fortinet.fortimanager.fmgr_system_npu_fpanomaly module – NP6Lite anomaly protection
Note
This module is part of the fortinet.fortimanager collection (version 2.7.0).
You might already have this collection installed if you are using the ansible package.
It is not included in ansible-core.
To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install fortinet.fortimanager.
To use it in a playbook, specify: fortinet.fortimanager.fmgr_system_npu_fpanomaly.
New in fortinet.fortimanager 2.1.0
Synopsis
This module is able to configure a FortiManager device.
Examples include all parameters and values which need to be adjusted to data sources before usage.
Parameters
Parameter |
Comments |
|---|---|
The token to access FortiManager without using username and password. |
|
The parameter (adom) in requested url. |
|
Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters. Choices:
|
|
Enable/Disable logging for task. Choices:
|
|
Authenticate Ansible client with forticloud API access token. |
|
The overridden method for the underlying Json RPC request. Choices:
|
|
The rc codes list with which the conditions to fail will be overriden. |
|
The rc codes list with which the conditions to succeed will be overriden. |
|
The top level parameters set. |
|
Deprecated, please rename it to capwap_minlen_err. Capwap minlen err. Choices:
|
|
Deprecated, please rename it to esp_minlen_err. Invalid IPv4 ESP short packet anomalies. Choices:
|
|
Deprecated, please rename it to gre_csum_err. Gre csum err. Choices:
|
|
Deprecated, please rename it to gtpu_plen_err. Gtpu plen err. Choices:
|
|
Deprecated, please rename it to icmp_csum_err. Invalid IPv4 ICMP packet checksum anomalies. Choices:
|
|
Deprecated, please rename it to icmp_frag. Layer 3 fragmented packets that could be part of layer 4 ICMP anomalies. Choices:
|
|
Deprecated, please rename it to icmp_land. ICMP land anomalies. Choices:
|
|
Deprecated, please rename it to icmp_minlen_err. Invalid IPv4 ICMP short packet anomalies. Choices:
|
|
Deprecated, please rename it to ipv4_csum_err. Invalid IPv4 packet checksum anomalies. Choices:
|
|
Deprecated, please rename it to ipv4_ihl_err. Invalid IPv4 header length anomalies. Choices:
|
|
Deprecated, please rename it to ipv4_land. Land anomalies. Choices:
|
|
Deprecated, please rename it to ipv4_len_err. Invalid IPv4 packet length anomalies. Choices:
|
|
Deprecated, please rename it to ipv4_opt_err. Invalid IPv4 option parsing anomalies. Choices:
|
|
Deprecated, please rename it to ipv4_optlsrr. Loose source record route option anomalies. Choices:
|
|
Deprecated, please rename it to ipv4_optrr. Record route option anomalies. Choices:
|
|
Deprecated, please rename it to ipv4_optsecurity. Security option anomalies. Choices:
|
|
Deprecated, please rename it to ipv4_optssrr. Strict source record route option anomalies. Choices:
|
|
Deprecated, please rename it to ipv4_optstream. Stream option anomalies. Choices:
|
|
Deprecated, please rename it to ipv4_opttimestamp. Timestamp option anomalies. Choices:
|
|
Deprecated, please rename it to ipv4_proto_err. Invalid layer 4 protocol anomalies. Choices:
|
|
Deprecated, please rename it to ipv4_ttlzero_err. Invalid IPv4 TTL field zero anomalies. Choices:
|
|
Deprecated, please rename it to ipv4_unknopt. Unknown option anomalies. Choices:
|
|
Deprecated, please rename it to ipv4_ver_err. Invalid IPv4 header version anomalies. Choices:
|
|
Deprecated, please rename it to ipv6_daddr_err. Destination address as unspecified or loopback address anomalies. Choices:
|
|
Deprecated, please rename it to ipv6_exthdr_len_err. Invalid IPv6 packet chain extension header total length anomalies. Choices:
|
|
Deprecated, please rename it to ipv6_exthdr_order_err. Invalid IPv6 packet extension header ordering anomalies. Choices:
|
|
Deprecated, please rename it to ipv6_ihl_err. Invalid IPv6 packet length anomalies. Choices:
|
|
Deprecated, please rename it to ipv6_land. Land anomalies. Choices:
|
|
Deprecated, please rename it to ipv6_optendpid. End point identification anomalies. Choices:
|
|
Deprecated, please rename it to ipv6_opthomeaddr. Home address option anomalies. Choices:
|
|
Deprecated, please rename it to ipv6_optinvld. Invalid option anomalies. Choices:
|
|
Deprecated, please rename it to ipv6_optjumbo. Jumbo options anomalies. Choices:
|
|
Deprecated, please rename it to ipv6_optnsap. Network service access point address option anomalies. Choices:
|
|
Deprecated, please rename it to ipv6_optralert. Router alert option anomalies. Choices:
|
|
Deprecated, please rename it to ipv6_opttunnel. Tunnel encapsulation limit option anomalies. Choices:
|
|
Deprecated, please rename it to ipv6_plen_zero. Invalid IPv6 packet payload length zero anomalies. Choices:
|
|
Deprecated, please rename it to ipv6_proto_err. Layer 4 invalid protocol anomalies. Choices:
|
|
Deprecated, please rename it to ipv6_saddr_err. Source address as multicast anomalies. Choices:
|
|
Deprecated, please rename it to ipv6_unknopt. Unknown option anomalies. Choices:
|
|
Deprecated, please rename it to ipv6_ver_err. Invalid IPv6 packet version anomalies. Choices:
|
|
Deprecated, please rename it to nvgre_minlen_err. Nvgre minlen err. Choices:
|
|
Deprecated, please rename it to sctp_clen_err. Sctp clen err. Choices:
|
|
Deprecated, please rename it to sctp_crc_err. Sctp crc err. Choices:
|
|
Deprecated, please rename it to sctp_csum_err. Invalid IPv4 SCTP checksum anomalies. Choices:
|
|
Deprecated, please rename it to sctp_l4len_err. Sctp l4len err. Choices:
|
|
Deprecated, please rename it to tcp_csum_err. Invalid IPv4 TCP packet checksum anomalies. Choices:
|
|
Deprecated, please rename it to tcp_fin_noack. TCP SYN flood with FIN flag set without ACK setting anomalies. Choices:
|
|
Deprecated, please rename it to tcp_fin_only. TCP SYN flood with only FIN flag set anomalies. Choices:
|
|
Deprecated, please rename it to tcp_hlen_err. Invalid IPv4 TCP header length anomalies. Choices:
|
|
Deprecated, please rename it to tcp_hlenvsl4len_err. Tcp hlenvsl4len err. Choices:
|
|
Deprecated, please rename it to tcp_land. TCP land anomalies. Choices:
|
|
Deprecated, please rename it to tcp_no_flag. TCP SYN flood with no flag set anomalies. Choices:
|
|
Deprecated, please rename it to tcp_plen_err. Invalid IPv4 TCP packet length anomalies. Choices:
|
|
Deprecated, please rename it to tcp_syn_data. TCP SYN flood packets with data anomalies. Choices:
|
|
Deprecated, please rename it to tcp_syn_fin. TCP SYN flood SYN/FIN flag set anomalies. Choices:
|
|
Deprecated, please rename it to tcp_winnuke. TCP WinNuke anomalies. Choices:
|
|
Deprecated, please rename it to udp_csum_err. Invalid IPv4 UDP packet checksum anomalies. Choices:
|
|
Deprecated, please rename it to udp_hlen_err. Invalid IPv4 UDP packet header length anomalies. Choices:
|
|
Deprecated, please rename it to udp_land. UDP land anomalies. Choices:
|
|
Deprecated, please rename it to udp_len_err. Invalid IPv4 UDP packet length anomalies. Choices:
|
|
Deprecated, please rename it to udp_plen_err. Invalid IPv4 UDP packet minimum length anomalies. Choices:
|
|
Deprecated, please rename it to udplite_cover_err. Invalid IPv4 UDP-Lite packet coverage anomalies. Choices:
|
|
Deprecated, please rename it to udplite_csum_err. Invalid IPv4 UDP-Lite packet checksum anomalies. Choices:
|
|
Deprecated, please rename it to uesp_minlen_err. Uesp minlen err. Choices:
|
|
Deprecated, please rename it to unknproto_minlen_err. Invalid IPv4 L4 unknown protocol short packet anomalies. Choices:
|
|
Deprecated, please rename it to vxlan_minlen_err. Vxlan minlen err. Choices:
|
|
The adom to lock for FortiManager running in workspace mode, the value can be global and others including root. |
|
The maximum time in seconds to wait for other user to release the workspace lock. Default: |
Notes
Note
Starting in version 2.4.0, all input arguments are named using the underscore naming convention (snake_case). Please change the arguments such as “var-name” to “var_name”. Old argument names are still available yet you will receive deprecation warnings. You can ignore this warning by setting deprecation_warnings=False in ansible.cfg.
Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.
Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded
Examples
- name: Example playbook (generated based on argument schema)
hosts: fortimanagers
connection: httpapi
vars:
ansible_httpapi_use_ssl: true
ansible_httpapi_validate_certs: false
ansible_httpapi_port: 443
tasks:
- name: NP6Lite anomaly protection
fortinet.fortimanager.fmgr_system_npu_fpanomaly:
# bypass_validation: false
workspace_locking_adom: <value in [global, custom adom including root]>
workspace_locking_timeout: 300
# rc_succeeded: [0, -2, -3, ...]
# rc_failed: [-2, -3, ...]
adom: <your own value>
system_npu_fpanomaly:
esp_minlen_err: <value in [drop, trap-to-host]>
icmp_csum_err: <value in [drop, trap-to-host]>
icmp_minlen_err: <value in [drop, trap-to-host]>
ipv4_csum_err: <value in [drop, trap-to-host]>
ipv4_ihl_err: <value in [drop, trap-to-host]>
ipv4_len_err: <value in [drop, trap-to-host]>
ipv4_opt_err: <value in [drop, trap-to-host]>
ipv4_ttlzero_err: <value in [drop, trap-to-host]>
ipv4_ver_err: <value in [drop, trap-to-host]>
ipv6_exthdr_len_err: <value in [drop, trap-to-host]>
ipv6_exthdr_order_err: <value in [drop, trap-to-host]>
ipv6_ihl_err: <value in [drop, trap-to-host]>
ipv6_plen_zero: <value in [drop, trap-to-host]>
ipv6_ver_err: <value in [drop, trap-to-host]>
tcp_csum_err: <value in [drop, trap-to-host]>
tcp_hlen_err: <value in [drop, trap-to-host]>
tcp_plen_err: <value in [drop, trap-to-host]>
udp_csum_err: <value in [drop, trap-to-host]>
udp_hlen_err: <value in [drop, trap-to-host]>
udp_len_err: <value in [drop, trap-to-host]>
udp_plen_err: <value in [drop, trap-to-host]>
udplite_cover_err: <value in [drop, trap-to-host]>
udplite_csum_err: <value in [drop, trap-to-host]>
unknproto_minlen_err: <value in [drop, trap-to-host]>
tcp_fin_only: <value in [allow, drop, trap-to-host]>
ipv4_optsecurity: <value in [allow, drop, trap-to-host]>
ipv6_optralert: <value in [allow, drop, trap-to-host]>
tcp_syn_fin: <value in [allow, drop, trap-to-host]>
ipv4_proto_err: <value in [allow, drop, trap-to-host]>
ipv6_saddr_err: <value in [allow, drop, trap-to-host]>
icmp_frag: <value in [allow, drop, trap-to-host]>
ipv4_optssrr: <value in [allow, drop, trap-to-host]>
ipv6_opthomeaddr: <value in [allow, drop, trap-to-host]>
udp_land: <value in [allow, drop, trap-to-host]>
ipv6_optinvld: <value in [allow, drop, trap-to-host]>
tcp_fin_noack: <value in [allow, drop, trap-to-host]>
ipv6_proto_err: <value in [allow, drop, trap-to-host]>
tcp_land: <value in [allow, drop, trap-to-host]>
ipv4_unknopt: <value in [allow, drop, trap-to-host]>
ipv4_optstream: <value in [allow, drop, trap-to-host]>
ipv6_optjumbo: <value in [allow, drop, trap-to-host]>
icmp_land: <value in [allow, drop, trap-to-host]>
tcp_winnuke: <value in [allow, drop, trap-to-host]>
ipv6_daddr_err: <value in [allow, drop, trap-to-host]>
ipv4_land: <value in [allow, drop, trap-to-host]>
ipv6_opttunnel: <value in [allow, drop, trap-to-host]>
tcp_no_flag: <value in [allow, drop, trap-to-host]>
ipv6_land: <value in [allow, drop, trap-to-host]>
ipv4_optlsrr: <value in [allow, drop, trap-to-host]>
ipv4_opttimestamp: <value in [allow, drop, trap-to-host]>
ipv4_optrr: <value in [allow, drop, trap-to-host]>
ipv6_optnsap: <value in [allow, drop, trap-to-host]>
ipv6_unknopt: <value in [allow, drop, trap-to-host]>
tcp_syn_data: <value in [allow, drop, trap-to-host]>
ipv6_optendpid: <value in [allow, drop, trap-to-host]>
gtpu_plen_err: <value in [drop, trap-to-host]>
vxlan_minlen_err: <value in [drop, trap-to-host]>
capwap_minlen_err: <value in [drop, trap-to-host]>
gre_csum_err: <value in [drop, trap-to-host]>
nvgre_minlen_err: <value in [drop, trap-to-host]>
sctp_l4len_err: <value in [drop, trap-to-host]>
tcp_hlenvsl4len_err: <value in [drop, trap-to-host]>
sctp_crc_err: <value in [drop, trap-to-host]>
sctp_clen_err: <value in [drop, trap-to-host]>
uesp_minlen_err: <value in [drop, trap-to-host]>
sctp_csum_err: <value in [allow, drop, trap-to-host]>
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
|---|---|
The result of the request. Returned: always |
|
The full url requested. Returned: always Sample: |
|
The status of api request. Returned: always Sample: |
|
The api response. Returned: always |
|
The descriptive message of the api response. Returned: always Sample: |
|
The information of the target system. Returned: always |
|
The status the request. Returned: always Sample: |
|
Warning if the parameters used in the playbook are not supported by the current FortiManager version. Returned: complex |