fortios_system_npu – Configure NPU attributes in Fortinet’s FortiOS and FortiGate.
New in version 2.0.0.
Synopsis
This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and npu category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
Requirements
The below requirements are needed on the host that executes this module.
ansible>=2.15
Tips
Using member operation to add an element to an existing object.
FortiOS Version Compatibility
Supported Version Ranges: v6.0.0 -> 7.4.3
Parameters
- access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
- enable_log - Enable/Disable logging for task. type: bool required: false default: False
- vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
- member_path - Member attribute path to operate on. type: str
- member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
- system_npu - Configure NPU attributes. type: dict more...
- capwap_offload - Enable/disable offloading managed FortiAP and FortiLink CAPWAP sessions. type: str choices: enable, disable more...
- dedicated_management_affinity - Affinity setting for management daemons (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx). type: str more...
- dedicated_management_cpu - Enable to dedicate one CPU for GUI and CLI connections when NPs are busy. type: str choices: enable, disable more...
- default_qos_type - Set default QoS type. type: str choices: policing, shaping, policing-enhanced more...
- dos_options - NPU DoS configurations. type: dict more...
- npu_dos_meter_mode - Set DoS meter NPU offloading mode. type: str choices: global, local more...
- npu_dos_tpe_mode - Enable/disable insertion of DoS meter ID to session table. type: str choices: enable, disable more...
- double_level_mcast_offload - Enable double level mcast offload. type: str choices: enable, disable more...
- dsw_dts_profile - Configure NPU DSW DTS profile. type: list member_path: dsw_dts_profile:profile_id more...
- action - Set NPU DSW DTS profile action. type: str choices: wait, drop, drop_tmr_0, drop_tmr_1, enque, enque_0, enque_1 more...
- min_limit - Set NPU DSW DTS profile min-limt. type: int more...
- profile_id - Set NPU DSW DTS profile profile id. see Notes. type: int required: true more...
- step - Set NPU DSW DTS profile step. type: int more...
- dsw_queue_dts_profile - Configure NPU DSW Queue DTS profile. type: list member_path: dsw_queue_dts_profile:name more...
- iport - Set NPU DSW DTS in port. type: str choices: eif0, eif1, eif2, eif3, eif4, eif5, eif6, eif7, htx0, htx1, sse0, sse1, sse2, sse3, rlt, dfr, ipseci, ipseco, ipti, ipto, vep0, vep2, vep4, vep6, ivs, l2ti1, l2to, l2ti0, ple, spath, qtm more...
- name - Name. type: str required: true more...
- oport - Set NPU DSW DTS out port. type: str choices: eif0, eif1, eif2, eif3, eif4, eif5, eif6, eif7, hrx, sse0, sse1, sse2, sse3, rlt, dfr, ipseci, ipseco, ipti, ipto, vep0, vep2, vep4, vep6, ivs, l2ti1, l2to, l2ti0, ple, sync, nss, tsk, qtm more...
- profile_id - Set NPU DSW DTS profile ID. type: int more...
- queue_select - Set NPU DSW DTS queue ID select (0 - reset to default). type: int more...
- fastpath - Enable/disable NP6 offloading (also called fast path). type: str choices: disable, enable more...
- fp_anomaly - IPv4/IPv6 anomaly protection. type: dict more...
- icmp_csum_err - Invalid IPv4 ICMP checksum anomalies. type: str choices: drop, trap-to-host more...
- icmp_frag - Layer 3 fragmented packets that could be part of layer 4 ICMP anomalies. type: str choices: allow, drop, trap-to-host more...
- icmp_land - ICMP land anomalies. type: str choices: allow, drop, trap-to-host more...
- ipv4_csum_err - Invalid IPv4 IP checksum anomalies. type: str choices: drop, trap-to-host more...
- ipv4_land - Land anomalies. type: str choices: allow, drop, trap-to-host more...
- ipv4_optlsrr - Loose source record route option anomalies. type: str choices: allow, drop, trap-to-host more...
- ipv4_optrr - Record route option anomalies. type: str choices: allow, drop, trap-to-host more...
- ipv4_optsecurity - Security option anomalies. type: str choices: allow, drop, trap-to-host more...
- ipv4_optssrr - Strict source record route option anomalies. type: str choices: allow, drop, trap-to-host more...
- ipv4_optstream - Stream option anomalies. type: str choices: allow, drop, trap-to-host more...
- ipv4_opttimestamp - Timestamp option anomalies. type: str choices: allow, drop, trap-to-host more...
- ipv4_proto_err - Invalid layer 4 protocol anomalies. type: str choices: allow, drop, trap-to-host more...
- ipv4_unknopt - Unknown option anomalies. type: str choices: allow, drop, trap-to-host more...
- ipv6_daddr_err - Destination address as unspecified or loopback address anomalies. type: str choices: allow, drop, trap-to-host more...
- ipv6_land - Land anomalies. type: str choices: allow, drop, trap-to-host more...
- ipv6_optendpid - End point identification anomalies. type: str choices: allow, drop, trap-to-host more...
- ipv6_opthomeaddr - Home address option anomalies. type: str choices: allow, drop, trap-to-host more...
- ipv6_optinvld - Invalid option anomalies.Invalid option anomalies. type: str choices: allow, drop, trap-to-host more...
- ipv6_optjumbo - Jumbo options anomalies. type: str choices: allow, drop, trap-to-host more...
- ipv6_optnsap - Network service access point address option anomalies. type: str choices: allow, drop, trap-to-host more...
- ipv6_optralert - Router alert option anomalies. type: str choices: allow, drop, trap-to-host more...
- ipv6_opttunnel - Tunnel encapsulation limit option anomalies. type: str choices: allow, drop, trap-to-host more...
- ipv6_proto_err - Layer 4 invalid protocol anomalies. type: str choices: allow, drop, trap-to-host more...
- ipv6_saddr_err - Source address as multicast anomalies. type: str choices: allow, drop, trap-to-host more...
- ipv6_unknopt - Unknown option anomalies. type: str choices: allow, drop, trap-to-host more...
- tcp_csum_err - Invalid IPv4 TCP checksum anomalies. type: str choices: drop, trap-to-host more...
- tcp_fin_noack - TCP SYN flood with FIN flag set without ACK setting anomalies. type: str choices: allow, drop, trap-to-host more...
- tcp_fin_only - TCP SYN flood with only FIN flag set anomalies. type: str choices: allow, drop, trap-to-host more...
- tcp_land - TCP land anomalies. type: str choices: allow, drop, trap-to-host more...
- tcp_no_flag - TCP SYN flood with no flag set anomalies. type: str choices: allow, drop, trap-to-host more...
- tcp_syn_data - TCP SYN flood packets with data anomalies. type: str choices: allow, drop, trap-to-host more...
- tcp_syn_fin - TCP SYN flood SYN/FIN flag set anomalies. type: str choices: allow, drop, trap-to-host more...
- tcp_winnuke - TCP WinNuke anomalies. type: str choices: allow, drop, trap-to-host more...
- udp_csum_err - Invalid IPv4 UDP checksum anomalies. type: str choices: drop, trap-to-host more...
- udp_land - UDP land anomalies. type: str choices: allow, drop, trap-to-host more...
- gtp_enhanced_cpu_range - GTP enhanced CPU range option. type: str choices: 0, 1, 2 more...
- gtp_enhanced_mode - Enable/disable GTP enhanced mode. type: str choices: enable, disable more...
- gtp_support - Enable/Disable NP7 GTP support type: str choices: enable, disable more...
- hash_tbl_spread - Enable/disable hash table entry spread . type: str choices: enable, disable more...
- hpe - Host protection engine configuration. type: dict more...
- all_protocol - Maximum packet rate of each host queue except high priority traffic(1K - 32M pps), set 0 to disable. type: int more...
- arp_max - Maximum ARP packet rate (1K - 32M pps). Entry is valid when ARP is removed from high-priority traffic. type: int more...
- enable_shaper - Enable/Disable NPU Host Protection Engine (HPE) for packet type shaper. type: str choices: disable, enable more...
- esp_max - Maximum ESP packet rate (1K - 32M pps). type: int more...
- high_priority - Maximum packet rate for high priority traffic packets (1K - 32M pps). type: int more...
- icmp_max - Maximum ICMP packet rate (1K - 32M pps). type: int more...
- ip_frag_max - Maximum fragmented IP packet rate (1K - 32M pps). type: int more...
- ip_others_max - Maximum IP packet rate for other packets (packet types that cannot be set with other options) (1K - 32G pps). type: int more...
- l2_others_max - Maximum L2 packet rate for L2 packets that are not ARP packets (1K - 32M pps). type: int more...
- sctp_max - Maximum SCTP packet rate (1K - 32M pps). type: int more...
- tcp_max - Maximum TCP packet rate (1K - 32M pps). type: int more...
- tcpfin_rst_max - Maximum TCP carries FIN or RST flags packet rate (1K - 32M pps). type: int more...
- tcpsyn_ack_max - Maximum TCP carries SYN and ACK flags packet rate (1K - 32M pps). type: int more...
- tcpsyn_max - Maximum TCP SYN packet rate (1K - 40M pps). type: int more...
- udp_max - Maximum UDP packet rate (1K - 32M pps). type: int more...
- htab_dedi_queue_nr - Set the number of dedicate queue for hash table messages. type: int more...
- htab_msg_queue - Set hash table message queue mode. type: str choices: data, idle, dedicated more...
- htx_icmp_csum_chk - Set HTX icmp csum checking mode. type: str choices: drop, pass more...
- inbound_dscp_copy_port - Physical interfaces that support inbound-dscp-copy. type: list member_path: inbound_dscp_copy_port:interface more...
- interface - Physical interface name. type: str required: true more...
- intf_shaping_offload - Enable/disable NPU offload when doing interface-based traffic shaping according to the egress-shaping-profile. type: str choices: enable, disable more...
- ip_fragment_offload - Enable/disable NP7 NPU IP fragment offload. type: str choices: disable, enable more...
- ip_reassembly - IP reassebmly engine configuration. type: dict more...
- max_timeout - Maximum timeout value for IP reassembly (5 us - 600,000,000 us). type: int more...
- min_timeout - Minimum timeout value for IP reassembly (5 us - 600,000,000 us). type: int more...
- status - Set IP reassembly processing status. type: str choices: disable, enable more...
- ipsec_dec_subengine_mask - IPsec decryption subengine mask (0x1 - 0xff). type: str more...
- ipsec_enc_subengine_mask - IPsec encryption subengine mask (0x1 - 0xff). type: str more...
- ipsec_inbound_cache - Enable/disable IPsec inbound cache for anti-replay. type: str choices: enable, disable more...
- ipsec_mtu_override - Enable/disable NP6 IPsec MTU override. type: str choices: disable, enable more...
- ipsec_ob_np_sel - IPsec NP selection for OB SA offloading. type: str choices: rr, Packet, Hash more...
- ipsec_over_vlink - Enable/disable IPsec over vlink. type: str choices: enable, disable more...
- isf_np_queues - Configure queues of switch port connected to NP6 XAUI on ingress path. type: dict more...
- cos0 - CoS profile name for CoS 0. Source system.isf-queue-profile.name. type: str more...
- cos1 - CoS profile name for CoS 1. Source system.isf-queue-profile.name. type: str more...
- cos2 - CoS profile name for CoS 2. Source system.isf-queue-profile.name. type: str more...
- cos3 - CoS profile name for CoS 3. Source system.isf-queue-profile.name. type: str more...
- cos4 - CoS profile name for CoS 4. Source system.isf-queue-profile.name. type: str more...
- cos5 - CoS profile name for CoS 5. Source system.isf-queue-profile.name. type: str more...
- cos6 - CoS profile name for CoS 6. Source system.isf-queue-profile.name. type: str more...
- cos7 - CoS profile name for CoS 7. Source system.isf-queue-profile.name. type: str more...
- lag_out_port_select - Enable/disable LAG outgoing port selection based on incoming traffic port. type: str choices: disable, enable more...
- max_receive_unit - Set the maximum packet size for receive, larger packets will be silently dropped. type: int more...
- max_session_timeout - Maximum time interval for refreshing NPU-offloaded sessions (10 - 1000 sec). type: int more...
- mcast_session_accounting - Enable/disable traffic accounting for each multicast session through TAE counter. type: str choices: tpe-based, session-based, disable more...
- napi_break_interval - NAPI break interval . type: int more...
- np_queues - Configure queue assignment on NP7. type: dict more...
- ethernet_type - Configure a NP7 QoS Ethernet Type. type: list member_path: np_queues/ethernet_type:name more...
- name - Ethernet Type Name. type: str required: true more...
- queue - Queue Number. type: int more...
- type - Ethernet Type. type: str more...
- weight - Class Weight. type: int more...
- ip_protocol - Configure a NP7 QoS IP Protocol. type: list member_path: np_queues/ip_protocol:name more...
- name - IP Protocol Name. type: str required: true more...
- protocol - IP Protocol. type: int more...
- queue - Queue Number. type: int more...
- weight - Class Weight. type: int more...
- ip_service - Configure a NP7 QoS IP Service. type: list member_path: np_queues/ip_service:name more...
- dport - Destination port. type: int more...
- name - IP service name. type: str required: true more...
- protocol - IP protocol. type: int more...
- queue - Queue number. type: int more...
- sport - Source port. type: int more...
- weight - Class weight. type: int more...
- profile - Configure a NP7 class profile. type: list member_path: np_queues/profile:id more...
- cos0 - Queue number of CoS 0. type: str choices: queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7 more...
- cos1 - Queue number of CoS 1. type: str choices: queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7 more...
- cos2 - Queue number of CoS 2. type: str choices: queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7 more...
- cos3 - Queue number of CoS 3. type: str choices: queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7 more...
- cos4 - Queue number of CoS 4. type: str choices: queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7 more...
- cos5 - Queue number of CoS 5. type: str choices: queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7 more...
- cos6 - Queue number of CoS 6. type: str choices: queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7 more...
- cos7 - Queue number of CoS 7. type: str choices: queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7 more...
- dscp0 - Queue number of DSCP 0. type: str choices: queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7 more...
- dscp1 - Queue number of DSCP 1. type: str choices: queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7 more...
- dscp10 - Queue number of DSCP 10. type: str choices: queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7 more...
- dscp11 - Queue number of DSCP 11. type: str choices: queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7 more...
- dscp12 - Queue number of DSCP 12. type: str choices: queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7 more...
- dscp13 - Queue number of DSCP 13. type: str choices: queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7 more...
- dscp14 - Queue number of DSCP 14. type: str choices: queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7 more...
- dscp15 - Queue number of DSCP 15. type: str choices: queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7 more...
- dscp16 - Queue number of DSCP 16. type: str choices: queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7 more...
- dscp17 - Queue number of DSCP 17. type: str choices: queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7 more...
- dscp18 - Queue number of DSCP 18. type: str choices: queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7 more...
- dscp19 - Queue number of DSCP 19. type: str choices: queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7 more...
- dscp2 - Queue number of DSCP 2. type: str choices: queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7 more...
- dscp20 - Queue number of DSCP 20. type: str choices: queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7 more...
- dscp21 - Queue number of DSCP 21. type: str choices: queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7 more...
- dscp22 - Queue number of DSCP 22. type: str choices: queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7 more...
- dscp23 - Queue number of DSCP 23. type: str choices: queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7 more...
- dscp24 - Queue number of DSCP 24. type: str choices: queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7 more...
- dscp25 - Queue number of DSCP 25. type: str choices: queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7 more...
- dscp26 - Queue number of DSCP 26. type: str choices: queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7 more...
- dscp27 - Queue number of DSCP 27. type: str choices: queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7 more...
- dscp28 - Queue number of DSCP 28. type: str choices: queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7 more...
- dscp29 - Queue number of DSCP 29. type: str choices: queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7 more...
- dscp3 - Queue number of DSCP 3. type: str choices: queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7 more...
- dscp30 - Queue number of DSCP 30. type: str choices: queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7 more...
- dscp31 - Queue number of DSCP 31. type: str choices: queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7 more...
- dscp32 - Queue number of DSCP 32. type: str choices: queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7 more...
- dscp33 - Queue number of DSCP 33. type: str choices: queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7 more...
- dscp34 - Queue number of DSCP 34. type: str choices: queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7 more...
- dscp35 - Queue number of DSCP 35. type: str choices: queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7 more...
- dscp36 - Queue number of DSCP 36. type: str choices: queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7 more...
- dscp37 - Queue number of DSCP 37. type: str choices: queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7 more...
- dscp38 - Queue number of DSCP 38. type: str choices: queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7 more...
- dscp39 - Queue number of DSCP 39. type: str choices: queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7 more...
- dscp4 - Queue number of DSCP 4. type: str choices: queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7 more...
- dscp40 - Queue number of DSCP 40. type: str choices: queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7 more...
- dscp41 - Queue number of DSCP 41. type: str choices: queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7 more...
- dscp42 - Queue number of DSCP 42. type: str choices: queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7 more...
- dscp43 - Queue number of DSCP 43. type: str choices: queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7 more...
- dscp44 - Queue number of DSCP 44. type: str choices: queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7 more...
- dscp45 - Queue number of DSCP 45. type: str choices: queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7 more...
- dscp46 - Queue number of DSCP 46. type: str choices: queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7 more...
- dscp47 - Queue number of DSCP 47. type: str choices: queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7 more...
- dscp48 - Queue number of DSCP 48. type: str choices: queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7 more...
- dscp49 - Queue number of DSCP 49. type: str choices: queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7 more...
- dscp5 - Queue number of DSCP 5. type: str choices: queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7 more...
- dscp50 - Queue number of DSCP 50. type: str choices: queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7 more...
- dscp51 - Queue number of DSCP 51. type: str choices: queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7 more...
- dscp52 - Queue number of DSCP 52. type: str choices: queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7 more...
- dscp53 - Queue number of DSCP 53. type: str choices: queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7 more...
- dscp54 - Queue number of DSCP 54. type: str choices: queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7 more...
- dscp55 - Queue number of DSCP 55. type: str choices: queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7 more...
- dscp56 - Queue number of DSCP 56. type: str choices: queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7 more...
- dscp57 - Queue number of DSCP 57. type: str choices: queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7 more...
- dscp58 - Queue number of DSCP 58. type: str choices: queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7 more...
- dscp59 - Queue number of DSCP 59. type: str choices: queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7 more...
- dscp6 - Queue number of DSCP 6. type: str choices: queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7 more...
- dscp60 - Queue number of DSCP 60. type: str choices: queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7 more...
- dscp61 - Queue number of DSCP 61. type: str choices: queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7 more...
- dscp62 - Queue number of DSCP 62. type: str choices: queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7 more...
- dscp63 - Queue number of DSCP 63. type: str choices: queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7 more...
- dscp7 - Queue number of DSCP 7. type: str choices: queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7 more...
- dscp8 - Queue number of DSCP 8. type: str choices: queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7 more...
- dscp9 - Queue number of DSCP 9. type: str choices: queue0, queue1, queue2, queue3, queue4, queue5, queue6, queue7 more...
- id - Profile ID. see Notes. type: int required: true more...
- type - Profile type. type: str choices: cos, dscp more...
- weight - Class weight. type: int more...
- scheduler - Configure a NP7 QoS Scheduler. type: list member_path: np_queues/scheduler:name more...
- npu_group_effective_scope - npu-group-effective-scope defines under which npu-group cmds such as list/purge will be excecuted. Default scope is for all four HS-ok groups. (0-3). type: int more...
- npu_tcam - Configure NPU TCAM policies. type: list member_path: npu_tcam:name more...
- data - Data fields of TCAM. type: dict more...
- df - tcam data ip flag df. type: str choices: enable, disable more...
- dstip - tcam data dst ipv4 address. type: str more...
- dstipv6 - tcam data dst ipv6 address. type: str more...
- dstmac - tcam data dst macaddr. type: str more...
- dstport - tcam data L4 dst port. type: int more...
- ethertype - tcam data ethertype. type: str more...
- ext_tag - tcam data extension tag. type: str choices: enable, disable more...
- frag_off - tcam data ip flag fragment offset. type: int more...
- gen_buf_cnt - tcam data gen info buffer count. type: int more...
- gen_iv - tcam data gen info iv. type: str choices: valid, invalid more...
- gen_l3_flags - tcam data gen info L3 flags. type: int more...
- gen_l4_flags - tcam data gen info L4 flags. type: int more...
- gen_pkt_ctrl - tcam data gen info packet control. type: int more...
- gen_pri - tcam data gen info priority. type: int more...
- gen_pri_v - tcam data gen info priority valid. type: str choices: valid, invalid more...
- gen_tv - tcam data gen info tv. type: str choices: valid, invalid more...
- ihl - tcam data ipv4 IHL. type: int more...
- ip4_id - tcam data ipv4 id. type: int more...
- ip6_fl - tcam data ipv6 flow label. type: int more...
- ipver - tcam data ip header version. type: int more...
- l4_wd10 - tcam data L4 word10. type: int more...
- l4_wd11 - tcam data L4 word11. type: int more...
- l4_wd8 - tcam data L4 word8. type: int more...
- l4_wd9 - tcam data L4 word9. type: int more...
- mf - tcam data ip flag mf. type: str choices: enable, disable more...
- protocol - tcam data ip protocol. type: int more...
- slink - tcam data sublink. type: int more...
- smac_change - tcam data source MAC change. type: str choices: enable, disable more...
- sp - tcam data source port. type: int more...
- src_cfi - tcam data source cfi. type: str choices: enable, disable more...
- src_prio - tcam data source priority. type: int more...
- src_updt - tcam data source update. type: str choices: enable, disable more...
- srcip - tcam data src ipv4 address. type: str more...
- srcipv6 - tcam data src ipv6 address. type: str more...
- srcmac - tcam data src macaddr. type: str more...
- srcport - tcam data L4 src port. type: int more...
- svid - tcam data source vid. type: int more...
- tcp_ack - tcam data tcp flag ack. type: str choices: enable, disable more...
- tcp_cwr - tcam data tcp flag cwr. type: str choices: enable, disable more...
- tcp_ece - tcam data tcp flag ece. type: str choices: enable, disable more...
- tcp_fin - tcam data tcp flag fin. type: str choices: enable, disable more...
- tcp_push - tcam data tcp flag push. type: str choices: enable, disable more...
- tcp_rst - tcam data tcp flag rst. type: str choices: enable, disable more...
- tcp_syn - tcam data tcp flag syn. type: str choices: enable, disable more...
- tcp_urg - tcam data tcp flag urg. type: str choices: enable, disable more...
- tgt_cfi - tcam data target cfi. type: str choices: enable, disable more...
- tgt_prio - tcam data target priority. type: int more...
- tgt_updt - tcam data target port update. type: str choices: enable, disable more...
- tgt_v - tcam data target valid. type: str choices: valid, invalid more...
- tos - tcam data ip tos. type: int more...
- tp - tcam data target port. type: int more...
- ttl - tcam data ip ttl. type: int more...
- tvid - tcam data target vid. type: int more...
- vdid - tcam data vdom id. type: int more...
- mask - Mask fields of TCAM. type: dict more...
- df - tcam mask ip flag df. type: str choices: enable, disable more...
- dstip - tcam mask dst ipv4 address. type: str more...
- dstipv6 - tcam mask dst ipv6 address. type: str more...
- dstmac - tcam mask dst macaddr. type: str more...
- dstport - tcam mask L4 dst port. type: int more...
- ethertype - tcam mask ethertype. type: str more...
- ext_tag - tcam mask extension tag. type: str choices: enable, disable more...
- frag_off - tcam data ip flag fragment offset. type: int more...
- gen_buf_cnt - tcam mask gen info buffer count. type: int more...
- gen_iv - tcam mask gen info iv. type: str choices: valid, invalid more...
- gen_l3_flags - tcam mask gen info L3 flags. type: int more...
- gen_l4_flags - tcam mask gen info L4 flags. type: int more...
- gen_pkt_ctrl - tcam mask gen info packet control. type: int more...
- gen_pri - tcam mask gen info priority. type: int more...
- gen_pri_v - tcam mask gen info priority valid. type: str choices: valid, invalid more...
- gen_tv - tcam mask gen info tv. type: str choices: valid, invalid more...
- ihl - tcam mask ipv4 IHL. type: int more...
- ip4_id - tcam mask ipv4 id. type: int more...
- ip6_fl - tcam mask ipv6 flow label. type: int more...
- ipver - tcam mask ip header version. type: int more...
- l4_wd10 - tcam mask L4 word10. type: int more...
- l4_wd11 - tcam mask L4 word11. type: int more...
- l4_wd8 - tcam mask L4 word8. type: int more...
- l4_wd9 - tcam mask L4 word9. type: int more...
- mf - tcam mask ip flag mf. type: str choices: enable, disable more...
- protocol - tcam mask ip protocol. type: int more...
- slink - tcam mask sublink. type: int more...
- smac_change - tcam mask source MAC change. type: str choices: enable, disable more...
- sp - tcam mask source port. type: int more...
- src_cfi - tcam mask source cfi. type: str choices: enable, disable more...
- src_prio - tcam mask source priority. type: int more...
- src_updt - tcam mask source update. type: str choices: enable, disable more...
- srcip - tcam mask src ipv4 address. type: str more...
- srcipv6 - tcam mask src ipv6 address. type: str more...
- srcmac - tcam mask src macaddr. type: str more...
- srcport - tcam mask L4 src port. type: int more...
- svid - tcam mask source vid. type: int more...
- tcp_ack - tcam mask tcp flag ack. type: str choices: enable, disable more...
- tcp_cwr - tcam mask tcp flag cwr. type: str choices: enable, disable more...
- tcp_ece - tcam mask tcp flag ece. type: str choices: enable, disable more...
- tcp_fin - tcam mask tcp flag fin. type: str choices: enable, disable more...
- tcp_push - tcam mask tcp flag push. type: str choices: enable, disable more...
- tcp_rst - tcam mask tcp flag rst. type: str choices: enable, disable more...
- tcp_syn - tcam mask tcp flag syn. type: str choices: enable, disable more...
- tcp_urg - tcam mask tcp flag urg. type: str choices: enable, disable more...
- tgt_cfi - tcam mask target cfi. type: str choices: enable, disable more...
- tgt_prio - tcam mask target priority. type: int more...
- tgt_updt - tcam mask target port update. type: str choices: enable, disable more...
- tgt_v - tcam mask target valid. type: str choices: valid, invalid more...
- tos - tcam mask ip tos. type: int more...
- tp - tcam mask target port. type: int more...
- ttl - tcam mask ip ttl. type: int more...
- tvid - tcam mask target vid. type: int more...
- vdid - tcam mask vdom id. type: int more...
- mir_act - Mirror action of TCAM. type: dict more...
- vlif - tcam mirror action vlif. type: int more...
- name - NPU TCAM policies name. type: str required: true more...
- oid - NPU TCAM OID. type: int more...
- pri_act - Priority action of TCAM. type: dict more...
- priority - tcam priority action priority. type: int more...
- weight - tcam priority action weight. type: int more...
- sact - Source action of TCAM. type: dict more...
- act - tcam sact act. type: int more...
- act_v - Enable to set sact act. type: str choices: enable, disable more...
- bmproc - tcam sact bmproc. type: int more...
- bmproc_v - Enable to set sact bmproc. type: str choices: enable, disable more...
- df_lif - tcam sact df-lif. type: int more...
- df_lif_v - Enable to set sact df-lif. type: str choices: enable, disable more...
- dfr - tcam sact dfr. type: int more...
- dfr_v - Enable to set sact dfr. type: str choices: enable, disable more...
- dmac_skip - tcam sact dmac-skip. type: int more...
- dmac_skip_v - Enable to set sact dmac-skip. type: str choices: enable, disable more...
- dosen - tcam sact dosen. type: int more...
- dosen_v - Enable to set sact dosen. type: str choices: enable, disable more...
- espff_proc - tcam sact espff-proc. type: int more...
- espff_proc_v - Enable to set sact espff-proc. type: str choices: enable, disable more...
- etype_pid - tcam sact etype-pid. type: int more...
- etype_pid_v - Enable to set sact etype-pid. type: str choices: enable, disable more...
- frag_proc - tcam sact frag-proc. type: int more...
- frag_proc_v - Enable to set sact frag-proc. type: str choices: enable, disable more...
- fwd - tcam sact fwd. type: int more...
- fwd_lif - tcam sact fwd-lif. type: int more...
- fwd_lif_v - Enable to set sact fwd-lif. type: str choices: enable, disable more...
- fwd_tvid - tcam sact fwd-tvid. type: int more...
- fwd_tvid_v - Enable to set sact fwd-vid. type: str choices: enable, disable more...
- fwd_v - Enable to set sact fwd. type: str choices: enable, disable more...
- icpen - tcam sact icpen. type: int more...
- icpen_v - Enable to set sact icpen. type: str choices: enable, disable more...
- igmp_mld_snp - tcam sact igmp-mld-snp. type: int more...
- igmp_mld_snp_v - Enable to set sact igmp-mld-snp. type: str choices: enable, disable more...
- learn - tcam sact learn. type: int more...
- learn_v - Enable to set sact learn. type: str choices: enable, disable more...
- m_srh_ctrl - tcam sact m-srh-ctrl. type: int more...
- m_srh_ctrl_v - Enable to set sact m-srh-ctrl. type: str choices: enable, disable more...
- mac_id - tcam sact mac-id. type: int more...
- mac_id_v - Enable to set sact mac-id. type: str choices: enable, disable more...
- mss - tcam sact mss. type: int more...
- mss_v - Enable to set sact mss. type: str choices: enable, disable more...
- pleen - tcam sact pleen. type: int more...
- pleen_v - Enable to set sact pleen. type: str choices: enable, disable more...
- prio_pid - tcam sact prio-pid. type: int more...
- prio_pid_v - Enable to set sact prio-pid. type: str choices: enable, disable more...
- promis - tcam sact promis. type: int more...
- promis_v - Enable to set sact promis. type: str choices: enable, disable more...
- rfsh - tcam sact rfsh. type: int more...
- rfsh_v - Enable to set sact rfsh. type: str choices: enable, disable more...
- smac_skip - tcam sact smac-skip. type: int more...
- smac_skip_v - Enable to set sact smac-skip. type: str choices: enable, disable more...
- tp_smchk - tcam sact tp mode. type: int more...
- tp_smchk_v - Enable to set sact tp mode. type: str choices: enable, disable more...
- tpe_id - tcam sact tpe-id. type: int more...
- tpe_id_v - Enable to set sact tpe-id. type: str choices: enable, disable more...
- vdm - tcam sact vdm. type: int more...
- vdm_v - Enable to set sact vdm. type: str choices: enable, disable more...
- vdom_id - tcam sact vdom-id. type: int more...
- vdom_id_v - Enable to set sact vdom-id. type: str choices: enable, disable more...
- x_mode - tcam sact x-mode. type: int more...
- x_mode_v - Enable to set sact x-mode. type: str choices: enable, disable more...
- tact - Target action of TCAM. type: dict more...
- act - tcam tact act. type: int more...
- act_v - Enable to set tact act. type: str choices: enable, disable more...
- fmtuv4_s - tcam tact fmtuv4-s. type: int more...
- fmtuv4_s_v - Enable to set tact fmtuv4-s. type: str choices: enable, disable more...
- fmtuv6_s - tcam tact fmtuv6-s. type: int more...
- fmtuv6_s_v - Enable to set tact fmtuv6-s. type: str choices: enable, disable more...
- lnkid - tcam tact lnkid. type: int more...
- lnkid_v - Enable to set tact lnkid. type: str choices: enable, disable more...
- mac_id - tcam tact mac-id. type: int more...
- mac_id_v - Enable to set tact mac-id. type: str choices: enable, disable more...
- mss_t - tcam tact mss. type: int more...
- mss_t_v - Enable to set tact mss. type: str choices: enable, disable more...
- mtuv4 - tcam tact mtuv4. type: int more...
- mtuv4_v - Enable to set tact mtuv4. type: str choices: enable, disable more...
- mtuv6 - tcam tact mtuv6. type: int more...
- mtuv6_v - Enable to set tact mtuv6. type: str choices: enable, disable more...
- slif_act - tcam tact slif-act. type: int more...
- slif_act_v - Enable to set tact slif-act. type: str choices: enable, disable more...
- sublnkid - tcam tact sublnkid. type: int more...
- sublnkid_v - Enable to set tact sublnkid. type: str choices: enable, disable more...
- tgtv_act - tcam tact tgtv-act. type: int more...
- tgtv_act_v - Enable to set tact tgtv-act. type: str choices: enable, disable more...
- tlif_act - tcam tact tlif-act. type: int more...
- tlif_act_v - Enable to set tact tlif-act. type: str choices: enable, disable more...
- tpeid - tcam tact tpeid. type: int more...
- tpeid_v - Enable to set tact tpeid. type: str choices: enable, disable more...
- v6fe - tcam tact v6fe. type: int more...
- v6fe_v - Enable to set tact v6fe. type: str choices: enable, disable more...
- vep_en - tcam tact vep_en. type: int more...
- vep_en_v - Enable to set tact vep-en. type: str choices: enable, disable more...
- vep_slid - tcam tact vep_slid. type: int more...
- vep_slid_v - Enable to set tact vep-slid. type: str choices: enable, disable more...
- xlt_lif - tcam tact xlt-lif. type: int more...
- xlt_lif_v - Enable to set tact xlt-lif. type: str choices: enable, disable more...
- xlt_vid - tcam tact xlt-vid. type: int more...
- xlt_vid_v - Enable to set tact xlt-vid. type: str choices: enable, disable more...
- type - TCAM policy type. type: str choices: L2_src_tc, L2_tgt_tc, L2_src_mir, L2_tgt_mir, L2_src_act, L2_tgt_act, IPv4_src_tc, IPv4_tgt_tc, IPv4_src_mir, IPv4_tgt_mir, IPv4_src_act, IPv4_tgt_act, IPv6_src_tc, IPv6_tgt_tc, IPv6_src_mir, IPv6_tgt_mir, IPv6_src_act, IPv6_tgt_act more...
- vid - NPU TCAM VID. type: int more...
- per_session_accounting - Set per-session accounting. type: str choices: traffic-log-only, disable, enable more...
- port_cpu_map - Configure NPU interface to CPU core mapping. type: list member_path: port_cpu_map:interface more...
- cpu_core - The CPU core to map to an interface. type: str more...
- interface - The interface to map to a CPU core. type: str required: true more...
- port_npu_map - Configure port to NPU group mapping. type: list member_path: port_npu_map:interface more...
- interface - Set NPU interface port for NPU group mapping. type: str required: true more...
- npu_group_index - Mapping NPU group index. type: int more...
- port_path_option - Configure port using NPU or Intel-NIC. type: dict more...
- ports_using_npu - Set ha/aux ports to handle traffic with NPU (otherwise traffic goes to Intel-NIC and then CPU). type: list member_path: port_path_option/ports_using_npu:interface_name more...
- interface_name - Available interfaces for NPU path. type: str required: true more...
- priority_protocol - Configure NPU priority protocol. type: dict more...
- bfd - Enable/disable NPU BFD priority protocol. type: str choices: enable, disable more...
- bgp - Enable/disable NPU BGP priority protocol. type: str choices: enable, disable more...
- slbc - Enable/disable NPU SLBC priority protocol. type: str choices: enable, disable more...
- qos_mode - QoS mode on switch and NP. type: str choices: disable, priority, round-robin more...
- qtm_buf_mode - QTM channel configuration for packet buffer. type: str choices: 6ch, 4ch more...
- rdp_offload - Enable/disable RDP offload. type: str choices: enable, disable more...
- session_acct_interval - Session accounting update interval (1 - 10 sec). type: int more...
- session_denied_offload - Enable/disable offloading of denied sessions. Requires ses-denied-traffic to be set. type: str choices: disable, enable more...
- shaping_stats - Enable/disable NP7 traffic shaping statistics . type: str choices: disable, enable more...
- sse_backpressure - Enable/disable SSE backpressure. type: str choices: enable, disable more...
- strip_clear_text_padding - Enable/disable stripping clear text padding. type: str choices: enable, disable more...
- strip_esp_padding - Enable/disable stripping ESP padding. type: str choices: enable, disable more...
- sw_eh_hash - Configure switch enhanced hashing. type: dict more...
- computation - Set hashing computation. type: str choices: xor16, xor8, xor4, crc16 more...
- destination_ip_lower_16 - Include/exclude destination IP address lower 16 bits. type: str choices: include, exclude more...
- destination_ip_upper_16 - Include/exclude destination IP address upper 16 bits. type: str choices: include, exclude more...
- destination_port - Include/exclude destination port if TCP/UDP. type: str choices: include, exclude more...
- ip_protocol - Include/exclude IP protocol. type: str choices: include, exclude more...
- netmask_length - Network mask length. type: int more...
- source_ip_lower_16 - Include/exclude source IP address lower 16 bits. type: str choices: include, exclude more...
- source_ip_upper_16 - Include/exclude source IP address upper 16 bits. type: str choices: include, exclude more...
- source_port - Include/exclude source port if TCP/UDP. type: str choices: include, exclude more...
- sw_np_bandwidth - Bandwidth from switch to NP. type: str choices: 0G, 2G, 4G, 5G, 6G, 7G, 8G, 9G more...
- sw_tr_hash - Configure switch traditional hashing. type: dict more...
- draco15 - Enable/disable DRACO15 hashing. type: str choices: enable, disable more...
- tcp_udp_port - Include/exclude TCP/UDP source and destination port for unicast trunk traffic. type: str choices: include, exclude more...
- uesp_offload - Enable/disable UDP-encapsulated ESP offload . type: str choices: enable, disable more...
- ull_port_mode - Set ULL port"s speed to 10G/25G . type: str choices: 10G, 25G more...
- vlan_lookup_cache - Enable/disable vlan lookup cache . type: str choices: enable, disable more...
Notes
Note
Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks
Examples
- name: Configure NPU attributes.
fortinet.fortios.fortios_system_npu:
vdom: "{{ vdom }}"
system_npu:
capwap_offload: "enable"
dedicated_management_affinity: "<your_own_value>"
dedicated_management_cpu: "enable"
default_qos_type: "policing"
dos_options:
npu_dos_meter_mode: "global"
npu_dos_tpe_mode: "enable"
double_level_mcast_offload: "enable"
dsw_dts_profile:
-
action: "wait"
min_limit: "0"
profile_id: "<you_own_value>"
step: "0"
dsw_queue_dts_profile:
-
iport: "eif0"
name: "default_name_18"
oport: "eif0"
profile_id: "0"
queue_select: "0"
fastpath: "disable"
fp_anomaly:
icmp_csum_err: "drop"
icmp_frag: "allow"
icmp_land: "allow"
ipv4_csum_err: "drop"
ipv4_land: "allow"
ipv4_optlsrr: "allow"
ipv4_optrr: "allow"
ipv4_optsecurity: "allow"
ipv4_optssrr: "allow"
ipv4_optstream: "allow"
ipv4_opttimestamp: "allow"
ipv4_proto_err: "allow"
ipv4_unknopt: "allow"
ipv6_daddr_err: "allow"
ipv6_land: "allow"
ipv6_optendpid: "allow"
ipv6_opthomeaddr: "allow"
ipv6_optinvld: "allow"
ipv6_optjumbo: "allow"
ipv6_optnsap: "allow"
ipv6_optralert: "allow"
ipv6_opttunnel: "allow"
ipv6_proto_err: "allow"
ipv6_saddr_err: "allow"
ipv6_unknopt: "allow"
tcp_csum_err: "drop"
tcp_fin_noack: "allow"
tcp_fin_only: "allow"
tcp_land: "allow"
tcp_no_flag: "allow"
tcp_syn_data: "allow"
tcp_syn_fin: "allow"
tcp_winnuke: "allow"
udp_csum_err: "drop"
udp_land: "allow"
gtp_enhanced_cpu_range: "0"
gtp_enhanced_mode: "enable"
gtp_support: "enable"
hash_tbl_spread: "enable"
hpe:
all_protocol: "400000"
arp_max: "5000"
enable_shaper: "disable"
esp_max: "5000"
high_priority: "400000"
icmp_max: "5000"
ip_frag_max: "5000"
ip_others_max: "5000"
l2_others_max: "5000"
sctp_max: "5000"
tcp_max: "40000"
tcpfin_rst_max: "40000"
tcpsyn_ack_max: "40000"
tcpsyn_max: "40000"
udp_max: "40000"
htab_dedi_queue_nr: "4"
htab_msg_queue: "data"
htx_icmp_csum_chk: "drop"
inbound_dscp_copy_port:
-
interface: "<your_own_value>"
intf_shaping_offload: "enable"
ip_fragment_offload: "disable"
ip_reassembly:
max_timeout: "200000"
min_timeout: "64"
status: "disable"
ipsec_dec_subengine_mask: "<your_own_value>"
ipsec_enc_subengine_mask: "<your_own_value>"
ipsec_inbound_cache: "enable"
ipsec_mtu_override: "disable"
ipsec_ob_np_sel: "rr"
ipsec_over_vlink: "enable"
isf_np_queues:
cos0: "<your_own_value> (source system.isf-queue-profile.name)"
cos1: "<your_own_value> (source system.isf-queue-profile.name)"
cos2: "<your_own_value> (source system.isf-queue-profile.name)"
cos3: "<your_own_value> (source system.isf-queue-profile.name)"
cos4: "<your_own_value> (source system.isf-queue-profile.name)"
cos5: "<your_own_value> (source system.isf-queue-profile.name)"
cos6: "<your_own_value> (source system.isf-queue-profile.name)"
cos7: "<your_own_value> (source system.isf-queue-profile.name)"
lag_out_port_select: "disable"
max_receive_unit: "0"
max_session_timeout: "40"
mcast_session_accounting: "tpe-based"
napi_break_interval: "0"
np_queues:
ethernet_type:
-
name: "default_name_112"
queue: "0"
type: "<your_own_value>"
weight: "15"
ip_protocol:
-
name: "default_name_117"
protocol: "0"
queue: "0"
weight: "14"
ip_service:
-
dport: "0"
name: "default_name_123"
protocol: "0"
queue: "0"
sport: "0"
weight: "13"
profile:
-
cos0: "queue0"
cos1: "queue0"
cos2: "queue0"
cos3: "queue0"
cos4: "queue0"
cos5: "queue0"
cos6: "queue0"
cos7: "queue0"
dscp0: "queue0"
dscp1: "queue0"
dscp10: "queue0"
dscp11: "queue0"
dscp12: "queue0"
dscp13: "queue0"
dscp14: "queue0"
dscp15: "queue0"
dscp16: "queue0"
dscp17: "queue0"
dscp18: "queue0"
dscp19: "queue0"
dscp2: "queue0"
dscp20: "queue0"
dscp21: "queue0"
dscp22: "queue0"
dscp23: "queue0"
dscp24: "queue0"
dscp25: "queue0"
dscp26: "queue0"
dscp27: "queue0"
dscp28: "queue0"
dscp29: "queue0"
dscp3: "queue0"
dscp30: "queue0"
dscp31: "queue0"
dscp32: "queue0"
dscp33: "queue0"
dscp34: "queue0"
dscp35: "queue0"
dscp36: "queue0"
dscp37: "queue0"
dscp38: "queue0"
dscp39: "queue0"
dscp4: "queue0"
dscp40: "queue0"
dscp41: "queue0"
dscp42: "queue0"
dscp43: "queue0"
dscp44: "queue0"
dscp45: "queue0"
dscp46: "queue0"
dscp47: "queue0"
dscp48: "queue0"
dscp49: "queue0"
dscp5: "queue0"
dscp50: "queue0"
dscp51: "queue0"
dscp52: "queue0"
dscp53: "queue0"
dscp54: "queue0"
dscp55: "queue0"
dscp56: "queue0"
dscp57: "queue0"
dscp58: "queue0"
dscp59: "queue0"
dscp6: "queue0"
dscp60: "queue0"
dscp61: "queue0"
dscp62: "queue0"
dscp63: "queue0"
dscp7: "queue0"
dscp8: "queue0"
dscp9: "queue0"
id: "201"
type: "cos"
weight: "6"
scheduler:
-
mode: "none"
name: "default_name_206"
npu_group_effective_scope: "255"
npu_tcam:
-
data:
df: "enable"
dstip: "<your_own_value>"
dstipv6: "<your_own_value>"
dstmac: "<your_own_value>"
dstport: "0"
ethertype: "<your_own_value>"
ext_tag: "enable"
frag_off: "0"
gen_buf_cnt: "0"
gen_iv: "valid"
gen_l3_flags: "0"
gen_l4_flags: "0"
gen_pkt_ctrl: "0"
gen_pri: "0"
gen_pri_v: "valid"
gen_tv: "valid"
ihl: "0"
ip4_id: "0"
ip6_fl: "0"
ipver: "0"
l4_wd10: "0"
l4_wd11: "0"
l4_wd8: "0"
l4_wd9: "0"
mf: "enable"
protocol: "0"
slink: "0"
smac_change: "enable"
sp: "0"
src_cfi: "enable"
src_prio: "0"
src_updt: "enable"
srcip: "<your_own_value>"
srcipv6: "<your_own_value>"
srcmac: "<your_own_value>"
srcport: "0"
svid: "0"
tcp_ack: "enable"
tcp_cwr: "enable"
tcp_ece: "enable"
tcp_fin: "enable"
tcp_push: "enable"
tcp_rst: "enable"
tcp_syn: "enable"
tcp_urg: "enable"
tgt_cfi: "enable"
tgt_prio: "0"
tgt_updt: "enable"
tgt_v: "valid"
tos: "0"
tp: "0"
ttl: "0"
tvid: "0"
vdid: "0"
mask:
df: "enable"
dstip: "<your_own_value>"
dstipv6: "<your_own_value>"
dstmac: "<your_own_value>"
dstport: "0"
ethertype: "<your_own_value>"
ext_tag: "enable"
frag_off: "0"
gen_buf_cnt: "0"
gen_iv: "valid"
gen_l3_flags: "0"
gen_l4_flags: "0"
gen_pkt_ctrl: "0"
gen_pri: "0"
gen_pri_v: "valid"
gen_tv: "valid"
ihl: "0"
ip4_id: "0"
ip6_fl: "0"
ipver: "0"
l4_wd10: "0"
l4_wd11: "0"
l4_wd8: "0"
l4_wd9: "0"
mf: "enable"
protocol: "0"
slink: "0"
smac_change: "enable"
sp: "0"
src_cfi: "enable"
src_prio: "0"
src_updt: "enable"
srcip: "<your_own_value>"
srcipv6: "<your_own_value>"
srcmac: "<your_own_value>"
srcport: "0"
svid: "0"
tcp_ack: "enable"
tcp_cwr: "enable"
tcp_ece: "enable"
tcp_fin: "enable"
tcp_push: "enable"
tcp_rst: "enable"
tcp_syn: "enable"
tcp_urg: "enable"
tgt_cfi: "enable"
tgt_prio: "0"
tgt_updt: "enable"
tgt_v: "valid"
tos: "0"
tp: "0"
ttl: "0"
tvid: "0"
vdid: "0"
mir_act:
vlif: "0"
name: "default_name_321"
oid: "0"
pri_act:
priority: "0"
weight: "0"
sact:
act: "0"
act_v: "enable"
bmproc: "0"
bmproc_v: "enable"
df_lif: "0"
df_lif_v: "enable"
dfr: "0"
dfr_v: "enable"
dmac_skip: "0"
dmac_skip_v: "enable"
dosen: "0"
dosen_v: "enable"
espff_proc: "0"
espff_proc_v: "enable"
etype_pid: "0"
etype_pid_v: "enable"
frag_proc: "0"
frag_proc_v: "enable"
fwd: "0"
fwd_lif: "0"
fwd_lif_v: "enable"
fwd_tvid: "0"
fwd_tvid_v: "enable"
fwd_v: "enable"
icpen: "0"
icpen_v: "enable"
igmp_mld_snp: "0"
igmp_mld_snp_v: "enable"
learn: "0"
learn_v: "enable"
m_srh_ctrl: "0"
m_srh_ctrl_v: "enable"
mac_id: "0"
mac_id_v: "enable"
mss: "0"
mss_v: "enable"
pleen: "0"
pleen_v: "enable"
prio_pid: "0"
prio_pid_v: "enable"
promis: "0"
promis_v: "enable"
rfsh: "0"
rfsh_v: "enable"
smac_skip: "0"
smac_skip_v: "enable"
tp_smchk: "0"
tp_smchk_v: "enable"
tpe_id: "0"
tpe_id_v: "enable"
vdm: "0"
vdm_v: "enable"
vdom_id: "0"
vdom_id_v: "enable"
x_mode: "0"
x_mode_v: "enable"
tact:
act: "0"
act_v: "enable"
fmtuv4_s: "0"
fmtuv4_s_v: "enable"
fmtuv6_s: "0"
fmtuv6_s_v: "enable"
lnkid: "0"
lnkid_v: "enable"
mac_id: "0"
mac_id_v: "enable"
mss_t: "0"
mss_t_v: "enable"
mtuv4: "0"
mtuv4_v: "enable"
mtuv6: "0"
mtuv6_v: "enable"
slif_act: "0"
slif_act_v: "enable"
sublnkid: "0"
sublnkid_v: "enable"
tgtv_act: "0"
tgtv_act_v: "enable"
tlif_act: "0"
tlif_act_v: "enable"
tpeid: "0"
tpeid_v: "enable"
v6fe: "0"
v6fe_v: "enable"
vep_en: "0"
vep_en_v: "enable"
vep_slid: "0"
vep_slid_v: "enable"
xlt_lif: "0"
xlt_lif_v: "enable"
xlt_vid: "0"
xlt_vid_v: "enable"
type: "L2_src_tc"
vid: "0"
per_session_accounting: "traffic-log-only"
port_cpu_map:
-
cpu_core: "<your_own_value>"
interface: "<your_own_value>"
port_npu_map:
-
interface: "<your_own_value>"
npu_group_index: "0"
port_path_option:
ports_using_npu:
-
interface_name: "<your_own_value>"
priority_protocol:
bfd: "enable"
bgp: "enable"
slbc: "enable"
qos_mode: "disable"
qtm_buf_mode: "6ch"
rdp_offload: "enable"
session_acct_interval: "5"
session_denied_offload: "disable"
shaping_stats: "disable"
sse_backpressure: "enable"
strip_clear_text_padding: "enable"
strip_esp_padding: "enable"
sw_eh_hash:
computation: "xor16"
destination_ip_lower_16: "include"
destination_ip_upper_16: "include"
destination_port: "include"
ip_protocol: "include"
netmask_length: "32"
source_ip_lower_16: "include"
source_ip_upper_16: "include"
source_port: "include"
sw_np_bandwidth: "0G"
sw_tr_hash:
draco15: "enable"
tcp_udp_port: "include"
uesp_offload: "enable"
ull_port_mode: "10G"
vlan_lookup_cache: "enable"
Return Values
Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:
- build - Build number of the fortigate image returned: always type: str sample: 1547
- http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
- http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
- mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
- name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
- path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
- revision - Internal revision number returned: always type: str sample: 17.0.2.10658
- serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
- status - Indication of the operation's result returned: always type: str sample: success
- vdom - Virtual domain used returned: always type: str sample: root
- version - Version of the FortiGate returned: always type: str sample: v5.6.3
Status
This module is not guaranteed to have a backwards compatible interface.