fortinet.fortimanager.fmgr_system_npu module – Configure NPU attributes.
Note
This module is part of the fortinet.fortimanager collection (version 2.8.0).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install fortinet.fortimanager
.
To use it in a playbook, specify: fortinet.fortimanager.fmgr_system_npu
.
New in fortinet.fortimanager 2.1.0
Synopsis
This module is able to configure a FortiManager device.
Examples include all parameters and values which need to be adjusted to data sources before usage.
Parameters
Parameter |
Comments |
---|---|
The token to access FortiManager without using username and password. |
|
The parameter (adom) in requested url. |
|
Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters. Choices:
|
|
Enable/Disable logging for task. Choices:
|
|
Authenticate Ansible client with forticloud API access token. |
|
The overridden method for the underlying Json RPC request. Choices:
|
|
The rc codes list with which the conditions to fail will be overriden. |
|
The rc codes list with which the conditions to succeed will be overriden. |
|
The top level parameters set. |
|
Background sse scan. |
|
Enable/disable background SSE scan by driver thread Choices:
|
|
Configure scanning of active or stale sessions |
|
Select version/type to scan |
|
Statistics update access qualification in seconds |
|
Statistics update duration qualification in seconds |
|
Stats update interval |
|
UDP keepalive interval |
|
UDP keepalive access qualification in seconds |
|
UDP keepalive duration qualification in seconds |
|
Enable/disable offloading managed FortiAP and FortiLink CAPWAP sessions. Choices:
|
|
Enable to dedicate one HIF queue for LACP. Choices:
|
|
Affinity setting for management deamons |
|
Enable to dedicate one CPU for GUI and CLI connections when NPs are busy. Choices:
|
|
Enable/disable dedication of 3rd NPU for slow path TX. Choices:
|
|
Set default QoS type. Choices:
|
|
Default SSE timeout TCP refresh direction. Choices:
|
|
Default SSE timeout UDP refresh direction. Choices:
|
|
Dos options. |
|
Set DoS meter NPU offloading mode. Choices:
|
|
Set NPU DoS SYNPROXY mode. Choices:
|
|
Enable/disable insertion of DoS meter ID to session table. Choices:
|
|
Enable double level mcast offload. Choices:
|
|
DSE timeout in seconds |
|
Dsw dts profile. |
|
Set NPU DSW DTS profile action. Choices:
|
|
Set NPU DSW DTS profile min-limt. |
|
Set NPU DSW DTS profile profile id. |
|
Set NPU DSW DTS profile step. |
|
Dsw queue dts profile. |
|
Set NPU DSW DTS in port. Choices:
|
|
Name. |
|
Set NPU DSW DTS out port. Choices:
|
|
Set NPU DSW DTS profile ID. |
|
Set NPU DSW DTS queue ID select |
|
Enable/disable NP6 offloading Choices:
|
|
Fp anomaly. |
|
Capwap minlen err. Choices:
|
|
Invalid IPv4 ESP short packet anomalies. Choices:
|
|
Gre csum err. Choices:
|
|
Gtpu plen err. Choices:
|
|
Invalid IPv4 ICMP packet checksum anomalies. Choices:
|
|
Layer 3 fragmented packets that could be part of layer 4 ICMP anomalies. Choices:
|
|
ICMP land anomalies. Choices:
|
|
Invalid IPv4 ICMP short packet anomalies. Choices:
|
|
Invalid IPv4 packet checksum anomalies. Choices:
|
|
Invalid IPv4 header length anomalies. Choices:
|
|
Land anomalies. Choices:
|
|
Invalid IPv4 packet length anomalies. Choices:
|
|
Invalid IPv4 option parsing anomalies. Choices:
|
|
Loose source record route option anomalies. Choices:
|
|
Record route option anomalies. Choices:
|
|
Security option anomalies. Choices:
|
|
Strict source record route option anomalies. Choices:
|
|
Stream option anomalies. Choices:
|
|
Timestamp option anomalies. Choices:
|
|
Invalid layer 4 protocol anomalies. Choices:
|
|
Invalid IPv4 TTL field zero anomalies. Choices:
|
|
Unknown option anomalies. Choices:
|
|
Invalid IPv4 header version anomalies. Choices:
|
|
Destination address as unspecified or loopback address anomalies. Choices:
|
|
Invalid IPv6 packet chain extension header total length anomalies. Choices:
|
|
Invalid IPv6 packet extension header ordering anomalies. Choices:
|
|
Invalid IPv6 packet length anomalies. Choices:
|
|
Land anomalies. Choices:
|
|
End point identification anomalies. Choices:
|
|
Home address option anomalies. Choices:
|
|
Invalid option anomalies. Choices:
|
|
Jumbo options anomalies. Choices:
|
|
Network service access point address option anomalies. Choices:
|
|
Router alert option anomalies. Choices:
|
|
Tunnel encapsulation limit option anomalies. Choices:
|
|
Invalid IPv6 packet payload length zero anomalies. Choices:
|
|
Layer 4 invalid protocol anomalies. Choices:
|
|
Source address as multicast anomalies. Choices:
|
|
Unknown option anomalies. Choices:
|
|
Invalid IPv6 packet version anomalies. Choices:
|
|
Nvgre minlen err. Choices:
|
|
Sctp clen err. Choices:
|
|
Sctp crc err. Choices:
|
|
Invalid IPv4 SCTP checksum anomalies. Choices:
|
|
Sctp l4len err. Choices:
|
|
Invalid IPv4 TCP packet checksum anomalies. Choices:
|
|
TCP SYN flood with FIN flag set without ACK setting anomalies. Choices:
|
|
TCP SYN flood with only FIN flag set anomalies. Choices:
|
|
Invalid IPv4 TCP header length anomalies. Choices:
|
|
Tcp hlenvsl4len err. Choices:
|
|
TCP land anomalies. Choices:
|
|
TCP SYN flood with no flag set anomalies. Choices:
|
|
Invalid IPv4 TCP packet length anomalies. Choices:
|
|
TCP SYN flood packets with data anomalies. Choices:
|
|
TCP SYN flood SYN/FIN flag set anomalies. Choices:
|
|
TCP WinNuke anomalies. Choices:
|
|
Invalid IPv4 UDP packet checksum anomalies. Choices:
|
|
Invalid IPv4 UDP packet header length anomalies. Choices:
|
|
UDP land anomalies. Choices:
|
|
Invalid IPv4 UDP packet length anomalies. Choices:
|
|
Invalid IPv4 UDP packet minimum length anomalies. Choices:
|
|
Invalid IPv4 UDP-Lite packet coverage anomalies. Choices:
|
|
Invalid IPv4 UDP-Lite packet checksum anomalies. Choices:
|
|
Uesp minlen err. Choices:
|
|
Invalid IPv4 L4 unknown protocol short packet anomalies. Choices:
|
|
Vxlan minlen err. Choices:
|
|
GTP enhanced CPU range option. Choices:
|
|
Enable/disable GTP enhanced mode. Choices:
|
|
Enable/Disable NP7 GTP support Choices:
|
|
Configure NPU trunk hash. Choices:
|
|
Select which 4bytes of the IPv6 address are used for traffic hash |
|
Enable/disable hash table entry spread Choices:
|
|
Set np6 host shortcut mode. Choices:
|
|
Hpe. |
|
Maximum packet rate of each host queue except high priority traffic |
|
Maximum ARP packet rate |
|
Enable/Disable NPU host protection engine Choices:
|
|
Enable/Disable NPU Host Protection Engine Choices:
|
|
Maximum ESP packet rate |
|
Maximum exception code rate of traffic |
|
Maximum fragment with session rate of traffic |
|
Maximum fragment without session rate of traffic |
|
Maximum packet rate for high priority traffic packets |
|
Maximum ICMP packet rate |
|
Maximum fragmented IP packet rate |
|
Maximum IP packet rate for other packets |
|
Maximum L2 packet rate for L2 packets that are not ARP packets |
|
Maximum overflow rate of priority type traffic |
|
Maximum per queue byte rate of traffic |
|
Maximum SCTP packet rate |
|
Maximum TCP packet rate |
|
Maximum TCP carries FIN or RST flags packet rate |
|
Maximum TCP carries SYN and ACK flags packet rate |
|
Maximum TCP SYN packet rate |
|
Maximum UDP packet rate |
|
Set the number of dedicate queue for hash table messages. |
|
Set hash table message queue mode. Choices:
|
|
Configure HTX GTSE quota. Choices:
|
|
Set HTX icmp csum checking mode. Choices:
|
|
HW HA periodical scan interval in seconds |
|
Icmp error rate ctrl. |
|
Bucket size used in the token bucket algorithm for controlling the flow of ICMPv4 error packets |
|
Average rate of ICMPv4 error packets that allowed to be generated per second |
|
Enable to limit the ICMPv4 error packets generated by this FortiGate. Choices:
|
|
Bucket size used in the token bucket algorithm for controlling the flow of ICMPv6 error packets |
|
Average rate of ICMPv6 error packets that allowed to be generated per second |
|
Enable to limit the ICMPv6 error packets generated by this FortiGate. Choices:
|
|
Icmp rate ctrl. |
|
Bucket size used in the token bucket algorithm for controlling the flow of ICMPv4 packets |
|
Average rate of ICMPv4 packets that allowed to be generated per second |
|
Bucket size used in the token bucket algorithm for controlling the flow of ICMPv6 packets |
|
Average rate of ICMPv6 packets that allowed to be generated per second |
|
Enable/disable copying the DSCP field from outer IP header to inner IP Header. Choices:
|
|
(list) Physical interfaces that support inbound-dscp-copy. |
|
Enable/disable NPU offload when doing interface-based traffic shaping according to the egress-shaping-profile. Choices:
|
|
Enable/disable NP7 NPU IP fragment offload. Choices:
|
|
Ip reassembly. |
|
Maximum timeout value for IP reassembly |
|
Minimum timeout value for IP reassembly |
|
Set IP reassembly processing status. Choices:
|
|
Enable/disable IP checksum re-calculation for packets with iph. Choices:
|
|
High threshold for overload ippool port reuse |
|
Low threshold for overload ippool port reuse |
|
IPsec decryption subengine mask |
|
IPsec encryption subengine mask |
|
Enable/disable DF clearing of NP4lite host IPsec offload. Choices:
|
|
Enable/disable IPsec inbound cache for anti-replay. Choices:
|
|
Ipsec local uesp port. |
|
Enable/disable NP6 IPsec MTU override. Choices:
|
|
IPsec NP selection for OB SA offloading. Choices:
|
|
Enable/disable IPSEC over vlink. Choices:
|
|
Set NP7Lite IPsec STS msg timeout. Choices:
|
|
Set NP7Lite IPsec throughput msg frequency Choices:
|
|
Set NP7Lite IPT STS msg timeout. Choices:
|
|
Set NP7Lite IPT throughput msg frequency Choices:
|
|
Enable/Disable NoNAT IPv4 session quota for hyperscale VDOMs. Choices:
|
|
Configure NoNAT IPv4 session quota high threshold. |
|
Configure NoNAT IPv4 session quota low threshold. |
|
Enable/Disable hardware IPv6 /64 prefix session quota for hyperscale VDOMs. Choices:
|
|
Configure IPv6 prefix session quota high threshold. |
|
Configure IPv6 prefix session quota low threshold. |
|
Isf np queues. |
|
CoS profile name for CoS 0. |
|
CoS profile name for CoS 1. |
|
CoS profile name for CoS 2. |
|
CoS profile name for CoS 3. |
|
CoS profile name for CoS 4. |
|
CoS profile name for CoS 5. |
|
CoS profile name for CoS 6. |
|
CoS profile name for CoS 7. |
|
Select ISF NP Rx trunk distribution Choices:
|
|
Enable/disable LAG outgoing port selection based on incoming traffic port. Choices:
|
|
Set the maximum packet size for receive, larger packets will be silently dropped. |
|
Maximum time interval for refreshing NPU-offloaded sessions |
|
Enable/disable traffic accounting for each multicast session through TAE counter. Choices:
|
|
Mcast session counting. Choices:
|
|
Enable/disable traffic accounting for each multicast session6 through TAE counter. Choices:
|
|
NAPI break interval |
|
Enable/disable mandatory IPv4 packet forwarding in nat46. Choices:
|
|
Enable/disable NP6 connection per second Choices:
|
|
Np queues. |
|
Ethernet type. |
|
Ethernet Type Name. |
|
Queue Number. |
|
Ethernet Type. |
|
Class Weight. |
|
Ip protocol. |
|
IP Protocol Name. |
|
IP Protocol. |
|
Queue Number. |
|
Class Weight. |
|
Ip service. |
|
Destination port. |
|
IP service name. |
|
IP protocol. |
|
Queue number. |
|
Source port. |
|
Class weight. |
|
Profile. |
|
Queue number of CoS 0. Choices:
|
|
Queue number of CoS 1. Choices:
|
|
Queue number of CoS 2. Choices:
|
|
Queue number of CoS 3. Choices:
|
|
Queue number of CoS 4. Choices:
|
|
Queue number of CoS 5. Choices:
|
|
Queue number of CoS 6. Choices:
|
|
Queue number of CoS 7. Choices:
|
|
Queue number of DSCP 0. Choices:
|
|
Queue number of DSCP 1. Choices:
|
|
Queue number of DSCP 10. Choices:
|
|
Queue number of DSCP 11. Choices:
|
|
Queue number of DSCP 12. Choices:
|
|
Queue number of DSCP 13. Choices:
|
|
Queue number of DSCP 14. Choices:
|
|
Queue number of DSCP 15. Choices:
|
|
Queue number of DSCP 16. Choices:
|
|
Queue number of DSCP 17. Choices:
|
|
Queue number of DSCP 18. Choices:
|
|
Queue number of DSCP 19. Choices:
|
|
Queue number of DSCP 2. Choices:
|
|
Queue number of DSCP 20. Choices:
|
|
Queue number of DSCP 21. Choices:
|
|
Queue number of DSCP 22. Choices:
|
|
Queue number of DSCP 23. Choices:
|
|
Queue number of DSCP 24. Choices:
|
|
Queue number of DSCP 25. Choices:
|
|
Queue number of DSCP 26. Choices:
|
|
Queue number of DSCP 27. Choices:
|
|
Queue number of DSCP 28. Choices:
|
|
Queue number of DSCP 29. Choices:
|
|
Queue number of DSCP 3. Choices:
|
|
Queue number of DSCP 30. Choices:
|
|
Queue number of DSCP 31. Choices:
|
|
Queue number of DSCP 32. Choices:
|
|
Queue number of DSCP 33. Choices:
|
|
Queue number of DSCP 34. Choices:
|
|
Queue number of DSCP 35. Choices:
|
|
Queue number of DSCP 36. Choices:
|
|
Queue number of DSCP 37. Choices:
|
|
Queue number of DSCP 38. Choices:
|
|
Queue number of DSCP 39. Choices:
|
|
Queue number of DSCP 4. Choices:
|
|
Queue number of DSCP 40. Choices:
|
|
Queue number of DSCP 41. Choices:
|
|
Queue number of DSCP 42. Choices:
|
|
Queue number of DSCP 43. Choices:
|
|
Queue number of DSCP 44. Choices:
|
|
Queue number of DSCP 45. Choices:
|
|
Queue number of DSCP 46. Choices:
|
|
Queue number of DSCP 47. Choices:
|
|
Queue number of DSCP 48. Choices:
|
|
Queue number of DSCP 49. Choices:
|
|
Queue number of DSCP 5. Choices:
|
|
Queue number of DSCP 50. Choices:
|
|
Queue number of DSCP 51. Choices:
|
|
Queue number of DSCP 52. Choices:
|
|
Queue number of DSCP 53. Choices:
|
|
Queue number of DSCP 54. Choices:
|
|
Queue number of DSCP 55. Choices:
|
|
Queue number of DSCP 56. Choices:
|
|
Queue number of DSCP 57. Choices:
|
|
Queue number of DSCP 58. Choices:
|
|
Queue number of DSCP 59. Choices:
|
|
Queue number of DSCP 6. Choices:
|
|
Queue number of DSCP 60. Choices:
|
|
Queue number of DSCP 61. Choices:
|
|
Queue number of DSCP 62. Choices:
|
|
Queue number of DSCP 63. Choices:
|
|
Queue number of DSCP 7. Choices:
|
|
Queue number of DSCP 8. Choices:
|
|
Queue number of DSCP 9. Choices:
|
|
Profile ID. |
|
Profile type. Choices:
|
|
Class weight. |
|
Scheduler. |
|
Scheduler mode. Choices:
|
|
Scheduler name. |
|
Npu-group-effective-scope defines under which npu-group cmds such as list/purge will be excecuted. |
|
Npu tcam. |
|
Data. |
|
Tcam data ip flag df. Choices:
|
|
Tcam data dst ipv4 address. |
|
Tcam data dst ipv6 address. |
|
Tcam data dst macaddr. |
|
Tcam data L4 dst port. |
|
Tcam data ethertype. |
|
Tcam data extension tag. Choices:
|
|
Tcam data ip flag fragment offset. |
|
Tcam data gen info buffer count. |
|
Tcam data gen info iv. Choices:
|
|
Tcam data gen info L3 flags. |
|
Tcam data gen info L4 flags. |
|
Tcam data gen info packet control. |
|
Tcam data gen info priority. |
|
Tcam data gen info priority valid. Choices:
|
|
Tcam data gen info tv. Choices:
|
|
Tcam data ipv4 IHL. |
|
Tcam data ipv4 id. |
|
Tcam data ipv6 flow label. |
|
Tcam data ip header version. |
|
Tcam data L4 word10. |
|
Tcam data L4 word11. |
|
Tcam data L4 word8. |
|
Tcam data L4 word9. |
|
Tcam data ip flag mf. Choices:
|
|
Tcam data ip protocol. |
|
Tcam data sublink. |
|
Tcam data source MAC change. Choices:
|
|
Tcam data source port. |
|
Tcam data source cfi. Choices:
|
|
Tcam data source priority. |
|
Tcam data source update. Choices:
|
|
Tcam data src ipv4 address. |
|
Tcam data src ipv6 address. |
|
Tcam data src macaddr. |
|
Tcam data L4 src port. |
|
Tcam data source vid. |
|
Tcam data tcp flag ack. Choices:
|
|
Tcam data tcp flag cwr. Choices:
|
|
Tcam data tcp flag ece. Choices:
|
|
Tcam data tcp flag fin. Choices:
|
|
Tcam data tcp flag push. Choices:
|
|
Tcam data tcp flag rst. Choices:
|
|
Tcam data tcp flag syn. Choices:
|
|
Tcam data tcp flag urg. Choices:
|
|
Tcam data target cfi. Choices:
|
|
Tcam data target priority. |
|
Tcam data target port update. Choices:
|
|
Tcam data target valid. Choices:
|
|
Tcam data ip tos. |
|
Tcam data target port. |
|
Tcam data ip ttl. |
|
Tcam data target vid. |
|
Tcam data vdom id. |
|
Debug driver dump data/mask pdq. |
|
Mask. |
|
Tcam mask ip flag df. Choices:
|
|
Tcam mask dst ipv4 address. |
|
Tcam mask dst ipv6 address. |
|
Tcam mask dst macaddr. |
|
Tcam mask L4 dst port. |
|
Tcam mask ethertype. |
|
Tcam mask extension tag. Choices:
|
|
Tcam data ip flag fragment offset. |
|
Tcam mask gen info buffer count. |
|
Tcam mask gen info iv. Choices:
|
|
Tcam mask gen info L3 flags. |
|
Tcam mask gen info L4 flags. |
|
Tcam mask gen info packet control. |
|
Tcam mask gen info priority. |
|
Tcam mask gen info priority valid. Choices:
|
|
Tcam mask gen info tv. Choices:
|
|
Tcam mask ipv4 IHL. |
|
Tcam mask ipv4 id. |
|
Tcam mask ipv6 flow label. |
|
Tcam mask ip header version. |
|
Tcam mask L4 word10. |
|
Tcam mask L4 word11. |
|
Tcam mask L4 word8. |
|
Tcam mask L4 word9. |
|
Tcam mask ip flag mf. Choices:
|
|
Tcam mask ip protocol. |
|
Tcam mask sublink. |
|
Tcam mask source MAC change. Choices:
|
|
Tcam mask source port. |
|
Tcam mask source cfi. Choices:
|
|
Tcam mask source priority. |
|
Tcam mask source update. Choices:
|
|
Tcam mask src ipv4 address. |
|
Tcam mask src ipv6 address. |
|
Tcam mask src macaddr. |
|
Tcam mask L4 src port. |
|
Tcam mask source vid. |
|
Tcam mask tcp flag ack. Choices:
|
|
Tcam mask tcp flag cwr. Choices:
|
|
Tcam mask tcp flag ece. Choices:
|
|
Tcam mask tcp flag fin. Choices:
|
|
Tcam mask tcp flag push. Choices:
|
|
Tcam mask tcp flag rst. Choices:
|
|
Tcam mask tcp flag syn. Choices:
|
|
Tcam mask tcp flag urg. Choices:
|
|
Tcam mask target cfi. Choices:
|
|
Tcam mask target priority. |
|
Tcam mask target port update. Choices:
|
|
Tcam mask target valid. Choices:
|
|
Tcam mask ip tos. |
|
Tcam mask target port. |
|
Tcam mask ip ttl. |
|
Tcam mask target vid. |
|
Tcam mask vdom id. |
|
Mir act. |
|
Tcam mirror action vlif. |
|
NPU TCAM policies name. |
|
NPU TCAM OID. |
|
Pri act. |
|
Tcam priority action priority. |
|
Tcam priority action weight. |
|
Sact. |
|
Tcam sact act. |
|
Enable to set sact act. Choices:
|
|
Tcam sact bmproc. |
|
Enable to set sact bmproc. Choices:
|
|
Tcam sact df-lif. |
|
Enable to set sact df-lif. Choices:
|
|
Tcam sact dfr. |
|
Enable to set sact dfr. Choices:
|
|
Tcam sact dmac-skip. |
|
Enable to set sact dmac-skip. Choices:
|
|
Tcam sact dosen. |
|
Enable to set sact dosen. Choices:
|
|
Tcam sact espff-proc. |
|
Enable to set sact espff-proc. Choices:
|
|
Tcam sact etype-pid. |
|
Enable to set sact etype-pid. Choices:
|
|
Tcam sact frag-proc. |
|
Enable to set sact frag-proc. Choices:
|
|
Tcam sact fwd. |
|
Tcam sact fwd-lif. |
|
Enable to set sact fwd-lif. Choices:
|
|
Tcam sact fwd-tvid. |
|
Enable to set sact fwd-vid. Choices:
|
|
Enable to set sact fwd. Choices:
|
|
Tcam sact icpen. |
|
Enable to set sact icpen. Choices:
|
|
Tcam sact igmp-mld-snp. |
|
Enable to set sact igmp-mld-snp. Choices:
|
|
Tcam sact learn. |
|
Enable to set sact learn. Choices:
|
|
Tcam sact m-srh-ctrl. |
|
Enable to set sact m-srh-ctrl. Choices:
|
|
Tcam sact mac-id. |
|
Enable to set sact mac-id. Choices:
|
|
Tcam sact mss. |
|
Enable to set sact mss. Choices:
|
|
Tcam sact pleen. |
|
Enable to set sact pleen. Choices:
|
|
Tcam sact prio-pid. |
|
Enable to set sact prio-pid. Choices:
|
|
Tcam sact promis. |
|
Enable to set sact promis. Choices:
|
|
Tcam sact rfsh. |
|
Enable to set sact rfsh. Choices:
|
|
Tcam sact smac-skip. |
|
Enable to set sact smac-skip. Choices:
|
|
Tcam sact tp mode. |
|
Enable to set sact tp mode. Choices:
|
|
Tcam sact tpe-id. |
|
Enable to set sact tpe-id. Choices:
|
|
Tcam sact vdm. |
|
Enable to set sact vdm. Choices:
|
|
Tcam sact vdom-id. |
|
Enable to set sact vdom-id. Choices:
|
|
Tcam sact x-mode. |
|
Enable to set sact x-mode. Choices:
|
|
Tact. |
|
Tcam tact act. |
|
Enable to set tact act. Choices:
|
|
Tcam tact fmtuv4-s. |
|
Enable to set tact fmtuv4-s. Choices:
|
|
Tcam tact fmtuv6-s. |
|
Enable to set tact fmtuv6-s. Choices:
|
|
Tcam tact lnkid. |
|
Enable to set tact lnkid. Choices:
|
|
Tcam tact mac-id. |
|
Enable to set tact mac-id. Choices:
|
|
Tcam tact mss. |
|
Enable to set tact mss. Choices:
|
|
Tcam tact mtuv4. |
|
Enable to set tact mtuv4. Choices:
|
|
Tcam tact mtuv6. |
|
Enable to set tact mtuv6. Choices:
|
|
Tcam tact slif-act. |
|
Enable to set tact slif-act. Choices:
|
|
Tcam tact sublnkid. |
|
Enable to set tact sublnkid. Choices:
|
|
Tcam tact tgtv-act. |
|
Enable to set tact tgtv-act. Choices:
|
|
Tcam tact tlif-act. |
|
Enable to set tact tlif-act. Choices:
|
|
Tcam tact tpeid. |
|
Enable to set tact tpeid. Choices:
|
|
Tcam tact v6fe. |
|
Enable to set tact v6fe. Choices:
|
|
Tcam tact vep_en. |
|
Enable to set tact vep-en. Choices:
|
|
Tcam tact vep_slid. |
|
Enable to set tact vep-slid. Choices:
|
|
Tcam tact xlt-lif. |
|
Enable to set tact xlt-lif. Choices:
|
|
Tcam tact xlt-vid. |
|
Enable to set tact xlt-vid. Choices:
|
|
TCAM policy type. Choices:
|
|
NPU TCAM VID. |
|
Configure thread options for the NP7s NSS module. Choices:
|
|
Configure option for PBA Choices:
|
|
Port selection mode for PBA IP pool. Choices:
|
|
Set per-policy accounting. Choices:
|
|
Enable/disable per-session accounting. Choices:
|
|
Configure action for the PLE to take on TCP packets that have the SYN field unset. Choices:
|
|
Configure firewall policy offload level Choices:
|
|
Port cpu map. |
|
The CPU core to map to an interface. |
|
The interface to map to a CPU core. |
|
Port npu map. |
|
Set npu interface port to NPU group map. |
|
Mapping NPU group index. |
|
Port path option. |
|
(list) Set ha/aux ports to handle traffic with NPU |
|
Priority protocol. |
|
Enable/disable NPU BFD priority protocol. Choices:
|
|
Enable/disable NPU BGP priority protocol. Choices:
|
|
Enable/disable NPU SLBC priority protocol. Choices:
|
|
Enable/disable process ICMP by host when received from IPsec tunnel and payload size Choices:
|
|
(list or str) Ingress port configured to allow the PRP trailer not be stripped off when the PRP packets come in. |
|
(list or str) Egress port configured to allow the PRP trailer not be stripped off when the PRP packets go out. |
|
PRP session clear mode for excluded ip sessions. Choices:
|
|
QoS mode on switch and NP. Choices:
|
|
QTM channel configuration for packet buffer. Choices:
|
|
Enable/disable rdp offload. Choices:
|
|
Enable/disable internal link failure check and recovery after boot up. Choices:
|
|
Enable/disable receive packet steering Choices:
|
|
Session accounting update interval |
|
Enable/disable offloading of denied sessions. Choices:
|
|
Enable/disable NP7 traffic shaping statistics Choices:
|
|
Port selection mode for SPA IP pool. Choices:
|
|
Enable/disable Split IPsec Engines. Choices:
|
|
Enable/disable sse backpressure. Choices:
|
|
Sse ha scan. |
|
Scanning message gap |
|
If the session count |
|
Scanning filter for minimum duration of the session. |
|
Enable/disable stripping clear text padding. Choices:
|
|
Enable/disable stripping ESP padding. Choices:
|
|
Sw eh hash. |
|
Set hashing computation. Choices:
|
|
Include/exclude destination IP address lower 16 bits. Choices:
|
|
Include/exclude destination IP address upper 16 bits. Choices:
|
|
Include/exclude destination port if TCP/UDP. Choices:
|
|
Include/exclude IP protocol. Choices:
|
|
Network mask length. |
|
Include/exclude source IP address lower 16 bits. Choices:
|
|
Include/exclude source IP address upper 16 bits. Choices:
|
|
Include/exclude source port if TCP/UDP. Choices:
|
|
Bandwidth from switch to NP. Choices:
|
|
Sw tr hash. |
|
Enable/disable DRACO15 hashing. Choices:
|
|
Include/exclude TCP/UDP source and destination port for unicast trunk traffic. Choices:
|
|
Switch-NP trunk port selection Criteria. Choices:
|
|
TCP RST timeout in seconds |
|
Tcp timeout profile. |
|
Set close-wait timeout |
|
Set fin-wait timeout |
|
Timeout profile ID |
|
Set syn-sent timeout |
|
Set syn-wait timeout |
|
Set TCP establish timeout |
|
Set time-wait timeout |
|
Enable/disable selection of which NP6 chip the tunnel uses Choices:
|
|
Udp timeout profile. |
|
Timeout profile ID |
|
Set UDP idle timeout |
|
Enable/disable UDP-encapsulated ESP offload Choices:
|
|
Set ULL ports speed to 10G/25G Choices:
|
|
Enable/disable vlan lookup cache Choices:
|
|
Enable/disable offloading vxlan. Choices:
|
|
The adom to lock for FortiManager running in workspace mode, the value can be global and others including root. |
|
The maximum time in seconds to wait for other user to release the workspace lock. Default: |
Notes
Note
Starting in version 2.4.0, all input arguments are named using the underscore naming convention (snake_case). Please change the arguments such as “var-name” to “var_name”. Old argument names are still available yet you will receive deprecation warnings. You can ignore this warning by setting deprecation_warnings=False in ansible.cfg.
Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.
Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded
Examples
- name: Example playbook (generated based on argument schema)
hosts: fortimanagers
connection: httpapi
vars:
ansible_httpapi_use_ssl: true
ansible_httpapi_validate_certs: false
ansible_httpapi_port: 443
tasks:
- name: Configure NPU attributes.
fortinet.fortimanager.fmgr_system_npu:
# bypass_validation: false
workspace_locking_adom: <value in [global, custom adom including root]>
workspace_locking_timeout: 300
# rc_succeeded: [0, -2, -3, ...]
# rc_failed: [-2, -3, ...]
adom: <your own value>
system_npu:
capwap_offload: <value in [disable, enable]>
dedicated_management_affinity: <string>
dedicated_management_cpu: <value in [disable, enable]>
fastpath: <value in [disable, enable]>
fp_anomaly:
esp_minlen_err: <value in [drop, trap-to-host]>
icmp_csum_err: <value in [drop, trap-to-host]>
icmp_minlen_err: <value in [drop, trap-to-host]>
ipv4_csum_err: <value in [drop, trap-to-host]>
ipv4_ihl_err: <value in [drop, trap-to-host]>
ipv4_len_err: <value in [drop, trap-to-host]>
ipv4_opt_err: <value in [drop, trap-to-host]>
ipv4_ttlzero_err: <value in [drop, trap-to-host]>
ipv4_ver_err: <value in [drop, trap-to-host]>
ipv6_exthdr_len_err: <value in [drop, trap-to-host]>
ipv6_exthdr_order_err: <value in [drop, trap-to-host]>
ipv6_ihl_err: <value in [drop, trap-to-host]>
ipv6_plen_zero: <value in [drop, trap-to-host]>
ipv6_ver_err: <value in [drop, trap-to-host]>
tcp_csum_err: <value in [drop, trap-to-host]>
tcp_hlen_err: <value in [drop, trap-to-host]>
tcp_plen_err: <value in [drop, trap-to-host]>
udp_csum_err: <value in [drop, trap-to-host]>
udp_hlen_err: <value in [drop, trap-to-host]>
udp_len_err: <value in [drop, trap-to-host]>
udp_plen_err: <value in [drop, trap-to-host]>
udplite_cover_err: <value in [drop, trap-to-host]>
udplite_csum_err: <value in [drop, trap-to-host]>
unknproto_minlen_err: <value in [drop, trap-to-host]>
tcp_fin_only: <value in [allow, drop, trap-to-host]>
ipv4_optsecurity: <value in [allow, drop, trap-to-host]>
ipv6_optralert: <value in [allow, drop, trap-to-host]>
tcp_syn_fin: <value in [allow, drop, trap-to-host]>
ipv4_proto_err: <value in [allow, drop, trap-to-host]>
ipv6_saddr_err: <value in [allow, drop, trap-to-host]>
icmp_frag: <value in [allow, drop, trap-to-host]>
ipv4_optssrr: <value in [allow, drop, trap-to-host]>
ipv6_opthomeaddr: <value in [allow, drop, trap-to-host]>
udp_land: <value in [allow, drop, trap-to-host]>
ipv6_optinvld: <value in [allow, drop, trap-to-host]>
tcp_fin_noack: <value in [allow, drop, trap-to-host]>
ipv6_proto_err: <value in [allow, drop, trap-to-host]>
tcp_land: <value in [allow, drop, trap-to-host]>
ipv4_unknopt: <value in [allow, drop, trap-to-host]>
ipv4_optstream: <value in [allow, drop, trap-to-host]>
ipv6_optjumbo: <value in [allow, drop, trap-to-host]>
icmp_land: <value in [allow, drop, trap-to-host]>
tcp_winnuke: <value in [allow, drop, trap-to-host]>
ipv6_daddr_err: <value in [allow, drop, trap-to-host]>
ipv4_land: <value in [allow, drop, trap-to-host]>
ipv6_opttunnel: <value in [allow, drop, trap-to-host]>
tcp_no_flag: <value in [allow, drop, trap-to-host]>
ipv6_land: <value in [allow, drop, trap-to-host]>
ipv4_optlsrr: <value in [allow, drop, trap-to-host]>
ipv4_opttimestamp: <value in [allow, drop, trap-to-host]>
ipv4_optrr: <value in [allow, drop, trap-to-host]>
ipv6_optnsap: <value in [allow, drop, trap-to-host]>
ipv6_unknopt: <value in [allow, drop, trap-to-host]>
tcp_syn_data: <value in [allow, drop, trap-to-host]>
ipv6_optendpid: <value in [allow, drop, trap-to-host]>
gtpu_plen_err: <value in [drop, trap-to-host]>
vxlan_minlen_err: <value in [drop, trap-to-host]>
capwap_minlen_err: <value in [drop, trap-to-host]>
gre_csum_err: <value in [drop, trap-to-host]>
nvgre_minlen_err: <value in [drop, trap-to-host]>
sctp_l4len_err: <value in [drop, trap-to-host]>
tcp_hlenvsl4len_err: <value in [drop, trap-to-host]>
sctp_crc_err: <value in [drop, trap-to-host]>
sctp_clen_err: <value in [drop, trap-to-host]>
uesp_minlen_err: <value in [drop, trap-to-host]>
sctp_csum_err: <value in [allow, drop, trap-to-host]>
gtp_enhanced_cpu_range: <value in [0, 1, 2]>
gtp_enhanced_mode: <value in [disable, enable]>
host_shortcut_mode: <value in [bi-directional, host-shortcut]>
htx_gtse_quota: <value in [100Mbps, 200Mbps, 300Mbps, ...]>
intf_shaping_offload: <value in [disable, enable]>
iph_rsvd_re_cksum: <value in [disable, enable]>
ipsec_dec_subengine_mask: <string>
ipsec_enc_subengine_mask: <string>
ipsec_inbound_cache: <value in [disable, enable]>
ipsec_mtu_override: <value in [disable, enable]>
ipsec_over_vlink: <value in [disable, enable]>
isf_np_queues:
cos0: <string>
cos1: <string>
cos2: <string>
cos3: <string>
cos4: <string>
cos5: <string>
cos6: <string>
cos7: <string>
lag_out_port_select: <value in [disable, enable]>
mcast_session_accounting: <value in [disable, session-based, tpe-based]>
np6_cps_optimization_mode: <value in [disable, enable]>
per_session_accounting: <value in [enable, disable, enable-by-log, ...]>
port_cpu_map:
-
cpu_core: <string>
interface: <string>
port_npu_map:
-
interface: <string>
npu_group_index: <integer>
priority_protocol:
bfd: <value in [disable, enable]>
bgp: <value in [disable, enable]>
slbc: <value in [disable, enable]>
qos_mode: <value in [disable, priority, round-robin]>
rdp_offload: <value in [disable, enable]>
recover_np6_link: <value in [disable, enable]>
session_denied_offload: <value in [disable, enable]>
sse_backpressure: <value in [disable, enable]>
strip_clear_text_padding: <value in [disable, enable]>
strip_esp_padding: <value in [disable, enable]>
sw_eh_hash:
computation: <value in [xor16, xor8, xor4, ...]>
destination_ip_lower_16: <value in [include, exclude]>
destination_ip_upper_16: <value in [include, exclude]>
destination_port: <value in [include, exclude]>
ip_protocol: <value in [include, exclude]>
netmask_length: <integer>
source_ip_lower_16: <value in [include, exclude]>
source_ip_upper_16: <value in [include, exclude]>
source_port: <value in [include, exclude]>
sw_np_bandwidth: <value in [0G, 2G, 4G, ...]>
switch_np_hash: <value in [src-ip, dst-ip, src-dst-ip]>
uesp_offload: <value in [disable, enable]>
np_queues:
ethernet_type:
-
name: <string>
queue: <integer>
type: <integer>
weight: <integer>
ip_protocol:
-
name: <string>
protocol: <integer>
queue: <integer>
weight: <integer>
ip_service:
-
dport: <integer>
name: <string>
protocol: <integer>
queue: <integer>
sport: <integer>
weight: <integer>
profile:
-
cos0: <value in [queue0, queue1, queue2, ...]>
cos1: <value in [queue0, queue1, queue2, ...]>
cos2: <value in [queue0, queue1, queue2, ...]>
cos3: <value in [queue0, queue1, queue2, ...]>
cos4: <value in [queue0, queue1, queue2, ...]>
cos5: <value in [queue0, queue1, queue2, ...]>
cos6: <value in [queue0, queue1, queue2, ...]>
cos7: <value in [queue0, queue1, queue2, ...]>
dscp0: <value in [queue0, queue1, queue2, ...]>
dscp1: <value in [queue0, queue1, queue2, ...]>
dscp10: <value in [queue0, queue1, queue2, ...]>
dscp11: <value in [queue0, queue1, queue2, ...]>
dscp12: <value in [queue0, queue1, queue2, ...]>
dscp13: <value in [queue0, queue1, queue2, ...]>
dscp14: <value in [queue0, queue1, queue2, ...]>
dscp15: <value in [queue0, queue1, queue2, ...]>
dscp16: <value in [queue0, queue1, queue2, ...]>
dscp17: <value in [queue0, queue1, queue2, ...]>
dscp18: <value in [queue0, queue1, queue2, ...]>
dscp19: <value in [queue0, queue1, queue2, ...]>
dscp2: <value in [queue0, queue1, queue2, ...]>
dscp20: <value in [queue0, queue1, queue2, ...]>
dscp21: <value in [queue0, queue1, queue2, ...]>
dscp22: <value in [queue0, queue1, queue2, ...]>
dscp23: <value in [queue0, queue1, queue2, ...]>
dscp24: <value in [queue0, queue1, queue2, ...]>
dscp25: <value in [queue0, queue1, queue2, ...]>
dscp26: <value in [queue0, queue1, queue2, ...]>
dscp27: <value in [queue0, queue1, queue2, ...]>
dscp28: <value in [queue0, queue1, queue2, ...]>
dscp29: <value in [queue0, queue1, queue2, ...]>
dscp3: <value in [queue0, queue1, queue2, ...]>
dscp30: <value in [queue0, queue1, queue2, ...]>
dscp31: <value in [queue0, queue1, queue2, ...]>
dscp32: <value in [queue0, queue1, queue2, ...]>
dscp33: <value in [queue0, queue1, queue2, ...]>
dscp34: <value in [queue0, queue1, queue2, ...]>
dscp35: <value in [queue0, queue1, queue2, ...]>
dscp36: <value in [queue0, queue1, queue2, ...]>
dscp37: <value in [queue0, queue1, queue2, ...]>
dscp38: <value in [queue0, queue1, queue2, ...]>
dscp39: <value in [queue0, queue1, queue2, ...]>
dscp4: <value in [queue0, queue1, queue2, ...]>
dscp40: <value in [queue0, queue1, queue2, ...]>
dscp41: <value in [queue0, queue1, queue2, ...]>
dscp42: <value in [queue0, queue1, queue2, ...]>
dscp43: <value in [queue0, queue1, queue2, ...]>
dscp44: <value in [queue0, queue1, queue2, ...]>
dscp45: <value in [queue0, queue1, queue2, ...]>
dscp46: <value in [queue0, queue1, queue2, ...]>
dscp47: <value in [queue0, queue1, queue2, ...]>
dscp48: <value in [queue0, queue1, queue2, ...]>
dscp49: <value in [queue0, queue1, queue2, ...]>
dscp5: <value in [queue0, queue1, queue2, ...]>
dscp50: <value in [queue0, queue1, queue2, ...]>
dscp51: <value in [queue0, queue1, queue2, ...]>
dscp52: <value in [queue0, queue1, queue2, ...]>
dscp53: <value in [queue0, queue1, queue2, ...]>
dscp54: <value in [queue0, queue1, queue2, ...]>
dscp55: <value in [queue0, queue1, queue2, ...]>
dscp56: <value in [queue0, queue1, queue2, ...]>
dscp57: <value in [queue0, queue1, queue2, ...]>
dscp58: <value in [queue0, queue1, queue2, ...]>
dscp59: <value in [queue0, queue1, queue2, ...]>
dscp6: <value in [queue0, queue1, queue2, ...]>
dscp60: <value in [queue0, queue1, queue2, ...]>
dscp61: <value in [queue0, queue1, queue2, ...]>
dscp62: <value in [queue0, queue1, queue2, ...]>
dscp63: <value in [queue0, queue1, queue2, ...]>
dscp7: <value in [queue0, queue1, queue2, ...]>
dscp8: <value in [queue0, queue1, queue2, ...]>
dscp9: <value in [queue0, queue1, queue2, ...]>
id: <integer>
type: <value in [cos, dscp]>
weight: <integer>
scheduler:
-
mode: <value in [none, priority, round-robin]>
name: <string>
udp_timeout_profile:
-
id: <integer>
udp_idle: <integer>
qtm_buf_mode: <value in [6ch, 4ch]>
default_qos_type: <value in [policing, shaping, policing-enhanced]>
tcp_rst_timeout: <integer>
ipsec_local_uesp_port: <integer>
htab_dedi_queue_nr: <integer>
double_level_mcast_offload: <value in [disable, enable]>
dse_timeout: <integer>
ippool_overload_low: <integer>
pba_eim: <value in [disallow, allow]>
policy_offload_level: <value in [disable, dos-offload, full-offload]>
max_session_timeout: <integer>
port_path_option:
ports_using_npu: <list or string>
vlan_lookup_cache: <value in [disable, enable]>
dos_options:
npu_dos_meter_mode: <value in [local, global]>
npu_dos_synproxy_mode: <value in [synack2ack, pass-synack]>
npu_dos_tpe_mode: <value in [disable, enable]>
hash_tbl_spread: <value in [disable, enable]>
tcp_timeout_profile:
-
close_wait: <integer>
fin_wait: <integer>
id: <integer>
syn_sent: <integer>
syn_wait: <integer>
tcp_idle: <integer>
time_wait: <integer>
ip_reassembly:
max_timeout: <integer>
min_timeout: <integer>
status: <value in [disable, enable]>
gtp_support: <value in [disable, enable]>
htx_icmp_csum_chk: <value in [pass, drop]>
hpe:
all_protocol: <integer>
arp_max: <integer>
enable_shaper: <value in [disable, enable]>
esp_max: <integer>
high_priority: <integer>
icmp_max: <integer>
ip_frag_max: <integer>
ip_others_max: <integer>
l2_others_max: <integer>
pri_type_max: <integer>
sctp_max: <integer>
tcp_max: <integer>
tcpfin_rst_max: <integer>
tcpsyn_ack_max: <integer>
tcpsyn_max: <integer>
udp_max: <integer>
enable_queue_shaper: <value in [disable, enable]>
exception_code: <integer>
fragment_with_sess: <integer>
fragment_without_session: <integer>
queue_shaper_max: <integer>
dsw_dts_profile:
-
action: <value in [wait, drop, drop_tmr_0, ...]>
min_limit: <integer>
profile_id: <integer>
step: <integer>
hash_config: <value in [5-tuple, src-ip, src-dst-ip]>
ipsec_ob_np_sel: <value in [RR, rr, Packet, ...]>
napi_break_interval: <integer>
background_sse_scan:
scan: <value in [disable, enable]>
stats_update_interval: <integer>
udp_keepalive_interval: <integer>
scan_stale: <integer>
scan_vt: <integer>
stats_qual_access: <integer>
stats_qual_duration: <integer>
udp_qual_access: <integer>
udp_qual_duration: <integer>
inbound_dscp_copy_port: <list or string>
session_acct_interval: <integer>
htab_msg_queue: <value in [idle, data, dedicated]>
dsw_queue_dts_profile:
-
iport: <value in [EIF0, eif0, EIF1, ...]>
name: <string>
oport: <value in [EIF0, eif0, EIF1, ...]>
profile_id: <integer>
queue_select: <integer>
hw_ha_scan_interval: <integer>
ippool_overload_high: <integer>
nat46_force_ipv4_packet_forwarding: <value in [disable, enable]>
prp_port_out: <list or string>
isf_np_rx_tr_distr: <value in [port-flow, round-robin, randomized]>
mcast_session_counting6: <value in [disable, enable, session-based, ...]>
prp_port_in: <list or string>
rps_mode: <value in [disable, enable]>
per_policy_accounting: <value in [disable, enable]>
mcast_session_counting: <value in [disable, enable, session-based, ...]>
inbound_dscp_copy: <value in [disable, enable]>
ipsec_host_dfclr: <value in [disable, enable]>
process_icmp_by_host: <value in [disable, enable]>
dedicated_tx_npu: <value in [disable, enable]>
ull_port_mode: <value in [10G, 25G]>
sse_ha_scan:
gap: <integer>
max_session_cnt: <integer>
min_duration: <integer>
hash_ipv6_sel: <integer>
ip_fragment_offload: <value in [disable, enable]>
ple_non_syn_tcp_action: <value in [forward, drop]>
npu_group_effective_scope: <integer>
ipsec_STS_timeout: <value in [1, 2, 3, ...]>
ipsec_throughput_msg_frequency: <value in [disable, 32KB, 64KB, ...]>
ipt_STS_timeout: <value in [1, 2, 3, ...]>
ipt_throughput_msg_frequency: <value in [disable, 32KB, 64KB, ...]>
default_tcp_refresh_dir: <value in [both, outgoing, incoming]>
default_udp_refresh_dir: <value in [both, outgoing, incoming]>
nss_threads_option: <value in [4t-eif, 4t-noeif, 2t]>
prp_session_clear_mode: <value in [blocking, non-blocking, do-not-clear]>
shaping_stats: <value in [disable, enable]>
sw_tr_hash:
draco15: <value in [disable, enable]>
tcp_udp_port: <value in [include, exclude]>
pba_port_select_mode: <value in [random, direct]>
spa_port_select_mode: <value in [random, direct]>
split_ipsec_engines: <value in [disable, enable]>
tunnel_over_vlink: <value in [disable, enable]>
max_receive_unit: <integer>
npu_tcam:
-
data:
df: <value in [disable, enable]>
dstip: <string>
dstipv6: <string>
dstmac: <string>
dstport: <integer>
ethertype: <string>
ext_tag: <value in [disable, enable]>
frag_off: <integer>
gen_buf_cnt: <integer>
gen_iv: <value in [invalid, valid]>
gen_l3_flags: <integer>
gen_l4_flags: <integer>
gen_pkt_ctrl: <integer>
gen_pri: <integer>
gen_pri_v: <value in [invalid, valid]>
gen_tv: <value in [invalid, valid]>
ihl: <integer>
ip4_id: <integer>
ip6_fl: <integer>
ipver: <integer>
l4_wd10: <integer>
l4_wd11: <integer>
l4_wd8: <integer>
l4_wd9: <integer>
mf: <value in [disable, enable]>
protocol: <integer>
slink: <integer>
smac_change: <value in [disable, enable]>
sp: <integer>
src_cfi: <value in [disable, enable]>
src_prio: <integer>
src_updt: <value in [disable, enable]>
srcip: <string>
srcipv6: <string>
srcmac: <string>
srcport: <integer>
svid: <integer>
tcp_ack: <value in [disable, enable]>
tcp_cwr: <value in [disable, enable]>
tcp_ece: <value in [disable, enable]>
tcp_fin: <value in [disable, enable]>
tcp_push: <value in [disable, enable]>
tcp_rst: <value in [disable, enable]>
tcp_syn: <value in [disable, enable]>
tcp_urg: <value in [disable, enable]>
tgt_cfi: <value in [disable, enable]>
tgt_prio: <integer>
tgt_updt: <value in [disable, enable]>
tgt_v: <value in [invalid, valid]>
tos: <integer>
tp: <integer>
ttl: <integer>
tvid: <integer>
vdid: <integer>
dbg_dump: <integer>
mask:
df: <value in [disable, enable]>
dstip: <string>
dstipv6: <string>
dstmac: <string>
dstport: <integer>
ethertype: <string>
ext_tag: <value in [disable, enable]>
frag_off: <integer>
gen_buf_cnt: <integer>
gen_iv: <value in [invalid, valid]>
gen_l3_flags: <integer>
gen_l4_flags: <integer>
gen_pkt_ctrl: <integer>
gen_pri: <integer>
gen_pri_v: <value in [invalid, valid]>
gen_tv: <value in [invalid, valid]>
ihl: <integer>
ip4_id: <integer>
ip6_fl: <integer>
ipver: <integer>
l4_wd10: <integer>
l4_wd11: <integer>
l4_wd8: <integer>
l4_wd9: <integer>
mf: <value in [disable, enable]>
protocol: <integer>
slink: <integer>
smac_change: <value in [disable, enable]>
sp: <integer>
src_cfi: <value in [disable, enable]>
src_prio: <integer>
src_updt: <value in [disable, enable]>
srcip: <string>
srcipv6: <string>
srcmac: <string>
srcport: <integer>
svid: <integer>
tcp_ack: <value in [disable, enable]>
tcp_cwr: <value in [disable, enable]>
tcp_ece: <value in [disable, enable]>
tcp_fin: <value in [disable, enable]>
tcp_push: <value in [disable, enable]>
tcp_rst: <value in [disable, enable]>
tcp_syn: <value in [disable, enable]>
tcp_urg: <value in [disable, enable]>
tgt_cfi: <value in [disable, enable]>
tgt_prio: <integer>
tgt_updt: <value in [disable, enable]>
tgt_v: <value in [invalid, valid]>
tos: <integer>
tp: <integer>
ttl: <integer>
tvid: <integer>
vdid: <integer>
mir_act:
vlif: <integer>
name: <string>
oid: <integer>
pri_act:
priority: <integer>
weight: <integer>
sact:
act: <integer>
act_v: <value in [disable, enable]>
bmproc: <integer>
bmproc_v: <value in [disable, enable]>
df_lif: <integer>
df_lif_v: <value in [disable, enable]>
dfr: <integer>
dfr_v: <value in [disable, enable]>
dmac_skip: <integer>
dmac_skip_v: <value in [disable, enable]>
dosen: <integer>
dosen_v: <value in [disable, enable]>
espff_proc: <integer>
espff_proc_v: <value in [disable, enable]>
etype_pid: <integer>
etype_pid_v: <value in [disable, enable]>
frag_proc: <integer>
frag_proc_v: <value in [disable, enable]>
fwd: <integer>
fwd_lif: <integer>
fwd_lif_v: <value in [disable, enable]>
fwd_tvid: <integer>
fwd_tvid_v: <value in [disable, enable]>
fwd_v: <value in [disable, enable]>
icpen: <integer>
icpen_v: <value in [disable, enable]>
igmp_mld_snp: <integer>
igmp_mld_snp_v: <value in [disable, enable]>
learn: <integer>
learn_v: <value in [disable, enable]>
m_srh_ctrl: <integer>
m_srh_ctrl_v: <value in [disable, enable]>
mac_id: <integer>
mac_id_v: <value in [disable, enable]>
mss: <integer>
mss_v: <value in [disable, enable]>
pleen: <integer>
pleen_v: <value in [disable, enable]>
prio_pid: <integer>
prio_pid_v: <value in [disable, enable]>
promis: <integer>
promis_v: <value in [disable, enable]>
rfsh: <integer>
rfsh_v: <value in [disable, enable]>
smac_skip: <integer>
smac_skip_v: <value in [disable, enable]>
tp_smchk_v: <value in [disable, enable]>
tp_smchk: <integer>
tpe_id: <integer>
tpe_id_v: <value in [disable, enable]>
vdm: <integer>
vdm_v: <value in [disable, enable]>
vdom_id: <integer>
vdom_id_v: <value in [disable, enable]>
x_mode: <integer>
x_mode_v: <value in [disable, enable]>
tact:
act: <integer>
act_v: <value in [disable, enable]>
fmtuv4_s: <integer>
fmtuv4_s_v: <value in [disable, enable]>
fmtuv6_s: <integer>
fmtuv6_s_v: <value in [disable, enable]>
lnkid: <integer>
lnkid_v: <value in [disable, enable]>
mac_id: <integer>
mac_id_v: <value in [disable, enable]>
mss_t: <integer>
mss_t_v: <value in [disable, enable]>
mtuv4: <integer>
mtuv4_v: <value in [disable, enable]>
mtuv6: <integer>
mtuv6_v: <value in [disable, enable]>
slif_act: <integer>
slif_act_v: <value in [disable, enable]>
sublnkid: <integer>
sublnkid_v: <value in [disable, enable]>
tgtv_act: <integer>
tgtv_act_v: <value in [disable, enable]>
tlif_act: <integer>
tlif_act_v: <value in [disable, enable]>
tpeid: <integer>
tpeid_v: <value in [disable, enable]>
v6fe: <integer>
v6fe_v: <value in [disable, enable]>
vep_en_v: <value in [disable, enable]>
vep_slid: <integer>
vep_slid_v: <value in [disable, enable]>
vep_en: <integer>
xlt_lif: <integer>
xlt_lif_v: <value in [disable, enable]>
xlt_vid: <integer>
xlt_vid_v: <value in [disable, enable]>
type: <value in [L2_src_tc, L2_tgt_tc, L2_src_mir, ...]>
vid: <integer>
icmp_rate_ctrl:
icmp_v4_bucket_size: <integer>
icmp_v4_rate: <integer>
icmp_v6_bucket_size: <integer>
icmp_v6_rate: <integer>
vxlan_offload: <value in [disable, enable]>
icmp_error_rate_ctrl:
icmpv4_error_bucket_size: <integer>
icmpv4_error_rate: <integer>
icmpv4_error_rate_limit: <value in [disable, enable]>
icmpv6_error_bucket_size: <integer>
icmpv6_error_rate: <integer>
icmpv6_error_rate_limit: <value in [disable, enable]>
ipv4_session_quota: <value in [disable, enable]>
ipv4_session_quota_high: <integer>
ipv4_session_quota_low: <integer>
ipv6_prefix_session_quota: <value in [disable, enable]>
ipv6_prefix_session_quota_high: <integer>
ipv6_prefix_session_quota_low: <integer>
dedicated_lacp_queue: <value in [disable, enable]>
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
The result of the request. Returned: always |
|
The full url requested. Returned: always Sample: |
|
The status of api request. Returned: always Sample: |
|
The api response. Returned: always |
|
The descriptive message of the api response. Returned: always Sample: |
|
The information of the target system. Returned: always |
|
The status the request. Returned: always Sample: |
|
Warning if the parameters used in the playbook are not supported by the current FortiManager version. Returned: complex |