fortinet / fortinet.fortimanager / 2.4.0 / module / fmgr_system_npu_fpanomaly NP6Lite anomaly protection | "added in version" 2.1.0 of fortinet.fortimanager" Authors: Xinwei Du (@dux-fortinet), Xing Li (@lix-fortinet), Jie Xue (@JieX19), Link Zheng (@chillancezen), Frank Shen (@fshen01), Hongbin Lu (@fgtdev-hblu) preview | supported by communityfortinet.fortimanager.fmgr_system_npu_fpanomaly (2.4.0) — module
Install with ansible-galaxy collection install fortinet.fortimanager:==2.4.0
collections: - name: fortinet.fortimanager version: 2.4.0
This module is able to configure a FortiManager device.
Examples include all parameters and values which need to be adjusted to data sources before usage.
- name: Example playbook (generated based on argument schema) hosts: fortimanagers connection: httpapi vars: ansible_httpapi_use_ssl: true ansible_httpapi_validate_certs: false ansible_httpapi_port: 443 tasks: - name: NP6Lite anomaly protection fortinet.fortimanager.fmgr_system_npu_fpanomaly: # bypass_validation: false workspace_locking_adom: <value in [global, custom adom including root]> workspace_locking_timeout: 300 # rc_succeeded: [0, -2, -3, ...] # rc_failed: [-2, -3, ...] adom: <your own value> system_npu_fpanomaly: esp_minlen_err: <value in [drop, trap-to-host]> icmp_csum_err: <value in [drop, trap-to-host]> icmp_minlen_err: <value in [drop, trap-to-host]> ipv4_csum_err: <value in [drop, trap-to-host]> ipv4_ihl_err: <value in [drop, trap-to-host]> ipv4_len_err: <value in [drop, trap-to-host]> ipv4_opt_err: <value in [drop, trap-to-host]> ipv4_ttlzero_err: <value in [drop, trap-to-host]> ipv4_ver_err: <value in [drop, trap-to-host]> ipv6_exthdr_len_err: <value in [drop, trap-to-host]> ipv6_exthdr_order_err: <value in [drop, trap-to-host]> ipv6_ihl_err: <value in [drop, trap-to-host]> ipv6_plen_zero: <value in [drop, trap-to-host]> ipv6_ver_err: <value in [drop, trap-to-host]> tcp_csum_err: <value in [drop, trap-to-host]> tcp_hlen_err: <value in [drop, trap-to-host]> tcp_plen_err: <value in [drop, trap-to-host]> udp_csum_err: <value in [drop, trap-to-host]> udp_hlen_err: <value in [drop, trap-to-host]> udp_len_err: <value in [drop, trap-to-host]> udp_plen_err: <value in [drop, trap-to-host]> udplite_cover_err: <value in [drop, trap-to-host]> udplite_csum_err: <value in [drop, trap-to-host]> unknproto_minlen_err: <value in [drop, trap-to-host]> tcp_fin_only: <value in [allow, drop, trap-to-host]> ipv4_optsecurity: <value in [allow, drop, trap-to-host]> ipv6_optralert: <value in [allow, drop, trap-to-host]> tcp_syn_fin: <value in [allow, drop, trap-to-host]> ipv4_proto_err: <value in [allow, drop, trap-to-host]> ipv6_saddr_err: <value in [allow, drop, trap-to-host]> icmp_frag: <value in [allow, drop, trap-to-host]> ipv4_optssrr: <value in [allow, drop, trap-to-host]> ipv6_opthomeaddr: <value in [allow, drop, trap-to-host]> udp_land: <value in [allow, drop, trap-to-host]> ipv6_optinvld: <value in [allow, drop, trap-to-host]> tcp_fin_noack: <value in [allow, drop, trap-to-host]> ipv6_proto_err: <value in [allow, drop, trap-to-host]> tcp_land: <value in [allow, drop, trap-to-host]> ipv4_unknopt: <value in [allow, drop, trap-to-host]> ipv4_optstream: <value in [allow, drop, trap-to-host]> ipv6_optjumbo: <value in [allow, drop, trap-to-host]> icmp_land: <value in [allow, drop, trap-to-host]> tcp_winnuke: <value in [allow, drop, trap-to-host]> ipv6_daddr_err: <value in [allow, drop, trap-to-host]> ipv4_land: <value in [allow, drop, trap-to-host]> ipv6_opttunnel: <value in [allow, drop, trap-to-host]> tcp_no_flag: <value in [allow, drop, trap-to-host]> ipv6_land: <value in [allow, drop, trap-to-host]> ipv4_optlsrr: <value in [allow, drop, trap-to-host]> ipv4_opttimestamp: <value in [allow, drop, trap-to-host]> ipv4_optrr: <value in [allow, drop, trap-to-host]> ipv6_optnsap: <value in [allow, drop, trap-to-host]> ipv6_unknopt: <value in [allow, drop, trap-to-host]> tcp_syn_data: <value in [allow, drop, trap-to-host]> ipv6_optendpid: <value in [allow, drop, trap-to-host]> gtpu_plen_err: <value in [drop, trap-to-host]> vxlan_minlen_err: <value in [drop, trap-to-host]> capwap_minlen_err: <value in [drop, trap-to-host]> gre_csum_err: <value in [drop, trap-to-host]> nvgre_minlen_err: <value in [drop, trap-to-host]> sctp_l4len_err: <value in [drop, trap-to-host]> tcp_hlenvsl4len_err: <value in [drop, trap-to-host]> sctp_crc_err: <value in [drop, trap-to-host]> sctp_clen_err: <value in [drop, trap-to-host]> uesp_minlen_err: <value in [drop, trap-to-host]>
adom: description: The parameter (adom) in requested url. required: true type: str rc_failed: description: The rc codes list with which the conditions to fail will be overriden. elements: int type: list enable_log: default: false description: Enable/Disable logging for task. type: bool access_token: description: The token to access FortiManager without using username and password. type: str rc_succeeded: description: The rc codes list with which the conditions to succeed will be overriden. elements: int type: list proposed_method: choices: - update - set - add description: The overridden method for the underlying Json RPC request. type: str bypass_validation: default: false description: Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters. type: bool system_npu_fpanomaly: description: The top level parameters set. required: false suboptions: capwap-minlen-err: choices: - drop - trap-to-host description: Deprecated, please rename it to capwap_minlen_err. type: str esp-minlen-err: choices: - drop - trap-to-host description: Deprecated, please rename it to esp_minlen_err. Invalid IPv4 ESP short packet anomalies. type: str gre-csum-err: choices: - drop - trap-to-host description: Deprecated, please rename it to gre_csum_err. type: str gtpu-plen-err: choices: - drop - trap-to-host description: Deprecated, please rename it to gtpu_plen_err. type: str icmp-csum-err: choices: - drop - trap-to-host description: Deprecated, please rename it to icmp_csum_err. Invalid IPv4 ICMP packet checksum anomalies. type: str icmp-frag: choices: - allow - drop - trap-to-host description: Deprecated, please rename it to icmp_frag. Layer 3 fragmented packets that could be part of layer 4 ICMP anomalies. type: str icmp-land: choices: - allow - drop - trap-to-host description: Deprecated, please rename it to icmp_land. ICMP land anomalies. type: str icmp-minlen-err: choices: - drop - trap-to-host description: Deprecated, please rename it to icmp_minlen_err. Invalid IPv4 ICMP short packet anomalies. type: str ipv4-csum-err: choices: - drop - trap-to-host description: Deprecated, please rename it to ipv4_csum_err. Invalid IPv4 packet checksum anomalies. type: str ipv4-ihl-err: choices: - drop - trap-to-host description: Deprecated, please rename it to ipv4_ihl_err. Invalid IPv4 header length anomalies. type: str ipv4-land: choices: - allow - drop - trap-to-host description: Deprecated, please rename it to ipv4_land. Land anomalies. type: str ipv4-len-err: choices: - drop - trap-to-host description: Deprecated, please rename it to ipv4_len_err. Invalid IPv4 packet length anomalies. type: str ipv4-opt-err: choices: - drop - trap-to-host description: Deprecated, please rename it to ipv4_opt_err. Invalid IPv4 option parsing anomalies. type: str ipv4-optlsrr: choices: - allow - drop - trap-to-host description: Deprecated, please rename it to ipv4_optlsrr. Loose source record route option anomalies. type: str ipv4-optrr: choices: - allow - drop - trap-to-host description: Deprecated, please rename it to ipv4_optrr. Record route option anomalies. type: str ipv4-optsecurity: choices: - allow - drop - trap-to-host description: Deprecated, please rename it to ipv4_optsecurity. Security option anomalies. type: str ipv4-optssrr: choices: - allow - drop - trap-to-host description: Deprecated, please rename it to ipv4_optssrr. Strict source record route option anomalies. type: str ipv4-optstream: choices: - allow - drop - trap-to-host description: Deprecated, please rename it to ipv4_optstream. Stream option anomalies. type: str ipv4-opttimestamp: choices: - allow - drop - trap-to-host description: Deprecated, please rename it to ipv4_opttimestamp. Timestamp option anomalies. type: str ipv4-proto-err: choices: - allow - drop - trap-to-host description: Deprecated, please rename it to ipv4_proto_err. Invalid layer 4 protocol anomalies. type: str ipv4-ttlzero-err: choices: - drop - trap-to-host description: Deprecated, please rename it to ipv4_ttlzero_err. Invalid IPv4 TTL field zero anomalies. type: str ipv4-unknopt: choices: - allow - drop - trap-to-host description: Deprecated, please rename it to ipv4_unknopt. Unknown option anomalies. type: str ipv4-ver-err: choices: - drop - trap-to-host description: Deprecated, please rename it to ipv4_ver_err. Invalid IPv4 header version anomalies. type: str ipv6-daddr-err: choices: - allow - drop - trap-to-host description: Deprecated, please rename it to ipv6_daddr_err. Destination address as unspecified or loopback address anomalies. type: str ipv6-exthdr-len-err: choices: - drop - trap-to-host description: Deprecated, please rename it to ipv6_exthdr_len_err. Invalid IPv6 packet chain extension header total length anomalies. type: str ipv6-exthdr-order-err: choices: - drop - trap-to-host description: Deprecated, please rename it to ipv6_exthdr_order_err. Invalid IPv6 packet extension header ordering anomalies. type: str ipv6-ihl-err: choices: - drop - trap-to-host description: Deprecated, please rename it to ipv6_ihl_err. Invalid IPv6 packet length anomalies. type: str ipv6-land: choices: - allow - drop - trap-to-host description: Deprecated, please rename it to ipv6_land. Land anomalies. type: str ipv6-optendpid: choices: - allow - drop - trap-to-host description: Deprecated, please rename it to ipv6_optendpid. End point identification anomalies. type: str ipv6-opthomeaddr: choices: - allow - drop - trap-to-host description: Deprecated, please rename it to ipv6_opthomeaddr. Home address option anomalies. type: str ipv6-optinvld: choices: - allow - drop - trap-to-host description: Deprecated, please rename it to ipv6_optinvld. Invalid option anomalies. type: str ipv6-optjumbo: choices: - allow - drop - trap-to-host description: Deprecated, please rename it to ipv6_optjumbo. Jumbo options anomalies. type: str ipv6-optnsap: choices: - allow - drop - trap-to-host description: Deprecated, please rename it to ipv6_optnsap. Network service access point address option anomalies. type: str ipv6-optralert: choices: - allow - drop - trap-to-host description: Deprecated, please rename it to ipv6_optralert. Router alert option anomalies. type: str ipv6-opttunnel: choices: - allow - drop - trap-to-host description: Deprecated, please rename it to ipv6_opttunnel. Tunnel encapsulation limit option anomalies. type: str ipv6-plen-zero: choices: - drop - trap-to-host description: Deprecated, please rename it to ipv6_plen_zero. Invalid IPv6 packet payload length zero anomalies. type: str ipv6-proto-err: choices: - allow - drop - trap-to-host description: Deprecated, please rename it to ipv6_proto_err. Layer 4 invalid protocol anomalies. type: str ipv6-saddr-err: choices: - allow - drop - trap-to-host description: Deprecated, please rename it to ipv6_saddr_err. Source address as multicast anomalies. type: str ipv6-unknopt: choices: - allow - drop - trap-to-host description: Deprecated, please rename it to ipv6_unknopt. Unknown option anomalies. type: str ipv6-ver-err: choices: - drop - trap-to-host description: Deprecated, please rename it to ipv6_ver_err. Invalid IPv6 packet version anomalies. type: str nvgre-minlen-err: choices: - drop - trap-to-host description: Deprecated, please rename it to nvgre_minlen_err. type: str sctp-clen-err: choices: - drop - trap-to-host description: Deprecated, please rename it to sctp_clen_err. type: str sctp-crc-err: choices: - drop - trap-to-host description: Deprecated, please rename it to sctp_crc_err. type: str sctp-l4len-err: choices: - drop - trap-to-host description: Deprecated, please rename it to sctp_l4len_err. type: str tcp-csum-err: choices: - drop - trap-to-host description: Deprecated, please rename it to tcp_csum_err. Invalid IPv4 TCP packet checksum anomalies. type: str tcp-fin-noack: choices: - allow - drop - trap-to-host description: Deprecated, please rename it to tcp_fin_noack. TCP SYN flood with FIN flag set without ACK setting anomalies. type: str tcp-fin-only: choices: - allow - drop - trap-to-host description: Deprecated, please rename it to tcp_fin_only. TCP SYN flood with only FIN flag set anomalies. type: str tcp-hlen-err: choices: - drop - trap-to-host description: Deprecated, please rename it to tcp_hlen_err. Invalid IPv4 TCP header length anomalies. type: str tcp-hlenvsl4len-err: choices: - drop - trap-to-host description: Deprecated, please rename it to tcp_hlenvsl4len_err. type: str tcp-land: choices: - allow - drop - trap-to-host description: Deprecated, please rename it to tcp_land. TCP land anomalies. type: str tcp-no-flag: choices: - allow - drop - trap-to-host description: Deprecated, please rename it to tcp_no_flag. TCP SYN flood with no flag set anomalies. type: str tcp-plen-err: choices: - drop - trap-to-host description: Deprecated, please rename it to tcp_plen_err. Invalid IPv4 TCP packet length anomalies. type: str tcp-syn-data: choices: - allow - drop - trap-to-host description: Deprecated, please rename it to tcp_syn_data. TCP SYN flood packets with data anomalies. type: str tcp-syn-fin: choices: - allow - drop - trap-to-host description: Deprecated, please rename it to tcp_syn_fin. TCP SYN flood SYN/FIN flag set anomalies. type: str tcp-winnuke: choices: - allow - drop - trap-to-host description: Deprecated, please rename it to tcp_winnuke. TCP WinNuke anomalies. type: str udp-csum-err: choices: - drop - trap-to-host description: Deprecated, please rename it to udp_csum_err. Invalid IPv4 UDP packet checksum anomalies. type: str udp-hlen-err: choices: - drop - trap-to-host description: Deprecated, please rename it to udp_hlen_err. Invalid IPv4 UDP packet header length anomalies. type: str udp-land: choices: - allow - drop - trap-to-host description: Deprecated, please rename it to udp_land. UDP land anomalies. type: str udp-len-err: choices: - drop - trap-to-host description: Deprecated, please rename it to udp_len_err. Invalid IPv4 UDP packet length anomalies. type: str udp-plen-err: choices: - drop - trap-to-host description: Deprecated, please rename it to udp_plen_err. Invalid IPv4 UDP packet minimum length anomalies. type: str udplite-cover-err: choices: - drop - trap-to-host description: Deprecated, please rename it to udplite_cover_err. Invalid IPv4 UDP-Lite packet coverage anomalies. type: str udplite-csum-err: choices: - drop - trap-to-host description: Deprecated, please rename it to udplite_csum_err. Invalid IPv4 UDP-Lite packet checksum anomalies. type: str uesp-minlen-err: choices: - drop - trap-to-host description: Deprecated, please rename it to uesp_minlen_err. type: str unknproto-minlen-err: choices: - drop - trap-to-host description: Deprecated, please rename it to unknproto_minlen_err. Invalid IPv4 L4 unknown protocol short packet anomalies. type: str vxlan-minlen-err: choices: - drop - trap-to-host description: Deprecated, please rename it to vxlan_minlen_err. type: str type: dict workspace_locking_adom: description: The adom to lock for FortiManager running in workspace mode, the value can be global and others including root. type: str forticloud_access_token: description: Authenticate Ansible client with forticloud API access token. type: str workspace_locking_timeout: default: 300 description: The maximum time in seconds to wait for other user to release the workspace lock. type: int
meta: contains: request_url: description: The full url requested. returned: always sample: /sys/login/user type: str response_code: description: The status of api request. returned: always sample: 0 type: int response_data: description: The api response. returned: always type: list response_message: description: The descriptive message of the api response. returned: always sample: OK. type: str system_information: description: The information of the target system. returned: always type: dict description: The result of the request. returned: always type: dict rc: description: The status the request. returned: always sample: 0 type: int version_check_warning: description: Warning if the parameters used in the playbook are not supported by the current FortiManager version. returned: complex type: list