FTD Platform Settings

Location in GUI: Devices » Platform Settings

Diagram

Classes

devices (fmc.domains)

Name	Type	Constraint	Mandatory	Default Value
ftd_platform_settings	List	`[ftd_platform_settings]`	No

ftd_platform_settings (fmc.domains.devices)

Name	Type	Constraint	Mandatory
name	String	Regex: `^[a-zA-Z0-9_.+ -]{1,64}$`	Yes
description	String	max: `255`	No
banner	Class	`[banner]`	No
http_access	Class	`[http_access]`	No
icmp_access	Class	`[icmp_access]`	No
ssh_accesses	List	`[ssh_accesses]`	No
snmp	Class	`[snmp]`	No
syslog	Class	`[syslog]`	No
time_synchronization	Class	`[time_synchronization]`	No

banner (fmc.domains.devices.ftd_platform_settings)

Name	Type	Constraint	Mandatory	Default Value
text	String		Yes

http_access (fmc.domains.devices.ftd_platform_settings)

Name	Type	Constraint	Mandatory	Default Value
server_enabled	Boolean	`true`, `false`	No	`true`
server_port	Integer	min: `1`, max: `65535`	No	`443`
configurations	List	`[configurations]`	No

icmp_access (fmc.domains.devices.ftd_platform_settings)

Name	Type	Constraint	Mandatory	Default Value
rate_limit	Integer	min: `1`, max: `100`	No	`1`
burst_size	Integer	min: `1`, max: `10`	No	`1`
configurations	List	`[configurations]`	No

ssh_accesses (fmc.domains.devices.ftd_platform_settings)

Name	Type	Constraint	Mandatory
source_network_object	String		Yes
interface_literals	List	String	No
interface_objects	List	String	No

snmp (fmc.domains.devices.ftd_platform_settings)

Name	Type	Constraint	Mandatory	Default Value
server_enabled	Boolean	`true`, `false`	Yes	`true`
server_port	Integer	min: `1`, max: `65535`	No	`161`
read_community	String	max: `32`	No
system_administrator	String	max: `127`	No
location	String	max: `127`	No
management_hosts	List	`[management_hosts]`	No
snmpv3_users	List	`[snmpv3_users]`	No
traps	Class	`[traps]`	No

syslog (fmc.domains.devices.ftd_platform_settings)

Name	Type	Constraint	Mandatory
logging_setup	Class	`[logging_setup]`	No
logging_destinations	List	`[logging_destinations]`	No
email_setup	Class	`[email_setup]`	No
event_lists	List	`[event_lists]`	No
rate_limits	List	`[rate_limits]`	No
settings	Class	`[settings]`	No
servers	Class	`[servers]`	No

time_synchronization (fmc.domains.devices.ftd_platform_settings)

Name	Type	Constraint	Mandatory	Default Value
mode	Choice	`SYNC_VIA_MGMT_CENTER_NTP`, `SYNC_VIA_NTP_SERVER`	Yes
ntp_servers	List	String	No

configurations (fmc.domains.devices.ftd_platform_settings.http_access)

Name	Type	Constraint	Mandatory
source_network_object	String		Yes
interface_literals	List	String	No
interface_objects	List	String	No

configurations (fmc.domains.devices.ftd_platform_settings.icmp_access)

Name	Type	Constraint	Mandatory
action	Choice	`Permit`, `Deny`	Yes
icmp_service_object	String		Yes
source_network_object	String		Yes
interface_literals	List	String	No
interface_objects	List	String	No

management_hosts (fmc.domains.devices.ftd_platform_settings.snmp)

Name	Type	Constraint	Mandatory	Default Value
network_object	String		Yes
snmp_version	Choice	`SNMPv1`, `SNMPv2c`, `SNMPv3`	Yes
username	String		No
read_community	String		No
poll	Boolean	`true`, `false`	No	`true`
trap	Boolean	`true`, `false`	No	`true`
trap_port	Integer	min: `1`, max: `65535`	No	`162`
use_management_interface	Boolean	`true`, `false`	No
interface_literals	List	String	No
interface_objects	List	String	No

snmpv3_users (fmc.domains.devices.ftd_platform_settings.snmp)

Name	Type	Constraint	Mandatory
security_level	Choice	`Auth`, `NoAuth`, `Priv`	Yes
username	String	max: `32`	Yes
password_type	Choice	`Clear`, `Encrypted`	No
authentication_algorithm	Choice	`SHA`, `SHA224`, `SHA256`, `SHA384`	No
authentication_password	String	max: `256`	No
encryption_algorithm	Choice	`AES128`, `AES192`, `AES256`	No
encryption_password	String	max: `256`	No

traps (fmc.domains.devices.ftd_platform_settings.snmp)

Name	Type	Constraint	Mandatory	Default Value
syslog	Boolean	`true`, `false`	No	`false`
authentication	Boolean	`true`, `false`	No	`true`
link_up	Boolean	`true`, `false`	No	`true`
link_down	Boolean	`true`, `false`	No	`true`
cold_start	Boolean	`true`, `false`	No	`true`
warm_start	Boolean	`true`, `false`	No	`true`
field_replacement_unit_insert	Boolean	`true`, `false`	No	`false`
field_replacement_unit_delete	Boolean	`true`, `false`	No	`false`
configuration_change	Boolean	`true`, `false`	No	`false`
connection_limit_reached	Boolean	`true`, `false`	No	`false`
nat_packet_discard	Boolean	`true`, `false`	No	`false`
cpu_rising	Boolean	`true`, `false`	No	`false`
cpu_rising_threshold	Integer	min: `10`, max: `94`	No	`70`
cpu_rising_interval	Integer	min: `1`, max: `60`	No	`1`
memory_rising	Boolean	`true`, `false`	No	`false`
memory_rising_threshold	Integer	min: `50`, max: `695`	No	`70`
failover_state	Boolean	`true`, `false`	No	`false`
cluster_state	Boolean	`true`, `false`	No	`false`
peer_flap	Boolean	`true`, `false`	No	`false`

logging_setup (fmc.domains.devices.ftd_platform_settings.syslog)

Name	Type	Constraint	Mandatory	Default Value
logging_enabled	Boolean	`true`, `false`	No	`false`
logging_on_failover_standby_unit_enabled	Boolean	`true`, `false`	No	`false`
emblem_format	Boolean	`true`, `false`	No	`false`
send_debug_messages_as_syslog	Boolean	`true`, `false`	No	`false`
internal_buffer_memory_size	Integer	min: `4096`, max: `52428800`	No	`4096`
fmc_logging_mode	Choice	`OFF`, `ALL`, `VPN`	Yes	`VPN`
fmc_logging_level	Choice	`EMERG`, `ALERT`, `CRIT`, `ERR`, `WARNING`, `NOTICE`, `INFO`, `DEBUG`	No	`ERR`
ftp_server_host	String		No
ftp_server_username	String		No
ftp_server_path	String		No
ftp_server_password	String		No
flash_enabled	Boolean	`true`, `false`	No	`false`
flash_maximum_space	Integer	min: `4`, max: `8044176`	No	`3076`
flash_minimum_free_space	Integer	min: `0`, max: `8044176`	No	`1024`

logging_destinations (fmc.domains.devices.ftd_platform_settings.syslog)

Name	Type	Constraint	Mandatory
destination	Choice	`INTERNAL_BUFFER`, `CONSOLE`, `SYSLOG_SERVERS`, `SNMP_TRAP`, `EMAIL`, `SSH_SESSION`	Yes
global_event_class_filter_criteria	Choice	`SEVERITY`, `EVENT_LIST`, `DISABLE`	Yes
global_event_class_filter_value	String		No
event_class_filters	List	`[event_class_filters]`	No

email_setup (fmc.domains.devices.ftd_platform_settings.syslog)

Name	Type	Constraint	Mandatory	Default Value
source_email_address	String		Yes
destinations	List	`[destinations]`	No

event_lists (fmc.domains.devices.ftd_platform_settings.syslog)

Name	Type	Constraint	Mandatory
name	String	Regex: `^[a-zA-Z0-9_ -]{1,64}$`	Yes
event_classes	List	`[event_classes]`	No
message_ids	List	String	No

rate_limits (fmc.domains.devices.ftd_platform_settings.syslog)

Name	Type	Constraint	Mandatory
type	Choice	`LOG_LEVEL`, `SYSLOG_ID`	Yes
value	String		Yes
number_of_messages	Integer	min: `1`, max: `2147483647`	Yes
interval	Integer	min: `1`, max: `2147483647`	No

settings (fmc.domains.devices.ftd_platform_settings.syslog)

Name	Type	Constraint	Mandatory	Default Value
facility	Choice	`LOCAL0`, `LOCAL1`, `LOCAL2`, `LOCAL3`, `LOCAL4`, `LOCAL5`, `LOCAL6`, `LOCAL7`	Yes	`LOCAL4`
timestamp_format	Choice	`RFC_5424`, `LEGACY`	Yes
device_id_source	Choice	`INTERFACE`, `USERDEFINEDID`, `HOSTNAME`	No
device_id_user_defined	String		No
device_id_interface	String		No
all_syslog_messages_enabled	Boolean	`true`, `false`	No	`false`
all_syslog_messages_logging_level	Choice	`EMERG`, `ALERT`, `CRIT`, `ERR`, `WARNING`, `NOTICE`, `INFO`, `DEBUG`	No
syslog_ids	List	`[syslog_ids]`	No

servers (fmc.domains.devices.ftd_platform_settings.syslog)

Name	Type	Constraint	Mandatory	Default Value
allow_user_traffic_when_tcp_syslog_server_is_down	Boolean	`true`, `false`	No	`true`
message_queue_size	Integer	min: `0`, max: `8192`	No	`512`
servers	List	`[servers]`	No

event_class_filters (fmc.domains.devices.ftd_platform_settings.syslog.logging_destinations)

Name	Type	Constraint	Mandatory	Default Value
class	Choice	`AUTH`, `BRIDGE`, `CA`, `CONFIG`, `CSD`, `DAP`, `EAPOUDP`, `EIGRP`, `HA`, `IDS`, `IP`, `IPAA`, `IPS`, `NP`, `OSPF`, `RM`, `RULE_ENGINE`, `SESSION`, `SNMP`, `SSL`, `SVC`, `SYS`, `TAG_SWITCHING`, `VM`, `VPDN`, `VPN`, `VPNC`, `VPNFO`, `VPNLB`, `WEBFO`, `WEBVPN`	Yes
severity	Choice	`EMERG`, `ALERT`, `CRIT`, `ERR`, `WARNING`, `NOTICE`, `INFO`, `DEBUG`	Yes

destinations (fmc.domains.devices.ftd_platform_settings.syslog.email_setup)

Name	Type	Constraint	Mandatory	Default Value
email_addresses	List	String	Yes
logging_level	Choice	`EMERG`, `ALERT`, `CRIT`, `ERR`, `WARNING`, `NOTICE`, `INFO`, `DEBUG`	Yes

event_classes (fmc.domains.devices.ftd_platform_settings.syslog.event_lists)

Name	Type	Constraint	Mandatory	Default Value
class	Choice	`ACCESS_LIST`, `APPLICATION_FIREWALL`, `AUTH`, `BOTNET_TRAFFIC_FILTERING`, `BRIDGE`, `CA`, `CARD_MANAGEMENT`, `CLUSTERING`, `CONFIG`, `CSD`, `CTS`, `DAP`, `EAPOUDP`, `EIGRP`, `EMAIL`, `ENVIRONMENT_MONITORING`, `HA`, `IDENTITY_BASED_FIREWALL`, `IDS`, `IKEV2_TOOLKIT`, `IP`, `IPAA`, `IPS`, `IPV6`, `LICENSING`, `MDM_PROXY`, `NACPOLICY`, `NACSETTINGS`, `NAT_AND_PAT`, `NETWORK_ACCESS_POINT`, `NP`, `NP_SSL`, `OSPF`, `PASSWORD_ENCRYPTION`, `PHONE_PROXY`, `RIP`, `RM`, `RULE_ENGINE`, `SCANSAFE`, `SESSION`, `SMART_CALL_HOME`, `SNMP`, `SSL`, `SVC`, `SYS`, `TAG_SWITCHING`, `THREAT_DETECTION`, `TRANSACTIONAL_RULE_ENGINE_TRE`, `UC_IMS`, `VM`, `VPDN`, `VPN`, `VPNC`, `VPNFO`, `VPNLB`, `VXLAN`, `WEBFO`, `WEBVPN`	Yes
severity	Choice	`EMERG`, `ALERT`, `CRIT`, `ERR`, `WARNING`, `NOTICE`, `INFO`, `DEBUG`	Yes

syslog_ids (fmc.domains.devices.ftd_platform_settings.syslog.settings)

Name	Type	Constraint	Mandatory	Default Value
syslog_id	String		Yes
logging_level	Choice	`EMERG`, `ALERT`, `CRIT`, `ERR`, `WARNING`, `NOTICE`, `INFO`, `DEBUG`, `DEFAULT`	No
enabled	Boolean	`true`, `false`	No	`true`

servers (fmc.domains.devices.ftd_platform_settings.syslog.servers)

Name	Type	Constraint	Mandatory	Default Value
network_object	String		Yes
protocol	Choice	`UDP`, `TCP`	No	`TCP`
port	Integer	min: `1`, max: `65535`	No	`1470`
emblem_format	Boolean	`true`, `false`	No	`false`
secure_syslog	Boolean	`true`, `false`	No	`false`
use_management_interface	Boolean	`true`, `false`	No
interface_literals	List	String	No
interface_objects	List	String	No

Examples

Prerequisites:

fmc:
  domains:
    - name: Global
      objects:
        icmpv4s:
          - name: MyICMPv4Name1
            icmp_type: 8
          - name: MyICMPv4Name2
            icmp_type: 3
            code: 2
        hosts:
          - name: MyHostName1
            ip: 10.10.10.10
          - name: MyHostName2
            ip: 20.20.20.20
        networks:
          - name: MyNetworkName1
            prefix: 10.10.10.0/24
        security_zones:
          - name: MySecurityZoneName1
          - name: MySecurityZoneName2

FTD Platform Settings

fmc:
  domains:
    - name: Global
      devices:
        ftd_platform_settings:
          - name: MyPlatformSettingsName1
            description: "This is my platform settings description"
            banner:
              text: |
                This is line 1 of the banner
                This is line 2 of the banner
            http_access:
              server_enabled: true
              server_port: 443
              configurations:
                - source_network_object: MyNetworkName1
                  interface_literals: ["MyInt_1", "MyInt_2"]
                  interface_objects: ["MySecurityZoneName1", "MySecurityZoneName2"]
                - source_network_object: MyHostName1
                  interface_literals: ["MyInt_1", "MyInt_2"]
                  interface_objects: ["MySecurityZoneName1", "MySecurityZoneName2"]
            icmp_access:
              rate_limit: 1
              burst_size: 1
              configurations:
                - action: Permit
                  icmp_service_object: MyICMPv4Name1
                  source_network_object: MyNetworkName1
                  interface_literals: ["MyInt_1", "MyInt_2"]
                  interface_objects: ["MySecurityZoneName1", "MySecurityZoneName2"]
                - action: Deny
                  icmp_service_object: MyICMPv4Name2
                  source_network_object: MyHostName1
                  interface_literals: ["MyInt_1", "MyInt_2"]
                  interface_objects: ["MySecurityZoneName1", "MySecurityZoneName2"]
            ssh_accesses:
              - source_network_object: MyNetworkName1
                interface_literals: ["MyInt_1", "MyInt_2"]
                interface_objects: ["MySecurityZoneName1", "MySecurityZoneName2"]
              - source_network_object: MyHostName1
                interface_literals: ["MyInt_1", "MyInt_2"]
                interface_objects: ["MySecurityZoneName1", "MySecurityZoneName2"]
            snmp:
              server_enabled: true
              server_port: 1456
              read_community: public
              system_administrator: admin
              location: "Data Center 1"
              management_hosts:
                - network_object: MyHostName1
                  snmp_version: "SNMPv2c"
                  read_community: public
                  poll: true
                  interface_literals: ["MyInt_1", "MyInt_2"]
                  interface_objects: ["MySecurityZoneName1", "MySecurityZoneName2"]
                - network_object: MyHostName2
                  snmp_version: "SNMPv3"
                  username: snmpv3user2
                  poll: true
                  interface_literals: ["MyInt_1", "MyInt_2"]
                  interface_objects: ["MySecurityZoneName1", "MySecurityZoneName2"]
              snmpv3_users:
                - security_level: "NoAuth"
                  username: snmpv3user1
                - security_level: "Priv"
                  username: snmpv3user2
                  password_type: "Clear"
                  authentication_algorithm: "SHA256"
                  authentication_password: "authPass123"
                  encryption_algorithm: "AES256"
                  encryption_password: "encrPass123"
              traps:
                syslog: true
            syslog:
              logging_setup:
                logging_enabled: true
                logging_on_failover_standby_unit_enabled: true
                fmc_logging_mode: "ALL"
                fmc_logging_level: "CRIT"
                flash_enabled: true
              logging_destinations:
                - destination: "INTERNAL_BUFFER"
                  global_event_class_filter_criteria: "DISABLE"
                  event_class_filters:
                    - class: "BRIDGE"
                      severity: "WARNING"
                    - class: "VPN"
                      severity: "ERR"
                - destination: "SYSLOG_SERVERS"
                  global_event_class_filter_criteria: "SEVERITY"
                  global_event_class_filter_value: "WARNING"
                  event_class_filters:
                    - class: "BRIDGE"
                      severity: "WARNING"
                    - class: "VPN"
                      severity: "ERR"
              email_setup:
                source_email_address: my_email@example.com
                destinations:
                  - email_addresses:
                      - dest1@example.com
                      - dest2@example.com
                    logging_level: "INFO"
                  - email_addresses:
                      - dest3@example.com
                    logging_level: "ERR"
              event_lists:
                - name: MyEventListName1
                  event_classes:
                    - class: "VPN"
                      severity: "ERR"
                    - class: "OSPF"
                      severity: "WARNING"
                  message_ids:
                    - "302015"
                    - "302016"
                    - "302017"
                    - "302018"
                - name: MyEventListName2
                  event_classes:
                    - class: "BOTNET_TRAFFIC_FILTERING"
                      severity: "INFO"
                    - class: "SCANSAFE"
                      severity: "WARNING"
              rate_limits:
                - type: "LOG_LEVEL"
                  value: "ERR"
                  number_of_messages: 100
                  interval: 5
                - type: "LOG_LEVEL"
                  value: "WARNING"
                  number_of_messages: 200
                  interval: 10
                - type: "SYSLOG_ID"
                  value: "302015"
                  number_of_messages: 50
                - type: "SYSLOG_ID"
                  value: "302016"
                  number_of_messages: 75
              settings:
                facility: "LOCAL4"
                timestamp_format: "RFC_5424"
                device_id_source: "INTERFACE"
                device_id_interface: "MySecurityZoneName1"
                all_syslog_messages_enabled: false
                syslog_ids:
                  - syslog_id: "302015"
                  - syslog_id: "302016"
                  - syslog_id: "302017"
                    enabled: false
                    logging_level: "ERR"
              servers:
                allow_user_traffic_when_tcp_syslog_server_is_down: true
                message_queue_size: 8192
                servers:
                  - network_object: MyHostName1
                    protocol: "TCP"
                    port: 1514
                    emblem_format: true
                    secure_syslog: true
                    use_management_interface: false
                    interface_literals: ["MyInt_1", "MyInt_2"]
                    interface_objects: ["MySecurityZoneName1", "MySecurityZoneName2"]
                  - network_object: MyHostName2
                    protocol: "UDP"
                    port: 1514
                    emblem_format: true
                    secure_syslog: true
                    use_management_interface: false
                    interface_literals: ["MyInt_1", "MyInt_2"]
                    interface_objects: ["MySecurityZoneName1", "MySecurityZoneName2"]
            time_synchronization:
              mode: SYNC_VIA_NTP_SERVER
              ntp_servers:
                - 0.pool.ntp.org
                - 1.pool.ntp.org