lix_fortinet / lix_fortinet.fortios / 102.2.120 / module / fortios_system_npu Configure NPU attributes in Fortinet's FortiOS and FortiGate. | "added in version" 2.0.0 of lix_fortinet.fortios" Authors: Link Zheng (@chillancezen), Jie Xue (@JieX19), Hongbin Lu (@fgtdev-hblu), Frank Shen (@frankshen01), Miguel Angel Munoz (@mamunozgonzalez), Nicolas Thomas (@thomnico) preview | supported by communitylix_fortinet.fortios.fortios_system_npu (102.2.120) — module
Install with ansible-galaxy collection install lix_fortinet.fortios:==102.2.120
collections: - name: lix_fortinet.fortios version: 102.2.120
This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and npu category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
- hosts: fortigates collections: - fortinet.fortios connection: httpapi vars: vdom: "root" ansible_httpapi_use_ssl: yes ansible_httpapi_validate_certs: no ansible_httpapi_port: 443 tasks: - name: Configure NPU attributes. fortios_system_npu: vdom: "{{ vdom }}" system_npu: capwap_offload: "enable" dedicated_management_affinity: "<your_own_value>" dedicated_management_cpu: "enable" fastpath: "disable" gtp_enhanced_cpu_range: "0" gtp_enhanced_mode: "enable" intf_shaping_offload: "enable" ipsec_dec_subengine_mask: "<your_own_value>" ipsec_enc_subengine_mask: "<your_own_value>" ipsec_inbound_cache: "enable" ipsec_mtu_override: "disable" ipsec_over_vlink: "enable" isf_np_queues: cos0: "<your_own_value> (source system.isf-queue-profile.name)" cos1: "<your_own_value> (source system.isf-queue-profile.name)" cos2: "<your_own_value> (source system.isf-queue-profile.name)" cos3: "<your_own_value> (source system.isf-queue-profile.name)" cos4: "<your_own_value> (source system.isf-queue-profile.name)" cos5: "<your_own_value> (source system.isf-queue-profile.name)" cos6: "<your_own_value> (source system.isf-queue-profile.name)" cos7: "<your_own_value> (source system.isf-queue-profile.name)" lag_out_port_select: "disable" mcast_session_accounting: "tpe-based" port_cpu_map: - cpu_core: "<your_own_value>" interface: "<your_own_value>" port_npu_map: - interface: "<your_own_value>" npu_group_index: "0" priority_protocol: bfd: "enable" bgp: "enable" slbc: "enable" qos_mode: "disable" rdp_offload: "enable" session_denied_offload: "disable" sse_backpressure: "enable" strip_clear_text_padding: "enable" strip_esp_padding: "enable" sw_eh_hash: computation: "xor16" destination_ip_lower_16: "include" destination_ip_upper_16: "include" destination_port: "include" ip_protocol: "include" netmask_length: "32" source_ip_lower_16: "include" source_ip_upper_16: "include" source_port: "include" sw_np_bandwidth: "0G" uesp_offload: "enable"
vdom: default: root description: - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str enable_log: default: false description: - Enable/Disable logging for task. required: false type: bool system_npu: default: null description: - Configure NPU attributes. suboptions: capwap_offload: choices: - enable - disable description: - Enable/disable offloading managed FortiAP and FortiLink CAPWAP sessions. type: str dedicated_management_affinity: description: - Affinity setting for management deamons (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx). type: str dedicated_management_cpu: choices: - enable - disable description: - Enable to dedicate one CPU for GUI and CLI connections when NPs are busy. type: str fastpath: choices: - disable - enable description: - Enable/disable NP6 offloading (also called fast path). type: str gtp_enhanced_cpu_range: choices: - '0' - '1' - '2' description: - GTP enhanced CPU range option. type: str gtp_enhanced_mode: choices: - enable - disable description: - Enable/disable GTP enhanced mode. type: str intf_shaping_offload: choices: - enable - disable description: - Enable/disable NPU offload when doing interface-based traffic shaping according to the egress-shaping-profile. type: str ipsec_dec_subengine_mask: description: - IPsec decryption subengine mask (0x1 - 0xff). type: str ipsec_enc_subengine_mask: description: - IPsec encryption subengine mask (0x1 - 0xff). type: str ipsec_inbound_cache: choices: - enable - disable description: - Enable/disable IPsec inbound cache for anti-replay. type: str ipsec_mtu_override: choices: - disable - enable description: - Enable/disable NP6 IPsec MTU override. type: str ipsec_over_vlink: choices: - enable - disable description: - Enable/disable IPSEC over vlink. type: str isf_np_queues: description: - Configure queues of switch port connected to NP6 XAUI on ingress path. suboptions: cos0: description: - CoS profile name for CoS 0. Source system.isf-queue-profile.name. type: str cos1: description: - CoS profile name for CoS 1. Source system.isf-queue-profile.name. type: str cos2: description: - CoS profile name for CoS 2. Source system.isf-queue-profile.name. type: str cos3: description: - CoS profile name for CoS 3. Source system.isf-queue-profile.name. type: str cos4: description: - CoS profile name for CoS 4. Source system.isf-queue-profile.name. type: str cos5: description: - CoS profile name for CoS 5. Source system.isf-queue-profile.name. type: str cos6: description: - CoS profile name for CoS 6. Source system.isf-queue-profile.name. type: str cos7: description: - CoS profile name for CoS 7. Source system.isf-queue-profile.name. type: str type: dict lag_out_port_select: choices: - disable - enable description: - Enable/disable LAG outgoing port selection based on incoming traffic port. type: str mcast_session_accounting: choices: - tpe-based - session-based - disable description: - Enable/disable traffic accounting for each multicast session through TAE counter. type: str port_cpu_map: description: - Configure NPU interface to CPU core mapping. elements: dict suboptions: cpu_core: description: - The CPU core to map to an interface. type: str interface: description: - The interface to map to a CPU core. type: str type: list port_npu_map: description: - Configure port to NPU group mapping. elements: dict suboptions: interface: description: - Set npu interface port to NPU group map. type: str npu_group_index: description: - Mapping NPU group index. type: int type: list priority_protocol: description: - Configure NPU priority protocol. suboptions: bfd: choices: - enable - disable description: - Enable/disable NPU BFD priority protocol. type: str bgp: choices: - enable - disable description: - Enable/disable NPU BGP priority protocol. type: str slbc: choices: - enable - disable description: - Enable/disable NPU SLBC priority protocol. type: str type: dict qos_mode: choices: - disable - priority - round-robin description: - QoS mode on switch and NP. type: str rdp_offload: choices: - enable - disable description: - Enable/disable rdp offload. type: str session_denied_offload: choices: - disable - enable description: - Enable/disable offloading of denied sessions. Requires ses-denied-traffic to be set. type: str sse_backpressure: choices: - enable - disable description: - Enable/disable sse backpressure. type: str strip_clear_text_padding: choices: - enable - disable description: - Enable/disable stripping clear text padding. type: str strip_esp_padding: choices: - enable - disable description: - Enable/disable stripping ESP padding. type: str sw_eh_hash: description: - Configure switch enhanced hashing. suboptions: computation: choices: - xor16 - xor8 - xor4 - crc16 description: - Set hashing computation. type: str destination_ip_lower_16: choices: - include - exclude description: - Include/exclude destination IP address lower 16 bits. type: str destination_ip_upper_16: choices: - include - exclude description: - Include/exclude destination IP address upper 16 bits. type: str destination_port: choices: - include - exclude description: - Include/exclude destination port if TCP/UDP. type: str ip_protocol: choices: - include - exclude description: - Include/exclude IP protocol. type: str netmask_length: description: - Network mask length. type: int source_ip_lower_16: choices: - include - exclude description: - Include/exclude source IP address lower 16 bits. type: str source_ip_upper_16: choices: - include - exclude description: - Include/exclude source IP address upper 16 bits. type: str source_port: choices: - include - exclude description: - Include/exclude source port if TCP/UDP. type: str type: dict sw_np_bandwidth: choices: - 0G - 2G - 4G - 5G - 6G description: - Bandwidth from switch to NP. type: str uesp_offload: choices: - enable - disable description: - Enable/disable UDP-encapsulated ESP offload . type: str type: dict member_path: description: - Member attribute path to operate on. - Delimited by a slash character if there are more than one attribute. - Parameter marked with member_path is legitimate for doing member operation. type: str access_token: description: - Token-based authentication. Generated from GUI of Fortigate. required: false type: str member_state: choices: - present - absent description: - Add or delete a member under specified attribute path. - When member_state is specified, the state option is ignored. type: str
build: description: Build number of the fortigate image returned: always sample: '1547' type: str http_method: description: Last method used to provision the content into FortiGate returned: always sample: PUT type: str http_status: description: Last result given by FortiGate on last operation applied returned: always sample: '200' type: str mkey: description: Master key (id) used in the last call to FortiGate returned: success sample: id type: str name: description: Name of the table used to fulfill the request returned: always sample: urlfilter type: str path: description: Path of the table used to fulfill the request returned: always sample: webfilter type: str revision: description: Internal revision number returned: always sample: 17.0.2.10658 type: str serial: description: Serial number of the unit returned: always sample: FGVMEVYYQT3AB5352 type: str status: description: Indication of the operation's result returned: always sample: success type: str vdom: description: Virtual domain used returned: always sample: root type: str version: description: Version of the FortiGate returned: always sample: v5.6.3 type: str