59 ::: "(GMT+8:00)Perth";
			60 == 60 ::: "(GMT+8:00)Taipei";
			61 == 61 ::: "(GMT+9:00)Osaka,Sapporo,Tokyo,Seoul";
			62 == 62 ::: "(GMT+9:00)Yakutsk";
			63 == 63 ::: "(GMT+9:30)Adelaide";
			64 == 64 ::: "(GMT+9:30)Darwin";
			65 == 65 ::: "(GMT+10:00)Brisbane";
			66 == 66 ::: "(GMT+10:00)Canberra,Melbourne,Sydney";
			67 == 67 ::: "(GMT+10:00)Guam,Port Moresby";
			68 == 68 ::: "(GMT+10:00)Hobart";
			69 == 69 ::: "(GMT+10:00)Vladivostok";
			70 == 70 ::: "(GMT+11:00)Magadan";
			71 == 71 ::: "(GMT+11:00)Solomon Is.,New Caledonia";
			72 == 72 ::: "(GMT+12:00)Auckland,Wellington";
			73 == 73 ::: "(GMT+12:00)Fiji,Kamchatka,Marshall Is.";
			74 == 74 ::: "(GMT+13:00)Nuku\'alofa";
		}
		defaultval=04;
	}
	ATTR STRING "ntpserver" "IP address/hostname of NTP Server" 117 {
		parseflag = @{all=null;FWB_DOCKER=skip};
		#VALIDATE URL RELAXED;
		brieflist = 1;
		defaultval = "pool.ntp.org";
	}
	ATTR OPTION_EN "ntpsync" "enable/disable synchronization with NTP Server" 118 {
		parseflag = @{all=null;FWB_DOCKER=skip};
		defaultval = enable;
		brieflist = 1;
	}
	ATTR INT "syncinterval" "NTP synchronization interval" 119 {
		VALIDATE RANGE 1:1440;
		defaultval = 60;
		brieflist = 1;
	}
	ATTR OPTION "language" "GUI display language" 120 {
		brieflist = 1;
		defaultval = english;
		CHOICES {
			english == 1 ::: "English";
			simch == 2 ::: "Simplified Chinese";
			japanese == 3 ::: "Japanese";
			korean == 4 ::: "korean";
			spanish == 5 ::: "Spanish";
			trach == 6 ::: "Traditional Chinese";
			french == 7 ::: "French";
		}
	}
	ATTR INT "auth-timeout" "auth timeout (1-60000 milliseconds)" 122 {
		brieflist = 1;
		VALIDATE RANGE 1:60000;
		defaultval = 2000;
	}
        ATTR OPTION "dh-params" "minimum size of Diffie-Hellman prime for HTTPS/SSH (in bits)" 124 { 
                CHOICES {
                        1024 == 1024;
                        1536 == 1536; 
                        2048 == 2048;
                        3072 == 3072; 
                        4096 == 4096; 
                        6144 == 6144; 
                        8192 == 8192;
                }
                defaultval = 2048;
                brieflist = 1;
        }
	ATTR OPTION_EN "tftp" "enable/disable TFTP" 125 {
		defaultval = enable;
		brieflist = 1;
	}
	ATTR OPTION_EN "pre-login-banner" "enable/disable pre-login-banner" 126 {
	        defaultval = disable;
	        brieflist = 1;
	}
	ATTR OPTION_EN "maintainer-user" "enable/disable maintainer user" 129 {
		brieflist = 1;
		defaultval = @{all=enable};
		parseflag = "skip";
	}
	#ATTR OPTION_EN "ssh-fips" "enable/disable openssh fips" 130 {
	#	brieflist = 1;
	#	defaultval = @{all=enable};
	#}	
	ATTR OPTION_EN "admin-https-pki-required" "enable/disable Admin users must provide a valid certificate." 132 {
		defaultval = disable;
		brieflist = 1;
	}
	ATTR DATASOURCE "https-certificate" "https certificate " 133 {
		datasource = "9360";
		brieflist = 1;
		parseflag = "must";
	}
	ATTR OPTION_EN "fds-proxy" "enable/disable fds proxy" 134{
		parseflag = @{all=null;FWB_VM_PAYG|FWB_XENAWS_ONDEMAND|FWB_GCP_ONDEMAND|FWB_AZURE_ONDEMAND|FWB_KVM_PAYG|FWB_CMINTF|FWB_OCI_ONDEMAND=skip};
		brieflist = 1;
		defaultval = disable ;
	}	
	ATTR OPTION_EN "record-cli-fail-cmd" "enable/disable record cli fail cmd" 135 {
		defaultval = enable;
		brieflist = 1;
	}
	ATTR OPTION_EN "force-us-only" "enable/disable USG only" 136 {
		defaultval = disable;
		brieflist = 1;
	}
	ATTR INT "admin-lockout-threshold" "account lockout threshold of login failure." 137 {
		VALIDATE RANGE 1:10;
		defaultval = 3;
		brieflist = 1;
	}
	ATTR INT "admin-lockout-duration" "account lockout duration" 138 {
		VALIDATE RANGE 1:2147483647;
		defaultval = 60;
		brieflist = 1;
	}
	ATTR INT "docker-meter-interval" "docker meter interval second <1, 900>" 139 {
		parseflag = @{all=skip;FWB_DOCKER=null};
		VALIDATE RANGE 1:900;
		defaultval = 600;
		brieflist = 1;
	}
    ATTR INT "cert-expire-check-time" "certificate expiration check time day <0, 365>" 140 {
		VALIDATE RANGE 0:365;
		defaultval = 0;
		brieflist = 1;
	}
}

GLOBAL COMPLEX "system centmgmt" "Cent Mgmt Server" 150 {
	parseflag = @{all=skip;FWB_VM_PAYG|FWB_KVM_PAYG=null};
	ATTR STRING "serveraddr" "Cent Mgmt Serveraddr" 151 {
		VALIDATE HOSTNAME RELAXED;
		brieflist = 1;
	}
	ATTR INT "sslflag" "Ssl Flag" 152 {
		brieflist = 1;
		defaultval = 1;
	}
	ATTR INT "port" "Cent Mgmt Port" 153 {
		brieflist = 1;
		defaultval = 8890;
	}
	ATTR INT "meterinterval" "send meter info interval seconds: between 120 and 360 seconds" 154{
		VALIDATE RANGE 120:360;
		brieflist = 1;
		defaultval = 300;
	}
}

GLOBAL TABLE "system accprofile" "configure system admin access group" 280 {
	TABLENAME STRING "name" "profile name" 281 {
		VALIDATE NO_XSS RELAXED;
		ATTR OPTION "mntgrp" "Access permission for maintain group policy/profile" 282 {
                        CHOICES {
                                none == 0 ::: "no access";
                                r == 1 ::: "read access";
                                rw == 3 ::: "read/write access";
                        }
                        defaultval = none;
                        brieflist = 1;
                }
		ATTR OPTION "admingrp" "Access permission for admin group policy/profile" 283 {
			CHOICES {
				none == 0 ::: "no access";
				r == 1 ::: "read access";
				rw == 3 ::: "read/write access";
			}
			defaultval = none;
			brieflist = 1;
		}
		ATTR OPTION "sysgrp" "Access permission for system group policy/profile" 284 {
                        CHOICES {
                                none == 0 ::: "no access";
                                r == 1 ::: "read access";
                                rw == 3 ::: "read/write access";
                        }
                        defaultval = none;
                        brieflist = 1;
                }
		ATTR OPTION "netgrp" "Access permission for network group policy/profile" 285 {
                        CHOICES {
                                none == 0 ::: "no access";
                                r == 1 ::: "read access";
                                rw == 3 ::: "read/write access";
                        }
                        defaultval = none;
                        brieflist = 1;
                }
		ATTR OPTION "loggrp" "Access permission for log group policy/profile" 286 {
                        CHOICES {
                                none == 0 ::: "no access";
                                r == 1 ::: "read access";
                                rw == 3 ::: "read/write access";
                        }
                        defaultval = none;
                        brieflist = 1;
                }
		ATTR OPTION "authusergrp" "Access permission for auth user group policy/profile" 288 {
                        CHOICES {
                                none == 0 ::: "no access";
                                r == 1 ::: "read access";
                                rw == 3 ::: "read/write access";
                        }
                        defaultval = none;
                        brieflist = 1;
                }
		ATTR OPTION "traroutegrp" "Access permission for traffic route group policy/profile" 289 {
                        CHOICES {
                                none == 0 ::: "no access";
                                r == 1 ::: "read access";
                                rw == 3 ::: "read/write access";
                        }
                        defaultval = none;
                        brieflist = 1;
                }
		ATTR OPTION "wafgrp" "Access permission for waf group policy/profile" 291 {
                        CHOICES {
                                none == 0 ::: "no access";
                                r == 1 ::: "read access";
                                rw == 3 ::: "read/write access";
                        }
                        defaultval = none;
                        brieflist = 1;
                }
		ATTR OPTION "wadgrp" "Access permission for wad group policy/profile" 293 {
                        CHOICES {
                                none == 0 ::: "no access";
                                r == 1 ::: "read access";
                                rw == 3 ::: "read/write access";
                        }
                        defaultval = none;
                        brieflist = 1;
                }
		ATTR OPTION "wvsgrp" "Access permission for wvs group policy/profile" 294 {
                        CHOICES {
                                none == 0 ::: "no access";
                                r == 1 ::: "read access";
                                rw == 3 ::: "read/write access";
                        }
                        defaultval = none;
                        brieflist = 1;
                }
		ATTR OPTION "mlgrp" "Access permission for ml group policy/profile" 295 {
                        CHOICES {
                                none == 0 ::: "no access";
                                r == 1 ::: "read access";
                                rw == 3 ::: "read/write access";
                        }
                        defaultval = none;
                        brieflist = 1;
                }
	}
}

GLOBAL TABLE "system dashboard" "system dashboard" 330 {
	parseflag = "static";
	TABLENAME STRING "name" "dashboard name" 331 {
		ATTR STRING "help" "dashboard help" 332 {
			
		}
	}
}

GLOBAL COMPLEX "system fds proxy override" "system fds proxy override" 430 { 
	condition = 134:EQ:1;
	ATTR OPTION_EN "override_switch" "enable/disable FDS server override switch" 431 {
		defaultval = disable;
	}
	ATTR STRING "address" "set the FDS override server address" 432 {
		#condition = 431:EQ:1;
		#brieflist = 1;
	}
}

GLOBAL COMPLEX "system fds proxy schedule" "system fds proxy poll schedule" 470 {
	condition = 134:EQ:1;
	parseflag = "keeporder";
	ATTR OPTION_EN "status" "enable/disable scheduled updates" 471 { 
	}
	ATTR OPTION "frequency" "configure the poll fequency" 472 {
		 CHOICES {
			 	every == 0 ::: "time interval";
				daily == 1 ::: "every day";
				weekly == 2 ::: "every week";
		 }
		 defaultval = daily;
	}
	ATTR USER "time" "configure the poll time" 473 {
		#parseflag = "must";
	}	
	ATTR OPTION "day" "configure the poll fequency" 474 {
		CHOICES {
			Sunday    == 0 ::: "update every Sunday";
			Monday    == 1 ::: "update every Monday";
			Tuesday   == 2 ::: "update every Tuesday";
			Wednesday == 3 ::: "update every Wednesday"; 
			Thursday  == 4 ::: "update every Thursday";
			Friday    == 5 ::: "update every Friday";
			Saturday  == 6 ::: "update every Saturday";
		}
		defaultval = Monday;
		condition = 472:eq:2;
	}
}	

GLOBAL TABLE "user ldap-user" "ldap users" 1020 {
	TABLENAME STRING "name" "name" 1021 {
		VALIDATE NO_XSS RELAXED;
		brieflist = 1;
		ATTR STRING "server" "LDAP server (IP or domain)" 1022 {
			parseflag = "must";
			brieflist = 1;
		}
		ATTR INT "port" "LDAP server port" 1023 {
			defaultval = 389;
			brieflist = 1;
			VALIDATE RANGE 1:65535;
		}
		ATTR STRING "common-name-id" "common name id" 1024 {
			parseflag = "must";
			VALIDATE NO_XSS RELAXED;
			brieflist = 1;
		}
		ATTR STRING "distinguished-name" "distinguished name" 1025 {
			parseflag = "must";
			VALIDATE NO_XSS RELAXED;
			brieflist = 1;
		}
		ATTR OPTION "bind-type" "bind type" 1026 {
			CHOICES {
				simple == 1;
				regular == 2;
				anonymous == 3;
			}
			defaultval = simple;
			brieflist = 1;
		}
		ATTR OPTION_EN "ssl-connection" "SSL connection" 1027 {
			defaultval = enable;
			brieflist = 1;
		}
		ATTR OPTION "protocol" "" 1028 {
			CHOICES {
				ldaps == 1;
				starttls == 2;
			}
			defaultval = ldaps;
			brieflist = 1;
		}
		ATTR STRING "username" "" 1029 {
			VALIDATE NO_XSS RELAXED;
			brieflist = 1;
		}
		ATTR PASSWD "password" "" 1030 {
			brieflist = 1;
		}
		ATTR STRING "filter" "" 1031 {
			brieflist = 1;
		}
		ATTR OPTION_EN "group_authentication" "" 1032 {
			defaultval = enable;
			brieflist = 1;
		}
		ATTR OPTION "group_type" "" 1033 {
			CHOICES {
				open-ldap == 1;
				windows-ad == 2;
				edirectory == 3;
			}
			defaultval = open-ldap;
			brieflist = 1;
		}
		ATTR STRING "group_dn" "" 1034 {
			VALIDATE NO_XSS RELAXED;
			brieflist = 1;
		}
	}
}

GLOBAL TABLE "user radius-user" "radius users" 1040 {
	TABLENAME STRING "name" "name" 1041 {
		VALIDATE NO_XSS RELAXED;
		ATTR STRING "server" "server (IP or domain)" 1042 {
			parseflag = "must";
			brieflist = 1;
		}
		ATTR INT "server-port" "server port" 1043 {
			defaultval = 1812;
			VALIDATE RANGE 1:65535;
		}
		ATTR PASSWD "secret" "secret" 1044 {
			VALIDATE NO_XSS RELAXED;
			parseflag = "must";
		}
		ATTR STRING "secondary-server" "server (IP or domain)" 1045 {
			brieflist = 1;
		}
		ATTR INT "secondary-server-port" "secondary server port" 1046 {
			defaultval = 1812;
			VALIDATE RANGE 1:65535;
		}
		ATTR PASSWD "secondary-secret" "secondary secret" 1047 {
			VALIDATE NO_XSS RELAXED;
		}
		ATTR IPADDR "nas-ip" "nas IP" 1048 {
			brieflist = 1;
			subnet_type = network;
		}
		ATTR OPTION "auth-type" "auth type" 1049 {
			CHOICES {
				default == 0;
				chap == 1;
				ms_chap == 2;
				ms_chap_v2 == 3;
				pap == 4;
			}
			defaultval = default;
		}
	}
}

GLOBAL TABLE "user tacacs+-user" "tacacs+ users" 1200 {
        TABLENAME STRING "name" "name of config" 1201 {
                VALIDATE NO_XSS RELAXED;
                ATTR STRING "server" "server (IP or domain name)" 1202 {
                        parseflag = "must";
                        brieflist = 1;
                }
                ATTR PASSWD "secret" "secret" 1203 {
                        VALIDATE NO_XSS RELAXED;
                        parseflag = "must";
                }
                ATTR OPTION "auth-type" "auth type" 1204 {
                        CHOICES {
                                auto    == 0;
                                ms_chap == 1;
                                chap    == 2;
                                pap     == 3;
                                ascii   == 4;
                        }
                        defaultval = auto;
                }
        }
}

DOMAIN TABLE "system certificate ca" "ca certificate file" 890 {
	TABLENAME STRING "name" "certificate name" 891 {
		VALIDATE NO_XSS RELAXED;
		brieflist = 1;
		ATTR USER "certificate" "ca certificate PEM format string" 893 {
		}
	}
}

DOMAIN TABLE "system certificate tsl-ca" "tsl ca certificate file" 885 {
	TABLENAME STRING "name" "tsl name" 886 {
		VALIDATE NO_XSS RELAXED;
		brieflist = 1;
		ATTR OPTION "type" "tsl upload type" 888 {
			CHOICES {
				file == 1 ::: "upload by file";
				url == 2 ::: "upload by url";
			}
			defaultval = file;
			brieflist = 1;
		}
		ATTR STRING "distribute-url" "tsl distribute url" 889 {
			VALIDATE URL RELAXED;
			brieflist = 1;
		}
		ATTR INT "update-flag" "tsl update flag" 894 {
			parseflag = "hidden";
			brieflist = 1;
			defaultval = 0;
		}
	}
}

GLOBAL TABLE "system admin-certificate ca" "admin ca certificate file" 9370 {
	TABLENAME STRING "name" "admin-certificate name" 9371 {
		VALIDATE NO_XSS RELAXED;
		brieflist = 1;
		ATTR USER "certificate" "ca certificate PEM format string" 9373 {
		}
	}
}

DOMAIN TABLE "system certificate ocsp-stapling" "ocsp stapling certificate configuration" 880 {
	TABLENAME STRING "name" "certificate name" 881 {
		VALIDATE NO_XSS RELAXED;
		brieflist = 1;
		ATTR DATASOURCE "certificate" "certificate" 884 {
			parseflag = "must";
			datasource = "890";
		}
		ATTR DATASOURCE "local-cert" "local-cert" 898 {
			parseflag = "must";
			datasource = "870";
		}
		ATTR STRING "ocsp_url" "ocsp URL" 882 {
			VALIDATE URL RELAXED;
			brieflist = 1;
			parseflag = "must";
		}
		ATTR STRING "comment" "comment of this certificate" 883 {
			brieflist = 1;
		}
	}
}

GLOBAL TABLE "user pki-user" "pki user" 1004 {
	TABLENAME STRING "name" "name" 1005 {
		VALIDATE NO_XSS RELAXED;
		brieflist = 1;
		ATTR DATASOURCE "cacert" "ca certificate" 1006 {
			datasource = "9370";
			parseflag = "must";
			brieflist = 1;
		}	
		ATTR STRING "subject" "subject" 1007 {
			brieflist = 1;
		}
	}
}

GLOBAL TABLE "user admin-usergrp" "user admin-usergrp" 1070 {
	TABLENAME STRING "name" "name" 1071 {
		VALIDATE NO_XSS RELAXED;
		brieflist = 1;
		TABLE "members" "members" 1072 {
			parseflag = "movable";
			TABLENAME INT "<No.>" "The number of user admin-usergrp members" 1073 {
				ATTR OPTION "type" "type " 1074 {
					CHOICES {
						ldap == 2 ::: "LDAP user";
						radius == 3 ::: "RADIUS user";
						pki == 4 ::: "PKI user";
						tacacs+ == 5 ::: "TACACS+ user";
					}
					defaultval = ldap;
					brieflist = 1;
				}
				ATTR DATASOURCE "ldap-name" "ldap user" 1076 {
					brieflist = 1;
					datasource = "1020";
				}
				ATTR DATASOURCE "radius-name" "radius user" 1077 {
					brieflist = 1;
					datasource = "1040";
				}
				ATTR DATASOURCE "pki-name" "pki user" 1078 {
					brieflist = 1;
					datasource = "1004";
				}
				ATTR DATASOURCE "tacacs+-name" "tacacs user" 1079 {
                                        brieflist = 1;
                                        datasource = "1200";
					condition = 1074:eq:5;
                                }
#				ATTR DATASOURCE "name" "name " 1075 {
#					brieflist = 1;
#					datasource = "1020,1040";
#				}
			}
		}
	}
}

GLOBAL COMPLEX "system fips-cc" "FIPS mode configuration" 995 {
	ha_not_sync = 1;
	parseflag = @{all=null;FWB_DOCKER=skip};
        ATTR OPTION_EN "status" "enable/disable FIPS operation mode" 996 {
                defaultval = disable;
                brieflist = 1; 
		ha_not_sync = 2;
        }
        ATTR OPTION "entropy-token" "Enable/disable/dynamic entropy token" 997 {
				parseflag = @{all=NULL;FWB_XENAWS|FWB_AWSCLD|FWB_XENAWS_ONDEMAND|FWB_HYPERV|FWB_VM_PAYG|FWB_AZURE_ONDEMAND|FWB_GCP|FWB_GCP_ONDEMAND|FWB_KVM|FWB_KVM_PAYG|FWB_OCI|FWB_OCI_ONDEMAND=skip};
                CHOICES {
                        dynamic == 1 ::: "Dynamically detect entropy token  during boot or reseed process";
                        disable == 2 ::: "Disable entropy token during boot or reseed process";
                        enable == 4 :::  "Enable entropy token during boot or reseed process";
                }
                defaultval = dynamic;
        }    
        ATTR INT "reseed-interval" "Interval to reseed the RNG"  998 {
                VALIDATE RANGE 0:1440;
                defaultval = 1440;
        } 
	ATTR OPTION_EN "ssl-client-restrict" "Enable/Disable ciphers restrict when as a ssl client" 999 {
		#condition = 996:eq:1;
		defaultval = enable;
	}
}

GLOBAL COMPLEX "system password-policy" "system password policy" 9480 {
	ha_not_sync = 1;
	ATTR OPTION_EN "status" "enable/disable password policy" 9481 {
		defaultval = disable;
		brieflist = 1;
	}
	ATTR OPTION_EN "min-length-option" "enable/disable password minimum length" 9482 {
		defaultval = disable;
		condition = 996:EQ:0;
		condition = 9481:EQ:1;
		brieflist = 1;
	}
	ATTR INT "min-length" "password minimum length" 9483 {
		VALIDATE RANGE 8:128;
		defaultval = 8;
		condition = 996:EQ:0;
		condition = 9481:EQ:1;
		condition = 9482:EQ:1;
		brieflist = 1;
	}
	ATTR OPTION_EN "single-admin-mode" "enable/disable single admin mode" 9484 {
		defaultval = disable;
		condition = 9481:EQ:1;
		brieflist = 1;
	}
	ATTR OPTION_EN "character-requirements" "enable/disable password character requirements" 9485 {
		defaultval = disable;
		condition = 996:EQ:0;
		condition = 9481:EQ:1;
		brieflist = 1;
	}
	ATTR INT "min-upper-case-letter" "minimum number of uppercase characters in password" 9486 {
		VALIDATE RANGE 0:128;
		defaultval = 0;
		condition = 996:EQ:0;
		condition = 9481:EQ:1;
		condition = 9485:EQ:1;
		brieflist = 1;
	}
	ATTR INT "min-lower-case-letter" "minimum number of lowercase characters in password" 9487 {
		VALIDATE RANGE 0:128;
		defaultval = 0;
		condition = 996:EQ:0;
		condition = 9481:EQ:1;
		condition = 9485:EQ:1;
		brieflist = 1;
	}
	ATTR INT "min-number" "minimum number of numeric characters in password" 9488 {
		VALIDATE RANGE 0:128;
		defaultval = 0;
		condition = 996:EQ:0;
		condition = 9481:EQ:1;
		condition = 9485:EQ:1;
		brieflist = 1;
	}
	ATTR INT "min-non-alphanumeric" "minimum number of non-alphanumeric characters in password" 9489 {
		VALIDATE RANGE 0:128;
		defaultval = 0;
		condition = 996:EQ:0;
		condition = 9481:EQ:1;
		condition = 9485:EQ:1;
		brieflist = 1;
	}
	ATTR OPTION_EN "forbid-password-reuse" "enable/disable forbid password reuse" 9490 {
		defaultval = disable;
		condition = 996:EQ:0;
		condition = 9481:EQ:1;
		brieflist = 1;
	}
	ATTR INT "history-password-number" "number of history password that can not be reused" 9491 {
		VALIDATE RANGE 1:10;
		defaultval = 3;
		condition = 996:EQ:0;
		condition = 9481:EQ:1;
		condition = 9490:EQ:1;
		brieflist = 1;
	}
	ATTR OPTION_EN "expire-status" "enable/disable password expiration" 9492 {
		defaultval = disable;
		condition = 996:EQ:0;
		condition = 9481:EQ:1;
		brieflist = 1;
	}
	ATTR INT "expire-day" "number of days after which admin users\' password will expire" 9493 {
		VALIDATE RANGE 1:999;
		defaultval = 90;
		condition = 996:EQ:0;
		condition = 9481:EQ:1;
		condition = 9492:EQ:1;
		brieflist = 1;
	}
}

BOTH TABLE "system admin" "admin user configuration" 340 {
	TABLENAME STRING "name" "admin user name" 341 {
		VALIDATE NO_XSS RELAXED;
		parseflag = "keeporder";
		ATTR IPADDR_MASK "trusthost1" "admin user trust host ip, default 0.0.0.0 0.0.0.0 for all" 343 {
			brieflist = 1;
			ipversion = 4;
			subnet_type = host;
		}
		ATTR IPADDR_MASK "trusthost2" "admin user trust host ip, default 0.0.0.0 0.0.0.0 for all" 344 {
			brieflist = 1;
			ipversion = 4;
			subnet_type = host;
		}
		ATTR IPADDR_MASK "trusthost3" "admin user trust host ip, default 0.0.0.0 0.0.0.0 for all" 345 {
			brieflist = 1;
			ipversion = 4;
			subnet_type = host;
		}
		ATTR DATASOURCE "access-profile" "admin user access profile" 346 {
			parseflag = "must";
			brieflist = 1;
			datasource = "280";
		}
		ATTR STRING "last-name" "last name" 347 {
			
		}
		ATTR STRING "first-name" "first name" 348 {
			
		}
		ATTR STRING "email-address" "email address" 349 {
			VALIDATE EMAIL_ADDRESS RELAXED;
		}
		ATTR STRING "phone-number" "phone number" 350 {
			
		}
		ATTR STRING "mobile-number" "mobile number" 351 {
			
		}
		ATTR INT "hidden" "admin user hidden attribute" 352 {
			parseflag = "readonly";
		}
		ATTR DATASOURCE "domains" "virtual domain list" 353 {
			parseflag = "must";
			datasource = "2";
			condition = 102:EQ:1;
		}
		TABLE "dashboard" "set gui custom dashboard" 354 {
			#ha_not_sync = 2;
			parseflag = "hidden,keeporder";
			TABLENAME DATASOURCE "moduleid" "set custom dashboard module id" 355 {
				datasource = "330";
				ATTR INT "column" "set custom dashboard column id (1-2)" 356 {
					VALIDATE RANGE 1:2;
				}
#				ATTR INT "refresh-interval" "set custom dashboard refresh interval (10-1200)" 357 {
#					VALIDATE RANGE 10:1200;
#					defaultval = 300;
#				}
#				ATTR INT "top-sessions" "set number of top sessions to display" 358 {
#					defaultval = 10;
#				}
#				ATTR OPTION "sort-by" "set top sessions sort criteria " 359 {
#					CHOICES {
#						source == 1 ::: "sort top sessions by source address";
#						destination == 2 ::: "sort top sessions by destination address";
#					}
#					defaultval = source;
#					brieflist = 1;
#				}
#				ATTR INT "top-viruses" "set number of top viruses to display" 360 {
#					defaultval = 10;
#				}
#				ATTR INT "top-attacks" "set number of top attacks to display" 361 {
#					defaultval = 10;
#				}
#				ATTR STRING "interface" "traffic history monitored interface" 362 {
#					#defaultval = "external";
#					brieflist = 1;
#				}
#				ATTR OPTION "refresh" "traffic history monitored interface" 363 {
#					CHOICES {
#						enable == 30 ::: "enable automatic refresh";
#						disable == 0 ::: "disable automatic refresh";
#					}
#					defaultval = disable;
#				}
				ATTR OPTION "status" "set custom dashboard status" 364 {
					CHOICES {
						close == 0 ::: "close dashboard";
						open == 1 ::: "open dashboard";
					}
					defaultval = open;
					brieflist = 1;
				}
#				ATTR OPTION "show-system-restart" "Display system restart on alert message console" 365 {
#					CHOICES {
#						enable == 0x01 : SET :: "enable display on alert message";
#						disable == 0x01 : UNSET :: "disable display on alert message";
#					}
#					defaultval = disable;
#				}
#				ATTR OPTION "show-conserve-mode" "Display conserve mode on alert message console" 366 {
#					CHOICES {
#						enable == 0x010 : SET :: "enable display on alert message";
#						disable == 0x010 : UNSET :: "disable display on alert message";
#					}
#					defaultval = disable;
#				}
#				ATTR OPTION "show-firmware-change" "Display firmware upgrade/downgrade on alert message console" 367 {
#					CHOICES {
#						enable == 0x0100 : SET :: "enable display on alert message";
#						disable == 0x0100 : UNSET :: "disable display on alert message";
#					}
#					defaultval = disable;
#				}
#				ATTR OPTION "show-fortianalyzer-chart" "Display FortiAnalyzer disk usage chart" 368 {
#					CHOICES {
#						enable == 0x01 : SET :: "enable display on system resources";
#						disable == 0x01 : UNSET :: "disable display on system resources";
#					}
#					defaultval = disable;
#				}
#				ATTR OPTION "show-fds-chart" "Display FortiGuard log disk usage chart" 369 {
#					CHOICES {
#						enable == 0x010 : SET :: "enable display on system resources";
#						disable == 0x010 : UNSET :: "disable display on system resources";
#					}
#					defaultval = disable;
#				}
			}
		}
		ATTR OPTION "type" "admin user auth type" 370 {
			CHOICES {
				local-user == 0 ::: "local user";
				remote-user == 1 ::: "remote user";
			}
			defaultval = local-user;
		}
		ATTR DATASOURCE "admin-usergrp" "admin user group" 371 {
			datasource = "1070";
			condition = 370:eq:1;
		}
		ATTR PASSWD "password" "admin user password" 342 {
			defaultval = "ENC XXUp2ozpdysrQ";
			admin_passwd = 1;
			parseflag = "must";
			condition = 370:eq:0;
		}
		ATTR IPADDR_MASK "ip6trusthost1" "admin user trust host ip, default ::/0 for all" 372 {
			brieflist = 1;
			ipversion = 6;
			subnet_type = host;
		}
		ATTR IPADDR_MASK "ip6trusthost2" "admin user trust host ip, default ::/0 for all" 373 {
			brieflist = 1;
			ipversion = 6;
			subnet_type = host;
		}
		ATTR IPADDR_MASK "ip6trusthost3" "admin user trust host ip, default ::/0 for all" 374 {
			brieflist = 1;
			ipversion = 6;
			subnet_type = host;
		}
		ATTR OPTION_EN "wildcard" "enable/disable" 375 {
			defaultval = disable;
			condition = 370:eq:1;
		}
		ATTR OPTION_EN "accprofile-override" "allow access profile to be overridden from remote auth server" 376 {
			defaultval = disable;
			condition = 370:eq:1;
		}
		ATTR USER "sshkey" "admin user SSH public key" 377 {
		}
		ATTR INT "passwd-set-time" "pass word set time" 400 {
			brieflist = 0;
			parseflag = "hidden";
		}
		ATTR INT "history-password-pos" "last history password position" 401 {
			brieflist =0;
			parseflag = "hidden";
		}
		ATTR STRING "history-password0" "history password0" 402 {
			brieflist = 0;
			parseflag = "hidden";
		}
		ATTR STRING "history-password1" "history password1" 403 {
			brieflist = 0;
			parseflag = "hidden";
		}
		ATTR STRING "history-password2" "history password2" 404 {
			brieflist = 0;
			parseflag = "hidden";
		}
		ATTR STRING "history-password3" "history password3" 405 {
			brieflist = 0;
			parseflag = "hidden";
		}
		ATTR STRING "history-password4" "history password4" 406 {
			brieflist = 0;
			parseflag = "hidden";
		}
		ATTR STRING "history-password5" "history password5" 407 {
			brieflist = 0;
			parseflag = "hidden";
		}
		ATTR STRING "history-password6" "history password6" 408 {
			brieflist = 0;
			parseflag = "hidden";
		}
		ATTR STRING "history-password7" "history password7" 409 {
			brieflist = 0;
			parseflag = "hidden";
		}
		ATTR STRING "history-password8" "history password8" 410 {
			brieflist = 0;
			parseflag = "hidden";
		}
		ATTR STRING "history-password9" "history password9" 411 {
			brieflist = 0;
			parseflag = "hidden";
		}
		ATTR OPTION_EN "force-password-change" "enable/disable force password change on next login." 378 {
			defaultval = disable;
			condition = 9481:EQ:1;
			condition = 370:EQ:0;
			brieflist = 1;
		}
	}
}

GLOBAL COMPLEX "system settings" "system settings" 490 {
	ATTR OPTION "opmode" "operation mode" 491 {
		parseflag = @{all=null;FWB_AZURE|FWB_AZRCLD|FWB_DOCKER=readonly};
		CHOICES {
				reverse-proxy == 2;
				offline-protection == 4;
				transparent == 1;
				transparent-inspection == 8;
				wccp == 16;
			}
		defaultval = reverse-proxy;
	} 
	ATTR IPADDR "gateway" "default gateway ip address" 492 {
		brieflist = 1;
		ipversion = 4;
		subnet_type = host;
		condition = 491:eq:1;
		condition = 491:eq:8;
		condition = 491:eq:16;
	}
	ATTR OPTION_EN "stop-guimonitor" "enable/disable GUI monitor" 494 {
		defaultval = enable;
		brieflist = 1;
	}
	ATTR OPTION_EN "enable-file-upload" "enable/disable GUI file upload" 495 {
		defaultval = disable;
		brieflist = 1;
	}

	ATTR OPTION_EN "enable-cache-flush" "enable/disable system cache flush" 496 {
		defaultval = disable;
		brieflist = 1;
	}
	
	ATTR OPTION_EN "enable-debug-log" "enable/disable system debug log" 497 {
		defaultval = enable;
		brieflist = 1;
	}
	
	ATTR OPTION_EN "enable-machine-learning-debug" "enable/disable machine learning debug" 498 {
		defaultval = disable;
		brieflist = 1;
	}
#ATTR OPTION_EN "use-vzone-mac" "use vzone mac instead of server real mac in ttp mode" 498 {
#		defaultval = disable;
#		condition = 491:eq:1;
#		brieflist = 1;
#	}
}
GLOBAL COMPLEX "server-policy setting" "server policy global setting" 9430 {
	ha_not_sync = 1;
	ATTR OPTION_EN "hsm" "enable/disable Hsm for proxyd" 9431 {
		ha_not_sync = 2;
		brieflist = 1;
		parseflag = @{all=null;FWB_DOCKER=skip};
	}
	ATTR OPTION_EN "dpdk" "enable/disable DPDK receiving for offline proxyd" 9432 {
		parseflag = "readonly";
		brieflist = 1;
		defaultval = @{all=disable;FWB_4000E|FWB_3010E|FWB_3000E|FWB_2000E=enable};
	}
	ATTR OPTION_EN "high-compatibility-mode" "enable/disable ssl high compatibility for proxyd" 9433 {
		parseflag =@{all=hidden;FWB_4000E|FWB_3010E|FWB_3000E|FWB_2000E|FWB_1000E|FWB_600D=null};
		brieflist = 1;
		defaultval =@{all=enable;FWB_4000E|FWB_3010E|FWB_3000E|FWB_2000E|FWB_1000E|FWB_600D=disable};
	}
#	ATTR OPTION_EN "fast-forward" "enable/disable fast-forward" 9434 {
#		parseflag = @{all=null;FWB_DOCKER=skip};
#		brieflist = 1;
#		condition = 491:eq:2;
#		defaultval = disable;
#	}
	ATTR OPTION_EN "enable-core-file" "enable/disable core dump file" 9435 {
		defaultval = enable;
		brieflist = 1;
	}
	ATTR OPTION "core-file-count" "max core dump file count" 9436 {
		CHOICES{
			3 == 3;
			5 == 5;
		}
		defaultval = 3;
	}
	ATTR INT "offline-session-timeout" "session timeout(seconds, 30-1200)" 9437 {
		parseflag = @{all=null;FWB_DOCKER=skip};
		brieflist = 1;
#condition = 491:eq:4;
#condition = 491:eq:8;
		VALIDATE RANGE 30:1200;
		defaultval = 120;
	}
	ATTR OPTION_EN "enable-session-statistics" "enable/disable session statistics for fortiview" 9438 {
		defaultval = enable;
		brieflist = 1;
	}
	ATTR OPTION_EN "enable-single-worker" "enable/disable core dump file" 9439 {
		defaultval = disable;
		brieflist = 1;
	}
	ATTR OPTION_EN "use-first-ack-mac" "enable/disable TTP only insert macs to hash from first ack of three handshake " 9440 {
		parseflag = @{all=null;FWB_DOCKER=skip};
		defaultval = enable;
		brieflist = 1;
	}
	ATTR OPTION_EN "no-session-limit" "not limit virtual machine max concurrency sessions" 9441 {
		parseflag = @{all=skip;FWB_VM|FWB_VM_PAYG|FWB_KVM|FWB_KVM_PAYG|FWB_XENAWS|FWB_AWSCLD|FWB_XENAWS_ONDEMAND|FWB_AZURE|FWB_AZRCLD|FWB_AZURE_ONDEMAND|FWB_XENOPEN|FWB_XENSERVER|FWB_HYPERV|FWB_DOCKER|FWB_CMINTF=null};
		defaultval = disable;
		brieflist = 1;
	}
	ATTR OPTION_EN "no-ssl-encrypt-then-mac" "disable/enable ssl encrypt then mac extension" 9442 {
		defaultval = disable;
		brieflist = 1;
	}
	ATTR OPTION_EN "graceful-shutdown" "disable/enable graceful shutdown of the peer connection" 9443 {
		defaultval = enable;
		brieflist = 1;
	}
	ATTR OPTION_EN "server-pool-connection-limit-log" "disable/enable log when connection of the real server reaches the limit" 9444 {
		defaultval = disable;
		brieflist = 1;
	}
	ATTR OPTION_EN "tls13-early-data-mode" "enable/disable tls13 early data for proxyd" 9445 {
		defaultval = disable;
		brieflist = 1;
	}
	ATTR OPTION_EN "record-content-routing-error-log" "enable/disable event log when no content routing was matched" 9446 {
		defaultval = disable;
		brieflist = 1;
	}
	ATTR OPTION_EN "server-invalid-no-response" "disable/enable response when server invalid" 9447 {
		defaultval = disable;
		brieflist = 1;
	}
	ATTR OPTION_EN "df-flag" "disable/enable DF flag in ip header" 9448 {
		defaultval = enable;
		brieflist = 1;
	}
}


GLOBAL COMPLEX "system advanced" "system advanced configuration" 220 {
	ATTR OPTION_EN "share-ip" "shared ip" 221 {
		parseflag = @{all=null;FWB_DOCKER=skip};
		defaultval = disable;
	}
	ATTR OPTION_EN "circulate-url-decode" "circulate url decode" 222 {
		defaultval = enable;
	}
	ATTR OPTION_EN "decoding-enhancement" "decoding enhancement" 223 {
		defaultval = disable;
	}
	ATTR INT "max-cache-size" "max cache size (32~4096 kB)" 230 {
		brieflist = 1;
		VALIDATE RANGE 32:4096;
		defaultval = 512;
	}
	ATTR INT "max-dos-alert-interval" "max dos alert interval" 232 {
		parseflag = @{all=null;FWB_DOCKER=skip};
		brieflist = 1;
		defaultval = 180;
		VALIDATE RANGE 0:3600;
	}
	ATTR INT "max-dlp-cache-size" "max dlp cache size (1~100 percent)" 233 {
		brieflist = 1;
		defaultval = 12;
		VALIDATE RANGE 1:100;
	}
	ATTR OPTION_EN "anypktstream" "enable/disable any tcp pkt allocs a stream for offline proxyd" 236 {
		parseflag = @{all=null;FWB_DOCKER=skip};
		defaultval = disable;
		brieflist = 1;
		condition = 491:eq:4;
		condition = 491:eq:8;
	}
	ATTR INT "max-bot-alert-interval" "max bot alert interval(0 ~ 300 seconds)" 237 {
		brieflist = 1;
		defaultval = 60;
		VALIDATE RANGE 0:300;
	}
}

GLOBAL TABLE "system decoding-enhancement" "decoding enhancement rule list" 240 {
	condition = 223:EQ:1;

	TABLENAME INT "id" "id of the rule" 241 {
		brieflist = 1;

		ATTR OPTION_EN "status" "status" 242 {
			defaultval = enable;
		}

		ATTR OPTION "url-type" "url type" 243 {
			brieflist = 1;
			CHOICES {
				plain == 0 ::: "plain text";
				regular == 1 ::: "regular expression";
			}
			defaultval = plain;
		}

		ATTR STRING "url-pattern" "url pattern" 244 {
			parseflag = "must";
			brieflist = 1;
		}
                
		TABLE "field-list" "field list" 245 {
			TABLENAME INT "<No.>" "id of the field" 246 {
				ATTR OPTION "field-type" "field type" 247 {
					brieflist = 1;
					CHOICES {
						parameter == 0 ::: "type of parameter";
						cookie == 1 ::: "type of cookie";
					}
                                        defaultval = parameter;
                                }

				ATTR OPTION "field-name-type" "field name type" 248 {
					brieflist = 1;
					CHOICES {
						plain == 0 ::: "plain text";
						regular == 1 ::: "regular expression";
					}
					defaultval = plain;
				}

				ATTR STRING "field-name" "field name" 249 {
					parseflag = "must";
					brieflist = 1;
				}

				ATTR OPTION_EN "base64-decoding" "base64 decoding" 250 {
					defaultval = disable;
				}

				ATTR OPTION_EN "css-decoding" "CSS decoding" 251 {
					defaultval = disable;
				}
			}
		}
	}
}

GLOBAL COMPLEX "system console" "console configuration" 830 {
	ATTR OPTION "mode" "mode" 831 {
		parseflag = @{all=null;FWB_DOCKER=skip};
		CHOICES {
			line  == 1  ::: "line mode";
			batch   == 2  ::: "batch mode";
		}
		defaultval = line;
		brieflist = 1;
	}
	ATTR OPTION "baudrate" "baudrate" 832 {
		parseflag = @{all=null;FWB_DOCKER=skip};
		CHOICES {
			9600  == 9600;
			19200  == 19200;
			38400  == 38400;
			57600  == 57600;
			115200  == 115200;
		}
		defaultval = 9600;
		brieflist = 1;
	}
	ATTR OPTION "output" "output" 833 {
		CHOICES {
			standard  == 0  ::: "standard output";
			more   == 1  ::: "more page output";
		}
		defaultval = standard;
		brieflist = 1;
	}
	ATTR OPTION "shell" "console shell" 834 {
		CHOICES {
			cli  == 0  ::: "cli shell";
			sh   == 1  ::: "busybox shell";
		}
		defaultval = cli;
		brieflist = 1;
	}
}

GLOBAL COMPLEX "system raid" "raid" 840 {
	parseflag = @{all=null;FWB_400B|FWB_400C|FWB_VM|FWB_XENAWS|FWB_AWSCLD|FWB_XENAWS_ONDEMAND|FWB_XENOPEN|FWB_XENSERVER|FWB_HYPERV|FWB_AZURE|FWB_AZRCLD|FWB_KVM|FWB_GCP|FWB_GCP_ONDEMAND|FWB_DOCKER|FWB_OCI|FWB_OCI_ONDEMAND=skip};
	ATTR OPTION "level" "RAID level" 841 {
		CHOICES {
#			invalid == 0  ::: "invalid";
#			linear  == 1  ::: "linear";
#			spare   == 2  ::: "spare";
#			raid0   == 3  ::: "raid0";
			raid1   == 4  ::: "raid1";
#			raid1s  == 5  ::: "raid1s";
#			raid5   == 6  ::: "raid5";
#			raid5s  == 7  ::: "raid5s";
#			raid10  == 8  ::: "raid10";
#			raid10s == 9  ::: "raid10s";
#			raid50  == 10 ::: "raid50";
#			raid50s == 11 ::: "raid50s";
		}
		brieflist = 1;
		defaultval = raid1;
	}
}

GLOBAL COMPLEX "system ip-detection" "ip detection" 850 {
	ATTR OPTION "share-ip-detection-level" "detection level for share IP" 851 {
		CHOICES {
			low == 1 ::: "Low level";
			medium == 2 ::: "Medium level";
			high == 3 ::: "High level";
		}
		defaultval = low;
		brieflist = 1;
	}
}

GLOBAL COMPLEX "system autoupdate override" "system autoupdate override" 730 {
	parseflag = @{all=null;FWB_VM_PAYG|FWB_KVM_PAYG=hidden};
	#ha_not_sync = 2;
	ATTR OPTION_EN "status" "enable/disable FDS server override" 731 {
		defaultval = disable;
	}
	ATTR STRING "address" "set the FDS override server address" 732 {
	}
	ATTR OPTION_EN "fail-over" "enable/disable FDS server fail over" 733 {
		defaultval = enable;
	}
}

GLOBAL COMPLEX "system autoupdate push-update" "system autoupdate push-update" 735 {
	#parseflag = @{all=hidden;FWB_XENAWS_ONDEMAND|FWB_VM_PAYG|FWB_KVM_PAYG=skip};
	parseflag = hidden;

	ATTR OPTION_EN "status" "enable/disable push update" 736 { 
		defaultval = disable;

	}    
	ATTR OPTION_EN "override" "enable/disable push update override server" 737 { 
	}
	ATTR IPADDR "address" "Push update override server" 738 { 
		defaultval="0.0.0.0";
	}    
	ATTR INT "port" "Push update override port" 739 {
		VALIDATE RANGE 1:65535;
		defaultval = 9443;
	}    
}

GLOBAL COMPLEX "system autoupdate schedule" "system autoupdate schedule" 740 {
	parseflag = "keeporder";
	#ha_not_sync = 2;
	ATTR OPTION_EN "status" "enable/disable scheduled updates" 741 {
	}
	ATTR OPTION "frequency" "configure the update frequency" 742 {
		CHOICES {
			every == 0 ::: "time interval";
			daily == 1 ::: "every day";
			weekly == 2 ::: "every week";
		}
		defaultval = daily;
	}
	ATTR USER "time" "configure the update time" 743 {
		#parseflag = "must";
	}
	ATTR OPTION"day" "configure the update day" 744 {
		CHOICES {
			Sunday 	  == 0 ::: "update every Sunday";
			Monday	  == 1 ::: "update every Monday";
			Tuesday   == 2 ::: "update every Tuesday";
			Wednesday == 3 ::: "update every Wednesday";
			Thursday  == 4 ::: "update every Thursday";
			Friday    == 5 ::: "update every Friday";
			Saturday  == 6 ::: "update every Saturday";
		}
		defaultval = Monday;
		condition = 742:eq:2;
	}
	ATTR INT "speed-test-interval" "configure the speed test interval, range 10-4320 (Minutes)" 745 {
		VALIDATE RANGE 10:4320;
		defaultval = 240;
	}
}

GLOBAL COMPLEX "system autoupdate tunneling" "system autoupdate tunneling" 750 {
	#ha_not_sync = 2;
	ATTR OPTION_EN "status" "enable/disable web proxy tunneling" 751 {
		brieflist = 1;
	}
	ATTR STRING "address" "configure the web proxy ip address or fqdn" 752 {
		brieflist = 1;
	}
	ATTR INT "port" "configure the web proxy port" 753 {
		VALIDATE RANGE 0:65535;
		brieflist = 1;
	}
	ATTR STRING "username" "configure the web proxy username" 754 {
		brieflist = 1;
	}
	ATTR PASSWD "password" "configure the web proxy password" 755 {
		brieflist = 1;
	}
}


GLOBAL COMPLEX "system fail-open" "system Fail Open" 540 {
	parseflag = @{all=null;FWB_DOCKER=skip};
	ATTR OPTION "port1-port2" "port1 to port2" 543 {
		CHOICES {
			poweroff-cutoff == 0 ::: "Poweroff Cutoff";
			poweroff-bypass == 1 ::: "Poweroff Bypass";
		}
		defaultval = poweroff-cutoff;
		brieflist = 1;
	}
	ATTR OPTION "port3-port4" "port3 to port4" 544 {
                CHOICES {
                        poweroff-cutoff == 0 ::: "Poweroff Cutoff";
                        poweroff-bypass == 1 ::: "Poweroff Bypass";
                }
                defaultval = poweroff-cutoff;
                brieflist = 1;
        }
	ATTR OPTION "port5-port6" "port5 to port6" 545 {
                CHOICES {
                        poweroff-cutoff == 0 ::: "Poweroff Cutoff";
                        poweroff-bypass == 1 ::: "Poweroff Bypass";
                }
                defaultval = poweroff-cutoff;
                brieflist = 1;
        }
	ATTR OPTION "port7-port8" "port7 to port8" 546 {
                CHOICES {
                        poweroff-cutoff == 0 ::: "Poweroff Cutoff";
                        poweroff-bypass == 1 ::: "Poweroff Bypass";
                }
                defaultval = poweroff-cutoff;
                brieflist = 1;
        }
	ATTR OPTION "port9-port10" "port9 to port10" 547 {
                CHOICES {
                        poweroff-cutoff == 0 ::: "Poweroff Cutoff";
                        poweroff-bypass == 1 ::: "Poweroff Bypass";
                }
                defaultval = poweroff-cutoff;
                brieflist = 1;
        }
	ATTR OPTION "port11-port12" "port11 to port12" 548 {
                CHOICES {
                        poweroff-cutoff == 0 ::: "Poweroff Cutoff";
                        poweroff-bypass == 1 ::: "Poweroff Bypass";
                }
                defaultval = poweroff-cutoff;
                brieflist = 1;
        }
	ATTR OPTION "port13-port14" "port13 to port14" 549 {
                CHOICES {
                        poweroff-cutoff == 0 ::: "Poweroff Cutoff";
                        poweroff-bypass == 1 ::: "Poweroff Bypass";
                }
                defaultval = poweroff-cutoff;
                brieflist = 1;
        }
	ATTR OPTION "port15-port16" "port15 to port16" 599 {
                CHOICES {
                        poweroff-cutoff == 0 ::: "Poweroff Cutoff";
                        poweroff-bypass == 1 ::: "Poweroff Bypass";
                }
                defaultval = poweroff-cutoff;
                brieflist = 1;
        }
}

GLOBAL TABLE "user local-user" "local users" 1000 {
	TABLENAME STRING "name" "name" 1001 {
		VALIDATE NO_XSS RELAXED;
		brieflist = 1;
		ATTR STRING "username" "user name" 1002 {
			VALIDATE NO_XSS RELAXED;
			parseflag = "must";
			brieflist = 1;
		}
		ATTR PASSWD "password" "user password" 1003 {
		}
	}
}

GLOBAL TABLE "system interface" "interface configuration" 440 {
	TABLENAME STRING "name" "interface name" 441 {
		parseflag = @{all=null;FWB_DOCKER=readonly};
		#VALIDATE REGEX "^[^ %]*$";
		VALIDATE NO_XSS RELAXED;
		brieflist = 1;
		ATTR OPTION "type" "interface type" 442 {
			#parseflag = "unchangable";
			CHOICES {
				physical == 0; # skiped by default
				vlan == 1;
				aggregate == 2; 
				redundant == 3;
				#loopback == 6; # skiped by default
			}
			defaultval = vlan;
			brieflist = 1;
		}
		ATTR IPADDR_MASK "ip" "ip address of interface" 443 {
			brieflist = 1;
			#condition = 3:EQ:0;
			ipversion = 4;
			subnet_type = host;
		}
		ATTR IPADDR_MASK "ip6" "ipv6 address of interface" 444 {
			brieflist = 1;
			#condition = 3:EQ:0;
			#condition = 1349:EQ:0;
			#condition = 442:NE:2;
			#condition = 442:NE:3;
			ipversion = 6;
			subnet_type = host;
			#parseflag = "hidden";
		}
		ATTR OPTION "allowaccess" "Allow access with the interface" 445 {
			multi_opt = 1;
			brieflist = 1;
			CHOICES {
				https == 32: SET;
				ping == 1: SET;
				ssh == 4: SET;
				snmp == 8: SET;
				http == 16: SET;
				telnet == 2: SET;
				FWB-manager == 64: SET;
			}
			brieflist = 1;
			#condition = 442:EQ:0;
			#condition = 442:NE:2;
			#condition = 442:NE:3;
		}
		ATTR OPTION "status" "interface status" 453 {
			CHOICES {
				up == 16 ::: "interface up";
				down == 0 ::: "interface down";
			}
			defaultval = up;
			brieflist = 1;
		}
		ATTR OPTION "mode" "addressing mode" 452 {
			CHOICES {
				static == 0 ::: "static setting";
				dhcp == 1 ::: "dhcp setting";
			}
			brieflist = 1;
			#condition = 442:NE:2;
			#condition = 442:NE:3;
		}
		ATTR OPTION "ip6-mode" "ip6_addressing mode" 463 {
			CHOICES {
				static == 0 ::: "static setting"; 
				dhcp == 1 ::: "dhcp setting";
			}                     
			brieflist = 1;
			#condition = 442:NE:2;
			#condition = 442:NE:3;
		}
		ATTR INT "vlanid" "vlan ID" 446 {
			parseflag =@{all=null;FWB_OCI=skip};
			VALIDATE RANGE 1:4094;
			condition = 442:EQ:1;
			condition = 442:NE:2;
			condition = 442:NE:3;
			brieflist = 1;
		}
		ATTR OPTION "vlanproto" "vlan protocol" 467 {
			CHOICES {
				8021q == 0 ::: "802.1Q";
				8021ad == 1 ::: "802.1AD";
			}
			defaultval = 8021q;
			brieflist = 1;
			condition = 491:EQ:1;
			condition = 442:EQ:1;
		}
		ATTR DATASOURCE "interface" "interface name" 447 {
			datasource = "440";
			condition = 442:EQ:1;
			condition = 442:NE:2;
			condition = 442:NE:3;
			brieflist = 1;
		}
		ATTR STRING "description" "description of interface" 448 {
			brieflist = 1;	
			condition = 442:NE:2;
			condition = 442:NE:3;
		}
		ATTR OPTION "lacp-speed" "LACP speed" 454 {
			CHOICES {
				slow == 0 ::: "slow";
				fast == 1 ::: "fast";
			}
			defaultval = slow;
			brieflist = 1;
			condition = 442:eq:2;
		}
		ATTR OPTION "algorithm" "fram distribution algorithm" 455 {
			CHOICES {
				layer2 == 0 ::: "layer2";
				layer3_4 == 1 ::: "layer3_4";
				layer2_3 == 2 ::: "layer2_3";
			}
			defaultval = layer2;
			brieflist = 1;
			condition = 442:eq:2;
		}
                ATTR DATASOURCE "intf" "aggregate intf member" 456 {
                        datasource = "440";
                        brieflist = 1;
			condition = 442:eq:2;
			condition = 442:eq:3;
                }
		
		ATTR STRING "modename" "bonding mode name" 457 {
			parseflag = "readonly";
			brieflist = 1;	
			condition = 442:eq:2;
		}
		TABLE "secondaryip" "second ip configuration" 449 {
			TABLENAME INT "<No.>" "The number of the second ip" 450 {
				ATTR IPADDR_MASK "ip" "ip address" 451 {
					brieflist = 1;
					#condition = 3:EQ:0;
					subnet_type = host;
				}
			}
		}
		ATTR OPTION "ip6-allowaccess" "Allow access with the interface" 458 {
			multi_opt = 1;
			brieflist = 1;
			CHOICES {
				https == 32: SET;
				ping == 1: SET;
				ssh == 4: SET;
				snmp == 8: SET;
				http == 16: SET;
				telnet == 2: SET;
				FWB-manager == 64: SET;
			}
			brieflist = 1;
			#condition = 442:EQ:0;
			#condition = 442:NE:2;
			#condition = 442:NE:3;
		}
		ATTR DATASOURCE "adom" "virtual domain name" 459 {
			datasource = "2";
			condition = 102:EQ:1;
		}
		ATTR OPTION_EN "wccp" "Enable/Disable WCCP protocol on this interface" 460 {
			brieflist = 1;
			defaultval = disable;
		}

		ATTR INT "azure-endpoint" "microsoft azure endpoint" 461 {
			parseflag = "readonly";
		}

		ATTR INT "mtu" "mtu, range 512-9216 in ipv4, 1280-9216 in ipv6" 462 {
			VALIDATE RANGE 512:9216;
			defaultval = 1500;
			brieflist = 1;
		}

		ATTR STRING "dynamic_gateway" "dhcp gateway of interface" 464 {
			VALIDATE HOSTNAME RELAXED;
			brieflist = 1;
		}
		ATTR STRING "dynamic_dns1" "dhcp dns of interface" 465 {
			brieflist = 1;
		}
		ATTR STRING "dynamic_dns2" "dhcp dns of interface" 466 {
			brieflist = 1;
		}
		TABLE "classless_static_route" "dhcp classless static route" 475{
			ha_not_sync = 2;
			TABLENAME INT "<No.>" "The id of dhcp classless static route" 476 {
				ATTR IPADDR_MASK "dest" "dhcp classless static route dest net " 477 {	
					brieflist = 1;
					ipversion = 4;
					subnet_type = host;
				}
				ATTR IPADDR "gateway" "dhcp classless static route gateway " 478 {
					brieflist = 1;
					ipversion = 4;
					subnet_type = host;
				}
			}
		}

	}
}

GLOBAL TABLE "system vip" "system virtual IP" 10070 {
	parseflag = @{all=null;FWB_OCI|FWB_OCI_ONDEMAND|FWB_DOCKER|FWB_DOCKER_100|FWB_DOCKER_500|FWB_DOCKER_2000=skip};
	TABLENAME STRING "name" "virtual IP name" 10071 {
		VALIDATE NO_XSS RELAXED;
		brieflist = 1;
		ATTR IPADDR_MASK "vip" "virtual ip v4 address " 10072 {
			brieflist = 1;
			ipversion = 4;
			subnet_type = host;
		}
		ATTR IPADDR_MASK "vip6" "virtual ip v6 address " 10073 { 
			brieflist = 1;
			ipversion = 6;
			subnet_type = host; 
		}
		ATTR DATASOURCE "interface" "interface" 10074 {
			parseflag = "must";
			brieflist = 1;
			datasource = "440";
		}	
		ATTR INT "index" "virtual IP index" 10075 {
			brieflist = 1;
			defaultval = 0;
		}
	}
}

GLOBAL COMPLEX "system manager" "system manager" 530 {
	#parseflag = @{all=skip;FWB_VM|FWB_XENOPEN|FWB_XENSERVER|FWB_XENAWS|FWB_AWSCLD|FWB_GCP|FWB_GCP_ONDEMAND|FWB_HYPERV|FWB_AZURE|FWB_AZRCLD|FWB_AZURE_ONDEMAND|FWB_XENAWS_ONDEMAND|FWB_KVM|FWB_VM_PAYG|FWB_KVM_PAYG|FWB_VBOX|FWB_DOCKER|FWB_OCI|FWB_OCI_ONDEMAND=null};
	parseflag = @{all=skip;FWB_AZURE_ONDEMAND|FWB_AWSCLD|FWB_XENAWS_ONDEMAND=null};
	ha_not_sync = 2;
	ATTR OPTION "mode" "mode" 531 {
		CHOICES {
			server == 1 ::: "manager server mode";
			client == 2 ::: "manager client mode";
			standalone  == 0 ::: "standalone mode";
		}
		defaultval = standalone;
	}
	
	ATTR OPTION "server-type" "server type" 532 {
		CHOICES {
			physical == 1 ::: "physical server";
			#domain == 2 ::: "domain server";
		}
		defaultval = physical;
		condition = 531:eq:2;
	}

	ATTR IPADDR "server-ip" "manager server ip address" 533 {
		defaultval = "0.0.0.0";
		brieflist = 1;
		condition = 531:EQ:2;
		condition = 532:EQ:1;
		subnet_type = host;
	}
	
	ATTR STRING "server-domain" "manager server domain name" 534 {
		#parseflag = "must";
		parseflag = "hidden";
		condition = 531:EQ:2;
		condition = 532:EQ:2;
	}
	
	ATTR INT "server-port" "manager mode server port" 535 {
		defaultval = 996;
		VALIDATE RANGE 1:65535;
		brieflist = 1;
		condition = 531:ne:0;
	}
	
	ATTR INT "config-sync-port" "manager mode config sync port" 536 {
		defaultval = 997;
		VALIDATE RANGE 1:65535;
		brieflist = 1;
		condition = 531:ne:0;
	}	
	
	ATTR INT "connection-interval" "send connection packets interval, range 1-20 (500ms)" 537 {
		VALIDATE RANGE 1:20;
		defaultval = 2;
		condition = 531:ge:1;
	}
	
	ATTR INT "connection-lost-threshold" "connection threshold for failed, range 10-60" 538 {
		VALIDATE RANGE 1:60;
		defaultval = 10;
		condition = 531:ge:1;
	}

	ATTR STRING "callback-url" "Function APP or API gateway endpoint" 539 {
		condition = 531:ne:0;
	}	
	
	ATTR INT "callback-interval" "Interval of sending request to function APP, range 10-600 (second)" 528 {
		VALIDATE RANGE 10:600;
		defaultval = 30;
	}
	
	ATTR IPADDR "server-public-ip" "manager server public ip address" 529 {
		defaultval = "0.0.0.0";
		brieflist = 1;
		condition = 531:ne:0;
	}	
}

GLOBAL COMPLEX "system ha" "system ha" 550 {
	parseflag = @{all=null;FWB_CMINTF|FWB_VBOX|FWB_GCP|FWB_GCP_ONDEMAND|FWB_DOCKER|FWB_DOCKER_100|FWB_DOCKER_500|FWB_DOCKER_2000=skip};
	ha_not_sync = 1;
	ATTR OPTION "mode" "mode" 551 {
		CHOICES {
			active-passive == 1 ::: "active-passive mode";
			active-active-standard == 2 ::: "active-active-standard mode";
			active-active-high-volume == 3 ::: "active-active-high-volume mode";
			standalone  == 0 ::: "standalone mode";
		}
		defaultval = standalone;
	}
	ATTR INT "group-id" "group id, range 0-63" 552 {
		VALIDATE RANGE 0:63;
#		parseflag = "must";
		condition = 551:ge:1;
	}
	ATTR STRING "group-name" "group name" 553 {
		condition = 551:ge:1;
	}
	ATTR INT "priority" "priority value, range 0-9" 554 {
		VALIDATE RANGE 0:9;
		defaultval = 5;
		ha_not_sync = 2;
		condition = 551:ge:1;
	}
	ATTR OPTION_EN "override" "master HA unit overriding" 555 {
		defaultval = disable;
		condition = 551:ge:1;
	}
	ATTR OPTION "network-type" "The network on which heartbeat and sync are based" 588 {
		parseflag =@{all=hidden;FWB_KVM|FWB_KVM_PAYG=null};
		CHOICES {
			flat == 0 ::: "normal network";
			udp-tunnel == 1 ::: "udp tunnel network";
		}
		defaultval =@{all=flat;FWB_XENAWS|FWB_AWSCLD|FWB_XENAWS_ONDEMAND|FWB_AZURE|FWB_AZRCLD|FWB_AZURE_ONDEMAND|FWB_KVM|FWB_KVM_PAYG|FWB_OCI|FWB_OCI_ONDEMAND=udp-tunnel};
		condition = 551:GE:1;
		condition = 491:EQ:2;
	}
	ATTR IPADDR "tunnel-local" "Local IPv4 address for HA tunnel" 589 {
		defaultval = "0.0.0.0";
		brieflist = 1;
		condition = 551:GE:1;
		condition = 588:EQ:1;
		condition = 491:EQ:2;
		subnet_type = host;
		ha_not_sync = 2;
	}
	ATTR IPADDR "tunnel-peer" "Peer IPv4 address for HA tunnel" 590 {
		defaultval = "0.0.0.0";
		brieflist = 1;
		condition = 551:GE:1;
		condition = 588:EQ:1;
		condition = 491:EQ:2;
		subnet_type = host;
		ha_not_sync = 2;
	}
	ATTR DATASOURCE "hbdev" "heartbeat interfaces" 556 {
		datasource = "440";
		condition = 551:GE:1;
		condition = 588:EQ:0;
		filter = 442:eq:0;
	}
	ATTR DATASOURCE "hbdev-backup" "backup heartbeat interfaces" 557 {
		datasource = "440";
		condition = 551:GE:1;
		condition = 588:EQ:0;
		filter = 442:eq:0;
	}
	ATTR INT "boot-time" "boot time for Heartbeat, rang 1-100 (s)" 558 {
		VALIDATE RANGE 1:100;
		defaultval = 30;
		condition = 551:ge:1;
	}
	ATTR INT "hb-interval" "heartbeat interval, range 1-20 (100ms)" 559 {
		VALIDATE RANGE 1:20;
		defaultval = 3;
		condition = 551:ge:1;
	}
	ATTR INT "hb-lost-threshold" "heartbeat threshold for failed, range 1-60" 560 {
		VALIDATE RANGE 1:60;
		defaultval = 3;
		condition = 551:ge:1;
	}
	ATTR INT "arps" "gratuitous ARP or neighbour solicitation, range 1-16" 561 {
		VALIDATE RANGE 1:16;
		defaultval = 10;
		condition = 551:ge:1;
		condition = 588:EQ:0;
	}
	ATTR INT "arp-interval" "ARP/NS interval, range 1-20" 562 {
		VALIDATE RANGE 1:20;
		defaultval = 3;
		condition = 551:ge:1;
		condition = 588:EQ:0;
	}
	ATTR DATASOURCE "monitor" "interfaces to monitor" 563 {
		multi_attr = int;
		brieflist = 1;
		datasource = "440";
		condition = 551:ge:1;
	}
	ATTR PASSWD "key" "16 hex number for HA" 566 { 
		ha_not_sync = 2; 
		defaultval = "fffffffe12345678";
		condition = 551:GE:1;
		condition = 996:EQ:1;
	}
	ATTR OPTION_EN "lacp-ha-slave" "enable/disable" 567 {
		brieflist = 1;
		defaultval = enable;	
		condition = 551:ge:1;
		condition = 588:EQ:0;
	}
	ATTR OPTION_EN "ha-mgmt-status" "enable/disable manager port" 569 {
		brieflist = 1;
		defaultval = disable;
		condition = 551:eq:1;
		condition = 551:eq:2;
		condition = 588:EQ:0;
	}	
	ATTR DATASOURCE "ha-mgmt-interface" "manager port interface" 570 {
		multi_attr = int;
		brieflist = 1;
		datasource = "440";
		condition = 569:eq:1;
		condition = 551:GE:1;
		condition = 588:EQ:0;
	}
	ATTR OPTION_EN "session-pickup" "enable/disable session sync" 583 {
		brieflist = 1;
		defaultval = disable;
		condition = 551:eq:2;
		condition = 588:EQ:0;
	}
	ATTR DATASOURCE "session-sync-dev" "session sync interfaces" 571 {
		brieflist = 1;
		datasource = "440";
		condition = 583:EQ:1;
		condition = 551:EQ:2;
		condition = 588:EQ:0;
		filter = 442:eq:0;
	}
	ATTR OPTION_EN "session-sync-broadcast" "enable/disable session sync broadcast" 572 {
		brieflist = 1;
		defaultval = disable;
		condition = 583:EQ:1;
		condition = 551:EQ:2;
		condition = 588:EQ:0;
	}
	ATTR INT "session-warm-up" "session warm-up time, range 5-120(s)" 573 {
		VALIDATE RANGE 5:120;
		defaultval = 10;
		condition = 551:eq:2;
	}
	ATTR OPTION "schedule" "schedule" 574 {
		CHOICES {
			ip == 1 ::: "Source IP.";
			round-robin == 2 ::: "Round robin.";
#			weight-round-robin == 3 ::: "Round robin.";
			leastconnection == 4 ::: "Least connection.";
		}
		condition = 551:eq:2;
		condition = 588:EQ:0;
		defaultval = ip;
	}
	ATTR INT "weight-1" "weight for No.1 unit in Source IP schedule, range 0-255" 575 {
		VALIDATE RANGE 0:255;
		defaultval = 40;
		condition = 551:EQ:2;
		condition = 574:EQ:1;
		condition = 588:EQ:0;
	}
	ATTR INT "weight-2" "weight for No.2 unit in Source IP schedule, range 0-255" 576 {
		VALIDATE RANGE 0:255;
		defaultval = 40;
		condition = 551:EQ:2;
		condition = 574:EQ:1;
		condition = 588:EQ:0;
	}
	ATTR INT "weight-3" "weight for No.3 unit in Source IP schedule, range 0-255" 577 {
		VALIDATE RANGE 0:255;
		defaultval = 40;
		condition = 551:EQ:2;
		condition = 574:EQ:1;
		condition = 588:EQ:0;
	}
	ATTR INT "weight-4" "weight for No.4 unit in Source IP schedule, range 0-255" 578 {
		VALIDATE RANGE 0:255;
		defaultval = 40;
		condition = 551:EQ:2;
		condition = 574:EQ:1;
		condition = 588:EQ:0;
	}
	ATTR INT "weight-5" "weight for No.5 unit in Source IP schedule, range 0-255" 579 {
		VALIDATE RANGE 0:255;
		defaultval = 40;
		condition = 551:EQ:2;
		condition = 574:EQ:1;
		condition = 588:EQ:0;
	}
	ATTR INT "weight-6" "weight for No.6 unit in Source IP schedule, range 0-255" 580 {
		VALIDATE RANGE 0:255;
		defaultval = 40;
		condition = 551:EQ:2;
		condition = 574:EQ:1;
		condition = 588:EQ:0;
	}
	ATTR INT "weight-7" "weight for No.7 unit in Source IP schedule, range 0-255" 581 {
		VALIDATE RANGE 0:255;
		defaultval = 40;
		condition = 551:EQ:2;
		condition = 574:EQ:1;
		condition = 588:EQ:0;
	}
	ATTR INT "weight-8" "weight for No.8 unit in Source IP schedule, range 0-255" 582 {
		VALIDATE RANGE 0:255;
		defaultval = 40;
		condition = 551:EQ:2;
		condition = 574:EQ:1;
		condition = 588:EQ:0;
	}
	ATTR OPTION_EN "link-failed-signal" "enable/disable link failed signal" 584 {
		brieflist = 1;
		defaultval = disable;
		condition = 551:ge:1;
		condition = 588:EQ:0;
	}
	ATTR OPTION_EN "l7-persistence-sync" "enable/disable persistence sync" 587 {
		brieflist = 1;
		defaultval = disable;
		condition = 551:eq:1;
	}
	ATTR IPADDR "eip-addr" "The Elastic IP address" 591 {
		parseflag =@{all=skip;FWB_XENAWS|FWB_AWSCLD|FWB_XENAWS_ONDEMAND=null};
		defaultval = "0.0.0.0";
		brieflist = 1;
		condition = 551:eq:1;
	}
	ATTR STRING "eip-aid" "The allocation ID of the Elastic IP address(Required for EC2-VPC)" 592 {
		parseflag =@{all=skip;FWB_XENAWS|FWB_AWSCLD|FWB_XENAWS_ONDEMAND=null};
		brieflist = 1;
		condition = 551:eq:1;
	}
	ATTR STRING "ha-eth-type" "HA heartbeat packet Ethertype (4-digit hex), range 0x8890-0x889F" 593 {
		brieflist = 1;
		defaultval = "8890";
		condition = 551:ge:1;
		condition = 588:EQ:0;
		ha_not_sync = 2;
	}
	ATTR STRING "hc-eth-type" "Tuple session HA heartbeat packet Ethertype (4-digit hex), range 0x8890-0x889F" 594 {
		brieflist = 1;
		defaultval = "8891";
		condition = 551:ge:1;
		condition = 588:EQ:0;
		ha_not_sync = 2;
	} 
	ATTR STRING "hbcast-eth-type" "Broadcast HA heartbeat packet Ethertype (4-digit hex), range 0x8890-0x889F" 595 {
		brieflist = 1;
		defaultval = "8893";
		condition = 551:ge:1;
		condition = 588:EQ:0;
		ha_not_sync = 2;
	}
	ATTR STRING "l2ep-eth-type" "Telnet session HA heartbeat packet Ethertype (4-digit hex), range 0x8890-0x889F" 596{
		brieflist = 1;
		defaultval = "8894";
		condition = 551:ge:1;
		condition = 588:EQ:0;
		ha_not_sync = 2;
	}
	ATTR OPTION_EN "server-policy-hlck" "HA AA server policy health check" 597 {
		parseflag = @{all=null;FWB_XENAWS|FWB_AWSCLD|FWB_XENAWS_ONDEMAND|FWB_AZURE|FWB_AZRCLD|FWB_AZURE_ONDEMAND|FWB_GCP|FWB_GCP_ONDEMAND|FWB_OCI|FWB_OCI_ONDEMAND=skip};
		defaultval = disable;
		condition = 551:EQ:2;
		condition = 491:EQ:2;
		condition = 588:EQ:0;
	}
	ATTR OPTION_EN "multi-cluster" "enable/disable multi cluster" 598 {
		parseflag = "hidden";
		brieflist = 1;
		defaultval = disable;
		condition = 491:EQ:2;
		condition = 551:EQ:3;
	}
	ATTR OPTION "multi-cluster-group" "multi cluster group" 624 {
		CHOICES {
			primary == 0;
			secondary == 1;
		}
		parseflag = "hidden";
		defaultval = primary;
		condition = 598:EQ:1;
		brieflist = 1;
		ha_not_sync = 2;
	}
	ATTR OPTION "multi-cluster-switch-by" "nodes availability or policies availability" 625 {
		CHOICES {
			nodes_availability == 0;
			policies_availability == 1;
		}
		parseflag = "hidden";
		defaultval = nodes_availability;
		condition = 598:EQ:1;
		brieflist = 1;
	}
	ATTR OPTION_EN "multi-cluster-move-primary-cluster" "move to primary cluster group when nodes availability or policies availability of primary cluster group is equal to secondary cluster group" 626 {
		defaultval = disable;
		parseflag = "hidden";
		condition = 598:EQ:1;
		brieflist = 1;
	}
}

GLOBAL TABLE "system ha-mgmt-router-static" "static route configuration of ha mgmt" 10000 {
	ha_not_sync = 2;
	condition = 551:eq:1;
	condition = 551:eq:2;
	condition = 588:EQ:0;
	parseflag = @{all=null;FWB_CMINTF|FWB_VBOX|FWB_GCP|FWB_GCP_ONDEMAND|FWB_DOCKER|FWB_DOCKER_100|FWB_DOCKER_500|FWB_DOCKER_2000=skip};
	TABLENAME INT "<No.>" "The number of the route.(0~65535)" 10001 {
		VALIDATE RANGE 0:65535;
		ATTR IPADDR_MASK "dst" "Destination(IPv4/IPv6) for this route" 10002 {
			#defaultval="0.0.0.0";
			brieflist = 1;
			subnet_type = network; # by default is network ip
		}
		ATTR IPADDR "gateway" "Gateway(IPv4/IPv6) for this route" 10003 {
			defaultval="0.0.0.0";
			brieflist = 1;
		}
		ATTR DATASOURCE "device" "Gateway out interface device" 10004 {
			datasource = "440";
		}
	}
}

GLOBAL TABLE "system ha-mgmt-router-policy" "policy route configuration of ha mgmt" 10030 {
	ha_not_sync = 2;
	condition = 551:eq:1;
	condition = 551:eq:2;
	condition = 588:EQ:0;
	parseflag = @{all=null;FWB_CMINTF|FWB_VBOX|FWB_GCP|FWB_GCP_ONDEMAND|FWB_DOCKER|FWB_DOCKER_100|FWB_DOCKER_500|FWB_DOCKER_2000=skip};
	TABLENAME INT "<No.>" "The id of the route.(0~65535)" 10031 {
		VALIDATE RANGE 0:65535;
		ATTR IPADDR_MASK "src" "Source(IPv4/IPv6) for this route" 10032 {
			#defaultval="0.0.0.0";
			brieflist = 1;
			subnet_type = network; # by default is network ip
		}
		ATTR IPADDR_MASK "dst" "Destination(IPv4/IPv6) for this route" 10033 {
			#defaultval="0.0.0.0";
			brieflist = 1;
			subnet_type = network; # by default is network ip
		}
		ATTR IPADDR "gateway" "Gateway(IPv4/IPv6) for this route" 10034 {
			defaultval="0.0.0.0";
			brieflist = 1;
		}
		ATTR DATASOURCE "iif" "Gateway in interface device" 10035 {
			datasource = "440";
		}
		ATTR DATASOURCE "oif" "Gateway out interface device" 10036 {
			datasource = "440";
		}
		ATTR INT "priority" "Priority for this route" 10037 {
			VALIDATE RANGE 1:200;
			defaultval = 200;
			brieflist = 1;
		}
	}
}

GLOBAL TABLE "system ha-node" "system ha node" 10050 {
	condition = 551:EQ:3;
	condition = 491:EQ:2;
	condition = 588:EQ:0;
	parseflag = @{all=null;FWB_CMINTF|FWB_VBOX|FWB_GCP|FWB_GCP_ONDEMAND|FWB_DOCKER|FWB_DOCKER_100|FWB_DOCKER_500|FWB_DOCKER_2000=skip};
	TABLENAME STRING "<No.>" "The HA node number of cluster.(1~8)" 10051 {
		VALIDATE RANGE 1:8;
		ATTR STRING "sn" "HA node device SN" 10052 {
			VALIDATE NO_XSS RELAXED;
			brieflist = 1;
		}
	}
}

GLOBAL TABLE "system ha-traffic-distribution" "system ha traffic distribution" 10060 {
	condition = 551:EQ:3;
	condition = 491:EQ:2;
	condition = 588:EQ:0;
	parseflag = @{all=null;FWB_CMINTF|FWB_VBOX|FWB_GCP|FWB_GCP_ONDEMAND|FWB_DOCKER|FWB_DOCKER_100|FWB_DOCKER_500|FWB_DOCKER_2000=skip};
	TABLENAME STRING "name" "HA traffic distribution name" 10061 {
		VALIDATE NO_XSS RELAXED;
		ATTR DATASOURCE "node-order" "HA node order or Primary node order" 10062 {
			multi_attr = int;
			brieflist = 1;
			datasource = "10050";
		}
		ATTR DATASOURCE "secondary-node-order" "HA Secondary node order" 10063 {
			parseflag = "hidden";
			multi_attr = int;
			brieflist = 1;
			datasource = "10050";
			condition = 598:eq:1;
		}
		ATTR DATASOURCE "vip-list" "all VIP list in HA traffic group" 10064 {
			multi_attr = int;
			brieflist = 1;
			datasource = "10070";
		}
	}
}

GLOBAL TABLE "system wccp" "system wccp service" 380 {
	parseflag = @{all=null;FWB_DOCKER=skip};
	TABLENAME INT "service-id" "service id range 0~255" 381 {
		ATTR IPADDR "cache-id" "IP address which is known by all routers." 382 {
			brieflist = 1;
			ipversion = 4;
			subnet_type = host;
			
		}
		ATTR IPADDR "router-list" "Addresses of potential routers." 383 {
			brieflist = 1;
			ipversion = 4;
			subnet_type = host;
		}
		ATTR IPADDR "group-address" "IP multicast address." 384 {
			brieflist = 1;
			ipversion = 4;
			subnet_type = host;
		}
		ATTR OPTION_EN "authentication" "Enable/disable MD5 authentication." 386 {
			defaultval = disable;
		}
		ATTR PASSWD "password" "Password of MD5 authentication." 387 {
			condition = 386:EQ:1;
		}
		ATTR OPTION "cache-engine-method" "Method traffic is forwarded to route or returned to cache engine." 388 {
			CHOICES {
				GRE == 1 ::: "GRE encapsulation.";
				L2 == 2 ::: "L2 rewrite.";
			}
			defaultval = GRE;
			brieflist = 1;
		}

		ATTR INT "ports" "Service ports." 389 {
			brieflist = 1;
#			condition = 385:EQ:2;
			condition = 381:GT:50;
#			condition = 385:eq:1;
			defaultval = 80;
			VALIDATE RANGE 0:65535;
		}

		ATTR OPTION "primary-hash" "Hash method." 390 {
			multi_opt = 1;
			CHOICES {
				src-ip == 1: SET :: "Source IP hash.";
				dst-ip == 2: SET :: "Destination IP hash.";
				src-port == 4: SET :: "Source port hash.";
				dst-port == 8: SET :: "Destination port hash.";
#				ports-defined == 16: SET :: "Ports defined service.";
#				ports-source == 32: SET :: "Ports source service.";
			}
			defaultval = src-ip;
			condition = 381:GT:50;
			brieflist = 1;
		}
		ATTR INT "priority" "Service priority." 391 {
			brieflist = 1;
			condition = 381:GT:50;
			VALIDATE RANGE 0:255;
		}
		ATTR INT "protocol" "Service protocol." 392 {
			brieflist = 1;
			condition = 381:GT:50;
			defaultval = 6;
			VALIDATE RANGE 1:255;
		}
		ATTR INT "assignment-weight" "Cache server hash weight." 393 {
			brieflist = 1;
			VALIDATE RANGE 0:255;
		}
		ATTR OPTION "assignment-bucket-format" "Hash table bucket format." 394 {
			CHOICES {
				cisco-implementation == 0 ::: "Cisco bucket format.";
				wccp-v2 == 1 ::: "WCCP-v2 bucket format.";
			brieflist = 1;
			defaultval = cisco-implementation; 
			}
		}
		ATTR OPTION_EN "return-to-sender" "Enable/disable send return to WCCP router." 395 {
			condition = 388:eq:1;
			defaultval = enable;
		}
	}
}

GLOBAL TABLE "system v-zone" "v-zone settings" 600 {
        TABLENAME STRING "name" "v-zone name" 601 {
                VALIDATE NO_XSS RELAXED;
                brieflist = 1;
#                ATTR IPADDR_MASK "ip" "IP address of v-zone" 602 {
#                        brieflist = 1;
#                        ipversion = 4;
#                        subnet_type = host;
#                }
                ATTR INT "flag" "flag" 605 {
                        brieflist = 1;
                        parseflag = "hidden,readonly";
                }
                ATTR DATASOURCE "interfaces" "v-zone member" 603 {
                        datasource = "440";
                        brieflist = 1;
                }
                ATTR INT "mtu" "mtu, range 512-9216 in ipv4, 1280-9216 in ipv6" 606 {
                        brieflist = 1;
			VALIDATE RANGE 512:9216;
			defaultval = 1500;
                }
                ATTR OPTION_EN "monitor" "monitor v-zone member and keep them to same link status" 607 {
			brieflist = 1;
			defaultval = disable;
                }
                ATTR DATASOURCE "use-interface-macs" "v-zone use interface member mac" 608 {
                        datasource = "440";
                        brieflist = 1;
                }
		ATTR OPTION_EN "use-front-macs" "v-zone use front macs" 609 {
			condition = 491:eq:1;
			defaultval = disable;
			brieflist = 1;
		}
		ATTR OPTION_EN "multicast-snooping" "v-zone multicast snooping" 602 {
			condition = 491:eq:1;
			defaultval = enable;
			brieflist = 1;
		}
	}
}

GLOBAL COMPLEX "system conf-sync" "system configuration synchronization" 610 {
	ATTR IPADDR "ip" "IP address of counterpart FortiWEB" 611 {
		brieflist = 1;
		ipversion = 4;
		subnet_type = host;
	}
	ATTR PASSWD "password" "admin password of the counterpart FortiWEB" 612 {
#		defaultval = "$5$1231212121212$NxpTvbDA4tzyHD/2Wrvg1oWqVbcnI3q8.s7l/HEyuO/";
		brieflist = 1;
	}
	ATTR OPTION "sync-type" "config sync type" 613 {
		CHOICES {
			partial-sync == 1;
			full-sync == 2;
		}
		defaultval = partial-sync;
		brieflist = 1;
	}
	ATTR INT "server-port" "config sync server port" 614 {
		defaultval = 995;
		VALIDATE RANGE 1:65535;
		brieflist = 1;
	}
	ATTR OPTION_EN "auto-sync" "auto config sync" 615 {
		defaultval = disable;
		brieflist = 1;
	}
	ATTR OPTION "frequency" "configure the update frequency" 616 {
		CHOICES {
			every == 0 ::: "time interval";
			daily == 1 ::: "every day";
			weekly == 2 ::: "every week";
		}
		defaultval = daily;
		condition = 615:eq:1;
	}
	ATTR USER "time" "configure the update time" 617 {
		condition = 615:eq:1;
	}
	ATTR OPTION "day" "configure the update day" 618 {
		CHOICES {
			Sunday 	  == 0 ::: "update every Sunday";
			Monday	  == 1 ::: "update every Monday";
			Tuesday   == 2 ::: "update every Tuesday";
			Wednesday == 3 ::: "update every Wednesday";
			Thursday  == 4 ::: "update every Thursday";
			Friday    == 5 ::: "update every Friday";
			Saturday  == 6 ::: "update every Saturday";
		}
		defaultval = Monday;
		condition = 616:eq:2;
	}
}

GLOBAL COMPLEX "system aws-synconf" "system configuration synchronization regularly" 710 {
	#parseflag = @{all=skip;FWB_XENAWS|FWB_AWSCLD=null};
	parseflag = @{all=skip};
	ATTR IPADDR "ip" "IP address of counterpart FortiWeb" 711 {
		brieflist = 1;
		ipversion = 4;
		subnet_type = host;
	}
	ATTR INT "port" "config counterpart FortiWeb server port" 712 {
		defaultval = 995;
		VALIDATE RANGE 1:65535;
		brieflist = 1;
	}
	ATTR PASSWD "password" "admin password of the counterpart FortiWEB" 713 {
		defaultval = "admin";
		brieflist = 1;
	}
	ATTR INT "interval" "config aws-synconf interval" 714 {
		defaultval = 0;
		VALIDATE RANGE 0:5;
		brieflist = 1;
	}


}

GLOBAL TABLE "system backup" "system ftp backup" 810 {
	TABLENAME STRING "name" "backup name" 811 {
		VALIDATE NO_XSS RELAXED;
		brieflist = 1;
		ATTR OPTION "config-type" "config type" 812 {
			CHOICES {
				full-config == 0 ::: "full config";
				cli-config == 1 ::: "cli config";
				waf-config == 2 ::: "waf config";
			}
			defaultval = cli-config;
			brieflist = 1;
		}
		ATTR OPTION "schedule_type" "schedule type" 813 {
			CHOICES {
				now == 0 ::: "now";
				days == 1 ::: "Specific days of the week";
			}
			defaultval = now;
			brieflist = 1;
		}
		ATTR OPTION "schedule_days" "specify days of the week to run reports" 814 {
			CHOICES {
				sun == 1 : SET :: "Sunday";
				mon == 2 : SET :: "Monday";
				tue == 4 : SET :: "Tuesday";
				wed == 8 : SET :: "Wednesday";
				thu == 16 : SET :: "Thursday";
				fri == 32 : SET :: "Friday";
				sat == 64 : SET :: "Saturday";
			}
#			condition = 813:eq:1; 
			multi_opt = 1;
			brieflist = 1;
		}
		ATTR USER "schedule_time" "specify time of the day to run reports <hh:mm>" 815 {
#			condition = 813:eq:1;
			brieflist = 1;
		}
		ATTR STRING "ftp-server" "ftp server" 816 {
			VALIDATE HOSTNAME RELAXED;
			brieflist = 1;
			parseflag = "must";
		}
		ATTR STRING "ftp-dir" "ftp dir" 817 {
			brieflist = 1;
			parseflag = "must";
		}
		ATTR OPTION_EN "ftp-auth" "ftp auth" 818 {
			defaultval = disable;
			brieflist = 1;
		}
		ATTR STRING "ftp-user" "ftp user" 819 {
			VALIDATE NO_XSS RELAXED;
			brieflist = 1;
#			parseflag = "must";
#			condition = 818:eq:1;
		}
		ATTR PASSWD "ftp-passwd" "ftp passwd" 820 {
			brieflist = 1;
#			parseflag = "must";
#			condition = 818:eq:1;
		}
		ATTR OPTION "protocol-type" "protocol type" 821 {
			CHOICES {
				ftp == 0 ::: "ftp backup";
				sftp == 1 ::: "sftp backup";
			}
			defaultval = ftp;
			brieflist = 1;
		}
		ATTR OPTION_EN "encryption" "use encrypt" 822 {
			defaultval = disable;
			brieflist = 1;
		}
		ATTR PASSWD "encryption-passwd" "encrypt password" 823 {
			brieflist = 1;
		}
		ATTR INT "flag" "flag" 824 {
			parseflag = "hidden";
		}
	}
}

GLOBAL COMPLEX "system dns" "Domain Name Server" 620 {
	ATTR IPADDR "primary" "Primary DNS" 621 {
		defaultval = "8.8.8.8";
	}
	ATTR IPADDR "secondary" "Secondary DNS" 622 {
		defaultval = "0.0.0.0";
	}
	ATTR STRING "domain" "local domain name" 623 {
		brieflist = 1;
	}
}

GLOBAL COMPLEX "system eventhub" "Azure EventHub" 640 {
	parseflag = @{all=skip;FWB_AZURE_ONDEMAND|FWB_AZRCLD|FWB_AZURE=null};
	ATTR OPTION_EN "status" "status" 641 {
		defaultval = disable;
	}
	ATTR STRING "appliance_id" "appliance_id" 642 {
		parseflag = "must";
		condition = 641:eq:1;
	}
	ATTR STRING "policy_saskey" "policy_saskey" 643 {
		parseflag = "must";
		condition = 641:eq:1;
	}
	ATTR STRING "policy_name" "policy_name" 644 {
		parseflag = "must";
		condition = 641:eq:1;
	}
	ATTR STRING "eventhub_name" "eventhub_name" 645 {
		parseflag = "must";
		condition = 641:eq:1;
	}
	ATTR STRING "servicebus_namespace" "servicebus_namespace" 646 {
		parseflag = "must";
		condition = 641:eq:1;
	}
}

GLOBAL COMPLEX "system snmp sysinfo" "snmp system info configuration" 630 {
	ATTR OPTION_EN "status" "enable/disable" 631 {
		defaultval = disable;
	}
	ATTR STRING "engine-id" "Local SNMP engineID string (maximum 24 characters)." 632 {
		VALIDATE NO_XSS RELAXED;
	}
	ATTR STRING "description" "description" 633 {
		VALIDATE NO_XSS RELAXED;
	}
	ATTR STRING "contact-info" "contact information" 634 {
		VALIDATE NO_XSS RELAXED;
	}
	ATTR STRING "location" "location" 635 {
		VALIDATE NO_XSS RELAXED;
	}
}

GLOBAL TABLE "system snmp community" "snmp community configuration" 650{
	TABLENAME INT "<No.>" "The number of community" 651 {
		ATTR STRING "name" "community name" 652 {
			VALIDATE NO_XSS RELAXED;
			parseflag = "must";
		}
		ATTR OPTION_EN "status" "enable/disable" 653 {
			defaultval = enable;
		}
		TABLE "hosts" "allow hosts configuration" 654 {
			TABLENAME INT "id" "host entry id" 655{	
				ATTR IPADDR "ip" "Class A,B,C ip xxx.xxx.xxx.xxx or IPv6" 656 {
#parseflag = "must";
				        defaultval = "0.0.0.0";
#ipversion = 4;
				        subnet_type = host;
				        brieflist = 1;
				}	
#		ATTR DATASOURCE "interface" "allow interface name" 657 {
#					datasource = "440";
#				}
			}	
		}
		ATTR OPTION_EN "query-v1-status" "enable/disable snmp v1 query" 658 {
			defaultval = enable;
		}
		ATTR INT "query-v1-port" "snmp v1 query port" 659 {
                        VALIDATE RANGE 1:65535;
                        brieflist = 1;
                        defaultval = 161;
                }
		ATTR OPTION_EN "query-v2c-status" "enable/disable snmp v2c query" 660 {
			defaultval = enable;
		}
		ATTR INT "query-v2c-port" "snmp v2c query port" 661 {
                        VALIDATE RANGE 1:65535;
                        brieflist = 1;
                        defaultval = 161;
                }
		ATTR OPTION_EN "trap-v1-status" "enable/disable snmp v1 trap" 662 {
			defaultval = enable;
		}
		ATTR INT "trap-v1-lport" "snmp v1 trap local port" 663 {
                        VALIDATE RANGE 1:65535;
                        brieflist = 1;
                        defaultval = 162;
                }
		ATTR INT "trap-v1-rport" "snmp v1 trap remote port" 664 {
                        VALIDATE RANGE 1:65535;
                        brieflist = 1;
                        defaultval = 162;
                }
		ATTR OPTION_EN "trap-v2c-status" "enable/disable snmp v2c trap" 665 {
			defaultval = enable;
		}
		ATTR INT "trap-v2c-lport" "snmp v2c trap local port" 666 {
                        VALIDATE RANGE 1:65535;
                        brieflist = 1;
                        defaultval = 162;
                }
		ATTR INT "trap-v2c-rport" "snmp v2c trap remote port" 667 {
                        VALIDATE RANGE 1:65535;
                        brieflist = 1;
                        defaultval = 162;
                }
		ATTR OPTION "events" "SNMP Traps" 668 {
			multi_opt = 1;
			brieflist = 1;
			CHOICES {
				cpu-high == 0x00000001: SET::"CPU usage is high";
				mem-low == 0x00000002: SET::"Memory usage is high";
				log-full == 0x00000004: SET::"available log space is low";
				intf-ip == 0x00000008: SET::"interface IP address changed";
				#sys-ha-hbfail == 0x00000010: SET::"HA heartbeat failed";
				sys-mode-change == 0x00000020: SET::"operation mode changed";
				policy-start == 0x00000040: SET::"Policy enabled";
				policy-stop == 0x00000080: SET::"Policy disabled";
				pserver-failed == 0x00000100: SET::"Physical/domain server offline";
				sys-ha-cluster-status-change == 0x00000400: SET::"HA cluster status is changed";
				sys-ha-member-join == 0x00000800: SET::"HA member join";
				sys-ha-member-leave == 0x00040000: SET::"HA member leave";
				waf-amethod-attack == 0x00100000: SET::"Unallowed HTTP method detected";
				waf-signature-detection == 0x00080000: SET::"Attack detected by signatures";
				waf-url-access-attack == 0x002000000: SET::"Invalid URL access detected";
				waf-spage-attack == 0x00400000: SET::"Invalid start page detected";
				waf-pvalid-attack == 0x00800000: SET::"Invalid parameter detected";
				waf-blogin-attack == 0x04000000: SET::"Brute force login detected";
				#waf-robot-attack == 0x08000000: SET::"WAF robot control trap";
				waf-hidden-fields == 0x01000000: SET::"Invalid hidden field detected";
				waf-access-attack == 0x0200000: SET::"Invalid page order detected";
				netlink-up-status == 0x100000000: SET::"Network link up";
				netlink-down-status == 0x200000000: SET::"Network link down";
				power-supply-failure == 0x400000000: SET::"Power supply failure detected";
			}
		}		
	}
}

GLOBAL TABLE "system snmp user" "snmp user configuration" 1152{
	TABLENAME STRING "name" "unique snmp user name" 1154 {
		VALIDATE NO_XSS RELAXED;
		ATTR OPTION_EN "status" "set snmp user status" 1155 {
			brieflist = 1;
			defaultval = enable;
		}
		ATTR OPTION "security-level" "set snmp user security level" 1156 {
			CHOICES {
				noauthnopriv == 1;
				authnopriv == 2;
				authpriv == 3;
			}
			brieflist = 1;
			defaultval = noauthnopriv;
		}
		ATTR OPTION "auth-proto" "set snmp user auth algorithm" 1157 {
			CHOICES {
				sha1 == 1;
				md5 == 2;
			}
			condition = 1156:eq:2;
			condition = 1156:eq:3;
			brieflist = 1;
			defaultval = sha1;
		}
		ATTR PASSWD "auth-pwd" "set snmp user auth password" 1158 {
			parseflag = "must";
			condition = 1156:eq:2;
			condition = 1156:eq:3;
		}
		ATTR OPTION "priv-proto" "set snmp user private algorithm" 1159 {
			CHOICES {
				aes == 1;
				des == 2;
			}
			condition = 1156:eq:3;
			brieflist = 1;
			defaultval = aes;
		}
		ATTR PASSWD "priv-pwd" "set snmp user private password" 1160 {
			parseflag = "must";
			condition = 1156:eq:3;
		}
		ATTR OPTION_EN "query-status" "set snmp query status" 1161 {
			brieflist = 1;
			defaultval = enable;
		}
		ATTR INT "query-port" "set query port value of snmp" 1162 {
			defaultval = 161;
		}
		ATTR OPTION_EN "trap-status" "set snmp trap status" 1163 {
			brieflist = 1;
			defaultval = enable;
		}
		ATTR INT "trapport-local" "set local trap port value of snmp" 1164 {
			defaultval = 162;
		}
		ATTR INT "trapport-remote" "set remote trap port value of snmp" 1165 {
			defaultval = 162;
		}
		ATTR OPTION "trapevent" "Trap event allowed to be sent" 1166 {
			multi_opt = 1;
			brieflist = 1;
			CHOICES {
				cpu-high == 0x00000001: SET::"CPU usage is high";
				mem-low == 0x00000002: SET::"Memory usage is high";
				log-full == 0x00000004: SET::"available log space is low";
				intf-ip == 0x00000008: SET::"interface IP address changed";
				#sys-ha-hbfail == 0x00000010: SET::"HA heartbeat failed";
				sys-mode-change == 0x00000020: SET::"operation mode changed";
				policy-start == 0x00000040: SET::"Policy enabled";
				policy-stop == 0x00000080: SET::"Policy disabled";
				pserver-failed == 0x00000100: SET::"Physical/domain server offline";
				sys-ha-cluster-status-change == 0x00000400: SET::"HA cluster status is changed";
				sys-ha-member-join == 0x00000800: SET::"HA member join";
				sys-ha-member-leave == 0x00040000: SET::"HA member leave";
				waf-amethod-attack == 0x00100000: SET::"Unallowed HTTP method detected";
				waf-signature-detection == 0x00080000: SET::"Attack detected by signatures";
				waf-url-access-attack == 0x002000000: SET::"Invalid URL access detected";
				waf-spage-attack == 0x00400000: SET::"Invalid start page detected";
				waf-pvalid-attack == 0x00800000: SET::"Invalid parameter detected";
				waf-blogin-attack == 0x04000000: SET::"Brute force login detected";
				#waf-robot-attack == 0x08000000: SET::"WAF robot control trap";
				waf-hidden-fields == 0x01000000: SET::"Invalid hidden field detected";
				waf-access-attack == 0x0200000: SET::"Invalid page order detected";
				netlink-up-status == 0x100000000: SET::"Network link up";
				netlink-down-status == 0x200000000: SET::"Network link down";
				power-supply-failure == 0x400000000: SET::"Power supply failure detected";
			}
		}
		TABLE "hosts" "add/edit snmp user host entry" 1167 {
			TABLENAME INT "id" "host entry id" 1168 {
				ATTR IPADDR "ip" "Class A,B,C ip xxx.xxx.xxx.xxx or IPv6" 1169{
#parseflag = "must";
					defaultval = "0.0.0.0";
#ipversion = 4;
					subnet_type = host;
					brieflist = 1;
				}	
#				ATTR DATASOURCE "interface" "allow interface name" 1170{
#					datasource = "440";
#				}
			}
		}
	}
}

DOMAIN TABLE "system certificate intermediate-certificate" "intermediate certificate file" 910 {
	TABLENAME STRING "name" "intermediate certificate name" 911 {
		VALIDATE NO_XSS RELAXED;
		brieflist = 1;
		ATTR USER "certificate" "intermediate certificate PEM format string" 913{
		}
	}
}

DOMAIN TABLE "system certificate intermediate-certificate-group" "intermediate certificate group" 920 {
	TABLENAME STRING "name" "name" 921 {
		VALIDATE NO_XSS RELAXED;
		TABLE "members" "members" 922 {
			TABLENAME INT "id" "id" 923{		
				ATTR DATASOURCE "name" "intermediate certificate file" 924 {
					datasource = "910";
				}
			}	
		}
	}
}

GLOBAL COMPLEX "system network-option" "network option" 980 {
	parseflag = @{all=null;FWB_DOCKER=skip};
	ATTR OPTION_EN "tcp-timestamp" "enable/disable" 981 {
		defaultval = disable;
	}
	ATTR OPTION_EN "tcp-tw-recycle" "enable/disable" 982 {
		defaultval = enable;
	}
	ATTR OPTION_EN "ip-src-balance" "enable/disable" 983 {
		defaultval = disable;
	}
	ATTR OPTION_EN "ip6-src-balance" "enable/disable" 984 {
		defaultval = disable;
	}
	ATTR OPTION "tcp-buffer" "tcp buffer" 985 {
		CHOICES{
			default == 0 ::: "Default";
			high == 1 ::: "High";
			max == 2 ::: "Max";
		}
		defaultval = default; 
		brieflist = 1;
	}
	ATTR OPTION_EN "arp_ignore" "enable/disable" 986 {
		defaultval = disable;
	}
	ATTR INT "loopback-mtu" "config loopback mtu,range 512-65536,default is 65536" 987 {
		condition = 491:eq:1;
		VALIDATE RANGE 512:65536;
		defaultval = 65536;
		brieflist = 1;
	}
	ATTR INT "tcp-usertimeout" "network TCP user timeout" 988 {
		VALIDATE RANGE 0:600;
		defaultval = 120;
		brieflist = 1;
	}
	ATTR INT "tcp-keepcnt" "network TCP keepalive" 989 {
		VALIDATE RANGE 1:10;
		defaultval = 3;
		brieflist = 1;
	}
	ATTR INT "tcp-keepidle" "network TCP keep-idle" 990 {
		VALIDATE RANGE 5:300;
		defaultval = 60;
		brieflist = 1;
	}
	ATTR INT "tcp-keepintvl" "network TCP keep intvl" 991 {
		VALIDATE RANGE 5:60;
		defaultval = 20;
		brieflist = 1;
	}
	ATTR OPTION_EN "loopback-tso-gso" "enable/disable" 992 {
		condition = 491:eq:1;
		defaultval = enable;
		brieflist = 1;
	}
	ATTR OPTION "route-priority" "system/dhcp" 993 {
		CHOICES{
			system == 0::: "system";
			dhcp == 1 ::: "dhcp";
		}
		defaultval = system;
		brieflist = 1;
	}
	ATTR OPTION "dns-priority" "system/dhcp" 994 {
		CHOICES{
			system == 0 ::: "system";
			dhcp == 1 ::: "dhcp";
		}
		defaultval = system;
		brieflist = 1;
	}
	ATTR INT "dns-cache-timeout" "dnsproxy cache timeout time (0~60 minutes)" 979 {
		VALIDATE RANGE 0:60;
		defaultval = 0;
		brieflist = 1;
	}
	ATTR OPTION_EN "tcp-mtu-probing" "enable/disable tcp mtu probing" 978 {
		defaultval = disable;
	}
}


GLOBAL TABLE "user ntlm-user" "user ntlm-user" 1050 {
        TABLENAME STRING "name" "name" 1051 {
                VALIDATE NO_XSS RELAXED;
                brieflist =1;
                ATTR INT "port" "port" 1052 {
                        VALIDATE RANGE 1:65535;
                        brieflist = 1;
                        defaultval = 445;
                }
                ATTR IPADDR "server" "server" 1053 {
                        parseflag = "must";
                        subnet_type = network;
                        brieflist = 1;
                }
        }
}

GLOBAL TABLE "user kerberos-user" "user kerberos-user" 1080 {
    TABLENAME STRING "name" "name" 1081 {
        VALIDATE NO_XSS RELAXED;
        brieflist =1;

        ATTR STRING "realm" "kerberos realm" 1082 {
            VALIDATE NO_XSS RELAXED;
            parseflag = "must";
            brieflist = 1;
        }
		
		TABLE "server-members" "server members" 1087 {
			parseflag="keeporder";
			TABLENAME INT "<No>" "The index of user kerberos-user members" 1088 {
		        ATTR IPADDR "server" "server" 1083 {
        		    parseflag = "must";
           			subnet_type = network;
            		brieflist = 1;
        		}

        		ATTR INT "port" "port" 1084 {
            		VALIDATE RANGE 1:65535;
            		brieflist = 1;
            		defaultval = 88;
        		}
			}
		}

		ATTR OPTION_EN "status" "status: enable/disable" 1085 {
			defaultval = enable;
			brieflist = 1;
        }
		ATTR STRING "shortname" "shortname of realm" 1086 {
			VALIDATE NO_XSS RELAXED;
			brieflist = 1;
		}
    }
}

GLOBAL TABLE "user saml-user" "saml users" 1100 {
	TABLENAME STRING "name" "name" 1101 {
		VALIDATE NO_XSS RELAXED;
		brieflist = 1;
		ATTR STRING "entityID" "entityID of SAML SP" 1102 {
			parseflag = "must";
			brieflist = 1;
		}

		# preserved
		#ATTR DATASOURCE "service-certificate" "certificate for signing and encryption" 1103 {
			#datasource = "xxx";
			#parseflag = "must";
		#}

		ATTR STRING "service-path" "main path of SAML service" 1104 {
			parseflag = "must";
			VALIDATE REGEX "^/[^/]";
			brieflist = 1;
		}

		ATTR INT "session-lifetime" "session lifetime (1~24 hours)" 1105 {
			defaultval = 8;
			brieflist = 1;
			VALIDATE RANGE 1:24;
		}

		ATTR INT "session-timeout" "session timeout (1~60 minutes)" 1106 {
			defaultval = 30;
			brieflist = 1;
			VALIDATE RANGE 1:60;
		}

		ATTR OPTION "sso-bind" "SSO bind type" 1107 {
			CHOICES {
				post     == 1;
				#redirect == 2;
			}
			defaultval = post;
			brieflist = 1;
		}

		ATTR STRING "sso-path" "SSO bind path" 1108 {
			parseflag = "must";
			VALIDATE REGEX "^/[^/]";
			brieflist = 1;
		}

		ATTR OPTION "slo-bind" "SLO bind type" 1109 {
			CHOICES {
				post     == 1;
				redirect == 2;
			}
			defaultval = post;
			brieflist = 1;
		}

		ATTR STRING "slo-path" "SLO bind path" 1110 {
			parseflag = "must";
			VALIDATE REGEX "^/[^/]";
			brieflist = 1;
		}

		# for IDP Metadata
		ATTR INT "flag" "flag operation" 1111 {
			parseflag = "hidden";
		}

		ATTR OPTION_EN "enforce-signing" "sign by force" 1112 {
			defaultval = disable;
			brieflist = 1;
		}
	}
}

GLOBAL TABLE "user user-group" "user group" 1060 {
	TABLENAME STRING "name" "name" 1061 {
		VALIDATE NO_XSS RELAXED;
		brieflist = 1;
		ATTR OPTION "auth-type" "auth type" 1062 {
			CHOICES {
				basic == 1;
				digest == 2;
				NTLM == 3;
			}
			defaultval = basic;
		}
		TABLE "members" "members" 1063 {
			parseflag = "movable";
			TABLENAME INT "<No.>" "The number of user group members" 1064 {
				ATTR OPTION "type" "type " 1065 {
					CHOICES {
						local == 1 ::: "local user";
						ldap == 2 ::: "LDAP user";
						radius == 3 ::: "RADIUS user";
						ntlm == 4 ::: "NTLM user";
					}
					defaultval = local;
					brieflist = 1;
				}
				ATTR DATASOURCE "local-name" "local user" 1066 {
					brieflist = 1;
					datasource = "1000";
					condition = 1065:eq:1;
				}
				ATTR DATASOURCE "ldap-name" "ldap user" 1067 {
                                        brieflist = 1;
                                        datasource = "1020";
					condition = 1065:eq:2;
                                }
				ATTR DATASOURCE "radius-name" "radius user" 1068 {
                                        brieflist = 1;
                                        datasource = "1040";
					condition = 1065:eq:3;
                                }
				ATTR DATASOURCE "ntlm-name" "ntlm user" 1069 {
                                        brieflist = 1;
                                        datasource = "1050";
					condition = 1065:eq:4;
                                }
			}
		}
	}
}

# XXX: it's ONLY for root domain & readonly
DOMAIN TABLE "system replacemsg-admin" "replacement messages for admin" 1900 {
	TABLENAME STRING "name" "name" 1901 {
		VALIDATE NO_XSS RELAXED;
		brieflist = 1;

		ATTR STRING "msg" "message string" 1902 {
			brieflist = 1;
		}
	}
}

DOMAIN TABLE "system replacemsg-image" "replacement message images" 1910 {
	TABLENAME STRING "name" "name" 1911 {
		VALIDATE NO_XSS RELAXED;
		brieflist = 1;
		ATTR OPTION "image-type" "image type" 1912 {
			brieflist = 1;
			CHOICES {
				gif == 1 ::: "GIF image";
				jpg == 2 ::: "JPEG image";
				tiff == 3 ::: "TIFF image";
				png == 4 ::: "PNG image";
			}
			defaultval = gif;
		}
		ATTR STRING "image-base64" "image data" 1913 {
			brieflist = 1;
			parseflag = "must";
		}
	}
}

DOMAIN TABLE "system replacemsg" "replacement messages for web protection" 1960 {
	TABLENAME STRING "name" "template name" 1961 {
		VALIDATE NO_XSS RELAXED;
		brieflist = 1;

		# ONLY 11 pages so far
		TABLE "page-list" "page list" 1962 {
			TABLENAME STRING "name" "page name" 1963 {
				VALIDATE NO_XSS RELAXED;
				brieflist = 1;

				ATTR INT "code" "HTTP return code" 1964 {
					defaultval = 500;
					brieflist = 1;
					VALIDATE RANGE 100:599;
				}

				ATTR OPTION "group" "group" 1965 {
					brieflist = 1;
					CHOICES {
						alert == 1 ::: "alert type message";
						site-publish == 2 ::: "site publish message";
						captcha == 4 ::: "captcha message";
					}
					defaultval = alert;
 	 	 		}

				ATTR STRING "msg" "message string" 1966 {
					brieflist = 1;
				}
 	 		}
		}
	}
}


GLOBAL COMPLEX "system fortigate-integration" "system fortigate integration config" 1920 {
        ATTR IPADDR "address" "Fortigate IP address" 1921 {
                defaultval = "0.0.0.0";
                ipversion = 4;
                subnet_type = host;
                brieflist = 1;
        }
        ATTR INT "port" "Fortigate server port" 1922 {
                defaultval = 80;
                VALIDATE RANGE 1:65535;
        }
        ATTR OPTION "protocol" "server protocol" 1923 {
                CHOICES {
                        HTTP == 1 ::: "HTTP connection";
                        HTTPS == 2 ::: "HTTPS connection";
                }
                brieflist = 1;
                defaultval = HTTP;
        }
        ATTR STRING "username" "admin username" 1924 {
                VALIDATE NO_XSS RELAXED;
        }
        ATTR PASSWD "password" "admin user password" 1925 {
        }
        ATTR INT "schedule-frequency" "schedule frequency (every XX hours)" 1926 {
                defaultval = 1;
                VALIDATE RANGE 1:5;
        }
        ATTR OPTION_EN "flag" "enable/disable fortigate integration" 1927 {
                defaultval = disable;
                brieflist = 1;
        }
}


DOMAIN COMPLEX "system fortisandbox-statistics" "fortisandbox statistics" 1940 {
	parseflag = "hidden";
	ha_not_sync = 2;
	ATTR INT "detected" "detected virus number" 1941 {
		defaultval = 0;
		brieflist = 1;
	    ha_not_sync = 2;
	}

	ATTR INT "clean" "clean file number" 1942 {
		defaultval = 0;
		brieflist = 1;
	    ha_not_sync = 2;
	}

	ATTR INT "risk-low" "low risk file number" 1943 {
		defaultval = 0;
		brieflist = 1;
	    ha_not_sync = 2;
	}

	ATTR INT "risk-medium" "medium risk file number" 1944 {
		defaultval = 0;
		brieflist = 1;
	    ha_not_sync = 2;
	}

	ATTR INT "risk-high" "high risk file number" 1945 {
		defaultval = 0;
		brieflist = 1;
	    ha_not_sync = 2;
	}
}

GLOBAL TABLE "router static" "static route configuration" 3000 {
	TABLENAME INT "<No.>" "The number of the route.(0~65535)" 3001 {
		parseflag = @{all=null;FWB_DOCKER=readonly};
		VALIDATE RANGE 0:65535;
		ATTR IPADDR_MASK "dst" "Destination(IPv4/IPv6) for this route" 3002 {
			#defaultval="0.0.0.0";
			brieflist = 1;
			subnet_type = network; # by default is network ip
		}
		ATTR IPADDR "gateway" "Gateway(IPv4/IPv6) for this route" 3003 {
			defaultval="0.0.0.0";
			brieflist = 1;
		}
		ATTR DATASOURCE "device" "Gateway out interface device" 3004 {
			datasource = "440";
		}
	}
}

GLOBAL TABLE "system tcpdump" "packets capture" 2725 {
#not_sync_config = 1;
	TABLENAME INT "<No.>" "The number of the filter" 2726 {
		VALIDATE RANGE 0:65535;
		ATTR DATASOURCE "interface" "interface name of the filter" 2727 {
				datasource = "440,600";
				brieflist = 1;
		}
		ATTR STRING "filter" "tcpdump  filter expression" 2728{
				briefilst = 1 ;
		}
		ATTR INT "max-packet-count" "Maximum Packets Count" 2729 {
				VALIDATE RANGE 1:100000;
				defaultval = 4000;
				brieflist = 1;
		}
	}
}
GLOBAL TABLE "router policy" "policy route configuration" 3030 {
	parseflag = @{all=null;FWB_DOCKER=skip};
	TABLENAME INT "<No.>" "The id of the route.(0~65535)" 3031 {
		VALIDATE RANGE 0:65535;
		ATTR IPADDR_MASK "src" "Source(IPv4/IPv6) for this route" 3032 {
			#defaultval="0.0.0.0";
			brieflist = 1;
			subnet_type = network; # by default is network ip
		}
		ATTR IPADDR_MASK "dst" "Destination(IPv4/IPv6) for this route" 3033 {
			#defaultval="0.0.0.0";
			brieflist = 1;
			subnet_type = network; # by default is network ip
		}
		ATTR IPADDR "gateway" "Gateway(IPv4/IPv6) for this route" 3034 {
			defaultval="0.0.0.0";
			brieflist = 1;
		}
		ATTR DATASOURCE "iif" "Gateway in interface device" 3035 {
			datasource = "440";
		}
		ATTR DATASOURCE "oif" "Gateway out interface device" 3036 {
			datasource = "440";
		}
		ATTR INT "priority" "Priority for this route" 3037 {
			VALIDATE RANGE 1:200;
			defaultval = 200;
			brieflist = 1;
		}
	}
}

GLOBAL COMPLEX "router setting" "route table setting" 3050 {
	parseflag = @{all=null;FWB_DOCKER=skip};
        ATTR OPTION_EN "ip-forward" "enable/disable ip v4 forward" 3051 {
                defaultval = disable;
                brieflist = 1;
        }
        ATTR OPTION_EN "ip6-forward" "enable/disable ip v6 forward" 3052 {
                defaultval = disable;
                brieflist = 1;
        }
}
GLOBAL COMPLEX "system hsm info" "hsm register config" 9330 {
	ha_not_sync = 2 ;
        condition = 9431:EQ:1;
	ATTR OPTION_EN "register-status" "status: enable/disable" 9331 {
		defaultval = disable;
		brieflist = 1;
	}
	ATTR IPADDR "ip" "server ip" 9332{
		brieflist = 1 ;
                #condition = 9331:EQ:1;
	}
	ATTR INT "port" "server port" 9333{
		brieflist = 1 ;
	        defaultval = 1792 ;
                #condition = 9331:EQ:1;
	}	
	ATTR STRING "filename" "cert filename" 9334{
		briefilst = 1 ;
                #condition = 9331:EQ:1;
	}
	ATTR INT "timeout" "timeout" 9335{
		brieflist = 1 ;
	        defaultval = 20000 ;
                #condition = 9331:EQ:1;
		VALIDATE RANGE 5000:20000;
	}	
        ATTR STRING "serv_cert_content" "serv cert content" 9336{
                briefilst = 1 ;
        }       
        ATTR STRING "cli_cert_name" "cli cert filename" 9337{
                briefilst = 1 ;
        }
        ATTR STRING "cli_cert_content" "cli cert content" 9338{
                briefilst = 1 ;
        }
        ATTR STRING "cli_key_name" "cli key name" 9339{
                briefilst = 1 ;
        }
        ATTR STRING "cli_key_content" "cli key content" 9340{
                briefilst = 1 ;
        }
}

#DOMAIN TABLE "system default_rptlang" "default report language option" 210 {
#        parseflag = "hidden";
#        TABLENAME STRING "name" "name" 211 {
#                VALIDATE NO_XSS RELAXED;
#                brieflist = 1;
#        }
#}

GLOBAL TABLE "log custom-sensitive-rule" "log custom-sensitive-rule" 2010 {
	TABLENAME STRING "id" "id" 2011 {
		VALIDATE NO_XSS RELAXED;
		ATTR OPTION "type" "expression type" 2012 {
			CHOICES {
				general-mask-rule == 0;
				field-mask-rule == 1;
			}
			defaultval = general-mask-rule;
		}
		ATTR STRING "expression" "general expression" 2013 {
		}
		ATTR STRING "field-name" "field name expression" 2014 {
		}
		ATTR STRING "field-value" "field value expression" 2015 {
		}
	}
}

GLOBAL TABLE "log syslog-policy" "syslog policy" 2020 {
	TABLENAME STRING "name" "syslog policy name" 2021 {
		VALIDATE NO_XSS RELAXED;
		TABLE "syslog-server-list" "syslog server list" 2025 {
			parseflag = "movable";
			TABLENAME INT "<No.>" "name of syslog server list " 2026{
				ATTR IPADDR "server" "server IP address" 2022 {
					defaultval = "0.0.0.0";
					ipversion = 4;
					subnet_type = host;
					brieflist = 1;
				}
				ATTR INT "port" "server port" 2023 {
					defaultval = 514;
					VALIDATE RANGE 1:65535;
				}
				ATTR OPTION_EN "csv" "csv setting" 2024 {
					defaultval = disable;
				}
				ATTR OPTION_EN "tls" "tls setting" 2027 {
					defaultval = disable;
				}
			}
		
		}
	}
}

GLOBAL TABLE "log siem-policy" "siem policy" 2060 {
	TABLENAME STRING "name" "siem policy name" 2061 {
		VALIDATE NO_XSS RELAXED;
		TABLE "siem-server-list" "siem server list" 2065 {
			parseflag = "movable";
			TABLENAME INT "<No.>" "name of siem server list " 2066{
				ATTR OPTION "type" "siem format" 2064 {
					brieflist = 1;
					CHOICES {
						arcsight-cef == 0;
						azure-cef == 1;
						qradar-leef == 2; # IBM QRadar LEEF
					}
					defaultval = arcsight-cef;
				}
				ATTR IPADDR "server" "server IP address" 2062 {
					defaultval = "0.0.0.0";
					ipversion = 4;
					subnet_type = host;
					brieflist = 1;
					condition = 2064:NE:1;
				}
				ATTR INT "port" "server port" 2063 {
					defaultval = 514;
					VALIDATE RANGE 1:65535;
					condition = 2064:NE:1;
				}
			}
		}
	}
}

GLOBAL TABLE "log ftp-policy" "ftp policy" 2070 {
        TABLENAME STRING "name" "ftp policy name" 2071 {
                VALIDATE NO_XSS RELAXED;

                ATTR STRING "server" "ftp/tftp server" 2072 {
                        VALIDATE HOSTNAME RELAXED;
                        brieflist = 1;
                        parseflag = "must";
                }

                ATTR OPTION "type" "type" 2074 {
                        CHOICES {
                                ftp == 0  ::: "ftp backup";
                                tftp == 1  ::: "tftp backup";
                        }
                        brieflist = 1;
                        defaultval = ftp;
                }


                ATTR OPTION_EN "ftp-auth" "ftp auth" 2073 {
                        defaultval = disable;
                        brieflist = 1;
                }

                ATTR STRING "ftp-user" "ftp user" 2075 {
                        VALIDATE NO_XSS RELAXED;
                        brieflist = 1;
#                       parseflag = "must";
#                       condition = 818:eq:1;
                }
                ATTR PASSWD "ftp-passwd" "ftp passwd" 2076 {
                        brieflist = 1;
#                       parseflag = "must";
#                       condition = 818:eq:1;
                }

                ATTR STRING "ftp-dir" "ftp dir" 2077 {
                        brieflist = 1;
                        VALIDATE NO_XSS RELAXED;
                }
        }
}

GLOBAL COMPLEX "log attack-log" "attack log" 2120 {
	ATTR OPTION_EN "status" "enable/disable" 2121 {
		defaultval = enable;
	}
	ATTR OPTION "packet-log" "packet log setting" 2122 {
		multi_opt = 1;
		brieflist = 1;
		CHOICES {
			parameter-rule-failed == 1: SET;
			hidden-fields-failed == 64: SET;
			http-protocol-constraints == 512: SET;
			signature-detection == 2048: SET;
			custom-protection-rule == 4096: SET;
			anti-virus-detection == 8192: SET;
			custom-access == 16384: SET;
			cors-protection == 32768: SET;
			ip-intelligence == 65536: SET;
			illegal-file-type == 131072: SET;
			cookie-security == 262144: SET;
			padding-oracle == 524288: SET;
			fsa-detection == 1048576: SET; 
			json-protection == 2097152: SET;
			trojan-detection == 4194304: SET;
			illegal-filesize == 8388608: SET;
			csrf-detection == 16777216: SET;
			user-tracking-detection == 33554432: SET;
			account-lockout-detection == 67108864: SET;
			credential-db-detection == 134217728: SET;
			xml-protection == 268435456: SET;
			machine-learning == 536870912: SET;
			openapi-validation == 1073741824: SET;
			websocket-security == 2147483648: SET;
			mobile-api-protection == 4294967296: SET;
		}		
	}
	ATTR OPTION_EN "http-parse-error-output" "enable/disable" 2123 {
		brieflist = 1;
		defaultval = disable;
	}
	ATTR OPTION_EN "http2-parse-error-output" "enable/disable" 2125 {
		brieflist = 1;
		defaultval = enable;
	} 
	ATTR OPTION_EN "no-ssl-error" "enable/disable" 2124 {
		brieflist = 1;
		defaultval = enable;
	}
}

GLOBAL COMPLEX "log traffic-log" "traffic log" 2130 {
	ATTR OPTION_EN "status" "enable/disable" 2131 {
		defaultval = disable;
	}
	ATTR OPTION_EN "packet-log" "enable/disable" 2132 {
		defaultval = disable;
	} 
	ATTR OPTION_EN "message-event" "enable/disable" 2134 {
		defaultval = disable;
	}
}

GLOBAL COMPLEX "log disk" "log disk configuration" 2100 {
	ATTR OPTION_EN "status" "enable/disable " 2101 {
		defaultval = enable;
	}
	ATTR OPTION "severity" "log level " 2102 {
		brieflist = 1;
		CHOICES {
			emergency == 0;
			alert == 1;
			critical == 2;
			error == 3;
			warning == 4;
			notification == 5;
			information == 6;
			debug == 7;
		}
		defaultval = information;
	}
	ATTR OPTION "diskfull" "when disk is full How to deal" 2103 {
		brieflist = 1;
		CHOICES {
			#nolog == 0;
			overwrite == 1;
		}
		defaultval = overwrite;
	}
	ATTR INT "log-used-disk" "log used disk size(GB) for container platform" 2104 {
		parseflag = @{all=skip;FWB_DOCKER=null};
		VALIDATE RANGE 10:500;
		brieflist = 1;
		defaultval = 10;
	}
}

GLOBAL TABLE "log email-policy" "log email policy configuration" 2030 {
        TABLENAME STRING "name" "email policy name" 2031 {
                VALIDATE NO_XSS RELAXED;
                ATTR STRING "mailfrom" "mail address from" 2032 {
                        VALIDATE EMAIL_ADDRESS RELAXED;
                }
                ATTR STRING "mailto1" "set destination email address 1" 2033 {
                        VALIDATE EMAIL_ADDRESS RELAXED;
                }
                ATTR STRING "mailto2" "set destination email address 2" 2034 {
                        VALIDATE EMAIL_ADDRESS RELAXED;
		}
		ATTR STRING "mailto3" "set destination email address 3" 2035 {
			VALIDATE EMAIL_ADDRESS RELAXED;
		}
		ATTR STRING "smtp-server" "smtp server" 2036 {
			VALIDATE URL RELAXED;
		}
		ATTR OPTION_EN "smtp-auth" "enable/disable smtp auth" 2037 {
			defaultval = disable;
		}
		ATTR STRING "smtp-username" "smtp username" 2038 {
			VALIDATE NO_XSS RELAXED;
		}
		ATTR PASSWD "smtp-password" "smtp password" 2039 {
			VALIDATE NO_XSS RELAXED;
		}
                ATTR OPTION "severity" "log level " 2040 {
                        brieflist = 1;
                        CHOICES {
                                emergency == 0;
                                alert == 1;
                                critical == 2;
                                error == 3;
                                warning == 4;
                                notification == 5;
                                information == 6;
                                debug == 7;
                        }
                        defaultval = emergency;
                }
                ATTR INT "interval" "interval" 2041 {
                        VALIDATE RANGE 1:525600;
                        defaultval = 1;
                }
		ATTR OPTION_EN "attach-compression" "enable/disable attachment compression" 2042 {
			defaultval = disable;
		}
		ATTR OPTION_EN "send-email-based-on-interval-time" "enable/disable send email based on interval time" 2044 {
			defaultval = disable;
		}
                ATTR INT "smtp-port" "smtp port" 2049 {
                        VALIDATE RANGE 1:65535;
                        brieflist = 1;
                        defaultval = 25;
                }
                ATTR OPTION "connection-security" "connection security" 2050 {
                        brieflist = 1;
                        CHOICES {
                                NONE == 0;
                                STARTTLS == 1;
                                SSL/TLS == 2;
                        }
                        defaultval = NONE;
                }
		ATTR STRING "company-name" "company name" 2051 {
			VALIDATE NO_XSS RELAXED;
		}

		ATTR STRING "company-logo" "company logo" 2052 {
			VALIDATE NO_XSS RELAXED;
		}
        }
}

GLOBAL COMPLEX "log alertmail" "alert mail configuration" 2160 {
        ATTR OPTION_EN "status" "enable/disable" 2161 {
                defaultval = disable;
        }
        ATTR DATASOURCE "email-policy" "email policy" 2162 {
                brieflist = 1;
                datasource = "2030";
        }
}

DOMAIN TABLE "waf allow-method-exceptions" "allow method exceptions configuration" 5550 {
	TABLENAME STRING "name" "allow method exceptions name" 5551 {
		VALIDATE NO_XSS RELAXED;
		brieflist = 1;
		TABLE "allow-method-exception-list" "allow method exception list" 5552 {
			TABLENAME INT "<No.>" "The number of the allow method exception " 5553 {
				ATTR STRING "host" "host address" 5554 {
					VALIDATE NO_XSS RELAXED;
					brieflist = 1;
				}
				ATTR STRING "request-file" "request file " 5555 {
					brieflist = 1;
				}
				ATTR OPTION_EN "host-status" "host status " 5556 {
					brieflist = 1;
				}
				ATTR OPTION "request-type" "request type " 5557 {
					brieflist = 1;
					CHOICES {
						plain == 0;
						regular == 1;
					}
					defaultval = plain;
				}
				ATTR OPTION "allow-request" "allow request " 5558 {
					brieflist = 1;
					multi_opt = 1;
					CHOICES {
						get == 1:SET;
						post == 2:SET;
						head == 4:SET;
						options == 8:SET;
						trace == 16:SET;
						connect == 32:SET;
						delete == 64:SET;
						put == 128:SET;
						patch == 256:SET;
						webdav  == 512: SET;
						rpc == 1024: SET;
						others == 2147483648:SET;
					}
				}
			}

		}
		ATTR INT "flag" "flag" 5559 {
			parseflag = "hidden,readonly";
		}
	}
}

GLOBAL TABLE "log fortianalyzer-policy" "log fortianalyzer-policy" 2080 {
	TABLENAME STRING "name" "name" 2081 {
		VALIDATE NO_XSS RELAXED;
		TABLE "fortianalyzer-server-list" "fortianalyzer server list" 2082 {
			parseflag = "movable";
			TABLENAME INT "<No.>" "name of syslog server list " 2083{
				ATTR IPADDR "ip-address" "ip address" 2084 {
					ipversion = 4;
#subnet_type = host;
					brieflist = 1;
				}
			}
		}
	}
}

GLOBAL TABLE "log trigger-policy" "log trigger-policy" 2090 {
	TABLENAME STRING "name" "name" 2091 {
		VALIDATE NO_XSS RELAXED;
		ATTR DATASOURCE "email-policy" "Email Policy" 2092 {
			datasource = "2030";
			brieflist = 1;
		}
		ATTR DATASOURCE "syslog-policy" "Syslog Policy" 2093 {
			datasource = "2020";
			brieflist = 1;
		}
		ATTR DATASOURCE "analyzer-policy" "Fortianalyzer Policy" 2094 {
			datasource = "2080";
			brieflist = 1;
		}
		ATTR DATASOURCE "siem-policy" "Siem Policy" 2095 {
			datasource = "2060";
			brieflist = 1;
		}
	}
}

GLOBAL COMPLEX "log event-log" "Event LOG" 2140 {
	ATTR OPTION_EN "status" "enable/disable" 2141 {
		defaultval = enable;
	}
#	ATTR OPTION "threshold" "" 2142 {		
#		CHOICES {
#			50% == 50;
#			60% == 60;
#			70% == 70;
#			80% == 80;
#			90% == 90;
#		}
#		defaultval = 50%;
#	} 
	ATTR INT "cpu-high" "cpu usage alert threshold (60-99)" 2143 {
		parseflag = @{all=null;FWB_DOCKER=skip};
		VALIDATE RANGE 60:99;
		defaultval = 60;
	}
	ATTR INT "mem-high" "mem usage alert threshold (60-99)" 2144 {
		parseflag = @{all=null;FWB_DOCKER=skip};
		VALIDATE RANGE 60:99;
		defaultval = 60;
	}
	ATTR DATASOURCE "trigger-policy" "Trigger Policy" 2145 {
		datasource = "2090";
		brieflist = 1;
	}
	ATTR INT "logdisk-high" "log disk usage alert threshold (60-99)" 2146 {
		VALIDATE RANGE 60:99;
		defaultval = 60;
	}
}

GLOBAL COMPLEX "log forti-analyzer" "log analyzer" 2170 {
	ATTR OPTION_EN "status" "enable/disable" 2171 {
		defaultval = disable;
	}
	ATTR OPTION "severity" "log level " 2172 {
		brieflist = 1;
		CHOICES {
			emergency == 0;
			alert == 1;
			critical == 2;
			error == 3;
			warning == 4;
			notification == 5;
			information == 6;
			debug == 7;
		}
		defaultval = information;
	}
	ATTR DATASOURCE "fortianalyzer-policy" "Fortianalyzer Policy" 2173 {
		datasource = "2080";
		brieflist = 1;
	}
}

GLOBAL COMPLEX "log siem-message-policy" "log siem message policy" 2240 {
	ATTR OPTION_EN "status" "enable/disable" 2241 {
		defaultval = disable;
	}
	ATTR OPTION "severity" "log level " 2242 {
		brieflist = 1;
		CHOICES {
			emergency == 0;
			alert == 1;
			critical == 2;
			error == 3;
			warning == 4;
			notification == 5;
			information == 6;
			debug == 7;
		}
		defaultval = information;
	}
	ATTR DATASOURCE "siem-policy" "siem Policy" 2243 {
		datasource = "2060";
		brieflist = 1;
	}
}

#DOMAIN TABLE "server-policy dserver" "domain server" 4020 {
#	TABLENAME STRING "name" "domain server name" 4021 {
#		VALIDATE NO_XSS RELAXED;		
#		ATTR STRING "domain" "server domain" 4022 {
#				VALIDATE ISDOMAIN RELAXED;
#                               brieflist = 1;
#				parseflag = "must";
#               }
#		ATTR OPTION_EN "status" "enable/disable" 4023 {
#				defaultval = enable;
#		}
#		ATTR OPTION "type" "ip address type" 4024 {
#				brieflist = 1;
#				CHOICES {
#					IPv4 == 2;
#					IPv6 == 10;
#				}
#				defaultval = IPv4;
#		}
#	}
#}

DOMAIN TABLE "server-policy service custom" "custom" 4030 {
	TABLENAME STRING "name" "service name" 4031 {
		VALIDATE NO_XSS RELAXED;		
		ATTR INT "port" "service port <1, 65535>" 4032 {
			VALIDATE RANGE 1:65535;
			parseflag = "must";
			brieflist = 1;
		}
		ATTR OPTION "protocol" "protocol" 4033 {
				CHOICES {
					TCP == 1 ::: "tcp protocol";
				}
				brieflist = 1;
				defaultval = TCP;
			}
	}
}

DOMAIN TABLE "server-policy service predefined" "predefined" 4040 {
	TABLENAME STRING "name" "service name" 4041 {
		VALIDATE NO_XSS RELAXED;		
		ATTR INT "port" "service port <1, 65535>" 4042 {
			VALIDATE RANGE 1:65535;
			brieflist = 1;
			defaultval = 80;
		}
		ATTR OPTION "protocol" "protocol" 4043 {
				CHOICES {
					TCP == 1 ::: "tcp protocol";
					UDP == 2 ::: "udp protocol";
				}
				brieflist = 1;
				defaultval = TCP;
			}
	}
}

GLOBAL TABLE "system firewall address" "firewall address" 7000 {
	parseflag = @{all=null;FWB_DOCKER=skip};
	condition = 491:eq:2;
	condition = 491:eq:1;
	condition = 491:eq:8;
	TABLENAME STRING "name" "name" 7001 {
		VALIDATE NO_XSS RELAXED;
		ATTR OPTION "type" "type" 7002 {
                        CHOICES {
                                ip-netmask == 1;
                                ip-range == 2;
                        }
			brieflist = 1;
                        defaultval = ip-range;
                }
                ATTR IPADDR_MASK "ip-netmask" "IP/netmask" 7003 {
                        condition = 7002:EQ:1;
                        ipversion = 4;
                        subnet_type = network;
			brieflist = 1;
                        defaultval = "0.0.0.0/0";
                }
		ATTR USER "ip-address-value" "ip address value" 7004 {
			brieflist = 1;
                        condition = 7002:EQ:2;
			parseflag = "must";
		}
	}
}

GLOBAL TABLE "system firewall service" "firewall service" 7013 {
	parseflag = @{all=null;FWB_DOCKER=skip};
	condition = 491:eq:2;
	condition = 491:eq:1;
	condition = 491:eq:8;
	TABLENAME STRING "name" "name" 7014 {
		VALIDATE NO_XSS RELAXED;
		ATTR OPTION "protocol" "protocol number" 7015 {
			CHOICES {
				TCP == 1 ::: "tcp protocol";
				UDP == 2 ::: "udp protocol";
				ICMP == 3 ::: "icmp protocol";
			}
			brieflist = 1;
			defaultval = TCP;
                }
                ATTR INT "source-port-min" "source port min" 7016 {
			condition = 7015:eq:1;
			condition = 7015:eq:2;
                        VALIDATE RANGE 0:65535;
			brieflist = 1;
                        defaultval = 0;
                }
                ATTR INT "source-port-max" "source port max" 7017 {
			condition = 7015:eq:1;
			condition = 7015:eq:2;
                        VALIDATE RANGE 0:65535;
			brieflist = 1;
                        defaultval = 65535;
                }
                ATTR INT "destination-port-min" "destination port min" 7018 {
			condition = 7015:eq:1;
			condition = 7015:eq:2;
                        VALIDATE RANGE 0:65535;
			brieflist = 1;
                        defaultval = 0;
                }
                ATTR INT "destination-port-max" "destination port max" 7019 {
			condition = 7015:eq:1;
			condition = 7015:eq:2;
                        VALIDATE RANGE 0:65535;
			brieflist = 1;
                        defaultval = 65535;
                }
	}
}

GLOBAL COMPLEX "system firewall firewall-policy" "network firewall-policy" 7030 {
		parseflag = @{all=null;FWB_DOCKER=skip};
		condition = 491:eq:2;
		condition = 491:eq:1;
		condition = 491:eq:8;
		ATTR OPTION "default-action" "default action" 7031 {
			CHOICES {
				deny == 1;
				accept == 2;
			}
			brieflist = 1;
			defaultval = accept;
		}
		TABLE "firewall-policy-match-list" "firewall policy match list" 7032 {
			parseflag = "movable";
			TABLENAME INT "<No.>" "name of firewall policy list " 7033 {
				VALIDATE RANGE 0:65535;	
				ATTR OPTION_EN "vzone-enable" "enable/disable" 7028 {
					condition = 491:eq:1;
					condition = 491:eq:8;
					defaultval = disable;
					brieflist = 1;
				}
				ATTR DATASOURCE "vzone" "vzone" 7029 {
					condition = 7028:EQ:1;
					datasource = "600";
					brieflist = 1;
					parseflag = "must";
				}
				ATTR DATASOURCE "in-interface" "in interface" 7034 {
					condition = 7028:EQ:0;
					datasource = "440";
					brieflist = 1;
				}				
				ATTR DATASOURCE "out-interface" "out interface" 7035 {
					condition = 7028:EQ:0;
					datasource = "440";
					brieflist = 1;
				}			
				ATTR DATASOURCE "src-address" "source address" 7036 {
					datasource = "7000";
					brieflist = 1;
				}			
				ATTR DATASOURCE "dest-address" "destination address" 7037 {
					datasource = "7000";
					brieflist = 1;
				}		
				ATTR DATASOURCE "service" "service " 7038 {
					datasource = "7013";
					brieflist = 1;
				}
				ATTR OPTION "action" "action type" 7039 {
					CHOICES {
						deny == 1;
						accept == 2;
					}
					brieflist = 1;
					defaultval = deny;
				}		
			}
		}
}

GLOBAL TABLE "system firewall snat-policy" "firewall snat policy" 7020 {
	parseflag = @{all=movable;FWB_DOCKER=skip};
	condition = 491:eq:2;
	condition = 491:eq:1;
	condition = 491:eq:8;
	TABLENAME STRING "name" "name" 7021 {
		VALIDATE NO_XSS RELAXED;
		ATTR IPADDR_MASK "from" "Source network" 7022 {
			defaultval="0.0.0.0/0";
			brieflist = 1;
			subnet_type = network; # by default is network ip
		}
		ATTR IPADDR_MASK "to" "Destination network" 7023 {
			defaultval="0.0.0.0/0";
			brieflist = 1;
			subnet_type = network; # by default is network ip
		}
		ATTR DATASOURCE "out-interface" "Output interface name" 7024 {
			datasource = "440";
			parseflag = "must";
		}
		ATTR OPTION "trans-to-type" "Trans to type ip or ip pool" 7025 {
			CHOICES {
				ip      == 0;
				pool == 1;
			}
			defaultval = ip;
		}
		ATTR IPADDR "trans-to-ip" "Trans-to ip"  7026 {
			condition = 7025:eq:0;
			ipversion = 4;
			subnet_type = host;
			defaultval = "0.0.0.0";
		}
		ATTR IPADDR "trans-to-ip-start" "Trans-to-pool ip min" 7027 {
			condition = 7025:eq:1;
			ipversion = 4;
			subnet_type = host;
			defaultval = "0.0.0.0";
		}
		ATTR IPADDR "trans-to-ip-end" "Trans-to-pool ip max" 7005 {
			condition = 7025:eq:1;
			ipversion = 4;
			subnet_type = host;
			defaultval = "0.0.0.0";
		}	
	}
}

DOMAIN TABLE "server-policy pattern custom-data-type" "custom data type" 4080 {
	TABLENAME STRING "name" "name" 4081 {
		VALIDATE NO_XSS RELAXED;
		ATTR STRING "expression" "expression" 4082 {
			parseflag = "must";
		}
	}
}


DOMAIN TABLE "waf url-access url-access-rule" "waf url access rule" 5590 {
	TABLENAME STRING "name" "name" 5591 {		
		VALIDATE NO_XSS RELAXED;
		ATTR OPTION_EN "host-status" "enable/disable" 5592 {
			defaultval = disable;
		}
		ATTR STRING "host" "host" 5593 {
			VALIDATE NO_XSS RELAXED;
		}
		ATTR OPTION "action" "action" 5594 {
			CHOICES {
				pass == 1 ::: "pass";
				alert_deny == 2 ::: "alert_deny";
				continue == 3 ::: "continue";
				deny_no_log == 4 ::: "deny without log";
			}
			defaultval = pass;
		}
		ATTR OPTION "severity" "severity:High, Medium, Low or Informative" 5595 {
			CHOICES {
				High == 1 ::: "High";
				Medium == 2 ::: "Medium";
				Low == 3 ::: "Low";
				Info == 4 ::: "Informative";
			}
			brieflist = 1;
			defaultval = Low;
		}
		ATTR DATASOURCE "trigger" "trigger" 5596 {
			datasource = "2090";
		}
		TABLE "match-condition" "match condition" 5597 {
			TABLENAME INT "id" "id" 5598 {
				ATTR STRING "reg-exp" "regular-express" 5599 {
					parseflag = "must";
				}
				ATTR OPTION "type" "type" 5600 {
					CHOICES {
						simple-string == 1 ::: "simple-string";
						regex-expression == 2 ::: "regex-expression";
					}
					defaultval = simple-string;
				}
				ATTR OPTION "reverse-match" "reverse-match" 5601 {
					CHOICES {
						yes == 1 ::: "unmatch this condition";
						no == 0 ::: "match this condition";
					}
					defaultval = no;
				}
				ATTR OPTION_EN "sip-address-check" "sip-address-check" 5602 {
					CHOICES {
						disable == 0 ::: "sip address check disable";
						enable == 1 ::: "sip address check enable";
					}
					defaultval = disable;
				}
				ATTR OPTION "sip-address-type" "sip-address-type" 5603 {
					CHOICES {
						sip == 0 ::: "sip";
						sdomain == 1 ::: "sdomain";
						source-domain == 2 ::: "source domain";
					}
					defaultval = sip;
					condition = 5602:eq:1;
				}
				#add by wy
				#ATTR IPADDR "sip-address-value" "source ip address value" 5604 {
				ATTR USER "sip-address-value" "source ip address value" 5604 {
					condition = 5603:EQ:0;
					condition = 5602:EQ:1;
				}
				ATTR STRING "sip-address-domain" "source ip address domain" 5605 {
					condition = 5603:EQ:1;
					condition = 5602:EQ:1;
				}
				ATTR OPTION "sdomain-type" "sdomain-type" 5606 {
					CHOICES {
						ipv4 == 2 ::: "IPv4";
						ipv6 == 10 ::: "IPv6";
					}
					defaultval = ipv4;
					condition = 5602:eq:1;
				}
				ATTR STRING "source-domain" "source domain" 5607 {
					condition = 5603:EQ:2;
					condition = 5602:EQ:1;
				}
				ATTR OPTION "source-domain-type" "type" 5608 {
					CHOICES {
						simple-string == 1 ::: "simple-string";
						regex-expression == 2 ::: "regex-expression";
					}
					defaultval = simple-string;
				}
			}
		}
	}
}

DOMAIN TABLE "waf url-access url-access-policy" "waf url access policy" 5640 {
	TABLENAME STRING "name" "name" 5641 {		
		VALIDATE NO_XSS RELAXED;
		TABLE "rule" "rules" 5642 {
			parseflag = "movable";
			TABLENAME INT "id" "id" 5643 {
				ATTR DATASOURCE "url-access-rule-name" "url-access-rule-name" 5645 {
					datasource = "5590";
				}
			}
		}
	}
}

DOMAIN TABLE "waf exclude-url" "waf exclude url" 5000 {
	TABLENAME STRING "name" "name" 5001 {
		VALIDATE NO_XSS RELAXED;
		parseflag = "keeporder";
		TABLE "exclude-rules" "exclude url rule list" 5002 {
			TABLENAME INT "id" "id" 5003 {
				ATTR STRING "host" "host" 5004 {
					VALIDATE NO_XSS RELAXED;
					brieflist = 1;
					parseflag = "keeporder";
				}
				ATTR OPTION_EN "host-status" "host status" 5005 {
					brieflist = 1;
					parseflag = "keeporder";
					defaultval = disable;
				}
				ATTR STRING "request-file" "request file" 5006 {
					VALIDATE NO_XSS RELAXED;
					brieflist = 1;
					parseflag = "keeporder";
				}
			}
		}
	}
}

DOMAIN TABLE "waf file-compress-rule" "waf file compress rule" 5040 {
        TABLENAME STRING "name" "name" 5041 {
                VALIDATE NO_XSS RELAXED;
                ATTR OPTION "compression-type" "Compression Type" 5046 {
                        CHOICES {
                                gzip == 1 ::: "Gzip";
                                brotli == 2 ::: "Brotli";
                        }
                        defaultval = gzip;
                }

                ATTR OPTION "compression-level" "Compression Level" 5047 {
                        CHOICES {
                                level1 == 1 ::: "Level1";
                                level2 == 2 ::: "Level2";
                                level3 == 3 ::: "Level3";
                                level4 == 4 ::: "Level4";
                                level5 == 5 ::: "Level5";
                                level6 == 6 ::: "Level6";
                                level7 == 7 ::: "Level7";
                                level8 == 8 ::: "Level8";
                                level9 == 9 ::: "Level9";
                                level10 == 10 ::: "Level10";
                                level11 == 11 ::: "Level11";
                        }
                        defaultval = level11;
                }                
		ATTR DATASOURCE "exclude-url" "exclude url" 5042 {
                        brieflist = 1;
                        datasource = "5000";
                }
                TABLE "content-types" "content types list" 5043 {
                        TABLENAME INT "id" "id" 5044 {
                                ATTR OPTION "content-type" "content type" 5045{
                                        CHOICES {
                                                text/plain == 7 ::: "text/plain";
                                                text/html == 5 ::: "text/html";
                                                application/xml(or)text/xml == 3 ::: "application/xml or text/xml";
                                                application/soap+xml == 2 ::: "application/soap+xml";
                                                application/x-javascript == 10 ::: "application/x-javascript";
                                                text/css == 9 ::: "text/css";
                                                application/javascript == 12 ::: "application/javascript";
                                                text/javascript == 13 ::: "text/javascript";
                                                application/json == 18 ::: "application/json";
                                                application/rss+xml == 15 ::: "application/rss+xml";
                                        }
                                        brieflist = 1;
                                }
			}
		}
	}
}

DOMAIN TABLE "waf http-request-flood-prevention-rule" "http request flood prevention rule" 5100 {
	TABLENAME STRING "name" "name" 5101 {
		VALIDATE NO_XSS RELAXED;
		brieflist = 1;
		ATTR INT "access-limit-in-http-session" "access-limit-in-http-session(0~4096)" 5102 {
			VALIDATE RANGE 0:4096;
		}
		ATTR OPTION "action" "action" 5103 {
			CHOICES {
				alert == 2 ::: "alert";
				deny_no_log == 4 ::: "deny without log";
				alert_deny == 6 ::: "deny connection and alert";
				block-period == 11 ::: "block period";
			}
			defaultval = alert;
		}
		ATTR INT "block-period" "action block period(1-10000)" 5104 {
			VALIDATE RANGE 1:10000;
			defaultval = 60;
			condition = 5103:eq:11;
		}
		ATTR OPTION "severity" "severity:High, Medium, Low or Informative" 5105 {
			CHOICES {
				High == 1 ::: "High";
				Medium == 2 ::: "Medium";
				Low == 3 ::: "Low";
				Info == 4 ::: "Informative";
			}
			brieflist = 1;
			defaultval = High;	
		}
		ATTR DATASOURCE "trigger-policy" "trigger-policy" 5106 {
			datasource = "2090";
		}
		ATTR OPTION "bot-recognition" "Bot Recognition" 5107 {
			CHOICES {
				disabled == 0 ::: "Disabled";
				real-browser-enforcement == 1 ::: "Real Browser Enforcement";
				captcha-enforcement == 2 ::: "CAPTCHA Enforcement";
			}
			defaultval = disabled;
			brieflist = 1;
		}

		ATTR INT "validation-timeout" "validation timeout" 5108 {
			brieflist = 1;
			defaultval = 20;
			VALIDATE RANGE 5:30;
			condition = 5107:NE:0;
		}

		ATTR INT "max-attempt-times" "Max Attempt Times" 5109 {
			brieflist = 1;
			defaultval = 3;
			VALIDATE RANGE 1:5;
			condition = 5107:eq:2;
		}

		ATTR OPTION "mobile-app-identification" "Mobile Application Identification" 5110 {
			CHOICES {
				disabled                == 0 ::: "Disabled";
				mobile-token-validation == 1 ::: "Mobile Token Validation";
			}
			defaultval = disabled;
			brieflist = 1;
		}
		ATTR OPTION_EN "bot-confirmation" "Bot Confirmation" 5111 {
			defaultval = disable;
		}
	}
}

DOMAIN TABLE "waf http-connection-flood-check-rule" "http connection flood check rule" 5120 {
	#parseflag = @{all=null;FWB_DOCKER=skip};
	TABLENAME STRING "name" "name" 5121 {
		VALIDATE NO_XSS RELAXED;
		brieflist = 1;
		ATTR INT "http-connection-threshold" "http-connection-threshold(1~1024)" 5122 {
			VALIDATE RANGE 1:1024;
			defaultval = 1;
		}
		ATTR OPTION "action" "action" 5123 {
			CHOICES {
				alert == 2 ::: "alert";
				deny_no_log == 4 ::: "deny without log";
				alert_deny == 6 ::: "deny connection and alert";
				block-period == 11 ::: "block period";
			}
			defaultval = alert;
		}
		ATTR OPTION "severity" "severity:High, Medium, Low or Informative" 5124 {
			CHOICES {
				High == 1 ::: "High";
				Medium == 2 ::: "Medium";
				Low == 3 ::: "Low";
				Info == 4 ::: "Informative";
			}
			brieflist = 1;
			defaultval = Medium;	
		}
		ATTR DATASOURCE "trigger-policy" "trigger-policy" 5125 {
			datasource = "2090";
		}
		ATTR INT "block-period" "action block period(1~3600)" 5126 {
			brieflist = 1;
			defaultval = 60;
			VALIDATE RANGE 1:3600;
                        condition = 5123:eq:11;
		}
	}
}

DOMAIN TABLE "waf layer4-access-limit-rule" "layer4 access limit rule" 5140 {
	TABLENAME STRING "name" "name" 5141 {
		VALIDATE NO_XSS RELAXED;
		brieflist = 1;
		ATTR INT "access-limit-standalone-ip" "access-limit-standalone-ip(0~65536)" 5142 {
			VALIDATE RANGE 0:65536;
		}
		ATTR INT "access-limit-share-ip" "access-limit-share-ip(0~65536)" 5143 {
			parseflag = @{all=null;FWB_DOCKER=skip};
			VALIDATE RANGE 0:65536;
		}
		ATTR OPTION "action" "action" 5144 {
			CHOICES {
				alert == 2 ::: "alert";
				deny_no_log == 4 ::: "deny without log";
				alert_deny == 6 ::: "deny connection and alert";
				block-period == 11 ::: "block period";
			}
			defaultval = alert;
		}
		ATTR INT "block-period" "action block period(1-10000)" 5145 {
			VALIDATE RANGE 1:10000;
			defaultval = 60;
			condition = 5144:eq:11;
		}
		ATTR OPTION "severity" "severity:High, Medium, Low or Informative" 5146 {
			CHOICES {
				High == 1 ::: "High";
				Medium == 2 ::: "Medium";
				Low == 3 ::: "Low";
				Info == 4 ::: "Informative";
			}
			brieflist = 1;
			defaultval = Medium;	
		}
		ATTR DATASOURCE "trigger-policy" "trigger-policy" 5147 {
			datasource = "2090";
		}
		ATTR OPTION "bot-recognition" "Bot Recognition" 5148 {
			CHOICES {
				disabled == 0 ::: "Disabled";
				real-browser-enforcement == 1 ::: "Real Browser Enforcement";
				captcha-enforcement == 2 ::: "CAPTCHA Enforcement";
			}
			defaultval = disabled;
			brieflist = 1;
		}
		ATTR INT "validation-timeout" "validation timeout" 5149 {
			brieflist = 1;
			defaultval = 20;
			VALIDATE RANGE 5:30;
			condition = 5148:NE:0;
		}

		ATTR INT "max-attempt-times" "Max Attempt Times" 5150 {
			brieflist = 1;
			defaultval = 3;
			VALIDATE RANGE 1:5;
			condition = 5148:eq:2;
		}
		ATTR OPTION "mobile-app-identification" "Mobile Application Identification" 5151 {
			CHOICES {
				disabled                == 0 ::: "Disabled";
				mobile-token-validation == 1 ::: "Mobile Token Validation";
			}
			defaultval = disabled;
			brieflist = 1;
		}
		ATTR OPTION_EN "bot-confirmation" "Bot Confirmation" 5152 {
			defaultval = disable;
		}

	}
}

DOMAIN TABLE "waf geo-ip-except" "geo block list exception" 5210 {
	TABLENAME STRING "name" "name" 5211 {
		VALIDATE NO_XSS RELAXED;
		TABLE "members" "member list" 5212 {
			TABLENAME INT "id" "id" 5213 {
				ATTR USER "ip" "ip or ip range(ipv4)" 5214 {
					parseflag = "must";
					brieflist = 1;
				}
			}
		}
	}
}

DOMAIN TABLE "waf geo-block-list" "geo block list" 5200 {
        TABLENAME STRING "name" "name" 5201 {
		VALIDATE NO_XSS RELAXED;
		ATTR OPTION "severity" "severity" 5202 {
			CHOICES {
				High == 1 ::: "High";
				Medium == 2 ::: "Medium";
				Low == 3 ::: "Low";
				Info == 4 ::: "Informative";
			}
			brieflist = 1;
			defaultval = Low;				
		}
		ATTR DATASOURCE "trigger" "trigger" 5203 {
			brieflist = 1;
			datasource = "2090";
		}
		ATTR DATASOURCE "exception-rule" "" 5207 {
			brieflist = 1;
			datasource = "5210";
		}
                TABLE "country-list" "country list" 5204 {
                        TABLENAME INT "id" "id" 5205 {
			ATTR STRING "country-name" "country name" 5206 {
                                brieflist = 1;
                        }
		}
	}
}

DOMAIN TABLE "waf ip-list" "ip list policy" 5220 {
        TABLENAME STRING "name" "name" 5221 {
		VALIDATE NO_XSS RELAXED;
                TABLE "members" "members" 5222 {
                        TABLENAME INT "id" "id" 5223 {
			ATTR OPTION "type" "type" 5224 {
				CHOICES {
					trust-ip == 0 ::: "trust ip";
					black-ip == 1 ::: "black ip";
				}
				brieflist = 1;
				defaultval = trust-ip;				
			}
			#add by wy
			#ATTR IPADDR "ip" "ip" 5225 {
			ATTR USER "ip" "ip" 5225 {
				#ipversion = 4;
		                #subnet_type = host;
				brieflist = 1;
				parseflag = "must";
			}
			ATTR OPTION "severity" "severity" 5226 {
				CHOICES {
					High == 1 ::: "High";
					Medium == 2 ::: "Medium";
					Low == 3 ::: "Low";
					Info == 4 ::: "Informative";
				}
				brieflist = 1;
				defaultval = Low;	
				condition = 5224:eq:1;			
			}
			ATTR DATASOURCE "trigger-policy" "trigger policy" 5227 {
				brieflist = 1;
				datasource = "2090";
				condition = 5224:eq:1;	
			}
		}
	}
}

DOMAIN TABLE "waf http-authen http-authen-rule" "http authentication rule" 5240 {
	TABLENAME STRING "name" "name" 5241 {
		VALIDATE NO_XSS RELAXED;
		ATTR STRING "host" "host" 5242 {
			VALIDATE NO_XSS RELAXED;
			brieflist = 1;
		}
		ATTR OPTION_EN "host-status" "host status" 5243 {
			defaultval = disable;
			brieflist = 1;
		}
		TABLE "rule" "rules" 5244 {
			TABLENAME INT "id" "id" 5245 {
				ATTR OPTION "authen-type" "authentication type" 5246 {
					CHOICES {
						basic == 1;
						digest == 2;
						ntlm == 3;
					}
					defaultval = basic;
					brieflist = 1;
				}
				ATTR STRING "user-realm" "user realm" 5247 {
#					VALIDATE NO_XSS RELAXED;
					brieflist = 1;
					parseflag = "must";
					condition = 5246:eq:1;
					condition = 5246:eq:2;
				}
				ATTR DATASOURCE "user-group" "user group" 5248 {
					datasource = "1060";
					brieflist = 1;
				}
				ATTR STRING "request-url" "request URL" 5249 {
					brieflist = 1;
				}
			}
		}
	}
} 

DOMAIN TABLE "waf http-authen http-authen-policy" "http authentication policy" 5260 {
	TABLENAME STRING "name" "name" 5261 {
		VALIDATE NO_XSS RELAXED;
		brieflist = 1;
		TABLE "rule" "rules" 5262 {
			TABLENAME INT "id" "id" 5263 {
				ATTR DATASOURCE "http-authen-rule" "http authentication rule" 5264 {
					brieflist = 1;
					datasource = "5240";
					parseflag = "must";
				}
			}
		}
		ATTR OPTION_EN "cache" "LDAP cache" 5265 {
			defaultval = enable;
			brieflist = 1;
		}
		ATTR INT "cache-timeout" "cache timeout, default 300 [0 3600]" 5266 {
			defaultval = 300;
			VALIDATE RANGE 0:3600;
			brieflist = 1;
			condition = 5265:eq:1; 
		}
		ATTR OPTION "alert-type" "alert type" 5267 {
			CHOICES {
				none == 0 ::: "none";
				fail == 1 ::: "failed only";
				success == 2 ::: "successful only";
				all == 3 ::: "all";
			}
			defaultval = none;
			brieflist = 1;
		}
		ATTR INT "auth-timeout" "auth timeout, default 2000" 5268 {
			defaultval = 2000;
			VALIDATE RANGE 1:60000;
			brieflist = 1;
		}
	}
}

DOMAIN TABLE "waf hidden-fields-rule" "waf hidden field rule" 5390 {
	TABLENAME STRING "name" "name" 5391 {
		VALIDATE NO_XSS RELAXED;
		brieflist = 1;
		ATTR STRING "host" "host" 5392 {
			VALIDATE NO_XSS RELAXED;
		}
		TABLE "hidden-field-name" "rule list" 5393 {
			TABLENAME INT "id" "id" 5394 {
				ATTR STRING "argument" "argument" 5395 {
					VALIDATE NO_XSS RELAXED;
					brieflist = 1;
					parseflag = "must";
				}
			}
		}
		ATTR OPTION "action" "action" 5396 {
			CHOICES {
				alert == 2 ::: "alert";
				redirect == 3 ::: "redirect connection";
				deny_no_log == 4 ::: "deny without log";
				alert_deny == 6 ::: "deny connection and alert";
				send_403_forbidden == 10 ::: "send HTTP 403 access forbidden";
				block_period == 11 ::: "block period";
			}
			defaultval = alert;
		}
		ATTR INT "block_period" "action block period(1-3600)" 5397 {
			VALIDATE RANGE 1:3600;
			defaultval = 60;
			condition = 5396:eq:11;
		}
		ATTR OPTION "severity" "severity:High, Medium, Low or Informative" 5398 {
			CHOICES {
				High == 1 ::: "High";
				Medium == 2 ::: "Medium";
				Low == 3 ::: "Low";
				Info == 4 ::: "Informative";
			}
			brieflist = 1;
			defaultval = High;	
		}
		ATTR DATASOURCE "trigger" "trigger" 5399 {
			datasource = "2090";
		}
		ATTR STRING "request-file" "request file" 5400 {
			VALIDATE REGEX "^/";
			parseflag = "must";
			brieflist = 1;
		}
		ATTR STRING "action-url0" "action url0" 5401 {
			VALIDATE REGEX "^/";
			brieflist = 1;
		}
		ATTR STRING "action-url1" "action url1" 5402 {
			VALIDATE REGEX "^/";
			brieflist = 1;
		}
		ATTR STRING "action-url2" "action url2" 5403 {
			VALIDATE REGEX "^/";
			brieflist = 1;
		}
		ATTR STRING "action-url3" "action url3" 5404 {
			VALIDATE REGEX "^/";
			brieflist = 1;
		}
		ATTR STRING "action-url4" "action url4" 5405 {
			VALIDATE REGEX "^/";
			brieflist = 1;
		}
		ATTR STRING "action-url5" "action url5" 5406 {
			VALIDATE REGEX "^/";
			brieflist = 1;
		}
		ATTR STRING "action-url6" "action url6" 5407 {
			VALIDATE REGEX "^/";
			brieflist = 1;
		}
		ATTR STRING "action-url7" "action url7" 5408 {
			VALIDATE REGEX "^/";
			brieflist = 1;
		}
		ATTR STRING "action-url8" "action url8" 5409 {
			VALIDATE REGEX "^/";
			brieflist = 1;
		}
		ATTR STRING "action-url9" "action url9" 5410 {
			VALIDATE REGEX "^/";
			brieflist = 1;
		}
                ATTR OPTION_EN "host-status" "host status" 5411 {
                        defaultval = disable;
			brieflist = 1;
                }
                ATTR INT "flag" "flag operation" 5412 {
                        parseflag = "hidden,readonly";
                }
	}
}

DOMAIN TABLE "waf hidden-fields-protection" "waf hidden field protection" 5440 {
	TABLENAME STRING "name" "name" 5441 {
		VALIDATE NO_XSS RELAXED;
		brieflist = 1;
		TABLE "hidden_fields_list" "hidden fields list" 5442 {
			TABLENAME INT "id" "id" 5443 {
				ATTR DATASOURCE "hidden-field-rule" "hidden field rule" 5444 {
					datasource = "5390";
					parseflag = "must";
				}
			}
		}
                ATTR INT "flag" "flag operation" 5445 {
                        parseflag = "hidden,readonly";
                }
	}
}

DOMAIN TABLE "waf page-access-rule" "page access rule" 5460 {
	TABLENAME STRING "name" "name" 5461 {
		VALIDATE NO_XSS RELAXED;
		brieflist = 1;
		ATTR OPTION "page-severity" "High, Medium, Low or Informative" 5462 {
			CHOICES {
				High == 1 ::: "High";
				Medium == 2 ::: "Medium";
				Low == 3 ::: "Low";
				Info == 4 ::: "Informative";
			}
			brieflist = 1;
			defaultval = Medium;				
		}
		ATTR DATASOURCE "page-trigger" "choose Email or syslog policy" 5463 {
			datasource = "2090";
			brieflist = 1;
		}
		TABLE "page-access-list" "page access list" 5464 {
			parseflag = "movable";
			TABLENAME INT "<No.>" "The number of the page access list " 5465 {
				ATTR STRING "host" "host address" 5466 {
					VALIDATE NO_XSS RELAXED;
					brieflist = 1;
				}
				ATTR OPTION_EN "host-status" "host status " 5467 {
					brieflist = 1;
				}
				ATTR STRING "request-file" "request file " 5468 {
					parseflag = "must";
					brieflist = 1;
				}
				ATTR OPTION "request-type" "request type " 5469 {
					brieflist = 1;
					CHOICES {
						plain == 0;
						regular == 1;
					}
					defaultval = plain;
				}
			}
		}
		ATTR INT "flag" "flag" 5470 {
			brieflist = 1;
			parseflag = "hidden,readonly";
		}
	}
}

DOMAIN TABLE "waf user-tracking rule" "waf user tracking rule" 6900 {
	TABLENAME STRING "name" "name" 6901 {
		VALIDATE NO_XSS RELAXED;
		brieflist = 1;
		ATTR STRING "hostname-ip" "" 6918 {
			VALIDATE NO_XSS RELAXED;
			brieflist = 1;
		}
		ATTR OPTION_EN "host-status" "host status " 6919 {
			defaultval = disable;
			brieflist = 1;
		}
		ATTR STRING "authentication-url" "Authentication URL" 6902 {
			VALIDATE NO_XSS RELAXED;
			parseflag = "must";
			brieflist = 1;
		}
		ATTR STRING "username-parameter" "username parameter name" 6903 {
			parseflag = "must";
			brieflist = 1;
		}
		ATTR STRING "password-parameter" "password parameter name" 6904 {
			parseflag = "must";
			brieflist = 1;
		}
		ATTR STRING "session-id-name" "session id name" 6930 {
			parseflag = "must";
			VALIDATE NO_XSS RELAXED;
			brieflist = 1;
		}
		ATTR STRING "logoff-path" "Logoff path" 6917 {
			brieflist = 1;
		}
		ATTR OPTION_EN "session-fixation-protection" "session fixation protection" 6932 {
			defaultval = disable;
			brieflist = 1;
		}
		ATTR OPTION_EN "session-timeout-enforcement" "session timeout enforcement" 6933 {
			defaultval = disable;
			brieflist = 1;
		}
		ATTR INT "session-timeout" "session timeout, default value is 30 minutes" 6934 {
			VALIDATE RANGE 1:14400;
			defaultval = 30;
		}
		ATTR INT "session-frozen-time" "session-frozen-time, default value is 30 minutes" 6935 {
			VALIDATE RANGE 1:3600;
			condition = 6933:EQ:1;
			defaultval = 30;
		}
		ATTR OPTION "session-frozen-action" "action" 6936 {
			CHOICES {
				alert == 2 ::: "alert";
				deny_no_log == 4 ::: "deny without log";
				alert_deny == 6 ::: "deny connection and alert";
				redirect == 3 ::: "redirect connection";
				block-period == 11 ::: "block-period";
			}
			defaultval = alert;
		}
		ATTR INT "session-frozen-block-period" "block period(1-3600)" 6937 {
			defaultval = 60;
			VALIDATE RANGE 1:3600;
		}
		ATTR OPTION "session-frozen-severity" "severity:High, Medium, Low or Informative" 6938 {
			CHOICES {
				High == 1 ::: "High";
				Medium == 2 ::: "Medium";
				Low == 3 ::: "Low";
				Info == 4 ::: "Informative";
			}
			brieflist = 1;
			defaultval = Low;	
		}
		ATTR DATASOURCE "session-frozen-trigger" "choose Email or syslog policy" 6939 {
			datasource = "2090";
		}
		ATTR OPTION "default-action" "default action" 6905 {
			CHOICES {
				failed == 0 ::: "Failed";
				success == 1 ::: "Success";
			}
			brieflist = 1;
			defaultval = failed;
		}
		ATTR OPTION_EN "credential-stuffing-protection" "credential suffing protection" 6925 {
			parseflag = @{all=null;FWB_VM_PAYG|FWB_XENAWS_ONDEMAND|FWB_AZURE_ONDEMAND|FWB_KVM_PAYG=skip};
			defaultval = disable;
			brieflist = 1;
		}
		TABLE "match-condition" "match condition" 6906 {
			TABLENAME INT "id" "id" 6907 {
				ATTR OPTION "authentication-result-type" "Authentication result type" 6908 {
					CHOICES {
						failed == 0 ::: "Failed";
						success == 1 ::: "Success";
					}
					brieflist = 1;
					defaultval = success;
				}
				ATTR OPTION "HTTP-match-target" "HTTP match target" 6909 {
					CHOICES {
						return-code == 0 ::: "Return-code";
						response-body == 1 ::: "Response-body";
						redirect-url == 2 ::: "Redirect-url";
					}
					brieflist = 1;
					defaultval = return-code;
				}
				ATTR OPTION "value-type" "simple string or regular expression" 6916 {
					CHOICES {
						plain == 0;
						regular == 1;
					}
					brieflist = 1;
					defaultval = plain;
				}
				ATTR STRING "value" "match value" 6910 {
					parseflag = "must";
					brieflist = 1;
				}
			}
		}
	}
}
DOMAIN TABLE "waf user-tracking policy" "waf user-tracking policy" 6920 {
	TABLENAME STRING "name" "name" 6921 {		
		VALIDATE NO_XSS RELAXED;
		TABLE "input-rule-list" "input rule list" 6922 {
			TABLENAME INT "id" "id" 6923 {
				ATTR DATASOURCE "input-rule" "input rule" 6924 {
					datasource = "6900";
					parseflag = "must";
				}
			}
		}
	}
}

DOMAIN TABLE "waf websocket-security rule" "waf websocket security rule" 7070 {
	TABLENAME STRING "name" "name" 7071 {
		VALIDATE NO_XSS RELAXED;
		brieflist = 1;
	       	ATTR OPTION_EN "host-status" "enable/disable" 7072 {
			defaultval = disable;
		}
		ATTR STRING "host" "host" 7073 {
			VALIDATE NO_XSS RELAXED;
		}
	       	ATTR OPTION "url-type" "simple string or regular expression" 7074 {
			CHOICES {
				plain == 0;
				regular == 1;
			}
			brieflist = 1;
			defaultval = plain;
		}
		ATTR STRING "url" "url" 7075 {
			parseflag = "must";
		}
	       	ATTR OPTION_EN "block-websocket-traffic" "block websocket traffic" 7076 {
			defaultval = disable;
		}
	         
	         ATTR OPTION "action" "action" 7077 {
		         condition = 7076:eq:0;
		      	CHOICES {
				alert == 2 ::: "alert";
				deny_no_log == 4 ::: "deny without log";
				alert_deny == 6 ::: "deny connection and alert";
			}
			defaultval = alert;
		}
		ATTR INT "max-frame-size" "max frame size" 7078 {	
		      condition = 7076:eq:0;
		      brieflist = 1;
		}
		ATTR INT "max-message-size" "max message size" 7079 {
		         condition = 7076:eq:0;
			brieflist = 1;
		}
         	ATTR OPTION_EN "block-extensions" "block extensions" 7080 {
		         condition = 7076:eq:0;
			defaultval = disable;
		}
         	ATTR OPTION_EN "enable-attack-signatures" "enable attack signatures" 7081 {
		         condition = 7076:eq:0;
			defaultval = disable;
		}
		ATTR OPTION_EN "allow-plain-text" "allow plain text" 7082 {
		         condition = 7076:eq:0;
			defaultval = enable;
		}
         	ATTR OPTION_EN "allow-binary-text" "allow binary text" 7083 {
		         condition = 7076:eq:0;
			defaultval = enable;
		}
        		TABLE "allowed-origin-list" "allowed origin list" 7084 {
			TABLENAME INT "id" "id" 7085 {
				ATTR STRING "origin" "origin" 7086 {
					parseflag = "must";
					brieflist = 1;
				}
			}
		}
	}
}

DOMAIN TABLE "waf websocket-security policy" "waf websocket-security policy" 7060 {
	TABLENAME STRING "name" "name" 7061 {		
		VALIDATE NO_XSS RELAXED;
		TABLE "rule-list" "rule list" 7062 {
		         parseflag = "movable,keeporder";
			TABLENAME INT "id" "id" 7063 {
				ATTR DATASOURCE "rule" "rule" 7064 {
					datasource = "7070";
					parseflag = "must";
				}
			}
		}
	}
}

DOMAIN TABLE "waf xml-schema file" "waf xml schema file" 9517 {
	TABLENAME STRING "name" "name" 9518 {
		VALIDATE NO_XSS RELAXED;
		brieflist = 1;
	}		
}

DOMAIN TABLE "waf xml-wsdl file" "waf xml wsdl file" 9530 {
	TABLENAME STRING "name" "name" 9531 {
		VALIDATE NO_XSS RELAXED;
		brieflist = 1;
	}
}

DOMAIN TABLE "waf xml-exempted-urls" "waf xml exempted urls" 9547 {
	TABLENAME STRING "name" "name" 9548 {
		VALIDATE NO_XSS RELAXED;
		brieflist = 1;
		TABLE "exempted-url-list" "exempted url list" 9800 {
			TABLENAME INT "<NO.>" "id" 9801 {
				ATTR OPTION "url-type" "exempted url type" 9802 {
					brieflist = 1;
					CHOICES {
						plain == 0;
						regular == 1;
					}
					defaultval = plain;
				}
				ATTR STRING "exempted-url" "exempted url" 9803 {
					parseflag = "must";
				}
			}
		}
	}
}

# WS-Security Rule
DOMAIN TABLE "waf ws-security rule" "waf WS-Security rule" 9810 {
	TABLENAME STRING "name" "name" 9811 {
		VALIDATE NO_XSS RELAXED;
		brieflist = 1;	
		ATTR OPTION_EN "request-security-status" "enable/disable" 9812 {
			defaultval = enable;
		}
		ATTR OPTION "request-operation" "request operation" 9813 {
			CHOICES { 
				verify_and_decrypt == 1 ::: "verify and decrypt";
				decrypt == 2 ::: "decrypt";
				verify == 3 ::: "verify"; 
			}
			defaultval = verify_and_decrypt;
		}
		ATTR OPTION_EN "response-security-status" "enable/disable" 9814 {
			defaultval = disable; 
		}
		ATTR OPTION "response-operation" "response operation" 9815 { 
			CHOICES { 
				sign == 1 ::: "sign";
				encrypt == 2 ::: "encrypt";
				sign_then_encrypt == 3 ::: "sign, then encrypt";
				encrypt_then_sign == 4 ::: "encrypt, then sign"; 
			}
			defaultval = sign;
		}
		ATTR OPTION "encryption-part" "response encryption part" 9816 { 
			CHOICES { 
				value-only == 1 ::: "value only";
				with-markup == 2 ::: "with markup"; 
			}
			defaultval = value-only; 
		}
		ATTR OPTION "signature-algorithm" "response signature algorithm" 9817 {
			CHOICES { 
				rsa-sha-1 == 1 ::: "RSA-SHA-1";
				hmac-sha-1 == 2 ::: "HMAC-SHA-1"; 
			}
			defaultval = rsa-sha-1;
		}
		ATTR OPTION "encryption-algorithm" "response encryption algorithm" 9818 { 
			CHOICES { 
				3des == 1 ::: "3DES";
				aes-128 == 2 ::: "AES-128";
				aes-256 == 3 ::: "AES-256"; 
			}
			defaultval = 3des;
		}
		ATTR OPTION "key-transport-algorithm" "response key transport algorithm" 9819 { 
			CHOICES { 
				rsa-1.5 == 1 ::: "RSA-1.5";
				rsa-oaep == 2 ::: "RSA-OAEP"; 
			}
			defaultval = rsa-1.5;
		}
		ATTR DATASOURCE "xml-server-certificate" "xml server certificate" 9820 { 
			datasource = "10200";
		}
		ATTR DATASOURCE "xml-client-certificate-group" "xml client certificate group" 9821 { 
			datasource = "10220";
		}
		TABLE "namespace-mapping" "namespace mapping" 9822 { 
			TABLENAME INT "id" "id" 9823 { 
				ATTR STRING "prefix" "prefix" 9824 { 
					parseflag = "must"; 
				}
				ATTR STRING "namespace" "namespace" 9825 { 
					parseflag = "must"; 
				} 
			} 
		} 
		TABLE "element-list" "element list" 9826 { 
			TABLENAME INT "id" "id" 9827 { 
				ATTR STRING "xpath" "xpath of element" 9828 { 
					parseflag = "must"; 
				}
				ATTR OPTION "direction" "direction" 9829 { 
					CHOICES { 
						request == 1 ::: "request";
						response == 2 ::: "response"; 
					}
					defaultval = request; 
				} 
			} 
		} 
	} 
}	

DOMAIN TABLE "waf xml-validation rule" "waf xml validation rule" 9500 {
	TABLENAME STRING "name" "name" 9501 {		
		VALIDATE NO_XSS RELAXED;
		ATTR STRING "host" "host" 9502 {
			VALIDATE NO_XSS RELAXED;
		}
		ATTR OPTION "action" "action" 9503 {
			CHOICES {
				alert == 2 ::: "alert";
				deny_no_log == 4 ::: "deny without log";
				alert_deny == 6 ::: "deny connection and alert";
				redirect == 3 ::: "redirect connection";
				block-period == 11 ::: "block period";
				send_403_forbidden == 10 ::: "send HTTP 403 access forbidden";
			}
			defaultval = alert;
		}
		ATTR INT "block-period" "action block period(1-3600)" 9504 {
			VALIDATE RANGE 1:3600;
			defaultval = 60;
		}
		ATTR OPTION "severity" "severity:High, Medium, Low or Informative" 9505 {
			CHOICES {
				High == 1 ::: "High";
				Medium == 2 ::: "Medium";
				Low == 3 ::: "Low";
				Info == 4 ::: "Informative";
			}
			brieflist = 1;
			defaultval = Low;	
		}
		ATTR DATASOURCE "trigger" "trigger" 9506 {
			datasource = "2090";
		}
		ATTR OPTION "request-type" "simple string or regular expression" 9508 {
			CHOICES {
				plain == 0;
				regular == 1;
			}
			brieflist = 1;
			defaultval = plain;
		}
		ATTR STRING "request-file" "request file" 9509 {
			parseflag = "must";
		}
		ATTR OPTION_EN "host-status" "enable/disable" 9510 {
			defaultval = disable;
		}
		ATTR OPTION "data-format" "data format" 9532 {
			CHOICES {
				xml   == 0 ::: "xml";
				soap  == 1 ::: "soap";
			}
			defaultval = xml;
		}
		ATTR DATASOURCE "schema-file" "schema file" 9511 {
			datasource = "9517";
			condition = 9532:eq:0;
		}
		ATTR DATASOURCE "wsdl-file" "wsdl file" 9533 {
			datasource = "9530";
			condition = 9532:eq:1;
		}
		ATTR DATASOURCE "ws-security" "WS-Security rule" 9538 { 
			datasource = "9810";
			condition = 9532:eq:1; 
		}
		ATTR OPTION "soap-attachment" "allow/disallow attachment in soap message" 9540 {
			CHOICES {
				disallow   == 0 ::: "disallow attachment in soap message";
				allow  == 1 ::: "allow attachment in soap message";
			}
			defaultval = allow;
			condition = 9532:eq:1;
		}
		ATTR OPTION_EN "validate-soapaction" "enable/disable" 9534 {
			defaultval = disable;
			condition = 9532:EQ:1;
			condition = 9533:NE:0;
			brieflist = 1;
		}
		ATTR OPTION_EN "validate-soap-headers" "enable/disable" 9535 {
			defaultval = disable;
			condition = 9532:EQ:1;
			condition = 9533:NE:0;
			brieflist = 1;
		}
		ATTR OPTION_EN "allow-additional-soap-headers" "enable/disable" 9536 {
			defaultval = disable;
			condition = 9532:EQ:1;
			condition = 9533:NE:0;
			brieflist = 1;
		}
		ATTR OPTION_EN "validate-soap-body" "enable/disable" 9537 {
			defaultval = disable;
			condition = 9532:EQ:1;
			condition = 9533:NE:0;
			brieflist = 1;
		}
		ATTR OPTION_EN "xml-limit-check" "enable/disable" 9520 {
			defaultval = disable;
			brieflist = 1;
		}
		ATTR INT "xml-limit-attr-num" "max xml attribute number" 9521 {
			VALIDATE RANGE 0:256;
			defaultval = 32;
			condition = 9520:eq:1; 
			brieflist = 1;
		}
		ATTR INT "xml-limit-attrname-len" "max xml attribute name length" 9522 {
			VALIDATE RANGE 0:1024;
			defaultval = 64;
			condition = 9520:eq:1; 
			brieflist = 1;
		}
		ATTR INT "xml-limit-attrvalue-len" "max xml attribute value length" 9523 {
			VALIDATE RANGE 0:2048;
			defaultval = 1024;
			condition = 9520:eq:1; 
			brieflist = 1;
		}
		ATTR INT "xml-limit-cdata-len" "max xml cdata length" 9524 {
			VALIDATE RANGE 0:8192;
			defaultval = 4096;
			condition = 9520:eq:1; 
			brieflist = 1;
		}
		ATTR INT "xml-limit-element-depth" "max xml element depth" 9525 {
			VALIDATE RANGE 0:256;
			defaultval = 20;
			condition = 9520:eq:1; 
			brieflist = 1;
		}
		ATTR INT "xml-limit-element-name-len" "max xml element name length" 9526 {
			VALIDATE RANGE 0:1024;
			defaultval = 64;
			condition = 9520:eq:1; 
			brieflist = 1;
		}
		ATTR OPTION_EN "xml-attributes-check" "enable/disable" 9527 {
			defaultval = disable;
			brieflist = 1;
		}
		ATTR OPTION_EN "external-entity-check" "enable/disable" 9528 {
			defaultval = disable;
			condition = 9527:eq:1; 
			brieflist = 1;
		}
		ATTR OPTION_EN "expansion-entity-check" "enable/disable" 9529 {
			defaultval = disable;
			condition = 9527:eq:1; 
			brieflist = 1;
		}
		ATTR OPTION_EN "x-include-check" "enable/disable" 9544 {
			defaultval = disable;
			condition = 9527:eq:1; 
			brieflist = 1;
		}
		ATTR OPTION_EN "schema-location-check" "enable/disable" 9545 {
			defaultval = disable;
			condition = 9527:eq:1; 
			brieflist = 1;
		}
		ATTR DATASOURCE "schema-location-exempted-urls" "enable/disable" 9546 {
			datasource = "9547";
			condition = 9527:EQ:1;
			condition = 9545:EQ:1;
		}
    	ATTR OPTION "ws-i-basic-profile-assertion" "packet log setting" 9549 {
    		multi_opt = 1;
    		brieflist = 1;
    		CHOICES {
    			WSI1001 == 1 :SET:: "Message Should be Sent Using HTTP 1.1";
    			WSI1002 == 2 :SET:: "Message Should be Sent using HTTP 1.1 or HTTP 1.0";
    			WSI1003 == 4 :SET:: "Message is UTF-8 or UTF-16";
    			WSI1004 == 8 :SET:: "Request Message Should be an HTTP POST Message";
    			WSI1006 == 16 :SET:: "SOAPAction Header Should Contain Quoted String";
    			WSI1007 == 32 :SET:: "Message Should Not Include SOAP:Header or SOAP:Body elements as Defined in the included DTD";
    			#WSI1008 == 64 :SET:: "Message Part Accessor Elements in Parameters and Return Value Should Have Proper Namespace";
				#WSI1009 == 128 :SET:: "Message Should Include All Specified Headers";
				#WSI1011 == 256 :SET:: "Request Content Should Match WSDL:Definition";
    			WSI1032 == 512 :SET:: "SOAP:Envelope,SOAP:Header and SOAP:Body Elements Should Not Have Attributes in Namespace";
    			WSI1033 == 1024 :SET:: "SOAP:Envelope Namespace Should Not be 1998";
    			WSI1109 == 2048 :SET:: "WS-I Conformance Claim Should be a Child of the SOAP:Header Element";
    			WSI1110 == 4096 :SET:: "WS-I Conformance Claims Should Adhere to the WS-I Conformance Claim Schema";
    			WSI1111 == 8192 :SET:: "WS-l Conformance Claims Should Not Contain the SOAP:MustUnderstand Attribute";
    			WSI1201 == 32768 :SET:: "SOAP:Envelope Should Have v1.1/1.2 Namespace";
    			WSI1202 == 65536 :SET:: "Children Elements in SOAP:Body Should be Namespace Qualified";
    			WSI1204 == 131072 :SET:: "SOAP: Body Should Not Contain the SOAPEnc:ArrayType Attribute"; 
    			WSI1208 == 262144 :SET:: "SOAP Message Should Not Include XML Processing Instructions";
    			#WSI1211 == 524288 :SET:: "Part Accessors Should Not Have xsi: nil Attribute with Value 1 or True";
    			WSI1301 == 1048576 :SET:: "Attribute MustUnderstand Value Should be Either 1 or 0";
    			WSI1307 == 2097152 :SET:: "SOAP:Envelope Namespace Elements Should Not Have the SOAP:EncodingStyle Attribute";
    			WSI1308 == 4194304 :SET:: "Children Elements of SOAP:Body Should Not Have the SOAP:EncodingStyle Attribute";
    			WSI1309 == 8388608 :SET:: "SOAP:Envelope Should Not Have Direct Children After the SOAP:Body Element";
    			WSI1318 == 16777216 :SET:: "Grandchildren of SOAP:Body Should Not Have the SOAP:EncodingStyle Attribute";
    			WSI1601 == 33554432 :SET:: "SOAP:Envelope and SOAP:Body Should Conform to XML 1.0";
    			WSI1701 == 67108864 :SET:: "SOAP:Envelope Should Conform to the SOAP Schema";
    		}		
			#condition = 9532:EQ:1;
    	}
    	ATTR OPTION "ws-i-basic-profile-wsdl-assertion" "packet log setting" 9539 {
		multi_opt = 1;
		brieflist = 1;
		CHOICES {
			WSI1008 == 64 :SET:: "Message Part Accessor Elements in Parameters and Return Value Should Have Proper Namespace";
    			WSI1116 == 16384 :SET:: "SOAPAction Header Should Match the SOAPBind:Operation/@SOAPAction Attribute";
			WSI1211 == 524288 :SET:: "Part Accessors Should Not Have xsi: nil Attribute with Value 1 or True";
		}		
		#condition = 9532:EQ:1;
		#condition = 9533:NE:0;
	}
	}
}

DOMAIN TABLE "waf xml-validation policy" "waf xml validation policy" 9512 {
	TABLENAME STRING "name" "name" 9513 {		
		VALIDATE NO_XSS RELAXED;
		ATTR OPTION_EN "enable-signature-detection" "enable signature detection" 9519 {
			defaultval = disable;
		}
		TABLE "input-rule-list" "input rule list" 9514 {
			TABLENAME INT "id" "id" 9515 {
				ATTR DATASOURCE "input-rule" "input rule" 9516 {
					datasource = "9500";
					parseflag = "must";
				}
			}
		}
	}
}

DOMAIN TABLE "waf json-schema file" "waf json schema file" 9900 {
	TABLENAME STRING "name" "name" 9901 {
		VALIDATE NO_XSS RELAXED;
		brieflist = 1;
	}		
}

DOMAIN TABLE "waf json-validation rule" "waf json validation rule" 9905 {
	TABLENAME STRING "name" "name" 9906 {		
		VALIDATE NO_XSS RELAXED;
		ATTR OPTION_EN "host-status" "enable/disable" 9907 {
			defaultval = disable;
		}
		ATTR STRING "host" "host" 9908 {
			VALIDATE NO_XSS RELAXED;
		}
		ATTR OPTION "request-type" "simple string or regular expression" 9909 {
			CHOICES {
				plain == 0;
				regular == 1;
			}
			brieflist = 1;
			defaultval = plain;
		}
		ATTR STRING "request-file" "request file" 9910 {
			parseflag = "must";
		}	
		
		ATTR OPTION "action" "action" 9911 {
			CHOICES {
				alert == 2 ::: "alert";
				deny_no_log == 4 ::: "deny without log";
				alert_deny == 6 ::: "deny connection and alert";
				redirect == 3 ::: "redirect connection";
				block-period == 11 ::: "block period";
				send_403_forbidden == 10 ::: "send HTTP 403 access forbidden";
			}
			defaultval = alert;
		}
		ATTR INT "block-period" "action block period(1-3600)" 9912 {
			condition = 9911:eq:11;
			VALIDATE RANGE 1:3600;
			defaultval = 60;
		}
		ATTR OPTION "severity" "severity:High, Medium, Low or Informative" 9913 {
			CHOICES {
				High == 1 ::: "High";
				Medium == 2 ::: "Medium";
				Low == 3 ::: "Low";
				Info == 4 ::: "Informative";
			}
			brieflist = 1;
			defaultval = Low;	
		}
		ATTR DATASOURCE "trigger" "trigger" 9914 {
			datasource = "2090";
		}

		ATTR DATASOURCE "schema-file" "schema file" 9915 {
			datasource = "9900";
		}

		ATTR OPTION_EN "json-limits" "json limits" 9916 {
			defaultval = disable;
		}

		ATTR INT "json-data-size" "Total size of JSON data(0-10240KB)" 9917 {
			condition = 9916:eq:1;
			VALIDATE RANGE 0:10240;
			defaultval = 1024;
		}
		
		ATTR INT "key-size" "key size(0-10240Bytes)" 9918 {
			condition = 9916:eq:1;
			VALIDATE RANGE 0:10240;
			defaultval = 64;
		}	

		ATTR INT "key-number" "Total key number(0-2147483647)" 9919 {
			condition = 9916:eq:1;
			VALIDATE RANGE 0:2147483647;
			defaultval = 256;
		}	

		ATTR INT "value-size" "value size(0-10240Bytes)" 9930 {
			condition = 9916:eq:1;
			VALIDATE RANGE 0:10240;
			defaultval = 128;
		}	

		ATTR INT "value-number" "Total value number(0-2147483647)" 9931 {
			condition = 9916:eq:1;
			VALIDATE RANGE 0:2147483647;
			defaultval = 256;
		}	

		ATTR INT "value-number-in-array" "Total value number in an Array(0-2147483647)" 9932 {
			condition = 9916:eq:1;
			VALIDATE RANGE 0:2147483647;
			defaultval = 256;
		}	

		ATTR INT "object-depth" "object depth(0-2147483647)" 9933 {
			condition = 9916:eq:1;
			VALIDATE RANGE 0:2147483647;
			defaultval = 32;
		}	
	}
}

DOMAIN TABLE "waf json-validation policy" "waf json validation policy" 9920 {
	TABLENAME STRING "name" "name" 9921 {		
		VALIDATE NO_XSS RELAXED;
		ATTR OPTION_EN "enable-attack-signatures" "enable attack signatures" 9925 {
			defaultval = disable;
		}	
		TABLE "input-rule-list" "input rule list" 9922 {
			TABLENAME INT "id" "id" 9923 {
				ATTR DATASOURCE "input-rule" "input rule" 9924 {
					datasource = "9905";
					parseflag = "must";
				}
			}
		}
	}
}
	
DOMAIN TABLE "waf openapi-file" "waf openapi file" 9680 {
	TABLENAME STRING "name" "name" 9681 {
		VALIDATE NO_XSS RELAXED;
		brieflist = 1;
	}		
}

DOMAIN TABLE "waf openapi-validation-policy" "waf openapi validation policy" 9670 {
	TABLENAME STRING "name" "name" 9671 {		
		VALIDATE NO_XSS RELAXED;
		ATTR OPTION "action" "action" 9672 {
			CHOICES {
				alert == 2 ::: "alert";
				deny_no_log == 4 ::: "deny without log";
				alert_deny == 6 ::: "deny connection and alert";
				redirect == 3 ::: "redirect connection";
				block-period == 11 ::: "block period";
				send_403_forbidden == 10 ::: "send HTTP 403 access forbidden";
			}
			defaultval = alert;
		}
		ATTR INT "block-period" "action block period(1-3600)" 9673 {
			VALIDATE RANGE 1:3600;
			defaultval = 60;
		}
		ATTR OPTION "severity" "severity:High, Medium, Low or Informative" 9674 {
			CHOICES {
				High == 1 ::: "High";
				Medium == 2 ::: "Medium";
				Low == 3 ::: "Low";
				Info == 4 ::: "Informative";
			}
			brieflist = 1;
			defaultval = Low;	
		}
		ATTR DATASOURCE "trigger" "trigger" 9675 {
			datasource = "2090";
		}
                  TABLE "schema-file" "schema file" 9676 {
                           parseflag = "movable";
                           TABLENAME INT "<NO.>" "the ID of schema file" 9677 {
                                    ATTR DATASOURCE "openapi-file" "openapi file" 9678 {
                                             datasource = "9680";
					parseflag = "must";
                                    }
                           }
                  }
        }		
}
DOMAIN TABLE "waf custom-response custom-response-rule" "custom  response rule" 9735 {
	TABLENAME STRING "name" "name" 9736 {
		VALIDATE NO_XSS RELAXED;
		brieflist = 1;
		ATTR OPTION "request-type" "simple string or regular expression" 9737 {
			CHOICES {
				plain == 0;
				regular == 1;
			}
			brieflist = 1;
			defaultval = plain;
		}
		ATTR STRING "url" "URL" 9738 {
			brieflist = 1;
			parseflag = "must";
		}
		ATTR STRING "content" "http response body" 9739 {
			#VALIDATE NO_XSS RELAXED;
			brieflist = 1;
			parseflag = "must";
		}
	}
}
DOMAIN TABLE "waf custom-response custom-response-policy" "custom  response policy" 9730 {
	TABLENAME STRING "name" "name" 9731 {
		VALIDATE NO_XSS RELAXED;
		brieflist = 1;
		TABLE "rule" "rules" 9732 {
			parseflag = "movable,keeporder";
			TABLENAME INT "id" "id" 9733 {								
				ATTR DATASOURCE "custom-response-rule-name" "custom response rule name" 9734 {
					brieflist = 1;
					datasource = "9735";
					parseflag = "must";
				}
			}
		}
	}
}

DOMAIN TABLE "waf device-reputation reputation-exceptions" "waf decice-tracking reputation-exceptions" 6985 {
	TABLENAME STRING "name" "name" 6986 {
		VALIDATE NO_XSS RELAXED;
		brieflist = 1;

		TABLE "reputation-exceptions-list" "reputation exceptions list" 6987 { 
			TABLENAME INT "<No.>" "The number of the reputation exceptions list" 6988 { 
				ATTR OPTION "feature-name" "feature name" 6989 { 
					CHOICES { 
						cross_site_scripting == 32 ::: "Cross Site Scripting";
						cross_site_scripting_extended == 1 ::: "Cross Site Scripting(extended)";
						sql_injection == 2 ::: "SQL Injection";
						sql_injection_extended == 3 ::: "SQL Injection(extended)"; 
						generic_attacks == 4 ::: "Generic Attacks"; 
						generic_attacks_extended == 5 ::: "Generic Attacks(extended)";
						know_exploits == 6 ::: "Know Exploits";
						trojans == 7 ::: "Trojans";
						bad_robot == 8 ::: "Bad Robot";
					#	illegal_xml_format == 9 ::: "Illegal XML Format";
					#	illegal_json_format == 10 ::: "Illegal JSON Format";
						custom_policy == 11 ::: "Custom Policy";
						padding_oracle_protection == 12 ::: "Padding Oracl Protection";
						csrf_protection == 13 ::: "CSRF Protection";
						cookie_security_policy == 14 ::: "Cookie Security Policy";
						parameter_validation == 15 ::: "Parameter Validation";
						hidden_field_protection == 16 ::: "Hidden Field Protection";
						file_upload_restriction == 17 ::: "File Upload Restriction";
						http_protocol_constraints == 18 ::: "HTTP Protocol Constraints";
						dos_protection == 19 ::: "DoS Protection";
						ip_reputation == 20 ::: "IP Reputation";
						user_tracking == 21 ::: "User Tracking";
						custom_signature == 31 ::: "Custom Signature";
						sql_injection_syntax == 29 ::: "SQL Injection(Syntax Based Detection)";
						credit_cards == 33 ::: "Credit Cards";
						bot_deception == 37 ::: "Bot Deception";
						threshold_bot_detection == 39 ::: "Threshold Based Detection";
						mobile_api_protection == 36 ::: "Mobile API Protection";
						json_protection == 40 ::: "JSON Protection";
						openapi_validation == 41 ::: "OpenAPI Validation";
						site_publish == 43 ::: "Site Publish";
					}
					brieflist = 1; 
				}
			}
		}
	}
}

DOMAIN TABLE "waf device-reputation reputation-security-policy" "waf decice-tracking reputation security policy" 6970 {
	TABLENAME STRING "name" "name" 6971 {
		VALIDATE NO_XSS RELAXED;
		brieflist = 1;
		ATTR INT "high-level-score-begin" "high level score begin(3-1000)" 6972 {
			VALIDATE RANGE 3:1000;
			defaultval = 200;
		}	
		ATTR INT "low-level-score-end" "low level score end(2-999)" 6977 {
			VALIDATE RANGE 2:999;
			defaultval = 50;
		}	
		ATTR OPTION "action-for-high-level" "action for high level device" 6978 { 
			CHOICES { 
				alert == 2 ::: "alert";
				deny_no_log == 4 ::: "deny without log";
				alert_deny == 6 ::: "deny connection and alert";
				block-period == 11 ::: "block period";
			}
			defaultval = alert_deny; 
		}
		ATTR INT "block-period-high-level" "action block period high level(1-3600)" 6990 {
			VALIDATE RANGE 1:3600;
			defaultval = 60;
			condition = 6978:eq:11;
		}

		ATTR OPTION "action-for-medium-level" "action for medium level device" 6979 { 
			CHOICES { 
				alert == 2 ::: "alert";
				deny_no_log == 4 ::: "deny without log";
				alert_deny == 6 ::: "deny connection and alert";
				block-period == 11 ::: "block period";
			}
			defaultval = alert_deny; 
		}
		ATTR INT "block-period-medium-level" "action block period medium level(1-3600)" 6991 {
			VALIDATE RANGE 1:3600;
			defaultval = 60;
			condition = 6979:eq:11;
		}

		ATTR OPTION "action-for-low-level" "action for low level device" 6980 { 
			CHOICES { 
				alert == 2 ::: "alert";
				deny_no_log == 4 ::: "deny without log";
				alert_deny == 6 ::: "deny connection and alert";
				block-period == 11 ::: "block period";
			}
			defaultval = alert; 
		}
		ATTR INT "block-period-low-level" "action block period low level(1-3600)" 6992 {
			VALIDATE RANGE 1:3600;
			defaultval = 60;
			condition = 6980:eq:11;
		}

		ATTR OPTION "action-for-unindentified" "action for unindentified device" 6981 { 
			CHOICES { 
				alert == 2 ::: "alert";
				deny_no_log == 4 ::: "deny without log";
				alert_deny == 6 ::: "deny connection and alert";
				block-period == 11 ::: "block period";
				using_local_action == 14 ::: "using local action";
			}
			defaultval = using_local_action; 
		}
		ATTR INT "block-period-unindentified-level" "action block period unindentified level(1-3600)" 6993 {
			VALIDATE RANGE 1:3600;
			defaultval = 60;
			condition = 6981:eq:11;
		}

		ATTR DATASOURCE "reputation-exception-rule" "reputation exception rule" 6982 {
			datasource = "6985";
			brieflist = 1;
		}

	}
}


DOMAIN TABLE "waf url-rewrite url-rewrite-rule" "url rewriting rule" 5480 {
	TABLENAME STRING "name" "name" 5481 {
		VALIDATE NO_XSS RELAXED;
		brieflist = 1;
		ATTR OPTION_EN "host-status" "host status" 5482 {
			brieflist = 1;
			defaultval = disable;
		}
		ATTR OPTION_EN "host-use-pserver" "" 5483 {
			brieflist = 1;
			defaultval = disable;
		}
		ATTR STRING "host" "host" 5484 {
			#VALIDATE HOSTNAME RELAXED;
			VALIDATE NO_XSS RELAXED;
			brieflist = 1;
		}
		ATTR OPTION_EN "url-status" "URL status" 5485 {
			brieflist = 1;
			defaultval = disable;
		}
		ATTR STRING "url" "URL" 5486 {
			#VALIDATE URL RELAXED;
			#VALIDATE NO_XSS RELAXED;
			brieflist = 1;
		}
		ATTR STRING "location" "location" 5487 {
			#VALIDATE NO_XSS RELAXED;
			brieflist = 1;
		}
		ATTR OPTION_EN "referer-status" "" 5488 {
			brieflist = 1;
			defaultval = disable;
		}
		ATTR OPTION_EN "referer-use-pserver" "" 5489 {
			brieflist = 1;
			defaultval = disable;
		}
		ATTR STRING "referer" "referer" 5490 {
			#VALIDATE NO_XSS RELAXED;
			brieflist = 1;
		}
		ATTR STRING "body_replace" "body replacement" 5491 {
			brieflist = 1;
		}
		ATTR STRING "location_replace" "location replacement" 5492 {
			brieflist = 1;
		}
		ATTR OPTION_EN "header-status" "header-status" 5505 {
			brieflist = 1;
			defaultval = disable;
		}    
		ATTR STRING "header-name" "header-name" 5506 {
			brieflist = 1;
		}
		ATTR STRING "header-value" "header-value" 5507 {
			brieflist = 1;
		} 
		ATTR OPTION "action" "action" 5493 {
			CHOICES {
				http-header-rewrite == 5 ::: "http-header-rewrite";
				redirect-301 == 8 ::: "redirect 301";
				redirect == 3 ::: "redirect";
				403-forbidden == 4 ::: "403 forbidden";
				http-body-rewrite == 6 ::: "http-body-rewrite";
				location-rewrite == 7 ::: "location-rewrite";
			}
			brieflist = 1;
			defaultval = http-header-rewrite;
		}
		ATTR INT "flag_operation" "flag" 5494 {
			brieflist = 1;
			parseflag = "hidden,readonly";
		}
		TABLE "match-condition" "match condition" 5495 {
			TABLENAME INT "id" "id" 5496 {
				ATTR OPTION "object" "object type" 5497 {
					CHOICES {
						http-host == 1;
						http-url == 2;
						http-reference == 3;
						http-body == 4;
						http-location == 5;
					}
					brieflist = 1;
					defaultval = http-host;
					parseflag = "keeporder";
				}
				ATTR STRING "reg-exp" "regular expression" 5498 {
					brieflist = 1;
					parseflag = "keeporder";
				}
				ATTR OPTION "is-essential" "is-essential: yes/no" 5499 {
					CHOICES {
						yes == 1 ::: "is essential";
						no == 0 ::: "is not essential";
					}
					condition = 5497:eq:3;
					defaultval = yes;
					brieflist = 1;
					parseflag = "keeporder";
				}
				ATTR OPTION "reverse-match" "reverse-match: yse/no" 5500 {
					CHOICES {
						yes == 1 ::: "unmatch this condition";
						no == 0 ::: "match this condition";
					}
					defaultval = no;
					brieflist = 1;
					parseflag = "keeporder";
				}
				ATTR OPTION_EN "protocol-filter" "protocol-filter: enable/disable" 5501 {
					brieflist = 1;
					defaultval = disable;
					parseflag = "keeporder";
				}
				ATTR OPTION "HTTP-protocol" "HTTP-protocol: HTTP/HTTPS" 5502 {
					CHOICES {
						http == 1;
						https == 2;
					}
					brieflist = 1;
					defaultval = http;
					parseflag = "keeporder";
				}
				ATTR OPTION_EN "content-type-filter" "content type filter: enable/disable" 5503 {
					brieflist = 1;
					defaultval = disable;
					parseflag = "keeporder";
				}
				ATTR OPTION "content-type-set" "content type set" 5504 {
					multi_opt = 1;
					CHOICES {
						text/html == 1 :SET;
						text/plain == 2 :SET;
						text/javascript == 4 :SET;
						application/xml(or)text/xml == 8 :SET;
						application/javascript == 16 :SET;
						application/soap+xml == 32 :SET;
						application/x-javascript == 64 : SET;
                                                application/json == 128 : SET;
                                                application/rss+xml == 256 : SET;
					}
					brieflist = 1;
					parseflag = "keeporder";
				}
			}
		}
	}
}

DOMAIN TABLE "waf url-rewrite url-rewrite-policy" "URL rewriting policy" 5530 {
	TABLENAME STRING "name" "name" 5531 {
		VALIDATE NO_XSS RELAXED;
		brieflist = 1;
		TABLE "rule" "rules" 5532 {
			parseflag = "movable,keeporder";
			TABLENAME INT "id" "id" 5533 {								
				ATTR DATASOURCE "url-rewrite-rule-name" "url rewrite rule name" 5535 {
					brieflist = 1;
					datasource = "5480";
					parseflag = "must";
				}
			}
		}
	}
}

DOMAIN TABLE "waf allow-method-policy" "allow method policy" 5570 {
	TABLENAME STRING "name" "name" 5571 {
		VALIDATE NO_XSS RELAXED;
		brieflist = 1;
		ATTR OPTION "allow-method" "allow request method" 5572 {
			multi_opt = 1;
			brieflist = 1;
			CHOICES {
				get 	== 1: SET;
				post 	== 2: SET;
				head 	== 4: SET;
				options == 8: SET;
				trace 	== 16: SET;
				connect == 32: SET;
				delete 	== 64: SET;
				put 	== 128: SET;
				patch 	== 256: SET;
				webdav  == 512: SET;
				rpc     == 1024: SET;
				others 	== 2147483648: SET;
			}
			#parseflag = "must";
		}
		ATTR OPTION "severity" "severity" 5573 {
			CHOICES {
				High == 1 ::: "High";
				Medium == 2 ::: "Medium";
				Low == 3 ::: "Low";
				Info == 4 ::: "Informative";
			}
			brieflist = 1;
			defaultval = High;				
		}
		ATTR DATASOURCE "triggered-action" "choose Email or syslog policy" 5574 {
			datasource = "2090";
			brieflist = 1;
		}
		ATTR DATASOURCE "allow-method-exception" "allow method exception" 5575 {
			datasource = "5550";
			brieflist = 1;
		}
	}
}

DOMAIN TABLE "waf http-constraints-exceptions" "http protocol parameter constraints exceptions" 5860 {
        TABLENAME STRING "name" "http constrains exception name" 5861 {
		VALIDATE NO_XSS RELAXED;
                TABLE "http_constraints-exception-list" "exception list" 5862 {
                        TABLENAME INT "id" "id" 5863 {
                        ATTR STRING "host" "host" 5864 {
				VALIDATE NO_XSS RELAXED;
                                brieflist = 1;
                        }
			ATTR STRING "request-file" "request file" 5865 {
				parseflag = "must";
				brieflist = 1;
			}
			ATTR OPTION "request-type" "request type" 5866 {
				CHOICES {
					plain == 0;
					regular == 1;
				}
				brieflist = 1;
				defaultval = plain;
			}
                        ATTR OPTION_EN "host-status" "host status" 5867 {
                                defaultval = disable;
				brieflist = 1;
                        }
                        ATTR OPTION_EN "source-ip-status" "source ip status" 5894 {
                                defaultval = disable;
				brieflist = 1;
                        }
			ATTR USER "source-ip" "source ipv4/ipv6/ip range. (e.g.: 1.2.3.4, 2001::1, 1.2.3.4-1.2.3.40, 2001::1-2001::100)" 5895 {
				condition = 5894:EQ:1;
				parseflag = "must";
				brieflist = 1;
			}
			ATTR OPTION_EN "max-http-header-length" "" 5868 {
				defaultval = disable;
				brieflist = 1;
			}
			ATTR OPTION_EN "max-http-content-length" "" 5869 {
                                defaultval = disable;
				brieflist = 1;
                        }
			ATTR OPTION_EN "max-http-body-length" "" 5870 {
                                defaultval = disable;
				brieflist = 1;
                        }
			ATTR OPTION_EN "max-http-request-filename-length" "" 5871 {
                                defaultval = disable;
				brieflist = 1;
                        }
#			ATTR OPTION_EN "max-http-header-line-length" "" 5872 {
#                                defaultval = disable;
#				brieflist = 1;
#                        }
			ATTR OPTION_EN "max-http-request-length" "" 5873 {
                                defaultval = disable;
				brieflist = 1;
                        }
			ATTR OPTION_EN "max-url-parameter-length" "" 5874 {
                                defaultval = disable;
				brieflist = 1;
                        }
			ATTR OPTION_EN "max-cookie-in-request" "" 5875 {
                                defaultval = disable;
				brieflist = 1;
                        }
			ATTR OPTION_EN "max-header-line-request" "" 5876 {
                                defaultval = disable;
				brieflist = 1;
                        }
			ATTR OPTION_EN "Illegal-http-request-method-check" "" 5877 {
                                defaultval = disable;
				brieflist = 1;
                        }
			ATTR OPTION_EN "max-url-parameter" "" 5878 {
                                defaultval = disable;
				brieflist = 1;
                        }
			ATTR OPTION_EN "Illegal-host-name-check" "" 5879 {
                                defaultval = disable;
				brieflist = 1;
                        }
			ATTR OPTION_EN "number-of-ranges-in-range-header" "" 5880 {
                                defaultval = disable;
				brieflist = 1;
                        }
			ATTR OPTION_EN "block-malformed-request" "" 5881 {
                                defaultval = disable;
				brieflist = 1;
                        }
			ATTR OPTION_EN "Illegal-content-length-check" "" 5883 {
                                defaultval = disable;
				brieflist = 1;
                        }
			ATTR OPTION_EN "Illegal-content-type-check" "" 5884 {
                                defaultval = disable;
				brieflist = 1;
                        }
			ATTR OPTION_EN "Post-request-ctype-check" "" 5886 {
                                defaultval = disable;
				brieflist = 1;
                        }
			ATTR OPTION_EN "max-http-header-name-length" "" 5887 {
                                defaultval = disable;
				brieflist = 1;
                        }
			ATTR OPTION_EN "max-http-header-value-length" "" 5888 {
                                defaultval = disable;
				brieflist = 1;
                        }
			ATTR OPTION_EN "parameter-name-check" "" 5889 {
                                defaultval = disable;
				brieflist = 1;
                        }
			ATTR OPTION_EN "parameter-value-check" "" 5890 {
                                defaultval = disable;
				brieflist = 1;
                        }
			ATTR OPTION_EN "Illegal-header-name-check" "" 5891 {
                                defaultval = disable;
				brieflist = 1;
                        }
			ATTR OPTION_EN "Illegal-header-value-check" "" 5892 {
                                defaultval = disable;
				brieflist = 1;
                        }
			ATTR OPTION_EN "max-http-body-parameter-length" "" 5893 {
                                defaultval = disable;
				brieflist = 1;
                        }
			ATTR OPTION_EN "max-url-param-name-len" "" 5896 {
                                defaultval = disable;
				brieflist = 1;
                        }
			ATTR OPTION_EN "max-url-param-value-len" "" 5897 {
                                defaultval = disable;
				brieflist = 1;
                        }
			ATTR OPTION_EN "url-param-name-check" "" 5898 {
                                defaultval = disable;
				brieflist = 1;
                        }
			ATTR OPTION_EN "url-param-value-check" "" 5899 {
                                defaultval = disable;
				brieflist = 1;
                        }
			ATTR OPTION_EN "redundant-header-check" "" 5903 {
                                defaultval = disable;
				brieflist = 1;
                        }
			ATTR OPTION_EN "duplicate-paramname-check" "" 5904 {
                                defaultval = disable;
				brieflist = 1;
            }
			ATTR OPTION_EN "null-byte-in-url-check" "" 5905 {
					defaultval = disable;
					brieflist = 1;
			}
			ATTR OPTION_EN "Illegal-byte-in-url-check" "" 5906 {
					defaultval = disable;
					brieflist = 1;
			}
			ATTR OPTION_EN "web-socket-protocol-check" "" 5907 {
					defaultval = disable;
					brieflist = 1;
			}
			ATTR OPTION_EN "odd-and-even-space-attack-check" "" 5908 {
					defaultval = disable;
					brieflist = 1;
			}
			ATTR OPTION_EN "Internal-resource-limits-check" "" 5909 {
					defaultval = disable;
					brieflist = 1;
			}
			ATTR OPTION_EN "rpc-protocol-check" "" 5910 {
					defaultval = disable;
					brieflist = 1;
			}
        }
				}
				ATTR INT "flag" "flag operation" 5882 {
						parseflag = "hidden,readonly";
				}
		}
}

DOMAIN TABLE "waf start-pages" "start pages" 6140 {
	TABLENAME STRING "name" "name" 6141 {
        VALIDATE NO_XSS RELAXED;
		brieflist = 1;
		TABLE "start-page-list" "start page list" 6142 {
			TABLENAME INT "<No.>" "The number of the page access list " 6143 {
				ATTR STRING "host" "host address" 6144 {
					VALIDATE NO_XSS RELAXED;
					brieflist = 1;
				}
				ATTR OPTION_EN "host-status" "host status " 6145 {
					brieflist = 1;
					defaultval = disable;
				}
				ATTR STRING "request-file" "request file " 6146 {
					parseflag = "must";
					brieflist = 1;
				}
				ATTR OPTION "request-type" "request type " 6147 {
					brieflist = 1;
					CHOICES {
						plain == 0;
						regular == 1;
					}
					defaultval = plain;
				}
				ATTR OPTION "default" "default:yes/no" 6148 {
					CHOICES {
						no == 0 ::: "no"; 
						yes == 1 ::: "yes";
					}
					defaultval = no;
				}
			}
		}
		ATTR OPTION "action" "action" 6149 {
			CHOICES {
				alert == 2 ::: "alert";
				redirect == 3 ::: "redirect connection";
				deny_no_log == 4 ::: "deny without log";
				alert_deny == 6 ::: "deny connection and alert";
				block-period == 11 ::: "block period";
				send_403_forbidden == 10 ::: "send HTTP 403 access forbidden";
			}
			defaultval = alert;
		}
		ATTR INT "block-period" "action block period(1-3600)" 6150 {
			VALIDATE RANGE 1:3600;
			defaultval = 60;
			condition = 6149:eq:11;
		}
		ATTR OPTION "severity" "High, Medium, Low or Informative" 6151 {
			CHOICES {
				High == 1 ::: "High";
				Medium == 2 ::: "Medium";
				Low == 3 ::: "Low";
				Info == 4 ::: "Informative";
			}
			brieflist = 1;
			defaultval = Low;				
		}
		ATTR DATASOURCE "trigger" "choose Email or syslog policy" 6152 {
			datasource = "2090";
			brieflist = 1;
		}
		ATTR INT "flag" "flag" 6153 {
			brieflist = 1;
			parseflag = "hidden,readonly";
		}
	}
}

DOMAIN TABLE "waf file-upload-restriction-rule" "file upload restriction rule" 6200 {
	TABLENAME STRING "name" "name" 6201 {		
		VALIDATE NO_XSS RELAXED;
		ATTR OPTION_EN "host-status" "enable/disable" 6202 {
			defaultval = disable;
		}
		ATTR STRING "host" "host" 6203 {
			VALIDATE NO_XSS RELAXED;
		}
		ATTR OPTION "request-type" "simple string or regular expression" 6204 {
			CHOICES {
				plain == 0;
				regular == 1;
			}
			brieflist = 1;
			defaultval = plain;
		}
		ATTR STRING "request-file" "URL" 6205 {
			parseflag = "must";
		}
		ATTR INT "file-size-limit" "file upload limit (KiloByte)" 6206 {
			brieflist = 1;
			#VALIDATE RANGE 0:102400;
		}
		ATTR INT "flag" "flag" 6207 {
			parseflag = "hidden,readonly";
		}		
		ATTR OPTION "type" "Allow/Block file types" 6212 {
			CHOICES {
				Allow == 1 ::: "Allow file types";
				Block == 2 ::: "Block file types";
			}
			brieflist = 1;
			defaultval = Allow;				
		}
		TABLE "file-types" "file types" 6208 {
			TABLENAME INT "id" "id" 6209 {
			ATTR STRING "file-type-name" "file-type-name" 6210 {
				#VALIDATE NO_XSS RELAXED;
			}
			ATTR STRING "file-type-id" "file-type-id" 6211 {
			}
		}
	}
}

DOMAIN TABLE "waf csrf-protection" "waf csrf-protection rule" 5345 {
	TABLENAME STRING "name" "name" 5346 {		
		VALIDATE NO_XSS RELAXED;
		ATTR OPTION "action" "action" 5347 {
			CHOICES {
				alert == 2 ::: "alert";
				deny_no_log == 4 ::: "deny without log";
				alert_deny == 6 ::: "deny connection and alert";
				block-period == 11 ::: "block period";
			}
			defaultval = alert;
		}
		ATTR INT "block-period" "action block period(1-3600)" 5348 {
			VALIDATE RANGE 1:3600;
			defaultval = 60;
			condition = 5347:eq:11;
		}
		ATTR OPTION "severity" "severity:High, Medium, Low or Informative" 5349 {
			CHOICES {
				High == 1 ::: "High";
				Medium == 2 ::: "Medium";
				Low == 3 ::: "Low";
				Info == 4 ::: "Informative";
			}
			brieflist = 1;
			defaultval = Low;	
		}
		ATTR DATASOURCE "trigger" "trigger" 5350 {
			datasource = "2090";
		}

		TABLE "csrf-url-list" "csrf url list" 5351 {
			TABLENAME INT "<No.>" "The number of the csrf url list" 5352 {
				ATTR STRING "host" "host address" 5353 {
					VALIDATE NO_XSS RELAXED;
					brieflist = 1;
				}
				ATTR STRING "request-url" "request url " 5354 {
					brieflist = 1;
				}
				ATTR OPTION_EN "host-status" "host status " 5355 {
					brieflist = 1;
				}
				ATTR OPTION "request-type" "request type " 5356 {
					brieflist = 1;
					CHOICES {
						plain == 0;
						regular == 1;
					}
					defaultval = plain;
				}

				ATTR OPTION_EN "parameter-filter" "parameter filter " 5342 {
					brieflist = 1;
				}
				ATTR STRING "parameter-name" "parameter name" 5343 {
                                        VALIDATE NO_XSS RELAXED;
					parseflag = "must";
					condition = 5342:eq:1;
                                        brieflist = 1;
                                }
				ATTR OPTION "parameter-value-type" "parameter value type " 5344 {
					brieflist = 1;
					CHOICES {
						plain == 0;
						regular == 1;
					}
					defaultval = plain;
					condition = 5342:eq:1;
				}
				ATTR STRING "parameter-value" "parameter value " 5363 {
					brieflist = 1;
					parseflag = "must";
					condition = 5342:eq:1;
				}
			}
		}

		TABLE "csrf-page-list" "csrf page list" 5357 {
			TABLENAME INT "<No.>" "The number of the csrf page list" 5358 {
				ATTR STRING "host" "host address" 5359 {
					VALIDATE NO_XSS RELAXED;
					brieflist = 1;
				}
				ATTR STRING "request-url" "request url " 5360 {
					brieflist = 1;
				}
				ATTR OPTION_EN "host-status" "host status " 5361 {
					brieflist = 1;
				}
				ATTR OPTION "request-type" "request type " 5362 {
					brieflist = 1;
					CHOICES {
						plain == 0;
						regular == 1;
					}
					defaultval = plain;
				}

				ATTR OPTION_EN "parameter-filter" "parameter filter " 5364 {
					brieflist = 1;
				}
				ATTR STRING "parameter-name" "parameter name" 5365 {
                                        VALIDATE NO_XSS RELAXED;
					parseflag = "must";
					condition = 5364:eq:1;
                                        brieflist = 1;
                                }
				ATTR OPTION "parameter-value-type" "parameter value type " 5366 {
					brieflist = 1;
					CHOICES {
						plain == 0;
						regular == 1;
					}
					defaultval = plain;
					condition = 5364:eq:1;
				}
				ATTR STRING "parameter-value" "parameter value " 5367 {
					brieflist = 1;
					parseflag = "must";
					condition = 5364:eq:1;
				}
			}
		}
	}
}

DOMAIN TABLE "waf mitb-rule" "waf mitb-protection rule" 9640 {
	TABLENAME STRING "name" "name" 9641 {		
		VALIDATE NO_XSS RELAXED;
		ATTR OPTION "action" "action" 9642 {
			CHOICES {
				alert == 2 ::: "alert";
				alert_deny == 6 ::: "deny connection and alert";
			}
			defaultval = alert;
		}
#		ATTR INT "block-period" "action block period(1-3600)" 9643 {
#			VALIDATE RANGE 1:3600;
#			defaultval = 60;
#			condition = 9642:eq:11;
#		}
		ATTR OPTION "severity" "severity:High, Medium, Low or Informative" 9644 {
			CHOICES {
				High == 1 ::: "High";
				Medium == 2 ::: "Medium";
				Low == 3 ::: "Low";
				Info == 4 ::: "Informative";
			}
			brieflist = 1;
			defaultval = Low;	
		}
		ATTR DATASOURCE "trigger" "trigger" 9645 {
			datasource = "2090";
		}
		ATTR OPTION_EN "host-status" "host status " 9646 {
			brieflist = 1;
		}
		ATTR STRING "host" "host address" 9647 {
			VALIDATE NO_XSS RELAXED;
			brieflist = 1;
		}
		ATTR OPTION "request-type" "request type " 9648 {
			brieflist = 1;
			CHOICES {
				plain == 0;
				regular == 1;
			}
			defaultval = plain;
		}
		ATTR STRING "request-url" "request url " 9649 {
			brieflist = 1;
			parseflag = "must";
		}
		ATTR STRING "post-url" "post url " 9650 {
			brieflist = 1;
			parseflag = "must";
		}

		TABLE "protected-parameter-list" "protected parameter list" 9651 {
			TABLENAME STRING "name" "name" 9652 {
				ATTR OPTION "type" "type" 9653 {
					CHOICES {
						regular-input== 1 ::: "Regular Input";
						password-input== 2 ::: "Password Input";
					}
					brieflist = 1;
					defaultval = regular-input;	
				}
				ATTR OPTION_EN "obfuscate" "enable/disable" 9654 {
					defaultval = disable;
				}
				ATTR OPTION_EN "encrypt" "enable/disable" 9655 {
					defaultval = disable; 
					condition = 9653:eq:2;
				}
				ATTR OPTION_EN "anti-keyLogger" "enable/disable" 9656 {
					defaultval = disable; 
					condition = 9653:eq:2;
				}
			}
		}

		TABLE "allowed-external-domains-list" "allowed external domains list" 9657 {
			TABLENAME INT "id" "The number of the allowed external domains list" 9658 {
				ATTR STRING "domain" "domain" 9659 {
					brieflist = 1;
				}
			}
		}
}

DOMAIN TABLE "waf mitb-policy" "waf mitb-protection policy" 9630 {
	TABLENAME STRING "name" "name" 9631 {
		VALIDATE NO_XSS RELAXED;
		brieflist = 1;
		TABLE "rule-list" "mitb rule list" 9632 {
			TABLENAME INT "id" "id" 9633 {
				ATTR DATASOURCE "mitb-rule" "mitb protection rule" 9634 {
					datasource = "9640";
					parseflag = "must";
				}
			}
		}
	}
}
DOMAIN TABLE "waf allowed-origins" "waf allowed origins" 8340 {
	TABLENAME STRING "name" "name" 8341 {
		VALIDATE NO_XSS RELAXED;
		TABLE "origin-list" "origin list" 8342 {
			TABLENAME INT "id" "id" 8343 {
				ATTR OPTION "protocol" "protocol" 8344 {
					CHOICES {
						HTTP == 1 ::: "HTTP";
						HTTPS == 2 ::: "HTTPS";
						ANY == 3 ::: "ANY";
					}
					defaultval = HTTP;
				}

				ATTR STRING "origin-name" "origin name" 8345 {
					VALIDATE NO_XSS RELAXED;
					parseflag = "must";
				}

				ATTR INT "port" "port(0-65535)" 8346 {
					#VALIDATE RANGE 0:65535;
					defaultval = 80;
				}

				ATTR OPTION_EN "include-sub-domains" "include sub domains" 8347 {
					defaultval = disable;
				}
			}
		}	
	}
}

DOMAIN TABLE "waf cors-protection-rule" "cors protection rule" 8300 {
	TABLENAME STRING "name" "name" 8301 {		
		VALIDATE NO_XSS RELAXED;
		ATTR OPTION_EN "host-status" "enable/disable" 8302 {
			defaultval = disable;
		}
		ATTR STRING "host" "host" 8303 {
			VALIDATE NO_XSS RELAXED;
		}
		ATTR OPTION "request-type" "simple string or regular expression" 8304 {
			CHOICES {
				plain == 0;
				regular == 1;
			}
			brieflist = 1;
			defaultval = plain;
		}
		ATTR STRING "request-file" "URL" 8305 {
			parseflag = "must";
		}

		ATTR OPTION_EN "block-cors-traffic" "block cors traffic" 8306 {
			defaultval = disable;				
		}
	
		ATTR DATASOURCE "allowed-origins-list" "allowed orginis list" 8308 {
			datasource = "8340";
			condition = 8306:eq:0;
		}

		ATTR OPTION_EN "allowed-methods" "allowed Methods" 8309 {
			defaultval = disable;
			condition = 8306:eq:0;
		}
			
		TABLE "allowed-methods-list" "allowed methods list" 8310 {
			TABLENAME INT "id" "id" 8311 {
				ATTR OPTION "method" "method" 8312 {
					CHOICES {
						get == 2 ::: "GET Method(default)";
						post == 3 ::: "POST Method";
						head == 4 ::: "HEAD Method";
						trace == 6 ::: "TRACE Method";
						connect == 7 ::: "CONNECT Method";
						delete == 8 ::: "DELETE Method";
						put == 9 ::: "PUT Method";
						patch == 10 ::: "PATCH Method";			
					}
					defaultval = get;
					brieflist = 1;
				}
			}	
		}

		ATTR OPTION_EN "allowed-headers" "allowed Headers" 8313 {
			defaultval = disable;
			condition = 8306:eq:0;
		}

		TABLE "allowed-headers-list" "allowed headers list" 8314 {
			TABLENAME INT "id" "id" 8315 {
				ATTR STRING "header" "Header" 8316 {
					VALIDATE NO_XSS RELAXED;
					parseflag = "must";
				}
			}
		}

		ATTR OPTION_EN "exposed-headers" "exposed headers" 8317 {
			defaultval = disable;
			condition = 8306:eq:0;
		}

		ATTR OPTION_EN "remove-other-headers" "remove other headers" 8318{
			defaultval = disable;
			condition = 8306:eq:0;
		}

		TABLE "exposed-headers-list" "exposed headers list" 8319 {
			TABLENAME INT "id" "id" 8320 {
				ATTR STRING "header" "header" 8321 {
					VALIDATE NO_XSS RELAXED;
					parseflag = "must";
				}
			}
		}


		ATTR OPTION "allowed-credentials" "allowed credentials" 8323 {
			condition = 8306:eq:0;
			CHOICES {
				none == 0 ::: "none";
				false == 1 ::: "false";
				true == 2 ::: "true";
			}
			defaultval = none;
		}

		ATTR INT "allowed-maximum-age" "allowed maximum age(0-86400)" 8324 {
			#VALIDATE RANGE 0:86400;
			defaultval = 0;
			condition = 8306:eq:0;
		}
	}
}

DOMAIN TABLE "waf cors-protection-policy" "waf cors-protection policy" 8350 {
	TABLENAME STRING "name" "name" 8351 {
		VALIDATE NO_XSS RELAXED;
		brieflist = 1;
		TABLE "rule-list" "cors rule list" 8352 {
			parseflag = "movable";
			TABLENAME INT "id" "id" 8353 {
				ATTR DATASOURCE "cors-rule" "cors protection rule" 8354 {
					datasource = "8300";
					parseflag = "must";
				}
			}
		}
	}
}

DOMAIN TABLE "waf bot-deception" "waf bot deception" 9980 {
	TABLENAME STRING "name" "name" 9981 {		
		VALIDATE NO_XSS RELAXED;
		ATTR STRING "deception-url" "Deception URL" 9982 {
			parseflag = "must";
		}
		ATTR OPTION "action" "action" 9983 {
			CHOICES {
				alert == 2 ::: "alert";
				deny_no_log == 4 ::: "deny without log";
				alert_deny == 6 ::: "deny connection and alert";
				block-period == 11 ::: "block period";
			}
			defaultval = alert;
		}
		ATTR INT "block-period" "action block period(1-3600)" 9984 {
			VALIDATE RANGE 1:3600;
			defaultval = 60;
			#condition = 9983:eq:11;
		}
		ATTR OPTION "severity" "severity:High, Medium, Low or Informative" 9985 {
			CHOICES {
				High == 1 ::: "High";
				Medium == 2 ::: "Medium";
				Low == 3 ::: "Low";
				Info == 4 ::: "Informative";
			}
			brieflist = 1;
			defaultval = Low;	
		}
		ATTR DATASOURCE "trigger" "trigger" 9986 {
			datasource = "2090";
		}
		
		TABLE "url-list" "url list for bot deception" 9987 {
			parseflag = "keeporder";
			TABLENAME INT "id" "id" 9988 {
				ATTR OPTION_EN "host-status" "enable/disable" 9989 {
					defaultval = disable;
				}
				ATTR STRING "host" "host" 9990 {
					VALIDATE NO_XSS RELAXED;
				}

				ATTR OPTION "type" "type" 9991 {
					CHOICES {
						simple-string == 0 ::: "simple-string";
						regex-expression == 1 ::: "regex-expression";
					}
					defaultval = simple-string;
				}
				ATTR STRING "url" "url for bot deception" 9992 {
					parseflag = "must";
				}
			}
		}
	}
}

DOMAIN TABLE "waf biometrics-based-detection" "waf biometrics based detection" 10130 {
	TABLENAME STRING "name" "name" 10131 {		
		VALIDATE NO_XSS RELAXED;
		ATTR OPTION_EN "mouse-movement" "mouse movement" 10132 {
			defaultval = enable;
		}

		ATTR OPTION_EN "click" "click" 10133 {
			defaultval = enable;
		}

		ATTR OPTION_EN "keyboard" "keyboard" 10134 {
			defaultval = enable;
		}

		ATTR OPTION_EN "screen-touch" "screen touch" 10135 {
			defaultval = disable;
		}

		ATTR OPTION_EN "scroll" "scroll" 10147 {
			defaultval = disable;
		}


		ATTR INT "event-collection-time" "event collection time(seconds)" 10146 {
			VALIDATE RANGE 10:60;
			defaultval = 15;
		}

		ATTR OPTION "action" "action" 10136 {
			CHOICES {
				alert == 2 ::: "alert";
				deny_no_log == 4 ::: "deny without log";
				alert_deny == 6 ::: "deny connection and alert";
			}
			defaultval = alert;
		}

		ATTR INT "bot-effective-time" "bot effective time(1-5)(minutes)" 10137 {
			VALIDATE RANGE 1:5;
			defaultval = 5;
		}

		ATTR OPTION "severity" "severity:High, Medium, Low or Informative" 10138 {
			CHOICES {
				High == 1 ::: "High";
				Medium == 2 ::: "Medium";
				Low == 3 ::: "Low";
				Info == 4 ::: "Informative";
			}
			brieflist = 1;
			defaultval = Low;	
		}

		ATTR DATASOURCE "trigger" "trigger" 10139 {
			datasource = "2090";
		}
		
		TABLE "url-list" "url list" 10140 {
			parseflag = "keeporder";
			TABLENAME INT "id" "id" 10141 {
				ATTR OPTION_EN "host-status" "enable/disable" 10142 {
					defaultval = disable;
				}
				ATTR STRING "host" "host" 10143 {
					VALIDATE NO_XSS RELAXED;
				}

				ATTR OPTION "type" "type" 10144 {
					CHOICES {
						simple-string == 0 ::: "simple-string";
						regex-expression == 1 ::: "regex-expression";
					}
					defaultval = simple-string;
				}
				ATTR STRING "url" "url" 10145 {
					parseflag = "must";
				}
			}
		}
	}
}

DOMAIN TABLE "waf input-rule" "waf input rule" 5320 {
	TABLENAME STRING "name" "name" 5321 {		
		VALIDATE NO_XSS RELAXED;
		ATTR STRING "host" "host" 5322 {
			VALIDATE NO_XSS RELAXED;
		}
		ATTR OPTION "action" "action" 5323 {
			CHOICES {
				alert == 2 ::: "alert";
				deny_no_log == 4 ::: "deny without log";
				alert_deny == 6 ::: "deny connection and alert";
				redirect == 3 ::: "redirect connection";
				block-period == 11 ::: "block period";
				send_403_forbidden == 10 ::: "send HTTP 403 access forbidden";
			}
			defaultval = alert;
		}
		ATTR INT "block-period" "action block period(1-3600)" 5324 {
			VALIDATE RANGE 1:3600;
			defaultval = 60;
			condition = 5323:eq:11;
		}
		ATTR OPTION "severity" "severity:High, Medium, Low or Informative" 5325 {
			CHOICES {
				High == 1 ::: "High";
				Medium == 2 ::: "Medium";
				Low == 3 ::: "Low";
				Info == 4 ::: "Informative";
			}
			brieflist = 1;
			defaultval = Low;	
		}
		ATTR DATASOURCE "trigger" "trigger" 5326 {
			datasource = "2090";
		}
		ATTR OPTION "request-type" "simple string or regular expression" 5327 {
			CHOICES {
				plain == 0;
				regular == 1;
			}
			brieflist = 1;
			defaultval = plain;
		}
		ATTR STRING "request-file" "request file" 5328 {
			parseflag = "must";
		}
		ATTR OPTION_EN "host-status" "enable/disable" 5329 {
			defaultval = disable;
		}
		ATTR INT "flag" "flag" 5330 {
			parseflag = "hidden,readonly";
		}		
		TABLE "rule-list" "rule list" 5331 {
			parseflag = "keeporder";
			TABLENAME INT "id" "id" 5332 {
				ATTR OPTION "argument-type" "argument-type" 5333 {
					CHOICES {
						data-type == 0 ::: "Data Type";
						regular-expression == 1 ::: "Regular Expression";
						custom-data-type == 2 ::: "Custom Data Type";
					}
					defaultval = data-type;
				}
				ATTR OPTION_EN "type-checked" "type_checked:enable/disable" 5334 {
					defaultval = disable;
				}
				ATTR OPTION "argument-name-type" "simple string or regular expression" 5341 {
					CHOICES {
						plain == 0;
						regular == 1;
					}
					brieflist = 1;
					defaultval = plain;
				}
				ATTR STRING "argument-name" "argument-name" 5335 {
					parseflag = "must";
				}
				ATTR STRING "argument-expression" "argument-expression" 5336 {
					condition = 5333:eq:1;
				}
				ATTR INT "max-length" "max-length" 5337 {
					VALIDATE RANGE 0:1024;
				}
				ATTR OPTION "is-essential" "is-essential:yes/no" 5338 {
					CHOICES {
						no == 0 ::: "is not essential"; 
						yes == 1 ::: "is essential";
					}
					defaultval = no;
				}
				ATTR STRING "data-type" "data-type" 5339 {
					condition = 5333:eq:0;
				}
				ATTR DATASOURCE "custom-data-type" "custom data type name" 5340 {
					datasource = "4080";
					condition = 5333:eq:2;
				}
			}
		}
	}
}
DOMAIN TABLE "waf parameter-validation-rule" "waf parameter validation rule" 5370 {
	TABLENAME STRING "name" "name" 5371 {		
		VALIDATE NO_XSS RELAXED;
		TABLE "input-rule-list" "input rule list" 5372 {
			TABLENAME INT "id" "id" 5373 {
				ATTR DATASOURCE "input-rule" "input rule" 5374 {
					datasource = "5320";
					parseflag = "must";
				}
			}
		}
		ATTR INT "flag" "flag" 5375 {
			parseflag = "hidden,readonly";
		}		
	}
}

DOMAIN TABLE "waf base-signature-disable" "waf base disable signature" 5960 {
	TABLENAME STRING "signature_id" "signature id" 5961 {
		VALIDATE NO_XSS RELAXED;
		brieflist = 1;
	}
}

GLOBAL COMPLEX "waf signature_update_policy" "signature update policy" 9690 {
        ATTR OPTION_EN "status" "enable/disable update policy" 9691 {
                defaultval = disable;
                brieflist = 1;
        }
}

GLOBAL TABLE "waf staged_signature_list" "waf staged signature list" 9692 {
	TABLENAME STRING "signature_id" "signature id" 9693 {
		VALIDATE NO_XSS RELAXED;
		brieflist = 1;
	
		ATTR OPTION "status" "status" 9694 {
			CHOICES {
				unapplied == 0 ::: "unapplied";
				applied == 1 ::: "applied";
				disabled == 2 ::: "disabled";
			}
			defaultval = unapplied;
			brieflist = 1;
		}
	}
}

DOMAIN TABLE "waf custom-protection-rule" "waf custom data type" 5980 {
	TABLENAME STRING "name" "custom protection rule name" 5981 {
		VALIDATE NO_XSS RELAXED;
		brieflist = 1;
		ATTR OPTION "type" "custom protection rule type" 5982 {
			CHOICES {
				request == 0;
				response == 1;
			}
			defaultval = request;
			brieflist = 1;
		}
		ATTR OPTION "action" "action for match result" 5983 {
			CHOICES {
				alert == 2 ::: "alert";
				deny_no_log == 4 ::: "deny without log";
				alert_deny == 6 ::: "deny connection and alert";
				redirect == 3 ::: "redirect connection";
				alert_erase == 7 ::: "alert and erase information";
				block-period == 11 ::: "block period(1-3600)";
				only_erase== 12 ::: "only erase";
				send_http_response== 13 ::: "send HTTP response without session close";
			}
			defaultval = alert;
			brieflist = 1;
		}
		ATTR INT "block-period" "block period (1-3600)" 5984 {
			VALIDATE RANGE 1:3600;
			defaultval = 60;
			brieflist = 1;
#			condition = 5983:eq:11;
		}
		ATTR OPTION "severity" "severity: High, Medium, Low or Informative" 5985 {
			CHOICES {
				High == 1 ::: "High";
				Medium == 2 ::: "Medium";
				Low == 3 ::: "Low";
				Info == 4 ::: "Informative";
			}
			defaultval = Medium;
			brieflist = 1;
		}
		ATTR DATASOURCE "trigger" "trigger policy" 5986 {
			datasource = "2090";
			brieflist = 1;
		}

		TABLE "meet-condition" "meet conditions" 5989 {
			TABLENAME INT "id" "id" 5990 {
				ATTR OPTION "operator" "operator" 5992 {
				CHOICES {
					RE == 1 ::: "regular expression match";
					GT == 2 ::: "great than";
					LT == 3 ::: "less than";
					NE == 4 ::: "not equal";
					EQ == 5 ::: "equal";
				}
				defaultval = RE;
				brieflist = 1;
				}

				ATTR OPTION "request-target" "match targets in request direction" 5993 {
				multi_opt = 1;
				brieflist = 1;
				CHOICES {
					REQUEST_FILENAME == 1: SET;
					REQUEST_URI == 2: SET;
					REQUEST_HEADERS_NAMES == 4: SET;
					REQUEST_HEADERS == 8: SET;
					REQUEST_COOKIES_NAMES == 32: SET;
					REQUEST_COOKIES == 64: SET;
					ARGS_NAMES == 256: SET;
					ARGS_VALUE == 512: SET;
					REQUEST_RAW_URI == 2048: SET;
					REQUEST_BODY == 4096: SET;

					CONTENT_LENGTH == 134217728: SET;
					HEADER_LENGTH == 268435456: SET;
					BODY_LENGTH == 536870912: SET;
					COOKIE_NUMBER == 1073741824: SET;
					ARGS_NUMBER == 2147483648: SET;
					HTTP_METHOD == 262144: SET;
				}
				brieflist = 1;
				}

				ATTR OPTION "response-target" "match targets in response direction" 5994 {
				multi_opt = 1;
				brieflist = 1;
				CHOICES {
					RESPONSE_BODY == 16384: SET;
					RESPONSE_HEADER == 65536: SET;

					CONTENT_LENGTH == 134217728: SET;
					HEADER_LENGTH == 268435456: SET;
					BODY_LENGTH == 536870912: SET;
					RESPONSE_CODE == 4294967296: SET;
				}
				brieflist = 1;
				}

				ATTR INT "threshold" "threshold for match targets" 5995 {
				VALIDATE RANGE 0:16777216;
				defaultval = 0;
				brieflist = 1;
				condition = 5992:NE:1;
				}

				ATTR OPTION_EN "case-sensitive" "" 5987 {
				defaultval = disable;
				brieflist = 1;
				condition = 5992:eq:1;
				}

				ATTR STRING "expression" "expression" 5988 {
				brieflist = 1;
				parseflag = "must";
				condition = 5992:eq:1;
				}
			}
		}
	}
}

DOMAIN TABLE "waf custom-protection-group" "waf custom data type group" 6000 {
	TABLENAME STRING "name" "name" 6001 {
		VALIDATE NO_XSS RELAXED;
		brieflist = 1;
		TABLE "type-list" "" 6002 {
			parseflag = "movable";
			TABLENAME INT "id" "id" 6003 {
				ATTR DATASOURCE "custom-protection-rule" "custom protection rule" 6004 {
					datasource = "5980";
					brieflist = 1;
				}
			}
		}
	}
}

DOMAIN TABLE "waf ip-intelligence" "waf ip intelligence" 6500 {
	TABLENAME INT "id" "id" 6501 {
		brieflist = 1;
	    ATTR STRING "category" "category name" 6502{

        }
		ATTR OPTION_EN "status" "enable or disable" 6503 {
			defaultval = disable;
			brieflist = 1;
		}
		ATTR OPTION "action" "action" 6504 {
			CHOICES {
				alert == 2 ::: "alert";
				redirect == 3 ::: "redirect to the default start page";
				deny_no_log == 4 ::: "deny without log";
				alert_deny == 6 ::: "deny connection and alert";
				send_403_forbidden == 10 ::: "send HTTP 403 access forbidden";
				block-period == 11 ::: "block period";
			}
			defaultval = alert;
			brieflist = 1;
		}
		ATTR INT "block-period" "action block period(1-3600)" 6505 {
			defaultval = 60;
			brieflist = 1;
			VALIDATE RANGE 1:3600;
		}
		ATTR OPTION "severity" "High, Medium, Low or Informative" 6506 {
			CHOICES {
				High == 1;
				Medium == 2;
				Low == 3;
				Info == 4;
			}
			defaultval = Low;
			brieflist = 1;
		}
		ATTR DATASOURCE "trigger" "choose Email or syslog policy" 6507 {
			datasource = "2090";
			brieflist = 1;
		}
	}
}

DOMAIN TABLE "waf ip-intelligence-exception" "waf ip intelligence exception" 6550 {
	TABLENAME INT "id" "id" 6551 {
		brieflist = 1;
		ATTR IPADDR "ip" "exception ip address" 6552 {
			brieflist = 1;
			parseflag = "must";
			ipversion = 4;
			subnet_type = host;
		}
		ATTR OPTION_EN "status" "exception ip status" 6553 {
			defaultval = disable;
			brieflist = 1;
		}
	}
}

GLOBAL COMPLEX "waf ip-intelligence-flag" "ip intelligence flag" 6570 {
	parseflag = "hidden";
	ATTR OPTION_EN "flag" "enable/disable" 6571 {
                brieflist = 1;
                defaultval = disable;
        }
}

GLOBAL COMPLEX "waf harvest-credential-flag" "harvest credential flag" 6572 {
	parseflag = "hidden";
	ATTR OPTION_EN "flag" "enable/disable" 6573 {
                brieflist = 1;
                defaultval = disable;
        }
}

GLOBAL COMPLEX "waf geo-block-flag" "geo block flag" 5215 {
        parseflag = "hidden";
        ATTR OPTION_EN "flag" "enable/disable" 5216 {
                brieflist = 1;
                defaultval = disable;
        }
}

GLOBAL COMPLEX "waf fds-update-flag" "FDS update flag" 6590 {
	ha_not_sync = 2;
        #parseflag = "hidden";
        ATTR OPTION "status" "None, Pending or Processing" 6591 {
                CHOICES {
                        None == 0;
                        Pending == 1;
                        Processing == 2;
                }

                defaultval = None;
                brieflist = 1;
		ha_not_sync = 2;
        }
}

GLOBAL COMPLEX "waf av-update-flag" "waf av update flag" 6580 {
	parseflag = "hidden";
	ATTR OPTION_EN "flag" "update flag" 6581 {
		defaultval = disable;
		brieflist = 1;
	}
}

GLOBAL COMPLEX "waf fsa-db-update-flag" "waf fsa db update flag" 6585 {
	parseflag = "hidden";
	ATTR OPTION_EN "flag" "update flag" 6586 {
		defaultval = disable;
		brieflist = 1;
	}
}

DOMAIN TABLE "waf signature" "waf signature" 6020 {
        TABLENAME STRING "name" "name" 6021 {
                VALIDATE NO_XSS RELAXED;
                brieflist = 1;

                ATTR DATASOURCE "custom-protection-group" "custom protection group name" 6022 {
                        datasource = "6000";
                        brieflist = 1;
                }
                ATTR INT "credit-card-detection-threshold" "credit card detection threshold" 6023 {
                        VALIDATE RANGE 1:128;
                        brieflist = 1;
			defaultval = 1;
                }
                ATTR OPTION "sub_table_type" "sub table type" 6024 {
                        CHOICES {
                                Main == 0 ::: "Main Class List";
                                Sub == 1 ::: "Sub Class Disable List";
                                Signature == 2 ::: "Signature Class List";
                                Filter == 3 ::: "Exception List";
                                Table == 4 ::: "Table Operation";
				Alert-Only == 5 ::: "Alert Only";
                        }
                        brieflist = 1;
                        parseflag = "hidden,readonly";
                }
		ATTR INT "sub_table_id" "sub table id" 6025 {
                        brieflist = 1;
                        parseflag = "hidden,readonly";
                }
                ATTR OPTION "sub_table_action" "sub table action" 6026 {
                        CHOICES {
                                Add == 0;
                                Edit == 1;
                                Delete == 2;
                        }
                        brieflist = 1;
                        parseflag = "hidden,readonly";
                }
                ATTR INT "filter_id" "filter id" 6027 {
                        brieflist = 1;
                        parseflag = "hidden,readonly";
                }
                ATTR INT "flag_operation" "flag operation" 6028 {
                        brieflist = 1;
                        parseflag = "hidden,readonly";
                }
		ATTR STRING "comment" "comment for signature" 6049 {
			brieflist = 1;
		}
		TABLE "main_class_list" "signature members main class list" 6029 {
                        TABLENAME STRING "main_class_id" "main class id" 6030 {
                                VALIDATE NO_XSS RELAXED;
                                brieflist = 1;
                                ATTR OPTION_EN "status" "status" 6031 {
                                        defaultval = enable;
                                        brieflist = 1;
                                }
				ATTR OPTION_EN "fpm-status" "false positive mitigation status" 6052 {
                                        defaultval = enable;
                                        brieflist = 1;
                                }
                                ATTR OPTION "action" "action for match result" 6032 {
                                        CHOICES {
                                                alert == 2 ::: "alert";
						deny_no_log == 4 ::: "deny without log";
                                                alert_deny == 6 ::: "deny connection and alert";
                                                redirect == 3 ::: "redirect connection";
                                                alert_erase == 7 ::: "alert and erase information";
                                                block-period == 11 ::: "block period (1-3600)";
                                                only_erase== 12 ::: "only erase";
						send_http_response== 13 ::: "send HTTP response without session close";
                                        }
                                        brieflist = 1;
                                        defaultval = alert;
                                }
				ATTR INT "block-period" "block-period (1-3600)" 6033 {
                                        VALIDATE RANGE 1:3600;
                                        defaultval = 60;
                                        brieflist = 1;
					#condition = 6032:eq:11;
                                }
                                ATTR OPTION "severity" "severity" 6034 {
                                        CHOICES {
                                                High == 1 ::: "High";
                                                Medium == 2 ::: "Medium";
                                                Low == 3 ::: "Low";
						Info == 4 ::: "Informative";
                                        }
                                        defaultval = Medium;
                                        brieflist = 1;
                                }
                                ATTR DATASOURCE "trigger" "trigger" 6035 {
                                        datasource = "2090";
                                        brieflist = 1;
                                }
                        }
                }
		TABLE "sub_class_disable_list" "signature members sub class disable list" 6036 {
                        TABLENAME STRING "sub_class_id" "sub class id" 6037 {
                                VALIDATE NO_XSS RELAXED;
                                brieflist = 1;
                        }
                }
                TABLE "signature_disable_list" "signature members signature disable list" 6038 {
                        TABLENAME STRING "signature_id" "signature id" 6039 {
                                VALIDATE NO_XSS RELAXED;
                                        brieflist = 1;
                        }
                }
                TABLE "alert_only_list" "signature members signature alert only list" 6047 {
                        TABLENAME STRING "signature_id" "signature id" 6048 {
                                VALIDATE NO_XSS RELAXED;
                                        brieflist = 1;
                        }
                }
		TABLE "fpm_disable_list" "signature members signature FPM disable list" 6050 {
                        TABLENAME STRING "signature_id" "signature id" 6051 {
                                VALIDATE NO_XSS RELAXED;
                                        brieflist = 1;
                        }
                }
		TABLE "scoring_override_disable_list" "signature members scoring override disable list" 6072 {
                        TABLENAME STRING "signature_id" "signature id" 6073 {
                                VALIDATE NO_XSS RELAXED;
                                        brieflist = 1;
                        }
                }
		TABLE "score_grade_list" "signature members signature score grade list" 6074 {
                        TABLENAME STRING "signature_id" "signature id" 6075 {
                                VALIDATE NO_XSS RELAXED;
                                brieflist = 1;

				ATTR OPTION "scoring-grade" "threat scoring grade" 6076 { 
					CHOICES {
						off == 0;
						low == 1;
						med == 2;
						high == 3;
						crit == 4;		
					}
					defaultval = med;
					brieflist = 1;	
				}
                        }
                }

                TABLE "filter_list" "signature members exception list" 6060 {
			parseflag = "movable";
                        TABLENAME INT "id" "id" 6061 {
                                VALIDATE RANGE 0:65535;
                                brieflist = 1;

                                ATTR STRING "signature_id" "filter list signature id" 6062 {
                                        VALIDATE NO_XSS RELAXED;
                                        brieflist = 1;
                                        parseflag = "must";
                                }

				ATTR OPTION "match-target" "match targets" 6063 {
				CHOICES {
					HTTP_METHOD == 1 ::: "HTTP method";
					CLIENT_IP == 2 ::: "client IP";
					HOST == 3 ::: "HTTP HOST";
					URI == 4 ::: "HTTP URI";
					FULL_URL == 5 ::: "HTTP full URL";
					PARAMETER == 6 ::: "HTTP parameter";
					COOKIE == 7 ::: "HTTP cookie";
					HTTP_HEADER == 8 ::: "HTTP header";
				}
				defaultval = URI;
				brieflist = 1;
				}

				ATTR OPTION "operator" "operator" 6064 {
				CHOICES {
					STRING_MATCH == 1 ::: "plain string match";
					REGEXP_MATCH == 2 ::: "regular expression match";
					EQ == 3 ::: "equal";
					NE == 4 ::: "not equal";
					INCLUDE == 5 ::: "include";
					EXCLUDE == 6 ::: "exclude";
				}
				defaultval = REGEXP_MATCH;
				brieflist = 1;
				}

				ATTR OPTION "http-method" "HTTP method" 6065 {
				brieflist = 1;
				multi_opt = 1;
				CHOICES {
					get == 1:SET;
					post == 2:SET;
					head == 4:SET;
					options == 8:SET;
					trace == 16:SET;
					connect == 32:SET;
					delete == 64:SET;
					put == 128:SET;
					patch == 256:SET;
					others == 2147483648:SET;
				}
				condition = 6063:eq:1;
				}

                                ATTR USER "ip" "IP range" 6066 {
                                        brieflist = 1;
                                        parseflag = "must";
                                        #subnet_type = host;
                                        condition = 6063:eq:2;
                                }

				ATTR STRING "name" "name" 6067 {
				brieflist = 1;
				condition = 6063:eq:6;
				condition = 6063:eq:7;
				condition = 6063:eq:8;
				}
				
				ATTR OPTION_EN "value-check" "" 6068 {
				defaultval = disable;
				brieflist = 1;
				condition = 6063:eq:6;
				condition = 6063:eq:7;
				condition = 6063:eq:8;
				}

				ATTR STRING "value" "value" 6069 {
				brieflist = 1;
				condition = 6063:eq:3;
				condition = 6063:eq:4;
				condition = 6063:eq:5;
				condition = 6063:eq:6;
				condition = 6063:eq:7;
				condition = 6063:eq:8;
				}

				ATTR OPTION "concatenate-type" "concatenate relationship with the previous filter rule" 6070 {
				CHOICES {
					AND == 1 ::: "and";
					OR == 2 ::: "or";
					# SUPER-OR == 3 ::: "super or";
				}
				defaultval = AND;
				brieflist = 1;
				}
                        }
                }
        }
}

DOMAIN TABLE "waf x-forwarded-for" "waf x-forwarded-for rule" 6120 {
	TABLENAME STRING "name" "name" 6121 {
		VALIDATE NO_XSS RELAXED;
		brieflist = 1;
		ATTR OPTION_EN "x-forwarded-for-support" "x forwarded for support" 6122 {
			defaultval = disable;
			brieflist = 1;
		}
		ATTR OPTION_EN "tracing-original-ip" "tracing original IP" 6123 {
			defaultval = disable;
			brieflist = 1;
		}
		ATTR STRING "original-ip-header" "original IP header" 6124 {
			VALIDATE NO_XSS RELAXED;
			brieflist = 1;
		}
		ATTR OPTION_EN "x-real-ip" "X-Real_IP" 6125 {
			defaultval = disable;
			brieflist = 1;
		}
		ATTR OPTION_EN "x-forwarded-proto" "X-Forwarded-Proto" 6131 {
			defaultval = disable;
			brieflist = 1;
		}
		TABLE "ip-list" "IP list" 6126 {
			TABLENAME INT "id" "id" 6127 {
				ATTR IPADDR "ip" "IP address" 6128 {
					brieflist = 1;
					parseflag = "must";
				#	ipversion = 4;
					subnet_type = host;
				}
			}
		}
		ATTR OPTION_EN "block-based-on-original-ip" "block-based-on-original-ip" 6129 {
			condition = 6123:eq:1;
			defaultval = disable;
			brieflist = 1;
		}
		ATTR OPTION "ip-location" "ip-location" 6130 {
			CHOICES {
				left == 0 ::: "Left X";
				right == 1 ::: "Right X";
			}
			condition = 6123:eq:1;
			defaultval = left;
			brieflist = 1;
		}
		ATTR OPTION_EN "skip-private-original-ip" "skip-private-original-ip" 6132 {
			condition = 6123:eq:1;
			defaultval = disable;
			brieflist = 1;
		}
	}
}

DOMAIN TABLE "waf api-users" "api users" 11990{
	TABLENAME STRING "name" "name" 11991 {
		VALIDATE NO_XSS RELAXED;
		brieflist = 1;
		ATTR STRING "email" "email" 11992 {
			VALIDATE EMAIL_ADDRESS RELAXED;
			parseflag = "must";
			brieflist = 1;
			
		}
		ATTR STRING "comments" "comments" 11993 {
			brieflist = 1;
			
		}
		
		ATTR STRING "uuid" "uuid" 11994 {
			parseflag = "must";
			brieflist = 1;
		}

		ATTR STRING "api-key" "api key" 11995 {
			parseflag = "must";
			brieflist = 1;
		}
		
		ATTR STRING "create-time" "create time" 11996 {
			parseflag = "must";
			brieflist = 1;
		}

		TABLE "ip-access-list" "ip access list" 12006{
			TABLENAME INT "<No.>" "The number of ip access list" 12007 {
				ATTR USER "ip" "ip" 12008 {
					brieflist = 1;
					parseflag = "must";
				}	
			}
		}
		
		TABLE "http-referer-list" "http referer list" 12009 {
			TABLENAME INT "<No.>" "The number of http referer list" 12010 {
				ATTR STRING "http-referer" "http referer" 12011 {
					parseflag = "must";
					brieflist = 1;
				}
			}
		}	
		
	}

}

DOMAIN TABLE "waf api-user-group" "api user group" 12042 {
	TABLENAME STRING "name" "name" 12043 {
		VALIDATE NO_XSS RELAXED;
		TABLE "user-list" "user list" 12044 {
			TABLENAME INT "id" "id" 12045 {
				ATTR DATASOURCE "api-user-name" "api user name" 12046 {
					datasource = "11990";
				}
			}
			
		}
	}
}

DOMAIN TABLE "waf api-rules" "api rules" 12062{
	TABLENAME STRING "name" "name" 12063 {
		VALIDATE NO_XSS RELAXED;
		brieflist = 1;
		
	
		ATTR OPTION_EN "api-key-verification" "enable/disable" 12064{
			defaultval = disable;
		}
		
		ATTR DATASOURCE "allow-user-group" "allow user group" 12065{
			datasource = "12042";
			#condition = 12064:eq:1;
		}	
	
		ATTR OPTION "api-key-location" "Please select the location of API key" 12067{
			CHOICES {
				http-parameter == 1 ::: "API key carried by HTTP parameter"; 
				http-header == 2 ::: "API key carried by HTTP header"; 
			}

			defaultval = http-parameter;
			#condition = 12064:eq:1;
			brieflist = 1;
		}

		ATTR STRING "header-field-name" "Please give the field name which carries the API key" 12068 {
			
			#condition = 12067:eq:2;
			brieflist = 1;
		}
		
		ATTR STRING "parameter-name" "Please give the parameter name which carries the API key" 12069 {
			
			#condition = 12067:eq:1;
			brieflist = 1;
		}
		
		ATTR INT "rate-limit-period" "rate limit period" 12070 {
			VALIDATE RANGE 0:600;
		}
	 	
		ATTR INT "rate-limit-requests" "Requests limit in the period specified by rate-limit-period" 12071 {
			VALIDATE RANGE 0:100000;
		}
		
		ATTR OPTION "action" "action" 12072 {
			CHOICES {
                                alert == 2 ::: "alert";
                                deny_no_log == 4 ::: "deny without log";
                                alert_deny == 6 ::: "deny connection and alert";
                                block-period == 11 ::: "block period";
                        }
                        defaultval = alert;		
		}		
		
		ATTR INT "block-period" "action block period(1-10000)" 12073 {
                        VALIDATE RANGE 1:10000;
                        defaultval = 60;
                        condition = 12072:eq:11;
                }
                
		ATTR OPTION "severity" "severity:High, Medium, Low or Informative" 12074 {
                        CHOICES {
                                High == 1 ::: "High";
                                Medium == 2 ::: "Medium";
                                Low == 3 ::: "Low";
                                Info == 4 ::: "Informative";
                        }
                        brieflist = 1;
                        defaultval = High;
                }

		ATTR DATASOURCE "trigger-policy" "trigger-policy" 12075 {
                        datasource = "2090";
                }

		ATTR STRING "host" "host address" 12076 {
			VALIDATE NO_XSS RELAXED;
			brieflist = 1;
		}
		
		ATTR OPTION_EN "host-status" "host status" 12077{
			brieflist = 1;
			defaultval = disable;
		}	
		
		TABLE "attach-http-header" "attach http header" 12090 {
			TABLENAME INT "<No.>" "The number of attach http header" 12091 {
				ATTR STRING "http-header-item" "http header item" 12092 {
					brieflist = 1;
                                        parseflag = "must";
				}	
			}		
		}

		TABLE "match-url-prefixes" "match url prefixes" 12110 {
			parseflag = "movable";
			TABLENAME INT "<No.>" "The number of attach http header" 12111 {
				ATTR STRING "frontend-prefix" "frontend prefix" 12112 {
					brieflist = 1;
					parseflag = "must";
				}
				ATTR STRING "backend-prefix" "backend prefix" 12113 {
					brieflist = 1;
					parseflag = "must";
				}
			}
		}

		TABLE "sub-url-setting" "sub url setting" 12120 {
			parseflag = "movable";
			TABLENAME INT "<No.>" "The number of sub url setting" 12121 {

				ATTR OPTION "http-method" "HTTP method" 12122 {
                                brieflist = 1;
                                
				CHOICES {
                                        	get == 1 ::: "GET method";
	                                        post == 2 ::: "POST method";
        	                                head == 4 ::: "HEAD method";
                	                        options == 8 ::: "OPTION method";
                        	                trace == 16 ::: "TRACE method";
                                	        connect == 32 ::: "CONNECT method";
                                        	delete == 64 ::: "DELETE method";
	                                        put == 128 ::: "PUT method";
        	                                patch == 256 ::: "PATCH method" ;
						any == 261 ::: "Any HTTP methods";
                                	}
					defaultval = any;
					brieflist = 1;
                                }
				
				ATTR OPTION "type" "type" 12123 {
                                        brieflist = 1;
                                        CHOICES {
                                                plain == 0;
                                                regular == 1;
                                        }
                                        defaultval = plain;
                                }
				
				ATTR STRING "url-expression" "url expression" 12124 {
                                        parseflag = "must";
                                        brieflist = 1;
                                }



				ATTR OPTION_EN "api-key-verification" "enable/disable" 12125{
					defaultval = disable;
				}

				ATTR OPTION "api-key-location" "Please select the location of API key" 12126{
                        		CHOICES {
                                			http-parameter == 1 ::: "API key carried by HTTP parameter";
                                			http-header == 2 ::: "API key carried by HTTP header";
                        		}

                        		defaultval = http-parameter;
                        		brieflist = 1;
                		}

				ATTR STRING "header-field-name" "Please give the field name which carries the API key" 12127{
					brieflist = 1;
				}
				
				ATTR STRING "parameter-name" "Please give the parameter name which carries the API key" 12128{
					brieflist = 1;
				} 
		
				ATTR INT "rate-limit-period" "rate limit period" 12129 {
                        		VALIDATE RANGE 0:600;
                		}

		                ATTR INT "rate-limit-requests" "rate limit requests" 12130 {
                		        VALIDATE RANGE 0:100000;
                		}

				ATTR DATASOURCE "allow-user-group" "allow user group" 12131{
					datasource = "12042";
					#condition = 12125:eq:1;
                		}
				
				ATTR OPTION_EN "api-key-inherit" "enable/disable" 12132{
                                        defaultval = enable;
                                }

			}	
		}

		
			

	}		
	
}

DOMAIN TABLE "waf api-policy" "api-policy" 12150 {
	TABLENAME STRING "name" "name" 12151 {
		VALIDATE NO_XSS RELAXED;
		TABLE "api-rule-list" "api rule list" 12152 {
			parseflag = "movable";
			TABLENAME INT "id" "id" 12153 {
				ATTR DATASOURCE "api-rule-name" "api rule name" 12154 {
					datasource = "12062";
				}
			}			
			
		}
		  
	}	
}

GLOBAL COMPLEX "log sensitive" "log sensitive" 2000 {
	ATTR OPTION "type" "type"  2001 {
		multi_opt = 1;
		brieflist = 1;
		CHOICES {
			pre-defined-rule == 2 : SET;
			custom-rule == 4 : SET;
		}
	}
}

DOMAIN COMPLEX "system device-tracking" "system device tracking" 1950 {
	ATTR INT "fingerprinting-interval" "fingerprinting interval (60-1440 minutes)" 1951 {
		defaultval = 60;
		VALIDATE RANGE 60:1440;
		brieflist = 1;
	}

	ATTR INT "database-query-timeout" "database query timeout(1-30 seconds)" 1952 {
		defaultval = 3;
		VALIDATE RANGE 1:30;
		brieflist = 1;
	}
	
	ATTR OPTION "cleanup-historical-threat-weight-period" "cleanup historical threat weight period" 1953 {
		defaultval = never;
		brieflist = 1; 
		CHOICES {    
			never == 0 ::: "never cleanup";
			12-hours == 1 ::: "12 hours";
			24-hours == 2 ::: "24 hours";
			3-days == 3 ::: "3 days";
			1-week == 4 ::: "1 week";
		}            
	}                

	ATTR INT "delete-inactive-device-interval" "delete inactive device interval(0-30 days)" 1954 {
		defaultval = 0;
		VALIDATE RANGE 0:30;
		brieflist = 1; 
	}                

	ATTR INT "block-duration" "block duration(0-12 hours)" 1955 {
		condition = 1953:NE:0;
		defaultval = 0;
		VALIDATE RANGE 0:12;
		brieflist = 1;
	}
}

GLOBAL COMPLEX "log syslogd" "syslogd" 2150 {
	ATTR OPTION_EN "status" "enable/disable" 2151 {
		brieflist = 1;
		defaultval = disable;
	}
	ATTR OPTION "severity" "severity"  2152 {
		brieflist = 1;
		CHOICES {
			emergency == 0;
			alert == 1;
			critical == 2;
			error == 3;
			warning == 4;
			notification == 5;
			information == 6;
			debug == 7;
		}
		defaultval = information;
	}
	ATTR OPTION "facility" "facility" 2153 {
		brieflist = 1;
		CHOICES {
			kernel == 1;
			user == 2;
			mail == 3;
			daemon == 4;
			auth == 5;
			cron == 10;
			authpriv == 11;
			ftp == 12;
			ntp == 13;
			audit == 14;
			alert == 15;
			clock == 16;
			local0 == 17;
			local1 == 18;
			local2 == 19;
			local3 == 20;
			local4 == 21;
			local5 == 22;
			local6 == 23;
			local7 == 24;
		}
		defaultval = local7;
	}
	ATTR DATASOURCE "policy" "policy" 2154 {
		brieflist = 1;
		datasource = "2020";
	}
}

GLOBAL COMPLEX "system fortisandbox" "system fortisandbox" 1930 {
	ATTR OPTION "type" "fortisandbox type" 1931 {
		CHOICES {
			fsa   == 0 ::: "fortisandbox appliance";
			cloud == 1 ::: "forticloud";
		}
		defaultval = fsa;
	}

	ATTR STRING "server" "fortisandbox address (IP or domain)" 1932 {
		brieflist = 1;
		condition = 1931:NE:1;
		defaultval = "0.0.0.0";
	}

	ATTR INT "cache-timeout" "cache timeout (1-168 hours)" 1934 {
		defaultval = 72;
		VALIDATE RANGE 1:168;
		brieflist = 1;
	}

	ATTR STRING "email" "admin email" 1935 {
		VALIDATE EMAIL_ADDRESS RELAXED;
		brieflist = 1;
	}

	ATTR INT "interval" "statistics interval (1-60 minutes)" 1936 {
		defaultval = 5;
		VALIDATE RANGE 1:60;
		brieflist = 1;
	}

	ATTR OPTION_EN "elog" "event log for handover files" 1937 {
		defaultval = disable;
		brieflist = 1;
	}
}
GLOBAL COMPLEX "system icapserver" "system icapserver" 1933 {
	ATTR STRING "server" "icap server address (IP or domain)" 1938 {
		brieflist = 1;
		defaultval = "0.0.0.0";
	}

	ATTR INT "port" "port, scale: [1-65535], icap server port" 1939 {
		defaultval = 1344;
		VALIDATE RANGE 1:65535;
		brieflist = 1;
	}

	ATTR STRING "service-name" "service name" 1946 {
		brieflist = 1;
	}
	ATTR OPTION_EN "ssl" "enable Transmission Encryption" 1947 {
		defaultval = disable;
		brieflist = 1;
	}

	ATTR OPTION_EN "elog" "event log for handover files" 1948 {
		defaultval = disable;
		brieflist = 1;
	}
	ATTR INT "cache-timeout" "cache timeout (1-168 hours)" 1949 {
		defaultval = 72;
		VALIDATE RANGE 1:168;
		brieflist = 1;
	}
}

GLOBAL COMPLEX "system antivirus" "system antivirus" 970 {
	ATTR OPTION "default-db" "basic/extended" 971 {
		brieflist = 1;
		CHOICES {
			basic == 1;
			extended == 2;
		}	
		defaultval = basic;
	}
	ATTR OPTION_EN "scan-bzip2" "enable scanning of bzip2 compressed file" 972 {
		brieflist = 1;
		defaultval = enable;
	}
	ATTR INT "uncomp-size-limit" "uncompress size limit (KiloByte)" 973 {
		brieflist = 1;
		defaultval = 5000;
		#VALIDATE RANGE 0:102400;
	}
	ATTR INT "uncomp-nest-limit" "maximum uncompress nest level that can be scanned(2-100)" 974 {
		brieflist = 1;
		defaultval = 12;
		VALIDATE RANGE 2:100;
	}
	ATTR OPTION_EN "use-fsa" "use malware package from fsa" 975 { 
		defaultval = disable;
		brieflist = 1; 
	}

}

#GLOBAL TABLE "system report-lang" "system report-language" 270 {
#	TABLENAME STRING "name" "name" 271 {		
#		VALIDATE NO_XSS RELAXED;
#		brieflist = 1;
#		ATTR STRING "description" "description" 272 {
#			brieflist = 1;
#		}
#		ATTR OPTION "protected" "" 273 {
#			brieflist = 1;
#			parseflag = "hidden";
#			CHOICES {
#				no == 0; #Allow language config to be deleted
#				yes == 1; #Set language config read-only
#			}
#			defaultval = yes;
#		}		
#	}
#}

DOMAIN TABLE "server-policy health" "server health check" 3900 {
	TABLENAME STRING "name" "monitor" 3901 {
		VALIDATE NO_XSS RELAXED;
		brieflist = 1;
		ATTR DATASOURCE "trigger-policy" "trigger policy" 3930 {
			brieflist = 1;
			datasource = "2090";
		}
		ATTR OPTION "relationship" "health check relationship" 3931 {
			CHOICES {
				and == 1 ::: "& relationship";
				or == 2 ::: "| relationship";
			}
			defaultval = and;
			brieflist = 1;
		}
		TABLE "health-list" "health check list" 3932 {
			TABLENAME INT "<No.>" "name of health check list" 3933 {
				ATTR OPTION "type" "monitor type" 3902 {
					CHOICES {
						icmp == 1 ::: "icmp checker";
						tcp == 2 ::: "tcp port probe";
						http == 3 ::: "http checker";
						tcp-ssl == 4 ::: "tcp ssl checker";
						tcp-half-open == 5 ::: "tcp half checker";
					}
					defaultval = tcp;
					brieflist = 1;
				}
				ATTR INT "timeout" "connect timeout, range 1-30" 3903 {
					defaultval = 3;
					brieflist = 1;
					VALIDATE RANGE 1:30;
				}
				ATTR INT "retry-times" "retry times, range 1-10" 3904 {
					defaultval = 3;
					brieflist = 1;
					VALIDATE RANGE 1:10;
				}
				ATTR INT "interval" "interval time, range 1-300" 3905 {
					defaultval = 10;
					brieflist = 1;
					VALIDATE RANGE 1:300;
				}
				ATTR STRING "url-path" "path of the URL, without host name" 3906 {
					brieflist = 1;
					VALIDATE NO_XSS RELAXED;
					condition = 3902:eq:3;
					condition = 3902:eq:4;
				}
				ATTR OPTION "method" "http request method" 3908 {
					CHOICES {
						get == 1 ::: "GET Method(default)";
						head == 2 ::: "HEAD Method";
						post == 3 ::: "POST Method";
					}
					defaultval = get;
					brieflist = 1;	
					condition = 3902:eq:3;
					condition = 3902:eq:4;
				}
				ATTR OPTION "match-type" "indicate how to determine a valid http response" 3909 {
					CHOICES {
						response-code == 1 ::: "HTTP response code only";
						match-content == 2 ::: "Content regular expression only";
						all == 3 ::: "HTTP response code and content regular expression";	
					}
					defaultval = match-content;
					brieflist = 1;	
					condition = 3902:eq:3;
					condition = 3902:eq:4;
				}
				ATTR INT "response-code" "http response code" 3910 {
					defaultval = 200;
					brieflist = 1;
					VALIDATE RANGE 200:599;		
					condition = 3902:eq:3;
					condition = 3902:eq:4;
				}
				ATTR STRING "match-content" "content regular expression" 3911 {
					brieflist = 1;
					condition = 3902:GE:3;
					condition = 3902:LE:4;
					condition = 3909:GT:1;
				}
			}
		}
	}
}

#DOMAIN TABLE "server-policy pserver" "physical servers" 4010 {
#	TABLENAME STRING "name" "physical server name" 4011 {
#		VALIDATE NO_XSS RELAXED;
#		brieflist = 1;
#		ATTR IPADDR "ip" "physical server ip" 4012 {
#			brieflist = 1;
#			parseflag = "must";
#			ipversion = 4;
#			subnet_type = network;
#		}
#		ATTR OPTION_EN "status" "physical server status" 4013 {
#			defaultval = enable;
#		}
#	}
#}

DOMAIN TABLE "system certificate crl" "system certificate crl" 930 {
	TABLENAME STRING "name" "name" 931 {
		VALIDATE NO_XSS RELAXED;
		brieflist = 1;
		ATTR OPTION "type" "type" 932 {
			CHOICES {
				http == 1 ::: "http";
				scep == 2 ::: "scep";
				local == 3 ::: "local";
			}
			defaultval = local;
		}
		ATTR USER "certificate" "crl certificate PEM format string" 935 {
		}
		ATTR STRING "url" "url" 933 {
			VALIDATE URL RELAXED;
		}
		ATTR STRING "desc" "desc" 934 {
			parseflag = "hidden";
		}
	}
}

DOMAIN TABLE "system certificate ca-group" "system certificate ca-group" 900 {
	TABLENAME STRING "name" "name" 901 {
		VALIDATE NO_XSS RELAXED;
		brieflist = 1;
		TABLE "members" "members" 902 {
			TABLENAME INT "<No.>" "The number of ca-group members" 903 {
				ATTR OPTION "type" "type of this certificate" 906 {
					CHOICES {
						CA == 1; 
						TSL == 2; 
					}
					defaultval = CA;
					brieflist = 1;
				}
				ATTR DATASOURCE "name" "name " 904 {
					condition = 906:eq:1;	
					brieflist = 1;
					datasource = "890";
				}
				ATTR DATASOURCE "tsl" "tsl name " 907 {
					condition = 906:eq:2;	
					brieflist = 1;
					datasource = "885";
				}
				ATTR OPTION_EN "publish-dn" "disable/enable CA DistinguishedName publish" 905 {
					brieflist = 1;
					defaultval = enable;
				}
			}
		}
	}
}

DOMAIN TABLE "system certificate crl-group" "system certificate crl-group" 1090 {
	TABLENAME STRING "name" "name" 1091 {
		VALIDATE NO_XSS RELAXED;
		brieflist = 1;
		TABLE "members" "members" 1092 {
			TABLENAME INT "<No.>" "The number of crl-group members" 1093 {
				ATTR DATASOURCE "name" "name " 1094 {
					brieflist = 1;
					datasource = "930";
				}
			}
		}
	}
}

DOMAIN TABLE "system certificate verify" "system certificate verify" 940 {
	TABLENAME STRING "name" "name" 941 {
		VALIDATE NO_XSS RELAXED;
		brieflist =1;
		ATTR DATASOURCE "ca" "ca " 942 {
			brieflist =1;
			datasource = "900";
		}
		ATTR DATASOURCE "crl" "crl group " 944 {
			brieflist =1;
			datasource = "1090";
		}
		ATTR OPTION_EN "publish-dn" "disable/enable CA DistinguishedName publish" 945 {
			brieflist = 1;
			defaultval = disable;
		}
		ATTR OPTION_EN "strictly-need-cert" "disable/enable strictly need client cert" 946 {
			brieflist = 1;
			defaultval = enable;
		}
	}
}

DOMAIN TABLE "system certificate server-certificate-verify" "system server certificate verify" 1010 {
	TABLENAME STRING "name" "name" 1011 {
		VALIDATE NO_XSS RELAXED;
		brieflist =1;
		ATTR DATASOURCE "ca" "ca " 1012 {
			brieflist =1;
			datasource = "900";
		}
		ATTR DATASOURCE "crl" "crl group " 1013 {
			brieflist =1;
			datasource = "1090";
		}
	}
}

DOMAIN TABLE "system certificate sni" "server domain name certificate group" 950 {
	TABLENAME STRING "name" "name" 951 {
		VALIDATE NO_XSS RELAXED;
		brieflist = 1;
		TABLE "members" "members" 952 {
			TABLENAME INT "<No.>" "The number of sni members" 953 {
				ATTR STRING "domain" "domain name" 954 {
					#VALIDATE ISDOMAIN RELAXED;
					parseflag = "must";
				}
				ATTR OPTION "domain-type" "domain name type" 958 {
					CHOICES {
						plain == 0;
						regular == 1;
					}
					defaultval = plain;
					brieflist = 1;
				}
				ATTR OPTION_EN "multi-local-cert" "enable multi local certificate" 966 {
					defaultval = disable;
					brieflist = 1;
				}
				ATTR DATASOURCE "multi-local-cert-group" "multi local certificate group" 967 {
					condition = 966:EQ:1;
					datasource = "1014";
					brieflist = 1;
				}
				ATTR DATASOURCE "local-cert" "local certificate " 955 {
					condition = 966:EQ:0;
					brieflist = 1;
					datasource = "870";
				}
				ATTR DATASOURCE "inter-group" "intermediate certificate group" 956 {
					brieflist = 1;
					datasource = "920";
				}
				ATTR DATASOURCE "verify" "certificate verify" 957 {
					brieflist = 1;
					datasource = "940";
				}
			}
		}
	}
}

DOMAIN TABLE "system certificate offline-sni" "offline server domain name certificate group" 10040 {
	TABLENAME STRING "name" "name" 10041 {
		VALIDATE NO_XSS RELAXED;
		brieflist = 1;
		TABLE "members" "members" 10042 {
			TABLENAME INT "<No.>" "The number of sni members" 10043 {
				ATTR OPTION "domain-type" "domain name type" 10044 {
					CHOICES {
						plain == 0;
						regular == 1;
					}
					defaultval = plain;
					brieflist = 1;
				}
				ATTR STRING "domain" "domain name" 10045 {
					#VALIDATE ISDOMAIN RELAXED;
					parseflag = "must";
				}
				ATTR DATASOURCE "local-cert" "local certificate " 10046 {
					brieflist = 1;
					datasource = "870";
				}
			}
		}
	}
}

DOMAIN TABLE "system certificate urlcert" "URL based client certificate group" 960 {
	TABLENAME STRING "name" "URL base client certificate group name" 961 {
		VALIDATE NO_XSS RELAXED;
		brieflist = 1;
		TABLE "list" "list" 962 {
		        parseflag = "movable,keeporder";
			TABLENAME INT "<No.>" "The number of URL based client certificate rule" 963 {
				ATTR STRING "url" "URL string" 964 {
					brieflist = 1;
					parseflag = "must";
				}
				ATTR OPTION_EN "require" "disable/enable" 965 {
					brieflist = 1;
					defaultval = disable;
				}
			}	
		}
	}
}

DOMAIN TABLE "system certificate hpkp" "public key pinning" 9390 {
	TABLENAME STRING "name" "hpkp name" 9391 {
		VALIDATE NO_XSS RELAXED;
		brieflist = 1;
		ATTR STRING "pin-sha256" "base64 encoded SPKI fingerprint" 9392 {
			brieflist = 1;
			parseflag = "must";
		}
		ATTR INT "max-age" "max age(0 - 31536000 seconds)" 9393 {
			brieflist = 1;
			VALIDATE RANGE 0:31536000;
			defaultval = 1296000;
		}
		ATTR OPTION_EN "subdomains" "include subdomains" 9394 {
			brieflist = 1;
			defaultval = disable;
		}
		ATTR STRING "report-uri" "report URI" 9395 {
			VALIDATE URL RELAXED;
			brieflist = 1;
		}
		ATTR OPTION_EN "report-only" "report only mode" 9396 {
			brieflist = 1;
			defaultval = enable;
		}
	}
}

DOMAIN TABLE "server-policy vserver" "server-policy vserver" 4050 {
	TABLENAME STRING "name" "virtual server name" 4051 {
		VALIDATE NO_XSS RELAXED;
		brieflist = 1;
		TABLE "vip-list" "vip list" 4052 {
			TABLENAME INT "<No.>" "name of vip list" 4053 {
				ATTR DATASOURCE "interface" "interface" 4054 {
					#parseflag = "must";
					brieflist = 1;
					datasource = "440";
				}
				#ATTR INT "ip-activity" "whether or not use an existing ip" 4055 {
				#	brieflist = 1;
				#	parseflag = "readonly";
				#}
				ATTR OPTION_EN "status" "status:enable/disable" 4056 {
					brieflist = 1;
					defaultval = enable;
				}
				ATTR OPTION_EN "use-interface-ip" "enable/disable" 4057 {
					parseflag = @{all=null;FWB_OCI|FWB_OCI_ONDEMAND|FWB_DOCKER|FWB_DOCKER_100|FWB_DOCKER_500|FWB_DOCKER_2000=readonly};
					brieflist = 1;
					defaultval = @{all=disable;FWB_OCI|FWB_OCI_ONDEMAND|FWB_DOCKER|FWB_DOCKER_100|FWB_DOCKER_500|FWB_DOCKER_2000=enable};
				}
				ATTR DATASOURCE "vip" "vip" 4058 {
					#parseflag = "must";
					brieflist = 1;
					datasource = "10070";
				}
			}
		}
	}
}

#DOMAIN TABLE "server-policy error-page" "error-page" 4075 {
#	TABLENAME STRING "name" "name" 4076 {
#		VALIDATE NO_XSS RELAXED;
#		brieflist = 1;
#	}
#}

#DOMAIN COMPLEX "server-policy pattern global-white-list-group" "global-white-list-group" 4130 {
#	ATTR INT "flag_operation" "flag" 4131 {
#		parseflag = "hidden";
#	}
#}

DOMAIN TABLE "server-policy pattern predefined-global-white-list-group" "predefined global white list group" 4510 {
	TABLENAME STRING "id" "predefined global white list group item id" 4511 {
		VALIDATE NO_XSS RELAXED;
		brieflist = 1;
	}
}

DOMAIN TABLE "server-policy pattern custom-global-white-list-group" "custom global-white-list-group" 4450 {
	TABLENAME INT "id" "custom global whilte list group id" 4451 {
		brieflist = 1;
		ATTR OPTION "type" "type" 4452 {
			CHOICES {
				URL == 1; 
				Parameter == 2; 
				Cookie == 3;
				Header_Field == 4;
			}
			defaultval = URL;
			brieflist = 1;
		}
		ATTR STRING "name" "name" 4453 {
			VALIDATE NO_XSS RELAXED;
			condition = 4452:eq:2;	
			condition = 4452:eq:3;	
			condition = 4452:eq:4;	
			parseflag = "must";
		}
		ATTR OPTION "header-type" "request type" 4459 {
			CHOICES {
				plain == 0;
				regular == 1;
			}
			defaultval = plain;
			brieflist = 1;
			condition = 4452:eq:4;	
		}
		ATTR OPTION "request-type" "request type" 4454 {
			CHOICES {
				plain == 0;
				regular == 1;
			}
			defaultval = plain;
			brieflist = 1;
			condition = 4452:eq:1;	
		}
		ATTR STRING "request-file" "request-file" 4455 {
			condition = 4452:eq:1;	
			parseflag = "must";
		}
		ATTR STRING "domain" "domain" 4456 {
			VALIDATE NO_XSS RELAXED;
			condition = 4452:eq:3;	
		}
		ATTR STRING "path" "path" 4457 {
			VALIDATE NO_XSS RELAXED;
			condition = 4452:eq:3;	
		}
		ATTR OPTION_EN "status" "disable/enable" 4458 {
			brieflist = 1;
			defaultval = enable;	
		}
	}
}

DOMAIN COMPLEX "server-policy pattern threat-weight" "threat weight" 4520 {
	ATTR OPTION_EN "signature" "disable/enable" 4521 {
		defaultval = enable;
		brieflist = 1;	
	}

	ATTR OPTION "custom-policy" "custom policy" 4533 {
		CHOICES {
			off == 0;
			low == 1;
			med == 2;
			high == 3;
			crit == 4;		
		}
		defaultval = high;
		brieflist = 1;	
	}

	ATTR OPTION "padding-oracle-protection" "padding oracle protection" 4534 {
		CHOICES {
			off == 0;
			low == 1;
			med == 2;
			high == 3;
			crit == 4;		
		}
		defaultval = crit;
		brieflist = 1;	
	}

	ATTR OPTION "csrf-protection" "csrf protection" 4535 {
		CHOICES {
			off == 0;
			low == 1;
			med == 2;
			high == 3;
			crit == 4;		
		}
		defaultval = high;
		brieflist = 1;	
	}

	ATTR OPTION "cookie-security-policy" "cookie security policy" 4536 {
		CHOICES {
			off == 0;
			low == 1;
			med == 2;
			high == 3;
			crit == 4;		
		}
		defaultval = high;
		brieflist = 1;	
	}

	ATTR OPTION "parameter-validation" "parameter validation" 4537 {
		CHOICES {
			off == 0;
			low == 1;
			med == 2;
			high == 3;
			crit == 4;		
		}
		defaultval = high;
		brieflist = 1;	
	}
	
	ATTR OPTION "hidden-field-protection" "hidden field protection" 4538 {
		CHOICES {
			off == 0;
			low == 1;
			med == 2;
			high == 3;
			crit == 4;		
		}
		defaultval = high;
		brieflist = 1;	
	}

	ATTR OPTION "file-upload-restriction" "file upload restriction" 4539 {
		CHOICES {
			off == 0;
			low == 1;
			med == 2;
			high == 3;
			crit == 4;		
		}
		defaultval = high;
		brieflist = 1;	
	}

	ATTR OPTION_EN "http-protocol-constraints" "disable/enable" 4540 {
		defaultval = enable;
		brieflist = 1;	
	}

	ATTR OPTION "brute-force-login" "brute force login" 4541 {
		CHOICES {
			off == 0;
			low == 1;
			med == 2;
			high == 3;
			crit == 4;		
		}
		defaultval = crit;
		brieflist = 1;	
	}

	ATTR OPTION "page-access" "page access" 4542 {
		CHOICES {
			off == 0;
			low == 1;
			med == 2;
			high == 3;
			crit == 4;		
		}
		defaultval = med;
		brieflist = 1;	
	}

	ATTR OPTION "start-pages" "start pages" 4543 {
		CHOICES {
			off == 0;
			low == 1;
			med == 2;
			high == 3;
			crit == 4;		
		}
		defaultval = med;
		brieflist = 1;	
	}

	ATTR OPTION "allow-method" "allow method" 4544 {
		CHOICES {
			off == 0;
			low == 1;
			med == 2;
			high == 3;
			crit == 4;		
		}
		defaultval = med;
		brieflist = 1;	
	}

	ATTR OPTION "dos-protection" "dos protection" 4545 {
		CHOICES {
			off == 0;
			low == 1;
			med == 2;
			high == 3;
			crit == 4;		
		}
		defaultval = high;
		brieflist = 1;	
	}

	ATTR OPTION "ip-reputation" "ip reputation" 4546 {
		CHOICES {
			off == 0;
			low == 1;
			med == 2;
			high == 3;
			crit == 4;		
		}
		defaultval = crit;
		brieflist = 1;	
	}

	ATTR OPTION "url-access" "url access" 4549 {
		CHOICES {
			off == 0;
			low == 1;
			med == 2;
			high == 3;
			crit == 4;		
		}
		defaultval = med;
		brieflist = 1;	
	}

	ATTR OPTION "ip-list" "ip list" 4550 {
		CHOICES {
			off == 0;
			low == 1;
			med == 2;
			high == 3;
			crit == 4;		
		}
		defaultval = high;
		brieflist = 1;	
	}

	ATTR OPTION "geo-ip" "geo ip" 4551 {
		CHOICES {
			off == 0;
			low == 1;
			med == 2;
			high == 3;
			crit == 4;		
		}
		defaultval = high;
		brieflist = 1;	
	}

	ATTR OPTION "user-tracking" "user tracking" 4552 {
		CHOICES {
			off == 0;
			low == 1;
			med == 2;
			high == 3;
			crit == 4;		
		}
		defaultval = med;
		brieflist = 1;	
	}

	ATTR OPTION "custom-signature" "custom signature" 4557 {
		CHOICES {
			off == 0;
			low == 1;
			med == 2;
			high == 3;
			crit == 4;		
		}
		defaultval = high;
		brieflist = 1;	
	}
	ATTR OPTION "ftp-security" "ftp security" 4558 {
		CHOICES {
			off == 0;
			low == 1;
			med == 2;
			high == 3;
			crit == 4;		
		}
		defaultval = med;
		brieflist = 1;	
	}
	ATTR OPTION "bot-deception" "bot deception" 4559 {
		CHOICES {
			off == 0;
			low == 1;
			med == 2;
			high == 3;
			crit == 4;		
		}
		defaultval = med;
		brieflist = 1;	
	}

	ATTR OPTION "biometrics-based-detection" "biometrics based detection" 4560 {
		CHOICES {
			off == 0;
			low == 1;
			med == 2;
			high == 3;
			crit == 4;		
		}
		defaultval = med;
		brieflist = 1;	
	}

	ATTR OPTION "threshold-bot-detection" "threshold bot detection" 4561 {
		CHOICES {
			off == 0;
			low == 1;
			med == 2;
			high == 3;
			crit == 4;		
		}
		defaultval = med;
		brieflist = 1;	
	}

	ATTR OPTION "bot-detection" "bot detection" 4562 {
		CHOICES {
			off == 0;
			low == 1;
			med == 2;
			high == 3;
			crit == 4;		
		}
		defaultval = med;
		brieflist = 1;	
	}

	ATTR OPTION "mobile-api-protection" "mobile api protection" 4563 {
		CHOICES {
			off == 0;
			low == 1;
			med == 2;
			high == 3;
			crit == 4;		
		}
		defaultval = med;
		brieflist = 1;	
	}

	ATTR OPTION "json-protection" "json protection" 4564 {
		CHOICES {
			off == 0;
			low == 1;
			med == 2;
			high == 3;
			crit == 4;		
		}
		defaultval = med;
		brieflist = 1;	
	}

	ATTR OPTION "openapi-validation" "openapi validation" 4565 {
		CHOICES {
			off == 0;
			low == 1;
			med == 2;
			high == 3;
			crit == 4;		
		}
		defaultval = med;
		brieflist = 1;	
	}

	ATTR OPTION "cors-protection" "cors protection" 4566 {
		CHOICES {
			off == 0;
			low == 1;
			med == 2;
			high == 3;
			crit == 4;		
		}
		defaultval = med;
		brieflist = 1;	
	}

	ATTR OPTION "site-publish" "site publish" 4567 {
		CHOICES {
			off == 0;
			low == 1;
			med == 2;
			high == 3;
			crit == 4;		
		}
		defaultval = med;
		brieflist = 1;	
	}

	ATTR INT "low" "low value(0-100)" 4553 {
		defaultval = 5;
	}
	ATTR INT "med" "med value(0-100)" 4554 {
		defaultval = 10;
	}
	ATTR INT "high" "high value(0-100)" 4555 {
		defaultval = 30;
	}
	ATTR INT "crit" "crit value(0-100)" 4556 {
		defaultval = 50;
	}
}

DOMAIN COMPLEX "server-policy pattern known-search-engines-group" "known search engines group" 4500 {
	ATTR INT "flag_operation" "flag" 4501 {
		parseflag = "hidden";
	}
}

DOMAIN TABLE "server-policy allow-hosts" "allow hosts" 4140 {
	TABLENAME STRING "name" "name" 4141 {
		VALIDATE NO_XSS RELAXED;
		brieflist = 1;
		ATTR OPTION "default-action" "default action" 4142 {
			CHOICES {
				allow == 1;
				deny_no_log == 4;
				deny == 6;
			}
			brieflist = 1;
			defaultval = allow;
		}
		ATTR INT "flag" "flag" 4143 {
			brieflist = 1;
			parseflag = "hidden,readonly";
		}
		TABLE "host-list" "host list" 4144 {
			TABLENAME INT "id" "id" 4145 {
				ATTR STRING "host" "" 4146 {
					VALIDATE NO_XSS RELAXED;
					brieflist = 1;
					parseflag = "must";
				}
				ATTR OPTION "action" "" 4147 {
					CHOICES {
						allow == 1;
						deny_no_log == 4;
						deny == 6;
					}
					defaultval = allow;
					brieflist = 1;
				}
			}
		}
	}
}

DOMAIN TABLE "waf http-protocol-parameter-restriction" "waf http protocol parameter restriction" 5660 {
	TABLENAME STRING "name" "name" 5661 {
		VALIDATE NO_XSS RELAXED;
		brieflist = 1;
#max-http-header-length
		ATTR OPTION_EN "max-http-header-length-check" "check" 5794 {
			defaultval = enable;
		}
		ATTR INT "max-http-header-length" "max length of header, default value is 8192" 5662 {
			VALIDATE RANGE 0:12288;
			defaultval = 8192;
		}
		ATTR OPTION "max-http-header-length-action" "action" 5663 {
			CHOICES {
				alert == 2 ::: "alert";
				deny_no_log == 4 ::: "deny without log";
				alert_deny == 6 ::: "deny connection and alert";
				block-period == 11 ::: "block-period";
			}
			defaultval = alert;
		}
		ATTR INT "max-http-header-length-block-period" "block period(1-3600)" 5664 {
			defaultval = 60;
			VALIDATE RANGE 1:3600;
#condition = 5663:eq:11;
		}
		ATTR OPTION "max-http-header-length-threat-weight" "threat weight" 7192 {
			CHOICES {
				off == 0;
				low == 1;
				med == 2;
				high == 3;
				crit == 4;		
			}
			defaultval = med;
			brieflist = 1;	
		}
		ATTR OPTION "max-http-header-length-severity" "severity:High, Medium, Low or Informative" 5665 {
			CHOICES {
				High == 1 ::: "High";
				Medium == 2 ::: "Medium";
				Low == 3 ::: "Low";
				Info == 4 ::: "Informative";
			}
			brieflist = 1;
			defaultval = Low;	
		}
		ATTR DATASOURCE "max-http-header-length-trigger" "choose Email or syslog policy" 5666 {
			datasource = "2090";
		}
#max-http-content-length
		ATTR OPTION_EN "max-http-content-length-check" "check" 5795 {
			defaultval = enable;
		}
		ATTR INT "max-http-content-length" "max length (KB) of content, 0 means this value has not limitation" 5667 {
			VALIDATE RANGE 0:65536;
			defaultval = 16384;
		}
		ATTR OPTION "max-http-content-length-action" "action" 5668 {
			CHOICES {
				alert == 2 ::: "alert";
				deny_no_log == 4 ::: "deny without log";
				alert_deny == 6 ::: "deny connection and alert";
				block-period == 11 ::: "block-period";
			}
			defaultval = alert;
		}
		ATTR INT "max-http-content-length-block-period" "block period(1-3600)" 5669 {
			defaultval = 60;
			VALIDATE RANGE 1:3600;
#condition = 5668:eq:11;
		}
		ATTR OPTION "max-http-content-length-threat-weight" "threat weight" 7193 {
			CHOICES {
				off == 0;
				low == 1;
				med == 2;
				high == 3;
				crit == 4;		
			}
			defaultval = med;
			brieflist = 1;	
		}
		ATTR OPTION "max-http-content-length-severity" "severity:High, Medium, Low or Informative" 5670 {
			CHOICES {
				High == 1 ::: "High";
				Medium == 2 ::: "Medium";
				Low == 3 ::: "Low";
				Info == 4 ::: "Informative";
			}
			brieflist = 1;
			defaultval = Low;	
		}
		ATTR DATASOURCE "max-http-content-length-trigger" "choose Email or syslog policy" 5671 {
			datasource = "2090";
		}
#max-http-body-length
		ATTR OPTION_EN "max-http-body-length-check" "check" 5796 {
			defaultval = enable;
		}
		ATTR INT "max-http-body-length" "max length (KB) of body, 0 means this value has not limitation" 5672 {
			VALIDATE RANGE 0:65536;
			defaultval = 16384;
		}
		ATTR OPTION "max-http-body-length-action" "action" 5673 {
			CHOICES {
				alert == 2 ::: "alert";
				deny_no_log == 4 ::: "deny without log";
				alert_deny == 6 ::: "deny connection and alert";
				block-period == 11 ::: "block-period";
			}
			defaultval = alert;
		}
		ATTR INT "max-http-body-length-block-period" "block period(1-3600)" 5674 {
			defaultval = 60;
			VALIDATE RANGE 1:3600;
#condition = 5673:eq:11;
		}
		ATTR OPTION "max-http-body-length-threat-weight" "threat weight" 7194 {
			CHOICES {
				off == 0;
				low == 1;
				med == 2;
				high == 3;
				crit == 4;		
			}
			defaultval = low;
			brieflist = 1;	
		}
		ATTR OPTION "max-http-body-length-severity" "severity:High, Medium, Low or Informative" 5675 {
			CHOICES {
				High == 1 ::: "High";
				Medium == 2 ::: "Medium";
				Low == 3 ::: "Low";
				Info == 4 ::: "Informative";
			}
			brieflist = 1;
			defaultval = Low;	
		}
		ATTR DATASOURCE "max-http-body-length-trigger" "choose Email or syslog policy" 5676 {
			datasource = "2090";
		}
#max-http-parameter-length
#		ATTR INT "max-http-parameter-length" "max length of parameter, default value is 8192" 5677 {
#			VALIDATE RANGE 0:65536;
#			defaultval = 8192;
#		}
#		ATTR OPTION "max-http-parameter-length-action" "action" 5678 {
#			CHOICES {
#				alert == 2 ::: "alert";
#				alert_deny == 6 ::: "deny connection and alert";
#				block-period == 11 ::: "block-period";
#			}
#			defaultval = alert;
#		}
#		ATTR INT "max-http-parameter-length-block-period" "block period(1-3600)" 5679 {
#			defaultval = 60;
#			VALIDATE RANGE 1:3600;
#condition = 5678:eq:11;
#		}
#		ATTR OPTION "max-http-parameter-length-severity" "severity:High, Medium, Low or Informative" 5680 {
#			CHOICES {
#				High == 1 ::: "High";
#				Medium == 2 ::: "Medium";
#				Low == 3 ::: "Low";
#			}
#			brieflist = 1;
#			defaultval = Medium;	
#		}
#		ATTR DATASOURCE "max-http-parameter-length-trigger" "choose Email or syslog policy" 5681 {
#			datasource = "2090";
#		}
#max-http-header-line-length
#		ATTR INT "max-http-header-line-length" "max length of header line, default value is 2048" 5682 {
#			VALIDATE RANGE 0:12288;
#			defaultval = 8192;
#		}
#		ATTR OPTION "max-http-header-line-length-action" "action" 5683 {
#			CHOICES {
#				alert == 2 ::: "alert";
#				alert_deny == 6 ::: "deny connection and alert";
#				block-period == 11 ::: "block-period";
#			}
#			defaultval = alert;
#		}
#		ATTR INT "max-http-header-line-length-block-period" "block period(1-3600)" 5684 {
#			defaultval = 60;
#			VALIDATE RANGE 1:3600;
#condition = 5683:eq:11;
#		}
#		ATTR OPTION "max-http-header-line-length-severity" "severity:High, Medium, Low or Informative" 5685 {
#			CHOICES {
#				High == 1 ::: "High";
#				Medium == 2 ::: "Medium";
#				Low == 3 ::: "Low";
#			}
#			brieflist = 1;
#			defaultval = Low;	
#		}
#		ATTR DATASOURCE "max-http-header-line-length-trigger" "choose Email or syslog policy" 5686 {
#			datasource = "2090";
#		}
#max-http-request-length
		ATTR OPTION_EN "max-http-request-length-check" "check" 5797 {
			defaultval = enable;
		}
		ATTR INT "max-http-request-length" "max length of http request, default value is 2048[0,65536] (KB)" 5687 {
			VALIDATE RANGE 0:65536;
			defaultval = 2048;
		}
		ATTR OPTION "max-http-request-length-action" "action" 5688 {
			CHOICES {
				alert == 2 ::: "alert";
				deny_no_log == 4 ::: "deny without log";
				alert_deny == 6 ::: "deny connection and alert";
				block-period == 11 ::: "block-period";
			}
			defaultval = alert;
		}
		ATTR INT "max-http-request-length-block-period" "block period(1-3600)" 5689 {
			defaultval = 60;
			VALIDATE RANGE 1:3600;
#condition = 5688:eq:11;
		}
		ATTR OPTION "max-http-request-length-threat-weight" "threat weight" 7195 {
			CHOICES {
				off == 0;
				low == 1;
				med == 2;
				high == 3;
				crit == 4;		
			}
			defaultval = med;
			brieflist = 1;	
		}
		ATTR OPTION "max-http-request-length-severity" "severity:High, Medium, Low or Informative" 5690 {
			CHOICES {
				High == 1 ::: "High";
				Medium == 2 ::: "Medium";
				Low == 3 ::: "Low";
				Info == 4 ::: "Informative";
			}
			brieflist = 1;
			defaultval = Low;	
		}
		ATTR DATASOURCE "max-http-request-length-trigger" "choose Email or syslog policy" 5691 {
			datasource = "2090";
		}
#max-url-parameter-length
		ATTR OPTION_EN "max-url-parameter-length-check" "check" 5798 {
			defaultval = enable;
		}
		ATTR INT "max-url-parameter-length" "max length of url parameter, default value is 8192" 5692 {
			VALIDATE RANGE 0:12288;
			defaultval = 8192;
		}
		ATTR OPTION "max-url-parameter-length-action" "action" 5693 {
			CHOICES {
				alert == 2 ::: "alert";
				deny_no_log == 4 ::: "deny without log";
				alert_deny == 6 ::: "deny connection and alert";
				block-period == 11 ::: "block-period";
			}
			defaultval = alert;
		}
		ATTR INT "max-url-parameter-length-block-period" "block period(1-3600)" 5694 {
			defaultval = 60;
			VALIDATE RANGE 1:3600;
#condition = 5693:eq:11;
		}
		ATTR OPTION "max-url-parameter-length-threat-weight" "threat weight" 7196 {
			CHOICES {
				off == 0;
				low == 1;
				med == 2;
				high == 3;
				crit == 4;		
			}
			defaultval = med;
			brieflist = 1;	
		}
		ATTR OPTION "max-url-parameter-length-severity" "severity:High, Medium, Low or Informative" 5695 {
			CHOICES {
				High == 1 ::: "High";
				Medium == 2 ::: "Medium";
				Low == 3 ::: "Low";
				Info == 4 ::: "Informative";
			}
			brieflist = 1;
			defaultval = Low;	
		}
		ATTR DATASOURCE "max-url-parameter-length-trigger" "choose Email or syslog policy" 5696 {
			datasource = "2090";
		}
#Illegal-http-version-check
		ATTR OPTION_EN "Illegal-http-version-check" "" 5697 {
			defaultval = disable;
		}
		ATTR OPTION "Illegal-http-version-check-action" "action" 5698 {
			CHOICES {
				alert == 2 ::: "alert";
				deny_no_log == 4 ::: "deny without log";
				alert_deny == 6 ::: "deny connection and alert";
				block-period == 11 ::: "block-period";
			}
			defaultval = alert;
		}
		ATTR INT "Illegal-http-version-check-block-period" "block period(1-3600)" 5699 {
			defaultval = 60;
			VALIDATE RANGE 1:3600;
#condition = 5698:eq:11;
		}
		ATTR OPTION "Illegal-http-version-threat-weight" "threat weight" 7197 {
			CHOICES {
				off == 0;
				low == 1;
				med == 2;
				high == 3;
				crit == 4;		
			}
			defaultval = crit;
			brieflist = 1;	
		}
		ATTR OPTION "Illegal-http-version-check-severity" "severity:High, Medium, Low or Informative" 5700 {
			CHOICES {
				High == 1 ::: "High";
				Medium == 2 ::: "Medium";
				Low == 3 ::: "Low";
				Info == 4 ::: "Informative";
			}
			brieflist = 1;
			defaultval = Medium;	
		}
		ATTR DATASOURCE "Illegal-http-version-check-trigger" "choose Email or syslog policy" 5701 {
			datasource = "2090";
		}
#max-cookie-in-request
		ATTR OPTION_EN "max-cookie-in-request-check" "check" 5799 {
			defaultval = enable;
		}
		ATTR INT "max-cookie-in-request" "max count of cookie request, default value is 128 [0,1023]" 5702 {
			VALIDATE RANGE 0:1023;
			defaultval = 128;
		}
		ATTR OPTION "max-cookie-in-request-action" "action" 5703 {
			CHOICES {
				alert == 2 ::: "alert";
				deny_no_log == 4 ::: "deny without log";
				alert_deny == 6 ::: "deny connection and alert";
				block-period == 11 ::: "block-period";
			}
			defaultval = alert;
		}
		ATTR INT "max-cookie-in-request-block-period" "block period(1-3600)" 5704 {
			defaultval = 60;
			VALIDATE RANGE 1:3600;
#condition = 5703:eq:11;
		}
		ATTR OPTION "max-cookie-in-request-threat-weight" "threat weight" 7198 {
			CHOICES {
				off == 0;
				low == 1;
				med == 2;
				high == 3;
				crit == 4;		
			}
			defaultval = med;
			brieflist = 1;	
		}
		ATTR OPTION "max-cookie-in-request-severity" "severity:High, Medium, Low or Informative" 5705 {
			CHOICES {
				High == 1 ::: "High";
				Medium == 2 ::: "Medium";
				Low == 3 ::: "Low";
				Info == 4 ::: "Informative";
			}
			brieflist = 1;
			defaultval = Low;	
		}
		ATTR DATASOURCE "max-cookie-in-request-trigger" "choose Email or syslog policy" 5706 {
			datasource = "2090";
		}
#max-header-line-request
		ATTR OPTION_EN "max-header-line-request-check" "check" 5800 {
			defaultval = enable;
		}
		ATTR INT "max-header-line-request" "max count of header line request, default value is 64 [0,128]" 5707 {
			VALIDATE RANGE 0:128;
			defaultval = 64;
		}
		ATTR OPTION "max-header-line-request-action" "action" 5708 {
			CHOICES {
				alert == 2 ::: "alert";
				deny_no_log == 4 ::: "deny without log";
				alert_deny == 6 ::: "deny connection and alert";
				block-period == 11 ::: "block-period";
			}
			defaultval = alert;
		}
		ATTR INT "max-header-line-request-block-period" "block period(1-3600)" 5709 {
			defaultval = 60;
			VALIDATE RANGE 1:3600;
#condition = 5708:eq:11;
		}
		ATTR OPTION "max-header-line-request-threat-weight" "threat weight" 7199 {
			CHOICES {
				off == 0;
				low == 1;
				med == 2;
				high == 3;
				crit == 4;		
			}
			defaultval = med;
			brieflist = 1;	
		}
		ATTR OPTION "max-header-line-request-severity" "severity:High, Medium, Low or Informative" 5710 {
			CHOICES {
				High == 1 ::: "High";
				Medium == 2 ::: "Medium";
				Low == 3 ::: "Low";
				Info == 4 ::: "Informative";
			}
			brieflist = 1;
			defaultval = Low;	
		}
		ATTR DATASOURCE "max-header-line-request-trigger" "choose Email or syslog policy" 5711 {
			datasource = "2090";
		}
#Illegal-http-request-method-check
		ATTR OPTION_EN "Illegal-http-request-method-check" "" 5712 {
			defaultval = disable;
		}
		ATTR OPTION "Illegal-http-request-method-action" "action" 5713 {
			CHOICES {
				alert == 2 ::: "alert";
				deny_no_log == 4 ::: "deny without log";
				alert_deny == 6 ::: "deny connection and alert";
				block-period == 11 ::: "block-period";
			}
			defaultval = alert_deny;
		}
		ATTR INT "Illegal-http-request-method-block-period" "block period(1-3600)" 5714 {
			defaultval = 60;
			VALIDATE RANGE 1:3600;
#condition = 5713:eq:11;
		}
		ATTR OPTION "Illegal-http-request-method-threat-weight" "threat weight" 7200 {
			CHOICES {
				off == 0;
				low == 1;
				med == 2;
				high == 3;
				crit == 4;		
			}
			defaultval = crit;
			brieflist = 1;	
		}
		ATTR OPTION "Illegal-http-request-method-severity" "severity:High, Medium, Low or Informative" 5715 {
			CHOICES {
				High == 1 ::: "High";
				Medium == 2 ::: "Medium";
				Low == 3 ::: "Low";
				Info == 4 ::: "Informative";
			}
			brieflist = 1;
			defaultval = Medium;	
		}
		ATTR DATASOURCE "Illegal-http-request-method-trigger" "choose Email or syslog policy" 5716 {
			datasource = "2090";
		}
#max-url-parameter
		ATTR OPTION_EN "max-url-parameter-check" "check" 5801 {
			defaultval = enable;
		}
		ATTR INT "max-url-parameter" "max number of url parameter, default value is 128 [0,1023]" 5717 {
			VALIDATE RANGE 0:1023;
			defaultval = 128;
		}
		ATTR OPTION "max-url-parameter-action" "action" 5718 {
			CHOICES {
				alert == 2 ::: "alert";
				deny_no_log == 4 ::: "deny without log";
				alert_deny == 6 ::: "deny connection and alert";
				block-period == 11 ::: "block-period";
			}
			defaultval = alert;
		}
		ATTR INT "max-url-parameter-block-period" "block period(1-3600)" 5719 {
			defaultval = 60;
			VALIDATE RANGE 1:3600;
#condition = 5718:eq:11;
		}
		ATTR OPTION "max-url-parameter-threat-weight" "threat weight" 7201 {
			CHOICES {
				off == 0;
				low == 1;
				med == 2;
				high == 3;
				crit == 4;		
			}
			defaultval = med;
			brieflist = 1;	
		}
		ATTR OPTION "max-url-parameter-severity" "severity:High, Medium, Low or Informative" 5720 {
			CHOICES {
				High == 1 ::: "High";
				Medium == 2 ::: "Medium";
				Low == 3 ::: "Low";
				Info == 4 ::: "Informative";
			}
			brieflist = 1;
			defaultval = Low;	
		}
		ATTR DATASOURCE "max-url-parameter-trigger" "choose Email or syslog policy" 5721 {
			datasource = "2090";
		}
#Illegal-host-name-check
		ATTR OPTION_EN "Illegal-host-name-check" "" 5722 {
			defaultval = disable;
		}
		ATTR OPTION "Illegal-host-name-check-action" "action" 5723 {
			CHOICES {
				alert == 2 ::: "alert";
				deny_no_log == 4 ::: "deny without log";
				alert_deny == 6 ::: "deny connection and alert";
				block-period == 11 ::: "block-period";
			}
			defaultval = alert_deny;
		}
		ATTR INT "Illegal-host-name-check-block-period" "block period(1-3600)" 5724 {
			defaultval = 60;
			VALIDATE RANGE 1:3600;
#condition = 5723:eq:11;
		}
		ATTR OPTION "Illegal-host-name-check-threat-weight" "threat weight" 7202 {
			CHOICES {
				off == 0;
				low == 1;
				med == 2;
				high == 3;
				crit == 4;		
			}
			defaultval = high;
			brieflist = 1;	
		}
		ATTR OPTION "Illegal-host-name-check-severity" "severity:High, Medium, Low or Informative" 5725 {
			CHOICES {
				High == 1 ::: "High";
				Medium == 2 ::: "Medium";
				Low == 3 ::: "Low";
				Info == 4 ::: "Informative";
			}
			brieflist = 1;
			defaultval = Medium;	
		}
		ATTR DATASOURCE "Illegal-host-name-check-trigger" "choose Email or syslog policy" 5726 {
			datasource = "2090";
		}
#number-of-ranges-in-range-header
		ATTR OPTION_EN "number-of-ranges-in-range-header-check" "check" 5802 {
			defaultval = enable;
		}
		ATTR INT "number-of-ranges-in-range-header" "max ranges in Range Header,default value is 5 [0 ,64]" 5727 {
			VALIDATE RANGE 0:64;
			defaultval = 5;
		}
		ATTR OPTION "number-of-ranges-in-range-header-action" "action" 5728 {
			CHOICES {
				alert == 2 ::: "alert";
				deny_no_log == 4 ::: "deny without log";
				alert_deny == 6 ::: "deny connection and alert";
				block-period == 11 ::: "block-period";
			}
			defaultval = alert;
		}
		ATTR INT "number-of-ranges-in-range-header-block-period" "block period(1-3600)" 5729 {
			defaultval = 60;
			VALIDATE RANGE 1:3600;
#condition = 5728:eq:11;
		}
		ATTR OPTION "number-of-ranges-in-range-header-threat-weight" "threat weight" 7203 {
			CHOICES {
				off == 0;
				low == 1;
				med == 2;
				high == 3;
				crit == 4;		
			}
			defaultval = med;
			brieflist = 1;	
		}
		ATTR OPTION "number-of-ranges-in-range-header-severity" "severity:High, Medium, Low or Informative" 5730 {
			CHOICES {
				High == 1 ::: "High";
				Medium == 2 ::: "Medium";
				Low == 3 ::: "Low";
				Info == 4 ::: "Informative";
			}
			brieflist = 1;
			defaultval = Low;	
		}
		ATTR DATASOURCE "number-of-ranges-in-range-header-trigger" "choose Email or syslog policy" 5731 {
			datasource = "2090";
		}
#exception_name
		ATTR DATASOURCE "exception_name" "exception" 5732 {
			datasource = "5860";
		}
#block-malformed-request-check
		ATTR OPTION_EN "block-malformed-request-check" "block malformed request check" 5733 {
			defaultval = disable;
		}
		ATTR OPTION "block-malformed-request-action" "action" 5734 {
			CHOICES {
				alert == 2 ::: "alert";
				deny_no_log == 4 ::: "deny without log";
				alert_deny == 6 ::: "deny connection and alert";
				block-period == 11 ::: "block-period";
			}
			defaultval = alert_deny;
		}
		ATTR INT "block-malformed-request-block-period" "block period(1-3600)" 5735 {
			defaultval = 60;
			VALIDATE RANGE 1:3600;
#condition = 5734:eq:11;
		}
		ATTR OPTION "block-malformed-request-threat-weight" "threat weight" 7204 {
			CHOICES {
				off == 0;
				low == 1;
				med == 2;
				high == 3;
				crit == 4;		
			}
			defaultval = high;
			brieflist = 1;	
		}
		ATTR OPTION "block-malformed-request-severity" "severity:High, Medium, Low or Informative" 5736 {
			CHOICES {
				High == 1 ::: "High";
				Medium == 2 ::: "Medium";
				Low == 3 ::: "Low";
				Info == 4 ::: "Informative";
			}
			brieflist = 1;
			defaultval = Medium;	
		}
		ATTR DATASOURCE "block-malformed-request-trigger" "choose Email or syslog policy" 5737 {
			datasource = "2090";
		}

#Illegal-content-length-check
		ATTR OPTION_EN "Illegal-content-length-check" "" 5738 {
			defaultval = disable;
		}
		ATTR OPTION "Illegal-content-length-check-action" "action" 5739 {
			CHOICES {
				alert == 2 ::: "alert";
				deny_no_log == 4 ::: "deny without log";
				alert_deny == 6 ::: "deny connection and alert";
				block-period == 11 ::: "block-period";
			}
			defaultval = alert;
		}
		ATTR INT "Illegal-content-length-check-block-period" "block period(1-3600)" 5740 {
			defaultval = 60;
			VALIDATE RANGE 1:3600;
		}
		ATTR OPTION "Illegal-content-length-check-threat-weight" "threat weight" 7205 {
			CHOICES {
				off == 0;
				low == 1;
				med == 2;
				high == 3;
				crit == 4;		
			}
			defaultval = high;
			brieflist = 1;	
		}
		ATTR OPTION "Illegal-content-length-check-severity" "severity:High, Medium, Low or Informative" 5741 {
			CHOICES {
				High == 1 ::: "High";
				Medium == 2 ::: "Medium";
				Low == 3 ::: "Low";
				Info == 4 ::: "Informative";
			}
			brieflist = 1;
			defaultval = Low;	
		}
		ATTR DATASOURCE "Illegal-content-length-check-trigger" "choose Email or syslog policy" 5742 {
			datasource = "2090";
		}
#Illegal-content-type-check
		ATTR OPTION_EN "Illegal-content-type-check" "" 5743 {
			defaultval = disable;
		}
		ATTR OPTION "Illegal-content-type-check-action" "action" 5744 {
			CHOICES {
				alert == 2 ::: "alert";
				deny_no_log == 4 ::: "deny without log";
				alert_deny == 6 ::: "deny connection and alert";
				block-period == 11 ::: "block-period";
			}
			defaultval = alert;
		}
		ATTR INT "Illegal-content-type-check-block-period" "block period(1-3600)" 5745 {
			defaultval = 60;
			VALIDATE RANGE 1:3600;
		}
		ATTR OPTION "Illegal-content-type-check-threat-weight" "threat weight" 7206 {
			CHOICES {
				off == 0;
				low == 1;
				med == 2;
				high == 3;
				crit == 4;		
			}
			defaultval = med;
			brieflist = 1;	
		}
		ATTR OPTION "Illegal-content-type-check-severity" "severity:High, Medium, Low or Informative" 5746 {
			CHOICES {
				High == 1 ::: "High";
				Medium == 2 ::: "Medium";
				Low == 3 ::: "Low";
				Info == 4 ::: "Informative";
			}
			brieflist = 1;
			defaultval = Low;	
		}
		ATTR DATASOURCE "Illegal-content-type-check-trigger" "choose Email or syslog policy" 5747 {
			datasource = "2090";
		}
#Illegal-response-code-check
		ATTR OPTION_EN "Illegal-response-code-check" "" 5748 {
			defaultval = disable;
		}
		ATTR OPTION "Illegal-response-code-check-action" "action" 5749 {
			CHOICES {
				alert == 2 ::: "alert";
				deny_no_log == 4 ::: "deny without log";
				alert_deny == 6 ::: "deny connection and alert";
				block-period == 11 ::: "block-period";
			}
			defaultval = alert;
		}
		ATTR INT "Illegal-response-code-check-block-period" "block period(1-3600)" 5750 {
			defaultval = 60;
			VALIDATE RANGE 1:3600;
		}
		ATTR OPTION "Illegal-response-code-check-threat-weight" "threat weight" 7207 {
			CHOICES {
				off == 0;
				low == 1;
				med == 2;
				high == 3;
				crit == 4;		
			}
			defaultval = crit;
			brieflist = 1;	
		}
		ATTR OPTION "Illegal-response-code-check-severity" "severity:High, Medium, Low or Informative" 5751 {
			CHOICES {
				High == 1 ::: "High";
				Medium == 2 ::: "Medium";
				Low == 3 ::: "Low";
				Info == 4 ::: "Informative";
			}
			brieflist = 1;
			defaultval = Low;	
		}
		ATTR DATASOURCE "Illegal-response-code-check-trigger" "choose Email or syslog policy" 5752 {
			datasource = "2090";
		}
#Post-request-ctype-check
		ATTR OPTION_EN "Post-request-ctype-check" "Post Request -- Missing Content Type Check" 5753 {
			defaultval = disable;
		}
		ATTR OPTION "Post-request-ctype-check-action" "action" 5754 {
			CHOICES {
				alert == 2 ::: "alert";
				deny_no_log == 4 ::: "deny without log";
				alert_deny == 6 ::: "deny connection and alert";
				block-period == 11 ::: "block-period";
			}
			defaultval = alert;
		}
		ATTR INT "Post-request-ctype-check-block-period" "block period(1-3600)" 5755 {
			defaultval = 60;
			VALIDATE RANGE 1:3600;
		}
		ATTR OPTION "Post-request-ctype-check-threat-weight" "threat weight" 7208 {
			CHOICES {
				off == 0;
				low == 1;
				med == 2;
				high == 3;
				crit == 4;		
			}
			defaultval = high;
			brieflist = 1;	
		}
		ATTR OPTION "Post-request-ctype-check-severity" "severity:High, Medium, Low or Informative" 5756 {
			CHOICES {
				High == 1 ::: "High";
				Medium == 2 ::: "Medium";
				Low == 3 ::: "Low";
				Info == 4 ::: "Informative";
			}
			brieflist = 1;
			defaultval = Low;	
		}
		ATTR DATASOURCE "Post-request-ctype-check-trigger" "choose Email or syslog policy" 5757 {
			datasource = "2090";
		}
#max-http-header-name-length
		ATTR OPTION_EN "max-http-header-name-length-check" "check" 5803 {
			defaultval = enable;
		}
		ATTR INT "max-http-header-name-length" "max length of header name, default value is 50" 5758 {
			VALIDATE RANGE 0:255;
			defaultval = 50;
		}
		ATTR OPTION "max-http-header-name-length-action" "action" 5759 {
			CHOICES {
				alert == 2 ::: "alert";
				deny_no_log == 4 ::: "deny without log";
				alert_deny == 6 ::: "deny connection and alert";
				block-period == 11 ::: "block-period";
			}
			defaultval = alert;
		}
		ATTR INT "max-http-header-name-length-block-period" "block period(1-3600)" 5760 {
			defaultval = 60;
			VALIDATE RANGE 1:3600;
		}
		ATTR OPTION "max-http-header-name-length-threat-weight" "threat weight" 7209 {
			CHOICES {
				off == 0;
				low == 1;
				med == 2;
				high == 3;
				crit == 4;		
			}
			defaultval = med;
			brieflist = 1;	
		}
		ATTR OPTION "max-http-header-name-length-severity" "severity:High, Medium, Low or Informative" 5761 {
			CHOICES {
				High == 1 ::: "High";
				Medium == 2 ::: "Medium";
				Low == 3 ::: "Low";
				Info == 4 ::: "Informative";
			}
			brieflist = 1;
			defaultval = Low;	
		}
		ATTR DATASOURCE "max-http-header-name-length-trigger" "choose Email or syslog policy" 5762 {
			datasource = "2090";
		}
#max-http-header-value-length
		ATTR OPTION_EN "max-http-header-value-length-check" "check" 5804 {
			defaultval = enable;
		}
		ATTR INT "max-http-header-value-length" "max length of header value, default value is 4096" 5763 {
			VALIDATE RANGE 0:12288;
			defaultval = 4096;
		}
		ATTR OPTION "max-http-header-value-length-action" "action" 5764 {
			CHOICES {
				alert == 2 ::: "alert";
				deny_no_log == 4 ::: "deny without log";
				alert_deny == 6 ::: "deny connection and alert";
				block-period == 11 ::: "block-period";
			}
			defaultval = alert;
		}
		ATTR INT "max-http-header-value-length-block-period" "block period(1-3600)" 5765 {
			defaultval = 60;
			VALIDATE RANGE 1:3600;
		}
		ATTR OPTION "max-http-header-value-length-threat-weight" "threat weight" 7210 {
			CHOICES {
				off == 0;
				low == 1;
				med == 2;
				high == 3;
				crit == 4;		
			}
			defaultval = med;
			brieflist = 1;	
		}
		ATTR OPTION "max-http-header-value-length-severity" "severity:High, Medium, Low or Informative" 5766 {
			CHOICES {
				High == 1 ::: "High";
				Medium == 2 ::: "Medium";
				Low == 3 ::: "Low";
				Info == 4 ::: "Informative";
			}
			brieflist = 1;
			defaultval = Low;	
		}
		ATTR DATASOURCE "max-http-header-value-length-trigger" "choose Email or syslog policy" 5767 {
			datasource = "2090";
		}
#NULL-character-in-parameter-name-check
		ATTR OPTION_EN "parameter-name-check" "Null Character in Parameter Name" 5768 {
			defaultval = disable;
		}
		ATTR OPTION "parameter-name-check-action" "action" 5769 {
			CHOICES {
				alert == 2 ::: "alert";
				deny_no_log == 4 ::: "deny without log";
				alert_deny == 6 ::: "deny connection and alert";
				block-period == 11 ::: "block-period";
			}
			defaultval = alert;
		}
		ATTR INT "parameter-name-check-block-period" "block period(1-3600)" 5770 {
			defaultval = 60;
			VALIDATE RANGE 1:3600;
		}
		ATTR OPTION "parameter-name-check-threat-weight" "threat weight" 7211 {
			CHOICES {
				off == 0;
				low == 1;
				med == 2;
				high == 3;
				crit == 4;		
			}
			defaultval = crit;
			brieflist = 1;	
		}
		ATTR OPTION "parameter-name-check-severity" "severity:High, Medium, Low or Informative" 5771 {
			CHOICES {
				High == 1 ::: "High";
				Medium == 2 ::: "Medium";
				Low == 3 ::: "Low";
				Info == 4 ::: "Informative";
			}
			brieflist = 1;
			defaultval = Low;	
		}
		ATTR DATASOURCE "parameter-name-check-trigger" "choose Email or syslog policy" 5772 {
			datasource = "2090";
		}
#NULL-character-in-parameter-value-check
		ATTR OPTION_EN "parameter-value-check" "Null Character in Parameter Value" 5773 {
			defaultval = disable;
		}
		ATTR OPTION "parameter-value-check-action" "action" 5774 {
			CHOICES {
				alert == 2 ::: "alert";
				deny_no_log == 4 ::: "deny without log";
				alert_deny == 6 ::: "deny connection and alert";
				block-period == 11 ::: "block-period";
			}
			defaultval = alert;
		}
		ATTR INT "parameter-value-check-block-period" "block period(1-3600)" 5775 {
			defaultval = 60;
			VALIDATE RANGE 1:3600;
		}
		ATTR OPTION "parameter-value-check-threat-weight" "threat weight" 7212 {
			CHOICES {
				off == 0;
				low == 1;
				med == 2;
				high == 3;
				crit == 4;		
			}
			defaultval = crit;
			brieflist = 1;	
		}
		ATTR OPTION "parameter-value-check-severity" "severity:High, Medium, Low or Informative" 5776 {
			CHOICES {
				High == 1 ::: "High";
				Medium == 2 ::: "Medium";
				Low == 3 ::: "Low";
				Info == 4 ::: "Informative";
			}
			brieflist = 1;
			defaultval = Low;	
		}
		ATTR DATASOURCE "parameter-value-check-trigger" "choose Email or syslog policy" 5777 {
			datasource = "2090";
		}
#Illegal-Character-in-Header-name-check
		ATTR OPTION_EN "Illegal-header-name-check" "Illgal Byte Code Character in Header Name Check" 5778 {
			defaultval = disable;
		}
		ATTR OPTION "Illegal-header-name-check-action" "action" 5779 {
			CHOICES {
				alert == 2 ::: "alert";
				deny_no_log == 4 ::: "deny without log";
				alert_deny == 6 ::: "deny connection and alert";
				block-period == 11 ::: "block-period";
			}
			defaultval = alert_deny;
		}
		ATTR INT "Illegal-header-name-check-block-period" "block period(1-3600)" 5780 {
			defaultval = 60;
			VALIDATE RANGE 1:3600;
		}
		ATTR OPTION "Illegal-header-name-check-threat-weight" "threat weight" 7213 {
			CHOICES {
				off == 0;
				low == 1;
				med == 2;
				high == 3;
				crit == 4;		
			}
			defaultval = high;
			brieflist = 1;	
		}
		ATTR OPTION "Illegal-header-name-check-severity" "severity:High, Medium, Low or Informative" 5781 {
			CHOICES {
				High == 1 ::: "High";
				Medium == 2 ::: "Medium";
				Low == 3 ::: "Low";
				Info == 4 ::: "Informative";
			}
			brieflist = 1;
			defaultval = Medium;	
		}
		ATTR DATASOURCE "Illegal-header-name-check-trigger" "choose Email or syslog policy" 5782 {
			datasource = "2090";
		}
#Illegal-Character-in-Header-value-check
		ATTR OPTION_EN "Illegal-header-value-check" "Illgal Byte Code Character in Header Value Check" 5783 {
			defaultval = disable;
		}
		ATTR OPTION "Illegal-header-value-check-action" "action" 5784 {
			CHOICES {
				alert == 2 ::: "alert";
				deny_no_log == 4 ::: "deny without log";
				alert_deny == 6 ::: "deny connection and alert";
				block-period == 11 ::: "block-period";
			}
			defaultval = alert_deny;
		}
		ATTR INT "Illegal-header-value-check-block-period" "block period(1-3600)" 5785 {
			defaultval = 60;
			VALIDATE RANGE 1:3600;
		}
		ATTR OPTION "Illegal-header-value-check-threat-weight" "threat weight" 7214 {
			CHOICES {
				off == 0;
				low == 1;
				med == 2;
				high == 3;
				crit == 4;		
			}
			defaultval = high;
			brieflist = 1;	
		}
		ATTR OPTION "Illegal-header-value-check-severity" "severity:High, Medium, Low or Informative" 5786 {
			CHOICES {
				High == 1 ::: "High";
				Medium == 2 ::: "Medium";
				Low == 3 ::: "Low";
				Info == 4 ::: "Informative";
			}
			brieflist = 1;
			defaultval = Medium;	
		}
		ATTR DATASOURCE "Illegal-header-value-check-trigger" "choose Email or syslog policy" 5787 {
			datasource = "2090";
		}
#max-http-body-parameter-length
		ATTR OPTION_EN "max-http-body-parameter-length-check" "check" 5805 {
			defaultval = enable;
		}
		ATTR INT "max-http-body-parameter-length" "max length of body parameter, default value is 8192" 5789 {
			VALIDATE RANGE 0:16384;
			defaultval = 8192;
		}
		ATTR OPTION "max-http-body-parameter-length-action" "action" 5790 {
			CHOICES {
				alert == 2 ::: "alert";
				deny_no_log == 4 ::: "deny without log";
				alert_deny == 6 ::: "deny connection and alert";
				block-period == 11 ::: "block-period";
			}
			defaultval = alert;
		}
		ATTR INT "max-http-body-parameter-length-block-period" "block period(1-3600)" 5791 {
			defaultval = 60;
			VALIDATE RANGE 1:3600;
		}
		ATTR OPTION "max-http-body-parameter-length-threat-weight" "threat weight" 7215 {
			CHOICES {
				off == 0;
				low == 1;
				med == 2;
				high == 3;
				crit == 4;		
			}
			defaultval = low;
			brieflist = 1;	
		}
		ATTR OPTION "max-http-body-parameter-length-severity" "severity:High, Medium, Low or Informative" 5792 {
			CHOICES {
				High == 1 ::: "High";
				Medium == 2 ::: "Medium";
				Low == 3 ::: "Low";
				Info == 4 ::: "Informative";
			}
			brieflist = 1;
			defaultval = Low;	
		}
		ATTR DATASOURCE "max-http-body-parameter-length-trigger" "choose Email or syslog policy" 5793 {
			datasource = "2090";
		}
#max-http-request-filename-length
		ATTR OPTION_EN "max-http-request-filename-length-check" "check" 5677 {
			defaultval = enable;
		}
		ATTR INT "max-http-request-filename-length" "max length of request filename, default value is 2048" 5678 {
			VALIDATE RANGE 0:12288;
			defaultval = 2048;
		}
		ATTR OPTION "max-http-request-filename-length-action" "action" 5679 {
			CHOICES {
				alert == 2 ::: "alert";
				deny_no_log == 4 ::: "deny without log";
				alert_deny == 6 ::: "deny connection and alert";
				block-period == 11 ::: "block-period";
			}
			defaultval = alert;
		}
		ATTR INT "max-http-request-filename-length-block-period" "block period(1-3600)" 5680 {
			defaultval = 60;
			VALIDATE RANGE 1:3600;
		}
		ATTR OPTION "max-http-request-filename-length-threat-weight" "threat weight" 7216 {
			CHOICES {
				off == 0;
				low == 1;
				med == 2;
				high == 3;
				crit == 4;		
			}
			defaultval = med;
			brieflist = 1;	
		}
		ATTR OPTION "max-http-request-filename-length-severity" "severity:High, Medium, Low or Informative" 5681 {
			CHOICES {
				High == 1 ::: "High";
				Medium == 2 ::: "Medium";
				Low == 3 ::: "Low";
				Info == 4 ::: "Informative";
			}
			brieflist = 1;
			defaultval = Low;	
		}
		ATTR DATASOURCE "max-http-request-filename-length-trigger" "choose Email or syslog policy" 5682 {
			datasource = "2090";
		}

#web-socket-protocol
		ATTR OPTION_EN "web-socket-protocol-check" "check" 5851 {
			defaultval = disable;
		}
		ATTR OPTION "web-socket-protocol-action" "action" 5852 {
			CHOICES {
				alert == 2 ::: "alert";
				deny_no_log == 4 ::: "deny without log";
				alert_deny == 6 ::: "deny connection and alert";
				block-period == 11 ::: "block-period";
			}
			defaultval = alert;
		}
		ATTR INT "web-socket-protocol-block-period" "block period(1-3600)" 5853 {
			defaultval = 60;
			VALIDATE RANGE 1:3600;
		}
		ATTR OPTION "web-socket-protocol-severity" "severity:High, Medium, Low or Informative" 5854 {
			CHOICES {
				High == 1 ::: "High";
				Medium == 2 ::: "Medium";
				Low == 3 ::: "Low";
				Info == 4 ::: "Informative";
			}
			brieflist = 1;
			defaultval = Low;	
		}
		ATTR DATASOURCE "web-socket-protocol-trigger" "choose Email or syslog policy" 5855 {
			datasource = "2090";
		}
#Illegal-frame-type-check
#Illegal-magic-check
#Illegal-frame-flag-check
#max-setting-header-table-size
		ATTR OPTION_EN "max-setting-header-table-size-check" "check" 7115 {
			defaultval = enable;
		}
		ATTR INT "max-setting-header-table-size" "max setting header table size, default value is 4096" 7116 {
			VALIDATE RANGE 0:16777215;
			defaultval = 65535;
		}
		ATTR OPTION "max-setting-header-table-size-action" "action" 7117 {
			CHOICES {
				alert == 2 ::: "alert";
				deny_no_log == 4 ::: "deny without log";
				alert_deny == 6 ::: "deny connection and alert";
				block-period == 11 ::: "block-period";
			}
			defaultval = alert;
		}
		ATTR INT "max-setting-header-table-size-block-period" "block period(1-3600)" 7118 {
			defaultval = 60;
			VALIDATE RANGE 1:3600;
		}
		ATTR OPTION "max-setting-header-table-size-severity" "severity:High, Medium, Low or Informative" 7119 {
			CHOICES {
				High == 1 ::: "High";
				Medium == 2 ::: "Medium";
				Low == 3 ::: "Low";
				Info == 4 ::: "Informative";
			}
			brieflist = 1; 
			defaultval = Low;
		}
		ATTR DATASOURCE "max-setting-header-table-size-trigger" "choose Email or syslog policy" 7120 {	
			datasource = "2090";
		}
#max-setting-current-streams-num
		ATTR OPTION_EN "max-setting-current-streams-num-check" "check" 7121 {
			defaultval = enable;
		}
		ATTR INT "max-setting-current-streams-num" "max setting current streams number, default value is 256" 7122 {
			VALIDATE RANGE 0:100000;
			defaultval = 1000;
		}
		ATTR OPTION "max-setting-current-streams-num-action" "action" 7123 {
			CHOICES {
				alert == 2 ::: "alert";
				deny_no_log == 4 ::: "deny without log";
				alert_deny == 6 ::: "deny connection and alert";
				block-period == 11 ::: "block-period";
			}
			defaultval = alert;
		}
		ATTR INT "max-setting-current-streams-num-block-period" "block period(1-3600)" 7124 {
			defaultval = 60;
			VALIDATE RANGE 1:3600;
		}
		ATTR OPTION "max-setting-current-streams-num-severity" "severity:High, Medium, Low or Informative" 7125 {
			CHOICES {
				High == 1 ::: "High";
				Medium == 2 ::: "Medium";
				Low == 3 ::: "Low";
				Info == 4 ::: "Informative";
			}
			brieflist = 1; 
			defaultval = Low;
		}
		ATTR DATASOURCE "max-setting-current-streams-num-trigger" "choose Email or syslog policy" 7126 {	
			datasource = "2090";
		}
#max-setting-initial-window-size
		ATTR OPTION_EN "max-setting-initial-window-size-check" "check" 7127 {
			defaultval = enable;
		}
		ATTR INT "max-setting-initial-window-size" "max setting initial window size, default value is 6291456" 7128 {
			VALIDATE RANGE 0:2147483647;
			defaultval = 6291456;
		}
		ATTR OPTION "max-setting-initial-window-size-action" "action" 7129 {
			CHOICES {
				alert == 2 ::: "alert";
				deny_no_log == 4 ::: "deny without log";
				alert_deny == 6 ::: "deny connection and alert";
				block-period == 11 ::: "block-period";
			}
			defaultval = alert;
		}
		ATTR INT "max-setting-initial-window-size-block-period" "block period(1-3600)" 7130 {
			defaultval = 60;
			VALIDATE RANGE 1:3600;
		}
		ATTR OPTION "max-setting-initial-window-size-severity" "severity:High, Medium, Low or Informative" 7131 {
			CHOICES {
				High == 1 ::: "High";
				Medium == 2 ::: "Medium";
				Low == 3 ::: "Low";
				Info == 4 ::: "Informative";
			}
			brieflist = 1; 
			defaultval = Low;
		}
		ATTR DATASOURCE "max-setting-initial-window-size-trigger" "choose Email or syslog policy" 7132 {	
			datasource = "2090";
		}
#max-setting-frame-size
		ATTR OPTION_EN "max-setting-frame-size-check" "check" 7133 {
			defaultval = enable;
		}
		ATTR INT "max-setting-frame-size" "max setting frame size, default value is 16384" 7134 {
			VALIDATE RANGE 0:16777215;
			defaultval = 16384;
		}
		ATTR OPTION "max-setting-frame-size-action" "action" 7135 {
			CHOICES {
				alert == 2 ::: "alert";
				deny_no_log == 4 ::: "deny without log";
				alert_deny == 6 ::: "deny connection and alert";
				block-period == 11 ::: "block-period";
			}
			defaultval = alert;
		}
		ATTR INT "max-setting-frame-size-block-period" "block period(1-3600)" 7136 {
			defaultval = 60;
			VALIDATE RANGE 1:3600;
		}
		ATTR OPTION "max-setting-frame-size-severity" "severity:High, Medium, Low or Informative" 7137 {
			CHOICES {
				High == 1 ::: "High";
				Medium == 2 ::: "Medium";
				Low == 3 ::: "Low";
				Info == 4 ::: "Informative";
			}
			brieflist = 1; 
			defaultval = Low;
		}
		ATTR DATASOURCE "max-setting-frame-size-trigger" "choose Email or syslog policy" 7138 {	
			datasource = "2090";
		}
#max-setting-header-list-size
		ATTR OPTION_EN "max-setting-header-list-size-check" "check" 7139 {
			defaultval = enable;
		}
		ATTR INT "max-setting-header-list-size" "max setting header list size, default value is 65536" 7140 {
			VALIDATE RANGE 0:16777215;
			defaultval = 65536;
		}
		ATTR OPTION "max-setting-header-list-size-action" "action" 7141 {
			CHOICES {
				alert == 2 ::: "alert";
				deny_no_log == 4 ::: "deny without log";
				alert_deny == 6 ::: "deny connection and alert";
				block-period == 11 ::: "block-period";
			}
			defaultval = alert;
		}
		ATTR INT "max-setting-header-list-size-block-period" "block period(1-3600)" 7142 {
			defaultval = 60;
			VALIDATE RANGE 1:3600;
		}
		ATTR OPTION "max-setting-header-list-size-severity" "severity:High, Medium, Low or Informative" 7143 {
			CHOICES {
				High == 1 ::: "High";
				Medium == 2 ::: "Medium";
				Low == 3 ::: "Low";
				Info == 4 ::: "Informative";
			}
			brieflist = 1; 
			defaultval = Low;
		}
		ATTR DATASOURCE "max-setting-header-list-size-trigger" "choose Email or syslog policy" 7144 {	
			datasource = "2090";
		}
#max-url-param-name-len
		ATTR OPTION_EN "max-url-param-name-len-check" "check" 7145 {
			defaultval = enable;
		}
		ATTR INT "max-url-param-name-len" "max url parameter name length, default value is 4096" 7146 {
			VALIDATE RANGE 0:8192;
			defaultval = 4096;
		}
		ATTR OPTION "max-url-param-name-len-action" "action" 7147 {
			CHOICES {
				alert == 2 ::: "alert";
				deny_no_log == 4 ::: "deny without log";
				alert_deny == 6 ::: "deny connection and alert";
				block-period == 11 ::: "block-period";
			}
			defaultval = alert;
		}
		ATTR INT "max-url-param-name-len-block-period" "block period(1-3600)" 7148 {
			defaultval = 60;
			VALIDATE RANGE 1:3600;
		}
		ATTR OPTION "max-url-param-name-len-threat-weight" "threat weight" 7217 {
			CHOICES {
				off == 0;
				low == 1;
				med == 2;
				high == 3;
				crit == 4;		
			}
			defaultval = med;
			brieflist = 1;	
		}
		ATTR OPTION "max-url-param-name-len-severity" "severity:High, Medium, Low or Informative" 7149 {
			CHOICES {
				High == 1 ::: "High";
				Medium == 2 ::: "Medium";
				Low == 3 ::: "Low";
				Info == 4 ::: "Informative";
			}
			brieflist = 1; 
			defaultval = Low;
		}
		ATTR DATASOURCE "max-url-param-name-len-trigger" "choose Email or syslog policy" 7150 {	
			datasource = "2090";
		}
#max-url-param-value-len
		ATTR OPTION_EN "max-url-param-value-len-check" "check" 7151 {
			defaultval = enable;
		}
		ATTR INT "max-url-param-value-len" "max url parameter value length, default value is 4096" 7152 {
			VALIDATE RANGE 0:8192;
			defaultval = 4096;
		}
		ATTR OPTION "max-url-param-value-len-action" "action" 7153 {
			CHOICES {
				alert == 2 ::: "alert";
				deny_no_log == 4 ::: "deny without log";
				alert_deny == 6 ::: "deny connection and alert";
				block-period == 11 ::: "block-period";
			}
			defaultval = alert;
		}
		ATTR INT "max-url-param-value-len-block-period" "block period(1-3600)" 7154 {
			defaultval = 60;
			VALIDATE RANGE 1:3600;
		}
		ATTR OPTION "max-url-param-value-len-threat-weight" "threat weight" 7218 {
			CHOICES {
				off == 0;
				low == 1;
				med == 2;
				high == 3;
				crit == 4;		
			}
			defaultval = med;
			brieflist = 1;	
		}
		ATTR OPTION "max-url-param-value-len-severity" "severity:High, Medium, Low or Informative" 7155 {
			CHOICES {
				High == 1 ::: "High";
				Medium == 2 ::: "Medium";
				Low == 3 ::: "Low";
				Info == 4 ::: "Informative";
			}
			brieflist = 1; 
			defaultval = Low;
		}
		ATTR DATASOURCE "max-url-param-value-len-trigger" "choose Email or syslog policy" 7156 {	
			datasource = "2090";
		}
#url-param-name-check
		ATTR OPTION_EN "url-param-name-check" "check" 7157 {
			defaultval = enable;
		}
		ATTR OPTION "url-param-name-check-action" "action" 7158 {
			CHOICES {
				alert == 2 ::: "alert";
				deny_no_log == 4 ::: "deny without log";
				alert_deny == 6 ::: "deny connection and alert";
				block-period == 11 ::: "block-period";
			}
			defaultval = alert;
		}
		ATTR INT "url-param-name-check-block-period" "block period(1-3600)" 7159 {
			defaultval = 60;
			VALIDATE RANGE 1:3600;
		}
		ATTR OPTION "url-param-name-check-threat-weight" "threat weight" 7219 {
			CHOICES {
				off == 0;
				low == 1;
				med == 2;
				high == 3;
				crit == 4;		
			}
			defaultval = high;
			brieflist = 1;	
		}
		ATTR OPTION "url-param-name-check-severity" "severity:High, Medium, Low or Informative" 7160 {
			CHOICES {
				High == 1 ::: "High";
				Medium == 2 ::: "Medium";
				Low == 3 ::: "Low";
				Info == 4 ::: "Informative";
			}
			brieflist = 1; 
			defaultval = Medium;
		}
		ATTR DATASOURCE "url-param-name-check-trigger" "choose Email or syslog policy" 7161 {	
			datasource = "2090";
		}
#url-param-value-check
		ATTR OPTION_EN "url-param-value-check" "check" 7162 {
			defaultval = enable;
		}
		ATTR OPTION "url-param-value-check-action" "action" 7163 {
			CHOICES {
				alert == 2 ::: "alert";
				deny_no_log == 4 ::: "deny without log";
				alert_deny == 6 ::: "deny connection and alert";
				block-period == 11 ::: "block-period";
			}
			defaultval = alert;
		}
		ATTR INT "url-param-value-check-block-period" "block period(1-3600)" 7164 {
			defaultval = 60;
			VALIDATE RANGE 1:3600;
		}
		ATTR OPTION "url-param-value-check-threat-weight" "threat weight" 7220 {
			CHOICES {
				off == 0;
				low == 1;
				med == 2;
				high == 3;
				crit == 4;		
			}
			defaultval = high;
			brieflist = 1;	
		}
		ATTR OPTION "url-param-value-check-severity" "severity:High, Medium, Low or Informative" 7165 {
			CHOICES {
				High == 1 ::: "High";
				Medium == 2 ::: "Medium";
				Low == 3 ::: "Low";
				Info == 4 ::: "Informative";
			}
			brieflist = 1; 
			defaultval = Medium;
		}
		ATTR DATASOURCE "url-param-value-check-trigger" "choose Email or syslog policy" 7166 {	
			datasource = "2090";
		}
#null-byte-in-url
		ATTR OPTION_EN "null-byte-in-url-check" "check" 7167 {
			defaultval = enable;
		}
		ATTR OPTION "null-byte-in-url-action" "action" 7168 {
			CHOICES {
				alert == 2 ::: "alert";
				deny_no_log == 4 ::: "deny without log";
				alert_deny == 6 ::: "deny connection and alert";
				block-period == 11 ::: "block-period";
			}
			defaultval = alert;
		}
		ATTR INT "null-byte-in-url-block-period" "block period(1-3600)" 7169 {
			defaultval = 60;
			VALIDATE RANGE 1:3600;
		}
		ATTR OPTION "null-byte-in-url-threat-weight" "threat weight" 7221 {
			CHOICES {
				off == 0;
				low == 1;
				med == 2;
				high == 3;
				crit == 4;		
			}
			defaultval = crit;
			brieflist = 1;	
		}
		ATTR OPTION "null-byte-in-url-severity" "severity:High, Medium, Low or Informative" 7170 {
			CHOICES {
				High == 1 ::: "High";
				Medium == 2 ::: "Medium";
				Low == 3 ::: "Low";
				Info == 4 ::: "Informative";
			}
			brieflist = 1; 
			defaultval = Medium;
		}
		ATTR DATASOURCE "null-byte-in-url-trigger" "choose Email or syslog policy" 7171 {	
			datasource = "2090";
		}
#illegal-byte-in-url
		ATTR OPTION_EN "illegal-byte-in-url-check" "check" 7172 {
			defaultval = enable;
		}
		ATTR OPTION "illegal-byte-in-url-action" "action" 7173 {
			CHOICES {
				alert == 2 ::: "alert";
				deny_no_log == 4 ::: "deny without log";
				alert_deny == 6 ::: "deny connection and alert";
				block-period == 11 ::: "block-period";
			}
			defaultval = alert;
		}
		ATTR INT "illegal-byte-in-url-block-period" "block period(1-3600)" 7174 {
			defaultval = 60;
			VALIDATE RANGE 1:3600;
		}
		ATTR OPTION "illegal-byte-in-url-threat-weight" "threat weight" 7222 {
			CHOICES {
				off == 0;
				low == 1;
				med == 2;
				high == 3;
				crit == 4;		
			}
			defaultval = crit;
			brieflist = 1;	
		}
		ATTR OPTION "illegal-byte-in-url-severity" "severity:High, Medium, Low or Informative" 7175 {
			CHOICES {
				High == 1 ::: "High";
				Medium == 2 ::: "Medium";
				Low == 3 ::: "Low";
				Info == 4 ::: "Informative";
			}
			brieflist = 1; 
			defaultval = Medium;
		}
		ATTR DATASOURCE "illegal-byte-in-url-trigger" "choose Email or syslog policy" 7176 {	
			datasource = "2090";
		}
#malformed-url-check
		ATTR OPTION_EN "malformed-url-check" "check" 7177 {
			defaultval = enable;
		}
		ATTR OPTION "malformed-url-action" "action" 7178 {
			CHOICES {
				alert == 2 ::: "alert";
				deny_no_log == 4 ::: "deny without log";
				alert_deny == 6 ::: "deny connection and alert";
				block-period == 11 ::: "block-period";
			}
			defaultval = alert;
		}
		ATTR INT "malformed-url-block-period" "block period(1-3600)" 7179 {
			defaultval = 60;
			VALIDATE RANGE 1:3600;
		}
		ATTR OPTION "malformed-url-severity" "severity:High, Medium, Low or Informative" 7180 {
			CHOICES {
				High == 1 ::: "High";
				Medium == 2 ::: "Medium";
				Low == 3 ::: "Low";
				Info == 4 ::: "Informative";
			}
			brieflist = 1; 
			defaultval = Medium;
		}
		ATTR DATASOURCE "malformed-url-trigger" "choose Email or syslog policy" 7181 {	
			datasource = "2090";
		}
		ATTR OPTION "malformed-url-weight" "threat weight" 7236 {
			CHOICES {
				off == 0;
				low == 1;
				med == 2;
				high == 3;
				crit == 4;		
			}
			defaultval = crit;
			brieflist = 1;	
		}		
#redundant-header-check
		ATTR OPTION_EN "redundant-header-check" "check" 7182 {
			defaultval = enable;
		}
		ATTR OPTION "redundant-header-action" "action" 7183 {
			CHOICES {
				alert == 2 ::: "alert";
				deny_no_log == 4 ::: "deny without log";
				alert_deny == 6 ::: "deny connection and alert";
				block-period == 11 ::: "block-period";
			}
			defaultval = alert_deny;
		}
		ATTR INT "redundant-header-block-period" "block period(1-3600)" 7184 {
			defaultval = 60;
			VALIDATE RANGE 1:3600;
		}
		ATTR OPTION "redundant-header-threat-weight" "threat weight" 7223 {
			CHOICES {
				off == 0;
				low == 1;
				med == 2;
				high == 3;
				crit == 4;		
			}
			defaultval = crit;
			brieflist = 1;	
		}
		ATTR OPTION "redundant-header-severity" "severity:High, Medium, Low or Informative" 7185 {
			CHOICES {
				High == 1 ::: "High";
				Medium == 2 ::: "Medium";
				Low == 3 ::: "Low";
				Info == 4 ::: "Informative";
			}
			brieflist = 1; 
			defaultval = Medium;
		}
		ATTR DATASOURCE "redundant-header-trigger" "choose Email or syslog policy" 7186 {	
			datasource = "2090";
		}
#chunk-size-check
		ATTR OPTION_EN "chunk-size-check" "check" 7187 {
			defaultval = enable;
		}
		ATTR OPTION "chunk-size-action" "action" 7188 {
			CHOICES {
				alert == 2 ::: "alert";
				deny_no_log == 4 ::: "deny without log";
				alert_deny == 6 ::: "deny connection and alert";
				block-period == 11 ::: "block-period";
			}
			defaultval = alert;
		}
		ATTR INT "chunk-size-block-period" "block period(1-3600)" 7189 {
			defaultval = 60;
			VALIDATE RANGE 1:3600;
		}
		ATTR OPTION "chunk-size-severity" "severity:High, Medium, Low or Informative" 7190 {
			CHOICES {
				High == 1 ::: "High";
				Medium == 2 ::: "Medium";
				Low == 3 ::: "Low";
				Info == 4 ::: "Informative";
			}
			brieflist = 1; 
			defaultval = Low;
		}
		ATTR DATASOURCE "chunk-size-trigger" "choose Email or syslog policy" 7191 {	
			datasource = "2090";
		}
		ATTR OPTION "chunk-size-weight" "threat weight" 7237 {
			CHOICES {
				off == 0;
				low == 1;
				med == 2;
				high == 3;
				crit == 4;		
			}
			defaultval = crit;
			brieflist = 1;	
		}		
#internal-resource-limits
		ATTR OPTION_EN "Internal-resource-limits-check" "Internal resource limits check" 7238 { 
			defaultval = disable; 
 		}		
		ATTR OPTION "Internal-resource-limits-action" "action" 7239 { 
			CHOICES { 
				alert == 2 ::: "alert";
				deny_no_log == 4 ::: "deny without log";
				alert_deny == 6 ::: "deny connection and alert";
				block-period == 11 ::: "block-period"; 
			}
			defaultval = alert; 
		}
		ATTR INT "Internal-resource-limits-block-period" "block period(1-3600)" 7240 { 
			defaultval = 60;
			VALIDATE RANGE 1:3600; 
		#condition = 5734:eq:11; 
		}
		ATTR OPTION "Internal-resource-limits-severity" "severity:High, Medium, Low or Informative" 7241 { 
			CHOICES { 
				High == 1 ::: "High";
				Medium == 2 ::: "Medium";
				Low == 3 ::: "Low";
				Info == 4 ::: "Informative"; 
			}
			brieflist = 1;
			defaultval = Medium; 
		}
		ATTR DATASOURCE "Internal-resource-limits-trigger" "choose Email or syslog policy" 7242 { 
			datasource = "2090"; 
		}
		ATTR OPTION "Internal-resource-limits-threat-weight" "threat weight" 7243 { 
			CHOICES { 
				off == 0;
				low == 1;
				med == 2;
				high == 3;
				crit == 4; 
			}
			defaultval = high;
			brieflist = 1; 
		}
#rpc-protocol-check
		ATTR OPTION_EN "rpc-protocol-check" "rpc protocol check" 7244 {
                        defaultval = disable;
                }
                ATTR OPTION "rpc-protocol-action" "action" 7245 {
                        CHOICES {
                                alert == 2 ::: "alert";
                                deny_no_log == 4 ::: "deny without log";
                                alert_deny == 6 ::: "deny connection and alert";
                                block-period == 11 ::: "block-period";
                        }
                        defaultval = alert;
                }
                ATTR INT "rpc-protocol-block-period" "block period(1-3600)" 7246 {
                        defaultval = 60;
                        VALIDATE RANGE 1:3600;
                #condition = 5734:eq:11;
                }
                ATTR OPTION "rpc-protocol-severity" "severity:High, Medium, Low or Informative" 7247 {
                        CHOICES {
                                High == 1 ::: "High";
                                Medium == 2 ::: "Medium";
                                Low == 3 ::: "Low";
                                Info == 4 ::: "Informative";
                        }
                        brieflist = 1;
                        defaultval = Low;
                }
		ATTR DATASOURCE "rpc-protocol-trigger" "choose Email or syslog policy" 7248 {
                        datasource = "2090";
                }
                ATTR OPTION "rpc-protocol-threat-weight" "threat weight" 7249 {
                        CHOICES {
                                off == 0;
                                low == 1;
                                med == 2;
                                high == 3;
                                crit == 4;
                        }
                        defaultval = high;
                        brieflist = 1;
                }
#duplicated-paramname-check
		ATTR OPTION_EN "duplicate-paramname-check" "check" 7224 {
			defaultval = enable;
		}
		ATTR OPTION "duplicate-paramname-action" "action" 7225 {
			CHOICES {
				alert == 2 ::: "alert";
				deny_no_log == 4 ::: "deny without log";
				alert_deny == 6 ::: "deny connection and alert";
				block-period == 11 ::: "block-period";
			}
			defaultval = alert;
		}
		ATTR INT "duplicate-paramname-block-period" "block period(1-3600)" 7226 {
			defaultval = 60;
			VALIDATE RANGE 1:3600;
		}
		ATTR OPTION "duplicate-paramname-threat-weight" "threat weight" 7227 {
			CHOICES {
				off == 0;
				low == 1;
				med == 2;
				high == 3;
				crit == 4;		
			}
			defaultval = low;
			brieflist = 1;	
		}
		ATTR OPTION "duplicate-paramname-severity" "severity:High, Medium, Low or Informative" 7228 {
			CHOICES {
				High == 1 ::: "High";
				Medium == 2 ::: "Medium";
				Low == 3 ::: "Low";
				Info == 4 ::: "Informative";
			}
			brieflist = 1; 
			defaultval = Low;
		}
		ATTR DATASOURCE "duplicate-paramname-trigger" "choose Email or syslog policy" 7229 {	
			datasource = "2090";
		}
#odd-and-even-space-attack-check
		ATTR OPTION_EN "odd-and-even-space-attack-check" "check" 7230 {
			defaultval = enable;
		}
		ATTR OPTION "odd-and-even-space-attack-action" "action" 7231 {
			CHOICES {
				alert == 2 ::: "alert";
				deny_no_log == 4 ::: "deny without log";
				alert_deny == 6 ::: "deny connection and alert";
				block-period == 11 ::: "block-period";
			}
			defaultval = alert;
		}
		ATTR INT "odd-and-even-space-attack-block-period" "block period(1-3600)" 7232 {
			defaultval = 60;
			VALIDATE RANGE 1:3600;
		}
		#ATTR OPTION "odd-and-even-space-attack-threat-weight" "threat weight" 7233 {
		#	CHOICES {
		#		off == 0;
		#		low == 1;
		#		med == 2;
		#		high == 3;
		#		crit == 4;		
		#	}
		#	defaultval = low;
		#	brieflist = 1;	
		#}
		ATTR OPTION "odd-and-even-space-attack-severity" "severity:High, Medium, Low or Informative" 7233 {
			CHOICES {
				High == 1 ::: "High";
				Medium == 2 ::: "Medium";
				Low == 3 ::: "Low";
				Info == 4 ::: "Informative";
			}
			brieflist = 1; 
			defaultval = Medium;
		}
		ATTR DATASOURCE "odd-and-even-space-attack-trigger" "choose Email or syslog policy" 7234 {	
			datasource = "2090";
		}
		ATTR OPTION "odd-and-even-space-attack-weight" "threat weight" 7235 {
			CHOICES {
				off == 0;
				low == 1;
				med == 2;
				high == 3;
				crit == 4;		
			}
			defaultval = crit;
			brieflist = 1;	
		}		
	}
}

DOMAIN COMPLEX "log client-device-management-delete-flag" "log set delete flag for device tracking module" 2250 {
	parseflag = "hidden";
	ATTR OPTION_EN "flag" "delete flag" 2251 {
		defaultval = disable;
		brieflist = 1;
	}
}

GLOBAL COMPLEX "log analyzer-sync" "log sync analyzer information" 2260 {
	parseflag = "hidden";
	ATTR OPTION_EN "flag" "reset flag" 2261 {
		defaultval = disable;
		brieflist = 1;
	}
}

DOMAIN TABLE "waf brute-force-login" "waf brute force login" 6180 {
	TABLENAME STRING "name" "name" 6181 {
		VALIDATE NO_XSS RELAXED;
		brieflist = 1;
		TABLE "login-page-list" "login-page-list" 6182 {
			TABLENAME INT "<NO.>" "the name of login page list" 6183 {
				ATTR STRING "host" "" 6184 {
					VALIDATE NO_XSS RELAXED;
				}
				ATTR STRING "request-file" "request-file" 6185 {
					parseflag = "must";
				}
				ATTR INT "access-limit-standalone-ip" "access limit for standalone ip" 6186 {
					VALIDATE RANGE 1:10000;
					parseflag = "must";
				}
				ATTR OPTION_EN "ip-port-enable" "ip port:disable/enable" 6187 {
					defaultval = disable;
				}
				ATTR INT "access-limit-share-ip" "access limit for share ip" 6188 {
					VALIDATE RANGE 1:10000;
					#parseflag = "must";
					parseflag = @{all=must;FWB_DOCKER=skip};
				}
				ATTR INT "block-period" "block period(1-10000)" 6189 {
					VALIDATE RANGE 1:10000;
					defaultval = 60;
				}
				ATTR OPTION_EN "host-status" "host status:disable/enable" 6190 {
					defaultval = disable;
				}
			}
		}
		ATTR OPTION "severity" "severity:High, Medium, Low or Informative" 6191 {
			CHOICES {
				High == 1 ::: "High";
				Medium == 2 ::: "Medium";
				Low == 3 ::: "Low";
				Info == 4 ::: "Informative";
			}
			brieflist = 1;
			defaultval = High;	
		}
		ATTR DATASOURCE "trigger" "choose Email or syslog policy" 6192 {
			datasource = "2090";
		}
		ATTR INT "flag" "flag" 6193 {
			brieflist = 1;
			parseflag = "hidden,readonly";
		}
	}
}

DOMAIN TABLE "waf file-upload-restriction-policy" "waf file upload restriction policy" 6220 {
	TABLENAME STRING "name" "name" 6221 {
		VALIDATE NO_XSS RELAXED;
		brieflist = 1;
		parseflag = "keeporder";
		ATTR OPTION "action" "action" 6222 {
			CHOICES {
				alert == 2 ::: "alert";
				deny_no_log == 4 ::: "deny without log";
				alert_deny == 6 ::: "deny connection and alert";
				block-period == 11 ::: "block-period";
			}
			defaultval = alert_deny;
		}
		ATTR INT "block-period" "block period(1-3600)" 6223 {
			defaultval = 60;
			condition = 6222:eq:11;
		}
		ATTR OPTION "severity" "severity:High, Medium, Low or Informative" 6224 {
			CHOICES {
				High == 1 ::: "High";
				Medium == 2 ::: "Medium";
				Low == 3 ::: "Low";
				Info == 4 ::: "Informative";
			}
			brieflist = 1;
			defaultval = Medium;	
		}
		ATTR DATASOURCE "trigger" "choose Email or syslog policy" 6225 {
			datasource = "2090";
		}
		ATTR OPTION_EN "trojan-detection" "Trojan Detection upload file" 6231 {
			defaultval = disable;
		}
		ATTR OPTION_EN "av-scan" "AV scan upload file" 6226 {
			defaultval = disable;
		}
		ATTR OPTION_EN "fortisandbox-check" "Upload suspicious file to FortiSandbox" 6230 {
			defaultval = disable;
		}
		ATTR OPTION_EN "hold-session-while-scanning-file" "Hold session while scanning file" 6235 {
			#condition = 6230:eq:1;
			defaultval = disable; 
		}	
		ATTR OPTION_EN "icap-server-check" "Upload suspicious file to icap server" 6237 {
			defaultval = disable;
		}
		ATTR OPTION_EN "exchange-mail-detection" "AV detection for Exchange email" 6232 {
			defaultval = disable;
		}
		ATTR OPTION_EN "owa-protocol" "Exchange email for OWA protocol" 6233 {
			condition = 6232:eq:1;
			defaultval = disable;
		}
		ATTR OPTION_EN "activesync-protocol" "Exchange email for ActiveSync protocol" 6234 {
			condition = 6232:eq:1;
			defaultval = disable;
		}
		ATTR OPTION_EN "mapi-protocol" "Exchange email for mapi protocol" 6236 {
			condition = 6232:eq:1;
			defaultval = disable;
		}
		TABLE "rule" "rule" 6227 {
			parseflag = "movable";
			TABLENAME INT "<NO.>" "the name of rule" 6228 {
				ATTR DATASOURCE "file-upload-restriction-rule" "file-upload-restriction-rule" 6229 {
					datasource = "6200";
				}	
			}
		}
	}
}

DOMAIN TABLE "waf layer4-connection-flood-check-rule" "waf layer4 connection flood check rule" 5160 {
	parseflag = @{all=null;FWB_DOCKER=skip};
	TABLENAME STRING "name" "name" 5161 {
		VALIDATE NO_XSS RELAXED;
		brieflist = 1;
		ATTR INT "layer4-connection-threshold" "layer4_conn_threshold(1,65535)" 5162 {
			defaultval = 1;
			VALIDATE RANGE 1:65535;
		}
		ATTR OPTION "action" "action" 5163 {
			CHOICES {
				alert == 2 ::: "alert";
				deny_no_log == 4 ::: "deny without log";
				alert_deny == 6 ::: "deny connection and alert";
				block-period == 11 ::: "block period";
			}
		}
		ATTR OPTION "severity" "severity:High, Medium, Low or Informative" 5164 {
			CHOICES {
				High == 1 ::: "High";
				Medium == 2 ::: "Medium";
				Low == 3 ::: "Low";
				Info == 4 ::: "Informative";
			}
			brieflist = 1;
			defaultval = High;	
		}
		ATTR DATASOURCE "trigger-policy" "choose Email or syslog policy" 5165 {
			datasource = "2090";
		}
		ATTR INT "block-period" "action block period(1~3600)" 5166 {
			brieflist = 1;
			defaultval = 60;
			VALIDATE RANGE 1:3600;
                        condition = 5163:eq:11;
		}
	}
}

DOMAIN TABLE "waf threshold-based-detection policy" "waf threshold based detection policy" 11000 {
	TABLENAME STRING "name" "name" 11001 {
		VALIDATE NO_XSS RELAXED;
		brieflist = 1;
		ATTR OPTION "bot-recognition" "Bot Recognition" 11002 {
			CHOICES {
				disabled                 == 0 ::: "Disabled";
				real-browser-enforcement == 1 ::: "Real Browser Enforcement";
				captcha-enforcement      == 2 ::: "CAPTCHA Enforcement";
			}
			defaultval = disabled;
			brieflist  = 1;
		}
		ATTR OPTION "mobile-app-identification" "Mobile Application Identification" 11003 {
			CHOICES {
				disabled                == 0 ::: "Disabled";
				mobile-token-validation == 1 ::: "Mobile Token Validation";
			}
			defaultval = disabled;
			brieflist = 1;
		}
		ATTR OPTION_EN "bot-confirmation" "Bot Confirmation" 11004 {
			defaultval = disable;
		}
		ATTR INT "validation-timeout" "validation timeout" 11005 {
			brieflist = 1;
			defaultval = 20;
			VALIDATE RANGE 5:30;
		}
		ATTR INT "max-attempt-times" "Max Attempt Times" 11006 {
			brieflist = 1;
			defaultval = 3;
			VALIDATE RANGE 1:5;
		}


		ATTR OPTION_EN "crawler-detection" "crawler status: enable/disable" 11100 {
			defaultval = enable;
			brieflist  = 1;
		}
		ATTR OPTION "crawler-action" "crawler action" 11101 {
			CHOICES {
				alert        == 2  ::: "alert";
				deny_no_log  == 4  ::: "deny without log";
				alert_deny   == 6  ::: "deny connection and alert";
				block-period == 11 ::: "block-period";
			}
			defaultval = alert;
		}
		ATTR OPTION "crawler-severity" "crawler severity:High, Medium, Low or Informative" 11102 {
			CHOICES {
				High   == 1 ::: "High";
				Medium == 2 ::: "Medium";
				Low    == 3 ::: "Low";
				Info   == 4 ::: "Informative";
			}
			brieflist  = 1;
			defaultval = Medium;
		}
		ATTR DATASOURCE "crawler-trigger" "choose Email or syslog policy" 11103 {
			datasource = "2090";
		}
		ATTR INT "crawler-occurrence-num" "crawler occurrence: rule hit number" 11104 {
			defaultval = 100;
			VALIDATE RANGE 1:100000;
		}
		ATTR INT "crawler-within" "crawler within: time lasting scope" 11105 {
			defaultval = 10;
			VALIDATE RANGE 1:600;
		}
		ATTR INT "crawler-block-period" "block period(1-3600)" 11106 {
			VALIDATE RANGE 1:3600;
			defaultval = 60;
		}

		ATTR OPTION_EN "scanner-detection" "scanner status: enable/disable" 11200 {
			defaultval = disable;
			brieflist  = 1;
		}
		ATTR OPTION "scanner-action" "scanner action" 11201 {
			CHOICES {
				alert        == 2  ::: "alert";
				deny_no_log  == 4  ::: "deny without log";
				alert_deny   == 6  ::: "deny connection and alert";
				block-period == 11 ::: "block-period";
			}
			defaultval = alert;
		}
		ATTR OPTION "scanner-severity" "scanner severity:High, Medium, Low or Informative" 11202 {
			CHOICES {
				High   == 1 ::: "High";
				Medium == 2 ::: "Medium";
				Low    == 3 ::: "Low";
				Info   == 4 ::: "Informative";
			}
			brieflist  = 1;
			defaultval = Medium;
		}
		ATTR DATASOURCE "scanner-trigger" "choose Email or syslog policy" 11203 {
			datasource = "2090";
		}
		ATTR INT "scanner-occurrence-num" "scanner occurrence: rule hit number" 11204 {
			defaultval = 100;
			VALIDATE RANGE 1:100000;
		}
		ATTR INT "scanner-within" "scanner within: time lasting scope" 11205 {
			defaultval = 10;
			VALIDATE RANGE 1:600;
		}
		ATTR INT "scanner-block-period" "block period(1-3600)" 11206 {
			VALIDATE RANGE 1:3600;
			defaultval = 60;
		}

		ATTR OPTION_EN "slow-attack-detection" "slow attack status: enable/disable" 11300 {
			defaultval = disable;
			brieflist  = 1;
		}
		ATTR OPTION "slow-attack-action" "slow attack action" 11301 {
			CHOICES {
				alert        == 2  ::: "alert";
				deny_no_log  == 4  ::: "deny without log";
				alert_deny   == 6  ::: "deny connection and alert";
				block-period == 11 ::: "block-period";
			}
			defaultval = alert;
		}
		ATTR OPTION "slow-attack-severity" "slow attack severity:High, Medium, Low or Informative" 11302 {
			CHOICES {
				High   == 1 ::: "High";
				Medium == 2 ::: "Medium";
				Low    == 3 ::: "Low";
				Info   == 4 ::: "Informative";
			}
			brieflist  = 1;
			defaultval = Medium;
		}
		ATTR DATASOURCE "slow-attack-trigger" "choose Email or syslog policy" 11303 {
			datasource = "2090";
		}
		ATTR INT "slow-attack-occurrence-num" "slow attack occurrence: rule hit number" 11304 {
			defaultval = 5;
			VALIDATE RANGE 1:100000;
		}
		ATTR INT "slow-attack-within" "slow attack within: time lasting scope" 11305 {
			defaultval = 100;
			VALIDATE RANGE 1:600;
		}
		ATTR INT "slow-attack-http-transaction-timeout" "slow attack http transaction timeout" 11306 {
			defaultval = 60;
			VALIDATE RANGE 1:3600;
		}
		ATTR INT "slow-attack-packet-interval-timeout" "slow attack http packet interval timeout" 11307 {
			defaultval = 10;
			VALIDATE RANGE 1:60;
		}
		ATTR INT "slow-attack-block-period" "block period(1-3600)" 11308 {
			VALIDATE RANGE 1:3600;
			defaultval = 60;
		}

		ATTR OPTION_EN "content-scraping-detection" "content scraping status: enable/disable" 11400 {
			defaultval = disable;
			brieflist  = 1;
		}
		ATTR OPTION "content-scraping-action" "content scraping action" 11401 {
			CHOICES {
				alert        == 2  ::: "alert";
				deny_no_log  == 4  ::: "deny without log";
				alert_deny   == 6  ::: "deny connection and alert";
				block-period == 11 ::: "block-period";
			}
			defaultval = alert;
		}
		ATTR OPTION "content-scraping-severity" "content scraping severity:High, Medium, Low or Informative" 11402 {
			CHOICES {
				High   == 1 ::: "High";
				Medium == 2 ::: "Medium";
				Low    == 3 ::: "Low";
				Info   == 4 ::: "Informative";
			}
			brieflist  = 1;
			defaultval = Medium;
		}
		ATTR DATASOURCE "content-scraping-trigger" "choose Email or syslog policy" 11403 {
			datasource = "2090";
		}
		ATTR INT "content-scraping-occurrence-num" "content scraping occurrence: rule hit number" 11404 {
			defaultval = 100;
			VALIDATE RANGE 1:100000;
		}
		ATTR INT "content-scraping-within" "content scraping within: time lasting scope" 11405 {
			defaultval = 30;
			VALIDATE RANGE 1:600;
		}
		ATTR INT "content-scraping-block-period" "block period(1-3600)" 11406 {
			VALIDATE RANGE 1:3600;
			defaultval = 60;
		}

		ATTR OPTION_EN "brute-login-detection" "brute login status: enable/disable" 11500 {
			defaultval = disable;
			brieflist  = 1;
		}
		ATTR OPTION "brute-login-action" "brute login action" 11501 {
			CHOICES {
				alert        == 2  ::: "alert";
				deny_no_log  == 4  ::: "deny without log";
				alert_deny   == 6  ::: "deny connection and alert";
				block-period == 11 ::: "block-period";
			}
			defaultval = alert;
		}
		ATTR OPTION "brute-login-severity" "brute login severity:High, Medium, Low or Informative" 11502 {
			CHOICES {
				High   == 1 ::: "High";
				Medium == 2 ::: "Medium";
				Low    == 3 ::: "Low";
				Info   == 4 ::: "Informative";
			}
			brieflist  = 1;
			defaultval = Medium;
		}
		ATTR DATASOURCE "brute-login-trigger" "choose Email or syslog policy" 11503 {
			datasource = "2090";
		}
		ATTR INT "brute-login-occurrence-num" "brute login occurrence: rule hit number" 11504 {
			defaultval = 100;
			VALIDATE RANGE 1:100000;
		}
		ATTR INT "brute-login-within" "brute login within: time lasting scope" 11505 {
			defaultval = 10;
			VALIDATE RANGE 1:600;
		}
		ATTR STRING "brute-login-request-file" "brute login request-file" 11506 {
			defaultval = ".*";
			#parseflag = "must";
		}
		ATTR INT "brute-login-block-period" "block period(1-3600)" 11507 {
			VALIDATE RANGE 1:3600;
			defaultval = 60;
		}
	}
}

DOMAIN TABLE "waf bot-mitigate-policy" "waf bot mitigation policy" 9995 {
	#parseflag = @{all=null;FWB_DOCKER=skip}; 
	TABLENAME STRING "name" "name" 9996 {
		VALIDATE NO_XSS RELAXED;
		brieflist = 1;

		ATTR DATASOURCE "bot-deception" "bot-deception" 9997 {
			datasource = "9980";
		}

		ATTR DATASOURCE "biometrics-based-detection" "biometrics-based-defaultval" 9998 {
			datasource = "10130";
		}
		ATTR DATASOURCE "threshold-based-detection" "threshold based detection" 9999 {
			datasource = "11000";
			brieflist = 1;
		}
	}
}

DOMAIN TABLE "waf application-layer-dos-prevention" "waf application layer dos prevention" 5180 {
	#parseflag = @{all=null;FWB_DOCKER=skip}; 
	TABLENAME STRING "name" "name" 5181 {
		VALIDATE NO_XSS RELAXED;
		brieflist = 1;
#ATTR DATASOURCE "active-script-rule" "active-script-rule" 5182 {
#datasource = "5080";
#}
		ATTR OPTION_EN "enable-http-session-based-prevention" "enable-http-session-based-prevention" 5183 {
			defaultval = disable;
		}
		ATTR DATASOURCE "http-request-flood-prevention-rule" "http-request-flood-prevention-rule" 5184 {
			datasource = "5100";
		}
		ATTR DATASOURCE "http-connection-flood-check-rule" "http-connection-flood-check-rule" 5185 {
			datasource = "5120";
		}
		ATTR OPTION_EN "enable-layer4-dos-prevention" "enable-layer4-dos-prevention" 5186 {
			defaultval = disable;
		}
		ATTR DATASOURCE "layer4-access-limit-rule" "layer4-access-limit-rule" 5187 {
			datasource = "5140";
		}
		ATTR DATASOURCE "layer4-connection-flood-check-rule" "layer4-connection-flood-check-rule" 5188 {
			datasource = "5160";
		}

	}
}

DOMAIN TABLE "waf custom-access rule" "waf custom access rule" 6600 {
	TABLENAME STRING "name" "name" 6601 {
		VALIDATE NO_XSS RELAXED;
		ATTR OPTION "action" "action" 6602 {
			CHOICES {
				alert == 2 ::: "alert";
				redirect == 3 ::: "redirect connection";
				deny_no_log == 4 ::: "deny without log";
				alert_deny == 6 ::: "deny connection and alert";
				block-period == 11 ::: "block-period";
			}
			defaultval = alert;
		}
		ATTR INT "block-period" "block period(1-3600)" 6603 {
			VALIDATE RANGE 1:3600;
			defaultval = 60;
			condition = 6602:eq:11;
		}
		ATTR OPTION "severity" "severity:High, Medium, Low or Informative" 6604 {
			CHOICES {
				High == 1 ::: "High";
				Medium == 2 ::: "Medium";
				Low == 3 ::: "Low";
				Info == 4 ::: "Informative";
			}
			brieflist = 1;
			defaultval = Medium;	
		}
		ATTR DATASOURCE "trigger" "choose Email or syslog policy" 6605 {
			datasource = "2090";
		}
		ATTR OPTION "bot-recognition" "Bot Recognition" 6606 {
			CHOICES {
				disabled == 0 ::: "Disabled";
				real-browser-enforcement == 1 ::: "Real Browser Enforcement";
				captcha-enforcement == 2 ::: "CAPTCHA Enforcement";
			}
			defaultval = disabled;
			brieflist = 1;
		}
		ATTR OPTION "mobile-app-identification" "Mobile Application Identification" 11099 {
			CHOICES {
				disabled                == 0 ::: "Disabled";
				mobile-token-validation == 1 ::: "Mobile Token Validation";
			}
			defaultval = disabled;
			brieflist = 1;
		}
		ATTR OPTION_EN "bot-confirmation" "Bot Confirmation" 11098 {
			defaultval = disable;
		}

		ATTR INT "validation-timeout" "validation timeout" 6607 {
			brieflist = 1;
			defaultval = 20;
			VALIDATE RANGE 5:30;
			condition = 6606:NE:0;
		}

		ATTR INT "max-attempt-times" "Max Attempt Times" 6608 {
			brieflist = 1;
			defaultval = 3;
			VALIDATE RANGE 1:5;
			condition = 6606:eq:2;
		}
		
		TABLE "source-ip-filter" "source-ip-filter" 6610 {
			TABLENAME INT "<NO.>" "the name of source-ip-filter" 6611 {
				ATTR USER "source-ip" "source ipv4/ipv6/ip range. (e.g.: 1.2.3.4, 2001::1, 1.2.3.4-1.2.3.40, 2001::1-2001::100)" 6612 {
					brieflist = 1;
					parseflag = "must";
					#ipversion = 4;
					#subnet_type = host;
				}
				ATTR OPTION "exclusive-match" "exclusive-match" 6613 {
					CHOICES {
						yes == 1 ::: "match exclusively";
						no == 0 ::: "match inclusively";
					}
				}
			}
		}



		TABLE "geo-filter" "geo-filter" 6658 {
			TABLENAME INT "<NO.>" "the name of country filter" 6659 {
				ATTR OPTION "match-exclusive" "match exclusively" 6669 {
					CHOICES {
						yes == 1 ::: "match exclusively";
						no == 0 ::: "match inclusively";
					}
				}
				ATTR STRING "country-list" "Match country name list" 6678 {
					parseflag = "must";
				}
			}
		}

		TABLE "user-filter" "user-filter" 6695 {
			TABLENAME INT "<NO.>" "the name of user-filter" 6696 {
				ATTR OPTION "reverse-match" "reverse-match" 6697 {
					CHOICES {
						yes == 1 ::: "unmatch this condition";
						no == 0 ::: "match this condition";
					}
				}
				ATTR STRING "user-name" "user-name" 6698 {
					parseflag = "must";
				}
			}
		}
		TABLE "url-filter" "url-filter" 6615 {
			TABLENAME INT "<NO.>" "the name of url-filter" 6616 {
				ATTR OPTION "reverse-match" "reverse-match" 6617 {
					CHOICES {
						yes == 1 ::: "unmatch this condition";
						no == 0 ::: "match this condition";
					}
				}
				ATTR STRING "request-file" "request-file" 6618 {
					parseflag = "must";
				}
			}
		}
		TABLE "http-header-filter" "http-header-filter" 6620 {
			TABLENAME INT "<NO.>" "the name of http-header-filter" 6621 {
				ATTR OPTION_EN "header-field-check" "HTTP header field check" 6676 {
					defaultval = enable;
				}

				ATTR OPTION "header-name-type" "header-name-type" 6622 {
					CHOICES {
						predefined == 1 ::: "predefinded headername";
						custom == 2 ::: "custom headername";
					}
					defaultval = predefined;	
					condition = 6676:EQ:1;
				}
				ATTR OPTION "predefined-header" "predefined-header" 6623 {
					CHOICES {
						host == 0 ::: "Host";
						connection == 1 ::: "Connection";
						authorization == 2 ::: "Authorization";
						x-pad == 3 ::: "X-Pad";
						cookie == 4 ::: "Cookie";
						referer == 5 ::: "Referer";
						user-agent == 6 ::: "User-Agent";
						X-Forwarded-For == 7 ::: "X-Forwarded-For";
						Accept == 8 ::: "Accept";
					}
					defaultval = host;	
					condition = 6622:EQ:1;
					condition = 6676:EQ:1;
				}
				ATTR STRING "custom-header-name" "custom-header-name" 6624 {
					parseflag = "must";
					condition = 6622:EQ:2;
					condition = 6676:EQ:1;
				}
				ATTR STRING "header-value" "header-value" 6625 {
					parseflag = "must";
					condition = 6676:EQ:1;
				}
				ATTR OPTION "pre-header-type" "predefined header value type: simple string or regular expression" 6626 {
 					CHOICES {
						plain == 0 ::: "simple-string";
 						regular == 1 ::: "regex-expression";
 					}
 					defaultval = plain;
					condition = 6622:EQ:1;
					condition = 6676:EQ:1;
 				}
 				ATTR OPTION_EN "pre-header-rev-match" "predefined header value reverse match" 6627 {
 					defaultval = disable;
					condition = 6622:EQ:1;
					condition = 6676:EQ:1;
 				}
 				ATTR OPTION "cus-header-type" "custom defined header value type: simple string or regular expression" 6628 {
 					CHOICES {
 						plain == 0 ::: "simple-string";
 						regular == 1 ::: "regex-expression";
 					}
 					defaultval = plain;
					condition = 6622:EQ:2;
					condition = 6676:EQ:1;
 				}
				ATTR OPTION "cus-header-name-type" "custom defined header value type: simple string or regular expression" 6619 {
 					CHOICES {
 						plain == 0 ::: "simple-string";
 						regular == 1 ::: "regex-expression";
 					}
 					defaultval = plain;
					condition = 6622:EQ:2;
					condition = 6676:EQ:1;
 				}
 				ATTR OPTION_EN "cus-header-rev-match" "custom defined header value reverse match" 6629 {
 					defaultval = disable;
					condition = 6622:EQ:2;
					condition = 6676:EQ:1;
 				}

				ATTR OPTION_EN "http-method-check" "HTTP method check" 6688 {
					defaultval = disable;
				}
				ATTR OPTION "http-method-value-type" "HTTP method value type: simple string or regular expression" 6689 {
 					CHOICES {
 						plain == 0 ::: "simple-string";
 						regular == 1 ::: "regex-expression";
 					}
 					defaultval = plain;
					condition = 6688:EQ:1;
 				}
				ATTR STRING "http-method-value" "HTTP method value" 6699 {
					parseflag = "must";
					condition = 6688:EQ:1;
				}
				ATTR OPTION_EN "http-method-rev-match" "HTTP method value reverse match" 6677 {
 					defaultval = disable;
					condition = 6688:EQ:1;
 				}
			}
		}
		TABLE "access-limit-filter" "access-limit-filter" 6630 {
			TABLENAME INT "<NO.>" "the name of access-limit-filter" 6631 {
				ATTR INT "access-rate-limit" "access-rate-limit" 6632 {
					VALIDATE RANGE 1:65535;
				}
			}
		}
		TABLE "parameter" "parameter check" 6633 {
			TABLENAME INT "<NO.>" "parameter id" 6634 {
				ATTR OPTION "name-type" "parameter name type" 6635 {
					CHOICES {
 						plain == 0 ::: "simple-string";
 						regular == 1 ::: "regex-expression";
					}
					defaultval = plain;	
				}
				ATTR STRING "name" "parameter name" 6636 {
					parseflag = "must";
				}
				ATTR OPTION_EN "value-check" "parameter value check" 6637 {
					defaultval = disable;
					brieflist = 1;
				}
				ATTR STRING "value" "parameter value" 6638 {
					brieflist = 1;
				}
			}
		}
		TABLE "http-transaction" "http transaction timeout" 6640 {
			TABLENAME INT "<NO.>" "the name of http-transaction" 6641 {
				ATTR INT "http-transaction-timeout" "http transaction timeout" 6642 {
					VALIDATE RANGE 1:3600;
				}
			}
		}
		TABLE "response-code" "http response code" 6645 {
			TABLENAME INT "<NO.>" "the name of http response code" 6646 {
				ATTR INT "response-code-min" "http response code min value" 6647 {
					VALIDATE RANGE 100:599;
					defaultval = 404;
				}
				ATTR INT "response-code-max" "http response code max value" 6648 {
					VALIDATE RANGE 100:599;
					defaultval = 404;
				}
			}
		}
		TABLE "content-type" "content types list" 6650 {
			TABLENAME INT "<NO.>" "the name of content type" 6651 { 
				ATTR OPTION "content-type-set" "content type set" 6652{ 
					multi_opt = 1;
					CHOICES {
						text/html == 1 :SET;
						text/plain == 2 :SET;
						text/xml == 4 :SET;
						application/xml == 8 :SET;
						application/soap+xml == 16 :SET;
						application/json == 32 : SET;
					}
					brieflist = 1;
					parseflag = "keeporder";
				}
			} 
		}
		TABLE "packet-interval" "http packet interval" 6655 {
			TABLENAME INT "<NO.>" "the name of http packet interval" 6656 {
				ATTR INT "packet-interval-timeout" "http packet interval timeout" 6657 {
					VALIDATE RANGE 1:60;
				}
			}
		}
		TABLE "main-class" "main class list" 6660 {
			TABLENAME STRING "main-class-id" "main class id" 6661 {
				VALIDATE NO_XSS RELAXED;
				brieflist = 1;
				ATTR OPTION_EN "select-all" "select all flag" 6662 {
					defaultval = enable;
					brieflist = 1;
					#parseflag = "hidden";
				}
				ATTR OPTION_EN "no-subclass" "no sub-class flag" 6663 {
					defaultval = disable;
					brieflist = 1;
					#parseflag = "hidden";
				}
			}
		}
		TABLE "sub-class" "sub class list" 6664 {
			TABLENAME STRING "sub-class-id" "sub class id" 6665 {
				VALIDATE NO_XSS RELAXED;
				brieflist = 1;
				ATTR OPTION_EN "select-all" "select all flag" 6666 {
					defaultval = enable;
					brieflist = 1;
					#parseflag = "hidden";
				}
			}
		}
		TABLE "signature" "signature list" 6667 {
			TABLENAME STRING "signature-id" "signature id" 6668 {
				VALIDATE NO_XSS RELAXED;
				brieflist = 1;
			}
		}
		TABLE "custom-signature" "custom signature list" 6670 {
			TABLENAME INT "<NO.>" "custom signature class id" 6671 {
				ATTR OPTION_EN "custom-signature-enable" "custom signature enable flag" 6672 {
					defaultval = disable;
					brieflist = 1;
				}
				ATTR OPTION "custom-signature-type" "custom signature type" 6673 {
					CHOICES {
						custom-signature-group == 1 ::: "custom signature group";
						custom-signature == 2 ::: "custom signature";
					}
					defaultval = custom-signature-group;	
				}
				ATTR DATASOURCE "custom-signature-name" "custom signature name" 6674 {
					condition = 6673:eq:2; 
					datasource = "5980";
					parseflag = "must,keeporder";
					brieflist = 1;
				}
			}
		}
		TABLE "time-range-filter" "time range filter" 15000 {
			TABLENAME INT "<NO.>" "the id of time-range-filter" 15010 {
				ATTR OPTION "range_type" "type of time range filter" 15100 {
					CHOICES {
						once   == 0 ::: "run once";
						daily  == 1 ::: "run every day";
						weekly == 2 ::: "run every week";
					}
					defaultval = daily;
				}
				ATTR USER "range_start" "start date and time <hh:mm yyyy/mm/dd>" 15101 {
					defaultval = "00:00 2019/1/1";
					brieflist = 1;
				}
				ATTR USER "range_end" "end date and time <hh:mm yyyy/mm/dd>" 15102 {
					defaultval = "00:00 2019/12/31";
					brieflist = 1;
				}
			}
		}
		TABLE "occurrence" "occurrence: rule hit frequency" 6680 {
			TABLENAME INT "<NO.>" "the name of occurrence" 6681 {
				ATTR INT "occurrence-num" "occurrence: rule hit number" 6682 {
					VALIDATE RANGE 1:100000;
				}
				ATTR INT "within" "within: time lasting scope" 6683 {
					VALIDATE RANGE 1:600;
				}
				ATTR OPTION_EN "percentage-flag" "percentage-flag" 6684 {
					defaultval = disable;
					brieflist = 1;
				}
				ATTR INT "percentage" "percentage: matched transaction percentage" 6685 {
					VALIDATE RANGE 0:100;
				}
#				ATTR OPTION "traced-by" "traced-by: Source-IP, User" 6686 {
				ATTR OPTION "traced-by" "traced-by: Source-IP, Http-Session, User" 6686 {
					CHOICES {
						Source-IP == 1 ::: "Source-IP";
#						User == 2 ::: "User";
						Http-Session == 2 ::: "Http-Session";
						User == 3 ::: "User";
					}
					brieflist = 1;
					defaultval = Source-IP;	
				}
			}
		}
		ATTR INT "flag-operation" "flag" 6687 {
			brieflist = 1;
			parseflag = "hidden";
		}	
	}
}

DOMAIN TABLE "waf custom-access policy" "waf custom access policy " 6690 {
	TABLENAME STRING "name" "name" 6691 {
		VALIDATE NO_XSS RELAXED;
		TABLE "rule" "rule" 6692 {
			parseflag = "movable";
			TABLENAME INT "<NO.>" "the name of rule" 6693 {
				ATTR DATASOURCE "rule-name" "rule-name" 6694 {
					datasource = 6600;
                    parseflag = "must";
				}
			}
		}
	}
}

DOMAIN TABLE "waf padding-oracle" "waf padding oracle prevention policy" 6700 {
        TABLENAME STRING "name" "name" 6701 {
                VALIDATE NO_XSS RELAXED;
                ATTR OPTION "action" "action" 6702 {
                        CHOICES {
                                alert == 2 ::: "alert";
                                deny_no_log == 4 ::: "deny without log";
                                alert_deny == 6 ::: "deny connection and alert";
                                block-period == 11 ::: "block-period";
                        }
                        defaultval = alert;
                }
                ATTR INT "block-period" "block period(1-3600)" 6703 {
			VALIDATE RANGE 1:3600;
                        defaultval = 60;
                        condition = 6702:eq:11;
                }
                ATTR OPTION "severity" "severity:High, Medium, Low or Informative" 6704 {
                        CHOICES {
                                High == 1 ::: "High";
                                Medium == 2 ::: "Medium";
                                Low == 3 ::: "Low";
				Info == 4 ::: "Informative";
                        }
                        brieflist = 1;
                        defaultval = Medium;
                }
                ATTR DATASOURCE "trigger" "choose Email or syslog policy" 6705 {
                        datasource = "2090";
                }
                ATTR INT "flag" "flag" 6706 {
                        brieflist = 1;
                        parseflag = "hidden,readonly";
                }
		TABLE "protected-url-list" "protected url list" 6710 {
                        TABLENAME INT "<NO.>" "the name of protected url list" 6711 {
                                ATTR OPTION_EN "host-status" "host-status" 6712 {
                                        brieflist = 1;
                                        defaultval = disable;
                                }
                                ATTR STRING "host" "host" 6713 {
                                        brieflist = 1;
                                        VALIDATE NO_XSS RELAXED;
                                }
                                ATTR OPTION "url-type" "protected url type" 6714 {
                                        brieflist = 1;
                                        CHOICES {
                                                plain == 0;
                                                regular == 1;
                                        }
                                        defaultval = plain;
                                }
                                ATTR STRING "protected-url" "protected url" 6715 {
                                        parseflag = "must";
                                }
                                ATTR OPTION "target" "protected target" 6716 {
                                        multi_opt = 1;
                                        brieflist = 1;
                                        CHOICES {
                                                url     == 1: SET;
                                                parameter       == 2: SET;
                                                cookie  == 4: SET;
                                        }
                                        #defaultval = parameter;
                                        parseflag = "must";
                                }
                        }
                }
        }
}

DOMAIN TABLE "waf web-cache-exception" "web-cache-exception" 6870 {
	parseflag = @{all=null;FWB_400B|FWB_1000B=skip};
	TABLENAME STRING "name" "name" 6871 {
		VALIDATE NO_XSS RELAXED;
		brieflist = 1;
		TABLE "exception-list" "exception-list" 6872 {
			TABLENAME INT "<No.>" "name of web-cache-exception list " 6873 {
				ATTR OPTION_EN "host-status" "host-status" 6874 {
					brieflist = 1;
					defaultval = disable;
				}
				ATTR STRING "host" "host" 6875 {
					brieflist = 1;
					VALIDATE NO_XSS RELAXED;
				}
				ATTR OPTION "url-type" "url type" 6876 {
					CHOICES {
						plain == 0 ::: "Simple string";
						regular == 1 ::: "Regular expression";
					}
					defaultval = plain;
					brieflist = 1;
				}
				ATTR STRING "url-pattern" "url-pattern" 6877 {
					brieflist = 1;
				}
				ATTR STRING "cookie-name" "cookie-name" 6878 {
					brieflist = 1;
					VALIDATE NO_XSS RELAXED;
				}
			}
		}
	}
}

DOMAIN TABLE "waf web-cache-policy" "web cache policy" 6880 {
	parseflag = @{all=null;FWB_400B|FWB_1000B=skip};
	TABLENAME STRING "name" "name" 6881 {
		VALIDATE NO_XSS RELAXED;
		brieflist = 1;
		ATTR INT "cache-buffer-size" "cache-buffer-size (M)" 6882 {
			defaultval = 100;
#			VALIDATE RANGE 1:2048;
			brieflist = 1;
		}
		ATTR INT "max-cached-page-size" "max-cached-page-size" 6883 {
			defaultval = 2048;
			VALIDATE RANGE 1:10240;
			brieflist = 1;
		}
		ATTR INT "default-cache-timeout" "default-cache-timeout" 6884 {
			defaultval = 1440;
			VALIDATE RANGE 1:7200;
			brieflist = 1;
		}
		ATTR OPTION "cache-dump" "cache dump level" 6885 {
			parseflag = "keeporder";
			brieflist = 1;
			CHOICES {
				disable == 0 ::: "disable";
				dump-statistics == 1 ::: "dump statistics";
				dump-detail == 2 ::: "dump detail";
			}
			defaultval = disable;
		}
		ATTR OPTION_EN "cache-all" "cache all pages" 6886 {
			brieflist = 1;
			defaultval = disable;
		}
		ATTR DATASOURCE "exception" "web-cache-exception" 6887 {
			datasource = "6870";
			brieflist = 1;
		}
		TABLE "url-match-list" "url-match-list" 6888 {
			TABLENAME INT "<No.>" "name of web-cache-policy list " 6889 {
				ATTR OPTION_EN "host-status" "host-status" 6890 {
					brieflist = 1;
					defaultval = disable;
				}
				ATTR STRING "host" "host" 6891 {
					brieflist = 1;
					VALIDATE NO_XSS RELAXED;
				}
				ATTR OPTION "url-type" "url type" 6892 {
					CHOICES {
						plain == 0 ::: "Simple string";
						regular == 1 ::: "Regular expression";
					}
					defaultval = plain;
					brieflist = 1;
				}
				ATTR STRING "url-pattern" "url-pattern" 6893 {
					brieflist = 1;
				}
			}
		}
	}
}

DOMAIN TABLE "waf http-header-security" "http header security" 7040 {
        TABLENAME STRING "name" "name" 7041 {
        VALIDATE NO_XSS RELAXED;
                brieflist = 1;
                TABLE "http-header-security-list" "http header list" 7044 {
			parseflag = "movable,keeporder";
                        TABLENAME INT "<No.>" "The number of the http header list " 7045 {
                                ATTR OPTION "name" "http header name" 7046 {
                                        CHOICES {
                                                x-frame-options == 1 ::: "X-Frame-Options";
                                                x-content-type-options == 2 ::: "X-Content-Type-Options";
                                                x-xss-protection == 3 ::: "X-XSS-Protection";
                                                content-security-policy == 4 ::: "Content-Security-Policy";
                                        }
                                        defaultval = x-frame-options;
                                }

                                ATTR OPTION "value" "http header value" 7047 {
                                        CHOICES {
                                                nosniff == 0 ::: "nosniff";
                                                deny == 1 ::: "DENY";
                                                sameorigin == 2 ::: "SAMEORIGIN";
                                                allow-from == 3 ::: "ALLOW-FROM";
                                                sanitizing-mode == 4 ::: "Sanitizing Mode";
                                                block-mode == 5 ::: "Block Mode";
                                        }
                                        defaultval = nosniff;
                                        condition = 7046:NE:4;
                                }

                                ATTR STRING "custom-value" "http header custom value" 7050 {
                                        #VALIDATE NO_XSS RELAXED;
                                        brieflist = 1;
                                        condition = 7046:eq:4;
                                } 

                                ATTR STRING "allow-from-source" "ALLOW-FROM Source" 7048 {
                                        VALIDATE NO_XSS RELAXED;
                                        brieflist = 1;
                                        condition = 7046:EQ:1;
                                        condition = 7047:EQ:3;
                                }

                                ATTR OPTION "request-type" "simple string or regular expression" 7042 {
                                        CHOICES {
                                                plain == 0;
                                                regular == 1;
                                        }
                                        brieflist = 1;
                                        defaultval = plain;
                                }
                                ATTR STRING "request-file" "URL" 7043 {
                                        brieflist = 1;
                                }
				
				ATTR OPTION_EN "request-status" "url status" 7049 {
					brieflist = 1;
					defaultval = disable;
				}
                        }
                }
        }
}

DOMAIN TABLE "waf cookie-security" "cookie security" 6940 {
        TABLENAME STRING "name" "name" 6941 {
        VALIDATE NO_XSS RELAXED;
                brieflist = 1;
                TABLE "cookie-security-exception-list" "cookie security exception list" 6942 {
                        TABLENAME INT "<No.>" "The number of the cookie security exception list " 6943 {
                                ATTR STRING "cookie-name" "cookie name" 6944 {
                                        parseflag = "must";
                                        brieflist = 1;
                                }
                                ATTR STRING "cookie-domain" "cookie domain " 6945 {
                                        VALIDATE NO_XSS RELAXED;
                                        brieflist = 1;
                                }
                                ATTR STRING "cookie-path" "cookie path" 6946 {
                                        VALIDATE NO_XSS RELAXED;
                                        brieflist = 1;
                                }
                        }
                }
                ATTR OPTION "security-mode" "security mode " 6947 {
                        CHOICES {
                                no == 0 ::: "No";
                                encrypted == 1 ::: "encrypted";
                                signed == 2 ::: "signed";
                        }
                        defaultval = no;
                }
                ATTR OPTION "action" "action" 6954 {
                        CHOICES {
                                alert == 2 ::: "alert";
				deny_no_log == 4 ::: "deny without log";
                                alert_deny == 6 ::: "deny connection and alert";
                                remove_cookie == 5 ::: "remove cookie";
                                block-period == 11 ::: "block period";
                        }
                        defaultval = alert;
                }
                ATTR INT "block-period" "action block period(1-3600)" 6956 {
                        VALIDATE RANGE 1:3600;
                        defaultval = 60;
                        condition = 6954:eq:11;
                }
                ATTR OPTION "severity" "High, Medium, Low or Informative" 6955 {
                        CHOICES {
                                High == 1 ::: "High";
                                Medium == 2 ::: "Medium";
                                Low == 3 ::: "Low";
				Info == 4 ::: "Informative";
                        }
                        brieflist = 1;
                        defaultval = High;
                }
                ATTR DATASOURCE "trigger" "choose Email or syslog policy" 6957 {
                        datasource = "2090";
                        brieflist = 1;
                }
                ATTR OPTION "cookie-replay-protection-type" "cookie replay protection type" 6949 {
                        CHOICES {
                                no == 0 ::: "No";
                                IP == 1 ::: "IP";
                        }
                        defaultval = no;
			condition = 6947:eq:1;
                }
                ATTR INT "max-age" "max-age(0-65535)" 6948 {
                        VALIDATE RANGE 0:65535;
                        defaultval = 0;
                }
                ATTR OPTION_EN "secure-cookie" "secure cookie " 6950 {
                        brieflist = 1;
                        defaultval = disable;
                }
                ATTR OPTION_EN "http-only" "http only " 6951 {
                        brieflist = 1;
                        defaultval = enable;
                }
                ATTR OPTION "allow-suspicious-cookies" "allow suspicious cookies" 6952 {
                        CHOICES {
                                Never == 1 ::: "Never";
                                Always == 2 ::: "Always";
                                Custom == 3 ::: "Custom";
                        }
                        brieflist = 1;
                        defaultval = Custom;
			condition = 6947:eq:1;
			condition = 6947:eq:2;			
                }

                ATTR USER "allow-time" "allow date <yyyy/mm/dd>" 6953 {
                        defaultval = "0/0/0";
                        brieflist = 1;
                        condition = 6947:NE:0;                        
                        condition = 6952:EQ:3; 
                }
        }
}

DOMAIN TABLE "waf site-publish-helper keytab_file" "Kerberos keytab file" 4480 {
	TABLENAME STRING "name" "keytab name" 4481 {
		VALIDATE NO_XSS RELAXED;
		brieflist = 1;
		ATTR INT "flag" "flag operation" 4482 {
			parseflag = "hidden";
		}
	}
}

DOMAIN TABLE "waf site-publish-helper authentication-server-pool" "authentication server pool" 4460 {
	TABLENAME STRING "name" "name" 4461 {
		VALIDATE NO_XSS RELAXED;
		brieflist = 1;
		TABLE "members" "member list" 4462 {
			parseflag = "movable";
			TABLENAME INT "<No.>" "the number of a server" 4463 {
				ATTR OPTION "server-type" "server type" 4464 {
					CHOICES {
						ldap   == 1 ::: "ldap";
						radius == 2 ::: "radius";
					}
					brieflist = 1;
					defaultval = ldap;
				}
				ATTR DATASOURCE "ldap-server" "ldap server" 4465 {
					condition = 4464:EQ:1;
					parseflag = "must";
					brieflist = 1;
					datasource = "1020";
				}
				ATTR DATASOURCE "radius-server" "radius server" 4466 {
					condition = 4464:EQ:2;
					parseflag = "must";
					brieflist = 1;
					datasource = "1040";
				}
				ATTR OPTION_EN "rsa-securid" "enable/disable RSA SecurID login mode" 4467 {
					condition = 4464:EQ:2;
					defaultval = disable;
					brieflist = 1;
				}
			}
		}
	}
}

DOMAIN TABLE "waf site-publish-helper service-principal-name-pool" "service principal name pool" 4470 {
	TABLENAME STRING "name" "name" 4471 {
		VALIDATE NO_XSS RELAXED;
		brieflist = 1;
		TABLE "members" "member list" 4472 {
			parseflag = "movable";
			TABLENAME INT "<No.>" "the number of a server" 4473 {
				ATTR STRING "server" "server (IP or domain)" 4474 { 
						parseflag = "must";
						brieflist = 1; 
				}
				ATTR STRING "service-principal-name" "service principal name" 4475 { 
						parseflag = "must";
						brieflist = 1; 
				}
			}
		}
	}
}


DOMAIN TABLE "waf site-publish-helper rule" "site publish helper rule" 4400 {
	TABLENAME STRING "name" "primary key" 4413 {
		VALIDATE NO_XSS RELAXED;
		brieflist = 1;
		ATTR STRING "published-site" "published site" 4401 {
#			VALIDATE NO_XSS RELAXED;
			parseflag = "must";
			brieflist = 1;
		}
		ATTR OPTION "req-type" "published site type" 4414 {
			brieflist = 1;
			CHOICES {
				plain == 0 ::: "plain text";
				regular == 1 ::: "regular expression";
			}
			defaultval = plain;
		}
		ATTR OPTION_EN "status" "status" 4402 {
			defaultval = enable;
		}
		ATTR OPTION_EN "cookieless" "cookieless" 4425 {
			defaultval = disable;
		}
		ATTR OPTION "client-auth-method" "client auth method" 4403 {
			CHOICES {
				http-auth == 1 ::: "http auth";
				html-form-auth == 2 ::: "html form auth";
				client-cert-auth == 3 ::: "client cert auth";
				saml-auth == 4 ::: "saml auth";
			}
			brieflist = 1;
			defaultval = html-form-auth;
		}
		ATTR DATASOURCE "auth-server-pool" "authentication server pool" 4404 {
			condition = 4403:NE:3;
			condition = 4403:NE:4;
			parseflag = "must";
			datasource = "4460";
			brieflist = 1;
		}
		ATTR DATASOURCE "saml-server" "saml server" 4422 {
			condition = 4403:EQ:4;
			parseflag = "must";
			datasource = "1100";
			brieflist = 1;
		}
		ATTR OPTION "auth-delegation" "auth delegation" 4407 {
			CHOICES {
				no-delegation == 1 ::: "no-delegation";
				http-basic == 2 ::: "http-basic";
				kerberos == 3 ::: "kerberos";
				kerberos-constrained-delegation == 4 ::: "kerberos-constrained-delegation";
				ntlm == 5 ::: "ntlm";
			}
			brieflist = 1;
			defaultval = no-delegation;
		}

		ATTR DATASOURCE "keytab-file" "keytab file" 4416 {
			condition = 4407:eq:4;
			datasource = "4480";
			brieflist = 1;
		}

		ATTR OPTION "field-name" "certificate field name for extracting client user name" 4417 {
			condition = 4403:EQ:3;
			condition = 4407:EQ:4;
                        CHOICES {
				subject == 1 ::: "subject field";
				SAN == 2 ::: "subject-alt-name field";
			}
			brieflist = 1;
			defaultval = SAN;
		}

		ATTR OPTION "attribution-name" "certificate attribution name for extracting client user name" 4421 {
			condition = 4403:EQ:3;
			condition = 4407:EQ:4;
            		CHOICES {
				email == 1 ::: "email attribution";
				UPN == 2 ::: "user-principal-name attribution";
			}
			brieflist = 1;
			defaultval = UPN;
		}

	    	ATTR OPTION "delegation-mode" "delegattion mode" 4405 {
			condition = 4407:eq:3;
			condition = 4407:eq:4;
		 	CHOICES {
				single-server == 1 ::: "single server";
				server-pool == 2 ::: "server pool";
			}
			brieflist = 1;
			defaultval = single-server;
		}

        	ATTR STRING "delegated-spn" "delegated SPN" 4419 {
			condition = 4407:eq:3;
			condition = 4407:eq:4;
			condition = 4405:EQ:1;
			brieflist = 1;
		}

		ATTR DATASOURCE "service-principal-name-pool" "service principal name pool" 4406 {
			condition = 4407:eq:3;
			condition = 4407:eq:4;
			condition = 4405:EQ:2;
			datasource = "4470";
			brieflist = 1;
		}

        	ATTR STRING "delegator-spn" "delegator SPN" 4420 {
			condition = 4407:EQ:4;
			brieflist = 1;
		}

		ATTR OPTION_EN "sso-support" "sso-support" 4408 {
			defaultval = disable;
		}
		ATTR STRING "sso-domain" "sso-domain" 4409 {

		}

		ATTR OPTION_EN "prefix-support" "prefix-support" 4415 {
			condition = 4407:eq:2;
			condition = 4407:eq:3;
			defaultval = disable;
		}

		ATTR STRING "prefix-domain" "prefix-domain" 4418 {
			condition = 4407:eq:2;
			condition = 4407:eq:3;
		}
	
		ATTR STRING "path" "path must start with /" 4410 {
			VALIDATE REGEX "^/";
			parseflag = "must";
			brieflist = 1;
		}
		ATTR OPTION "alert-type" "alert type" 4411 {
			CHOICES {
				none == 0 ::: "none";
				fail == 1 ::: "failed only";
				success == 2 ::: "successful only";
				all == 3 ::: "all";
			}
			defaultval = none;
			brieflist = 1;
		}

		ATTR OPTION "logoff-path-type" "logoff path type" 4424 {
			condition = 4403:eq:2;
			condition = 4403:eq:4;
			brieflist = 1;
			CHOICES {
				plain == 0 ::: "plain text";
				regular == 1 ::: "regular expression";
			}
			defaultval = plain;
		}

		ATTR STRING "Published-Server-Logoff-Path" "Published Server Logoff path" 4412 {
			condition = 4403:eq:2;
			condition = 4403:eq:4;
			brieflist = 1;
		}

		ATTR INT "cookie-timeout" "authentication cookie timeout (0-216000)(minutes)" 4423 {
			 VALIDATE RANGE 0:216000;
			 condition = 4403:NE:4;
			 defaultval = 0;
			 brieflist = 1;
		}
		
		ATTR OPTION "kerberos-type" "kerberos type" 4426 {
			condition = 4407:eq:3;
			brieflist = 1;
			CHOICES {
				krb5 == 0 ::: "krb5";
				spnego == 1 ::: "spnego";
			}
			defaultval = krb5;
		}

		ATTR OPTION_EN "append-custom-header" "append custom header" 4427 {
			defaultval = disable;
		}

		ATTR STRING "custom-header-name" "custom header name" 4428 {
			VALIDATE NO_XSS RELAXED;
			condition = 4427:eq:1;
			defaultval = "X-FWB-Username";
		}

		ATTR STRING "custom-header-value-format" "custom header value format" 4429 {
			VALIDATE NO_XSS RELAXED;
			condition = 4427:eq:1;
			defaultval = "xxx-USERNAME-xxx";
		}

		ATTR OPTION_EN "pass-failed-auth" "pass failed auth" 4430 {
			condition = 4407:eq:4;
			defaultval = enable;
		}

		ATTR OPTION_EN "cache-tgs-ticket" "cache tgs ticket" 4431 {
			condition = 4407:eq:3;
			condition = 4407:eq:4;
			defaultval = enable;
		}
	}
}

DOMAIN TABLE "waf site-publish-helper policy" "site publish helper policy" 4440 {
	TABLENAME STRING "name" "name" 4441 {
		VALIDATE NO_XSS RELAXED;
		brieflist = 1;

		ATTR OPTION_EN "account-lockout" "account lockout" 4442 {
			defaultval = disable;
		}

		ATTR INT "max-login-failures" "bad login threshold (1-30)" 4443 {
			VALIDATE RANGE 1:30;
			defaultval = 5;
			condition = 4442:EQ:1;
			brieflist = 1;
		}

		ATTR INT "account-block-period" "account block period (1-3600 minutes)" 4444 {
			VALIDATE RANGE 1:3600;
			defaultval = 60;
			condition = 4442:EQ:1;
			brieflist = 1;
		}

		ATTR INT "within" "reset bad login counter after (1-30 minutes)" 4445 {
			VALIDATE RANGE 1:30;
			defaultval = 3;
			condition = 4442:EQ:1;
			brieflist = 1;
		}
		ATTR OPTION_EN "limit-users" "Limit concurrent users per account" 4433 {
			defaultval = disable;
		}
		ATTR INT "maximum-users" "Maximum concurrent users" 4434 {
			 VALIDATE RANGE 1:128;
			 defaultval = 1;
			 brieflist = 1;
		}
		ATTR INT "session-idle-timeout" "Session idle timeout(minutes)" 4435 {
			 VALIDATE RANGE 1:1440;
			 defaultval = 30;
			 brieflist = 1;
		}

		ATTR OPTION_EN "credential-stuffing-protection" "credential stuffing protection" 4449 {
			parseflag = @{all=null;FWB_VM_PAYG|FWB_XENAWS_ONDEMAND|FWB_AZURE_ONDEMAND|FWB_KVM_PAYG=skip};
			defaultval = disable;
			brieflist = 1;
		}

		ATTR OPTION "action" "action" 4439 {
			CHOICES {
				alert == 2 ::: "alert";
				deny_no_log == 4 ::: "deny without log";
				alert_deny == 6 ::: "deny connection and alert";
				block-period == 11 ::: "block-period";
			}
			condition = 4449:EQ:1;
			defaultval = alert_deny;
		}
		ATTR INT "block-period" "block period(1-3600)(Seconds)" 4438 {
			defaultval = 60;
			condition = 4449:EQ:1;
			condition = 4439:eq:11;
		}
		ATTR OPTION "severity" "severity:High, Medium, Low or Informative" 4437 {
			CHOICES {
				High == 1 ::: "High";
				Medium == 2 ::: "Medium";
				Low == 3 ::: "Low";
				Info == 4 ::: "Informative";
			}
			brieflist = 1;
			condition = 4449:EQ:1;
			defaultval = Medium;	
		}
		ATTR DATASOURCE "trigger" "choose Email or syslog policy" 4436 {
			datasource = "2090";
			condition = 4449:EQ:1;
		}

		TABLE "rule" "rule" 4446 {
			TABLENAME INT "<NO.>" "the name of rule" 4447 {
				ATTR DATASOURCE "rule-name" "rule-name" 4448 {
					datasource = 4400;
                    			parseflag = "must";
				}
			}
		}
	}
}

DOMAIN TABLE "waf ftp-file-security" "waf ftp file security" 9405 {
	parseflag = @{all=null;FWB_DOCKER=skip};
	TABLENAME STRING "name" "name" 9406 {
		VALIDATE NO_XSS RELAXED;
		brieflist = 1;
		parseflag = "keeporder";
		ATTR OPTION "action" "action" 9407 {
			CHOICES {
				alert == 2 ::: "alert";
				deny_no_log == 4 ::: "deny without log";
				alert_deny == 6 ::: "deny connection and alert";
				block-period == 11 ::: "block-period";
			}
			defaultval = alert_deny;
		}
		ATTR INT "block-period" "block period(1-3600)(seconds)" 9408 {
			defaultval = 60;
			condition = 9407:eq:11;
		}
		ATTR OPTION "severity" "severity:High, Medium, Low or Informative" 9409 {
			CHOICES {
				High == 1 ::: "High";
				Medium == 2 ::: "Medium";
				Low == 3 ::: "Low";
				Info == 4 ::: "Informative";
			}
			brieflist = 1;
			defaultval = Medium;	
		}
		ATTR DATASOURCE "trigger" "choose Email or syslog policy" 9410 {
			datasource = "2090";
		}
		ATTR OPTION "check-dir" "check direction" 9411 {
			CHOICES {
				upload == 1 ::: "uploading-check";
				download == 2 ::: "downloading-check";
				both == 3 ::: "both-dir";
			}
			defaultval = upload;
		}	
		ATTR OPTION_EN "av-scan" "AV scan upload file" 9413 {
			defaultval = disable;
		}
		ATTR OPTION_EN "send-files-to-fortisandbox" "Send Files to FortiSandbox" 9414 {
			defaultval = disable;
		}
		ATTR OPTION_EN "icap-server-check" "Upload suspicious file to icap server" 9418{
			defaultval = disable;
		}
	}
}
DOMAIN TABLE "waf ftp-command-restriction-rule" "waf ftp command restriction rule" 9420 {
	parseflag = @{all=null;FWB_DOCKER=skip};
	TABLENAME STRING "name" "name" 9421 {
		VALIDATE NO_XSS RELAXED;
		ATTR OPTION "action" "action" 9422 { 
				CHOICES { 
						alert == 2 ::: "alert";
						deny_no_log == 4 ::: "deny without log";
						alert_deny == 6 ::: "deny connection and alert";
						block-period == 11 ::: "block-period"; 
				}
				defaultval = alert_deny; 
		}
		ATTR INT "block-period" "block period(1-3600)(seconds)" 9423  { 
				defaultval = 60;
				condition = 9422:eq:11; 
		}
		ATTR OPTION "severity" "severity:High, Medium, Low or Informative" 9424 { 
				CHOICES { 
						High == 1 ::: "High";
						Medium == 2 ::: "Medium";
						Low == 3 ::: "Low"; 
						Info == 4 ::: "Informative";
				}
				brieflist = 1;
				defaultval = Medium; 
		}
		ATTR DATASOURCE "trigger" "choose Email or syslog policy" 9425 { 
				datasource = "2090"; 
		}
		TABLE "command-types" "command types list" 9426 {
			TABLENAME INT "id" "id" 9427 {
				ATTR OPTION "command-type" "command type" 9428 {
					CHOICES {
						FTP_USER == 1 ::: "USER";
						PASS == 2 ::: "PASS";
						ACCT == 3 ::: "ACCT";
						CDUP == 4 ::: "CDUP";
						FEAT == 5 ::: "FEAT";
						OPTS == 6 ::: "OPTS";
						SMNT == 7 ::: "SMNT";
						QUIT == 8 ::: "QUIT";
						REIN == 9 ::: "REIN";
						PORT == 10 ::: "PORT";
						PASV == 11 ::: "PASV";
						TYPE == 12 ::: "TYPE";
						STRU == 13 ::: "STRU";
						MODE == 14 ::: "MODE";
						RETR == 15 ::: "RETR";
						STOR == 16 ::: "STOR";
						STOU == 17 ::: "STOU";					
						APPE == 18 ::: "APPE";
						ALLO == 19 ::: "ALLO";
						REST == 20 ::: "REST";
						RNFR == 21 ::: "RNFR";
						RNTO == 22 ::: "RNTO";
						ABOR == 23 ::: "ABOR";
						DELE == 24 ::: "DELE";
						LIST == 25 ::: "LIST";
						NLST == 26 ::: "NLST";					
						MLSD == 28 ::: "MLSD";
						SITE == 29 ::: "SITE";
						SYST == 30 ::: "SYST";
						STAT == 31 ::: "STAT";
						HELP == 32 ::: "HELP";
						SIZE == 34 ::: "SIZE";
						MDTM == 35 ::: "MDTM";
						XMKD == 37 ::: "XMKD";
						XRMD == 38 ::: "XRMD";
						XPWD == 39 ::: "XPWD";
						XCUP == 40 ::: "XCUP";
						CWD == 41 ::: "CWD";
						RMD == 42 ::: "RMD";
						MKD == 43 ::: "MKD";
						PWD == 44 ::: "PWD";
						AUTH == 46 ::: "AUTH";
						EPRT == 48 ::: "EPRT";
						EPSV == 49 ::: "EPSV";
						PROT == 51 ::: "PROT";
					}
					brieflist = 1;
				}
			}
		}
	}
}

DOMAIN TABLE "waf machine-learning url-replacer-rule" "url replacer rule" 9130 {
	TABLENAME STRING "name" "name" 9131 {
		VALIDATE NO_XSS RELAXED;
		ATTR OPTION "type" "plugin type" 9132{
			CHOICES {
				pre-defined == 1 ::: "pre-defined application type";
				custom-defined == 2 ::: "custom-defined application type";
			}
			defaultval = pre-defined;
		}
		ATTR OPTION "app-type" "application type" 9133{
			CHOICES {
				jsp == 1 ::: "JSP application";
				owa-2003 == 2 ::: "OWA application";
			}
			defaultval = jsp;	
			condition = 9132:eq:1;
		}
		ATTR STRING "url" "original URL" 9134 {
			brieflist = 1;
			condition = 9132:eq:2;	
			parseflag = "must";
		}
		ATTR STRING "new-url" "new URL" 9135 {
			VALIDATE NO_XSS RELAXED;			
			brieflist = 1;
			condition = 9132:eq:2;	
			parseflag = "must";
		}
		ATTR STRING "param" "new parameter value" 9136 {
			VALIDATE NO_XSS RELAXED;
			brieflist = 1;
			condition = 9132:eq:2;	
		}
		ATTR STRING "new-param" "new parameter name" 9137 {
			VALIDATE NO_XSS RELAXED;
			brieflist = 1;
			condition = 9132:eq:2;	
		}
	}
}


DOMAIN TABLE "waf machine-learning url-replacer-policy" "url replacer policy" 9140 {
	TABLENAME STRING "name" "name" 9141 {
		VALIDATE NO_XSS RELAXED;
                TABLE "rule-list" "rule list" 9142 {
			parseflag = "movable";
                        TABLENAME INT "id" "id" 9143 {
			ATTR OPTION "type" "type" 9144 {
				CHOICES {
					URL_Replacer == 1 ::: "url replacer";
				}
				brieflist = 1;
				defaultval = URL_Replacer;
			}
			ATTR DATASOURCE "plugin-name" "plugin name" 9145 {
					brieflist = 1;
					datasource = "9130";
					parseflag = "must";
			}
		}
	}
}

DOMAIN TABLE "waf mobile-api-protection mobile-api-protection-rule" "mobile api protection rule" 10100 {
	TABLENAME STRING "name" "name" 10101 {
		VALIDATE NO_XSS RELAXED;
		ATTR OPTION_EN "host-status" "enable/disable" 10102 {
			defaultval = disable;
		}
		ATTR STRING "host" "host" 10103 {
			VALIDATE NO_XSS RELAXED;
		}
		ATTR OPTION "action" "action" 10104 { 
			CHOICES { 
				alert == 2 ::: "alert"; 
				deny_no_log == 4 ::: "deny without log"; 
				alert_deny == 6 ::: "deny connection and alert";
	            block-period == 11 ::: "block period"; 
			}
	        defaultval = alert; 
		}
	    ATTR INT "block-period" "action block period(1-3600)" 10105 { 
			VALIDATE RANGE 1:3600;
	        defaultval = 60;
		}
	    ATTR OPTION "severity" "High, Medium, Low or Informative" 10106 { 
			CHOICES { 
				High == 1 ::: "High";
	            Medium == 2 ::: "Medium";
	            Low == 3 ::: "Low"; 
	            Info == 4 ::: "Informative"; 
			}
	        brieflist = 1;
	        defaultval = High; 
		}
	    ATTR DATASOURCE "trigger" "trigger policy" 10107 { 
			datasource = "2090";
	        brieflist = 1; 
		}
		TABLE "url-list" "url list" 10108 {
			TABLENAME INT "id" "id" 10109 {
				ATTR OPTION "url-type" "url type" 10110 {
					CHOICES { 
						plain == 0 ::: "Simple string";
						regular == 1 ::: "Regular expression"; 
					}
					defaultval = plain;
					brieflist = 1; 
				}
				ATTR STRING "url-pattern" "url pattern" 10111 {
					brieflist = 1; 
					parseflag = "must";
				}
			}
		}
	}
}

DOMAIN TABLE "waf mobile-api-protection mobile-api-protection-policy" "mobile api protection policy" 10115 {
	TABLENAME STRING "name" "name" 10116 {		
		VALIDATE NO_XSS RELAXED;
		TABLE "rule-list" "rule list" 10117 {
			parseflag = "movable";
			TABLENAME INT "id" "id" 10118 {
				ATTR DATASOURCE "rule" "mobile api protection rule" 10119 {
					datasource = "10100";
				}
			}
		}
	}
}

DOMAIN TABLE "waf ftp-protection-profile inline-protection" "inline profile" 9400 {
        TABLENAME STRING "name" "name" 9401 {
                VALIDATE NO_XSS RELAXED;
                brieflist = 1;
#ATTR OPTION_EN "ftp_test" "ftp test mod" 9402 {
#                       defaultval = disable;
#               }

		ATTR DATASOURCE "ftp-restriction-command-type" "ftp-restriction-command-type" 9403 {
			datasource = "9420";
			brieflist = 1;
		}	
		ATTR DATASOURCE "ftp-file-check" "ftp-file-check" 9404 {
			datasource = "9405";
			brieflist = 1;
		}
		ATTR DATASOURCE "ftp-ip-check" "ftp-ip-check" 9415 {
			datasource = "5220";
			brieflist = 1;
		}
		ATTR DATASOURCE "ftp-geo-ip" "ftp-geo-ip" 9416 {
			datasource = "5200";
			brieflist = 1;
		}
		ATTR OPTION_EN "ftp-ip-intelligence" "ftp ip intelligence" 9417 {
			defaultval = disable;
			brieflist = 1;
		}
	}
}

DOMAIN TABLE "waf web-protection-profile inline-protection" "inline profile" 6240 {
	TABLENAME STRING "name" "name" 6241 {
		VALIDATE NO_XSS RELAXED;
		brieflist = 1;
		ATTR OPTION_EN "http-session-management" "http-session-management" 6242 {
			defaultval = disable;
		}
		ATTR INT "http-session-timeout" "http-session-timeout(20-3600)" 6243 {
			VALIDATE RANGE 20:3600;
			defaultval = 1200;
			condition = 6242:eq:1;
		}
		ATTR DATASOURCE "url-access-policy" "url-access-policy" 6244 {
			datasource = "5640";
			brieflist = 1;
		}
		ATTR DATASOURCE "signature-rule" "signature-rule" 6245 {
			datasource = "6020";
			brieflist = 1;
		}
		ATTR DATASOURCE "x-forwarded-for-rule" "x-forwarded-for-rule" 6246 {
			datasource = "6120";
			brieflist = 1;
		}
		ATTR DATASOURCE "page-access-rule" "page-access-rule" 6247 {
			datasource = "5460";
			brieflist = 1;
			condition = 6242:eq:1;
		}
		ATTR DATASOURCE "parameter-validation-rule" "parameter-validation-rule" 6248 {
			datasource = "5370";
			brieflist = 1;
		}
		ATTR DATASOURCE "hidden-fields-protection" "hidden-fields-protection" 6249 {
			datasource = "5440";
			brieflist = 1;
			condition = 6242:eq:1;
		}
		ATTR DATASOURCE "start-pages" "start-pages" 6250 {
			datasource = "6140";
			brieflist = 1;
			condition = 6242:eq:1;
		}
		ATTR DATASOURCE "allow-method-policy" "allow-method-policy" 6251 {
			datasource = "5570";
			brieflist = 1;
		}
		ATTR DATASOURCE "brute-force-login" "brute-force-login" 6252 {
			datasource = "6180";
			brieflist = 1;
		}
#		ATTR DATASOURCE "robot-control" "robot-control" 6253 {
#			datasource = "6160";
#			brieflist = 1;
#		}
		ATTR DATASOURCE "url-rewrite-policy" "url-rewrite-policy" 6254 {
			datasource = "5530";
			brieflist = 1;
		}
		ATTR DATASOURCE "http-authen-policy" "http-authen-policy" 6255 {
			datasource = "5260";
			brieflist = 1;
		}
		ATTR DATASOURCE "file-upload-policy" "file-upload-policy" 6261 {
			datasource = "6220";
			brieflist = 1;
		}
		ATTR DATASOURCE "http-protocol-parameter-restriction" "http-protocol-parameter-restriction" 6262 {
			datasource = "5660";
			brieflist = 1;
		}
		ATTR STRING "redirect-url" "Http redirect URL" 6263 {
		}
		ATTR OPTION_EN "amf3-protocol-detection" "amf3-protocol-detection" 6264 {
			defaultval = disable;
		}
		ATTR OPTION_EN "rdt-reason" "redirect URL with reason" 6265 {
			defaultval = disable;
		}
		ATTR DATASOURCE "ip-list-policy" "ip-list-policy" 6266 {
			datasource = "5220";
			brieflist = 1;
		}
		ATTR DATASOURCE "file-compress-rule" "file-compress-rule" 6267 {
			datasource = "5040";
			brieflist = 1;
		}
		ATTR DATASOURCE "application-layer-dos-prevention" "application-layer-dos-prevention" 6269 {
			datasource = "5180";
			brieflist = 1;
		}
		ATTR DATASOURCE "geo-block-list-policy" "geo-block-list-policy" 6271 {
			datasource = "5200";
			brieflist = 1;
		}
		ATTR DATASOURCE "custom-access-policy" "custom-access-policy" 6272 {
			datasource = "6690";
			brieflist = 1;
		}

		ATTR OPTION_EN "ip-intelligence" "ip intelligence" 6279 {
			defaultval = disable;
			brieflist = 1;
		}
		ATTR OPTION_EN "known-search-engine" "allow known search engine" 6280 {
			defaultval = disable;
			brieflist = 1;
		}

		# Mobile app identification
		ATTR OPTION_EN "mobile-app-identification" "mobile application identification" 6308 {
			defaultval = disable;
			brieflist = 1;
		}
		ATTR STRING "token-secret" "token secret of mobile application identification" 6309 {
			brieflist = 1;
		}
		ATTR STRING "token-header" "token header of mobile application identification" 6310 {
			brieflist = 1;
			defaultval = "Jwt-Token";
		}
		# end Mobile identification
		ATTR DATASOURCE "mobile-api-protection" "mobile api protection" 6311 {
			datasource = "10115";
			brieflist = 1;
		}
		ATTR DATASOURCE "site-publish-helper" "site publish helper" 6281 {
			datasource = "4440";
			brieflist = 1;
		}	
		ATTR DATASOURCE "web-cache-policy" "web cache policy" 6283 {
			parseflag = @{all=null;FWB_400B|FWB_1000B=skip};
			datasource = "6880";
			brieflist = 1;
		}		
                ATTR DATASOURCE "cookie-security-policy" "cookie security policy" 6298 {
                        datasource = "6940";
                        brieflist = 1;
                }		
                ATTR DATASOURCE "padding-oracle" "padding oracle policy" 6282 {
                        datasource = "6700";
                        brieflist = 1;
                }
		ATTR UINT "profile-id" "inline profile id" 6284 {
		#	parseflag = "hidden";
		}
		ATTR STRING "comment" "comment for inline profile" 6285 {
			brieflist = 1;
		}

		ATTR OPTION_EN "fortigate-quarantined-ips" "Block quarantined ip from Fortigate" 6286 {
                        defaultval = disable;
                        brieflist = 1;
                }

		ATTR OPTION "quarantined-ip-action" "Quarantined IP action" 6287 {
                        CHOICES {
                                alert == 2 ::: "alert";
								deny_no_log == 4 ::: "deny without log";
                                alert_deny == 6 ::: "deny connection and alert";
                        }
                        defaultval = alert;

                }

		ATTR OPTION "quarantined-ip-severity" "High, Medium,Low or Info" 6288 {
                        CHOICES {
                                High == 1 ::: "High";
                                Medium == 2 ::: "Medium";
                                Low == 3 ::: "Low";
								Info == 4 ::: "Informative";
                        }
                        brieflist = 1;
                        defaultval = High;
                }

		ATTR DATASOURCE "quarantined-ip-trigger" "choose Email or syslog policy" 6289{
                        datasource = "2090";
                        brieflist = 1;
                }

		ATTR DATASOURCE "csrf-protection" "csrf-protection" 6290 {
			datasource = "5345";
			brieflist = 1;
		}

		ATTR DATASOURCE "mitb-protection" "mitb-protection" 6303 {
			datasource = "9630";
			brieflist = 1;
		}


		ATTR DATASOURCE "user-tracking-policy" "user tracking policy" 6297 {
			datasource = "6920";
			brieflist = 1;
		}

		ATTR OPTION_EN "device-tracking" "device tracking" 6299 {
			defaultval = disable;
			brieflist = 1;
		}

		ATTR DATASOURCE "device-reputation-security-policy" "device reputation security policy" 6300 {
			datasource = "6970";
			brieflist = 1;
			condition = 6299:eq:1;
		}

                ATTR DATASOURCE "http-header-security" "http header security" 6301 {
                        datasource = "7040";
                        brieflist = 1;
                }

		ATTR DATASOURCE "xml-validation-policy" "xml validation policy" 6302 {
                        datasource = "9512";
                        brieflist = 1;
                }    		
	
		ATTR DATASOURCE "json-validation-policy" "json validation policy" 6307 {
                        datasource = "9920";
                        brieflist = 1;
                }    		
	       
	       ATTR DATASOURCE "openapi-validation-policy" "openapi validation policy" 6304 {
                        datasource = "9670";
                        brieflist = 1;
                }	
		ATTR DATASOURCE "websocket-security-policy" "websocket security policy" 6305 {
        		datasource = "7060";
            		brieflist = 1;
        	}

		ATTR DATASOURCE "cors-protection-policy" "cors protection policy" 6306 {
			datasource = "8350";
			brieflist = 1;
		}	
		ATTR DATASOURCE "custom-response" "custom-response" 6314 {
			datasource = "9730";
			brieflist = 1;
		}
		ATTR DATASOURCE "bot-mitigate-policy" "bot mitigation policy"  6312{
			datasource = "9995";
			brieflist = 1;
		}
	       #ATTR DATASOURCE "bot-custom-access-policy" "bot custom access policy" 6313 {
	       #	datasource = "11000";
	       #	brieflist = 1;
	       #}

		ATTR DATASOURCE "api-management-policy" "api management policy" 6315 {
                	datasource = "12150";
			brieflist = 1;
                }	
	}
}

DOMAIN TABLE "waf web-protection-profile offline-protection" "offline profile" 6340 {
	parseflag = @{all=null;FWB_DOCKER=skip};
	TABLENAME STRING "name" "name" 6341 {
		VALIDATE NO_XSS RELAXED;
		brieflist = 1;
		parseflag = "keeporder";
		ATTR OPTION_EN "http-session-management" "http-session-management" 6342 {
			defaultval = disable;
		}
		ATTR INT "http-session-timeout" "http-session-timeout(20-3600)" 6343 {
			VALIDATE RANGE 20:3600;
			defaultval = 1200;
			#condition = 6342:eq:1;
		}
		ATTR DATASOURCE "url-access-policy" "url-access-policy" 6344 {
			datasource = "5640";
			brieflist = 1;
		}
		ATTR STRING "http-session-keyword" "http-session-keyword" 6345 {
			VALIDATE NO_XSS RELAXED;
			#condition = 6342:eq:1;
		}
		ATTR DATASOURCE "hidden-fields-protection" "hidden-fields-protection" 6346 {
			datasource = "5440";
			brieflist = 1;
			#condition = 6342:eq:1;
		}
		ATTR DATASOURCE "signature-rule" "signature-rule" 6347 {
			datasource = "6020";
			brieflist = 1;
		}
		ATTR DATASOURCE "x-forwarded-for-rule" "x-forwarded-for-rule" 6348 {
			datasource = "6120";
			brieflist = 1;
		}
		ATTR DATASOURCE "parameter-validation-rule" "parameter-validation-rule" 6349 {
			datasource = "5370";
			brieflist = 1;
		}
		ATTR DATASOURCE "file-upload-policy" "file-upload-policy" 6350 {
			datasource = "6220";
			brieflist = 1;
		}
		ATTR DATASOURCE "allow-method-policy" "allow-method-policy" 6351 {
			datasource = "5570";
			brieflist = 1;
		}
#		ATTR DATASOURCE "robot-control" "robot-control" 6352 {
#			datasource = "6160";
#			brieflist = 1;
#		}
#		ATTR DATASOURCE "http-authen-policy" "http-authen-policy" 6353 {
#			datasource = "5260";
#			brieflist = 1;
#		}
		ATTR DATASOURCE "http-protocol-parameter-restriction" "http-protocol-parameter-restriction" 6354 {
			datasource = "5660";
			brieflist = 1;
		}
		ATTR OPTION_EN "amf3-protocol-detection" "amf3-protocol-detection" 6355 {
			defaultval = disable;
		}
		ATTR DATASOURCE "ip-list-policy" "ip-list-policy" 6356 {
			datasource = "5220";
			brieflist = 1;
		}
		ATTR DATASOURCE "geo-block-list-policy" "geo-block-list-policy" 6357 {
			datasource = "5200";
			brieflist = 1;
		}
		ATTR DATASOURCE "brute-force-login" "brute-force-login" 6359 {
			datasource = "6180";
			brieflist = 1;
		}
		ATTR DATASOURCE "custom-access-policy" "custom-access-policy" 6361 {
			datasource = "6690";
			brieflist = 1;
		}
		ATTR OPTION_EN "ip-intelligence" "ip intelligence" 6368 {
                        defaultval = disable;
                        brieflist = 1;
                }
		ATTR OPTION_EN "known-search-engine" "allow known search engine" 6369 {
			defaultval = disable;
			brieflist = 1;
		}		

		# Mobile app identification
		ATTR OPTION_EN "mobile-app-identification" "mobile application identification" 6383 {
			defaultval = disable;
			brieflist = 1;
		}
		ATTR STRING "token-secret" "token secret of mobile application identification" 6384 {
			brieflist = 1;
		}
		ATTR STRING "token-header" "token header of mobile application identification" 6385 {
			brieflist = 1;
			defaultval = "Jwt-Token";
		}
		# end Mobile identification
		
		ATTR DATASOURCE "mobile-api-protection" "mobile api protection" 6386 {
			datasource = "10115";
			brieflist = 1;
		}

                ATTR DATASOURCE "padding-oracle" "padding oracle policy" 6370 {
                        datasource = "6700";
                        brieflist = 1;
                }
		ATTR UINT "profile-id" "offline profile id" 6371 {
		#	parseflag = "hidden";
		}
		ATTR STRING "comment" "comment for offline profile" 6372 {
			brieflist = 1;
		}
		ATTR DATASOURCE "user-tracking-policy" "user tracking policy" 6373 {
			datasource = "6920";
			brieflist = 1;
		}
		ATTR DATASOURCE "xml-validation-policy" "xml validation policy" 6380 {
                        datasource = "9512";
                        brieflist = 1;
                }
	       ATTR DATASOURCE "openapi-validation-policy" "openapi validation policy" 6381 {
                        datasource = "9670";
                        brieflist = 1;
                }
		ATTR DATASOURCE "json-validation-policy" "json validation policy" 6382 {
                        datasource = "9920";
                        brieflist = 1;
                }
	       #ATTR DATASOURCE "bot-custom-access-policy" "bot custom access policy" 6374 {
	       #	datasource = "11000";
	       #	brieflist = 1;
	       #}
	}
}

GLOBAL TABLE "wad file-filter" "Web Site file filter" 9350 {
	parseflag = @{all=null;FWB_DOCKER=skip};
	TABLENAME STRING "name" "filter name" 9351 {
		VALIDATE NO_XSS RELAXED;
		brieflist = 1;
		ATTR OPTION "filter-type" "filter type" 9352 {
			brieflist = 1;
			CHOICES {
				black-file-list == 0 ::: "black file list";
				white-file-list == 1 ::: "white file list";
			}
			defaultval = black-file-list;
		}
		TABLE "members" "file filter members" 9353 {
			TABLENAME INT "id" "filter id" 9354 {
				brieflist = 1;
				ATTR OPTION "file-type" "file type" 9355 {
					brieflist = 1;
					CHOICES {
						directory == 0 ::: "directory";
						regular-file == 1 ::: "regular file";
					}
					defaultval = directory;
				}
				ATTR STRING "file-name" "file name" 9356 {
					VALIDATE NO_XSS RELAXED;
					brieflist = 1;
					parseflag = "must";
				}
				#ATTR OPTION_EN "recursive" "whether recursive do filter operation" 9357 {
					#defaultval = enable;
					#brieflist = 1;
					#condition = 9355:eq:0;
				#}
			}
		}
	}
}


GLOBAL TABLE "wad website" "Web Site with Anti-Defacement" 9300 {
	parseflag = @{all=null;FWB_DOCKER=skip};
	TABLENAME INT "id" "website id" 9301 {
		VALIDATE RANGE 1:256;
		brieflist = 1;
		ATTR STRING "name" "name of this website" 9302 {
			VALIDATE NO_XSS RELAXED;
			brieflist = 1;
			parseflag = "must";
		}
		ATTR STRING "description" "description of this website" 9303 {
			brieflist = 1;
		}
		ATTR OPTION_EN "monitor" "whether to enable monitoring this website : [enable|disable]" 9304 {
			defaultval = enable;
			brieflist = 1;
		}
		ATTR STRING "hostname-ip" "Hostname or IP address of the website" 9305 {
			VALIDATE HOSTNAME RELAXED;
			brieflist = 1;
		}
		ATTR OPTION "connect-type" "conection type : [FTP | SSH | SMB]" 9306 {
			CHOICES {
				ftp == 0 ::: "connect by ftp";
				ssh == 1 ::: "connect by ssh";
				smb == 2 ::: "connect by windows share";
			}
			defaultval = ftp;
			brieflist = 1;
		}
		ATTR INT "port" "port, scale: [1-65535], only available for FTP or SSH" 9307 {
			VALIDATE RANGE 1:65535;
			defaultval = 21;
			condition = 9306:ne:2;
			brieflist = 1;
		}
		ATTR STRING "share-name" "windows share name" 9308 {
			VALIDATE NO_XSS RELAXED;
			condition = 9306:eq:2; 
			brieflist = 1;
		}
		ATTR STRING "web-folder" "website folder to be monitored" 9309 {
			VALIDATE NO_XSS RELAXED;
			condition = 9306:ne:2;
			brieflist = 1;
		}
		ATTR STRING "user" "user name" 9310 {
			VALIDATE NO_XSS RELAXED;
			brieflist = 1;
		}
		ATTR PASSWD "password" "password" 9311 {
			brieflist = 1;
		}
		ATTR DATASOURCE "alert-email" "alert email address list, seperated by commar" 9312 {
			datasource = "2030";
			brieflist = 1;
		}
		ATTR INT "interval-root" "monitor interval for pages under root directory, unit: second" 9313 {
			VALIDATE RANGE 1:86400;
			defaultval = 60;
			brieflist = 1;
		}
		ATTR INT "interval-other" "monitor interval of all pages under non root directory, unit: second" 9314 {
			VALIDATE RANGE 1:86400;
			defaultval = 600;
			brieflist = 1;
		}
		ATTR INT "monitor-depth" "max depth of web folder" 9315 {
			VALIDATE RANGE 1:10;
			defaultval = 5;
			brieflist = 1;
		}
		ATTR INT "backup-max-fsize" "maximum size of web site file to be backuped, unit: KByte" 9316 {
			VALIDATE RANGE 1:1048576;
			defaultval = 10240;
		}
		ATTR STRING "backup-skip-ftype" "file suffix to be skipped, seperated by commar. For example: [avi,iso,rmvb]" 9317 {
			VALIDATE NO_XSS RELAXED;
			brieflist = 1;
		}
		ATTR INT "last-backup-time" "last backup time" 9318 {
			brieflist = 1;
			parseflag = "hidden";
		}
		ATTR OPTION "auto" "automatically execute web file changes" 9319 {
			CHOICES {
				disable == 0 ::: "Disable automatically execute web file changes";
				restore == 1 ::: "Automatically restore web file changes";
				acknowledge == 2 ::: "Automatically acknowledge web file changes";
			}
			defaultval = disable;
		}
		ATTR DATASOURCE "file-filter" "file filter" 9320 {
			datasource = "9350";
			brieflist = 1;
		}
	}
}

DOMAIN TABLE "log reports" "reports" 2180 {
    TABLENAME STRING "report_name" "report name" 2181 {
        VALIDATE NO_XSS RELAXED;		
        ATTR STRING "report_title" "report title" 2182 {
            VALIDATE NO_XSS RELAXED;
            brieflist = 1;
#parseflag = "must";
        }
        ATTR STRING "report_desc" "report description" 2183 {
            brieflist = 1;
#parseflag = "must";
        }
        ATTR OPTION "report_protected" "Set report config read-only, for FortiWeb administrators" 2184 {
            CHOICES {
                no == 0 ::: "Allow report config to be modified";
                yes == 1 ::: "Set report config read-only";
            }
            parseflag = "hidden";
            defaultval = no;
        }
        ATTR OPTION "include_nodata" "Set display/hide reports with no matching data" 2185 {
            CHOICES {
                no == 0 ::: "Hide reports with no matching data";
                yes == 1 ::: "Display reports with no matching data";
            }
            defaultval = no;
        }
        ATTR OPTION "on_demand" "Set report profile on-demand" 2186 {
            CHOICES {
                disable == 0 ::: "Not an on-demand report";
                enable == 1 ::: "An on-demand report";
            }
            defaultval = disable;
        }
        ATTR OPTION "period_type" "time period of the default report" 2187 {
            CHOICES {
                today == 0 ::: "Today";
                yesterday == 1 ::: "Yesterday";
                last-n-hours == 2 ::: "Last N Hours";
                this-week == 3 ::: "This Week";
                last-week == 4 ::: "Last Week";
                last-7-days == 5 ::: "Last 7 Days";
                last-n-days == 6 ::: "Last N Days";
                last-2-weeks == 7 ::: "Last 2 Weeks";
                last-14-days == 8 ::: "Last 14 Days";
                this-month == 9 ::: "This Month";
                last-month == 10 ::: "Last Month";
                last-30-days == 11 ::: "Last 30 Days";
                last-n-weeks == 12 ::: "Last N Weeks";
                this-quarter == 13 ::: "This Quarter";
                last-quarter == 14 ::: "Last Quarter";
                this-year == 15 ::: "This Year";
                other == 16 ::: "Other Specified Dates and Times";
            }
            defaultval = last-7-days;
        }
        ATTR INT "period_last_n" "last N hours/days/weeks" 2188 {
            brieflist = 1;
            condition = 2187:eq:2;	
            condition = 2187:eq:6;	
            condition = 2187:eq:12;	
#parseflag = "must";
        }
        ATTR USER "period_start" "start date and time <hh:mm yyyy/mm/dd>" 2189 {
            defaultval = "00:00 2001/1/1";
            brieflist = 1;
            condition = 2187:eq:16;	
#parseflag = "must";
        }
        ATTR USER "period_end" "end date and time <hh:mm yyyy/mm/dd>" 2190 {
            defaultval = "00:00 2001/1/1";
            brieflist = 1;
            condition = 2187:eq:16;	
#parseflag = "must";
        }
        ATTR INT "scope_top1" "show top X values of the 1st variable in Ranked Reports" 2191 {
            VALIDATE RANGE 1:30;
            brieflist = 1;
            defaultval = 7;
        }
        ATTR INT "scope_top2" "show top Y values of the 2nd variable in Ranked Reports" 2192 {
            VALIDATE RANGE 1:30;
            brieflist = 1;
            defaultval = 3;
        }
        ATTR OPTION "scope_include_summary" "whether include summary information in the report" 2193 {
            CHOICES {
                no == 0 ::: "Do not include summary in the report";
                yes == 1 ::: "Include summary in the report";
            }
            defaultval = yes;
        }
        ATTR OPTION "scope_include_table_of_content" "whether include table of content in the report" 2194 {
            CHOICES {
                no == 0 ::: "Do not include table of content in the report";
                yes == 1 ::: "Include table of content in the report";
            }
            defaultval = yes;
        }
        ATTR OPTION "Report_pci_activity" "PCI_Activity" 2195 {
            multi_opt = 1;
            CHOICES {
                pci-attacks-date-type == 1 :SET:: "PCI_Attacks_by_Date_and_Top_Attack_Types";
                pci-attacks-month-type == 2 :SET:: "PCI_Attacks_by_Month_and_Top_Attack_Types";
                pci-attacks-day-type == 4 :SET:: "PCI_Attacks_by_Day_of_Week_and_Top_Attack_Types";
                pci-attacks-hour-type == 8 :SET:: "PCI_Attacks_by_Hour_of_Day_and_Top_Attack_Types";
            }
#            defaultval = pci-attacks-date-type;
        }
        ATTR OPTION "Report_attack_activity" "Attack_Activity" 2196 {
            multi_opt = 1;
            CHOICES {
                attacks-type == 1 :SET:: "Attacks_by_Top_Attack_Types";
                attacks-url == 2 :SET:: "Attacks_by_Top_URLs";
                attacks-date-type == 4 :SET:: "Attacks_by_Date_and_Top_Attack_Types";
                attacks-month-type == 8 :SET:: "Attacks_by_Month_and_Top_Attack_Types";
                attacks-day-type == 16 :SET:: "Attacks_by_Day_of_Week_and_Top_Attack_Types";
                attacks-hour-type == 32 :SET:: "Attacks_by_Hour_of_Day_and_Top_Attack_Types";
                attacks-type-dev == 64 :SET:: "Attacks_by_Top_Actions_and_Attack_Severity";
                attacks-dst-type == 128 :SET:: "Attacks_by_Attack_Destination_and_Top_Attack_Types";
                attacks-dst-ip == 256 :SET:: "Attacks_by_Attack_Destination_and_Top_Attack_Source_IP";
                attacks-type-ip == 512 :SET:: "Attacks_by_Top_Attack_Types_and_Top_Attack_Source_IP";
                attacks-method-type == 1024 :SET:: "Attacks_by_Http_Methods_and_Top_Attack_Types";
                attacks-cat == 2048 :SET:: "Attacks_By_Category";
                attacks-policy == 4096 :SET:: "Attacks_By_Policy";
                attacks-day == 8192 :SET:: "Attacks_By_Day";
                attacks-ts == 16384 :SET:: "Top_Sources_Of_Attacks";
                attacks-td == 32768 :SET:: "Top_Destinations_of_Attacks";
                attacks-proto == 65536 :SET:: "Top_Attacks_by_Protocol";
                attacks-date-severity == 131072 :SET:: "Attacks_by_Date_and_Top_Attack_Severity";
                attacks-month-severity == 262144 :SET:: "Attacks_by_Month_and_Top_Attack_Severity";
                attacks-day-severity == 524288 :SET:: "Attacks_by_Day_of_Week_and_Top_Attack_Severity";
                attacks-hour-severity == 1048576 :SET:: "Attacks_by_Hour_of_Day_and_Top_Attack_Severity";
                attacks-sessionid == 2097152 :SET:: "Attacks_By_UserID";
                attacks-srccountry == 4194304 :SET:: "Attacks_by_Source_Country";
                attacks-signature-id == 8388608 :SET:: "Attacks_by_Signature_ID";
                attacks-type-signature-id == 16777216 :SET:: "Attacks_by_Attack_Types_and_Top_Signature_ID";
                attacks-fortisandbox == 33554432 :SET:: "Attacks_by_FortiSandbox";
		attacks-httphost == 67108864 :SET:: "Attacks_by_Http_Host";
		attacks-username == 134217728 :SET:: "Attacks_by_User_Name";
		attacks-httprefer == 268435456 :SET:: "Attacks_by_Http_Refer";
		attacks-httpversion == 536870912 :SET:: "Attacks_by_Http_Version";
		threat-weight-client-device == 1073741824 :SET:: "Top_Client_Device_Of_Threat_Weight";
		attacks-client-device == 2147483648 :SET:: "Top_Attacks_by_Client_Device";
		cat-client-device == 4294967296 :SET:: "Top_Category_by_Client_Device";
		attack-summary == 8589934592 :SET:: "Attack_Summary";
		attack-details == 17179869184 :SET:: "Attack_Details";
            }
#            defaultval = attacks-type;
        }
        ATTR OPTION "Report_traffic_activity" "Traffic_Activity" 2197 {
            multi_opt = 1;
            CHOICES {
                net-pol == 1 :SET:: "Top_Policies";
                net-srv == 2 :SET:: "Top_Services";
                net-src == 4 :SET:: "Top_Sources";
                net-dst == 8 :SET:: "Top_Destinations";
                net-src-dst == 16 :SET:: "Top_Destinations_By_Top_Source";
                net-dst-src == 32 :SET:: "Top_Sources_By_Top_Destination";
                net-date-dst == 64 :SET:: "Top_Destinations_By_Date";
                net-hour-dst == 128 :SET:: "Top_Destinations_By_Hour_of_Day";
                net-day-dst == 256 :SET:: "Top_Destinations_By_Day_of_Week";
                net-month-dst == 512 :SET:: "Top_Destinations_By_Month";
                net-date-src == 1024 :SET:: "Top_Sources_By_Date";
                net-hour-src == 2048 :SET:: "Top_Sources_By_Hour_of_Day";
                net-day-src == 4096 :SET:: "Top_Sources_By_Day_of_Week";
                net-month-src == 8192 :SET:: "Top_Sources_By_Month";
                net-srccountry == 16384 :SET:: "Top_Source_Country";
		net-httphost == 32768 :SET:: "Top_Http_Host";
		net-username == 65536 :SET:: "Top_User_Name";
		net-httprefer == 131072 :SET:: "Top_Http_Refer";
		net-httpversion == 262144 :SET:: "Top_Http_Version";
		net-client-device == 524288 :SET:: "Top_Client_Device";
            }
#defaultval = net-pol;
        }
        ATTR OPTION "Report_event_activity" "Event_Activity" 2198 {
            multi_opt = 1;
            CHOICES {
                ev-all == 1 :SET:: "Overall_Events_Triggered";
                ev-all-cat == 2 :SET:: "Overall_Events_Triggered_By_Category";
                ev-all-type == 4 :SET:: "Overall_Events_Triggered_By_Type";
                ev-crit-hour == 8 :SET:: "Critical_Events_Triggered_By_Hour_Of_Day";
                ev-crit-day == 16 :SET:: "Critical_Events_Triggered_By_Date";
                ev-warn-hour == 32 :SET:: "Warning_Events_Triggered_By_Hour_Of_Day";
                ev-warn-day == 64 :SET:: "Warning_Events_Triggered_By_Date";
                ev-info-hour == 128 :SET:: "Informational_Events_Triggered_By_Hour_Of_Day";
                ev-info-day == 256 :SET:: "Informational_Events_Triggered_By_Date";
                ev-emer-hour == 512 :SET:: "Emergency_Events_Triggered_By_Hour_Of_Day";
                ev-emer-day == 1024 :SET:: "Emergency_Events_Triggered_By_Date";
                ev-aler-hour == 2048 :SET:: "Alert_Events_Triggered_By_Hour_Of_Day";
                ev-aler-day == 4096 :SET:: "Alert_Events_Triggered_By_Date";
                ev-err-hour == 8192 :SET:: "Error_Events_Triggered_By_Hour_Of_Day";
                ev-err-day == 16384 :SET:: "Error_Events_Triggered_By_Date";
                ev-noti-hour == 32768 :SET:: "Notification_Events_Triggered_By_Hour_Of_Day";
                ev-noti-day == 65536 :SET:: "Notification_Events_Triggered_By_Date";
                ev-hour == 131072 :SET:: "Events_By_Hour_Of_Day";
                ev-hour-cat == 262144 :SET:: "Hourly_Events_By_Category";
                ev-day == 524288 :SET:: "Events_By_Date";
                ev-day-cat == 1048576 :SET:: "Daily_Events_By_Category";
                ev-stat == 2097152 :SET:: "Events_Status";
                ev-day-login == 4194304 :SET:: "Top_Login_By_Day";
                ev-week-login == 8388608 :SET:: "Top_Login_By_Week";
                ev-user-login == 16777216 :SET:: "Top_Login_By_User";
            }
#            defaultval = ev-all;
        }
        TABLE "queryset_option" "The settings about Query Sets" 2199 {
            parseflag = @{all=skip};
	    #parseflag = "hidden";
            TABLENAME STRING "name" "QuerySet\'s Name" 2200 {
                ATTR INT "order" "Specify QuerySet\'s Order in Report" 2201{
                    defaultval = 100;
                }
            }
        }
        TABLE "query_option" "The settings about Querys" 2202 {
            #parseflag = "hidden";
	    parseflag = @{all=skip};
            TABLENAME STRING "name" "QuerySet\'s Name" 2203 {
                ATTR INT "order" "Specify Current Query\'s Order in Report" 2204{
                    defaultval = 100;
                }
                ATTR OPTION "Table-Graph" "Specify Current Query\'s Table and Graph in Report" 2205 {
                    CHOICES {
                        all == 0 ::: "Show Table and Graph in Report";
                        table == 1 ::: "Show Table only in Report";
                        graph == 2 ::: "Show Graph only in Report";
                    }
                    defaultval = all;
                }
                ATTR OPTION "include-other" "If keep \"Other\" Field in Graphs" 2206 {
                    CHOICES {
                        disable == 0 ::: "Delete Other Field in Graph";
                        enable == 1 ::: "Keep Other Field in Graph";
                    }
                    defaultval = enable;
                }
            }		
        }
        ATTR STRING "filter_string" "query string of the log filter" 2207 {
            brieflist = 1;
            parseflag = "hidden";
        }
        ATTR OPTION "schedule_type" "schedule type" 2208 {
            CHOICES {
                none == 0 ::: "Not scheduled";
                daily == 1 ::: "Daily";
                days == 2 ::: "Specific days of the week";
                dates == 3 ::: "Specific dates of the month";
            }
            defaultval = none;
            condition = 2186:eq:0;	
        }
        ATTR OPTION "schedule_days" "specify days of the week to run reports" 2209 {
            multi_opt = 1;
            CHOICES {
                sun == 1 : SET:: "Sunday";
                mon == 2 : SET:: "Monday";
                tue == 4 : SET:: "Tuesday";
                wed == 8 : SET:: "Wednesday";
                thu == 16 : SET:: "Thursday";
                fri == 32 : SET:: "Friday";
                sat == 64 : SET:: "Saturday";
            }
#            defaultval = sun;
            condition = 2186:eq:0;
            condition = 2208:eq:2;	
        }
        ATTR OPTION "schedule_dates" "specify dates of the month to run reports" 2210 {
            multi_opt = 1;
            CHOICES {
                1 == 2 :SET;
                2 == 4 :SET;
                3 == 8 :SET;
                4 == 16 :SET;
                5 == 32 :SET;
                6 == 64 :SET;
                7 == 128 :SET;
                8 == 256 :SET;
                9 == 512 :SET;
                10 == 1024 :SET;
                11 == 2048 :SET;
                12 == 4096 :SET;
                13 == 8192 :SET;
                14 == 16384 :SET;
                15 == 32768 :SET;
                16 == 65536 :SET;
                17 == 131072 :SET;
                18 == 262144 :SET;
                19 == 524288 :SET;
                20 == 1048576 :SET;
                21 == 2097152 :SET;
                22 == 4194304 :SET;
                23 == 8388608 :SET;
                24 == 16777216 :SET;
                25 == 33554432 :SET;
                26 == 67108864 :SET;
                27 == 134217728 :SET;
                28 == 268435456 :SET;
                29 == 536870912 :SET;
                30 == 1073741824 :SET;
                31 == 2147483648 :SET;
            }
            defaultval = 1;
            condition = 2186:eq:0;
            condition = 2208:eq:3;	
        }
        ATTR USER "schedule_time" "specify time of the day to run reports <hh:mm>" 2211 {
            defaultval = "00:00";
            brieflist = 1;
            condition = 2186:eq:0;
            condition = 2208:eq:1;	
#parseflag = "must";
        }
#        ATTR DATASOURCE "output_language" "Set output report language." 2212 {
#            brieflist = 1;
#            datasource = "210,270";
#defaultval = "Default";
#parseflag = "hidden,must";				
#        }
        ATTR OPTION "output_file" "file output formats" 2213 {
            multi_opt = 1;
            CHOICES {
                html == 1 : SET:: "HTML";
                pdf == 2 : SET:: "PDF";
                rtf == 4 : SET:: "MS Word";
                txt == 8 : SET:: "Text";
                mht == 16 : SET:: "MHT";
            }
            defaultval = html;
        }
        ATTR STRING "email_subject" "email output subject" 2214 {
            brieflist = 1;
#parseflag = "must";
            VALIDATE NO_XSS RELAXED;
        }
        ATTR STRING "email_body" "email output body" 2215 {
            brieflist = 1;
#parseflag = "must";
            VALIDATE NO_XSS RELAXED;
        }
        ATTR STRING "email_attachment_name" "email output attachment name" 2216 {
            brieflist = 1;
#parseflag = "must";
            VALIDATE NO_XSS RELAXED;
        }
        ATTR OPTION "email_attachment_compress" "email compressed reports." 2217 {
            CHOICES {
                disable == 0 ::: "Email uncompressed report.";
                enable == 1 ::: "Email compressed report.";
            }
            defaultval = disable;	
        }
        ATTR OPTION "output_email" "email output formats" 2218 {
            multi_opt = 1;
            CHOICES {
                html == 1 : SET:: "HTML";
                pdf == 2 : SET:: "PDF";
                rtf == 4 : SET:: "MS Word";
                txt == 8 : SET:: "Text";
                mht == 16 : SET:: "MHT";
            }
#defaultval = html;
        }
        ATTR DATASOURCE "output_email_policy" "email output policy" 2219 {
            brieflist = 1;
            datasource = "2030";
        }
        TABLE "output_addresses" "email addresses of recipients" 2220 {
            #parseflag = "hidden";
	    parseflag = @{all=skip};
            TABLENAME STRING "address" "email to address" 2221 {
                ATTR STRING "email_from" "email from address" 2222 {
                    brieflist = 1;
                    VALIDATE EMAIL_ADDRESS RELAXED;
                }
            }
        }
        ATTR INT "browse_interval_1" "report parameters browse_interval_1 in seconds" 2223 {
            brieflist = 1;
            defaultval = 10;
            parseflag = "hidden";
        }
        ATTR INT "browse_interval_2" "report parameters browse_interval_2 in seconds" 2224 {
            brieflist = 1;
            defaultval = 30;
            parseflag = "hidden";
        }
        ATTR INT "browse_interval_3" "report parameters browse_interval_3 in seconds" 2225 {
            brieflist = 1;
            defaultval = 45;
            parseflag = "hidden";
        }
        ATTR INT "browse_interval_4" "report parameters browse_interval_4 in seconds" 2226 {
            brieflist = 1;
            defaultval = 75;
            parseflag = "hidden";
        }
        ATTR INT "percentage_1" "Percentage chance of constant browsing when consecutive web accesses time between browse_interval_1 and browse_interval_2" 2227 {
            brieflist = 1;
            defaultval = 90;
            parseflag = "hidden";
        }
        ATTR INT "percentage_2" "Percentage chance of constant browsing when consecutive web accesses time between browse_interval_2 and browse_interval_3" 2228 {
            brieflist = 1;
            defaultval = 60;
            parseflag = "hidden";
        }
        ATTR INT "percentage_3" "Percentage chance of constant browsing when consecutive web accesses time between browse_interval_3 and browse_interval_4" 2229 {
            brieflist = 1;
            defaultval = 30;
            parseflag = "hidden";
        }
        ATTR INT "last_page_time" "report parameters : add last_page_time seconds to view last page" 2230 {
            brieflist = 1;
            defaultval = 8;
            parseflag = "hidden";
        }
        ATTR STRING "custom_company" "Company Name" 2231 {
            brieflist = 1;
#parseflag = "must";
            VALIDATE NO_XSS RELAXED;
        }
        ATTR STRING "custom_header" "Header Comment" 2232 {
            brieflist = 1;
#parseflag = "must";
        }
        ATTR OPTION "custom_footer_options" "Footer Option" 2233 {
            CHOICES {
                report-title == 0 ::: "Report Title";
                custom == 1 ::: "Custom";
            }
            defaultval = report-title;
        }
        ATTR STRING "custom_footer" "Footer Comment" 2234 {
            brieflist = 1;
#parseflag = "must";
            condition = 2233:eq:1;
        }
        ATTR STRING "custom_header_logo" "Header Logo" 2235 {
            brieflist = 1;
#parseflag = "must";
            VALIDATE NO_XSS RELAXED;
        }
        ATTR STRING "custom_title_logo" "Title Logo" 2236 {
            brieflist = 1;
#parseflag = "must";
            VALIDATE NO_XSS RELAXED;
        }
        ATTR OPTION "output_ftp" "ftp output formats" 2237 {
            multi_opt = 1;
            CHOICES {
                html == 1 : SET:: "HTML";
                pdf == 2 : SET:: "PDF";
                rtf == 4 : SET:: "MS Word";
                txt == 8 : SET:: "Text";
                mht == 16 : SET:: "MHT";
            }
#defaultval = html;
        }
        ATTR DATASOURCE "output_ftp_policy" "ftp output policy" 2238 {
            brieflist = 1;
            datasource = "2070";
        }
    }
}

GLOBAL TABLE "wvs schedule" "wvs schedule" 9000 {
	TABLENAME STRING "name" "wvs schedule name" 9001 {
		VALIDATE NO_XSS RELAXED;
		brieflist = 1;
		ATTR OPTION "type" "schedule type" 9002 {
			CHOICES {
				onetime ==  0;
				recurring == 1;
			}
			defaultval = onetime;
		}
		ATTR USER "date" "time and date" 9003 {
			condition = 9002:eq:0;
			defaultval = "0:0 2001/01/01";
		}
		ATTR USER "time" "configure schedule time" 9004 {
			condition = 9002:eq:1;
			defaultval = "0:0";
#			parseflag = "must";
		}
		ATTR OPTION "wday" "weekday" 9005 {
			multi_opt = 1;
			CHOICES {
				Sunday 	  == 1 : SET:: "update every Sunday";
				Monday	  == 2 : SET:: "update every Monday";
				Tuesday   == 4 : SET:: "update every Tuesday";
				Wednesday == 8 : SET:: "update every Wednesday";
				Thursday  == 16: SET:: "update every Thursday";
				Friday    == 32: SET:: "update every Friday";
				Saturday  == 64: SET:: "update every Saturday";
			}			
			parseflag = "keeporder";
			defaultval = Sunday;
			condition = 9002:eq:1;
		}
	}
}

GLOBAL TABLE "wvs template" "wvs template" 9080 {
	TABLENAME STRING "name" "wvs template name" 9081 {
		VALIDATE NO_XSS RELAXED;
                brieflist = 1;
		ATTR OPTION "audit" "audit plugin" 9082 {
			multi_opt = 1;
			CHOICES {
				BLIND_SQLI == 0x0000000000000001 :SET:: "enable blind_sqli plugin";
				BUFFER_OVERFLOW == 0x0000000000000002 :SET:: "enable buffer_overflow plugin";
				CORS_ORIGIN == 0x0000000000000004 :SET:: "enable cors_origin plugin";
				CSRF == 0x0000000000000008 :SET:: "enable csrf plugin";
				DAV == 0x0000000000000010 :SET:: "enable dav plugin";
				DESERIALIZATION == 0x0000000000000020 :SET:: "enable deserialization plugin";
				EVAL == 0x0000000000000040 :SET:: "enable eval plugin";
				FILE_UPLOAD == 0x0000000000000080 :SET:: "enable file_upload plugin";
				FORMAT_STRING == 0x0000000000000100 :SET:: "enable format_string plugin";
				FRONTPAGE == 0x0000000000000200 :SET:: "enable frontpage plugin";
				GENERIC == 0x0000000000000400 :SET:: "enable generic plugin";
				GLOBAL_REDIRECT == 0x0000000000000800 :SET:: "enable global_redirect plugin";
				HTACCESS_METHODS == 0x0000000000001000 :SET:: "enable htaccess_methods plugin";
				LDAPI == 0x0000000000002000 :SET:: "enable ldapi plugin";
				LFI == 0x0000000000004000 :SET:: "enable lfi plugin";
				MEMCACHEI == 0x0000000000008000 :SET:: "enable memcachei plugin";
				MX_INJECTION == 0x0000000000010000 :SET:: "enable mx_injection plugin";
				OS_COMMANDING == 0x0000000000020000 :SET:: "enable os_commanding plugin";
				PHISHING_VECTOR == 0x0000000000040000 :SET:: "enable phishing_vector plugin";
				PREG_REPLACE == 0x0000000000080000 :SET:: "enable preg_replace plugin";
				REDOS == 0x0000000000100000 :SET:: "enable redos plugin";
				RESPONSE_SPLITTING == 0x0000000000200000 :SET:: "enable response_splitting plugin";
				RFD == 0x0000000000400000 :SET:: "enable rfd plugin";
				RFI == 0x0000000000800000 :SET:: "enable rfi plugin";
				ROSETTA_FLASH == 0x0000000001000000 :SET:: "enable rosetta_flash plugin";
				SHELL_SHOCK == 0x0000000002000000 :SET:: "enable shell_shock plugin";
				SQLI == 0x0000000004000000 :SET:: "enable sqli plugin";
				SSI == 0x0000000008000000 :SET:: "enable ssi plugin";
				SSL_CERTIFICATE == 0x0000000010000000 :SET:: "enable ssl_certificate plugin";
				UN_SSL == 0x0000000020000000 :SET:: "enable un_ssl plugin";
				WEBSOCKET_HIJACKING == 0x0000000040000000 :SET:: "enable websocket_hijacking plugin";
				XPATH == 0x0000000080000000 :SET:: "enable xpath plugin";
				XSS == 0x0000000100000000 :SET:: "enable xss plugin";
				XST == 0x0000000200000000 :SET:: "enable xst plugin";
				XXE == 0x0000000400000000 :SET:: "enable xxe plugin";
			}
		}
		ATTR OPTION "bruteforce" "bruteforce plugins" 9083 {
                        multi_opt = 1;
			CHOICES {
				BASIC_AUTH == 1 :SET:: "enable basic_auth plugin";
				FORM_AUTH == 2 :SET:: "enable form_auth plugin";
			}
		}
		ATTR OPTION "crawl" "crawl plugins" 9084 {
			multi_opt = 1;
			CHOICES {
				ARCHIVE_DOT_ORG == 0x0000000000000001 :SET:: "enable archive_dot_org plugin";
				BING_SPIDER == 0x0000000000000002 :SET:: "enable bing_spider plugin";
				CONTENT_NEGOTIATION == 0x0000000000000004 :SET:: "enable content_negotiation plugin";
				DIGIT_SUM == 0x0000000000000008 :SET:: "enable digit_sum plugin";
				DIR_FILE_BRUTER == 0x0000000000000010 :SET:: "enable dir_file_bruter plugin";
				DOT_DS_STORE == 0x0000000000000020 :SET:: "enable dot_ds_store plugin";
				DOT_LISTING == 0x0000000000000040 :SET:: "enable dot_listing plugin";
				DWSYNC_XML == 0x0000000000000080 :SET:: "enable dwsync_xml plugin";
				FIND_BACKDOORS == 0x0000000000000100 :SET:: "enable find_backdoors plugin";
				FIND_CAPTCHAS == 0x0000000000000200 :SET:: "enable find_captchas plugin";
				FIND_DVCS == 0x0000000000000400 :SET:: "enable find_dvcs plugin";
				GENEXUS_XML == 0x0000000000000800 :SET:: "enable genexus_xml plugin";
				GHDB == 0x0000000000001000 :SET:: "enable ghdb plugin";
				GOOGLE_SPIDER == 0x0000000000002000 :SET:: "enable google_spider plugin";
			#	IMPORT_RESULTS == 0x0000000000004000 :SET:: "enable import_results plugin";
			#	OPEN_API == 0x0000000000008000 :SET:: "enable open_api plugin";
				ORACLE_DISCOVERY == 0x0000000000010000 :SET:: "enable oracle_discovery plugin";
				PHISHTANK == 0x0000000000020000 :SET:: "enable phishtank plugin";
				PHPINFO == 0x0000000000040000 :SET:: "enable phpinfo plugin";
				PYKTO == 0x0000000000080000 :SET:: "enable pykto plugin";
				RIA_ENUMERATOR == 0x0000000000100000 :SET:: "enable ria_enumerator plugin";
				ROBOTS_TXT == 0x0000000000200000 :SET:: "enable robots_txt plugin";
				SITEMAP_XML == 0x0000000000400000 :SET:: "enable sitemap_xml plugin";
				SPIDER_MAN == 0x0000000000800000 :SET:: "enable spider_man plugin";
				URL_FUZZER == 0x0000000001000000 :SET:: "enable url_fuzzer plugin";
				URLLIST_TXT == 0x0000000002000000 :SET:: "enable urllist_txt plugin";
				USER_DIR == 0x0000000004000000 :SET:: "enable user_dir plugin";
			#	WEB_DIFF == 0x0000000008000000 :SET:: "enable web_diff plugin";
				WEB_SPIDER == 0x0000000010000000 :SET:: "enable web_spider plugin";
				WORDNET == 0x0000000020000000 :SET:: "enable wordnet plugin";
				WORDPRESS_ENUMERATE_USERS == 0x0000000040000000 :SET:: "enable wordpress_enumerate_users";
				WORDPRESS_FINGERPRINT == 0x0000000080000000 :SET:: "enable wordpress_fingerprint";
				WORDPRESS_FULLPATHDISCLOSURE == 0x0000000100000000 :SET:: "wordpress_fullpathdisclosure";
				WSDL_FINDER == 0x0000000200000000 :SET:: "enable wsdl_finder plugin";
			}
		}
		ATTR OPTION "grep" "grep plugins" 9085 {
			multi_opt = 1;
                        CHOICES {
				ANALYZE_COOKIES == 0x0000000000000001 :SET:: "enable analyze_cookies plugin";
				BLANK_BODY == 0x0000000000000002 :SET:: "enable blank_body plugin";
				CACHE_CONTROL == 0x0000000000000004 :SET:: "enable cache_control plugin";
				CLAMAV == 0x0000000000000008 :SET:: "enable clamav plugin";
				CLICK_JACKING == 0x0000000000000010 :SET:: "enable click_jacking plugin";
				CODE_DISCLOSURE == 0x0000000000000020 :SET:: "enable code_disclosure plugin";
				CONTENT_SNIFFING == 0x0000000000000040 :SET:: "enable content_sniffing plugin";
				CREDIT_CARDS == 0x0000000000000080 :SET:: "enable credit_cards plugin";
				CROSS_DOMAIN_JS == 0x0000000000000100 :SET:: "enable cross_domain_js plugin";
				CSP == 0x0000000000000200 :SET:: "enable csp plugin";
				DIRECTORY_INDEXING == 0x0000000000000400 :SET:: "enable directory_indexing plugin";
				DOM_XSS == 0x0000000000000800 :SET:: "enable dom_xss plugin";
				DOT_NET_EVENT_VALIDATION == 0x0000000000001000 :SET:: "enable dot_net_event_validation";
				ERROR_500 == 0x0000000000002000 :SET:: "enable error_500 plugin";
				ERROR_PAGES == 0x0000000000004000 :SET:: "enable error_pages plugin";
				FEEDS == 0x0000000000008000 :SET:: "enable feeds plugin";
				FILE_UPLOAD == 0x0000000000010000 :SET:: "enable file_upload plugin";
				FORM_AUTOCOMPLETE == 0x0000000000020000 :SET:: "enable form_autocomplete plugin";
				FORM_CLEARTEXT_PASSWORD == 0x0000000000040000 :SET:: "enable form_cleartext_password";
				GET_EMAILS == 0x0000000000080000 :SET:: "enable get_emails plugin";
				HASH_ANALYSIS == 0x0000000000100000 :SET:: "enable hash_analysis plugin";
				HTML_COMMENTS == 0x0000000000200000 :SET:: "enable html_comments plugin";
				HTTP_AUTH_DETECT == 0x0000000000400000 :SET:: "enable http_auth_detect plugin";
				HTTP_IN_BODY == 0x0000000000800000 :SET:: "enable http_in_body plugin";
				LANG == 0x0000000001000000 :SET:: "enable lang plugin";
				META_TAGS == 0x0000000002000000 :SET:: "enable meta_tags plugin";
				MOTW == 0x0000000004000000 :SET:: "enable motw plugin";
				OBJECTS == 0x0000000008000000 :SET:: "enable objects plugin";
				ORACLE == 0x0000000010000000 :SET:: "enable oracle plugin";
				PASSWORD_PROFILING == 0x0000000020000000 :SET:: "enable password_profiling plugin";
				PATH_DISCLOSURE == 0x0000000040000000 :SET:: "enable path_disclosure plugin";
				PRIVATE_IP == 0x0000000080000000 :SET:: "enable private_ip plugin";
				RETIREJS == 0x0000000100000000 :SET:: "enable retirejs plugin";
				SERIALIZED_OBJECT == 0x0000000200000000 :SET:: "enable serialized_object plugin";
				SSN == 0x0000000400000000 :SET:: "enable ssn plugin";
				STRANGE_HEADERS == 0x0000000800000000 :SET:: "enable strange_headers plugin";
				STRANGE_HTTP_CODES == 0x0000001000000000 :SET:: "enable strange_http_codes plugin";
				STRANGE_PARAMETERS == 0x0000002000000000 :SET:: "enable strange_parameters plugin";
				STRANGE_REASON == 0x0000004000000000 :SET:: "enable strange_reason plugin";
				STRICT_TRANSPORT_SECURITY == 0x0000008000000000 :SET:: "enable strict_transport_security";
				SVN_USERS == 0x0000010000000000 :SET:: "enable svn_users plugin";
				SYMFONY == 0x0000020000000000 :SET:: "enable symfony plugin";
				URL_SESSION == 0x0000040000000000 :SET:: "enable url_session plugin";
			#	USER_DEFINED_REGEX == 0x0000080000000000 :SET:: "enable user_defined_regex plugin";
			#	VULNERS_DB == 0x0000100000000000 :SET:: "enable vulners_db plugin";
				WEBSOCKETS_LINKS == 0x0000200000000000 :SET:: "enable websockets_links plugin";
				WSDL_GREPER == 0x0000400000000000 :SET:: "enable wsdl_greper plugin";
				XSS_PROTECTION_HEADER == 0x0000800000000000 :SET:: "enable xss_protection_header";
			}
		}
	#	ATTR OPTION "evasion" "evasion plugins" 9087 {
	#		multi_opt = 1;
	#		CHOICES {
	#			BACKSPACE_BETWEEN_DOTS == 1 :SET:: "enable backspace_between_dots plugin";
	#			FULL_WIDTH_ENCODE == 2 :SET:: "enable full_width_encode plugin";
	#			MOD_SECURITY == 4 :SET:: "enable mod_security plugin";
	#			REVERSED_SLASHES == 8 :SET:: "enable reversed_slashed plugin";
	#			RND_CASE == 16 :SET:: "enable rnd_case plugin";
	#			RND_HEX_ENCODE == 32 :SET:: "enable rnd_hex_encode plugin";
	#			RND_PARAM == 64 :SET:: "enable rnd_param plugin";
	#			RND_PATH == 128 :SET:: "enable rnd_path plugin";
	#			SELF_REFERENCE == 256 :SET:: "enable self_reference plugin";
	#			SHIFT_OUT_IN_BETWEEN_DOTS == 512 :SET:: "enable shift_out_in_between_dots plugin";
	#			X-FORWARDED-FOR == 1024 :SET:: "enable x-forwarded-for plugin";
	#		}
	#	}
		ATTR OPTION "infrastructure" "infrastructure plugins" 9088 {
                        multi_opt = 1;
                        CHOICES {
				AFD == 0x0000000000000001 :SET:: "enable afd plugin";
				ALLOWED_METHODS == 0x0000000000000002 :SET:: "enable allowed_methods plugin";
				DETECT_REVERSE_PROXY == 0x0000000000000004 :SET:: "enable detect_reverse_proxy";
				DETECT_TRANSPARENT_PROXY == 0x0000000000000008 :SET:: "enable detect_transparent_proxy";
				DNS_WILDCARD == 0x0000000000000010 :SET:: "enable dns_wildcard plugin";
				DOMAIN_DOT == 0x0000000000000020 :SET:: "enable domain_dot plugin";
				DOT_NET_ERRORS == 0x0000000000000040 :SET:: "enable dot_net_errors plugin";
				FAVICON_IDENTIFICATION == 0x0000000000000080 :SET:: "enable favicon_identification plugin";
				FIND_JBOSS == 0x0000000000000100 :SET:: "enable find_jboss plugin";
				FIND_VHOSTS == 0x0000000000000200 :SET:: "enable find_vhosts plugin";
				FINGER_BING == 0x0000000000000400 :SET:: "enable finger_bing plugin";
				FINGER_GOOGLE == 0x0000000000000800 :SET:: "enable finger_google plugin";
				FINGER_PKS == 0x0000000000001000 :SET:: "enable finger_pks plugin";
				FINGERPRINT_WAF == 0x0000000000002000 :SET:: "enable fingerprint_WAF plugin";
				FINGERPRINT_OS == 0x0000000000004000 :SET:: "enable fingerprint_os plugin";
				FRONTPAGE_VERSION == 0x0000000000008000 :SET:: "enable frontpage_version plugin";
				HALBERD == 0x0000000000010000 :SET:: "enable halberd plugin";
				HMAP == 0x0000000000020000 :SET:: "enable hmap plugin";
				HTTP_VS_HTTPS_DIST == 0x0000000000040000 :SET:: "enable http_vs_https_dist plugin";
				JETLEAK == 0x0000000000080000 :SET:: "enable jetleak plugin";
				MS15_034 == 0x0000000000100000 :SET:: "enable ms15_034 plugin";
				PHP_EGGS == 0x0000000000200000 :SET:: "enable php_eggs plugin";
				SERVER_HEADER == 0x0000000000400000 :SET:: "enable server_header plugin";
				SERVER_STATUS == 0x0000000000800000 :SET:: "enable server_status plugin";
				SHARED_HOSTING == 0x0000000001000000 :SET:: "enable shared_hosting plugin";
				WERKZEUG_DEBUGGER == 0x0000000002000000 :SET:: "enable werkzeug_debugger plugin";
				XSSED_DOT_COM == 0x0000000004000000 :SET:: "enable xssed_dot_com plugin";
				ZONE_H == 0x0000000008000000 :SET:: "enable zone_h plugin";
			}
		}
	}
}

GLOBAL TABLE "wvs profile" "wvs profile" 9010 {
	TABLENAME STRING "name" "wvs profile name" 9011 {
		VALIDATE NO_XSS RELAXED;
		brieflist = 1;
		ATTR STRING "scan-target" "scan target" 9012 {
			parseflag = "must";
			brieflist = 1;
		}
		ATTR DATASOURCE "scan-template" "scan template" 9013 {
			datasource = "9080";
			parseflag = "must";
			brieflist = 1;
		}
		ATTR INT "request-timeout" "request timeout (0~30 seconds)" 9014 {
                       	brieflist = 1;
			defaultval = 0;
			VALIDATE RANGE 0:30;
                }
		ATTR OPTION_EN "ignore-session-cookies" "ignore session cookies" 9015 {
			defaultval = disable;
			brieflist = 1;
		}
		ATTR OPTION "user-agent-type" "user agent type" 9016 {
			CHOICES {
				custom == 0;
				random == 1;
			}
			brieflist = 1;
			defaultval = custom;
		}
		ATTR STRING "custom-user-agent" "custom user agent" 9017 {
			condition = 9016:EQ:0;
			brieflist = 1;
		}
		ATTR STRING "custom-header0" "custom header0" 9018 {
			brieflist = 1;
                }
		ATTR STRING "custom-header1" "custom header1" 9019 {
			brieflist = 1;
		}
		ATTR STRING "custom-header2" "custom header2" 9020 {
                        brieflist = 1;
                }
		ATTR STRING "custom-header3" "custom header3" 9021 {
                        brieflist = 1;
                }
		ATTR STRING "custom-header4" "custom header4" 9022 {
                        brieflist = 1;
                }
		ATTR STRING "custom-header5" "custom header5" 9023 {
                        brieflist = 1;
                }
		ATTR STRING "custom-header6" "custom header6" 9024 {
                        brieflist = 1;
                }
		ATTR STRING "custom-header7" "custom header7" 9025 {
                        brieflist = 1;
                }
		ATTR STRING "custom-header8" "custom header8" 9026 {
                        brieflist = 1;
                }
		ATTR STRING "custom-header9" "custom header9" 9027 {
                        brieflist = 1;
                }
		ATTR INT "sub-path-limit" "sub path limit <1~200>" 9028 {
			brieflist = 1;
			defaultval = 75;
			VALIDATE RANGE 1:200;
		}
		ATTR INT "max-scan-time" "max scan time (1~480 minutes)" 9029 {
                        brieflist = 1;
                        defaultval = 120;
			VALIDATE RANGE 1:480;
                }
		ATTR INT "max-crawl-time" "max crawl time (1~240 minutes)" 9030 {
                        brieflist = 1;
                        defaultval = 60;
			VALIDATE RANGE 1:240;
                }
		ATTR INT "max-params-limit" "max params limit <1~100>" 9031 {
                        brieflist = 1;
                        defaultval = 25;
			VALIDATE RANGE 1:100;
                }
		ATTR INT "max-file-size" "max file size <1~40000000>" 9032 {
                        brieflist = 1;
                        defaultval = 400000;
			VALIDATE RANGE 1:40000000;
                }
		ATTR INT "max-http-retries" "max http retries <1~10>" 9033 {
                        brieflist = 1;
                        defaultval = 2;
			VALIDATE RANGE 1:10;
                }
		ATTR OPTION_EN "specify-urls-for-scanning" "specify urls for scanning" 9034 {
                        defaultval = disable;
                        brieflist = 1;
                }
		ATTR STRING "follow-regex" "follow regex" 9035 {
			VALIDATE REGEX "^[^ %]*$";
			brieflist = 1;
		}
		ATTR STRING "ignore-regex" "ignore regex" 9036 {
                        VALIDATE REGEX "^[^ %]*$";
                        brieflist = 1;
                }
		ATTR OPTION_EN "http-basic-authentication" "http basic authentication" 9037 {
                        defaultval = disable;
                        brieflist = 1;
                }
		ATTR STRING "basic-username" "basic username" 9038 {
                        VALIDATE NO_XSS RELAXED;
			brieflist = 1;
                }
		ATTR STRING "basic-password" "basic password" 9039 {
                        VALIDATE NO_XSS RELAXED;
                        brieflist = 1;
                }
		ATTR OPTION_EN "form-based-authentication" "form based authentication" 9040 {
                        defaultval = disable;
                        brieflist = 1;
                }
		ATTR STRING "form-based-username" "form based username" 9041 {
                        VALIDATE NO_XSS RELAXED;
                        brieflist = 1;
                }
                ATTR STRING "form-based-password" "form based password" 9042 {
                        VALIDATE NO_XSS RELAXED;
                        brieflist = 1;
                }
		ATTR STRING "form-based-auth-url" "form based authentication url" 9043 {
                        brieflist = 1;
                }
		ATTR STRING "username-field" "username field" 9044 {
                        brieflist = 1;
                }
		ATTR STRING "password-field" "password field" 9045 {
                        brieflist = 1;
                }
		ATTR STRING "cookie-jar-file" "cookie jar file" 9046 {
		}
		ATTR STRING "session-check-url" "session check url" 9047 {
                        brieflist = 1;
                }
		ATTR STRING "session-check-string" "session check string" 9048 {
                        brieflist = 1;
                }
		ATTR STRING "data-format" "data format" 9049 {
                        brieflist = 1;
                }
	}

}

GLOBAL COMPLEX "wvs limit" "wvs limit parameters" 9070 {
	ATTR INT "single-report-size" "single report size(1~5120M)" 9071 {
                        brieflist = 1;
                        defaultval = 512;
                        VALIDATE RANGE 1:5120;
	}
	ATTR INT "report-path-size" "report path size(1024~51200M)" 9072 {
                        brieflist = 1;
                        defaultval = 10240;
                        VALIDATE RANGE 1024:51200;
        }
	ATTR INT "scan-memory-usage" "max scan memory usage(10~80 percent)" 9075 {
			brieflist = 1;
			defaultval = 40;
			VALIDATE RANGE 10:80;
	}
	ATTR INT "request-interval" "request interval(1~1000ms)" 9073 {
			brieflist = 1;
			defaultval = 1;
			VALIDATE RANGE 1:1000;
	}
	ATTR OPTION_EN "verbose-output" "scan log verbose output" 9074 {
			brieflist = 1;
			defaultval = disable;
	}
	ATTR INT "scan-cpu-usage" "max scan cpu usage(10~80 percent)" 9076 {
		brieflist = 1;
		defaultval = 70;
		VALIDATE RANGE 10:80;
	}
}

GLOBAL TABLE "wvs policy" "wvs policy" 9110 {
	TABLENAME STRING "name" "wvs policy name" 9111 {
		parseflag = "keeporder";
		VALIDATE NO_XSS RELAXED;
		brieflist = 1;
		ATTR OPTION "type" "" 9112 {
			CHOICES {
				runonce == 0;
				schedule == 1;
			}
			defaultval = runonce;
		}
		ATTR DATASOURCE "schedule" "schedule " 9113 {
			datasource = "9000";
			condition = 9112:eq:1;
		}
		ATTR OPTION "report_format" "report format " 9114 { 
			CHOICES {
				html == 1 : SET;
                                xml == 2 : SET;
                              #  text == 4 : SET;
                                pdf == 4 : SET; 
			}	
			defaultval = html;
			multi_opt = 1; 
			brieflist = 1; 
		}
		ATTR DATASOURCE "profile" "profile" 9115 {
			parseflag = "must";
			datasource = "9010";
		}
		ATTR DATASOURCE "email" "email " 9116 { 
			datasource = "2030"; 
		}
		ATTR INT "runtime" "run time" 9117 {
			
		}
	}
}

DOMAIN TABLE "server-policy persistence-policy" "persistence policy" 4600 {
	TABLENAME STRING "name" "name" 4601 {
		VALIDATE NO_XSS RELAXED;
		brieflist = 1;
		ATTR OPTION "type" "Persistence type" 4602 {
			CHOICES {
				source-ip == 1 ::: "source ip";
				persistent-cookie == 2 ::: "persistent cookie";
				asp-sessionid == 3 ::: "asp session id";
				php-sessionid == 4 ::: "php session id";
				jsp-sessionid == 5 ::: "jsp session id";
				insert-cookie == 6 ::: "insert cookie";
				http-header == 7 ::: "http header name";
				url-parameter == 8 ::: "url parameter name";
				rewrite-cookie == 9 ::: "rewrite cookie";
				embedded-cookie == 10 ::: "embedded cookie";
				ssl-session-id == 11 ::: "ssl session id";
			}
			defaultval = source-ip;
			brieflist = 1;
		}
		ATTR STRING "cookie-name" "Cookie name" 4603 {
			VALIDATE NO_XSS RELAXED;
			condition = 4602:eq:2;
			condition = 4602:eq:6;
			condition = 4602:eq:9;
			condition = 4602:eq:10;
			brieflist = 1;
		}
		ATTR INT "timeout" "Persistence timeout" 4604 {
			brieflist = 1;
			defaultval = 300;
			condition = 4602:NE:9;
			condition = 4602:NE:10;
			VALIDATE RANGE 10:86400;
		}
		ATTR UINT "uuid" "pst age" 4612 {
		#	parseflag = "hidden";
			ha_not_sync = 0;
			brieflist = 1;
		}
		ATTR IPADDR "ipv4-netmask" "IPv4 netmask for persistent ip" 4606 {
			defaultval = "255.255.255.255";
			condition = 4602:eq:1;
			brieflist = 1;
		} 
		ATTR INT "ipv6-mask-length" "IPv6 mask length for persistent ip" 4607 {
			defaultval = 128;
			condition = 4602:eq:1;
			brieflist = 1;
			VALIDATE RANGE 1:128;
		} 
		ATTR STRING "http-header" "Http header name" 4608 {
			VALIDATE NO_XSS RELAXED;
			condition = 4602:eq:7;
			brieflist = 1;
		}
		ATTR STRING "url-parameter" "URL parameter name" 4609 {
			VALIDATE NO_XSS RELAXED;
			condition = 4602:eq:8;
			brieflist = 1;
		}
		ATTR STRING "cookie-path" "Cookie path"  4610 {
			VALIDATE NO_XSS RELAXED;
			condition = 4602:eq:6;
			defaultval = "/";
			brieflist = 1;
		}
		ATTR STRING "cookie-domain" "Cookie domain"  4611 {
			VALIDATE NO_XSS RELAXED;
			condition = 4602:eq:6;
			brieflist = 1;
		}
	}
}

DOMAIN TABLE "server-policy server-pool" "server pool" 4240 {
	TABLENAME STRING "name" "name" 4241 {
		VALIDATE NO_XSS RELAXED;
		brieflist = 1;
		ATTR OPTION "type" "server pool type" 4242 {
			parseflag = @{all=null;FWB_DOCKER=skip};
			CHOICES {
				reverse-proxy == 1 ::: "inline mode";
				offline-protection == 2 ::: "offline mode";
				transparent-servers-for-tp == 3 ::: "tp mode";
				transparent-servers-for-ti == 4 ::: "ti mode";
				transparent-servers-for-wccp == 5 ::: "wccp mode";
			}
			defaultval = reverse-proxy;
			brieflist = 1;
		}
		ATTR OPTION "protocol" "protocol" 4271 {
			CHOICES {
				HTTP == 0 ::: "HTTP";
				FTP == 1 ::: "FTP";
				ADFSPIP == 2 ::: "ADFSPIP";
				TCPPROXY == 3 ::: "TCPPROXY";
			}
			defaultval = HTTP;
			parseflag = "unchangable";
			condition = 4242:eq:1;
			brieflist = 1;
		}
		ATTR OPTION_EN "server-balance" "switch server balance" 4244 {
			brieflist = 1;
			defaultval = disable;
			condition = 4271:NE:2;
		}
		ATTR DATASOURCE "health" "health check" 4245 {
			brieflist = 1;
			condition = 4244:eq:1;
			condition = 4271:NE:2;
			datasource = "3900";
		}
		ATTR OPTION "lb-algo" "load balance algo" 4246 {
			CHOICES {
				round-robin == 1 ::: "round robin";
				weighted-round-robin == 2 ::: "weighted round robin";
				least-connections == 3 ::: "least connections";
				uri-hash == 5 ::: "URI hash";
				full-uri-hash == 6 ::: "full URI hash";
				host-hash == 7 ::: "Host hash";
				host-domain-hash == 8 ::: "Host Domain hash";
				src-ip-hash == 9 ::: "source IP hash";
			}
			defaultval = round-robin;
			condition = 4244:eq:1;
			condition = 4271:NE:2;
			brieflist = 1;
		}
		ATTR DATASOURCE "persistence" "persistence policy" 4247 {
			condition = 4271:eq:0;
			condition = 4271:eq:3;
			brieflist = 1;
			datasource = "4600";
		}
		ATTR STRING "comment" "comment" 4248 {
		}
		ATTR INT "flag" "flag" 4249 {
			parseflag = "hidden";
		}
		ATTR UINT "server-pool-id" "server pool id" 4250 {
			#parseflag = "hidden";
			ha_not_sync = 0;
			brieflist = 1;
		}
		ATTR INT "sub_table_id" "sub table id" 4251 {
                        brieflist = 1;
                        parseflag = "hidden,readonly";
                }
                ATTR OPTION "sub_table_action" "sub table action" 4252 {
                        CHOICES {
                                Add == 0;
                                Edit == 1;
                                Delete == 2;
                        }
                        brieflist = 1;
                        parseflag = "hidden,readonly";
                }		
		ATTR INT "used" "used by enabled policy" 4253 {
			parseflag = "hidden,readonly";
		}

		ATTR OPTION "http-reuse" "reuse fd connect to server" 4383 {
			condition = 4271:EQ:0;
			CHOICES {
				never == 0 ::: "never";
				safe   == 1 ::: "safe";
				aggressive == 2 ::: "aggressive";
				always == 3 ::: "always";
			}
			defaultval = never;
			brieflist = 1;
		}
		ATTR INT "reuse-conn-total-time" "max times value(unit: second)" 4390 {
			condition = 4383:GT:0; 
			VALIDATE RANGE 1:1000;
			defaultval = 100;
		}
		ATTR INT "reuse-conn-idle-time" "max times value(unit: second)" 4391 {
			condition = 4383:GT:0; 
			VALIDATE RANGE 1:1000;
			defaultval = 10;
		}
		ATTR INT "reuse-conn-max-request" "max requset/response times" 4388 {
			condition = 4383:GT:0; 
			VALIDATE RANGE 1:1000;
			defaultval = 100;
		}
		ATTR INT "reuse-conn-max-count" "max connection number" 4389 {
			condition = 4383:GT:0; 
			VALIDATE RANGE 1:1000;
			defaultval = 100;
		}
#		ATTR INT "mininum-required-pservers" "mininum required number of pservers" 627 {
#			condition = 4242:EQ:1;
#			condition = 4244:EQ:1; 
#			condition = 4271:EQ:0; 
#			VALIDATE RANGE 1:1024;
#			defaultval = 1;
#		}
		TABLE "pserver-list" "pserver list" 4260 {
			TABLENAME INT "<No.>" "name of pserver list" 4261 {
				ATTR OPTION "server-type" "server type" 4262 {
					CHOICES {
						physical == 1 ::: "physical server";
						domain == 2 ::: "domain server";
					}
					defaultval = physical;
				}
				ATTR IPADDR "ip" "ip address" 4263 {
					subnet_type = network;
					condition = 4262:eq:1;
				}
				ATTR STRING "domain" "domain name" 4264 {
					#VALIDATE ISDOMAIN RELAXED;
					parseflag = "must";
					condition = 4262:eq:2;
				}
				ATTR STRING "adfs-domain" "adfs domain name, only for ADFSPIP" 4810 {
					#VALIDATE ISDOMAIN RELAXED;
					#parseflag = "must";
					condition = 4262:EQ:1;
					#condition = 4271:EQ:2;
				}
				ATTR STRING "adfs-username" "adfs username for registry, only for ADFSPIP" 4811 {
					#VALIDATE ISDOMAIN RELAXED;
					#parseflag = "must";
					#condition = 4271:EQ:2;
				}
				ATTR STRING "adfs-password" "adfs password for registry, only for ADFSPIP" 4812 {
					#VALIDATE ISDOMAIN RELAXED;
					#parseflag = "must";
					#condition = 4271:EQ:2;
				}

				ATTR INT "port" "server port" 4265 {
					defaultval = 80;
					VALIDATE RANGE 1:65535;
				}
				ATTR INT "weight" "weight" 4266 {
					VALIDATE RANGE 1:9999;
					defaultval = 1;
				}
				ATTR OPTION "status" "status" 4267 {
					CHOICES {
						disable == 0 ::: "disabled";
						enable == 1 ::: "enabled";
						maintain == 2 ::: "maintain";
					}
					defaultval = enable;
				}

				ATTR UINT "server-id" "server id" 4270 {
					#parseflag = "hidden";
					ha_not_sync = 0;
					brieflist = 1;
				}
				ATTR OPTION_EN "backup-server" "backup-server" 4274 {
					defaultval = disable;
				}

				ATTR OPTION_EN "proxy-protocol" "pserver proxy protocol switch" 4299 {
					brieflist = 1;
					defaultval = disable;
				}		

                                ATTR OPTION "proxy-protocol-version" "pserver proxy protocol version" 4809 {
                                        CHOICES {
                                                v1 == 1 ::: "version 1";
                                                v2 == 2 ::: "version 2";
                                        }
                                        condition = 4299:EQ:1;
                                        defaultval = v1;
				}

				ATTR OPTION_EN "ssl" "ssl" 4275 {
					defaultval = disable;
				}
				ATTR OPTION_EN "implicit_ssl" "implicit ssl switch, only use for ftp" 4370 {
					condition = 4275:EQ:1; 
					brieflist = 1;
					defaultval = disable;
				}

				ATTR OPTION_EN "ssl-quiet-shutdown" "enable/disable SSL quiet Shutdown" 4382 {
					condition = 4275:eq:1;
					defaultval = disable;
					brieflist = 1;
				}

				ATTR INT "ssl-session-timeout" "ssl session timeout setting" 4290 {
					condition = 4275:eq:1; 
					VALIDATE RANGE 1:14400;
					defaultval = 7200;
					brieflist = 1;
				}

				ATTR OPTION_EN "server-side-sni" "enable/disable SNI transparent" 4800 {
					condition = 4275:EQ:1;
					defaultval = disable;
					brieflist = 1;
				}

				ATTR OPTION_EN "multi-certificate" "enable multi certificate" 4806 {
					condition = 4275:EQ:1;
					defaultval = disable;
					brieflist = 1;
				}

				ATTR DATASOURCE "certificate" "certificate" 4276 {
                                        condition = 4275:EQ:1;
                                        condition = 4806:EQ:0;
					datasource = "870";
				}

				ATTR DATASOURCE "certificate-group" "multi certificate group" 4807 {
                                        condition = 4275:EQ:1;
                                        condition = 4806:EQ:1;
					datasource = "1014";
				}
				ATTR DATASOURCE "intermediate-certificate-group" "intermediate-certificate-group" 4277 {
                                        condition = 4275:EQ:1;
					datasource = "920";
				}
				ATTR DATASOURCE "certificate-verify" "certificate-verify" 4278 {
                                        condition = 4275:EQ:1;
					datasource = "940";
				}
				ATTR OPTION_EN "client-certificate-proxy"
				    "client certificate proxyd enable/disable, Must be set certificate-verify" 4373 {
					condition = 4275:GT:0;
					defaultval = disable;
					parseflag = "keeporder";
					brieflist = 1;
				}
				ATTR DATASOURCE "client-certificate-proxy-sign-ca" "client certificate proxy sign ca, Must be set certificate-verify" 4374 {
					condition = 4275:GT:0;
					datasource = "9380";
					parseflag = "keeporder";
					brieflist = 1;
				}
				ATTR DATASOURCE "client-certificate" "client-certificate" 4279 {
					condition = 4275:EQ:1;
					datasource = "870";
				}
				ATTR OPTION_EN "server-certificate-verify" "enable/disable server certificate verify" 4804 {
					condition = 4275:EQ:1;
					defaultval = disable;
					brieflist = 1;
				}
				ATTR DATASOURCE "server-certificate-verify-policy" "server certificate verify" 4283 {
					condition = 4275:EQ:1;
					condition = 4804:EQ:1;
					parseflag = "must";
					datasource = "1010";
				}
				ATTR OPTION "server-certificate-verify-action" "action for server certificate verify" 4805 {
					condition = 4275:EQ:1;
					condition = 4804:EQ:1;
					CHOICES {
						alert == 2 ::: "alert";
						alert_deny == 6 ::: "deny connection and alert";
						redirect == 3 ::: "redirect connection";
					}
					defaultval = alert;
					brieflist = 1;
				}
				ATTR OPTION_EN "session-ticket-reuse" "enable/disable session ticket reuse" 4801 {
					condition = 4275:EQ:1;
					condition = 4373:EQ:0;
					defaultval = disable;
					brieflist = 1;
				}			

				ATTR OPTION_EN "session-id-reuse" "enable/disable session id reuse" 4802 {
					condition = 4275:EQ:1;
					condition = 4373:EQ:0;
					defaultval = disable;
					brieflist = 1;
				}			
				
                                ATTR OPTION_EN "sni" "SNI status" 4280 {
                                        condition = 4275:EQ:1;
                                        defaultval = disable;
                                }
                                ATTR DATASOURCE "sni-certificate" "SNI certificate" 4281 {
                                        condition = 4275:EQ:1;
                                        condition = 4280:EQ:1;
                                        datasource = "950,10040";
                                }
                                ATTR OPTION_EN "sni-strict" "SNI strict mode" 4282 {
                                        condition = 4275:EQ:1;
                                        condition = 4280:EQ:1;
                                        defaultval = disable;
                                }
		                ATTR OPTION_EN "urlcert" "URL based client certificate" 4293 {
			                condition = 4275:EQ:1; 
                                        defaultval = disable;
                                        parseflag = "keeporder";
                                        brieflist = 1;
		                }
		                ATTR DATASOURCE "urlcert-group" "URL based client certificate group" 4294 {
			                condition = 4275:EQ:1; 
			                datasource = "960";
			                parseflag = "keeporder";
			                brieflist = 1;
		                }
		                ATTR INT "urlcert-hlen" "URL based client certificate max http request length if matched(16-10240K)" 4295 {

			                VALIDATE RANGE 16:10240;
			                condition = 4275:EQ:1; 
			                defaultval = 32;
			                parseflag = "keeporder";
                                        brieflist = 1;
		                }
                                ATTR OPTION_EN "tls-v10" "TLS 1.0 protocol status" 4284 {
                                        condition = 4275:eq:1;
                                        defaultval = enable;
                                        parseflag = "keeporder";
                                        brieflist = 1;
                                }
                                ATTR OPTION_EN "tls-v11" "TLS 1.1 protocol status" 4285 {
                                        condition = 4275:eq:1;
                                        defaultval = enable;
                                        parseflag = "keeporder";
                                        brieflist = 1;
                                }
                                ATTR OPTION_EN "tls-v12" "TLS 1.2 protocol status" 4286 {
                                        condition = 4275:eq:1;
                                        defaultval = enable;
                                        parseflag = "keeporder";
                                        brieflist = 1;
                                }
                                ATTR OPTION_EN "tls-v13" "TLS 1.3 protocol
                                    status" 4288 {
                                        condition = 4275:eq:1;
                                        defaultval = disable;
                                        parseflag = "keeporder";
                                        brieflist = 1;
                                }
				ATTR OPTION_EN "ssl-noreg" "SSL no renegotiate" 4287 {
                                        condition = 4275:eq:1;
                                        defaultval = enable;
                                        parseflag = "keeporder";
                                        brieflist = 1;
                                }

                                ATTR OPTION "ssl-cipher" "SSL cipher-suite" 4289 {
					condition = 996:EQ:0;
                                        condition = 4275:EQ:1;
                                        CHOICES {
                                                medium == 1 ::: "medium security SSL cipher-suites";
                                                high == 2 ::: "high security SSL cipher-suites";
                                                custom == 3 ::: "custom SSL cipher-suites";
                                        }
                                        defaultval = medium;
                                        brieflist = 1;
                                }
                                ATTR OPTION "ssl-custom-cipher" "SSL custom cipher-suite" 4273 {
					condition = 996:EQ:0;
                                        condition = 4275:EQ:1;
#condition = 4289:EQ:3;
					multi_opt = 1;
                                        CHOICES {
                                                ECDHE-ECDSA-AES256-GCM-SHA384 == 0x0000000000000001 :SET:: "ECDHE-ECDSA-AES256-GCM-SHA384";
						ECDHE-RSA-AES256-GCM-SHA384 == 0x0000000000000002 :SET:: "ECDHE-RSA-AES256-GCM-SHA384";
                                                DHE-DSS-AES256-GCM-SHA384 == 0x0000000000000004 :SET:: "DHE-DSS-AES256-GCM-SHA384";
						DHE-RSA-AES256-GCM-SHA384 == 0x0000000000000008 :SET:: "DHE-RSA-AES256-GCM-SHA384";
                                                ECDHE-ECDSA-CHACHA20-POLY1305 == 0x0000000000000010 :SET:: "ECDHE-ECDSA-CHACHA20-POLY1305";
						ECDHE-RSA-CHACHA20-POLY1305 == 0x0000000000000020 :SET:: "ECDHE-RSA-CHACHA20-POLY1305";
						DHE-RSA-CHACHA20-POLY1305 == 0x0000000000000040 :SET:: "DHE-RSA-CHACHA20-POLY1305";
                                                ECDHE-ECDSA-AES256-CCM8 == 0x0000000000000080 :SET:: "ECDHE-ECDSA-AES256-CCM8";
                                                ECDHE-ECDSA-AES256-CCM == 0x0000000000000100 :SET:: "ECDHE-ECDSA-AES256-CCM";
						DHE-RSA-AES256-CCM8 == 0x0000000000000200 :SET:: "DHE-RSA-AES256-CCM8";
                                                DHE-RSA-AES256-CCM == 0x0000000000000400 :SET:: "DHE-RSA-AES256-CCM";
						ECDHE-ECDSA-AES128-GCM-SHA256 == 0x0000000000000800 :SET:: "ECDHE-ECDSA-AES128-GCM-SHA256";
                                                ECDHE-RSA-AES128-GCM-SHA256 == 0x0000000000001000 :SET:: "ECDHE-RSA-AES128-GCM-SHA256";
						DHE-DSS-AES128-GCM-SHA256 == 0x0000000000002000 :SET:: "DHE-DSS-AES128-GCM-SHA256";
                                                DHE-RSA-AES128-GCM-SHA256 == 0x0000000000004000 :SET:: "DHE-RSA-AES128-GCM-SHA256";
						ECDHE-ECDSA-AES128-CCM8 == 0x0000000000008000 :SET:: "ECDHE-ECDSA-AES128-CCM8";
                                                ECDHE-ECDSA-AES128-CCM == 0x0000000000010000 :SET:: "ECDHE-ECDSA-AES128-CCM";
						DHE-RSA-AES128-CCM8 == 0x0000000000020000 :SET:: "DHE-RSA-AES128-CCM8";
                                                DHE-RSA-AES128-CCM == 0x0000000000040000 :SET:: "DHE-RSA-AES128-CCM";
						ECDHE-ECDSA-AES256-SHA384 == 0x0000000000080000 :SET:: "ECDHE-ECDSA-AES256-SHA384";
                                                ECDHE-RSA-AES256-SHA384 == 0x0000000000100000 :SET:: "ECDHE-RSA-AES256-SHA384";
                                                DHE-RSA-AES256-SHA256 == 0x0000000000200000 :SET:: "DHE-RSA-AES256-SHA256";
                                                DHE-DSS-AES256-SHA256 == 0x0000000000400000 :SET:: "DHE-DSS-AES256-SHA256";
                                                ECDHE-ECDSA-CAMELLIA256-SHA384 == 0x0000000000800000 :SET:: "ECDHE-ECDSA-CAMELLIA256-SHA384";
                                                ECDHE-RSA-CAMELLIA256-SHA384 == 0x0000000001000000 :SET:: "ECDHE-RSA-CAMELLIA256-SHA384";
						DHE-RSA-CAMELLIA256-SHA256 == 0x0000000002000000 :SET:: "DHE-RSA-CAMELLIA256-SHA256";
                                                DHE-DSS-CAMELLIA256-SHA256 == 0x0000000004000000 :SET:: "DHE-DSS-CAMELLIA256-SHA256";
						ECDHE-ECDSA-AES128-SHA256 == 0x0000000008000000 :SET:: "ECDHE-ECDSA-AES128-SHA256";
                                                ECDHE-RSA-AES128-SHA256 == 0x0000000010000000 :SET:: "ECDHE-RSA-AES128-SHA256";
						DHE-RSA-AES128-SHA256 == 0x0000000020000000 :SET:: "DHE-RSA-AES128-SHA256";
                                                DHE-DSS-AES128-SHA256 == 0x0000000040000000 :SET:: "DHE-DSS-AES128-SHA256";
                                                ECDHE-ECDSA-CAMELLIA128-SHA256 == 0x0000000080000000 :SET:: "ECDHE-ECDSA-CAMELLIA128-SHA256";
						ECDHE-RSA-CAMELLIA128-SHA256 == 0x0000000100000000 :SET:: "ECDHE-RSA-CAMELLIA128-SHA256";
                                                DHE-RSA-CAMELLIA128-SHA256 == 0x0000000200000000 :SET:: "DHE-RSA-CAMELLIA128-SHA256";
						DHE-DSS-CAMELLIA128-SHA256 == 0x0000000400000000 :SET:: "DHE-DSS-CAMELLIA128-SHA256";
                                                ECDHE-ECDSA-AES256-SHA == 0x0000000800000000 :SET:: "ECDHE-ECDSA-AES256-SHA";
						ECDHE-RSA-AES256-SHA == 0x0000001000000000 :SET:: "ECDHE-RSA-AES256-SHA";
						DHE-RSA-AES256-SHA == 0x0000002000000000 :SET:: "DHE-RSA-AES256-SHA";
                                                DHE-DSS-AES256-SHA == 0x0000004000000000 :SET:: "DHE-DSS-AES256-SHA";
                                                DHE-RSA-CAMELLIA256-SHA == 0x0000008000000000 :SET:: "DHE-RSA-CAMELLIA256-SHA";
						DHE-DSS-CAMELLIA256-SHA == 0x0000010000000000 :SET:: "DHE-DSS-CAMELLIA256-SHA";
                                                ECDHE-ECDSA-AES128-SHA == 0x0000020000000000 :SET:: "ECDHE-ECDSA-AES128-SHA";
						ECDHE-RSA-AES128-SHA == 0x0000040000000000 :SET:: "ECDHE-RSA-AES128-SHA";
                                                DHE-RSA-AES128-SHA == 0x0000080000000000 :SET:: "DHE-RSA-AES128-SHA";
						DHE-DSS-AES128-SHA == 0x0000100000000000 :SET:: "DHE-DSS-AES128-SHA";
                                                DHE-RSA-CAMELLIA128-SHA == 0x0000200000000000 :SET:: "DHE-RSA-CAMELLIA128-SHA";
						DHE-DSS-CAMELLIA128-SHA == 0x0000400000000000 :SET:: "DHE-DSS-CAMELLIA128-SHA";
                                                AES256-GCM-SHA384 == 0x0000800000000000 :SET:: "AES256-GCM-SHA384";
						AES256-CCM8 == 0x0001000000000000 :SET:: "AES256-CCM8";
                                                AES256-CCM == 0x0002000000000000 :SET:: "AES256-CCM";
						AES128-GCM-SHA256 == 0x0004000000000000 :SET:: "AES128-GCM-SHA256";
                                                AES128-CCM8 == 0x0008000000000000 :SET:: "AES128-CCM8";
                                                AES128-CCM == 0x0010000000000000 :SET:: "AES128-CCM";
                                                AES256-SHA256 == 0x0020000000000000 :SET:: "AES256-SHA256";
                                                CAMELLIA256-SHA256 == 0x0040000000000000 :SET:: "CAMELLIA256-SHA256";
                                                AES128-SHA256 == 0x0080000000000000 :SET:: "AES128-SHA256";
						CAMELLIA128-SHA256 == 0x0100000000000000 :SET:: "CAMELLIA128-SHA256";
                                                AES256-SHA == 0x0200000000000000 :SET:: "AES256-SHA";
                                                CAMELLIA256-SHA == 0x0400000000000000 :SET:: "CAMELLIA256-SHA";
						AES128-SHA == 0x0800000000000000 :SET:: "AES128-SHA";
                                                CAMELLIA128-SHA == 0x1000000000000000 :SET:: "CAMELLIA128-SHA";
						DHE-RSA-SEED-SHA == 0x2000000000000000 :SET:: "DHE-RSA-SEED-SHA";
						ECDHE-RSA-DES-CBC3-SHA == 0x4000000000000000 :SET:: "ECDHE-RSA-DES-CBC3-SHA";
						DES-CBC3-SHA == 0x8000000000000000 :SET:: "DES-CBC3-SHA";
                                        }
                                }
                ATTR OPTION "tls13-custom-cipher" "TLSv1.3 custom cipher-suite" 4272 {
                    condition = 996:EQ:0;
                    condition = 4275:EQ:1;
                    multi_opt = 1;
                    CHOICES {
                        TLS_AES_256_GCM_SHA384 == 0x0000000000000001 :SET:: "TLS_AES_256_GCM_SHA384(TLSv13)";
                        TLS_CHACHA20_POLY1305_SHA256 == 0x0000000000000002 :SET:: "TLS_CHACHA20_POLY1305_SHA256(TLSv13)";
                        TLS_AES_128_GCM_SHA256 == 0x0000000000000004 :SET:: "TLS_AES_128_GCM_SHA256(TLSv13)";
                        TLS_AES_128_CCM_SHA256 == 0x0000000000000008 :SET:: "TLS_AES_128_CCM_SHA256(TLSv13)";
                        TLS_AES_128_CCM_8_SHA256 == 0x0000000000000010 :SET:: "TLS_AES_128_CCM_8_SHA256(TLSv13)";
                    }
                }


				ATTR OPTION_EN "hsts-header" "hsts header support" 4291 {
                                        condition = 4275:EQ:1;
					defaultval = disable;
				}
				ATTR INT "hsts-max-age" "hsts max age value" 4292 {
                                        condition = 4275:EQ:1;
                                        condition = 4291:EQ:1;
					VALIDATE RANGE 3600:31536000;
					defaultval = 15552000;
				}
				ATTR DATASOURCE "hpkp-header" "hpkp header support" 4375 {
					condition = 4275:EQ:1;
					datasource = "9390";
				}
				ATTR OPTION_EN "client-certificate-forwarding" "client certificate forwarding" 4298 {
                                        condition = 4275:EQ:1;
					defaultval = disable;
				}
				ATTR STRING "client-certificate-forwarding-sub-header" "custom header of client certificate forwarding subject" 
				4399 {
					condition = 4275:EQ:1;
					confition = 4298:EQ:1;
					defaultval = "X-Client-DN";
				}
				ATTR STRING "client-certificate-forwarding-cert-header" "custom header of client certificate forwarding certificate" 
				9429 {
					condition = 4275:EQ:1;
					confition = 4298:EQ:1;
					defaultval = "X-Client-Cert";
				}				
				ATTR OPTION_EN "health-check-inherit" "inherit serverpool\'s health check" 4296 {
					defaultval = enable;
				}
				ATTR DATASOURCE "health" "health check" 4297 {
					brieflist = 1;
                                        condition = 4296:EQ:0;
					datasource = "3900";
				}
				ATTR INT "conn-limit" "set connection limit" 4366 {
					VALIDATE RANGE 0:1048576;
					defaultval = 0;
				}
				ATTR INT "recover" "seconds to postpone forwarding traffic after downtime" 4367 {
					condition = 491:EQ:2;
					VALIDATE RANGE 0:86400;
					defaultval = 0;
				}
				ATTR INT "warm-up" "how long to forward traffic at a lesser rate" 4368 {
					condition = 491:EQ:2;
					VALIDATE RANGE 0:86400;
					defaultval = 0;
				}
				ATTR INT "warm-rate" "maximum connection rate while the server is starting up" 4369 {
					condition = 491:EQ:2;
					VALIDATE RANGE 1:86400;
					defaultval = 10;
				}
                ATTR OPTION_EN "http2" "http2 enable/disable" 4376 {
                    #condition = 4275:eq:1;
                    defaultval = disable;
                }

                ATTR OPTION "http2-ssl-custom-cipher" "SSL http2 custom cipher-suite" 4432 {
                    condition = 996:EQ:0;
                    condition = 4275:EQ:1;
                    #condition = 4289:EQ:3;
                    condition = 4376:EQ:1;
                    multi_opt = 1;
                    CHOICES {
                        ECDHE-RSA-AES256-GCM-SHA384   == 0x0000000000000002 :SET:: "ECDHE-RSA-AES256-GCM-SHA384";
                        ECDHE-ECDSA-AES256-GCM-SHA384 == 0x0000000000000001 :SET:: "ECDHE-ECDSA-AES256-GCM-SHA384";
                        ECDHE-RSA-AES128-GCM-SHA256   == 0x0000000000001000 :SET:: "ECDHE-RSA-AES128-GCM-SHA256";
                        ECDHE-ECDSA-AES128-GCM-SHA256 == 0x0000000000000800 :SET:: "ECDHE-ECDSA-AES128-GCM-SHA256";
                        DHE-DSS-AES128-GCM-SHA256     == 0x0000000000002000 :SET:: "DHE-DSS-AES128-GCM-SHA256";
                        DHE-RSA-AES128-GCM-SHA256     == 0x0000000000004000 :SET:: "DHE-RSA-AES128-GCM-SHA256";
                        DHE-RSA-AES256-GCM-SHA384     == 0x0000000000000008 :SET:: "DHE-RSA-AES256-GCM-SHA384";
                        ECDHE-ECDSA-CHACHA20-POLY1305 == 0x0000000000000010 :SET:: "ECDHE-ECDSA-CHACHA20-POLY1305";
                        ECDHE-RSA-CHACHA20-POLY1305   == 0x0000000000000020 :SET:: "ECDHE-RSA-CHACHA20-POLY1305";
                    }
                }


				ATTR STRING "hlck-domain" "health check domain name" 4803 {
					VALIDATE NO_XSS RELAXED;
                        		brieflist = 1;
				}
			}
		} 
	}
}

DOMAIN TABLE "server-policy http-content-routing-policy" "http-content-routing-policy" 4060 {
	TABLENAME STRING "name" "name" 4061 {
		VALIDATE NO_XSS RELAXED;
		brieflist = 1;
		ATTR DATASOURCE "server-pool" "server pool" 4062 {
			brieflist = 1;
			datasource = "4240";
			parseflag = "must";
		}
		ATTR UINT "http-content-routing-id" "http content routing id" 4071 {
			#parseflag = "hidden";
			ha_not_sync = 0;
			brieflist = 1;
		}
		TABLE "content-routing-match-list" "content routing match list" 4063 {
			parseflag = "movable";
			TABLENAME INT "<No.>" "name of http content routing policy list " 4064 {
				ATTR OPTION "match-object" "match object" 4065 {
					CHOICES {
						http-host == 1 ::: "HTTP Host";
						http-request == 2 ::: "HTTP URL";
						url-parameter == 3 ::: "HTTP URL Parameter";
						http-referer == 4 ::: "HTTP Referer";
						http-cookie == 5 ::: "HTTP Cookie";
						http-header == 6 ::: "HTTP Header";
						source-ip == 7 ::: "Source IP";
						x509-certificate-Subject == 8 ::: "HTTPS client X509 certificate subject";    
						x509-certificate-Extension == 9 ::: "HTTPS client X509 certificate extension";
						https-sni == 11 ::: "HTTPS Server Name Indication";
						geo-ip == 12 ::: "Source IP Country";
					}
					defaultval = http-host;
				}
				ATTR OPTION "match-condition" "match condition" 4066 {
					condition = 4065:NE:3;
					condition = 4065:NE:5;
					condition = 4065:NE:6;
					condition = 4065:NE:8;
					condition = 4065:NE:9;
					condition = 4065:NE:12;
					CHOICES {
						match-begin == 1 ::: "Match begin";
						match-end == 2 ::: "Match end";
						match-sub == 3 ::: "Match sub";
						match-domain == 4 ::: "Match domain";
						match-dir == 5 ::: "Match directory";
						match-reg == 6 ::: "Match regular expression";
						ip-range == 7 ::: "Match IPv4/Address Range";
						ip-range6 == 8 ::: "Match IPv6/Address Range";
						equal == 9 ::: "Match equal";
					}
					defaultval = match-begin;
				}
				ATTR OPTION "x509-subject-name" "match x509-subject-name" 4067 {                              
					condition = 4065:EQ:8;
					CHOICES {                                                                             
						E == 1 ::: "emailAddress";                  
						CN == 2 ::: "commonName";                   
						OU == 3 ::: "organizationalUnitName";                                            
						O == 4 ::: "organizationName";                                                     
						L == 5 ::: "localityName";                                                    
						ST == 6 ::: "stateOrProvinceName";                                                       
						C == 7 ::: "countryName";                                                         
					}                                                                                     
					defaultval = E;                                                                       
				}          
#				ATTR STRING "regular-expression" "regular expression" 4067 {
#					condition = 4065:NE:5;
#					condition = 4066:EQ:6;
#				}
				ATTR STRING "match-expression" "match simple string" 4068 {
					#VALIDATE NO_XSS RELAXED;
					condition = 4065:NE:3;
					condition = 4065:NE:5;
					condition = 4065:NE:9;
					condition = 4065:NE:6;
					condition = 4065:eq:7;
					condition = 4065:NE:12;
					condition = 4066:NE:7;
					condition = 4066:NE:8;
				}
				ATTR STRING "name" "match string for name" 4069 {
					#VALIDATE NO_XSS RELAXED;
					condition = 4065:eq:3;
					condition = 4065:eq:5;
					condition = 4065:eq:6;
					condition = 4065:NE:8;
					condition = 4065:NE:9;
					condition = 4065:NE:12;
				}
				ATTR STRING "value" "match string for value" 4070 {
					#VALIDATE NO_XSS RELAXED;
					condition = 4065:eq:3;
					condition = 4065:eq:5;
					condition = 4065:eq:6;
					condition = 4065:NE:8;
					condition = 4065:eq:9;
					condition = 4065:NE:12;
				}
				ATTR OPTION "concatenate" "match concatenate" 4072 {
					CHOICES {
						and == 2 ::: "Relationship with next rule: and";
						or == 3 ::: "Relationship with next rule: or";
					}
					defaultval = and;
				}
				ATTR OPTION "name-match-condition" "match condition" 4073{
					condition = 4065:eq:3;
					condition = 4065:eq:5;
					condition = 4065:eq:6;
					condition = 4065:NE:8;
					condition = 4065:NE:9;
					condition = 4065:NE:12;
					CHOICES {
						match-begin == 1 ::: "Match begin";
						match-end == 2 ::: "Match end";
						match-sub == 3 ::: "Match sub";
						match-reg == 6 ::: "Match regular expression";
						equal == 9 ::: "Match equal";
					}
					defaultval = match-begin;
				}
				ATTR OPTION "value-match-condition" "match condition" 4074{
					condition = 4065:eq:3;
					condition = 4065:eq:5;
					condition = 4065:eq:6;
					condition = 4065:NE:8;
					condition = 4065:eq:9;
					condition = 4065:NE:12;
					CHOICES {
						match-begin == 1 ::: "Match begin";
						match-end == 2 ::: "Match end";
						match-sub == 3 ::: "Match sub";
						match-reg == 6 ::: "Match regular expression";
						equal == 9 ::: "Match equal";
					}
					defaultval = match-begin;
				}
				ATTR STRING "start-ip" "Match IP range start IP" 4700 {
					condition = 4066:eq:7;
					condition = 4066:eq:8;
				}
				ATTR STRING "end-ip" "Match IP range end IP" 4701 {
					condition = 4066:eq:7;
					condition = 4066:eq:8;
				}
				ATTR OPTION_EN "reverse" "enable/disable content-routing-reverse" 4077 {
					defaultval = disable;
					brieflist = 1;
				}
				ATTR STRING "country-list" "Match country name list" 4079 {
					condition = 4065:eq:12;
				}
			}
		}
	}
}

GLOBAL COMPLEX "system feature-visibility" "feature visibility" 9460 {
	ATTR OPTION_EN "ftp-security" "disable/enable" 9461 {
		parseflag = @{all=null;FWB_DOCKER=skip};
		defaultval = disable;
		brieflist = 1;	
	}

	ATTR OPTION_EN "device-tracking" "disable/enable" 9462 {
		defaultval = enable;
		brieflist = 1;	
	}
	
	ATTR OPTION_EN "traffic-mirror" "disable/enable" 9463 {
		defaultval = disable;
		brieflist = 1;	
	}
	
	ATTR OPTION_EN "mobile-app-identification" "disable/enable" 9464 {
		defaultval = disable;
		brieflist = 1;	
	}	

	ATTR OPTION_EN "adfs-policy" "disable/enable" 9465 {
		defaultval = disable;
		brieflist = 1;	
	}
}

GLOBAL COMPLEX "system fabric-connectors" "Fabric Connectors" 1300 {
	parseflag = @{all=skip;FWB_AZURE|FWB_AZURE_ONDEMAND|FWB_OCI|FWB_OCI_ONDEMAND=null};
	ATTR STRING "name" "connector name" 1301 {
		parseflag = @{all=skip;FWB_AZURE|FWB_AZURE_ONDEMAND|FWB_OCI|FWB_OCI_ONDEMAND=null};
		brieflist = 1;
	}
	ATTR OPTION "type" "connector platform type" 1302 {
		parseflag = @{all=skip;FWB_AZURE|FWB_AZURE_ONDEMAND|FWB_OCI|FWB_OCI_ONDEMAND=null};
		CHOICES {
			oci == 1 ::: "Oracle Cloud Infrastructure Platform";
			azure == 2 ::: "MicroSoft Azure Platform";
		}
		#defaultval = OCI;
		brieflist = 1;
	}
	ATTR STRING "tenant-ocid" "OCI tenant ID" 1310 {
		parseflag = @{all=skip;FWB_OCI|FWB_OCI_ONDEMAND=null};
		condition = 1302:eq:1;
		brieflist = 1;
	}
	ATTR STRING "user-ocid" "OCI user ID" 1311 {
		parseflag = @{all=skip;FWB_OCI|FWB_OCI_ONDEMAND=null};
		condition = 1302:eq:1;
		brieflist = 1;
	}
	ATTR STRING "compartment-ocid" "OCI compartment ID" 1312 {
		parseflag = @{all=skip;FWB_OCI|FWB_OCI_ONDEMAND=null};
		condition = 1302:eq:1;
		brieflist = 1;
	}
	ATTR STRING "loadbalancer-ocid" "OCI loadbalancer ID" 1313 {
		parseflag = @{all=skip;FWB_OCI|FWB_OCI_ONDEMAND=null};
		condition = 1302:eq:1;
		brieflist = 1;
	}
	ATTR OPTION "server-region" "server region of your resources" 1314 {
		parseflag = @{all=skip;FWB_OCI|FWB_OCI_ONDEMAND=null};
		condition = 1302:eq:1;
		CHOICES {
			ca-toronto-server == 1 ::: "Canada Toronto Server";
			eu-frankfurt-server == 2 ::: "European Union Frankfurt Server";
			uk-london-server == 3 ::: "United Kingdom London Server";
			us-ashburn-server == 4 ::: "United States Ashburn Server";
			us-phoenix-server == 5 ::: "United States Phoenix Server";
			ap-tokyo-server == 6 ::: "Japan Tokyo Server";
			ap-seoul-server == 7 ::: "South Korea Seoul Server";
		}
		defaultval = us-ashburn-server;
		brieflist = 1;
	}
	ATTR USER "private-key" "private-key PEM format string" 1315 {
		parseflag =  @{all=skip;FWB_OCI|FWB_OCI_ONDEMAND=null};
		condition = 1302:eq:1;
		#brieflist = 1;
	}
	ATTR INT "pkey-flag" "private key change flag" 1316 {
		brieflist = 1;
		parseflag = "hidden";
		condition = 1302:eq:1;
	}

	ATTR STRING "rg-name" "name of azure resouce group" 1320 {
		parseflag = @{all=skip;FWB_AZURE|FWB_AZURE_ONDEMAND=null};
		condition = 1302:eq:2;
		brieflist = 1;
	}
	ATTR STRING "sub-id" "ID of azure subscription" 1321 {
		parseflag = @{all=skip;FWB_AZURE|FWB_AZURE_ONDEMAND=null};
		condition = 1302:eq:2;
		brieflist = 1;
	}
	ATTR STRING "tenant-id" "ID of azure azure subscription tenant" 1322 {
		parseflag = @{all=skip;FWB_AZURE|FWB_AZURE_ONDEMAND=null};
		condition = 1302:eq:2;
		brieflist = 1;
	}
	ATTR PASSWD "pass" "password of azure AD Application" 1323 {
		parseflag = @{all=skip;FWB_AZURE|FWB_AZURE_ONDEMAND=null};
		condition = 1302:eq:2;
		brieflist = 1;
	}
	ATTR STRING "app-id" "ID of azure AD Application" 1324 {
		parseflag = @{all=skip;FWB_AZURE|FWB_AZURE_ONDEMAND=null};
		condition = 1302:eq:2;
		brieflist = 1;
	}
	ATTR STRING "nicFWBA" "name of interface in ha one instance" 1325 {
		parseflag = @{all=skip;FWB_AZURE|FWB_AZURE_ONDEMAND=null};
		condition = 1302:eq:2;
		brieflist = 1;
	}
	ATTR STRING "nicFWBB" "name of interface in ha other instance" 1326 {
		parseflag = @{all=skip;FWB_AZURE|FWB_AZURE_ONDEMAND=null};
		condition = 1302:eq:2;
		brieflist = 1;
	}
	ATTR STRING "public-ip" "name of public ip" 1327 {
		parseflag = @{all=skip;FWB_AZURE|FWB_AZURE_ONDEMAND=null};
		condition = 1302:eq:2;
		brieflist = 1;
	}
}

DOMAIN TABLE "server-policy traffic-mirror" "traffic mirror" 9620 {
	TABLENAME STRING "name" "traffic mirror name" 9621 {
		TABLE "mirror-rule" "traffic mirror rule" 9622 {
			TABLENAME INT "<No.>" "name traffic mirror rule" 9623 {
				ATTR OPTION "mode" "mirror rule mode" 9624 {
                                        CHOICES {
                                                direct == 1 ::: "direct";
                                                switch == 2 ::: "switch";
                                                server == 3 ::: "server";
                                        }
                                        defaultval = direct;
					brieflist = 1;
                                }				
				ATTR DATASOURCE "interface" "interface name" 9625 {
					datasource = "440";
					condition = 9624:eq:1;
					condition = 9624:eq:2;
					filter = 442:EQ:0;
					brieflist = 1;
				}
				ATTR STRING "destination-mac" "destination mac" 9626 {
                                        condition = 9624:EQ:2;
                                }
				ATTR IPADDR "server-ip" "server ip address" 9627 {
                                        subnet_type = network;
                                        condition = 9624:eq:3;
				}	
				ATTR INT "server-port" "server port" 9628 {
					VALIDATE RANGE 1:65535;
                                        condition = 9624:eq:3;
				}
			}	
		}
	}
}

DOMAIN TABLE "server-policy policy" "server policy" 4300 {
	TABLENAME STRING "name" "policy name" 4301 {
		VALIDATE NO_XSS RELAXED;
		brieflist = 1;
		ATTR OPTION "deployment-mode" "deployment mode" 4302 {
			CHOICES {
				server-pool == 4 ::: "Single Server/Server Pool";
				http-content-routing == 1 ::: "HTTP content routing";
				offline-protection == 2 ::: "offline protection";
				transparent-servers == 3 ::: "transparent servers";
				wccp-servers == 5 ::: "wccp servers";
			}
			defaultval = server-pool;
			parseflag = "keeporder";
			brieflist = 1;
		}
		ATTR OPTION "protocol" "protocol" 4348 {
			CHOICES {
				HTTP == 0 ::: "HTTP";
				FTP == 1 ::: "FTP";
				ADFSPIP == 2 ::: "ADFSPIP";
				TCPPROXY == 3 ::: "TCPPROXY";
			}
			defaultval = HTTP;
			parseflag = "unchangable";
			condition = 491:eq:2; 
			brieflist = 1;
		}
		ATTR OPTION_EN "ssl" "ssl switch" 4310 {
			brieflist = 1;
			condition = 491:eq:2;
			defaultval = disable;
		}
		ATTR OPTION_EN "implicit_ssl" "implicit ssl switch" 4377 {
			condition = 4348:EQ:1; 
			condition = 4310:EQ:1; 
			brieflist = 1;
			defaultval = disable;
		}
		ATTR DATASOURCE "vserver" "vserver" 4303 {
			condition = 491:eq:2; 
			datasource = "4050";
			parseflag = "must,keeporder";
			brieflist = 1;
		}
		ATTR DATASOURCE "v-zone" "v-zone" 4304 {
			datasource = "600";
			parseflag = "must,keeporder";
			brieflist = 1;
			condition = 491:eq:1;
			condition = 491:eq:8;
		}
		ATTR DATASOURCE "service" "service" 4305 {
			condition = 491:EQ:2; 
			datasource = "4030, 4040";
			parseflag = "keeporder";
			brieflist = 1;
		}
		ATTR OPTION_EN "proxy-protocol" "policy proxy protocol switch" 4378 {
			brieflist = 1;
			condition = 491:eq:1;
			condition = 491:eq:2;
			defaultval = disable;
		}	

		ATTR OPTION_EN "use-proxy-protocol-addr" "use addr from proxy protocol for security checking" 4379 {
			brieflist = 1;
			defaultval = enable;
		}		

 		ATTR DATASOURCE "ftp-protection-profile" "ftp application protection profile" 4380 {
			datasource = "9400";
			condition = 4348:EQ:1; 
			parseflag = "keeporder";
			brieflist = 1;
		}
		ATTR DATASOURCE "web-protection-profile" "web application protection profile" 4336 {
			datasource = "6240, 6340";
			condition = 4348:eq:0;
			condition = 4348:eq:2;
			parseflag = "keeporder";
			brieflist = 1;
		}
		ATTR DATASOURCE "replacemsg" "replacement message template" 4306 {
			datasource = "1960";
			#parseflag = "must";
			brieflist = 1;
		}
		ATTR DATASOURCE "server-pool" "server pool" 4307 {
			datasource = "4240";
			parseflag = "must,keeporder";
			condition = 4302:ne:1;
			brieflist = 1;
		}
		ATTR OPTION_EN "traffic-mirror" "traffic mirror switch" 4350 {
			brieflist = 1;
			condition = 491:eq:1;
			condition = 491:eq:2;
			defaultval = disable;
		}
		ATTR DATASOURCE "traffic-mirror-profile" "traffic mirror profile" 4397 {
			datasource = "9620";
			condition = 491:eq:1;
			condition = 491:eq:2;
			condition = 4350:EQ:1; 
			parseflag = "must,keeporder";
			brieflist = 1;
		}
		ATTR OPTION "traffic-mirror-type" "traffic mirror type" 4398 {
			CHOICES {
				client-side == 1 ::: "CLIENT-SIDE";
				server-side == 2 ::: "SERVER-SIDE";
				both-side == 3 ::: "BOTH-SIDE";
			}
			defaultval = client-side;
			condition = 491:eq:1;
			condition = 491:eq:2;
			condition = 4350:EQ:1; 
			brieflist = 1;
		}
		ATTR DATASOURCE "allow-hosts" "allow hosts" 4308 {
			datasource = "4140";
			condition = 4348:EQ:0; 
			parseflag = "keeporder";
			brieflist = 1;
		}
#		ATTR INT "persistent-server-sessions" "max persistent server sessions" 4309 {
#			defaultval = @{all=1000;FWB_1000C=3000;FWB_3000C=10000;FWB_4000C=20000;FWB_3000D=50000;FWB_3000DFSX=50000;FWB_4000D=50000};
#			parseflag = "keeporder";
#			brieflist = 1;
#		}

#if open ftp protocol, need change 4310->4349
		ATTR DATASOURCE "https-service" "https service" 4349 {
			condition = 491:EQ:2;
			condition = 4348:NE:1; 
			datasource = "4030,4040";
			parseflag = "keeporder";
                        brieflist = 1;
		}
                ATTR OPTION_EN "multi-certificate" "enable multi certificate" 4395 {
			condition = 491:EQ:2; 
                        condition = 4310:GT:0;
			condition = 4348:NE:1; 
                        defaultval = disable;
                        parseflag = "keeporder";
                        brieflist = 1;
                }
		ATTR DATASOURCE "adfs-certificate-service" "adfspip certificate service" 4355 {
			condition = 491:EQ:2;
			condition = 4348:EQ:2; 
			datasource = "4030,4040";
			parseflag = "keeporder";
                        brieflist = 1;
		}
		ATTR DATASOURCE "adfs-certificate-ssl-client-verify" "SSL client certificate verify" 4357 {
			condition = 491:EQ:2; 
                        condition = 4310:GT:0;
			condition = 4348:NE:1;
			datasource = "940";
			parseflag = "keeporder";
                        brieflist = 1;
		}


		ATTR DATASOURCE "certificate" "certificate" 4311 {
			condition = 491:EQ:2; 
                        condition = 4310:GT:0;
                        condition = 4395:EQ:0;
			datasource = "870";
			parseflag = "keeporder";
                        brieflist = 1;
		}
		ATTR DATASOURCE "certificate-group" "multi certificate group" 4396 {
			condition = 491:EQ:2; 
                        condition = 4310:GT:0;
                        condition = 4395:EQ:1;
			condition = 4348:NE:1; 
			datasource = "1014";
			parseflag = "keeporder";
                        brieflist = 1;
		}
		ATTR DATASOURCE "intermediate-certificate-group" "Intermediate Certificate Group" 4312 {
			condition = 491:EQ:2; 
                        condition = 4310:GT:0;
			datasource = "920";
			parseflag = "keeporder";
                        brieflist = 1;
		}
		ATTR DATASOURCE "ssl-client-verify" "SSL client certificate verify" 4313 {
			condition = 491:EQ:2; 
                        condition = 4310:GT:0;
			condition = 4348:NE:1;
			datasource = "940";
			parseflag = "keeporder";
                        brieflist = 1;
		}
                ATTR OPTION_EN "tls-v10" "TLS 1.0 protocol status" 4351 {
			condition = 491:EQ:2; 
                        condition = 4310:GT:0;
                        defaultval = enable;
                        parseflag = "keeporder";
                        brieflist = 1;
                }
                ATTR OPTION_EN "tls-v11" "TLS 1.1 protocol status" 4352 {
			condition = 491:EQ:2; 
                        condition = 4310:GT:0;
                        defaultval = enable;
                        parseflag = "keeporder";
                        brieflist = 1;
                }
                ATTR OPTION_EN "tls-v12" "TLS 1.2 protocol status" 4353 {
                        condition = 491:EQ:2;
                        condition = 4310:GT:0;
                        defaultval = enable;
                        parseflag = "keeporder";
                        brieflist = 1;
                }
		ATTR OPTION_EN "tls-v13" "TLS 1.3 protocol status" 4345 {
			condition = 491:EQ:2;
			condition = 4310:GT:0;
			defaultval = disable;
			parseflag = "keeporder";
			brieflist = 1;
		}
		ATTR OPTION_EN "ssl-noreg" "SSL no renegotiate" 4354 {
			condition = 491:EQ:2; 
                        condition = 4310:GT:0;
                        defaultval = enable;
                        parseflag = "keeporder";
                        brieflist = 1;
                }
               	ATTR OPTION "ssl-cipher" "SSL cipher-suite" 4356 {
			condition = 491:EQ:2; 
			condition = 996:EQ:0;
                        condition = 4310:GT:0;
			CHOICES {
				medium == 1 ::: "medium security SSL cipher-suites";
				high == 2 ::: "high security SSL cipher-suites";
                                custom == 3 ::: "custom SSL cipher-suites";
			}
			defaultval = medium;
                        brieflist = 1;
		}
                ATTR OPTION "ssl-custom-cipher" "SSL custom cipher-suite" 4363 {
			condition = 491:EQ:2; 
			condition = 996:EQ:0;
                        condition = 4310:GT:0;
#			condition = 4356:EQ:3;
			multi_opt = 1;
                        CHOICES {
                                ECDHE-ECDSA-AES256-GCM-SHA384 == 0x0000000000000001 :SET:: "ECDHE-ECDSA-AES256-GCM-SHA384";
				ECDHE-RSA-AES256-GCM-SHA384 == 0x0000000000000002 :SET:: "ECDHE-RSA-AES256-GCM-SHA384";
                                DHE-DSS-AES256-GCM-SHA384 == 0x0000000000000004 :SET:: "DHE-DSS-AES256-GCM-SHA384";
				DHE-RSA-AES256-GCM-SHA384 == 0x0000000000000008 :SET:: "DHE-RSA-AES256-GCM-SHA384";
                                ECDHE-ECDSA-CHACHA20-POLY1305 == 0x0000000000000010 :SET:: "ECDHE-ECDSA-CHACHA20-POLY1305";
				ECDHE-RSA-CHACHA20-POLY1305 == 0x0000000000000020 :SET:: "ECDHE-RSA-CHACHA20-POLY1305";
				DHE-RSA-CHACHA20-POLY1305 == 0x0000000000000040 :SET:: "DHE-RSA-CHACHA20-POLY1305";
                                ECDHE-ECDSA-AES256-CCM8 == 0x0000000000000080 :SET:: "ECDHE-ECDSA-AES256-CCM8";
                                ECDHE-ECDSA-AES256-CCM == 0x0000000000000100 :SET:: "ECDHE-ECDSA-AES256-CCM";
				DHE-RSA-AES256-CCM8 == 0x0000000000000200 :SET:: "DHE-RSA-AES256-CCM8";
                                DHE-RSA-AES256-CCM == 0x0000000000000400 :SET:: "DHE-RSA-AES256-CCM";
				ECDHE-ECDSA-AES128-GCM-SHA256 == 0x0000000000000800 :SET:: "ECDHE-ECDSA-AES128-GCM-SHA256";
                                ECDHE-RSA-AES128-GCM-SHA256 == 0x0000000000001000 :SET:: "ECDHE-RSA-AES128-GCM-SHA256";
				DHE-DSS-AES128-GCM-SHA256 == 0x0000000000002000 :SET:: "DHE-DSS-AES128-GCM-SHA256";
                                DHE-RSA-AES128-GCM-SHA256 == 0x0000000000004000 :SET:: "DHE-RSA-AES128-GCM-SHA256";
				ECDHE-ECDSA-AES128-CCM8 == 0x0000000000008000 :SET:: "ECDHE-ECDSA-AES128-CCM8";
                                ECDHE-ECDSA-AES128-CCM == 0x0000000000010000 :SET:: "ECDHE-ECDSA-AES128-CCM";
				DHE-RSA-AES128-CCM8 == 0x0000000000020000 :SET:: "DHE-RSA-AES128-CCM8";
                                DHE-RSA-AES128-CCM == 0x0000000000040000 :SET:: "DHE-RSA-AES128-CCM";
				ECDHE-ECDSA-AES256-SHA384 == 0x0000000000080000 :SET:: "ECDHE-ECDSA-AES256-SHA384";
                                ECDHE-RSA-AES256-SHA384 == 0x0000000000100000 :SET:: "ECDHE-RSA-AES256-SHA384";
                                DHE-RSA-AES256-SHA256 == 0x0000000000200000 :SET:: "DHE-RSA-AES256-SHA256";
                                DHE-DSS-AES256-SHA256 == 0x0000000000400000 :SET:: "DHE-DSS-AES256-SHA256";
                                ECDHE-ECDSA-CAMELLIA256-SHA384 == 0x0000000000800000 :SET:: "ECDHE-ECDSA-CAMELLIA256-SHA384";
                                ECDHE-RSA-CAMELLIA256-SHA384 == 0x0000000001000000 :SET:: "ECDHE-RSA-CAMELLIA256-SHA384";
				DHE-RSA-CAMELLIA256-SHA256 == 0x0000000002000000 :SET:: "DHE-RSA-CAMELLIA256-SHA256";
                                DHE-DSS-CAMELLIA256-SHA256 == 0x0000000004000000 :SET:: "DHE-DSS-CAMELLIA256-SHA256";
				ECDHE-ECDSA-AES128-SHA256 == 0x0000000008000000 :SET:: "ECDHE-ECDSA-AES128-SHA256";
                                ECDHE-RSA-AES128-SHA256 == 0x0000000010000000 :SET:: "ECDHE-RSA-AES128-SHA256";
				DHE-RSA-AES128-SHA256 == 0x0000000020000000 :SET:: "DHE-RSA-AES128-SHA256";
                                DHE-DSS-AES128-SHA256 == 0x0000000040000000 :SET:: "DHE-DSS-AES128-SHA256";
                                ECDHE-ECDSA-CAMELLIA128-SHA256 == 0x0000000080000000 :SET:: "ECDHE-ECDSA-CAMELLIA128-SHA256";
				ECDHE-RSA-CAMELLIA128-SHA256 == 0x0000000100000000 :SET:: "ECDHE-RSA-CAMELLIA128-SHA256";
                                DHE-RSA-CAMELLIA128-SHA256 == 0x0000000200000000 :SET:: "DHE-RSA-CAMELLIA128-SHA256";
				DHE-DSS-CAMELLIA128-SHA256 == 0x0000000400000000 :SET:: "DHE-DSS-CAMELLIA128-SHA256";
                                ECDHE-ECDSA-AES256-SHA == 0x0000000800000000 :SET:: "ECDHE-ECDSA-AES256-SHA";
				ECDHE-RSA-AES256-SHA == 0x0000001000000000 :SET:: "ECDHE-RSA-AES256-SHA";
				DHE-RSA-AES256-SHA == 0x0000002000000000 :SET:: "DHE-RSA-AES256-SHA";
                                DHE-DSS-AES256-SHA == 0x0000004000000000 :SET:: "DHE-DSS-AES256-SHA";
                                DHE-RSA-CAMELLIA256-SHA == 0x0000008000000000 :SET:: "DHE-RSA-CAMELLIA256-SHA";
				DHE-DSS-CAMELLIA256-SHA == 0x0000010000000000 :SET:: "DHE-DSS-CAMELLIA256-SHA";
                                ECDHE-ECDSA-AES128-SHA == 0x0000020000000000 :SET:: "ECDHE-ECDSA-AES128-SHA";
				ECDHE-RSA-AES128-SHA == 0x0000040000000000 :SET:: "ECDHE-RSA-AES128-SHA";
                                DHE-RSA-AES128-SHA == 0x0000080000000000 :SET:: "DHE-RSA-AES128-SHA";
				DHE-DSS-AES128-SHA == 0x0000100000000000 :SET:: "DHE-DSS-AES128-SHA";
                                DHE-RSA-CAMELLIA128-SHA == 0x0000200000000000 :SET:: "DHE-RSA-CAMELLIA128-SHA";
				DHE-DSS-CAMELLIA128-SHA == 0x0000400000000000 :SET:: "DHE-DSS-CAMELLIA128-SHA";
                                AES256-GCM-SHA384 == 0x0000800000000000 :SET:: "AES256-GCM-SHA384";
				AES256-CCM8 == 0x0001000000000000 :SET:: "AES256-CCM8";
                                AES256-CCM == 0x0002000000000000 :SET:: "AES256-CCM";
				AES128-GCM-SHA256 == 0x0004000000000000 :SET:: "AES128-GCM-SHA256";
                                AES128-CCM8 == 0x0008000000000000 :SET:: "AES128-CCM8";
                                AES128-CCM == 0x0010000000000000 :SET:: "AES128-CCM";
                                AES256-SHA256 == 0x0020000000000000 :SET:: "AES256-SHA256";
                                CAMELLIA256-SHA256 == 0x0040000000000000 :SET:: "CAMELLIA256-SHA256";
                                AES128-SHA256 == 0x0080000000000000 :SET:: "AES128-SHA256";
				CAMELLIA128-SHA256 == 0x0100000000000000 :SET:: "CAMELLIA128-SHA256";
                                AES256-SHA == 0x0200000000000000 :SET:: "AES256-SHA";
                                CAMELLIA256-SHA == 0x0400000000000000 :SET:: "CAMELLIA256-SHA";
				AES128-SHA == 0x0800000000000000 :SET:: "AES128-SHA";
                                CAMELLIA128-SHA == 0x1000000000000000 :SET:: "CAMELLIA128-SHA";
				DHE-RSA-SEED-SHA == 0x2000000000000000 :SET:: "DHE-RSA-SEED-SHA";
				ECDHE-RSA-DES-CBC3-SHA == 0x4000000000000000 :SET:: "ECDHE-RSA-DES-CBC3-SHA";
				DES-CBC3-SHA == 0x8000000000000000 :SET:: "DES-CBC3-SHA";
			}
		}
		ATTR OPTION "tls13-custom-cipher" "TLSv1.3 custom cipher-suite" 4195 {
			condition = 491:EQ:2; 
			condition = 996:EQ:0;
			condition = 4310:GT:0;
			multi_opt = 1;
			CHOICES {
				TLS_AES_256_GCM_SHA384 == 0x0000000000000001 :SET:: "TLS_AES_256_GCM_SHA384(TLSv13)";
				TLS_CHACHA20_POLY1305_SHA256 == 0x0000000000000002 :SET:: "TLS_CHACHA20_POLY1305_SHA256(TLSv13)";
				TLS_AES_128_GCM_SHA256 == 0x0000000000000004 :SET:: "TLS_AES_128_GCM_SHA256(TLSv13)";
				TLS_AES_128_CCM_SHA256 == 0x0000000000000008 :SET:: "TLS_AES_128_CCM_SHA256(TLSv13)";
				TLS_AES_128_CCM_8_SHA256 == 0x0000000000000010 :SET:: "TLS_AES_128_CCM_8_SHA256(TLSv13)";
			}
		}
		ATTR OPTION_EN "sni" "SNI status" 4338 {
			condition = 491:EQ:2; 
			condition = 4310:GT:0;
			condition = 4348:NE:1;
			defaultval = disable;
			parseflag = "keeporder";
			brieflist = 1;
		}
		ATTR DATASOURCE "sni-certificate" "SNI Certificate" 4339 {
			condition = 491:EQ:2; 
                        condition = 4310:GT:0;
                        condition = 4338:EQ:1;
			datasource = "950";
			parseflag = "keeporder";
                        brieflist = 1;
		}
                ATTR OPTION_EN "sni-strict" "strict SNI mode" 4340 {
			condition = 491:EQ:2; 
                        condition = 4310:GT:0;
                        condition = 4338:EQ:1;
                        defaultval = disable;
                        parseflag = "keeporder";
                        brieflist = 1;
                }
		ATTR OPTION_EN "urlcert" "URL based client certificate" 4358 {
			condition = 491:EQ:2; 
                        condition = 4310:GT:0;
			condition = 4348:EQ:0; 
                        defaultval = disable;
                        parseflag = "keeporder";
                        brieflist = 1;
		}
		ATTR DATASOURCE "urlcert-group" "URL based client certificate group" 4359 {
			condition = 491:EQ:2; 
                        condition = 4310:GT:0;
			condition = 4348:EQ:0; 
			datasource = "960";
			parseflag = "keeporder";
			brieflist = 1;
		}
		ATTR INT "urlcert-hlen" "URL based client certificate max http request length if matched(16-10240K)" 4360 {

			condition = 491:EQ:2; 
                        condition = 4310:GT:0;
			condition = 4348:EQ:0; 
			VALIDATE RANGE 16:10240;
			defaultval = 32;
			parseflag = "keeporder";
                        brieflist = 1;
		}
		ATTR OPTION_EN "case-sensitive" "case sensitive" 4314 {
			defaultval = disable;
			condition = 4348:NE:1; 
			parseflag = "keeporder";
                        brieflist = 1;
		}
#		ATTR OPTION_EN "server-connection-pool" "" 4315 {
#			defaultval = disable;
#			parseflag = "keeporder";
#                       brieflist = 1;
#		}
		ATTR OPTION_EN "status" "status: enable/disable" 4316 {
			defaultval = enable;
			parseflag = "keeporder";
                        brieflist = 1;
		}
		ATTR STRING "comment" "comment" 4317 {
			parseflag = "keeporder";
                        brieflist = 1;
		}
		ATTR DATASOURCE "block-port" "block port" 4318 {
			condition = 491:eq:4;
			datasource = "440";
			parseflag = "keeporder";
                        brieflist = 1;
		}
		ATTR OPTION_EN "noparse" "Enable pure proxy or not: enable/disable" 4319 {
			condition = 4348:ne:1;
			defaultval = disable;
			parseflag = "keeporder";
                        brieflist = 1;
		}
		ATTR DATASOURCE "data-capture-port" "Data capture port" 4320 {
			condition = 491:eq:4;
			datasource = "440";
			parseflag = "keeporder";
                        brieflist = 1;
		}
		ATTR OPTION_EN "monitor-mode" "Monitor mode: enable/disable" 4321 {
			defaultval = disable;
			parseflag = "keeporder";
                        brieflist = 1;
		}
		ATTR OPTION_EN "http-to-https" "Redirect HTTP to HTTPs: enable/disable" 4361 {
                        condition = 491:EQ:2;
			condition = 4348:NE:1; 
			defaultval = disable;
			parseflag = "keeporder";
                        brieflist = 1;
		}
		ATTR OPTION_EN "sessioncookie-enforce" "Enforce session cookie per transaction" 4362 {
			defaultval = disable;
			condition = 4348:NE:1; 
			parseflag = "keeporder";
                        brieflist = 1;
		}
		ATTR OPTION_EN "syncookie" "syn cookie: enable/disable" 4322 {
			defaultval = disable;
#			parseflag = "keeporder";
			parseflag = @{all=keeporder;FWB_DOCKER=skip};
                        brieflist = 1;
		}
		ATTR INT "half-open-threshold" "half-open threshold (10~10000)" 4323 {
			VALIDATE RANGE 10:10000;
			defaultval = 8192;
#			parseflag = "keeporder";
			parseflag = @{all=keeporder;FWB_DOCKER=skip};
                        brieflist = 1;
		}
#		ATTR DATASOURCE "error-page" "error page" 4324 {
#			datasource = "4075";
#			parseflag = "keeporder";
#                       brieflist = 1;
#		}
		ATTR OPTION_EN "client-certificate-forwarding" "client certificate forwarding: enable/disable" 4325 {
			condition = 491:EQ:2; 
                        condition = 4310:GT:0;
			condition = 4348:NE:1;
			defaultval = disable;
			parseflag = "keeporder";
                        brieflist = 1;
		}
		ATTR STRING "client-certificate-forwarding-sub-header" "custom header of client certificate forwarding subject" 4386 {
			brieflist = 1;
			condition = 491:EQ:2; 
			condition = 4310:GT:0;
			condition = 4325:EQ:1;
			defaultval = "X-Client-DN";
		}
		ATTR STRING "client-certificate-forwarding-cert-header" "custom header of client certificate forwarding certificate" 4387 {
			brieflist = 1;
			condition = 491:EQ:2; 
			condition = 4310:GT:0;
			condition = 4325:EQ:1;
			defaultval = "X-Client-Cert";
		}		
#		ATTR STRING "error-msg" "error message" 4326 {
#			defaultval = "The page cannot be displayed. Please contact the administrator for additional information.";
#			VALIDATE NO_XSS RELAXED;
#			parseflag = "keeporder";
#                       brieflist = 1;
#			condition = 4324:eq:0;
#		}
#		ATTR INT "error-page-code" "error page return code" 4327 {
#			defaultval = 500;
#			brieflist = 1;
#			VALIDATE RANGE 1:600;
#			condition = 4324:eq:0;
#		}
		ATTR OPTION_EN "http-pipeline" "HTTP pipeline support: enable/disable" 4328 {
			condition = 491:eq:1;
			condition = 491:eq:2;
			condition = 491:eq:16;
			condition = 4348:NE:1; 
			defaultval = enable;
			parseflag = "keeporder";
                        brieflist = 1;
		}
		ATTR OPTION_EN "hsts-header" "hsts header support" 4329 {
			condition = 491:EQ:2; 
                        condition = 4310:GT:0;
			condition = 4348:NE:1; 
			defaultval = disable;
			parseflag = "keeporder";
                        brieflist = 1;
		}
		ATTR INT "hsts-max-age" "max age value(unit: second, 1 hour-1 year)" 4330 {
			condition = 491:EQ:2; 
                        condition = 4310:GT:0;
                        condition = 4329:EQ:1;
			condition = 4348:NE:1; 
			VALIDATE RANGE 3600:31536000;
			defaultval = 15552000;
		}
		ATTR DATASOURCE "hpkp-header" "hpkp header support" 4365 {
			condition = 491:EQ:2; 
			condition = 4348:NE:1;
                        condition = 4310:GT:0;
                        brieflist = 1;
			datasource = "9390";
		}
		ATTR OPTION_EN "prefer-current-session" "prefer current session" 4343 {
			condition = 4302:eq:1;
			defaultval = disable;
			brieflist = 1;
			parsefalg = "keeporder";
		}
		ATTR UINT "policy-id" "policy id" 4334 {
			#parseflag = "hidden";
			ha_not_sync = 0;
		}
		ATTR INT "sub_table_id" "sub table id" 4341 {
			brieflist = 1;
			parseflag = "hidden,readonly";
		}
		ATTR OPTION "sub_table_action" "sub table action" 4342 {
			CHOICES {
				Add == 0;
				Edit == 1;
				Delete == 2;
				Move == 3;
			}
			brieflist = 1;
			parseflag = "hidden,readonly";
                }
		TABLE "http-content-routing-list" "http content routing policy list" 4331 {
			parseflag = "movable";
			TABLENAME INT "<No.>" "" 4332 {
				ATTR DATASOURCE "content-routing-policy-name" "content routing policy" 4333 {
					datasource = "4060";
					parseflag = "must";
				}
				ATTR OPTION_EN "profile-inherit" "inherit policy profile flag " 4346 {
					defaultval = disable;
					brieflist = 1;
				}
				ATTR DATASOURCE "web-protection-profile" "web application protection profile" 4337 {
					#condition = 4346:eq:0;
					datasource = "6240";
					brieflist = 1;
				}
				ATTR OPTION "is-default" "whether default HTTP content routing rule" 4335 {
					CHOICES {
						no == 0 ::: "no";
						yes == 1 ::: "yes";
					}
					defaultval = no;
					brieflist = 1;
				}
			}
		}
#		ATTR STRING "server-inaccessible-error-msg" "server inaccessible error message" 4344 {
#			parseflag = "keeporder";
#                       brieflist = 1;
#		}
                ATTR OPTION_EN "client-real-ip" "keep client real ip to server" 4347 {
			parseflag = @{all=keeporder;FWB_DOCKER=skip};
			brieflist = 1;
			condition = 491:EQ:2;
			condition = 4348:NE:1;
			defaultval = disable;
		}
                ATTR OPTION_EN "http2" "set http2 enable/disable" 4381 {
			brieflist = 1;
			condition = 491:EQ:2;
			condition = 4302:EQ:4;
			condition = 4302:eq:1;
                        condition = 4310:GT:0;
			condition = 4348:EQ:0;
			defaultval = disable;
		}
        ATTR OPTION "http2-custom-cipher" "SSL http2 custom cipher-suite" 4196 {
			condition = 491:EQ:2;
			condition = 996:EQ:0;
            condition = 4310:GT:0;
#			condition = 4356:EQ:3;
            condition = 4381:EQ:1;
			multi_opt = 1;
            CHOICES {
                ECDHE-RSA-AES256-GCM-SHA384   == 0x0000000000000002 :SET:: "ECDHE-RSA-AES256-GCM-SHA384";
                ECDHE-ECDSA-AES256-GCM-SHA384 == 0x0000000000000001 :SET:: "ECDHE-ECDSA-AES256-GCM-SHA384";
                ECDHE-RSA-AES128-GCM-SHA256   == 0x0000000000001000 :SET:: "ECDHE-RSA-AES128-GCM-SHA256";
                ECDHE-ECDSA-AES128-GCM-SHA256 == 0x0000000000000800 :SET:: "ECDHE-ECDSA-AES128-GCM-SHA256";
                DHE-DSS-AES128-GCM-SHA256     == 0x0000000000002000 :SET:: "DHE-DSS-AES128-GCM-SHA256";
                DHE-RSA-AES128-GCM-SHA256     == 0x0000000000004000 :SET:: "DHE-RSA-AES128-GCM-SHA256";
                DHE-RSA-AES256-GCM-SHA384     == 0x0000000000000008 :SET:: "DHE-RSA-AES256-GCM-SHA384";
                ECDHE-ECDSA-CHACHA20-POLY1305 == 0x0000000000000010 :SET:: "ECDHE-ECDSA-CHACHA20-POLY1305";
                ECDHE-RSA-CHACHA20-POLY1305   == 0x0000000000000020 :SET:: "ECDHE-RSA-CHACHA20-POLY1305";
            }
        }

		ATTR INT "tcp-recv-timeout" "max age value(unit: second) of the first http request after tcp handshake" 4392 {
			condition = 491:EQ:1; 
			condition = 491:eq:2; 
			condition = 4348:NE:1;
			VALIDATE RANGE 0:300;
			defaultval = 0;
		}
		ATTR INT "http-header-timeout" "max age value(unit: second) of receiving a successful http header" 4393 {
			condition = 491:EQ:1; 
			condition = 491:eq:2; 
			condition = 4348:NE:1;
			VALIDATE RANGE 0:1200;
			defaultval = 0;
		}

		ATTR OPTION_EN "internal-cookie-httponly" "internal cookie http only: enable/disable" 4384 {
			defaultval = enable;
			condition = 4348:EQ:0;
			parseflag = "keeporder";
                        brieflist = 1;
		}
		ATTR OPTION_EN "internal-cookie-secure" "internal cookie secure: enable/disable" 4385 {
			defaultval = disable;
			condition = 4348:EQ:0;
			parseflag = "keeporder";
                        brieflist = 1;
		}
		ATTR OPTION_EN "ssl-quiet-shutdown" "enable/disable SSL quiet Shutdown" 502 {
                        condition = 4310:GT:0;
			defaultval = disable;
			brieflist = 1;
		}
		ATTR INT "ssl-session-timeout" "ssl session timeout setting" 4364 {
			condition = 491:EQ:2; 
                        condition = 4310:GT:0;
			VALIDATE RANGE 1:14400;
			defaultval = 7200;
			brieflist = 1;
		}
		ATTR INT "client-timeout" "max age value(unit: second):Prevent front end connection from closing for a long time, especially when multiplexing function is turned on " 4394 {
			condition = 491:eq:1; 
			condition = 491:eq:2; 
			condition = 491:eq:16; 
			condition = 4348:NE:1;
			VALIDATE RANGE 0:1200;
			defaultval = 0;
		}

	}

}

GLOBAL COMPLEX "system central-management" "system central management configuration" 1990 {
	parseflag = "hidden";
	ATTR OPTION_EN "cm-access" "cm cross domain access:enable/disable" 1991 {
		defaultval = disable;
		brieflist = 1;
	}
	ATTR STRING "allow-origin" "cm cross domain access allow origin" 1992 {
		brieflist = 1;
		condition = 1991:EQ:1;
	}
}

DOMAIN TABLE "waf machine-learning-policy" "machine learning policy" 9560 {
	TABLENAME INT "id" "The number of the policy.(0~65535)" 9561 {
		VALIDATE RANGE 0:65535;
		ATTR USER "policy-id" "server policy id" 9562 {
			defaultval = "0";
                        brieflist = 1;
		}
		ATTR OPTION_EN "hmm-engine" "enable/disable hmm engine" 9563 {
			brieflist = 1;
			defaultval = enable;
			parseflag = "hidden";
		}
		ATTR INT "sample-limit-by-ip" "collect sample limit for each ip source <0, 5000> per 30 minutes" 9612 {
			VALIDATE RANGE 0:5000;
			defaultval = 30;
                        brieflist = 1;
		}

		ATTR OPTION_EN "threat-model" "enable/disable threat model" 9595 {
			brieflist = 1;
			defaultval = enable;
		}
		ATTR OPTION "svm-model" "SVM models used to do attack validation" 9596 {
			brieflist = 1;
			multi_opt = 1;
			CHOICES {
				xss == 1:SET;
				sql-injection == 2:SET;
				code-injection == 4:SET;
				command-injection == 8:SET;
				lfi-rfi == 16:SET;
				common-injection == 32:SET;
				remote-exploits == 64:SET;
			}
#			defaultval = "xss sql-injection code-injection command-injection lfi-rfi common-injection remote-exploits";
			#condition = 9595:eq:1;
		}
	
		ATTR OPTION "sample-collecting-mode" "set hmm engine collection sample level" 9610 {
			CHOICES {
				normal == 0 ::: "collect sample normally";
				fast == 1 ::: "collect sample quickly";
			}
			defaultval = normal;
		}

		ATTR OPTION_EN "automatic-refresh-model" "enable/disable automatic refresh model" 9569 {
			brieflist = 1;
			defaultval = enable;
		}
		ATTR INT "anomaly-detection-threshold" "anomaly-detection-threshold <1, 10>" 9568 {
			VALIDATE RANGE 1:10;
                        defaultval = 3;
                        brieflist = 1;
                }
		ATTR INT "learning-time" "min model learning time <1-10000 weeks>" 9616 {
			VALIDATE RANGE 1:10000;
			defaultval = 1;
                        brieflist = 1;
		}

		ATTR INT "box-notch-count" "box not match count <1, 3>" 9570 {
			VALIDATE RANGE 1:3;
			defaultval = 2;
                        brieflist = 1;
		}
		ATTR INT "boxplot-checking-interval" "boxplot checking interval <1-15 minutes>" 9611 {
			VALIDATE RANGE 1:15;
			defaultval = 15;
                        brieflist = 1;
		}
		ATTR OPTION_EN "allow-method" "enable/disable allow method learn and check" 9613 {
			brieflist = 1;
			defaultval = enable;
		}
		ATTR OPTION "allow-method-exceptions" "Http allow method exceptions" 9614 {
			multi_opt = 1;
			brieflist = 1;
			CHOICES {
				#must same as HTTP_METHOD_NA ....
				none == 0: set;
				others == 1: SET;
				get == 2: SET;
				post == 4: SET;
				head == 8: SET;
				options == 16: SET;
				trace == 32: SET;
				connect == 64: SET;
				delete 	== 128: SET;
				put 	== 256: SET;
				patch  == 512: SET;
				webdav == 1024: SET;
				rpc 	== 2048: SET;
			}
			defaultval = "head options";
			brieflist = 1;
			condition = 9613:eq:1;
		}
#		ATTR INT "method-learning-time" "min http method learning time <5-14400 minutes>" 9615 {
#			VALIDATE RANGE 5:14400;
#			defaultval = 240;
#                       brieflist = 1;
#                       ha_not_sync = 2;
#		}
		ATTR OPTION_EN "parameters-limit-per-conn" "enable/disable parameters limit per connection" 9618 {
			brieflist = 1;
			defaultval = enable;
		}
		ATTR OPTION "action-anomaly" "anomaly action" 9572 {
			CHOICES {
				alert == 2 ::: "alert";
				alert_deny == 6 ::: "deny connection and alert";
				block-period == 11 ::: "block period";
			}
			defaultval = alert_deny;
		}
		ATTR OPTION "action-page-method" "page method action" 9573 {
			CHOICES {
				alert == 2 ::: "alert";
				alert_deny == 6 ::: "deny connection and alert";
				block-period == 11 ::: "block period";
			}
			condition = 9613:eq:1;
			defaultval = alert_deny;
		}

		ATTR INT "block-period-anomaly" "action block period(1-3600)" 9600 {
			VALIDATE RANGE 1:3600;
			defaultval = 60;
			condition = 9572:eq:11;
		}
		ATTR OPTION "severity-anomaly" "severity:High, Medium, Low or Informative" 9601 {
			CHOICES {
				High == 1 ::: "High";
				Medium == 2 ::: "Medium";
				Low == 3 ::: "Low";
				Info == 4 ::: "Informative";
			}
			brieflist = 1;
			defaultval = High;	
		}
		ATTR DATASOURCE "trigger-anomaly" "trigger policy" 9602 {
			datasource = "2090";
		}

		ATTR INT "block-period-page-method" "action block period(1-3600)" 9603 {
			VALIDATE RANGE 1:3600;
			defaultval = 60;
			condition = 9573:EQ:11;
			condition = 9613:EQ:1;
		}
		ATTR OPTION "severity-page-method" "severity:High, Medium, Low or Informative" 9604 {
			CHOICES {
				High == 1 ::: "High";
				Medium == 2 ::: "Medium";
				Low == 3 ::: "Low";
				Info == 4 ::: "Informative";
			}
			brieflist = 1;
			defaultval = High;	
			condition = 9613:eq:1;
		}
		ATTR DATASOURCE "trigger-page-method" "trigger policy" 9605 {
			datasource = "2090";
			condition = 9613:eq:1;
		}



		ATTR OPTION "app-change-sensitivity" "app-change-sensitivity" 9574 {
			CHOICES {
				low == 0 ::: "low";
				medium == 1 ::: "medium";
				high == 2 ::: "high";
			}
			defaultval = medium;
		}
		ATTR OPTION_EN "status" "enable/disable this machine learning policy" 9579 {
			brieflist = 1;
			defaultval = enable;
		}
		TABLE "allow-domain-name" "allow domain name" 9580 {
			parseflag = "movable";
			TABLENAME INT "<No.>" "The number of the allow domain" 9581 {
				ATTR STRING "domain-name" "domain-name" 9582 {
					parseflag = "keeporder";
					brieflist = 1;
				}
				
				ATTR USER "domain-index" "domain index" 9583 {
					defaultval = "0";
                        		brieflist = 1;
				}
				
				ATTR OPTION "character-set" "character set" 9584 {
					CHOICES {
						AUTO == 0 ::: "AUTO";
						ISO-8859-1 == 1 ::: "ISO-8859-1";
						ISO-8859-2 == 2 ::: "ISO-8859-2";
						ISO-8859-3 == 3 ::: "ISO-8859-3";
						ISO-8859-4 == 4 ::: "ISO-8859-4";
						ISO-8859-5 == 5 ::: "ISO-8859-5";
						ISO-8859-6 == 6 ::: "ISO-8859-6";
						ISO-8859-7 == 7 ::: "ISO-8859-7";
						ISO-8859-8 == 8 ::: "ISO-8859-8";
						ISO-8859-9 == 9 ::: "ISO-8859-9";
						ISO-8859-10 == 10 ::: "ISO-8859-10";
						ISO-8859-15 == 11 ::: "ISO-8859-15";
						GB2312 == 12 ::: "GB2312";
						BIG5 == 13 ::: "BIG5";
						ISO-2022-JP == 14 ::: "ISO-2022-JP";
						ISO-2022-JP-2 == 15 ::: "ISO-2022-JP-2";
						Shift-JIS == 16 ::: "Shift-JIS";
						ISO-2022-KR == 17 ::: "ISO-2022-KR";
						UTF-8 == 18 ::: "UTF-8";
#		UTF-16 == 19 ::: "UTF-16";
#						UTF-32 == 20 ::: "UTF-32";
					}
					defaultval = AUTO;
					brieflist = 1;
				}
			}
		}
		ATTR OPTION "ip-list-type" "source ip type: Trust or Black" 9606 {
				CHOICES {
					Trust == 1 ::: "Allow sample collections from source IP";
					Black == 2 ::: "Deny sample collections from source IP";
				}
				brieflist = 1;
				defaultval = Trust;	
			}

		TABLE "source-ip-list" "allow or deny source ip" 9590 {
			TABLENAME INT "<No.>" "The number of the allow source ip" 9591 {
				ATTR USER "ip" "ip or ip range" 9592 {
					parseflag = "must";
					brieflist = 1;
				}
			}
		}
		ATTR DATASOURCE "url-replacer-policy" "application policy" 9593 {
			datasource = "9140";
			brieflist = 1;
		}

	}
}

DOMAIN TABLE "system ha-aa-server-policy-hlck" "HA AA Server Policy Health Check" 9700 {
	condition = 551:EQ:2;
	condition = 597:EQ:1;
	condition = 491:EQ:2;
	condition = 588:EQ:0;
	TABLENAME INT "id" "id of server policy health check" 9701 {
		brieflist = 1;
		ATTR DATASOURCE "server-policy" "server policy" 9703 {
			brieflist = 1;
			datasource = "4300";
		}
		ATTR OPTION_EN "HTTPS" "enable/disable " 9704 {
			defaultval = disable;
			brieflist = 1;
		}
		ATTR DATASOURCE "client-cert" "client certificate" 9705 {
			brieflist = 1;
			datasource = "870";
                        parseflag = "keeporder";
                        brieflist = 1;
		}
		ATTR OPTION "relationship" "health check relationship" 9706 {
			CHOICES {
				and == 1 ::: "& relationship";
				or == 2 ::: "| relationship";
			}
			defaultval = and;
			brieflist = 1;
		}
		TABLE "hlck-list" "health check list" 9707 {
			TABLENAME INT "<No.>" "name of health check list" 9708 {
				ATTR INT "timeout" "connect timeout, range 1-30 (second)" 9709 {
					defaultval = 3;
					brieflist = 1;
					VALIDATE RANGE 1:30;
				}
				ATTR INT "retry-times" "retry times, range 1-10" 9710 {
					defaultval = 3;
					brieflist = 1;
					VALIDATE RANGE 1:10;
				}
				ATTR INT "interval" "interval time, range 1-300 (second)" 9711 {
					defaultval = 10;
					brieflist = 1;
					VALIDATE RANGE 1:300;
				}
				ATTR STRING "url-path" "path of the URL, without host name" 9712 {
					brieflist = 1;
					VALIDATE NO_XSS RELAXED;
				}
				ATTR OPTION "method" "http request method" 9713 {
					CHOICES {
						get == 1 ::: "GET Method(default)";
						head == 2 ::: "HEAD Method";
						post == 3 ::: "POST Method";
					}
					defaultval = get;
					brieflist = 1;	
				}
				ATTR OPTION "match-type" "indicate how to determine a valid http response" 9714 {
					CHOICES {
						response-code == 1 ::: "HTTP response code only";
						match-content == 2 ::: "Content regular expression only";
						all == 3 ::: "HTTP response code and content regular expression";	
					}
					defaultval = match-content;
					brieflist = 1;	
				}
				ATTR INT "response-code" "http response code" 9715 {
					defaultval = 200;
					brieflist = 1;
					VALIDATE RANGE 200:599;		
				}
				ATTR STRING "match-content" "content regular expression" 9716 {
					brieflist = 1;
					condition = 9714:GT:1;
				}
			}
		}
	}
}

DOMAIN TABLE "waf bot-detection-policy" "bot detection policy" 9750 { 
	#ha_not_sync = 2;
	TABLENAME INT "id" "The number of the policy.(0~65535)" 9751 { 
		VALIDATE RANGE 0:65535;
		ATTR USER "policy-id" "server policy id" 9752 { 
			defaultval = "0"; brieflist = 1; 
		}
		ATTR OPTION_EN "advanced-mode" "show advanced options in the configuration page" 9795 { 
		brieflist = 1;
			defaultval = disable; 
		}			
		ATTR OPTION "client-identification-method" "client identification method" 9753 { 
			CHOICES { 
				IP == 2 ::: "IP";
				IP-and-User-Agent == 0 ::: "IP and User-Agent";
				Cookie == 1 ::: "Cookie"; 
			}
			defaultval = IP-and-User-Agent; 
		}
		ATTR INT "sampling-count" "sample count(10-10000)" 9754 { 
			VALIDATE RANGE 10:10000;
			defaultval = 1000; 
		}
		ATTR INT "sampling-count-per-client" "sample count per client per hour(1-60)" 9755 { 
			VALIDATE RANGE 1:60;
			defaultval = 3; 
		}
		ATTR INT "sampling-time-per-vector" "sampling time per vector(1-10)" 9756 { 
			VALIDATE RANGE 1:10;
			defaultval = 5; 
		}
		ATTR USER "training-accuracy" "training accuracy(0.0-100.0)" 9764 { 
			defaultval = "95"; 
		}
		ATTR USER "cross-validation" "cross-validation(0.0-100.0)" 9765 { 
			defaultval = "90"; 
		}		
		ATTR USER "testing-accuracy" "testing accuracy(0.0-100.0)" 9757 { 
			defaultval = "95"; 
		}
		#ATTR OPTION_EN "apply-model-automatically" "enable/disable apply model automatically" 9758 { 
		#brieflist = 1;
		#	defaultval = enable; 
		#}	
		#ATTR OPTION "model-policy" "model policy" 9759 { 
		#	CHOICES { 
		#		Strict == 1 ::: "Strict";
		#		Loose == 2 ::: "Loose"; 
		#	}
		#	defaultval = Loose;
		#	condition = 9758:eq:1; 
		#}
		
		ATTR INT "anomaly-count" "anomaly count(1-65535)" 9760 { 
			VALIDATE RANGE 1:65535;
			defaultval = 3; 
		}
		ATTR OPTION_EN "bot-confirmation" "enable/disable bot confirmation" 9761 { 
			brieflist = 1;
			defaultval = enable; 
		}
		ATTR OPTION "verification-method" "verification method" 9762 { 
			CHOICES { 
				Disable == 0 ::: "Disable";
				Real-Browser-Enforement == 1 ::: "Real Browser Enforement";
				Captcha-Enforcement == 2 ::: "CAPTCHA Enforcement"; 
			}
			#defaultval = Real-Browser-Enforement;
			defaultval = Disable;
			condition = 9761:eq:1; 
		}
		ATTR INT "validation-timeout" "validation timeout(5-30)" 9768 { 
			VALIDATE RANGE 5:30;
			defaultval = 20;
			condition = 9761:eq:1; 
		}
		ATTR INT "max-attempt-times" "max attempt times(1-5)" 9769 { 
			VALIDATE RANGE 1:5;
			defaultval = 3;
			condition = 9761:EQ:1; 
			condition = 9762:EQ:2; 
		}
		ATTR OPTION "mobile-verification-method" "verification method for mobile" 9796 { 
			CHOICES { 
				Disable == 0 ::: "Disable";
				Mobile-Token-Validation == 1 ::: "Mobile Token Validation"; 
			}
			defaultval = Disable;
			condition = 9761:eq:1; 
		}
		ATTR OPTION_EN "auto-refresh" "enable/disable dynamically update model" 9763 { 
			brieflist = 1;
			defaultval = enable; 
		}
		ATTR USER "refresh-factor" "auto refresh factor(0.0-1.0) of detection accuracy" 9766 { 
			defaultval = "0.7"; 
			condition = 9763:eq:1; 
		}
		ATTR INT "minimum-vector-number" "minimum vector number(0-10000)" 9767 { 
			VALIDATE RANGE 0:10000;
			defaultval = 0; 
			condition = 9763:eq:1; 
		} 
		ATTR OPTION "action" "action" 9780 { 
			CHOICES { 
				alert == 2 ::: "alert"; 
				deny_no_log == 4 ::: "deny without log"; 
				alert_deny == 6 ::: "deny connection and alert";
	            block-period == 11 ::: "block period"; 
			}
	        defaultval = alert; 
		}
	    ATTR INT "block-period" "action block period(1-3600)" 9781 { 
			VALIDATE RANGE 1:3600;
	        defaultval = 60;
	        condition = 9780:eq:11; 
		}
	    ATTR OPTION "severity" "High, Medium, Low or Informative" 9782 { 
			CHOICES { 
				High == 1 ::: "High";
	            Medium == 2 ::: "Medium";
	            Low == 3 ::: "Low"; 
	            Info == 4 ::: "Informative"; 
			}
	        brieflist = 1;
	        defaultval = High; 
		}
	    ATTR DATASOURCE "trigger" "trigger policy" 9783 { 
			datasource = "2090";
	        brieflist = 1; 
		}
	    TABLE "allow-source-ip" "allow source ip" 9784 { 
			TABLENAME INT "<No.>" "The number of the allow source ip" 9785 { 
				ATTR USER "ip" "ip or ip range" 9786 { 
					parseflag = "must";
					brieflist = 1; 
				} 
			} 
		} 
		TABLE "bot-detection-exception-list" "bot detection exception list" 9787 { 
			TABLENAME INT "<No.>" "The number of the bot detection exception" 9788 { 
				ATTR OPTION_EN "host-status" "host status " 9789 { 
					brieflist = 1;
					defaultval = disable; 
				}
				ATTR STRING "host" "host" 9790 { 
					VALIDATE NO_XSS RELAXED;
					brieflist = 1; 
				}
				ATTR OPTION "url-type" "url type" 9791 { 
					CHOICES { 
						plain == 0 ::: "Simple string";
						regular == 1 ::: "Regular expression"; 
					}
					defaultval = plain;
					brieflist = 1; 
				}
				ATTR STRING "url-pattern" "url pattern" 9792 { 
					brieflist = 1; 
					parseflag = "must";
				} 
			}
		}
		ATTR OPTION_EN "model-status" "enable/disable model status" 9793 { 
			brieflist = 1;
			defaultval = enable; 
		}
		ATTR OPTION "selected-model" "selected model" 9794 { 
			CHOICES { 
				Strict == 1 ::: "Strict";
				Loose == 2 ::: "Loose"; 
			}
			defaultval = Loose; 
		} 
	} 
} 

			
			
