Skip to content

FTD Platform Settings

Location in GUI: Devices » Platform Settings

Diagram
NameTypeConstraintMandatoryDefault Value
ftd_platform_settingsList[ftd_platform_settings]No

ftd_platform_settings (fmc.domains.devices)

Section titled “ftd_platform_settings (fmc.domains.devices)”
NameTypeConstraintMandatoryDefault Value
nameStringRegex: ^[a-zA-Z0-9_.+ -]{1,64}$Yes
descriptionStringmax: 255No
bannerClass[banner]No
http_accessClass[http_access]No
icmp_accessClass[icmp_access]No
ssh_accessesList[ssh_accesses]No
snmpClass[snmp]No
syslogClass[syslog]No
time_synchronizationClass[time_synchronization]No

Section titled “banner (fmc.domains.devices.ftd_platform_settings)”
NameTypeConstraintMandatoryDefault Value
textStringYes

http_access (fmc.domains.devices.ftd_platform_settings)

Section titled “http_access (fmc.domains.devices.ftd_platform_settings)”
NameTypeConstraintMandatoryDefault Value
server_enabledBooleantrue, falseNotrue
server_portIntegermin: 1, max: 65535No443
configurationsList[configurations]No

icmp_access (fmc.domains.devices.ftd_platform_settings)

Section titled “icmp_access (fmc.domains.devices.ftd_platform_settings)”
NameTypeConstraintMandatoryDefault Value
rate_limitIntegermin: 1, max: 100No1
burst_sizeIntegermin: 1, max: 10No1
configurationsList[configurations]No

ssh_accesses (fmc.domains.devices.ftd_platform_settings)

Section titled “ssh_accesses (fmc.domains.devices.ftd_platform_settings)”
NameTypeConstraintMandatoryDefault Value
source_network_objectStringYes
interface_literalsListStringNo
interface_objectsListStringNo

snmp (fmc.domains.devices.ftd_platform_settings)

Section titled “snmp (fmc.domains.devices.ftd_platform_settings)”
NameTypeConstraintMandatoryDefault Value
server_enabledBooleantrue, falseYestrue
server_portIntegermin: 1, max: 65535No161
read_communityStringmax: 32No
system_administratorStringmax: 127No
locationStringmax: 127No
management_hostsList[management_hosts]No
snmpv3_usersList[snmpv3_users]No
trapsClass[traps]No

syslog (fmc.domains.devices.ftd_platform_settings)

Section titled “syslog (fmc.domains.devices.ftd_platform_settings)”
NameTypeConstraintMandatoryDefault Value
logging_setupClass[logging_setup]No
logging_destinationsList[logging_destinations]No
email_setupClass[email_setup]No
event_listsList[event_lists]No
rate_limitsList[rate_limits]No
settingsClass[settings]No
serversClass[servers]No

time_synchronization (fmc.domains.devices.ftd_platform_settings)

Section titled “time_synchronization (fmc.domains.devices.ftd_platform_settings)”
NameTypeConstraintMandatoryDefault Value
modeChoiceSYNC_VIA_MGMT_CENTER_NTP, SYNC_VIA_NTP_SERVERYes
ntp_serversListStringNo

configurations (fmc.domains.devices.ftd_platform_settings.http_access)

Section titled “configurations (fmc.domains.devices.ftd_platform_settings.http_access)”
NameTypeConstraintMandatoryDefault Value
source_network_objectStringYes
interface_literalsListStringNo
interface_objectsListStringNo

configurations (fmc.domains.devices.ftd_platform_settings.icmp_access)

Section titled “configurations (fmc.domains.devices.ftd_platform_settings.icmp_access)”
NameTypeConstraintMandatoryDefault Value
actionChoicePermit, DenyYes
icmp_service_objectStringYes
source_network_objectStringYes
interface_literalsListStringNo
interface_objectsListStringNo

management_hosts (fmc.domains.devices.ftd_platform_settings.snmp)

Section titled “management_hosts (fmc.domains.devices.ftd_platform_settings.snmp)”
NameTypeConstraintMandatoryDefault Value
network_objectStringYes
snmp_versionChoiceSNMPv1, SNMPv2c, SNMPv3Yes
usernameStringNo
read_communityStringNo
pollBooleantrue, falseNotrue
trapBooleantrue, falseNotrue
trap_portIntegermin: 1, max: 65535No162
use_management_interfaceBooleantrue, falseNo
interface_literalsListStringNo
interface_objectsListStringNo

snmpv3_users (fmc.domains.devices.ftd_platform_settings.snmp)

Section titled “snmpv3_users (fmc.domains.devices.ftd_platform_settings.snmp)”
NameTypeConstraintMandatoryDefault Value
security_levelChoiceAuth, NoAuth, PrivYes
usernameStringmax: 32Yes
password_typeChoiceClear, EncryptedNo
authentication_algorithmChoiceSHA, SHA224, SHA256, SHA384No
authentication_passwordStringmax: 256No
encryption_algorithmChoiceAES128, AES192, AES256No
encryption_passwordStringmax: 256No

traps (fmc.domains.devices.ftd_platform_settings.snmp)

Section titled “traps (fmc.domains.devices.ftd_platform_settings.snmp)”
NameTypeConstraintMandatoryDefault Value
syslogBooleantrue, falseNofalse
authenticationBooleantrue, falseNotrue
link_upBooleantrue, falseNotrue
link_downBooleantrue, falseNotrue
cold_startBooleantrue, falseNotrue
warm_startBooleantrue, falseNotrue
field_replacement_unit_insertBooleantrue, falseNofalse
field_replacement_unit_deleteBooleantrue, falseNofalse
configuration_changeBooleantrue, falseNofalse
connection_limit_reachedBooleantrue, falseNofalse
nat_packet_discardBooleantrue, falseNofalse
cpu_risingBooleantrue, falseNofalse
cpu_rising_thresholdIntegermin: 10, max: 94No70
cpu_rising_intervalIntegermin: 1, max: 60No1
memory_risingBooleantrue, falseNofalse
memory_rising_thresholdIntegermin: 50, max: 695No70
failover_stateBooleantrue, falseNofalse
cluster_stateBooleantrue, falseNofalse
peer_flapBooleantrue, falseNofalse

logging_setup (fmc.domains.devices.ftd_platform_settings.syslog)

Section titled “logging_setup (fmc.domains.devices.ftd_platform_settings.syslog)”
NameTypeConstraintMandatoryDefault Value
logging_enabledBooleantrue, falseNofalse
logging_on_failover_standby_unit_enabledBooleantrue, falseNofalse
emblem_formatBooleantrue, falseNofalse
send_debug_messages_as_syslogBooleantrue, falseNofalse
internal_buffer_memory_sizeIntegermin: 4096, max: 52428800No4096
fmc_logging_modeChoiceOFF, ALL, VPNYesVPN
fmc_logging_levelChoiceEMERG, ALERT, CRIT, ERR, WARNING, NOTICE, INFO, DEBUGNoERR
ftp_server_hostStringNo
ftp_server_usernameStringNo
ftp_server_pathStringNo
ftp_server_passwordStringNo
flash_enabledBooleantrue, falseNofalse
flash_maximum_spaceIntegermin: 4, max: 8044176No3076
flash_minimum_free_spaceIntegermin: 0, max: 8044176No1024

logging_destinations (fmc.domains.devices.ftd_platform_settings.syslog)

Section titled “logging_destinations (fmc.domains.devices.ftd_platform_settings.syslog)”
NameTypeConstraintMandatoryDefault Value
destinationChoiceINTERNAL_BUFFER, CONSOLE, SYSLOG_SERVERS, SNMP_TRAP, EMAIL, SSH_SESSIONYes
global_event_class_filter_criteriaChoiceSEVERITY, EVENT_LIST, DISABLEYes
global_event_class_filter_valueStringNo
event_class_filtersList[event_class_filters]No

email_setup (fmc.domains.devices.ftd_platform_settings.syslog)

Section titled “email_setup (fmc.domains.devices.ftd_platform_settings.syslog)”
NameTypeConstraintMandatoryDefault Value
source_email_addressStringYes
destinationsList[destinations]No

event_lists (fmc.domains.devices.ftd_platform_settings.syslog)

Section titled “event_lists (fmc.domains.devices.ftd_platform_settings.syslog)”
NameTypeConstraintMandatoryDefault Value
nameStringRegex: ^[a-zA-Z0-9_ -]{1,64}$Yes
event_classesList[event_classes]No
message_idsListStringNo

rate_limits (fmc.domains.devices.ftd_platform_settings.syslog)

Section titled “rate_limits (fmc.domains.devices.ftd_platform_settings.syslog)”
NameTypeConstraintMandatoryDefault Value
typeChoiceLOG_LEVEL, SYSLOG_IDYes
valueStringYes
number_of_messagesIntegermin: 1, max: 2147483647Yes
intervalIntegermin: 1, max: 2147483647No

settings (fmc.domains.devices.ftd_platform_settings.syslog)

Section titled “settings (fmc.domains.devices.ftd_platform_settings.syslog)”
NameTypeConstraintMandatoryDefault Value
facilityChoiceLOCAL0, LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7YesLOCAL4
timestamp_formatChoiceRFC_5424, LEGACYYes
device_id_sourceChoiceINTERFACE, USERDEFINEDID, HOSTNAMENo
device_id_user_definedStringNo
device_id_interfaceStringNo
all_syslog_messages_enabledBooleantrue, falseNofalse
all_syslog_messages_logging_levelChoiceEMERG, ALERT, CRIT, ERR, WARNING, NOTICE, INFO, DEBUGNo
syslog_idsList[syslog_ids]No

servers (fmc.domains.devices.ftd_platform_settings.syslog)

Section titled “servers (fmc.domains.devices.ftd_platform_settings.syslog)”
NameTypeConstraintMandatoryDefault Value
allow_user_traffic_when_tcp_syslog_server_is_downBooleantrue, falseNotrue
message_queue_sizeIntegermin: 0, max: 8192No512
serversList[servers]No

event_class_filters (fmc.domains.devices.ftd_platform_settings.syslog.logging_destinations)

Section titled “event_class_filters (fmc.domains.devices.ftd_platform_settings.syslog.logging_destinations)”
NameTypeConstraintMandatoryDefault Value
classChoiceAUTH, BRIDGE, CA, CONFIG, CSD, DAP, EAPOUDP, EIGRP, HA, IDS, IP, IPAA, IPS, NP, OSPF, RM, RULE_ENGINE, SESSION, SNMP, SSL, SVC, SYS, TAG_SWITCHING, VM, VPDN, VPN, VPNC, VPNFO, VPNLB, WEBFO, WEBVPNYes
severityChoiceEMERG, ALERT, CRIT, ERR, WARNING, NOTICE, INFO, DEBUGYes

destinations (fmc.domains.devices.ftd_platform_settings.syslog.email_setup)

Section titled “destinations (fmc.domains.devices.ftd_platform_settings.syslog.email_setup)”
NameTypeConstraintMandatoryDefault Value
email_addressesListStringYes
logging_levelChoiceEMERG, ALERT, CRIT, ERR, WARNING, NOTICE, INFO, DEBUGYes

event_classes (fmc.domains.devices.ftd_platform_settings.syslog.event_lists)

Section titled “event_classes (fmc.domains.devices.ftd_platform_settings.syslog.event_lists)”
NameTypeConstraintMandatoryDefault Value
classChoiceACCESS_LIST, APPLICATION_FIREWALL, AUTH, BOTNET_TRAFFIC_FILTERING, BRIDGE, CA, CARD_MANAGEMENT, CLUSTERING, CONFIG, CSD, CTS, DAP, EAPOUDP, EIGRP, EMAIL, ENVIRONMENT_MONITORING, HA, IDENTITY_BASED_FIREWALL, IDS, IKEV2_TOOLKIT, IP, IPAA, IPS, IPV6, LICENSING, MDM_PROXY, NACPOLICY, NACSETTINGS, NAT_AND_PAT, NETWORK_ACCESS_POINT, NP, NP_SSL, OSPF, PASSWORD_ENCRYPTION, PHONE_PROXY, RIP, RM, RULE_ENGINE, SCANSAFE, SESSION, SMART_CALL_HOME, SNMP, SSL, SVC, SYS, TAG_SWITCHING, THREAT_DETECTION, TRANSACTIONAL_RULE_ENGINE_TRE, UC_IMS, VM, VPDN, VPN, VPNC, VPNFO, VPNLB, VXLAN, WEBFO, WEBVPNYes
severityChoiceEMERG, ALERT, CRIT, ERR, WARNING, NOTICE, INFO, DEBUGYes

syslog_ids (fmc.domains.devices.ftd_platform_settings.syslog.settings)

Section titled “syslog_ids (fmc.domains.devices.ftd_platform_settings.syslog.settings)”
NameTypeConstraintMandatoryDefault Value
syslog_idStringYes
logging_levelChoiceEMERG, ALERT, CRIT, ERR, WARNING, NOTICE, INFO, DEBUG, DEFAULTNo
enabledBooleantrue, falseNotrue

servers (fmc.domains.devices.ftd_platform_settings.syslog.servers)

Section titled “servers (fmc.domains.devices.ftd_platform_settings.syslog.servers)”
NameTypeConstraintMandatoryDefault Value
network_objectStringYes
protocolChoiceUDP, TCPNoTCP
portIntegermin: 1, max: 65535No1470
emblem_formatBooleantrue, falseNofalse
secure_syslogBooleantrue, falseNofalse
use_management_interfaceBooleantrue, falseNo
interface_literalsListStringNo
interface_objectsListStringNo

Prerequisites:

fmc:
domains:
- name: Global
objects:
icmpv4s:
- name: MyICMPv4Name1
icmp_type: 8
- name: MyICMPv4Name2
icmp_type: 3
code: 2
hosts:
- name: MyHostName1
ip: 10.10.10.10
- name: MyHostName2
ip: 20.20.20.20
networks:
- name: MyNetworkName1
prefix: 10.10.10.0/24
security_zones:
- name: MySecurityZoneName1
- name: MySecurityZoneName2

FTD Platform Settings

fmc:
domains:
- name: Global
devices:
ftd_platform_settings:
- name: MyPlatformSettingsName1
description: "This is my platform settings description"
banner:
text: |
This is line 1 of the banner
This is line 2 of the banner
http_access:
server_enabled: true
server_port: 443
configurations:
- source_network_object: MyNetworkName1
interface_literals: ["MyInt_1", "MyInt_2"]
interface_objects: ["MySecurityZoneName1", "MySecurityZoneName2"]
- source_network_object: MyHostName1
interface_literals: ["MyInt_1", "MyInt_2"]
interface_objects: ["MySecurityZoneName1", "MySecurityZoneName2"]
icmp_access:
rate_limit: 1
burst_size: 1
configurations:
- action: Permit
icmp_service_object: MyICMPv4Name1
source_network_object: MyNetworkName1
interface_literals: ["MyInt_1", "MyInt_2"]
interface_objects: ["MySecurityZoneName1", "MySecurityZoneName2"]
- action: Deny
icmp_service_object: MyICMPv4Name2
source_network_object: MyHostName1
interface_literals: ["MyInt_1", "MyInt_2"]
interface_objects: ["MySecurityZoneName1", "MySecurityZoneName2"]
ssh_accesses:
- source_network_object: MyNetworkName1
interface_literals: ["MyInt_1", "MyInt_2"]
interface_objects: ["MySecurityZoneName1", "MySecurityZoneName2"]
- source_network_object: MyHostName1
interface_literals: ["MyInt_1", "MyInt_2"]
interface_objects: ["MySecurityZoneName1", "MySecurityZoneName2"]
snmp:
server_enabled: true
server_port: 1456
read_community: public
system_administrator: admin
location: "Data Center 1"
management_hosts:
- network_object: MyHostName1
snmp_version: "SNMPv2c"
read_community: public
poll: true
interface_literals: ["MyInt_1", "MyInt_2"]
interface_objects: ["MySecurityZoneName1", "MySecurityZoneName2"]
- network_object: MyHostName2
snmp_version: "SNMPv3"
username: snmpv3user2
poll: true
interface_literals: ["MyInt_1", "MyInt_2"]
interface_objects: ["MySecurityZoneName1", "MySecurityZoneName2"]
snmpv3_users:
- security_level: "NoAuth"
username: snmpv3user1
- security_level: "Priv"
username: snmpv3user2
password_type: "Clear"
authentication_algorithm: "SHA256"
authentication_password: "authPass123"
encryption_algorithm: "AES256"
encryption_password: "encrPass123"
traps:
syslog: true
syslog:
logging_setup:
logging_enabled: true
logging_on_failover_standby_unit_enabled: true
fmc_logging_mode: "ALL"
fmc_logging_level: "CRIT"
flash_enabled: true
logging_destinations:
- destination: "INTERNAL_BUFFER"
global_event_class_filter_criteria: "DISABLE"
event_class_filters:
- class: "BRIDGE"
severity: "WARNING"
- class: "VPN"
severity: "ERR"
- destination: "SYSLOG_SERVERS"
global_event_class_filter_criteria: "SEVERITY"
global_event_class_filter_value: "WARNING"
event_class_filters:
- class: "BRIDGE"
severity: "WARNING"
- class: "VPN"
severity: "ERR"
email_setup:
source_email_address: my_email@example.com
destinations:
- email_addresses:
- dest1@example.com
- dest2@example.com
logging_level: "INFO"
- email_addresses:
- dest3@example.com
logging_level: "ERR"
event_lists:
- name: MyEventListName1
event_classes:
- class: "VPN"
severity: "ERR"
- class: "OSPF"
severity: "WARNING"
message_ids:
- "302015"
- "302016"
- "302017"
- "302018"
- name: MyEventListName2
event_classes:
- class: "BOTNET_TRAFFIC_FILTERING"
severity: "INFO"
- class: "SCANSAFE"
severity: "WARNING"
rate_limits:
- type: "LOG_LEVEL"
value: "ERR"
number_of_messages: 100
interval: 5
- type: "LOG_LEVEL"
value: "WARNING"
number_of_messages: 200
interval: 10
- type: "SYSLOG_ID"
value: "302015"
number_of_messages: 50
- type: "SYSLOG_ID"
value: "302016"
number_of_messages: 75
settings:
facility: "LOCAL4"
timestamp_format: "RFC_5424"
device_id_source: "INTERFACE"
device_id_interface: "MySecurityZoneName1"
all_syslog_messages_enabled: false
syslog_ids:
- syslog_id: "302015"
- syslog_id: "302016"
- syslog_id: "302017"
enabled: false
logging_level: "ERR"
servers:
allow_user_traffic_when_tcp_syslog_server_is_down: true
message_queue_size: 8192
servers:
- network_object: MyHostName1
protocol: "TCP"
port: 1514
emblem_format: true
secure_syslog: true
use_management_interface: false
interface_literals: ["MyInt_1", "MyInt_2"]
interface_objects: ["MySecurityZoneName1", "MySecurityZoneName2"]
- network_object: MyHostName2
protocol: "UDP"
port: 1514
emblem_format: true
secure_syslog: true
use_management_interface: false
interface_literals: ["MyInt_1", "MyInt_2"]
interface_objects: ["MySecurityZoneName1", "MySecurityZoneName2"]
time_synchronization:
mode: SYNC_VIA_NTP_SERVER
ntp_servers:
- 0.pool.ntp.org
- 1.pool.ntp.org