config system npu

This command is available for model(s): FortiGate 1000D, FortiGate 1000F, FortiGate 1001F, FortiGate 100F, FortiGate 101F, FortiGate 1100E, FortiGate 1101E, FortiGate 120G, FortiGate 121G, FortiGate 1800F, FortiGate 1801F, FortiGate 2000E, FortiGate 200E, FortiGate 200F, FortiGate 201E, FortiGate 201F, FortiGate 2200E, FortiGate 2201E, FortiGate 2500E, FortiGate 2600F, FortiGate 2601F, FortiGate 3000D, FortiGate 3000F, FortiGate 3001F, FortiGate 300E, FortiGate 301E, FortiGate 3100D, FortiGate 3200D, FortiGate 3200F, FortiGate 3201F, FortiGate 3300E, FortiGate 3301E, FortiGate 3400E, FortiGate 3401E, FortiGate 3500F, FortiGate 3501F, FortiGate 3600E, FortiGate 3601E, FortiGate 3700D, FortiGate 3700F, FortiGate 3701F, FortiGate 3960E, FortiGate 3980E, FortiGate 400E Bypass, FortiGate 400E, FortiGate 400F, FortiGate 401E, FortiGate 401F, FortiGate 40F 3G4G, FortiGate 40F, FortiGate 4200F, FortiGate 4201F, FortiGate 4400F, FortiGate 4401F, FortiGate 5001E1, FortiGate 5001E, FortiGate 500E, FortiGate 501E, FortiGate 600E, FortiGate 600F, FortiGate 601E, FortiGate 601F, FortiGate 60F, FortiGate 61F, FortiGate 70F, FortiGate 71F, FortiGate 800D, FortiGate 80F Bypass, FortiGate 80F DSL, FortiGate 80F-POE, FortiGate 80F, FortiGate 81F, FortiGate 900D, FortiGate 900G, FortiGate 901G, FortiGate 90G, FortiGate 91G, FortiGateRugged 60F 3G4G, FortiGateRugged 60F, FortiGateRugged 70F 3G4G, FortiGateRugged 70F, FortiWiFi 40F 3G4G, FortiWiFi 40F, FortiWiFi 60F, FortiWiFi 61F, FortiWiFi 80F 2R 3G4G DSL, FortiWiFi 80F 2R, FortiWiFi 81F 2R 3G4G DSL, FortiWiFi 81F 2R 3G4G-POE, FortiWiFi 81F 2R-POE, FortiWiFi 81F 2R.

It is not available for: FortiGate VM ARM64 for Azure, FortiGate VM ARM64 for GCP BYOL, FortiGate VM ARM64 for OCI BYOL, FortiGate VM for Aliyun PAYG, FortiGate VM for AWS PAYG, FortiGate VM for Azure BYOL, FortiGate VM for Azure PAYG, FortiGate VM for GCP BYOL, FortiGate VM for OPC BYOL, FortiGate VM64.

Configure NPU attributes.

config system npu
    Description: Configure NPU attributes.
    config background-sse-scan
        Description: Configure driver background scan for SSE.
        set scan [disable|enable]
        set scan-stale {integer}
        set scan-vt {integer}
        set stats-qual-access {integer}
        set stats-qual-duration {integer}
        set stats-update-interval {integer}
        set udp-keepalive-interval {integer}
        set udp-qual-access {integer}
        set udp-qual-duration {integer}
    end
    set capwap-offload [enable|disable]
    set dedicated-lacp-queue [enable|disable]
    set dedicated-management-affinity {string}
    set dedicated-management-cpu [enable|disable]
    set default-qos-type [policing|shaping|...]
    set default-tcp-refresh-dir [both|outgoing|...]
    set default-udp-refresh-dir [both|outgoing|...]
    config dos-options
        Description: NPU DoS configurations.
        set npu-dos-meter-mode [global|local]
        set npu-dos-tpe-mode [enable|disable]
    end
    set double-level-mcast-offload [enable|disable]
    set dse-timeout {integer}
    config dsw-dts-profile
        Description: Configure NPU DSW DTS profile.
        edit <profile-id>
            set action [wait|drop|...]
            set min-limit {integer}
            set step {integer}
        next
    end
    config dsw-queue-dts-profile
        Description: Configure NPU DSW Queue DTS profile.
        edit <name>
            set iport [eif0|eif1|...]
            set oport [eif0|eif1|...]
            set profile-id {integer}
            set queue-select {integer}
        next
    end
    set fastpath [disable|enable]
    config fp-anomaly
        Description: IPv4/IPv6 anomaly protection.
        set icmp-csum-err [drop|trap-to-host]
        set icmp-frag [allow|drop|...]
        set icmp-land [allow|drop|...]
        set ipv4-csum-err [drop|trap-to-host]
        set ipv4-land [allow|drop|...]
        set ipv4-optlsrr [allow|drop|...]
        set ipv4-optrr [allow|drop|...]
        set ipv4-optsecurity [allow|drop|...]
        set ipv4-optssrr [allow|drop|...]
        set ipv4-optstream [allow|drop|...]
        set ipv4-opttimestamp [allow|drop|...]
        set ipv4-proto-err [allow|drop|...]
        set ipv4-unknopt [allow|drop|...]
        set ipv6-daddr-err [allow|drop|...]
        set ipv6-land [allow|drop|...]
        set ipv6-optendpid [allow|drop|...]
        set ipv6-opthomeaddr [allow|drop|...]
        set ipv6-optinvld [allow|drop|...]
        set ipv6-optjumbo [allow|drop|...]
        set ipv6-optnsap [allow|drop|...]
        set ipv6-optralert [allow|drop|...]
        set ipv6-opttunnel [allow|drop|...]
        set ipv6-proto-err [allow|drop|...]
        set ipv6-saddr-err [allow|drop|...]
        set ipv6-unknopt [allow|drop|...]
        set sctp-csum-err [allow|drop|...]
        set tcp-csum-err [drop|trap-to-host]
        set tcp-fin-noack [allow|drop|...]
        set tcp-fin-only [allow|drop|...]
        set tcp-land [allow|drop|...]
        set tcp-no-flag [allow|drop|...]
        set tcp-syn-data [allow|drop|...]
        set tcp-syn-fin [allow|drop|...]
        set tcp-winnuke [allow|drop|...]
        set udp-csum-err [drop|trap-to-host]
        set udp-land [allow|drop|...]
    end
    set gtp-enhanced-cpu-range [0|1|...]
    set gtp-enhanced-mode [enable|disable]
    set gtp-support [enable|disable]
    set hash-tbl-spread [enable|disable]
    set host-shortcut-mode [bi-directional|host-shortcut]
    config hpe
        Description: Host protection engine configuration.
        set all-protocol {integer}
        set arp-max {integer}
        set enable-shaper [disable|enable]
        set esp-max {integer}
        set high-priority {integer}
        set icmp-max {integer}
        set ip-frag-max {integer}
        set ip-others-max {integer}
        set l2-others-max {integer}
        set sctp-max {integer}
        set tcp-max {integer}
        set tcpfin-rst-max {integer}
        set tcpsyn-ack-max {integer}
        set tcpsyn-max {integer}
        set udp-max {integer}
    end
    set htab-dedi-queue-nr {integer}
    set htab-msg-queue [data|idle|...]
    set htx-gtse-quota [100Mbps|200Mbps|...]
    set htx-icmp-csum-chk [drop|pass]
    set hw-ha-scan-interval {integer}
    config icmp-error-rate-ctrl
        Description: Configure the rate of ICMP errors generated by this FortiGate, which is achieved by token bucket algorithm.
        set icmpv4-error-bucket-size {integer}
        set icmpv4-error-rate {integer}
        set icmpv4-error-rate-limit [enable|disable]
        set icmpv6-error-bucket-size {integer}
        set icmpv6-error-rate {integer}
        set icmpv6-error-rate-limit [enable|disable]
    end
    set inbound-dscp-copy-port <interface1>, <interface2>, ...
    set intf-shaping-offload [enable|disable]
    set ip-fragment-offload [disable|enable]
    config ip-reassembly
        Description: IP reassebmly engine configuration.
        set max-timeout {integer}
        set min-timeout {integer}
        set status [disable|enable]
    end
    set iph-rsvd-re-cksum [enable|disable]
    set ippool-overload-high {integer}
    set ippool-overload-low {integer}
    set ipsec-STS-timeout [1|2|...]
    set ipsec-dec-subengine-mask {user}
    set ipsec-enc-subengine-mask {user}
    set ipsec-inbound-cache [enable|disable]
    set ipsec-mtu-override [disable|enable]
    set ipsec-ob-np-sel [rr|Packet|...]
    set ipsec-over-vlink [enable|disable]
    set ipsec-throughput-msg-frequency [disable|32KB|...]
    set ipt-STS-timeout [1|2|...]
    set ipt-throughput-msg-frequency [disable|32KB|...]
    set ipv4-session-quota [enable|disable]
    set ipv4-session-quota-high {integer}
    set ipv4-session-quota-low {integer}
    set ipv6-prefix-session-quota [enable|disable]
    set ipv6-prefix-session-quota-high {integer}
    set ipv6-prefix-session-quota-low {integer}
    config isf-np-queues
        Description: Configure queues of switch port connected to NP6 XAUI on ingress path.
        set cos0 {string}
        set cos1 {string}
        set cos2 {string}
        set cos3 {string}
        set cos4 {string}
        set cos5 {string}
        set cos6 {string}
        set cos7 {string}
    end
    set lag-out-port-select [disable|enable]
    set max-receive-unit {integer}
    set max-session-timeout {integer}
    set mcast-session-accounting [tpe-based|session-based|...]
    set napi-break-interval {integer}
    config np-queues
        Description: Configure queue assignment on NP7.
        config ethernet-type
            Description: Configure a NP7 QoS Ethernet Type.
            edit <name>
                set queue {integer}
                set type {ether-type}
                set weight {integer}
            next
        end
        config ip-protocol
            Description: Configure a NP7 QoS IP Protocol.
            edit <name>
                set protocol {integer}
                set queue {integer}
                set weight {integer}
            next
        end
        config ip-service
            Description: Configure a NP7 QoS IP Service.
            edit <name>
                set dport {integer}
                set protocol {integer}
                set queue {integer}
                set sport {integer}
                set weight {integer}
            next
        end
        config profile
            Description: Configure a NP7 class profile.
            edit <id>
                set cos0 [queue0|queue1|...]
                set cos1 [queue0|queue1|...]
                set cos2 [queue0|queue1|...]
                set cos3 [queue0|queue1|...]
                set cos4 [queue0|queue1|...]
                set cos5 [queue0|queue1|...]
                set cos6 [queue0|queue1|...]
                set cos7 [queue0|queue1|...]
                set dscp0 [queue0|queue1|...]
                set dscp1 [queue0|queue1|...]
                set dscp10 [queue0|queue1|...]
                set dscp11 [queue0|queue1|...]
                set dscp12 [queue0|queue1|...]
                set dscp13 [queue0|queue1|...]
                set dscp14 [queue0|queue1|...]
                set dscp15 [queue0|queue1|...]
                set dscp16 [queue0|queue1|...]
                set dscp17 [queue0|queue1|...]
                set dscp18 [queue0|queue1|...]
                set dscp19 [queue0|queue1|...]
                set dscp2 [queue0|queue1|...]
                set dscp20 [queue0|queue1|...]
                set dscp21 [queue0|queue1|...]
                set dscp22 [queue0|queue1|...]
                set dscp23 [queue0|queue1|...]
                set dscp24 [queue0|queue1|...]
                set dscp25 [queue0|queue1|...]
                set dscp26 [queue0|queue1|...]
                set dscp27 [queue0|queue1|...]
                set dscp28 [queue0|queue1|...]
                set dscp29 [queue0|queue1|...]
                set dscp3 [queue0|queue1|...]
                set dscp30 [queue0|queue1|...]
                set dscp31 [queue0|queue1|...]
                set dscp32 [queue0|queue1|...]
                set dscp33 [queue0|queue1|...]
                set dscp34 [queue0|queue1|...]
                set dscp35 [queue0|queue1|...]
                set dscp36 [queue0|queue1|...]
                set dscp37 [queue0|queue1|...]
                set dscp38 [queue0|queue1|...]
                set dscp39 [queue0|queue1|...]
                set dscp4 [queue0|queue1|...]
                set dscp40 [queue0|queue1|...]
                set dscp41 [queue0|queue1|...]
                set dscp42 [queue0|queue1|...]
                set dscp43 [queue0|queue1|...]
                set dscp44 [queue0|queue1|...]
                set dscp45 [queue0|queue1|...]
                set dscp46 [queue0|queue1|...]
                set dscp47 [queue0|queue1|...]
                set dscp48 [queue0|queue1|...]
                set dscp49 [queue0|queue1|...]
                set dscp5 [queue0|queue1|...]
                set dscp50 [queue0|queue1|...]
                set dscp51 [queue0|queue1|...]
                set dscp52 [queue0|queue1|...]
                set dscp53 [queue0|queue1|...]
                set dscp54 [queue0|queue1|...]
                set dscp55 [queue0|queue1|...]
                set dscp56 [queue0|queue1|...]
                set dscp57 [queue0|queue1|...]
                set dscp58 [queue0|queue1|...]
                set dscp59 [queue0|queue1|...]
                set dscp6 [queue0|queue1|...]
                set dscp60 [queue0|queue1|...]
                set dscp61 [queue0|queue1|...]
                set dscp62 [queue0|queue1|...]
                set dscp63 [queue0|queue1|...]
                set dscp7 [queue0|queue1|...]
                set dscp8 [queue0|queue1|...]
                set dscp9 [queue0|queue1|...]
                set type [cos|dscp]
                set weight {integer}
            next
        end
        config scheduler
            Description: Configure a NP7 QoS Scheduler.
            edit <name>
                set mode [none|priority|...]
            next
        end
    end
    set np6-cps-optimization-mode [enable|disable]
    config npu-tcam
        Description: Configure NPU TCAM policies.
        edit <name>
            config data
                Description: Data fields of TCAM.
                set df [enable|disable]
                set dstip {ipv4-address-any}
                set dstipv6 {ipv6-address}
                set dstmac {mac-address}
                set dstport {integer}
                set ethertype {ether-type}
                set ext-tag [enable|disable]
                set frag-off {integer}
                set gen-buf-cnt {integer}
                set gen-iv [valid|invalid]
                set gen-l3-flags {integer}
                set gen-l4-flags {integer}
                set gen-pkt-ctrl {integer}
                set gen-pri {integer}
                set gen-pri-v [valid|invalid]
                set gen-tv [valid|invalid]
                set ihl {integer}
                set ip4-id {integer}
                set ip6-fl {integer}
                set ipver {integer}
                set l4-wd10 {integer}
                set l4-wd11 {integer}
                set l4-wd8 {integer}
                set l4-wd9 {integer}
                set mf [enable|disable]
                set protocol {integer}
                set slink {integer}
                set smac-change [enable|disable]
                set sp {integer}
                set src-cfi [enable|disable]
                set src-prio {integer}
                set src-updt [enable|disable]
                set srcip {ipv4-address-any}
                set srcipv6 {ipv6-address}
                set srcmac {mac-address}
                set srcport {integer}
                set svid {integer}
                set tcp-ack [enable|disable]
                set tcp-cwr [enable|disable]
                set tcp-ece [enable|disable]
                set tcp-fin [enable|disable]
                set tcp-push [enable|disable]
                set tcp-rst [enable|disable]
                set tcp-syn [enable|disable]
                set tcp-urg [enable|disable]
                set tgt-cfi [enable|disable]
                set tgt-prio {integer}
                set tgt-updt [enable|disable]
                set tgt-v [valid|invalid]
                set tos {integer}
                set tp {integer}
                set ttl {integer}
                set tvid {integer}
                set vdid {integer}
            end
            config mask
                Description: Mask fields of TCAM.
                set df [enable|disable]
                set dstip {ipv4-address-any}
                set dstipv6 {ipv6-address}
                set dstmac {mac-address}
                set dstport {integer}
                set ethertype {ether-type}
                set ext-tag [enable|disable]
                set frag-off {integer}
                set gen-buf-cnt {integer}
                set gen-iv [valid|invalid]
                set gen-l3-flags {integer}
                set gen-l4-flags {integer}
                set gen-pkt-ctrl {integer}
                set gen-pri {integer}
                set gen-pri-v [valid|invalid]
                set gen-tv [valid|invalid]
                set ihl {integer}
                set ip4-id {integer}
                set ip6-fl {integer}
                set ipver {integer}
                set l4-wd10 {integer}
                set l4-wd11 {integer}
                set l4-wd8 {integer}
                set l4-wd9 {integer}
                set mf [enable|disable]
                set protocol {integer}
                set slink {integer}
                set smac-change [enable|disable]
                set sp {integer}
                set src-cfi [enable|disable]
                set src-prio {integer}
                set src-updt [enable|disable]
                set srcip {ipv4-address-any}
                set srcipv6 {ipv6-address}
                set srcmac {mac-address}
                set srcport {integer}
                set svid {integer}
                set tcp-ack [enable|disable]
                set tcp-cwr [enable|disable]
                set tcp-ece [enable|disable]
                set tcp-fin [enable|disable]
                set tcp-push [enable|disable]
                set tcp-rst [enable|disable]
                set tcp-syn [enable|disable]
                set tcp-urg [enable|disable]
                set tgt-cfi [enable|disable]
                set tgt-prio {integer}
                set tgt-updt [enable|disable]
                set tgt-v [valid|invalid]
                set tos {integer}
                set tp {integer}
                set ttl {integer}
                set tvid {integer}
                set vdid {integer}
            end
            config mir-act
                Description: Mirror action of TCAM.
                set vlif {integer}
            end
            set oid {integer}
            config pri-act
                Description: Priority action of TCAM.
                set priority {integer}
                set weight {integer}
            end
            config sact
                Description: Source action of TCAM.
                set act {integer}
                set act-v [enable|disable]
                set bmproc {integer}
                set bmproc-v [enable|disable]
                set df-lif {integer}
                set df-lif-v [enable|disable]
                set dfr {integer}
                set dfr-v [enable|disable]
                set dmac-skip {integer}
                set dmac-skip-v [enable|disable]
                set dosen {integer}
                set dosen-v [enable|disable]
                set espff-proc {integer}
                set espff-proc-v [enable|disable]
                set etype-pid {integer}
                set etype-pid-v [enable|disable]
                set frag-proc {integer}
                set frag-proc-v [enable|disable]
                set fwd {integer}
                set fwd-lif {integer}
                set fwd-lif-v [enable|disable]
                set fwd-tvid {integer}
                set fwd-tvid-v [enable|disable]
                set fwd-v [enable|disable]
                set icpen {integer}
                set icpen-v [enable|disable]
                set igmp-mld-snp {integer}
                set igmp-mld-snp-v [enable|disable]
                set learn {integer}
                set learn-v [enable|disable]
                set m-srh-ctrl {integer}
                set m-srh-ctrl-v [enable|disable]
                set mac-id {integer}
                set mac-id-v [enable|disable]
                set mss {integer}
                set mss-v [enable|disable]
                set pleen {integer}
                set pleen-v [enable|disable]
                set prio-pid {integer}
                set prio-pid-v [enable|disable]
                set promis {integer}
                set promis-v [enable|disable]
                set rfsh {integer}
                set rfsh-v [enable|disable]
                set smac-skip {integer}
                set smac-skip-v [enable|disable]
                set tp-smchk-v [enable|disable]
                set tp_smchk {integer}
                set tpe-id {integer}
                set tpe-id-v [enable|disable]
                set vdm {integer}
                set vdm-v [enable|disable]
                set vdom-id {integer}
                set vdom-id-v [enable|disable]
                set x-mode {integer}
                set x-mode-v [enable|disable]
            end
            config tact
                Description: Target action of TCAM.
                set act {integer}
                set act-v [enable|disable]
                set fmtuv4-s {integer}
                set fmtuv4-s-v [enable|disable]
                set fmtuv6-s {integer}
                set fmtuv6-s-v [enable|disable]
                set lnkid {integer}
                set lnkid-v [enable|disable]
                set mac-id {integer}
                set mac-id-v [enable|disable]
                set mss-t {integer}
                set mss-t-v [enable|disable]
                set mtuv4 {integer}
                set mtuv4-v [enable|disable]
                set mtuv6 {integer}
                set mtuv6-v [enable|disable]
                set slif-act {integer}
                set slif-act-v [enable|disable]
                set sublnkid {integer}
                set sublnkid-v [enable|disable]
                set tgtv-act {integer}
                set tgtv-act-v [enable|disable]
                set tlif-act {integer}
                set tlif-act-v [enable|disable]
                set tpeid {integer}
                set tpeid-v [enable|disable]
                set v6fe {integer}
                set v6fe-v [enable|disable]
                set vep-en-v [enable|disable]
                set vep-slid {integer}
                set vep-slid-v [enable|disable]
                set vep_en {integer}
                set xlt-lif {integer}
                set xlt-lif-v [enable|disable]
                set xlt-vid {integer}
                set xlt-vid-v [enable|disable]
            end
            set type [L2_src_tc|L2_tgt_tc|...]
            set vid {integer}
        next
    end
    set pba-eim [disallow|allow]
    set pba-port-select-mode [random|direct]
    set per-policy-accounting [disable|enable]
    set per-session-accounting [traffic-log-only|disable|...]
    set ple-non-syn-tcp-action [forward|drop]
    config port-cpu-map
        Description: Configure NPU interface to CPU core mapping.
        edit <interface>
            set cpu-core {string}
        next
    end
    config port-npu-map
        Description: Configure port to NPU group mapping.
        edit <interface>
            set npu-group-index {integer}
        next
    end
    config port-path-option
        Description: Configure port using NPU or Intel-NIC.
        set ports-using-npu <interface-name1>, <interface-name2>, ...
    end
    config priority-protocol
        Description: Configure NPU priority protocol.
        set bfd [enable|disable]
        set bgp [enable|disable]
        set slbc [enable|disable]
    end
    set prp-session-clear-mode [blocking|non-blocking|...]
    set qos-mode [disable|priority|...]
    set qtm-buf-mode [6ch|4ch]
    set rdp-offload [enable|disable]
    set session-acct-interval {integer}
    set session-denied-offload [disable|enable]
    set shaping-stats [disable|enable]
    set spa-port-select-mode [random|direct]
    set split-ipsec-engines [disable|enable]
    set sse-backpressure [enable|disable]
    config sse-ha-scan
        Description: Configure driver HA scan for SSE.
        set gap {integer}
    end
    set strip-clear-text-padding [enable|disable]
    set strip-esp-padding [enable|disable]
    config sw-eh-hash
        Description: Configure switch enhanced hashing.
        set computation [xor16|xor8|...]
        set destination-ip-lower-16 [include|exclude]
        set destination-ip-upper-16 [include|exclude]
        set destination-port [include|exclude]
        set ip-protocol [include|exclude]
        set netmask-length {integer}
        set source-ip-lower-16 [include|exclude]
        set source-ip-upper-16 [include|exclude]
        set source-port [include|exclude]
    end
    set sw-np-bandwidth [0G|2G|...]
    config sw-tr-hash
        Description: Configure switch traditional hashing.
        set draco15 [enable|disable]
        set tcp-udp-port [include|exclude]
    end
    set switch-np-hash [src-ip|dst-ip|...]
    set tcp-rst-timeout {integer}
    set tunnel-over-vlink [enable|disable]
    set uesp-offload [enable|disable]
    set ull-port-mode [10G|25G]
    set vlan-lookup-cache [enable|disable]
    set vxlan-offload [enable|disable]
end

config system npu

Parameter

Description

Type

Size

Default

capwap-offload *

Enable/disable offloading managed FortiAP and FortiLink CAPWAP sessions.

option

enable

Option	Description
enable	Enable CAPWAP offload.
disable	Disable CAPWAP offload.

dedicated-lacp-queue *

Enable/disable dedication of HIF queue #0 for LACP.

option

disable

Option	Description
enable	Enable dedication of HIF queue #0 for LACP.
disable	Disable dedication of HIF queue #0 for LACP.

dedicated-management-affinity *

Affinity setting for management daemons (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).

string

Maximum length: 79

dedicated-management-cpu *

Enable to dedicate one CPU for GUI and CLI connections when NPs are busy.

option

disable

Option	Description
enable	Enable dedication of CPU #0 for management tasks.
disable	Disable dedication of CPU #0 for management tasks.

default-qos-type *

Set default QoS type.

option

policing

Option	Description
policing	QoS type policing.
shaping	QoS type shaping.
policing-enhanced	Enhanced QoS type policing.

default-tcp-refresh-dir *

Default SSE timeout TCP refresh direction.

option

both

Option	Description
both	refresh both directions.
outgoing	refresh outgoing direction(original).
incoming	refresh incoming direction(reply).

default-udp-refresh-dir *

Default SSE timeout UDP refresh direction.

option

both

Option	Description
both	refresh both directions.
outgoing	refresh outgoing direction(original).
incoming	refresh incoming direction(reply).

double-level-mcast-offload *

Enable double level mcast offload.

option

disable

Option	Description
enable	Enable double level mcast offload.
disable	Disable double level mcast offload.

dse-timeout *

DSE timeout in seconds.

integer

Minimum value: 0 Maximum value: 3600

fastpath *

Enable/disable NP6 offloading (also called fast path).

option

enable

Option	Description
disable	Disable NP6 offloading (fast path).
enable	Enable NP6 offloading (fast path).

gtp-enhanced-cpu-range *

GTP enhanced CPU range option.

option

Option	Description
0	Inspect GTPU packets by all CPUs.
1	Inspect GTPU packets by Master CPUs.
2	Inspect GTPU packets by Slave CPUs.

gtp-enhanced-mode *

Enable/disable GTP enhanced mode.

option

disable

Option	Description
enable	Enable GTP enhanced mode.
disable	Disable GTP enhanced mode.

gtp-support *

Enable/Disable NP7 GTP support

option

disable

Option	Description
enable	Enable NP7 GTP support
disable	Disable NP7 GTP support

hash-tbl-spread *

Enable/disable hash table entry spread.

option

enable

Option	Description
enable	Enable hash table entry spread.
disable	Disable hash table entry spread.

host-shortcut-mode *

Set NP6 host shortcut mode.

option

bi-directional

Option	Description
bi-directional	Offload TCP and IP Tunnel sessions in both directions between 10G and 1G interfaces (normal operation).
host-shortcut	Only offload TCP and IP Tunnel sessions received by 1G interfaces. Select if packets are dropped for offloaded traffic between 10G to 1G interfaces.

htab-dedi-queue-nr *

Set the number of dedicate queue for hash table messages.

integer

Minimum value: 1 Maximum value: 2

htab-msg-queue *

Set hash table message queue mode.

option

data

Option	Description
data	Use data queue.
idle	Use idle queue.
dedicated	Use dedicated queue.

htx-gtse-quota *

Configure HTX GTSE quota.

option

1Gbps

Option	Description
100Mbps	100Mbps.
200Mbps	200Mbps.
300Mbps	300Mbps.
400Mbps	400Mbps.
500Mbps	500Mbps.
600Mbps	600Mbps.
700Mbps	700Mbps.
800Mbps	800Mbps.
900Mbps	900Mbps.
1Gbps	1Gbps.
2Gbps	2Gbps.
4Gbps	4Gbps.
8Gbps	8Gbps.
10Gbps	10Gbps.

htx-icmp-csum-chk *

Set HTX icmp csum checking mode.

option

drop

Option	Description
drop	Drop bad icmp csum.
pass	Pass bad icmp csum.

hw-ha-scan-interval *

HW HA periodical scan interval in seconds.

integer

Minimum value: 0 Maximum value: 3600

inbound-dscp-copy-port <interface> *

Physical interfaces that support inbound-dscp-copy.

Physical interface name.

string

Maximum length: 15

intf-shaping-offload *

Enable/disable NPU offload when doing interface-based traffic shaping according to the egress-shaping-profile.

option

disable

Option	Description
enable	Enable NPU offload when doing interface-based traffic shaping according to the egress-shaping-profile.
disable	Disable NPU offload when doing interface-based traffic shaping according to the egress-shaping-profile.

ip-fragment-offload *

Enable/disable NP7 NPU IP fragment offload.

option

enable

Option	Description
disable	Disable IP fragment offload.
enable	Enable IP fragment offload.

iph-rsvd-re-cksum *

Enable/disable IP checksum re-calculation for packets with iph.reserved bit set.

option

disable

Option	Description
enable	Enable IP checksum re-calculation for packets with iph.reserved bit set.
disable	Disable IP checksum re-calculation for packets with iph.reserved bit set.

ippool-overload-high *

High threshold for overload ippool port reuse.

integer

Minimum value: 100 Maximum value: 2000

200

ippool-overload-low *

Low threshold for overload ippool port reuse.

integer

Minimum value: 100 Maximum value: 2000

150

ipsec-STS-timeout *

Set NP7Lite IPsec STS msg timeout.

option

Option	Description
1	Set NP7Lite STS message timeout to 1 sec(recommended for IPSec throughput GUI).
2	Set NP7Lite STS message timeout to 2 sec.
3	Set NP7Lite STS message timeout to 3 sec.
4	Set NP7Lite STS message timeout to 4 sec.
5	Set NP7Lite STS message timeout to 5 sec(default).
6	Set NP7Lite STS message timeout to 6 sec.
7	Set NP7Lite STS message timeout to 7 sec.
8	Set NP7Lite STS message timeout to 8 sec.
9	Set NP7Lite STS message timeout to 9 sec.
10	Set NP7Lite STS message timeout to 10 sec.

ipsec-dec-subengine-mask *

IPsec decryption subengine mask.

user

Not Specified

ipsec-enc-subengine-mask *

IPsec encryption subengine mask.

user

Not Specified

ipsec-inbound-cache *

Enable/disable IPsec inbound cache for anti-replay.

option

enable

Option	Description
enable	Enable inbound cache always.
disable	Disable inbound cache when IPsec anti-replay is on.

ipsec-mtu-override *

Enable/disable NP6 IPsec MTU override.

option

disable

Option	Description
disable	Disable NP6 IPsec MTU override.
enable	Enable NP6 IPsec MTU override.

ipsec-ob-np-sel *

IPsec NP selection for OB SA offloading.

option

Option	Description
rr	Round Robin.
Packet	NPU of the first packet.
Hash	Hash.

ipsec-over-vlink *

Enable/disable IPsec over vlink.

option

disable

Option	Description
enable	Enable IPSEC over vlink.
disable	Disable IPSEC over vlink.

ipsec-throughput-msg-frequency *

Set NP7Lite IPsec throughput msg frequency: 0--disable 1--32KB 3--64KB ... 0x3fff--256MB 0x7fff--512MB 0xffff--1GB.

option

disable

Option	Description
disable	Disable NP7Lite throughput update message.
32KB	Set NP7Lite throughput update message frequency to 32KB.
64KB	Set NP7Lite throughput update message frequency to 64KB.
128KB	Set NP7Lite throughput update message frequency to 128KB.
256KB	Set NP7Lite throughput update message frequency to 256KB.
512KB	Set NP7Lite throughput update message frequency to 512KB.
1MB	Set NP7Lite throughput update message frequency to 1MB.
2MB	Set NP7Lite throughput update message frequency to 2MB.
4MB	Set NP7Lite throughput update message frequency to 4MB.
8MB	Set NP7Lite throughput update message frequency to 8MB.
16MB	Set NP7Lite throughput update message frequency to 16MB.
32MB	Set NP7Lite throughput update message frequency to 32MB.
64MB	Set NP7Lite throughput update message frequency to 64MB.
128MB	Set NP7Lite throughput update message frequency to 128MB.
256MB	Set NP7Lite throughput update message frequency to 256MB.
512MB	Set NP7Lite throughput update message frequency to 512MB.
1GB	Set NP7Lite throughput update message frequency to 1GB.

ipt-STS-timeout *

Set NP7Lite IPT STS msg timeout.

option

Option	Description
1	Set NP7Lite STS message timeout to 1 sec(recommended for IPSec throughput GUI).
2	Set NP7Lite STS message timeout to 2 sec.
3	Set NP7Lite STS message timeout to 3 sec.
4	Set NP7Lite STS message timeout to 4 sec.
5	Set NP7Lite STS message timeout to 5 sec(default).
6	Set NP7Lite STS message timeout to 6 sec.
7	Set NP7Lite STS message timeout to 7 sec.
8	Set NP7Lite STS message timeout to 8 sec.
9	Set NP7Lite STS message timeout to 9 sec.
10	Set NP7Lite STS message timeout to 10 sec.

ipt-throughput-msg-frequency *

Set NP7Lite IPT throughput msg frequency: 0--disable 1--32KB 3--64KB ... 0x3fff--256MB 0x7fff--512MB 0xffff--1GB.

option

disable

Option	Description
disable	Disable NP7Lite throughput update message.
32KB	Set NP7Lite throughput update message frequency to 32KB.
64KB	Set NP7Lite throughput update message frequency to 64KB.
128KB	Set NP7Lite throughput update message frequency to 128KB.
256KB	Set NP7Lite throughput update message frequency to 256KB.
512KB	Set NP7Lite throughput update message frequency to 512KB.
1MB	Set NP7Lite throughput update message frequency to 1MB.
2MB	Set NP7Lite throughput update message frequency to 2MB.
4MB	Set NP7Lite throughput update message frequency to 4MB.
8MB	Set NP7Lite throughput update message frequency to 8MB.
16MB	Set NP7Lite throughput update message frequency to 16MB.
32MB	Set NP7Lite throughput update message frequency to 32MB.
64MB	Set NP7Lite throughput update message frequency to 64MB.
128MB	Set NP7Lite throughput update message frequency to 128MB.
256MB	Set NP7Lite throughput update message frequency to 256MB.
512MB	Set NP7Lite throughput update message frequency to 512MB.
1GB	Set NP7Lite throughput update message frequency to 1GB.

ipv4-session-quota *

Enable/Disable NoNAT IPv4 session quota for hyperscale VDOMs.

option

disable

Option	Description
enable	Enable IPv4 prefix session quota.
disable	Disable IPv4 prefix session quota.

ipv4-session-quota-high *

Configure NoNAT IPv4 session quota high threshold.

integer

Minimum value: 0 Maximum value: 1073741823

1073741823

ipv4-session-quota-low *

Configure NoNAT IPv4 session quota low threshold.

integer

Minimum value: 0 Maximum value: 536870911

536870911

ipv6-prefix-session-quota *

Enable/Disable hardware IPv6 /64 prefix session quota for hyperscale VDOMs.

option

disable

Option	Description
enable	Enable IPv6 prefix session quota.
disable	Disable IPv6 prefix session quota.

ipv6-prefix-session-quota-high *

Configure IPv6 prefix session quota high threshold.

integer

Minimum value: 0 Maximum value: 1073741823

1073741823

ipv6-prefix-session-quota-low *

Configure IPv6 prefix session quota low threshold.

integer

Minimum value: 0 Maximum value: 536870911

536870911

lag-out-port-select *

Enable/disable LAG outgoing port selection based on incoming traffic port.

option

disable

Option	Description
disable	Disable LAG outgoing trunk in switch.
enable	Enable LAG outgoing trunk in switch.

max-receive-unit *

Set the maximum packet size for receive, larger packets will be silently dropped.

integer

Minimum value: 64 Maximum value: 10000

10000

max-session-timeout *

Maximum time interval for refreshing NPU-offloaded sessions.

integer

Minimum value: 10 Maximum value: 1000

mcast-session-accounting *

Enable/disable traffic accounting for each multicast session through TAE counter.

option

tpe-based

Option	Description
tpe-based	Enable TPE-based multicast session accounting.
session-based	Enable session-based multicast session accounting.
disable	Disable multicast session accounting.

napi-break-interval *

NAPI break interval.

integer

Minimum value: 0 Maximum value: 65535

np6-cps-optimization-mode *

Enable/disable NP6 connection per second (CPS) optimization mode.

option

disable

Option	Description
enable	Enable NP6 connection per second (CPS) optimization mode.
disable	Disable NP6 connection per second (CPS) optimization mode.

pba-eim *

Configure option for PBA(non-overload)/EIM combination.

option

allow

Option	Description
disallow	Disallow PBA(non-overload)/EIM combination in SNAT policy.
allow	Allow PBA(non-overload)/EIM combination in SNAT policy.

pba-port-select-mode *

Port selection mode for PBA IP pool.

option

direct

Option	Description
random	Randomized port selection mode.
direct	Direct port selection mode.

per-policy-accounting *

Set per-policy accounting.

option

disable

Option	Description
disable	Disable per-policy hit count.
enable	Enable per-policy hit count

per-session-accounting *

Set per-session accounting.

option

traffic-log-only

Option	Description
traffic-log-only	Per-session accounting only for sessions with traffic logging
disable	Disable per-session accounting.
enable	Per-session accounting for all sessions.

ple-non-syn-tcp-action *

Configure action for the PLE to take on TCP packets that have the SYN field unset.

option

forward

Option	Description
forward	PLE forwards all TCP packets to the CPU that have the SYN field unset(default).
drop	PLE drops all TCP packets that have the SYN field unset.

prp-session-clear-mode *

PRP session clear mode for excluded ip sessions.

option

blocking

Option	Description
blocking	Session clearing will block the current task until it is done.
non-blocking	Session clearing executes in another thread and will not block the current task.
do-not-clear	Don't clear sessions

qos-mode *

QoS mode on switch and NP.

option

disable

Option	Description
disable	Disable QoS on switch and NP.
priority	Priority based.
round-robin	Round Robin Scheduler.

qtm-buf-mode *

QTM channel configuration for packet buffer.

option

6ch

Option	Description
6ch	6 DRAM channels for packet buffer.
4ch	4 DRAM channels for packet buffer.

rdp-offload *

Enable/disable RDP offload.

option

enable

Option	Description
enable	Enable reliable datagram protocol traffic offload.
disable	Disable reliable datagram protocol traffic offload.

session-acct-interval *

Session accounting update interval.

integer

Minimum value: 1 Maximum value: 10

session-denied-offload *

Enable/disable offloading of denied sessions. Requires ses-denied-traffic to be set.

option

disable

Option	Description
disable	Disable offloading of denied sessions.
enable	Enable offloading of denied sessions.

shaping-stats *

Enable/disable NP7 traffic shaping statistics.

option

disable

Option	Description
disable	Disable NP7 traffic shaping statistics.
enable	Enable NP7 traffic shaping statistics.

spa-port-select-mode *

Port selection mode for SPA IP pool.

option

direct

Option	Description
random	Randomized port selection mode.
direct	Direct port selection mode.

split-ipsec-engines *

Enable/disable Split IPsec Engines.

option

disable

Option	Description
disable	Disable Split IPsec Engines.
enable	Enable Split IPsec Engines.

sse-backpressure *

Enable/disable SSE backpressure.

option

disable

Option	Description
enable	Enable SSE backpressureg.
disable	Disable SSE backpressureg.

strip-clear-text-padding *

Enable/disable stripping clear text padding.

option

disable

Option	Description
enable	Enable stripping clear text padding.
disable	Disable stripping clear text padding.

strip-esp-padding *

Enable/disable stripping ESP padding.

option

disable

Option	Description
enable	Enable stripping ESP padding.
disable	Disable stripping ESP padding.

sw-np-bandwidth *

Bandwidth from switch to NP.

option

Option	Description
0G	Default value. No bandwidth control.
2G	2Gbps.
4G	4Gbps.
5G	5Gbps.
6G	6Gbps.
7G	7Gbps.
8G	8Gbps.
9G	9Gbps.

switch-np-hash *

Switch-NP trunk port selection Criteria.

option

src-dst-ip

Option	Description
src-ip	Source IP address.
dst-ip	Destination IP address.
src-dst-ip	Source+dest IP address.

tcp-rst-timeout *

TCP RST timeout in seconds.

integer

Minimum value: 0 Maximum value: 3600

tunnel-over-vlink *

Enable/disable selection of which NP6 chip the tunnel uses.

option

enable

Option	Description
enable	Use the bundled NP6 chip for tunnels.
disable	Use the ingress NP6 chip for tunnels.

uesp-offload *

Enable/disable UDP-encapsulated ESP offload.

option

disable

Option	Description
enable	Enable UDP-encapsulated ESP traffic offload.
disable	Disable UDP-encapsulated ESP traffic offload.

ull-port-mode *

Set ULL port's speed to 10G/25G.

option

10G

Option	Description
10G	10G speed setting for ULL ports.
25G	25G speed setting for ULL ports.

vlan-lookup-cache *

Enable/disable vlan lookup cache.

option

enable

Option	Description
enable	Enable VLAN lookup cache.
disable	Disable VLAN lookup cache.

vxlan-offload *

Enable/disable offloading vxlan.

option

enable

Option	Description
enable	Enable Vxlan offload.
disable	Disable Vxlan offload.

* This parameter may not exist in some models.

config background-sse-scan

Parameter

Description

Type

Size

Default

scan

Enable/disable background SSE scan by driver thread.

option

enable

Option	Description
disable	Disable background sse scan.
enable	Enable background sse scan(default).

scan-stale

Configure scanning of active or stale sessions.

integer

Minimum value: 0 Maximum value: 1

scan-vt

Select version/type to scan: bit-0: 44; bit-1: 46; bit-2: 64; bit-3: 66.

integer

Minimum value: 0 Maximum value: 15

stats-qual-access

Statistics update access qualification in seconds.

integer

Minimum value: 0 Maximum value: 1073741823

180

stats-qual-duration

Statistics update duration qualification in seconds.

integer

Minimum value: 0 Maximum value: 1073741823

300

stats-update-interval

Statistics update interval in seconds. Must be greater than or equal to 300.

integer

Minimum value: 300 Maximum value: 1073741823

300

udp-keepalive-interval

UDP keepalive interval in seconds. Must be greater than or equal to 90.

integer

Minimum value: 90 Maximum value: 1073741823

udp-qual-access

UDP keepalive access qualification in seconds.

integer

Minimum value: 0 Maximum value: 1073741823

udp-qual-duration

UDP keepalive duration qualification in seconds.

integer

Minimum value: 0 Maximum value: 1073741823

config dos-options

Parameter

Description

Type

Size

Default

npu-dos-meter-mode

Set DoS meter NPU offloading mode.

option

global

Option	Description
global	Install DoS meter to all NPs.
local	Install DoS meter only to the NP assigned to the traffic.

npu-dos-tpe-mode

Enable/disable insertion of DoS meter ID to session table.

option

enable

Option	Description
enable	Enable insertion of DoS meter ID to session table.
disable	Disable insertion of DoS meter ID to session table.

config dsw-dts-profile

Parameter

Description

Type

Size

Default

action

Set NPU DSW DTS profile action.

option

wait

Option	Description
wait	DSW DTS profile WAIT indefinitely.
drop	DSW DTS profile DROP immediately.
drop_tmr_0	DSW DTS profile DROP after interval #0 time-out.
drop_tmr_1	DSW DTS profile DROP after interval #1 time-out.
enque	DSW DTS profile ENQUE immediately.
enque_0	DSW DTS profile ENQUE after interval #0 time-out.
enque_1	DSW DTS profile ENQUE after interval #1 time-out.

min-limit

Set NPU DSW DTS profile min-limt.

integer

Minimum value: 32 Maximum value: 2048

profile-id

Set NPU DSW DTS profile profile id.

integer

Minimum value: 1 Maximum value: 32

step

Set NPU DSW DTS profile step.

integer

Minimum value: 0 Maximum value: 64

config dsw-queue-dts-profile

Parameter

Description

Type

Size

Default

iport

Set NPU DSW DTS in port.

option

eif0 **

Option	Description
eif0	DSW IPORT EIF0.
eif1	DSW IPORT EIF1.
eif2	DSW IPORT EIF2.
eif3	DSW IPORT EIF3.
eif4	DSW IPORT EIF4.
eif5	DSW IPORT EIF5.
eif6	DSW IPORT EIF6.
eif7	DSW IPORT EIF7.
htx0	DSW IPORT HTX0.
htx1	DSW IPORT HTX1.
sse0	DSW IPORT SSE0.
sse1	DSW IPORT SSE1.
sse2	DSW IPORT SSE2.
sse3	DSW IPORT SSE3.
rlt	DSW IPORT RLT.
dfr	DSW IPORT DFR.
ipseci	DSW IPORT IPSECI.
ipseco	DSW IPORT IPSECO.
ipti	DSW IPORT IPTI.
ipto	DSW IPORT IPTO.
vep0	DSW IPORT VEP0.
vep2	DSW IPORT VEP2.
vep4	DSW IPORT VEP4.
vep6	DSW IPORT VEP6.
ivs	DSW IPORT IVS.
l2ti1	DSW IPORT L2TI1.
l2to	DSW IPORT L2TO.
l2ti0	DSW IPORT L2TI0.
ple	DSW IPORT PLE.
spath	DSW IPORT SPATH.
qtm	DSW IPORT QTM.

name

Name.

string

Maximum length: 35

oport

Set NPU DSW DTS out port.

option

eif0 **

Option	Description
eif0	DSW OPORT EIF0.
eif1	DSW OPORT EIF1.
eif2	DSW OPORT EIF2.
eif3	DSW OPORT EIF3.
eif4	DSW OPORT EIF4.
eif5	DSW OPORT EIF5.
eif6	DSW OPORT EIF6.
eif7	DSW OPORT EIF7.
hrx	DSW OPORT HRX.
sse0	DSW OPORT SSE0.
sse1	DSW OPORT SSE1.
sse2	DSW OPORT SSE2.
sse3	DSW OPORT SSE3.
rlt	DSW OPORT RLT.
dfr	DSW OPORT DFR.
ipseci	DSW OPORT IPSECI.
ipseco	DSW OPORT IPSECO.
ipti	DSW OPORT IPTI.
ipto	DSW OPORT IPTO.
vep0	DSW OPORT VEP0.
vep2	DSW OPORT VEP2.
vep4	DSW OPORT VEP4.
vep6	DSW OPORT VEP6.
ivs	DSW OPORT IVS.
l2ti1	DSW OPORT L2TI1.
l2to	DSW OPORT L2TO.
l2ti0	DSW OPORT L2TI0.
ple	DSW OPORT PLE.
sync	DSW OPORT SYNK.
nss	DSW OPORT NSS.
tsk	DSW OPORT TSK.
qtm	DSW OPORT QTM.

profile-id

Set NPU DSW DTS profile ID.

integer

Minimum value: 1 Maximum value: 32

queue-select

Set NPU DSW DTS queue ID select.

integer

Minimum value: 0 Maximum value: 4095

** Values may differ between models.

config fp-anomaly

Parameter

Description

Type

Size

Default

icmp-csum-err

Invalid IPv4 ICMP checksum anomalies.

option

drop

Option	Description
drop	Drop IPv4 invalid ICMP checksum.
trap-to-host	Forward IPv4 invalid ICMP checksum to main CPU for processing.

icmp-frag *

Layer 3 fragmented packets that could be part of layer 4 ICMP anomalies.

option

allow

Option	Description
allow	Allow L3 fragment packet with L4 protocol as ICMP attack to pass.
drop	Drop L3 fragment packet with L4 protocol as ICMP attack.
trap-to-host	Forward L3 fragment packet with L4 protocol as ICMP attack to FortiOS.

icmp-land *

ICMP land anomalies.

option

trap-to-host

Option	Description
allow	Allow ICMP land attack to pass.
drop	Drop ICMP land attack.
trap-to-host	Forward ICMP land attack to FortiOS.

ipv4-csum-err

Invalid IPv4 IP checksum anomalies.

option

drop

Option	Description
drop	Drop IPv4 invalid IP checksum.
trap-to-host	Forward IPv4 invalid IP checksum to main CPU for processing.

ipv4-land *

Land anomalies.

option

trap-to-host

Option	Description
allow	Allow IPv4 land attack to pass.
drop	Drop IPv4 land attack.
trap-to-host	Forward IPv4 land attack to FortiOS.

ipv4-optlsrr *

Loose source record route option anomalies.

option

trap-to-host

Option	Description
allow	Allow IPv4 with loose source record route option to pass.
drop	Drop IPv4 with loose source record route option.
trap-to-host	Forward IPv4 with loose source record route option to FortiOS.

ipv4-optrr *

Record route option anomalies.

option

trap-to-host

Option	Description
allow	Allow IPv4 with record route option to pass.
drop	Drop IPv4 with record route option.
trap-to-host	Forward IPv4 with record route option to FortiOS.

ipv4-optsecurity *

Security option anomalies.

option

trap-to-host

Option	Description
allow	Allow IPv4 with security option to pass.
drop	Drop IPv4 with security option.
trap-to-host	Forward IPv4 with security option to FortiOS.

ipv4-optssrr *

Strict source record route option anomalies.

option

trap-to-host

Option	Description
allow	Allow IPv4 with strict source record route option to pass.
drop	Drop IPv4 with strict source record route option.
trap-to-host	Forward IPv4 with strict source record route option to FortiOS.

ipv4-optstream *

Stream option anomalies.

option

trap-to-host

Option	Description
allow	Allow IPv4 with stream option to pass.
drop	Drop IPv4 with stream option.
trap-to-host	Forward IPv4 with stream option to FortiOS.

ipv4-opttimestamp *

Timestamp option anomalies.

option

trap-to-host

Option	Description
allow	Allow IPv4 with timestamp option to pass.
drop	Drop IPv4 with timestamp option.
trap-to-host	Forward IPv4 with timestamp option to FortiOS.

ipv4-proto-err *

Invalid layer 4 protocol anomalies.

option

trap-to-host

Option	Description
allow	Allow IPv4 invalid L4 protocol to pass.
drop	Drop IPv4 invalid L4 protocol.
trap-to-host	Forward IPv4 invalid L4 protocol to FortiOS.

ipv4-unknopt *

Unknown option anomalies.

option

trap-to-host

Option	Description
allow	Allow IPv4 with unknown options to pass.
drop	Drop IPv4 with unknown options.
trap-to-host	Forward IPv4 with unknown options to FortiOS.

ipv6-daddr-err *

Destination address as unspecified or loopback address anomalies.

option

trap-to-host

Option	Description
allow	Allow IPv6 with destination address as unspecified or loopback address to pass.
drop	Drop IPv6 with destination address as unspecified or loopback address.
trap-to-host	Forward IPv6 with destination address as unspecified or loopback address to FortiOS.

ipv6-land *

Land anomalies.

option

trap-to-host

Option	Description
allow	Allow IPv6 land attack to pass.
drop	Drop IPv6 land attack.
trap-to-host	Forward IPv6 land attack to FortiOS.

ipv6-optendpid *

End point identification anomalies.

option

trap-to-host

Option	Description
allow	Allow IPv6 with end point identification option to pass.
drop	Drop IPv6 with end point identification option.
trap-to-host	Forward IPv6 with end point identification option to FortiOS.

ipv6-opthomeaddr *

Home address option anomalies.

option

trap-to-host

Option	Description
allow	Allow IPv6 with home address option to pass.
drop	Drop IPv6 with home address option.
trap-to-host	Forward IPv6 with home address option to FortiOS.

ipv6-optinvld *

Invalid option anomalies.Invalid option anomalies.

option

trap-to-host

Option	Description
allow	Allow IPv6 with invalid option to pass.
drop	Drop IPv6 with invalid option.
trap-to-host	Forward IPv6 with invalid option to FortiOS.

ipv6-optjumbo *

Jumbo options anomalies.

option

trap-to-host

Option	Description
allow	Allow IPv6 with jumbo option to pass.
drop	Drop IPv6 with jumbo option.
trap-to-host	Forward IPv6 with jumbo option to FortiOS.

ipv6-optnsap *

Network service access point address option anomalies.

option

trap-to-host

Option	Description
allow	Allow IPv6 with network service access point address option to pass.
drop	Drop IPv6 with network service access point address option.
trap-to-host	Forward IPv6 with network service access point address option to FortiOS.

ipv6-optralert *

Router alert option anomalies.

option

trap-to-host

Option	Description
allow	Allow IPv6 with router alert option to pass.
drop	Drop IPv6 with router alert option.
trap-to-host	Forward IPv6 with router alert option to FortiOS.

ipv6-opttunnel *

Tunnel encapsulation limit option anomalies.

option

trap-to-host

Option	Description
allow	Allow IPv6 with tunnel encapsulation limit to pass.
drop	Drop IPv6 with tunnel encapsulation limit.
trap-to-host	Forward IPv6 with tunnel encapsulation limit to FortiOS.

ipv6-proto-err *

Layer 4 invalid protocol anomalies.

option

trap-to-host

Option	Description
allow	Allow IPv6 L4 invalid protocol to pass.
drop	Drop IPv6 L4 invalid protocol.
trap-to-host	Forward IPv6 L4 invalid protocol to FortiOS.

ipv6-saddr-err *

Source address as multicast anomalies.

option

trap-to-host

Option	Description
allow	Allow IPv6 with source address as multicast to pass.
drop	Drop IPv6 with source address as multicast.
trap-to-host	Forward IPv6 with source address as multicast to FortiOS.

ipv6-unknopt *

Unknown option anomalies.

option

trap-to-host

Option	Description
allow	Allow IPv6 with unknown options to pass.
drop	Drop IPv6 with unknown options.
trap-to-host	Forward IPv6 with unknown options to FortiOS.

sctp-csum-err *

Invalid IPv4 SCTP checksum anomalies.

option

drop

Option	Description
allow	Allow IPv4 invalid SCTP checksum.
drop	Drop IPv4 invalid SCTP checksum.
trap-to-host	Forward IPv4 invalid SCTP checksum to main CPU for processing.

tcp-csum-err

Invalid IPv4 TCP checksum anomalies.

option

drop

Option	Description
drop	Drop IPv4 invalid TCP checksum.
trap-to-host	Forward IPv4 invalid TCP checksum to main CPU for processing.

tcp-fin-noack *

TCP SYN flood with FIN flag set without ACK setting anomalies.

option

trap-to-host

Option	Description
allow	Allow TCP packets with FIN flag set without ack setting to pass.
drop	Drop TCP packets with FIN flag set without ack setting.
trap-to-host	Forward TCP packets with FIN flag set without ack setting to FortiOS.

tcp-fin-only *

TCP SYN flood with only FIN flag set anomalies.

option

trap-to-host

Option	Description
allow	Allow TCP packets with FIN flag set only to pass.
drop	Drop TCP packets with FIN flag set only.
trap-to-host	Forward TCP packets with FIN flag set only to FortiOS.

tcp-land *

TCP land anomalies.

option

trap-to-host

Option	Description
allow	Allow TCP land attack to pass.
drop	Drop TCP land attack.
trap-to-host	Forward TCP land attack to FortiOS.

tcp-no-flag *

TCP SYN flood with no flag set anomalies.

option

allow

Option	Description
allow	Allow TCP packets without flag set to pass.
drop	Drop TCP packets without flag set.
trap-to-host	Forward TCP packets without flag set to FortiOS.

tcp-syn-data *

TCP SYN flood packets with data anomalies.

option

allow

Option	Description
allow	Allow TCP syn packets with data to pass.
drop	Drop TCP syn packets with data.
trap-to-host	Forward TCP syn packets with data to FortiOS.

tcp-syn-fin *

TCP SYN flood SYN/FIN flag set anomalies.

option

allow

Option	Description
allow	Allow TCP packets with syn_fin flag set to pass.
drop	Drop TCP packets with syn_fin flag set.
trap-to-host	Forward TCP packets with syn_fin flag set to FortiOS.

tcp-winnuke *

TCP WinNuke anomalies.

option

trap-to-host

Option	Description
allow	Allow TCP packets winnuke attack to pass.
drop	Drop TCP packets winnuke attack.
trap-to-host	Forward TCP packets winnuke attack to FortiOS.

udp-csum-err

Invalid IPv4 UDP checksum anomalies.

option

drop

Option	Description
drop	Drop IPv4 invalid UDP checksum.
trap-to-host	Forward IPv4 invalid UDP checksum to main CPU for processing.

udp-land *

UDP land anomalies.

option

trap-to-host

Option	Description
allow	Allow UDP land attack to pass.
drop	Drop UDP land attack.
trap-to-host	Forward UDP land attack to FortiOS.

* This parameter may not exist in some models.

config hpe

Parameter

Description

Type

Size

Default

all-protocol

Maximum packet rate of each host queue except high priority traffic, set 0 to disable.

integer

Minimum value: 0 Maximum value: 32000000

400000 **

arp-max

Maximum ARP packet rate. Entry is valid when ARP is removed from high-priority traffic.

integer

Minimum value: 1000 Maximum value: 32000000

5000

enable-shaper

Enable/Disable NPU Host Protection Engine (HPE) for packet type shaper.

option

disable

Option	Description
disable	Disable NPU HPE shaping based on packet type.
enable	Enable NPU HPE shaping based on packet type.

esp-max

Maximum ESP packet rate.

integer

Minimum value: 1000 Maximum value: 32000000

5000

high-priority

Maximum packet rate for high priority traffic packets.

integer

Minimum value: 1000 Maximum value: 32000000

400000 **

icmp-max

Maximum ICMP packet rate.

integer

Minimum value: 1000 Maximum value: 32000000

5000

ip-frag-max

Maximum fragmented IP packet rate.

integer

Minimum value: 1000 Maximum value: 32000000

5000

ip-others-max

Maximum IP packet rate for other packets.

integer

Minimum value: 1000 Maximum value: 32000000

5000

l2-others-max

Maximum L2 packet rate for L2 packets that are not ARP packets.

integer

Minimum value: 1000 Maximum value: 32000000

5000

sctp-max

Maximum SCTP packet rate.

integer

Minimum value: 1000 Maximum value: 32000000

5000

tcp-max

Maximum TCP packet rate.

integer

Minimum value: 1000 Maximum value: 32000000

40000

tcpfin-rst-max

Maximum TCP carries FIN or RST flags packet rate.

integer

Minimum value: 1000 Maximum value: 32000000

40000

tcpsyn-ack-max

Maximum TCP carries SYN and ACK flags packet rate.

integer

Minimum value: 1000 Maximum value: 32000000

40000

tcpsyn-max

Maximum TCP SYN packet rate.

integer

Minimum value: 1000 Maximum value: 32000000

40000

udp-max

Maximum UDP packet rate.

integer

Minimum value: 1000 Maximum value: 32000000

40000

** Values may differ between models.

config icmp-error-rate-ctrl

Parameter

Description

Type

Size

Default

icmpv4-error-bucket-size

Bucket size used in the token bucket algorithm for controlling the flow of ICMPv4 error packets.

integer

Minimum value: 1 Maximum value: 100

icmpv4-error-rate

Average rate of ICMPv4 error packets that allowed to be generated per second.

integer

Minimum value: 1 Maximum value: 100

icmpv4-error-rate-limit

Enable to limit the ICMPv4 error packets generated by this FortiGate.

option

enable

Option	Description
enable	Enable rate limiting for ICMPv4 error packets generated by this FortiGate.
disable	Disable rate limiting for ICMPv4 error packets generated by this FortiGate.

icmpv6-error-bucket-size

Bucket size used in the token bucket algorithm for controlling the flow of ICMPv6 error packets.

integer

Minimum value: 1 Maximum value: 100

icmpv6-error-rate

Average rate of ICMPv6 error packets that allowed to be generated per second.

integer

Minimum value: 1 Maximum value: 100

icmpv6-error-rate-limit

Enable to limit the ICMPv6 error packets generated by this FortiGate.

option

enable

Option	Description
enable	Enable rate limiting for ICMPv6 error packets generated by this FortiGate.
disable	Disable rate limiting for ICMPv6 error packets generated by this FortiGate.

config ip-reassembly

Parameter

Description

Type

Size

Default

max-timeout

Maximum timeout value for IP reassembly (5 us - 600,000,000 us).

integer

Minimum value: 5 Maximum value: 600000000

200000

min-timeout

Minimum timeout value for IP reassembly (5 us - 600,000,000 us).

integer

Minimum value: 5 Maximum value: 600000000

status

Set IP reassembly processing status.

option

disable

Option	Description
disable	Disable IP reassembly.
enable	Enable IP reassembly.

config isf-np-queues

Parameter	Description	Type	Size
cos0	CoS profile name for CoS 0.	string	Maximum length: 35
cos1	CoS profile name for CoS 1.	string	Maximum length: 35
cos2	CoS profile name for CoS 2.	string	Maximum length: 35
cos3	CoS profile name for CoS 3.	string	Maximum length: 35
cos4	CoS profile name for CoS 4.	string	Maximum length: 35
cos5	CoS profile name for CoS 5.	string	Maximum length: 35
cos6	CoS profile name for CoS 6.	string	Maximum length: 35
cos7	CoS profile name for CoS 7.	string	Maximum length: 35

config ethernet-type

Parameter	Description	Type	Size	Default
name	Ethernet Type Name.	string	Maximum length: 35
queue	Queue Number.	integer	Minimum value: 0 Maximum value: 11	0
type	Ethernet Type.	ether-type	Not Specified	0
weight	Class Weight.	integer	Minimum value: 0 Maximum value: 15	15

config ip-protocol

Parameter	Description	Type	Size	Default
name	IP Protocol Name.	string	Maximum length: 35
protocol	IP Protocol.	integer	Minimum value: 0 Maximum value: 255	0
queue	Queue Number.	integer	Minimum value: 0 Maximum value: 11	0
weight	Class Weight.	integer	Minimum value: 0 Maximum value: 15	14

config ip-service

Parameter	Description	Type	Size	Default
dport	Destination port.	integer	Minimum value: 0 Maximum value: 65535	0
name	IP service name.	string	Maximum length: 35
protocol	IP protocol.	integer	Minimum value: 0 Maximum value: 255	0
queue	Queue number.	integer	Minimum value: 0 Maximum value: 11	0
sport	Source port.	integer	Minimum value: 0 Maximum value: 65535	0
weight	Class weight.	integer	Minimum value: 0 Maximum value: 15	13

config profile

Parameter

Description

Type

Size

Default

cos0

Queue number of CoS 0.

option

queue0

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

cos1

Queue number of CoS 1.

option

queue1

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

cos2

Queue number of CoS 2.

option

queue2

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

cos3

Queue number of CoS 3.

option

queue3

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

cos4

Queue number of CoS 4.

option

queue4

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

cos5

Queue number of CoS 5.

option

queue5

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

cos6

Queue number of CoS 6.

option

queue6

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

cos7

Queue number of CoS 7.

option

queue7

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp0

Queue number of DSCP 0.

option

queue0

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp1

Queue number of DSCP 1.

option

queue1

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp10

Queue number of DSCP 10.

option

queue2

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp11

Queue number of DSCP 11.

option

queue3

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp12

Queue number of DSCP 12.

option

queue4

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp13

Queue number of DSCP 13.

option

queue5

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp14

Queue number of DSCP 14.

option

queue6

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp15

Queue number of DSCP 15.

option

queue7

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp16

Queue number of DSCP 16.

option

queue0

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp17

Queue number of DSCP 17.

option

queue1

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp18

Queue number of DSCP 18.

option

queue2

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp19

Queue number of DSCP 19.

option

queue3

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp2

Queue number of DSCP 2.

option

queue2

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp20

Queue number of DSCP 20.

option

queue4

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp21

Queue number of DSCP 21.

option

queue5

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp22

Queue number of DSCP 22.

option

queue6

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp23

Queue number of DSCP 23.

option

queue7

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp24

Queue number of DSCP 24.

option

queue0

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp25

Queue number of DSCP 25.

option

queue1

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp26

Queue number of DSCP 26.

option

queue2

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp27

Queue number of DSCP 27.

option

queue3

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp28

Queue number of DSCP 28.

option

queue4

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp29

Queue number of DSCP 29.

option

queue5

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp3

Queue number of DSCP 3.

option

queue3

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp30

Queue number of DSCP 30.

option

queue6

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp31

Queue number of DSCP 31.

option

queue7

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp32

Queue number of DSCP 32.

option

queue0

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp33

Queue number of DSCP 33.

option

queue1

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp34

Queue number of DSCP 34.

option

queue2

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp35

Queue number of DSCP 35.

option

queue3

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp36

Queue number of DSCP 36.

option

queue4

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp37

Queue number of DSCP 37.

option

queue5

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp38

Queue number of DSCP 38.

option

queue6

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp39

Queue number of DSCP 39.

option

queue7

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp4

Queue number of DSCP 4.

option

queue4

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp40

Queue number of DSCP 40.

option

queue0

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp41

Queue number of DSCP 41.

option

queue1

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp42

Queue number of DSCP 42.

option

queue2

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp43

Queue number of DSCP 43.

option

queue3

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp44

Queue number of DSCP 44.

option

queue4

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp45

Queue number of DSCP 45.

option

queue5

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp46

Queue number of DSCP 46.

option

queue6

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp47

Queue number of DSCP 47.

option

queue7

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp48

Queue number of DSCP 48.

option

queue0

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp49

Queue number of DSCP 49.

option

queue1

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp5

Queue number of DSCP 5.

option

queue5

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp50

Queue number of DSCP 50.

option

queue2

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp51

Queue number of DSCP 51.

option

queue3

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp52

Queue number of DSCP 52.

option

queue4

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp53

Queue number of DSCP 53.

option

queue5

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp54

Queue number of DSCP 54.

option

queue6

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp55

Queue number of DSCP 55.

option

queue7

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp56

Queue number of DSCP 56.

option

queue0

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp57

Queue number of DSCP 57.

option

queue1

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp58

Queue number of DSCP 58.

option

queue2

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp59

Queue number of DSCP 59.

option

queue3

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp6

Queue number of DSCP 6.

option

queue6

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp60

Queue number of DSCP 60.

option

queue4

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp61

Queue number of DSCP 61.

option

queue5

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp62

Queue number of DSCP 62.

option

queue6

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp63

Queue number of DSCP 63.

option

queue7

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp7

Queue number of DSCP 7.

option

queue7

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp8

Queue number of DSCP 8.

option

queue0

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp9

Queue number of DSCP 9.

option

queue1

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

Profile ID.

integer

Minimum value: 0 Maximum value: 255

type

Profile type.

option

cos

Option	Description
cos	VLAN priority.
dscp	IP differentiated services code point.

weight

Class weight.

integer

Minimum value: 0 Maximum value: 15

config scheduler

Parameter

Description

Type

Size

Default

mode

Scheduler mode.

option

none

Option	Description
none	Disable QoS on NP7.
priority	Priority Based.
round-robin	Round Robin Scheduler.

name

Scheduler name.

string

Maximum length: 35

config npu-tcam

Parameter

Description

Type

Size

Default

name

NPU TCAM policies name.

string

Maximum length: 35

oid

NPU TCAM OID.

integer

Minimum value: 0 Maximum value: 4095

type

TCAM policy type.

option

L2_src_tc

Option	Description
L2_src_tc	L2 source port traffic class.
L2_tgt_tc	L2 target port traffic class.
L2_src_mir	L2 source port mirroring.
L2_tgt_mir	L2 target port mirroring.
L2_src_act	L2 source port action.
L2_tgt_act	L2 target port action.
IPv4_src_tc	IPv4 source port traffic class.
IPv4_tgt_tc	IPv4 target port traffic class.
IPv4_src_mir	IPv4 source port mirroring.
IPv4_tgt_mir	IPv4 target port mirroring.
IPv4_src_act	IPv4 source port action.
IPv4_tgt_act	IPv4 target port action.
IPv6_src_tc	IPv6 source port traffic class.
IPv6_tgt_tc	IPv6 target port traffic class.
IPv6_src_mir	IPv6 source port mirroring.
IPv6_tgt_mir	IPv6 target port mirroring.
IPv6_src_act	IPv6 source port action.
IPv6_tgt_act	IPv6 target port action.

vid

NPU TCAM VID.

integer

Minimum value: 0 Maximum value: 4095

config data

Parameter

Description

Type

Size

Default

tcam data ip flag df.

option

disable

Option	Description
enable	Enable ip header df bit.
disable	Disable ip header df bit.

dstip

tcam data dst ipv4 address.

ipv4-address-any

Not Specified

0.0.0.0

dstipv6

tcam data dst ipv6 address.

ipv6-address

Not Specified

dstmac

tcam data dst macaddr.

mac-address

Not Specified

00:00:00:00:00:00

dstport

tcam data L4 dst port.

integer

Minimum value: 0 Maximum value: 65535

ethertype

tcam data ethertype.

ether-type

Not Specified

ext-tag

tcam data extension tag.

option

disable

Option	Description
enable	Ftag ext_tag enable.
disable	Ftag ext_tag disable.

frag-off

tcam data ip flag fragment offset.

integer

Minimum value: 0 Maximum value: 31

gen-buf-cnt

tcam data gen info buffer count.

integer

Minimum value: 0 Maximum value: 3

gen-iv

tcam data gen info iv.

option

invalid

Option	Description
valid	gen_i valid.
invalid	gen_i valid.

gen-l3-flags

tcam data gen info L3 flags.

integer

Minimum value: 0 Maximum value: 15

gen-l4-flags

tcam data gen info L4 flags.

integer

Minimum value: 0 Maximum value: 15

gen-pkt-ctrl

tcam data gen info packet control.

integer

Minimum value: 0 Maximum value: 65535

gen-pri

tcam data gen info priority.

integer

Minimum value: 0 Maximum value: 7

gen-pri-v

tcam data gen info priority valid.

option

invalid

Option	Description
valid	gen_priv valid.
invalid	gen_priv invalid.

gen-tv

tcam data gen info tv.

option

invalid

Option	Description
valid	gen_t valid.
invalid	gen_t invalid.

ihl

tcam data ipv4 IHL.

integer

Minimum value: 0 Maximum value: 15

ip4-id

tcam data ipv4 id.

integer

Minimum value: 0 Maximum value: 65535

ip6-fl

tcam data ipv6 flow label.

integer

Minimum value: 0 Maximum value: 1048575

ipver

tcam data ip header version.

integer

Minimum value: 0 Maximum value: 15

l4-wd10

tcam data L4 word10.

integer

Minimum value: 0 Maximum value: 65535

l4-wd11

tcam data L4 word11.

integer

Minimum value: 0 Maximum value: 65535

l4-wd8

tcam data L4 word8.

integer

Minimum value: 0 Maximum value: 65535

l4-wd9

tcam data L4 word9.

integer

Minimum value: 0 Maximum value: 65535

tcam data ip flag mf.

option

disable

Option	Description
enable	Enable ip header mf bit.
disable	Disable ip header mf bit.

protocol

tcam data ip protocol.

integer

Minimum value: 0 Maximum value: 255

slink

tcam data sublink.

integer

Minimum value: 0 Maximum value: 7

smac-change

tcam data source MAC change.

option

disable

Option	Description
enable	Ftag smac change enable.
disable	Ftag smac change disable.

tcam data source port.

integer

Minimum value: 0 Maximum value: 4095

src-cfi

tcam data source cfi.

option

disable

Option	Description
enable	Ftag src_cfi enable.
disable	Ftag src_cfi disable.

src-prio

tcam data source priority.

integer

Minimum value: 0 Maximum value: 7

src-updt

tcam data source update.

option

disable

Option	Description
enable	Ftag src_updt enable.
disable	Ftag src_updt disable.

srcip

tcam data src ipv4 address.

ipv4-address-any

Not Specified

0.0.0.0

srcipv6

tcam data src ipv6 address.

ipv6-address

Not Specified

srcmac

tcam data src macaddr.

mac-address

Not Specified

00:00:00:00:00:00

srcport

tcam data L4 src port.

integer

Minimum value: 0 Maximum value: 65535

svid

tcam data source vid.

integer

Minimum value: 0 Maximum value: 4095

tcp-ack

tcam data tcp flag ack.

option

disable

Option	Description
enable	Enable tcp header ack bit.
disable	Disable tcp header ack bit.

tcp-cwr

tcam data tcp flag cwr.

option

disable

Option	Description
enable	Enable tcp header cwr bit.
disable	Disable tcp header cwr bit.

tcp-ece

tcam data tcp flag ece.

option

disable

Option	Description
enable	Enable tcp header ece bit.
disable	Disable tcp header ece bit.

tcp-fin

tcam data tcp flag fin.

option

disable

Option	Description
enable	Enable tcp header fin bit.
disable	Disable tcp header fin bit.

tcp-push

tcam data tcp flag push.

option

disable

Option	Description
enable	Enable tcp header push bit.
disable	Disable tcp header push bit.

tcp-rst

tcam data tcp flag rst.

option

disable

Option	Description
enable	Enable tcp header rst bit.
disable	Disable tcp header rst bit.

tcp-syn

tcam data tcp flag syn.

option

disable

Option	Description
enable	Enable tcp header syn bit.
disable	Disable tcp header syn bit.

tcp-urg

tcam data tcp flag urg.

option

disable

Option	Description
enable	Enable tcp header urg bit.
disable	Disable tcp header urg bit.

tgt-cfi

tcam data target cfi.

option

disable

Option	Description
enable	Ftag tgt_cfi enable.
disable	Ftag tgt_cfi disable.

tgt-prio

tcam data target priority.

integer

Minimum value: 0 Maximum value: 7

tgt-updt

tcam data target port update.

option

disable

Option	Description
enable	Ftag tgt update enable.
disable	Ftag tgt update disable.

tgt-v

tcam data target valid.

option

invalid

Option	Description
valid	Ftag tgt valid.
invalid	Ftag tgt valid.

tos

tcam data ip tos.

integer

Minimum value: 0 Maximum value: 255

tcam data target port.

integer

Minimum value: 0 Maximum value: 4095

ttl

tcam data ip ttl.

integer

Minimum value: 0 Maximum value: 255

tvid

tcam data target vid.

integer

Minimum value: 0 Maximum value: 4095

vdid

tcam data vdom id.

integer

Minimum value: 0 Maximum value: 65535

config mask

Parameter

Description

Type

Size

Default

tcam mask ip flag df.

option

disable

Option	Description
enable	Enable ip header df bit.
disable	Disable ip header df bit.

dstip

tcam mask dst ipv4 address.

ipv4-address-any

Not Specified

0.0.0.0

dstipv6

tcam mask dst ipv6 address.

ipv6-address

Not Specified

dstmac

tcam mask dst macaddr.

mac-address

Not Specified

00:00:00:00:00:00

dstport

tcam mask L4 dst port.

integer

Minimum value: 0 Maximum value: 65535

ethertype

tcam mask ethertype.

ether-type

Not Specified

ext-tag

tcam mask extension tag.

option

disable

Option	Description
enable	Ftag ext_tag enable.
disable	Ftag ext_tag disable.

frag-off

tcam data ip flag fragment offset.

integer

Minimum value: 0 Maximum value: 31

gen-buf-cnt

tcam mask gen info buffer count.

integer

Minimum value: 0 Maximum value: 3

gen-iv

tcam mask gen info iv.

option

invalid

Option	Description
valid	gen_i valid.
invalid	gen_i valid.

gen-l3-flags

tcam mask gen info L3 flags.

integer

Minimum value: 0 Maximum value: 15

gen-l4-flags

tcam mask gen info L4 flags.

integer

Minimum value: 0 Maximum value: 15

gen-pkt-ctrl

tcam mask gen info packet control.

integer

Minimum value: 0 Maximum value: 65535

gen-pri

tcam mask gen info priority.

integer

Minimum value: 0 Maximum value: 7

gen-pri-v

tcam mask gen info priority valid.

option

invalid

Option	Description
valid	gen_priv valid.
invalid	gen_priv invalid.

gen-tv

tcam mask gen info tv.

option

invalid

Option	Description
valid	gen_t valid.
invalid	gen_t invalid.

ihl

tcam mask ipv4 IHL.

integer

Minimum value: 0 Maximum value: 15

ip4-id

tcam mask ipv4 id.

integer

Minimum value: 0 Maximum value: 65535

ip6-fl

tcam mask ipv6 flow label.

integer

Minimum value: 0 Maximum value: 1048575

ipver

tcam mask ip header version.

integer

Minimum value: 0 Maximum value: 15

l4-wd10

tcam mask L4 word10.

integer

Minimum value: 0 Maximum value: 65535

l4-wd11

tcam mask L4 word11.

integer

Minimum value: 0 Maximum value: 65535

l4-wd8

tcam mask L4 word8.

integer

Minimum value: 0 Maximum value: 65535

l4-wd9

tcam mask L4 word9.

integer

Minimum value: 0 Maximum value: 65535

tcam mask ip flag mf.

option

disable

Option	Description
enable	Enable ip header mf bit.
disable	Disable ip header mf bit.

protocol

tcam mask ip protocol.

integer

Minimum value: 0 Maximum value: 255

slink

tcam mask sublink.

integer

Minimum value: 0 Maximum value: 7

smac-change

tcam mask source MAC change.

option

disable

Option	Description
enable	Ftag smac change enable.
disable	Ftag smac change disable.

tcam mask source port.

integer

Minimum value: 0 Maximum value: 4095

src-cfi

tcam mask source cfi.

option

disable

Option	Description
enable	Ftag src_cfi enable.
disable	Ftag src_cfi disable.

src-prio

tcam mask source priority.

integer

Minimum value: 0 Maximum value: 7

src-updt

tcam mask source update.

option

disable

Option	Description
enable	Ftag src_updt enable.
disable	Ftag src_updt disable.

srcip

tcam mask src ipv4 address.

ipv4-address-any

Not Specified

0.0.0.0

srcipv6

tcam mask src ipv6 address.

ipv6-address

Not Specified

srcmac

tcam mask src macaddr.

mac-address

Not Specified

00:00:00:00:00:00

srcport

tcam mask L4 src port.

integer

Minimum value: 0 Maximum value: 65535

svid

tcam mask source vid.

integer

Minimum value: 0 Maximum value: 4095

tcp-ack

tcam mask tcp flag ack.

option

disable

Option	Description
enable	Enable tcp header ack bit.
disable	Disable tcp header ack bit.

tcp-cwr

tcam mask tcp flag cwr.

option

disable

Option	Description
enable	Enable tcp header cwr bit.
disable	Disable tcp header cwr bit.

tcp-ece

tcam mask tcp flag ece.

option

disable

Option	Description
enable	Enable tcp header ece bit.
disable	Disable tcp header ece bit.

tcp-fin

tcam mask tcp flag fin.

option

disable

Option	Description
enable	Enable tcp header fin bit.
disable	Disable tcp header fin bit.

tcp-push

tcam mask tcp flag push.

option

disable

Option	Description
enable	Enable tcp header push bit.
disable	Disable tcp header push bit.

tcp-rst

tcam mask tcp flag rst.

option

disable

Option	Description
enable	Enable tcp header rst bit.
disable	Disable tcp header rst bit.

tcp-syn

tcam mask tcp flag syn.

option

disable

Option	Description
enable	Enable tcp header syn bit.
disable	Disable tcp header syn bit.

tcp-urg

tcam mask tcp flag urg.

option

disable

Option	Description
enable	Enable tcp header urg bit.
disable	Disable tcp header urg bit.

tgt-cfi

tcam mask target cfi.

option

disable

Option	Description
enable	Ftag tgt_cfi enable.
disable	Ftag tgt_cfi disable.

tgt-prio

tcam mask target priority.

integer

Minimum value: 0 Maximum value: 7

tgt-updt

tcam mask target port update.

option

disable

Option	Description
enable	Ftag tgt update enable.
disable	Ftag tgt update disable.

tgt-v

tcam mask target valid.

option

invalid

Option	Description
valid	Ftag tgt valid.
invalid	Ftag tgt valid.

tos

tcam mask ip tos.

integer

Minimum value: 0 Maximum value: 255

tcam mask target port.

integer

Minimum value: 0 Maximum value: 4095

ttl

tcam mask ip ttl.

integer

Minimum value: 0 Maximum value: 255

tvid

tcam mask target vid.

integer

Minimum value: 0 Maximum value: 4095

vdid

tcam mask vdom id.

integer

Minimum value: 0 Maximum value: 65535

config mir-act

Parameter	Description	Type	Size	Default
vlif	tcam mirror action vlif.	integer	Minimum value: 0 Maximum value: 16777215	0

config pri-act

Parameter	Description	Type	Size	Default
priority	tcam priority action priority.	integer	Minimum value: 0 Maximum value: 15	0
weight	tcam priority action weight.	integer	Minimum value: 0 Maximum value: 15	0

config sact

Parameter

Description

Type

Size

Default

act

tcam sact act.

integer

Minimum value: 0 Maximum value: 3

act-v

Enable to set sact act.

option

disable

Option	Description
enable	Enable act.
disable	Disable act.

bmproc

tcam sact bmproc.

integer

Minimum value: 0 Maximum value: 1

bmproc-v

Enable to set sact bmproc.

option

disable

Option	Description
enable	Enable bmproc.
disable	Disable bmproc.

df-lif

tcam sact df-lif.

integer

Minimum value: 0 Maximum value: 4095

df-lif-v

Enable to set sact df-lif.

option

disable

Option	Description
enable	Enable df_lif.
disable	Disable df_lif.

dfr

tcam sact dfr.

integer

Minimum value: 0 Maximum value: 1

dfr-v

Enable to set sact dfr.

option

disable

Option	Description
enable	Enable dfr.
disable	Disable dfr.

dmac-skip

tcam sact dmac-skip.

integer

Minimum value: 0 Maximum value: 1

dmac-skip-v

Enable to set sact dmac-skip.

option

disable

Option	Description
enable	Enable dmac_skip.
disable	Disable dmac_skip.

dosen

tcam sact dosen.

integer

Minimum value: 0 Maximum value: 1

dosen-v

Enable to set sact dosen.

option

disable

Option	Description
enable	Enable dosen.
disable	Disable dosen.

espff-proc

tcam sact espff-proc.

integer

Minimum value: 0 Maximum value: 1

espff-proc-v

Enable to set sact espff-proc.

option

disable

Option	Description
enable	Enable espff_proc.
disable	Disable espff_proc.

etype-pid

tcam sact etype-pid.

integer

Minimum value: 0 Maximum value: 15

etype-pid-v

Enable to set sact etype-pid.

option

disable

Option	Description
enable	Enable etype_pid.
disable	Disable etype_pid.

frag-proc

tcam sact frag-proc.

integer

Minimum value: 0 Maximum value: 1

frag-proc-v

Enable to set sact frag-proc.

option

disable

Option	Description
enable	Enable frag_proc.
disable	Disable frag_proc.

fwd

tcam sact fwd.

integer

Minimum value: 0 Maximum value: 1

fwd-lif

tcam sact fwd-lif.

integer

Minimum value: 0 Maximum value: 4095

fwd-lif-v

Enable to set sact fwd-lif.

option

disable

Option	Description
enable	Enable fwd_lif.
disable	Disable fwd_lif.

fwd-tvid

tcam sact fwd-tvid.

integer

Minimum value: 0 Maximum value: 4095

fwd-tvid-v

Enable to set sact fwd-vid.

option

disable

Option	Description
enable	Enable fwd_tvid.
disable	Disable fwd_tvid.

fwd-v

Enable to set sact fwd.

option

disable

Option	Description
enable	Enable fwd.
disable	Disable fwd.

icpen

tcam sact icpen.

integer

Minimum value: 0 Maximum value: 1

icpen-v

Enable to set sact icpen.

option

disable

Option	Description
enable	Enable icpen.
disable	Disable icpen.

igmp-mld-snp

tcam sact igmp-mld-snp.

integer

Minimum value: 0 Maximum value: 1

igmp-mld-snp-v

Enable to set sact igmp-mld-snp.

option

disable

Option	Description
enable	Enable igmp_mld_snp.
disable	Disable igmp_mld_snp.

learn

tcam sact learn.

integer

Minimum value: 0 Maximum value: 1

learn-v

Enable to set sact learn.

option

disable

Option	Description
enable	Enable learn.
disable	Disable learn.

m-srh-ctrl

tcam sact m-srh-ctrl.

integer

Minimum value: 0 Maximum value: 1

m-srh-ctrl-v

Enable to set sact m-srh-ctrl.

option

disable

Option	Description
enable	Enable m_srh_ctrl.
disable	Disable m_srh_ctrl.

mac-id

tcam sact mac-id.

integer

Minimum value: 0 Maximum value: 65535

mac-id-v

Enable to set sact mac-id.

option

disable

Option	Description
enable	Enable mac_id.
disable	Disable mac_id.

mss

tcam sact mss.

integer

Minimum value: 0 Maximum value: 16383

mss-v

Enable to set sact mss.

option

disable

Option	Description
enable	Enable mss.
disable	Disable mss.

pleen

tcam sact pleen.

integer

Minimum value: 0 Maximum value: 1

pleen-v

Enable to set sact pleen.

option

disable

Option	Description
enable	Enable pleen.
disable	Disable pleen.

prio-pid

tcam sact prio-pid.

integer

Minimum value: 0 Maximum value: 7

prio-pid-v

Enable to set sact prio-pid.

option

disable

Option	Description
enable	Enable prio_pid.
disable	Disable prio_pid.

promis

tcam sact promis.

integer

Minimum value: 0 Maximum value: 1

promis-v

Enable to set sact promis.

option

disable

Option	Description
enable	Enable promis.
disable	Disable promis.

rfsh

tcam sact rfsh.

integer

Minimum value: 0 Maximum value: 1

rfsh-v

Enable to set sact rfsh.

option

disable

Option	Description
enable	Enable rfsh.
disable	Disable rfsh.

smac-skip

tcam sact smac-skip.

integer

Minimum value: 0 Maximum value: 1

smac-skip-v

Enable to set sact smac-skip.

option

disable

Option	Description
enable	Enable smac_skip.
disable	Disable smac_skip.

tp-smchk-v

Enable to set sact tp mode.

option

disable

Option	Description
enable	Enable tp_smchk.
disable	Disable tp_smchk.

tp_smchk

tcam sact tp mode.

integer

Minimum value: 0 Maximum value: 1

tpe-id

tcam sact tpe-id.

integer

Minimum value: 0 Maximum value: 16383

tpe-id-v

Enable to set sact tpe-id.

option

disable

Option	Description
enable	Enable tpe_id.
disable	Disable tpe_id.

vdm

tcam sact vdm.

integer

Minimum value: 0 Maximum value: 1

vdm-v

Enable to set sact vdm.

option

disable

Option	Description
enable	Enable vdm.
disable	Disable vdm.

vdom-id

tcam sact vdom-id.

integer

Minimum value: 0 Maximum value: 16383

vdom-id-v

Enable to set sact vdom-id.

option

disable

Option	Description
enable	Enable vdom_id.
disable	Disable vdom_id.

x-mode

tcam sact x-mode.

integer

Minimum value: 0 Maximum value: 3

x-mode-v

Enable to set sact x-mode.

option

disable

Option	Description
enable	Enable x_mode.
disable	Disable x_mode.

config tact

Parameter

Description

Type

Size

Default

act

tcam tact act.

integer

Minimum value: 0 Maximum value: 3

act-v

Enable to set tact act.

option

disable

Option	Description
enable	Enable act.
disable	Disable act.

fmtuv4-s

tcam tact fmtuv4-s.

integer

Minimum value: 0 Maximum value: 1

fmtuv4-s-v

Enable to set tact fmtuv4-s.

option

disable

Option	Description
enable	Enable fmtuv4_s.
disable	Disable fmtuv4_s.

fmtuv6-s

tcam tact fmtuv6-s.

integer

Minimum value: 0 Maximum value: 1

fmtuv6-s-v

Enable to set tact fmtuv6-s.

option

disable

Option	Description
enable	Enable fmtuv6_s.
disable	Disable fmtuv6_s.

lnkid

tcam tact lnkid.

integer

Minimum value: 0 Maximum value: 15

lnkid-v

Enable to set tact lnkid.

option

disable

Option	Description
enable	Enable lnkid.
disable	Disable lnkid.

mac-id

tcam tact mac-id.

integer

Minimum value: 0 Maximum value: 65535

mac-id-v

Enable to set tact mac-id.

option

disable

Option	Description
enable	Enable mac_id.
disable	Disable mac_id.

mss-t

tcam tact mss.

integer

Minimum value: 0 Maximum value: 16383

mss-t-v

Enable to set tact mss.

option

disable

Option	Description
enable	Enable mss.
disable	Disable mss.

mtuv4

tcam tact mtuv4.

integer

Minimum value: 0 Maximum value: 16383

mtuv4-v

Enable to set tact mtuv4.

option

disable

Option	Description
enable	Enable mtuv4.
disable	Disable mtuv4.

mtuv6

tcam tact mtuv6.

integer

Minimum value: 0 Maximum value: 16383

mtuv6-v

Enable to set tact mtuv6.

option

disable

Option	Description
enable	Enable mtuv6.
disable	Disable mtuv6.

slif-act

tcam tact slif-act.

integer

Minimum value: 0 Maximum value: 3

slif-act-v

Enable to set tact slif-act.

option

disable

Option	Description
enable	Enable slif_act.
disable	Disable slif_act.

sublnkid

tcam tact sublnkid.

integer

Minimum value: 0 Maximum value: 511

sublnkid-v

Enable to set tact sublnkid.

option

disable

Option	Description
enable	Enable sublnkid.
disable	Disable sublnkid.

tgtv-act

tcam tact tgtv-act.

integer

Minimum value: 0 Maximum value: 1

tgtv-act-v

Enable to set tact tgtv-act.

option

disable

Option	Description
enable	Enable tgtv_act.
disable	Disable tgtv_act.

tlif-act

tcam tact tlif-act.

integer

Minimum value: 0 Maximum value: 3

tlif-act-v

Enable to set tact tlif-act.

option

disable

Option	Description
enable	Enable tlif_act.
disable	Disable tlif_act.

tpeid

tcam tact tpeid.

integer

Minimum value: 0 Maximum value: 16383

tpeid-v

Enable to set tact tpeid.

option

disable

Option	Description
enable	Enable tpeid.
disable	Disable tpeid.

v6fe

tcam tact v6fe.

integer

Minimum value: 0 Maximum value: 1

v6fe-v

Enable to set tact v6fe.

option

disable

Option	Description
enable	Enable v6fe.
disable	Disable v6fe.

vep-en-v

Enable to set tact vep-en.

option

disable

Option	Description
enable	Enable vep_en.
disable	Disable vep_en.

vep-slid

tcam tact vep_slid.

integer

Minimum value: 0 Maximum value: 3

vep-slid-v

Enable to set tact vep-slid.

option

disable

Option	Description
enable	Enable vep_slid.
disable	Disable vep_slid.

vep_en

tcam tact vep_en.

integer

Minimum value: 0 Maximum value: 1

xlt-lif

tcam tact xlt-lif.

integer

Minimum value: 0 Maximum value: 4095

xlt-lif-v

Enable to set tact xlt-lif.

option

disable

Option	Description
enable	Enable xlt_lif.
disable	Disable xlt_lif.

xlt-vid

tcam tact xlt-vid.

integer

Minimum value: 0 Maximum value: 4095

xlt-vid-v

Enable to set tact xlt-vid.

option

disable

Option	Description
enable	Enable xlt_vid.
disable	Disable xlt_vid.

config port-cpu-map

Parameter	Description	Type	Size	Default
cpu-core	The CPU core to map to an interface.	string	Maximum length: 31	all
interface	The interface to map to a CPU core.	string	Maximum length: 15

config port-npu-map

Parameter	Description	Type	Size	Default
interface	Set NPU interface port for NPU group mapping.	string	Maximum length: 15
npu-group-index	Mapping NPU group index.	integer	Minimum value: 0 Maximum value: 4294967295	0

config port-path-option

Parameter

Description

Type

Size

Default

ports-using-npu <interface-name>

Set ha/aux ports to handle traffic with NPU (otherwise traffic goes to Intel-NIC and then CPU).

Available interfaces for NPU path.

string

Maximum length: 15

config priority-protocol

Parameter

Description

Type

Size

Default

bfd

Enable/disable NPU BFD priority protocol.

option

enable

Option	Description
enable	Enable NPU BFD priority protocol.
disable	Disable NPU BFD priority protocol.

bgp

Enable/disable NPU BGP priority protocol.

option

enable

Option	Description
enable	Enable NPU BGP priority protocol.
disable	Disable NPU BGP priority protocol.

slbc

Enable/disable NPU SLBC priority protocol.

option

enable

Option	Description
enable	Enable NPU SLBC priority protocol.
disable	Disable NPU SLBC priority protocol.

config sse-ha-scan

Parameter	Description	Type	Size	Default
gap	Scanning message gap	integer	Minimum value: 0 Maximum value: 32767	200

config sw-eh-hash

Parameter

Description

Type

Size

Default

computation

Set hashing computation.

option

xor16

Option	Description
xor16	Use XOR operator to make 16 bits hash.
xor8	Use XOR operator to make 8 bits hash.
xor4	Use XOR operator to make 4 bits hash.
crc16	Use CRC-16-CCITT polynomial to make 16 bits hash.

destination-ip-lower-16

Include/exclude destination IP address lower 16 bits.

option

include

Option	Description
include	Include destination IP address lower 16 bits.
exclude	Exclude destination IP address lower 16 bits.

destination-ip-upper-16

Include/exclude destination IP address upper 16 bits.

option

include

Option	Description
include	Include destination IP address upper 16 bits.
exclude	Exclude destination IP address upper 16 bits.

destination-port

Include/exclude destination port if TCP/UDP.

option

include

Option	Description
include	Include destination port if TCP/UDP.
exclude	Exclude destination port if TCP/UDP.

ip-protocol

Include/exclude IP protocol.

option

include

Option	Description
include	Include IP protocol.
exclude	Exclude IP protocol.

netmask-length

Network mask length.

integer

Minimum value: 17 Maximum value: 32

source-ip-lower-16

Include/exclude source IP address lower 16 bits.

option

include

Option	Description
include	Include source IP address lower 16 bits.
exclude	Exclude source IP address lower 16 bits.

source-ip-upper-16

Include/exclude source IP address upper 16 bits.

option

include

Option	Description
include	Include source IP address upper 16 bits.
exclude	Exclude source IP address upper 16 bits.

source-port

Include/exclude source port if TCP/UDP.

option

include

Option	Description
include	Include source port if TCP/UDP.
exclude	Exclude source port if TCP/UDP.

config sw-tr-hash

Parameter

Description

Type

Size

Default

draco15

Enable/disable DRACO15 hashing.

option

enable

Option	Description
enable	Enable using DRACO15 hashing for unicast trunk traffic.
disable	Disable using DRACO15 hashing for unicast trunk traffic.

tcp-udp-port

Include/exclude TCP/UDP source and destination port for unicast trunk traffic.

option

exclude

Option	Description
include	Include TCP/UDP source and destination port for unicast trunk traffic.
exclude	Exclude TCP/UDP source and destination port for unicast trunk traffic.

config system npu

Configure NPU attributes.

config system npu
    Description: Configure NPU attributes.
    config background-sse-scan
        Description: Configure driver background scan for SSE.
        set scan [disable|enable]
        set scan-stale {integer}
        set scan-vt {integer}
        set stats-qual-access {integer}
        set stats-qual-duration {integer}
        set stats-update-interval {integer}
        set udp-keepalive-interval {integer}
        set udp-qual-access {integer}
        set udp-qual-duration {integer}
    end
    set capwap-offload [enable|disable]
    set dedicated-lacp-queue [enable|disable]
    set dedicated-management-affinity {string}
    set dedicated-management-cpu [enable|disable]
    set default-qos-type [policing|shaping|...]
    set default-tcp-refresh-dir [both|outgoing|...]
    set default-udp-refresh-dir [both|outgoing|...]
    config dos-options
        Description: NPU DoS configurations.
        set npu-dos-meter-mode [global|local]
        set npu-dos-tpe-mode [enable|disable]
    end
    set double-level-mcast-offload [enable|disable]
    set dse-timeout {integer}
    config dsw-dts-profile
        Description: Configure NPU DSW DTS profile.
        edit <profile-id>
            set action [wait|drop|...]
            set min-limit {integer}
            set step {integer}
        next
    end
    config dsw-queue-dts-profile
        Description: Configure NPU DSW Queue DTS profile.
        edit <name>
            set iport [eif0|eif1|...]
            set oport [eif0|eif1|...]
            set profile-id {integer}
            set queue-select {integer}
        next
    end
    set fastpath [disable|enable]
    config fp-anomaly
        Description: IPv4/IPv6 anomaly protection.
        set icmp-csum-err [drop|trap-to-host]
        set icmp-frag [allow|drop|...]
        set icmp-land [allow|drop|...]
        set ipv4-csum-err [drop|trap-to-host]
        set ipv4-land [allow|drop|...]
        set ipv4-optlsrr [allow|drop|...]
        set ipv4-optrr [allow|drop|...]
        set ipv4-optsecurity [allow|drop|...]
        set ipv4-optssrr [allow|drop|...]
        set ipv4-optstream [allow|drop|...]
        set ipv4-opttimestamp [allow|drop|...]
        set ipv4-proto-err [allow|drop|...]
        set ipv4-unknopt [allow|drop|...]
        set ipv6-daddr-err [allow|drop|...]
        set ipv6-land [allow|drop|...]
        set ipv6-optendpid [allow|drop|...]
        set ipv6-opthomeaddr [allow|drop|...]
        set ipv6-optinvld [allow|drop|...]
        set ipv6-optjumbo [allow|drop|...]
        set ipv6-optnsap [allow|drop|...]
        set ipv6-optralert [allow|drop|...]
        set ipv6-opttunnel [allow|drop|...]
        set ipv6-proto-err [allow|drop|...]
        set ipv6-saddr-err [allow|drop|...]
        set ipv6-unknopt [allow|drop|...]
        set sctp-csum-err [allow|drop|...]
        set tcp-csum-err [drop|trap-to-host]
        set tcp-fin-noack [allow|drop|...]
        set tcp-fin-only [allow|drop|...]
        set tcp-land [allow|drop|...]
        set tcp-no-flag [allow|drop|...]
        set tcp-syn-data [allow|drop|...]
        set tcp-syn-fin [allow|drop|...]
        set tcp-winnuke [allow|drop|...]
        set udp-csum-err [drop|trap-to-host]
        set udp-land [allow|drop|...]
    end
    set gtp-enhanced-cpu-range [0|1|...]
    set gtp-enhanced-mode [enable|disable]
    set gtp-support [enable|disable]
    set hash-tbl-spread [enable|disable]
    set host-shortcut-mode [bi-directional|host-shortcut]
    config hpe
        Description: Host protection engine configuration.
        set all-protocol {integer}
        set arp-max {integer}
        set enable-shaper [disable|enable]
        set esp-max {integer}
        set high-priority {integer}
        set icmp-max {integer}
        set ip-frag-max {integer}
        set ip-others-max {integer}
        set l2-others-max {integer}
        set sctp-max {integer}
        set tcp-max {integer}
        set tcpfin-rst-max {integer}
        set tcpsyn-ack-max {integer}
        set tcpsyn-max {integer}
        set udp-max {integer}
    end
    set htab-dedi-queue-nr {integer}
    set htab-msg-queue [data|idle|...]
    set htx-gtse-quota [100Mbps|200Mbps|...]
    set htx-icmp-csum-chk [drop|pass]
    set hw-ha-scan-interval {integer}
    config icmp-error-rate-ctrl
        Description: Configure the rate of ICMP errors generated by this FortiGate, which is achieved by token bucket algorithm.
        set icmpv4-error-bucket-size {integer}
        set icmpv4-error-rate {integer}
        set icmpv4-error-rate-limit [enable|disable]
        set icmpv6-error-bucket-size {integer}
        set icmpv6-error-rate {integer}
        set icmpv6-error-rate-limit [enable|disable]
    end
    set inbound-dscp-copy-port <interface1>, <interface2>, ...
    set intf-shaping-offload [enable|disable]
    set ip-fragment-offload [disable|enable]
    config ip-reassembly
        Description: IP reassebmly engine configuration.
        set max-timeout {integer}
        set min-timeout {integer}
        set status [disable|enable]
    end
    set iph-rsvd-re-cksum [enable|disable]
    set ippool-overload-high {integer}
    set ippool-overload-low {integer}
    set ipsec-STS-timeout [1|2|...]
    set ipsec-dec-subengine-mask {user}
    set ipsec-enc-subengine-mask {user}
    set ipsec-inbound-cache [enable|disable]
    set ipsec-mtu-override [disable|enable]
    set ipsec-ob-np-sel [rr|Packet|...]
    set ipsec-over-vlink [enable|disable]
    set ipsec-throughput-msg-frequency [disable|32KB|...]
    set ipt-STS-timeout [1|2|...]
    set ipt-throughput-msg-frequency [disable|32KB|...]
    set ipv4-session-quota [enable|disable]
    set ipv4-session-quota-high {integer}
    set ipv4-session-quota-low {integer}
    set ipv6-prefix-session-quota [enable|disable]
    set ipv6-prefix-session-quota-high {integer}
    set ipv6-prefix-session-quota-low {integer}
    config isf-np-queues
        Description: Configure queues of switch port connected to NP6 XAUI on ingress path.
        set cos0 {string}
        set cos1 {string}
        set cos2 {string}
        set cos3 {string}
        set cos4 {string}
        set cos5 {string}
        set cos6 {string}
        set cos7 {string}
    end
    set lag-out-port-select [disable|enable]
    set max-receive-unit {integer}
    set max-session-timeout {integer}
    set mcast-session-accounting [tpe-based|session-based|...]
    set napi-break-interval {integer}
    config np-queues
        Description: Configure queue assignment on NP7.
        config ethernet-type
            Description: Configure a NP7 QoS Ethernet Type.
            edit <name>
                set queue {integer}
                set type {ether-type}
                set weight {integer}
            next
        end
        config ip-protocol
            Description: Configure a NP7 QoS IP Protocol.
            edit <name>
                set protocol {integer}
                set queue {integer}
                set weight {integer}
            next
        end
        config ip-service
            Description: Configure a NP7 QoS IP Service.
            edit <name>
                set dport {integer}
                set protocol {integer}
                set queue {integer}
                set sport {integer}
                set weight {integer}
            next
        end
        config profile
            Description: Configure a NP7 class profile.
            edit <id>
                set cos0 [queue0|queue1|...]
                set cos1 [queue0|queue1|...]
                set cos2 [queue0|queue1|...]
                set cos3 [queue0|queue1|...]
                set cos4 [queue0|queue1|...]
                set cos5 [queue0|queue1|...]
                set cos6 [queue0|queue1|...]
                set cos7 [queue0|queue1|...]
                set dscp0 [queue0|queue1|...]
                set dscp1 [queue0|queue1|...]
                set dscp10 [queue0|queue1|...]
                set dscp11 [queue0|queue1|...]
                set dscp12 [queue0|queue1|...]
                set dscp13 [queue0|queue1|...]
                set dscp14 [queue0|queue1|...]
                set dscp15 [queue0|queue1|...]
                set dscp16 [queue0|queue1|...]
                set dscp17 [queue0|queue1|...]
                set dscp18 [queue0|queue1|...]
                set dscp19 [queue0|queue1|...]
                set dscp2 [queue0|queue1|...]
                set dscp20 [queue0|queue1|...]
                set dscp21 [queue0|queue1|...]
                set dscp22 [queue0|queue1|...]
                set dscp23 [queue0|queue1|...]
                set dscp24 [queue0|queue1|...]
                set dscp25 [queue0|queue1|...]
                set dscp26 [queue0|queue1|...]
                set dscp27 [queue0|queue1|...]
                set dscp28 [queue0|queue1|...]
                set dscp29 [queue0|queue1|...]
                set dscp3 [queue0|queue1|...]
                set dscp30 [queue0|queue1|...]
                set dscp31 [queue0|queue1|...]
                set dscp32 [queue0|queue1|...]
                set dscp33 [queue0|queue1|...]
                set dscp34 [queue0|queue1|...]
                set dscp35 [queue0|queue1|...]
                set dscp36 [queue0|queue1|...]
                set dscp37 [queue0|queue1|...]
                set dscp38 [queue0|queue1|...]
                set dscp39 [queue0|queue1|...]
                set dscp4 [queue0|queue1|...]
                set dscp40 [queue0|queue1|...]
                set dscp41 [queue0|queue1|...]
                set dscp42 [queue0|queue1|...]
                set dscp43 [queue0|queue1|...]
                set dscp44 [queue0|queue1|...]
                set dscp45 [queue0|queue1|...]
                set dscp46 [queue0|queue1|...]
                set dscp47 [queue0|queue1|...]
                set dscp48 [queue0|queue1|...]
                set dscp49 [queue0|queue1|...]
                set dscp5 [queue0|queue1|...]
                set dscp50 [queue0|queue1|...]
                set dscp51 [queue0|queue1|...]
                set dscp52 [queue0|queue1|...]
                set dscp53 [queue0|queue1|...]
                set dscp54 [queue0|queue1|...]
                set dscp55 [queue0|queue1|...]
                set dscp56 [queue0|queue1|...]
                set dscp57 [queue0|queue1|...]
                set dscp58 [queue0|queue1|...]
                set dscp59 [queue0|queue1|...]
                set dscp6 [queue0|queue1|...]
                set dscp60 [queue0|queue1|...]
                set dscp61 [queue0|queue1|...]
                set dscp62 [queue0|queue1|...]
                set dscp63 [queue0|queue1|...]
                set dscp7 [queue0|queue1|...]
                set dscp8 [queue0|queue1|...]
                set dscp9 [queue0|queue1|...]
                set type [cos|dscp]
                set weight {integer}
            next
        end
        config scheduler
            Description: Configure a NP7 QoS Scheduler.
            edit <name>
                set mode [none|priority|...]
            next
        end
    end
    set np6-cps-optimization-mode [enable|disable]
    config npu-tcam
        Description: Configure NPU TCAM policies.
        edit <name>
            config data
                Description: Data fields of TCAM.
                set df [enable|disable]
                set dstip {ipv4-address-any}
                set dstipv6 {ipv6-address}
                set dstmac {mac-address}
                set dstport {integer}
                set ethertype {ether-type}
                set ext-tag [enable|disable]
                set frag-off {integer}
                set gen-buf-cnt {integer}
                set gen-iv [valid|invalid]
                set gen-l3-flags {integer}
                set gen-l4-flags {integer}
                set gen-pkt-ctrl {integer}
                set gen-pri {integer}
                set gen-pri-v [valid|invalid]
                set gen-tv [valid|invalid]
                set ihl {integer}
                set ip4-id {integer}
                set ip6-fl {integer}
                set ipver {integer}
                set l4-wd10 {integer}
                set l4-wd11 {integer}
                set l4-wd8 {integer}
                set l4-wd9 {integer}
                set mf [enable|disable]
                set protocol {integer}
                set slink {integer}
                set smac-change [enable|disable]
                set sp {integer}
                set src-cfi [enable|disable]
                set src-prio {integer}
                set src-updt [enable|disable]
                set srcip {ipv4-address-any}
                set srcipv6 {ipv6-address}
                set srcmac {mac-address}
                set srcport {integer}
                set svid {integer}
                set tcp-ack [enable|disable]
                set tcp-cwr [enable|disable]
                set tcp-ece [enable|disable]
                set tcp-fin [enable|disable]
                set tcp-push [enable|disable]
                set tcp-rst [enable|disable]
                set tcp-syn [enable|disable]
                set tcp-urg [enable|disable]
                set tgt-cfi [enable|disable]
                set tgt-prio {integer}
                set tgt-updt [enable|disable]
                set tgt-v [valid|invalid]
                set tos {integer}
                set tp {integer}
                set ttl {integer}
                set tvid {integer}
                set vdid {integer}
            end
            config mask
                Description: Mask fields of TCAM.
                set df [enable|disable]
                set dstip {ipv4-address-any}
                set dstipv6 {ipv6-address}
                set dstmac {mac-address}
                set dstport {integer}
                set ethertype {ether-type}
                set ext-tag [enable|disable]
                set frag-off {integer}
                set gen-buf-cnt {integer}
                set gen-iv [valid|invalid]
                set gen-l3-flags {integer}
                set gen-l4-flags {integer}
                set gen-pkt-ctrl {integer}
                set gen-pri {integer}
                set gen-pri-v [valid|invalid]
                set gen-tv [valid|invalid]
                set ihl {integer}
                set ip4-id {integer}
                set ip6-fl {integer}
                set ipver {integer}
                set l4-wd10 {integer}
                set l4-wd11 {integer}
                set l4-wd8 {integer}
                set l4-wd9 {integer}
                set mf [enable|disable]
                set protocol {integer}
                set slink {integer}
                set smac-change [enable|disable]
                set sp {integer}
                set src-cfi [enable|disable]
                set src-prio {integer}
                set src-updt [enable|disable]
                set srcip {ipv4-address-any}
                set srcipv6 {ipv6-address}
                set srcmac {mac-address}
                set srcport {integer}
                set svid {integer}
                set tcp-ack [enable|disable]
                set tcp-cwr [enable|disable]
                set tcp-ece [enable|disable]
                set tcp-fin [enable|disable]
                set tcp-push [enable|disable]
                set tcp-rst [enable|disable]
                set tcp-syn [enable|disable]
                set tcp-urg [enable|disable]
                set tgt-cfi [enable|disable]
                set tgt-prio {integer}
                set tgt-updt [enable|disable]
                set tgt-v [valid|invalid]
                set tos {integer}
                set tp {integer}
                set ttl {integer}
                set tvid {integer}
                set vdid {integer}
            end
            config mir-act
                Description: Mirror action of TCAM.
                set vlif {integer}
            end
            set oid {integer}
            config pri-act
                Description: Priority action of TCAM.
                set priority {integer}
                set weight {integer}
            end
            config sact
                Description: Source action of TCAM.
                set act {integer}
                set act-v [enable|disable]
                set bmproc {integer}
                set bmproc-v [enable|disable]
                set df-lif {integer}
                set df-lif-v [enable|disable]
                set dfr {integer}
                set dfr-v [enable|disable]
                set dmac-skip {integer}
                set dmac-skip-v [enable|disable]
                set dosen {integer}
                set dosen-v [enable|disable]
                set espff-proc {integer}
                set espff-proc-v [enable|disable]
                set etype-pid {integer}
                set etype-pid-v [enable|disable]
                set frag-proc {integer}
                set frag-proc-v [enable|disable]
                set fwd {integer}
                set fwd-lif {integer}
                set fwd-lif-v [enable|disable]
                set fwd-tvid {integer}
                set fwd-tvid-v [enable|disable]
                set fwd-v [enable|disable]
                set icpen {integer}
                set icpen-v [enable|disable]
                set igmp-mld-snp {integer}
                set igmp-mld-snp-v [enable|disable]
                set learn {integer}
                set learn-v [enable|disable]
                set m-srh-ctrl {integer}
                set m-srh-ctrl-v [enable|disable]
                set mac-id {integer}
                set mac-id-v [enable|disable]
                set mss {integer}
                set mss-v [enable|disable]
                set pleen {integer}
                set pleen-v [enable|disable]
                set prio-pid {integer}
                set prio-pid-v [enable|disable]
                set promis {integer}
                set promis-v [enable|disable]
                set rfsh {integer}
                set rfsh-v [enable|disable]
                set smac-skip {integer}
                set smac-skip-v [enable|disable]
                set tp-smchk-v [enable|disable]
                set tp_smchk {integer}
                set tpe-id {integer}
                set tpe-id-v [enable|disable]
                set vdm {integer}
                set vdm-v [enable|disable]
                set vdom-id {integer}
                set vdom-id-v [enable|disable]
                set x-mode {integer}
                set x-mode-v [enable|disable]
            end
            config tact
                Description: Target action of TCAM.
                set act {integer}
                set act-v [enable|disable]
                set fmtuv4-s {integer}
                set fmtuv4-s-v [enable|disable]
                set fmtuv6-s {integer}
                set fmtuv6-s-v [enable|disable]
                set lnkid {integer}
                set lnkid-v [enable|disable]
                set mac-id {integer}
                set mac-id-v [enable|disable]
                set mss-t {integer}
                set mss-t-v [enable|disable]
                set mtuv4 {integer}
                set mtuv4-v [enable|disable]
                set mtuv6 {integer}
                set mtuv6-v [enable|disable]
                set slif-act {integer}
                set slif-act-v [enable|disable]
                set sublnkid {integer}
                set sublnkid-v [enable|disable]
                set tgtv-act {integer}
                set tgtv-act-v [enable|disable]
                set tlif-act {integer}
                set tlif-act-v [enable|disable]
                set tpeid {integer}
                set tpeid-v [enable|disable]
                set v6fe {integer}
                set v6fe-v [enable|disable]
                set vep-en-v [enable|disable]
                set vep-slid {integer}
                set vep-slid-v [enable|disable]
                set vep_en {integer}
                set xlt-lif {integer}
                set xlt-lif-v [enable|disable]
                set xlt-vid {integer}
                set xlt-vid-v [enable|disable]
            end
            set type [L2_src_tc|L2_tgt_tc|...]
            set vid {integer}
        next
    end
    set pba-eim [disallow|allow]
    set pba-port-select-mode [random|direct]
    set per-policy-accounting [disable|enable]
    set per-session-accounting [traffic-log-only|disable|...]
    set ple-non-syn-tcp-action [forward|drop]
    config port-cpu-map
        Description: Configure NPU interface to CPU core mapping.
        edit <interface>
            set cpu-core {string}
        next
    end
    config port-npu-map
        Description: Configure port to NPU group mapping.
        edit <interface>
            set npu-group-index {integer}
        next
    end
    config port-path-option
        Description: Configure port using NPU or Intel-NIC.
        set ports-using-npu <interface-name1>, <interface-name2>, ...
    end
    config priority-protocol
        Description: Configure NPU priority protocol.
        set bfd [enable|disable]
        set bgp [enable|disable]
        set slbc [enable|disable]
    end
    set prp-session-clear-mode [blocking|non-blocking|...]
    set qos-mode [disable|priority|...]
    set qtm-buf-mode [6ch|4ch]
    set rdp-offload [enable|disable]
    set session-acct-interval {integer}
    set session-denied-offload [disable|enable]
    set shaping-stats [disable|enable]
    set spa-port-select-mode [random|direct]
    set split-ipsec-engines [disable|enable]
    set sse-backpressure [enable|disable]
    config sse-ha-scan
        Description: Configure driver HA scan for SSE.
        set gap {integer}
    end
    set strip-clear-text-padding [enable|disable]
    set strip-esp-padding [enable|disable]
    config sw-eh-hash
        Description: Configure switch enhanced hashing.
        set computation [xor16|xor8|...]
        set destination-ip-lower-16 [include|exclude]
        set destination-ip-upper-16 [include|exclude]
        set destination-port [include|exclude]
        set ip-protocol [include|exclude]
        set netmask-length {integer}
        set source-ip-lower-16 [include|exclude]
        set source-ip-upper-16 [include|exclude]
        set source-port [include|exclude]
    end
    set sw-np-bandwidth [0G|2G|...]
    config sw-tr-hash
        Description: Configure switch traditional hashing.
        set draco15 [enable|disable]
        set tcp-udp-port [include|exclude]
    end
    set switch-np-hash [src-ip|dst-ip|...]
    set tcp-rst-timeout {integer}
    set tunnel-over-vlink [enable|disable]
    set uesp-offload [enable|disable]
    set ull-port-mode [10G|25G]
    set vlan-lookup-cache [enable|disable]
    set vxlan-offload [enable|disable]
end

config system npu

Parameter

Description

Type

Size

Default

capwap-offload *

Enable/disable offloading managed FortiAP and FortiLink CAPWAP sessions.

option

enable

Option	Description
enable	Enable CAPWAP offload.
disable	Disable CAPWAP offload.

dedicated-lacp-queue *

Enable/disable dedication of HIF queue #0 for LACP.

option

disable

Option	Description
enable	Enable dedication of HIF queue #0 for LACP.
disable	Disable dedication of HIF queue #0 for LACP.

dedicated-management-affinity *

Affinity setting for management daemons (hexadecimal value up to 256 bits in the format of xxxxxxxxxxxxxxxx).

string

Maximum length: 79

dedicated-management-cpu *

Enable to dedicate one CPU for GUI and CLI connections when NPs are busy.

option

disable

Option	Description
enable	Enable dedication of CPU #0 for management tasks.
disable	Disable dedication of CPU #0 for management tasks.

default-qos-type *

Set default QoS type.

option

policing

Option	Description
policing	QoS type policing.
shaping	QoS type shaping.
policing-enhanced	Enhanced QoS type policing.

default-tcp-refresh-dir *

Default SSE timeout TCP refresh direction.

option

both

Option	Description
both	refresh both directions.
outgoing	refresh outgoing direction(original).
incoming	refresh incoming direction(reply).

default-udp-refresh-dir *

Default SSE timeout UDP refresh direction.

option

both

Option	Description
both	refresh both directions.
outgoing	refresh outgoing direction(original).
incoming	refresh incoming direction(reply).

double-level-mcast-offload *

Enable double level mcast offload.

option

disable

Option	Description
enable	Enable double level mcast offload.
disable	Disable double level mcast offload.

dse-timeout *

DSE timeout in seconds.

integer

Minimum value: 0 Maximum value: 3600

fastpath *

Enable/disable NP6 offloading (also called fast path).

option

enable

Option	Description
disable	Disable NP6 offloading (fast path).
enable	Enable NP6 offloading (fast path).

gtp-enhanced-cpu-range *

GTP enhanced CPU range option.

option

Option	Description
0	Inspect GTPU packets by all CPUs.
1	Inspect GTPU packets by Master CPUs.
2	Inspect GTPU packets by Slave CPUs.

gtp-enhanced-mode *

Enable/disable GTP enhanced mode.

option

disable

Option	Description
enable	Enable GTP enhanced mode.
disable	Disable GTP enhanced mode.

gtp-support *

Enable/Disable NP7 GTP support

option

disable

Option	Description
enable	Enable NP7 GTP support
disable	Disable NP7 GTP support

hash-tbl-spread *

Enable/disable hash table entry spread.

option

enable

Option	Description
enable	Enable hash table entry spread.
disable	Disable hash table entry spread.

host-shortcut-mode *

Set NP6 host shortcut mode.

option

bi-directional

Option	Description
bi-directional	Offload TCP and IP Tunnel sessions in both directions between 10G and 1G interfaces (normal operation).
host-shortcut	Only offload TCP and IP Tunnel sessions received by 1G interfaces. Select if packets are dropped for offloaded traffic between 10G to 1G interfaces.

htab-dedi-queue-nr *

Set the number of dedicate queue for hash table messages.

integer

Minimum value: 1 Maximum value: 2

htab-msg-queue *

Set hash table message queue mode.

option

data

Option	Description
data	Use data queue.
idle	Use idle queue.
dedicated	Use dedicated queue.

htx-gtse-quota *

Configure HTX GTSE quota.

option

1Gbps

Option	Description
100Mbps	100Mbps.
200Mbps	200Mbps.
300Mbps	300Mbps.
400Mbps	400Mbps.
500Mbps	500Mbps.
600Mbps	600Mbps.
700Mbps	700Mbps.
800Mbps	800Mbps.
900Mbps	900Mbps.
1Gbps	1Gbps.
2Gbps	2Gbps.
4Gbps	4Gbps.
8Gbps	8Gbps.
10Gbps	10Gbps.

htx-icmp-csum-chk *

Set HTX icmp csum checking mode.

option

drop

Option	Description
drop	Drop bad icmp csum.
pass	Pass bad icmp csum.

hw-ha-scan-interval *

HW HA periodical scan interval in seconds.

integer

Minimum value: 0 Maximum value: 3600

inbound-dscp-copy-port <interface> *

Physical interfaces that support inbound-dscp-copy.

Physical interface name.

string

Maximum length: 15

intf-shaping-offload *

Enable/disable NPU offload when doing interface-based traffic shaping according to the egress-shaping-profile.

option

disable

Option	Description
enable	Enable NPU offload when doing interface-based traffic shaping according to the egress-shaping-profile.
disable	Disable NPU offload when doing interface-based traffic shaping according to the egress-shaping-profile.

ip-fragment-offload *

Enable/disable NP7 NPU IP fragment offload.

option

enable

Option	Description
disable	Disable IP fragment offload.
enable	Enable IP fragment offload.

iph-rsvd-re-cksum *

Enable/disable IP checksum re-calculation for packets with iph.reserved bit set.

option

disable

Option	Description
enable	Enable IP checksum re-calculation for packets with iph.reserved bit set.
disable	Disable IP checksum re-calculation for packets with iph.reserved bit set.

ippool-overload-high *

High threshold for overload ippool port reuse.

integer

Minimum value: 100 Maximum value: 2000

200

ippool-overload-low *

Low threshold for overload ippool port reuse.

integer

Minimum value: 100 Maximum value: 2000

150

ipsec-STS-timeout *

Set NP7Lite IPsec STS msg timeout.

option

Option	Description
1	Set NP7Lite STS message timeout to 1 sec(recommended for IPSec throughput GUI).
2	Set NP7Lite STS message timeout to 2 sec.
3	Set NP7Lite STS message timeout to 3 sec.
4	Set NP7Lite STS message timeout to 4 sec.
5	Set NP7Lite STS message timeout to 5 sec(default).
6	Set NP7Lite STS message timeout to 6 sec.
7	Set NP7Lite STS message timeout to 7 sec.
8	Set NP7Lite STS message timeout to 8 sec.
9	Set NP7Lite STS message timeout to 9 sec.
10	Set NP7Lite STS message timeout to 10 sec.

ipsec-dec-subengine-mask *

IPsec decryption subengine mask.

user

Not Specified

ipsec-enc-subengine-mask *

IPsec encryption subengine mask.

user

Not Specified

ipsec-inbound-cache *

Enable/disable IPsec inbound cache for anti-replay.

option

enable

Option	Description
enable	Enable inbound cache always.
disable	Disable inbound cache when IPsec anti-replay is on.

ipsec-mtu-override *

Enable/disable NP6 IPsec MTU override.

option

disable

Option	Description
disable	Disable NP6 IPsec MTU override.
enable	Enable NP6 IPsec MTU override.

ipsec-ob-np-sel *

IPsec NP selection for OB SA offloading.

option

Option	Description
rr	Round Robin.
Packet	NPU of the first packet.
Hash	Hash.

ipsec-over-vlink *

Enable/disable IPsec over vlink.

option

disable

Option	Description
enable	Enable IPSEC over vlink.
disable	Disable IPSEC over vlink.

ipsec-throughput-msg-frequency *

Set NP7Lite IPsec throughput msg frequency: 0--disable 1--32KB 3--64KB ... 0x3fff--256MB 0x7fff--512MB 0xffff--1GB.

option

disable

Option	Description
disable	Disable NP7Lite throughput update message.
32KB	Set NP7Lite throughput update message frequency to 32KB.
64KB	Set NP7Lite throughput update message frequency to 64KB.
128KB	Set NP7Lite throughput update message frequency to 128KB.
256KB	Set NP7Lite throughput update message frequency to 256KB.
512KB	Set NP7Lite throughput update message frequency to 512KB.
1MB	Set NP7Lite throughput update message frequency to 1MB.
2MB	Set NP7Lite throughput update message frequency to 2MB.
4MB	Set NP7Lite throughput update message frequency to 4MB.
8MB	Set NP7Lite throughput update message frequency to 8MB.
16MB	Set NP7Lite throughput update message frequency to 16MB.
32MB	Set NP7Lite throughput update message frequency to 32MB.
64MB	Set NP7Lite throughput update message frequency to 64MB.
128MB	Set NP7Lite throughput update message frequency to 128MB.
256MB	Set NP7Lite throughput update message frequency to 256MB.
512MB	Set NP7Lite throughput update message frequency to 512MB.
1GB	Set NP7Lite throughput update message frequency to 1GB.

ipt-STS-timeout *

Set NP7Lite IPT STS msg timeout.

option

Option	Description
1	Set NP7Lite STS message timeout to 1 sec(recommended for IPSec throughput GUI).
2	Set NP7Lite STS message timeout to 2 sec.
3	Set NP7Lite STS message timeout to 3 sec.
4	Set NP7Lite STS message timeout to 4 sec.
5	Set NP7Lite STS message timeout to 5 sec(default).
6	Set NP7Lite STS message timeout to 6 sec.
7	Set NP7Lite STS message timeout to 7 sec.
8	Set NP7Lite STS message timeout to 8 sec.
9	Set NP7Lite STS message timeout to 9 sec.
10	Set NP7Lite STS message timeout to 10 sec.

ipt-throughput-msg-frequency *

Set NP7Lite IPT throughput msg frequency: 0--disable 1--32KB 3--64KB ... 0x3fff--256MB 0x7fff--512MB 0xffff--1GB.

option

disable

Option	Description
disable	Disable NP7Lite throughput update message.
32KB	Set NP7Lite throughput update message frequency to 32KB.
64KB	Set NP7Lite throughput update message frequency to 64KB.
128KB	Set NP7Lite throughput update message frequency to 128KB.
256KB	Set NP7Lite throughput update message frequency to 256KB.
512KB	Set NP7Lite throughput update message frequency to 512KB.
1MB	Set NP7Lite throughput update message frequency to 1MB.
2MB	Set NP7Lite throughput update message frequency to 2MB.
4MB	Set NP7Lite throughput update message frequency to 4MB.
8MB	Set NP7Lite throughput update message frequency to 8MB.
16MB	Set NP7Lite throughput update message frequency to 16MB.
32MB	Set NP7Lite throughput update message frequency to 32MB.
64MB	Set NP7Lite throughput update message frequency to 64MB.
128MB	Set NP7Lite throughput update message frequency to 128MB.
256MB	Set NP7Lite throughput update message frequency to 256MB.
512MB	Set NP7Lite throughput update message frequency to 512MB.
1GB	Set NP7Lite throughput update message frequency to 1GB.

ipv4-session-quota *

Enable/Disable NoNAT IPv4 session quota for hyperscale VDOMs.

option

disable

Option	Description
enable	Enable IPv4 prefix session quota.
disable	Disable IPv4 prefix session quota.

ipv4-session-quota-high *

Configure NoNAT IPv4 session quota high threshold.

integer

Minimum value: 0 Maximum value: 1073741823

1073741823

ipv4-session-quota-low *

Configure NoNAT IPv4 session quota low threshold.

integer

Minimum value: 0 Maximum value: 536870911

536870911

ipv6-prefix-session-quota *

Enable/Disable hardware IPv6 /64 prefix session quota for hyperscale VDOMs.

option

disable

Option	Description
enable	Enable IPv6 prefix session quota.
disable	Disable IPv6 prefix session quota.

ipv6-prefix-session-quota-high *

Configure IPv6 prefix session quota high threshold.

integer

Minimum value: 0 Maximum value: 1073741823

1073741823

ipv6-prefix-session-quota-low *

Configure IPv6 prefix session quota low threshold.

integer

Minimum value: 0 Maximum value: 536870911

536870911

lag-out-port-select *

Enable/disable LAG outgoing port selection based on incoming traffic port.

option

disable

Option	Description
disable	Disable LAG outgoing trunk in switch.
enable	Enable LAG outgoing trunk in switch.

max-receive-unit *

Set the maximum packet size for receive, larger packets will be silently dropped.

integer

Minimum value: 64 Maximum value: 10000

10000

max-session-timeout *

Maximum time interval for refreshing NPU-offloaded sessions.

integer

Minimum value: 10 Maximum value: 1000

mcast-session-accounting *

Enable/disable traffic accounting for each multicast session through TAE counter.

option

tpe-based

Option	Description
tpe-based	Enable TPE-based multicast session accounting.
session-based	Enable session-based multicast session accounting.
disable	Disable multicast session accounting.

napi-break-interval *

NAPI break interval.

integer

Minimum value: 0 Maximum value: 65535

np6-cps-optimization-mode *

Enable/disable NP6 connection per second (CPS) optimization mode.

option

disable

Option	Description
enable	Enable NP6 connection per second (CPS) optimization mode.
disable	Disable NP6 connection per second (CPS) optimization mode.

pba-eim *

Configure option for PBA(non-overload)/EIM combination.

option

allow

Option	Description
disallow	Disallow PBA(non-overload)/EIM combination in SNAT policy.
allow	Allow PBA(non-overload)/EIM combination in SNAT policy.

pba-port-select-mode *

Port selection mode for PBA IP pool.

option

direct

Option	Description
random	Randomized port selection mode.
direct	Direct port selection mode.

per-policy-accounting *

Set per-policy accounting.

option

disable

Option	Description
disable	Disable per-policy hit count.
enable	Enable per-policy hit count

per-session-accounting *

Set per-session accounting.

option

traffic-log-only

Option	Description
traffic-log-only	Per-session accounting only for sessions with traffic logging
disable	Disable per-session accounting.
enable	Per-session accounting for all sessions.

ple-non-syn-tcp-action *

Configure action for the PLE to take on TCP packets that have the SYN field unset.

option

forward

Option	Description
forward	PLE forwards all TCP packets to the CPU that have the SYN field unset(default).
drop	PLE drops all TCP packets that have the SYN field unset.

prp-session-clear-mode *

PRP session clear mode for excluded ip sessions.

option

blocking

Option	Description
blocking	Session clearing will block the current task until it is done.
non-blocking	Session clearing executes in another thread and will not block the current task.
do-not-clear	Don't clear sessions

qos-mode *

QoS mode on switch and NP.

option

disable

Option	Description
disable	Disable QoS on switch and NP.
priority	Priority based.
round-robin	Round Robin Scheduler.

qtm-buf-mode *

QTM channel configuration for packet buffer.

option

6ch

Option	Description
6ch	6 DRAM channels for packet buffer.
4ch	4 DRAM channels for packet buffer.

rdp-offload *

Enable/disable RDP offload.

option

enable

Option	Description
enable	Enable reliable datagram protocol traffic offload.
disable	Disable reliable datagram protocol traffic offload.

session-acct-interval *

Session accounting update interval.

integer

Minimum value: 1 Maximum value: 10

session-denied-offload *

Enable/disable offloading of denied sessions. Requires ses-denied-traffic to be set.

option

disable

Option	Description
disable	Disable offloading of denied sessions.
enable	Enable offloading of denied sessions.

shaping-stats *

Enable/disable NP7 traffic shaping statistics.

option

disable

Option	Description
disable	Disable NP7 traffic shaping statistics.
enable	Enable NP7 traffic shaping statistics.

spa-port-select-mode *

Port selection mode for SPA IP pool.

option

direct

Option	Description
random	Randomized port selection mode.
direct	Direct port selection mode.

split-ipsec-engines *

Enable/disable Split IPsec Engines.

option

disable

Option	Description
disable	Disable Split IPsec Engines.
enable	Enable Split IPsec Engines.

sse-backpressure *

Enable/disable SSE backpressure.

option

disable

Option	Description
enable	Enable SSE backpressureg.
disable	Disable SSE backpressureg.

strip-clear-text-padding *

Enable/disable stripping clear text padding.

option

disable

Option	Description
enable	Enable stripping clear text padding.
disable	Disable stripping clear text padding.

strip-esp-padding *

Enable/disable stripping ESP padding.

option

disable

Option	Description
enable	Enable stripping ESP padding.
disable	Disable stripping ESP padding.

sw-np-bandwidth *

Bandwidth from switch to NP.

option

Option	Description
0G	Default value. No bandwidth control.
2G	2Gbps.
4G	4Gbps.
5G	5Gbps.
6G	6Gbps.
7G	7Gbps.
8G	8Gbps.
9G	9Gbps.

switch-np-hash *

Switch-NP trunk port selection Criteria.

option

src-dst-ip

Option	Description
src-ip	Source IP address.
dst-ip	Destination IP address.
src-dst-ip	Source+dest IP address.

tcp-rst-timeout *

TCP RST timeout in seconds.

integer

Minimum value: 0 Maximum value: 3600

tunnel-over-vlink *

Enable/disable selection of which NP6 chip the tunnel uses.

option

enable

Option	Description
enable	Use the bundled NP6 chip for tunnels.
disable	Use the ingress NP6 chip for tunnels.

uesp-offload *

Enable/disable UDP-encapsulated ESP offload.

option

disable

Option	Description
enable	Enable UDP-encapsulated ESP traffic offload.
disable	Disable UDP-encapsulated ESP traffic offload.

ull-port-mode *

Set ULL port's speed to 10G/25G.

option

10G

Option	Description
10G	10G speed setting for ULL ports.
25G	25G speed setting for ULL ports.

vlan-lookup-cache *

Enable/disable vlan lookup cache.

option

enable

Option	Description
enable	Enable VLAN lookup cache.
disable	Disable VLAN lookup cache.

vxlan-offload *

Enable/disable offloading vxlan.

option

enable

Option	Description
enable	Enable Vxlan offload.
disable	Disable Vxlan offload.

* This parameter may not exist in some models.

config background-sse-scan

Parameter

Description

Type

Size

Default

scan

Enable/disable background SSE scan by driver thread.

option

enable

Option	Description
disable	Disable background sse scan.
enable	Enable background sse scan(default).

scan-stale

Configure scanning of active or stale sessions.

integer

Minimum value: 0 Maximum value: 1

scan-vt

Select version/type to scan: bit-0: 44; bit-1: 46; bit-2: 64; bit-3: 66.

integer

Minimum value: 0 Maximum value: 15

stats-qual-access

Statistics update access qualification in seconds.

integer

Minimum value: 0 Maximum value: 1073741823

180

stats-qual-duration

Statistics update duration qualification in seconds.

integer

Minimum value: 0 Maximum value: 1073741823

300

stats-update-interval

Statistics update interval in seconds. Must be greater than or equal to 300.

integer

Minimum value: 300 Maximum value: 1073741823

300

udp-keepalive-interval

UDP keepalive interval in seconds. Must be greater than or equal to 90.

integer

Minimum value: 90 Maximum value: 1073741823

udp-qual-access

UDP keepalive access qualification in seconds.

integer

Minimum value: 0 Maximum value: 1073741823

udp-qual-duration

UDP keepalive duration qualification in seconds.

integer

Minimum value: 0 Maximum value: 1073741823

config dos-options

Parameter

Description

Type

Size

Default

npu-dos-meter-mode

Set DoS meter NPU offloading mode.

option

global

Option	Description
global	Install DoS meter to all NPs.
local	Install DoS meter only to the NP assigned to the traffic.

npu-dos-tpe-mode

Enable/disable insertion of DoS meter ID to session table.

option

enable

Option	Description
enable	Enable insertion of DoS meter ID to session table.
disable	Disable insertion of DoS meter ID to session table.

config dsw-dts-profile

Parameter

Description

Type

Size

Default

action

Set NPU DSW DTS profile action.

option

wait

Option	Description
wait	DSW DTS profile WAIT indefinitely.
drop	DSW DTS profile DROP immediately.
drop_tmr_0	DSW DTS profile DROP after interval #0 time-out.
drop_tmr_1	DSW DTS profile DROP after interval #1 time-out.
enque	DSW DTS profile ENQUE immediately.
enque_0	DSW DTS profile ENQUE after interval #0 time-out.
enque_1	DSW DTS profile ENQUE after interval #1 time-out.

min-limit

Set NPU DSW DTS profile min-limt.

integer

Minimum value: 32 Maximum value: 2048

profile-id

Set NPU DSW DTS profile profile id.

integer

Minimum value: 1 Maximum value: 32

step

Set NPU DSW DTS profile step.

integer

Minimum value: 0 Maximum value: 64

config dsw-queue-dts-profile

Parameter

Description

Type

Size

Default

iport

Set NPU DSW DTS in port.

option

eif0 **

Option	Description
eif0	DSW IPORT EIF0.
eif1	DSW IPORT EIF1.
eif2	DSW IPORT EIF2.
eif3	DSW IPORT EIF3.
eif4	DSW IPORT EIF4.
eif5	DSW IPORT EIF5.
eif6	DSW IPORT EIF6.
eif7	DSW IPORT EIF7.
htx0	DSW IPORT HTX0.
htx1	DSW IPORT HTX1.
sse0	DSW IPORT SSE0.
sse1	DSW IPORT SSE1.
sse2	DSW IPORT SSE2.
sse3	DSW IPORT SSE3.
rlt	DSW IPORT RLT.
dfr	DSW IPORT DFR.
ipseci	DSW IPORT IPSECI.
ipseco	DSW IPORT IPSECO.
ipti	DSW IPORT IPTI.
ipto	DSW IPORT IPTO.
vep0	DSW IPORT VEP0.
vep2	DSW IPORT VEP2.
vep4	DSW IPORT VEP4.
vep6	DSW IPORT VEP6.
ivs	DSW IPORT IVS.
l2ti1	DSW IPORT L2TI1.
l2to	DSW IPORT L2TO.
l2ti0	DSW IPORT L2TI0.
ple	DSW IPORT PLE.
spath	DSW IPORT SPATH.
qtm	DSW IPORT QTM.

name

Name.

string

Maximum length: 35

oport

Set NPU DSW DTS out port.

option

eif0 **

Option	Description
eif0	DSW OPORT EIF0.
eif1	DSW OPORT EIF1.
eif2	DSW OPORT EIF2.
eif3	DSW OPORT EIF3.
eif4	DSW OPORT EIF4.
eif5	DSW OPORT EIF5.
eif6	DSW OPORT EIF6.
eif7	DSW OPORT EIF7.
hrx	DSW OPORT HRX.
sse0	DSW OPORT SSE0.
sse1	DSW OPORT SSE1.
sse2	DSW OPORT SSE2.
sse3	DSW OPORT SSE3.
rlt	DSW OPORT RLT.
dfr	DSW OPORT DFR.
ipseci	DSW OPORT IPSECI.
ipseco	DSW OPORT IPSECO.
ipti	DSW OPORT IPTI.
ipto	DSW OPORT IPTO.
vep0	DSW OPORT VEP0.
vep2	DSW OPORT VEP2.
vep4	DSW OPORT VEP4.
vep6	DSW OPORT VEP6.
ivs	DSW OPORT IVS.
l2ti1	DSW OPORT L2TI1.
l2to	DSW OPORT L2TO.
l2ti0	DSW OPORT L2TI0.
ple	DSW OPORT PLE.
sync	DSW OPORT SYNK.
nss	DSW OPORT NSS.
tsk	DSW OPORT TSK.
qtm	DSW OPORT QTM.

profile-id

Set NPU DSW DTS profile ID.

integer

Minimum value: 1 Maximum value: 32

queue-select

Set NPU DSW DTS queue ID select.

integer

Minimum value: 0 Maximum value: 4095

** Values may differ between models.

config fp-anomaly

Parameter

Description

Type

Size

Default

icmp-csum-err

Invalid IPv4 ICMP checksum anomalies.

option

drop

Option	Description
drop	Drop IPv4 invalid ICMP checksum.
trap-to-host	Forward IPv4 invalid ICMP checksum to main CPU for processing.

icmp-frag *

Layer 3 fragmented packets that could be part of layer 4 ICMP anomalies.

option

allow

Option	Description
allow	Allow L3 fragment packet with L4 protocol as ICMP attack to pass.
drop	Drop L3 fragment packet with L4 protocol as ICMP attack.
trap-to-host	Forward L3 fragment packet with L4 protocol as ICMP attack to FortiOS.

icmp-land *

ICMP land anomalies.

option

trap-to-host

Option	Description
allow	Allow ICMP land attack to pass.
drop	Drop ICMP land attack.
trap-to-host	Forward ICMP land attack to FortiOS.

ipv4-csum-err

Invalid IPv4 IP checksum anomalies.

option

drop

Option	Description
drop	Drop IPv4 invalid IP checksum.
trap-to-host	Forward IPv4 invalid IP checksum to main CPU for processing.

ipv4-land *

Land anomalies.

option

trap-to-host

Option	Description
allow	Allow IPv4 land attack to pass.
drop	Drop IPv4 land attack.
trap-to-host	Forward IPv4 land attack to FortiOS.

ipv4-optlsrr *

Loose source record route option anomalies.

option

trap-to-host

Option	Description
allow	Allow IPv4 with loose source record route option to pass.
drop	Drop IPv4 with loose source record route option.
trap-to-host	Forward IPv4 with loose source record route option to FortiOS.

ipv4-optrr *

Record route option anomalies.

option

trap-to-host

Option	Description
allow	Allow IPv4 with record route option to pass.
drop	Drop IPv4 with record route option.
trap-to-host	Forward IPv4 with record route option to FortiOS.

ipv4-optsecurity *

Security option anomalies.

option

trap-to-host

Option	Description
allow	Allow IPv4 with security option to pass.
drop	Drop IPv4 with security option.
trap-to-host	Forward IPv4 with security option to FortiOS.

ipv4-optssrr *

Strict source record route option anomalies.

option

trap-to-host

Option	Description
allow	Allow IPv4 with strict source record route option to pass.
drop	Drop IPv4 with strict source record route option.
trap-to-host	Forward IPv4 with strict source record route option to FortiOS.

ipv4-optstream *

Stream option anomalies.

option

trap-to-host

Option	Description
allow	Allow IPv4 with stream option to pass.
drop	Drop IPv4 with stream option.
trap-to-host	Forward IPv4 with stream option to FortiOS.

ipv4-opttimestamp *

Timestamp option anomalies.

option

trap-to-host

Option	Description
allow	Allow IPv4 with timestamp option to pass.
drop	Drop IPv4 with timestamp option.
trap-to-host	Forward IPv4 with timestamp option to FortiOS.

ipv4-proto-err *

Invalid layer 4 protocol anomalies.

option

trap-to-host

Option	Description
allow	Allow IPv4 invalid L4 protocol to pass.
drop	Drop IPv4 invalid L4 protocol.
trap-to-host	Forward IPv4 invalid L4 protocol to FortiOS.

ipv4-unknopt *

Unknown option anomalies.

option

trap-to-host

Option	Description
allow	Allow IPv4 with unknown options to pass.
drop	Drop IPv4 with unknown options.
trap-to-host	Forward IPv4 with unknown options to FortiOS.

ipv6-daddr-err *

Destination address as unspecified or loopback address anomalies.

option

trap-to-host

Option	Description
allow	Allow IPv6 with destination address as unspecified or loopback address to pass.
drop	Drop IPv6 with destination address as unspecified or loopback address.
trap-to-host	Forward IPv6 with destination address as unspecified or loopback address to FortiOS.

ipv6-land *

Land anomalies.

option

trap-to-host

Option	Description
allow	Allow IPv6 land attack to pass.
drop	Drop IPv6 land attack.
trap-to-host	Forward IPv6 land attack to FortiOS.

ipv6-optendpid *

End point identification anomalies.

option

trap-to-host

Option	Description
allow	Allow IPv6 with end point identification option to pass.
drop	Drop IPv6 with end point identification option.
trap-to-host	Forward IPv6 with end point identification option to FortiOS.

ipv6-opthomeaddr *

Home address option anomalies.

option

trap-to-host

Option	Description
allow	Allow IPv6 with home address option to pass.
drop	Drop IPv6 with home address option.
trap-to-host	Forward IPv6 with home address option to FortiOS.

ipv6-optinvld *

Invalid option anomalies.Invalid option anomalies.

option

trap-to-host

Option	Description
allow	Allow IPv6 with invalid option to pass.
drop	Drop IPv6 with invalid option.
trap-to-host	Forward IPv6 with invalid option to FortiOS.

ipv6-optjumbo *

Jumbo options anomalies.

option

trap-to-host

Option	Description
allow	Allow IPv6 with jumbo option to pass.
drop	Drop IPv6 with jumbo option.
trap-to-host	Forward IPv6 with jumbo option to FortiOS.

ipv6-optnsap *

Network service access point address option anomalies.

option

trap-to-host

Option	Description
allow	Allow IPv6 with network service access point address option to pass.
drop	Drop IPv6 with network service access point address option.
trap-to-host	Forward IPv6 with network service access point address option to FortiOS.

ipv6-optralert *

Router alert option anomalies.

option

trap-to-host

Option	Description
allow	Allow IPv6 with router alert option to pass.
drop	Drop IPv6 with router alert option.
trap-to-host	Forward IPv6 with router alert option to FortiOS.

ipv6-opttunnel *

Tunnel encapsulation limit option anomalies.

option

trap-to-host

Option	Description
allow	Allow IPv6 with tunnel encapsulation limit to pass.
drop	Drop IPv6 with tunnel encapsulation limit.
trap-to-host	Forward IPv6 with tunnel encapsulation limit to FortiOS.

ipv6-proto-err *

Layer 4 invalid protocol anomalies.

option

trap-to-host

Option	Description
allow	Allow IPv6 L4 invalid protocol to pass.
drop	Drop IPv6 L4 invalid protocol.
trap-to-host	Forward IPv6 L4 invalid protocol to FortiOS.

ipv6-saddr-err *

Source address as multicast anomalies.

option

trap-to-host

Option	Description
allow	Allow IPv6 with source address as multicast to pass.
drop	Drop IPv6 with source address as multicast.
trap-to-host	Forward IPv6 with source address as multicast to FortiOS.

ipv6-unknopt *

Unknown option anomalies.

option

trap-to-host

Option	Description
allow	Allow IPv6 with unknown options to pass.
drop	Drop IPv6 with unknown options.
trap-to-host	Forward IPv6 with unknown options to FortiOS.

sctp-csum-err *

Invalid IPv4 SCTP checksum anomalies.

option

drop

Option	Description
allow	Allow IPv4 invalid SCTP checksum.
drop	Drop IPv4 invalid SCTP checksum.
trap-to-host	Forward IPv4 invalid SCTP checksum to main CPU for processing.

tcp-csum-err

Invalid IPv4 TCP checksum anomalies.

option

drop

Option	Description
drop	Drop IPv4 invalid TCP checksum.
trap-to-host	Forward IPv4 invalid TCP checksum to main CPU for processing.

tcp-fin-noack *

TCP SYN flood with FIN flag set without ACK setting anomalies.

option

trap-to-host

Option	Description
allow	Allow TCP packets with FIN flag set without ack setting to pass.
drop	Drop TCP packets with FIN flag set without ack setting.
trap-to-host	Forward TCP packets with FIN flag set without ack setting to FortiOS.

tcp-fin-only *

TCP SYN flood with only FIN flag set anomalies.

option

trap-to-host

Option	Description
allow	Allow TCP packets with FIN flag set only to pass.
drop	Drop TCP packets with FIN flag set only.
trap-to-host	Forward TCP packets with FIN flag set only to FortiOS.

tcp-land *

TCP land anomalies.

option

trap-to-host

Option	Description
allow	Allow TCP land attack to pass.
drop	Drop TCP land attack.
trap-to-host	Forward TCP land attack to FortiOS.

tcp-no-flag *

TCP SYN flood with no flag set anomalies.

option

allow

Option	Description
allow	Allow TCP packets without flag set to pass.
drop	Drop TCP packets without flag set.
trap-to-host	Forward TCP packets without flag set to FortiOS.

tcp-syn-data *

TCP SYN flood packets with data anomalies.

option

allow

Option	Description
allow	Allow TCP syn packets with data to pass.
drop	Drop TCP syn packets with data.
trap-to-host	Forward TCP syn packets with data to FortiOS.

tcp-syn-fin *

TCP SYN flood SYN/FIN flag set anomalies.

option

allow

Option	Description
allow	Allow TCP packets with syn_fin flag set to pass.
drop	Drop TCP packets with syn_fin flag set.
trap-to-host	Forward TCP packets with syn_fin flag set to FortiOS.

tcp-winnuke *

TCP WinNuke anomalies.

option

trap-to-host

Option	Description
allow	Allow TCP packets winnuke attack to pass.
drop	Drop TCP packets winnuke attack.
trap-to-host	Forward TCP packets winnuke attack to FortiOS.

udp-csum-err

Invalid IPv4 UDP checksum anomalies.

option

drop

Option	Description
drop	Drop IPv4 invalid UDP checksum.
trap-to-host	Forward IPv4 invalid UDP checksum to main CPU for processing.

udp-land *

UDP land anomalies.

option

trap-to-host

Option	Description
allow	Allow UDP land attack to pass.
drop	Drop UDP land attack.
trap-to-host	Forward UDP land attack to FortiOS.

* This parameter may not exist in some models.

config hpe

Parameter

Description

Type

Size

Default

all-protocol

Maximum packet rate of each host queue except high priority traffic, set 0 to disable.

integer

Minimum value: 0 Maximum value: 32000000

400000 **

arp-max

Maximum ARP packet rate. Entry is valid when ARP is removed from high-priority traffic.

integer

Minimum value: 1000 Maximum value: 32000000

5000

enable-shaper

Enable/Disable NPU Host Protection Engine (HPE) for packet type shaper.

option

disable

Option	Description
disable	Disable NPU HPE shaping based on packet type.
enable	Enable NPU HPE shaping based on packet type.

esp-max

Maximum ESP packet rate.

integer

Minimum value: 1000 Maximum value: 32000000

5000

high-priority

Maximum packet rate for high priority traffic packets.

integer

Minimum value: 1000 Maximum value: 32000000

400000 **

icmp-max

Maximum ICMP packet rate.

integer

Minimum value: 1000 Maximum value: 32000000

5000

ip-frag-max

Maximum fragmented IP packet rate.

integer

Minimum value: 1000 Maximum value: 32000000

5000

ip-others-max

Maximum IP packet rate for other packets.

integer

Minimum value: 1000 Maximum value: 32000000

5000

l2-others-max

Maximum L2 packet rate for L2 packets that are not ARP packets.

integer

Minimum value: 1000 Maximum value: 32000000

5000

sctp-max

Maximum SCTP packet rate.

integer

Minimum value: 1000 Maximum value: 32000000

5000

tcp-max

Maximum TCP packet rate.

integer

Minimum value: 1000 Maximum value: 32000000

40000

tcpfin-rst-max

Maximum TCP carries FIN or RST flags packet rate.

integer

Minimum value: 1000 Maximum value: 32000000

40000

tcpsyn-ack-max

Maximum TCP carries SYN and ACK flags packet rate.

integer

Minimum value: 1000 Maximum value: 32000000

40000

tcpsyn-max

Maximum TCP SYN packet rate.

integer

Minimum value: 1000 Maximum value: 32000000

40000

udp-max

Maximum UDP packet rate.

integer

Minimum value: 1000 Maximum value: 32000000

40000

** Values may differ between models.

config icmp-error-rate-ctrl

Parameter

Description

Type

Size

Default

icmpv4-error-bucket-size

Bucket size used in the token bucket algorithm for controlling the flow of ICMPv4 error packets.

integer

Minimum value: 1 Maximum value: 100

icmpv4-error-rate

Average rate of ICMPv4 error packets that allowed to be generated per second.

integer

Minimum value: 1 Maximum value: 100

icmpv4-error-rate-limit

Enable to limit the ICMPv4 error packets generated by this FortiGate.

option

enable

Option	Description
enable	Enable rate limiting for ICMPv4 error packets generated by this FortiGate.
disable	Disable rate limiting for ICMPv4 error packets generated by this FortiGate.

icmpv6-error-bucket-size

Bucket size used in the token bucket algorithm for controlling the flow of ICMPv6 error packets.

integer

Minimum value: 1 Maximum value: 100

icmpv6-error-rate

Average rate of ICMPv6 error packets that allowed to be generated per second.

integer

Minimum value: 1 Maximum value: 100

icmpv6-error-rate-limit

Enable to limit the ICMPv6 error packets generated by this FortiGate.

option

enable

Option	Description
enable	Enable rate limiting for ICMPv6 error packets generated by this FortiGate.
disable	Disable rate limiting for ICMPv6 error packets generated by this FortiGate.

config ip-reassembly

Parameter

Description

Type

Size

Default

max-timeout

Maximum timeout value for IP reassembly (5 us - 600,000,000 us).

integer

Minimum value: 5 Maximum value: 600000000

200000

min-timeout

Minimum timeout value for IP reassembly (5 us - 600,000,000 us).

integer

Minimum value: 5 Maximum value: 600000000

status

Set IP reassembly processing status.

option

disable

Option	Description
disable	Disable IP reassembly.
enable	Enable IP reassembly.

config isf-np-queues

Parameter	Description	Type	Size
cos0	CoS profile name for CoS 0.	string	Maximum length: 35
cos1	CoS profile name for CoS 1.	string	Maximum length: 35
cos2	CoS profile name for CoS 2.	string	Maximum length: 35
cos3	CoS profile name for CoS 3.	string	Maximum length: 35
cos4	CoS profile name for CoS 4.	string	Maximum length: 35
cos5	CoS profile name for CoS 5.	string	Maximum length: 35
cos6	CoS profile name for CoS 6.	string	Maximum length: 35
cos7	CoS profile name for CoS 7.	string	Maximum length: 35

config ethernet-type

Parameter	Description	Type	Size	Default
name	Ethernet Type Name.	string	Maximum length: 35
queue	Queue Number.	integer	Minimum value: 0 Maximum value: 11	0
type	Ethernet Type.	ether-type	Not Specified	0
weight	Class Weight.	integer	Minimum value: 0 Maximum value: 15	15

config ip-protocol

Parameter	Description	Type	Size	Default
name	IP Protocol Name.	string	Maximum length: 35
protocol	IP Protocol.	integer	Minimum value: 0 Maximum value: 255	0
queue	Queue Number.	integer	Minimum value: 0 Maximum value: 11	0
weight	Class Weight.	integer	Minimum value: 0 Maximum value: 15	14

config ip-service

Parameter	Description	Type	Size	Default
dport	Destination port.	integer	Minimum value: 0 Maximum value: 65535	0
name	IP service name.	string	Maximum length: 35
protocol	IP protocol.	integer	Minimum value: 0 Maximum value: 255	0
queue	Queue number.	integer	Minimum value: 0 Maximum value: 11	0
sport	Source port.	integer	Minimum value: 0 Maximum value: 65535	0
weight	Class weight.	integer	Minimum value: 0 Maximum value: 15	13

config profile

Parameter

Description

Type

Size

Default

cos0

Queue number of CoS 0.

option

queue0

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

cos1

Queue number of CoS 1.

option

queue1

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

cos2

Queue number of CoS 2.

option

queue2

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

cos3

Queue number of CoS 3.

option

queue3

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

cos4

Queue number of CoS 4.

option

queue4

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

cos5

Queue number of CoS 5.

option

queue5

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

cos6

Queue number of CoS 6.

option

queue6

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

cos7

Queue number of CoS 7.

option

queue7

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp0

Queue number of DSCP 0.

option

queue0

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp1

Queue number of DSCP 1.

option

queue1

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp10

Queue number of DSCP 10.

option

queue2

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp11

Queue number of DSCP 11.

option

queue3

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp12

Queue number of DSCP 12.

option

queue4

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp13

Queue number of DSCP 13.

option

queue5

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp14

Queue number of DSCP 14.

option

queue6

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp15

Queue number of DSCP 15.

option

queue7

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp16

Queue number of DSCP 16.

option

queue0

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp17

Queue number of DSCP 17.

option

queue1

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp18

Queue number of DSCP 18.

option

queue2

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp19

Queue number of DSCP 19.

option

queue3

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp2

Queue number of DSCP 2.

option

queue2

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp20

Queue number of DSCP 20.

option

queue4

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp21

Queue number of DSCP 21.

option

queue5

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp22

Queue number of DSCP 22.

option

queue6

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp23

Queue number of DSCP 23.

option

queue7

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp24

Queue number of DSCP 24.

option

queue0

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp25

Queue number of DSCP 25.

option

queue1

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp26

Queue number of DSCP 26.

option

queue2

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp27

Queue number of DSCP 27.

option

queue3

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp28

Queue number of DSCP 28.

option

queue4

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp29

Queue number of DSCP 29.

option

queue5

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp3

Queue number of DSCP 3.

option

queue3

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp30

Queue number of DSCP 30.

option

queue6

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp31

Queue number of DSCP 31.

option

queue7

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp32

Queue number of DSCP 32.

option

queue0

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp33

Queue number of DSCP 33.

option

queue1

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp34

Queue number of DSCP 34.

option

queue2

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp35

Queue number of DSCP 35.

option

queue3

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp36

Queue number of DSCP 36.

option

queue4

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp37

Queue number of DSCP 37.

option

queue5

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp38

Queue number of DSCP 38.

option

queue6

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp39

Queue number of DSCP 39.

option

queue7

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp4

Queue number of DSCP 4.

option

queue4

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp40

Queue number of DSCP 40.

option

queue0

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp41

Queue number of DSCP 41.

option

queue1

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp42

Queue number of DSCP 42.

option

queue2

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp43

Queue number of DSCP 43.

option

queue3

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp44

Queue number of DSCP 44.

option

queue4

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp45

Queue number of DSCP 45.

option

queue5

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp46

Queue number of DSCP 46.

option

queue6

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp47

Queue number of DSCP 47.

option

queue7

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp48

Queue number of DSCP 48.

option

queue0

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp49

Queue number of DSCP 49.

option

queue1

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp5

Queue number of DSCP 5.

option

queue5

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp50

Queue number of DSCP 50.

option

queue2

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp51

Queue number of DSCP 51.

option

queue3

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp52

Queue number of DSCP 52.

option

queue4

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp53

Queue number of DSCP 53.

option

queue5

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp54

Queue number of DSCP 54.

option

queue6

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp55

Queue number of DSCP 55.

option

queue7

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp56

Queue number of DSCP 56.

option

queue0

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp57

Queue number of DSCP 57.

option

queue1

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp58

Queue number of DSCP 58.

option

queue2

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp59

Queue number of DSCP 59.

option

queue3

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp6

Queue number of DSCP 6.

option

queue6

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp60

Queue number of DSCP 60.

option

queue4

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp61

Queue number of DSCP 61.

option

queue5

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp62

Queue number of DSCP 62.

option

queue6

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp63

Queue number of DSCP 63.

option

queue7

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp7

Queue number of DSCP 7.

option

queue7

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp8

Queue number of DSCP 8.

option

queue0

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

dscp9

Queue number of DSCP 9.

option

queue1

Option	Description
queue0	Queue number 0.
queue1	Queue number 1.
queue2	Queue number 2.
queue3	Queue number 3.
queue4	Queue number 4.
queue5	Queue number 5.
queue6	Queue number 6.
queue7	Queue number 7.

Profile ID.

integer

Minimum value: 0 Maximum value: 255

type

Profile type.

option

cos

Option	Description
cos	VLAN priority.
dscp	IP differentiated services code point.

weight

Class weight.

integer

Minimum value: 0 Maximum value: 15

config scheduler

Parameter

Description

Type

Size

Default

mode

Scheduler mode.

option

none

Option	Description
none	Disable QoS on NP7.
priority	Priority Based.
round-robin	Round Robin Scheduler.

name

Scheduler name.

string

Maximum length: 35

config npu-tcam

Parameter

Description

Type

Size

Default

name

NPU TCAM policies name.

string

Maximum length: 35

oid

NPU TCAM OID.

integer

Minimum value: 0 Maximum value: 4095

type

TCAM policy type.

option

L2_src_tc

Option	Description
L2_src_tc	L2 source port traffic class.
L2_tgt_tc	L2 target port traffic class.
L2_src_mir	L2 source port mirroring.
L2_tgt_mir	L2 target port mirroring.
L2_src_act	L2 source port action.
L2_tgt_act	L2 target port action.
IPv4_src_tc	IPv4 source port traffic class.
IPv4_tgt_tc	IPv4 target port traffic class.
IPv4_src_mir	IPv4 source port mirroring.
IPv4_tgt_mir	IPv4 target port mirroring.
IPv4_src_act	IPv4 source port action.
IPv4_tgt_act	IPv4 target port action.
IPv6_src_tc	IPv6 source port traffic class.
IPv6_tgt_tc	IPv6 target port traffic class.
IPv6_src_mir	IPv6 source port mirroring.
IPv6_tgt_mir	IPv6 target port mirroring.
IPv6_src_act	IPv6 source port action.
IPv6_tgt_act	IPv6 target port action.

vid

NPU TCAM VID.

integer

Minimum value: 0 Maximum value: 4095

config data

Parameter

Description

Type

Size

Default

tcam data ip flag df.

option

disable

Option	Description
enable	Enable ip header df bit.
disable	Disable ip header df bit.

dstip

tcam data dst ipv4 address.

ipv4-address-any

Not Specified

0.0.0.0

dstipv6

tcam data dst ipv6 address.

ipv6-address

Not Specified

dstmac

tcam data dst macaddr.

mac-address

Not Specified

00:00:00:00:00:00

dstport

tcam data L4 dst port.

integer

Minimum value: 0 Maximum value: 65535

ethertype

tcam data ethertype.

ether-type

Not Specified

ext-tag

tcam data extension tag.

option

disable

Option	Description
enable	Ftag ext_tag enable.
disable	Ftag ext_tag disable.

frag-off

tcam data ip flag fragment offset.

integer

Minimum value: 0 Maximum value: 31

gen-buf-cnt

tcam data gen info buffer count.

integer

Minimum value: 0 Maximum value: 3

gen-iv

tcam data gen info iv.

option

invalid

Option	Description
valid	gen_i valid.
invalid	gen_i valid.

gen-l3-flags

tcam data gen info L3 flags.

integer

Minimum value: 0 Maximum value: 15

gen-l4-flags

tcam data gen info L4 flags.

integer

Minimum value: 0 Maximum value: 15

gen-pkt-ctrl

tcam data gen info packet control.

integer

Minimum value: 0 Maximum value: 65535

gen-pri

tcam data gen info priority.

integer

Minimum value: 0 Maximum value: 7

gen-pri-v

tcam data gen info priority valid.

option

invalid

Option	Description
valid	gen_priv valid.
invalid	gen_priv invalid.

gen-tv

tcam data gen info tv.

option

invalid

Option	Description
valid	gen_t valid.
invalid	gen_t invalid.

ihl

tcam data ipv4 IHL.

integer

Minimum value: 0 Maximum value: 15

ip4-id

tcam data ipv4 id.

integer

Minimum value: 0 Maximum value: 65535

ip6-fl

tcam data ipv6 flow label.

integer

Minimum value: 0 Maximum value: 1048575

ipver

tcam data ip header version.

integer

Minimum value: 0 Maximum value: 15

l4-wd10

tcam data L4 word10.

integer

Minimum value: 0 Maximum value: 65535

l4-wd11

tcam data L4 word11.

integer

Minimum value: 0 Maximum value: 65535

l4-wd8

tcam data L4 word8.

integer

Minimum value: 0 Maximum value: 65535

l4-wd9

tcam data L4 word9.

integer

Minimum value: 0 Maximum value: 65535

tcam data ip flag mf.

option

disable

Option	Description
enable	Enable ip header mf bit.
disable	Disable ip header mf bit.

protocol

tcam data ip protocol.

integer

Minimum value: 0 Maximum value: 255

slink

tcam data sublink.

integer

Minimum value: 0 Maximum value: 7

smac-change

tcam data source MAC change.

option

disable

Option	Description
enable	Ftag smac change enable.
disable	Ftag smac change disable.

tcam data source port.

integer

Minimum value: 0 Maximum value: 4095

src-cfi

tcam data source cfi.

option

disable

Option	Description
enable	Ftag src_cfi enable.
disable	Ftag src_cfi disable.

src-prio

tcam data source priority.

integer

Minimum value: 0 Maximum value: 7

src-updt

tcam data source update.

option

disable

Option	Description
enable	Ftag src_updt enable.
disable	Ftag src_updt disable.

srcip

tcam data src ipv4 address.

ipv4-address-any

Not Specified

0.0.0.0

srcipv6

tcam data src ipv6 address.

ipv6-address

Not Specified

srcmac

tcam data src macaddr.

mac-address

Not Specified

00:00:00:00:00:00

srcport

tcam data L4 src port.

integer

Minimum value: 0 Maximum value: 65535

svid

tcam data source vid.

integer

Minimum value: 0 Maximum value: 4095

tcp-ack

tcam data tcp flag ack.

option

disable

Option	Description
enable	Enable tcp header ack bit.
disable	Disable tcp header ack bit.

tcp-cwr

tcam data tcp flag cwr.

option

disable

Option	Description
enable	Enable tcp header cwr bit.
disable	Disable tcp header cwr bit.

tcp-ece

tcam data tcp flag ece.

option

disable

Option	Description
enable	Enable tcp header ece bit.
disable	Disable tcp header ece bit.

tcp-fin

tcam data tcp flag fin.

option

disable

Option	Description
enable	Enable tcp header fin bit.
disable	Disable tcp header fin bit.

tcp-push

tcam data tcp flag push.

option

disable

Option	Description
enable	Enable tcp header push bit.
disable	Disable tcp header push bit.

tcp-rst

tcam data tcp flag rst.

option

disable

Option	Description
enable	Enable tcp header rst bit.
disable	Disable tcp header rst bit.

tcp-syn

tcam data tcp flag syn.

option

disable

Option	Description
enable	Enable tcp header syn bit.
disable	Disable tcp header syn bit.

tcp-urg

tcam data tcp flag urg.

option

disable

Option	Description
enable	Enable tcp header urg bit.
disable	Disable tcp header urg bit.

tgt-cfi

tcam data target cfi.

option

disable

Option	Description
enable	Ftag tgt_cfi enable.
disable	Ftag tgt_cfi disable.

tgt-prio

tcam data target priority.

integer

Minimum value: 0 Maximum value: 7

tgt-updt

tcam data target port update.

option

disable

Option	Description
enable	Ftag tgt update enable.
disable	Ftag tgt update disable.

tgt-v

tcam data target valid.

option

invalid

Option	Description
valid	Ftag tgt valid.
invalid	Ftag tgt valid.

tos

tcam data ip tos.

integer

Minimum value: 0 Maximum value: 255

tcam data target port.

integer

Minimum value: 0 Maximum value: 4095

ttl

tcam data ip ttl.

integer

Minimum value: 0 Maximum value: 255

tvid

tcam data target vid.

integer

Minimum value: 0 Maximum value: 4095

vdid

tcam data vdom id.

integer

Minimum value: 0 Maximum value: 65535

config mask

Parameter

Description

Type

Size

Default

tcam mask ip flag df.

option

disable

Option	Description
enable	Enable ip header df bit.
disable	Disable ip header df bit.

dstip

tcam mask dst ipv4 address.

ipv4-address-any

Not Specified

0.0.0.0

dstipv6

tcam mask dst ipv6 address.

ipv6-address

Not Specified

dstmac

tcam mask dst macaddr.

mac-address

Not Specified

00:00:00:00:00:00

dstport

tcam mask L4 dst port.

integer

Minimum value: 0 Maximum value: 65535

ethertype

tcam mask ethertype.

ether-type

Not Specified

ext-tag

tcam mask extension tag.

option

disable

Option	Description
enable	Ftag ext_tag enable.
disable	Ftag ext_tag disable.

frag-off

tcam data ip flag fragment offset.

integer

Minimum value: 0 Maximum value: 31

gen-buf-cnt

tcam mask gen info buffer count.

integer

Minimum value: 0 Maximum value: 3

gen-iv

tcam mask gen info iv.

option

invalid

Option	Description
valid	gen_i valid.
invalid	gen_i valid.

gen-l3-flags

tcam mask gen info L3 flags.

integer

Minimum value: 0 Maximum value: 15

gen-l4-flags

tcam mask gen info L4 flags.

integer

Minimum value: 0 Maximum value: 15

gen-pkt-ctrl

tcam mask gen info packet control.

integer

Minimum value: 0 Maximum value: 65535

gen-pri

tcam mask gen info priority.

integer

Minimum value: 0 Maximum value: 7

gen-pri-v

tcam mask gen info priority valid.

option

invalid

Option	Description
valid	gen_priv valid.
invalid	gen_priv invalid.

gen-tv

tcam mask gen info tv.

option

invalid

Option	Description
valid	gen_t valid.
invalid	gen_t invalid.

ihl

tcam mask ipv4 IHL.

integer

Minimum value: 0 Maximum value: 15

ip4-id

tcam mask ipv4 id.

integer

Minimum value: 0 Maximum value: 65535

ip6-fl

tcam mask ipv6 flow label.

integer

Minimum value: 0 Maximum value: 1048575

ipver

tcam mask ip header version.

integer

Minimum value: 0 Maximum value: 15

l4-wd10

tcam mask L4 word10.

integer

Minimum value: 0 Maximum value: 65535

l4-wd11

tcam mask L4 word11.

integer

Minimum value: 0 Maximum value: 65535

l4-wd8

tcam mask L4 word8.

integer

Minimum value: 0 Maximum value: 65535

l4-wd9

tcam mask L4 word9.

integer

Minimum value: 0 Maximum value: 65535

tcam mask ip flag mf.

option

disable

Option	Description
enable	Enable ip header mf bit.
disable	Disable ip header mf bit.

protocol

tcam mask ip protocol.

integer

Minimum value: 0 Maximum value: 255

slink

tcam mask sublink.

integer

Minimum value: 0 Maximum value: 7

smac-change

tcam mask source MAC change.

option

disable

Option	Description
enable	Ftag smac change enable.
disable	Ftag smac change disable.

tcam mask source port.

integer

Minimum value: 0 Maximum value: 4095

src-cfi

tcam mask source cfi.

option

disable

Option	Description
enable	Ftag src_cfi enable.
disable	Ftag src_cfi disable.

src-prio

tcam mask source priority.

integer

Minimum value: 0 Maximum value: 7

src-updt

tcam mask source update.

option

disable

Option	Description
enable	Ftag src_updt enable.
disable	Ftag src_updt disable.

srcip

tcam mask src ipv4 address.

ipv4-address-any

Not Specified

0.0.0.0

srcipv6

tcam mask src ipv6 address.

ipv6-address

Not Specified

srcmac

tcam mask src macaddr.

mac-address

Not Specified

00:00:00:00:00:00

srcport

tcam mask L4 src port.

integer

Minimum value: 0 Maximum value: 65535

svid

tcam mask source vid.

integer

Minimum value: 0 Maximum value: 4095

tcp-ack

tcam mask tcp flag ack.

option

disable

Option	Description
enable	Enable tcp header ack bit.
disable	Disable tcp header ack bit.

tcp-cwr

tcam mask tcp flag cwr.

option

disable

Option	Description
enable	Enable tcp header cwr bit.
disable	Disable tcp header cwr bit.

tcp-ece

tcam mask tcp flag ece.

option

disable

Option	Description
enable	Enable tcp header ece bit.
disable	Disable tcp header ece bit.

tcp-fin

tcam mask tcp flag fin.

option

disable

Option	Description
enable	Enable tcp header fin bit.
disable	Disable tcp header fin bit.

tcp-push

tcam mask tcp flag push.

option

disable

Option	Description
enable	Enable tcp header push bit.
disable	Disable tcp header push bit.

tcp-rst

tcam mask tcp flag rst.

option

disable

Option	Description
enable	Enable tcp header rst bit.
disable	Disable tcp header rst bit.

tcp-syn

tcam mask tcp flag syn.

option

disable

Option	Description
enable	Enable tcp header syn bit.
disable	Disable tcp header syn bit.

tcp-urg

tcam mask tcp flag urg.

option

disable

Option	Description
enable	Enable tcp header urg bit.
disable	Disable tcp header urg bit.

tgt-cfi

tcam mask target cfi.

option

disable

Option	Description
enable	Ftag tgt_cfi enable.
disable	Ftag tgt_cfi disable.

tgt-prio

tcam mask target priority.

integer

Minimum value: 0 Maximum value: 7

tgt-updt

tcam mask target port update.

option

disable

Option	Description
enable	Ftag tgt update enable.
disable	Ftag tgt update disable.

tgt-v

tcam mask target valid.

option

invalid

Option	Description
valid	Ftag tgt valid.
invalid	Ftag tgt valid.

tos

tcam mask ip tos.

integer

Minimum value: 0 Maximum value: 255

tcam mask target port.

integer

Minimum value: 0 Maximum value: 4095

ttl

tcam mask ip ttl.

integer

Minimum value: 0 Maximum value: 255

tvid

tcam mask target vid.

integer

Minimum value: 0 Maximum value: 4095

vdid

tcam mask vdom id.

integer

Minimum value: 0 Maximum value: 65535

config mir-act

Parameter	Description	Type	Size	Default
vlif	tcam mirror action vlif.	integer	Minimum value: 0 Maximum value: 16777215	0

config pri-act

Parameter	Description	Type	Size	Default
priority	tcam priority action priority.	integer	Minimum value: 0 Maximum value: 15	0
weight	tcam priority action weight.	integer	Minimum value: 0 Maximum value: 15	0

config sact

Parameter

Description

Type

Size

Default

act

tcam sact act.

integer

Minimum value: 0 Maximum value: 3

act-v

Enable to set sact act.

option

disable

Option	Description
enable	Enable act.
disable	Disable act.

bmproc

tcam sact bmproc.

integer

Minimum value: 0 Maximum value: 1

bmproc-v

Enable to set sact bmproc.

option

disable

Option	Description
enable	Enable bmproc.
disable	Disable bmproc.

df-lif

tcam sact df-lif.

integer

Minimum value: 0 Maximum value: 4095

df-lif-v

Enable to set sact df-lif.

option

disable

Option	Description
enable	Enable df_lif.
disable	Disable df_lif.

dfr

tcam sact dfr.

integer

Minimum value: 0 Maximum value: 1

dfr-v

Enable to set sact dfr.

option

disable

Option	Description
enable	Enable dfr.
disable	Disable dfr.

dmac-skip

tcam sact dmac-skip.

integer

Minimum value: 0 Maximum value: 1

dmac-skip-v

Enable to set sact dmac-skip.

option

disable

Option	Description
enable	Enable dmac_skip.
disable	Disable dmac_skip.

dosen

tcam sact dosen.

integer

Minimum value: 0 Maximum value: 1

dosen-v

Enable to set sact dosen.

option

disable

Option	Description
enable	Enable dosen.
disable	Disable dosen.

espff-proc

tcam sact espff-proc.

integer

Minimum value: 0 Maximum value: 1

espff-proc-v

Enable to set sact espff-proc.

option

disable

Option	Description
enable	Enable espff_proc.
disable	Disable espff_proc.

etype-pid

tcam sact etype-pid.

integer

Minimum value: 0 Maximum value: 15

etype-pid-v

Enable to set sact etype-pid.

option

disable

Option	Description
enable	Enable etype_pid.
disable	Disable etype_pid.

frag-proc

tcam sact frag-proc.

integer

Minimum value: 0 Maximum value: 1

frag-proc-v

Enable to set sact frag-proc.

option

disable

Option	Description
enable	Enable frag_proc.
disable	Disable frag_proc.

fwd

tcam sact fwd.

integer

Minimum value: 0 Maximum value: 1

fwd-lif

tcam sact fwd-lif.

integer

Minimum value: 0 Maximum value: 4095

fwd-lif-v

Enable to set sact fwd-lif.

option

disable

Option	Description
enable	Enable fwd_lif.
disable	Disable fwd_lif.

fwd-tvid

tcam sact fwd-tvid.

integer

Minimum value: 0 Maximum value: 4095

fwd-tvid-v

Enable to set sact fwd-vid.

option

disable

Option	Description
enable	Enable fwd_tvid.
disable	Disable fwd_tvid.

fwd-v

Enable to set sact fwd.

option

disable

Option	Description
enable	Enable fwd.
disable	Disable fwd.

icpen

tcam sact icpen.

integer

Minimum value: 0 Maximum value: 1

icpen-v

Enable to set sact icpen.

option

disable

Option	Description
enable	Enable icpen.
disable	Disable icpen.

igmp-mld-snp

tcam sact igmp-mld-snp.

integer

Minimum value: 0 Maximum value: 1

igmp-mld-snp-v

Enable to set sact igmp-mld-snp.

option

disable

Option	Description
enable	Enable igmp_mld_snp.
disable	Disable igmp_mld_snp.

learn

tcam sact learn.

integer

Minimum value: 0 Maximum value: 1

learn-v

Enable to set sact learn.

option

disable

Option	Description
enable	Enable learn.
disable	Disable learn.

m-srh-ctrl

tcam sact m-srh-ctrl.

integer

Minimum value: 0 Maximum value: 1

m-srh-ctrl-v

Enable to set sact m-srh-ctrl.

option

disable

Option	Description
enable	Enable m_srh_ctrl.
disable	Disable m_srh_ctrl.

mac-id

tcam sact mac-id.

integer

Minimum value: 0 Maximum value: 65535

mac-id-v

Enable to set sact mac-id.

option

disable

Option	Description
enable	Enable mac_id.
disable	Disable mac_id.

mss

tcam sact mss.

integer

Minimum value: 0 Maximum value: 16383

mss-v

Enable to set sact mss.

option

disable

Option	Description
enable	Enable mss.
disable	Disable mss.

pleen

tcam sact pleen.

integer

Minimum value: 0 Maximum value: 1

pleen-v

Enable to set sact pleen.

option

disable

Option	Description
enable	Enable pleen.
disable	Disable pleen.

prio-pid

tcam sact prio-pid.

integer

Minimum value: 0 Maximum value: 7

prio-pid-v

Enable to set sact prio-pid.

option

disable

Option	Description
enable	Enable prio_pid.
disable	Disable prio_pid.

promis

tcam sact promis.

integer

Minimum value: 0 Maximum value: 1

promis-v

Enable to set sact promis.

option

disable

Option	Description
enable	Enable promis.
disable	Disable promis.

rfsh

tcam sact rfsh.

integer

Minimum value: 0 Maximum value: 1

rfsh-v

Enable to set sact rfsh.

option

disable

Option	Description
enable	Enable rfsh.
disable	Disable rfsh.

smac-skip

tcam sact smac-skip.

integer

Minimum value: 0 Maximum value: 1

smac-skip-v

Enable to set sact smac-skip.

option

disable

Option	Description
enable	Enable smac_skip.
disable	Disable smac_skip.

tp-smchk-v

Enable to set sact tp mode.

option

disable

Option	Description
enable	Enable tp_smchk.
disable	Disable tp_smchk.

tp_smchk

tcam sact tp mode.

integer

Minimum value: 0 Maximum value: 1

tpe-id

tcam sact tpe-id.

integer

Minimum value: 0 Maximum value: 16383

tpe-id-v

Enable to set sact tpe-id.

option

disable

Option	Description
enable	Enable tpe_id.
disable	Disable tpe_id.

vdm

tcam sact vdm.

integer

Minimum value: 0 Maximum value: 1

vdm-v

Enable to set sact vdm.

option

disable

Option	Description
enable	Enable vdm.
disable	Disable vdm.

vdom-id

tcam sact vdom-id.

integer

Minimum value: 0 Maximum value: 16383

vdom-id-v

Enable to set sact vdom-id.

option

disable

Option	Description
enable	Enable vdom_id.
disable	Disable vdom_id.

x-mode

tcam sact x-mode.

integer

Minimum value: 0 Maximum value: 3

x-mode-v

Enable to set sact x-mode.

option

disable

Option	Description
enable	Enable x_mode.
disable	Disable x_mode.

config tact

Parameter

Description

Type

Size

Default

act

tcam tact act.

integer

Minimum value: 0 Maximum value: 3

act-v

Enable to set tact act.

option

disable

Option	Description
enable	Enable act.
disable	Disable act.

fmtuv4-s

tcam tact fmtuv4-s.

integer

Minimum value: 0 Maximum value: 1

fmtuv4-s-v

Enable to set tact fmtuv4-s.

option

disable

Option	Description
enable	Enable fmtuv4_s.
disable	Disable fmtuv4_s.

fmtuv6-s

tcam tact fmtuv6-s.

integer

Minimum value: 0 Maximum value: 1

fmtuv6-s-v

Enable to set tact fmtuv6-s.

option

disable

Option	Description
enable	Enable fmtuv6_s.
disable	Disable fmtuv6_s.

lnkid

tcam tact lnkid.

integer

Minimum value: 0 Maximum value: 15

lnkid-v

Enable to set tact lnkid.

option

disable

Option	Description
enable	Enable lnkid.
disable	Disable lnkid.

mac-id

tcam tact mac-id.

integer

Minimum value: 0 Maximum value: 65535

mac-id-v

Enable to set tact mac-id.

option

disable

Option	Description
enable	Enable mac_id.
disable	Disable mac_id.

mss-t

tcam tact mss.

integer

Minimum value: 0 Maximum value: 16383

mss-t-v

Enable to set tact mss.

option

disable

Option	Description
enable	Enable mss.
disable	Disable mss.

mtuv4

tcam tact mtuv4.

integer

Minimum value: 0 Maximum value: 16383

mtuv4-v

Enable to set tact mtuv4.

option

disable

Option	Description
enable	Enable mtuv4.
disable	Disable mtuv4.

mtuv6

tcam tact mtuv6.

integer

Minimum value: 0 Maximum value: 16383

mtuv6-v

Enable to set tact mtuv6.

option

disable

Option	Description
enable	Enable mtuv6.
disable	Disable mtuv6.

slif-act

tcam tact slif-act.

integer

Minimum value: 0 Maximum value: 3

slif-act-v

Enable to set tact slif-act.

option

disable

Option	Description
enable	Enable slif_act.
disable	Disable slif_act.

sublnkid

tcam tact sublnkid.

integer

Minimum value: 0 Maximum value: 511

sublnkid-v

Enable to set tact sublnkid.

option

disable

Option	Description
enable	Enable sublnkid.
disable	Disable sublnkid.

tgtv-act

tcam tact tgtv-act.

integer

Minimum value: 0 Maximum value: 1

tgtv-act-v

Enable to set tact tgtv-act.

option

disable

Option	Description
enable	Enable tgtv_act.
disable	Disable tgtv_act.

tlif-act

tcam tact tlif-act.

integer

Minimum value: 0 Maximum value: 3

tlif-act-v

Enable to set tact tlif-act.

option

disable

Option	Description
enable	Enable tlif_act.
disable	Disable tlif_act.

tpeid

tcam tact tpeid.

integer

Minimum value: 0 Maximum value: 16383

tpeid-v

Enable to set tact tpeid.

option

disable

Option	Description
enable	Enable tpeid.
disable	Disable tpeid.

v6fe

tcam tact v6fe.

integer

Minimum value: 0 Maximum value: 1

v6fe-v

Enable to set tact v6fe.

option

disable

Option	Description
enable	Enable v6fe.
disable	Disable v6fe.

vep-en-v

Enable to set tact vep-en.

option

disable

Option	Description
enable	Enable vep_en.
disable	Disable vep_en.

vep-slid

tcam tact vep_slid.

integer

Minimum value: 0 Maximum value: 3

vep-slid-v

Enable to set tact vep-slid.

option

disable

Option	Description
enable	Enable vep_slid.
disable	Disable vep_slid.

vep_en

tcam tact vep_en.

integer

Minimum value: 0 Maximum value: 1

xlt-lif

tcam tact xlt-lif.

integer

Minimum value: 0 Maximum value: 4095

xlt-lif-v

Enable to set tact xlt-lif.

option

disable

Option	Description
enable	Enable xlt_lif.
disable	Disable xlt_lif.

xlt-vid

tcam tact xlt-vid.

integer

Minimum value: 0 Maximum value: 4095

xlt-vid-v

Enable to set tact xlt-vid.

option

disable

Option	Description
enable	Enable xlt_vid.
disable	Disable xlt_vid.

config port-cpu-map

Parameter	Description	Type	Size	Default
cpu-core	The CPU core to map to an interface.	string	Maximum length: 31	all
interface	The interface to map to a CPU core.	string	Maximum length: 15

config port-npu-map

Parameter	Description	Type	Size	Default
interface	Set NPU interface port for NPU group mapping.	string	Maximum length: 15
npu-group-index	Mapping NPU group index.	integer	Minimum value: 0 Maximum value: 4294967295	0

config port-path-option

Parameter

Description

Type

Size

Default

ports-using-npu <interface-name>

Set ha/aux ports to handle traffic with NPU (otherwise traffic goes to Intel-NIC and then CPU).

Available interfaces for NPU path.

string

Maximum length: 15

config priority-protocol

Parameter

Description

Type

Size

Default

bfd

Enable/disable NPU BFD priority protocol.

option

enable

Option	Description
enable	Enable NPU BFD priority protocol.
disable	Disable NPU BFD priority protocol.

bgp

Enable/disable NPU BGP priority protocol.

option

enable

Option	Description
enable	Enable NPU BGP priority protocol.
disable	Disable NPU BGP priority protocol.

slbc

Enable/disable NPU SLBC priority protocol.

option

enable

Option	Description
enable	Enable NPU SLBC priority protocol.
disable	Disable NPU SLBC priority protocol.

config sse-ha-scan

Parameter	Description	Type	Size	Default
gap	Scanning message gap	integer	Minimum value: 0 Maximum value: 32767	200

config sw-eh-hash

Parameter

Description

Type

Size

Default

computation

Set hashing computation.

option

xor16

Option	Description
xor16	Use XOR operator to make 16 bits hash.
xor8	Use XOR operator to make 8 bits hash.
xor4	Use XOR operator to make 4 bits hash.
crc16	Use CRC-16-CCITT polynomial to make 16 bits hash.

destination-ip-lower-16

Include/exclude destination IP address lower 16 bits.

option

include

Option	Description
include	Include destination IP address lower 16 bits.
exclude	Exclude destination IP address lower 16 bits.

destination-ip-upper-16

Include/exclude destination IP address upper 16 bits.

option

include

Option	Description
include	Include destination IP address upper 16 bits.
exclude	Exclude destination IP address upper 16 bits.

destination-port

Include/exclude destination port if TCP/UDP.

option

include

Option	Description
include	Include destination port if TCP/UDP.
exclude	Exclude destination port if TCP/UDP.

ip-protocol

Include/exclude IP protocol.

option

include

Option	Description
include	Include IP protocol.
exclude	Exclude IP protocol.

netmask-length

Network mask length.

integer

Minimum value: 17 Maximum value: 32

source-ip-lower-16

Include/exclude source IP address lower 16 bits.

option

include

Option	Description
include	Include source IP address lower 16 bits.
exclude	Exclude source IP address lower 16 bits.

source-ip-upper-16

Include/exclude source IP address upper 16 bits.

option

include

Option	Description
include	Include source IP address upper 16 bits.
exclude	Exclude source IP address upper 16 bits.

source-port

Include/exclude source port if TCP/UDP.

option

include

Option	Description
include	Include source port if TCP/UDP.
exclude	Exclude source port if TCP/UDP.

config sw-tr-hash

Parameter

Description

Type

Size

Default

draco15

Enable/disable DRACO15 hashing.

option

enable

Option	Description
enable	Enable using DRACO15 hashing for unicast trunk traffic.
disable	Disable using DRACO15 hashing for unicast trunk traffic.

tcp-udp-port

Include/exclude TCP/UDP source and destination port for unicast trunk traffic.

option

exclude

Option	Description
include	Include TCP/UDP source and destination port for unicast trunk traffic.
exclude	Exclude TCP/UDP source and destination port for unicast trunk traffic.

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Unified SASE

Single Vendor SASE

Cloud Network Security

Secure Endpoint Connectivity

Web Application / API Protection

Security Operations

Security Operations Automation

Identity

Early Detection & Prevention

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Communication & Surveillance

Unified SASE

Single Vendor SASE

Secure Endpoint Connectivity

Cloud Network Security

Cloud-Native Security

Web Application / API Protection

Security Operations

Security Operations Automation

Endpoint

Data Protection

Identity

Email

Early Detection & Prevention

Expert Services

Edge Firewall

Orchestration & management

SD Branch

Application Delivery

Single Vendor SASE

Secure Endpoint Connectivity

Secure Private Access

Thin Edge

Identity

Application Gateway

Enterprise Asset Management

Endpoint Agent

Agentless Security Posture

Identity

Wireless

Switching

Identity

Privilege Acccess Management

Next Generation Firewall

Orchestration & management

Expert Services

All

All

Account Management

SAAS Management

SAAS Application Security

Managed Services

Platform as a service (PAAS)

Other SAAS Services

4D Pillars

Cloud

Popular Solutions

CLI Reference

config system npu

config system npu

config system npu

config background-sse-scan

config dos-options

config dsw-dts-profile

config dsw-queue-dts-profile

config fp-anomaly

config hpe

config icmp-error-rate-ctrl

config ip-reassembly

config isf-np-queues

config ethernet-type