fortinet.fortios.fortios_system_npu module – Configure NPU attributes in Fortinet’s FortiOS and FortiGate.
Note
This module is part of the fortinet.fortios collection (version 2.3.8).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install fortinet.fortios
.
You need further requirements to be able to use this module,
see Requirements for details.
To use it in a playbook, specify: fortinet.fortios.fortios_system_npu
.
New in fortinet.fortios 2.0.0
Synopsis
This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and npu category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
Requirements
The below requirements are needed on the host that executes this module.
ansible>=2.15
Parameters
Parameter |
Comments |
---|---|
Token-based authentication. Generated from GUI of Fortigate. |
|
Enable/Disable logging for task. Choices:
|
|
Member attribute path to operate on. Delimited by a slash character if there are more than one attribute. Parameter marked with member_path is legitimate for doing member operation. |
|
Add or delete a member under specified attribute path. When member_state is specified, the state option is ignored. Choices:
|
|
Configure NPU attributes. |
|
Enable/disable offloading managed FortiAP and FortiLink CAPWAP sessions. Choices:
|
|
Affinity setting for management daemons (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx). |
|
Enable to dedicate one CPU for GUI and CLI connections when NPs are busy. Choices:
|
|
Set default QoS type. Choices:
|
|
NPU DoS configurations. |
|
Set DoS meter NPU offloading mode. Choices:
|
|
Enable/disable insertion of DoS meter ID to session table. Choices:
|
|
Enable double level mcast offload. Choices:
|
|
Configure NPU DSW DTS profile. |
|
Set NPU DSW DTS profile action. Choices:
|
|
Set NPU DSW DTS profile min-limt. |
|
Set NPU DSW DTS profile profile id. see <a href=’#notes’>Notes</a>. |
|
Set NPU DSW DTS profile step. |
|
Configure NPU DSW Queue DTS profile. |
|
Set NPU DSW DTS in port. Choices:
|
|
Name. |
|
Set NPU DSW DTS out port. Choices:
|
|
Set NPU DSW DTS profile ID. |
|
Set NPU DSW DTS queue ID select (0 - reset to default). |
|
Enable/disable NP6 offloading (also called fast path). Choices:
|
|
IPv4/IPv6 anomaly protection. |
|
Invalid IPv4 ICMP checksum anomalies. Choices:
|
|
Layer 3 fragmented packets that could be part of layer 4 ICMP anomalies. Choices:
|
|
ICMP land anomalies. Choices:
|
|
Invalid IPv4 IP checksum anomalies. Choices:
|
|
Land anomalies. Choices:
|
|
Loose source record route option anomalies. Choices:
|
|
Record route option anomalies. Choices:
|
|
Security option anomalies. Choices:
|
|
Strict source record route option anomalies. Choices:
|
|
Stream option anomalies. Choices:
|
|
Timestamp option anomalies. Choices:
|
|
Invalid layer 4 protocol anomalies. Choices:
|
|
Unknown option anomalies. Choices:
|
|
Destination address as unspecified or loopback address anomalies. Choices:
|
|
Land anomalies. Choices:
|
|
End point identification anomalies. Choices:
|
|
Home address option anomalies. Choices:
|
|
Invalid option anomalies.Invalid option anomalies. Choices:
|
|
Jumbo options anomalies. Choices:
|
|
Network service access point address option anomalies. Choices:
|
|
Router alert option anomalies. Choices:
|
|
Tunnel encapsulation limit option anomalies. Choices:
|
|
Layer 4 invalid protocol anomalies. Choices:
|
|
Source address as multicast anomalies. Choices:
|
|
Unknown option anomalies. Choices:
|
|
Invalid IPv4 TCP checksum anomalies. Choices:
|
|
TCP SYN flood with FIN flag set without ACK setting anomalies. Choices:
|
|
TCP SYN flood with only FIN flag set anomalies. Choices:
|
|
TCP land anomalies. Choices:
|
|
TCP SYN flood with no flag set anomalies. Choices:
|
|
TCP SYN flood packets with data anomalies. Choices:
|
|
TCP SYN flood SYN/FIN flag set anomalies. Choices:
|
|
TCP WinNuke anomalies. Choices:
|
|
Invalid IPv4 UDP checksum anomalies. Choices:
|
|
UDP land anomalies. Choices:
|
|
GTP enhanced CPU range option. Choices:
|
|
Enable/disable GTP enhanced mode. Choices:
|
|
Enable/Disable NP7 GTP support Choices:
|
|
Enable/disable hash table entry spread . Choices:
|
|
Host protection engine configuration. |
|
Maximum packet rate of each host queue except high priority traffic(1K - 32M pps), set 0 to disable. |
|
Maximum ARP packet rate (1K - 32M pps). Entry is valid when ARP is removed from high-priority traffic. |
|
Enable/Disable NPU Host Protection Engine (HPE) for packet type shaper. Choices:
|
|
Maximum ESP packet rate (1K - 32M pps). |
|
Maximum packet rate for high priority traffic packets (1K - 32M pps). |
|
Maximum ICMP packet rate (1K - 32M pps). |
|
Maximum fragmented IP packet rate (1K - 32M pps). |
|
Maximum IP packet rate for other packets (packet types that cannot be set with other options) (1K - 32G pps). |
|
Maximum L2 packet rate for L2 packets that are not ARP packets (1K - 32M pps). |
|
Maximum SCTP packet rate (1K - 32M pps). |
|
Maximum TCP packet rate (1K - 32M pps). |
|
Maximum TCP carries FIN or RST flags packet rate (1K - 32M pps). |
|
Maximum TCP carries SYN and ACK flags packet rate (1K - 32M pps). |
|
Maximum TCP SYN packet rate (1K - 40M pps). |
|
Maximum UDP packet rate (1K - 32M pps). |
|
Set the number of dedicate queue for hash table messages. |
|
Set hash table message queue mode. Choices:
|
|
Set HTX icmp csum checking mode. Choices:
|
|
Physical interfaces that support inbound-dscp-copy. |
|
Physical interface name. |
|
Enable/disable NPU offload when doing interface-based traffic shaping according to the egress-shaping-profile. Choices:
|
|
Enable/disable NP7 NPU IP fragment offload. Choices:
|
|
IP reassebmly engine configuration. |
|
Maximum timeout value for IP reassembly (5 us - 600,000,000 us). |
|
Minimum timeout value for IP reassembly (5 us - 600,000,000 us). |
|
Set IP reassembly processing status. Choices:
|
|
IPsec decryption subengine mask (0x1 - 0xff). |
|
IPsec encryption subengine mask (0x1 - 0xff). |
|
Enable/disable IPsec inbound cache for anti-replay. Choices:
|
|
Enable/disable NP6 IPsec MTU override. Choices:
|
|
IPsec NP selection for OB SA offloading. Choices:
|
|
Enable/disable IPsec over vlink. Choices:
|
|
Configure queues of switch port connected to NP6 XAUI on ingress path. |
|
CoS profile name for CoS 0. Source system.isf-queue-profile.name. |
|
CoS profile name for CoS 1. Source system.isf-queue-profile.name. |
|
CoS profile name for CoS 2. Source system.isf-queue-profile.name. |
|
CoS profile name for CoS 3. Source system.isf-queue-profile.name. |
|
CoS profile name for CoS 4. Source system.isf-queue-profile.name. |
|
CoS profile name for CoS 5. Source system.isf-queue-profile.name. |
|
CoS profile name for CoS 6. Source system.isf-queue-profile.name. |
|
CoS profile name for CoS 7. Source system.isf-queue-profile.name. |
|
Enable/disable LAG outgoing port selection based on incoming traffic port. Choices:
|
|
Set the maximum packet size for receive, larger packets will be silently dropped. |
|
Maximum time interval for refreshing NPU-offloaded sessions (10 - 1000 sec). |
|
Enable/disable traffic accounting for each multicast session through TAE counter. Choices:
|
|
NAPI break interval . |
|
Configure queue assignment on NP7. |
|
Configure a NP7 QoS Ethernet Type. |
|
Ethernet Type Name. |
|
Queue Number. |
|
Ethernet Type. |
|
Class Weight. |
|
Configure a NP7 QoS IP Protocol. |
|
IP Protocol Name. |
|
IP Protocol. |
|
Queue Number. |
|
Class Weight. |
|
Configure a NP7 QoS IP Service. |
|
Destination port. |
|
IP service name. |
|
IP protocol. |
|
Queue number. |
|
Source port. |
|
Class weight. |
|
Configure a NP7 class profile. |
|
Queue number of CoS 0. Choices:
|
|
Queue number of CoS 1. Choices:
|
|
Queue number of CoS 2. Choices:
|
|
Queue number of CoS 3. Choices:
|
|
Queue number of CoS 4. Choices:
|
|
Queue number of CoS 5. Choices:
|
|
Queue number of CoS 6. Choices:
|
|
Queue number of CoS 7. Choices:
|
|
Queue number of DSCP 0. Choices:
|
|
Queue number of DSCP 1. Choices:
|
|
Queue number of DSCP 10. Choices:
|
|
Queue number of DSCP 11. Choices:
|
|
Queue number of DSCP 12. Choices:
|
|
Queue number of DSCP 13. Choices:
|
|
Queue number of DSCP 14. Choices:
|
|
Queue number of DSCP 15. Choices:
|
|
Queue number of DSCP 16. Choices:
|
|
Queue number of DSCP 17. Choices:
|
|
Queue number of DSCP 18. Choices:
|
|
Queue number of DSCP 19. Choices:
|
|
Queue number of DSCP 2. Choices:
|
|
Queue number of DSCP 20. Choices:
|
|
Queue number of DSCP 21. Choices:
|
|
Queue number of DSCP 22. Choices:
|
|
Queue number of DSCP 23. Choices:
|
|
Queue number of DSCP 24. Choices:
|
|
Queue number of DSCP 25. Choices:
|
|
Queue number of DSCP 26. Choices:
|
|
Queue number of DSCP 27. Choices:
|
|
Queue number of DSCP 28. Choices:
|
|
Queue number of DSCP 29. Choices:
|
|
Queue number of DSCP 3. Choices:
|
|
Queue number of DSCP 30. Choices:
|
|
Queue number of DSCP 31. Choices:
|
|
Queue number of DSCP 32. Choices:
|
|
Queue number of DSCP 33. Choices:
|
|
Queue number of DSCP 34. Choices:
|
|
Queue number of DSCP 35. Choices:
|
|
Queue number of DSCP 36. Choices:
|
|
Queue number of DSCP 37. Choices:
|
|
Queue number of DSCP 38. Choices:
|
|
Queue number of DSCP 39. Choices:
|
|
Queue number of DSCP 4. Choices:
|
|
Queue number of DSCP 40. Choices:
|
|
Queue number of DSCP 41. Choices:
|
|
Queue number of DSCP 42. Choices:
|
|
Queue number of DSCP 43. Choices:
|
|
Queue number of DSCP 44. Choices:
|
|
Queue number of DSCP 45. Choices:
|
|
Queue number of DSCP 46. Choices:
|
|
Queue number of DSCP 47. Choices:
|
|
Queue number of DSCP 48. Choices:
|
|
Queue number of DSCP 49. Choices:
|
|
Queue number of DSCP 5. Choices:
|
|
Queue number of DSCP 50. Choices:
|
|
Queue number of DSCP 51. Choices:
|
|
Queue number of DSCP 52. Choices:
|
|
Queue number of DSCP 53. Choices:
|
|
Queue number of DSCP 54. Choices:
|
|
Queue number of DSCP 55. Choices:
|
|
Queue number of DSCP 56. Choices:
|
|
Queue number of DSCP 57. Choices:
|
|
Queue number of DSCP 58. Choices:
|
|
Queue number of DSCP 59. Choices:
|
|
Queue number of DSCP 6. Choices:
|
|
Queue number of DSCP 60. Choices:
|
|
Queue number of DSCP 61. Choices:
|
|
Queue number of DSCP 62. Choices:
|
|
Queue number of DSCP 63. Choices:
|
|
Queue number of DSCP 7. Choices:
|
|
Queue number of DSCP 8. Choices:
|
|
Queue number of DSCP 9. Choices:
|
|
Profile ID. see <a href=’#notes’>Notes</a>. |
|
Profile type. Choices:
|
|
Class weight. |
|
Configure a NP7 QoS Scheduler. |
|
Scheduler mode. Choices:
|
|
Scheduler name. |
|
npu-group-effective-scope defines under which npu-group cmds such as list/purge will be excecuted. Default scope is for all four HS-ok groups. (0-3). |
|
Configure NPU TCAM policies. |
|
Data fields of TCAM. |
|
tcam data ip flag df. Choices:
|
|
tcam data dst ipv4 address. |
|
tcam data dst ipv6 address. |
|
tcam data dst macaddr. |
|
tcam data L4 dst port. |
|
tcam data ethertype. |
|
tcam data extension tag. Choices:
|
|
tcam data ip flag fragment offset. |
|
tcam data gen info buffer count. |
|
tcam data gen info iv. Choices:
|
|
tcam data gen info L3 flags. |
|
tcam data gen info L4 flags. |
|
tcam data gen info packet control. |
|
tcam data gen info priority. |
|
tcam data gen info priority valid. Choices:
|
|
tcam data gen info tv. Choices:
|
|
tcam data ipv4 IHL. |
|
tcam data ipv4 id. |
|
tcam data ipv6 flow label. |
|
tcam data ip header version. |
|
tcam data L4 word10. |
|
tcam data L4 word11. |
|
tcam data L4 word8. |
|
tcam data L4 word9. |
|
tcam data ip flag mf. Choices:
|
|
tcam data ip protocol. |
|
tcam data sublink. |
|
tcam data source MAC change. Choices:
|
|
tcam data source port. |
|
tcam data source cfi. Choices:
|
|
tcam data source priority. |
|
tcam data source update. Choices:
|
|
tcam data src ipv4 address. |
|
tcam data src ipv6 address. |
|
tcam data src macaddr. |
|
tcam data L4 src port. |
|
tcam data source vid. |
|
tcam data tcp flag ack. Choices:
|
|
tcam data tcp flag cwr. Choices:
|
|
tcam data tcp flag ece. Choices:
|
|
tcam data tcp flag fin. Choices:
|
|
tcam data tcp flag push. Choices:
|
|
tcam data tcp flag rst. Choices:
|
|
tcam data tcp flag syn. Choices:
|
|
tcam data tcp flag urg. Choices:
|
|
tcam data target cfi. Choices:
|
|
tcam data target priority. |
|
tcam data target port update. Choices:
|
|
tcam data target valid. Choices:
|
|
tcam data ip tos. |
|
tcam data target port. |
|
tcam data ip ttl. |
|
tcam data target vid. |
|
tcam data vdom id. |
|
Mask fields of TCAM. |
|
tcam mask ip flag df. Choices:
|
|
tcam mask dst ipv4 address. |
|
tcam mask dst ipv6 address. |
|
tcam mask dst macaddr. |
|
tcam mask L4 dst port. |
|
tcam mask ethertype. |
|
tcam mask extension tag. Choices:
|
|
tcam data ip flag fragment offset. |
|
tcam mask gen info buffer count. |
|
tcam mask gen info iv. Choices:
|
|
tcam mask gen info L3 flags. |
|
tcam mask gen info L4 flags. |
|
tcam mask gen info packet control. |
|
tcam mask gen info priority. |
|
tcam mask gen info priority valid. Choices:
|
|
tcam mask gen info tv. Choices:
|
|
tcam mask ipv4 IHL. |
|
tcam mask ipv4 id. |
|
tcam mask ipv6 flow label. |
|
tcam mask ip header version. |
|
tcam mask L4 word10. |
|
tcam mask L4 word11. |
|
tcam mask L4 word8. |
|
tcam mask L4 word9. |
|
tcam mask ip flag mf. Choices:
|
|
tcam mask ip protocol. |
|
tcam mask sublink. |
|
tcam mask source MAC change. Choices:
|
|
tcam mask source port. |
|
tcam mask source cfi. Choices:
|
|
tcam mask source priority. |
|
tcam mask source update. Choices:
|
|
tcam mask src ipv4 address. |
|
tcam mask src ipv6 address. |
|
tcam mask src macaddr. |
|
tcam mask L4 src port. |
|
tcam mask source vid. |
|
tcam mask tcp flag ack. Choices:
|
|
tcam mask tcp flag cwr. Choices:
|
|
tcam mask tcp flag ece. Choices:
|
|
tcam mask tcp flag fin. Choices:
|
|
tcam mask tcp flag push. Choices:
|
|
tcam mask tcp flag rst. Choices:
|
|
tcam mask tcp flag syn. Choices:
|
|
tcam mask tcp flag urg. Choices:
|
|
tcam mask target cfi. Choices:
|
|
tcam mask target priority. |
|
tcam mask target port update. Choices:
|
|
tcam mask target valid. Choices:
|
|
tcam mask ip tos. |
|
tcam mask target port. |
|
tcam mask ip ttl. |
|
tcam mask target vid. |
|
tcam mask vdom id. |
|
Mirror action of TCAM. |
|
tcam mirror action vlif. |
|
NPU TCAM policies name. |
|
NPU TCAM OID. |
|
Priority action of TCAM. |
|
tcam priority action priority. |
|
tcam priority action weight. |
|
Source action of TCAM. |
|
tcam sact act. |
|
Enable to set sact act. Choices:
|
|
tcam sact bmproc. |
|
Enable to set sact bmproc. Choices:
|
|
tcam sact df-lif. |
|
Enable to set sact df-lif. Choices:
|
|
tcam sact dfr. |
|
Enable to set sact dfr. Choices:
|
|
tcam sact dmac-skip. |
|
Enable to set sact dmac-skip. Choices:
|
|
tcam sact dosen. |
|
Enable to set sact dosen. Choices:
|
|
tcam sact espff-proc. |
|
Enable to set sact espff-proc. Choices:
|
|
tcam sact etype-pid. |
|
Enable to set sact etype-pid. Choices:
|
|
tcam sact frag-proc. |
|
Enable to set sact frag-proc. Choices:
|
|
tcam sact fwd. |
|
tcam sact fwd-lif. |
|
Enable to set sact fwd-lif. Choices:
|
|
tcam sact fwd-tvid. |
|
Enable to set sact fwd-vid. Choices:
|
|
Enable to set sact fwd. Choices:
|
|
tcam sact icpen. |
|
Enable to set sact icpen. Choices:
|
|
tcam sact igmp-mld-snp. |
|
Enable to set sact igmp-mld-snp. Choices:
|
|
tcam sact learn. |
|
Enable to set sact learn. Choices:
|
|
tcam sact m-srh-ctrl. |
|
Enable to set sact m-srh-ctrl. Choices:
|
|
tcam sact mac-id. |
|
Enable to set sact mac-id. Choices:
|
|
tcam sact mss. |
|
Enable to set sact mss. Choices:
|
|
tcam sact pleen. |
|
Enable to set sact pleen. Choices:
|
|
tcam sact prio-pid. |
|
Enable to set sact prio-pid. Choices:
|
|
tcam sact promis. |
|
Enable to set sact promis. Choices:
|
|
tcam sact rfsh. |
|
Enable to set sact rfsh. Choices:
|
|
tcam sact smac-skip. |
|
Enable to set sact smac-skip. Choices:
|
|
tcam sact tp mode. |
|
Enable to set sact tp mode. Choices:
|
|
tcam sact tpe-id. |
|
Enable to set sact tpe-id. Choices:
|
|
tcam sact vdm. |
|
Enable to set sact vdm. Choices:
|
|
tcam sact vdom-id. |
|
Enable to set sact vdom-id. Choices:
|
|
tcam sact x-mode. |
|
Enable to set sact x-mode. Choices:
|
|
Target action of TCAM. |
|
tcam tact act. |
|
Enable to set tact act. Choices:
|
|
tcam tact fmtuv4-s. |
|
Enable to set tact fmtuv4-s. Choices:
|
|
tcam tact fmtuv6-s. |
|
Enable to set tact fmtuv6-s. Choices:
|
|
tcam tact lnkid. |
|
Enable to set tact lnkid. Choices:
|
|
tcam tact mac-id. |
|
Enable to set tact mac-id. Choices:
|
|
tcam tact mss. |
|
Enable to set tact mss. Choices:
|
|
tcam tact mtuv4. |
|
Enable to set tact mtuv4. Choices:
|
|
tcam tact mtuv6. |
|
Enable to set tact mtuv6. Choices:
|
|
tcam tact slif-act. |
|
Enable to set tact slif-act. Choices:
|
|
tcam tact sublnkid. |
|
Enable to set tact sublnkid. Choices:
|
|
tcam tact tgtv-act. |
|
Enable to set tact tgtv-act. Choices:
|
|
tcam tact tlif-act. |
|
Enable to set tact tlif-act. Choices:
|
|
tcam tact tpeid. |
|
Enable to set tact tpeid. Choices:
|
|
tcam tact v6fe. |
|
Enable to set tact v6fe. Choices:
|
|
tcam tact vep_en. |
|
Enable to set tact vep-en. Choices:
|
|
tcam tact vep_slid. |
|
Enable to set tact vep-slid. Choices:
|
|
tcam tact xlt-lif. |
|
Enable to set tact xlt-lif. Choices:
|
|
tcam tact xlt-vid. |
|
Enable to set tact xlt-vid. Choices:
|
|
TCAM policy type. Choices:
|
|
NPU TCAM VID. |
|
Set per-session accounting. Choices:
|
|
Configure NPU interface to CPU core mapping. |
|
The CPU core to map to an interface. |
|
The interface to map to a CPU core. |
|
Configure port to NPU group mapping. |
|
Set NPU interface port for NPU group mapping. |
|
Mapping NPU group index. |
|
Configure port using NPU or Intel-NIC. |
|
Set ha/aux ports to handle traffic with NPU (otherwise traffic goes to Intel-NIC and then CPU). |
|
Available interfaces for NPU path. |
|
Configure NPU priority protocol. |
|
Enable/disable NPU BFD priority protocol. Choices:
|
|
Enable/disable NPU BGP priority protocol. Choices:
|
|
Enable/disable NPU SLBC priority protocol. Choices:
|
|
QoS mode on switch and NP. Choices:
|
|
QTM channel configuration for packet buffer. Choices:
|
|
Enable/disable RDP offload. Choices:
|
|
Session accounting update interval (1 - 10 sec). |
|
Enable/disable offloading of denied sessions. Requires ses-denied-traffic to be set. Choices:
|
|
Enable/disable NP7 traffic shaping statistics . Choices:
|
|
Enable/disable SSE backpressure. Choices:
|
|
Enable/disable stripping clear text padding. Choices:
|
|
Enable/disable stripping ESP padding. Choices:
|
|
Configure switch enhanced hashing. |
|
Set hashing computation. Choices:
|
|
Include/exclude destination IP address lower 16 bits. Choices:
|
|
Include/exclude destination IP address upper 16 bits. Choices:
|
|
Include/exclude destination port if TCP/UDP. Choices:
|
|
Include/exclude IP protocol. Choices:
|
|
Network mask length. |
|
Include/exclude source IP address lower 16 bits. Choices:
|
|
Include/exclude source IP address upper 16 bits. Choices:
|
|
Include/exclude source port if TCP/UDP. Choices:
|
|
Bandwidth from switch to NP. Choices:
|
|
Configure switch traditional hashing. |
|
Enable/disable DRACO15 hashing. Choices:
|
|
Include/exclude TCP/UDP source and destination port for unicast trunk traffic. Choices:
|
|
Enable/disable selection of which NP6 chip the tunnel uses . Choices:
|
|
Enable/disable UDP-encapsulated ESP offload . Choices:
|
|
Set ULL port”s speed to 10G/25G . Choices:
|
|
Enable/disable vlan lookup cache . Choices:
|
|
Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. Default: |
Notes
Note
Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks
Examples
- name: Configure NPU attributes.
fortinet.fortios.fortios_system_npu:
vdom: "{{ vdom }}"
system_npu:
capwap_offload: "enable"
dedicated_management_affinity: "<your_own_value>"
dedicated_management_cpu: "enable"
default_qos_type: "policing"
dos_options:
npu_dos_meter_mode: "global"
npu_dos_tpe_mode: "enable"
double_level_mcast_offload: "enable"
dsw_dts_profile:
-
action: "wait"
min_limit: "0"
profile_id: "<you_own_value>"
step: "0"
dsw_queue_dts_profile:
-
iport: "eif0"
name: "default_name_18"
oport: "eif0"
profile_id: "0"
queue_select: "0"
fastpath: "disable"
fp_anomaly:
icmp_csum_err: "drop"
icmp_frag: "allow"
icmp_land: "allow"
ipv4_csum_err: "drop"
ipv4_land: "allow"
ipv4_optlsrr: "allow"
ipv4_optrr: "allow"
ipv4_optsecurity: "allow"
ipv4_optssrr: "allow"
ipv4_optstream: "allow"
ipv4_opttimestamp: "allow"
ipv4_proto_err: "allow"
ipv4_unknopt: "allow"
ipv6_daddr_err: "allow"
ipv6_land: "allow"
ipv6_optendpid: "allow"
ipv6_opthomeaddr: "allow"
ipv6_optinvld: "allow"
ipv6_optjumbo: "allow"
ipv6_optnsap: "allow"
ipv6_optralert: "allow"
ipv6_opttunnel: "allow"
ipv6_proto_err: "allow"
ipv6_saddr_err: "allow"
ipv6_unknopt: "allow"
tcp_csum_err: "drop"
tcp_fin_noack: "allow"
tcp_fin_only: "allow"
tcp_land: "allow"
tcp_no_flag: "allow"
tcp_syn_data: "allow"
tcp_syn_fin: "allow"
tcp_winnuke: "allow"
udp_csum_err: "drop"
udp_land: "allow"
gtp_enhanced_cpu_range: "0"
gtp_enhanced_mode: "enable"
gtp_support: "enable"
hash_tbl_spread: "enable"
hpe:
all_protocol: "400000"
arp_max: "5000"
enable_shaper: "disable"
esp_max: "5000"
high_priority: "400000"
icmp_max: "5000"
ip_frag_max: "5000"
ip_others_max: "5000"
l2_others_max: "5000"
sctp_max: "5000"
tcp_max: "40000"
tcpfin_rst_max: "40000"
tcpsyn_ack_max: "40000"
tcpsyn_max: "40000"
udp_max: "40000"
htab_dedi_queue_nr: "4"
htab_msg_queue: "data"
htx_icmp_csum_chk: "drop"
inbound_dscp_copy_port:
-
interface: "<your_own_value>"
intf_shaping_offload: "enable"
ip_fragment_offload: "disable"
ip_reassembly:
max_timeout: "200000"
min_timeout: "64"
status: "disable"
ipsec_dec_subengine_mask: "<your_own_value>"
ipsec_enc_subengine_mask: "<your_own_value>"
ipsec_inbound_cache: "enable"
ipsec_mtu_override: "disable"
ipsec_ob_np_sel: "rr"
ipsec_over_vlink: "enable"
isf_np_queues:
cos0: "<your_own_value> (source system.isf-queue-profile.name)"
cos1: "<your_own_value> (source system.isf-queue-profile.name)"
cos2: "<your_own_value> (source system.isf-queue-profile.name)"
cos3: "<your_own_value> (source system.isf-queue-profile.name)"
cos4: "<your_own_value> (source system.isf-queue-profile.name)"
cos5: "<your_own_value> (source system.isf-queue-profile.name)"
cos6: "<your_own_value> (source system.isf-queue-profile.name)"
cos7: "<your_own_value> (source system.isf-queue-profile.name)"
lag_out_port_select: "disable"
max_receive_unit: "0"
max_session_timeout: "40"
mcast_session_accounting: "tpe-based"
napi_break_interval: "0"
np_queues:
ethernet_type:
-
name: "default_name_112"
queue: "0"
type: "<your_own_value>"
weight: "15"
ip_protocol:
-
name: "default_name_117"
protocol: "0"
queue: "0"
weight: "14"
ip_service:
-
dport: "0"
name: "default_name_123"
protocol: "0"
queue: "0"
sport: "0"
weight: "13"
profile:
-
cos0: "queue0"
cos1: "queue0"
cos2: "queue0"
cos3: "queue0"
cos4: "queue0"
cos5: "queue0"
cos6: "queue0"
cos7: "queue0"
dscp0: "queue0"
dscp1: "queue0"
dscp10: "queue0"
dscp11: "queue0"
dscp12: "queue0"
dscp13: "queue0"
dscp14: "queue0"
dscp15: "queue0"
dscp16: "queue0"
dscp17: "queue0"
dscp18: "queue0"
dscp19: "queue0"
dscp2: "queue0"
dscp20: "queue0"
dscp21: "queue0"
dscp22: "queue0"
dscp23: "queue0"
dscp24: "queue0"
dscp25: "queue0"
dscp26: "queue0"
dscp27: "queue0"
dscp28: "queue0"
dscp29: "queue0"
dscp3: "queue0"
dscp30: "queue0"
dscp31: "queue0"
dscp32: "queue0"
dscp33: "queue0"
dscp34: "queue0"
dscp35: "queue0"
dscp36: "queue0"
dscp37: "queue0"
dscp38: "queue0"
dscp39: "queue0"
dscp4: "queue0"
dscp40: "queue0"
dscp41: "queue0"
dscp42: "queue0"
dscp43: "queue0"
dscp44: "queue0"
dscp45: "queue0"
dscp46: "queue0"
dscp47: "queue0"
dscp48: "queue0"
dscp49: "queue0"
dscp5: "queue0"
dscp50: "queue0"
dscp51: "queue0"
dscp52: "queue0"
dscp53: "queue0"
dscp54: "queue0"
dscp55: "queue0"
dscp56: "queue0"
dscp57: "queue0"
dscp58: "queue0"
dscp59: "queue0"
dscp6: "queue0"
dscp60: "queue0"
dscp61: "queue0"
dscp62: "queue0"
dscp63: "queue0"
dscp7: "queue0"
dscp8: "queue0"
dscp9: "queue0"
id: "201"
type: "cos"
weight: "6"
scheduler:
-
mode: "none"
name: "default_name_206"
npu_group_effective_scope: "255"
npu_tcam:
-
data:
df: "enable"
dstip: "<your_own_value>"
dstipv6: "<your_own_value>"
dstmac: "<your_own_value>"
dstport: "0"
ethertype: "<your_own_value>"
ext_tag: "enable"
frag_off: "0"
gen_buf_cnt: "0"
gen_iv: "valid"
gen_l3_flags: "0"
gen_l4_flags: "0"
gen_pkt_ctrl: "0"
gen_pri: "0"
gen_pri_v: "valid"
gen_tv: "valid"
ihl: "0"
ip4_id: "0"
ip6_fl: "0"
ipver: "0"
l4_wd10: "0"
l4_wd11: "0"
l4_wd8: "0"
l4_wd9: "0"
mf: "enable"
protocol: "0"
slink: "0"
smac_change: "enable"
sp: "0"
src_cfi: "enable"
src_prio: "0"
src_updt: "enable"
srcip: "<your_own_value>"
srcipv6: "<your_own_value>"
srcmac: "<your_own_value>"
srcport: "0"
svid: "0"
tcp_ack: "enable"
tcp_cwr: "enable"
tcp_ece: "enable"
tcp_fin: "enable"
tcp_push: "enable"
tcp_rst: "enable"
tcp_syn: "enable"
tcp_urg: "enable"
tgt_cfi: "enable"
tgt_prio: "0"
tgt_updt: "enable"
tgt_v: "valid"
tos: "0"
tp: "0"
ttl: "0"
tvid: "0"
vdid: "0"
mask:
df: "enable"
dstip: "<your_own_value>"
dstipv6: "<your_own_value>"
dstmac: "<your_own_value>"
dstport: "0"
ethertype: "<your_own_value>"
ext_tag: "enable"
frag_off: "0"
gen_buf_cnt: "0"
gen_iv: "valid"
gen_l3_flags: "0"
gen_l4_flags: "0"
gen_pkt_ctrl: "0"
gen_pri: "0"
gen_pri_v: "valid"
gen_tv: "valid"
ihl: "0"
ip4_id: "0"
ip6_fl: "0"
ipver: "0"
l4_wd10: "0"
l4_wd11: "0"
l4_wd8: "0"
l4_wd9: "0"
mf: "enable"
protocol: "0"
slink: "0"
smac_change: "enable"
sp: "0"
src_cfi: "enable"
src_prio: "0"
src_updt: "enable"
srcip: "<your_own_value>"
srcipv6: "<your_own_value>"
srcmac: "<your_own_value>"
srcport: "0"
svid: "0"
tcp_ack: "enable"
tcp_cwr: "enable"
tcp_ece: "enable"
tcp_fin: "enable"
tcp_push: "enable"
tcp_rst: "enable"
tcp_syn: "enable"
tcp_urg: "enable"
tgt_cfi: "enable"
tgt_prio: "0"
tgt_updt: "enable"
tgt_v: "valid"
tos: "0"
tp: "0"
ttl: "0"
tvid: "0"
vdid: "0"
mir_act:
vlif: "0"
name: "default_name_321"
oid: "0"
pri_act:
priority: "0"
weight: "0"
sact:
act: "0"
act_v: "enable"
bmproc: "0"
bmproc_v: "enable"
df_lif: "0"
df_lif_v: "enable"
dfr: "0"
dfr_v: "enable"
dmac_skip: "0"
dmac_skip_v: "enable"
dosen: "0"
dosen_v: "enable"
espff_proc: "0"
espff_proc_v: "enable"
etype_pid: "0"
etype_pid_v: "enable"
frag_proc: "0"
frag_proc_v: "enable"
fwd: "0"
fwd_lif: "0"
fwd_lif_v: "enable"
fwd_tvid: "0"
fwd_tvid_v: "enable"
fwd_v: "enable"
icpen: "0"
icpen_v: "enable"
igmp_mld_snp: "0"
igmp_mld_snp_v: "enable"
learn: "0"
learn_v: "enable"
m_srh_ctrl: "0"
m_srh_ctrl_v: "enable"
mac_id: "0"
mac_id_v: "enable"
mss: "0"
mss_v: "enable"
pleen: "0"
pleen_v: "enable"
prio_pid: "0"
prio_pid_v: "enable"
promis: "0"
promis_v: "enable"
rfsh: "0"
rfsh_v: "enable"
smac_skip: "0"
smac_skip_v: "enable"
tp_smchk: "0"
tp_smchk_v: "enable"
tpe_id: "0"
tpe_id_v: "enable"
vdm: "0"
vdm_v: "enable"
vdom_id: "0"
vdom_id_v: "enable"
x_mode: "0"
x_mode_v: "enable"
tact:
act: "0"
act_v: "enable"
fmtuv4_s: "0"
fmtuv4_s_v: "enable"
fmtuv6_s: "0"
fmtuv6_s_v: "enable"
lnkid: "0"
lnkid_v: "enable"
mac_id: "0"
mac_id_v: "enable"
mss_t: "0"
mss_t_v: "enable"
mtuv4: "0"
mtuv4_v: "enable"
mtuv6: "0"
mtuv6_v: "enable"
slif_act: "0"
slif_act_v: "enable"
sublnkid: "0"
sublnkid_v: "enable"
tgtv_act: "0"
tgtv_act_v: "enable"
tlif_act: "0"
tlif_act_v: "enable"
tpeid: "0"
tpeid_v: "enable"
v6fe: "0"
v6fe_v: "enable"
vep_en: "0"
vep_en_v: "enable"
vep_slid: "0"
vep_slid_v: "enable"
xlt_lif: "0"
xlt_lif_v: "enable"
xlt_vid: "0"
xlt_vid_v: "enable"
type: "L2_src_tc"
vid: "0"
per_session_accounting: "traffic-log-only"
port_cpu_map:
-
cpu_core: "<your_own_value>"
interface: "<your_own_value>"
port_npu_map:
-
interface: "<your_own_value>"
npu_group_index: "0"
port_path_option:
ports_using_npu:
-
interface_name: "<your_own_value>"
priority_protocol:
bfd: "enable"
bgp: "enable"
slbc: "enable"
qos_mode: "disable"
qtm_buf_mode: "6ch"
rdp_offload: "enable"
session_acct_interval: "5"
session_denied_offload: "disable"
shaping_stats: "disable"
sse_backpressure: "enable"
strip_clear_text_padding: "enable"
strip_esp_padding: "enable"
sw_eh_hash:
computation: "xor16"
destination_ip_lower_16: "include"
destination_ip_upper_16: "include"
destination_port: "include"
ip_protocol: "include"
netmask_length: "32"
source_ip_lower_16: "include"
source_ip_upper_16: "include"
source_port: "include"
sw_np_bandwidth: "0G"
sw_tr_hash:
draco15: "enable"
tcp_udp_port: "include"
tunnel_over_vlink: "enable"
uesp_offload: "enable"
ull_port_mode: "10G"
vlan_lookup_cache: "enable"
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
Build number of the fortigate image Returned: always Sample: |
|
Last method used to provision the content into FortiGate Returned: always Sample: |
|
Last result given by FortiGate on last operation applied Returned: always Sample: |
|
Master key (id) used in the last call to FortiGate Returned: success Sample: |
|
Name of the table used to fulfill the request Returned: always Sample: |
|
Path of the table used to fulfill the request Returned: always Sample: |
|
Internal revision number Returned: always Sample: |
|
Serial number of the unit Returned: always Sample: |
|
Indication of the operation’s result Returned: always Sample: |
|
Virtual domain used Returned: always Sample: |
|
Version of the FortiGate Returned: always Sample: |