source:	fortios_system_np6.py
orphan:

fortios_system_np6 -- Configure NP6 attributes in Fortinet's FortiOS and FortiGate.

.. versionadded:: 2.0.0

Synopsis
Requirements
Tips
FortiOS Version Compatibility
Parameters
Notes
Examples
Return Values
Status
Authors

Synopsis

This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and np6 category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0

Requirements

The below requirements are needed on the host that executes this module.

ansible>=2.9

Tips

Using member operation to add an element to an existing object.

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

fortios_system_np6 yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

Parameters

access_token - Token-based authentication. Generated from GUI of Fortigate. type: str required: false
enable_log - Enable/Disable logging for task. type: bool required: false default: False
vdom - Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. type: str default: root
member_path - Member attribute path to operate on. type: str
member_state - Add or delete a member under specified attribute path. type: str choices: present, absent
state - Indicates whether to create or remove the object. type: str required: true choices: present, absent

system_np6 - Configure NP6 attributes. type: dict more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

system_np6 yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

fastpath - Enable/disable NP6 offloading (also called fast path). type: str choices: disable, enable more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

fastpath yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

fp_anomaly - NP6 IPv4 anomaly protection. trap-to-host forwards anomaly sessions to the CPU. type: dict more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

fp_anomaly yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

icmp_csum_err - Invalid IPv4 ICMP checksum anomalies. type: str choices: drop, trap-to-host more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

icmp_csum_err yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[drop] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[trap-to-host] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

icmp_frag - Layer 3 fragmented packets that could be part of layer 4 ICMP anomalies. type: str choices: allow, drop, trap-to-host more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

icmp_frag yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[allow] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[drop] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[trap-to-host] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

icmp_land - ICMP land anomalies. type: str choices: allow, drop, trap-to-host more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

icmp_land yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[allow] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[drop] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[trap-to-host] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

ipv4_csum_err - Invalid IPv4 IP checksum anomalies. type: str choices: drop, trap-to-host more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

ipv4_csum_err yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[drop] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[trap-to-host] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

ipv4_land - Land anomalies. type: str choices: allow, drop, trap-to-host more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

ipv4_land yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[allow] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[drop] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[trap-to-host] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

ipv4_optlsrr - Loose source record route option anomalies. type: str choices: allow, drop, trap-to-host more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

ipv4_optlsrr yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[allow] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[drop] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[trap-to-host] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

ipv4_optrr - Record route option anomalies. type: str choices: allow, drop, trap-to-host more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

ipv4_optrr yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[allow] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[drop] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[trap-to-host] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

ipv4_optsecurity - Security option anomalies. type: str choices: allow, drop, trap-to-host more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

ipv4_optsecurity yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[allow] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[drop] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[trap-to-host] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

ipv4_optssrr - Strict source record route option anomalies. type: str choices: allow, drop, trap-to-host more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

ipv4_optssrr yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[allow] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[drop] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[trap-to-host] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

ipv4_optstream - Stream option anomalies. type: str choices: allow, drop, trap-to-host more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

ipv4_optstream yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[allow] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[drop] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[trap-to-host] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

ipv4_opttimestamp - Timestamp option anomalies. type: str choices: allow, drop, trap-to-host more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

ipv4_opttimestamp yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[allow] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[drop] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[trap-to-host] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

ipv4_proto_err - Invalid layer 4 protocol anomalies. type: str choices: allow, drop, trap-to-host more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

ipv4_proto_err yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[allow] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[drop] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[trap-to-host] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

ipv4_unknopt - Unknown option anomalies. type: str choices: allow, drop, trap-to-host more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

ipv4_unknopt yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[allow] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[drop] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[trap-to-host] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

ipv6_daddr_err - Destination address as unspecified or loopback address anomalies. type: str choices: allow, drop, trap-to-host more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

ipv6_daddr_err yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[allow] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[drop] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[trap-to-host] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

ipv6_land - Land anomalies. type: str choices: allow, drop, trap-to-host more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

ipv6_land yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[allow] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[drop] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[trap-to-host] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

ipv6_optendpid - End point identification anomalies. type: str choices: allow, drop, trap-to-host more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

ipv6_optendpid yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[allow] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[drop] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[trap-to-host] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

ipv6_opthomeaddr - Home address option anomalies. type: str choices: allow, drop, trap-to-host more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

ipv6_opthomeaddr yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[allow] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[drop] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[trap-to-host] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

ipv6_optinvld - Invalid option anomalies.Invalid option anomalies. type: str choices: allow, drop, trap-to-host more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

ipv6_optinvld yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[allow] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[drop] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[trap-to-host] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

ipv6_optjumbo - Jumbo options anomalies. type: str choices: allow, drop, trap-to-host more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

ipv6_optjumbo yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[allow] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[drop] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[trap-to-host] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

ipv6_optnsap - Network service access point address option anomalies. type: str choices: allow, drop, trap-to-host more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

ipv6_optnsap yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[allow] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[drop] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[trap-to-host] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

ipv6_optralert - Router alert option anomalies. type: str choices: allow, drop, trap-to-host more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

ipv6_optralert yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[allow] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[drop] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[trap-to-host] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

ipv6_opttunnel - Tunnel encapsulation limit option anomalies. type: str choices: allow, drop, trap-to-host more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

ipv6_opttunnel yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[allow] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[drop] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[trap-to-host] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

ipv6_proto_err - Layer 4 invalid protocol anomalies. type: str choices: allow, drop, trap-to-host more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

ipv6_proto_err yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[allow] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[drop] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[trap-to-host] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

ipv6_saddr_err - Source address as multicast anomalies. type: str choices: allow, drop, trap-to-host more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

ipv6_saddr_err yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[allow] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[drop] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[trap-to-host] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

ipv6_unknopt - Unknown option anomalies. type: str choices: allow, drop, trap-to-host more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

ipv6_unknopt yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[allow] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[drop] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[trap-to-host] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

tcp_csum_err - Invalid IPv4 TCP checksum anomalies. type: str choices: drop, trap-to-host more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

tcp_csum_err yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[drop] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[trap-to-host] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

tcp_fin_noack - TCP SYN flood with FIN flag set without ACK setting anomalies. type: str choices: allow, drop, trap-to-host more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

tcp_fin_noack yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[allow] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[drop] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[trap-to-host] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

tcp_fin_only - TCP SYN flood with only FIN flag set anomalies. type: str choices: allow, drop, trap-to-host more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

tcp_fin_only yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[allow] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[drop] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[trap-to-host] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

tcp_land - TCP land anomalies. type: str choices: allow, drop, trap-to-host more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

tcp_land yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[allow] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[drop] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[trap-to-host] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

tcp_no_flag - TCP SYN flood with no flag set anomalies. type: str choices: allow, drop, trap-to-host more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

tcp_no_flag yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[allow] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[drop] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[trap-to-host] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

tcp_syn_data - TCP SYN flood packets with data anomalies. type: str choices: allow, drop, trap-to-host more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

tcp_syn_data yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[allow] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[drop] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[trap-to-host] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

tcp_syn_fin - TCP SYN flood SYN/FIN flag set anomalies. type: str choices: allow, drop, trap-to-host more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

tcp_syn_fin yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[allow] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[drop] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[trap-to-host] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

tcp_winnuke - TCP WinNuke anomalies. type: str choices: allow, drop, trap-to-host more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

tcp_winnuke yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[allow] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[drop] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[trap-to-host] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

udp_csum_err - Invalid IPv4 UDP checksum anomalies. type: str choices: drop, trap-to-host more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

udp_csum_err yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[drop] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[trap-to-host] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

udp_land - UDP land anomalies. type: str choices: allow, drop, trap-to-host more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

udp_land yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[allow] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[drop] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[trap-to-host] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

garbage_session_collector - Enable/disable garbage session collector. type: str choices: disable, enable more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

garbage_session_collector yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

hpe - HPE configuration. type: dict more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

hpe yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

arp_max - Maximum ARP packet rate (1K - 1G pps). type: int more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

arp_max yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

enable_shaper - Enable/Disable NPU Host Protection Engine(HPE) for packet type shaper. type: str choices: disable, enable more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

enable_shaper yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

esp_max - Maximum ESP packet rate (1K - 1G pps). type: int more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

esp_max yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

icmp_max - Maximum ICMP packet rate (1K - 1G pps). type: int more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

icmp_max yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

ip_frag_max - Maximum fragmented IP packet rate (1K - 1G pps). type: int more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

ip_frag_max yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

ip_others_max - Maximum IP packet rate for other packets (packet types that cannot be set with other options) (1K - 1G pps). type: int more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

ip_others_max yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

l2_others_max - Maximum L2 packet rate for L2 packets that are not ARP packets (1K - 1G pps). type: int more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

l2_others_max yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

pri_type_max - Maximum overflow rate of priority type traffic (1K - 1G pps). Includes L2: HA, 802.3ad LACP, heartbeats. L3: OSPF. L4_TCP: BGP. L4_UDP: IKE, SLBC, BFD. type: int more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

pri_type_max yes no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

sctp_max - Maximum SCTP packet rate (1K - 1G pps). type: int more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

sctp_max yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

tcp_max - Maximum TCP packet rate (1K - 1G pps). type: int more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

tcp_max yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

tcpfin_rst_max - Maximum TCP carries FIN or RST flags packet rate (1K - 1G pps). type: int more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

tcpfin_rst_max no no no no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

tcpsyn_ack_max - Maximum TCP carries SYN and ACK flags packet rate (1K - 1G pps). type: int more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

tcpsyn_ack_max no no no no no no no no no no yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

tcpsyn_max - Maximum TCP SYN packet rate (1K - 1G pps). type: int more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

tcpsyn_max yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

udp_max - Maximum UDP packet rate (1K - 1G pps). type: int more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

udp_max yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

ipsec_ob_hash_function - Set hash function for IPSec outbound. type: str choices: global-hash, round-robin-global more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4

ipsec_ob_hash_function yes yes yes yes yes yes yes no yes yes yes yes yes yes yes yes yes yes yes yes no yes yes yes

[global-hash] yes yes yes yes yes yes yes n/a yes yes yes yes yes yes yes yes yes yes yes yes n/a yes yes yes

[round-robin-global] yes yes yes yes yes yes yes n/a yes yes yes yes yes yes yes yes yes yes yes yes n/a yes yes yes

ipsec_outbound_hash - Enable/disable hash function for IPsec outbound traffic. type: str choices: disable, enable more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4

ipsec_outbound_hash yes yes yes yes yes yes yes no yes yes yes yes yes yes yes yes yes yes yes yes no yes yes yes

[disable] yes yes yes yes yes yes yes n/a yes yes yes yes yes yes yes yes yes yes yes yes n/a yes yes yes

[enable] yes yes yes yes yes yes yes n/a yes yes yes yes yes yes yes yes yes yes yes yes n/a yes yes yes

low_latency_mode - Enable/disable low latency mode. type: str choices: disable, enable more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

low_latency_mode yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

name - Device Name. type: str required: true more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

name yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

per_session_accounting - Enable/disable per-session accounting. type: str choices: disable, traffic-log-only, enable more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

per_session_accounting yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[traffic-log-only] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

session_collector_interval - Set garbage session collection cleanup interval (1 - 100 sec). type: int more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

session_collector_interval yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

session_timeout_fixed - {disable | enable} Toggle between using fixed or random timeouts for refreshing NP6 sessions. type: str choices: disable, enable more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

session_timeout_fixed yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[disable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

[enable] yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

session_timeout_interval - Set the fixed timeout for refreshing NP6 sessions (0 - 1000 sec). type: int more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

session_timeout_interval yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

session_timeout_random_range - Set the random timeout range for refreshing NP6 sessions (0 - 1000 sec). type: int more...

v6.0.0 v6.0.5 v6.0.11 v6.2.0 v6.2.3 v6.2.5 v6.2.7 v6.4.0 v6.4.1 v6.4.4 v7.0.0 v7.0.1 v7.0.2 v7.0.3 v7.0.4 v7.0.5 v7.0.6 v7.0.7 v7.0.8 v7.0.12 v7.2.0 v7.2.1 v7.2.2 v7.2.4 v7.4.0

session_timeout_random_range yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes yes

Notes

Note

Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks

Examples

- hosts: fortigates
  collections:
    - fortinet.fortios
  connection: httpapi
  vars:
   vdom: "root"
   ansible_httpapi_use_ssl: yes
   ansible_httpapi_validate_certs: no
   ansible_httpapi_port: 443
  tasks:
  - name: Configure NP6 attributes.
    fortios_system_np6:
      vdom:  "{{ vdom }}"
      state: "present"
      access_token: "<your_own_value>"
      system_np6:
        fastpath: "disable"
        fp_anomaly:
            icmp_csum_err: "drop"
            icmp_frag: "allow"
            icmp_land: "allow"
            ipv4_csum_err: "drop"
            ipv4_land: "allow"
            ipv4_optlsrr: "allow"
            ipv4_optrr: "allow"
            ipv4_optsecurity: "allow"
            ipv4_optssrr: "allow"
            ipv4_optstream: "allow"
            ipv4_opttimestamp: "allow"
            ipv4_proto_err: "allow"
            ipv4_unknopt: "allow"
            ipv6_daddr_err: "allow"
            ipv6_land: "allow"
            ipv6_optendpid: "allow"
            ipv6_opthomeaddr: "allow"
            ipv6_optinvld: "allow"
            ipv6_optjumbo: "allow"
            ipv6_optnsap: "allow"
            ipv6_optralert: "allow"
            ipv6_opttunnel: "allow"
            ipv6_proto_err: "allow"
            ipv6_saddr_err: "allow"
            ipv6_unknopt: "allow"
            tcp_csum_err: "drop"
            tcp_fin_noack: "allow"
            tcp_fin_only: "allow"
            tcp_land: "allow"
            tcp_no_flag: "allow"
            tcp_syn_data: "allow"
            tcp_syn_fin: "allow"
            tcp_winnuke: "allow"
            udp_csum_err: "drop"
            udp_land: "allow"
        garbage_session_collector: "disable"
        hpe:
            arp_max: "200000"
            enable_shaper: "disable"
            esp_max: "200000"
            icmp_max: "200000"
            ip_frag_max: "200000"
            ip_others_max: "200000"
            l2_others_max: "200000"
            pri_type_max: "200000"
            sctp_max: "200000"
            tcp_max: "600000"
            tcpfin_rst_max: "600000"
            tcpsyn_ack_max: "600000"
            tcpsyn_max: "600000"
            udp_max: "600000"
        ipsec_ob_hash_function: "global-hash"
        ipsec_outbound_hash: "disable"
        low_latency_mode: "disable"
        name: "default_name_59"
        per_session_accounting: "disable"
        session_collector_interval: "64"
        session_timeout_fixed: "disable"
        session_timeout_interval: "40"
        session_timeout_random_range: "8"

Return Values

Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module:

build - Build number of the fortigate image returned: always type: str sample: 1547
http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
revision - Internal revision number returned: always type: str sample: 17.0.2.10658
serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
status - Indication of the operation's result returned: always type: str sample: success
vdom - Virtual domain used returned: always type: str sample: root
version - Version of the FortiGate returned: always type: str sample: v5.6.3

Status

This module is not guaranteed to have a backwards compatible interface.

Authors

Link Zheng (@chillancezen)
Jie Xue (@JieX19)
Hongbin Lu (@fgtdev-hblu)
Frank Shen (@frankshen01)
Miguel Angel Munoz (@mamunozgonzalez)
Nicolas Thomas (@thomnico)

Hint

If you notice any issues in this documentation, you can create a pull request to improve it.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fortios_system_np6.rst

fortios_system_np6.rst

fortios_system_np6 -- Configure NP6 attributes in Fortinet's FortiOS and FortiGate.

Synopsis

Requirements

Tips

FortiOS Version Compatibility

Parameters

Notes

Examples

Return Values

Status

Authors

Files

fortios_system_np6.rst

Latest commit

History

fortios_system_np6.rst

File metadata and controls

fortios_system_np6 -- Configure NP6 attributes in Fortinet's FortiOS and FortiGate.