fmgr_system_npu – Configure NPU attributes.
Added in version 2.1.0.
Warning
Starting in version 3.0.0, all input arguments will be named using the underscore naming convention (snake_case).
Argument name before 3.0.0:
var-name
,var name
,var.name
New argument name starting in 3.0.0:
var_name
FortiManager Ansible v2.4+ supports both previous argument name and new underscore name. You will receive deprecation warnings if you keep using the previous argument name. You can ignore the warning by setting deprecation_warnings=False in ansible.cfg.
Synopsis
This module is able to configure a FortiManager device.
Examples include all parameters and values need to be adjusted to data sources before usage.
Tested with FortiManager v7.x.
Requirements
The below requirements are needed on the host that executes this module.
ansible>=2.15.0
FortiManager Version Compatibility
Supported Version Ranges: v6.4.7 -> v6.4.15
, v7.0.1 -> latest
Parameters
- access_token -The token to access FortiManager without using username and password. type: str required: false
- bypass_validation - Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters. type: bool required: false default: False
- enable_log - Enable/Disable logging for task. type: bool required: false default: False
- forticloud_access_token - Access token of forticloud managed API users, this option is available with FortiManager later than 6.4.0. type: str required: false
- proposed_method - The overridden method for the underlying Json RPC request. type: str required: false choices: set, update, add
- rc_succeeded - The rc codes list with which the conditions to succeed will be overriden. type: list required: false
- rc_failed - The rc codes list with which the conditions to fail will be overriden. type: list required: false
- workspace_locking_adom - Acquire the workspace lock if FortiManager is running in workspace mode. type: str required: false choices: global, custom adom including root
- workspace_locking_timeout - The maximum time in seconds to wait for other users to release workspace lock. type: integer required: false default: 300
- adom - The parameter in requested url type: str required: true
- system_npu - Configure NPU attributes. type: dict
- capwap_offload (Alias name: capwap-offload) Enable/disable offloading managed fortiap and fortilink capwap sessions. type: str choices: [disable, enable] more...
- dedicated_management_affinity (Alias name: dedicated-management-affinity) Affinity setting for management deamons (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx). type: str more...
- dedicated_management_cpu (Alias name: dedicated-management-cpu) Enable to dedicate one cpu for gui and cli connections when nps are busy. type: str choices: [disable, enable] more...
- fastpath Enable/disable np6 offloading (also called fast path). type: str choices: [disable, enable] more...
- fp_anomaly (Alias name: fp-anomaly) Fp anomaly. type: dict
more...
- esp_minlen_err (Alias name: esp-minlen-err) Invalid ipv4 esp short packet anomalies. type: str choices: [drop, trap-to-host] more...
- icmp_csum_err (Alias name: icmp-csum-err) Invalid ipv4 icmp packet checksum anomalies. type: str choices: [drop, trap-to-host] more...
- icmp_minlen_err (Alias name: icmp-minlen-err) Invalid ipv4 icmp short packet anomalies. type: str choices: [drop, trap-to-host] more...
- ipv4_csum_err (Alias name: ipv4-csum-err) Invalid ipv4 packet checksum anomalies. type: str choices: [drop, trap-to-host] more...
- ipv4_ihl_err (Alias name: ipv4-ihl-err) Invalid ipv4 header length anomalies. type: str choices: [drop, trap-to-host] more...
- ipv4_len_err (Alias name: ipv4-len-err) Invalid ipv4 packet length anomalies. type: str choices: [drop, trap-to-host] more...
- ipv4_opt_err (Alias name: ipv4-opt-err) Invalid ipv4 option parsing anomalies. type: str choices: [drop, trap-to-host] more...
- ipv4_ttlzero_err (Alias name: ipv4-ttlzero-err) Invalid ipv4 ttl field zero anomalies. type: str choices: [drop, trap-to-host] more...
- ipv4_ver_err (Alias name: ipv4-ver-err) Invalid ipv4 header version anomalies. type: str choices: [drop, trap-to-host] more...
- ipv6_exthdr_len_err (Alias name: ipv6-exthdr-len-err) Invalid ipv6 packet chain extension header total length anomalies. type: str choices: [drop, trap-to-host] more...
- ipv6_exthdr_order_err (Alias name: ipv6-exthdr-order-err) Invalid ipv6 packet extension header ordering anomalies. type: str choices: [drop, trap-to-host] more...
- ipv6_ihl_err (Alias name: ipv6-ihl-err) Invalid ipv6 packet length anomalies. type: str choices: [drop, trap-to-host] more...
- ipv6_plen_zero (Alias name: ipv6-plen-zero) Invalid ipv6 packet payload length zero anomalies. type: str choices: [drop, trap-to-host] more...
- ipv6_ver_err (Alias name: ipv6-ver-err) Invalid ipv6 packet version anomalies. type: str choices: [drop, trap-to-host] more...
- tcp_csum_err (Alias name: tcp-csum-err) Invalid ipv4 tcp packet checksum anomalies. type: str choices: [drop, trap-to-host] more...
- tcp_hlen_err (Alias name: tcp-hlen-err) Invalid ipv4 tcp header length anomalies. type: str choices: [drop, trap-to-host] more...
- tcp_plen_err (Alias name: tcp-plen-err) Invalid ipv4 tcp packet length anomalies. type: str choices: [drop, trap-to-host] more...
- udp_csum_err (Alias name: udp-csum-err) Invalid ipv4 udp packet checksum anomalies. type: str choices: [drop, trap-to-host] more...
- udp_hlen_err (Alias name: udp-hlen-err) Invalid ipv4 udp packet header length anomalies. type: str choices: [drop, trap-to-host] more...
- udp_len_err (Alias name: udp-len-err) Invalid ipv4 udp packet length anomalies. type: str choices: [drop, trap-to-host] more...
- udp_plen_err (Alias name: udp-plen-err) Invalid ipv4 udp packet minimum length anomalies. type: str choices: [drop, trap-to-host] more...
- udplite_cover_err (Alias name: udplite-cover-err) Invalid ipv4 udp-lite packet coverage anomalies. type: str choices: [drop, trap-to-host] more...
- udplite_csum_err (Alias name: udplite-csum-err) Invalid ipv4 udp-lite packet checksum anomalies. type: str choices: [drop, trap-to-host] more...
- unknproto_minlen_err (Alias name: unknproto-minlen-err) Invalid ipv4 l4 unknown protocol short packet anomalies. type: str choices: [drop, trap-to-host] more...
- tcp_fin_only (Alias name: tcp-fin-only) Tcp syn flood with only fin flag set anomalies. type: str choices: [allow, drop, trap-to-host] more...
- ipv4_optsecurity (Alias name: ipv4-optsecurity) Security option anomalies. type: str choices: [allow, drop, trap-to-host] more...
- ipv6_optralert (Alias name: ipv6-optralert) Router alert option anomalies. type: str choices: [allow, drop, trap-to-host] more...
- tcp_syn_fin (Alias name: tcp-syn-fin) Tcp syn flood syn/fin flag set anomalies. type: str choices: [allow, drop, trap-to-host] more...
- ipv4_proto_err (Alias name: ipv4-proto-err) Invalid layer 4 protocol anomalies. type: str choices: [allow, drop, trap-to-host] more...
- ipv6_saddr_err (Alias name: ipv6-saddr-err) Source address as multicast anomalies. type: str choices: [allow, drop, trap-to-host] more...
- icmp_frag (Alias name: icmp-frag) Layer 3 fragmented packets that could be part of layer 4 icmp anomalies. type: str choices: [allow, drop, trap-to-host] more...
- ipv4_optssrr (Alias name: ipv4-optssrr) Strict source record route option anomalies. type: str choices: [allow, drop, trap-to-host] more...
- ipv6_opthomeaddr (Alias name: ipv6-opthomeaddr) Home address option anomalies. type: str choices: [allow, drop, trap-to-host] more...
- udp_land (Alias name: udp-land) Udp land anomalies. type: str choices: [allow, drop, trap-to-host] more...
- ipv6_optinvld (Alias name: ipv6-optinvld) Invalid option anomalies. type: str choices: [allow, drop, trap-to-host] more...
- tcp_fin_noack (Alias name: tcp-fin-noack) Tcp syn flood with fin flag set without ack setting anomalies. type: str choices: [allow, drop, trap-to-host] more...
- ipv6_proto_err (Alias name: ipv6-proto-err) Layer 4 invalid protocol anomalies. type: str choices: [allow, drop, trap-to-host] more...
- tcp_land (Alias name: tcp-land) Tcp land anomalies. type: str choices: [allow, drop, trap-to-host] more...
- ipv4_unknopt (Alias name: ipv4-unknopt) Unknown option anomalies. type: str choices: [allow, drop, trap-to-host] more...
- ipv4_optstream (Alias name: ipv4-optstream) Stream option anomalies. type: str choices: [allow, drop, trap-to-host] more...
- ipv6_optjumbo (Alias name: ipv6-optjumbo) Jumbo options anomalies. type: str choices: [allow, drop, trap-to-host] more...
- icmp_land (Alias name: icmp-land) Icmp land anomalies. type: str choices: [allow, drop, trap-to-host] more...
- tcp_winnuke (Alias name: tcp-winnuke) Tcp winnuke anomalies. type: str choices: [allow, drop, trap-to-host] more...
- ipv6_daddr_err (Alias name: ipv6-daddr-err) Destination address as unspecified or loopback address anomalies. type: str choices: [allow, drop, trap-to-host] more...
- ipv4_land (Alias name: ipv4-land) Land anomalies. type: str choices: [allow, drop, trap-to-host] more...
- ipv6_opttunnel (Alias name: ipv6-opttunnel) Tunnel encapsulation limit option anomalies. type: str choices: [allow, drop, trap-to-host] more...
- tcp_no_flag (Alias name: tcp-no-flag) Tcp syn flood with no flag set anomalies. type: str choices: [allow, drop, trap-to-host] more...
- ipv6_land (Alias name: ipv6-land) Land anomalies. type: str choices: [allow, drop, trap-to-host] more...
- ipv4_optlsrr (Alias name: ipv4-optlsrr) Loose source record route option anomalies. type: str choices: [allow, drop, trap-to-host] more...
- ipv4_opttimestamp (Alias name: ipv4-opttimestamp) Timestamp option anomalies. type: str choices: [allow, drop, trap-to-host] more...
- ipv4_optrr (Alias name: ipv4-optrr) Record route option anomalies. type: str choices: [allow, drop, trap-to-host] more...
- ipv6_optnsap (Alias name: ipv6-optnsap) Network service access point address option anomalies. type: str choices: [allow, drop, trap-to-host] more...
- ipv6_unknopt (Alias name: ipv6-unknopt) Unknown option anomalies. type: str choices: [allow, drop, trap-to-host] more...
- tcp_syn_data (Alias name: tcp-syn-data) Tcp syn flood packets with data anomalies. type: str choices: [allow, drop, trap-to-host] more...
- ipv6_optendpid (Alias name: ipv6-optendpid) End point identification anomalies. type: str choices: [allow, drop, trap-to-host] more...
- gtpu_plen_err (Alias name: gtpu-plen-err) Gtpu plen err. type: str choices: [drop, trap-to-host] more...
- vxlan_minlen_err (Alias name: vxlan-minlen-err) Vxlan minlen err. type: str choices: [drop, trap-to-host] more...
- capwap_minlen_err (Alias name: capwap-minlen-err) Capwap minlen err. type: str choices: [drop, trap-to-host] more...
- gre_csum_err (Alias name: gre-csum-err) Gre csum err. type: str choices: [drop, trap-to-host] more...
- nvgre_minlen_err (Alias name: nvgre-minlen-err) Nvgre minlen err. type: str choices: [drop, trap-to-host] more...
- sctp_l4len_err (Alias name: sctp-l4len-err) Sctp l4len err. type: str choices: [drop, trap-to-host] more...
- tcp_hlenvsl4len_err (Alias name: tcp-hlenvsl4len-err) Tcp hlenvsl4len err. type: str choices: [drop, trap-to-host] more...
- sctp_crc_err (Alias name: sctp-crc-err) Sctp crc err. type: str choices: [drop, trap-to-host] more...
- sctp_clen_err (Alias name: sctp-clen-err) Sctp clen err. type: str choices: [drop, trap-to-host] more...
- uesp_minlen_err (Alias name: uesp-minlen-err) Uesp minlen err. type: str choices: [drop, trap-to-host] more...
- sctp_csum_err (Alias name: sctp-csum-err) Invalid ipv4 sctp checksum anomalies. type: str choices: [allow, drop, trap-to-host] more...
- gtp_enhanced_cpu_range (Alias name: gtp-enhanced-cpu-range) Gtp enhanced cpu range option. type: str choices: [0, 1, 2] more...
- gtp_enhanced_mode (Alias name: gtp-enhanced-mode) Enable/disable gtp enhanced mode. type: str choices: [disable, enable] more...
- host_shortcut_mode (Alias name: host-shortcut-mode) Set np6 host shortcut mode. type: str choices: [bi-directional, host-shortcut] more...
- htx_gtse_quota (Alias name: htx-gtse-quota) Configure htx gtse quota. type: str choices: [100Mbps, 200Mbps, 300Mbps, 400Mbps, 500Mbps, 600Mbps, 700Mbps, 800Mbps, 900Mbps, 1Gbps, 2Gbps, 4Gbps, 8Gbps, 10Gbps] more...
- intf_shaping_offload (Alias name: intf-shaping-offload) Enable/disable npu offload when doing interface-based traffic shaping according to the egress-shaping-profile. type: str choices: [disable, enable] more...
- iph_rsvd_re_cksum (Alias name: iph-rsvd-re-cksum) Enable/disable ip checksum re-calculation for packets with iph. type: str choices: [disable, enable] more...
- ipsec_dec_subengine_mask (Alias name: ipsec-dec-subengine-mask) Ipsec decryption subengine mask (0x1 - 0xff, default 0xff). type: str more...
- ipsec_enc_subengine_mask (Alias name: ipsec-enc-subengine-mask) Ipsec encryption subengine mask (0x1 - 0xff, default 0xff). type: str more...
- ipsec_inbound_cache (Alias name: ipsec-inbound-cache) Enable/disable ipsec inbound cache for anti-replay. type: str choices: [disable, enable] more...
- ipsec_mtu_override (Alias name: ipsec-mtu-override) Enable/disable np6 ipsec mtu override. type: str choices: [disable, enable] more...
- ipsec_over_vlink (Alias name: ipsec-over-vlink) Enable/disable ipsec over vlink. type: str choices: [disable, enable] more...
- isf_np_queues (Alias name: isf-np-queues) Isf np queues. type: dict
more...
- cos0 Cos profile name for cos 0. type: str more...
- cos1 Cos profile name for cos 1. type: str more...
- cos2 Cos profile name for cos 2. type: str more...
- cos3 Cos profile name for cos 3. type: str more...
- cos4 Cos profile name for cos 4. type: str more...
- cos5 Cos profile name for cos 5. type: str more...
- cos6 Cos profile name for cos 6. type: str more...
- cos7 Cos profile name for cos 7. type: str more...
- lag_out_port_select (Alias name: lag-out-port-select) Enable/disable lag outgoing port selection based on incoming traffic port. type: str choices: [disable, enable] more...
- mcast_session_accounting (Alias name: mcast-session-accounting) Enable/disable traffic accounting for each multicast session through tae counter. type: str choices: [disable, session-based, tpe-based] more...
- np6_cps_optimization_mode (Alias name: np6-cps-optimization-mode) Enable/disable np6 connection per second (cps) optimization mode. type: str choices: [disable, enable] more...
- per_session_accounting (Alias name: per-session-accounting) Enable/disable per-session accounting. type: str choices: [enable, disable, enable-by-log, all-enable, traffic-log-only] more...
- port_cpu_map (Alias name: port-cpu-map) Port cpu map. type: list more...
- port_npu_map (Alias name: port-npu-map) Port npu map. type: list more...
- priority_protocol (Alias name: priority-protocol) Priority protocol. type: dict more...
- qos_mode (Alias name: qos-mode) Qos mode on switch and np. type: str choices: [disable, priority, round-robin] more...
- rdp_offload (Alias name: rdp-offload) Enable/disable rdp offload. type: str choices: [disable, enable] more...
- recover_np6_link (Alias name: recover-np6-link) Enable/disable internal link failure check and recovery after boot up. type: str choices: [disable, enable] more...
- session_denied_offload (Alias name: session-denied-offload) Enable/disable offloading of denied sessions. type: str choices: [disable, enable] more...
- sse_backpressure (Alias name: sse-backpressure) Enable/disable sse backpressure. type: str choices: [disable, enable] more...
- strip_clear_text_padding (Alias name: strip-clear-text-padding) Enable/disable stripping clear text padding. type: str choices: [disable, enable] more...
- strip_esp_padding (Alias name: strip-esp-padding) Enable/disable stripping esp padding. type: str choices: [disable, enable] more...
- sw_eh_hash (Alias name: sw-eh-hash) Sw eh hash. type: dict
more...
- computation Set hashing computation. type: str choices: [xor16, xor8, xor4, crc16] more...
- destination_ip_lower_16 (Alias name: destination-ip-lower-16) Include/exclude destination ip address lower 16 bits. type: str choices: [include, exclude] more...
- destination_ip_upper_16 (Alias name: destination-ip-upper-16) Include/exclude destination ip address upper 16 bits. type: str choices: [include, exclude] more...
- destination_port (Alias name: destination-port) Include/exclude destination port if tcp/udp. type: str choices: [include, exclude] more...
- ip_protocol (Alias name: ip-protocol) Include/exclude ip protocol. type: str choices: [include, exclude] more...
- netmask_length (Alias name: netmask-length) Network mask length. type: int more...
- source_ip_lower_16 (Alias name: source-ip-lower-16) Include/exclude source ip address lower 16 bits. type: str choices: [include, exclude] more...
- source_ip_upper_16 (Alias name: source-ip-upper-16) Include/exclude source ip address upper 16 bits. type: str choices: [include, exclude] more...
- source_port (Alias name: source-port) Include/exclude source port if tcp/udp. type: str choices: [include, exclude] more...
- sw_np_bandwidth (Alias name: sw-np-bandwidth) Bandwidth from switch to np. type: str choices: [0G, 2G, 4G, 5G, 6G, 7G, 8G, 9G] more...
- switch_np_hash (Alias name: switch-np-hash) Switch-np trunk port selection criteria. type: str choices: [src-ip, dst-ip, src-dst-ip] more...
- uesp_offload (Alias name: uesp-offload) Enable/disable udp-encapsulated esp offload (default = disable). type: str choices: [disable, enable] more...
- np_queues (Alias name: np-queues) Np queues. type: dict
more...
- ethernet_type (Alias name: ethernet-type) Ethernet type. type: list more...
- ip_protocol (Alias name: ip-protocol) Ip protocol. type: list more...
- ip_service (Alias name: ip-service) Ip service. type: list more...
- profile Profile. type: list
more...
- cos0 Queue number of cos 0. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- cos1 Queue number of cos 1. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- cos2 Queue number of cos 2. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- cos3 Queue number of cos 3. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- cos4 Queue number of cos 4. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- cos5 Queue number of cos 5. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- cos6 Queue number of cos 6. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- cos7 Queue number of cos 7. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp0 Queue number of dscp 0. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp1 Queue number of dscp 1. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp10 Queue number of dscp 10. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp11 Queue number of dscp 11. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp12 Queue number of dscp 12. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp13 Queue number of dscp 13. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp14 Queue number of dscp 14. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp15 Queue number of dscp 15. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp16 Queue number of dscp 16. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp17 Queue number of dscp 17. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp18 Queue number of dscp 18. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp19 Queue number of dscp 19. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp2 Queue number of dscp 2. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp20 Queue number of dscp 20. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp21 Queue number of dscp 21. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp22 Queue number of dscp 22. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp23 Queue number of dscp 23. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp24 Queue number of dscp 24. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp25 Queue number of dscp 25. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp26 Queue number of dscp 26. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp27 Queue number of dscp 27. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp28 Queue number of dscp 28. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp29 Queue number of dscp 29. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp3 Queue number of dscp 3. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp30 Queue number of dscp 30. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp31 Queue number of dscp 31. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp32 Queue number of dscp 32. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp33 Queue number of dscp 33. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp34 Queue number of dscp 34. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp35 Queue number of dscp 35. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp36 Queue number of dscp 36. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp37 Queue number of dscp 37. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp38 Queue number of dscp 38. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp39 Queue number of dscp 39. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp4 Queue number of dscp 4. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp40 Queue number of dscp 40. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp41 Queue number of dscp 41. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp42 Queue number of dscp 42. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp43 Queue number of dscp 43. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp44 Queue number of dscp 44. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp45 Queue number of dscp 45. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp46 Queue number of dscp 46. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp47 Queue number of dscp 47. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp48 Queue number of dscp 48. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp49 Queue number of dscp 49. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp5 Queue number of dscp 5. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp50 Queue number of dscp 50. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp51 Queue number of dscp 51. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp52 Queue number of dscp 52. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp53 Queue number of dscp 53. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp54 Queue number of dscp 54. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp55 Queue number of dscp 55. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp56 Queue number of dscp 56. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp57 Queue number of dscp 57. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp58 Queue number of dscp 58. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp59 Queue number of dscp 59. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp6 Queue number of dscp 6. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp60 Queue number of dscp 60. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp61 Queue number of dscp 61. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp62 Queue number of dscp 62. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp63 Queue number of dscp 63. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp7 Queue number of dscp 7. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp8 Queue number of dscp 8. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- dscp9 Queue number of dscp 9. type: str choices: [queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7] more...
- id Profile id. type: int more...
- type Profile type. type: str choices: [cos, dscp] more...
- weight Class weight. type: int more...
- scheduler Scheduler. type: list more...
- udp_timeout_profile (Alias name: udp-timeout-profile) Udp timeout profile. type: list more...
- qtm_buf_mode (Alias name: qtm-buf-mode) Qtm channel configuration for packet buffer. type: str choices: [6ch, 4ch] more...
- default_qos_type (Alias name: default-qos-type) Set default qos type. type: str choices: [policing, shaping, policing-enhanced] more...
- tcp_rst_timeout (Alias name: tcp-rst-timeout) Tcp rst timeout in seconds (0-3600, default = 5). type: int more...
- ipsec_local_uesp_port (Alias name: ipsec-local-uesp-port) Ipsec local uesp port. type: int more...
- htab_dedi_queue_nr (Alias name: htab-dedi-queue-nr) Set the number of dedicate queue for hash table messages. type: int more...
- double_level_mcast_offload (Alias name: double-level-mcast-offload) Enable double level mcast offload. type: str choices: [disable, enable] more...
- dse_timeout (Alias name: dse-timeout) Dse timeout in seconds (0-3600, default = 10). type: int more...
- ippool_overload_low (Alias name: ippool-overload-low) Low threshold for overload ippool port reuse (100%-2000%, default = 150). type: int more...
- pba_eim (Alias name: pba-eim) Configure option for pba(non-overload)/eim combination. type: str choices: [disallow, allow] more...
- policy_offload_level (Alias name: policy-offload-level) Configure firewall policy offload level (disable, default, dos-offload, full-offload). type: str choices: [disable, dos-offload, full-offload] more...
- max_session_timeout (Alias name: max-session-timeout) Maximum time interval for refreshing npu-offloaded sessions (10 - 1000 sec, default 40 sec). type: int more...
- port_path_option (Alias name: port-path-option) Port path option. type: dict
more...
- ports_using_npu (Alias name: ports-using-npu) Set ha/aux ports to handle traffic with npu (otherise traffic goes to intel-nic and then cpu). type: list more...
- vlan_lookup_cache (Alias name: vlan-lookup-cache) Enable/disable vlan lookup cache (default enabled). type: str choices: [disable, enable] more...
- dos_options (Alias name: dos-options) Dos options. type: dict
more...
- npu_dos_meter_mode (Alias name: npu-dos-meter-mode) Set dos meter npu offloading mode. type: str choices: [local, global] more...
- npu_dos_synproxy_mode (Alias name: npu-dos-synproxy-mode) Set npu dos synproxy mode. type: str choices: [synack2ack, pass-synack] more...
- npu_dos_tpe_mode (Alias name: npu-dos-tpe-mode) Enable/disable insertion of dos meter id to session table. type: str choices: [disable, enable] more...
- hash_tbl_spread (Alias name: hash-tbl-spread) Enable/disable hash table entry spread (default enabled). type: str choices: [disable, enable] more...
- tcp_timeout_profile (Alias name: tcp-timeout-profile) Tcp timeout profile. type: list
more...
- close_wait (Alias name: close-wait) Set close-wait timeout(seconds) type: int more...
- fin_wait (Alias name: fin-wait) Set fin-wait timeout(seconds) type: int more...
- id Timeout profile id (5-47) type: int more...
- syn_sent (Alias name: syn-sent) Set syn-sent timeout(seconds) type: int more...
- syn_wait (Alias name: syn-wait) Set syn-wait timeout(seconds) type: int more...
- tcp_idle (Alias name: tcp-idle) Set tcp establish timeout(seconds) type: int more...
- time_wait (Alias name: time-wait) Set time-wait timeout(seconds) type: int more...
- ip_reassembly (Alias name: ip-reassembly) Ip reassembly. type: dict
more...
- max_timeout (Alias name: max-timeout) Maximum timeout value for ip reassembly (5 us - 600,000,000 us). type: int more...
- min_timeout (Alias name: min-timeout) Minimum timeout value for ip reassembly (5 us - 600,000,000 us). type: int more...
- status Set ip reassembly processing status. type: str choices: [disable, enable] more...
- gtp_support (Alias name: gtp-support) Enable/disable np7 gtp support type: str choices: [disable, enable] more...
- htx_icmp_csum_chk (Alias name: htx-icmp-csum-chk) Set htx icmp csum checking mode. type: str choices: [pass, drop] more...
- hpe Hpe. type: dict
more...
- all_protocol (Alias name: all-protocol) Maximum packet rate of each host queue except high priority traffic(1k - 32m pps, default = 400k pps), set 0 to disable. type: int more...
- arp_max (Alias name: arp-max) Maximum arp packet rate (1k - 32m pps, default = 5k pps). type: int more...
- enable_shaper (Alias name: enable-shaper) Enable/disable npu host protection engine (hpe) for packet type shaper. type: str choices: [disable, enable] more...
- esp_max (Alias name: esp-max) Maximum esp packet rate (1k - 32m pps, default = 5k pps). type: int more...
- high_priority (Alias name: high-priority) Maximum packet rate for high priority traffic packets (1k - 32m pps, default = 400k pps). type: int more...
- icmp_max (Alias name: icmp-max) Maximum icmp packet rate (1k - 32m pps, default = 5k pps). type: int more...
- ip_frag_max (Alias name: ip-frag-max) Maximum fragmented ip packet rate (1k - 32m pps, default = 5k pps). type: int more...
- ip_others_max (Alias name: ip-others-max) Maximum ip packet rate for other packets (packet types that cannot be set with other options) (1k - 32g pps, default = 5k pps). type: int more...
- l2_others_max (Alias name: l2-others-max) Maximum l2 packet rate for l2 packets that are not arp packets (1k - 32m pps, default = 5k pps). type: int more...
- pri_type_max (Alias name: pri-type-max) Maximum overflow rate of priority type traffic(1k - 32m pps, default = 40k pps). type: int more...
- sctp_max (Alias name: sctp-max) Maximum sctp packet rate (1k - 32m pps, default = 5k pps). type: int more...
- tcp_max (Alias name: tcp-max) Maximum tcp packet rate (1k - 32m pps, default = 40k pps). type: int more...
- tcpfin_rst_max (Alias name: tcpfin-rst-max) Maximum tcp carries fin or rst flags packet rate (1k - 32m pps, default = 40k pps). type: int more...
- tcpsyn_ack_max (Alias name: tcpsyn-ack-max) Maximum tcp carries syn and ack flags packet rate (1k - 32m pps, default = 40k pps). type: int more...
- tcpsyn_max (Alias name: tcpsyn-max) Maximum tcp syn packet rate (1k - 40m pps, default = 32k pps). type: int more...
- udp_max (Alias name: udp-max) Maximum udp packet rate (1k - 32m pps, default = 40k pps). type: int more...
- enable_queue_shaper (Alias name: enable-queue-shaper) Enable/disable npu host protection engine (hpe) queue shaper. type: str choices: [disable, enable] more...
- exception_code (Alias name: exception-code) Maximum exception code rate of traffic(1k - 32m pps, default = 1m pps). type: int more...
- fragment_with_sess (Alias name: fragment-with-sess) Maximum fragment with session rate of traffic(1k - 32m pps, default = 1m pps). type: int more...
- fragment_without_session (Alias name: fragment-without-session) Maximum fragment without session rate of traffic(1k - 32m pps, default = 1m pps). type: int more...
- queue_shaper_max (Alias name: queue-shaper-max) Maximum per queue byte rate of traffic(1k - 32m pps, default = 1m pps). type: int more...
- dsw_dts_profile (Alias name: dsw-dts-profile) Dsw dts profile. type: list
more...
- action Set npu dsw dts profile action. type: str choices: [wait, drop, drop_tmr_0, drop_tmr_1, enque, enque_0, enque_1] more...
- min_limit (Alias name: min-limit) Set npu dsw dts profile min-limt. type: int more...
- profile_id (Alias name: profile-id) Set npu dsw dts profile profile id. type: int more...
- step Set npu dsw dts profile step. type: int more...
- hash_config (Alias name: hash-config) Configure npu trunk hash. type: str choices: [5-tuple, src-ip, src-dst-ip] more...
- ipsec_ob_np_sel (Alias name: ipsec-ob-np-sel) Ipsec np selection for ob sa offloading. type: str choices: [RR, rr, Packet, Hash] more...
- napi_break_interval (Alias name: napi-break-interval) Napi break interval (default 0). type: int more...
- background_sse_scan (Alias name: background-sse-scan) Background sse scan. type: dict
more...
- scan Enable/disable background sse scan by driver thread(default enabled). type: str choices: [disable, enable] more...
- stats_update_interval (Alias name: stats-update-interval) Stats update interval(>=5*60 seconds, default 5*60 seconds). type: int more...
- udp_keepalive_interval (Alias name: udp-keepalive-interval) Udp keepalive interval(>=90 seconds, default 90 seconds). type: int more...
- scan_stale (Alias name: scan-stale) Configure scanning of active or stale sessions (default = 0 = active sessions). type: int more...
- scan_vt (Alias name: scan-vt) Select version/type to scan: bit-0: 44; bit-1: 46; bit-2: 64; bit-3: 66 (default = 0xf). type: int more...
- stats_qual_access (Alias name: stats-qual-access) Statistics update access qualification in seconds (0 - int_max, default = 180). type: int more...
- stats_qual_duration (Alias name: stats-qual-duration) Statistics update duration qualification in seconds (0 - int_max, default = 300). type: int more...
- udp_qual_access (Alias name: udp-qual-access) Udp keepalive access qualification in seconds (0 - int_max, default = 30). type: int more...
- udp_qual_duration (Alias name: udp-qual-duration) Udp keepalive duration qualification in seconds (0 - int_max, default = 90). type: int more...
- inbound_dscp_copy_port (Alias name: inbound-dscp-copy-port) Physical interfaces that support inbound-dscp-copy. type: list more...
- session_acct_interval (Alias name: session-acct-interval) Session accounting update interval (1 - 10 sec, default 5 sec). type: int more...
- htab_msg_queue (Alias name: htab-msg-queue) Set hash table message queue mode. type: str choices: [idle, data, dedicated] more...
- dsw_queue_dts_profile (Alias name: dsw-queue-dts-profile) Dsw queue dts profile. type: list
more...
- iport Set npu dsw dts in port. type: str choices: [EIF0, eif0, EIF1, eif1, EIF2, eif2, EIF3, eif3, EIF4, eif4, EIF5, eif5, EIF6, eif6, EIF7, eif7, HTX0, htx0, HTX1, htx1, SSE0, sse0, SSE1, sse1, SSE2, sse2, SSE3, sse3, RLT, rlt, DFR, dfr, IPSECI, ipseci, IPSECO, ipseco, IPTI, ipti, IPTO, ipto, VEP0, vep0, VEP2, vep2, VEP4, vep4, VEP6, vep6, IVS, ivs, L2TI1, l2ti1, L2TO, l2to, L2TI0, l2ti0, PLE, ple, SPATH, spath, QTM, qtm] more...
- name Name. type: str more...
- oport Set npu dsw dts out port. type: str choices: [EIF0, eif0, EIF1, eif1, EIF2, eif2, EIF3, eif3, EIF4, eif4, EIF5, eif5, EIF6, eif6, EIF7, eif7, HRX, hrx, SSE0, sse0, SSE1, sse1, SSE2, sse2, SSE3, sse3, RLT, rlt, DFR, dfr, IPSECI, ipseci, IPSECO, ipseco, IPTI, ipti, IPTO, ipto, VEP0, vep0, VEP2, vep2, VEP4, vep4, VEP6, vep6, IVS, ivs, L2TI1, l2ti1, L2TO, l2to, L2TI0, l2ti0, PLE, ple, SYNK, sync, NSS, nss, TSK, tsk, QTM, qtm, l2tO] more...
- profile_id (Alias name: profile-id) Set npu dsw dts profile id. type: int more...
- queue_select (Alias name: queue-select) Set npu dsw dts queue id select (0 - reset to default). type: int more...
- hw_ha_scan_interval (Alias name: hw-ha-scan-interval) Hw ha periodical scan interval in seconds (0-3600, default = 120, 0 to disable). type: int more...
- ippool_overload_high (Alias name: ippool-overload-high) High threshold for overload ippool port reuse (100%-2000%, default = 200). type: int more...
- nat46_force_ipv4_packet_forwarding (Alias name: nat46-force-ipv4-packet-forwarding) Enable/disable mandatory ipv4 packet forwarding in nat46. type: str choices: [disable, enable] more...
- prp_port_out (Alias name: prp-port-out) Egress port configured to allow the prp trailer not be stripped off when the prp packets go out. type: list or str more...
- isf_np_rx_tr_distr (Alias name: isf-np-rx-tr-distr) Select isf np rx trunk distribution (psc) mode. type: str choices: [port-flow, round-robin, randomized] more...
- mcast_session_counting6 (Alias name: mcast-session-counting6) Enable/disable traffic accounting for each multicast session6 through tae counter. type: str choices: [disable, enable, session-based, tpe-based] more...
- prp_port_in (Alias name: prp-port-in) Ingress port configured to allow the prp trailer not be stripped off when the prp packets come in. type: list or str more...
- rps_mode (Alias name: rps-mode) Enable/disable receive packet steering (rps) optimization mode. type: str choices: [disable, enable] more...
- per_policy_accounting (Alias name: per-policy-accounting) Set per-policy accounting. type: str choices: [disable, enable] more...
- mcast_session_counting (Alias name: mcast-session-counting) Mcast session counting. type: str choices: [disable, enable, session-based, tpe-based] more...
- inbound_dscp_copy (Alias name: inbound-dscp-copy) Enable/disable copying the dscp field from outer ip header to inner ip header. type: str choices: [disable, enable] more...
- ipsec_host_dfclr (Alias name: ipsec-host-dfclr) Enable/disable df clearing of np4lite host ipsec offload. type: str choices: [disable, enable] more...
- process_icmp_by_host (Alias name: process-icmp-by-host) Enable/disable process icmp by host when received from ipsec tunnel and payload size < 119. type: str choices: [disable, enable] more...
- dedicated_tx_npu (Alias name: dedicated-tx-npu) Enable/disable dedication of 3rd npu for slow path tx. type: str choices: [disable, enable] more...
- ull_port_mode (Alias name: ull-port-mode) Set ull ports speed to 10g/25g (default 10g). type: str choices: [10G, 25G] more...
- sse_ha_scan (Alias name: sse-ha-scan) Sse ha scan. type: dict
more...
- gap Scanning message gap(0~32767, default 6000) type: int more...
- max_session_cnt (Alias name: max-session-cnt) If the session count(in millions) is larger than this, ha scan will be skipped. type: int more...
- min_duration (Alias name: min-duration) Scanning filter for minimum duration of the session. type: int more...
- hash_ipv6_sel (Alias name: hash-ipv6-sel) Select which 4bytes of the ipv6 address are used for traffic hash(0~3). type: int more...
- ip_fragment_offload (Alias name: ip-fragment-offload) Enable/disable np7 npu ip fragment offload. type: str choices: [disable, enable] more...
- ple_non_syn_tcp_action (Alias name: ple-non-syn-tcp-action) Configure action for the ple to take on tcp packets that have the syn field unset. type: str choices: [forward, drop] more...
- npu_group_effective_scope (Alias name: npu-group-effective-scope) Npu-group-effective-scope defines under which npu-group cmds such as list/purge will be excecuted. type: int more...
- ipsec_STS_timeout (Alias name: ipsec-STS-timeout) Set np7lite ipsec sts msg timeout. type: str choices: [1, 2, 3, 4, 5, 6, 7, 8, 9, 10] more...
- ipsec_throughput_msg_frequency (Alias name: ipsec-throughput-msg-frequency) Set np7lite ipsec throughput msg frequency: 0--disable 1--32kb 3--64kb . type: str choices: [disable, 32KB, 64KB, 128KB, 256KB, 512KB, 1MB, 2MB, 4MB, 8MB, 16MB, 32MB, 64MB, 128MB, 256MB, 512MB, 1GB] more...
- ipt_STS_timeout (Alias name: ipt-STS-timeout) Set np7lite ipt sts msg timeout. type: str choices: [1, 2, 3, 4, 5, 6, 7, 8, 9, 10] more...
- ipt_throughput_msg_frequency (Alias name: ipt-throughput-msg-frequency) Set np7lite ipt throughput msg frequency: 0--disable 1--32kb 3--64kb . type: str choices: [disable, 32KB, 64KB, 128KB, 256KB, 512KB, 1MB, 2MB, 4MB, 8MB, 16MB, 32MB, 64MB, 128MB, 256MB, 512MB, 1GB] more...
- default_tcp_refresh_dir (Alias name: default-tcp-refresh-dir) Default sse timeout tcp refresh direction. type: str choices: [both, outgoing, incoming] more...
- default_udp_refresh_dir (Alias name: default-udp-refresh-dir) Default sse timeout udp refresh direction. type: str choices: [both, outgoing, incoming] more...
- nss_threads_option (Alias name: nss-threads-option) Configure thread options for the np7s nss module. type: str choices: [4t-eif, 4t-noeif, 2t] more...
- prp_session_clear_mode (Alias name: prp-session-clear-mode) Prp session clear mode for excluded ip sessions. type: str choices: [blocking, non-blocking, do-not-clear] more...
- shaping_stats (Alias name: shaping-stats) Enable/disable np7 traffic shaping statistics (default = disable). type: str choices: [disable, enable] more...
- sw_tr_hash (Alias name: sw-tr-hash) Sw tr hash. type: dict more...
- pba_port_select_mode (Alias name: pba-port-select-mode) Port selection mode for pba ip pool. type: str choices: [random, direct] more...
- spa_port_select_mode (Alias name: spa-port-select-mode) Port selection mode for spa ip pool. type: str choices: [random, direct] more...
- split_ipsec_engines (Alias name: split-ipsec-engines) Enable/disable split ipsec engines. type: str choices: [disable, enable] more...
- tunnel_over_vlink (Alias name: tunnel-over-vlink) Enable/disable selection of which np6 chip the tunnel uses (default = enable). type: str choices: [disable, enable] more...
- max_receive_unit (Alias name: max-receive-unit) Set the maximum packet size for receive, larger packets will be silently dropped. type: int more...
- npu_tcam (Alias name: npu-tcam) Npu tcam. type: list
more...
- data Data. type: dict
more...
- df Tcam data ip flag df. type: str choices: [disable, enable] more...
- dstip Tcam data dst ipv4 address. type: str more...
- dstipv6 Tcam data dst ipv6 address. type: str more...
- dstmac Tcam data dst macaddr. type: str more...
- dstport Tcam data l4 dst port. type: int more...
- ethertype Tcam data ethertype. type: str more...
- ext_tag (Alias name: ext-tag) Tcam data extension tag. type: str choices: [disable, enable] more...
- frag_off (Alias name: frag-off) Tcam data ip flag fragment offset. type: int more...
- gen_buf_cnt (Alias name: gen-buf-cnt) Tcam data gen info buffer count. type: int more...
- gen_iv (Alias name: gen-iv) Tcam data gen info iv. type: str choices: [invalid, valid] more...
- gen_l3_flags (Alias name: gen-l3-flags) Tcam data gen info l3 flags. type: int more...
- gen_l4_flags (Alias name: gen-l4-flags) Tcam data gen info l4 flags. type: int more...
- gen_pkt_ctrl (Alias name: gen-pkt-ctrl) Tcam data gen info packet control. type: int more...
- gen_pri (Alias name: gen-pri) Tcam data gen info priority. type: int more...
- gen_pri_v (Alias name: gen-pri-v) Tcam data gen info priority valid. type: str choices: [invalid, valid] more...
- gen_tv (Alias name: gen-tv) Tcam data gen info tv. type: str choices: [invalid, valid] more...
- ihl Tcam data ipv4 ihl. type: int more...
- ip4_id (Alias name: ip4-id) Tcam data ipv4 id. type: int more...
- ip6_fl (Alias name: ip6-fl) Tcam data ipv6 flow label. type: int more...
- ipver Tcam data ip header version. type: int more...
- l4_wd10 (Alias name: l4-wd10) Tcam data l4 word10. type: int more...
- l4_wd11 (Alias name: l4-wd11) Tcam data l4 word11. type: int more...
- l4_wd8 (Alias name: l4-wd8) Tcam data l4 word8. type: int more...
- l4_wd9 (Alias name: l4-wd9) Tcam data l4 word9. type: int more...
- mf Tcam data ip flag mf. type: str choices: [disable, enable] more...
- protocol Tcam data ip protocol. type: int more...
- slink Tcam data sublink. type: int more...
- smac_change (Alias name: smac-change) Tcam data source mac change. type: str choices: [disable, enable] more...
- sp Tcam data source port. type: int more...
- src_cfi (Alias name: src-cfi) Tcam data source cfi. type: str choices: [disable, enable] more...
- src_prio (Alias name: src-prio) Tcam data source priority. type: int more...
- src_updt (Alias name: src-updt) Tcam data source update. type: str choices: [disable, enable] more...
- srcip Tcam data src ipv4 address. type: str more...
- srcipv6 Tcam data src ipv6 address. type: str more...
- srcmac Tcam data src macaddr. type: str more...
- srcport Tcam data l4 src port. type: int more...
- svid Tcam data source vid. type: int more...
- tcp_ack (Alias name: tcp-ack) Tcam data tcp flag ack. type: str choices: [disable, enable] more...
- tcp_cwr (Alias name: tcp-cwr) Tcam data tcp flag cwr. type: str choices: [disable, enable] more...
- tcp_ece (Alias name: tcp-ece) Tcam data tcp flag ece. type: str choices: [disable, enable] more...
- tcp_fin (Alias name: tcp-fin) Tcam data tcp flag fin. type: str choices: [disable, enable] more...
- tcp_push (Alias name: tcp-push) Tcam data tcp flag push. type: str choices: [disable, enable] more...
- tcp_rst (Alias name: tcp-rst) Tcam data tcp flag rst. type: str choices: [disable, enable] more...
- tcp_syn (Alias name: tcp-syn) Tcam data tcp flag syn. type: str choices: [disable, enable] more...
- tcp_urg (Alias name: tcp-urg) Tcam data tcp flag urg. type: str choices: [disable, enable] more...
- tgt_cfi (Alias name: tgt-cfi) Tcam data target cfi. type: str choices: [disable, enable] more...
- tgt_prio (Alias name: tgt-prio) Tcam data target priority. type: int more...
- tgt_updt (Alias name: tgt-updt) Tcam data target port update. type: str choices: [disable, enable] more...
- tgt_v (Alias name: tgt-v) Tcam data target valid. type: str choices: [invalid, valid] more...
- tos Tcam data ip tos. type: int more...
- tp Tcam data target port. type: int more...
- ttl Tcam data ip ttl. type: int more...
- tvid Tcam data target vid. type: int more...
- vdid Tcam data vdom id. type: int more...
- dbg_dump (Alias name: dbg-dump) Debug driver dump data/mask pdq. type: int more...
- mask Mask. type: dict
more...
- df Tcam mask ip flag df. type: str choices: [disable, enable] more...
- dstip Tcam mask dst ipv4 address. type: str more...
- dstipv6 Tcam mask dst ipv6 address. type: str more...
- dstmac Tcam mask dst macaddr. type: str more...
- dstport Tcam mask l4 dst port. type: int more...
- ethertype Tcam mask ethertype. type: str more...
- ext_tag (Alias name: ext-tag) Tcam mask extension tag. type: str choices: [disable, enable] more...
- frag_off (Alias name: frag-off) Tcam data ip flag fragment offset. type: int more...
- gen_buf_cnt (Alias name: gen-buf-cnt) Tcam mask gen info buffer count. type: int more...
- gen_iv (Alias name: gen-iv) Tcam mask gen info iv. type: str choices: [invalid, valid] more...
- gen_l3_flags (Alias name: gen-l3-flags) Tcam mask gen info l3 flags. type: int more...
- gen_l4_flags (Alias name: gen-l4-flags) Tcam mask gen info l4 flags. type: int more...
- gen_pkt_ctrl (Alias name: gen-pkt-ctrl) Tcam mask gen info packet control. type: int more...
- gen_pri (Alias name: gen-pri) Tcam mask gen info priority. type: int more...
- gen_pri_v (Alias name: gen-pri-v) Tcam mask gen info priority valid. type: str choices: [invalid, valid] more...
- gen_tv (Alias name: gen-tv) Tcam mask gen info tv. type: str choices: [invalid, valid] more...
- ihl Tcam mask ipv4 ihl. type: int more...
- ip4_id (Alias name: ip4-id) Tcam mask ipv4 id. type: int more...
- ip6_fl (Alias name: ip6-fl) Tcam mask ipv6 flow label. type: int more...
- ipver Tcam mask ip header version. type: int more...
- l4_wd10 (Alias name: l4-wd10) Tcam mask l4 word10. type: int more...
- l4_wd11 (Alias name: l4-wd11) Tcam mask l4 word11. type: int more...
- l4_wd8 (Alias name: l4-wd8) Tcam mask l4 word8. type: int more...
- l4_wd9 (Alias name: l4-wd9) Tcam mask l4 word9. type: int more...
- mf Tcam mask ip flag mf. type: str choices: [disable, enable] more...
- protocol Tcam mask ip protocol. type: int more...
- slink Tcam mask sublink. type: int more...
- smac_change (Alias name: smac-change) Tcam mask source mac change. type: str choices: [disable, enable] more...
- sp Tcam mask source port. type: int more...
- src_cfi (Alias name: src-cfi) Tcam mask source cfi. type: str choices: [disable, enable] more...
- src_prio (Alias name: src-prio) Tcam mask source priority. type: int more...
- src_updt (Alias name: src-updt) Tcam mask source update. type: str choices: [disable, enable] more...
- srcip Tcam mask src ipv4 address. type: str more...
- srcipv6 Tcam mask src ipv6 address. type: str more...
- srcmac Tcam mask src macaddr. type: str more...
- srcport Tcam mask l4 src port. type: int more...
- svid Tcam mask source vid. type: int more...
- tcp_ack (Alias name: tcp-ack) Tcam mask tcp flag ack. type: str choices: [disable, enable] more...
- tcp_cwr (Alias name: tcp-cwr) Tcam mask tcp flag cwr. type: str choices: [disable, enable] more...
- tcp_ece (Alias name: tcp-ece) Tcam mask tcp flag ece. type: str choices: [disable, enable] more...
- tcp_fin (Alias name: tcp-fin) Tcam mask tcp flag fin. type: str choices: [disable, enable] more...
- tcp_push (Alias name: tcp-push) Tcam mask tcp flag push. type: str choices: [disable, enable] more...
- tcp_rst (Alias name: tcp-rst) Tcam mask tcp flag rst. type: str choices: [disable, enable] more...
- tcp_syn (Alias name: tcp-syn) Tcam mask tcp flag syn. type: str choices: [disable, enable] more...
- tcp_urg (Alias name: tcp-urg) Tcam mask tcp flag urg. type: str choices: [disable, enable] more...
- tgt_cfi (Alias name: tgt-cfi) Tcam mask target cfi. type: str choices: [disable, enable] more...
- tgt_prio (Alias name: tgt-prio) Tcam mask target priority. type: int more...
- tgt_updt (Alias name: tgt-updt) Tcam mask target port update. type: str choices: [disable, enable] more...
- tgt_v (Alias name: tgt-v) Tcam mask target valid. type: str choices: [invalid, valid] more...
- tos Tcam mask ip tos. type: int more...
- tp Tcam mask target port. type: int more...
- ttl Tcam mask ip ttl. type: int more...
- tvid Tcam mask target vid. type: int more...
- vdid Tcam mask vdom id. type: int more...
- mir_act (Alias name: mir-act) Mir act. type: dict
more...
- vlif Tcam mirror action vlif. type: int more...
- name Npu tcam policies name. type: str more...
- oid Npu tcam oid. type: int more...
- pri_act (Alias name: pri-act) Pri act. type: dict more...
- sact Sact. type: dict
more...
- act Tcam sact act. type: int more...
- act_v (Alias name: act-v) Enable to set sact act. type: str choices: [disable, enable] more...
- bmproc Tcam sact bmproc. type: int more...
- bmproc_v (Alias name: bmproc-v) Enable to set sact bmproc. type: str choices: [disable, enable] more...
- df_lif (Alias name: df-lif) Tcam sact df-lif. type: int more...
- df_lif_v (Alias name: df-lif-v) Enable to set sact df-lif. type: str choices: [disable, enable] more...
- dfr Tcam sact dfr. type: int more...
- dfr_v (Alias name: dfr-v) Enable to set sact dfr. type: str choices: [disable, enable] more...
- dmac_skip (Alias name: dmac-skip) Tcam sact dmac-skip. type: int more...
- dmac_skip_v (Alias name: dmac-skip-v) Enable to set sact dmac-skip. type: str choices: [disable, enable] more...
- dosen Tcam sact dosen. type: int more...
- dosen_v (Alias name: dosen-v) Enable to set sact dosen. type: str choices: [disable, enable] more...
- espff_proc (Alias name: espff-proc) Tcam sact espff-proc. type: int more...
- espff_proc_v (Alias name: espff-proc-v) Enable to set sact espff-proc. type: str choices: [disable, enable] more...
- etype_pid (Alias name: etype-pid) Tcam sact etype-pid. type: int more...
- etype_pid_v (Alias name: etype-pid-v) Enable to set sact etype-pid. type: str choices: [disable, enable] more...
- frag_proc (Alias name: frag-proc) Tcam sact frag-proc. type: int more...
- frag_proc_v (Alias name: frag-proc-v) Enable to set sact frag-proc. type: str choices: [disable, enable] more...
- fwd Tcam sact fwd. type: int more...
- fwd_lif (Alias name: fwd-lif) Tcam sact fwd-lif. type: int more...
- fwd_lif_v (Alias name: fwd-lif-v) Enable to set sact fwd-lif. type: str choices: [disable, enable] more...
- fwd_tvid (Alias name: fwd-tvid) Tcam sact fwd-tvid. type: int more...
- fwd_tvid_v (Alias name: fwd-tvid-v) Enable to set sact fwd-vid. type: str choices: [disable, enable] more...
- fwd_v (Alias name: fwd-v) Enable to set sact fwd. type: str choices: [disable, enable] more...
- icpen Tcam sact icpen. type: int more...
- icpen_v (Alias name: icpen-v) Enable to set sact icpen. type: str choices: [disable, enable] more...
- igmp_mld_snp (Alias name: igmp-mld-snp) Tcam sact igmp-mld-snp. type: int more...
- igmp_mld_snp_v (Alias name: igmp-mld-snp-v) Enable to set sact igmp-mld-snp. type: str choices: [disable, enable] more...
- learn Tcam sact learn. type: int more...
- learn_v (Alias name: learn-v) Enable to set sact learn. type: str choices: [disable, enable] more...
- m_srh_ctrl (Alias name: m-srh-ctrl) Tcam sact m-srh-ctrl. type: int more...
- m_srh_ctrl_v (Alias name: m-srh-ctrl-v) Enable to set sact m-srh-ctrl. type: str choices: [disable, enable] more...
- mac_id (Alias name: mac-id) Tcam sact mac-id. type: int more...
- mac_id_v (Alias name: mac-id-v) Enable to set sact mac-id. type: str choices: [disable, enable] more...
- mss Tcam sact mss. type: int more...
- mss_v (Alias name: mss-v) Enable to set sact mss. type: str choices: [disable, enable] more...
- pleen Tcam sact pleen. type: int more...
- pleen_v (Alias name: pleen-v) Enable to set sact pleen. type: str choices: [disable, enable] more...
- prio_pid (Alias name: prio-pid) Tcam sact prio-pid. type: int more...
- prio_pid_v (Alias name: prio-pid-v) Enable to set sact prio-pid. type: str choices: [disable, enable] more...
- promis Tcam sact promis. type: int more...
- promis_v (Alias name: promis-v) Enable to set sact promis. type: str choices: [disable, enable] more...
- rfsh Tcam sact rfsh. type: int more...
- rfsh_v (Alias name: rfsh-v) Enable to set sact rfsh. type: str choices: [disable, enable] more...
- smac_skip (Alias name: smac-skip) Tcam sact smac-skip. type: int more...
- smac_skip_v (Alias name: smac-skip-v) Enable to set sact smac-skip. type: str choices: [disable, enable] more...
- tp_smchk_v (Alias name: tp-smchk-v) Enable to set sact tp mode. type: str choices: [disable, enable] more...
- tp_smchk Tcam sact tp mode. type: int more...
- tpe_id (Alias name: tpe-id) Tcam sact tpe-id. type: int more...
- tpe_id_v (Alias name: tpe-id-v) Enable to set sact tpe-id. type: str choices: [disable, enable] more...
- vdm Tcam sact vdm. type: int more...
- vdm_v (Alias name: vdm-v) Enable to set sact vdm. type: str choices: [disable, enable] more...
- vdom_id (Alias name: vdom-id) Tcam sact vdom-id. type: int more...
- vdom_id_v (Alias name: vdom-id-v) Enable to set sact vdom-id. type: str choices: [disable, enable] more...
- x_mode (Alias name: x-mode) Tcam sact x-mode. type: int more...
- x_mode_v (Alias name: x-mode-v) Enable to set sact x-mode. type: str choices: [disable, enable] more...
- tact Tact. type: dict
more...
- act Tcam tact act. type: int more...
- act_v (Alias name: act-v) Enable to set tact act. type: str choices: [disable, enable] more...
- fmtuv4_s (Alias name: fmtuv4-s) Tcam tact fmtuv4-s. type: int more...
- fmtuv4_s_v (Alias name: fmtuv4-s-v) Enable to set tact fmtuv4-s. type: str choices: [disable, enable] more...
- fmtuv6_s (Alias name: fmtuv6-s) Tcam tact fmtuv6-s. type: int more...
- fmtuv6_s_v (Alias name: fmtuv6-s-v) Enable to set tact fmtuv6-s. type: str choices: [disable, enable] more...
- lnkid Tcam tact lnkid. type: int more...
- lnkid_v (Alias name: lnkid-v) Enable to set tact lnkid. type: str choices: [disable, enable] more...
- mac_id (Alias name: mac-id) Tcam tact mac-id. type: int more...
- mac_id_v (Alias name: mac-id-v) Enable to set tact mac-id. type: str choices: [disable, enable] more...
- mss_t (Alias name: mss-t) Tcam tact mss. type: int more...
- mss_t_v (Alias name: mss-t-v) Enable to set tact mss. type: str choices: [disable, enable] more...
- mtuv4 Tcam tact mtuv4. type: int more...
- mtuv4_v (Alias name: mtuv4-v) Enable to set tact mtuv4. type: str choices: [disable, enable] more...
- mtuv6 Tcam tact mtuv6. type: int more...
- mtuv6_v (Alias name: mtuv6-v) Enable to set tact mtuv6. type: str choices: [disable, enable] more...
- slif_act (Alias name: slif-act) Tcam tact slif-act. type: int more...
- slif_act_v (Alias name: slif-act-v) Enable to set tact slif-act. type: str choices: [disable, enable] more...
- sublnkid Tcam tact sublnkid. type: int more...
- sublnkid_v (Alias name: sublnkid-v) Enable to set tact sublnkid. type: str choices: [disable, enable] more...
- tgtv_act (Alias name: tgtv-act) Tcam tact tgtv-act. type: int more...
- tgtv_act_v (Alias name: tgtv-act-v) Enable to set tact tgtv-act. type: str choices: [disable, enable] more...
- tlif_act (Alias name: tlif-act) Tcam tact tlif-act. type: int more...
- tlif_act_v (Alias name: tlif-act-v) Enable to set tact tlif-act. type: str choices: [disable, enable] more...
- tpeid Tcam tact tpeid. type: int more...
- tpeid_v (Alias name: tpeid-v) Enable to set tact tpeid. type: str choices: [disable, enable] more...
- v6fe Tcam tact v6fe. type: int more...
- v6fe_v (Alias name: v6fe-v) Enable to set tact v6fe. type: str choices: [disable, enable] more...
- vep_en_v (Alias name: vep-en-v) Enable to set tact vep-en. type: str choices: [disable, enable] more...
- vep_slid (Alias name: vep-slid) Tcam tact vep_slid. type: int more...
- vep_slid_v (Alias name: vep-slid-v) Enable to set tact vep-slid. type: str choices: [disable, enable] more...
- vep_en Tcam tact vep_en. type: int more...
- xlt_lif (Alias name: xlt-lif) Tcam tact xlt-lif. type: int more...
- xlt_lif_v (Alias name: xlt-lif-v) Enable to set tact xlt-lif. type: str choices: [disable, enable] more...
- xlt_vid (Alias name: xlt-vid) Tcam tact xlt-vid. type: int more...
- xlt_vid_v (Alias name: xlt-vid-v) Enable to set tact xlt-vid. type: str choices: [disable, enable] more...
- type Tcam policy type. type: str choices: [L2_src_tc, L2_tgt_tc, L2_src_mir, L2_tgt_mir, L2_src_act, L2_tgt_act, IPv4_src_tc, IPv4_tgt_tc, IPv4_src_mir, IPv4_tgt_mir, IPv4_src_act, IPv4_tgt_act, IPv6_src_tc, IPv6_tgt_tc, IPv6_src_mir, IPv6_tgt_mir, IPv6_src_act, IPv6_tgt_act] more...
- vid Npu tcam vid. type: int more...
- data Data. type: dict
more...
- icmp_rate_ctrl (Alias name: icmp-rate-ctrl) Icmp rate ctrl. type: dict
more...
- icmp_v4_bucket_size (Alias name: icmp-v4-bucket-size) Bucket size used in the token bucket algorithm for controlling the flow of icmpv4 packets (1 - 100, default = 10). type: int more...
- icmp_v4_rate (Alias name: icmp-v4-rate) Average rate of icmpv4 packets that allowed to be generated per second (1 - 100, default = 1). type: int more...
- icmp_v6_bucket_size (Alias name: icmp-v6-bucket-size) Bucket size used in the token bucket algorithm for controlling the flow of icmpv6 packets (1 - 100, default = 10). type: int more...
- icmp_v6_rate (Alias name: icmp-v6-rate) Average rate of icmpv6 packets that allowed to be generated per second (1 - 100, default = 1). type: int more...
- vxlan_offload (Alias name: vxlan-offload) Enable/disable offloading vxlan. type: str choices: [disable, enable] more...
- icmp_error_rate_ctrl (Alias name: icmp-error-rate-ctrl) Icmp error rate ctrl. type: dict
more...
- icmpv4_error_bucket_size (Alias name: icmpv4-error-bucket-size) Bucket size used in the token bucket algorithm for controlling the flow of icmpv4 error packets (1 - 100, default = 20). type: int more...
- icmpv4_error_rate (Alias name: icmpv4-error-rate) Average rate of icmpv4 error packets that allowed to be generated per second (1 - 100, default = 1). type: int more...
- icmpv4_error_rate_limit (Alias name: icmpv4-error-rate-limit) Enable to limit the icmpv4 error packets generated by this fortigate. type: str choices: [disable, enable] more...
- icmpv6_error_bucket_size (Alias name: icmpv6-error-bucket-size) Bucket size used in the token bucket algorithm for controlling the flow of icmpv6 error packets (1 - 100, default = 20). type: int more...
- icmpv6_error_rate (Alias name: icmpv6-error-rate) Average rate of icmpv6 error packets that allowed to be generated per second (1 - 100, default = 1). type: int more...
- icmpv6_error_rate_limit (Alias name: icmpv6-error-rate-limit) Enable to limit the icmpv6 error packets generated by this fortigate. type: str choices: [disable, enable] more...
- ipv4_session_quota (Alias name: ipv4-session-quota) Enable/disable nonat ipv4 session quota for hyperscale vdoms. type: str choices: [disable, enable] more...
- ipv4_session_quota_high (Alias name: ipv4-session-quota-high) Configure nonat ipv4 session quota high threshold. type: int more...
- ipv4_session_quota_low (Alias name: ipv4-session-quota-low) Configure nonat ipv4 session quota low threshold. type: int more...
- ipv6_prefix_session_quota (Alias name: ipv6-prefix-session-quota) Enable/disable hardware ipv6 /64 prefix session quota for hyperscale vdoms. type: str choices: [disable, enable] more...
- ipv6_prefix_session_quota_high (Alias name: ipv6-prefix-session-quota-high) Configure ipv6 prefix session quota high threshold. type: int more...
- ipv6_prefix_session_quota_low (Alias name: ipv6-prefix-session-quota-low) Configure ipv6 prefix session quota low threshold. type: int more...
- dedicated_lacp_queue (Alias name: dedicated-lacp-queue) Enable to dedicate one hif queue for lacp. type: str choices: [disable, enable] more...
Notes
Note
Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.
To create or update an object, use state: present directive.
To delete an object, use state: absent directive
Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded
Examples
- name: Example playbook (generated based on argument schema)
hosts: fortimanagers
connection: httpapi
vars:
ansible_httpapi_use_ssl: true
ansible_httpapi_validate_certs: false
ansible_httpapi_port: 443
tasks:
- name: Configure NPU attributes.
fortinet.fortimanager.fmgr_system_npu:
# bypass_validation: false
workspace_locking_adom: <value in [global, custom adom including root]>
workspace_locking_timeout: 300
# rc_succeeded: [0, -2, -3, ...]
# rc_failed: [-2, -3, ...]
adom: <your own value>
system_npu:
capwap_offload: <value in [disable, enable]>
dedicated_management_affinity: <string>
dedicated_management_cpu: <value in [disable, enable]>
fastpath: <value in [disable, enable]>
fp_anomaly:
esp_minlen_err: <value in [drop, trap-to-host]>
icmp_csum_err: <value in [drop, trap-to-host]>
icmp_minlen_err: <value in [drop, trap-to-host]>
ipv4_csum_err: <value in [drop, trap-to-host]>
ipv4_ihl_err: <value in [drop, trap-to-host]>
ipv4_len_err: <value in [drop, trap-to-host]>
ipv4_opt_err: <value in [drop, trap-to-host]>
ipv4_ttlzero_err: <value in [drop, trap-to-host]>
ipv4_ver_err: <value in [drop, trap-to-host]>
ipv6_exthdr_len_err: <value in [drop, trap-to-host]>
ipv6_exthdr_order_err: <value in [drop, trap-to-host]>
ipv6_ihl_err: <value in [drop, trap-to-host]>
ipv6_plen_zero: <value in [drop, trap-to-host]>
ipv6_ver_err: <value in [drop, trap-to-host]>
tcp_csum_err: <value in [drop, trap-to-host]>
tcp_hlen_err: <value in [drop, trap-to-host]>
tcp_plen_err: <value in [drop, trap-to-host]>
udp_csum_err: <value in [drop, trap-to-host]>
udp_hlen_err: <value in [drop, trap-to-host]>
udp_len_err: <value in [drop, trap-to-host]>
udp_plen_err: <value in [drop, trap-to-host]>
udplite_cover_err: <value in [drop, trap-to-host]>
udplite_csum_err: <value in [drop, trap-to-host]>
unknproto_minlen_err: <value in [drop, trap-to-host]>
tcp_fin_only: <value in [allow, drop, trap-to-host]>
ipv4_optsecurity: <value in [allow, drop, trap-to-host]>
ipv6_optralert: <value in [allow, drop, trap-to-host]>
tcp_syn_fin: <value in [allow, drop, trap-to-host]>
ipv4_proto_err: <value in [allow, drop, trap-to-host]>
ipv6_saddr_err: <value in [allow, drop, trap-to-host]>
icmp_frag: <value in [allow, drop, trap-to-host]>
ipv4_optssrr: <value in [allow, drop, trap-to-host]>
ipv6_opthomeaddr: <value in [allow, drop, trap-to-host]>
udp_land: <value in [allow, drop, trap-to-host]>
ipv6_optinvld: <value in [allow, drop, trap-to-host]>
tcp_fin_noack: <value in [allow, drop, trap-to-host]>
ipv6_proto_err: <value in [allow, drop, trap-to-host]>
tcp_land: <value in [allow, drop, trap-to-host]>
ipv4_unknopt: <value in [allow, drop, trap-to-host]>
ipv4_optstream: <value in [allow, drop, trap-to-host]>
ipv6_optjumbo: <value in [allow, drop, trap-to-host]>
icmp_land: <value in [allow, drop, trap-to-host]>
tcp_winnuke: <value in [allow, drop, trap-to-host]>
ipv6_daddr_err: <value in [allow, drop, trap-to-host]>
ipv4_land: <value in [allow, drop, trap-to-host]>
ipv6_opttunnel: <value in [allow, drop, trap-to-host]>
tcp_no_flag: <value in [allow, drop, trap-to-host]>
ipv6_land: <value in [allow, drop, trap-to-host]>
ipv4_optlsrr: <value in [allow, drop, trap-to-host]>
ipv4_opttimestamp: <value in [allow, drop, trap-to-host]>
ipv4_optrr: <value in [allow, drop, trap-to-host]>
ipv6_optnsap: <value in [allow, drop, trap-to-host]>
ipv6_unknopt: <value in [allow, drop, trap-to-host]>
tcp_syn_data: <value in [allow, drop, trap-to-host]>
ipv6_optendpid: <value in [allow, drop, trap-to-host]>
gtpu_plen_err: <value in [drop, trap-to-host]>
vxlan_minlen_err: <value in [drop, trap-to-host]>
capwap_minlen_err: <value in [drop, trap-to-host]>
gre_csum_err: <value in [drop, trap-to-host]>
nvgre_minlen_err: <value in [drop, trap-to-host]>
sctp_l4len_err: <value in [drop, trap-to-host]>
tcp_hlenvsl4len_err: <value in [drop, trap-to-host]>
sctp_crc_err: <value in [drop, trap-to-host]>
sctp_clen_err: <value in [drop, trap-to-host]>
uesp_minlen_err: <value in [drop, trap-to-host]>
sctp_csum_err: <value in [allow, drop, trap-to-host]>
gtp_enhanced_cpu_range: <value in [0, 1, 2]>
gtp_enhanced_mode: <value in [disable, enable]>
host_shortcut_mode: <value in [bi-directional, host-shortcut]>
htx_gtse_quota: <value in [100Mbps, 200Mbps, 300Mbps, ...]>
intf_shaping_offload: <value in [disable, enable]>
iph_rsvd_re_cksum: <value in [disable, enable]>
ipsec_dec_subengine_mask: <string>
ipsec_enc_subengine_mask: <string>
ipsec_inbound_cache: <value in [disable, enable]>
ipsec_mtu_override: <value in [disable, enable]>
ipsec_over_vlink: <value in [disable, enable]>
isf_np_queues:
cos0: <string>
cos1: <string>
cos2: <string>
cos3: <string>
cos4: <string>
cos5: <string>
cos6: <string>
cos7: <string>
lag_out_port_select: <value in [disable, enable]>
mcast_session_accounting: <value in [disable, session-based, tpe-based]>
np6_cps_optimization_mode: <value in [disable, enable]>
per_session_accounting: <value in [enable, disable, enable-by-log, ...]>
port_cpu_map:
-
cpu_core: <string>
interface: <string>
port_npu_map:
-
interface: <string>
npu_group_index: <integer>
priority_protocol:
bfd: <value in [disable, enable]>
bgp: <value in [disable, enable]>
slbc: <value in [disable, enable]>
qos_mode: <value in [disable, priority, round-robin]>
rdp_offload: <value in [disable, enable]>
recover_np6_link: <value in [disable, enable]>
session_denied_offload: <value in [disable, enable]>
sse_backpressure: <value in [disable, enable]>
strip_clear_text_padding: <value in [disable, enable]>
strip_esp_padding: <value in [disable, enable]>
sw_eh_hash:
computation: <value in [xor16, xor8, xor4, ...]>
destination_ip_lower_16: <value in [include, exclude]>
destination_ip_upper_16: <value in [include, exclude]>
destination_port: <value in [include, exclude]>
ip_protocol: <value in [include, exclude]>
netmask_length: <integer>
source_ip_lower_16: <value in [include, exclude]>
source_ip_upper_16: <value in [include, exclude]>
source_port: <value in [include, exclude]>
sw_np_bandwidth: <value in [0G, 2G, 4G, ...]>
switch_np_hash: <value in [src-ip, dst-ip, src-dst-ip]>
uesp_offload: <value in [disable, enable]>
np_queues:
ethernet_type:
-
name: <string>
queue: <integer>
type: <integer>
weight: <integer>
ip_protocol:
-
name: <string>
protocol: <integer>
queue: <integer>
weight: <integer>
ip_service:
-
dport: <integer>
name: <string>
protocol: <integer>
queue: <integer>
sport: <integer>
weight: <integer>
profile:
-
cos0: <value in [queue0, queue1, queue2, ...]>
cos1: <value in [queue0, queue1, queue2, ...]>
cos2: <value in [queue0, queue1, queue2, ...]>
cos3: <value in [queue0, queue1, queue2, ...]>
cos4: <value in [queue0, queue1, queue2, ...]>
cos5: <value in [queue0, queue1, queue2, ...]>
cos6: <value in [queue0, queue1, queue2, ...]>
cos7: <value in [queue0, queue1, queue2, ...]>
dscp0: <value in [queue0, queue1, queue2, ...]>
dscp1: <value in [queue0, queue1, queue2, ...]>
dscp10: <value in [queue0, queue1, queue2, ...]>
dscp11: <value in [queue0, queue1, queue2, ...]>
dscp12: <value in [queue0, queue1, queue2, ...]>
dscp13: <value in [queue0, queue1, queue2, ...]>
dscp14: <value in [queue0, queue1, queue2, ...]>
dscp15: <value in [queue0, queue1, queue2, ...]>
dscp16: <value in [queue0, queue1, queue2, ...]>
dscp17: <value in [queue0, queue1, queue2, ...]>
dscp18: <value in [queue0, queue1, queue2, ...]>
dscp19: <value in [queue0, queue1, queue2, ...]>
dscp2: <value in [queue0, queue1, queue2, ...]>
dscp20: <value in [queue0, queue1, queue2, ...]>
dscp21: <value in [queue0, queue1, queue2, ...]>
dscp22: <value in [queue0, queue1, queue2, ...]>
dscp23: <value in [queue0, queue1, queue2, ...]>
dscp24: <value in [queue0, queue1, queue2, ...]>
dscp25: <value in [queue0, queue1, queue2, ...]>
dscp26: <value in [queue0, queue1, queue2, ...]>
dscp27: <value in [queue0, queue1, queue2, ...]>
dscp28: <value in [queue0, queue1, queue2, ...]>
dscp29: <value in [queue0, queue1, queue2, ...]>
dscp3: <value in [queue0, queue1, queue2, ...]>
dscp30: <value in [queue0, queue1, queue2, ...]>
dscp31: <value in [queue0, queue1, queue2, ...]>
dscp32: <value in [queue0, queue1, queue2, ...]>
dscp33: <value in [queue0, queue1, queue2, ...]>
dscp34: <value in [queue0, queue1, queue2, ...]>
dscp35: <value in [queue0, queue1, queue2, ...]>
dscp36: <value in [queue0, queue1, queue2, ...]>
dscp37: <value in [queue0, queue1, queue2, ...]>
dscp38: <value in [queue0, queue1, queue2, ...]>
dscp39: <value in [queue0, queue1, queue2, ...]>
dscp4: <value in [queue0, queue1, queue2, ...]>
dscp40: <value in [queue0, queue1, queue2, ...]>
dscp41: <value in [queue0, queue1, queue2, ...]>
dscp42: <value in [queue0, queue1, queue2, ...]>
dscp43: <value in [queue0, queue1, queue2, ...]>
dscp44: <value in [queue0, queue1, queue2, ...]>
dscp45: <value in [queue0, queue1, queue2, ...]>
dscp46: <value in [queue0, queue1, queue2, ...]>
dscp47: <value in [queue0, queue1, queue2, ...]>
dscp48: <value in [queue0, queue1, queue2, ...]>
dscp49: <value in [queue0, queue1, queue2, ...]>
dscp5: <value in [queue0, queue1, queue2, ...]>
dscp50: <value in [queue0, queue1, queue2, ...]>
dscp51: <value in [queue0, queue1, queue2, ...]>
dscp52: <value in [queue0, queue1, queue2, ...]>
dscp53: <value in [queue0, queue1, queue2, ...]>
dscp54: <value in [queue0, queue1, queue2, ...]>
dscp55: <value in [queue0, queue1, queue2, ...]>
dscp56: <value in [queue0, queue1, queue2, ...]>
dscp57: <value in [queue0, queue1, queue2, ...]>
dscp58: <value in [queue0, queue1, queue2, ...]>
dscp59: <value in [queue0, queue1, queue2, ...]>
dscp6: <value in [queue0, queue1, queue2, ...]>
dscp60: <value in [queue0, queue1, queue2, ...]>
dscp61: <value in [queue0, queue1, queue2, ...]>
dscp62: <value in [queue0, queue1, queue2, ...]>
dscp63: <value in [queue0, queue1, queue2, ...]>
dscp7: <value in [queue0, queue1, queue2, ...]>
dscp8: <value in [queue0, queue1, queue2, ...]>
dscp9: <value in [queue0, queue1, queue2, ...]>
id: <integer>
type: <value in [cos, dscp]>
weight: <integer>
scheduler:
-
mode: <value in [none, priority, round-robin]>
name: <string>
udp_timeout_profile:
-
id: <integer>
udp_idle: <integer>
qtm_buf_mode: <value in [6ch, 4ch]>
default_qos_type: <value in [policing, shaping, policing-enhanced]>
tcp_rst_timeout: <integer>
ipsec_local_uesp_port: <integer>
htab_dedi_queue_nr: <integer>
double_level_mcast_offload: <value in [disable, enable]>
dse_timeout: <integer>
ippool_overload_low: <integer>
pba_eim: <value in [disallow, allow]>
policy_offload_level: <value in [disable, dos-offload, full-offload]>
max_session_timeout: <integer>
port_path_option:
ports_using_npu: <list or string>
vlan_lookup_cache: <value in [disable, enable]>
dos_options:
npu_dos_meter_mode: <value in [local, global]>
npu_dos_synproxy_mode: <value in [synack2ack, pass-synack]>
npu_dos_tpe_mode: <value in [disable, enable]>
hash_tbl_spread: <value in [disable, enable]>
tcp_timeout_profile:
-
close_wait: <integer>
fin_wait: <integer>
id: <integer>
syn_sent: <integer>
syn_wait: <integer>
tcp_idle: <integer>
time_wait: <integer>
ip_reassembly:
max_timeout: <integer>
min_timeout: <integer>
status: <value in [disable, enable]>
gtp_support: <value in [disable, enable]>
htx_icmp_csum_chk: <value in [pass, drop]>
hpe:
all_protocol: <integer>
arp_max: <integer>
enable_shaper: <value in [disable, enable]>
esp_max: <integer>
high_priority: <integer>
icmp_max: <integer>
ip_frag_max: <integer>
ip_others_max: <integer>
l2_others_max: <integer>
pri_type_max: <integer>
sctp_max: <integer>
tcp_max: <integer>
tcpfin_rst_max: <integer>
tcpsyn_ack_max: <integer>
tcpsyn_max: <integer>
udp_max: <integer>
enable_queue_shaper: <value in [disable, enable]>
exception_code: <integer>
fragment_with_sess: <integer>
fragment_without_session: <integer>
queue_shaper_max: <integer>
dsw_dts_profile:
-
action: <value in [wait, drop, drop_tmr_0, ...]>
min_limit: <integer>
profile_id: <integer>
step: <integer>
hash_config: <value in [5-tuple, src-ip, src-dst-ip]>
ipsec_ob_np_sel: <value in [RR, rr, Packet, ...]>
napi_break_interval: <integer>
background_sse_scan:
scan: <value in [disable, enable]>
stats_update_interval: <integer>
udp_keepalive_interval: <integer>
scan_stale: <integer>
scan_vt: <integer>
stats_qual_access: <integer>
stats_qual_duration: <integer>
udp_qual_access: <integer>
udp_qual_duration: <integer>
inbound_dscp_copy_port: <list or string>
session_acct_interval: <integer>
htab_msg_queue: <value in [idle, data, dedicated]>
dsw_queue_dts_profile:
-
iport: <value in [EIF0, eif0, EIF1, ...]>
name: <string>
oport: <value in [EIF0, eif0, EIF1, ...]>
profile_id: <integer>
queue_select: <integer>
hw_ha_scan_interval: <integer>
ippool_overload_high: <integer>
nat46_force_ipv4_packet_forwarding: <value in [disable, enable]>
prp_port_out: <list or string>
isf_np_rx_tr_distr: <value in [port-flow, round-robin, randomized]>
mcast_session_counting6: <value in [disable, enable, session-based, ...]>
prp_port_in: <list or string>
rps_mode: <value in [disable, enable]>
per_policy_accounting: <value in [disable, enable]>
mcast_session_counting: <value in [disable, enable, session-based, ...]>
inbound_dscp_copy: <value in [disable, enable]>
ipsec_host_dfclr: <value in [disable, enable]>
process_icmp_by_host: <value in [disable, enable]>
dedicated_tx_npu: <value in [disable, enable]>
ull_port_mode: <value in [10G, 25G]>
sse_ha_scan:
gap: <integer>
max_session_cnt: <integer>
min_duration: <integer>
hash_ipv6_sel: <integer>
ip_fragment_offload: <value in [disable, enable]>
ple_non_syn_tcp_action: <value in [forward, drop]>
npu_group_effective_scope: <integer>
ipsec_STS_timeout: <value in [1, 2, 3, ...]>
ipsec_throughput_msg_frequency: <value in [disable, 32KB, 64KB, ...]>
ipt_STS_timeout: <value in [1, 2, 3, ...]>
ipt_throughput_msg_frequency: <value in [disable, 32KB, 64KB, ...]>
default_tcp_refresh_dir: <value in [both, outgoing, incoming]>
default_udp_refresh_dir: <value in [both, outgoing, incoming]>
nss_threads_option: <value in [4t-eif, 4t-noeif, 2t]>
prp_session_clear_mode: <value in [blocking, non-blocking, do-not-clear]>
shaping_stats: <value in [disable, enable]>
sw_tr_hash:
draco15: <value in [disable, enable]>
tcp_udp_port: <value in [include, exclude]>
pba_port_select_mode: <value in [random, direct]>
spa_port_select_mode: <value in [random, direct]>
split_ipsec_engines: <value in [disable, enable]>
tunnel_over_vlink: <value in [disable, enable]>
max_receive_unit: <integer>
npu_tcam:
-
data:
df: <value in [disable, enable]>
dstip: <string>
dstipv6: <string>
dstmac: <string>
dstport: <integer>
ethertype: <string>
ext_tag: <value in [disable, enable]>
frag_off: <integer>
gen_buf_cnt: <integer>
gen_iv: <value in [invalid, valid]>
gen_l3_flags: <integer>
gen_l4_flags: <integer>
gen_pkt_ctrl: <integer>
gen_pri: <integer>
gen_pri_v: <value in [invalid, valid]>
gen_tv: <value in [invalid, valid]>
ihl: <integer>
ip4_id: <integer>
ip6_fl: <integer>
ipver: <integer>
l4_wd10: <integer>
l4_wd11: <integer>
l4_wd8: <integer>
l4_wd9: <integer>
mf: <value in [disable, enable]>
protocol: <integer>
slink: <integer>
smac_change: <value in [disable, enable]>
sp: <integer>
src_cfi: <value in [disable, enable]>
src_prio: <integer>
src_updt: <value in [disable, enable]>
srcip: <string>
srcipv6: <string>
srcmac: <string>
srcport: <integer>
svid: <integer>
tcp_ack: <value in [disable, enable]>
tcp_cwr: <value in [disable, enable]>
tcp_ece: <value in [disable, enable]>
tcp_fin: <value in [disable, enable]>
tcp_push: <value in [disable, enable]>
tcp_rst: <value in [disable, enable]>
tcp_syn: <value in [disable, enable]>
tcp_urg: <value in [disable, enable]>
tgt_cfi: <value in [disable, enable]>
tgt_prio: <integer>
tgt_updt: <value in [disable, enable]>
tgt_v: <value in [invalid, valid]>
tos: <integer>
tp: <integer>
ttl: <integer>
tvid: <integer>
vdid: <integer>
dbg_dump: <integer>
mask:
df: <value in [disable, enable]>
dstip: <string>
dstipv6: <string>
dstmac: <string>
dstport: <integer>
ethertype: <string>
ext_tag: <value in [disable, enable]>
frag_off: <integer>
gen_buf_cnt: <integer>
gen_iv: <value in [invalid, valid]>
gen_l3_flags: <integer>
gen_l4_flags: <integer>
gen_pkt_ctrl: <integer>
gen_pri: <integer>
gen_pri_v: <value in [invalid, valid]>
gen_tv: <value in [invalid, valid]>
ihl: <integer>
ip4_id: <integer>
ip6_fl: <integer>
ipver: <integer>
l4_wd10: <integer>
l4_wd11: <integer>
l4_wd8: <integer>
l4_wd9: <integer>
mf: <value in [disable, enable]>
protocol: <integer>
slink: <integer>
smac_change: <value in [disable, enable]>
sp: <integer>
src_cfi: <value in [disable, enable]>
src_prio: <integer>
src_updt: <value in [disable, enable]>
srcip: <string>
srcipv6: <string>
srcmac: <string>
srcport: <integer>
svid: <integer>
tcp_ack: <value in [disable, enable]>
tcp_cwr: <value in [disable, enable]>
tcp_ece: <value in [disable, enable]>
tcp_fin: <value in [disable, enable]>
tcp_push: <value in [disable, enable]>
tcp_rst: <value in [disable, enable]>
tcp_syn: <value in [disable, enable]>
tcp_urg: <value in [disable, enable]>
tgt_cfi: <value in [disable, enable]>
tgt_prio: <integer>
tgt_updt: <value in [disable, enable]>
tgt_v: <value in [invalid, valid]>
tos: <integer>
tp: <integer>
ttl: <integer>
tvid: <integer>
vdid: <integer>
mir_act:
vlif: <integer>
name: <string>
oid: <integer>
pri_act:
priority: <integer>
weight: <integer>
sact:
act: <integer>
act_v: <value in [disable, enable]>
bmproc: <integer>
bmproc_v: <value in [disable, enable]>
df_lif: <integer>
df_lif_v: <value in [disable, enable]>
dfr: <integer>
dfr_v: <value in [disable, enable]>
dmac_skip: <integer>
dmac_skip_v: <value in [disable, enable]>
dosen: <integer>
dosen_v: <value in [disable, enable]>
espff_proc: <integer>
espff_proc_v: <value in [disable, enable]>
etype_pid: <integer>
etype_pid_v: <value in [disable, enable]>
frag_proc: <integer>
frag_proc_v: <value in [disable, enable]>
fwd: <integer>
fwd_lif: <integer>
fwd_lif_v: <value in [disable, enable]>
fwd_tvid: <integer>
fwd_tvid_v: <value in [disable, enable]>
fwd_v: <value in [disable, enable]>
icpen: <integer>
icpen_v: <value in [disable, enable]>
igmp_mld_snp: <integer>
igmp_mld_snp_v: <value in [disable, enable]>
learn: <integer>
learn_v: <value in [disable, enable]>
m_srh_ctrl: <integer>
m_srh_ctrl_v: <value in [disable, enable]>
mac_id: <integer>
mac_id_v: <value in [disable, enable]>
mss: <integer>
mss_v: <value in [disable, enable]>
pleen: <integer>
pleen_v: <value in [disable, enable]>
prio_pid: <integer>
prio_pid_v: <value in [disable, enable]>
promis: <integer>
promis_v: <value in [disable, enable]>
rfsh: <integer>
rfsh_v: <value in [disable, enable]>
smac_skip: <integer>
smac_skip_v: <value in [disable, enable]>
tp_smchk_v: <value in [disable, enable]>
tp_smchk: <integer>
tpe_id: <integer>
tpe_id_v: <value in [disable, enable]>
vdm: <integer>
vdm_v: <value in [disable, enable]>
vdom_id: <integer>
vdom_id_v: <value in [disable, enable]>
x_mode: <integer>
x_mode_v: <value in [disable, enable]>
tact:
act: <integer>
act_v: <value in [disable, enable]>
fmtuv4_s: <integer>
fmtuv4_s_v: <value in [disable, enable]>
fmtuv6_s: <integer>
fmtuv6_s_v: <value in [disable, enable]>
lnkid: <integer>
lnkid_v: <value in [disable, enable]>
mac_id: <integer>
mac_id_v: <value in [disable, enable]>
mss_t: <integer>
mss_t_v: <value in [disable, enable]>
mtuv4: <integer>
mtuv4_v: <value in [disable, enable]>
mtuv6: <integer>
mtuv6_v: <value in [disable, enable]>
slif_act: <integer>
slif_act_v: <value in [disable, enable]>
sublnkid: <integer>
sublnkid_v: <value in [disable, enable]>
tgtv_act: <integer>
tgtv_act_v: <value in [disable, enable]>
tlif_act: <integer>
tlif_act_v: <value in [disable, enable]>
tpeid: <integer>
tpeid_v: <value in [disable, enable]>
v6fe: <integer>
v6fe_v: <value in [disable, enable]>
vep_en_v: <value in [disable, enable]>
vep_slid: <integer>
vep_slid_v: <value in [disable, enable]>
vep_en: <integer>
xlt_lif: <integer>
xlt_lif_v: <value in [disable, enable]>
xlt_vid: <integer>
xlt_vid_v: <value in [disable, enable]>
type: <value in [L2_src_tc, L2_tgt_tc, L2_src_mir, ...]>
vid: <integer>
icmp_rate_ctrl:
icmp_v4_bucket_size: <integer>
icmp_v4_rate: <integer>
icmp_v6_bucket_size: <integer>
icmp_v6_rate: <integer>
vxlan_offload: <value in [disable, enable]>
icmp_error_rate_ctrl:
icmpv4_error_bucket_size: <integer>
icmpv4_error_rate: <integer>
icmpv4_error_rate_limit: <value in [disable, enable]>
icmpv6_error_bucket_size: <integer>
icmpv6_error_rate: <integer>
icmpv6_error_rate_limit: <value in [disable, enable]>
ipv4_session_quota: <value in [disable, enable]>
ipv4_session_quota_high: <integer>
ipv4_session_quota_low: <integer>
ipv6_prefix_session_quota: <value in [disable, enable]>
ipv6_prefix_session_quota_high: <integer>
ipv6_prefix_session_quota_low: <integer>
dedicated_lacp_queue: <value in [disable, enable]>
Return Values
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- meta - The result of the request.returned: always type: dict
- request_url - The full url requested. returned: always type: str sample: /sys/login/user
- response_code - The status of api request. returned: always type: int sample: 0
- response_data - The data body of the api response. returned: optional type: list or dict
- response_message - The descriptive message of the api response. returned: always type: str sample: OK
- system_information - The information of the target system. returned: always type: dict
- rc - The status the request. returned: always type: int sample: 0
- version_check_warning - Warning if the parameters used in the playbook are not supported by the current FortiManager version. returned: if at least one parameter not supported by the current FortiManager version type: list
Status
This module is not guaranteed to have a backwards compatible interface.