fortinet.fortimanager.fmgr_system_npu module – Configure NPU attributes.
Note
This module is part of the fortinet.fortimanager collection (version 2.7.0).
You might already have this collection installed if you are using the ansible package.
It is not included in ansible-core.
To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install fortinet.fortimanager.
To use it in a playbook, specify: fortinet.fortimanager.fmgr_system_npu.
New in fortinet.fortimanager 2.1.0
Synopsis
This module is able to configure a FortiManager device.
Examples include all parameters and values which need to be adjusted to data sources before usage.
Parameters
Parameter |
Comments |
|---|---|
The token to access FortiManager without using username and password. |
|
The parameter (adom) in requested url. |
|
Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters. Choices:
|
|
Enable/Disable logging for task. Choices:
|
|
Authenticate Ansible client with forticloud API access token. |
|
The overridden method for the underlying Json RPC request. Choices:
|
|
The rc codes list with which the conditions to fail will be overriden. |
|
The rc codes list with which the conditions to succeed will be overriden. |
|
The top level parameters set. |
|
Deprecated, please rename it to background_sse_scan. Background sse scan. |
|
Enable/disable background SSE scan by driver thread Choices:
|
|
Deprecated, please rename it to scan_stale. Configure scanning of active or stale sessions |
|
Deprecated, please rename it to scan_vt. Select version/type to scan |
|
Deprecated, please rename it to stats_qual_access. Statistics update access qualification in seconds |
|
Deprecated, please rename it to stats_qual_duration. Statistics update duration qualification in seconds |
|
Deprecated, please rename it to stats_update_interval. Stats update interval |
|
Deprecated, please rename it to udp_keepalive_interval. UDP keepalive interval |
|
Deprecated, please rename it to udp_qual_access. UDP keepalive access qualification in seconds |
|
Deprecated, please rename it to udp_qual_duration. UDP keepalive duration qualification in seconds |
|
Deprecated, please rename it to capwap_offload. Enable/disable offloading managed FortiAP and FortiLink CAPWAP sessions. Choices:
|
|
Deprecated, please rename it to dedicated_management_affinity. Affinity setting for management deamons |
|
Deprecated, please rename it to dedicated_management_cpu. Enable to dedicate one CPU for GUI and CLI connections when NPs … Choices:
|
|
Deprecated, please rename it to dedicated_tx_npu. Enable/disable dedication of 3rd NPU for slow path TX. Choices:
|
|
Deprecated, please rename it to default_qos_type. Set default QoS type. Choices:
|
|
Deprecated, please rename it to default_tcp_refresh_dir. Default SSE timeout TCP refresh direction. Choices:
|
|
Deprecated, please rename it to default_udp_refresh_dir. Default SSE timeout UDP refresh direction. Choices:
|
|
Deprecated, please rename it to dos_options. Dos options. |
|
Deprecated, please rename it to npu_dos_meter_mode. Set DoS meter NPU offloading mode. Choices:
|
|
Deprecated, please rename it to npu_dos_synproxy_mode. Set NPU DoS SYNPROXY mode. Choices:
|
|
Deprecated, please rename it to npu_dos_tpe_mode. Enable/disable insertion of DoS meter ID to session table. Choices:
|
|
Deprecated, please rename it to double_level_mcast_offload. Enable double level mcast offload. Choices:
|
|
Deprecated, please rename it to dse_timeout. DSE timeout in seconds |
|
Deprecated, please rename it to dsw_dts_profile. Dsw dts profile. |
|
Set NPU DSW DTS profile action. Choices:
|
|
Deprecated, please rename it to min_limit. Set NPU DSW DTS profile min-limt. |
|
Deprecated, please rename it to profile_id. Set NPU DSW DTS profile profile id. |
|
Set NPU DSW DTS profile step. |
|
Deprecated, please rename it to dsw_queue_dts_profile. Dsw queue dts profile. |
|
Set NPU DSW DTS in port. Choices:
|
|
Name. |
|
Set NPU DSW DTS out port. Choices:
|
|
Deprecated, please rename it to profile_id. Set NPU DSW DTS profile ID. |
|
Deprecated, please rename it to queue_select. Set NPU DSW DTS queue ID select |
|
Enable/disable NP6 offloading Choices:
|
|
Deprecated, please rename it to fp_anomaly. Fp anomaly. |
|
Deprecated, please rename it to capwap_minlen_err. Capwap minlen err. Choices:
|
|
Deprecated, please rename it to esp_minlen_err. Invalid IPv4 ESP short packet anomalies. Choices:
|
|
Deprecated, please rename it to gre_csum_err. Gre csum err. Choices:
|
|
Deprecated, please rename it to gtpu_plen_err. Gtpu plen err. Choices:
|
|
Deprecated, please rename it to icmp_csum_err. Invalid IPv4 ICMP packet checksum anomalies. Choices:
|
|
Deprecated, please rename it to icmp_frag. Layer 3 fragmented packets that could be part of layer 4 ICMP anomalies. Choices:
|
|
Deprecated, please rename it to icmp_land. ICMP land anomalies. Choices:
|
|
Deprecated, please rename it to icmp_minlen_err. Invalid IPv4 ICMP short packet anomalies. Choices:
|
|
Deprecated, please rename it to ipv4_csum_err. Invalid IPv4 packet checksum anomalies. Choices:
|
|
Deprecated, please rename it to ipv4_ihl_err. Invalid IPv4 header length anomalies. Choices:
|
|
Deprecated, please rename it to ipv4_land. Land anomalies. Choices:
|
|
Deprecated, please rename it to ipv4_len_err. Invalid IPv4 packet length anomalies. Choices:
|
|
Deprecated, please rename it to ipv4_opt_err. Invalid IPv4 option parsing anomalies. Choices:
|
|
Deprecated, please rename it to ipv4_optlsrr. Loose source record route option anomalies. Choices:
|
|
Deprecated, please rename it to ipv4_optrr. Record route option anomalies. Choices:
|
|
Deprecated, please rename it to ipv4_optsecurity. Security option anomalies. Choices:
|
|
Deprecated, please rename it to ipv4_optssrr. Strict source record route option anomalies. Choices:
|
|
Deprecated, please rename it to ipv4_optstream. Stream option anomalies. Choices:
|
|
Deprecated, please rename it to ipv4_opttimestamp. Timestamp option anomalies. Choices:
|
|
Deprecated, please rename it to ipv4_proto_err. Invalid layer 4 protocol anomalies. Choices:
|
|
Deprecated, please rename it to ipv4_ttlzero_err. Invalid IPv4 TTL field zero anomalies. Choices:
|
|
Deprecated, please rename it to ipv4_unknopt. Unknown option anomalies. Choices:
|
|
Deprecated, please rename it to ipv4_ver_err. Invalid IPv4 header version anomalies. Choices:
|
|
Deprecated, please rename it to ipv6_daddr_err. Destination address as unspecified or loopback address anomalies. Choices:
|
|
Deprecated, please rename it to ipv6_exthdr_len_err. Invalid IPv6 packet chain extension header total length anoma… Choices:
|
|
Deprecated, please rename it to ipv6_exthdr_order_err. Invalid IPv6 packet extension header ordering anomalies. Choices:
|
|
Deprecated, please rename it to ipv6_ihl_err. Invalid IPv6 packet length anomalies. Choices:
|
|
Deprecated, please rename it to ipv6_land. Land anomalies. Choices:
|
|
Deprecated, please rename it to ipv6_optendpid. End point identification anomalies. Choices:
|
|
Deprecated, please rename it to ipv6_opthomeaddr. Home address option anomalies. Choices:
|
|
Deprecated, please rename it to ipv6_optinvld. Invalid option anomalies. Choices:
|
|
Deprecated, please rename it to ipv6_optjumbo. Jumbo options anomalies. Choices:
|
|
Deprecated, please rename it to ipv6_optnsap. Network service access point address option anomalies. Choices:
|
|
Deprecated, please rename it to ipv6_optralert. Router alert option anomalies. Choices:
|
|
Deprecated, please rename it to ipv6_opttunnel. Tunnel encapsulation limit option anomalies. Choices:
|
|
Deprecated, please rename it to ipv6_plen_zero. Invalid IPv6 packet payload length zero anomalies. Choices:
|
|
Deprecated, please rename it to ipv6_proto_err. Layer 4 invalid protocol anomalies. Choices:
|
|
Deprecated, please rename it to ipv6_saddr_err. Source address as multicast anomalies. Choices:
|
|
Deprecated, please rename it to ipv6_unknopt. Unknown option anomalies. Choices:
|
|
Deprecated, please rename it to ipv6_ver_err. Invalid IPv6 packet version anomalies. Choices:
|
|
Deprecated, please rename it to nvgre_minlen_err. Nvgre minlen err. Choices:
|
|
Deprecated, please rename it to sctp_clen_err. Sctp clen err. Choices:
|
|
Deprecated, please rename it to sctp_crc_err. Sctp crc err. Choices:
|
|
Deprecated, please rename it to sctp_csum_err. Invalid IPv4 SCTP checksum anomalies. Choices:
|
|
Deprecated, please rename it to sctp_l4len_err. Sctp l4len err. Choices:
|
|
Deprecated, please rename it to tcp_csum_err. Invalid IPv4 TCP packet checksum anomalies. Choices:
|
|
Deprecated, please rename it to tcp_fin_noack. TCP SYN flood with FIN flag set without ACK setting anomalies. Choices:
|
|
Deprecated, please rename it to tcp_fin_only. TCP SYN flood with only FIN flag set anomalies. Choices:
|
|
Deprecated, please rename it to tcp_hlen_err. Invalid IPv4 TCP header length anomalies. Choices:
|
|
Deprecated, please rename it to tcp_hlenvsl4len_err. Tcp hlenvsl4len err. Choices:
|
|
Deprecated, please rename it to tcp_land. TCP land anomalies. Choices:
|
|
Deprecated, please rename it to tcp_no_flag. TCP SYN flood with no flag set anomalies. Choices:
|
|
Deprecated, please rename it to tcp_plen_err. Invalid IPv4 TCP packet length anomalies. Choices:
|
|
Deprecated, please rename it to tcp_syn_data. TCP SYN flood packets with data anomalies. Choices:
|
|
Deprecated, please rename it to tcp_syn_fin. TCP SYN flood SYN/FIN flag set anomalies. Choices:
|
|
Deprecated, please rename it to tcp_winnuke. TCP WinNuke anomalies. Choices:
|
|
Deprecated, please rename it to udp_csum_err. Invalid IPv4 UDP packet checksum anomalies. Choices:
|
|
Deprecated, please rename it to udp_hlen_err. Invalid IPv4 UDP packet header length anomalies. Choices:
|
|
Deprecated, please rename it to udp_land. UDP land anomalies. Choices:
|
|
Deprecated, please rename it to udp_len_err. Invalid IPv4 UDP packet length anomalies. Choices:
|
|
Deprecated, please rename it to udp_plen_err. Invalid IPv4 UDP packet minimum length anomalies. Choices:
|
|
Deprecated, please rename it to udplite_cover_err. Invalid IPv4 UDP-Lite packet coverage anomalies. Choices:
|
|
Deprecated, please rename it to udplite_csum_err. Invalid IPv4 UDP-Lite packet checksum anomalies. Choices:
|
|
Deprecated, please rename it to uesp_minlen_err. Uesp minlen err. Choices:
|
|
Deprecated, please rename it to unknproto_minlen_err. Invalid IPv4 L4 unknown protocol short packet anomalies. Choices:
|
|
Deprecated, please rename it to vxlan_minlen_err. Vxlan minlen err. Choices:
|
|
Deprecated, please rename it to gtp_enhanced_cpu_range. GTP enhanced CPU range option. Choices:
|
|
Deprecated, please rename it to gtp_enhanced_mode. Enable/disable GTP enhanced mode. Choices:
|
|
Deprecated, please rename it to gtp_support. Enable/Disable NP7 GTP support Choices:
|
|
Deprecated, please rename it to hash_config. Configure NPU trunk hash. Choices:
|
|
Deprecated, please rename it to hash_ipv6_sel. Select which 4bytes of the IPv6 address are used for traffic hash |
|
Deprecated, please rename it to hash_tbl_spread. Enable/disable hash table entry spread Choices:
|
|
Deprecated, please rename it to host_shortcut_mode. Set np6 host shortcut mode. Choices:
|
|
Hpe. |
|
Deprecated, please rename it to all_protocol. Maximum packet rate of each host queue except high priority traffic |
|
Deprecated, please rename it to arp_max. Maximum ARP packet rate |
|
Deprecated, please rename it to enable_queue_shaper. Enable/Disable NPU host protection engine Choices:
|
|
Deprecated, please rename it to enable_shaper. Enable/Disable NPU Host Protection Engine Choices:
|
|
Deprecated, please rename it to esp_max. Maximum ESP packet rate |
|
Deprecated, please rename it to exception_code. Maximum exception code rate of traffic |
|
Deprecated, please rename it to fragment_with_sess. Maximum fragment with session rate of traffic |
|
Deprecated, please rename it to fragment_without_session. Maximum fragment without session rate of traffic |
|
Deprecated, please rename it to high_priority. Maximum packet rate for high priority traffic packets |
|
Deprecated, please rename it to icmp_max. Maximum ICMP packet rate |
|
Deprecated, please rename it to ip_frag_max. Maximum fragmented IP packet rate |
|
Deprecated, please rename it to ip_others_max. Maximum IP packet rate for other packets |
|
Deprecated, please rename it to l2_others_max. Maximum L2 packet rate for L2 packets that are not ARP packets |
|
Deprecated, please rename it to pri_type_max. Maximum overflow rate of priority type traffic |
|
Deprecated, please rename it to queue_shaper_max. Maximum per queue byte rate of traffic |
|
Deprecated, please rename it to sctp_max. Maximum SCTP packet rate |
|
Deprecated, please rename it to tcp_max. Maximum TCP packet rate |
|
Deprecated, please rename it to tcpfin_rst_max. Maximum TCP carries FIN or RST flags packet rate |
|
Deprecated, please rename it to tcpsyn_ack_max. Maximum TCP carries SYN and ACK flags packet rate |
|
Deprecated, please rename it to tcpsyn_max. Maximum TCP SYN packet rate |
|
Deprecated, please rename it to udp_max. Maximum UDP packet rate |
|
Deprecated, please rename it to htab_dedi_queue_nr. Set the number of dedicate queue for hash table messages. |
|
Deprecated, please rename it to htab_msg_queue. Set hash table message queue mode. Choices:
|
|
Deprecated, please rename it to htx_gtse_quota. Configure HTX GTSE quota. Choices:
|
|
Deprecated, please rename it to htx_icmp_csum_chk. Set HTX icmp csum checking mode. Choices:
|
|
Deprecated, please rename it to hw_ha_scan_interval. HW HA periodical scan interval in seconds |
|
Deprecated, please rename it to icmp_error_rate_ctrl. Icmp error rate ctrl. |
|
Deprecated, please rename it to icmpv4_error_bucket_size. Bucket size used in the token bucket algorithm for contr… |
|
Deprecated, please rename it to icmpv4_error_rate. Average rate of ICMPv4 error packets that allowed to be generat… |
|
Deprecated, please rename it to icmpv4_error_rate_limit. Enable to limit the ICMPv4 error packets generated by thi… Choices:
|
|
Deprecated, please rename it to icmpv6_error_bucket_size. Bucket size used in the token bucket algorithm for contr… |
|
Deprecated, please rename it to icmpv6_error_rate. Average rate of ICMPv6 error packets that allowed to be generat… |
|
Deprecated, please rename it to icmpv6_error_rate_limit. Enable to limit the ICMPv6 error packets generated by thi… Choices:
|
|
Deprecated, please rename it to icmp_rate_ctrl. Icmp rate ctrl. |
|
Deprecated, please rename it to icmp_v4_bucket_size. Bucket size used in the token bucket algorithm for controllin… |
|
Deprecated, please rename it to icmp_v4_rate. Average rate of ICMPv4 packets that allowed to be generated per second |
|
Deprecated, please rename it to icmp_v6_bucket_size. Bucket size used in the token bucket algorithm for controllin… |
|
Deprecated, please rename it to icmp_v6_rate. Average rate of ICMPv6 packets that allowed to be generated per second |
|
Deprecated, please rename it to inbound_dscp_copy. Enable/disable copying the DSCP field from outer IP header to inner IP … Choices:
|
|
(list) Deprecated, please rename it to inbound_dscp_copy_port. Physical interfaces that support inbound-dscp-copy. |
|
Deprecated, please rename it to intf_shaping_offload. Enable/disable NPU offload when doing interface-based traffic shapin… Choices:
|
|
Deprecated, please rename it to ip_fragment_offload. Enable/disable NP7 NPU IP fragment offload. Choices:
|
|
Deprecated, please rename it to ip_reassembly. Ip reassembly. |
|
Deprecated, please rename it to max_timeout. Maximum timeout value for IP reassembly |
|
Deprecated, please rename it to min_timeout. Minimum timeout value for IP reassembly |
|
Set IP reassembly processing status. Choices:
|
|
Deprecated, please rename it to iph_rsvd_re_cksum. Enable/disable IP checksum re-calculation for packets with iph. Choices:
|
|
Deprecated, please rename it to ippool_overload_high. High threshold for overload ippool port reuse |
|
Deprecated, please rename it to ippool_overload_low. Low threshold for overload ippool port reuse |
|
Deprecated, please rename it to ipsec_dec_subengine_mask. IPsec decryption subengine mask |
|
Deprecated, please rename it to ipsec_enc_subengine_mask. IPsec encryption subengine mask |
|
Deprecated, please rename it to ipsec_host_dfclr. Enable/disable DF clearing of NP4lite host IPsec offload. Choices:
|
|
Deprecated, please rename it to ipsec_inbound_cache. Enable/disable IPsec inbound cache for anti-replay. Choices:
|
|
Deprecated, please rename it to ipsec_local_uesp_port. Ipsec local uesp port. |
|
Deprecated, please rename it to ipsec_mtu_override. Enable/disable NP6 IPsec MTU override. Choices:
|
|
Deprecated, please rename it to ipsec_ob_np_sel. IPsec NP selection for OB SA offloading. Choices:
|
|
Deprecated, please rename it to ipsec_over_vlink. Enable/disable IPSEC over vlink. Choices:
|
|
Deprecated, please rename it to ipsec_STS_timeout. Set NP7Lite IPsec STS msg timeout. Choices:
|
|
Deprecated, please rename it to ipsec_throughput_msg_frequency. Set NP7Lite IPsec throughput msg frequency Choices:
|
|
Deprecated, please rename it to ipt_STS_timeout. Set NP7Lite IPT STS msg timeout. Choices:
|
|
Deprecated, please rename it to ipt_throughput_msg_frequency. Set NP7Lite IPT throughput msg frequency Choices:
|
|
Deprecated, please rename it to ipv4_session_quota. Enable/Disable NoNAT IPv4 session quota for hyperscale VDOMs. Choices:
|
|
Deprecated, please rename it to ipv4_session_quota_high. Configure NoNAT IPv4 session quota high threshold. |
|
Deprecated, please rename it to ipv4_session_quota_low. Configure NoNAT IPv4 session quota low threshold. |
|
Deprecated, please rename it to ipv6_prefix_session_quota. Enable/Disable hardware IPv6 /64 prefix session quota for hyper… Choices:
|
|
Deprecated, please rename it to ipv6_prefix_session_quota_high. Configure IPv6 prefix session quota high threshold. |
|
Deprecated, please rename it to ipv6_prefix_session_quota_low. Configure IPv6 prefix session quota low threshold. |
|
Deprecated, please rename it to isf_np_queues. Isf np queues. |
|
CoS profile name for CoS 0. |
|
CoS profile name for CoS 1. |
|
CoS profile name for CoS 2. |
|
CoS profile name for CoS 3. |
|
CoS profile name for CoS 4. |
|
CoS profile name for CoS 5. |
|
CoS profile name for CoS 6. |
|
CoS profile name for CoS 7. |
|
Deprecated, please rename it to isf_np_rx_tr_distr. Select ISF NP Rx trunk distribution Choices:
|
|
Deprecated, please rename it to lag_out_port_select. Enable/disable LAG outgoing port selection based on incoming traffic … Choices:
|
|
Deprecated, please rename it to max_receive_unit. Set the maximum packet size for receive, larger packets will be silently… |
|
Deprecated, please rename it to max_session_timeout. Maximum time interval for refreshing NPU-offloaded sessions |
|
Deprecated, please rename it to mcast_session_accounting. Enable/disable traffic accounting for each multicast session thr… Choices:
|
|
Deprecated, please rename it to mcast_session_counting. Mcast session counting. Choices:
|
|
Deprecated, please rename it to mcast_session_counting6. Enable/disable traffic accounting for each multicast session6 thr… Choices:
|
|
Deprecated, please rename it to napi_break_interval. NAPI break interval |
|
Deprecated, please rename it to nat46_force_ipv4_packet_forwarding. Enable/disable mandatory IPv4 packet forwarding in nat46. Choices:
|
|
Deprecated, please rename it to np_queues. Np queues. |
|
Deprecated, please rename it to ethernet_type. Ethernet type. |
|
Ethernet Type Name. |
|
Queue Number. |
|
Ethernet Type. |
|
Class Weight. |
|
Deprecated, please rename it to ip_protocol. Ip protocol. |
|
IP Protocol Name. |
|
IP Protocol. |
|
Queue Number. |
|
Class Weight. |
|
Deprecated, please rename it to ip_service. Ip service. |
|
Destination port. |
|
IP service name. |
|
IP protocol. |
|
Queue number. |
|
Source port. |
|
Class weight. |
|
Profile. |
|
Queue number of CoS 0. Choices:
|
|
Queue number of CoS 1. Choices:
|
|
Queue number of CoS 2. Choices:
|
|
Queue number of CoS 3. Choices:
|
|
Queue number of CoS 4. Choices:
|
|
Queue number of CoS 5. Choices:
|
|
Queue number of CoS 6. Choices:
|
|
Queue number of CoS 7. Choices:
|
|
Queue number of DSCP 0. Choices:
|
|
Queue number of DSCP 1. Choices:
|
|
Queue number of DSCP 10. Choices:
|
|
Queue number of DSCP 11. Choices:
|
|
Queue number of DSCP 12. Choices:
|
|
Queue number of DSCP 13. Choices:
|
|
Queue number of DSCP 14. Choices:
|
|
Queue number of DSCP 15. Choices:
|
|
Queue number of DSCP 16. Choices:
|
|
Queue number of DSCP 17. Choices:
|
|
Queue number of DSCP 18. Choices:
|
|
Queue number of DSCP 19. Choices:
|
|
Queue number of DSCP 2. Choices:
|
|
Queue number of DSCP 20. Choices:
|
|
Queue number of DSCP 21. Choices:
|
|
Queue number of DSCP 22. Choices:
|
|
Queue number of DSCP 23. Choices:
|
|
Queue number of DSCP 24. Choices:
|
|
Queue number of DSCP 25. Choices:
|
|
Queue number of DSCP 26. Choices:
|
|
Queue number of DSCP 27. Choices:
|
|
Queue number of DSCP 28. Choices:
|
|
Queue number of DSCP 29. Choices:
|
|
Queue number of DSCP 3. Choices:
|
|
Queue number of DSCP 30. Choices:
|
|
Queue number of DSCP 31. Choices:
|
|
Queue number of DSCP 32. Choices:
|
|
Queue number of DSCP 33. Choices:
|
|
Queue number of DSCP 34. Choices:
|
|
Queue number of DSCP 35. Choices:
|
|
Queue number of DSCP 36. Choices:
|
|
Queue number of DSCP 37. Choices:
|
|
Queue number of DSCP 38. Choices:
|
|
Queue number of DSCP 39. Choices:
|
|
Queue number of DSCP 4. Choices:
|
|
Queue number of DSCP 40. Choices:
|
|
Queue number of DSCP 41. Choices:
|
|
Queue number of DSCP 42. Choices:
|
|
Queue number of DSCP 43. Choices:
|
|
Queue number of DSCP 44. Choices:
|
|
Queue number of DSCP 45. Choices:
|
|
Queue number of DSCP 46. Choices:
|
|
Queue number of DSCP 47. Choices:
|
|
Queue number of DSCP 48. Choices:
|
|
Queue number of DSCP 49. Choices:
|
|
Queue number of DSCP 5. Choices:
|
|
Queue number of DSCP 50. Choices:
|
|
Queue number of DSCP 51. Choices:
|
|
Queue number of DSCP 52. Choices:
|
|
Queue number of DSCP 53. Choices:
|
|
Queue number of DSCP 54. Choices:
|
|
Queue number of DSCP 55. Choices:
|
|
Queue number of DSCP 56. Choices:
|
|
Queue number of DSCP 57. Choices:
|
|
Queue number of DSCP 58. Choices:
|
|
Queue number of DSCP 59. Choices:
|
|
Queue number of DSCP 6. Choices:
|
|
Queue number of DSCP 60. Choices:
|
|
Queue number of DSCP 61. Choices:
|
|
Queue number of DSCP 62. Choices:
|
|
Queue number of DSCP 63. Choices:
|
|
Queue number of DSCP 7. Choices:
|
|
Queue number of DSCP 8. Choices:
|
|
Queue number of DSCP 9. Choices:
|
|
Profile ID. |
|
Profile type. Choices:
|
|
Class weight. |
|
Scheduler. |
|
Scheduler mode. Choices:
|
|
Scheduler name. |
|
Deprecated, please rename it to np6_cps_optimization_mode. Enable/disable NP6 connection per second Choices:
|
|
Deprecated, please rename it to npu_group_effective_scope. Npu-group-effective-scope defines under which npu-group cmds su… |
|
Deprecated, please rename it to npu_tcam. Npu tcam. |
|
Data. |
|
Tcam data ip flag df. Choices:
|
|
Tcam data dst ipv4 address. |
|
Tcam data dst ipv6 address. |
|
Tcam data dst macaddr. |
|
Tcam data L4 dst port. |
|
Tcam data ethertype. |
|
Deprecated, please rename it to ext_tag. Tcam data extension tag. Choices:
|
|
Deprecated, please rename it to frag_off. Tcam data ip flag fragment offset. |
|
Deprecated, please rename it to gen_buf_cnt. Tcam data gen info buffer count. |
|
Deprecated, please rename it to gen_iv. Tcam data gen info iv. Choices:
|
|
Deprecated, please rename it to gen_l3_flags. Tcam data gen info L3 flags. |
|
Deprecated, please rename it to gen_l4_flags. Tcam data gen info L4 flags. |
|
Deprecated, please rename it to gen_pkt_ctrl. Tcam data gen info packet control. |
|
Deprecated, please rename it to gen_pri. Tcam data gen info priority. |
|
Deprecated, please rename it to gen_pri_v. Tcam data gen info priority valid. Choices:
|
|
Deprecated, please rename it to gen_tv. Tcam data gen info tv. Choices:
|
|
Tcam data ipv4 IHL. |
|
Deprecated, please rename it to ip4_id. Tcam data ipv4 id. |
|
Deprecated, please rename it to ip6_fl. Tcam data ipv6 flow label. |
|
Tcam data ip header version. |
|
Deprecated, please rename it to l4_wd10. Tcam data L4 word10. |
|
Deprecated, please rename it to l4_wd11. Tcam data L4 word11. |
|
Deprecated, please rename it to l4_wd8. Tcam data L4 word8. |
|
Deprecated, please rename it to l4_wd9. Tcam data L4 word9. |
|
Tcam data ip flag mf. Choices:
|
|
Tcam data ip protocol. |
|
Tcam data sublink. |
|
Deprecated, please rename it to smac_change. Tcam data source MAC change. Choices:
|
|
Tcam data source port. |
|
Deprecated, please rename it to src_cfi. Tcam data source cfi. Choices:
|
|
Deprecated, please rename it to src_prio. Tcam data source priority. |
|
Deprecated, please rename it to src_updt. Tcam data source update. Choices:
|
|
Tcam data src ipv4 address. |
|
Tcam data src ipv6 address. |
|
Tcam data src macaddr. |
|
Tcam data L4 src port. |
|
Tcam data source vid. |
|
Deprecated, please rename it to tcp_ack. Tcam data tcp flag ack. Choices:
|
|
Deprecated, please rename it to tcp_cwr. Tcam data tcp flag cwr. Choices:
|
|
Deprecated, please rename it to tcp_ece. Tcam data tcp flag ece. Choices:
|
|
Deprecated, please rename it to tcp_fin. Tcam data tcp flag fin. Choices:
|
|
Deprecated, please rename it to tcp_push. Tcam data tcp flag push. Choices:
|
|
Deprecated, please rename it to tcp_rst. Tcam data tcp flag rst. Choices:
|
|
Deprecated, please rename it to tcp_syn. Tcam data tcp flag syn. Choices:
|
|
Deprecated, please rename it to tcp_urg. Tcam data tcp flag urg. Choices:
|
|
Deprecated, please rename it to tgt_cfi. Tcam data target cfi. Choices:
|
|
Deprecated, please rename it to tgt_prio. Tcam data target priority. |
|
Deprecated, please rename it to tgt_updt. Tcam data target port update. Choices:
|
|
Deprecated, please rename it to tgt_v. Tcam data target valid. Choices:
|
|
Tcam data ip tos. |
|
Tcam data target port. |
|
Tcam data ip ttl. |
|
Tcam data target vid. |
|
Tcam data vdom id. |
|
Deprecated, please rename it to dbg_dump. Debug driver dump data/mask pdq. |
|
Mask. |
|
Tcam mask ip flag df. Choices:
|
|
Tcam mask dst ipv4 address. |
|
Tcam mask dst ipv6 address. |
|
Tcam mask dst macaddr. |
|
Tcam mask L4 dst port. |
|
Tcam mask ethertype. |
|
Deprecated, please rename it to ext_tag. Tcam mask extension tag. Choices:
|
|
Deprecated, please rename it to frag_off. Tcam data ip flag fragment offset. |
|
Deprecated, please rename it to gen_buf_cnt. Tcam mask gen info buffer count. |
|
Deprecated, please rename it to gen_iv. Tcam mask gen info iv. Choices:
|
|
Deprecated, please rename it to gen_l3_flags. Tcam mask gen info L3 flags. |
|
Deprecated, please rename it to gen_l4_flags. Tcam mask gen info L4 flags. |
|
Deprecated, please rename it to gen_pkt_ctrl. Tcam mask gen info packet control. |
|
Deprecated, please rename it to gen_pri. Tcam mask gen info priority. |
|
Deprecated, please rename it to gen_pri_v. Tcam mask gen info priority valid. Choices:
|
|
Deprecated, please rename it to gen_tv. Tcam mask gen info tv. Choices:
|
|
Tcam mask ipv4 IHL. |
|
Deprecated, please rename it to ip4_id. Tcam mask ipv4 id. |
|
Deprecated, please rename it to ip6_fl. Tcam mask ipv6 flow label. |
|
Tcam mask ip header version. |
|
Deprecated, please rename it to l4_wd10. Tcam mask L4 word10. |
|
Deprecated, please rename it to l4_wd11. Tcam mask L4 word11. |
|
Deprecated, please rename it to l4_wd8. Tcam mask L4 word8. |
|
Deprecated, please rename it to l4_wd9. Tcam mask L4 word9. |
|
Tcam mask ip flag mf. Choices:
|
|
Tcam mask ip protocol. |
|
Tcam mask sublink. |
|
Deprecated, please rename it to smac_change. Tcam mask source MAC change. Choices:
|
|
Tcam mask source port. |
|
Deprecated, please rename it to src_cfi. Tcam mask source cfi. Choices:
|
|
Deprecated, please rename it to src_prio. Tcam mask source priority. |
|
Deprecated, please rename it to src_updt. Tcam mask source update. Choices:
|
|
Tcam mask src ipv4 address. |
|
Tcam mask src ipv6 address. |
|
Tcam mask src macaddr. |
|
Tcam mask L4 src port. |
|
Tcam mask source vid. |
|
Deprecated, please rename it to tcp_ack. Tcam mask tcp flag ack. Choices:
|
|
Deprecated, please rename it to tcp_cwr. Tcam mask tcp flag cwr. Choices:
|
|
Deprecated, please rename it to tcp_ece. Tcam mask tcp flag ece. Choices:
|
|
Deprecated, please rename it to tcp_fin. Tcam mask tcp flag fin. Choices:
|
|
Deprecated, please rename it to tcp_push. Tcam mask tcp flag push. Choices:
|
|
Deprecated, please rename it to tcp_rst. Tcam mask tcp flag rst. Choices:
|
|
Deprecated, please rename it to tcp_syn. Tcam mask tcp flag syn. Choices:
|
|
Deprecated, please rename it to tcp_urg. Tcam mask tcp flag urg. Choices:
|
|
Deprecated, please rename it to tgt_cfi. Tcam mask target cfi. Choices:
|
|
Deprecated, please rename it to tgt_prio. Tcam mask target priority. |
|
Deprecated, please rename it to tgt_updt. Tcam mask target port update. Choices:
|
|
Deprecated, please rename it to tgt_v. Tcam mask target valid. Choices:
|
|
Tcam mask ip tos. |
|
Tcam mask target port. |
|
Tcam mask ip ttl. |
|
Tcam mask target vid. |
|
Tcam mask vdom id. |
|
Deprecated, please rename it to mir_act. Mir act. |
|
Tcam mirror action vlif. |
|
NPU TCAM policies name. |
|
NPU TCAM OID. |
|
Deprecated, please rename it to pri_act. Pri act. |
|
Tcam priority action priority. |
|
Tcam priority action weight. |
|
Sact. |
|
Tcam sact act. |
|
Deprecated, please rename it to act_v. Enable to set sact act. Choices:
|
|
Tcam sact bmproc. |
|
Deprecated, please rename it to bmproc_v. Enable to set sact bmproc. Choices:
|
|
Deprecated, please rename it to df_lif. Tcam sact df-lif. |
|
Deprecated, please rename it to df_lif_v. Enable to set sact df-lif. Choices:
|
|
Tcam sact dfr. |
|
Deprecated, please rename it to dfr_v. Enable to set sact dfr. Choices:
|
|
Deprecated, please rename it to dmac_skip. Tcam sact dmac-skip. |
|
Deprecated, please rename it to dmac_skip_v. Enable to set sact dmac-skip. Choices:
|
|
Tcam sact dosen. |
|
Deprecated, please rename it to dosen_v. Enable to set sact dosen. Choices:
|
|
Deprecated, please rename it to espff_proc. Tcam sact espff-proc. |
|
Deprecated, please rename it to espff_proc_v. Enable to set sact espff-proc. Choices:
|
|
Deprecated, please rename it to etype_pid. Tcam sact etype-pid. |
|
Deprecated, please rename it to etype_pid_v. Enable to set sact etype-pid. Choices:
|
|
Deprecated, please rename it to frag_proc. Tcam sact frag-proc. |
|
Deprecated, please rename it to frag_proc_v. Enable to set sact frag-proc. Choices:
|
|
Tcam sact fwd. |
|
Deprecated, please rename it to fwd_lif. Tcam sact fwd-lif. |
|
Deprecated, please rename it to fwd_lif_v. Enable to set sact fwd-lif. Choices:
|
|
Deprecated, please rename it to fwd_tvid. Tcam sact fwd-tvid. |
|
Deprecated, please rename it to fwd_tvid_v. Enable to set sact fwd-vid. Choices:
|
|
Deprecated, please rename it to fwd_v. Enable to set sact fwd. Choices:
|
|
Tcam sact icpen. |
|
Deprecated, please rename it to icpen_v. Enable to set sact icpen. Choices:
|
|
Deprecated, please rename it to igmp_mld_snp. Tcam sact igmp-mld-snp. |
|
Deprecated, please rename it to igmp_mld_snp_v. Enable to set sact igmp-mld-snp. Choices:
|
|
Tcam sact learn. |
|
Deprecated, please rename it to learn_v. Enable to set sact learn. Choices:
|
|
Deprecated, please rename it to m_srh_ctrl. Tcam sact m-srh-ctrl. |
|
Deprecated, please rename it to m_srh_ctrl_v. Enable to set sact m-srh-ctrl. Choices:
|
|
Deprecated, please rename it to mac_id. Tcam sact mac-id. |
|
Deprecated, please rename it to mac_id_v. Enable to set sact mac-id. Choices:
|
|
Tcam sact mss. |
|
Deprecated, please rename it to mss_v. Enable to set sact mss. Choices:
|
|
Tcam sact pleen. |
|
Deprecated, please rename it to pleen_v. Enable to set sact pleen. Choices:
|
|
Deprecated, please rename it to prio_pid. Tcam sact prio-pid. |
|
Deprecated, please rename it to prio_pid_v. Enable to set sact prio-pid. Choices:
|
|
Tcam sact promis. |
|
Deprecated, please rename it to promis_v. Enable to set sact promis. Choices:
|
|
Tcam sact rfsh. |
|
Deprecated, please rename it to rfsh_v. Enable to set sact rfsh. Choices:
|
|
Deprecated, please rename it to smac_skip. Tcam sact smac-skip. |
|
Deprecated, please rename it to smac_skip_v. Enable to set sact smac-skip. Choices:
|
|
Deprecated, please rename it to tp_smchk_v. Enable to set sact tp mode. Choices:
|
|
Tcam sact tp mode. |
|
Deprecated, please rename it to tpe_id. Tcam sact tpe-id. |
|
Deprecated, please rename it to tpe_id_v. Enable to set sact tpe-id. Choices:
|
|
Tcam sact vdm. |
|
Deprecated, please rename it to vdm_v. Enable to set sact vdm. Choices:
|
|
Deprecated, please rename it to vdom_id. Tcam sact vdom-id. |
|
Deprecated, please rename it to vdom_id_v. Enable to set sact vdom-id. Choices:
|
|
Deprecated, please rename it to x_mode. Tcam sact x-mode. |
|
Deprecated, please rename it to x_mode_v. Enable to set sact x-mode. Choices:
|
|
Tact. |
|
Tcam tact act. |
|
Deprecated, please rename it to act_v. Enable to set tact act. Choices:
|
|
Deprecated, please rename it to fmtuv4_s. Tcam tact fmtuv4-s. |
|
Deprecated, please rename it to fmtuv4_s_v. Enable to set tact fmtuv4-s. Choices:
|
|
Deprecated, please rename it to fmtuv6_s. Tcam tact fmtuv6-s. |
|
Deprecated, please rename it to fmtuv6_s_v. Enable to set tact fmtuv6-s. Choices:
|
|
Tcam tact lnkid. |
|
Deprecated, please rename it to lnkid_v. Enable to set tact lnkid. Choices:
|
|
Deprecated, please rename it to mac_id. Tcam tact mac-id. |
|
Deprecated, please rename it to mac_id_v. Enable to set tact mac-id. Choices:
|
|
Deprecated, please rename it to mss_t. Tcam tact mss. |
|
Deprecated, please rename it to mss_t_v. Enable to set tact mss. Choices:
|
|
Tcam tact mtuv4. |
|
Deprecated, please rename it to mtuv4_v. Enable to set tact mtuv4. Choices:
|
|
Tcam tact mtuv6. |
|
Deprecated, please rename it to mtuv6_v. Enable to set tact mtuv6. Choices:
|
|
Deprecated, please rename it to slif_act. Tcam tact slif-act. |
|
Deprecated, please rename it to slif_act_v. Enable to set tact slif-act. Choices:
|
|
Tcam tact sublnkid. |
|
Deprecated, please rename it to sublnkid_v. Enable to set tact sublnkid. Choices:
|
|
Deprecated, please rename it to tgtv_act. Tcam tact tgtv-act. |
|
Deprecated, please rename it to tgtv_act_v. Enable to set tact tgtv-act. Choices:
|
|
Deprecated, please rename it to tlif_act. Tcam tact tlif-act. |
|
Deprecated, please rename it to tlif_act_v. Enable to set tact tlif-act. Choices:
|
|
Tcam tact tpeid. |
|
Deprecated, please rename it to tpeid_v. Enable to set tact tpeid. Choices:
|
|
Tcam tact v6fe. |
|
Deprecated, please rename it to v6fe_v. Enable to set tact v6fe. Choices:
|
|
Deprecated, please rename it to vep_en_v. Enable to set tact vep-en. Choices:
|
|
Deprecated, please rename it to vep_slid. Tcam tact vep_slid. |
|
Deprecated, please rename it to vep_slid_v. Enable to set tact vep-slid. Choices:
|
|
Tcam tact vep_en. |
|
Deprecated, please rename it to xlt_lif. Tcam tact xlt-lif. |
|
Deprecated, please rename it to xlt_lif_v. Enable to set tact xlt-lif. Choices:
|
|
Deprecated, please rename it to xlt_vid. Tcam tact xlt-vid. |
|
Deprecated, please rename it to xlt_vid_v. Enable to set tact xlt-vid. Choices:
|
|
TCAM policy type. Choices:
|
|
NPU TCAM VID. |
|
Deprecated, please rename it to nss_threads_option. Configure thread options for the NP7s NSS module. Choices:
|
|
Deprecated, please rename it to pba_eim. Configure option for PBA Choices:
|
|
Deprecated, please rename it to pba_port_select_mode. Port selection mode for PBA IP pool. Choices:
|
|
Deprecated, please rename it to per_policy_accounting. Set per-policy accounting. Choices:
|
|
Deprecated, please rename it to per_session_accounting. Enable/disable per-session accounting. Choices:
|
|
Deprecated, please rename it to ple_non_syn_tcp_action. Configure action for the PLE to take on TCP packets that have the … Choices:
|
|
Deprecated, please rename it to policy_offload_level. Configure firewall policy offload level Choices:
|
|
Deprecated, please rename it to port_cpu_map. Port cpu map. |
|
Deprecated, please rename it to cpu_core. The CPU core to map to an interface. |
|
The interface to map to a CPU core. |
|
Deprecated, please rename it to port_npu_map. Port npu map. |
|
Set npu interface port to NPU group map. |
|
Deprecated, please rename it to npu_group_index. Mapping NPU group index. |
|
Deprecated, please rename it to port_path_option. Port path option. |
|
(list) Deprecated, please rename it to ports_using_npu. Set ha/aux ports to handle traffic with NPU |
|
Deprecated, please rename it to priority_protocol. Priority protocol. |
|
Enable/disable NPU BFD priority protocol. Choices:
|
|
Enable/disable NPU BGP priority protocol. Choices:
|
|
Enable/disable NPU SLBC priority protocol. Choices:
|
|
Deprecated, please rename it to process_icmp_by_host. Enable/disable process ICMP by host when received from IPsec tunnel … Choices:
|
|
(list or str) Deprecated, please rename it to prp_port_in. Ingress port configured to allow the PRP trailer not be strippe… |
|
(list or str) Deprecated, please rename it to prp_port_out. Egress port configured to allow the PRP trailer not be strippe… |
|
Deprecated, please rename it to prp_session_clear_mode. PRP session clear mode for excluded ip sessions. Choices:
|
|
Deprecated, please rename it to qos_mode. QoS mode on switch and NP. Choices:
|
|
Deprecated, please rename it to qtm_buf_mode. QTM channel configuration for packet buffer. Choices:
|
|
Deprecated, please rename it to rdp_offload. Enable/disable rdp offload. Choices:
|
|
Deprecated, please rename it to recover_np6_link. Enable/disable internal link failure check and recovery after boot up. Choices:
|
|
Deprecated, please rename it to rps_mode. Enable/disable receive packet steering Choices:
|
|
Deprecated, please rename it to session_acct_interval. Session accounting update interval |
|
Deprecated, please rename it to session_denied_offload. Enable/disable offloading of denied sessions. Choices:
|
|
Deprecated, please rename it to shaping_stats. Enable/disable NP7 traffic shaping statistics Choices:
|
|
Deprecated, please rename it to spa_port_select_mode. Port selection mode for SPA IP pool. Choices:
|
|
Deprecated, please rename it to split_ipsec_engines. Enable/disable Split IPsec Engines. Choices:
|
|
Deprecated, please rename it to sse_backpressure. Enable/disable sse backpressure. Choices:
|
|
Deprecated, please rename it to sse_ha_scan. Sse ha scan. |
|
Scanning message gap |
|
Deprecated, please rename it to max_session_cnt. If the session count |
|
Deprecated, please rename it to min_duration. Scanning filter for minimum duration of the session. |
|
Deprecated, please rename it to strip_clear_text_padding. Enable/disable stripping clear text padding. Choices:
|
|
Deprecated, please rename it to strip_esp_padding. Enable/disable stripping ESP padding. Choices:
|
|
Deprecated, please rename it to sw_eh_hash. Sw eh hash. |
|
Set hashing computation. Choices:
|
|
Deprecated, please rename it to destination_ip_lower_16. Include/exclude destination IP address lower 16 bits. Choices:
|
|
Deprecated, please rename it to destination_ip_upper_16. Include/exclude destination IP address upper 16 bits. Choices:
|
|
Deprecated, please rename it to destination_port. Include/exclude destination port if TCP/UDP. Choices:
|
|
Deprecated, please rename it to ip_protocol. Include/exclude IP protocol. Choices:
|
|
Deprecated, please rename it to netmask_length. Network mask length. |
|
Deprecated, please rename it to source_ip_lower_16. Include/exclude source IP address lower 16 bits. Choices:
|
|
Deprecated, please rename it to source_ip_upper_16. Include/exclude source IP address upper 16 bits. Choices:
|
|
Deprecated, please rename it to source_port. Include/exclude source port if TCP/UDP. Choices:
|
|
Deprecated, please rename it to sw_np_bandwidth. Bandwidth from switch to NP. Choices:
|
|
Deprecated, please rename it to sw_tr_hash. Sw tr hash. |
|
Enable/disable DRACO15 hashing. Choices:
|
|
Deprecated, please rename it to tcp_udp_port. Include/exclude TCP/UDP source and destination port for unicast trun… Choices:
|
|
Deprecated, please rename it to switch_np_hash. Switch-NP trunk port selection Criteria. Choices:
|
|
Deprecated, please rename it to tcp_rst_timeout. TCP RST timeout in seconds |
|
Deprecated, please rename it to tcp_timeout_profile. Tcp timeout profile. |
|
Deprecated, please rename it to close_wait. Set close-wait timeout |
|
Deprecated, please rename it to fin_wait. Set fin-wait timeout |
|
Timeout profile ID |
|
Deprecated, please rename it to syn_sent. Set syn-sent timeout |
|
Deprecated, please rename it to syn_wait. Set syn-wait timeout |
|
Deprecated, please rename it to tcp_idle. Set TCP establish timeout |
|
Deprecated, please rename it to time_wait. Set time-wait timeout |
|
Deprecated, please rename it to tunnel_over_vlink. Enable/disable selection of which NP6 chip the tunnel uses Choices:
|
|
Deprecated, please rename it to udp_timeout_profile. Udp timeout profile. |
|
Timeout profile ID |
|
Deprecated, please rename it to udp_idle. Set UDP idle timeout |
|
Deprecated, please rename it to uesp_offload. Enable/disable UDP-encapsulated ESP offload Choices:
|
|
Deprecated, please rename it to ull_port_mode. Set ULL ports speed to 10G/25G Choices:
|
|
Deprecated, please rename it to vlan_lookup_cache. Enable/disable vlan lookup cache Choices:
|
|
Deprecated, please rename it to vxlan_offload. Enable/disable offloading vxlan. Choices:
|
|
The adom to lock for FortiManager running in workspace mode, the value can be global and others including root. |
|
The maximum time in seconds to wait for other user to release the workspace lock. Default: |
Notes
Note
Starting in version 2.4.0, all input arguments are named using the underscore naming convention (snake_case). Please change the arguments such as “var-name” to “var_name”. Old argument names are still available yet you will receive deprecation warnings. You can ignore this warning by setting deprecation_warnings=False in ansible.cfg.
Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.
Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded
Examples
- name: Example playbook (generated based on argument schema)
hosts: fortimanagers
connection: httpapi
vars:
ansible_httpapi_use_ssl: true
ansible_httpapi_validate_certs: false
ansible_httpapi_port: 443
tasks:
- name: Configure NPU attributes.
fortinet.fortimanager.fmgr_system_npu:
# bypass_validation: false
workspace_locking_adom: <value in [global, custom adom including root]>
workspace_locking_timeout: 300
# rc_succeeded: [0, -2, -3, ...]
# rc_failed: [-2, -3, ...]
adom: <your own value>
system_npu:
capwap_offload: <value in [disable, enable]>
dedicated_management_affinity: <string>
dedicated_management_cpu: <value in [disable, enable]>
fastpath: <value in [disable, enable]>
fp_anomaly:
esp_minlen_err: <value in [drop, trap-to-host]>
icmp_csum_err: <value in [drop, trap-to-host]>
icmp_minlen_err: <value in [drop, trap-to-host]>
ipv4_csum_err: <value in [drop, trap-to-host]>
ipv4_ihl_err: <value in [drop, trap-to-host]>
ipv4_len_err: <value in [drop, trap-to-host]>
ipv4_opt_err: <value in [drop, trap-to-host]>
ipv4_ttlzero_err: <value in [drop, trap-to-host]>
ipv4_ver_err: <value in [drop, trap-to-host]>
ipv6_exthdr_len_err: <value in [drop, trap-to-host]>
ipv6_exthdr_order_err: <value in [drop, trap-to-host]>
ipv6_ihl_err: <value in [drop, trap-to-host]>
ipv6_plen_zero: <value in [drop, trap-to-host]>
ipv6_ver_err: <value in [drop, trap-to-host]>
tcp_csum_err: <value in [drop, trap-to-host]>
tcp_hlen_err: <value in [drop, trap-to-host]>
tcp_plen_err: <value in [drop, trap-to-host]>
udp_csum_err: <value in [drop, trap-to-host]>
udp_hlen_err: <value in [drop, trap-to-host]>
udp_len_err: <value in [drop, trap-to-host]>
udp_plen_err: <value in [drop, trap-to-host]>
udplite_cover_err: <value in [drop, trap-to-host]>
udplite_csum_err: <value in [drop, trap-to-host]>
unknproto_minlen_err: <value in [drop, trap-to-host]>
tcp_fin_only: <value in [allow, drop, trap-to-host]>
ipv4_optsecurity: <value in [allow, drop, trap-to-host]>
ipv6_optralert: <value in [allow, drop, trap-to-host]>
tcp_syn_fin: <value in [allow, drop, trap-to-host]>
ipv4_proto_err: <value in [allow, drop, trap-to-host]>
ipv6_saddr_err: <value in [allow, drop, trap-to-host]>
icmp_frag: <value in [allow, drop, trap-to-host]>
ipv4_optssrr: <value in [allow, drop, trap-to-host]>
ipv6_opthomeaddr: <value in [allow, drop, trap-to-host]>
udp_land: <value in [allow, drop, trap-to-host]>
ipv6_optinvld: <value in [allow, drop, trap-to-host]>
tcp_fin_noack: <value in [allow, drop, trap-to-host]>
ipv6_proto_err: <value in [allow, drop, trap-to-host]>
tcp_land: <value in [allow, drop, trap-to-host]>
ipv4_unknopt: <value in [allow, drop, trap-to-host]>
ipv4_optstream: <value in [allow, drop, trap-to-host]>
ipv6_optjumbo: <value in [allow, drop, trap-to-host]>
icmp_land: <value in [allow, drop, trap-to-host]>
tcp_winnuke: <value in [allow, drop, trap-to-host]>
ipv6_daddr_err: <value in [allow, drop, trap-to-host]>
ipv4_land: <value in [allow, drop, trap-to-host]>
ipv6_opttunnel: <value in [allow, drop, trap-to-host]>
tcp_no_flag: <value in [allow, drop, trap-to-host]>
ipv6_land: <value in [allow, drop, trap-to-host]>
ipv4_optlsrr: <value in [allow, drop, trap-to-host]>
ipv4_opttimestamp: <value in [allow, drop, trap-to-host]>
ipv4_optrr: <value in [allow, drop, trap-to-host]>
ipv6_optnsap: <value in [allow, drop, trap-to-host]>
ipv6_unknopt: <value in [allow, drop, trap-to-host]>
tcp_syn_data: <value in [allow, drop, trap-to-host]>
ipv6_optendpid: <value in [allow, drop, trap-to-host]>
gtpu_plen_err: <value in [drop, trap-to-host]>
vxlan_minlen_err: <value in [drop, trap-to-host]>
capwap_minlen_err: <value in [drop, trap-to-host]>
gre_csum_err: <value in [drop, trap-to-host]>
nvgre_minlen_err: <value in [drop, trap-to-host]>
sctp_l4len_err: <value in [drop, trap-to-host]>
tcp_hlenvsl4len_err: <value in [drop, trap-to-host]>
sctp_crc_err: <value in [drop, trap-to-host]>
sctp_clen_err: <value in [drop, trap-to-host]>
uesp_minlen_err: <value in [drop, trap-to-host]>
sctp_csum_err: <value in [allow, drop, trap-to-host]>
gtp_enhanced_cpu_range: <value in [0, 1, 2]>
gtp_enhanced_mode: <value in [disable, enable]>
host_shortcut_mode: <value in [bi-directional, host-shortcut]>
htx_gtse_quota: <value in [100Mbps, 200Mbps, 300Mbps, ...]>
intf_shaping_offload: <value in [disable, enable]>
iph_rsvd_re_cksum: <value in [disable, enable]>
ipsec_dec_subengine_mask: <string>
ipsec_enc_subengine_mask: <string>
ipsec_inbound_cache: <value in [disable, enable]>
ipsec_mtu_override: <value in [disable, enable]>
ipsec_over_vlink: <value in [disable, enable]>
isf_np_queues:
cos0: <string>
cos1: <string>
cos2: <string>
cos3: <string>
cos4: <string>
cos5: <string>
cos6: <string>
cos7: <string>
lag_out_port_select: <value in [disable, enable]>
mcast_session_accounting: <value in [disable, session-based, tpe-based]>
np6_cps_optimization_mode: <value in [disable, enable]>
per_session_accounting: <value in [enable, disable, enable-by-log, ...]>
port_cpu_map:
-
cpu_core: <string>
interface: <string>
port_npu_map:
-
interface: <string>
npu_group_index: <integer>
priority_protocol:
bfd: <value in [disable, enable]>
bgp: <value in [disable, enable]>
slbc: <value in [disable, enable]>
qos_mode: <value in [disable, priority, round-robin]>
rdp_offload: <value in [disable, enable]>
recover_np6_link: <value in [disable, enable]>
session_denied_offload: <value in [disable, enable]>
sse_backpressure: <value in [disable, enable]>
strip_clear_text_padding: <value in [disable, enable]>
strip_esp_padding: <value in [disable, enable]>
sw_eh_hash:
computation: <value in [xor16, xor8, xor4, ...]>
destination_ip_lower_16: <value in [include, exclude]>
destination_ip_upper_16: <value in [include, exclude]>
destination_port: <value in [include, exclude]>
ip_protocol: <value in [include, exclude]>
netmask_length: <integer>
source_ip_lower_16: <value in [include, exclude]>
source_ip_upper_16: <value in [include, exclude]>
source_port: <value in [include, exclude]>
sw_np_bandwidth: <value in [0G, 2G, 4G, ...]>
switch_np_hash: <value in [src-ip, dst-ip, src-dst-ip]>
uesp_offload: <value in [disable, enable]>
np_queues:
ethernet_type:
-
name: <string>
queue: <integer>
type: <integer>
weight: <integer>
ip_protocol:
-
name: <string>
protocol: <integer>
queue: <integer>
weight: <integer>
ip_service:
-
dport: <integer>
name: <string>
protocol: <integer>
queue: <integer>
sport: <integer>
weight: <integer>
profile:
-
cos0: <value in [queue0, queue1, queue2, ...]>
cos1: <value in [queue0, queue1, queue2, ...]>
cos2: <value in [queue0, queue1, queue2, ...]>
cos3: <value in [queue0, queue1, queue2, ...]>
cos4: <value in [queue0, queue1, queue2, ...]>
cos5: <value in [queue0, queue1, queue2, ...]>
cos6: <value in [queue0, queue1, queue2, ...]>
cos7: <value in [queue0, queue1, queue2, ...]>
dscp0: <value in [queue0, queue1, queue2, ...]>
dscp1: <value in [queue0, queue1, queue2, ...]>
dscp10: <value in [queue0, queue1, queue2, ...]>
dscp11: <value in [queue0, queue1, queue2, ...]>
dscp12: <value in [queue0, queue1, queue2, ...]>
dscp13: <value in [queue0, queue1, queue2, ...]>
dscp14: <value in [queue0, queue1, queue2, ...]>
dscp15: <value in [queue0, queue1, queue2, ...]>
dscp16: <value in [queue0, queue1, queue2, ...]>
dscp17: <value in [queue0, queue1, queue2, ...]>
dscp18: <value in [queue0, queue1, queue2, ...]>
dscp19: <value in [queue0, queue1, queue2, ...]>
dscp2: <value in [queue0, queue1, queue2, ...]>
dscp20: <value in [queue0, queue1, queue2, ...]>
dscp21: <value in [queue0, queue1, queue2, ...]>
dscp22: <value in [queue0, queue1, queue2, ...]>
dscp23: <value in [queue0, queue1, queue2, ...]>
dscp24: <value in [queue0, queue1, queue2, ...]>
dscp25: <value in [queue0, queue1, queue2, ...]>
dscp26: <value in [queue0, queue1, queue2, ...]>
dscp27: <value in [queue0, queue1, queue2, ...]>
dscp28: <value in [queue0, queue1, queue2, ...]>
dscp29: <value in [queue0, queue1, queue2, ...]>
dscp3: <value in [queue0, queue1, queue2, ...]>
dscp30: <value in [queue0, queue1, queue2, ...]>
dscp31: <value in [queue0, queue1, queue2, ...]>
dscp32: <value in [queue0, queue1, queue2, ...]>
dscp33: <value in [queue0, queue1, queue2, ...]>
dscp34: <value in [queue0, queue1, queue2, ...]>
dscp35: <value in [queue0, queue1, queue2, ...]>
dscp36: <value in [queue0, queue1, queue2, ...]>
dscp37: <value in [queue0, queue1, queue2, ...]>
dscp38: <value in [queue0, queue1, queue2, ...]>
dscp39: <value in [queue0, queue1, queue2, ...]>
dscp4: <value in [queue0, queue1, queue2, ...]>
dscp40: <value in [queue0, queue1, queue2, ...]>
dscp41: <value in [queue0, queue1, queue2, ...]>
dscp42: <value in [queue0, queue1, queue2, ...]>
dscp43: <value in [queue0, queue1, queue2, ...]>
dscp44: <value in [queue0, queue1, queue2, ...]>
dscp45: <value in [queue0, queue1, queue2, ...]>
dscp46: <value in [queue0, queue1, queue2, ...]>
dscp47: <value in [queue0, queue1, queue2, ...]>
dscp48: <value in [queue0, queue1, queue2, ...]>
dscp49: <value in [queue0, queue1, queue2, ...]>
dscp5: <value in [queue0, queue1, queue2, ...]>
dscp50: <value in [queue0, queue1, queue2, ...]>
dscp51: <value in [queue0, queue1, queue2, ...]>
dscp52: <value in [queue0, queue1, queue2, ...]>
dscp53: <value in [queue0, queue1, queue2, ...]>
dscp54: <value in [queue0, queue1, queue2, ...]>
dscp55: <value in [queue0, queue1, queue2, ...]>
dscp56: <value in [queue0, queue1, queue2, ...]>
dscp57: <value in [queue0, queue1, queue2, ...]>
dscp58: <value in [queue0, queue1, queue2, ...]>
dscp59: <value in [queue0, queue1, queue2, ...]>
dscp6: <value in [queue0, queue1, queue2, ...]>
dscp60: <value in [queue0, queue1, queue2, ...]>
dscp61: <value in [queue0, queue1, queue2, ...]>
dscp62: <value in [queue0, queue1, queue2, ...]>
dscp63: <value in [queue0, queue1, queue2, ...]>
dscp7: <value in [queue0, queue1, queue2, ...]>
dscp8: <value in [queue0, queue1, queue2, ...]>
dscp9: <value in [queue0, queue1, queue2, ...]>
id: <integer>
type: <value in [cos, dscp]>
weight: <integer>
scheduler:
-
mode: <value in [none, priority, round-robin]>
name: <string>
udp_timeout_profile:
-
id: <integer>
udp_idle: <integer>
qtm_buf_mode: <value in [6ch, 4ch]>
default_qos_type: <value in [policing, shaping, policing-enhanced]>
tcp_rst_timeout: <integer>
ipsec_local_uesp_port: <integer>
htab_dedi_queue_nr: <integer>
double_level_mcast_offload: <value in [disable, enable]>
dse_timeout: <integer>
ippool_overload_low: <integer>
pba_eim: <value in [disallow, allow]>
policy_offload_level: <value in [disable, dos-offload, full-offload]>
max_session_timeout: <integer>
port_path_option:
ports_using_npu: <list or string>
vlan_lookup_cache: <value in [disable, enable]>
dos_options:
npu_dos_meter_mode: <value in [local, global]>
npu_dos_synproxy_mode: <value in [synack2ack, pass-synack]>
npu_dos_tpe_mode: <value in [disable, enable]>
hash_tbl_spread: <value in [disable, enable]>
tcp_timeout_profile:
-
close_wait: <integer>
fin_wait: <integer>
id: <integer>
syn_sent: <integer>
syn_wait: <integer>
tcp_idle: <integer>
time_wait: <integer>
ip_reassembly:
max_timeout: <integer>
min_timeout: <integer>
status: <value in [disable, enable]>
gtp_support: <value in [disable, enable]>
htx_icmp_csum_chk: <value in [pass, drop]>
hpe:
all_protocol: <integer>
arp_max: <integer>
enable_shaper: <value in [disable, enable]>
esp_max: <integer>
high_priority: <integer>
icmp_max: <integer>
ip_frag_max: <integer>
ip_others_max: <integer>
l2_others_max: <integer>
pri_type_max: <integer>
sctp_max: <integer>
tcp_max: <integer>
tcpfin_rst_max: <integer>
tcpsyn_ack_max: <integer>
tcpsyn_max: <integer>
udp_max: <integer>
enable_queue_shaper: <value in [disable, enable]>
exception_code: <integer>
fragment_with_sess: <integer>
fragment_without_session: <integer>
queue_shaper_max: <integer>
dsw_dts_profile:
-
action: <value in [wait, drop, drop_tmr_0, ...]>
min_limit: <integer>
profile_id: <integer>
step: <integer>
hash_config: <value in [5-tuple, src-ip, src-dst-ip]>
ipsec_ob_np_sel: <value in [RR, rr, Packet, ...]>
napi_break_interval: <integer>
background_sse_scan:
scan: <value in [disable, enable]>
stats_update_interval: <integer>
udp_keepalive_interval: <integer>
scan_stale: <integer>
scan_vt: <integer>
stats_qual_access: <integer>
stats_qual_duration: <integer>
udp_qual_access: <integer>
udp_qual_duration: <integer>
inbound_dscp_copy_port: <list or string>
session_acct_interval: <integer>
htab_msg_queue: <value in [idle, data, dedicated]>
dsw_queue_dts_profile:
-
iport: <value in [EIF0, eif0, EIF1, ...]>
name: <string>
oport: <value in [EIF0, eif0, EIF1, ...]>
profile_id: <integer>
queue_select: <integer>
hw_ha_scan_interval: <integer>
ippool_overload_high: <integer>
nat46_force_ipv4_packet_forwarding: <value in [disable, enable]>
prp_port_out: <list or string>
isf_np_rx_tr_distr: <value in [port-flow, round-robin, randomized]>
mcast_session_counting6: <value in [disable, enable, session-based, ...]>
prp_port_in: <list or string>
rps_mode: <value in [disable, enable]>
per_policy_accounting: <value in [disable, enable]>
mcast_session_counting: <value in [disable, enable, session-based, ...]>
inbound_dscp_copy: <value in [disable, enable]>
ipsec_host_dfclr: <value in [disable, enable]>
process_icmp_by_host: <value in [disable, enable]>
dedicated_tx_npu: <value in [disable, enable]>
ull_port_mode: <value in [10G, 25G]>
sse_ha_scan:
gap: <integer>
max_session_cnt: <integer>
min_duration: <integer>
hash_ipv6_sel: <integer>
ip_fragment_offload: <value in [disable, enable]>
ple_non_syn_tcp_action: <value in [forward, drop]>
npu_group_effective_scope: <integer>
ipsec_STS_timeout: <value in [1, 2, 3, ...]>
ipsec_throughput_msg_frequency: <value in [disable, 32KB, 64KB, ...]>
ipt_STS_timeout: <value in [1, 2, 3, ...]>
ipt_throughput_msg_frequency: <value in [disable, 32KB, 64KB, ...]>
default_tcp_refresh_dir: <value in [both, outgoing, incoming]>
default_udp_refresh_dir: <value in [both, outgoing, incoming]>
nss_threads_option: <value in [4t-eif, 4t-noeif, 2t]>
prp_session_clear_mode: <value in [blocking, non-blocking, do-not-clear]>
shaping_stats: <value in [disable, enable]>
sw_tr_hash:
draco15: <value in [disable, enable]>
tcp_udp_port: <value in [include, exclude]>
pba_port_select_mode: <value in [random, direct]>
spa_port_select_mode: <value in [random, direct]>
split_ipsec_engines: <value in [disable, enable]>
tunnel_over_vlink: <value in [disable, enable]>
max_receive_unit: <integer>
npu_tcam:
-
data:
df: <value in [disable, enable]>
dstip: <string>
dstipv6: <string>
dstmac: <string>
dstport: <integer>
ethertype: <string>
ext_tag: <value in [disable, enable]>
frag_off: <integer>
gen_buf_cnt: <integer>
gen_iv: <value in [invalid, valid]>
gen_l3_flags: <integer>
gen_l4_flags: <integer>
gen_pkt_ctrl: <integer>
gen_pri: <integer>
gen_pri_v: <value in [invalid, valid]>
gen_tv: <value in [invalid, valid]>
ihl: <integer>
ip4_id: <integer>
ip6_fl: <integer>
ipver: <integer>
l4_wd10: <integer>
l4_wd11: <integer>
l4_wd8: <integer>
l4_wd9: <integer>
mf: <value in [disable, enable]>
protocol: <integer>
slink: <integer>
smac_change: <value in [disable, enable]>
sp: <integer>
src_cfi: <value in [disable, enable]>
src_prio: <integer>
src_updt: <value in [disable, enable]>
srcip: <string>
srcipv6: <string>
srcmac: <string>
srcport: <integer>
svid: <integer>
tcp_ack: <value in [disable, enable]>
tcp_cwr: <value in [disable, enable]>
tcp_ece: <value in [disable, enable]>
tcp_fin: <value in [disable, enable]>
tcp_push: <value in [disable, enable]>
tcp_rst: <value in [disable, enable]>
tcp_syn: <value in [disable, enable]>
tcp_urg: <value in [disable, enable]>
tgt_cfi: <value in [disable, enable]>
tgt_prio: <integer>
tgt_updt: <value in [disable, enable]>
tgt_v: <value in [invalid, valid]>
tos: <integer>
tp: <integer>
ttl: <integer>
tvid: <integer>
vdid: <integer>
dbg_dump: <integer>
mask:
df: <value in [disable, enable]>
dstip: <string>
dstipv6: <string>
dstmac: <string>
dstport: <integer>
ethertype: <string>
ext_tag: <value in [disable, enable]>
frag_off: <integer>
gen_buf_cnt: <integer>
gen_iv: <value in [invalid, valid]>
gen_l3_flags: <integer>
gen_l4_flags: <integer>
gen_pkt_ctrl: <integer>
gen_pri: <integer>
gen_pri_v: <value in [invalid, valid]>
gen_tv: <value in [invalid, valid]>
ihl: <integer>
ip4_id: <integer>
ip6_fl: <integer>
ipver: <integer>
l4_wd10: <integer>
l4_wd11: <integer>
l4_wd8: <integer>
l4_wd9: <integer>
mf: <value in [disable, enable]>
protocol: <integer>
slink: <integer>
smac_change: <value in [disable, enable]>
sp: <integer>
src_cfi: <value in [disable, enable]>
src_prio: <integer>
src_updt: <value in [disable, enable]>
srcip: <string>
srcipv6: <string>
srcmac: <string>
srcport: <integer>
svid: <integer>
tcp_ack: <value in [disable, enable]>
tcp_cwr: <value in [disable, enable]>
tcp_ece: <value in [disable, enable]>
tcp_fin: <value in [disable, enable]>
tcp_push: <value in [disable, enable]>
tcp_rst: <value in [disable, enable]>
tcp_syn: <value in [disable, enable]>
tcp_urg: <value in [disable, enable]>
tgt_cfi: <value in [disable, enable]>
tgt_prio: <integer>
tgt_updt: <value in [disable, enable]>
tgt_v: <value in [invalid, valid]>
tos: <integer>
tp: <integer>
ttl: <integer>
tvid: <integer>
vdid: <integer>
mir_act:
vlif: <integer>
name: <string>
oid: <integer>
pri_act:
priority: <integer>
weight: <integer>
sact:
act: <integer>
act_v: <value in [disable, enable]>
bmproc: <integer>
bmproc_v: <value in [disable, enable]>
df_lif: <integer>
df_lif_v: <value in [disable, enable]>
dfr: <integer>
dfr_v: <value in [disable, enable]>
dmac_skip: <integer>
dmac_skip_v: <value in [disable, enable]>
dosen: <integer>
dosen_v: <value in [disable, enable]>
espff_proc: <integer>
espff_proc_v: <value in [disable, enable]>
etype_pid: <integer>
etype_pid_v: <value in [disable, enable]>
frag_proc: <integer>
frag_proc_v: <value in [disable, enable]>
fwd: <integer>
fwd_lif: <integer>
fwd_lif_v: <value in [disable, enable]>
fwd_tvid: <integer>
fwd_tvid_v: <value in [disable, enable]>
fwd_v: <value in [disable, enable]>
icpen: <integer>
icpen_v: <value in [disable, enable]>
igmp_mld_snp: <integer>
igmp_mld_snp_v: <value in [disable, enable]>
learn: <integer>
learn_v: <value in [disable, enable]>
m_srh_ctrl: <integer>
m_srh_ctrl_v: <value in [disable, enable]>
mac_id: <integer>
mac_id_v: <value in [disable, enable]>
mss: <integer>
mss_v: <value in [disable, enable]>
pleen: <integer>
pleen_v: <value in [disable, enable]>
prio_pid: <integer>
prio_pid_v: <value in [disable, enable]>
promis: <integer>
promis_v: <value in [disable, enable]>
rfsh: <integer>
rfsh_v: <value in [disable, enable]>
smac_skip: <integer>
smac_skip_v: <value in [disable, enable]>
tp_smchk_v: <value in [disable, enable]>
tp_smchk: <integer>
tpe_id: <integer>
tpe_id_v: <value in [disable, enable]>
vdm: <integer>
vdm_v: <value in [disable, enable]>
vdom_id: <integer>
vdom_id_v: <value in [disable, enable]>
x_mode: <integer>
x_mode_v: <value in [disable, enable]>
tact:
act: <integer>
act_v: <value in [disable, enable]>
fmtuv4_s: <integer>
fmtuv4_s_v: <value in [disable, enable]>
fmtuv6_s: <integer>
fmtuv6_s_v: <value in [disable, enable]>
lnkid: <integer>
lnkid_v: <value in [disable, enable]>
mac_id: <integer>
mac_id_v: <value in [disable, enable]>
mss_t: <integer>
mss_t_v: <value in [disable, enable]>
mtuv4: <integer>
mtuv4_v: <value in [disable, enable]>
mtuv6: <integer>
mtuv6_v: <value in [disable, enable]>
slif_act: <integer>
slif_act_v: <value in [disable, enable]>
sublnkid: <integer>
sublnkid_v: <value in [disable, enable]>
tgtv_act: <integer>
tgtv_act_v: <value in [disable, enable]>
tlif_act: <integer>
tlif_act_v: <value in [disable, enable]>
tpeid: <integer>
tpeid_v: <value in [disable, enable]>
v6fe: <integer>
v6fe_v: <value in [disable, enable]>
vep_en_v: <value in [disable, enable]>
vep_slid: <integer>
vep_slid_v: <value in [disable, enable]>
vep_en: <integer>
xlt_lif: <integer>
xlt_lif_v: <value in [disable, enable]>
xlt_vid: <integer>
xlt_vid_v: <value in [disable, enable]>
type: <value in [L2_src_tc, L2_tgt_tc, L2_src_mir, ...]>
vid: <integer>
icmp_rate_ctrl:
icmp_v4_bucket_size: <integer>
icmp_v4_rate: <integer>
icmp_v6_bucket_size: <integer>
icmp_v6_rate: <integer>
vxlan_offload: <value in [disable, enable]>
icmp_error_rate_ctrl:
icmpv4_error_bucket_size: <integer>
icmpv4_error_rate: <integer>
icmpv4_error_rate_limit: <value in [disable, enable]>
icmpv6_error_bucket_size: <integer>
icmpv6_error_rate: <integer>
icmpv6_error_rate_limit: <value in [disable, enable]>
ipv4_session_quota: <value in [disable, enable]>
ipv4_session_quota_high: <integer>
ipv4_session_quota_low: <integer>
ipv6_prefix_session_quota: <value in [disable, enable]>
ipv6_prefix_session_quota_high: <integer>
ipv6_prefix_session_quota_low: <integer>
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
|---|---|
The result of the request. Returned: always |
|
The full url requested. Returned: always Sample: |
|
The status of api request. Returned: always Sample: |
|
The api response. Returned: always |
|
The descriptive message of the api response. Returned: always Sample: |
|
The information of the target system. Returned: always |
|
The status the request. Returned: always Sample: |
|
Warning if the parameters used in the playbook are not supported by the current FortiManager version. Returned: complex |