fortios_wireless_controller_wtp_profile – Configure WTP profiles or FortiAP profiles that define radio settings for manageable FortiAP platforms in Fortinet’s FortiOS and FortiGate

New in version 2.8.

Synopsis

  • This module is able to configure a FortiGate or FortiOS by allowing the user to set and modify wireless_controller feature and wtp_profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.2

Requirements

The below requirements are needed on the host that executes this module.

  • fortiosapi>=0.9.8

Parameters

Parameter Choices/Defaults Comments
host
- / required
FortiOS or FortiGate ip address.
https
boolean
    Choices:
  • no
  • yes ←
Indicates if the requests towards FortiGate must use HTTPS protocol
password
-
Default:
""
FortiOS or FortiGate password.
username
- / required
FortiOS or FortiGate username.
vdom
-
Default:
"root"
Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit.
wireless_controller_wtp_profile
-
Default:
null
Configure WTP profiles or FortiAP profiles that define radio settings for manageable FortiAP platforms.
allowaccess
-
    Choices:
  • telnet
  • http
  • https
  • ssh
Control management access to the managed WTP, FortiAP, or AP. Separate entries with a space.
ap-country
-
    Choices:
  • NA
  • AL
  • DZ
  • AO
  • AR
  • AM
  • AU
  • AT
  • AZ
  • BH
  • BD
  • BB
  • BY
  • BE
  • BZ
  • BO
  • BA
  • BR
  • BN
  • BG
  • KH
  • CL
  • CN
  • CO
  • CR
  • HR
  • CY
  • CZ
  • DK
  • DO
  • EC
  • EG
  • SV
  • EE
  • FI
  • FR
  • GE
  • DE
  • GR
  • GL
  • GD
  • GU
  • GT
  • HT
  • HN
  • HK
  • HU
  • IS
  • IN
  • ID
  • IR
  • IE
  • IL
  • IT
  • JM
  • JO
  • KZ
  • KE
  • KP
  • KR
  • KW
  • LV
  • LB
  • LI
  • LT
  • LU
  • MO
  • MK
  • MY
  • MT
  • MX
  • MC
  • MA
  • MZ
  • MM
  • NP
  • NL
  • AN
  • AW
  • NZ
  • no
  • OM
  • PK
  • PA
  • PG
  • PY
  • PE
  • PH
  • PL
  • PT
  • PR
  • QA
  • RO
  • RU
  • RW
  • SA
  • RS
  • ME
  • SG
  • SK
  • SI
  • ZA
  • ES
  • LK
  • SE
  • SD
  • CH
  • SY
  • TW
  • TZ
  • TH
  • TT
  • TN
  • TR
  • AE
  • UA
  • GB
  • US
  • PS
  • UY
  • UZ
  • VE
  • VN
  • YE
  • ZB
  • ZW
  • JP
  • CA
Country in which this WTP, FortiAP or AP will operate (default = US).
ble-profile
-
Bluetooth Low Energy profile name. Source wireless-controller.ble-profile.name.
comment
-
Comment.
control-message-offload
-
    Choices:
  • ebp-frame
  • aeroscout-tag
  • ap-list
  • sta-list
  • sta-cap-list
  • stats
  • aeroscout-mu
Enable/disable CAPWAP control message data channel offload.
deny-mac-list
-
List of MAC addresses that are denied access to this WTP, FortiAP, or AP.
id
- / required
ID.
mac
-
A WiFi device with this MAC address is denied access to this WTP, FortiAP or AP.
dtls-in-kernel
-
    Choices:
  • enable
  • disable
Enable/disable data channel DTLS in kernel.
dtls-policy
-
    Choices:
  • clear-text
  • dtls-enabled
  • ipsec-vpn
WTP data channel DTLS policy (default = clear-text).
energy-efficient-ethernet
-
    Choices:
  • enable
  • disable
Enable/disable use of energy efficient Ethernet on WTP.
ext-info-enable
-
    Choices:
  • enable
  • disable
Enable/disable station/VAP/radio extension information.
handoff-roaming
-
    Choices:
  • enable
  • disable
Enable/disable client load balancing during roaming to avoid roaming delay (default = disable).
handoff-rssi
-
Minimum received signal strength indicator (RSSI) value for handoff (20 - 30, default = 25).
handoff-sta-thresh
-
Threshold value for AP handoff (5 - 35, default = 30).
ip-fragment-preventing
-
    Choices:
  • tcp-mss-adjust
  • icmp-unreachable
Select how to prevent IP fragmentation for CAPWAP tunneled control and data packets (default = tcp-mss-adjust).
lan
-
WTP LAN port mapping.
port-mode
-
    Choices:
  • offline
  • nat-to-wan
  • bridge-to-wan
  • bridge-to-ssid
LAN port mode.
port-ssid
-
Bridge LAN port to SSID. Source wireless-controller.vap.name.
port1-mode
-
    Choices:
  • offline
  • nat-to-wan
  • bridge-to-wan
  • bridge-to-ssid
LAN port 1 mode.
port1-ssid
-
Bridge LAN port 1 to SSID. Source wireless-controller.vap.name.
port2-mode
-
    Choices:
  • offline
  • nat-to-wan
  • bridge-to-wan
  • bridge-to-ssid
LAN port 2 mode.
port2-ssid
-
Bridge LAN port 2 to SSID. Source wireless-controller.vap.name.
port3-mode
-
    Choices:
  • offline
  • nat-to-wan
  • bridge-to-wan
  • bridge-to-ssid
LAN port 3 mode.
port3-ssid
-
Bridge LAN port 3 to SSID. Source wireless-controller.vap.name.
port4-mode
-
    Choices:
  • offline
  • nat-to-wan
  • bridge-to-wan
  • bridge-to-ssid
LAN port 4 mode.
port4-ssid
-
Bridge LAN port 4 to SSID. Source wireless-controller.vap.name.
port5-mode
-
    Choices:
  • offline
  • nat-to-wan
  • bridge-to-wan
  • bridge-to-ssid
LAN port 5 mode.
port5-ssid
-
Bridge LAN port 5 to SSID. Source wireless-controller.vap.name.
port6-mode
-
    Choices:
  • offline
  • nat-to-wan
  • bridge-to-wan
  • bridge-to-ssid
LAN port 6 mode.
port6-ssid
-
Bridge LAN port 6 to SSID. Source wireless-controller.vap.name.
port7-mode
-
    Choices:
  • offline
  • nat-to-wan
  • bridge-to-wan
  • bridge-to-ssid
LAN port 7 mode.
port7-ssid
-
Bridge LAN port 7 to SSID. Source wireless-controller.vap.name.
port8-mode
-
    Choices:
  • offline
  • nat-to-wan
  • bridge-to-wan
  • bridge-to-ssid
LAN port 8 mode.
port8-ssid
-
Bridge LAN port 8 to SSID. Source wireless-controller.vap.name.
lbs
-
Set various location based service (LBS) options.
aeroscout
-
    Choices:
  • enable
  • disable
Enable/disable AeroScout Real Time Location Service (RTLS) support.
aeroscout-ap-mac
-
    Choices:
  • bssid
  • board-mac
Use BSSID or board MAC address as AP MAC address in the Aeroscout AP message.
aeroscout-mmu-report
-
    Choices:
  • enable
  • disable
Enable/disable MU compounded report.
aeroscout-mu
-
    Choices:
  • enable
  • disable
Enable/disable AeroScout support.
aeroscout-mu-factor
-
AeroScout Mobile Unit (MU) mode dilution factor (default = 20).
aeroscout-mu-timeout
-
AeroScout MU mode timeout (0 - 65535 sec, default = 5).
aeroscout-server-ip
-
IP address of AeroScout server.
aeroscout-server-port
-
AeroScout server UDP listening port.
ekahau-blink-mode
-
    Choices:
  • enable
  • disable
Enable/disable Ekahua blink mode (also called AiRISTA Flow Blink Mode) to find the location of devices connected to a wireless LAN (default = disable).
ekahau-tag
-
WiFi frame MAC address or WiFi Tag.
erc-server-ip
-
IP address of Ekahua RTLS Controller (ERC).
erc-server-port
-
Ekahua RTLS Controller (ERC) UDP listening port.
fortipresence
-
    Choices:
  • foreign
  • both
  • disable
Enable/disable FortiPresence to monitor the location and activity of WiFi clients even if they don't connect to this WiFi network (default = disable).
fortipresence-frequency
-
FortiPresence report transmit frequency (5 - 65535 sec, default = 30).
fortipresence-port
-
FortiPresence server UDP listening port (default = 3000).
fortipresence-project
-
FortiPresence project name (max. 16 characters, default = fortipresence).
fortipresence-rogue
-
    Choices:
  • enable
  • disable
Enable/disable FortiPresence finding and reporting rogue APs.
fortipresence-secret
-
FortiPresence secret password (max. 16 characters).
fortipresence-server
-
FortiPresence server IP address.
fortipresence-unassoc
-
    Choices:
  • enable
  • disable
Enable/disable FortiPresence finding and reporting unassociated stations.
station-locate
-
    Choices:
  • enable
  • disable
Enable/disable client station locating services for all clients, whether associated or not (default = disable).
led-schedules
-
Recurring firewall schedules for illuminating LEDs on the FortiAP. If led-state is enabled, LEDs will be visible when at least one of the schedules is valid. Separate multiple schedule names with a space.
name
- / required
LED schedule name. Source firewall.schedule.group.name firewall.schedule.recurring.name.
led-state
-
    Choices:
  • enable
  • disable
Enable/disable use of LEDs on WTP (default = disable).
lldp
-
    Choices:
  • enable
  • disable
Enable/disable Link Layer Discovery Protocol (LLDP) for the WTP, FortiAP, or AP (default = disable).
login-passwd
-
Set the managed WTP, FortiAP, or AP's administrator password.
login-passwd-change
-
    Choices:
  • yes
  • default
  • no
Change or reset the administrator password of a managed WTP, FortiAP or AP (yes, default, or no, default = no).
max-clients
-
Maximum number of stations (STAs) supported by the WTP (default = 0, meaning no client limitation).
name
- / required
WTP (or FortiAP or AP) profile name.
platform
-
WTP, FortiAP, or AP platform.
type
-
    Choices:
  • AP-11N
  • 220B
  • 210B
  • 222B
  • 112B
  • 320B
  • 11C
  • 14C
  • 223B
  • 28C
  • 320C
  • 221C
  • 25D
  • 222C
  • 224D
  • 214B
  • 21D
  • 24D
  • 112D
  • 223C
  • 321C
  • C220C
  • C225C
  • C23JD
  • C24JE
  • S321C
  • S322C
  • S323C
  • S311C
  • S313C
  • S321CR
  • S322CR
  • S323CR
  • S421E
  • S422E
  • S423E
  • 421E
  • 423E
  • 221E
  • 222E
  • 223E
  • 224E
  • S221E
  • S223E
  • U421E
  • U422EV
  • U423E
  • U221EV
  • U223EV
  • U24JEV
  • U321EV
  • U323EV
WTP, FortiAP or AP platform type. There are built-in WTP profiles for all supported FortiAP models. You can select a built-in profile and customize it or create a new profile.
poe-mode
-
    Choices:
  • auto
  • 8023af
  • 8023at
  • power-adapter
Set the WTP, FortiAP, or AP's PoE mode.
radio-1
-
Configuration options for radio 1.
amsdu
-
    Choices:
  • enable
  • disable
Enable/disable 802.11n AMSDU support. AMSDU can improve performance if supported by your WiFi clients (default = enable).
ap-handoff
-
    Choices:
  • enable
  • disable
Enable/disable AP handoff of clients to other APs (default = disable).
ap-sniffer-addr
-
MAC address to monitor.
ap-sniffer-bufsize
-
Sniffer buffer size (1 - 32 MB, default = 16).
ap-sniffer-chan
-
Channel on which to operate the sniffer (default = 6).
ap-sniffer-ctl
-
    Choices:
  • enable
  • disable
Enable/disable sniffer on WiFi control frame (default = enable).
ap-sniffer-data
-
    Choices:
  • enable
  • disable
Enable/disable sniffer on WiFi data frame (default = enable).
ap-sniffer-mgmt-beacon
-
    Choices:
  • enable
  • disable
Enable/disable sniffer on WiFi management Beacon frames (default = enable).
ap-sniffer-mgmt-other
-
    Choices:
  • enable
  • disable
Enable/disable sniffer on WiFi management other frames (default = enable).
ap-sniffer-mgmt-probe
-
    Choices:
  • enable
  • disable
Enable/disable sniffer on WiFi management probe frames (default = enable).
auto-power-high
-
Automatic transmit power high limit in dBm (the actual range of transmit power depends on the AP platform type).
auto-power-level
-
    Choices:
  • enable
  • disable
Enable/disable automatic power-level adjustment to prevent co-channel interference (default = disable).
auto-power-low
-
Automatic transmission power low limit in dBm (the actual range of transmit power depends on the AP platform type).
band
-
    Choices:
  • 802.11a
  • 802.11b
  • 802.11g
  • 802.11n
  • 802.11n-5G
  • 802.11ac
  • 802.11n,g-only
  • 802.11g-only
  • 802.11n-only
  • 802.11n-5G-only
  • 802.11ac,n-only
  • 802.11ac-only
WiFi band that Radio 1 operates on.
bandwidth-admission-control
-
    Choices:
  • enable
  • disable
Enable/disable WiFi multimedia (WMM) bandwidth admission control to optimize WiFi bandwidth use. A request to join the wireless network is only allowed if the access point has enough bandwidth to support it.
bandwidth-capacity
-
Maximum bandwidth capacity allowed (1 - 600000 Kbps, default = 2000).
beacon-interval
-
Beacon interval. The time between beacon frames in msec (the actual range of beacon interval depends on the AP platform type, default = 100).
call-admission-control
-
    Choices:
  • enable
  • disable
Enable/disable WiFi multimedia (WMM) call admission control to optimize WiFi bandwidth use for VoIP calls. New VoIP calls are only accepted if there is enough bandwidth available to support them.
call-capacity
-
Maximum number of Voice over WLAN (VoWLAN) phones supported by the radio (0 - 60, default = 10).
channel
-
Selected list of wireless radio channels.
chan
- / required
Channel number.
channel-bonding
-
    Choices:
  • 80MHz
  • 40MHz
  • 20MHz
Channel bandwidth: 80, 40, or 20MHz. Channels may use both 20 and 40 by enabling coexistence.
channel-utilization
-
    Choices:
  • enable
  • disable
Enable/disable measuring channel utilization.
coexistence
-
    Choices:
  • enable
  • disable
Enable/disable allowing both HT20 and HT40 on the same radio (default = enable).
darrp
-
    Choices:
  • enable
  • disable
Enable/disable Distributed Automatic Radio Resource Provisioning (DARRP) to make sure the radio is always using the most optimal channel (default = disable).
dtim
-
DTIM interval. The frequency to transmit Delivery Traffic Indication Message (or Map) (DTIM) messages (1 - 255, default = 1). Set higher to save client battery life.
frag-threshold
-
Maximum packet size that can be sent without fragmentation (800 - 2346 bytes, default = 2346).
frequency-handoff
-
    Choices:
  • enable
  • disable
Enable/disable frequency handoff of clients to other channels (default = disable).
max-clients
-
Maximum number of stations (STAs) or WiFi clients supported by the radio. Range depends on the hardware.
max-distance
-
Maximum expected distance between the AP and clients (0 - 54000 m, default = 0).
mode
-
    Choices:
  • disabled
  • ap
  • monitor
  • sniffer
Mode of radio 1. Radio 1 can be disabled, configured as an access point, a rogue AP monitor, or a sniffer.
power-level
-
Radio power level as a percentage of the maximum transmit power (0 - 100, default = 100).
powersave-optimize
-
    Choices:
  • tim
  • ac-vo
  • no-obss-scan
  • no-11b-rate
  • client-rate-follow
Enable client power-saving features such as TIM, AC VO, and OBSS etc.
protection-mode
-
    Choices:
  • rtscts
  • ctsonly
  • disable
Enable/disable 802.11g protection modes to support backwards compatibility with older clients (rtscts, ctsonly, disable).
radio-id
-
radio-id
rts-threshold
-
Maximum packet size for RTS transmissions, specifying the maximum size of a data packet before RTS/CTS (256 - 2346 bytes, default = 2346).
short-guard-interval
-
    Choices:
  • enable
  • disable
Use either the short guard interval (Short GI) of 400 ns or the long guard interval (Long GI) of 800 ns.
spectrum-analysis
-
    Choices:
  • enable
  • disable
Enable/disable spectrum analysis to find interference that would negatively impact wireless performance.
transmit-optimize
-
    Choices:
  • disable
  • power-save
  • aggr-limit
  • retry-limit
  • send-bar
Packet transmission optimization options including power saving, aggregation limiting, retry limiting, etc. All are enabled by default.
vap-all
-
    Choices:
  • enable
  • disable
Enable/disable the automatic inheritance of all Virtual Access Points (VAPs) (default = enable).
vaps
-
Manually selected list of Virtual Access Points (VAPs).
name
- / required
Virtual Access Point (VAP) name. Source wireless-controller.vap-group.name wireless-controller.vap.name.
wids-profile
-
Wireless Intrusion Detection System (WIDS) profile name to assign to the radio. Source wireless-controller.wids-profile.name.
radio-2
-
Configuration options for radio 2.
amsdu
-
    Choices:
  • enable
  • disable
Enable/disable 802.11n AMSDU support. AMSDU can improve performance if supported by your WiFi clients (default = enable).
ap-handoff
-
    Choices:
  • enable
  • disable
Enable/disable AP handoff of clients to other APs (default = disable).
ap-sniffer-addr
-
MAC address to monitor.
ap-sniffer-bufsize
-
Sniffer buffer size (1 - 32 MB, default = 16).
ap-sniffer-chan
-
Channel on which to operate the sniffer (default = 6).
ap-sniffer-ctl
-
    Choices:
  • enable
  • disable
Enable/disable sniffer on WiFi control frame (default = enable).
ap-sniffer-data
-
    Choices:
  • enable
  • disable
Enable/disable sniffer on WiFi data frame (default = enable).
ap-sniffer-mgmt-beacon
-
    Choices:
  • enable
  • disable
Enable/disable sniffer on WiFi management Beacon frames (default = enable).
ap-sniffer-mgmt-other
-
    Choices:
  • enable
  • disable
Enable/disable sniffer on WiFi management other frames (default = enable).
ap-sniffer-mgmt-probe
-
    Choices:
  • enable
  • disable
Enable/disable sniffer on WiFi management probe frames (default = enable).
auto-power-high
-
Automatic transmit power high limit in dBm (the actual range of transmit power depends on the AP platform type).
auto-power-level
-
    Choices:
  • enable
  • disable
Enable/disable automatic power-level adjustment to prevent co-channel interference (default = disable).
auto-power-low
-
Automatic transmission power low limit in dBm (the actual range of transmit power depends on the AP platform type).
band
-
    Choices:
  • 802.11a
  • 802.11b
  • 802.11g
  • 802.11n
  • 802.11n-5G
  • 802.11ac
  • 802.11n,g-only
  • 802.11g-only
  • 802.11n-only
  • 802.11n-5G-only
  • 802.11ac,n-only
  • 802.11ac-only
WiFi band that Radio 2 operates on.
bandwidth-admission-control
-
    Choices:
  • enable
  • disable
Enable/disable WiFi multimedia (WMM) bandwidth admission control to optimize WiFi bandwidth use. A request to join the wireless network is only allowed if the access point has enough bandwidth to support it.
bandwidth-capacity
-
Maximum bandwidth capacity allowed (1 - 600000 Kbps, default = 2000).
beacon-interval
-
Beacon interval. The time between beacon frames in msec (the actual range of beacon interval depends on the AP platform type, default = 100).
call-admission-control
-
    Choices:
  • enable
  • disable
Enable/disable WiFi multimedia (WMM) call admission control to optimize WiFi bandwidth use for VoIP calls. New VoIP calls are only accepted if there is enough bandwidth available to support them.
call-capacity
-
Maximum number of Voice over WLAN (VoWLAN) phones supported by the radio (0 - 60, default = 10).
channel
-
Selected list of wireless radio channels.
chan
- / required
Channel number.
channel-bonding
-
    Choices:
  • 80MHz
  • 40MHz
  • 20MHz
Channel bandwidth: 80, 40, or 20MHz. Channels may use both 20 and 40 by enabling coexistence.
channel-utilization
-
    Choices:
  • enable
  • disable
Enable/disable measuring channel utilization.
coexistence
-
    Choices:
  • enable
  • disable
Enable/disable allowing both HT20 and HT40 on the same radio (default = enable).
darrp
-
    Choices:
  • enable
  • disable
Enable/disable Distributed Automatic Radio Resource Provisioning (DARRP) to make sure the radio is always using the most optimal channel (default = disable).
dtim
-
DTIM interval. The frequency to transmit Delivery Traffic Indication Message (or Map) (DTIM) messages (1 - 255, default = 1). Set higher to save client battery life.
frag-threshold
-
Maximum packet size that can be sent without fragmentation (800 - 2346 bytes, default = 2346).
frequency-handoff
-
    Choices:
  • enable
  • disable
Enable/disable frequency handoff of clients to other channels (default = disable).
max-clients
-
Maximum number of stations (STAs) or WiFi clients supported by the radio. Range depends on the hardware.
max-distance
-
Maximum expected distance between the AP and clients (0 - 54000 m, default = 0).
mode
-
    Choices:
  • disabled
  • ap
  • monitor
  • sniffer
Mode of radio 2. Radio 2 can be disabled, configured as an access point, a rogue AP monitor, or a sniffer.
power-level
-
Radio power level as a percentage of the maximum transmit power (0 - 100, default = 100).
powersave-optimize
-
    Choices:
  • tim
  • ac-vo
  • no-obss-scan
  • no-11b-rate
  • client-rate-follow
Enable client power-saving features such as TIM, AC VO, and OBSS etc.
protection-mode
-
    Choices:
  • rtscts
  • ctsonly
  • disable
Enable/disable 802.11g protection modes to support backwards compatibility with older clients (rtscts, ctsonly, disable).
radio-id
-
radio-id
rts-threshold
-
Maximum packet size for RTS transmissions, specifying the maximum size of a data packet before RTS/CTS (256 - 2346 bytes, default = 2346).
short-guard-interval
-
    Choices:
  • enable
  • disable
Use either the short guard interval (Short GI) of 400 ns or the long guard interval (Long GI) of 800 ns.
spectrum-analysis
-
    Choices:
  • enable
  • disable
Enable/disable spectrum analysis to find interference that would negatively impact wireless performance.
transmit-optimize
-
    Choices:
  • disable
  • power-save
  • aggr-limit
  • retry-limit
  • send-bar
Packet transmission optimization options including power saving, aggregation limiting, retry limiting, etc. All are enabled by default.
vap-all
-
    Choices:
  • enable
  • disable
Enable/disable the automatic inheritance of all Virtual Access Points (VAPs) (default = enable).
vaps
-
Manually selected list of Virtual Access Points (VAPs).
name
- / required
Virtual Access Point (VAP) name. Source wireless-controller.vap-group.name wireless-controller.vap.name.
wids-profile
-
Wireless Intrusion Detection System (WIDS) profile name to assign to the radio. Source wireless-controller.wids-profile.name.
split-tunneling-acl
-
Split tunneling ACL filter list.
dest-ip
-
Destination IP and mask for the split-tunneling subnet.
id
- / required
ID.
split-tunneling-acl-local-ap-subnet
-
    Choices:
  • enable
  • disable
Enable/disable automatically adding local subnetwork of FortiAP to split-tunneling ACL (default = disable).
split-tunneling-acl-path
-
    Choices:
  • tunnel
  • local
Split tunneling ACL path is local/tunnel.
state
-
    Choices:
  • present
  • absent
Indicates whether to create or remove the object
tun-mtu-downlink
-
Downlink CAPWAP tunnel MTU (0, 576, or 1500 bytes, default = 0).
tun-mtu-uplink
-
Uplink CAPWAP tunnel MTU (0, 576, or 1500 bytes, default = 0).
wan-port-mode
-
    Choices:
  • wan-lan
  • wan-only
Enable/disable using a WAN port as a LAN port.

Notes

Note

  • Requires fortiosapi library developed by Fortinet
  • Run as a local_action in your playbook

Examples

- hosts: localhost
  vars:
   host: "192.168.122.40"
   username: "admin"
   password: ""
   vdom: "root"
  tasks:
  - name: Configure WTP profiles or FortiAP profiles that define radio settings for manageable FortiAP platforms.
    fortios_wireless_controller_wtp_profile:
      host:  "{{ host }}"
      username: "{{ username }}"
      password: "{{ password }}"
      vdom:  "{{ vdom }}"
      https: "False"
      wireless_controller_wtp_profile:
        state: "present"
        allowaccess: "telnet"
        ap-country: "NA"
        ble-profile: "<your_own_value> (source wireless-controller.ble-profile.name)"
        comment: "Comment."
        control-message-offload: "ebp-frame"
        deny-mac-list:
         -
            id:  "9"
            mac: "<your_own_value>"
        dtls-in-kernel: "enable"
        dtls-policy: "clear-text"
        energy-efficient-ethernet: "enable"
        ext-info-enable: "enable"
        handoff-roaming: "enable"
        handoff-rssi: "16"
        handoff-sta-thresh: "17"
        ip-fragment-preventing: "tcp-mss-adjust"
        lan:
            port-mode: "offline"
            port-ssid: "<your_own_value> (source wireless-controller.vap.name)"
            port1-mode: "offline"
            port1-ssid: "<your_own_value> (source wireless-controller.vap.name)"
            port2-mode: "offline"
            port2-ssid: "<your_own_value> (source wireless-controller.vap.name)"
            port3-mode: "offline"
            port3-ssid: "<your_own_value> (source wireless-controller.vap.name)"
            port4-mode: "offline"
            port4-ssid: "<your_own_value> (source wireless-controller.vap.name)"
            port5-mode: "offline"
            port5-ssid: "<your_own_value> (source wireless-controller.vap.name)"
            port6-mode: "offline"
            port6-ssid: "<your_own_value> (source wireless-controller.vap.name)"
            port7-mode: "offline"
            port7-ssid: "<your_own_value> (source wireless-controller.vap.name)"
            port8-mode: "offline"
            port8-ssid: "<your_own_value> (source wireless-controller.vap.name)"
        lbs:
            aeroscout: "enable"
            aeroscout-ap-mac: "bssid"
            aeroscout-mmu-report: "enable"
            aeroscout-mu: "enable"
            aeroscout-mu-factor: "43"
            aeroscout-mu-timeout: "44"
            aeroscout-server-ip: "<your_own_value>"
            aeroscout-server-port: "46"
            ekahau-blink-mode: "enable"
            ekahau-tag: "<your_own_value>"
            erc-server-ip: "<your_own_value>"
            erc-server-port: "50"
            fortipresence: "foreign"
            fortipresence-frequency: "52"
            fortipresence-port: "53"
            fortipresence-project: "<your_own_value>"
            fortipresence-rogue: "enable"
            fortipresence-secret: "<your_own_value>"
            fortipresence-server: "<your_own_value>"
            fortipresence-unassoc: "enable"
            station-locate: "enable"
        led-schedules:
         -
            name: "default_name_61 (source firewall.schedule.group.name firewall.schedule.recurring.name)"
        led-state: "enable"
        lldp: "enable"
        login-passwd: "<your_own_value>"
        login-passwd-change: "yes"
        max-clients: "66"
        name: "default_name_67"
        platform:
            type: "AP-11N"
        poe-mode: "auto"
        radio-1:
            amsdu: "enable"
            ap-handoff: "enable"
            ap-sniffer-addr: "<your_own_value>"
            ap-sniffer-bufsize: "75"
            ap-sniffer-chan: "76"
            ap-sniffer-ctl: "enable"
            ap-sniffer-data: "enable"
            ap-sniffer-mgmt-beacon: "enable"
            ap-sniffer-mgmt-other: "enable"
            ap-sniffer-mgmt-probe: "enable"
            auto-power-high: "82"
            auto-power-level: "enable"
            auto-power-low: "84"
            band: "802.11a"
            bandwidth-admission-control: "enable"
            bandwidth-capacity: "87"
            beacon-interval: "88"
            call-admission-control: "enable"
            call-capacity: "90"
            channel:
             -
                chan: "<your_own_value>"
            channel-bonding: "80MHz"
            channel-utilization: "enable"
            coexistence: "enable"
            darrp: "enable"
            dtim: "97"
            frag-threshold: "98"
            frequency-handoff: "enable"
            max-clients: "100"
            max-distance: "101"
            mode: "disabled"
            power-level: "103"
            powersave-optimize: "tim"
            protection-mode: "rtscts"
            radio-id: "106"
            rts-threshold: "107"
            short-guard-interval: "enable"
            spectrum-analysis: "enable"
            transmit-optimize: "disable"
            vap-all: "enable"
            vaps:
             -
                name: "default_name_113 (source wireless-controller.vap-group.name wireless-controller.vap.name)"
            wids-profile: "<your_own_value> (source wireless-controller.wids-profile.name)"
        radio-2:
            amsdu: "enable"
            ap-handoff: "enable"
            ap-sniffer-addr: "<your_own_value>"
            ap-sniffer-bufsize: "119"
            ap-sniffer-chan: "120"
            ap-sniffer-ctl: "enable"
            ap-sniffer-data: "enable"
            ap-sniffer-mgmt-beacon: "enable"
            ap-sniffer-mgmt-other: "enable"
            ap-sniffer-mgmt-probe: "enable"
            auto-power-high: "126"
            auto-power-level: "enable"
            auto-power-low: "128"
            band: "802.11a"
            bandwidth-admission-control: "enable"
            bandwidth-capacity: "131"
            beacon-interval: "132"
            call-admission-control: "enable"
            call-capacity: "134"
            channel:
             -
                chan: "<your_own_value>"
            channel-bonding: "80MHz"
            channel-utilization: "enable"
            coexistence: "enable"
            darrp: "enable"
            dtim: "141"
            frag-threshold: "142"
            frequency-handoff: "enable"
            max-clients: "144"
            max-distance: "145"
            mode: "disabled"
            power-level: "147"
            powersave-optimize: "tim"
            protection-mode: "rtscts"
            radio-id: "150"
            rts-threshold: "151"
            short-guard-interval: "enable"
            spectrum-analysis: "enable"
            transmit-optimize: "disable"
            vap-all: "enable"
            vaps:
             -
                name: "default_name_157 (source wireless-controller.vap-group.name wireless-controller.vap.name)"
            wids-profile: "<your_own_value> (source wireless-controller.wids-profile.name)"
        split-tunneling-acl:
         -
            dest-ip: "<your_own_value>"
            id:  "161"
        split-tunneling-acl-local-ap-subnet: "enable"
        split-tunneling-acl-path: "tunnel"
        tun-mtu-downlink: "164"
        tun-mtu-uplink: "165"
        wan-port-mode: "wan-lan"

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
build
string
always
Build number of the fortigate image

Sample:
1547
http_method
string
always
Last method used to provision the content into FortiGate

Sample:
PUT
http_status
string
always
Last result given by FortiGate on last operation applied

Sample:
200
mkey
string
success
Master key (id) used in the last call to FortiGate

Sample:
id
name
string
always
Name of the table used to fulfill the request

Sample:
urlfilter
path
string
always
Path of the table used to fulfill the request

Sample:
webfilter
revision
string
always
Internal revision number

Sample:
17.0.2.10658
serial
string
always
Serial number of the unit

Sample:
FGVMEVYYQT3AB5352
status
string
always
Indication of the operation's result

Sample:
success
vdom
string
always
Virtual domain used

Sample:
root
version
string
always
Version of the FortiGate

Sample:
v5.6.3


Status

Authors

  • Miguel Angel Munoz (@mamunozgonzalez)
  • Nicolas Thomas (@thomnico)

Hint

If you notice any issues in this documentation you can edit this document to improve it.