Try SpotterConfigure NPU attributes in Fortinet's FortiOS and FortiGate.
| "added in version" 2.0.0 of lix_fortinet.fortios"
Authors: Link Zheng (@chillancezen), Jie Xue (@JieX19), Hongbin Lu (@fgtdev-hblu), Frank Shen (@frankshen01), Miguel Angel Munoz (@mamunozgonzalez), Nicolas Thomas (@thomnico)
preview | supported by community
Install with ansible-galaxy collection install lix_fortinet.fortios:==102.2.120
collections:
- name: lix_fortinet.fortios
version: 102.2.120This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and npu category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure NPU attributes.
fortios_system_npu:
vdom: "{{ vdom }}"
system_npu:
capwap_offload: "enable"
dedicated_management_affinity: "<your_own_value>"
dedicated_management_cpu: "enable"
fastpath: "disable"
gtp_enhanced_cpu_range: "0"
gtp_enhanced_mode: "enable"
intf_shaping_offload: "enable"
ipsec_dec_subengine_mask: "<your_own_value>"
ipsec_enc_subengine_mask: "<your_own_value>"
ipsec_inbound_cache: "enable"
ipsec_mtu_override: "disable"
ipsec_over_vlink: "enable"
isf_np_queues:
cos0: "<your_own_value> (source system.isf-queue-profile.name)"
cos1: "<your_own_value> (source system.isf-queue-profile.name)"
cos2: "<your_own_value> (source system.isf-queue-profile.name)"
cos3: "<your_own_value> (source system.isf-queue-profile.name)"
cos4: "<your_own_value> (source system.isf-queue-profile.name)"
cos5: "<your_own_value> (source system.isf-queue-profile.name)"
cos6: "<your_own_value> (source system.isf-queue-profile.name)"
cos7: "<your_own_value> (source system.isf-queue-profile.name)"
lag_out_port_select: "disable"
mcast_session_accounting: "tpe-based"
port_cpu_map:
-
cpu_core: "<your_own_value>"
interface: "<your_own_value>"
port_npu_map:
-
interface: "<your_own_value>"
npu_group_index: "0"
priority_protocol:
bfd: "enable"
bgp: "enable"
slbc: "enable"
qos_mode: "disable"
rdp_offload: "enable"
session_denied_offload: "disable"
sse_backpressure: "enable"
strip_clear_text_padding: "enable"
strip_esp_padding: "enable"
sw_eh_hash:
computation: "xor16"
destination_ip_lower_16: "include"
destination_ip_upper_16: "include"
destination_port: "include"
ip_protocol: "include"
netmask_length: "32"
source_ip_lower_16: "include"
source_ip_upper_16: "include"
source_port: "include"
sw_np_bandwidth: "0G"
uesp_offload: "enable"
vdom:
default: root
description:
- Virtual domain, among those defined previously. A vdom is a virtual instance of
the FortiGate that can be configured and used as a different unit.
type: str
enable_log:
default: false
description:
- Enable/Disable logging for task.
required: false
type: bool
system_npu:
default: null
description:
- Configure NPU attributes.
suboptions:
capwap_offload:
choices:
- enable
- disable
description:
- Enable/disable offloading managed FortiAP and FortiLink CAPWAP sessions.
type: str
dedicated_management_affinity:
description:
- Affinity setting for management deamons (hexadecimal value up to 256 bits in
the format of xxxxxxxxxxxxxxxx).
type: str
dedicated_management_cpu:
choices:
- enable
- disable
description:
- Enable to dedicate one CPU for GUI and CLI connections when NPs are busy.
type: str
fastpath:
choices:
- disable
- enable
description:
- Enable/disable NP6 offloading (also called fast path).
type: str
gtp_enhanced_cpu_range:
choices:
- '0'
- '1'
- '2'
description:
- GTP enhanced CPU range option.
type: str
gtp_enhanced_mode:
choices:
- enable
- disable
description:
- Enable/disable GTP enhanced mode.
type: str
intf_shaping_offload:
choices:
- enable
- disable
description:
- Enable/disable NPU offload when doing interface-based traffic shaping according
to the egress-shaping-profile.
type: str
ipsec_dec_subengine_mask:
description:
- IPsec decryption subengine mask (0x1 - 0xff).
type: str
ipsec_enc_subengine_mask:
description:
- IPsec encryption subengine mask (0x1 - 0xff).
type: str
ipsec_inbound_cache:
choices:
- enable
- disable
description:
- Enable/disable IPsec inbound cache for anti-replay.
type: str
ipsec_mtu_override:
choices:
- disable
- enable
description:
- Enable/disable NP6 IPsec MTU override.
type: str
ipsec_over_vlink:
choices:
- enable
- disable
description:
- Enable/disable IPSEC over vlink.
type: str
isf_np_queues:
description:
- Configure queues of switch port connected to NP6 XAUI on ingress path.
suboptions:
cos0:
description:
- CoS profile name for CoS 0. Source system.isf-queue-profile.name.
type: str
cos1:
description:
- CoS profile name for CoS 1. Source system.isf-queue-profile.name.
type: str
cos2:
description:
- CoS profile name for CoS 2. Source system.isf-queue-profile.name.
type: str
cos3:
description:
- CoS profile name for CoS 3. Source system.isf-queue-profile.name.
type: str
cos4:
description:
- CoS profile name for CoS 4. Source system.isf-queue-profile.name.
type: str
cos5:
description:
- CoS profile name for CoS 5. Source system.isf-queue-profile.name.
type: str
cos6:
description:
- CoS profile name for CoS 6. Source system.isf-queue-profile.name.
type: str
cos7:
description:
- CoS profile name for CoS 7. Source system.isf-queue-profile.name.
type: str
type: dict
lag_out_port_select:
choices:
- disable
- enable
description:
- Enable/disable LAG outgoing port selection based on incoming traffic port.
type: str
mcast_session_accounting:
choices:
- tpe-based
- session-based
- disable
description:
- Enable/disable traffic accounting for each multicast session through TAE counter.
type: str
port_cpu_map:
description:
- Configure NPU interface to CPU core mapping.
elements: dict
suboptions:
cpu_core:
description:
- The CPU core to map to an interface.
type: str
interface:
description:
- The interface to map to a CPU core.
type: str
type: list
port_npu_map:
description:
- Configure port to NPU group mapping.
elements: dict
suboptions:
interface:
description:
- Set npu interface port to NPU group map.
type: str
npu_group_index:
description:
- Mapping NPU group index.
type: int
type: list
priority_protocol:
description:
- Configure NPU priority protocol.
suboptions:
bfd:
choices:
- enable
- disable
description:
- Enable/disable NPU BFD priority protocol.
type: str
bgp:
choices:
- enable
- disable
description:
- Enable/disable NPU BGP priority protocol.
type: str
slbc:
choices:
- enable
- disable
description:
- Enable/disable NPU SLBC priority protocol.
type: str
type: dict
qos_mode:
choices:
- disable
- priority
- round-robin
description:
- QoS mode on switch and NP.
type: str
rdp_offload:
choices:
- enable
- disable
description:
- Enable/disable rdp offload.
type: str
session_denied_offload:
choices:
- disable
- enable
description:
- Enable/disable offloading of denied sessions. Requires ses-denied-traffic to
be set.
type: str
sse_backpressure:
choices:
- enable
- disable
description:
- Enable/disable sse backpressure.
type: str
strip_clear_text_padding:
choices:
- enable
- disable
description:
- Enable/disable stripping clear text padding.
type: str
strip_esp_padding:
choices:
- enable
- disable
description:
- Enable/disable stripping ESP padding.
type: str
sw_eh_hash:
description:
- Configure switch enhanced hashing.
suboptions:
computation:
choices:
- xor16
- xor8
- xor4
- crc16
description:
- Set hashing computation.
type: str
destination_ip_lower_16:
choices:
- include
- exclude
description:
- Include/exclude destination IP address lower 16 bits.
type: str
destination_ip_upper_16:
choices:
- include
- exclude
description:
- Include/exclude destination IP address upper 16 bits.
type: str
destination_port:
choices:
- include
- exclude
description:
- Include/exclude destination port if TCP/UDP.
type: str
ip_protocol:
choices:
- include
- exclude
description:
- Include/exclude IP protocol.
type: str
netmask_length:
description:
- Network mask length.
type: int
source_ip_lower_16:
choices:
- include
- exclude
description:
- Include/exclude source IP address lower 16 bits.
type: str
source_ip_upper_16:
choices:
- include
- exclude
description:
- Include/exclude source IP address upper 16 bits.
type: str
source_port:
choices:
- include
- exclude
description:
- Include/exclude source port if TCP/UDP.
type: str
type: dict
sw_np_bandwidth:
choices:
- 0G
- 2G
- 4G
- 5G
- 6G
description:
- Bandwidth from switch to NP.
type: str
uesp_offload:
choices:
- enable
- disable
description:
- Enable/disable UDP-encapsulated ESP offload .
type: str
type: dict
member_path:
description:
- Member attribute path to operate on.
- Delimited by a slash character if there are more than one attribute.
- Parameter marked with member_path is legitimate for doing member operation.
type: str
access_token:
description:
- Token-based authentication. Generated from GUI of Fortigate.
required: false
type: str
member_state:
choices:
- present
- absent
description:
- Add or delete a member under specified attribute path.
- When member_state is specified, the state option is ignored.
type: str
build: description: Build number of the fortigate image returned: always sample: '1547' type: str http_method: description: Last method used to provision the content into FortiGate returned: always sample: PUT type: str http_status: description: Last result given by FortiGate on last operation applied returned: always sample: '200' type: str mkey: description: Master key (id) used in the last call to FortiGate returned: success sample: id type: str name: description: Name of the table used to fulfill the request returned: always sample: urlfilter type: str path: description: Path of the table used to fulfill the request returned: always sample: webfilter type: str revision: description: Internal revision number returned: always sample: 17.0.2.10658 type: str serial: description: Serial number of the unit returned: always sample: FGVMEVYYQT3AB5352 type: str status: description: Indication of the operation's result returned: always sample: success type: str vdom: description: Virtual domain used returned: always sample: root type: str version: description: Version of the FortiGate returned: always sample: v5.6.3 type: str