fortios_router_bgp – Configure BGP in Fortinet’s FortiOS and FortiGate

New in version 2.8.

Synopsis

  • This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify router feature and bgp category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.5

Requirements

The below requirements are needed on the host that executes this module.

  • fortiosapi>=0.9.8

Parameters

Parameter Choices/Defaults Comments
host
string
FortiOS or FortiGate IP address.
https
boolean
    Choices:
  • no
  • yes ←
Indicates if the requests towards FortiGate must use HTTPS protocol.
password
string
Default:
""
FortiOS or FortiGate password.
router_bgp
dictionary
Default:
null
Configure BGP.
admin_distance
list
Administrative distance modifications.
distance
integer
Administrative distance to apply (1 - 255).
id
integer / required
ID.
neighbour_prefix
string
Neighbor address prefix.
route_list
string
Access list of routes to apply new distance to. Source router.access-list.name.
aggregate_address
list
BGP aggregate address table.
as_set
string
    Choices:
  • enable
  • disable
Enable/disable generate AS set path information.
id
integer / required
ID.
prefix
string
Aggregate prefix.
summary_only
string
    Choices:
  • enable
  • disable
Enable/disable filter more specific routes from updates.
aggregate_address6
list
BGP IPv6 aggregate address table.
as_set
string
    Choices:
  • enable
  • disable
Enable/disable generate AS set path information.
id
integer / required
ID.
prefix6
string
Aggregate IPv6 prefix.
summary_only
string
    Choices:
  • enable
  • disable
Enable/disable filter more specific routes from updates.
always_compare_med
string
    Choices:
  • enable
  • disable
Enable/disable always compare MED.
as
integer
Router AS number, valid from 1 to 4294967295, 0 to disable BGP.
bestpath_as_path_ignore
string
    Choices:
  • enable
  • disable
Enable/disable ignore AS path.
bestpath_cmp_confed_aspath
string
    Choices:
  • enable
  • disable
Enable/disable compare federation AS path length.
bestpath_cmp_routerid
string
    Choices:
  • enable
  • disable
Enable/disable compare router ID for identical EBGP paths.
bestpath_med_confed
string
    Choices:
  • enable
  • disable
Enable/disable compare MED among confederation paths.
bestpath_med_missing_as_worst
string
    Choices:
  • enable
  • disable
Enable/disable treat missing MED as least preferred.
client_to_client_reflection
string
    Choices:
  • enable
  • disable
Enable/disable client-to-client route reflection.
cluster_id
string
Route reflector cluster ID.
confederation_identifier
integer
Confederation identifier.
confederation_peers
list
Confederation peers.
peer
string / required
Peer ID.
dampening
string
    Choices:
  • enable
  • disable
Enable/disable route-flap dampening.
dampening_max_suppress_time
integer
Maximum minutes a route can be suppressed.
dampening_reachability_half_life
integer
Reachability half-life time for penalty (min).
dampening_reuse
integer
Threshold to reuse routes.
dampening_route_map
string
Criteria for dampening. Source router.route-map.name.
dampening_suppress
integer
Threshold to suppress routes.
dampening_unreachability_half_life
integer
Unreachability half-life time for penalty (min).
default_local_preference
integer
Default local preference.
deterministic_med
string
    Choices:
  • enable
  • disable
Enable/disable enforce deterministic comparison of MED.
distance_external
integer
Distance for routes external to the AS.
distance_internal
integer
Distance for routes internal to the AS.
distance_local
integer
Distance for routes local to the AS.
ebgp_multipath
string
    Choices:
  • enable
  • disable
Enable/disable EBGP multi-path.
enforce_first_as
string
    Choices:
  • enable
  • disable
Enable/disable enforce first AS for EBGP routes.
fast_external_failover
string
    Choices:
  • enable
  • disable
Enable/disable reset peer BGP session if link goes down.
graceful_end_on_timer
string
    Choices:
  • enable
  • disable
Enable/disable to exit graceful restart on timer only.
graceful_restart
string
    Choices:
  • enable
  • disable
Enable/disable BGP graceful restart capabilities.
graceful_restart_time
integer
Time needed for neighbors to restart (sec).
graceful_stalepath_time
integer
Time to hold stale paths of restarting neighbor (sec).
graceful_update_delay
integer
Route advertisement/selection delay after restart (sec).
holdtime_timer
integer
Number of seconds to mark peer as dead.
ibgp_multipath
string
    Choices:
  • enable
  • disable
Enable/disable IBGP multi-path.
ignore_optional_capability
string
    Choices:
  • enable
  • disable
Don't send unknown optional capability notification message
keepalive_timer
integer
Frequency to send keep alive requests.
log_neighbour_changes
string
    Choices:
  • enable
  • disable
Enable logging of BGP neighbour's changes
neighbor
list
BGP neighbor table.
activate
string
    Choices:
  • enable
  • disable
Enable/disable address family IPv4 for this neighbor.
activate6
string
    Choices:
  • enable
  • disable
Enable/disable address family IPv6 for this neighbor.
advertisement_interval
integer
Minimum interval (sec) between sending updates.
allowas_in
integer
IPv4 The maximum number of occurrence of my AS number allowed.
allowas_in6
integer
IPv6 The maximum number of occurrence of my AS number allowed.
allowas_in_enable
string
    Choices:
  • enable
  • disable
Enable/disable IPv4 Enable to allow my AS in AS path.
allowas_in_enable6
string
    Choices:
  • enable
  • disable
Enable/disable IPv6 Enable to allow my AS in AS path.
as_override
string
    Choices:
  • enable
  • disable
Enable/disable replace peer AS with own AS for IPv4.
as_override6
string
    Choices:
  • enable
  • disable
Enable/disable replace peer AS with own AS for IPv6.
attribute_unchanged
string
    Choices:
  • as-path
  • med
  • next-hop
IPv4 List of attributes that should be unchanged.
attribute_unchanged6
string
    Choices:
  • as-path
  • med
  • next-hop
IPv6 List of attributes that should be unchanged.
bfd
string
    Choices:
  • enable
  • disable
Enable/disable BFD for this neighbor.
capability_default_originate
string
    Choices:
  • enable
  • disable
Enable/disable advertise default IPv4 route to this neighbor.
capability_default_originate6
string
    Choices:
  • enable
  • disable
Enable/disable advertise default IPv6 route to this neighbor.
capability_dynamic
string
    Choices:
  • enable
  • disable
Enable/disable advertise dynamic capability to this neighbor.
capability_graceful_restart
string
    Choices:
  • enable
  • disable
Enable/disable advertise IPv4 graceful restart capability to this neighbor.
capability_graceful_restart6
string
    Choices:
  • enable
  • disable
Enable/disable advertise IPv6 graceful restart capability to this neighbor.
capability_orf
string
    Choices:
  • none
  • receive
  • send
  • both
Accept/Send IPv4 ORF lists to/from this neighbor.
capability_orf6
string
    Choices:
  • none
  • receive
  • send
  • both
Accept/Send IPv6 ORF lists to/from this neighbor.
capability_route_refresh
string
    Choices:
  • enable
  • disable
Enable/disable advertise route refresh capability to this neighbor.
conditional_advertise
list
Conditional advertisement.
advertise_routemap
string
Name of advertising route map. Source router.route-map.name.
condition_routemap
string
Name of condition route map. Source router.route-map.name.
condition_type
string
    Choices:
  • exist
  • non-exist
Type of condition.
connect_timer
integer
Interval (sec) for connect timer.
default_originate_routemap
string
Route map to specify criteria to originate IPv4 default. Source router.route-map.name.
default_originate_routemap6
string
Route map to specify criteria to originate IPv6 default. Source router.route-map.name.
description
string
Description.
distribute_list_in
string
Filter for IPv4 updates from this neighbor. Source router.access-list.name.
distribute_list_in6
string
Filter for IPv6 updates from this neighbor. Source router.access-list6.name.
distribute_list_out
string
Filter for IPv4 updates to this neighbor. Source router.access-list.name.
distribute_list_out6
string
Filter for IPv6 updates to this neighbor. Source router.access-list6.name.
dont_capability_negotiate
string
    Choices:
  • enable
  • disable
Don't negotiate capabilities with this neighbor
ebgp_enforce_multihop
string
    Choices:
  • enable
  • disable
Enable/disable allow multi-hop EBGP neighbors.
ebgp_multihop_ttl
integer
EBGP multihop TTL for this peer.
filter_list_in
string
BGP filter for IPv4 inbound routes. Source router.aspath-list.name.
filter_list_in6
string
BGP filter for IPv6 inbound routes. Source router.aspath-list.name.
filter_list_out
string
BGP filter for IPv4 outbound routes. Source router.aspath-list.name.
filter_list_out6
string
BGP filter for IPv6 outbound routes. Source router.aspath-list.name.
holdtime_timer
integer
Interval (sec) before peer considered dead.
interface
string
Interface Source system.interface.name.
ip
string / required
IP/IPv6 address of neighbor.
keep_alive_timer
integer
Keep alive timer interval (sec).
link_down_failover
string
    Choices:
  • enable
  • disable
Enable/disable failover upon link down.
local_as
integer
Local AS number of neighbor.
local_as_no_prepend
string
    Choices:
  • enable
  • disable
Do not prepend local-as to incoming updates.
local_as_replace_as
string
    Choices:
  • enable
  • disable
Replace real AS with local-as in outgoing updates.
maximum_prefix
integer
Maximum number of IPv4 prefixes to accept from this peer.
maximum_prefix6
integer
Maximum number of IPv6 prefixes to accept from this peer.
maximum_prefix_threshold
integer
Maximum IPv4 prefix threshold value (1 - 100 percent).
maximum_prefix_threshold6
integer
Maximum IPv6 prefix threshold value (1 - 100 percent).
maximum_prefix_warning_only
string
    Choices:
  • enable
  • disable
Enable/disable IPv4 Only give warning message when limit is exceeded.
maximum_prefix_warning_only6
string
    Choices:
  • enable
  • disable
Enable/disable IPv6 Only give warning message when limit is exceeded.
next_hop_self
string
    Choices:
  • enable
  • disable
Enable/disable IPv4 next-hop calculation for this neighbor.
next_hop_self6
string
    Choices:
  • enable
  • disable
Enable/disable IPv6 next-hop calculation for this neighbor.
override_capability
string
    Choices:
  • enable
  • disable
Enable/disable override result of capability negotiation.
passive
string
    Choices:
  • enable
  • disable
Enable/disable sending of open messages to this neighbor.
password
string
Password used in MD5 authentication.
prefix_list_in
string
IPv4 Inbound filter for updates from this neighbor. Source router.prefix-list.name.
prefix_list_in6
string
IPv6 Inbound filter for updates from this neighbor. Source router.prefix-list6.name.
prefix_list_out
string
IPv4 Outbound filter for updates to this neighbor. Source router.prefix-list.name.
prefix_list_out6
string
IPv6 Outbound filter for updates to this neighbor. Source router.prefix-list6.name.
remote_as
integer
AS number of neighbor.
remove_private_as
string
    Choices:
  • enable
  • disable
Enable/disable remove private AS number from IPv4 outbound updates.
remove_private_as6
string
    Choices:
  • enable
  • disable
Enable/disable remove private AS number from IPv6 outbound updates.
restart_time
integer
Graceful restart delay time (sec, 0 = global default).
retain_stale_time
integer
Time to retain stale routes.
route_map_in
string
IPv4 Inbound route map filter. Source router.route-map.name.
route_map_in6
string
IPv6 Inbound route map filter. Source router.route-map.name.
route_map_out
string
IPv4 Outbound route map filter. Source router.route-map.name.
route_map_out6
string
IPv6 Outbound route map filter. Source router.route-map.name.
route_reflector_client
string
    Choices:
  • enable
  • disable
Enable/disable IPv4 AS route reflector client.
route_reflector_client6
string
    Choices:
  • enable
  • disable
Enable/disable IPv6 AS route reflector client.
route_server_client
string
    Choices:
  • enable
  • disable
Enable/disable IPv4 AS route server client.
route_server_client6
string
    Choices:
  • enable
  • disable
Enable/disable IPv6 AS route server client.
send_community
string
    Choices:
  • standard
  • extended
  • both
  • disable
IPv4 Send community attribute to neighbor.
send_community6
string
    Choices:
  • standard
  • extended
  • both
  • disable
IPv6 Send community attribute to neighbor.
shutdown
string
    Choices:
  • enable
  • disable
Enable/disable shutdown this neighbor.
soft_reconfiguration
string
    Choices:
  • enable
  • disable
Enable/disable allow IPv4 inbound soft reconfiguration.
soft_reconfiguration6
string
    Choices:
  • enable
  • disable
Enable/disable allow IPv6 inbound soft reconfiguration.
stale_route
string
    Choices:
  • enable
  • disable
Enable/disable stale route after neighbor down.
strict_capability_match
string
    Choices:
  • enable
  • disable
Enable/disable strict capability matching.
unsuppress_map
string
IPv4 Route map to selectively unsuppress suppressed routes. Source router.route-map.name.
unsuppress_map6
string
IPv6 Route map to selectively unsuppress suppressed routes. Source router.route-map.name.
update_source
string
Interface to use as source IP/IPv6 address of TCP connections. Source system.interface.name.
weight
integer
Neighbor weight.
neighbor_group
list
BGP neighbor group table.
activate
string
    Choices:
  • enable
  • disable
Enable/disable address family IPv4 for this neighbor.
activate6
string
    Choices:
  • enable
  • disable
Enable/disable address family IPv6 for this neighbor.
advertisement_interval
integer
Minimum interval (sec) between sending updates.
allowas_in
integer
IPv4 The maximum number of occurrence of my AS number allowed.
allowas_in6
integer
IPv6 The maximum number of occurrence of my AS number allowed.
allowas_in_enable
string
    Choices:
  • enable
  • disable
Enable/disable IPv4 Enable to allow my AS in AS path.
allowas_in_enable6
string
    Choices:
  • enable
  • disable
Enable/disable IPv6 Enable to allow my AS in AS path.
as_override
string
    Choices:
  • enable
  • disable
Enable/disable replace peer AS with own AS for IPv4.
as_override6
string
    Choices:
  • enable
  • disable
Enable/disable replace peer AS with own AS for IPv6.
attribute_unchanged
string
    Choices:
  • as-path
  • med
  • next-hop
IPv4 List of attributes that should be unchanged.
attribute_unchanged6
string
    Choices:
  • as-path
  • med
  • next-hop
IPv6 List of attributes that should be unchanged.
bfd
string
    Choices:
  • enable
  • disable
Enable/disable BFD for this neighbor.
capability_default_originate
string
    Choices:
  • enable
  • disable
Enable/disable advertise default IPv4 route to this neighbor.
capability_default_originate6
string
    Choices:
  • enable
  • disable
Enable/disable advertise default IPv6 route to this neighbor.
capability_dynamic
string
    Choices:
  • enable
  • disable
Enable/disable advertise dynamic capability to this neighbor.
capability_graceful_restart
string
    Choices:
  • enable
  • disable
Enable/disable advertise IPv4 graceful restart capability to this neighbor.
capability_graceful_restart6
string
    Choices:
  • enable
  • disable
Enable/disable advertise IPv6 graceful restart capability to this neighbor.
capability_orf
string
    Choices:
  • none
  • receive
  • send
  • both
Accept/Send IPv4 ORF lists to/from this neighbor.
capability_orf6
string
    Choices:
  • none
  • receive
  • send
  • both
Accept/Send IPv6 ORF lists to/from this neighbor.
capability_route_refresh
string
    Choices:
  • enable
  • disable
Enable/disable advertise route refresh capability to this neighbor.
connect_timer
integer
Interval (sec) for connect timer.
default_originate_routemap
string
Route map to specify criteria to originate IPv4 default. Source router.route-map.name.
default_originate_routemap6
string
Route map to specify criteria to originate IPv6 default. Source router.route-map.name.
description
string
Description.
distribute_list_in
string
Filter for IPv4 updates from this neighbor. Source router.access-list.name.
distribute_list_in6
string
Filter for IPv6 updates from this neighbor. Source router.access-list6.name.
distribute_list_out
string
Filter for IPv4 updates to this neighbor. Source router.access-list.name.
distribute_list_out6
string
Filter for IPv6 updates to this neighbor. Source router.access-list6.name.
dont_capability_negotiate
string
    Choices:
  • enable
  • disable
Don't negotiate capabilities with this neighbor
ebgp_enforce_multihop
string
    Choices:
  • enable
  • disable
Enable/disable allow multi-hop EBGP neighbors.
ebgp_multihop_ttl
integer
EBGP multihop TTL for this peer.
filter_list_in
string
BGP filter for IPv4 inbound routes. Source router.aspath-list.name.
filter_list_in6
string
BGP filter for IPv6 inbound routes. Source router.aspath-list.name.
filter_list_out
string
BGP filter for IPv4 outbound routes. Source router.aspath-list.name.
filter_list_out6
string
BGP filter for IPv6 outbound routes. Source router.aspath-list.name.
holdtime_timer
integer
Interval (sec) before peer considered dead.
interface
string
Interface Source system.interface.name.
keep_alive_timer
integer
Keep alive timer interval (sec).
link_down_failover
string
    Choices:
  • enable
  • disable
Enable/disable failover upon link down.
local_as
integer
Local AS number of neighbor.
local_as_no_prepend
string
    Choices:
  • enable
  • disable
Do not prepend local-as to incoming updates.
local_as_replace_as
string
    Choices:
  • enable
  • disable
Replace real AS with local-as in outgoing updates.
maximum_prefix
integer
Maximum number of IPv4 prefixes to accept from this peer.
maximum_prefix6
integer
Maximum number of IPv6 prefixes to accept from this peer.
maximum_prefix_threshold
integer
Maximum IPv4 prefix threshold value (1 - 100 percent).
maximum_prefix_threshold6
integer
Maximum IPv6 prefix threshold value (1 - 100 percent).
maximum_prefix_warning_only
string
    Choices:
  • enable
  • disable
Enable/disable IPv4 Only give warning message when limit is exceeded.
maximum_prefix_warning_only6
string
    Choices:
  • enable
  • disable
Enable/disable IPv6 Only give warning message when limit is exceeded.
name
string / required
Neighbor group name.
next_hop_self
string
    Choices:
  • enable
  • disable
Enable/disable IPv4 next-hop calculation for this neighbor.
next_hop_self6
string
    Choices:
  • enable
  • disable
Enable/disable IPv6 next-hop calculation for this neighbor.
override_capability
string
    Choices:
  • enable
  • disable
Enable/disable override result of capability negotiation.
passive
string
    Choices:
  • enable
  • disable
Enable/disable sending of open messages to this neighbor.
prefix_list_in
string
IPv4 Inbound filter for updates from this neighbor. Source router.prefix-list.name.
prefix_list_in6
string
IPv6 Inbound filter for updates from this neighbor. Source router.prefix-list6.name.
prefix_list_out
string
IPv4 Outbound filter for updates to this neighbor. Source router.prefix-list.name.
prefix_list_out6
string
IPv6 Outbound filter for updates to this neighbor. Source router.prefix-list6.name.
remote_as
integer
AS number of neighbor.
remove_private_as
string
    Choices:
  • enable
  • disable
Enable/disable remove private AS number from IPv4 outbound updates.
remove_private_as6
string
    Choices:
  • enable
  • disable
Enable/disable remove private AS number from IPv6 outbound updates.
restart_time
integer
Graceful restart delay time (sec, 0 = global default).
retain_stale_time
integer
Time to retain stale routes.
route_map_in
string
IPv4 Inbound route map filter. Source router.route-map.name.
route_map_in6
string
IPv6 Inbound route map filter. Source router.route-map.name.
route_map_out
string
IPv4 Outbound route map filter. Source router.route-map.name.
route_map_out6
string
IPv6 Outbound route map filter. Source router.route-map.name.
route_reflector_client
string
    Choices:
  • enable
  • disable
Enable/disable IPv4 AS route reflector client.
route_reflector_client6
string
    Choices:
  • enable
  • disable
Enable/disable IPv6 AS route reflector client.
route_server_client
string
    Choices:
  • enable
  • disable
Enable/disable IPv4 AS route server client.
route_server_client6
string
    Choices:
  • enable
  • disable
Enable/disable IPv6 AS route server client.
send_community
string
    Choices:
  • standard
  • extended
  • both
  • disable
IPv4 Send community attribute to neighbor.
send_community6
string
    Choices:
  • standard
  • extended
  • both
  • disable
IPv6 Send community attribute to neighbor.
shutdown
string
    Choices:
  • enable
  • disable
Enable/disable shutdown this neighbor.
soft_reconfiguration
string
    Choices:
  • enable
  • disable
Enable/disable allow IPv4 inbound soft reconfiguration.
soft_reconfiguration6
string
    Choices:
  • enable
  • disable
Enable/disable allow IPv6 inbound soft reconfiguration.
stale_route
string
    Choices:
  • enable
  • disable
Enable/disable stale route after neighbor down.
strict_capability_match
string
    Choices:
  • enable
  • disable
Enable/disable strict capability matching.
unsuppress_map
string
IPv4 Route map to selectively unsuppress suppressed routes. Source router.route-map.name.
unsuppress_map6
string
IPv6 Route map to selectively unsuppress suppressed routes. Source router.route-map.name.
update_source
string
Interface to use as source IP/IPv6 address of TCP connections. Source system.interface.name.
weight
integer
Neighbor weight.
neighbor_range
list
BGP neighbor range table.
id
integer / required
Neighbor range ID.
max_neighbor_num
integer
Maximum number of neighbors.
neighbor_group
string
Neighbor group name. Source router.bgp.neighbor-group.name.
prefix
string
Neighbor range prefix.
neighbor_range6
list
BGP IPv6 neighbor range table.
id
integer / required
IPv6 neighbor range ID.
max_neighbor_num
integer
Maximum number of neighbors.
neighbor_group
string
Neighbor group name. Source router.bgp.neighbor-group.name.
prefix6
string
IPv6 prefix.
network
list
BGP network table.
backdoor
string
    Choices:
  • enable
  • disable
Enable/disable route as backdoor.
id
integer / required
ID.
prefix
string
Network prefix.
route_map
string
Route map to modify generated route. Source router.route-map.name.
network6
list
BGP IPv6 network table.
backdoor
string
    Choices:
  • enable
  • disable
Enable/disable route as backdoor.
id
integer / required
ID.
prefix6
string
Network IPv6 prefix.
route_map
string
Route map to modify generated route. Source router.route-map.name.
network_import_check
string
    Choices:
  • enable
  • disable
Enable/disable ensure BGP network route exists in IGP.
redistribute
list
BGP IPv4 redistribute table.
name
string / required
Distribute list entry name.
route_map
string
Route map name. Source router.route-map.name.
status
string
    Choices:
  • enable
  • disable
Status
redistribute6
list
BGP IPv6 redistribute table.
name
string / required
Distribute list entry name.
route_map
string
Route map name. Source router.route-map.name.
status
string
    Choices:
  • enable
  • disable
Status
router_id
string
Router ID.
scan_time
integer
Background scanner interval (sec), 0 to disable it.
synchronization
string
    Choices:
  • enable
  • disable
Enable/disable only advertise routes from iBGP if routes present in an IGP.
ssl_verify
boolean
added in 2.9
    Choices:
  • no
  • yes ←
Ensures FortiGate certificate must be verified by a proper CA.
username
string
FortiOS or FortiGate username.
vdom
string
Default:
"root"
Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit.

Notes

Note

  • Requires fortiosapi library developed by Fortinet
  • Run as a local_action in your playbook

Examples

- hosts: localhost
  vars:
   host: "192.168.122.40"
   username: "admin"
   password: ""
   vdom: "root"
   ssl_verify: "False"
  tasks:
  - name: Configure BGP.
    fortios_router_bgp:
      host:  "{{ host }}"
      username: "{{ username }}"
      password: "{{ password }}"
      vdom:  "{{ vdom }}"
      https: "False"
      router_bgp:
        admin_distance:
         -
            distance: "4"
            id:  "5"
            neighbour_prefix: "<your_own_value>"
            route_list: "<your_own_value> (source router.access-list.name)"
        aggregate_address:
         -
            as_set: "enable"
            id:  "10"
            prefix: "<your_own_value>"
            summary_only: "enable"
        aggregate_address6:
         -
            as_set: "enable"
            id:  "15"
            prefix6: "<your_own_value>"
            summary_only: "enable"
        always_compare_med: "enable"
        as: "19"
        bestpath_as_path_ignore: "enable"
        bestpath_cmp_confed_aspath: "enable"
        bestpath_cmp_routerid: "enable"
        bestpath_med_confed: "enable"
        bestpath_med_missing_as_worst: "enable"
        client_to_client_reflection: "enable"
        cluster_id: "<your_own_value>"
        confederation_identifier: "27"
        confederation_peers:
         -
            peer: "<your_own_value>"
        dampening: "enable"
        dampening_max_suppress_time: "31"
        dampening_reachability_half_life: "32"
        dampening_reuse: "33"
        dampening_route_map: "<your_own_value> (source router.route-map.name)"
        dampening_suppress: "35"
        dampening_unreachability_half_life: "36"
        default_local_preference: "37"
        deterministic_med: "enable"
        distance_external: "39"
        distance_internal: "40"
        distance_local: "41"
        ebgp_multipath: "enable"
        enforce_first_as: "enable"
        fast_external_failover: "enable"
        graceful_end_on_timer: "enable"
        graceful_restart: "enable"
        graceful_restart_time: "47"
        graceful_stalepath_time: "48"
        graceful_update_delay: "49"
        holdtime_timer: "50"
        ibgp_multipath: "enable"
        ignore_optional_capability: "enable"
        keepalive_timer: "53"
        log_neighbour_changes: "enable"
        neighbor:
         -
            activate: "enable"
            activate6: "enable"
            advertisement_interval: "58"
            allowas_in: "59"
            allowas_in_enable: "enable"
            allowas_in_enable6: "enable"
            allowas_in6: "62"
            as_override: "enable"
            as_override6: "enable"
            attribute_unchanged: "as-path"
            attribute_unchanged6: "as-path"
            bfd: "enable"
            capability_default_originate: "enable"
            capability_default_originate6: "enable"
            capability_dynamic: "enable"
            capability_graceful_restart: "enable"
            capability_graceful_restart6: "enable"
            capability_orf: "none"
            capability_orf6: "none"
            capability_route_refresh: "enable"
            conditional_advertise:
             -
                advertise_routemap: "<your_own_value> (source router.route-map.name)"
                condition_routemap: "<your_own_value> (source router.route-map.name)"
                condition_type: "exist"
            connect_timer: "80"
            default_originate_routemap: "<your_own_value> (source router.route-map.name)"
            default_originate_routemap6: "<your_own_value> (source router.route-map.name)"
            description: "<your_own_value>"
            distribute_list_in: "<your_own_value> (source router.access-list.name)"
            distribute_list_in6: "<your_own_value> (source router.access-list6.name)"
            distribute_list_out: "<your_own_value> (source router.access-list.name)"
            distribute_list_out6: "<your_own_value> (source router.access-list6.name)"
            dont_capability_negotiate: "enable"
            ebgp_enforce_multihop: "enable"
            ebgp_multihop_ttl: "90"
            filter_list_in: "<your_own_value> (source router.aspath-list.name)"
            filter_list_in6: "<your_own_value> (source router.aspath-list.name)"
            filter_list_out: "<your_own_value> (source router.aspath-list.name)"
            filter_list_out6: "<your_own_value> (source router.aspath-list.name)"
            holdtime_timer: "95"
            interface: "<your_own_value> (source system.interface.name)"
            ip: "<your_own_value>"
            keep_alive_timer: "98"
            link_down_failover: "enable"
            local_as: "100"
            local_as_no_prepend: "enable"
            local_as_replace_as: "enable"
            maximum_prefix: "103"
            maximum_prefix_threshold: "104"
            maximum_prefix_threshold6: "105"
            maximum_prefix_warning_only: "enable"
            maximum_prefix_warning_only6: "enable"
            maximum_prefix6: "108"
            next_hop_self: "enable"
            next_hop_self6: "enable"
            override_capability: "enable"
            passive: "enable"
            password: "<your_own_value>"
            prefix_list_in: "<your_own_value> (source router.prefix-list.name)"
            prefix_list_in6: "<your_own_value> (source router.prefix-list6.name)"
            prefix_list_out: "<your_own_value> (source router.prefix-list.name)"
            prefix_list_out6: "<your_own_value> (source router.prefix-list6.name)"
            remote_as: "118"
            remove_private_as: "enable"
            remove_private_as6: "enable"
            restart_time: "121"
            retain_stale_time: "122"
            route_map_in: "<your_own_value> (source router.route-map.name)"
            route_map_in6: "<your_own_value> (source router.route-map.name)"
            route_map_out: "<your_own_value> (source router.route-map.name)"
            route_map_out6: "<your_own_value> (source router.route-map.name)"
            route_reflector_client: "enable"
            route_reflector_client6: "enable"
            route_server_client: "enable"
            route_server_client6: "enable"
            send_community: "standard"
            send_community6: "standard"
            shutdown: "enable"
            soft_reconfiguration: "enable"
            soft_reconfiguration6: "enable"
            stale_route: "enable"
            strict_capability_match: "enable"
            unsuppress_map: "<your_own_value> (source router.route-map.name)"
            unsuppress_map6: "<your_own_value> (source router.route-map.name)"
            update_source: "<your_own_value> (source system.interface.name)"
            weight: "141"
        neighbor_group:
         -
            activate: "enable"
            activate6: "enable"
            advertisement_interval: "145"
            allowas_in: "146"
            allowas_in_enable: "enable"
            allowas_in_enable6: "enable"
            allowas_in6: "149"
            as_override: "enable"
            as_override6: "enable"
            attribute_unchanged: "as-path"
            attribute_unchanged6: "as-path"
            bfd: "enable"
            capability_default_originate: "enable"
            capability_default_originate6: "enable"
            capability_dynamic: "enable"
            capability_graceful_restart: "enable"
            capability_graceful_restart6: "enable"
            capability_orf: "none"
            capability_orf6: "none"
            capability_route_refresh: "enable"
            connect_timer: "163"
            default_originate_routemap: "<your_own_value> (source router.route-map.name)"
            default_originate_routemap6: "<your_own_value> (source router.route-map.name)"
            description: "<your_own_value>"
            distribute_list_in: "<your_own_value> (source router.access-list.name)"
            distribute_list_in6: "<your_own_value> (source router.access-list6.name)"
            distribute_list_out: "<your_own_value> (source router.access-list.name)"
            distribute_list_out6: "<your_own_value> (source router.access-list6.name)"
            dont_capability_negotiate: "enable"
            ebgp_enforce_multihop: "enable"
            ebgp_multihop_ttl: "173"
            filter_list_in: "<your_own_value> (source router.aspath-list.name)"
            filter_list_in6: "<your_own_value> (source router.aspath-list.name)"
            filter_list_out: "<your_own_value> (source router.aspath-list.name)"
            filter_list_out6: "<your_own_value> (source router.aspath-list.name)"
            holdtime_timer: "178"
            interface: "<your_own_value> (source system.interface.name)"
            keep_alive_timer: "180"
            link_down_failover: "enable"
            local_as: "182"
            local_as_no_prepend: "enable"
            local_as_replace_as: "enable"
            maximum_prefix: "185"
            maximum_prefix_threshold: "186"
            maximum_prefix_threshold6: "187"
            maximum_prefix_warning_only: "enable"
            maximum_prefix_warning_only6: "enable"
            maximum_prefix6: "190"
            name: "default_name_191"
            next_hop_self: "enable"
            next_hop_self6: "enable"
            override_capability: "enable"
            passive: "enable"
            prefix_list_in: "<your_own_value> (source router.prefix-list.name)"
            prefix_list_in6: "<your_own_value> (source router.prefix-list6.name)"
            prefix_list_out: "<your_own_value> (source router.prefix-list.name)"
            prefix_list_out6: "<your_own_value> (source router.prefix-list6.name)"
            remote_as: "200"
            remove_private_as: "enable"
            remove_private_as6: "enable"
            restart_time: "203"
            retain_stale_time: "204"
            route_map_in: "<your_own_value> (source router.route-map.name)"
            route_map_in6: "<your_own_value> (source router.route-map.name)"
            route_map_out: "<your_own_value> (source router.route-map.name)"
            route_map_out6: "<your_own_value> (source router.route-map.name)"
            route_reflector_client: "enable"
            route_reflector_client6: "enable"
            route_server_client: "enable"
            route_server_client6: "enable"
            send_community: "standard"
            send_community6: "standard"
            shutdown: "enable"
            soft_reconfiguration: "enable"
            soft_reconfiguration6: "enable"
            stale_route: "enable"
            strict_capability_match: "enable"
            unsuppress_map: "<your_own_value> (source router.route-map.name)"
            unsuppress_map6: "<your_own_value> (source router.route-map.name)"
            update_source: "<your_own_value> (source system.interface.name)"
            weight: "223"
        neighbor_range:
         -
            id:  "225"
            max_neighbor_num: "226"
            neighbor_group: "<your_own_value> (source router.bgp.neighbor-group.name)"
            prefix: "<your_own_value>"
        neighbor_range6:
         -
            id:  "230"
            max_neighbor_num: "231"
            neighbor_group: "<your_own_value> (source router.bgp.neighbor-group.name)"
            prefix6: "<your_own_value>"
        network:
         -
            backdoor: "enable"
            id:  "236"
            prefix: "<your_own_value>"
            route_map: "<your_own_value> (source router.route-map.name)"
        network_import_check: "enable"
        network6:
         -
            backdoor: "enable"
            id:  "242"
            prefix6: "<your_own_value>"
            route_map: "<your_own_value> (source router.route-map.name)"
        redistribute:
         -
            name: "default_name_246"
            route_map: "<your_own_value> (source router.route-map.name)"
            status: "enable"
        redistribute6:
         -
            name: "default_name_250"
            route_map: "<your_own_value> (source router.route-map.name)"
            status: "enable"
        router_id: "<your_own_value>"
        scan_time: "254"
        synchronization: "enable"

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
build
string
always
Build number of the fortigate image

Sample:
1547
http_method
string
always
Last method used to provision the content into FortiGate

Sample:
PUT
http_status
string
always
Last result given by FortiGate on last operation applied

Sample:
200
mkey
string
success
Master key (id) used in the last call to FortiGate

Sample:
id
name
string
always
Name of the table used to fulfill the request

Sample:
urlfilter
path
string
always
Path of the table used to fulfill the request

Sample:
webfilter
revision
string
always
Internal revision number

Sample:
17.0.2.10658
serial
string
always
Serial number of the unit

Sample:
FGVMEVYYQT3AB5352
status
string
always
Indication of the operation's result

Sample:
success
vdom
string
always
Virtual domain used

Sample:
root
version
string
always
Version of the FortiGate

Sample:
v5.6.3


Status

Authors

  • Miguel Angel Munoz (@mamunozgonzalez)
  • Nicolas Thomas (@thomnico)

Hint

If you notice any issues in this documentation, you can edit this document to improve it.