Try SpotterNP6Lite anomaly protection
| "added in version" 2.1.0 of fortinet.fortimanager"
Authors: Xinwei Du (@dux-fortinet), Xing Li (@lix-fortinet), Jie Xue (@JieX19), Link Zheng (@chillancezen), Frank Shen (@fshen01), Hongbin Lu (@fgtdev-hblu)
preview | supported by community
Install with ansible-galaxy collection install fortinet.fortimanager:==2.4.0
collections:
- name: fortinet.fortimanager
version: 2.4.0This module is able to configure a FortiManager device.
Examples include all parameters and values which need to be adjusted to data sources before usage.
- name: Example playbook (generated based on argument schema)
hosts: fortimanagers
connection: httpapi
vars:
ansible_httpapi_use_ssl: true
ansible_httpapi_validate_certs: false
ansible_httpapi_port: 443
tasks:
- name: NP6Lite anomaly protection
fortinet.fortimanager.fmgr_system_npu_fpanomaly:
# bypass_validation: false
workspace_locking_adom: <value in [global, custom adom including root]>
workspace_locking_timeout: 300
# rc_succeeded: [0, -2, -3, ...]
# rc_failed: [-2, -3, ...]
adom: <your own value>
system_npu_fpanomaly:
esp_minlen_err: <value in [drop, trap-to-host]>
icmp_csum_err: <value in [drop, trap-to-host]>
icmp_minlen_err: <value in [drop, trap-to-host]>
ipv4_csum_err: <value in [drop, trap-to-host]>
ipv4_ihl_err: <value in [drop, trap-to-host]>
ipv4_len_err: <value in [drop, trap-to-host]>
ipv4_opt_err: <value in [drop, trap-to-host]>
ipv4_ttlzero_err: <value in [drop, trap-to-host]>
ipv4_ver_err: <value in [drop, trap-to-host]>
ipv6_exthdr_len_err: <value in [drop, trap-to-host]>
ipv6_exthdr_order_err: <value in [drop, trap-to-host]>
ipv6_ihl_err: <value in [drop, trap-to-host]>
ipv6_plen_zero: <value in [drop, trap-to-host]>
ipv6_ver_err: <value in [drop, trap-to-host]>
tcp_csum_err: <value in [drop, trap-to-host]>
tcp_hlen_err: <value in [drop, trap-to-host]>
tcp_plen_err: <value in [drop, trap-to-host]>
udp_csum_err: <value in [drop, trap-to-host]>
udp_hlen_err: <value in [drop, trap-to-host]>
udp_len_err: <value in [drop, trap-to-host]>
udp_plen_err: <value in [drop, trap-to-host]>
udplite_cover_err: <value in [drop, trap-to-host]>
udplite_csum_err: <value in [drop, trap-to-host]>
unknproto_minlen_err: <value in [drop, trap-to-host]>
tcp_fin_only: <value in [allow, drop, trap-to-host]>
ipv4_optsecurity: <value in [allow, drop, trap-to-host]>
ipv6_optralert: <value in [allow, drop, trap-to-host]>
tcp_syn_fin: <value in [allow, drop, trap-to-host]>
ipv4_proto_err: <value in [allow, drop, trap-to-host]>
ipv6_saddr_err: <value in [allow, drop, trap-to-host]>
icmp_frag: <value in [allow, drop, trap-to-host]>
ipv4_optssrr: <value in [allow, drop, trap-to-host]>
ipv6_opthomeaddr: <value in [allow, drop, trap-to-host]>
udp_land: <value in [allow, drop, trap-to-host]>
ipv6_optinvld: <value in [allow, drop, trap-to-host]>
tcp_fin_noack: <value in [allow, drop, trap-to-host]>
ipv6_proto_err: <value in [allow, drop, trap-to-host]>
tcp_land: <value in [allow, drop, trap-to-host]>
ipv4_unknopt: <value in [allow, drop, trap-to-host]>
ipv4_optstream: <value in [allow, drop, trap-to-host]>
ipv6_optjumbo: <value in [allow, drop, trap-to-host]>
icmp_land: <value in [allow, drop, trap-to-host]>
tcp_winnuke: <value in [allow, drop, trap-to-host]>
ipv6_daddr_err: <value in [allow, drop, trap-to-host]>
ipv4_land: <value in [allow, drop, trap-to-host]>
ipv6_opttunnel: <value in [allow, drop, trap-to-host]>
tcp_no_flag: <value in [allow, drop, trap-to-host]>
ipv6_land: <value in [allow, drop, trap-to-host]>
ipv4_optlsrr: <value in [allow, drop, trap-to-host]>
ipv4_opttimestamp: <value in [allow, drop, trap-to-host]>
ipv4_optrr: <value in [allow, drop, trap-to-host]>
ipv6_optnsap: <value in [allow, drop, trap-to-host]>
ipv6_unknopt: <value in [allow, drop, trap-to-host]>
tcp_syn_data: <value in [allow, drop, trap-to-host]>
ipv6_optendpid: <value in [allow, drop, trap-to-host]>
gtpu_plen_err: <value in [drop, trap-to-host]>
vxlan_minlen_err: <value in [drop, trap-to-host]>
capwap_minlen_err: <value in [drop, trap-to-host]>
gre_csum_err: <value in [drop, trap-to-host]>
nvgre_minlen_err: <value in [drop, trap-to-host]>
sctp_l4len_err: <value in [drop, trap-to-host]>
tcp_hlenvsl4len_err: <value in [drop, trap-to-host]>
sctp_crc_err: <value in [drop, trap-to-host]>
sctp_clen_err: <value in [drop, trap-to-host]>
uesp_minlen_err: <value in [drop, trap-to-host]>
adom:
description: The parameter (adom) in requested url.
required: true
type: str
rc_failed:
description: The rc codes list with which the conditions to fail will be overriden.
elements: int
type: list
enable_log:
default: false
description: Enable/Disable logging for task.
type: bool
access_token:
description: The token to access FortiManager without using username and password.
type: str
rc_succeeded:
description: The rc codes list with which the conditions to succeed will be overriden.
elements: int
type: list
proposed_method:
choices:
- update
- set
- add
description: The overridden method for the underlying Json RPC request.
type: str
bypass_validation:
default: false
description: Only set to True when module schema diffs with FortiManager API structure,
module continues to execute without validating parameters.
type: bool
system_npu_fpanomaly:
description: The top level parameters set.
required: false
suboptions:
capwap-minlen-err:
choices:
- drop
- trap-to-host
description: Deprecated, please rename it to capwap_minlen_err.
type: str
esp-minlen-err:
choices:
- drop
- trap-to-host
description: Deprecated, please rename it to esp_minlen_err. Invalid IPv4 ESP
short packet anomalies.
type: str
gre-csum-err:
choices:
- drop
- trap-to-host
description: Deprecated, please rename it to gre_csum_err.
type: str
gtpu-plen-err:
choices:
- drop
- trap-to-host
description: Deprecated, please rename it to gtpu_plen_err.
type: str
icmp-csum-err:
choices:
- drop
- trap-to-host
description: Deprecated, please rename it to icmp_csum_err. Invalid IPv4 ICMP
packet checksum anomalies.
type: str
icmp-frag:
choices:
- allow
- drop
- trap-to-host
description: Deprecated, please rename it to icmp_frag. Layer 3 fragmented packets
that could be part of layer 4 ICMP anomalies.
type: str
icmp-land:
choices:
- allow
- drop
- trap-to-host
description: Deprecated, please rename it to icmp_land. ICMP land anomalies.
type: str
icmp-minlen-err:
choices:
- drop
- trap-to-host
description: Deprecated, please rename it to icmp_minlen_err. Invalid IPv4 ICMP
short packet anomalies.
type: str
ipv4-csum-err:
choices:
- drop
- trap-to-host
description: Deprecated, please rename it to ipv4_csum_err. Invalid IPv4 packet
checksum anomalies.
type: str
ipv4-ihl-err:
choices:
- drop
- trap-to-host
description: Deprecated, please rename it to ipv4_ihl_err. Invalid IPv4 header
length anomalies.
type: str
ipv4-land:
choices:
- allow
- drop
- trap-to-host
description: Deprecated, please rename it to ipv4_land. Land anomalies.
type: str
ipv4-len-err:
choices:
- drop
- trap-to-host
description: Deprecated, please rename it to ipv4_len_err. Invalid IPv4 packet
length anomalies.
type: str
ipv4-opt-err:
choices:
- drop
- trap-to-host
description: Deprecated, please rename it to ipv4_opt_err. Invalid IPv4 option
parsing anomalies.
type: str
ipv4-optlsrr:
choices:
- allow
- drop
- trap-to-host
description: Deprecated, please rename it to ipv4_optlsrr. Loose source record
route option anomalies.
type: str
ipv4-optrr:
choices:
- allow
- drop
- trap-to-host
description: Deprecated, please rename it to ipv4_optrr. Record route option anomalies.
type: str
ipv4-optsecurity:
choices:
- allow
- drop
- trap-to-host
description: Deprecated, please rename it to ipv4_optsecurity. Security option
anomalies.
type: str
ipv4-optssrr:
choices:
- allow
- drop
- trap-to-host
description: Deprecated, please rename it to ipv4_optssrr. Strict source record
route option anomalies.
type: str
ipv4-optstream:
choices:
- allow
- drop
- trap-to-host
description: Deprecated, please rename it to ipv4_optstream. Stream option anomalies.
type: str
ipv4-opttimestamp:
choices:
- allow
- drop
- trap-to-host
description: Deprecated, please rename it to ipv4_opttimestamp. Timestamp option
anomalies.
type: str
ipv4-proto-err:
choices:
- allow
- drop
- trap-to-host
description: Deprecated, please rename it to ipv4_proto_err. Invalid layer 4 protocol
anomalies.
type: str
ipv4-ttlzero-err:
choices:
- drop
- trap-to-host
description: Deprecated, please rename it to ipv4_ttlzero_err. Invalid IPv4 TTL
field zero anomalies.
type: str
ipv4-unknopt:
choices:
- allow
- drop
- trap-to-host
description: Deprecated, please rename it to ipv4_unknopt. Unknown option anomalies.
type: str
ipv4-ver-err:
choices:
- drop
- trap-to-host
description: Deprecated, please rename it to ipv4_ver_err. Invalid IPv4 header
version anomalies.
type: str
ipv6-daddr-err:
choices:
- allow
- drop
- trap-to-host
description: Deprecated, please rename it to ipv6_daddr_err. Destination address
as unspecified or loopback address anomalies.
type: str
ipv6-exthdr-len-err:
choices:
- drop
- trap-to-host
description: Deprecated, please rename it to ipv6_exthdr_len_err. Invalid IPv6
packet chain extension header total length anomalies.
type: str
ipv6-exthdr-order-err:
choices:
- drop
- trap-to-host
description: Deprecated, please rename it to ipv6_exthdr_order_err. Invalid IPv6
packet extension header ordering anomalies.
type: str
ipv6-ihl-err:
choices:
- drop
- trap-to-host
description: Deprecated, please rename it to ipv6_ihl_err. Invalid IPv6 packet
length anomalies.
type: str
ipv6-land:
choices:
- allow
- drop
- trap-to-host
description: Deprecated, please rename it to ipv6_land. Land anomalies.
type: str
ipv6-optendpid:
choices:
- allow
- drop
- trap-to-host
description: Deprecated, please rename it to ipv6_optendpid. End point identification
anomalies.
type: str
ipv6-opthomeaddr:
choices:
- allow
- drop
- trap-to-host
description: Deprecated, please rename it to ipv6_opthomeaddr. Home address option
anomalies.
type: str
ipv6-optinvld:
choices:
- allow
- drop
- trap-to-host
description: Deprecated, please rename it to ipv6_optinvld. Invalid option anomalies.
type: str
ipv6-optjumbo:
choices:
- allow
- drop
- trap-to-host
description: Deprecated, please rename it to ipv6_optjumbo. Jumbo options anomalies.
type: str
ipv6-optnsap:
choices:
- allow
- drop
- trap-to-host
description: Deprecated, please rename it to ipv6_optnsap. Network service access
point address option anomalies.
type: str
ipv6-optralert:
choices:
- allow
- drop
- trap-to-host
description: Deprecated, please rename it to ipv6_optralert. Router alert option
anomalies.
type: str
ipv6-opttunnel:
choices:
- allow
- drop
- trap-to-host
description: Deprecated, please rename it to ipv6_opttunnel. Tunnel encapsulation
limit option anomalies.
type: str
ipv6-plen-zero:
choices:
- drop
- trap-to-host
description: Deprecated, please rename it to ipv6_plen_zero. Invalid IPv6 packet
payload length zero anomalies.
type: str
ipv6-proto-err:
choices:
- allow
- drop
- trap-to-host
description: Deprecated, please rename it to ipv6_proto_err. Layer 4 invalid protocol
anomalies.
type: str
ipv6-saddr-err:
choices:
- allow
- drop
- trap-to-host
description: Deprecated, please rename it to ipv6_saddr_err. Source address as
multicast anomalies.
type: str
ipv6-unknopt:
choices:
- allow
- drop
- trap-to-host
description: Deprecated, please rename it to ipv6_unknopt. Unknown option anomalies.
type: str
ipv6-ver-err:
choices:
- drop
- trap-to-host
description: Deprecated, please rename it to ipv6_ver_err. Invalid IPv6 packet
version anomalies.
type: str
nvgre-minlen-err:
choices:
- drop
- trap-to-host
description: Deprecated, please rename it to nvgre_minlen_err.
type: str
sctp-clen-err:
choices:
- drop
- trap-to-host
description: Deprecated, please rename it to sctp_clen_err.
type: str
sctp-crc-err:
choices:
- drop
- trap-to-host
description: Deprecated, please rename it to sctp_crc_err.
type: str
sctp-l4len-err:
choices:
- drop
- trap-to-host
description: Deprecated, please rename it to sctp_l4len_err.
type: str
tcp-csum-err:
choices:
- drop
- trap-to-host
description: Deprecated, please rename it to tcp_csum_err. Invalid IPv4 TCP packet
checksum anomalies.
type: str
tcp-fin-noack:
choices:
- allow
- drop
- trap-to-host
description: Deprecated, please rename it to tcp_fin_noack. TCP SYN flood with
FIN flag set without ACK setting anomalies.
type: str
tcp-fin-only:
choices:
- allow
- drop
- trap-to-host
description: Deprecated, please rename it to tcp_fin_only. TCP SYN flood with
only FIN flag set anomalies.
type: str
tcp-hlen-err:
choices:
- drop
- trap-to-host
description: Deprecated, please rename it to tcp_hlen_err. Invalid IPv4 TCP header
length anomalies.
type: str
tcp-hlenvsl4len-err:
choices:
- drop
- trap-to-host
description: Deprecated, please rename it to tcp_hlenvsl4len_err.
type: str
tcp-land:
choices:
- allow
- drop
- trap-to-host
description: Deprecated, please rename it to tcp_land. TCP land anomalies.
type: str
tcp-no-flag:
choices:
- allow
- drop
- trap-to-host
description: Deprecated, please rename it to tcp_no_flag. TCP SYN flood with no
flag set anomalies.
type: str
tcp-plen-err:
choices:
- drop
- trap-to-host
description: Deprecated, please rename it to tcp_plen_err. Invalid IPv4 TCP packet
length anomalies.
type: str
tcp-syn-data:
choices:
- allow
- drop
- trap-to-host
description: Deprecated, please rename it to tcp_syn_data. TCP SYN flood packets
with data anomalies.
type: str
tcp-syn-fin:
choices:
- allow
- drop
- trap-to-host
description: Deprecated, please rename it to tcp_syn_fin. TCP SYN flood SYN/FIN
flag set anomalies.
type: str
tcp-winnuke:
choices:
- allow
- drop
- trap-to-host
description: Deprecated, please rename it to tcp_winnuke. TCP WinNuke anomalies.
type: str
udp-csum-err:
choices:
- drop
- trap-to-host
description: Deprecated, please rename it to udp_csum_err. Invalid IPv4 UDP packet
checksum anomalies.
type: str
udp-hlen-err:
choices:
- drop
- trap-to-host
description: Deprecated, please rename it to udp_hlen_err. Invalid IPv4 UDP packet
header length anomalies.
type: str
udp-land:
choices:
- allow
- drop
- trap-to-host
description: Deprecated, please rename it to udp_land. UDP land anomalies.
type: str
udp-len-err:
choices:
- drop
- trap-to-host
description: Deprecated, please rename it to udp_len_err. Invalid IPv4 UDP packet
length anomalies.
type: str
udp-plen-err:
choices:
- drop
- trap-to-host
description: Deprecated, please rename it to udp_plen_err. Invalid IPv4 UDP packet
minimum length anomalies.
type: str
udplite-cover-err:
choices:
- drop
- trap-to-host
description: Deprecated, please rename it to udplite_cover_err. Invalid IPv4 UDP-Lite
packet coverage anomalies.
type: str
udplite-csum-err:
choices:
- drop
- trap-to-host
description: Deprecated, please rename it to udplite_csum_err. Invalid IPv4 UDP-Lite
packet checksum anomalies.
type: str
uesp-minlen-err:
choices:
- drop
- trap-to-host
description: Deprecated, please rename it to uesp_minlen_err.
type: str
unknproto-minlen-err:
choices:
- drop
- trap-to-host
description: Deprecated, please rename it to unknproto_minlen_err. Invalid IPv4
L4 unknown protocol short packet anomalies.
type: str
vxlan-minlen-err:
choices:
- drop
- trap-to-host
description: Deprecated, please rename it to vxlan_minlen_err.
type: str
type: dict
workspace_locking_adom:
description: The adom to lock for FortiManager running in workspace mode, the value
can be global and others including root.
type: str
forticloud_access_token:
description: Authenticate Ansible client with forticloud API access token.
type: str
workspace_locking_timeout:
default: 300
description: The maximum time in seconds to wait for other user to release the workspace
lock.
type: int
meta:
contains:
request_url:
description: The full url requested.
returned: always
sample: /sys/login/user
type: str
response_code:
description: The status of api request.
returned: always
sample: 0
type: int
response_data:
description: The api response.
returned: always
type: list
response_message:
description: The descriptive message of the api response.
returned: always
sample: OK.
type: str
system_information:
description: The information of the target system.
returned: always
type: dict
description: The result of the request.
returned: always
type: dict
rc:
description: The status the request.
returned: always
sample: 0
type: int
version_check_warning:
description: Warning if the parameters used in the playbook are not supported by
the current FortiManager version.
returned: complex
type: list