fmgr_system_npu – Configure NPU attributes.¶
New in version 2.1.6.
Synopsis¶
- This module is able to configure a FortiManager device.
- Examples include all parameters and values need to be adjusted to data sources before usage.
- Tested with FortiManager v6.x and v7.x.
Requirements¶
The below requirements are needed on the host that executes this module.
- ansible>=2.9.0
FortiManager Version Compatibility¶
6.0.0 |
||||||||||||
| False | ||||||||||||
6.2.0 |
6.2.1 |
6.2.2 |
6.2.3 |
6.2.5 |
6.2.6 |
6.2.7 |
6.2.8 |
6.2.9 |
6.2.10 |
6.2.11 |
||
| False | False | False | False | False | False | False | False | False | False | False | ||
6.4.0 |
6.4.1 |
6.4.2 |
6.4.3 |
6.4.4 |
6.4.5 |
6.4.6 |
6.4.7 |
6.4.8 |
6.4.9 |
6.4.10 |
6.4.11 |
6.4.12 |
| False | False | False | False | False | False | False | True | True | True | True | True | True |
7.0.0 |
7.0.1 |
7.0.2 |
7.0.3 |
7.0.4 |
7.0.5 |
7.0.6 |
7.0.7 |
7.0.8 |
||||
| False | True | True | True | True | True | True | True | True | ||||
7.2.0 |
7.2.1 |
7.2.2 |
7.2.3 |
|||||||||
| True | True | True | True | |||||||||
7.4.0 |
||||||||||||
| True |
Parameters¶
- access_token -The token to access FortiManager without using username and password. type: str required: false
- bypass_validation - Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters. type: bool required: false default: False
- enable_log - Enable/Disable logging for task. type: bool required: false default: False
- forticloud_access_token - Access token of forticloud managed API users, this option is available with FortiManager later than 6.4.0. type: str required: false
- proposed_method - The overridden method for the underlying Json RPC request. type: str required: false choices: set, update, add
- rc_succeeded - The rc codes list with which the conditions to succeed will be overriden. type: list required: false
- rc_failed - The rc codes list with which the conditions to fail will be overriden. type: list required: false
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode. type: str required: false choices: global, custom adom including root
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock. type: integer required: false default: 300
- adom - The parameter in requested url type: str required: true
- system_npu - Configure NPU attributes. type: dict
- capwap-offload - Enable/disable offloading managed FortiAP and FortiLink CAPWAP sessions. type: str choices: [disable, enable] more...
- dedicated-management-affinity - Affinity setting for management deamons (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx). type: str more...
- dedicated-management-cpu - Enable to dedicate one CPU for GUI and CLI connections when NPs are busy. type: str choices: [disable, enable] more...
- fastpath - Enable/disable NP6 offloading (also called fast path). type: str choices: [disable, enable] more...
- fp-anomaly type: dict
- esp-minlen-err - Invalid IPv4 ESP short packet anomalies. type: str choices: [drop, trap-to-host] more...
- icmp-csum-err - Invalid IPv4 ICMP packet checksum anomalies. type: str choices: [drop, trap-to-host] more...
- icmp-minlen-err - Invalid IPv4 ICMP short packet anomalies. type: str choices: [drop, trap-to-host] more...
- ipv4-csum-err - Invalid IPv4 packet checksum anomalies. type: str choices: [drop, trap-to-host] more...
- ipv4-ihl-err - Invalid IPv4 header length anomalies. type: str choices: [drop, trap-to-host] more...
- ipv4-len-err - Invalid IPv4 packet length anomalies. type: str choices: [drop, trap-to-host] more...
- ipv4-opt-err - Invalid IPv4 option parsing anomalies. type: str choices: [drop, trap-to-host] more...
- ipv4-ttlzero-err - Invalid IPv4 TTL field zero anomalies. type: str choices: [drop, trap-to-host] more...
- ipv4-ver-err - Invalid IPv4 header version anomalies. type: str choices: [drop, trap-to-host] more...
- ipv6-exthdr-len-err - Invalid IPv6 packet chain extension header total length anomalies. type: str choices: [drop, trap-to-host] more...
- ipv6-exthdr-order-err - Invalid IPv6 packet extension header ordering anomalies. type: str choices: [drop, trap-to-host] more...
- ipv6-ihl-err - Invalid IPv6 packet length anomalies. type: str choices: [drop, trap-to-host] more...
- ipv6-plen-zero - Invalid IPv6 packet payload length zero anomalies. type: str choices: [drop, trap-to-host] more...
- ipv6-ver-err - Invalid IPv6 packet version anomalies. type: str choices: [drop, trap-to-host] more...
- tcp-csum-err - Invalid IPv4 TCP packet checksum anomalies. type: str choices: [drop, trap-to-host] more...
- tcp-hlen-err - Invalid IPv4 TCP header length anomalies. type: str choices: [drop, trap-to-host] more...
- tcp-plen-err - Invalid IPv4 TCP packet length anomalies. type: str choices: [drop, trap-to-host] more...
- udp-csum-err - Invalid IPv4 UDP packet checksum anomalies. type: str choices: [drop, trap-to-host] more...
- udp-hlen-err - Invalid IPv4 UDP packet header length anomalies. type: str choices: [drop, trap-to-host] more...
- udp-len-err - Invalid IPv4 UDP packet length anomalies. type: str choices: [drop, trap-to-host] more...
- udp-plen-err - Invalid IPv4 UDP packet minimum length anomalies. type: str choices: [drop, trap-to-host] more...
- udplite-cover-err - Invalid IPv4 UDP-Lite packet coverage anomalies. type: str choices: [drop, trap-to-host] more...
- udplite-csum-err - Invalid IPv4 UDP-Lite packet checksum anomalies. type: str choices: [drop, trap-to-host] more...
- unknproto-minlen-err - Invalid IPv4 L4 unknown protocol short packet anomalies. type: str choices: [drop, trap-to-host] more...
- tcp-fin-only - TCP SYN flood with only FIN flag set anomalies. type: str choices: [allow, drop, trap-to-host] more...
- ipv4-optsecurity - Security option anomalies. type: str choices: [allow, drop, trap-to-host] more...
- ipv6-optralert - Router alert option anomalies. type: str choices: [allow, drop, trap-to-host] more...
- tcp-syn-fin - TCP SYN flood SYN/FIN flag set anomalies. type: str choices: [allow, drop, trap-to-host] more...
- ipv4-proto-err - Invalid layer 4 protocol anomalies. type: str choices: [allow, drop, trap-to-host] more...
- ipv6-saddr-err - Source address as multicast anomalies. type: str choices: [allow, drop, trap-to-host] more...
- icmp-frag - Layer 3 fragmented packets that could be part of layer 4 ICMP anomalies. type: str choices: [allow, drop, trap-to-host] more...
- ipv4-optssrr - Strict source record route option anomalies. type: str choices: [allow, drop, trap-to-host] more...
- ipv6-opthomeaddr - Home address option anomalies. type: str choices: [allow, drop, trap-to-host] more...
- udp-land - UDP land anomalies. type: str choices: [allow, drop, trap-to-host] more...
- ipv6-optinvld - Invalid option anomalies. type: str choices: [allow, drop, trap-to-host] more...
- tcp-fin-noack - TCP SYN flood with FIN flag set without ACK setting anomalies. type: str choices: [allow, drop, trap-to-host] more...
- ipv6-proto-err - Layer 4 invalid protocol anomalies. type: str choices: [allow, drop, trap-to-host] more...
- tcp-land - TCP land anomalies. type: str choices: [allow, drop, trap-to-host] more...
- ipv4-unknopt - Unknown option anomalies. type: str choices: [allow, drop, trap-to-host] more...
- ipv4-optstream - Stream option anomalies. type: str choices: [allow, drop, trap-to-host] more...
- ipv6-optjumbo - Jumbo options anomalies. type: str choices: [allow, drop, trap-to-host] more...
- icmp-land - ICMP land anomalies. type: str choices: [allow, drop, trap-to-host] more...
- tcp-winnuke - TCP WinNuke anomalies. type: str choices: [allow, drop, trap-to-host] more...
- ipv6-daddr-err - Destination address as unspecified or loopback address anomalies. type: str choices: [allow, drop, trap-to-host] more...
- ipv4-land - Land anomalies. type: str choices: [allow, drop, trap-to-host] more...
- ipv6-opttunnel - Tunnel encapsulation limit option anomalies. type: str choices: [allow, drop, trap-to-host] more...
- tcp-no-flag - TCP SYN flood with no flag set anomalies. type: str choices: [allow, drop, trap-to-host] more...
- ipv6-land - Land anomalies. type: str choices: [allow, drop, trap-to-host] more...
- ipv4-optlsrr - Loose source record route option anomalies. type: str choices: [allow, drop, trap-to-host] more...
- ipv4-opttimestamp - Timestamp option anomalies. type: str choices: [allow, drop, trap-to-host] more...
- ipv4-optrr - Record route option anomalies. type: str choices: [allow, drop, trap-to-host] more...
- ipv6-optnsap - Network service access point address option anomalies. type: str choices: [allow, drop, trap-to-host] more...
- ipv6-unknopt - Unknown option anomalies. type: str choices: [allow, drop, trap-to-host] more...
- tcp-syn-data - TCP SYN flood packets with data anomalies. type: str choices: [allow, drop, trap-to-host] more...
- ipv6-optendpid - End point identification anomalies. type: str choices: [allow, drop, trap-to-host] more...
- gtpu-plen-err - No description for the parameter type: str choices: [drop, trap-to-host] more...
- vxlan-minlen-err - No description for the parameter type: str choices: [drop, trap-to-host] more...
- capwap-minlen-err - No description for the parameter type: str choices: [drop, trap-to-host] more...
- gre-csum-err - No description for the parameter type: str choices: [drop, trap-to-host] more...
- nvgre-minlen-err - No description for the parameter type: str choices: [drop, trap-to-host] more...
- sctp-l4len-err - No description for the parameter type: str choices: [drop, trap-to-host] more...
- tcp-hlenvsl4len-err - No description for the parameter type: str choices: [drop, trap-to-host] more...
- sctp-crc-err - No description for the parameter type: str choices: [drop, trap-to-host] more...
- sctp-clen-err - No description for the parameter type: str choices: [drop, trap-to-host] more...
- uesp-minlen-err - No description for the parameter type: str choices: [drop, trap-to-host] more...
- gtp-enhanced-cpu-range - GTP enhanced CPU range option. type: str choices: [0, 1, 2] more...
- gtp-enhanced-mode - Enable/disable GTP enhanced mode. type: str choices: [disable, enable] more...
- host-shortcut-mode - Set np6 host shortcut mode. type: str choices: [bi-directional, host-shortcut] more...
- htx-gtse-quota - Configure HTX GTSE quota. type: str choices: [100Mbps, 200Mbps, 300Mbps, 400Mbps, 500Mbps, 600Mbps, 700Mbps, 800Mbps, 900Mbps, 1Gbps, 2Gbps, 4Gbps, 8Gbps, 10Gbps] more...
- intf-shaping-offload - Enable/disable NPU offload when doing interface-based traffic shaping according to the egress-shaping-profile. type: str choices: [disable, enable] more...
- iph-rsvd-re-cksum - Enable/disable IP checksum re-calculation for packets with iph. type: str choices: [disable, enable] more...
- ipsec-dec-subengine-mask - IPsec decryption subengine mask (0x1 - 0xff, default 0xff). type: str more...
- ipsec-enc-subengine-mask - IPsec encryption subengine mask (0x1 - 0xff, default 0xff). type: str more...
- ipsec-inbound-cache - Enable/disable IPsec inbound cache for anti-replay. type: str choices: [disable, enable] more...
- ipsec-mtu-override - Enable/disable NP6 IPsec MTU override. type: str choices: [disable, enable] more...
- ipsec-over-vlink - Enable/disable IPSEC over vlink. type: str choices: [disable, enable] more...
- isf-np-queues type: dict
- cos0 - CoS profile name for CoS 0. type: str more...
- cos1 - CoS profile name for CoS 1. type: str more...
- cos2 - CoS profile name for CoS 2. type: str more...
- cos3 - CoS profile name for CoS 3. type: str more...
- cos4 - CoS profile name for CoS 4. type: str more...
- cos5 - CoS profile name for CoS 5. type: str more...
- cos6 - CoS profile name for CoS 6. type: str more...
- cos7 - CoS profile name for CoS 7. type: str more...
- lag-out-port-select - Enable/disable LAG outgoing port selection based on incoming traffic port. type: str choices: [disable, enable] more...
- mcast-session-accounting - Enable/disable traffic accounting for each multicast session through TAE counter. type: str choices: [disable, session-based, tpe-based] more...
- np6-cps-optimization-mode - Enable/disable NP6 connection per second (CPS) optimization mode. type: str choices: [disable, enable] more...
- per-session-accounting - Enable/disable per-session accounting. type: str choices: [enable, disable, enable-by-log, all-enable, traffic-log-only] more...
- port-cpu-map - No description for the parameter type: array more...
- port-npu-map - No description for the parameter type: array more...
- priority-protocol type: dict
- bfd - Enable/disable NPU BFD priority protocol. type: str choices: [disable, enable] more...
- bgp - Enable/disable NPU BGP priority protocol. type: str choices: [disable, enable] more...
- slbc - Enable/disable NPU SLBC priority protocol. type: str choices: [disable, enable] more...
- qos-mode - QoS mode on switch and NP. type: str choices: [disable, priority, round-robin] more...
- rdp-offload - Enable/disable rdp offload. type: str choices: [disable, enable] more...
- recover-np6-link - Enable/disable internal link failure check and recovery after boot up. type: str choices: [disable, enable] more...
- session-denied-offload - Enable/disable offloading of denied sessions. type: str choices: [disable, enable] more...
- sse-backpressure - Enable/disable sse backpressure. type: str choices: [disable, enable] more...
- strip-clear-text-padding - Enable/disable stripping clear text padding. type: str choices: [disable, enable] more...
- strip-esp-padding - Enable/disable stripping ESP padding. type: str choices: [disable, enable] more...
- sw-eh-hash type: dict
- computation - Set hashing computation. type: str choices: [xor16, xor8, xor4, crc16] more...
- destination-ip-lower-16 - Include/exclude destination IP address lower 16 bits. type: str choices: [include, exclude] more...
- destination-ip-upper-16 - Include/exclude destination IP address upper 16 bits. type: str choices: [include, exclude] more...
- destination-port - Include/exclude destination port if TCP/UDP. type: str choices: [include, exclude] more...
- ip-protocol - Include/exclude IP protocol. type: str choices: [include, exclude] more...
- netmask-length - Network mask length. type: int more...
- source-ip-lower-16 - Include/exclude source IP address lower 16 bits. type: str choices: [include, exclude] more...
- source-ip-upper-16 - Include/exclude source IP address upper 16 bits. type: str choices: [include, exclude] more...
- source-port - Include/exclude source port if TCP/UDP. type: str choices: [include, exclude] more...
- sw-np-bandwidth - Bandwidth from switch to NP. type: str choices: [0G, 2G, 4G, 5G, 6G, 7G, 8G, 9G] more...
- switch-np-hash - Switch-NP trunk port selection Criteria. type: str choices: [src-ip, dst-ip, src-dst-ip] more...
- uesp-offload - Enable/disable UDP-encapsulated ESP offload (default = disable). type: str choices: [disable, enable] more...
- np-queues type: dict
- ethernet-type - No description for the parameter type: array more...
- ip-protocol - No description for the parameter type: array more...
- ip-service - No description for the parameter type: array more...
- profile - No description for the parameter type: array
more...
- cos0 - Queue number of CoS 0. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- cos1 - Queue number of CoS 1. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- cos2 - Queue number of CoS 2. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- cos3 - Queue number of CoS 3. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- cos4 - Queue number of CoS 4. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- cos5 - Queue number of CoS 5. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- cos6 - Queue number of CoS 6. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- cos7 - Queue number of CoS 7. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp0 - Queue number of DSCP 0. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp1 - Queue number of DSCP 1. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp10 - Queue number of DSCP 10. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp11 - Queue number of DSCP 11. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp12 - Queue number of DSCP 12. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp13 - Queue number of DSCP 13. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp14 - Queue number of DSCP 14. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp15 - Queue number of DSCP 15. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp16 - Queue number of DSCP 16. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp17 - Queue number of DSCP 17. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp18 - Queue number of DSCP 18. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp19 - Queue number of DSCP 19. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp2 - Queue number of DSCP 2. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp20 - Queue number of DSCP 20. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp21 - Queue number of DSCP 21. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp22 - Queue number of DSCP 22. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp23 - Queue number of DSCP 23. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp24 - Queue number of DSCP 24. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp25 - Queue number of DSCP 25. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp26 - Queue number of DSCP 26. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp27 - Queue number of DSCP 27. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp28 - Queue number of DSCP 28. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp29 - Queue number of DSCP 29. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp3 - Queue number of DSCP 3. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp30 - Queue number of DSCP 30. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp31 - Queue number of DSCP 31. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp32 - Queue number of DSCP 32. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp33 - Queue number of DSCP 33. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp34 - Queue number of DSCP 34. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp35 - Queue number of DSCP 35. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp36 - Queue number of DSCP 36. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp37 - Queue number of DSCP 37. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp38 - Queue number of DSCP 38. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp39 - Queue number of DSCP 39. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp4 - Queue number of DSCP 4. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp40 - Queue number of DSCP 40. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp41 - Queue number of DSCP 41. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp42 - Queue number of DSCP 42. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp43 - Queue number of DSCP 43. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp44 - Queue number of DSCP 44. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp45 - Queue number of DSCP 45. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp46 - Queue number of DSCP 46. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp47 - Queue number of DSCP 47. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp48 - Queue number of DSCP 48. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp49 - Queue number of DSCP 49. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp5 - Queue number of DSCP 5. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp50 - Queue number of DSCP 50. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp51 - Queue number of DSCP 51. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp52 - Queue number of DSCP 52. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp53 - Queue number of DSCP 53. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp54 - Queue number of DSCP 54. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp55 - Queue number of DSCP 55. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp56 - Queue number of DSCP 56. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp57 - Queue number of DSCP 57. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp58 - Queue number of DSCP 58. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp59 - Queue number of DSCP 59. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp6 - Queue number of DSCP 6. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp60 - Queue number of DSCP 60. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp61 - Queue number of DSCP 61. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp62 - Queue number of DSCP 62. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp63 - Queue number of DSCP 63. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp7 - Queue number of DSCP 7. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp8 - Queue number of DSCP 8. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp9 - Queue number of DSCP 9. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- id - Profile ID. type: int more...
- type - Profile type. type: str choices: [cos, dscp] more...
- weight - Class weight. type: int more...
- scheduler - No description for the parameter type: array more...
- udp-timeout-profile - No description for the parameter type: array more...
- qtm-buf-mode - QTM channel configuration for packet buffer. type: str choices: [6ch, 4ch] more...
- default-qos-type - Set default QoS type. type: str choices: [policing, shaping, policing-enhanced] more...
- tcp-rst-timeout - TCP RST timeout in seconds (0-3600, default = 5). type: int more...
- ipsec-local-uesp-port - No description for the parameter type: int more...
- htab-dedi-queue-nr - Set the number of dedicate queue for hash table messages. type: int more...
- double-level-mcast-offload - Enable double level mcast offload. type: str choices: [disable, enable] more...
- dse-timeout - DSE timeout in seconds (0-3600, default = 10). type: int more...
- ippool-overload-low - Low threshold for overload ippool port reuse (100%-2000%, default = 150). type: int more...
- pba-eim - Configure option for PBA(non-overload)/EIM combination. type: str choices: [disallow, allow] more...
- policy-offload-level - Configure firewall policy offload level (disable, default, dos-offload, full-offload). type: str choices: [disable, dos-offload, full-offload] more...
- max-session-timeout - Maximum time interval for refreshing NPU-offloaded sessions (10 - 1000 sec, default 40 sec). type: int more...
- port-path-option type: dict
- ports-using-npu - No description for the parameter type: str more...
- vlan-lookup-cache - Enable/disable vlan lookup cache (default enabled). type: str choices: [disable, enable] more...
- dos-options type: dict
- npu-dos-meter-mode - Set DoS meter NPU offloading mode. type: str choices: [local, global] more...
- npu-dos-synproxy-mode - Set NPU DoS SYNPROXY mode. type: str choices: [synack2ack, pass-synack] more...
- npu-dos-tpe-mode - Enable/disable insertion of DoS meter ID to session table. type: str choices: [disable, enable] more...
- hash-tbl-spread - Enable/disable hash table entry spread (default enabled). type: str choices: [disable, enable] more...
- tcp-timeout-profile - No description for the parameter type: array
more...
- close-wait - Set close-wait timeout(seconds) type: int more...
- fin-wait - Set fin-wait timeout(seconds) type: int more...
- id - Timeout profile ID (5-47) type: int more...
- syn-sent - Set syn-sent timeout(seconds) type: int more...
- syn-wait - Set syn-wait timeout(seconds) type: int more...
- tcp-idle - Set TCP establish timeout(seconds) type: int more...
- time-wait - Set time-wait timeout(seconds) type: int more...
- ip-reassembly type: dict
- max-timeout - Maximum timeout value for IP reassembly (5 us - 600,000,000 us). type: int more...
- min-timeout - Minimum timeout value for IP reassembly (5 us - 600,000,000 us). type: int more...
- status - Set IP reassembly processing status. type: str choices: [disable, enable] more...
- gtp-support - Enable/Disable NP7 GTP support type: str choices: [disable, enable] more...
- htx-icmp-csum-chk - Set HTX icmp csum checking mode. type: str choices: [pass, drop] more...
- hpe type: dict
- all-protocol - Maximum packet rate of each host queue except high priority traffic(1K - 32M pps, default = 400K pps), set 0 to disable. type: int more...
- arp-max - Maximum ARP packet rate (1K - 32M pps, default = 5K pps). type: int more...
- enable-shaper - Enable/Disable NPU Host Protection Engine (HPE) for packet type shaper. type: str choices: [disable, enable] more...
- esp-max - Maximum ESP packet rate (1K - 32M pps, default = 5K pps). type: int more...
- high-priority - Maximum packet rate for high priority traffic packets (1K - 32M pps, default = 400K pps). type: int more...
- icmp-max - Maximum ICMP packet rate (1K - 32M pps, default = 5K pps). type: int more...
- ip-frag-max - Maximum fragmented IP packet rate (1K - 32M pps, default = 5K pps). type: int more...
- ip-others-max - Maximum IP packet rate for other packets (packet types that cannot be set with other options) (1K - 32G pps, default = 5K pps). type: int more...
- l2-others-max - Maximum L2 packet rate for L2 packets that are not ARP packets (1K - 32M pps, default = 5K pps). type: int more...
- pri-type-max - Maximum overflow rate of priority type traffic(1K - 32M pps, default = 40K pps). type: int more...
- sctp-max - Maximum SCTP packet rate (1K - 32M pps, default = 5K pps). type: int more...
- tcp-max - Maximum TCP packet rate (1K - 32M pps, default = 40K pps). type: int more...
- tcpfin-rst-max - Maximum TCP carries FIN or RST flags packet rate (1K - 32M pps, default = 40K pps). type: int more...
- tcpsyn-ack-max - Maximum TCP carries SYN and ACK flags packet rate (1K - 32M pps, default = 40K pps). type: int more...
- tcpsyn-max - Maximum TCP SYN packet rate (1K - 40M pps, default = 32K pps). type: int more...
- udp-max - Maximum UDP packet rate (1K - 32M pps, default = 40K pps). type: int more...
- dsw-dts-profile - No description for the parameter type: array
more...
- action - Set NPU DSW DTS profile action. type: str choices: [wait, drop, drop_tmr_0, drop_tmr_1, enque, enque_0, enque_1] more...
- min-limit - Set NPU DSW DTS profile min-limt. type: int more...
- profile-id - Set NPU DSW DTS profile profile id. type: int more...
- step - Set NPU DSW DTS profile step. type: int more...
- hash-config - Configure NPU trunk hash. type: str choices: [5-tuple, src-ip, src-dst-ip] more...
- ipsec-ob-np-sel - IPsec NP selection for OB SA offloading. type: str choices: [RR, rr, Packet, Hash] more...
- napi-break-interval - NAPI break interval (default 0). type: int more...
- background-sse-scan type: dict
- scan - Enable/disable background SSE scan by driver thread(default enabled). type: str choices: [disable, enable] more...
- stats-update-interval - Stats update interval(>=5*60 seconds, default 5*60 seconds). type: int more...
- udp-keepalive-interval - UDP keepalive interval(>=90 seconds, default 90 seconds). type: int more...
- inbound-dscp-copy-port - No description for the parameter type: str more...
- session-acct-interval - Session accounting update interval (1 - 10 sec, default 5 sec). type: int more...
- htab-msg-queue - Set hash table message queue mode. type: str choices: [idle, data, dedicated] more...
- dsw-queue-dts-profile - No description for the parameter type: array
more...
- iport - Set NPU DSW DTS in port. type: str choices: [EIF0, eif0, EIF1, eif1, EIF2, eif2, EIF3, eif3, EIF4, eif4, EIF5, eif5, EIF6, eif6, EIF7, eif7, HTX0, htx0, HTX1, htx1, SSE0, sse0, SSE1, sse1, SSE2, sse2, SSE3, sse3, RLT, rlt, DFR, dfr, IPSECI, ipseci, IPSECO, ipseco, IPTI, ipti, IPTO, ipto, VEP0, vep0, VEP2, vep2, VEP4, vep4, VEP6, vep6, IVS, ivs, L2TI1, l2ti1, L2TO, l2to, L2TI0, l2ti0, PLE, ple, SPATH, spath, QTM, qtm] more...
- name - Name. type: str more...
- oport - Set NPU DSW DTS out port. type: str choices: [EIF0, eif0, EIF1, eif1, EIF2, eif2, EIF3, eif3, EIF4, eif4, EIF5, eif5, EIF6, eif6, EIF7, eif7, HRX, hrx, SSE0, sse0, SSE1, sse1, SSE2, sse2, SSE3, sse3, RLT, rlt, DFR, dfr, IPSECI, ipseci, IPSECO, ipseco, IPTI, ipti, IPTO, ipto, VEP0, vep0, VEP2, vep2, VEP4, vep4, VEP6, vep6, IVS, ivs, L2TI1, l2ti1, L2TO, l2to, L2TI0, l2ti0, PLE, ple, SYNK, sync, NSS, nss, TSK, tsk, QTM, qtm, l2tO] more...
- profile-id - Set NPU DSW DTS profile ID. type: int more...
- queue-select - Set NPU DSW DTS queue ID select (0 - reset to default). type: int more...
- hw-ha-scan-interval - HW HA periodical scan interval in seconds (0-3600, default = 120, 0 to disable). type: int more...
- ippool-overload-high - High threshold for overload ippool port reuse (100%-2000%, default = 200). type: int more...
- nat46-force-ipv4-packet-forwarding - Enable/disable mandatory IPv4 packet forwarding in nat46. type: str choices: [disable, enable] more...
- prp-port-out - No description for the parameter type: str more...
- isf-np-rx-tr-distr - Select ISF NP Rx trunk distribution (PSC) mode. type: str choices: [port-flow, round-robin, randomized] more...
- mcast-session-counting6 - Enable/disable traffic accounting for each multicast session6 through TAE counter. type: str choices: [disable, enable, session-based, tpe-based] more...
- prp-port-in - No description for the parameter type: str more...
- rps-mode - Enable/disable receive packet steering (RPS) optimization mode. type: str choices: [disable, enable] more...
- per-policy-accounting - Set per-policy accounting. type: str choices: [disable, enable] more...
- mcast-session-counting - No description for the parameter type: str choices: [disable, enable, session-based, tpe-based] more...
- inbound-dscp-copy - Enable/disable copying the DSCP field from outer IP header to inner IP Header. type: str choices: [disable, enable] more...
- ipsec-host-dfclr - Enable/disable DF clearing of NP4lite host IPsec offload. type: str choices: [disable, enable] more...
- process-icmp-by-host - Enable/disable process ICMP by host when received from IPsec tunnel and payload size < 119. type: str choices: [disable, enable] more...
- dedicated-tx-npu - Enable/disable dedication of 3rd NPU for slow path TX. type: str choices: [disable, enable] more...
- ull-port-mode - Set ULL ports speed to 10G/25G (default 10G). type: str choices: [10G, 25G] more...
- sse-ha-scan type: dict
- gap - Scanning message gap(0~32767, default 6000) type: int more...
- max-session-cnt - If the session count(in millions) is larger than this, HA scan will be skipped. type: int more...
- min-duration - Scanning filter for minimum duration of the session. type: int more...
- hash-ipv6-sel - Select which 4bytes of the IPv6 address are used for traffic hash(0~3). type: int more...
- ip-fragment-offload - Enable/disable NP7 NPU IP fragment offload. type: str choices: [disable, enable] more...
- ple-non-syn-tcp-action - Configure action for the PLE to take on TCP packets that have the SYN field unset. type: str choices: [forward, drop] more...
- npu-group-effective-scope - npu-group-effective-scope defines under which npu-group cmds such as list/purge will be excecuted. type: int more...
- prp-session-clear-mode - PRP session clear mode for excluded ip sessions. type: str choices: [blocking, non-blocking, do-not-clear] more...
- shaping-stats - Enable/disable NP7 traffic shaping statistics (default = disable). type: str choices: [disable, enable] more...
- sw-tr-hash type: dict
Notes¶
Note
- Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.
- To create or update an object, use state: present directive.
- To delete an object, use state: absent directive
- Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded
Examples¶
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: Configure NPU attributes.
fmgr_system_npu:
bypass_validation: False
workspace_locking_adom: <value in [global, custom adom including root]>
workspace_locking_timeout: 300
rc_succeeded: [0, -2, -3, ...]
rc_failed: [-2, -3, ...]
adom: <your own value>
system_npu:
capwap-offload: <value in [disable, enable]>
dedicated-management-affinity: <value of string>
dedicated-management-cpu: <value in [disable, enable]>
fastpath: <value in [disable, enable]>
fp-anomaly:
esp-minlen-err: <value in [drop, trap-to-host]>
icmp-csum-err: <value in [drop, trap-to-host]>
icmp-minlen-err: <value in [drop, trap-to-host]>
ipv4-csum-err: <value in [drop, trap-to-host]>
ipv4-ihl-err: <value in [drop, trap-to-host]>
ipv4-len-err: <value in [drop, trap-to-host]>
ipv4-opt-err: <value in [drop, trap-to-host]>
ipv4-ttlzero-err: <value in [drop, trap-to-host]>
ipv4-ver-err: <value in [drop, trap-to-host]>
ipv6-exthdr-len-err: <value in [drop, trap-to-host]>
ipv6-exthdr-order-err: <value in [drop, trap-to-host]>
ipv6-ihl-err: <value in [drop, trap-to-host]>
ipv6-plen-zero: <value in [drop, trap-to-host]>
ipv6-ver-err: <value in [drop, trap-to-host]>
tcp-csum-err: <value in [drop, trap-to-host]>
tcp-hlen-err: <value in [drop, trap-to-host]>
tcp-plen-err: <value in [drop, trap-to-host]>
udp-csum-err: <value in [drop, trap-to-host]>
udp-hlen-err: <value in [drop, trap-to-host]>
udp-len-err: <value in [drop, trap-to-host]>
udp-plen-err: <value in [drop, trap-to-host]>
udplite-cover-err: <value in [drop, trap-to-host]>
udplite-csum-err: <value in [drop, trap-to-host]>
unknproto-minlen-err: <value in [drop, trap-to-host]>
tcp-fin-only: <value in [allow, drop, trap-to-host]>
ipv4-optsecurity: <value in [allow, drop, trap-to-host]>
ipv6-optralert: <value in [allow, drop, trap-to-host]>
tcp-syn-fin: <value in [allow, drop, trap-to-host]>
ipv4-proto-err: <value in [allow, drop, trap-to-host]>
ipv6-saddr-err: <value in [allow, drop, trap-to-host]>
icmp-frag: <value in [allow, drop, trap-to-host]>
ipv4-optssrr: <value in [allow, drop, trap-to-host]>
ipv6-opthomeaddr: <value in [allow, drop, trap-to-host]>
udp-land: <value in [allow, drop, trap-to-host]>
ipv6-optinvld: <value in [allow, drop, trap-to-host]>
tcp-fin-noack: <value in [allow, drop, trap-to-host]>
ipv6-proto-err: <value in [allow, drop, trap-to-host]>
tcp-land: <value in [allow, drop, trap-to-host]>
ipv4-unknopt: <value in [allow, drop, trap-to-host]>
ipv4-optstream: <value in [allow, drop, trap-to-host]>
ipv6-optjumbo: <value in [allow, drop, trap-to-host]>
icmp-land: <value in [allow, drop, trap-to-host]>
tcp-winnuke: <value in [allow, drop, trap-to-host]>
ipv6-daddr-err: <value in [allow, drop, trap-to-host]>
ipv4-land: <value in [allow, drop, trap-to-host]>
ipv6-opttunnel: <value in [allow, drop, trap-to-host]>
tcp-no-flag: <value in [allow, drop, trap-to-host]>
ipv6-land: <value in [allow, drop, trap-to-host]>
ipv4-optlsrr: <value in [allow, drop, trap-to-host]>
ipv4-opttimestamp: <value in [allow, drop, trap-to-host]>
ipv4-optrr: <value in [allow, drop, trap-to-host]>
ipv6-optnsap: <value in [allow, drop, trap-to-host]>
ipv6-unknopt: <value in [allow, drop, trap-to-host]>
tcp-syn-data: <value in [allow, drop, trap-to-host]>
ipv6-optendpid: <value in [allow, drop, trap-to-host]>
gtpu-plen-err: <value in [drop, trap-to-host]>
vxlan-minlen-err: <value in [drop, trap-to-host]>
capwap-minlen-err: <value in [drop, trap-to-host]>
gre-csum-err: <value in [drop, trap-to-host]>
nvgre-minlen-err: <value in [drop, trap-to-host]>
sctp-l4len-err: <value in [drop, trap-to-host]>
tcp-hlenvsl4len-err: <value in [drop, trap-to-host]>
sctp-crc-err: <value in [drop, trap-to-host]>
sctp-clen-err: <value in [drop, trap-to-host]>
uesp-minlen-err: <value in [drop, trap-to-host]>
gtp-enhanced-cpu-range: <value in [0, 1, 2]>
gtp-enhanced-mode: <value in [disable, enable]>
host-shortcut-mode: <value in [bi-directional, host-shortcut]>
htx-gtse-quota: <value in [100Mbps, 200Mbps, 300Mbps, ...]>
intf-shaping-offload: <value in [disable, enable]>
iph-rsvd-re-cksum: <value in [disable, enable]>
ipsec-dec-subengine-mask: <value of string>
ipsec-enc-subengine-mask: <value of string>
ipsec-inbound-cache: <value in [disable, enable]>
ipsec-mtu-override: <value in [disable, enable]>
ipsec-over-vlink: <value in [disable, enable]>
isf-np-queues:
cos0: <value of string>
cos1: <value of string>
cos2: <value of string>
cos3: <value of string>
cos4: <value of string>
cos5: <value of string>
cos6: <value of string>
cos7: <value of string>
lag-out-port-select: <value in [disable, enable]>
mcast-session-accounting: <value in [disable, session-based, tpe-based]>
np6-cps-optimization-mode: <value in [disable, enable]>
per-session-accounting: <value in [enable, disable, enable-by-log, ...]>
port-cpu-map:
-
cpu-core: <value of string>
interface: <value of string>
port-npu-map:
-
interface: <value of string>
npu-group-index: <value of integer>
priority-protocol:
bfd: <value in [disable, enable]>
bgp: <value in [disable, enable]>
slbc: <value in [disable, enable]>
qos-mode: <value in [disable, priority, round-robin]>
rdp-offload: <value in [disable, enable]>
recover-np6-link: <value in [disable, enable]>
session-denied-offload: <value in [disable, enable]>
sse-backpressure: <value in [disable, enable]>
strip-clear-text-padding: <value in [disable, enable]>
strip-esp-padding: <value in [disable, enable]>
sw-eh-hash:
computation: <value in [xor16, xor8, xor4, ...]>
destination-ip-lower-16: <value in [include, exclude]>
destination-ip-upper-16: <value in [include, exclude]>
destination-port: <value in [include, exclude]>
ip-protocol: <value in [include, exclude]>
netmask-length: <value of integer>
source-ip-lower-16: <value in [include, exclude]>
source-ip-upper-16: <value in [include, exclude]>
source-port: <value in [include, exclude]>
sw-np-bandwidth: <value in [0G, 2G, 4G, ...]>
switch-np-hash: <value in [src-ip, dst-ip, src-dst-ip]>
uesp-offload: <value in [disable, enable]>
np-queues:
ethernet-type:
-
name: <value of string>
queue: <value of integer>
type: <value of integer>
weight: <value of integer>
ip-protocol:
-
name: <value of string>
protocol: <value of integer>
queue: <value of integer>
weight: <value of integer>
ip-service:
-
dport: <value of integer>
name: <value of string>
protocol: <value of integer>
queue: <value of integer>
sport: <value of integer>
weight: <value of integer>
profile:
-
cos0: <value in [queue0, queue1, queue2, ...]>
cos1: <value in [queue0, queue1, queue2, ...]>
cos2: <value in [queue0, queue1, queue2, ...]>
cos3: <value in [queue0, queue1, queue2, ...]>
cos4: <value in [queue0, queue1, queue2, ...]>
cos5: <value in [queue0, queue1, queue2, ...]>
cos6: <value in [queue0, queue1, queue2, ...]>
cos7: <value in [queue0, queue1, queue2, ...]>
dscp0: <value in [queue0, queue1, queue2, ...]>
dscp1: <value in [queue0, queue1, queue2, ...]>
dscp10: <value in [queue0, queue1, queue2, ...]>
dscp11: <value in [queue0, queue1, queue2, ...]>
dscp12: <value in [queue0, queue1, queue2, ...]>
dscp13: <value in [queue0, queue1, queue2, ...]>
dscp14: <value in [queue0, queue1, queue2, ...]>
dscp15: <value in [queue0, queue1, queue2, ...]>
dscp16: <value in [queue0, queue1, queue2, ...]>
dscp17: <value in [queue0, queue1, queue2, ...]>
dscp18: <value in [queue0, queue1, queue2, ...]>
dscp19: <value in [queue0, queue1, queue2, ...]>
dscp2: <value in [queue0, queue1, queue2, ...]>
dscp20: <value in [queue0, queue1, queue2, ...]>
dscp21: <value in [queue0, queue1, queue2, ...]>
dscp22: <value in [queue0, queue1, queue2, ...]>
dscp23: <value in [queue0, queue1, queue2, ...]>
dscp24: <value in [queue0, queue1, queue2, ...]>
dscp25: <value in [queue0, queue1, queue2, ...]>
dscp26: <value in [queue0, queue1, queue2, ...]>
dscp27: <value in [queue0, queue1, queue2, ...]>
dscp28: <value in [queue0, queue1, queue2, ...]>
dscp29: <value in [queue0, queue1, queue2, ...]>
dscp3: <value in [queue0, queue1, queue2, ...]>
dscp30: <value in [queue0, queue1, queue2, ...]>
dscp31: <value in [queue0, queue1, queue2, ...]>
dscp32: <value in [queue0, queue1, queue2, ...]>
dscp33: <value in [queue0, queue1, queue2, ...]>
dscp34: <value in [queue0, queue1, queue2, ...]>
dscp35: <value in [queue0, queue1, queue2, ...]>
dscp36: <value in [queue0, queue1, queue2, ...]>
dscp37: <value in [queue0, queue1, queue2, ...]>
dscp38: <value in [queue0, queue1, queue2, ...]>
dscp39: <value in [queue0, queue1, queue2, ...]>
dscp4: <value in [queue0, queue1, queue2, ...]>
dscp40: <value in [queue0, queue1, queue2, ...]>
dscp41: <value in [queue0, queue1, queue2, ...]>
dscp42: <value in [queue0, queue1, queue2, ...]>
dscp43: <value in [queue0, queue1, queue2, ...]>
dscp44: <value in [queue0, queue1, queue2, ...]>
dscp45: <value in [queue0, queue1, queue2, ...]>
dscp46: <value in [queue0, queue1, queue2, ...]>
dscp47: <value in [queue0, queue1, queue2, ...]>
dscp48: <value in [queue0, queue1, queue2, ...]>
dscp49: <value in [queue0, queue1, queue2, ...]>
dscp5: <value in [queue0, queue1, queue2, ...]>
dscp50: <value in [queue0, queue1, queue2, ...]>
dscp51: <value in [queue0, queue1, queue2, ...]>
dscp52: <value in [queue0, queue1, queue2, ...]>
dscp53: <value in [queue0, queue1, queue2, ...]>
dscp54: <value in [queue0, queue1, queue2, ...]>
dscp55: <value in [queue0, queue1, queue2, ...]>
dscp56: <value in [queue0, queue1, queue2, ...]>
dscp57: <value in [queue0, queue1, queue2, ...]>
dscp58: <value in [queue0, queue1, queue2, ...]>
dscp59: <value in [queue0, queue1, queue2, ...]>
dscp6: <value in [queue0, queue1, queue2, ...]>
dscp60: <value in [queue0, queue1, queue2, ...]>
dscp61: <value in [queue0, queue1, queue2, ...]>
dscp62: <value in [queue0, queue1, queue2, ...]>
dscp63: <value in [queue0, queue1, queue2, ...]>
dscp7: <value in [queue0, queue1, queue2, ...]>
dscp8: <value in [queue0, queue1, queue2, ...]>
dscp9: <value in [queue0, queue1, queue2, ...]>
id: <value of integer>
type: <value in [cos, dscp]>
weight: <value of integer>
scheduler:
-
mode: <value in [none, priority, round-robin]>
name: <value of string>
udp-timeout-profile:
-
id: <value of integer>
udp-idle: <value of integer>
qtm-buf-mode: <value in [6ch, 4ch]>
default-qos-type: <value in [policing, shaping, policing-enhanced]>
tcp-rst-timeout: <value of integer>
ipsec-local-uesp-port: <value of integer>
htab-dedi-queue-nr: <value of integer>
double-level-mcast-offload: <value in [disable, enable]>
dse-timeout: <value of integer>
ippool-overload-low: <value of integer>
pba-eim: <value in [disallow, allow]>
policy-offload-level: <value in [disable, dos-offload, full-offload]>
max-session-timeout: <value of integer>
port-path-option:
ports-using-npu: <value of string>
vlan-lookup-cache: <value in [disable, enable]>
dos-options:
npu-dos-meter-mode: <value in [local, global]>
npu-dos-synproxy-mode: <value in [synack2ack, pass-synack]>
npu-dos-tpe-mode: <value in [disable, enable]>
hash-tbl-spread: <value in [disable, enable]>
tcp-timeout-profile:
-
close-wait: <value of integer>
fin-wait: <value of integer>
id: <value of integer>
syn-sent: <value of integer>
syn-wait: <value of integer>
tcp-idle: <value of integer>
time-wait: <value of integer>
ip-reassembly:
max-timeout: <value of integer>
min-timeout: <value of integer>
status: <value in [disable, enable]>
gtp-support: <value in [disable, enable]>
htx-icmp-csum-chk: <value in [pass, drop]>
hpe:
all-protocol: <value of integer>
arp-max: <value of integer>
enable-shaper: <value in [disable, enable]>
esp-max: <value of integer>
high-priority: <value of integer>
icmp-max: <value of integer>
ip-frag-max: <value of integer>
ip-others-max: <value of integer>
l2-others-max: <value of integer>
pri-type-max: <value of integer>
sctp-max: <value of integer>
tcp-max: <value of integer>
tcpfin-rst-max: <value of integer>
tcpsyn-ack-max: <value of integer>
tcpsyn-max: <value of integer>
udp-max: <value of integer>
dsw-dts-profile:
-
action: <value in [wait, drop, drop_tmr_0, ...]>
min-limit: <value of integer>
profile-id: <value of integer>
step: <value of integer>
hash-config: <value in [5-tuple, src-ip, src-dst-ip]>
ipsec-ob-np-sel: <value in [RR, rr, Packet, ...]>
napi-break-interval: <value of integer>
background-sse-scan:
scan: <value in [disable, enable]>
stats-update-interval: <value of integer>
udp-keepalive-interval: <value of integer>
inbound-dscp-copy-port: <value of string>
session-acct-interval: <value of integer>
htab-msg-queue: <value in [idle, data, dedicated]>
dsw-queue-dts-profile:
-
iport: <value in [EIF0, eif0, EIF1, ...]>
name: <value of string>
oport: <value in [EIF0, eif0, EIF1, ...]>
profile-id: <value of integer>
queue-select: <value of integer>
hw-ha-scan-interval: <value of integer>
ippool-overload-high: <value of integer>
nat46-force-ipv4-packet-forwarding: <value in [disable, enable]>
prp-port-out: <value of string>
isf-np-rx-tr-distr: <value in [port-flow, round-robin, randomized]>
mcast-session-counting6: <value in [disable, enable, session-based, ...]>
prp-port-in: <value of string>
rps-mode: <value in [disable, enable]>
per-policy-accounting: <value in [disable, enable]>
mcast-session-counting: <value in [disable, enable, session-based, ...]>
inbound-dscp-copy: <value in [disable, enable]>
ipsec-host-dfclr: <value in [disable, enable]>
process-icmp-by-host: <value in [disable, enable]>
dedicated-tx-npu: <value in [disable, enable]>
ull-port-mode: <value in [10G, 25G]>
sse-ha-scan:
gap: <value of integer>
max-session-cnt: <value of integer>
min-duration: <value of integer>
hash-ipv6-sel: <value of integer>
ip-fragment-offload: <value in [disable, enable]>
ple-non-syn-tcp-action: <value in [forward, drop]>
npu-group-effective-scope: <value of integer>
prp-session-clear-mode: <value in [blocking, non-blocking, do-not-clear]>
shaping-stats: <value in [disable, enable]>
sw-tr-hash:
draco15: <value in [disable, enable]>
tcp-udp-port: <value in [include, exclude]>
Return Values¶
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- meta - The result of the request.returned: always type: dict
- request_url - The full url requested. returned: always type: str sample: /sys/login/user
- response_code - The status of api request. returned: always type: int sample: 0
- response_data - The data body of the api response. returned: optional type: list or dict
- response_message - The descriptive message of the api response. returned: always type: str sample: OK
- system_information - The information of the target system. returned: always type: dict
- rc - The status the request. returned: always type: int 0
- version_check_warning - Warning if the parameters used in the playbook are not supported by the current FortiManager version. returned: if at least on parameter mpt supported by the current FortiManager version type: list 0