FTD Platform Settings
Location in GUI: Devices
» Platform Settings
Diagram
Section titled “Diagram”Classes
Section titled “Classes”devices (fmc.domains)
Section titled “devices (fmc.domains)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
ftd_platform_settings | List | [ftd_platform_settings] | No |
ftd_platform_settings (fmc.domains.devices)
Section titled “ftd_platform_settings (fmc.domains.devices)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
name | String | Regex: ^[a-zA-Z0-9_.+ -]{1,64}$ | Yes | |
description | String | max: 255 | No |
|
banner | Class | [banner] | No | |
http_access | Class | [http_access] | No | |
icmp_access | Class | [icmp_access] | No | |
ssh_accesses | List | [ssh_accesses] | No | |
snmp | Class | [snmp] | No | |
syslog | Class | [syslog] | No | |
time_synchronization | Class | [time_synchronization] | No |
banner (fmc.domains.devices.ftd_platform_settings)
Section titled “banner (fmc.domains.devices.ftd_platform_settings)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
text | String | Yes |
http_access (fmc.domains.devices.ftd_platform_settings)
Section titled “http_access (fmc.domains.devices.ftd_platform_settings)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
server_enabled | Boolean | true , false | No | true |
server_port | Integer | min: 1 , max: 65535 | No | 443 |
configurations | List | [configurations] | No |
icmp_access (fmc.domains.devices.ftd_platform_settings)
Section titled “icmp_access (fmc.domains.devices.ftd_platform_settings)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
rate_limit | Integer | min: 1 , max: 100 | No | 1 |
burst_size | Integer | min: 1 , max: 10 | No | 1 |
configurations | List | [configurations] | No |
ssh_accesses (fmc.domains.devices.ftd_platform_settings)
Section titled “ssh_accesses (fmc.domains.devices.ftd_platform_settings)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
source_network_object | String | Yes | ||
interface_literals | List | String | No | |
interface_objects | List | String | No |
snmp (fmc.domains.devices.ftd_platform_settings)
Section titled “snmp (fmc.domains.devices.ftd_platform_settings)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
server_enabled | Boolean | true , false | Yes | true |
server_port | Integer | min: 1 , max: 65535 | No | 161 |
read_community | String | max: 32 | No | |
system_administrator | String | max: 127 | No | |
location | String | max: 127 | No | |
management_hosts | List | [management_hosts] | No | |
snmpv3_users | List | [snmpv3_users] | No | |
traps | Class | [traps] | No |
syslog (fmc.domains.devices.ftd_platform_settings)
Section titled “syslog (fmc.domains.devices.ftd_platform_settings)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
logging_setup | Class | [logging_setup] | No | |
logging_destinations | List | [logging_destinations] | No | |
email_setup | Class | [email_setup] | No | |
event_lists | List | [event_lists] | No | |
rate_limits | List | [rate_limits] | No | |
settings | Class | [settings] | No | |
servers | Class | [servers] | No |
time_synchronization (fmc.domains.devices.ftd_platform_settings)
Section titled “time_synchronization (fmc.domains.devices.ftd_platform_settings)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
mode | Choice | SYNC_VIA_MGMT_CENTER_NTP , SYNC_VIA_NTP_SERVER | Yes | |
ntp_servers | List | String | No |
configurations (fmc.domains.devices.ftd_platform_settings.http_access)
Section titled “configurations (fmc.domains.devices.ftd_platform_settings.http_access)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
source_network_object | String | Yes | ||
interface_literals | List | String | No | |
interface_objects | List | String | No |
configurations (fmc.domains.devices.ftd_platform_settings.icmp_access)
Section titled “configurations (fmc.domains.devices.ftd_platform_settings.icmp_access)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
action | Choice | Permit , Deny | Yes | |
icmp_service_object | String | Yes | ||
source_network_object | String | Yes | ||
interface_literals | List | String | No | |
interface_objects | List | String | No |
management_hosts (fmc.domains.devices.ftd_platform_settings.snmp)
Section titled “management_hosts (fmc.domains.devices.ftd_platform_settings.snmp)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
network_object | String | Yes | ||
snmp_version | Choice | SNMPv1 , SNMPv2c , SNMPv3 | Yes | |
username | String | No | ||
read_community | String | No | ||
poll | Boolean | true , false | No | true |
trap | Boolean | true , false | No | true |
trap_port | Integer | min: 1 , max: 65535 | No | 162 |
use_management_interface | Boolean | true , false | No | |
interface_literals | List | String | No | |
interface_objects | List | String | No |
snmpv3_users (fmc.domains.devices.ftd_platform_settings.snmp)
Section titled “snmpv3_users (fmc.domains.devices.ftd_platform_settings.snmp)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
security_level | Choice | Auth , NoAuth , Priv | Yes | |
username | String | max: 32 | Yes | |
password_type | Choice | Clear , Encrypted | No | |
authentication_algorithm | Choice | SHA , SHA224 , SHA256 , SHA384 | No | |
authentication_password | String | max: 256 | No | |
encryption_algorithm | Choice | AES128 , AES192 , AES256 | No | |
encryption_password | String | max: 256 | No |
traps (fmc.domains.devices.ftd_platform_settings.snmp)
Section titled “traps (fmc.domains.devices.ftd_platform_settings.snmp)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
syslog | Boolean | true , false | No | false |
authentication | Boolean | true , false | No | true |
link_up | Boolean | true , false | No | true |
link_down | Boolean | true , false | No | true |
cold_start | Boolean | true , false | No | true |
warm_start | Boolean | true , false | No | true |
field_replacement_unit_insert | Boolean | true , false | No | false |
field_replacement_unit_delete | Boolean | true , false | No | false |
configuration_change | Boolean | true , false | No | false |
connection_limit_reached | Boolean | true , false | No | false |
nat_packet_discard | Boolean | true , false | No | false |
cpu_rising | Boolean | true , false | No | false |
cpu_rising_threshold | Integer | min: 10 , max: 94 | No | 70 |
cpu_rising_interval | Integer | min: 1 , max: 60 | No | 1 |
memory_rising | Boolean | true , false | No | false |
memory_rising_threshold | Integer | min: 50 , max: 695 | No | 70 |
failover_state | Boolean | true , false | No | false |
cluster_state | Boolean | true , false | No | false |
peer_flap | Boolean | true , false | No | false |
logging_setup (fmc.domains.devices.ftd_platform_settings.syslog)
Section titled “logging_setup (fmc.domains.devices.ftd_platform_settings.syslog)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
logging_enabled | Boolean | true , false | No | false |
logging_on_failover_standby_unit_enabled | Boolean | true , false | No | false |
emblem_format | Boolean | true , false | No | false |
send_debug_messages_as_syslog | Boolean | true , false | No | false |
internal_buffer_memory_size | Integer | min: 4096 , max: 52428800 | No | 4096 |
fmc_logging_mode | Choice | OFF , ALL , VPN | Yes | VPN |
fmc_logging_level | Choice | EMERG , ALERT , CRIT , ERR , WARNING , NOTICE , INFO , DEBUG | No | ERR |
ftp_server_host | String | No | ||
ftp_server_username | String | No | ||
ftp_server_path | String | No | ||
ftp_server_password | String | No | ||
flash_enabled | Boolean | true , false | No | false |
flash_maximum_space | Integer | min: 4 , max: 8044176 | No | 3076 |
flash_minimum_free_space | Integer | min: 0 , max: 8044176 | No | 1024 |
logging_destinations (fmc.domains.devices.ftd_platform_settings.syslog)
Section titled “logging_destinations (fmc.domains.devices.ftd_platform_settings.syslog)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
destination | Choice | INTERNAL_BUFFER , CONSOLE , SYSLOG_SERVERS , SNMP_TRAP , EMAIL , SSH_SESSION | Yes | |
global_event_class_filter_criteria | Choice | SEVERITY , EVENT_LIST , DISABLE | Yes | |
global_event_class_filter_value | String | No | ||
event_class_filters | List | [event_class_filters] | No |
email_setup (fmc.domains.devices.ftd_platform_settings.syslog)
Section titled “email_setup (fmc.domains.devices.ftd_platform_settings.syslog)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
source_email_address | String | Yes | ||
destinations | List | [destinations] | No |
event_lists (fmc.domains.devices.ftd_platform_settings.syslog)
Section titled “event_lists (fmc.domains.devices.ftd_platform_settings.syslog)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
name | String | Regex: ^[a-zA-Z0-9_ -]{1,64}$ | Yes | |
event_classes | List | [event_classes] | No | |
message_ids | List | String | No |
rate_limits (fmc.domains.devices.ftd_platform_settings.syslog)
Section titled “rate_limits (fmc.domains.devices.ftd_platform_settings.syslog)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
type | Choice | LOG_LEVEL , SYSLOG_ID | Yes | |
value | String | Yes | ||
number_of_messages | Integer | min: 1 , max: 2147483647 | Yes | |
interval | Integer | min: 1 , max: 2147483647 | No |
settings (fmc.domains.devices.ftd_platform_settings.syslog)
Section titled “settings (fmc.domains.devices.ftd_platform_settings.syslog)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
facility | Choice | LOCAL0 , LOCAL1 , LOCAL2 , LOCAL3 , LOCAL4 , LOCAL5 , LOCAL6 , LOCAL7 | Yes | LOCAL4 |
timestamp_format | Choice | RFC_5424 , LEGACY | Yes | |
device_id_source | Choice | INTERFACE , USERDEFINEDID , HOSTNAME | No | |
device_id_user_defined | String | No | ||
device_id_interface | String | No | ||
all_syslog_messages_enabled | Boolean | true , false | No | false |
all_syslog_messages_logging_level | Choice | EMERG , ALERT , CRIT , ERR , WARNING , NOTICE , INFO , DEBUG | No | |
syslog_ids | List | [syslog_ids] | No |
servers (fmc.domains.devices.ftd_platform_settings.syslog)
Section titled “servers (fmc.domains.devices.ftd_platform_settings.syslog)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
allow_user_traffic_when_tcp_syslog_server_is_down | Boolean | true , false | No | true |
message_queue_size | Integer | min: 0 , max: 8192 | No | 512 |
servers | List | [servers] | No |
event_class_filters (fmc.domains.devices.ftd_platform_settings.syslog.logging_destinations)
Section titled “event_class_filters (fmc.domains.devices.ftd_platform_settings.syslog.logging_destinations)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
class | Choice | AUTH , BRIDGE , CA , CONFIG , CSD , DAP , EAPOUDP , EIGRP , HA , IDS , IP , IPAA , IPS , NP , OSPF , RM , RULE_ENGINE , SESSION , SNMP , SSL , SVC , SYS , TAG_SWITCHING , VM , VPDN , VPN , VPNC , VPNFO , VPNLB , WEBFO , WEBVPN | Yes | |
severity | Choice | EMERG , ALERT , CRIT , ERR , WARNING , NOTICE , INFO , DEBUG | Yes |
destinations (fmc.domains.devices.ftd_platform_settings.syslog.email_setup)
Section titled “destinations (fmc.domains.devices.ftd_platform_settings.syslog.email_setup)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
email_addresses | List | String | Yes | |
logging_level | Choice | EMERG , ALERT , CRIT , ERR , WARNING , NOTICE , INFO , DEBUG | Yes |
event_classes (fmc.domains.devices.ftd_platform_settings.syslog.event_lists)
Section titled “event_classes (fmc.domains.devices.ftd_platform_settings.syslog.event_lists)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
class | Choice | ACCESS_LIST , APPLICATION_FIREWALL , AUTH , BOTNET_TRAFFIC_FILTERING , BRIDGE , CA , CARD_MANAGEMENT , CLUSTERING , CONFIG , CSD , CTS , DAP , EAPOUDP , EIGRP , EMAIL , ENVIRONMENT_MONITORING , HA , IDENTITY_BASED_FIREWALL , IDS , IKEV2_TOOLKIT , IP , IPAA , IPS , IPV6 , LICENSING , MDM_PROXY , NACPOLICY , NACSETTINGS , NAT_AND_PAT , NETWORK_ACCESS_POINT , NP , NP_SSL , OSPF , PASSWORD_ENCRYPTION , PHONE_PROXY , RIP , RM , RULE_ENGINE , SCANSAFE , SESSION , SMART_CALL_HOME , SNMP , SSL , SVC , SYS , TAG_SWITCHING , THREAT_DETECTION , TRANSACTIONAL_RULE_ENGINE_TRE , UC_IMS , VM , VPDN , VPN , VPNC , VPNFO , VPNLB , VXLAN , WEBFO , WEBVPN | Yes | |
severity | Choice | EMERG , ALERT , CRIT , ERR , WARNING , NOTICE , INFO , DEBUG | Yes |
syslog_ids (fmc.domains.devices.ftd_platform_settings.syslog.settings)
Section titled “syslog_ids (fmc.domains.devices.ftd_platform_settings.syslog.settings)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
syslog_id | String | Yes | ||
logging_level | Choice | EMERG , ALERT , CRIT , ERR , WARNING , NOTICE , INFO , DEBUG , DEFAULT | No | |
enabled | Boolean | true , false | No | true |
servers (fmc.domains.devices.ftd_platform_settings.syslog.servers)
Section titled “servers (fmc.domains.devices.ftd_platform_settings.syslog.servers)”Name | Type | Constraint | Mandatory | Default Value |
---|---|---|---|---|
network_object | String | Yes | ||
protocol | Choice | UDP , TCP | No | TCP |
port | Integer | min: 1 , max: 65535 | No | 1470 |
emblem_format | Boolean | true , false | No | false |
secure_syslog | Boolean | true , false | No | false |
use_management_interface | Boolean | true , false | No | |
interface_literals | List | String | No | |
interface_objects | List | String | No |
Examples
Section titled “Examples”Prerequisites:
fmc: domains: - name: Global objects: icmpv4s: - name: MyICMPv4Name1 icmp_type: 8 - name: MyICMPv4Name2 icmp_type: 3 code: 2 hosts: - name: MyHostName1 ip: 10.10.10.10 - name: MyHostName2 ip: 20.20.20.20 networks: - name: MyNetworkName1 prefix: 10.10.10.0/24 security_zones: - name: MySecurityZoneName1 - name: MySecurityZoneName2
FTD Platform Settings
fmc: domains: - name: Global devices: ftd_platform_settings: - name: MyPlatformSettingsName1 description: "This is my platform settings description" banner: text: | This is line 1 of the banner This is line 2 of the banner http_access: server_enabled: true server_port: 443 configurations: - source_network_object: MyNetworkName1 interface_literals: ["MyInt_1", "MyInt_2"] interface_objects: ["MySecurityZoneName1", "MySecurityZoneName2"] - source_network_object: MyHostName1 interface_literals: ["MyInt_1", "MyInt_2"] interface_objects: ["MySecurityZoneName1", "MySecurityZoneName2"] icmp_access: rate_limit: 1 burst_size: 1 configurations: - action: Permit icmp_service_object: MyICMPv4Name1 source_network_object: MyNetworkName1 interface_literals: ["MyInt_1", "MyInt_2"] interface_objects: ["MySecurityZoneName1", "MySecurityZoneName2"] - action: Deny icmp_service_object: MyICMPv4Name2 source_network_object: MyHostName1 interface_literals: ["MyInt_1", "MyInt_2"] interface_objects: ["MySecurityZoneName1", "MySecurityZoneName2"] ssh_accesses: - source_network_object: MyNetworkName1 interface_literals: ["MyInt_1", "MyInt_2"] interface_objects: ["MySecurityZoneName1", "MySecurityZoneName2"] - source_network_object: MyHostName1 interface_literals: ["MyInt_1", "MyInt_2"] interface_objects: ["MySecurityZoneName1", "MySecurityZoneName2"] snmp: server_enabled: true server_port: 1456 read_community: public system_administrator: admin location: "Data Center 1" management_hosts: - network_object: MyHostName1 snmp_version: "SNMPv2c" read_community: public poll: true interface_literals: ["MyInt_1", "MyInt_2"] interface_objects: ["MySecurityZoneName1", "MySecurityZoneName2"] - network_object: MyHostName2 snmp_version: "SNMPv3" username: snmpv3user2 poll: true interface_literals: ["MyInt_1", "MyInt_2"] interface_objects: ["MySecurityZoneName1", "MySecurityZoneName2"] snmpv3_users: - security_level: "NoAuth" username: snmpv3user1 - security_level: "Priv" username: snmpv3user2 password_type: "Clear" authentication_algorithm: "SHA256" authentication_password: "authPass123" encryption_algorithm: "AES256" encryption_password: "encrPass123" traps: syslog: true syslog: logging_setup: logging_enabled: true logging_on_failover_standby_unit_enabled: true fmc_logging_mode: "ALL" fmc_logging_level: "CRIT" flash_enabled: true logging_destinations: - destination: "INTERNAL_BUFFER" global_event_class_filter_criteria: "DISABLE" event_class_filters: - class: "BRIDGE" severity: "WARNING" - class: "VPN" severity: "ERR" - destination: "SYSLOG_SERVERS" global_event_class_filter_criteria: "SEVERITY" global_event_class_filter_value: "WARNING" event_class_filters: - class: "BRIDGE" severity: "WARNING" - class: "VPN" severity: "ERR" email_setup: source_email_address: my_email@example.com destinations: - email_addresses: - dest1@example.com - dest2@example.com logging_level: "INFO" - email_addresses: - dest3@example.com logging_level: "ERR" event_lists: - name: MyEventListName1 event_classes: - class: "VPN" severity: "ERR" - class: "OSPF" severity: "WARNING" message_ids: - "302015" - "302016" - "302017" - "302018" - name: MyEventListName2 event_classes: - class: "BOTNET_TRAFFIC_FILTERING" severity: "INFO" - class: "SCANSAFE" severity: "WARNING" rate_limits: - type: "LOG_LEVEL" value: "ERR" number_of_messages: 100 interval: 5 - type: "LOG_LEVEL" value: "WARNING" number_of_messages: 200 interval: 10 - type: "SYSLOG_ID" value: "302015" number_of_messages: 50 - type: "SYSLOG_ID" value: "302016" number_of_messages: 75 settings: facility: "LOCAL4" timestamp_format: "RFC_5424" device_id_source: "INTERFACE" device_id_interface: "MySecurityZoneName1" all_syslog_messages_enabled: false syslog_ids: - syslog_id: "302015" - syslog_id: "302016" - syslog_id: "302017" enabled: false logging_level: "ERR" servers: allow_user_traffic_when_tcp_syslog_server_is_down: true message_queue_size: 8192 servers: - network_object: MyHostName1 protocol: "TCP" port: 1514 emblem_format: true secure_syslog: true use_management_interface: false interface_literals: ["MyInt_1", "MyInt_2"] interface_objects: ["MySecurityZoneName1", "MySecurityZoneName2"] - network_object: MyHostName2 protocol: "UDP" port: 1514 emblem_format: true secure_syslog: true use_management_interface: false interface_literals: ["MyInt_1", "MyInt_2"] interface_objects: ["MySecurityZoneName1", "MySecurityZoneName2"] time_synchronization: mode: SYNC_VIA_NTP_SERVER ntp_servers: - 0.pool.ntp.org - 1.pool.ntp.org