fortinet.fortimanager.fmgr_system_npu_nputcam module – Configure NPU TCAM policies.
Note
This module is part of the fortinet.fortimanager collection (version 2.8.0).
You might already have this collection installed if you are using the ansible package.
It is not included in ansible-core.
To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install fortinet.fortimanager.
To use it in a playbook, specify: fortinet.fortimanager.fmgr_system_npu_nputcam.
New in fortinet.fortimanager 2.4.0
Synopsis
This module is able to configure a FortiManager device.
Examples include all parameters and values which need to be adjusted to data sources before usage.
Parameters
Parameter |
Comments |
|---|---|
The token to access FortiManager without using username and password. |
|
The parameter (adom) in requested url. |
|
Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters. Choices:
|
|
Enable/Disable logging for task. Choices:
|
|
Authenticate Ansible client with forticloud API access token. |
|
The overridden method for the underlying Json RPC request. Choices:
|
|
The rc codes list with which the conditions to fail will be overriden. |
|
The rc codes list with which the conditions to succeed will be overriden. |
|
The directive to create, update or delete an object. Choices:
|
|
The top level parameters set. |
|
Data. |
|
Tcam data ip flag df. Choices:
|
|
Tcam data dst ipv4 address. |
|
Tcam data dst ipv6 address. |
|
Tcam data dst macaddr. |
|
Tcam data L4 dst port. |
|
Tcam data ethertype. |
|
Tcam data extension tag. Choices:
|
|
Tcam data ip flag fragment offset. |
|
Tcam data gen info buffer count. |
|
Tcam data gen info iv. Choices:
|
|
Tcam data gen info L3 flags. |
|
Tcam data gen info L4 flags. |
|
Tcam data gen info packet control. |
|
Tcam data gen info priority. |
|
Tcam data gen info priority valid. Choices:
|
|
Tcam data gen info tv. Choices:
|
|
Tcam data ipv4 IHL. |
|
Tcam data ipv4 id. |
|
Tcam data ipv6 flow label. |
|
Tcam data ip header version. |
|
Tcam data L4 word10. |
|
Tcam data L4 word11. |
|
Tcam data L4 word8. |
|
Tcam data L4 word9. |
|
Tcam data ip flag mf. Choices:
|
|
Tcam data ip protocol. |
|
Tcam data sublink. |
|
Tcam data source MAC change. Choices:
|
|
Tcam data source port. |
|
Tcam data source cfi. Choices:
|
|
Tcam data source priority. |
|
Tcam data source update. Choices:
|
|
Tcam data src ipv4 address. |
|
Tcam data src ipv6 address. |
|
Tcam data src macaddr. |
|
Tcam data L4 src port. |
|
Tcam data source vid. |
|
Tcam data tcp flag ack. Choices:
|
|
Tcam data tcp flag cwr. Choices:
|
|
Tcam data tcp flag ece. Choices:
|
|
Tcam data tcp flag fin. Choices:
|
|
Tcam data tcp flag push. Choices:
|
|
Tcam data tcp flag rst. Choices:
|
|
Tcam data tcp flag syn. Choices:
|
|
Tcam data tcp flag urg. Choices:
|
|
Tcam data target cfi. Choices:
|
|
Tcam data target priority. |
|
Tcam data target port update. Choices:
|
|
Tcam data target valid. Choices:
|
|
Tcam data ip tos. |
|
Tcam data target port. |
|
Tcam data ip ttl. |
|
Tcam data target vid. |
|
Tcam data vdom id. |
|
Debug driver dump data/mask pdq. |
|
Mask. |
|
Tcam mask ip flag df. Choices:
|
|
Tcam mask dst ipv4 address. |
|
Tcam mask dst ipv6 address. |
|
Tcam mask dst macaddr. |
|
Tcam mask L4 dst port. |
|
Tcam mask ethertype. |
|
Tcam mask extension tag. Choices:
|
|
Tcam data ip flag fragment offset. |
|
Tcam mask gen info buffer count. |
|
Tcam mask gen info iv. Choices:
|
|
Tcam mask gen info L3 flags. |
|
Tcam mask gen info L4 flags. |
|
Tcam mask gen info packet control. |
|
Tcam mask gen info priority. |
|
Tcam mask gen info priority valid. Choices:
|
|
Tcam mask gen info tv. Choices:
|
|
Tcam mask ipv4 IHL. |
|
Tcam mask ipv4 id. |
|
Tcam mask ipv6 flow label. |
|
Tcam mask ip header version. |
|
Tcam mask L4 word10. |
|
Tcam mask L4 word11. |
|
Tcam mask L4 word8. |
|
Tcam mask L4 word9. |
|
Tcam mask ip flag mf. Choices:
|
|
Tcam mask ip protocol. |
|
Tcam mask sublink. |
|
Tcam mask source MAC change. Choices:
|
|
Tcam mask source port. |
|
Tcam mask source cfi. Choices:
|
|
Tcam mask source priority. |
|
Tcam mask source update. Choices:
|
|
Tcam mask src ipv4 address. |
|
Tcam mask src ipv6 address. |
|
Tcam mask src macaddr. |
|
Tcam mask L4 src port. |
|
Tcam mask source vid. |
|
Tcam mask tcp flag ack. Choices:
|
|
Tcam mask tcp flag cwr. Choices:
|
|
Tcam mask tcp flag ece. Choices:
|
|
Tcam mask tcp flag fin. Choices:
|
|
Tcam mask tcp flag push. Choices:
|
|
Tcam mask tcp flag rst. Choices:
|
|
Tcam mask tcp flag syn. Choices:
|
|
Tcam mask tcp flag urg. Choices:
|
|
Tcam mask target cfi. Choices:
|
|
Tcam mask target priority. |
|
Tcam mask target port update. Choices:
|
|
Tcam mask target valid. Choices:
|
|
Tcam mask ip tos. |
|
Tcam mask target port. |
|
Tcam mask ip ttl. |
|
Tcam mask target vid. |
|
Tcam mask vdom id. |
|
Mir act. |
|
Tcam mirror action vlif. |
|
NPU TCAM policies name. |
|
NPU TCAM OID. |
|
Pri act. |
|
Tcam priority action priority. |
|
Tcam priority action weight. |
|
Sact. |
|
Tcam sact act. |
|
Enable to set sact act. Choices:
|
|
Tcam sact bmproc. |
|
Enable to set sact bmproc. Choices:
|
|
Tcam sact df-lif. |
|
Enable to set sact df-lif. Choices:
|
|
Tcam sact dfr. |
|
Enable to set sact dfr. Choices:
|
|
Tcam sact dmac-skip. |
|
Enable to set sact dmac-skip. Choices:
|
|
Tcam sact dosen. |
|
Enable to set sact dosen. Choices:
|
|
Tcam sact espff-proc. |
|
Enable to set sact espff-proc. Choices:
|
|
Tcam sact etype-pid. |
|
Enable to set sact etype-pid. Choices:
|
|
Tcam sact frag-proc. |
|
Enable to set sact frag-proc. Choices:
|
|
Tcam sact fwd. |
|
Tcam sact fwd-lif. |
|
Enable to set sact fwd-lif. Choices:
|
|
Tcam sact fwd-tvid. |
|
Enable to set sact fwd-vid. Choices:
|
|
Enable to set sact fwd. Choices:
|
|
Tcam sact icpen. |
|
Enable to set sact icpen. Choices:
|
|
Tcam sact igmp-mld-snp. |
|
Enable to set sact igmp-mld-snp. Choices:
|
|
Tcam sact learn. |
|
Enable to set sact learn. Choices:
|
|
Tcam sact m-srh-ctrl. |
|
Enable to set sact m-srh-ctrl. Choices:
|
|
Tcam sact mac-id. |
|
Enable to set sact mac-id. Choices:
|
|
Tcam sact mss. |
|
Enable to set sact mss. Choices:
|
|
Tcam sact pleen. |
|
Enable to set sact pleen. Choices:
|
|
Tcam sact prio-pid. |
|
Enable to set sact prio-pid. Choices:
|
|
Tcam sact promis. |
|
Enable to set sact promis. Choices:
|
|
Tcam sact rfsh. |
|
Enable to set sact rfsh. Choices:
|
|
Tcam sact smac-skip. |
|
Enable to set sact smac-skip. Choices:
|
|
Tcam sact tp mode. |
|
Enable to set sact tp mode. Choices:
|
|
Tcam sact tpe-id. |
|
Enable to set sact tpe-id. Choices:
|
|
Tcam sact vdm. |
|
Enable to set sact vdm. Choices:
|
|
Tcam sact vdom-id. |
|
Enable to set sact vdom-id. Choices:
|
|
Tcam sact x-mode. |
|
Enable to set sact x-mode. Choices:
|
|
Tact. |
|
Tcam tact act. |
|
Enable to set tact act. Choices:
|
|
Tcam tact fmtuv4-s. |
|
Enable to set tact fmtuv4-s. Choices:
|
|
Tcam tact fmtuv6-s. |
|
Enable to set tact fmtuv6-s. Choices:
|
|
Tcam tact lnkid. |
|
Enable to set tact lnkid. Choices:
|
|
Tcam tact mac-id. |
|
Enable to set tact mac-id. Choices:
|
|
Tcam tact mss. |
|
Enable to set tact mss. Choices:
|
|
Tcam tact mtuv4. |
|
Enable to set tact mtuv4. Choices:
|
|
Tcam tact mtuv6. |
|
Enable to set tact mtuv6. Choices:
|
|
Tcam tact slif-act. |
|
Enable to set tact slif-act. Choices:
|
|
Tcam tact sublnkid. |
|
Enable to set tact sublnkid. Choices:
|
|
Tcam tact tgtv-act. |
|
Enable to set tact tgtv-act. Choices:
|
|
Tcam tact tlif-act. |
|
Enable to set tact tlif-act. Choices:
|
|
Tcam tact tpeid. |
|
Enable to set tact tpeid. Choices:
|
|
Tcam tact v6fe. |
|
Enable to set tact v6fe. Choices:
|
|
Tcam tact vep_en. |
|
Enable to set tact vep-en. Choices:
|
|
Tcam tact vep_slid. |
|
Enable to set tact vep-slid. Choices:
|
|
Tcam tact xlt-lif. |
|
Enable to set tact xlt-lif. Choices:
|
|
Tcam tact xlt-vid. |
|
Enable to set tact xlt-vid. Choices:
|
|
TCAM policy type. Choices:
|
|
NPU TCAM VID. |
|
The adom to lock for FortiManager running in workspace mode, the value can be global and others including root. |
|
The maximum time in seconds to wait for other user to release the workspace lock. Default: |
Notes
Note
Starting in version 2.4.0, all input arguments are named using the underscore naming convention (snake_case). Please change the arguments such as “var-name” to “var_name”. Old argument names are still available yet you will receive deprecation warnings. You can ignore this warning by setting deprecation_warnings=False in ansible.cfg.
Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.
To create or update an object, use state present directive.
To delete an object, use state absent directive.
Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded
Examples
- name: Example playbook (generated based on argument schema)
hosts: fortimanagers
connection: httpapi
vars:
ansible_httpapi_use_ssl: true
ansible_httpapi_validate_certs: false
ansible_httpapi_port: 443
tasks:
- name: Configure NPU TCAM policies.
fortinet.fortimanager.fmgr_system_npu_nputcam:
# bypass_validation: false
workspace_locking_adom: <value in [global, custom adom including root]>
workspace_locking_timeout: 300
# rc_succeeded: [0, -2, -3, ...]
# rc_failed: [-2, -3, ...]
adom: <your own value>
state: present # <value in [present, absent]>
system_npu_nputcam:
data:
df: <value in [disable, enable]>
dstip: <string>
dstipv6: <string>
dstmac: <string>
dstport: <integer>
ethertype: <string>
ext_tag: <value in [disable, enable]>
frag_off: <integer>
gen_buf_cnt: <integer>
gen_iv: <value in [invalid, valid]>
gen_l3_flags: <integer>
gen_l4_flags: <integer>
gen_pkt_ctrl: <integer>
gen_pri: <integer>
gen_pri_v: <value in [invalid, valid]>
gen_tv: <value in [invalid, valid]>
ihl: <integer>
ip4_id: <integer>
ip6_fl: <integer>
ipver: <integer>
l4_wd10: <integer>
l4_wd11: <integer>
l4_wd8: <integer>
l4_wd9: <integer>
mf: <value in [disable, enable]>
protocol: <integer>
slink: <integer>
smac_change: <value in [disable, enable]>
sp: <integer>
src_cfi: <value in [disable, enable]>
src_prio: <integer>
src_updt: <value in [disable, enable]>
srcip: <string>
srcipv6: <string>
srcmac: <string>
srcport: <integer>
svid: <integer>
tcp_ack: <value in [disable, enable]>
tcp_cwr: <value in [disable, enable]>
tcp_ece: <value in [disable, enable]>
tcp_fin: <value in [disable, enable]>
tcp_push: <value in [disable, enable]>
tcp_rst: <value in [disable, enable]>
tcp_syn: <value in [disable, enable]>
tcp_urg: <value in [disable, enable]>
tgt_cfi: <value in [disable, enable]>
tgt_prio: <integer>
tgt_updt: <value in [disable, enable]>
tgt_v: <value in [invalid, valid]>
tos: <integer>
tp: <integer>
ttl: <integer>
tvid: <integer>
vdid: <integer>
dbg_dump: <integer>
mask:
df: <value in [disable, enable]>
dstip: <string>
dstipv6: <string>
dstmac: <string>
dstport: <integer>
ethertype: <string>
ext_tag: <value in [disable, enable]>
frag_off: <integer>
gen_buf_cnt: <integer>
gen_iv: <value in [invalid, valid]>
gen_l3_flags: <integer>
gen_l4_flags: <integer>
gen_pkt_ctrl: <integer>
gen_pri: <integer>
gen_pri_v: <value in [invalid, valid]>
gen_tv: <value in [invalid, valid]>
ihl: <integer>
ip4_id: <integer>
ip6_fl: <integer>
ipver: <integer>
l4_wd10: <integer>
l4_wd11: <integer>
l4_wd8: <integer>
l4_wd9: <integer>
mf: <value in [disable, enable]>
protocol: <integer>
slink: <integer>
smac_change: <value in [disable, enable]>
sp: <integer>
src_cfi: <value in [disable, enable]>
src_prio: <integer>
src_updt: <value in [disable, enable]>
srcip: <string>
srcipv6: <string>
srcmac: <string>
srcport: <integer>
svid: <integer>
tcp_ack: <value in [disable, enable]>
tcp_cwr: <value in [disable, enable]>
tcp_ece: <value in [disable, enable]>
tcp_fin: <value in [disable, enable]>
tcp_push: <value in [disable, enable]>
tcp_rst: <value in [disable, enable]>
tcp_syn: <value in [disable, enable]>
tcp_urg: <value in [disable, enable]>
tgt_cfi: <value in [disable, enable]>
tgt_prio: <integer>
tgt_updt: <value in [disable, enable]>
tgt_v: <value in [invalid, valid]>
tos: <integer>
tp: <integer>
ttl: <integer>
tvid: <integer>
vdid: <integer>
mir_act:
vlif: <integer>
name: <string>
oid: <integer>
pri_act:
priority: <integer>
weight: <integer>
sact:
act: <integer>
act_v: <value in [disable, enable]>
bmproc: <integer>
bmproc_v: <value in [disable, enable]>
df_lif: <integer>
df_lif_v: <value in [disable, enable]>
dfr: <integer>
dfr_v: <value in [disable, enable]>
dmac_skip: <integer>
dmac_skip_v: <value in [disable, enable]>
dosen: <integer>
dosen_v: <value in [disable, enable]>
espff_proc: <integer>
espff_proc_v: <value in [disable, enable]>
etype_pid: <integer>
etype_pid_v: <value in [disable, enable]>
frag_proc: <integer>
frag_proc_v: <value in [disable, enable]>
fwd: <integer>
fwd_lif: <integer>
fwd_lif_v: <value in [disable, enable]>
fwd_tvid: <integer>
fwd_tvid_v: <value in [disable, enable]>
fwd_v: <value in [disable, enable]>
icpen: <integer>
icpen_v: <value in [disable, enable]>
igmp_mld_snp: <integer>
igmp_mld_snp_v: <value in [disable, enable]>
learn: <integer>
learn_v: <value in [disable, enable]>
m_srh_ctrl: <integer>
m_srh_ctrl_v: <value in [disable, enable]>
mac_id: <integer>
mac_id_v: <value in [disable, enable]>
mss: <integer>
mss_v: <value in [disable, enable]>
pleen: <integer>
pleen_v: <value in [disable, enable]>
prio_pid: <integer>
prio_pid_v: <value in [disable, enable]>
promis: <integer>
promis_v: <value in [disable, enable]>
rfsh: <integer>
rfsh_v: <value in [disable, enable]>
smac_skip: <integer>
smac_skip_v: <value in [disable, enable]>
tp_smchk_v: <value in [disable, enable]>
tp_smchk: <integer>
tpe_id: <integer>
tpe_id_v: <value in [disable, enable]>
vdm: <integer>
vdm_v: <value in [disable, enable]>
vdom_id: <integer>
vdom_id_v: <value in [disable, enable]>
x_mode: <integer>
x_mode_v: <value in [disable, enable]>
tact:
act: <integer>
act_v: <value in [disable, enable]>
fmtuv4_s: <integer>
fmtuv4_s_v: <value in [disable, enable]>
fmtuv6_s: <integer>
fmtuv6_s_v: <value in [disable, enable]>
lnkid: <integer>
lnkid_v: <value in [disable, enable]>
mac_id: <integer>
mac_id_v: <value in [disable, enable]>
mss_t: <integer>
mss_t_v: <value in [disable, enable]>
mtuv4: <integer>
mtuv4_v: <value in [disable, enable]>
mtuv6: <integer>
mtuv6_v: <value in [disable, enable]>
slif_act: <integer>
slif_act_v: <value in [disable, enable]>
sublnkid: <integer>
sublnkid_v: <value in [disable, enable]>
tgtv_act: <integer>
tgtv_act_v: <value in [disable, enable]>
tlif_act: <integer>
tlif_act_v: <value in [disable, enable]>
tpeid: <integer>
tpeid_v: <value in [disable, enable]>
v6fe: <integer>
v6fe_v: <value in [disable, enable]>
vep_en_v: <value in [disable, enable]>
vep_slid: <integer>
vep_slid_v: <value in [disable, enable]>
vep_en: <integer>
xlt_lif: <integer>
xlt_lif_v: <value in [disable, enable]>
xlt_vid: <integer>
xlt_vid_v: <value in [disable, enable]>
type: <value in [L2_src_tc, L2_tgt_tc, L2_src_mir, ...]>
vid: <integer>
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
|---|---|
The result of the request. Returned: always |
|
The full url requested. Returned: always Sample: |
|
The status of api request. Returned: always Sample: |
|
The api response. Returned: always |
|
The descriptive message of the api response. Returned: always Sample: |
|
The information of the target system. Returned: always |
|
The status the request. Returned: always Sample: |
|
Warning if the parameters used in the playbook are not supported by the current FortiManager version. Returned: complex |