fortinet.fortios.fortios_system_npu module – Configure NPU attributes in Fortinet’s FortiOS and FortiGate.

Note

This module is part of the fortinet.fortios collection (version 2.3.8).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install fortinet.fortios. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: fortinet.fortios.fortios_system_npu.

New in fortinet.fortios 2.0.0

Synopsis

  • This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and npu category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0

Requirements

The below requirements are needed on the host that executes this module.

  • ansible>=2.15

Parameters

Parameter

Comments

access_token

string

Token-based authentication. Generated from GUI of Fortigate.

enable_log

boolean

Enable/Disable logging for task.

Choices:

  • false ← (default)

  • true

member_path

string

Member attribute path to operate on.

Delimited by a slash character if there are more than one attribute.

Parameter marked with member_path is legitimate for doing member operation.

member_state

string

Add or delete a member under specified attribute path.

When member_state is specified, the state option is ignored.

Choices:

  • "present"

  • "absent"

system_npu

dictionary

Configure NPU attributes.

capwap_offload

string

Enable/disable offloading managed FortiAP and FortiLink CAPWAP sessions.

Choices:

  • "enable"

  • "disable"

dedicated_management_affinity

string

Affinity setting for management daemons (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).

dedicated_management_cpu

string

Enable to dedicate one CPU for GUI and CLI connections when NPs are busy.

Choices:

  • "enable"

  • "disable"

default_qos_type

string

Set default QoS type.

Choices:

  • "policing"

  • "shaping"

  • "policing-enhanced"

dos_options

dictionary

NPU DoS configurations.

npu_dos_meter_mode

string

Set DoS meter NPU offloading mode.

Choices:

  • "global"

  • "local"

npu_dos_tpe_mode

string

Enable/disable insertion of DoS meter ID to session table.

Choices:

  • "enable"

  • "disable"

double_level_mcast_offload

string

Enable double level mcast offload.

Choices:

  • "enable"

  • "disable"

dsw_dts_profile

list / elements=dictionary

Configure NPU DSW DTS profile.

action

string

Set NPU DSW DTS profile action.

Choices:

  • "wait"

  • "drop"

  • "drop_tmr_0"

  • "drop_tmr_1"

  • "enque"

  • "enque_0"

  • "enque_1"

min_limit

integer

Set NPU DSW DTS profile min-limt.

profile_id

integer / required

Set NPU DSW DTS profile profile id. see <a href=’#notes’>Notes</a>.

step

integer

Set NPU DSW DTS profile step.

dsw_queue_dts_profile

list / elements=dictionary

Configure NPU DSW Queue DTS profile.

iport

string

Set NPU DSW DTS in port.

Choices:

  • "eif0"

  • "eif1"

  • "eif2"

  • "eif3"

  • "eif4"

  • "eif5"

  • "eif6"

  • "eif7"

  • "htx0"

  • "htx1"

  • "sse0"

  • "sse1"

  • "sse2"

  • "sse3"

  • "rlt"

  • "dfr"

  • "ipseci"

  • "ipseco"

  • "ipti"

  • "ipto"

  • "vep0"

  • "vep2"

  • "vep4"

  • "vep6"

  • "ivs"

  • "l2ti1"

  • "l2to"

  • "l2ti0"

  • "ple"

  • "spath"

  • "qtm"

name

string / required

Name.

oport

string

Set NPU DSW DTS out port.

Choices:

  • "eif0"

  • "eif1"

  • "eif2"

  • "eif3"

  • "eif4"

  • "eif5"

  • "eif6"

  • "eif7"

  • "hrx"

  • "sse0"

  • "sse1"

  • "sse2"

  • "sse3"

  • "rlt"

  • "dfr"

  • "ipseci"

  • "ipseco"

  • "ipti"

  • "ipto"

  • "vep0"

  • "vep2"

  • "vep4"

  • "vep6"

  • "ivs"

  • "l2ti1"

  • "l2to"

  • "l2ti0"

  • "ple"

  • "sync"

  • "nss"

  • "tsk"

  • "qtm"

profile_id

integer

Set NPU DSW DTS profile ID.

queue_select

integer

Set NPU DSW DTS queue ID select (0 - reset to default).

fastpath

string

Enable/disable NP6 offloading (also called fast path).

Choices:

  • "disable"

  • "enable"

fp_anomaly

dictionary

IPv4/IPv6 anomaly protection.

icmp_csum_err

string

Invalid IPv4 ICMP checksum anomalies.

Choices:

  • "drop"

  • "trap-to-host"

icmp_frag

string

Layer 3 fragmented packets that could be part of layer 4 ICMP anomalies.

Choices:

  • "allow"

  • "drop"

  • "trap-to-host"

icmp_land

string

ICMP land anomalies.

Choices:

  • "allow"

  • "drop"

  • "trap-to-host"

ipv4_csum_err

string

Invalid IPv4 IP checksum anomalies.

Choices:

  • "drop"

  • "trap-to-host"

ipv4_land

string

Land anomalies.

Choices:

  • "allow"

  • "drop"

  • "trap-to-host"

ipv4_optlsrr

string

Loose source record route option anomalies.

Choices:

  • "allow"

  • "drop"

  • "trap-to-host"

ipv4_optrr

string

Record route option anomalies.

Choices:

  • "allow"

  • "drop"

  • "trap-to-host"

ipv4_optsecurity

string

Security option anomalies.

Choices:

  • "allow"

  • "drop"

  • "trap-to-host"

ipv4_optssrr

string

Strict source record route option anomalies.

Choices:

  • "allow"

  • "drop"

  • "trap-to-host"

ipv4_optstream

string

Stream option anomalies.

Choices:

  • "allow"

  • "drop"

  • "trap-to-host"

ipv4_opttimestamp

string

Timestamp option anomalies.

Choices:

  • "allow"

  • "drop"

  • "trap-to-host"

ipv4_proto_err

string

Invalid layer 4 protocol anomalies.

Choices:

  • "allow"

  • "drop"

  • "trap-to-host"

ipv4_unknopt

string

Unknown option anomalies.

Choices:

  • "allow"

  • "drop"

  • "trap-to-host"

ipv6_daddr_err

string

Destination address as unspecified or loopback address anomalies.

Choices:

  • "allow"

  • "drop"

  • "trap-to-host"

ipv6_land

string

Land anomalies.

Choices:

  • "allow"

  • "drop"

  • "trap-to-host"

ipv6_optendpid

string

End point identification anomalies.

Choices:

  • "allow"

  • "drop"

  • "trap-to-host"

ipv6_opthomeaddr

string

Home address option anomalies.

Choices:

  • "allow"

  • "drop"

  • "trap-to-host"

ipv6_optinvld

string

Invalid option anomalies.Invalid option anomalies.

Choices:

  • "allow"

  • "drop"

  • "trap-to-host"

ipv6_optjumbo

string

Jumbo options anomalies.

Choices:

  • "allow"

  • "drop"

  • "trap-to-host"

ipv6_optnsap

string

Network service access point address option anomalies.

Choices:

  • "allow"

  • "drop"

  • "trap-to-host"

ipv6_optralert

string

Router alert option anomalies.

Choices:

  • "allow"

  • "drop"

  • "trap-to-host"

ipv6_opttunnel

string

Tunnel encapsulation limit option anomalies.

Choices:

  • "allow"

  • "drop"

  • "trap-to-host"

ipv6_proto_err

string

Layer 4 invalid protocol anomalies.

Choices:

  • "allow"

  • "drop"

  • "trap-to-host"

ipv6_saddr_err

string

Source address as multicast anomalies.

Choices:

  • "allow"

  • "drop"

  • "trap-to-host"

ipv6_unknopt

string

Unknown option anomalies.

Choices:

  • "allow"

  • "drop"

  • "trap-to-host"

tcp_csum_err

string

Invalid IPv4 TCP checksum anomalies.

Choices:

  • "drop"

  • "trap-to-host"

tcp_fin_noack

string

TCP SYN flood with FIN flag set without ACK setting anomalies.

Choices:

  • "allow"

  • "drop"

  • "trap-to-host"

tcp_fin_only

string

TCP SYN flood with only FIN flag set anomalies.

Choices:

  • "allow"

  • "drop"

  • "trap-to-host"

tcp_land

string

TCP land anomalies.

Choices:

  • "allow"

  • "drop"

  • "trap-to-host"

tcp_no_flag

string

TCP SYN flood with no flag set anomalies.

Choices:

  • "allow"

  • "drop"

  • "trap-to-host"

tcp_syn_data

string

TCP SYN flood packets with data anomalies.

Choices:

  • "allow"

  • "drop"

  • "trap-to-host"

tcp_syn_fin

string

TCP SYN flood SYN/FIN flag set anomalies.

Choices:

  • "allow"

  • "drop"

  • "trap-to-host"

tcp_winnuke

string

TCP WinNuke anomalies.

Choices:

  • "allow"

  • "drop"

  • "trap-to-host"

udp_csum_err

string

Invalid IPv4 UDP checksum anomalies.

Choices:

  • "drop"

  • "trap-to-host"

udp_land

string

UDP land anomalies.

Choices:

  • "allow"

  • "drop"

  • "trap-to-host"

gtp_enhanced_cpu_range

string

GTP enhanced CPU range option.

Choices:

  • "0"

  • "1"

  • "2"

gtp_enhanced_mode

string

Enable/disable GTP enhanced mode.

Choices:

  • "enable"

  • "disable"

gtp_support

string

Enable/Disable NP7 GTP support

Choices:

  • "enable"

  • "disable"

hash_tbl_spread

string

Enable/disable hash table entry spread .

Choices:

  • "enable"

  • "disable"

hpe

dictionary

Host protection engine configuration.

all_protocol

integer

Maximum packet rate of each host queue except high priority traffic(1K - 32M pps), set 0 to disable.

arp_max

integer

Maximum ARP packet rate (1K - 32M pps). Entry is valid when ARP is removed from high-priority traffic.

enable_shaper

string

Enable/Disable NPU Host Protection Engine (HPE) for packet type shaper.

Choices:

  • "disable"

  • "enable"

esp_max

integer

Maximum ESP packet rate (1K - 32M pps).

high_priority

integer

Maximum packet rate for high priority traffic packets (1K - 32M pps).

icmp_max

integer

Maximum ICMP packet rate (1K - 32M pps).

ip_frag_max

integer

Maximum fragmented IP packet rate (1K - 32M pps).

ip_others_max

integer

Maximum IP packet rate for other packets (packet types that cannot be set with other options) (1K - 32G pps).

l2_others_max

integer

Maximum L2 packet rate for L2 packets that are not ARP packets (1K - 32M pps).

sctp_max

integer

Maximum SCTP packet rate (1K - 32M pps).

tcp_max

integer

Maximum TCP packet rate (1K - 32M pps).

tcpfin_rst_max

integer

Maximum TCP carries FIN or RST flags packet rate (1K - 32M pps).

tcpsyn_ack_max

integer

Maximum TCP carries SYN and ACK flags packet rate (1K - 32M pps).

tcpsyn_max

integer

Maximum TCP SYN packet rate (1K - 40M pps).

udp_max

integer

Maximum UDP packet rate (1K - 32M pps).

htab_dedi_queue_nr

integer

Set the number of dedicate queue for hash table messages.

htab_msg_queue

string

Set hash table message queue mode.

Choices:

  • "data"

  • "idle"

  • "dedicated"

htx_icmp_csum_chk

string

Set HTX icmp csum checking mode.

Choices:

  • "drop"

  • "pass"

inbound_dscp_copy_port

list / elements=dictionary

Physical interfaces that support inbound-dscp-copy.

interface

string / required

Physical interface name.

intf_shaping_offload

string

Enable/disable NPU offload when doing interface-based traffic shaping according to the egress-shaping-profile.

Choices:

  • "enable"

  • "disable"

ip_fragment_offload

string

Enable/disable NP7 NPU IP fragment offload.

Choices:

  • "disable"

  • "enable"

ip_reassembly

dictionary

IP reassebmly engine configuration.

max_timeout

integer

Maximum timeout value for IP reassembly (5 us - 600,000,000 us).

min_timeout

integer

Minimum timeout value for IP reassembly (5 us - 600,000,000 us).

status

string

Set IP reassembly processing status.

Choices:

  • "disable"

  • "enable"

ipsec_dec_subengine_mask

string

IPsec decryption subengine mask (0x1 - 0xff).

ipsec_enc_subengine_mask

string

IPsec encryption subengine mask (0x1 - 0xff).

ipsec_inbound_cache

string

Enable/disable IPsec inbound cache for anti-replay.

Choices:

  • "enable"

  • "disable"

ipsec_mtu_override

string

Enable/disable NP6 IPsec MTU override.

Choices:

  • "disable"

  • "enable"

ipsec_ob_np_sel

string

IPsec NP selection for OB SA offloading.

Choices:

  • "rr"

  • "Packet"

  • "Hash"

string

Enable/disable IPsec over vlink.

Choices:

  • "enable"

  • "disable"

isf_np_queues

dictionary

Configure queues of switch port connected to NP6 XAUI on ingress path.

cos0

string

CoS profile name for CoS 0. Source system.isf-queue-profile.name.

cos1

string

CoS profile name for CoS 1. Source system.isf-queue-profile.name.

cos2

string

CoS profile name for CoS 2. Source system.isf-queue-profile.name.

cos3

string

CoS profile name for CoS 3. Source system.isf-queue-profile.name.

cos4

string

CoS profile name for CoS 4. Source system.isf-queue-profile.name.

cos5

string

CoS profile name for CoS 5. Source system.isf-queue-profile.name.

cos6

string

CoS profile name for CoS 6. Source system.isf-queue-profile.name.

cos7

string

CoS profile name for CoS 7. Source system.isf-queue-profile.name.

lag_out_port_select

string

Enable/disable LAG outgoing port selection based on incoming traffic port.

Choices:

  • "disable"

  • "enable"

max_receive_unit

integer

Set the maximum packet size for receive, larger packets will be silently dropped.

max_session_timeout

integer

Maximum time interval for refreshing NPU-offloaded sessions (10 - 1000 sec).

mcast_session_accounting

string

Enable/disable traffic accounting for each multicast session through TAE counter.

Choices:

  • "tpe-based"

  • "session-based"

  • "disable"

napi_break_interval

integer

NAPI break interval .

np_queues

dictionary

Configure queue assignment on NP7.

ethernet_type

list / elements=dictionary

Configure a NP7 QoS Ethernet Type.

name

string / required

Ethernet Type Name.

queue

integer

Queue Number.

type

string

Ethernet Type.

weight

integer

Class Weight.

ip_protocol

list / elements=dictionary

Configure a NP7 QoS IP Protocol.

name

string / required

IP Protocol Name.

protocol

integer

IP Protocol.

queue

integer

Queue Number.

weight

integer

Class Weight.

ip_service

list / elements=dictionary

Configure a NP7 QoS IP Service.

dport

integer

Destination port.

name

string / required

IP service name.

protocol

integer

IP protocol.

queue

integer

Queue number.

sport

integer

Source port.

weight

integer

Class weight.

profile

list / elements=dictionary

Configure a NP7 class profile.

cos0

string

Queue number of CoS 0.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

cos1

string

Queue number of CoS 1.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

cos2

string

Queue number of CoS 2.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

cos3

string

Queue number of CoS 3.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

cos4

string

Queue number of CoS 4.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

cos5

string

Queue number of CoS 5.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

cos6

string

Queue number of CoS 6.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

cos7

string

Queue number of CoS 7.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp0

string

Queue number of DSCP 0.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp1

string

Queue number of DSCP 1.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp10

string

Queue number of DSCP 10.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp11

string

Queue number of DSCP 11.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp12

string

Queue number of DSCP 12.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp13

string

Queue number of DSCP 13.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp14

string

Queue number of DSCP 14.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp15

string

Queue number of DSCP 15.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp16

string

Queue number of DSCP 16.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp17

string

Queue number of DSCP 17.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp18

string

Queue number of DSCP 18.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp19

string

Queue number of DSCP 19.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp2

string

Queue number of DSCP 2.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp20

string

Queue number of DSCP 20.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp21

string

Queue number of DSCP 21.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp22

string

Queue number of DSCP 22.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp23

string

Queue number of DSCP 23.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp24

string

Queue number of DSCP 24.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp25

string

Queue number of DSCP 25.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp26

string

Queue number of DSCP 26.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp27

string

Queue number of DSCP 27.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp28

string

Queue number of DSCP 28.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp29

string

Queue number of DSCP 29.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp3

string

Queue number of DSCP 3.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp30

string

Queue number of DSCP 30.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp31

string

Queue number of DSCP 31.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp32

string

Queue number of DSCP 32.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp33

string

Queue number of DSCP 33.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp34

string

Queue number of DSCP 34.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp35

string

Queue number of DSCP 35.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp36

string

Queue number of DSCP 36.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp37

string

Queue number of DSCP 37.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp38

string

Queue number of DSCP 38.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp39

string

Queue number of DSCP 39.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp4

string

Queue number of DSCP 4.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp40

string

Queue number of DSCP 40.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp41

string

Queue number of DSCP 41.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp42

string

Queue number of DSCP 42.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp43

string

Queue number of DSCP 43.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp44

string

Queue number of DSCP 44.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp45

string

Queue number of DSCP 45.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp46

string

Queue number of DSCP 46.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp47

string

Queue number of DSCP 47.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp48

string

Queue number of DSCP 48.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp49

string

Queue number of DSCP 49.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp5

string

Queue number of DSCP 5.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp50

string

Queue number of DSCP 50.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp51

string

Queue number of DSCP 51.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp52

string

Queue number of DSCP 52.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp53

string

Queue number of DSCP 53.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp54

string

Queue number of DSCP 54.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp55

string

Queue number of DSCP 55.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp56

string

Queue number of DSCP 56.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp57

string

Queue number of DSCP 57.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp58

string

Queue number of DSCP 58.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp59

string

Queue number of DSCP 59.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp6

string

Queue number of DSCP 6.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp60

string

Queue number of DSCP 60.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp61

string

Queue number of DSCP 61.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp62

string

Queue number of DSCP 62.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp63

string

Queue number of DSCP 63.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp7

string

Queue number of DSCP 7.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp8

string

Queue number of DSCP 8.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

dscp9

string

Queue number of DSCP 9.

Choices:

  • "queue0"

  • "queue1"

  • "queue2"

  • "queue3"

  • "queue4"

  • "queue5"

  • "queue6"

  • "queue7"

id

integer / required

Profile ID. see <a href=’#notes’>Notes</a>.

type

string

Profile type.

Choices:

  • "cos"

  • "dscp"

weight

integer

Class weight.

scheduler

list / elements=dictionary

Configure a NP7 QoS Scheduler.

mode

string

Scheduler mode.

Choices:

  • "none"

  • "priority"

  • "round-robin"

name

string / required

Scheduler name.

npu_group_effective_scope

integer

npu-group-effective-scope defines under which npu-group cmds such as list/purge will be excecuted. Default scope is for all four HS-ok groups. (0-3).

npu_tcam

list / elements=dictionary

Configure NPU TCAM policies.

data

dictionary

Data fields of TCAM.

df

string

tcam data ip flag df.

Choices:

  • "enable"

  • "disable"

dstip

string

tcam data dst ipv4 address.

dstipv6

string

tcam data dst ipv6 address.

dstmac

string

tcam data dst macaddr.

dstport

integer

tcam data L4 dst port.

ethertype

string

tcam data ethertype.

ext_tag

string

tcam data extension tag.

Choices:

  • "enable"

  • "disable"

frag_off

integer

tcam data ip flag fragment offset.

gen_buf_cnt

integer

tcam data gen info buffer count.

gen_iv

string

tcam data gen info iv.

Choices:

  • "valid"

  • "invalid"

gen_l3_flags

integer

tcam data gen info L3 flags.

gen_l4_flags

integer

tcam data gen info L4 flags.

gen_pkt_ctrl

integer

tcam data gen info packet control.

gen_pri

integer

tcam data gen info priority.

gen_pri_v

string

tcam data gen info priority valid.

Choices:

  • "valid"

  • "invalid"

gen_tv

string

tcam data gen info tv.

Choices:

  • "valid"

  • "invalid"

ihl

integer

tcam data ipv4 IHL.

ip4_id

integer

tcam data ipv4 id.

ip6_fl

integer

tcam data ipv6 flow label.

ipver

integer

tcam data ip header version.

l4_wd10

integer

tcam data L4 word10.

l4_wd11

integer

tcam data L4 word11.

l4_wd8

integer

tcam data L4 word8.

l4_wd9

integer

tcam data L4 word9.

mf

string

tcam data ip flag mf.

Choices:

  • "enable"

  • "disable"

protocol

integer

tcam data ip protocol.

integer

tcam data sublink.

smac_change

string

tcam data source MAC change.

Choices:

  • "enable"

  • "disable"

sp

integer

tcam data source port.

src_cfi

string

tcam data source cfi.

Choices:

  • "enable"

  • "disable"

src_prio

integer

tcam data source priority.

src_updt

string

tcam data source update.

Choices:

  • "enable"

  • "disable"

srcip

string

tcam data src ipv4 address.

srcipv6

string

tcam data src ipv6 address.

srcmac

string

tcam data src macaddr.

srcport

integer

tcam data L4 src port.

svid

integer

tcam data source vid.

tcp_ack

string

tcam data tcp flag ack.

Choices:

  • "enable"

  • "disable"

tcp_cwr

string

tcam data tcp flag cwr.

Choices:

  • "enable"

  • "disable"

tcp_ece

string

tcam data tcp flag ece.

Choices:

  • "enable"

  • "disable"

tcp_fin

string

tcam data tcp flag fin.

Choices:

  • "enable"

  • "disable"

tcp_push

string

tcam data tcp flag push.

Choices:

  • "enable"

  • "disable"

tcp_rst

string

tcam data tcp flag rst.

Choices:

  • "enable"

  • "disable"

tcp_syn

string

tcam data tcp flag syn.

Choices:

  • "enable"

  • "disable"

tcp_urg

string

tcam data tcp flag urg.

Choices:

  • "enable"

  • "disable"

tgt_cfi

string

tcam data target cfi.

Choices:

  • "enable"

  • "disable"

tgt_prio

integer

tcam data target priority.

tgt_updt

string

tcam data target port update.

Choices:

  • "enable"

  • "disable"

tgt_v

string

tcam data target valid.

Choices:

  • "valid"

  • "invalid"

tos

integer

tcam data ip tos.

tp

integer

tcam data target port.

ttl

integer

tcam data ip ttl.

tvid

integer

tcam data target vid.

vdid

integer

tcam data vdom id.

mask

dictionary

Mask fields of TCAM.

df

string

tcam mask ip flag df.

Choices:

  • "enable"

  • "disable"

dstip

string

tcam mask dst ipv4 address.

dstipv6

string

tcam mask dst ipv6 address.

dstmac

string

tcam mask dst macaddr.

dstport

integer

tcam mask L4 dst port.

ethertype

string

tcam mask ethertype.

ext_tag

string

tcam mask extension tag.

Choices:

  • "enable"

  • "disable"

frag_off

integer

tcam data ip flag fragment offset.

gen_buf_cnt

integer

tcam mask gen info buffer count.

gen_iv

string

tcam mask gen info iv.

Choices:

  • "valid"

  • "invalid"

gen_l3_flags

integer

tcam mask gen info L3 flags.

gen_l4_flags

integer

tcam mask gen info L4 flags.

gen_pkt_ctrl

integer

tcam mask gen info packet control.

gen_pri

integer

tcam mask gen info priority.

gen_pri_v

string

tcam mask gen info priority valid.

Choices:

  • "valid"

  • "invalid"

gen_tv

string

tcam mask gen info tv.

Choices:

  • "valid"

  • "invalid"

ihl

integer

tcam mask ipv4 IHL.

ip4_id

integer

tcam mask ipv4 id.

ip6_fl

integer

tcam mask ipv6 flow label.

ipver

integer

tcam mask ip header version.

l4_wd10

integer

tcam mask L4 word10.

l4_wd11

integer

tcam mask L4 word11.

l4_wd8

integer

tcam mask L4 word8.

l4_wd9

integer

tcam mask L4 word9.

mf

string

tcam mask ip flag mf.

Choices:

  • "enable"

  • "disable"

protocol

integer

tcam mask ip protocol.

integer

tcam mask sublink.

smac_change

string

tcam mask source MAC change.

Choices:

  • "enable"

  • "disable"

sp

integer

tcam mask source port.

src_cfi

string

tcam mask source cfi.

Choices:

  • "enable"

  • "disable"

src_prio

integer

tcam mask source priority.

src_updt

string

tcam mask source update.

Choices:

  • "enable"

  • "disable"

srcip

string

tcam mask src ipv4 address.

srcipv6

string

tcam mask src ipv6 address.

srcmac

string

tcam mask src macaddr.

srcport

integer

tcam mask L4 src port.

svid

integer

tcam mask source vid.

tcp_ack

string

tcam mask tcp flag ack.

Choices:

  • "enable"

  • "disable"

tcp_cwr

string

tcam mask tcp flag cwr.

Choices:

  • "enable"

  • "disable"

tcp_ece

string

tcam mask tcp flag ece.

Choices:

  • "enable"

  • "disable"

tcp_fin

string

tcam mask tcp flag fin.

Choices:

  • "enable"

  • "disable"

tcp_push

string

tcam mask tcp flag push.

Choices:

  • "enable"

  • "disable"

tcp_rst

string

tcam mask tcp flag rst.

Choices:

  • "enable"

  • "disable"

tcp_syn

string

tcam mask tcp flag syn.

Choices:

  • "enable"

  • "disable"

tcp_urg

string

tcam mask tcp flag urg.

Choices:

  • "enable"

  • "disable"

tgt_cfi

string

tcam mask target cfi.

Choices:

  • "enable"

  • "disable"

tgt_prio

integer

tcam mask target priority.

tgt_updt

string

tcam mask target port update.

Choices:

  • "enable"

  • "disable"

tgt_v

string

tcam mask target valid.

Choices:

  • "valid"

  • "invalid"

tos

integer

tcam mask ip tos.

tp

integer

tcam mask target port.

ttl

integer

tcam mask ip ttl.

tvid

integer

tcam mask target vid.

vdid

integer

tcam mask vdom id.

mir_act

dictionary

Mirror action of TCAM.

vlif

integer

tcam mirror action vlif.

name

string / required

NPU TCAM policies name.

oid

integer

NPU TCAM OID.

pri_act

dictionary

Priority action of TCAM.

priority

integer

tcam priority action priority.

weight

integer

tcam priority action weight.

sact

dictionary

Source action of TCAM.

act

integer

tcam sact act.

act_v

string

Enable to set sact act.

Choices:

  • "enable"

  • "disable"

bmproc

integer

tcam sact bmproc.

bmproc_v

string

Enable to set sact bmproc.

Choices:

  • "enable"

  • "disable"

df_lif

integer

tcam sact df-lif.

df_lif_v

string

Enable to set sact df-lif.

Choices:

  • "enable"

  • "disable"

dfr

integer

tcam sact dfr.

dfr_v

string

Enable to set sact dfr.

Choices:

  • "enable"

  • "disable"

dmac_skip

integer

tcam sact dmac-skip.

dmac_skip_v

string

Enable to set sact dmac-skip.

Choices:

  • "enable"

  • "disable"

dosen

integer

tcam sact dosen.

dosen_v

string

Enable to set sact dosen.

Choices:

  • "enable"

  • "disable"

espff_proc

integer

tcam sact espff-proc.

espff_proc_v

string

Enable to set sact espff-proc.

Choices:

  • "enable"

  • "disable"

etype_pid

integer

tcam sact etype-pid.

etype_pid_v

string

Enable to set sact etype-pid.

Choices:

  • "enable"

  • "disable"

frag_proc

integer

tcam sact frag-proc.

frag_proc_v

string

Enable to set sact frag-proc.

Choices:

  • "enable"

  • "disable"

fwd

integer

tcam sact fwd.

fwd_lif

integer

tcam sact fwd-lif.

fwd_lif_v

string

Enable to set sact fwd-lif.

Choices:

  • "enable"

  • "disable"

fwd_tvid

integer

tcam sact fwd-tvid.

fwd_tvid_v

string

Enable to set sact fwd-vid.

Choices:

  • "enable"

  • "disable"

fwd_v

string

Enable to set sact fwd.

Choices:

  • "enable"

  • "disable"

icpen

integer

tcam sact icpen.

icpen_v

string

Enable to set sact icpen.

Choices:

  • "enable"

  • "disable"

igmp_mld_snp

integer

tcam sact igmp-mld-snp.

igmp_mld_snp_v

string

Enable to set sact igmp-mld-snp.

Choices:

  • "enable"

  • "disable"

learn

integer

tcam sact learn.

learn_v

string

Enable to set sact learn.

Choices:

  • "enable"

  • "disable"

m_srh_ctrl

integer

tcam sact m-srh-ctrl.

m_srh_ctrl_v

string

Enable to set sact m-srh-ctrl.

Choices:

  • "enable"

  • "disable"

mac_id

integer

tcam sact mac-id.

mac_id_v

string

Enable to set sact mac-id.

Choices:

  • "enable"

  • "disable"

mss

integer

tcam sact mss.

mss_v

string

Enable to set sact mss.

Choices:

  • "enable"

  • "disable"

pleen

integer

tcam sact pleen.

pleen_v

string

Enable to set sact pleen.

Choices:

  • "enable"

  • "disable"

prio_pid

integer

tcam sact prio-pid.

prio_pid_v

string

Enable to set sact prio-pid.

Choices:

  • "enable"

  • "disable"

promis

integer

tcam sact promis.

promis_v

string

Enable to set sact promis.

Choices:

  • "enable"

  • "disable"

rfsh

integer

tcam sact rfsh.

rfsh_v

string

Enable to set sact rfsh.

Choices:

  • "enable"

  • "disable"

smac_skip

integer

tcam sact smac-skip.

smac_skip_v

string

Enable to set sact smac-skip.

Choices:

  • "enable"

  • "disable"

tp_smchk

integer

tcam sact tp mode.

tp_smchk_v

string

Enable to set sact tp mode.

Choices:

  • "enable"

  • "disable"

tpe_id

integer

tcam sact tpe-id.

tpe_id_v

string

Enable to set sact tpe-id.

Choices:

  • "enable"

  • "disable"

vdm

integer

tcam sact vdm.

vdm_v

string

Enable to set sact vdm.

Choices:

  • "enable"

  • "disable"

vdom_id

integer

tcam sact vdom-id.

vdom_id_v

string

Enable to set sact vdom-id.

Choices:

  • "enable"

  • "disable"

x_mode

integer

tcam sact x-mode.

x_mode_v

string

Enable to set sact x-mode.

Choices:

  • "enable"

  • "disable"

tact

dictionary

Target action of TCAM.

act

integer

tcam tact act.

act_v

string

Enable to set tact act.

Choices:

  • "enable"

  • "disable"

fmtuv4_s

integer

tcam tact fmtuv4-s.

fmtuv4_s_v

string

Enable to set tact fmtuv4-s.

Choices:

  • "enable"

  • "disable"

fmtuv6_s

integer

tcam tact fmtuv6-s.

fmtuv6_s_v

string

Enable to set tact fmtuv6-s.

Choices:

  • "enable"

  • "disable"

lnkid

integer

tcam tact lnkid.

lnkid_v

string

Enable to set tact lnkid.

Choices:

  • "enable"

  • "disable"

mac_id

integer

tcam tact mac-id.

mac_id_v

string

Enable to set tact mac-id.

Choices:

  • "enable"

  • "disable"

mss_t

integer

tcam tact mss.

mss_t_v

string

Enable to set tact mss.

Choices:

  • "enable"

  • "disable"

mtuv4

integer

tcam tact mtuv4.

mtuv4_v

string

Enable to set tact mtuv4.

Choices:

  • "enable"

  • "disable"

mtuv6

integer

tcam tact mtuv6.

mtuv6_v

string

Enable to set tact mtuv6.

Choices:

  • "enable"

  • "disable"

slif_act

integer

tcam tact slif-act.

slif_act_v

string

Enable to set tact slif-act.

Choices:

  • "enable"

  • "disable"

sublnkid

integer

tcam tact sublnkid.

sublnkid_v

string

Enable to set tact sublnkid.

Choices:

  • "enable"

  • "disable"

tgtv_act

integer

tcam tact tgtv-act.

tgtv_act_v

string

Enable to set tact tgtv-act.

Choices:

  • "enable"

  • "disable"

tlif_act

integer

tcam tact tlif-act.

tlif_act_v

string

Enable to set tact tlif-act.

Choices:

  • "enable"

  • "disable"

tpeid

integer

tcam tact tpeid.

tpeid_v

string

Enable to set tact tpeid.

Choices:

  • "enable"

  • "disable"

v6fe

integer

tcam tact v6fe.

v6fe_v

string

Enable to set tact v6fe.

Choices:

  • "enable"

  • "disable"

vep_en

integer

tcam tact vep_en.

vep_en_v

string

Enable to set tact vep-en.

Choices:

  • "enable"

  • "disable"

vep_slid

integer

tcam tact vep_slid.

vep_slid_v

string

Enable to set tact vep-slid.

Choices:

  • "enable"

  • "disable"

xlt_lif

integer

tcam tact xlt-lif.

xlt_lif_v

string

Enable to set tact xlt-lif.

Choices:

  • "enable"

  • "disable"

xlt_vid

integer

tcam tact xlt-vid.

xlt_vid_v

string

Enable to set tact xlt-vid.

Choices:

  • "enable"

  • "disable"

type

string

TCAM policy type.

Choices:

  • "L2_src_tc"

  • "L2_tgt_tc"

  • "L2_src_mir"

  • "L2_tgt_mir"

  • "L2_src_act"

  • "L2_tgt_act"

  • "IPv4_src_tc"

  • "IPv4_tgt_tc"

  • "IPv4_src_mir"

  • "IPv4_tgt_mir"

  • "IPv4_src_act"

  • "IPv4_tgt_act"

  • "IPv6_src_tc"

  • "IPv6_tgt_tc"

  • "IPv6_src_mir"

  • "IPv6_tgt_mir"

  • "IPv6_src_act"

  • "IPv6_tgt_act"

vid

integer

NPU TCAM VID.

per_session_accounting

string

Set per-session accounting.

Choices:

  • "traffic-log-only"

  • "disable"

  • "enable"

port_cpu_map

list / elements=dictionary

Configure NPU interface to CPU core mapping.

cpu_core

string

The CPU core to map to an interface.

interface

string / required

The interface to map to a CPU core.

port_npu_map

list / elements=dictionary

Configure port to NPU group mapping.

interface

string / required

Set NPU interface port for NPU group mapping.

npu_group_index

integer

Mapping NPU group index.

port_path_option

dictionary

Configure port using NPU or Intel-NIC.

ports_using_npu

list / elements=dictionary

Set ha/aux ports to handle traffic with NPU (otherwise traffic goes to Intel-NIC and then CPU).

interface_name

string / required

Available interfaces for NPU path.

priority_protocol

dictionary

Configure NPU priority protocol.

bfd

string

Enable/disable NPU BFD priority protocol.

Choices:

  • "enable"

  • "disable"

bgp

string

Enable/disable NPU BGP priority protocol.

Choices:

  • "enable"

  • "disable"

slbc

string

Enable/disable NPU SLBC priority protocol.

Choices:

  • "enable"

  • "disable"

qos_mode

string

QoS mode on switch and NP.

Choices:

  • "disable"

  • "priority"

  • "round-robin"

qtm_buf_mode

string

QTM channel configuration for packet buffer.

Choices:

  • "6ch"

  • "4ch"

rdp_offload

string

Enable/disable RDP offload.

Choices:

  • "enable"

  • "disable"

session_acct_interval

integer

Session accounting update interval (1 - 10 sec).

session_denied_offload

string

Enable/disable offloading of denied sessions. Requires ses-denied-traffic to be set.

Choices:

  • "disable"

  • "enable"

shaping_stats

string

Enable/disable NP7 traffic shaping statistics .

Choices:

  • "disable"

  • "enable"

sse_backpressure

string

Enable/disable SSE backpressure.

Choices:

  • "enable"

  • "disable"

strip_clear_text_padding

string

Enable/disable stripping clear text padding.

Choices:

  • "enable"

  • "disable"

strip_esp_padding

string

Enable/disable stripping ESP padding.

Choices:

  • "enable"

  • "disable"

sw_eh_hash

dictionary

Configure switch enhanced hashing.

computation

string

Set hashing computation.

Choices:

  • "xor16"

  • "xor8"

  • "xor4"

  • "crc16"

destination_ip_lower_16

string

Include/exclude destination IP address lower 16 bits.

Choices:

  • "include"

  • "exclude"

destination_ip_upper_16

string

Include/exclude destination IP address upper 16 bits.

Choices:

  • "include"

  • "exclude"

destination_port

string

Include/exclude destination port if TCP/UDP.

Choices:

  • "include"

  • "exclude"

ip_protocol

string

Include/exclude IP protocol.

Choices:

  • "include"

  • "exclude"

netmask_length

integer

Network mask length.

source_ip_lower_16

string

Include/exclude source IP address lower 16 bits.

Choices:

  • "include"

  • "exclude"

source_ip_upper_16

string

Include/exclude source IP address upper 16 bits.

Choices:

  • "include"

  • "exclude"

source_port

string

Include/exclude source port if TCP/UDP.

Choices:

  • "include"

  • "exclude"

sw_np_bandwidth

string

Bandwidth from switch to NP.

Choices:

  • "0G"

  • "2G"

  • "4G"

  • "5G"

  • "6G"

  • "7G"

  • "8G"

  • "9G"

sw_tr_hash

dictionary

Configure switch traditional hashing.

draco15

string

Enable/disable DRACO15 hashing.

Choices:

  • "enable"

  • "disable"

tcp_udp_port

string

Include/exclude TCP/UDP source and destination port for unicast trunk traffic.

Choices:

  • "include"

  • "exclude"

string

Enable/disable selection of which NP6 chip the tunnel uses .

Choices:

  • "enable"

  • "disable"

uesp_offload

string

Enable/disable UDP-encapsulated ESP offload .

Choices:

  • "enable"

  • "disable"

ull_port_mode

string

Set ULL port”s speed to 10G/25G .

Choices:

  • "10G"

  • "25G"

vlan_lookup_cache

string

Enable/disable vlan lookup cache .

Choices:

  • "enable"

  • "disable"

vdom

string

Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit.

Default: "root"

Notes

Note

  • Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks

Examples

- name: Configure NPU attributes.
  fortinet.fortios.fortios_system_npu:
      vdom: "{{ vdom }}"
      system_npu:
          capwap_offload: "enable"
          dedicated_management_affinity: "<your_own_value>"
          dedicated_management_cpu: "enable"
          default_qos_type: "policing"
          dos_options:
              npu_dos_meter_mode: "global"
              npu_dos_tpe_mode: "enable"
          double_level_mcast_offload: "enable"
          dsw_dts_profile:
              -
                  action: "wait"
                  min_limit: "0"
                  profile_id: "<you_own_value>"
                  step: "0"
          dsw_queue_dts_profile:
              -
                  iport: "eif0"
                  name: "default_name_18"
                  oport: "eif0"
                  profile_id: "0"
                  queue_select: "0"
          fastpath: "disable"
          fp_anomaly:
              icmp_csum_err: "drop"
              icmp_frag: "allow"
              icmp_land: "allow"
              ipv4_csum_err: "drop"
              ipv4_land: "allow"
              ipv4_optlsrr: "allow"
              ipv4_optrr: "allow"
              ipv4_optsecurity: "allow"
              ipv4_optssrr: "allow"
              ipv4_optstream: "allow"
              ipv4_opttimestamp: "allow"
              ipv4_proto_err: "allow"
              ipv4_unknopt: "allow"
              ipv6_daddr_err: "allow"
              ipv6_land: "allow"
              ipv6_optendpid: "allow"
              ipv6_opthomeaddr: "allow"
              ipv6_optinvld: "allow"
              ipv6_optjumbo: "allow"
              ipv6_optnsap: "allow"
              ipv6_optralert: "allow"
              ipv6_opttunnel: "allow"
              ipv6_proto_err: "allow"
              ipv6_saddr_err: "allow"
              ipv6_unknopt: "allow"
              tcp_csum_err: "drop"
              tcp_fin_noack: "allow"
              tcp_fin_only: "allow"
              tcp_land: "allow"
              tcp_no_flag: "allow"
              tcp_syn_data: "allow"
              tcp_syn_fin: "allow"
              tcp_winnuke: "allow"
              udp_csum_err: "drop"
              udp_land: "allow"
          gtp_enhanced_cpu_range: "0"
          gtp_enhanced_mode: "enable"
          gtp_support: "enable"
          hash_tbl_spread: "enable"
          hpe:
              all_protocol: "400000"
              arp_max: "5000"
              enable_shaper: "disable"
              esp_max: "5000"
              high_priority: "400000"
              icmp_max: "5000"
              ip_frag_max: "5000"
              ip_others_max: "5000"
              l2_others_max: "5000"
              sctp_max: "5000"
              tcp_max: "40000"
              tcpfin_rst_max: "40000"
              tcpsyn_ack_max: "40000"
              tcpsyn_max: "40000"
              udp_max: "40000"
          htab_dedi_queue_nr: "4"
          htab_msg_queue: "data"
          htx_icmp_csum_chk: "drop"
          inbound_dscp_copy_port:
              -
                  interface: "<your_own_value>"
          intf_shaping_offload: "enable"
          ip_fragment_offload: "disable"
          ip_reassembly:
              max_timeout: "200000"
              min_timeout: "64"
              status: "disable"
          ipsec_dec_subengine_mask: "<your_own_value>"
          ipsec_enc_subengine_mask: "<your_own_value>"
          ipsec_inbound_cache: "enable"
          ipsec_mtu_override: "disable"
          ipsec_ob_np_sel: "rr"
          ipsec_over_vlink: "enable"
          isf_np_queues:
              cos0: "<your_own_value> (source system.isf-queue-profile.name)"
              cos1: "<your_own_value> (source system.isf-queue-profile.name)"
              cos2: "<your_own_value> (source system.isf-queue-profile.name)"
              cos3: "<your_own_value> (source system.isf-queue-profile.name)"
              cos4: "<your_own_value> (source system.isf-queue-profile.name)"
              cos5: "<your_own_value> (source system.isf-queue-profile.name)"
              cos6: "<your_own_value> (source system.isf-queue-profile.name)"
              cos7: "<your_own_value> (source system.isf-queue-profile.name)"
          lag_out_port_select: "disable"
          max_receive_unit: "0"
          max_session_timeout: "40"
          mcast_session_accounting: "tpe-based"
          napi_break_interval: "0"
          np_queues:
              ethernet_type:
                  -
                      name: "default_name_112"
                      queue: "0"
                      type: "<your_own_value>"
                      weight: "15"
              ip_protocol:
                  -
                      name: "default_name_117"
                      protocol: "0"
                      queue: "0"
                      weight: "14"
              ip_service:
                  -
                      dport: "0"
                      name: "default_name_123"
                      protocol: "0"
                      queue: "0"
                      sport: "0"
                      weight: "13"
              profile:
                  -
                      cos0: "queue0"
                      cos1: "queue0"
                      cos2: "queue0"
                      cos3: "queue0"
                      cos4: "queue0"
                      cos5: "queue0"
                      cos6: "queue0"
                      cos7: "queue0"
                      dscp0: "queue0"
                      dscp1: "queue0"
                      dscp10: "queue0"
                      dscp11: "queue0"
                      dscp12: "queue0"
                      dscp13: "queue0"
                      dscp14: "queue0"
                      dscp15: "queue0"
                      dscp16: "queue0"
                      dscp17: "queue0"
                      dscp18: "queue0"
                      dscp19: "queue0"
                      dscp2: "queue0"
                      dscp20: "queue0"
                      dscp21: "queue0"
                      dscp22: "queue0"
                      dscp23: "queue0"
                      dscp24: "queue0"
                      dscp25: "queue0"
                      dscp26: "queue0"
                      dscp27: "queue0"
                      dscp28: "queue0"
                      dscp29: "queue0"
                      dscp3: "queue0"
                      dscp30: "queue0"
                      dscp31: "queue0"
                      dscp32: "queue0"
                      dscp33: "queue0"
                      dscp34: "queue0"
                      dscp35: "queue0"
                      dscp36: "queue0"
                      dscp37: "queue0"
                      dscp38: "queue0"
                      dscp39: "queue0"
                      dscp4: "queue0"
                      dscp40: "queue0"
                      dscp41: "queue0"
                      dscp42: "queue0"
                      dscp43: "queue0"
                      dscp44: "queue0"
                      dscp45: "queue0"
                      dscp46: "queue0"
                      dscp47: "queue0"
                      dscp48: "queue0"
                      dscp49: "queue0"
                      dscp5: "queue0"
                      dscp50: "queue0"
                      dscp51: "queue0"
                      dscp52: "queue0"
                      dscp53: "queue0"
                      dscp54: "queue0"
                      dscp55: "queue0"
                      dscp56: "queue0"
                      dscp57: "queue0"
                      dscp58: "queue0"
                      dscp59: "queue0"
                      dscp6: "queue0"
                      dscp60: "queue0"
                      dscp61: "queue0"
                      dscp62: "queue0"
                      dscp63: "queue0"
                      dscp7: "queue0"
                      dscp8: "queue0"
                      dscp9: "queue0"
                      id: "201"
                      type: "cos"
                      weight: "6"
              scheduler:
                  -
                      mode: "none"
                      name: "default_name_206"
          npu_group_effective_scope: "255"
          npu_tcam:
              -
                  data:
                      df: "enable"
                      dstip: "<your_own_value>"
                      dstipv6: "<your_own_value>"
                      dstmac: "<your_own_value>"
                      dstport: "0"
                      ethertype: "<your_own_value>"
                      ext_tag: "enable"
                      frag_off: "0"
                      gen_buf_cnt: "0"
                      gen_iv: "valid"
                      gen_l3_flags: "0"
                      gen_l4_flags: "0"
                      gen_pkt_ctrl: "0"
                      gen_pri: "0"
                      gen_pri_v: "valid"
                      gen_tv: "valid"
                      ihl: "0"
                      ip4_id: "0"
                      ip6_fl: "0"
                      ipver: "0"
                      l4_wd10: "0"
                      l4_wd11: "0"
                      l4_wd8: "0"
                      l4_wd9: "0"
                      mf: "enable"
                      protocol: "0"
                      slink: "0"
                      smac_change: "enable"
                      sp: "0"
                      src_cfi: "enable"
                      src_prio: "0"
                      src_updt: "enable"
                      srcip: "<your_own_value>"
                      srcipv6: "<your_own_value>"
                      srcmac: "<your_own_value>"
                      srcport: "0"
                      svid: "0"
                      tcp_ack: "enable"
                      tcp_cwr: "enable"
                      tcp_ece: "enable"
                      tcp_fin: "enable"
                      tcp_push: "enable"
                      tcp_rst: "enable"
                      tcp_syn: "enable"
                      tcp_urg: "enable"
                      tgt_cfi: "enable"
                      tgt_prio: "0"
                      tgt_updt: "enable"
                      tgt_v: "valid"
                      tos: "0"
                      tp: "0"
                      ttl: "0"
                      tvid: "0"
                      vdid: "0"
                  mask:
                      df: "enable"
                      dstip: "<your_own_value>"
                      dstipv6: "<your_own_value>"
                      dstmac: "<your_own_value>"
                      dstport: "0"
                      ethertype: "<your_own_value>"
                      ext_tag: "enable"
                      frag_off: "0"
                      gen_buf_cnt: "0"
                      gen_iv: "valid"
                      gen_l3_flags: "0"
                      gen_l4_flags: "0"
                      gen_pkt_ctrl: "0"
                      gen_pri: "0"
                      gen_pri_v: "valid"
                      gen_tv: "valid"
                      ihl: "0"
                      ip4_id: "0"
                      ip6_fl: "0"
                      ipver: "0"
                      l4_wd10: "0"
                      l4_wd11: "0"
                      l4_wd8: "0"
                      l4_wd9: "0"
                      mf: "enable"
                      protocol: "0"
                      slink: "0"
                      smac_change: "enable"
                      sp: "0"
                      src_cfi: "enable"
                      src_prio: "0"
                      src_updt: "enable"
                      srcip: "<your_own_value>"
                      srcipv6: "<your_own_value>"
                      srcmac: "<your_own_value>"
                      srcport: "0"
                      svid: "0"
                      tcp_ack: "enable"
                      tcp_cwr: "enable"
                      tcp_ece: "enable"
                      tcp_fin: "enable"
                      tcp_push: "enable"
                      tcp_rst: "enable"
                      tcp_syn: "enable"
                      tcp_urg: "enable"
                      tgt_cfi: "enable"
                      tgt_prio: "0"
                      tgt_updt: "enable"
                      tgt_v: "valid"
                      tos: "0"
                      tp: "0"
                      ttl: "0"
                      tvid: "0"
                      vdid: "0"
                  mir_act:
                      vlif: "0"
                  name: "default_name_321"
                  oid: "0"
                  pri_act:
                      priority: "0"
                      weight: "0"
                  sact:
                      act: "0"
                      act_v: "enable"
                      bmproc: "0"
                      bmproc_v: "enable"
                      df_lif: "0"
                      df_lif_v: "enable"
                      dfr: "0"
                      dfr_v: "enable"
                      dmac_skip: "0"
                      dmac_skip_v: "enable"
                      dosen: "0"
                      dosen_v: "enable"
                      espff_proc: "0"
                      espff_proc_v: "enable"
                      etype_pid: "0"
                      etype_pid_v: "enable"
                      frag_proc: "0"
                      frag_proc_v: "enable"
                      fwd: "0"
                      fwd_lif: "0"
                      fwd_lif_v: "enable"
                      fwd_tvid: "0"
                      fwd_tvid_v: "enable"
                      fwd_v: "enable"
                      icpen: "0"
                      icpen_v: "enable"
                      igmp_mld_snp: "0"
                      igmp_mld_snp_v: "enable"
                      learn: "0"
                      learn_v: "enable"
                      m_srh_ctrl: "0"
                      m_srh_ctrl_v: "enable"
                      mac_id: "0"
                      mac_id_v: "enable"
                      mss: "0"
                      mss_v: "enable"
                      pleen: "0"
                      pleen_v: "enable"
                      prio_pid: "0"
                      prio_pid_v: "enable"
                      promis: "0"
                      promis_v: "enable"
                      rfsh: "0"
                      rfsh_v: "enable"
                      smac_skip: "0"
                      smac_skip_v: "enable"
                      tp_smchk: "0"
                      tp_smchk_v: "enable"
                      tpe_id: "0"
                      tpe_id_v: "enable"
                      vdm: "0"
                      vdm_v: "enable"
                      vdom_id: "0"
                      vdom_id_v: "enable"
                      x_mode: "0"
                      x_mode_v: "enable"
                  tact:
                      act: "0"
                      act_v: "enable"
                      fmtuv4_s: "0"
                      fmtuv4_s_v: "enable"
                      fmtuv6_s: "0"
                      fmtuv6_s_v: "enable"
                      lnkid: "0"
                      lnkid_v: "enable"
                      mac_id: "0"
                      mac_id_v: "enable"
                      mss_t: "0"
                      mss_t_v: "enable"
                      mtuv4: "0"
                      mtuv4_v: "enable"
                      mtuv6: "0"
                      mtuv6_v: "enable"
                      slif_act: "0"
                      slif_act_v: "enable"
                      sublnkid: "0"
                      sublnkid_v: "enable"
                      tgtv_act: "0"
                      tgtv_act_v: "enable"
                      tlif_act: "0"
                      tlif_act_v: "enable"
                      tpeid: "0"
                      tpeid_v: "enable"
                      v6fe: "0"
                      v6fe_v: "enable"
                      vep_en: "0"
                      vep_en_v: "enable"
                      vep_slid: "0"
                      vep_slid_v: "enable"
                      xlt_lif: "0"
                      xlt_lif_v: "enable"
                      xlt_vid: "0"
                      xlt_vid_v: "enable"
                  type: "L2_src_tc"
                  vid: "0"
          per_session_accounting: "traffic-log-only"
          port_cpu_map:
              -
                  cpu_core: "<your_own_value>"
                  interface: "<your_own_value>"
          port_npu_map:
              -
                  interface: "<your_own_value>"
                  npu_group_index: "0"
          port_path_option:
              ports_using_npu:
                  -
                      interface_name: "<your_own_value>"
          priority_protocol:
              bfd: "enable"
              bgp: "enable"
              slbc: "enable"
          qos_mode: "disable"
          qtm_buf_mode: "6ch"
          rdp_offload: "enable"
          session_acct_interval: "5"
          session_denied_offload: "disable"
          shaping_stats: "disable"
          sse_backpressure: "enable"
          strip_clear_text_padding: "enable"
          strip_esp_padding: "enable"
          sw_eh_hash:
              computation: "xor16"
              destination_ip_lower_16: "include"
              destination_ip_upper_16: "include"
              destination_port: "include"
              ip_protocol: "include"
              netmask_length: "32"
              source_ip_lower_16: "include"
              source_ip_upper_16: "include"
              source_port: "include"
          sw_np_bandwidth: "0G"
          sw_tr_hash:
              draco15: "enable"
              tcp_udp_port: "include"
          tunnel_over_vlink: "enable"
          uesp_offload: "enable"
          ull_port_mode: "10G"
          vlan_lookup_cache: "enable"

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

build

string

Build number of the fortigate image

Returned: always

Sample: "1547"

http_method

string

Last method used to provision the content into FortiGate

Returned: always

Sample: "PUT"

http_status

string

Last result given by FortiGate on last operation applied

Returned: always

Sample: "200"

mkey

string

Master key (id) used in the last call to FortiGate

Returned: success

Sample: "id"

name

string

Name of the table used to fulfill the request

Returned: always

Sample: "urlfilter"

path

string

Path of the table used to fulfill the request

Returned: always

Sample: "webfilter"

revision

string

Internal revision number

Returned: always

Sample: "17.0.2.10658"

serial

string

Serial number of the unit

Returned: always

Sample: "FGVMEVYYQT3AB5352"

status

string

Indication of the operation’s result

Returned: always

Sample: "success"

vdom

string

Virtual domain used

Returned: always

Sample: "root"

version

string

Version of the FortiGate

Returned: always

Sample: "v5.6.3"

Authors

  • Link Zheng (@chillancezen)

  • Jie Xue (@JieX19)

  • Hongbin Lu (@fgtdev-hblu)

  • Frank Shen (@frankshen01)

  • Miguel Angel Munoz (@mamunozgonzalez)

  • Nicolas Thomas (@thomnico)