fortinet / fortinet.fortios / 2.3.6 / module / fortios_system_np6 Configure NP6 attributes in Fortinet's FortiOS and FortiGate. | "added in version" 2.0.0 of fortinet.fortios" Authors: Link Zheng (@chillancezen), Jie Xue (@JieX19), Hongbin Lu (@fgtdev-hblu), Frank Shen (@frankshen01), Miguel Angel Munoz (@mamunozgonzalez), Nicolas Thomas (@thomnico) preview | supported by communityfortinet.fortios.fortios_system_np6 (2.3.6) — module
Install with ansible-galaxy collection install fortinet.fortios:==2.3.6
collections: - name: fortinet.fortios version: 2.3.6
This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and np6 category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
- name: Configure NP6 attributes. fortinet.fortios.fortios_system_np6: vdom: "{{ vdom }}" state: "present" access_token: "<your_own_value>" system_np6: fastpath: "disable" fp_anomaly: icmp_csum_err: "drop" icmp_frag: "allow" icmp_land: "allow" ipv4_csum_err: "drop" ipv4_land: "allow" ipv4_optlsrr: "allow" ipv4_optrr: "allow" ipv4_optsecurity: "allow" ipv4_optssrr: "allow" ipv4_optstream: "allow" ipv4_opttimestamp: "allow" ipv4_proto_err: "allow" ipv4_unknopt: "allow" ipv6_daddr_err: "allow" ipv6_land: "allow" ipv6_optendpid: "allow" ipv6_opthomeaddr: "allow" ipv6_optinvld: "allow" ipv6_optjumbo: "allow" ipv6_optnsap: "allow" ipv6_optralert: "allow" ipv6_opttunnel: "allow" ipv6_proto_err: "allow" ipv6_saddr_err: "allow" ipv6_unknopt: "allow" tcp_csum_err: "drop" tcp_fin_noack: "allow" tcp_fin_only: "allow" tcp_land: "allow" tcp_no_flag: "allow" tcp_syn_data: "allow" tcp_syn_fin: "allow" tcp_winnuke: "allow" udp_csum_err: "drop" udp_land: "allow" garbage_session_collector: "disable" hpe: arp_max: "200000" enable_shaper: "disable" esp_max: "200000" icmp_max: "200000" ip_frag_max: "200000" ip_others_max: "200000" l2_others_max: "200000" pri_type_max: "200000" sctp_max: "200000" tcp_max: "600000" tcpfin_rst_max: "600000" tcpsyn_ack_max: "600000" tcpsyn_max: "600000" udp_max: "600000" ipsec_ob_hash_function: "global-hash" ipsec_outbound_hash: "disable" low_latency_mode: "disable" name: "default_name_59" per_session_accounting: "disable" session_collector_interval: "64" session_timeout_fixed: "disable" session_timeout_interval: "40" session_timeout_random_range: "8"
vdom: default: root description: - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str state: choices: - present - absent description: - Indicates whether to create or remove the object. required: true type: str enable_log: default: false description: - Enable/Disable logging for task. required: false type: bool system_np6: default: null description: - Configure NP6 attributes. suboptions: fastpath: choices: - disable - enable description: - Enable/disable NP6 offloading (also called fast path). type: str fp_anomaly: description: - NP6 IPv4 anomaly protection. trap-to-host forwards anomaly sessions to the CPU. suboptions: icmp_csum_err: choices: - drop - trap-to-host description: - Invalid IPv4 ICMP checksum anomalies. type: str icmp_frag: choices: - allow - drop - trap-to-host description: - Layer 3 fragmented packets that could be part of layer 4 ICMP anomalies. type: str icmp_land: choices: - allow - drop - trap-to-host description: - ICMP land anomalies. type: str ipv4_csum_err: choices: - drop - trap-to-host description: - Invalid IPv4 IP checksum anomalies. type: str ipv4_land: choices: - allow - drop - trap-to-host description: - Land anomalies. type: str ipv4_optlsrr: choices: - allow - drop - trap-to-host description: - Loose source record route option anomalies. type: str ipv4_optrr: choices: - allow - drop - trap-to-host description: - Record route option anomalies. type: str ipv4_optsecurity: choices: - allow - drop - trap-to-host description: - Security option anomalies. type: str ipv4_optssrr: choices: - allow - drop - trap-to-host description: - Strict source record route option anomalies. type: str ipv4_optstream: choices: - allow - drop - trap-to-host description: - Stream option anomalies. type: str ipv4_opttimestamp: choices: - allow - drop - trap-to-host description: - Timestamp option anomalies. type: str ipv4_proto_err: choices: - allow - drop - trap-to-host description: - Invalid layer 4 protocol anomalies. type: str ipv4_unknopt: choices: - allow - drop - trap-to-host description: - Unknown option anomalies. type: str ipv6_daddr_err: choices: - allow - drop - trap-to-host description: - Destination address as unspecified or loopback address anomalies. type: str ipv6_land: choices: - allow - drop - trap-to-host description: - Land anomalies. type: str ipv6_optendpid: choices: - allow - drop - trap-to-host description: - End point identification anomalies. type: str ipv6_opthomeaddr: choices: - allow - drop - trap-to-host description: - Home address option anomalies. type: str ipv6_optinvld: choices: - allow - drop - trap-to-host description: - Invalid option anomalies.Invalid option anomalies. type: str ipv6_optjumbo: choices: - allow - drop - trap-to-host description: - Jumbo options anomalies. type: str ipv6_optnsap: choices: - allow - drop - trap-to-host description: - Network service access point address option anomalies. type: str ipv6_optralert: choices: - allow - drop - trap-to-host description: - Router alert option anomalies. type: str ipv6_opttunnel: choices: - allow - drop - trap-to-host description: - Tunnel encapsulation limit option anomalies. type: str ipv6_proto_err: choices: - allow - drop - trap-to-host description: - Layer 4 invalid protocol anomalies. type: str ipv6_saddr_err: choices: - allow - drop - trap-to-host description: - Source address as multicast anomalies. type: str ipv6_unknopt: choices: - allow - drop - trap-to-host description: - Unknown option anomalies. type: str tcp_csum_err: choices: - drop - trap-to-host description: - Invalid IPv4 TCP checksum anomalies. type: str tcp_fin_noack: choices: - allow - drop - trap-to-host description: - TCP SYN flood with FIN flag set without ACK setting anomalies. type: str tcp_fin_only: choices: - allow - drop - trap-to-host description: - TCP SYN flood with only FIN flag set anomalies. type: str tcp_land: choices: - allow - drop - trap-to-host description: - TCP land anomalies. type: str tcp_no_flag: choices: - allow - drop - trap-to-host description: - TCP SYN flood with no flag set anomalies. type: str tcp_syn_data: choices: - allow - drop - trap-to-host description: - TCP SYN flood packets with data anomalies. type: str tcp_syn_fin: choices: - allow - drop - trap-to-host description: - TCP SYN flood SYN/FIN flag set anomalies. type: str tcp_winnuke: choices: - allow - drop - trap-to-host description: - TCP WinNuke anomalies. type: str udp_csum_err: choices: - drop - trap-to-host description: - Invalid IPv4 UDP checksum anomalies. type: str udp_land: choices: - allow - drop - trap-to-host description: - UDP land anomalies. type: str type: dict garbage_session_collector: choices: - disable - enable description: - Enable/disable garbage session collector. type: str hpe: description: - HPE configuration. suboptions: arp_max: description: - Maximum ARP packet rate (1K - 1G pps). type: int enable_shaper: choices: - disable - enable description: - Enable/Disable NPU Host Protection Engine(HPE) for packet type shaper. type: str esp_max: description: - Maximum ESP packet rate (1K - 1G pps). type: int icmp_max: description: - Maximum ICMP packet rate (1K - 1G pps). type: int ip_frag_max: description: - Maximum fragmented IP packet rate (1K - 1G pps). type: int ip_others_max: description: - Maximum IP packet rate for other packets (packet types that cannot be set with other options) (1K - 1G pps). type: int l2_others_max: description: - Maximum L2 packet rate for L2 packets that are not ARP packets (1K - 1G pps). type: int pri_type_max: description: - 'Maximum overflow rate of priority type traffic (1K - 1G pps). Includes L2: HA, 802.3ad LACP, heartbeats. L3: OSPF. L4_TCP: BGP. L4_UDP: IKE, SLBC, BFD.' type: int sctp_max: description: - Maximum SCTP packet rate (1K - 1G pps). type: int tcp_max: description: - Maximum TCP packet rate (1K - 1G pps). type: int tcpfin_rst_max: description: - Maximum TCP carries FIN or RST flags packet rate (1K - 1G pps). type: int tcpsyn_ack_max: description: - Maximum TCP carries SYN and ACK flags packet rate (1K - 1G pps). type: int tcpsyn_max: description: - Maximum TCP SYN packet rate (1K - 1G pps). type: int udp_max: description: - Maximum UDP packet rate (1K - 1G pps). type: int type: dict ipsec_ob_hash_function: choices: - global-hash - round-robin-global description: - Set hash function for IPSec outbound. type: str ipsec_outbound_hash: choices: - disable - enable description: - Enable/disable hash function for IPsec outbound traffic. type: str low_latency_mode: choices: - disable - enable description: - Enable/disable low latency mode. type: str name: description: - Device Name. required: true type: str per_session_accounting: choices: - disable - traffic-log-only - enable description: - Enable/disable per-session accounting. type: str session_collector_interval: description: - Set garbage session collection cleanup interval (1 - 100 sec). type: int session_timeout_fixed: choices: - disable - enable description: - '{disable | enable} Toggle between using fixed or random timeouts for refreshing NP6 sessions.' type: str session_timeout_interval: description: - Set the fixed timeout for refreshing NP6 sessions (0 - 1000 sec). type: int session_timeout_random_range: description: - Set the random timeout range for refreshing NP6 sessions (0 - 1000 sec). type: int type: dict member_path: description: - Member attribute path to operate on. - Delimited by a slash character if there are more than one attribute. - Parameter marked with member_path is legitimate for doing member operation. type: str access_token: description: - Token-based authentication. Generated from GUI of Fortigate. required: false type: str member_state: choices: - present - absent description: - Add or delete a member under specified attribute path. - When member_state is specified, the state option is ignored. type: str
build: description: Build number of the fortigate image returned: always sample: '1547' type: str http_method: description: Last method used to provision the content into FortiGate returned: always sample: PUT type: str http_status: description: Last result given by FortiGate on last operation applied returned: always sample: '200' type: str mkey: description: Master key (id) used in the last call to FortiGate returned: success sample: id type: str name: description: Name of the table used to fulfill the request returned: always sample: urlfilter type: str path: description: Path of the table used to fulfill the request returned: always sample: webfilter type: str revision: description: Internal revision number returned: always sample: 17.0.2.10658 type: str serial: description: Serial number of the unit returned: always sample: FGVMEVYYQT3AB5352 type: str status: description: Indication of the operation's result returned: always sample: success type: str vdom: description: Virtual domain used returned: always sample: root type: str version: description: Version of the FortiGate returned: always sample: v5.6.3 type: str