Parameter |
Choices/Defaults |
Comments |
host
string
|
|
FortiOS or FortiGate IP address.
|
https
boolean
|
|
Indicates if the requests towards FortiGate must use HTTPS protocol.
|
password
string
|
Default:
""
|
FortiOS or FortiGate password.
|
ssl_verify
boolean
added in 2.9 |
|
Ensures FortiGate certificate must be verified by a proper CA.
|
state
string
added in 2.9 |
|
Indicates whether to create or remove the object. This attribute was present already in previous version in a deeper level. It has been moved out to this outer level.
|
username
string
|
|
FortiOS or FortiGate username.
|
vdom
string
|
Default:
"root"
|
Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit.
|
wireless_controller_wtp_profile
dictionary
|
|
Configure WTP profiles or FortiAP profiles that define radio settings for manageable FortiAP platforms.
|
|
allowaccess
string
|
Choices:
- telnet
- http
- https
- ssh
|
Control management access to the managed WTP, FortiAP, or AP. Separate entries with a space.
|
|
ap_country
string
|
Choices:
- NA
- AL
- DZ
- AO
- AR
- AM
- AU
- AT
- AZ
- BH
- BD
- BB
- BY
- BE
- BZ
- BO
- BA
- BR
- BN
- BG
- KH
- CL
- CN
- CO
- CR
- HR
- CY
- CZ
- DK
- DO
- EC
- EG
- SV
- EE
- FI
- FR
- GE
- DE
- GR
- GL
- GD
- GU
- GT
- HT
- HN
- HK
- HU
- IS
- IN
- ID
- IR
- IE
- IL
- IT
- JM
- JO
- KZ
- KE
- KP
- KR
- KW
- LV
- LB
- LI
- LT
- LU
- MO
- MK
- MY
- MT
- MX
- MC
- MA
- MZ
- MM
- NP
- NL
- AN
- AW
- NZ
- no
- OM
- PK
- PA
- PG
- PY
- PE
- PH
- PL
- PT
- PR
- QA
- RO
- RU
- RW
- SA
- RS
- ME
- SG
- SK
- SI
- ZA
- ES
- LK
- SE
- SD
- CH
- SY
- TW
- TZ
- TH
- TT
- TN
- TR
- AE
- UA
- GB
- US
- PS
- UY
- UZ
- VE
- VN
- YE
- ZB
- ZW
- JP
- CA
|
Country in which this WTP, FortiAP or AP will operate .
|
|
ble_profile
string
|
|
Bluetooth Low Energy profile name. Source wireless-controller.ble-profile.name.
|
|
comment
string
|
|
Comment.
|
|
control_message_offload
string
|
Choices:
- ebp-frame
- aeroscout-tag
- ap-list
- sta-list
- sta-cap-list
- stats
- aeroscout-mu
|
Enable/disable CAPWAP control message data channel offload.
|
|
deny_mac_list
list
|
|
List of MAC addresses that are denied access to this WTP, FortiAP, or AP.
|
|
|
id
integer
/ required
|
|
ID.
|
|
|
mac
string
|
|
A WiFi device with this MAC address is denied access to this WTP, FortiAP or AP.
|
|
dtls_in_kernel
string
|
|
Enable/disable data channel DTLS in kernel.
|
|
dtls_policy
string
|
Choices:
- clear-text
- dtls-enabled
- ipsec-vpn
|
WTP data channel DTLS policy .
|
|
energy_efficient_ethernet
string
|
|
Enable/disable use of energy efficient Ethernet on WTP.
|
|
ext_info_enable
string
|
|
Enable/disable station/VAP/radio extension information.
|
|
handoff_roaming
string
|
|
Enable/disable client load balancing during roaming to avoid roaming delay .
|
|
handoff_rssi
integer
|
|
Minimum received signal strength indicator (RSSI) value for handoff (20 - 30).
|
|
handoff_sta_thresh
integer
|
|
Threshold value for AP handoff.
|
|
ip_fragment_preventing
string
|
Choices:
- tcp-mss-adjust
- icmp-unreachable
|
Select how to prevent IP fragmentation for CAPWAP tunneled control and data packets .
|
|
lan
dictionary
|
|
WTP LAN port mapping.
|
|
|
port1_mode
string
|
Choices:
- offline
- nat-to-wan
- bridge-to-wan
- bridge-to-ssid
|
LAN port 1 mode.
|
|
|
port1_ssid
string
|
|
Bridge LAN port 1 to SSID. Source wireless-controller.vap.name.
|
|
|
port2_mode
string
|
Choices:
- offline
- nat-to-wan
- bridge-to-wan
- bridge-to-ssid
|
LAN port 2 mode.
|
|
|
port2_ssid
string
|
|
Bridge LAN port 2 to SSID. Source wireless-controller.vap.name.
|
|
|
port3_mode
string
|
Choices:
- offline
- nat-to-wan
- bridge-to-wan
- bridge-to-ssid
|
LAN port 3 mode.
|
|
|
port3_ssid
string
|
|
Bridge LAN port 3 to SSID. Source wireless-controller.vap.name.
|
|
|
port4_mode
string
|
Choices:
- offline
- nat-to-wan
- bridge-to-wan
- bridge-to-ssid
|
LAN port 4 mode.
|
|
|
port4_ssid
string
|
|
Bridge LAN port 4 to SSID. Source wireless-controller.vap.name.
|
|
|
port5_mode
string
|
Choices:
- offline
- nat-to-wan
- bridge-to-wan
- bridge-to-ssid
|
LAN port 5 mode.
|
|
|
port5_ssid
string
|
|
Bridge LAN port 5 to SSID. Source wireless-controller.vap.name.
|
|
|
port6_mode
string
|
Choices:
- offline
- nat-to-wan
- bridge-to-wan
- bridge-to-ssid
|
LAN port 6 mode.
|
|
|
port6_ssid
string
|
|
Bridge LAN port 6 to SSID. Source wireless-controller.vap.name.
|
|
|
port7_mode
string
|
Choices:
- offline
- nat-to-wan
- bridge-to-wan
- bridge-to-ssid
|
LAN port 7 mode.
|
|
|
port7_ssid
string
|
|
Bridge LAN port 7 to SSID. Source wireless-controller.vap.name.
|
|
|
port8_mode
string
|
Choices:
- offline
- nat-to-wan
- bridge-to-wan
- bridge-to-ssid
|
LAN port 8 mode.
|
|
|
port8_ssid
string
|
|
Bridge LAN port 8 to SSID. Source wireless-controller.vap.name.
|
|
|
port_mode
string
|
Choices:
- offline
- nat-to-wan
- bridge-to-wan
- bridge-to-ssid
|
LAN port mode.
|
|
|
port_ssid
string
|
|
Bridge LAN port to SSID. Source wireless-controller.vap.name.
|
|
lbs
dictionary
|
|
Set various location based service (LBS) options.
|
|
|
aeroscout
string
|
|
Enable/disable AeroScout Real Time Location Service (RTLS) support .
|
|
|
aeroscout_ap_mac
string
|
|
Use BSSID or board MAC address as AP MAC address in AeroScout AP messages .
|
|
|
aeroscout_mmu_report
string
|
|
Enable/disable compounded AeroScout tag and MU report .
|
|
|
aeroscout_mu
string
|
|
Enable/disable AeroScout Mobile Unit (MU) support .
|
|
|
aeroscout_mu_factor
integer
|
|
AeroScout MU mode dilution factor .
|
|
|
aeroscout_mu_timeout
integer
|
|
AeroScout MU mode timeout (0 - 65535 sec).
|
|
|
aeroscout_server_ip
string
|
|
IP address of AeroScout server.
|
|
|
aeroscout_server_port
integer
|
|
AeroScout server UDP listening port.
|
|
|
ekahau_blink_mode
string
|
|
Enable/disable Ekahau blink mode (now known as AiRISTA Flow) to track and locate WiFi tags .
|
|
|
ekahau_tag
string
|
|
WiFi frame MAC address or WiFi Tag.
|
|
|
erc_server_ip
string
|
|
IP address of Ekahau RTLS Controller (ERC).
|
|
|
erc_server_port
integer
|
|
Ekahau RTLS Controller (ERC) UDP listening port.
|
|
|
fortipresence
string
|
Choices:
- foreign
- both
- disable
|
Enable/disable FortiPresence to monitor the location and activity of WiFi clients even if they don't connect to this WiFi network .
|
|
|
fortipresence_frequency
integer
|
|
FortiPresence report transmit frequency (5 - 65535 sec).
|
|
|
fortipresence_port
integer
|
|
FortiPresence server UDP listening port .
|
|
|
fortipresence_project
string
|
|
FortiPresence project name (max. 16 characters).
|
|
|
fortipresence_rogue
string
|
|
Enable/disable FortiPresence finding and reporting rogue APs.
|
|
|
fortipresence_secret
string
|
|
FortiPresence secret password (max. 16 characters).
|
|
|
fortipresence_server
string
|
|
FortiPresence server IP address.
|
|
|
fortipresence_unassoc
string
|
|
Enable/disable FortiPresence finding and reporting unassociated stations.
|
|
|
station_locate
string
|
|
Enable/disable client station locating services for all clients, whether associated or not .
|
|
led_schedules
list
|
|
Recurring firewall schedules for illuminating LEDs on the FortiAP. If led-state is enabled, LEDs will be visible when at least one of the schedules is valid. Separate multiple schedule names with a space.
|
|
|
name
string
/ required
|
|
LED schedule name. Source firewall.schedule.group.name firewall.schedule.recurring.name.
|
|
led_state
string
|
|
Enable/disable use of LEDs on WTP .
|
|
lldp
string
|
|
Enable/disable Link Layer Discovery Protocol (LLDP) for the WTP, FortiAP, or AP .
|
|
login_passwd
string
|
|
Set the managed WTP, FortiAP, or AP's administrator password.
|
|
login_passwd_change
string
|
|
Change or reset the administrator password of a managed WTP, FortiAP or AP (yes, default, or no).
|
|
max_clients
integer
|
|
Maximum number of stations (STAs) supported by the WTP .
|
|
name
string
/ required
|
|
WTP (or FortiAP or AP) profile name.
|
|
platform
dictionary
|
|
WTP, FortiAP, or AP platform.
|
|
|
type
string
|
Choices:
- AP-11N
- 220B
- 210B
- 222B
- 112B
- 320B
- 11C
- 14C
- 223B
- 28C
- 320C
- 221C
- 25D
- 222C
- 224D
- 214B
- 21D
- 24D
- 112D
- 223C
- 321C
- C220C
- C225C
- C23JD
- C24JE
- S321C
- S322C
- S323C
- S311C
- S313C
- S321CR
- S322CR
- S323CR
- S421E
- S422E
- S423E
- 421E
- 423E
- 221E
- 222E
- 223E
- 224E
- S221E
- S223E
- U421E
- U422EV
- U423E
- U221EV
- U223EV
- U24JEV
- U321EV
- U323EV
|
WTP, FortiAP or AP platform type. There are built-in WTP profiles for all supported FortiAP models. You can select a built-in profile and customize it or create a new profile.
|
|
poe_mode
string
|
Choices:
- auto
- 8023af
- 8023at
- power-adapter
|
Set the WTP, FortiAP, or AP's PoE mode.
|
|
radio_1
dictionary
|
|
Configuration options for radio 1.
|
|
|
amsdu
string
|
|
Enable/disable 802.11n AMSDU support. AMSDU can improve performance if supported by your WiFi clients .
|
|
|
ap_handoff
string
|
|
Enable/disable AP handoff of clients to other APs .
|
|
|
ap_sniffer_addr
string
|
|
MAC address to monitor.
|
|
|
ap_sniffer_bufsize
integer
|
|
Sniffer buffer size (1 - 32 MB).
|
|
|
ap_sniffer_chan
integer
|
|
Channel on which to operate the sniffer .
|
|
|
ap_sniffer_ctl
string
|
|
Enable/disable sniffer on WiFi control frame .
|
|
|
ap_sniffer_data
string
|
|
Enable/disable sniffer on WiFi data frame .
|
|
|
ap_sniffer_mgmt_beacon
string
|
|
Enable/disable sniffer on WiFi management Beacon frames .
|
|
|
ap_sniffer_mgmt_other
string
|
|
Enable/disable sniffer on WiFi management other frames .
|
|
|
ap_sniffer_mgmt_probe
string
|
|
Enable/disable sniffer on WiFi management probe frames .
|
|
|
auto_power_high
integer
|
|
Automatic transmit power high limit in dBm (the actual range of transmit power depends on the AP platform type).
|
|
|
auto_power_level
string
|
|
Enable/disable automatic power-level adjustment to prevent co-channel interference .
|
|
|
auto_power_low
integer
|
|
Automatic transmission power low limit in dBm (the actual range of transmit power depends on the AP platform type).
|
|
|
band
string
|
Choices:
- 802.11a
- 802.11b
- 802.11g
- 802.11n
- 802.11n-5G
- 802.11ac
- 802.11n,g-only
- 802.11g-only
- 802.11n-only
- 802.11n-5G-only
- 802.11ac,n-only
- 802.11ac-only
|
WiFi band that Radio 1 operates on.
|
|
|
bandwidth_admission_control
string
|
|
Enable/disable WiFi multimedia (WMM) bandwidth admission control to optimize WiFi bandwidth use. A request to join the wireless network is only allowed if the access point has enough bandwidth to support it.
|
|
|
bandwidth_capacity
integer
|
|
Maximum bandwidth capacity allowed (1 - 600000 Kbps).
|
|
|
beacon_interval
integer
|
|
Beacon interval. The time between beacon frames in msec (the actual range of beacon interval depends on the AP platform type).
|
|
|
call_admission_control
string
|
|
Enable/disable WiFi multimedia (WMM) call admission control to optimize WiFi bandwidth use for VoIP calls. New VoIP calls are only accepted if there is enough bandwidth available to support them.
|
|
|
call_capacity
integer
|
|
Maximum number of Voice over WLAN (VoWLAN) phones supported by the radio (0 - 60).
|
|
|
channel
list
|
|
Selected list of wireless radio channels.
|
|
|
|
chan
string
/ required
|
|
Channel number.
|
|
|
channel_bonding
string
|
Choices:
- 80MHz
- 40MHz
- 20MHz
|
Channel bandwidth: 80, 40, or 20MHz. Channels may use both 20 and 40 by enabling coexistence.
|
|
|
channel_utilization
string
|
|
Enable/disable measuring channel utilization.
|
|
|
coexistence
string
|
|
Enable/disable allowing both HT20 and HT40 on the same radio .
|
|
|
darrp
string
|
|
Enable/disable Distributed Automatic Radio Resource Provisioning (DARRP) to make sure the radio is always using the most optimal channel .
|
|
|
dtim
integer
|
|
DTIM interval. The frequency to transmit Delivery Traffic Indication Message (or Map) (DTIM) messages (1 - 255). Set higher to save client battery life.
|
|
|
frag_threshold
integer
|
|
Maximum packet size that can be sent without fragmentation (800 - 2346 bytes).
|
|
|
frequency_handoff
string
|
|
Enable/disable frequency handoff of clients to other channels .
|
|
|
max_clients
integer
|
|
Maximum number of stations (STAs) or WiFi clients supported by the radio. Range depends on the hardware.
|
|
|
max_distance
integer
|
|
Maximum expected distance between the AP and clients (0 - 54000 m).
|
|
|
mode
string
|
Choices:
- disabled
- ap
- monitor
- sniffer
|
Mode of radio 1. Radio 1 can be disabled, configured as an access point, a rogue AP monitor, or a sniffer.
|
|
|
power_level
integer
|
|
Radio power level as a percentage of the maximum transmit power (0 - 100).
|
|
|
powersave_optimize
string
|
Choices:
- tim
- ac-vo
- no-obss-scan
- no-11b-rate
- client-rate-follow
|
Enable client power-saving features such as TIM, AC VO, and OBSS etc.
|
|
|
protection_mode
string
|
Choices:
- rtscts
- ctsonly
- disable
|
Enable/disable 802.11g protection modes to support backwards compatibility with older clients (rtscts, ctsonly, disable).
|
|
|
radio_id
integer
|
|
radio-id
|
|
|
rts_threshold
integer
|
|
Maximum packet size for RTS transmissions, specifying the maximum size of a data packet before RTS/CTS (256 - 2346 bytes).
|
|
|
short_guard_interval
string
|
|
Use either the short guard interval (Short GI) of 400 ns or the long guard interval (Long GI) of 800 ns.
|
|
|
spectrum_analysis
string
|
|
Enable/disable spectrum analysis to find interference that would negatively impact wireless performance.
|
|
|
transmit_optimize
string
|
Choices:
- disable
- power-save
- aggr-limit
- retry-limit
- send-bar
|
Packet transmission optimization options including power saving, aggregation limiting, retry limiting, etc. All are enabled by default.
|
|
|
vap_all
string
|
|
Enable/disable the automatic inheritance of all Virtual Access Points (VAPs) .
|
|
|
vaps
list
|
|
Manually selected list of Virtual Access Points (VAPs).
|
|
|
|
name
string
/ required
|
|
Virtual Access Point (VAP) name. Source wireless-controller.vap-group.name wireless-controller.vap.name.
|
|
|
wids_profile
string
|
|
Wireless Intrusion Detection System (WIDS) profile name to assign to the radio. Source wireless-controller.wids-profile.name.
|
|
radio_2
dictionary
|
|
Configuration options for radio 2.
|
|
|
amsdu
string
|
|
Enable/disable 802.11n AMSDU support. AMSDU can improve performance if supported by your WiFi clients .
|
|
|
ap_handoff
string
|
|
Enable/disable AP handoff of clients to other APs .
|
|
|
ap_sniffer_addr
string
|
|
MAC address to monitor.
|
|
|
ap_sniffer_bufsize
integer
|
|
Sniffer buffer size (1 - 32 MB).
|
|
|
ap_sniffer_chan
integer
|
|
Channel on which to operate the sniffer .
|
|
|
ap_sniffer_ctl
string
|
|
Enable/disable sniffer on WiFi control frame .
|
|
|
ap_sniffer_data
string
|
|
Enable/disable sniffer on WiFi data frame .
|
|
|
ap_sniffer_mgmt_beacon
string
|
|
Enable/disable sniffer on WiFi management Beacon frames .
|
|
|
ap_sniffer_mgmt_other
string
|
|
Enable/disable sniffer on WiFi management other frames .
|
|
|
ap_sniffer_mgmt_probe
string
|
|
Enable/disable sniffer on WiFi management probe frames .
|
|
|
auto_power_high
integer
|
|
Automatic transmit power high limit in dBm (the actual range of transmit power depends on the AP platform type).
|
|
|
auto_power_level
string
|
|
Enable/disable automatic power-level adjustment to prevent co-channel interference .
|
|
|
auto_power_low
integer
|
|
Automatic transmission power low limit in dBm (the actual range of transmit power depends on the AP platform type).
|
|
|
band
string
|
Choices:
- 802.11a
- 802.11b
- 802.11g
- 802.11n
- 802.11n-5G
- 802.11ac
- 802.11n,g-only
- 802.11g-only
- 802.11n-only
- 802.11n-5G-only
- 802.11ac,n-only
- 802.11ac-only
|
WiFi band that Radio 2 operates on.
|
|
|
bandwidth_admission_control
string
|
|
Enable/disable WiFi multimedia (WMM) bandwidth admission control to optimize WiFi bandwidth use. A request to join the wireless network is only allowed if the access point has enough bandwidth to support it.
|
|
|
bandwidth_capacity
integer
|
|
Maximum bandwidth capacity allowed (1 - 600000 Kbps).
|
|
|
beacon_interval
integer
|
|
Beacon interval. The time between beacon frames in msec (the actual range of beacon interval depends on the AP platform type).
|
|
|
call_admission_control
string
|
|
Enable/disable WiFi multimedia (WMM) call admission control to optimize WiFi bandwidth use for VoIP calls. New VoIP calls are only accepted if there is enough bandwidth available to support them.
|
|
|
call_capacity
integer
|
|
Maximum number of Voice over WLAN (VoWLAN) phones supported by the radio (0 - 60).
|
|
|
channel
list
|
|
Selected list of wireless radio channels.
|
|
|
|
chan
string
/ required
|
|
Channel number.
|
|
|
channel_bonding
string
|
Choices:
- 80MHz
- 40MHz
- 20MHz
|
Channel bandwidth: 80, 40, or 20MHz. Channels may use both 20 and 40 by enabling coexistence.
|
|
|
channel_utilization
string
|
|
Enable/disable measuring channel utilization.
|
|
|
coexistence
string
|
|
Enable/disable allowing both HT20 and HT40 on the same radio .
|
|
|
darrp
string
|
|
Enable/disable Distributed Automatic Radio Resource Provisioning (DARRP) to make sure the radio is always using the most optimal channel .
|
|
|
dtim
integer
|
|
DTIM interval. The frequency to transmit Delivery Traffic Indication Message (or Map) (DTIM) messages (1 - 255). Set higher to save client battery life.
|
|
|
frag_threshold
integer
|
|
Maximum packet size that can be sent without fragmentation (800 - 2346 bytes).
|
|
|
frequency_handoff
string
|
|
Enable/disable frequency handoff of clients to other channels .
|
|
|
max_clients
integer
|
|
Maximum number of stations (STAs) or WiFi clients supported by the radio. Range depends on the hardware.
|
|
|
max_distance
integer
|
|
Maximum expected distance between the AP and clients (0 - 54000 m).
|
|
|
mode
string
|
Choices:
- disabled
- ap
- monitor
- sniffer
|
Mode of radio 2. Radio 2 can be disabled, configured as an access point, a rogue AP monitor, or a sniffer.
|
|
|
power_level
integer
|
|
Radio power level as a percentage of the maximum transmit power (0 - 100).
|
|
|
powersave_optimize
string
|
Choices:
- tim
- ac-vo
- no-obss-scan
- no-11b-rate
- client-rate-follow
|
Enable client power-saving features such as TIM, AC VO, and OBSS etc.
|
|
|
protection_mode
string
|
Choices:
- rtscts
- ctsonly
- disable
|
Enable/disable 802.11g protection modes to support backwards compatibility with older clients (rtscts, ctsonly, disable).
|
|
|
radio_id
integer
|
|
radio-id
|
|
|
rts_threshold
integer
|
|
Maximum packet size for RTS transmissions, specifying the maximum size of a data packet before RTS/CTS (256 - 2346 bytes).
|
|
|
short_guard_interval
string
|
|
Use either the short guard interval (Short GI) of 400 ns or the long guard interval (Long GI) of 800 ns.
|
|
|
spectrum_analysis
string
|
|
Enable/disable spectrum analysis to find interference that would negatively impact wireless performance.
|
|
|
transmit_optimize
string
|
Choices:
- disable
- power-save
- aggr-limit
- retry-limit
- send-bar
|
Packet transmission optimization options including power saving, aggregation limiting, retry limiting, etc. All are enabled by default.
|
|
|
vap_all
string
|
|
Enable/disable the automatic inheritance of all Virtual Access Points (VAPs) .
|
|
|
vaps
list
|
|
Manually selected list of Virtual Access Points (VAPs).
|
|
|
|
name
string
/ required
|
|
Virtual Access Point (VAP) name. Source wireless-controller.vap-group.name wireless-controller.vap.name.
|
|
|
wids_profile
string
|
|
Wireless Intrusion Detection System (WIDS) profile name to assign to the radio. Source wireless-controller.wids-profile.name.
|
|
split_tunneling_acl
list
|
|
Split tunneling ACL filter list.
|
|
|
dest_ip
string
|
|
Destination IP and mask for the split-tunneling subnet.
|
|
|
id
integer
/ required
|
|
ID.
|
|
split_tunneling_acl_local_ap_subnet
string
|
|
Enable/disable automatically adding local subnetwork of FortiAP to split-tunneling ACL .
|
|
split_tunneling_acl_path
string
|
|
Split tunneling ACL path is local/tunnel.
|
|
state
string
|
|
Deprecated
Starting with Ansible 2.9 we recommend using the top-level 'state' parameter.
Indicates whether to create or remove the object.
|
|
tun_mtu_downlink
integer
|
|
Downlink CAPWAP tunnel MTU (0, 576, or 1500 bytes).
|
|
tun_mtu_uplink
integer
|
|
Uplink CAPWAP tunnel MTU (0, 576, or 1500 bytes).
|
|
wan_port_mode
string
|
Choices:
- wan-lan
- wan-only
|
Enable/disable using a WAN port as a LAN port.
|