FTD Platform Settings
Location in GUI: Devices » Platform Settings
Diagram
Section titled “Diagram”Classes
Section titled “Classes”devices (fmc.domains)
Section titled “devices (fmc.domains)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| ftd_platform_settings | List | [ftd_platform_settings] | No |
ftd_platform_settings (fmc.domains.devices)
Section titled “ftd_platform_settings (fmc.domains.devices)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[a-zA-Z0-9_.+ -]{1,64}$ | Yes | |
| description | String | max: 255 | No | |
| banner | Class | [banner] | No | |
| http_access | Class | [http_access] | No | |
| icmp_access | Class | [icmp_access] | No | |
| ssh_accesses | List | [ssh_accesses] | No | |
| snmp | Class | [snmp] | No | |
| syslog | Class | [syslog] | No | |
| time_synchronization | Class | [time_synchronization] | No |
banner (fmc.domains.devices.ftd_platform_settings)
Section titled “banner (fmc.domains.devices.ftd_platform_settings)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| text | String | Yes |
http_access (fmc.domains.devices.ftd_platform_settings)
Section titled “http_access (fmc.domains.devices.ftd_platform_settings)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| server_enabled | Boolean | true, false | No | true |
| server_port | Integer | min: 1, max: 65535 | No | 443 |
| configurations | List | [configurations] | No |
icmp_access (fmc.domains.devices.ftd_platform_settings)
Section titled “icmp_access (fmc.domains.devices.ftd_platform_settings)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| rate_limit | Integer | min: 1, max: 100 | No | 1 |
| burst_size | Integer | min: 1, max: 10 | No | 1 |
| configurations | List | [configurations] | No |
ssh_accesses (fmc.domains.devices.ftd_platform_settings)
Section titled “ssh_accesses (fmc.domains.devices.ftd_platform_settings)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| source_network_object | String | Yes | ||
| interface_literals | List | String | No | |
| interface_objects | List | String | No |
snmp (fmc.domains.devices.ftd_platform_settings)
Section titled “snmp (fmc.domains.devices.ftd_platform_settings)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| server_enabled | Boolean | true, false | Yes | true |
| server_port | Integer | min: 1, max: 65535 | No | 161 |
| read_community | String | max: 32 | No | |
| system_administrator | String | max: 127 | No | |
| location | String | max: 127 | No | |
| management_hosts | List | [management_hosts] | No | |
| snmpv3_users | List | [snmpv3_users] | No | |
| traps | Class | [traps] | No |
syslog (fmc.domains.devices.ftd_platform_settings)
Section titled “syslog (fmc.domains.devices.ftd_platform_settings)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| logging_setup | Class | [logging_setup] | No | |
| logging_destinations | List | [logging_destinations] | No | |
| email_setup | Class | [email_setup] | No | |
| event_lists | List | [event_lists] | No | |
| rate_limits | List | [rate_limits] | No | |
| settings | Class | [settings] | No | |
| servers | Class | [servers] | No |
time_synchronization (fmc.domains.devices.ftd_platform_settings)
Section titled “time_synchronization (fmc.domains.devices.ftd_platform_settings)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| mode | Choice | SYNC_VIA_MGMT_CENTER_NTP, SYNC_VIA_NTP_SERVER | Yes | |
| ntp_servers | List | String | No |
configurations (fmc.domains.devices.ftd_platform_settings.http_access)
Section titled “configurations (fmc.domains.devices.ftd_platform_settings.http_access)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| source_network_object | String | Yes | ||
| interface_literals | List | String | No | |
| interface_objects | List | String | No |
configurations (fmc.domains.devices.ftd_platform_settings.icmp_access)
Section titled “configurations (fmc.domains.devices.ftd_platform_settings.icmp_access)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| action | Choice | Permit, Deny | Yes | |
| icmp_service_object | String | Yes | ||
| source_network_object | String | Yes | ||
| interface_literals | List | String | No | |
| interface_objects | List | String | No |
management_hosts (fmc.domains.devices.ftd_platform_settings.snmp)
Section titled “management_hosts (fmc.domains.devices.ftd_platform_settings.snmp)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| network_object | String | Yes | ||
| snmp_version | Choice | SNMPv1, SNMPv2c, SNMPv3 | Yes | |
| username | String | No | ||
| read_community | String | No | ||
| poll | Boolean | true, false | No | true |
| trap | Boolean | true, false | No | true |
| trap_port | Integer | min: 1, max: 65535 | No | 162 |
| use_management_interface | Boolean | true, false | No | |
| interface_literals | List | String | No | |
| interface_objects | List | String | No |
snmpv3_users (fmc.domains.devices.ftd_platform_settings.snmp)
Section titled “snmpv3_users (fmc.domains.devices.ftd_platform_settings.snmp)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| security_level | Choice | Auth, NoAuth, Priv | Yes | |
| username | String | max: 32 | Yes | |
| password_type | Choice | Clear, Encrypted | No | |
| authentication_algorithm | Choice | SHA, SHA224, SHA256, SHA384 | No | |
| authentication_password | String | max: 256 | No | |
| encryption_algorithm | Choice | AES128, AES192, AES256 | No | |
| encryption_password | String | max: 256 | No |
traps (fmc.domains.devices.ftd_platform_settings.snmp)
Section titled “traps (fmc.domains.devices.ftd_platform_settings.snmp)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| syslog | Boolean | true, false | No | false |
| authentication | Boolean | true, false | No | true |
| link_up | Boolean | true, false | No | true |
| link_down | Boolean | true, false | No | true |
| cold_start | Boolean | true, false | No | true |
| warm_start | Boolean | true, false | No | true |
| field_replacement_unit_insert | Boolean | true, false | No | false |
| field_replacement_unit_delete | Boolean | true, false | No | false |
| configuration_change | Boolean | true, false | No | false |
| connection_limit_reached | Boolean | true, false | No | false |
| nat_packet_discard | Boolean | true, false | No | false |
| cpu_rising | Boolean | true, false | No | false |
| cpu_rising_threshold | Integer | min: 10, max: 94 | No | 70 |
| cpu_rising_interval | Integer | min: 1, max: 60 | No | 1 |
| memory_rising | Boolean | true, false | No | false |
| memory_rising_threshold | Integer | min: 50, max: 695 | No | 70 |
| failover_state | Boolean | true, false | No | false |
| cluster_state | Boolean | true, false | No | false |
| peer_flap | Boolean | true, false | No | false |
logging_setup (fmc.domains.devices.ftd_platform_settings.syslog)
Section titled “logging_setup (fmc.domains.devices.ftd_platform_settings.syslog)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| logging_enabled | Boolean | true, false | No | false |
| logging_on_failover_standby_unit_enabled | Boolean | true, false | No | false |
| emblem_format | Boolean | true, false | No | false |
| send_debug_messages_as_syslog | Boolean | true, false | No | false |
| internal_buffer_memory_size | Integer | min: 4096, max: 52428800 | No | 4096 |
| fmc_logging_mode | Choice | OFF, ALL, VPN | Yes | VPN |
| fmc_logging_level | Choice | EMERG, ALERT, CRIT, ERR, WARNING, NOTICE, INFO, DEBUG | No | ERR |
| ftp_server_host | String | No | ||
| ftp_server_username | String | No | ||
| ftp_server_path | String | No | ||
| ftp_server_password | String | No | ||
| flash_enabled | Boolean | true, false | No | false |
| flash_maximum_space | Integer | min: 4, max: 8044176 | No | 3076 |
| flash_minimum_free_space | Integer | min: 0, max: 8044176 | No | 1024 |
logging_destinations (fmc.domains.devices.ftd_platform_settings.syslog)
Section titled “logging_destinations (fmc.domains.devices.ftd_platform_settings.syslog)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| destination | Choice | INTERNAL_BUFFER, CONSOLE, SYSLOG_SERVERS, SNMP_TRAP, EMAIL, SSH_SESSION | Yes | |
| global_event_class_filter_criteria | Choice | SEVERITY, EVENT_LIST, DISABLE | Yes | |
| global_event_class_filter_value | String | No | ||
| event_class_filters | List | [event_class_filters] | No |
email_setup (fmc.domains.devices.ftd_platform_settings.syslog)
Section titled “email_setup (fmc.domains.devices.ftd_platform_settings.syslog)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| source_email_address | String | Yes | ||
| destinations | List | [destinations] | No |
event_lists (fmc.domains.devices.ftd_platform_settings.syslog)
Section titled “event_lists (fmc.domains.devices.ftd_platform_settings.syslog)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[a-zA-Z0-9_ -]{1,64}$ | Yes | |
| event_classes | List | [event_classes] | No | |
| message_ids | List | String | No |
rate_limits (fmc.domains.devices.ftd_platform_settings.syslog)
Section titled “rate_limits (fmc.domains.devices.ftd_platform_settings.syslog)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| type | Choice | LOG_LEVEL, SYSLOG_ID | Yes | |
| value | String | Yes | ||
| number_of_messages | Integer | min: 1, max: 2147483647 | Yes | |
| interval | Integer | min: 1, max: 2147483647 | No |
settings (fmc.domains.devices.ftd_platform_settings.syslog)
Section titled “settings (fmc.domains.devices.ftd_platform_settings.syslog)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| facility | Choice | LOCAL0, LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7 | Yes | LOCAL4 |
| timestamp_format | Choice | RFC_5424, LEGACY | Yes | |
| device_id_source | Choice | INTERFACE, USERDEFINEDID, HOSTNAME | No | |
| device_id_user_defined | String | No | ||
| device_id_interface | String | No | ||
| all_syslog_messages_enabled | Boolean | true, false | No | false |
| all_syslog_messages_logging_level | Choice | EMERG, ALERT, CRIT, ERR, WARNING, NOTICE, INFO, DEBUG | No | |
| syslog_ids | List | [syslog_ids] | No |
servers (fmc.domains.devices.ftd_platform_settings.syslog)
Section titled “servers (fmc.domains.devices.ftd_platform_settings.syslog)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| allow_user_traffic_when_tcp_syslog_server_is_down | Boolean | true, false | No | true |
| message_queue_size | Integer | min: 0, max: 8192 | No | 512 |
| servers | List | [servers] | No |
event_class_filters (fmc.domains.devices.ftd_platform_settings.syslog.logging_destinations)
Section titled “event_class_filters (fmc.domains.devices.ftd_platform_settings.syslog.logging_destinations)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| class | Choice | AUTH, BRIDGE, CA, CONFIG, CSD, DAP, EAPOUDP, EIGRP, HA, IDS, IP, IPAA, IPS, NP, OSPF, RM, RULE_ENGINE, SESSION, SNMP, SSL, SVC, SYS, TAG_SWITCHING, VM, VPDN, VPN, VPNC, VPNFO, VPNLB, WEBFO, WEBVPN | Yes | |
| severity | Choice | EMERG, ALERT, CRIT, ERR, WARNING, NOTICE, INFO, DEBUG | Yes |
destinations (fmc.domains.devices.ftd_platform_settings.syslog.email_setup)
Section titled “destinations (fmc.domains.devices.ftd_platform_settings.syslog.email_setup)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| email_addresses | List | String | Yes | |
| logging_level | Choice | EMERG, ALERT, CRIT, ERR, WARNING, NOTICE, INFO, DEBUG | Yes |
event_classes (fmc.domains.devices.ftd_platform_settings.syslog.event_lists)
Section titled “event_classes (fmc.domains.devices.ftd_platform_settings.syslog.event_lists)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| class | Choice | ACCESS_LIST, APPLICATION_FIREWALL, AUTH, BOTNET_TRAFFIC_FILTERING, BRIDGE, CA, CARD_MANAGEMENT, CLUSTERING, CONFIG, CSD, CTS, DAP, EAPOUDP, EIGRP, EMAIL, ENVIRONMENT_MONITORING, HA, IDENTITY_BASED_FIREWALL, IDS, IKEV2_TOOLKIT, IP, IPAA, IPS, IPV6, LICENSING, MDM_PROXY, NACPOLICY, NACSETTINGS, NAT_AND_PAT, NETWORK_ACCESS_POINT, NP, NP_SSL, OSPF, PASSWORD_ENCRYPTION, PHONE_PROXY, RIP, RM, RULE_ENGINE, SCANSAFE, SESSION, SMART_CALL_HOME, SNMP, SSL, SVC, SYS, TAG_SWITCHING, THREAT_DETECTION, TRANSACTIONAL_RULE_ENGINE_TRE, UC_IMS, VM, VPDN, VPN, VPNC, VPNFO, VPNLB, VXLAN, WEBFO, WEBVPN | Yes | |
| severity | Choice | EMERG, ALERT, CRIT, ERR, WARNING, NOTICE, INFO, DEBUG | Yes |
syslog_ids (fmc.domains.devices.ftd_platform_settings.syslog.settings)
Section titled “syslog_ids (fmc.domains.devices.ftd_platform_settings.syslog.settings)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| syslog_id | String | Yes | ||
| logging_level | Choice | EMERG, ALERT, CRIT, ERR, WARNING, NOTICE, INFO, DEBUG, DEFAULT | No | |
| enabled | Boolean | true, false | No | true |
servers (fmc.domains.devices.ftd_platform_settings.syslog.servers)
Section titled “servers (fmc.domains.devices.ftd_platform_settings.syslog.servers)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| network_object | String | Yes | ||
| protocol | Choice | UDP, TCP | No | TCP |
| port | Integer | min: 1, max: 65535 | No | 1470 |
| emblem_format | Boolean | true, false | No | false |
| secure_syslog | Boolean | true, false | No | false |
| use_management_interface | Boolean | true, false | No | |
| interface_literals | List | String | No | |
| interface_objects | List | String | No |
Examples
Section titled “Examples”Prerequisites:
fmc: domains: - name: Global objects: icmpv4s: - name: MyICMPv4Name1 icmp_type: 8 - name: MyICMPv4Name2 icmp_type: 3 code: 2 hosts: - name: MyHostName1 ip: 10.10.10.10 - name: MyHostName2 ip: 20.20.20.20 networks: - name: MyNetworkName1 prefix: 10.10.10.0/24 security_zones: - name: MySecurityZoneName1 - name: MySecurityZoneName2FTD Platform Settings
fmc: domains: - name: Global devices: ftd_platform_settings: - name: MyPlatformSettingsName1 description: "This is my platform settings description" banner: text: | This is line 1 of the banner This is line 2 of the banner http_access: server_enabled: true server_port: 443 configurations: - source_network_object: MyNetworkName1 interface_literals: ["MyInt_1", "MyInt_2"] interface_objects: ["MySecurityZoneName1", "MySecurityZoneName2"] - source_network_object: MyHostName1 interface_literals: ["MyInt_1", "MyInt_2"] interface_objects: ["MySecurityZoneName1", "MySecurityZoneName2"] icmp_access: rate_limit: 1 burst_size: 1 configurations: - action: Permit icmp_service_object: MyICMPv4Name1 source_network_object: MyNetworkName1 interface_literals: ["MyInt_1", "MyInt_2"] interface_objects: ["MySecurityZoneName1", "MySecurityZoneName2"] - action: Deny icmp_service_object: MyICMPv4Name2 source_network_object: MyHostName1 interface_literals: ["MyInt_1", "MyInt_2"] interface_objects: ["MySecurityZoneName1", "MySecurityZoneName2"] ssh_accesses: - source_network_object: MyNetworkName1 interface_literals: ["MyInt_1", "MyInt_2"] interface_objects: ["MySecurityZoneName1", "MySecurityZoneName2"] - source_network_object: MyHostName1 interface_literals: ["MyInt_1", "MyInt_2"] interface_objects: ["MySecurityZoneName1", "MySecurityZoneName2"] snmp: server_enabled: true server_port: 1456 read_community: public system_administrator: admin location: "Data Center 1" management_hosts: - network_object: MyHostName1 snmp_version: "SNMPv2c" read_community: public poll: true interface_literals: ["MyInt_1", "MyInt_2"] interface_objects: ["MySecurityZoneName1", "MySecurityZoneName2"] - network_object: MyHostName2 snmp_version: "SNMPv3" username: snmpv3user2 poll: true interface_literals: ["MyInt_1", "MyInt_2"] interface_objects: ["MySecurityZoneName1", "MySecurityZoneName2"] snmpv3_users: - security_level: "NoAuth" username: snmpv3user1 - security_level: "Priv" username: snmpv3user2 password_type: "Clear" authentication_algorithm: "SHA256" authentication_password: "authPass123" encryption_algorithm: "AES256" encryption_password: "encrPass123" traps: syslog: true syslog: logging_setup: logging_enabled: true logging_on_failover_standby_unit_enabled: true fmc_logging_mode: "ALL" fmc_logging_level: "CRIT" flash_enabled: true logging_destinations: - destination: "INTERNAL_BUFFER" global_event_class_filter_criteria: "DISABLE" event_class_filters: - class: "BRIDGE" severity: "WARNING" - class: "VPN" severity: "ERR" - destination: "SYSLOG_SERVERS" global_event_class_filter_criteria: "SEVERITY" global_event_class_filter_value: "WARNING" event_class_filters: - class: "BRIDGE" severity: "WARNING" - class: "VPN" severity: "ERR" email_setup: source_email_address: my_email@example.com destinations: - email_addresses: - dest1@example.com - dest2@example.com logging_level: "INFO" - email_addresses: - dest3@example.com logging_level: "ERR" event_lists: - name: MyEventListName1 event_classes: - class: "VPN" severity: "ERR" - class: "OSPF" severity: "WARNING" message_ids: - "302015" - "302016" - "302017" - "302018" - name: MyEventListName2 event_classes: - class: "BOTNET_TRAFFIC_FILTERING" severity: "INFO" - class: "SCANSAFE" severity: "WARNING" rate_limits: - type: "LOG_LEVEL" value: "ERR" number_of_messages: 100 interval: 5 - type: "LOG_LEVEL" value: "WARNING" number_of_messages: 200 interval: 10 - type: "SYSLOG_ID" value: "302015" number_of_messages: 50 - type: "SYSLOG_ID" value: "302016" number_of_messages: 75 settings: facility: "LOCAL4" timestamp_format: "RFC_5424" device_id_source: "INTERFACE" device_id_interface: "MySecurityZoneName1" all_syslog_messages_enabled: false syslog_ids: - syslog_id: "302015" - syslog_id: "302016" - syslog_id: "302017" enabled: false logging_level: "ERR" servers: allow_user_traffic_when_tcp_syslog_server_is_down: true message_queue_size: 8192 servers: - network_object: MyHostName1 protocol: "TCP" port: 1514 emblem_format: true secure_syslog: true use_management_interface: false interface_literals: ["MyInt_1", "MyInt_2"] interface_objects: ["MySecurityZoneName1", "MySecurityZoneName2"] - network_object: MyHostName2 protocol: "UDP" port: 1514 emblem_format: true secure_syslog: true use_management_interface: false interface_literals: ["MyInt_1", "MyInt_2"] interface_objects: ["MySecurityZoneName1", "MySecurityZoneName2"] time_synchronization: mode: SYNC_VIA_NTP_SERVER ntp_servers: - 0.pool.ntp.org - 1.pool.ntp.org