fortinet.fortimanager.fmgr_system_npu module – Configure NPU attributes.

Note

This module is part of the fortinet.fortimanager collection (version 2.8.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install fortinet.fortimanager.

To use it in a playbook, specify: fortinet.fortimanager.fmgr_system_npu.

New in fortinet.fortimanager 2.1.0

Synopsis

  • This module is able to configure a FortiManager device.

  • Examples include all parameters and values which need to be adjusted to data sources before usage.

Parameters

Parameter

Comments

access_token

string

The token to access FortiManager without using username and password.

adom

string / required

The parameter (adom) in requested url.

bypass_validation

boolean

Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters.

Choices:

  • false ← (default)

  • true

enable_log

boolean

Enable/Disable logging for task.

Choices:

  • false ← (default)

  • true

forticloud_access_token

string

Authenticate Ansible client with forticloud API access token.

proposed_method

string

The overridden method for the underlying Json RPC request.

Choices:

  • "update"

  • "set"

  • "add"

rc_failed

list / elements=integer

The rc codes list with which the conditions to fail will be overriden.

rc_succeeded

list / elements=integer

The rc codes list with which the conditions to succeed will be overriden.

system_npu

dictionary

The top level parameters set.

background_sse_scan

dictionary

Background sse scan.

scan

string

Enable/disable background SSE scan by driver thread

Choices:

  • "disable"

  • "enable"

scan_stale

integer

Configure scanning of active or stale sessions

scan_vt

integer

Select version/type to scan

stats_qual_access

integer

Statistics update access qualification in seconds

stats_qual_duration

integer

Statistics update duration qualification in seconds

stats_update_interval

integer

Stats update interval

udp_keepalive_interval

integer

UDP keepalive interval

udp_qual_access

integer

UDP keepalive access qualification in seconds

udp_qual_duration

integer

UDP keepalive duration qualification in seconds

capwap_offload

string

Enable/disable offloading managed FortiAP and FortiLink CAPWAP sessions.

Choices:

  • "disable"

  • "enable"

dedicated_lacp_queue

string

Enable to dedicate one HIF queue for LACP.

Choices:

  • "disable"

  • "enable"

dedicated_management_affinity

string

Affinity setting for management deamons

dedicated_management_cpu

string

Enable to dedicate one CPU for GUI and CLI connections when NPs are busy.

Choices:

  • "disable"

  • "enable"

dedicated_tx_npu

string

Enable/disable dedication of 3rd NPU for slow path TX.

Choices:

  • "disable"

  • "enable"

default_qos_type

string

Set default QoS type.

Choices:

  • "policing"

  • "shaping"

  • "policing-enhanced"

default_tcp_refresh_dir

string

Default SSE timeout TCP refresh direction.

Choices:

  • "both"

  • "outgoing"

  • "incoming"

default_udp_refresh_dir

string

Default SSE timeout UDP refresh direction.

Choices:

  • "both"

  • "outgoing"

  • "incoming"

dos_options

dictionary

Dos options.

npu_dos_meter_mode

string

Set DoS meter NPU offloading mode.

Choices:

  • "local"

  • "global"

npu_dos_synproxy_mode

string

Set NPU DoS SYNPROXY mode.

Choices:

  • "synack2ack"

  • "pass-synack"

npu_dos_tpe_mode

string

Enable/disable insertion of DoS meter ID to session table.

Choices:

  • "disable"

  • "enable"

double_level_mcast_offload

string

Enable double level mcast offload.

Choices:

  • "disable"

  • "enable"

dse_timeout

integer

DSE timeout in seconds

dsw_dts_profile

list / elements=dictionary

Dsw dts profile.

action

string

Set NPU DSW DTS profile action.

Choices:

  • "wait"

  • "drop"

  • "drop_tmr_0"

  • "drop_tmr_1"

  • "enque"

  • "enque_0"

  • "enque_1"

min_limit

integer

Set NPU DSW DTS profile min-limt.

profile_id

integer

Set NPU DSW DTS profile profile id.

step

integer

Set NPU DSW DTS profile step.

dsw_queue_dts_profile

list / elements=dictionary

Dsw queue dts profile.

iport

string

Set NPU DSW DTS in port.

Choices:

  • "EIF0"

  • "eif0"

  • "EIF1"

  • "eif1"

  • "EIF2"

  • "eif2"

  • "EIF3"

  • "eif3"

  • "EIF4"

  • "eif4"

  • "EIF5"

  • "eif5"

  • "EIF6"

  • "eif6"

  • "EIF7"

  • "eif7"

  • "HTX0"

  • "htx0"

  • "HTX1"

  • "htx1"

  • "SSE0"

  • "sse0"

  • "SSE1"

  • "sse1"

  • "SSE2"

  • "sse2"

  • "SSE3"

  • "sse3"

  • "RLT"

  • "rlt"

  • "DFR"

  • "dfr"

  • "IPSECI"

  • "ipseci"

  • "IPSECO"

  • "ipseco"

  • "IPTI"

  • "ipti"

  • "IPTO"

  • "ipto"

  • "VEP0"

  • "vep0"

  • "VEP2"

  • "vep2"

  • "VEP4"

  • "vep4"

  • "VEP6"

  • "vep6"

  • "IVS"

  • "ivs"

  • "L2TI1"

  • "l2ti1"

  • "L2TO"

  • "l2to"

  • "L2TI0"

  • "l2ti0"

  • "PLE"

  • "ple"

  • "SPATH"

  • "spath"

  • "QTM"

  • "qtm"

name

string

Name.

oport

string

Set NPU DSW DTS out port.

Choices:

  • "EIF0"

  • "eif0"

  • "EIF1"

  • "eif1"

  • "EIF2"

  • "eif2"

  • "EIF3"

  • "eif3"

  • "EIF4"

  • "eif4"

  • "EIF5"

  • "eif5"

  • "EIF6"

  • "eif6"

  • "EIF7"

  • "eif7"

  • "HRX"

  • "hrx"

  • "SSE0"

  • "sse0"

  • "SSE1"

  • "sse1"

  • "SSE2"

  • "sse2"

  • "SSE3"

  • "sse3"

  • "RLT"

  • "rlt"

  • "DFR"

  • "dfr"

  • "IPSECI"

  • "ipseci"

  • "IPSECO"

  • "ipseco"

  • "IPTI"

  • "ipti"

  • "IPTO"

  • "ipto"

  • "VEP0"

  • "vep0"

  • "VEP2"

  • "vep2"

  • "VEP4"

  • "vep4"

  • "VEP6"

  • "vep6"

  • "IVS"

  • "ivs"

  • "L2TI1"

  • "l2ti1"

  • "L2TO"

  • "l2to"

  • "L2TI0"

  • "l2ti0"

  • "PLE"

  • "ple"

  • "SYNK"

  • "sync"

  • "NSS"

  • "nss"

  • "TSK"

  • "tsk"

  • "QTM"

  • "qtm"

  • "l2tO"

profile_id

integer

Set NPU DSW DTS profile ID.

queue_select

integer

Set NPU DSW DTS queue ID select

fastpath

string

Enable/disable NP6 offloading

Choices:

  • "disable"

  • "enable"

fp_anomaly

dictionary

Fp anomaly.

capwap_minlen_err

string

Capwap minlen err.

Choices:

  • "drop"

  • "trap-to-host"

esp_minlen_err

string

Invalid IPv4 ESP short packet anomalies.

Choices:

  • "drop"

  • "trap-to-host"

gre_csum_err

string

Gre csum err.

Choices:

  • "drop"

  • "trap-to-host"

gtpu_plen_err

string

Gtpu plen err.

Choices:

  • "drop"

  • "trap-to-host"

icmp_csum_err

string

Invalid IPv4 ICMP packet checksum anomalies.

Choices:

  • "drop"

  • "trap-to-host"

icmp_frag

string

Layer 3 fragmented packets that could be part of layer 4 ICMP anomalies.

Choices:

  • "allow"

  • "drop"

  • "trap-to-host"

icmp_land

string

ICMP land anomalies.

Choices:

  • "allow"

  • "drop"

  • "trap-to-host"

icmp_minlen_err

string

Invalid IPv4 ICMP short packet anomalies.

Choices:

  • "drop"

  • "trap-to-host"

ipv4_csum_err

string

Invalid IPv4 packet checksum anomalies.

Choices:

  • "drop"

  • "trap-to-host"

ipv4_ihl_err

string

Invalid IPv4 header length anomalies.

Choices:

  • "drop"

  • "trap-to-host"

ipv4_land

string

Land anomalies.

Choices:

  • "allow"

  • "drop"

  • "trap-to-host"

ipv4_len_err

string

Invalid IPv4 packet length anomalies.

Choices:

  • "drop"

  • "trap-to-host"

ipv4_opt_err

string

Invalid IPv4 option parsing anomalies.

Choices:

  • "drop"

  • "trap-to-host"

ipv4_optlsrr

string

Loose source record route option anomalies.

Choices:

  • "allow"

  • "drop"

  • "trap-to-host"

ipv4_optrr

string

Record route option anomalies.

Choices:

  • "allow"

  • "drop"

  • "trap-to-host"

ipv4_optsecurity

string

Security option anomalies.

Choices:

  • "allow"

  • "drop"

  • "trap-to-host"

ipv4_optssrr

string

Strict source record route option anomalies.

Choices:

  • "allow"

  • "drop"

  • "trap-to-host"

ipv4_optstream

string

Stream option anomalies.

Choices:

  • "allow"

  • "drop"

  • "trap-to-host"

ipv4_opttimestamp

string

Timestamp option anomalies.

Choices:

  • "allow"

  • "drop"

  • "trap-to-host"

ipv4_proto_err

string

Invalid layer 4 protocol anomalies.

Choices:

  • "allow"

  • "drop"

  • "trap-to-host"

ipv4_ttlzero_err

string

Invalid IPv4 TTL field zero anomalies.

Choices:

  • "drop"

  • "trap-to-host"

ipv4_unknopt

string

Unknown option anomalies.

Choices:

  • "allow"

  • "drop"

  • "trap-to-host"

ipv4_ver_err

string

Invalid IPv4 header version anomalies.

Choices:

  • "drop"

  • "trap-to-host"

ipv6_daddr_err

string

Destination address as unspecified or loopback address anomalies.

Choices:

  • "allow"

  • "drop"

  • "trap-to-host"

ipv6_exthdr_len_err

string

Invalid IPv6 packet chain extension header total length anomalies.

Choices:

  • "drop"

  • "trap-to-host"

ipv6_exthdr_order_err

string

Invalid IPv6 packet extension header ordering anomalies.

Choices:

  • "drop"

  • "trap-to-host"

ipv6_ihl_err

string

Invalid IPv6 packet length anomalies.

Choices:

  • "drop"

  • "trap-to-host"

ipv6_land

string

Land anomalies.

Choices:

  • "allow"

  • "drop"

  • "trap-to-host"

ipv6_optendpid

string

End point identification anomalies.

Choices:

  • "allow"

  • "drop"

  • "trap-to-host"

ipv6_opthomeaddr

string

Home address option anomalies.

Choices:

  • "allow"

  • "drop"

  • "trap-to-host"

ipv6_optinvld

string

Invalid option anomalies.

Choices:

  • "allow"

  • "drop"

  • "trap-to-host"

ipv6_optjumbo

string

Jumbo options anomalies.

Choices:

  • "allow"

  • "drop"

  • "trap-to-host"

ipv6_optnsap

string

Network service access point address option anomalies.

Choices:

  • "allow"

  • "drop"

  • "trap-to-host"

ipv6_optralert

string

Router alert option anomalies.

Choices:

  • "allow"

  • "drop"

  • "trap-to-host"

ipv6_opttunnel

string

Tunnel encapsulation limit option anomalies.

Choices:

  • "allow"

  • "drop"

  • "trap-to-host"

ipv6_plen_zero

string

Invalid IPv6 packet payload length zero anomalies.

Choices:

  • "drop"

  • "trap-to-host"

ipv6_proto_err

string

Layer 4 invalid protocol anomalies.

Choices:

  • "allow"

  • "drop"

  • "trap-to-host"

ipv6_saddr_err

string

Source address as multicast anomalies.

Choices:

  • "allow"

  • "drop"

  • "trap-to-host"

ipv6_unknopt

string

Unknown option anomalies.

Choices:

  • "allow"

  • "drop"

  • "trap-to-host"

ipv6_ver_err

string

Invalid IPv6 packet version anomalies.

Choices:

  • "drop"

  • "trap-to-host"

nvgre_minlen_err

string

Nvgre minlen err.

Choices:

  • "drop"

  • "trap-to-host"

sctp_clen_err

string

Sctp clen err.

Choices:

  • "drop"

  • "trap-to-host"

sctp_crc_err

string

Sctp crc err.

Choices:

  • "drop"

  • "trap-to-host"

sctp_csum_err

string

Invalid IPv4 SCTP checksum anomalies.

Choices:

  • "allow"

  • "drop"

  • "trap-to-host"

sctp_l4len_err

string

Sctp l4len err.

Choices:

  • "drop"

  • "trap-to-host"

tcp_csum_err

string

Invalid IPv4 TCP packet checksum anomalies.

Choices:

  • "drop"

  • "trap-to-host"

tcp_fin_noack

string

TCP SYN flood with FIN flag set without ACK setting anomalies.

Choices:

  • "allow"

  • "drop"

  • "trap-to-host"

tcp_fin_only

string

TCP SYN flood with only FIN flag set anomalies.

Choices:

  • "allow"

  • "drop"

  • "trap-to-host"

tcp_hlen_err

string

Invalid IPv4 TCP header length anomalies.

Choices:

  • "drop"

  • "trap-to-host"

tcp_hlenvsl4len_err

string

Tcp hlenvsl4len err.

Choices:

  • "drop"

  • "trap-to-host"

tcp_land

string

TCP land anomalies.

Choices:

  • "allow"

  • "drop"

  • "trap-to-host"

tcp_no_flag

string

TCP SYN flood with no flag set anomalies.

Choices:

  • "allow"

  • "drop"

  • "trap-to-host"

tcp_plen_err

string

Invalid IPv4 TCP packet length anomalies.

Choices:

  • "drop"

  • "trap-to-host"

tcp_syn_data

string

TCP SYN flood packets with data anomalies.

Choices:

  • "allow"

  • "drop"

  • "trap-to-host"

tcp_syn_fin

string

TCP SYN flood SYN/FIN flag set anomalies.

Choices:

  • "allow"

  • "drop"

  • "trap-to-host"

tcp_winnuke

string

TCP WinNuke anomalies.

Choices:

  • "allow"

  • "drop"

  • "trap-to-host"

udp_csum_err

string

Invalid IPv4 UDP packet checksum anomalies.

Choices:

  • "drop"

  • "trap-to-host"

udp_hlen_err

string

Invalid IPv4 UDP packet header length anomalies.

Choices:

  • "drop"

  • "trap-to-host"

udp_land

string

UDP land anomalies.

Choices:

  • "allow"

  • "drop"

  • "trap-to-host"

udp_len_err

string

Invalid IPv4 UDP packet length anomalies.

Choices:

  • "drop"

  • "trap-to-host"

udp_plen_err

string

Invalid IPv4 UDP packet minimum length anomalies.

Choices:

  • "drop"

  • "trap-to-host"

udplite_cover_err

string

Invalid IPv4 UDP-Lite packet coverage anomalies.

Choices:

  • "drop"

  • "trap-to-host"

udplite_csum_err

string

Invalid IPv4 UDP-Lite packet checksum anomalies.

Choices:

  • "drop"

  • "trap-to-host"

uesp_minlen_err

string

Uesp minlen err.

Choices:

  • "drop"

  • "trap-to-host"

unknproto_minlen_err

string

Invalid IPv4 L4 unknown protocol short packet anomalies.

Choices:

  • "drop"

  • "trap-to-host"

vxlan_minlen_err

string

Vxlan minlen err.

Choices:

  • "drop"

  • "trap-to-host"

gtp_enhanced_cpu_range

string

GTP enhanced CPU range option.

Choices:

  • "0"

  • "1"

  • "2"

gtp_enhanced_mode

string

Enable/disable GTP enhanced mode.

Choices:

  • "disable"

  • "enable"

gtp_support

string

Enable/Disable NP7 GTP support

Choices:

  • "disable"

  • "enable"

hash_config

string

Configure NPU trunk hash.

Choices:

  • "5-tuple"

  • "src-ip"

  • "src-dst-ip"

hash_ipv6_sel

integer

Select which 4bytes of the IPv6 address are used for traffic hash

hash_tbl_spread

string

Enable/disable hash table entry spread

Choices:

  • "disable"

  • "enable"

host_shortcut_mode

string

Set np6 host shortcut mode.

Choices:

  • "bi-directional"

  • "host-shortcut"

hpe

dictionary

Hpe.

all_protocol

integer

Maximum packet rate of each host queue except high priority traffic

arp_max

integer

Maximum ARP packet rate

enable_queue_shaper

string

Enable/Disable NPU host protection engine

Choices:

  • "disable"

  • "enable"

enable_shaper

string

Enable/Disable NPU Host Protection Engine

Choices:

  • "disable"

  • "enable"

esp_max

integer

Maximum ESP packet rate

exception_code

integer

Maximum exception code rate of traffic

fragment_with_sess

integer

Maximum fragment with session rate of traffic

fragment_without_session

integer

Maximum fragment without session rate of traffic

high_priority

integer

Maximum packet rate for high priority traffic packets

icmp_max

integer

Maximum ICMP packet rate

ip_frag_max

integer

Maximum fragmented IP packet rate

ip_others_max

integer

Maximum IP packet rate for other packets

l2_others_max

integer

Maximum L2 packet rate for L2 packets that are not ARP packets

pri_type_max

integer

Maximum overflow rate of priority type traffic

queue_shaper_max

integer

Maximum per queue byte rate of traffic

sctp_max

integer

Maximum SCTP packet rate

tcp_max

integer

Maximum TCP packet rate

tcpfin_rst_max

integer

Maximum TCP carries FIN or RST flags packet rate

tcpsyn_ack_max

integer

Maximum TCP carries SYN and ACK flags packet rate

tcpsyn_max

integer

Maximum TCP SYN packet rate

udp_max

integer

Maximum UDP packet rate

htab_dedi_queue_nr

integer

Set the number of dedicate queue for hash table messages.

htab_msg_queue

string

Set hash table message queue mode.

Choices:

  • "idle"

  • "data"

  • "dedicated"

htx_gtse_quota

string

Configure HTX GTSE quota.

Choices:

  • "100Mbps"

  • "200Mbps"

  • "300Mbps"

  • "400Mbps"

  • "500Mbps"

  • "600Mbps"

  • "700Mbps"

  • "800Mbps"

  • "900Mbps"

  • "1Gbps"

  • "2Gbps"

  • "4Gbps"

  • "8Gbps"

  • "10Gbps"

htx_icmp_csum_chk

string

Set HTX icmp csum checking mode.

Choices:

  • "pass"

  • "drop"

hw_ha_scan_interval

integer

HW HA periodical scan interval in seconds

icmp_error_rate_ctrl

dictionary

Icmp error rate ctrl.

icmpv4_error_bucket_size

integer

Bucket size used in the token bucket algorithm for controlling the flow of ICMPv4 error packets

icmpv4_error_rate

integer

Average rate of ICMPv4 error packets that allowed to be generated per second

icmpv4_error_rate_limit

string

Enable to limit the ICMPv4 error packets generated by this FortiGate.

Choices:

  • "disable"

  • "enable"

icmpv6_error_bucket_size

integer

Bucket size used in the token bucket algorithm for controlling the flow of ICMPv6 error packets

icmpv6_error_rate

integer

Average rate of ICMPv6 error packets that allowed to be generated per second

icmpv6_error_rate_limit

string

Enable to limit the ICMPv6 error packets generated by this FortiGate.

Choices:

  • "disable"

  • "enable"

icmp_rate_ctrl

dictionary

Icmp rate ctrl.

icmp_v4_bucket_size

integer

Bucket size used in the token bucket algorithm for controlling the flow of ICMPv4 packets

icmp_v4_rate

integer

Average rate of ICMPv4 packets that allowed to be generated per second

icmp_v6_bucket_size

integer

Bucket size used in the token bucket algorithm for controlling the flow of ICMPv6 packets

icmp_v6_rate

integer

Average rate of ICMPv6 packets that allowed to be generated per second

inbound_dscp_copy

string

Enable/disable copying the DSCP field from outer IP header to inner IP Header.

Choices:

  • "disable"

  • "enable"

inbound_dscp_copy_port

any

(list) Physical interfaces that support inbound-dscp-copy.

intf_shaping_offload

string

Enable/disable NPU offload when doing interface-based traffic shaping according to the egress-shaping-profile.

Choices:

  • "disable"

  • "enable"

ip_fragment_offload

string

Enable/disable NP7 NPU IP fragment offload.

Choices:

  • "disable"

  • "enable"

ip_reassembly

dictionary

Ip reassembly.

max_timeout

integer

Maximum timeout value for IP reassembly

min_timeout

integer

Minimum timeout value for IP reassembly

status

string

Set IP reassembly processing status.

Choices:

  • "disable"

  • "enable"

iph_rsvd_re_cksum

string

Enable/disable IP checksum re-calculation for packets with iph.

Choices:

  • "disable"

  • "enable"

ippool_overload_high

integer

High threshold for overload ippool port reuse

ippool_overload_low

integer

Low threshold for overload ippool port reuse

ipsec_dec_subengine_mask

string

IPsec decryption subengine mask

ipsec_enc_subengine_mask

string

IPsec encryption subengine mask

ipsec_host_dfclr

string

Enable/disable DF clearing of NP4lite host IPsec offload.

Choices:

  • "disable"

  • "enable"

ipsec_inbound_cache

string

Enable/disable IPsec inbound cache for anti-replay.

Choices:

  • "disable"

  • "enable"

ipsec_local_uesp_port

integer

Ipsec local uesp port.

ipsec_mtu_override

string

Enable/disable NP6 IPsec MTU override.

Choices:

  • "disable"

  • "enable"

ipsec_ob_np_sel

string

IPsec NP selection for OB SA offloading.

Choices:

  • "RR"

  • "rr"

  • "Packet"

  • "Hash"

string

Enable/disable IPSEC over vlink.

Choices:

  • "disable"

  • "enable"

ipsec_STS_timeout

string

Set NP7Lite IPsec STS msg timeout.

Choices:

  • "1"

  • "2"

  • "3"

  • "4"

  • "5"

  • "6"

  • "7"

  • "8"

  • "9"

  • "10"

ipsec_throughput_msg_frequency

string

Set NP7Lite IPsec throughput msg frequency

Choices:

  • "disable"

  • "32KB"

  • "64KB"

  • "128KB"

  • "256KB"

  • "512KB"

  • "1MB"

  • "2MB"

  • "4MB"

  • "8MB"

  • "16MB"

  • "32MB"

  • "64MB"

  • "128MB"

  • "256MB"

  • "512MB"

  • "1GB"

ipt_STS_timeout

string

Set NP7Lite IPT STS msg timeout.

Choices:

  • "1"

  • "2"

  • "3"

  • "4"

  • "5"

  • "6"

  • "7"

  • "8"

  • "9"

  • "10"

ipt_throughput_msg_frequency

string

Set NP7Lite IPT throughput msg frequency

Choices:

  • "disable"

  • "32KB"

  • "64KB"

  • "128KB"

  • "256KB"

  • "512KB"

  • "1MB"

  • "2MB"

  • "4MB"

  • "8MB"

  • "16MB"

  • "32MB"

  • "64MB"

  • "128MB"

  • "256MB"

  • "512MB"

  • "1GB"

ipv4_session_quota

string

Enable/Disable NoNAT IPv4 session quota for hyperscale VDOMs.

Choices:

  • "disable"

  • "enable"

ipv4_session_quota_high

integer

Configure NoNAT IPv4 session quota high threshold.

ipv4_session_quota_low

integer

Configure NoNAT IPv4 session quota low threshold.

ipv6_prefix_session_quota

string

Enable/Disable hardware IPv6 /64 prefix session quota for hyperscale VDOMs.

Choices:

  • "disable"

  • "enable"

ipv6_prefix_session_quota_high

integer

Configure IPv6 prefix session quota high threshold.

ipv6_prefix_session_quota_low

integer

Configure IPv6 prefix session quota low threshold.

isf_np_queues

dictionary

Isf np queues.

cos0

string

CoS profile name for CoS 0.

cos1

string

CoS profile name for CoS 1.

cos2

string

CoS profile name for CoS 2.

cos3

string

CoS profile name for CoS 3.

cos4

string

CoS profile name for CoS 4.

cos5

string

CoS profile name for CoS 5.

cos6

string

CoS profile name for CoS 6.

cos7

string

CoS profile name for CoS 7.

isf_np_rx_tr_distr

string

Select ISF NP Rx trunk distribution

Choices:

  • "port-flow"

  • "round-robin"

  • "randomized"

lag_out_port_select

string

Enable/disable LAG outgoing port selection based on incoming traffic port.

Choices:

  • "disable"

  • "enable"

max_receive_unit

integer

Set the maximum packet size for receive, larger packets will be silently dropped.

max_session_timeout

integer

Maximum time interval for refreshing NPU-offloaded sessions

mcast_session_accounting

string

Enable/disable traffic accounting for each multicast session through TAE counter.

Choices:

  • "disable"

  • "session-based"

  • "tpe-based"

mcast_session_counting

string

Mcast session counting.

Choices:

  • "disable"

  • "enable"

  • "session-based"

  • "tpe-based"

mcast_session_counting6

string

Enable/disable traffic accounting for each multicast session6 through TAE counter.

Choices:

  • "disable"

  • "enable"

  • "session-based"

  • "tpe-based"

napi_break_interval

integer

NAPI break interval

nat46_force_ipv4_packet_forwarding

string

Enable/disable mandatory IPv4 packet forwarding in nat46.

Choices:

  • "disable"

  • "enable"

np6_cps_optimization_mode

string

Enable/disable NP6 connection per second

Choices:

  • "disable"

  • "enable"

np_queues

dictionary

Np queues.

ethernet_type

list / elements=dictionary

Ethernet type.

name

string

Ethernet Type Name.

queue

integer

Queue Number.

type

integer

Ethernet Type.

weight

integer

Class Weight.

ip_protocol

list / elements=dictionary

Ip protocol.

name

string

IP Protocol Name.

protocol

integer

IP Protocol.

queue

integer

Queue Number.

weight

integer

Class Weight.

ip_service

list / elements=dictionary

Ip service.

dport

integer

Destination port.

name

string

IP service name.

protocol

integer

IP protocol.

queue

integer

Queue number.

sport

integer

Source port.

weight

integer

Class weight.

profile

list / elements=dictionary

Profile.

cos0

string

Queue number of CoS 0.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

cos1

string

Queue number of CoS 1.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

cos2

string

Queue number of CoS 2.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

cos3

string

Queue number of CoS 3.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

cos4

string

Queue number of CoS 4.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

cos5

string

Queue number of CoS 5.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

cos6

string

Queue number of CoS 6.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

cos7

string

Queue number of CoS 7.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp0

string

Queue number of DSCP 0.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp1

string

Queue number of DSCP 1.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp10

string

Queue number of DSCP 10.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp11

string

Queue number of DSCP 11.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp12

string

Queue number of DSCP 12.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp13

string

Queue number of DSCP 13.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp14

string

Queue number of DSCP 14.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp15

string

Queue number of DSCP 15.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp16

string

Queue number of DSCP 16.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp17

string

Queue number of DSCP 17.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp18

string

Queue number of DSCP 18.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp19

string

Queue number of DSCP 19.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp2

string

Queue number of DSCP 2.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp20

string

Queue number of DSCP 20.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp21

string

Queue number of DSCP 21.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp22

string

Queue number of DSCP 22.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp23

string

Queue number of DSCP 23.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp24

string

Queue number of DSCP 24.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp25

string

Queue number of DSCP 25.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp26

string

Queue number of DSCP 26.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp27

string

Queue number of DSCP 27.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp28

string

Queue number of DSCP 28.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp29

string

Queue number of DSCP 29.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp3

string

Queue number of DSCP 3.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp30

string

Queue number of DSCP 30.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp31

string

Queue number of DSCP 31.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp32

string

Queue number of DSCP 32.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp33

string

Queue number of DSCP 33.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp34

string

Queue number of DSCP 34.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp35

string

Queue number of DSCP 35.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp36

string

Queue number of DSCP 36.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp37

string

Queue number of DSCP 37.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp38

string

Queue number of DSCP 38.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp39

string

Queue number of DSCP 39.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp4

string

Queue number of DSCP 4.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp40

string

Queue number of DSCP 40.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp41

string

Queue number of DSCP 41.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp42

string

Queue number of DSCP 42.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp43

string

Queue number of DSCP 43.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp44

string

Queue number of DSCP 44.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp45

string

Queue number of DSCP 45.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp46

string

Queue number of DSCP 46.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp47

string

Queue number of DSCP 47.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp48

string

Queue number of DSCP 48.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp49

string

Queue number of DSCP 49.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp5

string

Queue number of DSCP 5.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp50

string

Queue number of DSCP 50.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp51

string

Queue number of DSCP 51.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp52

string

Queue number of DSCP 52.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp53

string

Queue number of DSCP 53.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp54

string

Queue number of DSCP 54.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp55

string

Queue number of DSCP 55.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp56

string

Queue number of DSCP 56.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp57

string

Queue number of DSCP 57.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp58

string

Queue number of DSCP 58.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp59

string

Queue number of DSCP 59.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp6

string

Queue number of DSCP 6.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp60

string

Queue number of DSCP 60.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp61

string

Queue number of DSCP 61.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp62

string

Queue number of DSCP 62.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp63

string

Queue number of DSCP 63.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp7

string

Queue number of DSCP 7.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp8

string

Queue number of DSCP 8.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp9

string

Queue number of DSCP 9.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

id

integer

Profile ID.

type

string

Profile type.

Choices:

  • "cos"

  • "dscp"

weight

integer

Class weight.

scheduler

list / elements=dictionary

Scheduler.

mode

string

Scheduler mode.

Choices:

  • "none"

  • "priority"

  • "round-robin"

name

string

Scheduler name.

npu_group_effective_scope

integer

Npu-group-effective-scope defines under which npu-group cmds such as list/purge will be excecuted.

npu_tcam

list / elements=dictionary

Npu tcam.

data

dictionary

Data.

df

string

Tcam data ip flag df.

Choices:

  • "disable"

  • "enable"

dstip

string

Tcam data dst ipv4 address.

dstipv6

string

Tcam data dst ipv6 address.

dstmac

string

Tcam data dst macaddr.

dstport

integer

Tcam data L4 dst port.

ethertype

string

Tcam data ethertype.

ext_tag

string

Tcam data extension tag.

Choices:

  • "disable"

  • "enable"

frag_off

integer

Tcam data ip flag fragment offset.

gen_buf_cnt

integer

Tcam data gen info buffer count.

gen_iv

string

Tcam data gen info iv.

Choices:

  • "invalid"

  • "valid"

gen_l3_flags

integer

Tcam data gen info L3 flags.

gen_l4_flags

integer

Tcam data gen info L4 flags.

gen_pkt_ctrl

integer

Tcam data gen info packet control.

gen_pri

integer

Tcam data gen info priority.

gen_pri_v

string

Tcam data gen info priority valid.

Choices:

  • "invalid"

  • "valid"

gen_tv

string

Tcam data gen info tv.

Choices:

  • "invalid"

  • "valid"

ihl

integer

Tcam data ipv4 IHL.

ip4_id

integer

Tcam data ipv4 id.

ip6_fl

integer

Tcam data ipv6 flow label.

ipver

integer

Tcam data ip header version.

l4_wd10

integer

Tcam data L4 word10.

l4_wd11

integer

Tcam data L4 word11.

l4_wd8

integer

Tcam data L4 word8.

l4_wd9

integer

Tcam data L4 word9.

mf

string

Tcam data ip flag mf.

Choices:

  • "disable"

  • "enable"

protocol

integer

Tcam data ip protocol.

integer

Tcam data sublink.

smac_change

string

Tcam data source MAC change.

Choices:

  • "disable"

  • "enable"

sp

integer

Tcam data source port.

src_cfi

string

Tcam data source cfi.

Choices:

  • "disable"

  • "enable"

src_prio

integer

Tcam data source priority.

src_updt

string

Tcam data source update.

Choices:

  • "disable"

  • "enable"

srcip

string

Tcam data src ipv4 address.

srcipv6

string

Tcam data src ipv6 address.

srcmac

string

Tcam data src macaddr.

srcport

integer

Tcam data L4 src port.

svid

integer

Tcam data source vid.

tcp_ack

string

Tcam data tcp flag ack.

Choices:

  • "disable"

  • "enable"

tcp_cwr

string

Tcam data tcp flag cwr.

Choices:

  • "disable"

  • "enable"

tcp_ece

string

Tcam data tcp flag ece.

Choices:

  • "disable"

  • "enable"

tcp_fin

string

Tcam data tcp flag fin.

Choices:

  • "disable"

  • "enable"

tcp_push

string

Tcam data tcp flag push.

Choices:

  • "disable"

  • "enable"

tcp_rst

string

Tcam data tcp flag rst.

Choices:

  • "disable"

  • "enable"

tcp_syn

string

Tcam data tcp flag syn.

Choices:

  • "disable"

  • "enable"

tcp_urg

string

Tcam data tcp flag urg.

Choices:

  • "disable"

  • "enable"

tgt_cfi

string

Tcam data target cfi.

Choices:

  • "disable"

  • "enable"

tgt_prio

integer

Tcam data target priority.

tgt_updt

string

Tcam data target port update.

Choices:

  • "disable"

  • "enable"

tgt_v

string

Tcam data target valid.

Choices:

  • "invalid"

  • "valid"

tos

integer

Tcam data ip tos.

tp

integer

Tcam data target port.

ttl

integer

Tcam data ip ttl.

tvid

integer

Tcam data target vid.

vdid

integer

Tcam data vdom id.

dbg_dump

integer

Debug driver dump data/mask pdq.

mask

dictionary

Mask.

df

string

Tcam mask ip flag df.

Choices:

  • "disable"

  • "enable"

dstip

string

Tcam mask dst ipv4 address.

dstipv6

string

Tcam mask dst ipv6 address.

dstmac

string

Tcam mask dst macaddr.

dstport

integer

Tcam mask L4 dst port.

ethertype

string

Tcam mask ethertype.

ext_tag

string

Tcam mask extension tag.

Choices:

  • "disable"

  • "enable"

frag_off

integer

Tcam data ip flag fragment offset.

gen_buf_cnt

integer

Tcam mask gen info buffer count.

gen_iv

string

Tcam mask gen info iv.

Choices:

  • "invalid"

  • "valid"

gen_l3_flags

integer

Tcam mask gen info L3 flags.

gen_l4_flags

integer

Tcam mask gen info L4 flags.

gen_pkt_ctrl

integer

Tcam mask gen info packet control.

gen_pri

integer

Tcam mask gen info priority.

gen_pri_v

string

Tcam mask gen info priority valid.

Choices:

  • "invalid"

  • "valid"

gen_tv

string

Tcam mask gen info tv.

Choices:

  • "invalid"

  • "valid"

ihl

integer

Tcam mask ipv4 IHL.

ip4_id

integer

Tcam mask ipv4 id.

ip6_fl

integer

Tcam mask ipv6 flow label.

ipver

integer

Tcam mask ip header version.

l4_wd10

integer

Tcam mask L4 word10.

l4_wd11

integer

Tcam mask L4 word11.

l4_wd8

integer

Tcam mask L4 word8.

l4_wd9

integer

Tcam mask L4 word9.

mf

string

Tcam mask ip flag mf.

Choices:

  • "disable"

  • "enable"

protocol

integer

Tcam mask ip protocol.

integer

Tcam mask sublink.

smac_change

string

Tcam mask source MAC change.

Choices:

  • "disable"

  • "enable"

sp

integer

Tcam mask source port.

src_cfi

string

Tcam mask source cfi.

Choices:

  • "disable"

  • "enable"

src_prio

integer

Tcam mask source priority.

src_updt

string

Tcam mask source update.

Choices:

  • "disable"

  • "enable"

srcip

string

Tcam mask src ipv4 address.

srcipv6

string

Tcam mask src ipv6 address.

srcmac

string

Tcam mask src macaddr.

srcport

integer

Tcam mask L4 src port.

svid

integer

Tcam mask source vid.

tcp_ack

string

Tcam mask tcp flag ack.

Choices:

  • "disable"

  • "enable"

tcp_cwr

string

Tcam mask tcp flag cwr.

Choices:

  • "disable"

  • "enable"

tcp_ece

string

Tcam mask tcp flag ece.

Choices:

  • "disable"

  • "enable"

tcp_fin

string

Tcam mask tcp flag fin.

Choices:

  • "disable"

  • "enable"

tcp_push

string

Tcam mask tcp flag push.

Choices:

  • "disable"

  • "enable"

tcp_rst

string

Tcam mask tcp flag rst.

Choices:

  • "disable"

  • "enable"

tcp_syn

string

Tcam mask tcp flag syn.

Choices:

  • "disable"

  • "enable"

tcp_urg

string

Tcam mask tcp flag urg.

Choices:

  • "disable"

  • "enable"

tgt_cfi

string

Tcam mask target cfi.

Choices:

  • "disable"

  • "enable"

tgt_prio

integer

Tcam mask target priority.

tgt_updt

string

Tcam mask target port update.

Choices:

  • "disable"

  • "enable"

tgt_v

string

Tcam mask target valid.

Choices:

  • "invalid"

  • "valid"

tos

integer

Tcam mask ip tos.

tp

integer

Tcam mask target port.

ttl

integer

Tcam mask ip ttl.

tvid

integer

Tcam mask target vid.

vdid

integer

Tcam mask vdom id.

mir_act

dictionary

Mir act.

vlif

integer

Tcam mirror action vlif.

name

string

NPU TCAM policies name.

oid

integer

NPU TCAM OID.

pri_act

dictionary

Pri act.

priority

integer

Tcam priority action priority.

weight

integer

Tcam priority action weight.

sact

dictionary

Sact.

act

integer

Tcam sact act.

act_v

string

Enable to set sact act.

Choices:

  • "disable"

  • "enable"

bmproc

integer

Tcam sact bmproc.

bmproc_v

string

Enable to set sact bmproc.

Choices:

  • "disable"

  • "enable"

df_lif

integer

Tcam sact df-lif.

df_lif_v

string

Enable to set sact df-lif.

Choices:

  • "disable"

  • "enable"

dfr

integer

Tcam sact dfr.

dfr_v

string

Enable to set sact dfr.

Choices:

  • "disable"

  • "enable"

dmac_skip

integer

Tcam sact dmac-skip.

dmac_skip_v

string

Enable to set sact dmac-skip.

Choices:

  • "disable"

  • "enable"

dosen

integer

Tcam sact dosen.

dosen_v

string

Enable to set sact dosen.

Choices:

  • "disable"

  • "enable"

espff_proc

integer

Tcam sact espff-proc.

espff_proc_v

string

Enable to set sact espff-proc.

Choices:

  • "disable"

  • "enable"

etype_pid

integer

Tcam sact etype-pid.

etype_pid_v

string

Enable to set sact etype-pid.

Choices:

  • "disable"

  • "enable"

frag_proc

integer

Tcam sact frag-proc.

frag_proc_v

string

Enable to set sact frag-proc.

Choices:

  • "disable"

  • "enable"

fwd

integer

Tcam sact fwd.

fwd_lif

integer

Tcam sact fwd-lif.

fwd_lif_v

string

Enable to set sact fwd-lif.

Choices:

  • "disable"

  • "enable"

fwd_tvid

integer

Tcam sact fwd-tvid.

fwd_tvid_v

string

Enable to set sact fwd-vid.

Choices:

  • "disable"

  • "enable"

fwd_v

string

Enable to set sact fwd.

Choices:

  • "disable"

  • "enable"

icpen

integer

Tcam sact icpen.

icpen_v

string

Enable to set sact icpen.

Choices:

  • "disable"

  • "enable"

igmp_mld_snp

integer

Tcam sact igmp-mld-snp.

igmp_mld_snp_v

string

Enable to set sact igmp-mld-snp.

Choices:

  • "disable"

  • "enable"

learn

integer

Tcam sact learn.

learn_v

string

Enable to set sact learn.

Choices:

  • "disable"

  • "enable"

m_srh_ctrl

integer

Tcam sact m-srh-ctrl.

m_srh_ctrl_v

string

Enable to set sact m-srh-ctrl.

Choices:

  • "disable"

  • "enable"

mac_id

integer

Tcam sact mac-id.

mac_id_v

string

Enable to set sact mac-id.

Choices:

  • "disable"

  • "enable"

mss

integer

Tcam sact mss.

mss_v

string

Enable to set sact mss.

Choices:

  • "disable"

  • "enable"

pleen

integer

Tcam sact pleen.

pleen_v

string

Enable to set sact pleen.

Choices:

  • "disable"

  • "enable"

prio_pid

integer

Tcam sact prio-pid.

prio_pid_v

string

Enable to set sact prio-pid.

Choices:

  • "disable"

  • "enable"

promis

integer

Tcam sact promis.

promis_v

string

Enable to set sact promis.

Choices:

  • "disable"

  • "enable"

rfsh

integer

Tcam sact rfsh.

rfsh_v

string

Enable to set sact rfsh.

Choices:

  • "disable"

  • "enable"

smac_skip

integer

Tcam sact smac-skip.

smac_skip_v

string

Enable to set sact smac-skip.

Choices:

  • "disable"

  • "enable"

tp_smchk

integer

Tcam sact tp mode.

tp_smchk_v

string

Enable to set sact tp mode.

Choices:

  • "disable"

  • "enable"

tpe_id

integer

Tcam sact tpe-id.

tpe_id_v

string

Enable to set sact tpe-id.

Choices:

  • "disable"

  • "enable"

vdm

integer

Tcam sact vdm.

vdm_v

string

Enable to set sact vdm.

Choices:

  • "disable"

  • "enable"

vdom_id

integer

Tcam sact vdom-id.

vdom_id_v

string

Enable to set sact vdom-id.

Choices:

  • "disable"

  • "enable"

x_mode

integer

Tcam sact x-mode.

x_mode_v

string

Enable to set sact x-mode.

Choices:

  • "disable"

  • "enable"

tact

dictionary

Tact.

act

integer

Tcam tact act.

act_v

string

Enable to set tact act.

Choices:

  • "disable"

  • "enable"

fmtuv4_s

integer

Tcam tact fmtuv4-s.

fmtuv4_s_v

string

Enable to set tact fmtuv4-s.

Choices:

  • "disable"

  • "enable"

fmtuv6_s

integer

Tcam tact fmtuv6-s.

fmtuv6_s_v

string

Enable to set tact fmtuv6-s.

Choices:

  • "disable"

  • "enable"

lnkid

integer

Tcam tact lnkid.

lnkid_v

string

Enable to set tact lnkid.

Choices:

  • "disable"

  • "enable"

mac_id

integer

Tcam tact mac-id.

mac_id_v

string

Enable to set tact mac-id.

Choices:

  • "disable"

  • "enable"

mss_t

integer

Tcam tact mss.

mss_t_v

string

Enable to set tact mss.

Choices:

  • "disable"

  • "enable"

mtuv4

integer

Tcam tact mtuv4.

mtuv4_v

string

Enable to set tact mtuv4.

Choices:

  • "disable"

  • "enable"

mtuv6

integer

Tcam tact mtuv6.

mtuv6_v

string

Enable to set tact mtuv6.

Choices:

  • "disable"

  • "enable"

slif_act

integer

Tcam tact slif-act.

slif_act_v

string

Enable to set tact slif-act.

Choices:

  • "disable"

  • "enable"

sublnkid

integer

Tcam tact sublnkid.

sublnkid_v

string

Enable to set tact sublnkid.

Choices:

  • "disable"

  • "enable"

tgtv_act

integer

Tcam tact tgtv-act.

tgtv_act_v

string

Enable to set tact tgtv-act.

Choices:

  • "disable"

  • "enable"

tlif_act

integer

Tcam tact tlif-act.

tlif_act_v

string

Enable to set tact tlif-act.

Choices:

  • "disable"

  • "enable"

tpeid

integer

Tcam tact tpeid.

tpeid_v

string

Enable to set tact tpeid.

Choices:

  • "disable"

  • "enable"

v6fe

integer

Tcam tact v6fe.

v6fe_v

string

Enable to set tact v6fe.

Choices:

  • "disable"

  • "enable"

vep_en

integer

Tcam tact vep_en.

vep_en_v

string

Enable to set tact vep-en.

Choices:

  • "disable"

  • "enable"

vep_slid

integer

Tcam tact vep_slid.

vep_slid_v

string

Enable to set tact vep-slid.

Choices:

  • "disable"

  • "enable"

xlt_lif

integer

Tcam tact xlt-lif.

xlt_lif_v

string

Enable to set tact xlt-lif.

Choices:

  • "disable"

  • "enable"

xlt_vid

integer

Tcam tact xlt-vid.

xlt_vid_v

string

Enable to set tact xlt-vid.

Choices:

  • "disable"

  • "enable"

type

string

TCAM policy type.

Choices:

  • "L2_src_tc"

  • "L2_tgt_tc"

  • "L2_src_mir"

  • "L2_tgt_mir"

  • "L2_src_act"

  • "L2_tgt_act"

  • "IPv4_src_tc"

  • "IPv4_tgt_tc"

  • "IPv4_src_mir"

  • "IPv4_tgt_mir"

  • "IPv4_src_act"

  • "IPv4_tgt_act"

  • "IPv6_src_tc"

  • "IPv6_tgt_tc"

  • "IPv6_src_mir"

  • "IPv6_tgt_mir"

  • "IPv6_src_act"

  • "IPv6_tgt_act"

vid

integer

NPU TCAM VID.

nss_threads_option

string

Configure thread options for the NP7s NSS module.

Choices:

  • "4t-eif"

  • "4t-noeif"

  • "2t"

pba_eim

string

Configure option for PBA

Choices:

  • "disallow"

  • "allow"

pba_port_select_mode

string

Port selection mode for PBA IP pool.

Choices:

  • "random"

  • "direct"

per_policy_accounting

string

Set per-policy accounting.

Choices:

  • "disable"

  • "enable"

per_session_accounting

string

Enable/disable per-session accounting.

Choices:

  • "enable"

  • "disable"

  • "enable-by-log"

  • "all-enable"

  • "traffic-log-only"

ple_non_syn_tcp_action

string

Configure action for the PLE to take on TCP packets that have the SYN field unset.

Choices:

  • "forward"

  • "drop"

policy_offload_level

string

Configure firewall policy offload level

Choices:

  • "disable"

  • "dos-offload"

  • "full-offload"

port_cpu_map

list / elements=dictionary

Port cpu map.

cpu_core

string

The CPU core to map to an interface.

interface

string

The interface to map to a CPU core.

port_npu_map

list / elements=dictionary

Port npu map.

interface

string

Set npu interface port to NPU group map.

npu_group_index

integer

Mapping NPU group index.

port_path_option

dictionary

Port path option.

ports_using_npu

any

(list) Set ha/aux ports to handle traffic with NPU

priority_protocol

dictionary

Priority protocol.

bfd

string

Enable/disable NPU BFD priority protocol.

Choices:

  • "disable"

  • "enable"

bgp

string

Enable/disable NPU BGP priority protocol.

Choices:

  • "disable"

  • "enable"

slbc

string

Enable/disable NPU SLBC priority protocol.

Choices:

  • "disable"

  • "enable"

process_icmp_by_host

string

Enable/disable process ICMP by host when received from IPsec tunnel and payload size

Choices:

  • "disable"

  • "enable"

prp_port_in

any

(list or str) Ingress port configured to allow the PRP trailer not be stripped off when the PRP packets come in.

prp_port_out

any

(list or str) Egress port configured to allow the PRP trailer not be stripped off when the PRP packets go out.

prp_session_clear_mode

string

PRP session clear mode for excluded ip sessions.

Choices:

  • "blocking"

  • "non-blocking"

  • "do-not-clear"

qos_mode

string

QoS mode on switch and NP.

Choices:

  • "disable"

  • "priority"

  • "round-robin"

qtm_buf_mode

string

QTM channel configuration for packet buffer.

Choices:

  • "6ch"

  • "4ch"

rdp_offload

string

Enable/disable rdp offload.

Choices:

  • "disable"

  • "enable"

string

Enable/disable internal link failure check and recovery after boot up.

Choices:

  • "disable"

  • "enable"

rps_mode

string

Enable/disable receive packet steering

Choices:

  • "disable"

  • "enable"

session_acct_interval

integer

Session accounting update interval

session_denied_offload

string

Enable/disable offloading of denied sessions.

Choices:

  • "disable"

  • "enable"

shaping_stats

string

Enable/disable NP7 traffic shaping statistics

Choices:

  • "disable"

  • "enable"

spa_port_select_mode

string

Port selection mode for SPA IP pool.

Choices:

  • "random"

  • "direct"

split_ipsec_engines

string

Enable/disable Split IPsec Engines.

Choices:

  • "disable"

  • "enable"

sse_backpressure

string

Enable/disable sse backpressure.

Choices:

  • "disable"

  • "enable"

sse_ha_scan

dictionary

Sse ha scan.

gap

integer

Scanning message gap

max_session_cnt

integer

If the session count

min_duration

integer

Scanning filter for minimum duration of the session.

strip_clear_text_padding

string

Enable/disable stripping clear text padding.

Choices:

  • "disable"

  • "enable"

strip_esp_padding

string

Enable/disable stripping ESP padding.

Choices:

  • "disable"

  • "enable"

sw_eh_hash

dictionary

Sw eh hash.

computation

string

Set hashing computation.

Choices:

  • "xor16"

  • "xor8"

  • "xor4"

  • "crc16"

destination_ip_lower_16

string

Include/exclude destination IP address lower 16 bits.

Choices:

  • "include"

  • "exclude"

destination_ip_upper_16

string

Include/exclude destination IP address upper 16 bits.

Choices:

  • "include"

  • "exclude"

destination_port

string

Include/exclude destination port if TCP/UDP.

Choices:

  • "include"

  • "exclude"

ip_protocol

string

Include/exclude IP protocol.

Choices:

  • "include"

  • "exclude"

netmask_length

integer

Network mask length.

source_ip_lower_16

string

Include/exclude source IP address lower 16 bits.

Choices:

  • "include"

  • "exclude"

source_ip_upper_16

string

Include/exclude source IP address upper 16 bits.

Choices:

  • "include"

  • "exclude"

source_port

string

Include/exclude source port if TCP/UDP.

Choices:

  • "include"

  • "exclude"

sw_np_bandwidth

string

Bandwidth from switch to NP.

Choices:

  • "0G"

  • "2G"

  • "4G"

  • "5G"

  • "6G"

  • "7G"

  • "8G"

  • "9G"

sw_tr_hash

dictionary

Sw tr hash.

draco15

string

Enable/disable DRACO15 hashing.

Choices:

  • "disable"

  • "enable"

tcp_udp_port

string

Include/exclude TCP/UDP source and destination port for unicast trunk traffic.

Choices:

  • "include"

  • "exclude"

switch_np_hash

string

Switch-NP trunk port selection Criteria.

Choices:

  • "src-ip"

  • "dst-ip"

  • "src-dst-ip"

tcp_rst_timeout

integer

TCP RST timeout in seconds

tcp_timeout_profile

list / elements=dictionary

Tcp timeout profile.

close_wait

integer

Set close-wait timeout

fin_wait

integer

Set fin-wait timeout

id

integer

Timeout profile ID

syn_sent

integer

Set syn-sent timeout

syn_wait

integer

Set syn-wait timeout

tcp_idle

integer

Set TCP establish timeout

time_wait

integer

Set time-wait timeout

string

Enable/disable selection of which NP6 chip the tunnel uses

Choices:

  • "disable"

  • "enable"

udp_timeout_profile

list / elements=dictionary

Udp timeout profile.

id

integer

Timeout profile ID

udp_idle

integer

Set UDP idle timeout

uesp_offload

string

Enable/disable UDP-encapsulated ESP offload

Choices:

  • "disable"

  • "enable"

ull_port_mode

string

Set ULL ports speed to 10G/25G

Choices:

  • "10G"

  • "25G"

vlan_lookup_cache

string

Enable/disable vlan lookup cache

Choices:

  • "disable"

  • "enable"

vxlan_offload

string

Enable/disable offloading vxlan.

Choices:

  • "disable"

  • "enable"

workspace_locking_adom

string

The adom to lock for FortiManager running in workspace mode, the value can be global and others including root.

workspace_locking_timeout

integer

The maximum time in seconds to wait for other user to release the workspace lock.

Default: 300

Notes

Note

  • Starting in version 2.4.0, all input arguments are named using the underscore naming convention (snake_case). Please change the arguments such as “var-name” to “var_name”. Old argument names are still available yet you will receive deprecation warnings. You can ignore this warning by setting deprecation_warnings=False in ansible.cfg.

  • Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.

  • Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded

Examples

- name: Example playbook (generated based on argument schema)
  hosts: fortimanagers
  connection: httpapi
  vars:
    ansible_httpapi_use_ssl: true
    ansible_httpapi_validate_certs: false
    ansible_httpapi_port: 443
  tasks:
    - name: Configure NPU attributes.
      fortinet.fortimanager.fmgr_system_npu:
        # bypass_validation: false
        workspace_locking_adom: <value in [global, custom adom including root]>
        workspace_locking_timeout: 300
        # rc_succeeded: [0, -2, -3, ...]
        # rc_failed: [-2, -3, ...]
        adom: <your own value>
        system_npu:
          capwap_offload: <value in [disable, enable]>
          dedicated_management_affinity: <string>
          dedicated_management_cpu: <value in [disable, enable]>
          fastpath: <value in [disable, enable]>
          fp_anomaly:
            esp_minlen_err: <value in [drop, trap-to-host]>
            icmp_csum_err: <value in [drop, trap-to-host]>
            icmp_minlen_err: <value in [drop, trap-to-host]>
            ipv4_csum_err: <value in [drop, trap-to-host]>
            ipv4_ihl_err: <value in [drop, trap-to-host]>
            ipv4_len_err: <value in [drop, trap-to-host]>
            ipv4_opt_err: <value in [drop, trap-to-host]>
            ipv4_ttlzero_err: <value in [drop, trap-to-host]>
            ipv4_ver_err: <value in [drop, trap-to-host]>
            ipv6_exthdr_len_err: <value in [drop, trap-to-host]>
            ipv6_exthdr_order_err: <value in [drop, trap-to-host]>
            ipv6_ihl_err: <value in [drop, trap-to-host]>
            ipv6_plen_zero: <value in [drop, trap-to-host]>
            ipv6_ver_err: <value in [drop, trap-to-host]>
            tcp_csum_err: <value in [drop, trap-to-host]>
            tcp_hlen_err: <value in [drop, trap-to-host]>
            tcp_plen_err: <value in [drop, trap-to-host]>
            udp_csum_err: <value in [drop, trap-to-host]>
            udp_hlen_err: <value in [drop, trap-to-host]>
            udp_len_err: <value in [drop, trap-to-host]>
            udp_plen_err: <value in [drop, trap-to-host]>
            udplite_cover_err: <value in [drop, trap-to-host]>
            udplite_csum_err: <value in [drop, trap-to-host]>
            unknproto_minlen_err: <value in [drop, trap-to-host]>
            tcp_fin_only: <value in [allow, drop, trap-to-host]>
            ipv4_optsecurity: <value in [allow, drop, trap-to-host]>
            ipv6_optralert: <value in [allow, drop, trap-to-host]>
            tcp_syn_fin: <value in [allow, drop, trap-to-host]>
            ipv4_proto_err: <value in [allow, drop, trap-to-host]>
            ipv6_saddr_err: <value in [allow, drop, trap-to-host]>
            icmp_frag: <value in [allow, drop, trap-to-host]>
            ipv4_optssrr: <value in [allow, drop, trap-to-host]>
            ipv6_opthomeaddr: <value in [allow, drop, trap-to-host]>
            udp_land: <value in [allow, drop, trap-to-host]>
            ipv6_optinvld: <value in [allow, drop, trap-to-host]>
            tcp_fin_noack: <value in [allow, drop, trap-to-host]>
            ipv6_proto_err: <value in [allow, drop, trap-to-host]>
            tcp_land: <value in [allow, drop, trap-to-host]>
            ipv4_unknopt: <value in [allow, drop, trap-to-host]>
            ipv4_optstream: <value in [allow, drop, trap-to-host]>
            ipv6_optjumbo: <value in [allow, drop, trap-to-host]>
            icmp_land: <value in [allow, drop, trap-to-host]>
            tcp_winnuke: <value in [allow, drop, trap-to-host]>
            ipv6_daddr_err: <value in [allow, drop, trap-to-host]>
            ipv4_land: <value in [allow, drop, trap-to-host]>
            ipv6_opttunnel: <value in [allow, drop, trap-to-host]>
            tcp_no_flag: <value in [allow, drop, trap-to-host]>
            ipv6_land: <value in [allow, drop, trap-to-host]>
            ipv4_optlsrr: <value in [allow, drop, trap-to-host]>
            ipv4_opttimestamp: <value in [allow, drop, trap-to-host]>
            ipv4_optrr: <value in [allow, drop, trap-to-host]>
            ipv6_optnsap: <value in [allow, drop, trap-to-host]>
            ipv6_unknopt: <value in [allow, drop, trap-to-host]>
            tcp_syn_data: <value in [allow, drop, trap-to-host]>
            ipv6_optendpid: <value in [allow, drop, trap-to-host]>
            gtpu_plen_err: <value in [drop, trap-to-host]>
            vxlan_minlen_err: <value in [drop, trap-to-host]>
            capwap_minlen_err: <value in [drop, trap-to-host]>
            gre_csum_err: <value in [drop, trap-to-host]>
            nvgre_minlen_err: <value in [drop, trap-to-host]>
            sctp_l4len_err: <value in [drop, trap-to-host]>
            tcp_hlenvsl4len_err: <value in [drop, trap-to-host]>
            sctp_crc_err: <value in [drop, trap-to-host]>
            sctp_clen_err: <value in [drop, trap-to-host]>
            uesp_minlen_err: <value in [drop, trap-to-host]>
            sctp_csum_err: <value in [allow, drop, trap-to-host]>
          gtp_enhanced_cpu_range: <value in [0, 1, 2]>
          gtp_enhanced_mode: <value in [disable, enable]>
          host_shortcut_mode: <value in [bi-directional, host-shortcut]>
          htx_gtse_quota: <value in [100Mbps, 200Mbps, 300Mbps, ...]>
          intf_shaping_offload: <value in [disable, enable]>
          iph_rsvd_re_cksum: <value in [disable, enable]>
          ipsec_dec_subengine_mask: <string>
          ipsec_enc_subengine_mask: <string>
          ipsec_inbound_cache: <value in [disable, enable]>
          ipsec_mtu_override: <value in [disable, enable]>
          ipsec_over_vlink: <value in [disable, enable]>
          isf_np_queues:
            cos0: <string>
            cos1: <string>
            cos2: <string>
            cos3: <string>
            cos4: <string>
            cos5: <string>
            cos6: <string>
            cos7: <string>
          lag_out_port_select: <value in [disable, enable]>
          mcast_session_accounting: <value in [disable, session-based, tpe-based]>
          np6_cps_optimization_mode: <value in [disable, enable]>
          per_session_accounting: <value in [enable, disable, enable-by-log, ...]>
          port_cpu_map:
            -
              cpu_core: <string>
              interface: <string>
          port_npu_map:
            -
              interface: <string>
              npu_group_index: <integer>
          priority_protocol:
            bfd: <value in [disable, enable]>
            bgp: <value in [disable, enable]>
            slbc: <value in [disable, enable]>
          qos_mode: <value in [disable, priority, round-robin]>
          rdp_offload: <value in [disable, enable]>
          recover_np6_link: <value in [disable, enable]>
          session_denied_offload: <value in [disable, enable]>
          sse_backpressure: <value in [disable, enable]>
          strip_clear_text_padding: <value in [disable, enable]>
          strip_esp_padding: <value in [disable, enable]>
          sw_eh_hash:
            computation: <value in [xor16, xor8, xor4, ...]>
            destination_ip_lower_16: <value in [include, exclude]>
            destination_ip_upper_16: <value in [include, exclude]>
            destination_port: <value in [include, exclude]>
            ip_protocol: <value in [include, exclude]>
            netmask_length: <integer>
            source_ip_lower_16: <value in [include, exclude]>
            source_ip_upper_16: <value in [include, exclude]>
            source_port: <value in [include, exclude]>
          sw_np_bandwidth: <value in [0G, 2G, 4G, ...]>
          switch_np_hash: <value in [src-ip, dst-ip, src-dst-ip]>
          uesp_offload: <value in [disable, enable]>
          np_queues:
            ethernet_type:
              -
                name: <string>
                queue: <integer>
                type: <integer>
                weight: <integer>
            ip_protocol:
              -
                name: <string>
                protocol: <integer>
                queue: <integer>
                weight: <integer>
            ip_service:
              -
                dport: <integer>
                name: <string>
                protocol: <integer>
                queue: <integer>
                sport: <integer>
                weight: <integer>
            profile:
              -
                cos0: <value in [queue0, queue1, queue2, ...]>
                cos1: <value in [queue0, queue1, queue2, ...]>
                cos2: <value in [queue0, queue1, queue2, ...]>
                cos3: <value in [queue0, queue1, queue2, ...]>
                cos4: <value in [queue0, queue1, queue2, ...]>
                cos5: <value in [queue0, queue1, queue2, ...]>
                cos6: <value in [queue0, queue1, queue2, ...]>
                cos7: <value in [queue0, queue1, queue2, ...]>
                dscp0: <value in [queue0, queue1, queue2, ...]>
                dscp1: <value in [queue0, queue1, queue2, ...]>
                dscp10: <value in [queue0, queue1, queue2, ...]>
                dscp11: <value in [queue0, queue1, queue2, ...]>
                dscp12: <value in [queue0, queue1, queue2, ...]>
                dscp13: <value in [queue0, queue1, queue2, ...]>
                dscp14: <value in [queue0, queue1, queue2, ...]>
                dscp15: <value in [queue0, queue1, queue2, ...]>
                dscp16: <value in [queue0, queue1, queue2, ...]>
                dscp17: <value in [queue0, queue1, queue2, ...]>
                dscp18: <value in [queue0, queue1, queue2, ...]>
                dscp19: <value in [queue0, queue1, queue2, ...]>
                dscp2: <value in [queue0, queue1, queue2, ...]>
                dscp20: <value in [queue0, queue1, queue2, ...]>
                dscp21: <value in [queue0, queue1, queue2, ...]>
                dscp22: <value in [queue0, queue1, queue2, ...]>
                dscp23: <value in [queue0, queue1, queue2, ...]>
                dscp24: <value in [queue0, queue1, queue2, ...]>
                dscp25: <value in [queue0, queue1, queue2, ...]>
                dscp26: <value in [queue0, queue1, queue2, ...]>
                dscp27: <value in [queue0, queue1, queue2, ...]>
                dscp28: <value in [queue0, queue1, queue2, ...]>
                dscp29: <value in [queue0, queue1, queue2, ...]>
                dscp3: <value in [queue0, queue1, queue2, ...]>
                dscp30: <value in [queue0, queue1, queue2, ...]>
                dscp31: <value in [queue0, queue1, queue2, ...]>
                dscp32: <value in [queue0, queue1, queue2, ...]>
                dscp33: <value in [queue0, queue1, queue2, ...]>
                dscp34: <value in [queue0, queue1, queue2, ...]>
                dscp35: <value in [queue0, queue1, queue2, ...]>
                dscp36: <value in [queue0, queue1, queue2, ...]>
                dscp37: <value in [queue0, queue1, queue2, ...]>
                dscp38: <value in [queue0, queue1, queue2, ...]>
                dscp39: <value in [queue0, queue1, queue2, ...]>
                dscp4: <value in [queue0, queue1, queue2, ...]>
                dscp40: <value in [queue0, queue1, queue2, ...]>
                dscp41: <value in [queue0, queue1, queue2, ...]>
                dscp42: <value in [queue0, queue1, queue2, ...]>
                dscp43: <value in [queue0, queue1, queue2, ...]>
                dscp44: <value in [queue0, queue1, queue2, ...]>
                dscp45: <value in [queue0, queue1, queue2, ...]>
                dscp46: <value in [queue0, queue1, queue2, ...]>
                dscp47: <value in [queue0, queue1, queue2, ...]>
                dscp48: <value in [queue0, queue1, queue2, ...]>
                dscp49: <value in [queue0, queue1, queue2, ...]>
                dscp5: <value in [queue0, queue1, queue2, ...]>
                dscp50: <value in [queue0, queue1, queue2, ...]>
                dscp51: <value in [queue0, queue1, queue2, ...]>
                dscp52: <value in [queue0, queue1, queue2, ...]>
                dscp53: <value in [queue0, queue1, queue2, ...]>
                dscp54: <value in [queue0, queue1, queue2, ...]>
                dscp55: <value in [queue0, queue1, queue2, ...]>
                dscp56: <value in [queue0, queue1, queue2, ...]>
                dscp57: <value in [queue0, queue1, queue2, ...]>
                dscp58: <value in [queue0, queue1, queue2, ...]>
                dscp59: <value in [queue0, queue1, queue2, ...]>
                dscp6: <value in [queue0, queue1, queue2, ...]>
                dscp60: <value in [queue0, queue1, queue2, ...]>
                dscp61: <value in [queue0, queue1, queue2, ...]>
                dscp62: <value in [queue0, queue1, queue2, ...]>
                dscp63: <value in [queue0, queue1, queue2, ...]>
                dscp7: <value in [queue0, queue1, queue2, ...]>
                dscp8: <value in [queue0, queue1, queue2, ...]>
                dscp9: <value in [queue0, queue1, queue2, ...]>
                id: <integer>
                type: <value in [cos, dscp]>
                weight: <integer>
            scheduler:
              -
                mode: <value in [none, priority, round-robin]>
                name: <string>
          udp_timeout_profile:
            -
              id: <integer>
              udp_idle: <integer>
          qtm_buf_mode: <value in [6ch, 4ch]>
          default_qos_type: <value in [policing, shaping, policing-enhanced]>
          tcp_rst_timeout: <integer>
          ipsec_local_uesp_port: <integer>
          htab_dedi_queue_nr: <integer>
          double_level_mcast_offload: <value in [disable, enable]>
          dse_timeout: <integer>
          ippool_overload_low: <integer>
          pba_eim: <value in [disallow, allow]>
          policy_offload_level: <value in [disable, dos-offload, full-offload]>
          max_session_timeout: <integer>
          port_path_option:
            ports_using_npu: <list or string>
          vlan_lookup_cache: <value in [disable, enable]>
          dos_options:
            npu_dos_meter_mode: <value in [local, global]>
            npu_dos_synproxy_mode: <value in [synack2ack, pass-synack]>
            npu_dos_tpe_mode: <value in [disable, enable]>
          hash_tbl_spread: <value in [disable, enable]>
          tcp_timeout_profile:
            -
              close_wait: <integer>
              fin_wait: <integer>
              id: <integer>
              syn_sent: <integer>
              syn_wait: <integer>
              tcp_idle: <integer>
              time_wait: <integer>
          ip_reassembly:
            max_timeout: <integer>
            min_timeout: <integer>
            status: <value in [disable, enable]>
          gtp_support: <value in [disable, enable]>
          htx_icmp_csum_chk: <value in [pass, drop]>
          hpe:
            all_protocol: <integer>
            arp_max: <integer>
            enable_shaper: <value in [disable, enable]>
            esp_max: <integer>
            high_priority: <integer>
            icmp_max: <integer>
            ip_frag_max: <integer>
            ip_others_max: <integer>
            l2_others_max: <integer>
            pri_type_max: <integer>
            sctp_max: <integer>
            tcp_max: <integer>
            tcpfin_rst_max: <integer>
            tcpsyn_ack_max: <integer>
            tcpsyn_max: <integer>
            udp_max: <integer>
            enable_queue_shaper: <value in [disable, enable]>
            exception_code: <integer>
            fragment_with_sess: <integer>
            fragment_without_session: <integer>
            queue_shaper_max: <integer>
          dsw_dts_profile:
            -
              action: <value in [wait, drop, drop_tmr_0, ...]>
              min_limit: <integer>
              profile_id: <integer>
              step: <integer>
          hash_config: <value in [5-tuple, src-ip, src-dst-ip]>
          ipsec_ob_np_sel: <value in [RR, rr, Packet, ...]>
          napi_break_interval: <integer>
          background_sse_scan:
            scan: <value in [disable, enable]>
            stats_update_interval: <integer>
            udp_keepalive_interval: <integer>
            scan_stale: <integer>
            scan_vt: <integer>
            stats_qual_access: <integer>
            stats_qual_duration: <integer>
            udp_qual_access: <integer>
            udp_qual_duration: <integer>
          inbound_dscp_copy_port: <list or string>
          session_acct_interval: <integer>
          htab_msg_queue: <value in [idle, data, dedicated]>
          dsw_queue_dts_profile:
            -
              iport: <value in [EIF0, eif0, EIF1, ...]>
              name: <string>
              oport: <value in [EIF0, eif0, EIF1, ...]>
              profile_id: <integer>
              queue_select: <integer>
          hw_ha_scan_interval: <integer>
          ippool_overload_high: <integer>
          nat46_force_ipv4_packet_forwarding: <value in [disable, enable]>
          prp_port_out: <list or string>
          isf_np_rx_tr_distr: <value in [port-flow, round-robin, randomized]>
          mcast_session_counting6: <value in [disable, enable, session-based, ...]>
          prp_port_in: <list or string>
          rps_mode: <value in [disable, enable]>
          per_policy_accounting: <value in [disable, enable]>
          mcast_session_counting: <value in [disable, enable, session-based, ...]>
          inbound_dscp_copy: <value in [disable, enable]>
          ipsec_host_dfclr: <value in [disable, enable]>
          process_icmp_by_host: <value in [disable, enable]>
          dedicated_tx_npu: <value in [disable, enable]>
          ull_port_mode: <value in [10G, 25G]>
          sse_ha_scan:
            gap: <integer>
            max_session_cnt: <integer>
            min_duration: <integer>
          hash_ipv6_sel: <integer>
          ip_fragment_offload: <value in [disable, enable]>
          ple_non_syn_tcp_action: <value in [forward, drop]>
          npu_group_effective_scope: <integer>
          ipsec_STS_timeout: <value in [1, 2, 3, ...]>
          ipsec_throughput_msg_frequency: <value in [disable, 32KB, 64KB, ...]>
          ipt_STS_timeout: <value in [1, 2, 3, ...]>
          ipt_throughput_msg_frequency: <value in [disable, 32KB, 64KB, ...]>
          default_tcp_refresh_dir: <value in [both, outgoing, incoming]>
          default_udp_refresh_dir: <value in [both, outgoing, incoming]>
          nss_threads_option: <value in [4t-eif, 4t-noeif, 2t]>
          prp_session_clear_mode: <value in [blocking, non-blocking, do-not-clear]>
          shaping_stats: <value in [disable, enable]>
          sw_tr_hash:
            draco15: <value in [disable, enable]>
            tcp_udp_port: <value in [include, exclude]>
          pba_port_select_mode: <value in [random, direct]>
          spa_port_select_mode: <value in [random, direct]>
          split_ipsec_engines: <value in [disable, enable]>
          tunnel_over_vlink: <value in [disable, enable]>
          max_receive_unit: <integer>
          npu_tcam:
            -
              data:
                df: <value in [disable, enable]>
                dstip: <string>
                dstipv6: <string>
                dstmac: <string>
                dstport: <integer>
                ethertype: <string>
                ext_tag: <value in [disable, enable]>
                frag_off: <integer>
                gen_buf_cnt: <integer>
                gen_iv: <value in [invalid, valid]>
                gen_l3_flags: <integer>
                gen_l4_flags: <integer>
                gen_pkt_ctrl: <integer>
                gen_pri: <integer>
                gen_pri_v: <value in [invalid, valid]>
                gen_tv: <value in [invalid, valid]>
                ihl: <integer>
                ip4_id: <integer>
                ip6_fl: <integer>
                ipver: <integer>
                l4_wd10: <integer>
                l4_wd11: <integer>
                l4_wd8: <integer>
                l4_wd9: <integer>
                mf: <value in [disable, enable]>
                protocol: <integer>
                slink: <integer>
                smac_change: <value in [disable, enable]>
                sp: <integer>
                src_cfi: <value in [disable, enable]>
                src_prio: <integer>
                src_updt: <value in [disable, enable]>
                srcip: <string>
                srcipv6: <string>
                srcmac: <string>
                srcport: <integer>
                svid: <integer>
                tcp_ack: <value in [disable, enable]>
                tcp_cwr: <value in [disable, enable]>
                tcp_ece: <value in [disable, enable]>
                tcp_fin: <value in [disable, enable]>
                tcp_push: <value in [disable, enable]>
                tcp_rst: <value in [disable, enable]>
                tcp_syn: <value in [disable, enable]>
                tcp_urg: <value in [disable, enable]>
                tgt_cfi: <value in [disable, enable]>
                tgt_prio: <integer>
                tgt_updt: <value in [disable, enable]>
                tgt_v: <value in [invalid, valid]>
                tos: <integer>
                tp: <integer>
                ttl: <integer>
                tvid: <integer>
                vdid: <integer>
              dbg_dump: <integer>
              mask:
                df: <value in [disable, enable]>
                dstip: <string>
                dstipv6: <string>
                dstmac: <string>
                dstport: <integer>
                ethertype: <string>
                ext_tag: <value in [disable, enable]>
                frag_off: <integer>
                gen_buf_cnt: <integer>
                gen_iv: <value in [invalid, valid]>
                gen_l3_flags: <integer>
                gen_l4_flags: <integer>
                gen_pkt_ctrl: <integer>
                gen_pri: <integer>
                gen_pri_v: <value in [invalid, valid]>
                gen_tv: <value in [invalid, valid]>
                ihl: <integer>
                ip4_id: <integer>
                ip6_fl: <integer>
                ipver: <integer>
                l4_wd10: <integer>
                l4_wd11: <integer>
                l4_wd8: <integer>
                l4_wd9: <integer>
                mf: <value in [disable, enable]>
                protocol: <integer>
                slink: <integer>
                smac_change: <value in [disable, enable]>
                sp: <integer>
                src_cfi: <value in [disable, enable]>
                src_prio: <integer>
                src_updt: <value in [disable, enable]>
                srcip: <string>
                srcipv6: <string>
                srcmac: <string>
                srcport: <integer>
                svid: <integer>
                tcp_ack: <value in [disable, enable]>
                tcp_cwr: <value in [disable, enable]>
                tcp_ece: <value in [disable, enable]>
                tcp_fin: <value in [disable, enable]>
                tcp_push: <value in [disable, enable]>
                tcp_rst: <value in [disable, enable]>
                tcp_syn: <value in [disable, enable]>
                tcp_urg: <value in [disable, enable]>
                tgt_cfi: <value in [disable, enable]>
                tgt_prio: <integer>
                tgt_updt: <value in [disable, enable]>
                tgt_v: <value in [invalid, valid]>
                tos: <integer>
                tp: <integer>
                ttl: <integer>
                tvid: <integer>
                vdid: <integer>
              mir_act:
                vlif: <integer>
              name: <string>
              oid: <integer>
              pri_act:
                priority: <integer>
                weight: <integer>
              sact:
                act: <integer>
                act_v: <value in [disable, enable]>
                bmproc: <integer>
                bmproc_v: <value in [disable, enable]>
                df_lif: <integer>
                df_lif_v: <value in [disable, enable]>
                dfr: <integer>
                dfr_v: <value in [disable, enable]>
                dmac_skip: <integer>
                dmac_skip_v: <value in [disable, enable]>
                dosen: <integer>
                dosen_v: <value in [disable, enable]>
                espff_proc: <integer>
                espff_proc_v: <value in [disable, enable]>
                etype_pid: <integer>
                etype_pid_v: <value in [disable, enable]>
                frag_proc: <integer>
                frag_proc_v: <value in [disable, enable]>
                fwd: <integer>
                fwd_lif: <integer>
                fwd_lif_v: <value in [disable, enable]>
                fwd_tvid: <integer>
                fwd_tvid_v: <value in [disable, enable]>
                fwd_v: <value in [disable, enable]>
                icpen: <integer>
                icpen_v: <value in [disable, enable]>
                igmp_mld_snp: <integer>
                igmp_mld_snp_v: <value in [disable, enable]>
                learn: <integer>
                learn_v: <value in [disable, enable]>
                m_srh_ctrl: <integer>
                m_srh_ctrl_v: <value in [disable, enable]>
                mac_id: <integer>
                mac_id_v: <value in [disable, enable]>
                mss: <integer>
                mss_v: <value in [disable, enable]>
                pleen: <integer>
                pleen_v: <value in [disable, enable]>
                prio_pid: <integer>
                prio_pid_v: <value in [disable, enable]>
                promis: <integer>
                promis_v: <value in [disable, enable]>
                rfsh: <integer>
                rfsh_v: <value in [disable, enable]>
                smac_skip: <integer>
                smac_skip_v: <value in [disable, enable]>
                tp_smchk_v: <value in [disable, enable]>
                tp_smchk: <integer>
                tpe_id: <integer>
                tpe_id_v: <value in [disable, enable]>
                vdm: <integer>
                vdm_v: <value in [disable, enable]>
                vdom_id: <integer>
                vdom_id_v: <value in [disable, enable]>
                x_mode: <integer>
                x_mode_v: <value in [disable, enable]>
              tact:
                act: <integer>
                act_v: <value in [disable, enable]>
                fmtuv4_s: <integer>
                fmtuv4_s_v: <value in [disable, enable]>
                fmtuv6_s: <integer>
                fmtuv6_s_v: <value in [disable, enable]>
                lnkid: <integer>
                lnkid_v: <value in [disable, enable]>
                mac_id: <integer>
                mac_id_v: <value in [disable, enable]>
                mss_t: <integer>
                mss_t_v: <value in [disable, enable]>
                mtuv4: <integer>
                mtuv4_v: <value in [disable, enable]>
                mtuv6: <integer>
                mtuv6_v: <value in [disable, enable]>
                slif_act: <integer>
                slif_act_v: <value in [disable, enable]>
                sublnkid: <integer>
                sublnkid_v: <value in [disable, enable]>
                tgtv_act: <integer>
                tgtv_act_v: <value in [disable, enable]>
                tlif_act: <integer>
                tlif_act_v: <value in [disable, enable]>
                tpeid: <integer>
                tpeid_v: <value in [disable, enable]>
                v6fe: <integer>
                v6fe_v: <value in [disable, enable]>
                vep_en_v: <value in [disable, enable]>
                vep_slid: <integer>
                vep_slid_v: <value in [disable, enable]>
                vep_en: <integer>
                xlt_lif: <integer>
                xlt_lif_v: <value in [disable, enable]>
                xlt_vid: <integer>
                xlt_vid_v: <value in [disable, enable]>
              type: <value in [L2_src_tc, L2_tgt_tc, L2_src_mir, ...]>
              vid: <integer>
          icmp_rate_ctrl:
            icmp_v4_bucket_size: <integer>
            icmp_v4_rate: <integer>
            icmp_v6_bucket_size: <integer>
            icmp_v6_rate: <integer>
          vxlan_offload: <value in [disable, enable]>
          icmp_error_rate_ctrl:
            icmpv4_error_bucket_size: <integer>
            icmpv4_error_rate: <integer>
            icmpv4_error_rate_limit: <value in [disable, enable]>
            icmpv6_error_bucket_size: <integer>
            icmpv6_error_rate: <integer>
            icmpv6_error_rate_limit: <value in [disable, enable]>
          ipv4_session_quota: <value in [disable, enable]>
          ipv4_session_quota_high: <integer>
          ipv4_session_quota_low: <integer>
          ipv6_prefix_session_quota: <value in [disable, enable]>
          ipv6_prefix_session_quota_high: <integer>
          ipv6_prefix_session_quota_low: <integer>
          dedicated_lacp_queue: <value in [disable, enable]>

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

meta

dictionary

The result of the request.

Returned: always

request_url

string

The full url requested.

Returned: always

Sample: "/sys/login/user"

response_code

integer

The status of api request.

Returned: always

Sample: 0

response_data

list / elements=string

The api response.

Returned: always

response_message

string

The descriptive message of the api response.

Returned: always

Sample: "OK."

system_information

dictionary

The information of the target system.

Returned: always

rc

integer

The status the request.

Returned: always

Sample: 0

version_check_warning

list / elements=string

Warning if the parameters used in the playbook are not supported by the current FortiManager version.

Returned: complex

Authors

  • Xinwei Du (@dux-fortinet)

  • Xing Li (@lix-fortinet)

  • Jie Xue (@JieX19)

  • Link Zheng (@chillancezen)

  • Frank Shen (@fshen01)

  • Hongbin Lu (@fgtdev-hblu)