drmofu / drmofu.fortimanager / 2.2.2 / module / fmgr_system_npu_fpanomaly NP6Lite anomaly protection | "added in version" 2.1.6 of drmofu.fortimanager" Authors: Xinwei Du (@dux-fortinet), Xing Li (@lix-fortinet), Jie Xue (@JieX19), Link Zheng (@chillancezen), Frank Shen (@fshen01), Hongbin Lu (@fgtdev-hblu) preview | supported by communitydrmofu.fortimanager.fmgr_system_npu_fpanomaly (2.2.2) — module
Install with ansible-galaxy collection install drmofu.fortimanager:==2.2.2
collections: - name: drmofu.fortimanager version: 2.2.2
This module is able to configure a FortiManager device.
Examples include all parameters and values which need to be adjusted to data sources before usage.
- hosts: fortimanager-inventory collections: - fortinet.fortimanager connection: httpapi vars: ansible_httpapi_use_ssl: True ansible_httpapi_validate_certs: False ansible_httpapi_port: 443 tasks: - name: NP6Lite anomaly protection fmgr_system_npu_fpanomaly: bypass_validation: False workspace_locking_adom: <value in [global, custom adom including root]> workspace_locking_timeout: 300 rc_succeeded: [0, -2, -3, ...] rc_failed: [-2, -3, ...] adom: <your own value> system_npu_fpanomaly: esp-minlen-err: <value in [drop, trap-to-host]> icmp-csum-err: <value in [drop, trap-to-host]> icmp-minlen-err: <value in [drop, trap-to-host]> ipv4-csum-err: <value in [drop, trap-to-host]> ipv4-ihl-err: <value in [drop, trap-to-host]> ipv4-len-err: <value in [drop, trap-to-host]> ipv4-opt-err: <value in [drop, trap-to-host]> ipv4-ttlzero-err: <value in [drop, trap-to-host]> ipv4-ver-err: <value in [drop, trap-to-host]> ipv6-exthdr-len-err: <value in [drop, trap-to-host]> ipv6-exthdr-order-err: <value in [drop, trap-to-host]> ipv6-ihl-err: <value in [drop, trap-to-host]> ipv6-plen-zero: <value in [drop, trap-to-host]> ipv6-ver-err: <value in [drop, trap-to-host]> tcp-csum-err: <value in [drop, trap-to-host]> tcp-hlen-err: <value in [drop, trap-to-host]> tcp-plen-err: <value in [drop, trap-to-host]> udp-csum-err: <value in [drop, trap-to-host]> udp-hlen-err: <value in [drop, trap-to-host]> udp-len-err: <value in [drop, trap-to-host]> udp-plen-err: <value in [drop, trap-to-host]> udplite-cover-err: <value in [drop, trap-to-host]> udplite-csum-err: <value in [drop, trap-to-host]> unknproto-minlen-err: <value in [drop, trap-to-host]> tcp-fin-only: <value in [allow, drop, trap-to-host]> ipv4-optsecurity: <value in [allow, drop, trap-to-host]> ipv6-optralert: <value in [allow, drop, trap-to-host]> tcp-syn-fin: <value in [allow, drop, trap-to-host]> ipv4-proto-err: <value in [allow, drop, trap-to-host]> ipv6-saddr-err: <value in [allow, drop, trap-to-host]> icmp-frag: <value in [allow, drop, trap-to-host]> ipv4-optssrr: <value in [allow, drop, trap-to-host]> ipv6-opthomeaddr: <value in [allow, drop, trap-to-host]> udp-land: <value in [allow, drop, trap-to-host]> ipv6-optinvld: <value in [allow, drop, trap-to-host]> tcp-fin-noack: <value in [allow, drop, trap-to-host]> ipv6-proto-err: <value in [allow, drop, trap-to-host]> tcp-land: <value in [allow, drop, trap-to-host]> ipv4-unknopt: <value in [allow, drop, trap-to-host]> ipv4-optstream: <value in [allow, drop, trap-to-host]> ipv6-optjumbo: <value in [allow, drop, trap-to-host]> icmp-land: <value in [allow, drop, trap-to-host]> tcp-winnuke: <value in [allow, drop, trap-to-host]> ipv6-daddr-err: <value in [allow, drop, trap-to-host]> ipv4-land: <value in [allow, drop, trap-to-host]> ipv6-opttunnel: <value in [allow, drop, trap-to-host]> tcp-no-flag: <value in [allow, drop, trap-to-host]> ipv6-land: <value in [allow, drop, trap-to-host]> ipv4-optlsrr: <value in [allow, drop, trap-to-host]> ipv4-opttimestamp: <value in [allow, drop, trap-to-host]> ipv4-optrr: <value in [allow, drop, trap-to-host]> ipv6-optnsap: <value in [allow, drop, trap-to-host]> ipv6-unknopt: <value in [allow, drop, trap-to-host]> tcp-syn-data: <value in [allow, drop, trap-to-host]> ipv6-optendpid: <value in [allow, drop, trap-to-host]> gtpu-plen-err: <value in [drop, trap-to-host]> vxlan-minlen-err: <value in [drop, trap-to-host]> capwap-minlen-err: <value in [drop, trap-to-host]> gre-csum-err: <value in [drop, trap-to-host]> nvgre-minlen-err: <value in [drop, trap-to-host]> sctp-l4len-err: <value in [drop, trap-to-host]> tcp-hlenvsl4len-err: <value in [drop, trap-to-host]> sctp-crc-err: <value in [drop, trap-to-host]> sctp-clen-err: <value in [drop, trap-to-host]> uesp-minlen-err: <value in [drop, trap-to-host]>
adom: description: the parameter (adom) in requested url required: true type: str rc_failed: description: The rc codes list with which the conditions to fail will be overriden. elements: int required: false type: list enable_log: default: false description: Enable/Disable logging for task. required: false type: bool access_token: description: The token to access FortiManager without using username and password. required: false type: str rc_succeeded: description: The rc codes list with which the conditions to succeed will be overriden. elements: int required: false type: list proposed_method: choices: - update - set - add description: The overridden method for the underlying Json RPC request. required: false type: str bypass_validation: default: false description: Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters. required: false type: bool system_npu_fpanomaly: description: the top level parameters set required: false suboptions: capwap-minlen-err: choices: - drop - trap-to-host description: no description type: str esp-minlen-err: choices: - drop - trap-to-host description: Invalid IPv4 ESP short packet anomalies. type: str gre-csum-err: choices: - drop - trap-to-host description: no description type: str gtpu-plen-err: choices: - drop - trap-to-host description: no description type: str icmp-csum-err: choices: - drop - trap-to-host description: Invalid IPv4 ICMP packet checksum anomalies. type: str icmp-frag: choices: - allow - drop - trap-to-host description: Layer 3 fragmented packets that could be part of layer 4 ICMP anomalies. type: str icmp-land: choices: - allow - drop - trap-to-host description: ICMP land anomalies. type: str icmp-minlen-err: choices: - drop - trap-to-host description: Invalid IPv4 ICMP short packet anomalies. type: str ipv4-csum-err: choices: - drop - trap-to-host description: Invalid IPv4 packet checksum anomalies. type: str ipv4-ihl-err: choices: - drop - trap-to-host description: Invalid IPv4 header length anomalies. type: str ipv4-land: choices: - allow - drop - trap-to-host description: Land anomalies. type: str ipv4-len-err: choices: - drop - trap-to-host description: Invalid IPv4 packet length anomalies. type: str ipv4-opt-err: choices: - drop - trap-to-host description: Invalid IPv4 option parsing anomalies. type: str ipv4-optlsrr: choices: - allow - drop - trap-to-host description: Loose source record route option anomalies. type: str ipv4-optrr: choices: - allow - drop - trap-to-host description: Record route option anomalies. type: str ipv4-optsecurity: choices: - allow - drop - trap-to-host description: Security option anomalies. type: str ipv4-optssrr: choices: - allow - drop - trap-to-host description: Strict source record route option anomalies. type: str ipv4-optstream: choices: - allow - drop - trap-to-host description: Stream option anomalies. type: str ipv4-opttimestamp: choices: - allow - drop - trap-to-host description: Timestamp option anomalies. type: str ipv4-proto-err: choices: - allow - drop - trap-to-host description: Invalid layer 4 protocol anomalies. type: str ipv4-ttlzero-err: choices: - drop - trap-to-host description: Invalid IPv4 TTL field zero anomalies. type: str ipv4-unknopt: choices: - allow - drop - trap-to-host description: Unknown option anomalies. type: str ipv4-ver-err: choices: - drop - trap-to-host description: Invalid IPv4 header version anomalies. type: str ipv6-daddr-err: choices: - allow - drop - trap-to-host description: Destination address as unspecified or loopback address anomalies. type: str ipv6-exthdr-len-err: choices: - drop - trap-to-host description: Invalid IPv6 packet chain extension header total length anomalies. type: str ipv6-exthdr-order-err: choices: - drop - trap-to-host description: Invalid IPv6 packet extension header ordering anomalies. type: str ipv6-ihl-err: choices: - drop - trap-to-host description: Invalid IPv6 packet length anomalies. type: str ipv6-land: choices: - allow - drop - trap-to-host description: Land anomalies. type: str ipv6-optendpid: choices: - allow - drop - trap-to-host description: End point identification anomalies. type: str ipv6-opthomeaddr: choices: - allow - drop - trap-to-host description: Home address option anomalies. type: str ipv6-optinvld: choices: - allow - drop - trap-to-host description: Invalid option anomalies. type: str ipv6-optjumbo: choices: - allow - drop - trap-to-host description: Jumbo options anomalies. type: str ipv6-optnsap: choices: - allow - drop - trap-to-host description: Network service access point address option anomalies. type: str ipv6-optralert: choices: - allow - drop - trap-to-host description: Router alert option anomalies. type: str ipv6-opttunnel: choices: - allow - drop - trap-to-host description: Tunnel encapsulation limit option anomalies. type: str ipv6-plen-zero: choices: - drop - trap-to-host description: Invalid IPv6 packet payload length zero anomalies. type: str ipv6-proto-err: choices: - allow - drop - trap-to-host description: Layer 4 invalid protocol anomalies. type: str ipv6-saddr-err: choices: - allow - drop - trap-to-host description: Source address as multicast anomalies. type: str ipv6-unknopt: choices: - allow - drop - trap-to-host description: Unknown option anomalies. type: str ipv6-ver-err: choices: - drop - trap-to-host description: Invalid IPv6 packet version anomalies. type: str nvgre-minlen-err: choices: - drop - trap-to-host description: no description type: str sctp-clen-err: choices: - drop - trap-to-host description: no description type: str sctp-crc-err: choices: - drop - trap-to-host description: no description type: str sctp-l4len-err: choices: - drop - trap-to-host description: no description type: str tcp-csum-err: choices: - drop - trap-to-host description: Invalid IPv4 TCP packet checksum anomalies. type: str tcp-fin-noack: choices: - allow - drop - trap-to-host description: TCP SYN flood with FIN flag set without ACK setting anomalies. type: str tcp-fin-only: choices: - allow - drop - trap-to-host description: TCP SYN flood with only FIN flag set anomalies. type: str tcp-hlen-err: choices: - drop - trap-to-host description: Invalid IPv4 TCP header length anomalies. type: str tcp-hlenvsl4len-err: choices: - drop - trap-to-host description: no description type: str tcp-land: choices: - allow - drop - trap-to-host description: TCP land anomalies. type: str tcp-no-flag: choices: - allow - drop - trap-to-host description: TCP SYN flood with no flag set anomalies. type: str tcp-plen-err: choices: - drop - trap-to-host description: Invalid IPv4 TCP packet length anomalies. type: str tcp-syn-data: choices: - allow - drop - trap-to-host description: TCP SYN flood packets with data anomalies. type: str tcp-syn-fin: choices: - allow - drop - trap-to-host description: TCP SYN flood SYN/FIN flag set anomalies. type: str tcp-winnuke: choices: - allow - drop - trap-to-host description: TCP WinNuke anomalies. type: str udp-csum-err: choices: - drop - trap-to-host description: Invalid IPv4 UDP packet checksum anomalies. type: str udp-hlen-err: choices: - drop - trap-to-host description: Invalid IPv4 UDP packet header length anomalies. type: str udp-land: choices: - allow - drop - trap-to-host description: UDP land anomalies. type: str udp-len-err: choices: - drop - trap-to-host description: Invalid IPv4 UDP packet length anomalies. type: str udp-plen-err: choices: - drop - trap-to-host description: Invalid IPv4 UDP packet minimum length anomalies. type: str udplite-cover-err: choices: - drop - trap-to-host description: Invalid IPv4 UDP-Lite packet coverage anomalies. type: str udplite-csum-err: choices: - drop - trap-to-host description: Invalid IPv4 UDP-Lite packet checksum anomalies. type: str uesp-minlen-err: choices: - drop - trap-to-host description: no description type: str unknproto-minlen-err: choices: - drop - trap-to-host description: Invalid IPv4 L4 unknown protocol short packet anomalies. type: str vxlan-minlen-err: choices: - drop - trap-to-host description: no description type: str type: dict workspace_locking_adom: description: The adom to lock for FortiManager running in workspace mode, the value can be global and others including root. required: false type: str forticloud_access_token: description: Authenticate Ansible client with forticloud API access token. required: false type: str workspace_locking_timeout: default: 300 description: The maximum time in seconds to wait for other user to release the workspace lock. required: false type: int
meta: contains: request_url: description: The full url requested. returned: always sample: /sys/login/user type: str response_code: description: The status of api request. returned: always sample: 0 type: int response_data: description: The api response. returned: always type: list response_message: description: The descriptive message of the api response. returned: always sample: OK. type: str system_information: description: The information of the target system. returned: always type: dict description: The result of the request. returned: always type: dict rc: description: The status the request. returned: always sample: 0 type: int version_check_warning: description: Warning if the parameters used in the playbook are not supported by the current FortiManager version. returned: complex type: list