fortinet.fortimanager.fmgr_fsp_vlan_interface module – Configure interfaces.

Note

This module is part of the fortinet.fortimanager collection (version 2.1.5).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install fortinet.fortimanager.

To use it in a playbook, specify: fortinet.fortimanager.fmgr_fsp_vlan_interface.

New in version 2.10: of fortinet.fortimanager

Synopsis

  • This module is able to configure a FortiManager device.

  • Examples include all parameters and values which need to be adjusted to data sources before usage.

Parameters

Parameter

Comments

adom

string / required

the parameter (adom) in requested url

bypass_validation

boolean

only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters

Choices:

  • no ← (default)

  • yes

enable_log

boolean

Enable/Disable logging for task

Choices:

  • no ← (default)

  • yes

fsp_vlan_interface

dictionary

the top level parameters set

ac-name

string

no description

aggregate

string

no description

algorithm

string

no description

Choices:

  • L2

  • L3

  • L4

alias

string

no description

allowaccess

list / elements=string

no description

Choices:

  • https

  • ping

  • ssh

  • snmp

  • http

  • telnet

  • fgfm

  • auto-ipsec

  • radius-acct

  • probe-response

  • capwap

  • dnp

  • ftm

  • fabric

ap-discover

string

no description

Choices:

  • disable

  • enable

arpforward

string

no description

Choices:

  • disable

  • enable

atm-protocol

string

no description

Choices:

  • none

  • ipoa

auth-type

string

no description

Choices:

  • auto

  • pap

  • chap

  • mschapv1

  • mschapv2

auto-auth-extension-device

string

no description

Choices:

  • disable

  • enable

bandwidth-measure-time

integer

no description

bfd

string

no description

Choices:

  • global

  • enable

  • disable

bfd-desired-min-tx

integer

no description

bfd-detect-mult

integer

no description

bfd-required-min-rx

integer

no description

broadcast-forticlient-discovery

string

no description

Choices:

  • disable

  • enable

broadcast-forward

string

no description

Choices:

  • disable

  • enable

captive-portal

integer

no description

cli-conn-status

integer

no description

color

integer

no description

ddns

string

no description

Choices:

  • disable

  • enable

ddns-auth

string

no description

Choices:

  • disable

  • tsig

ddns-domain

string

no description

ddns-key

string

no description

ddns-keyname

string

no description

ddns-password

string

no description

ddns-server

string

no description

Choices:

  • dhs.org

  • dyndns.org

  • dyns.net

  • tzo.com

  • ods.org

  • vavic.com

  • now.net.cn

  • dipdns.net

  • easydns.com

  • genericDDNS

ddns-server-ip

string

no description

ddns-sn

string

no description

ddns-ttl

integer

no description

ddns-username

string

no description

ddns-zone

string

no description

dedicated-to

string

no description

Choices:

  • none

  • management

defaultgw

string

no description

Choices:

  • disable

  • enable

description

string

no description

detected-peer-mtu

integer

no description

detectprotocol

list / elements=string

no description

Choices:

  • ping

  • tcp-echo

  • udp-echo

detectserver

string

no description

device-access-list

string

no description

device-identification

string

no description

Choices:

  • disable

  • enable

device-identification-active-scan

string

no description

Choices:

  • disable

  • enable

device-netscan

string

no description

Choices:

  • disable

  • enable

device-user-identification

string

no description

Choices:

  • disable

  • enable

devindex

integer

no description

dhcp-client-identifier

string

no description

dhcp-relay-agent-option

string

no description

Choices:

  • disable

  • enable

dhcp-relay-interface

string

no description

dhcp-relay-interface-select-method

string

no description

Choices:

  • auto

  • sdwan

  • specify

dhcp-relay-ip

string

no description

dhcp-relay-request-all-server

string

Enable/disable sending of DHCP requests to all servers.

Choices:

  • disable

  • enable

dhcp-relay-service

string

no description

Choices:

  • disable

  • enable

dhcp-relay-type

string

no description

Choices:

  • regular

  • ipsec

dhcp-renew-time

integer

no description

disc-retry-timeout

integer

no description

disconnect-threshold

integer

no description

distance

integer

no description

dns-query

string

no description

Choices:

  • disable

  • recursive

  • non-recursive

dns-server-override

string

no description

Choices:

  • disable

  • enable

drop-fragment

string

no description

Choices:

  • disable

  • enable

drop-overlapped-fragment

string

no description

Choices:

  • disable

  • enable

egress-cos

string

no description

Choices:

  • disable

  • cos0

  • cos1

  • cos2

  • cos3

  • cos4

  • cos5

  • cos6

  • cos7

egress-shaping-profile

string

no description

eip

string

no description

endpoint-compliance

string

no description

Choices:

  • disable

  • enable

estimated-downstream-bandwidth

integer

no description

estimated-upstream-bandwidth

integer

no description

explicit-ftp-proxy

string

no description

Choices:

  • disable

  • enable

explicit-web-proxy

string

no description

Choices:

  • disable

  • enable

external

string

no description

Choices:

  • disable

  • enable

fail-action-on-extender

string

no description

Choices:

  • soft-restart

  • hard-restart

  • reboot

fail-alert-interfaces

string

no description

fail-alert-method

string

no description

Choices:

  • link-failed-signal

  • link-down

fail-detect

string

no description

Choices:

  • disable

  • enable

fail-detect-option

list / elements=string

no description

Choices:

  • detectserver

  • link-down

fdp

string

no description

Choices:

  • disable

  • enable

fortiheartbeat

string

no description

Choices:

  • disable

  • enable

string

no description

Choices:

  • disable

  • enable

integer

no description

string

no description

Choices:

  • lldp

  • fortilink

string

no description

Choices:

  • disable

  • enable

string

no description

Choices:

  • disable

  • enable

forward-domain

integer

no description

forward-error-correction

string

no description

Choices:

  • disable

  • enable

  • rs-fec

  • base-r-fec

  • fec-cl91

  • fec-cl74

fp-anomaly

list / elements=string

no description

Choices:

  • drop_tcp_fin_noack

  • pass_winnuke

  • pass_tcpland

  • pass_udpland

  • pass_icmpland

  • pass_ipland

  • pass_iprr

  • pass_ipssrr

  • pass_iplsrr

  • pass_ipstream

  • pass_ipsecurity

  • pass_iptimestamp

  • pass_ipunknown_option

  • pass_ipunknown_prot

  • pass_icmp_frag

  • pass_tcp_no_flag

  • pass_tcp_fin_noack

  • drop_winnuke

  • drop_tcpland

  • drop_udpland

  • drop_icmpland

  • drop_ipland

  • drop_iprr

  • drop_ipssrr

  • drop_iplsrr

  • drop_ipstream

  • drop_ipsecurity

  • drop_iptimestamp

  • drop_ipunknown_option

  • drop_ipunknown_prot

  • drop_icmp_frag

  • drop_tcp_no_flag

fp-disable

list / elements=string

no description

Choices:

  • all

  • ipsec

  • none

gateway-address

string

no description

gi-gk

string

no description

Choices:

  • disable

  • enable

gwaddr

string

no description

gwdetect

string

no description

Choices:

  • disable

  • enable

ha-priority

integer

no description

icmp-accept-redirect

string

no description

Choices:

  • disable

  • enable

icmp-redirect

string

no description

Choices:

  • disable

  • enable

icmp-send-redirect

string

no description

Choices:

  • disable

  • enable

ident-accept

string

no description

Choices:

  • disable

  • enable

idle-timeout

integer

no description

if-mdix

string

no description

Choices:

  • auto

  • normal

  • crossover

if-media

string

no description

Choices:

  • auto

  • copper

  • fiber

in-force-vlan-cos

integer

no description

inbandwidth

integer

no description

ingress-cos

string

no description

Choices:

  • disable

  • cos0

  • cos1

  • cos2

  • cos3

  • cos4

  • cos5

  • cos6

  • cos7

ingress-shaping-profile

string

no description

ingress-spillover-threshold

integer

no description

internal

integer

no description

ip

string

no description

ip-managed-by-fortiipam

string

no description

Choices:

  • disable

  • enable

ipmac

string

no description

Choices:

  • disable

  • enable

ips-sniffer-mode

string

no description

Choices:

  • disable

  • enable

ipunnumbered

string

no description

ipv6

dictionary

no description

autoconf

string

no description

Choices:

  • disable

  • enable

cli-conn6-status

integer

no description

dhcp6-client-options

list / elements=string

no description

Choices:

  • rapid

  • iapd

  • iana

  • dns

  • dnsname

dhcp6-information-request

string

no description

Choices:

  • disable

  • enable

dhcp6-prefix-delegation

string

no description

Choices:

  • disable

  • enable

dhcp6-prefix-hint

string

no description

dhcp6-prefix-hint-plt

integer

no description

dhcp6-prefix-hint-vlt

integer

no description

dhcp6-relay-ip

string

no description

dhcp6-relay-service

string

no description

Choices:

  • disable

  • enable

dhcp6-relay-type

string

no description

Choices:

  • regular

icmp6-send-redirect

string

Enable/disable sending of ICMPv6 redirects.

Choices:

  • disable

  • enable

interface-identifier

string

no description

ip6-address

string

no description

ip6-allowaccess

list / elements=string

no description

Choices:

  • https

  • ping

  • ssh

  • snmp

  • http

  • telnet

  • fgfm

  • capwap

  • fabric

ip6-default-life

integer

no description

ip6-delegated-prefix-list

list / elements=string

no description

autonomous-flag

string

no description

Choices:

  • disable

  • enable

string

no description

Choices:

  • disable

  • enable

prefix-id

integer

no description

rdnss

string

no description

rdnss-service

string

no description

Choices:

  • delegated

  • default

  • specify

subnet

string

no description

upstream-interface

string

no description

ip6-dns-server-override

string

no description

Choices:

  • disable

  • enable

ip6-extra-addr

list / elements=string

no description

prefix

string

no description

ip6-hop-limit

integer

no description

integer

no description

ip6-manage-flag

string

no description

Choices:

  • disable

  • enable

ip6-max-interval

integer

no description

ip6-min-interval

integer

no description

ip6-mode

string

no description

Choices:

  • static

  • dhcp

  • pppoe

  • delegated

ip6-other-flag

string

no description

Choices:

  • disable

  • enable

ip6-prefix-list

list / elements=string

no description

autonomous-flag

string

no description

Choices:

  • disable

  • enable

dnssl

string

no description

string

no description

Choices:

  • disable

  • enable

preferred-life-time

integer

no description

prefix

string

no description

rdnss

string

no description

valid-life-time

integer

no description

ip6-prefix-mode

string

Assigning a prefix from DHCP or RA.

Choices:

  • dhcp6

  • ra

ip6-reachable-time

integer

no description

ip6-retrans-time

integer

no description

ip6-send-adv

string

no description

Choices:

  • disable

  • enable

ip6-subnet

string

no description

ip6-upstream-interface

string

no description

nd-cert

string

no description

nd-cga-modifier

string

no description

nd-mode

string

no description

Choices:

  • basic

  • SEND-compatible

nd-security-level

integer

no description

nd-timestamp-delta

integer

no description

nd-timestamp-fuzz

integer

no description

ra-send-mtu

string

Enable/disable sending link MTU in RA packet.

Choices:

  • disable

  • enable

unique-autoconf-addr

string

no description

Choices:

  • disable

  • enable

string

no description

vrrp-virtual-mac6

string

no description

Choices:

  • disable

  • enable

vrrp6

list / elements=string

no description

accept-mode

string

no description

Choices:

  • disable

  • enable

adv-interval

integer

no description

preempt

string

no description

Choices:

  • disable

  • enable

priority

integer

no description

start-time

integer

no description

status

string

no description

Choices:

  • disable

  • enable

vrdst6

string

no description

vrgrp

integer

no description

vrid

integer

no description

vrip6

string

no description

l2forward

string

no description

Choices:

  • disable

  • enable

l2tp-client

string

no description

Choices:

  • disable

  • enable

lacp-ha-slave

string

no description

Choices:

  • disable

  • enable

lacp-mode

string

no description

Choices:

  • static

  • passive

  • active

lacp-speed

string

no description

Choices:

  • slow

  • fast

lcp-echo-interval

integer

no description

lcp-max-echo-fails

integer

no description

integer

no description

listen-forticlient-connection

string

no description

Choices:

  • disable

  • enable

lldp-network-policy

string

no description

lldp-reception

string

no description

Choices:

  • disable

  • enable

  • vdom

lldp-transmission

string

no description

Choices:

  • enable

  • disable

  • vdom

log

string

no description

Choices:

  • disable

  • enable

macaddr

string

no description

managed-subnetwork-size

string

no description

Choices:

  • 256

  • 512

  • 1024

  • 2048

  • 4096

  • 8192

  • 16384

  • 32768

  • 65536

management-ip

string

no description

max-egress-burst-rate

integer

no description

max-egress-rate

integer

no description

measured-downstream-bandwidth

integer

no description

measured-upstream-bandwidth

integer

no description

mediatype

string

no description

Choices:

  • serdes-sfp

  • sgmii-sfp

  • cfp2-sr10

  • cfp2-lr4

  • serdes-copper-sfp

  • sr

  • cr

  • lr

  • qsfp28-sr4

  • qsfp28-lr4

  • qsfp28-cr4

  • sr4

  • cr4

  • lr4

member

string

no description

integer

no description

string

no description

Choices:

  • operational

  • administrative

mode

string

no description

Choices:

  • static

  • dhcp

  • pppoe

  • pppoa

  • ipoa

  • eoa

monitor-bandwidth

string

no description

Choices:

  • disable

  • enable

mtu

integer

no description

mtu-override

string

no description

Choices:

  • disable

  • enable

mux-type

string

no description

Choices:

  • llc-encaps

  • vc-encaps

name

string

no description

ndiscforward

string

no description

Choices:

  • disable

  • enable

netbios-forward

string

no description

Choices:

  • disable

  • enable

netflow-sampler

string

no description

Choices:

  • disable

  • tx

  • rx

  • both

np-qos-profile

integer

no description

npu-fastpath

string

no description

Choices:

  • disable

  • enable

nst

string

no description

Choices:

  • disable

  • enable

out-force-vlan-cos

integer

no description

outbandwidth

integer

no description

padt-retry-timeout

integer

no description

password

string

no description

peer-interface

string

no description

phy-mode

string

no description

Choices:

  • auto

  • adsl

  • vdsl

ping-serv-status

integer

no description

poe

string

no description

Choices:

  • disable

  • enable

polling-interval

integer

no description

pppoe-unnumbered-negotiate

string

no description

Choices:

  • disable

  • enable

pptp-auth-type

string

no description

Choices:

  • auto

  • pap

  • chap

  • mschapv1

  • mschapv2

pptp-client

string

no description

Choices:

  • disable

  • enable

pptp-password

string

no description

pptp-server-ip

string

no description

pptp-timeout

integer

no description

pptp-user

string

no description

preserve-session-route

string

no description

Choices:

  • disable

  • enable

priority

integer

no description

priority-override

string

no description

Choices:

  • disable

  • enable

proxy-captive-portal

string

no description

Choices:

  • disable

  • enable

redundant-interface

string

no description

remote-ip

string

no description

replacemsg-override-group

string

no description

retransmission

string

no description

Choices:

  • disable

  • enable

ring-rx

integer

no description

ring-tx

integer

no description

role

string

no description

Choices:

  • lan

  • wan

  • dmz

  • undefined

sample-direction

string

no description

Choices:

  • rx

  • tx

  • both

sample-rate

integer

no description

scan-botnet-connections

string

no description

Choices:

  • disable

  • block

  • monitor

secondary-IP

string

no description

Choices:

  • disable

  • enable

secondaryip

list / elements=string

no description

allowaccess

list / elements=string

no description

Choices:

  • https

  • ping

  • ssh

  • snmp

  • http

  • telnet

  • fgfm

  • auto-ipsec

  • radius-acct

  • probe-response

  • capwap

  • dnp

  • ftm

  • fabric

detectprotocol

list / elements=string

no description

Choices:

  • ping

  • tcp-echo

  • udp-echo

detectserver

string

no description

gwdetect

string

no description

Choices:

  • disable

  • enable

ha-priority

integer

no description

id

integer

no description

ip

string

no description

ping-serv-status

integer

no description

seq

integer

no description

security-8021x-dynamic-vlan-id

integer

no description

security-8021x-master

string

no description

security-8021x-mode

string

no description

Choices:

  • default

  • dynamic-vlan

  • fallback

  • slave

security-exempt-list

string

no description

security-external-logout

string

no description

security-external-web

string

no description

security-groups

string

no description

security-mac-auth-bypass

string

no description

Choices:

  • disable

  • enable

  • mac-auth-only

security-mode

string

no description

Choices:

  • none

  • captive-portal

  • 802.1X

security-redirect-url

string

no description

service-name

string

no description

sflow-sampler

string

no description

Choices:

  • disable

  • enable

speed

string

no description

Choices:

  • auto

  • 10full

  • 10half

  • 100full

  • 100half

  • 1000full

  • 1000half

  • 10000full

  • 1000auto

  • 10000auto

  • 40000full

  • 100Gfull

  • 25000full

  • 40000auto

  • 25000auto

  • 100Gauto

spillover-threshold

integer

no description

src-check

string

no description

Choices:

  • disable

  • enable

status

string

no description

Choices:

  • down

  • up

stp

string

no description

Choices:

  • disable

  • enable

stp-ha-secondary

string

Control STP behaviour on HA secondary.

Choices:

  • disable

  • enable

  • priority-adjust

stp-ha-slave

string

no description

Choices:

  • disable

  • enable

  • priority-adjust

stpforward

string

no description

Choices:

  • disable

  • enable

stpforward-mode

string

no description

Choices:

  • rpl-all-ext-id

  • rpl-bridge-ext-id

  • rpl-nothing

strip-priority-vlan-tag

string

no description

Choices:

  • disable

  • enable

subst

string

no description

Choices:

  • disable

  • enable

substitute-dst-mac

string

no description

swc-first-create

integer

Initial create for switch-controller VLANs.

swc-vlan

integer

no description

switch

string

no description

switch-controller-access-vlan

string

no description

Choices:

  • disable

  • enable

switch-controller-arp-inspection

string

no description

Choices:

  • disable

  • enable

switch-controller-auth

string

no description

Choices:

  • radius

  • usergroup

switch-controller-dhcp-snooping

string

no description

Choices:

  • disable

  • enable

switch-controller-dhcp-snooping-option82

string

no description

Choices:

  • disable

  • enable

switch-controller-dhcp-snooping-verify-mac

string

no description

Choices:

  • disable

  • enable

switch-controller-dynamic

string

Integrated FortiLink settings for managed FortiSwitch.

switch-controller-feature

string

no description

Choices:

  • none

  • default-vlan

  • quarantine

  • sniffer

  • voice

  • camera

  • rspan

  • video

  • nac

switch-controller-igmp-snooping

string

no description

Choices:

  • disable

  • enable

switch-controller-igmp-snooping-fast-leave

string

no description

Choices:

  • disable

  • enable

switch-controller-igmp-snooping-proxy

string

no description

Choices:

  • disable

  • enable

switch-controller-iot-scanning

string

Enable/disable managed FortiSwitch IoT scanning.

Choices:

  • disable

  • enable

switch-controller-learning-limit

integer

no description

switch-controller-mgmt-vlan

integer

no description

switch-controller-nac

string

no description

switch-controller-radius-server

string

no description

switch-controller-rspan-mode

string

no description

Choices:

  • disable

  • enable

switch-controller-source-ip

string

Source IP address used in FortiLink over L3 connections.

Choices:

  • outbound

  • fixed

switch-controller-traffic-policy

string

no description

tc-mode

string

no description

Choices:

  • ptm

  • atm

tcp-mss

integer

no description

trunk

string

no description

Choices:

  • disable

  • enable

trust-ip-1

string

no description

trust-ip-2

string

no description

trust-ip-3

string

no description

trust-ip6-1

string

no description

trust-ip6-2

string

no description

trust-ip6-3

string

no description

type

string

no description

Choices:

  • physical

  • vlan

  • aggregate

  • redundant

  • tunnel

  • wireless

  • vdom-link

  • loopback

  • switch

  • hard-switch

  • hdlc

  • vap-switch

  • wl-mesh

  • fortilink

  • switch-vlan

  • fctrl-trunk

  • tdm

  • fext-wan

  • vxlan

  • emac-vlan

  • geneve

  • ssl

username

string

no description

vci

integer

no description

vectoring

string

no description

Choices:

  • disable

  • enable

vindex

integer

no description

vlan-protocol

string

no description

Choices:

  • 8021q

  • 8021ad

vlanforward

string

no description

Choices:

  • disable

  • enable

vlanid

integer

no description

vpi

integer

no description

vrf

integer

no description

vrrp

list / elements=string

no description

accept-mode

string

no description

Choices:

  • disable

  • enable

adv-interval

integer

no description

ignore-default-route

string

no description

Choices:

  • disable

  • enable

preempt

string

no description

Choices:

  • disable

  • enable

priority

integer

no description

start-time

integer

no description

status

string

no description

Choices:

  • disable

  • enable

version

string

no description

Choices:

  • 2

  • 3

vrdst

string

no description

vrdst-priority

integer

no description

vrgrp

integer

no description

vrid

integer

no description

vrip

string

no description

vrrp-virtual-mac

string

no description

Choices:

  • disable

  • enable

wccp

string

no description

Choices:

  • disable

  • enable

weight

integer

no description

wifi-5g-threshold

string

no description

wifi-acl

string

no description

Choices:

  • deny

  • allow

wifi-ap-band

string

no description

Choices:

  • any

  • 5g-preferred

  • 5g-only

wifi-auth

string

no description

Choices:

  • PSK

  • RADIUS

  • radius

  • usergroup

wifi-auto-connect

string

no description

Choices:

  • disable

  • enable

wifi-auto-save

string

no description

Choices:

  • disable

  • enable

wifi-broadcast-ssid

string

no description

Choices:

  • disable

  • enable

wifi-encrypt

string

no description

Choices:

  • TKIP

  • AES

wifi-fragment-threshold

integer

no description

wifi-key

string

no description

wifi-keyindex

integer

no description

wifi-mac-filter

string

no description

Choices:

  • disable

  • enable

wifi-passphrase

string

no description

wifi-radius-server

string

no description

wifi-rts-threshold

integer

no description

wifi-security

string

no description

Choices:

  • None

  • WEP64

  • wep64

  • WEP128

  • wep128

  • WPA_PSK

  • WPA_RADIUS

  • WPA

  • WPA2

  • WPA2_AUTO

  • open

  • wpa-personal

  • wpa-enterprise

  • wpa-only-personal

  • wpa-only-enterprise

  • wpa2-only-personal

  • wpa2-only-enterprise

wifi-ssid

string

no description

wifi-usergroup

string

no description

wins-ip

string

no description

proposed_method

string

The overridden method for the underlying Json RPC request

Choices:

  • update

  • set

  • add

rc_failed

list / elements=string

the rc codes list with which the conditions to fail will be overriden

rc_succeeded

list / elements=string

the rc codes list with which the conditions to succeed will be overriden

state

string / required

the directive to create, update or delete an object

Choices:

  • present

  • absent

vlan

string / required

the parameter (vlan) in requested url

workspace_locking_adom

string

the adom to lock for FortiManager running in workspace mode, the value can be global and others including root

workspace_locking_timeout

integer

the maximum time in seconds to wait for other user to release the workspace lock

Default: 300

Notes

Note

  • Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.

  • To create or update an object, use state present directive.

  • To delete an object, use state absent directive.

  • Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded

Examples

- hosts: fortimanager-inventory
  collections:
    - fortinet.fortimanager
  connection: httpapi
  vars:
     ansible_httpapi_use_ssl: True
     ansible_httpapi_validate_certs: False
     ansible_httpapi_port: 443
  tasks:
   - name: Configure interfaces.
     fmgr_fsp_vlan_interface:
        bypass_validation: False
        workspace_locking_adom: <value in [global, custom adom including root]>
        workspace_locking_timeout: 300
        rc_succeeded: [0, -2, -3, ...]
        rc_failed: [-2, -3, ...]
        adom: <your own value>
        vlan: <your own value>
        fsp_vlan_interface:
           ac-name: <value of string>
           aggregate: <value of string>
           algorithm: <value in [L2, L3, L4]>
           alias: <value of string>
           allowaccess:
             - https
             - ping
             - ssh
             - snmp
             - http
             - telnet
             - fgfm
             - auto-ipsec
             - radius-acct
             - probe-response
             - capwap
             - dnp
             - ftm
             - fabric
           ap-discover: <value in [disable, enable]>
           arpforward: <value in [disable, enable]>
           atm-protocol: <value in [none, ipoa]>
           auth-type: <value in [auto, pap, chap, ...]>
           auto-auth-extension-device: <value in [disable, enable]>
           bfd: <value in [global, enable, disable]>
           bfd-desired-min-tx: <value of integer>
           bfd-detect-mult: <value of integer>
           bfd-required-min-rx: <value of integer>
           broadcast-forticlient-discovery: <value in [disable, enable]>
           broadcast-forward: <value in [disable, enable]>
           captive-portal: <value of integer>
           cli-conn-status: <value of integer>
           color: <value of integer>
           ddns: <value in [disable, enable]>
           ddns-auth: <value in [disable, tsig]>
           ddns-domain: <value of string>
           ddns-key: <value of string>
           ddns-keyname: <value of string>
           ddns-password: <value of string>
           ddns-server: <value in [dhs.org, dyndns.org, dyns.net, ...]>
           ddns-server-ip: <value of string>
           ddns-sn: <value of string>
           ddns-ttl: <value of integer>
           ddns-username: <value of string>
           ddns-zone: <value of string>
           dedicated-to: <value in [none, management]>
           defaultgw: <value in [disable, enable]>
           description: <value of string>
           detected-peer-mtu: <value of integer>
           detectprotocol:
             - ping
             - tcp-echo
             - udp-echo
           detectserver: <value of string>
           device-access-list: <value of string>
           device-identification: <value in [disable, enable]>
           device-identification-active-scan: <value in [disable, enable]>
           device-netscan: <value in [disable, enable]>
           device-user-identification: <value in [disable, enable]>
           devindex: <value of integer>
           dhcp-client-identifier: <value of string>
           dhcp-relay-agent-option: <value in [disable, enable]>
           dhcp-relay-ip: <value of string>
           dhcp-relay-service: <value in [disable, enable]>
           dhcp-relay-type: <value in [regular, ipsec]>
           dhcp-renew-time: <value of integer>
           disc-retry-timeout: <value of integer>
           disconnect-threshold: <value of integer>
           distance: <value of integer>
           dns-query: <value in [disable, recursive, non-recursive]>
           dns-server-override: <value in [disable, enable]>
           drop-fragment: <value in [disable, enable]>
           drop-overlapped-fragment: <value in [disable, enable]>
           egress-cos: <value in [disable, cos0, cos1, ...]>
           egress-shaping-profile: <value of string>
           endpoint-compliance: <value in [disable, enable]>
           estimated-downstream-bandwidth: <value of integer>
           estimated-upstream-bandwidth: <value of integer>
           explicit-ftp-proxy: <value in [disable, enable]>
           explicit-web-proxy: <value in [disable, enable]>
           external: <value in [disable, enable]>
           fail-action-on-extender: <value in [soft-restart, hard-restart, reboot]>
           fail-alert-interfaces: <value of string>
           fail-alert-method: <value in [link-failed-signal, link-down]>
           fail-detect: <value in [disable, enable]>
           fail-detect-option:
             - detectserver
             - link-down
           fdp: <value in [disable, enable]>
           fortiheartbeat: <value in [disable, enable]>
           fortilink: <value in [disable, enable]>
           fortilink-backup-link: <value of integer>
           fortilink-split-interface: <value in [disable, enable]>
           fortilink-stacking: <value in [disable, enable]>
           forward-domain: <value of integer>
           forward-error-correction: <value in [disable, enable, rs-fec, ...]>
           fp-anomaly:
             - drop_tcp_fin_noack
             - pass_winnuke
             - pass_tcpland
             - pass_udpland
             - pass_icmpland
             - pass_ipland
             - pass_iprr
             - pass_ipssrr
             - pass_iplsrr
             - pass_ipstream
             - pass_ipsecurity
             - pass_iptimestamp
             - pass_ipunknown_option
             - pass_ipunknown_prot
             - pass_icmp_frag
             - pass_tcp_no_flag
             - pass_tcp_fin_noack
             - drop_winnuke
             - drop_tcpland
             - drop_udpland
             - drop_icmpland
             - drop_ipland
             - drop_iprr
             - drop_ipssrr
             - drop_iplsrr
             - drop_ipstream
             - drop_ipsecurity
             - drop_iptimestamp
             - drop_ipunknown_option
             - drop_ipunknown_prot
             - drop_icmp_frag
             - drop_tcp_no_flag
           fp-disable:
             - all
             - ipsec
             - none
           gateway-address: <value of string>
           gi-gk: <value in [disable, enable]>
           gwaddr: <value of string>
           gwdetect: <value in [disable, enable]>
           ha-priority: <value of integer>
           icmp-accept-redirect: <value in [disable, enable]>
           icmp-redirect: <value in [disable, enable]>
           icmp-send-redirect: <value in [disable, enable]>
           ident-accept: <value in [disable, enable]>
           idle-timeout: <value of integer>
           if-mdix: <value in [auto, normal, crossover]>
           if-media: <value in [auto, copper, fiber]>
           in-force-vlan-cos: <value of integer>
           inbandwidth: <value of integer>
           ingress-cos: <value in [disable, cos0, cos1, ...]>
           ingress-spillover-threshold: <value of integer>
           internal: <value of integer>
           ip: <value of string>
           ipmac: <value in [disable, enable]>
           ips-sniffer-mode: <value in [disable, enable]>
           ipunnumbered: <value of string>
           ipv6:
              autoconf: <value in [disable, enable]>
              dhcp6-client-options:
                - rapid
                - iapd
                - iana
                - dns
                - dnsname
              dhcp6-information-request: <value in [disable, enable]>
              dhcp6-prefix-delegation: <value in [disable, enable]>
              dhcp6-prefix-hint: <value of string>
              dhcp6-prefix-hint-plt: <value of integer>
              dhcp6-prefix-hint-vlt: <value of integer>
              dhcp6-relay-ip: <value of string>
              dhcp6-relay-service: <value in [disable, enable]>
              dhcp6-relay-type: <value in [regular]>
              ip6-address: <value of string>
              ip6-allowaccess:
                - https
                - ping
                - ssh
                - snmp
                - http
                - telnet
                - fgfm
                - capwap
                - fabric
              ip6-default-life: <value of integer>
              ip6-dns-server-override: <value in [disable, enable]>
              ip6-hop-limit: <value of integer>
              ip6-link-mtu: <value of integer>
              ip6-manage-flag: <value in [disable, enable]>
              ip6-max-interval: <value of integer>
              ip6-min-interval: <value of integer>
              ip6-mode: <value in [static, dhcp, pppoe, ...]>
              ip6-other-flag: <value in [disable, enable]>
              ip6-reachable-time: <value of integer>
              ip6-retrans-time: <value of integer>
              ip6-send-adv: <value in [disable, enable]>
              ip6-subnet: <value of string>
              ip6-upstream-interface: <value of string>
              nd-cert: <value of string>
              nd-cga-modifier: <value of string>
              nd-mode: <value in [basic, SEND-compatible]>
              nd-security-level: <value of integer>
              nd-timestamp-delta: <value of integer>
              nd-timestamp-fuzz: <value of integer>
              vrip6_link_local: <value of string>
              vrrp-virtual-mac6: <value in [disable, enable]>
              ip6-delegated-prefix-list:
                -
                    autonomous-flag: <value in [disable, enable]>
                    onlink-flag: <value in [disable, enable]>
                    prefix-id: <value of integer>
                    rdnss: <value of string>
                    rdnss-service: <value in [delegated, default, specify]>
                    subnet: <value of string>
                    upstream-interface: <value of string>
              ip6-extra-addr:
                -
                    prefix: <value of string>
              ip6-prefix-list:
                -
                    autonomous-flag: <value in [disable, enable]>
                    dnssl: <value of string>
                    onlink-flag: <value in [disable, enable]>
                    preferred-life-time: <value of integer>
                    prefix: <value of string>
                    rdnss: <value of string>
                    valid-life-time: <value of integer>
              vrrp6:
                -
                    accept-mode: <value in [disable, enable]>
                    adv-interval: <value of integer>
                    preempt: <value in [disable, enable]>
                    priority: <value of integer>
                    start-time: <value of integer>
                    status: <value in [disable, enable]>
                    vrdst6: <value of string>
                    vrgrp: <value of integer>
                    vrid: <value of integer>
                    vrip6: <value of string>
              interface-identifier: <value of string>
              unique-autoconf-addr: <value in [disable, enable]>
              icmp6-send-redirect: <value in [disable, enable]>
              cli-conn6-status: <value of integer>
              ip6-prefix-mode: <value in [dhcp6, ra]>
              ra-send-mtu: <value in [disable, enable]>
           l2forward: <value in [disable, enable]>
           l2tp-client: <value in [disable, enable]>
           lacp-ha-slave: <value in [disable, enable]>
           lacp-mode: <value in [static, passive, active]>
           lacp-speed: <value in [slow, fast]>
           lcp-echo-interval: <value of integer>
           lcp-max-echo-fails: <value of integer>
           link-up-delay: <value of integer>
           listen-forticlient-connection: <value in [disable, enable]>
           lldp-network-policy: <value of string>
           lldp-reception: <value in [disable, enable, vdom]>
           lldp-transmission: <value in [enable, disable, vdom]>
           log: <value in [disable, enable]>
           macaddr: <value of string>
           management-ip: <value of string>
           max-egress-burst-rate: <value of integer>
           max-egress-rate: <value of integer>
           mediatype: <value in [serdes-sfp, sgmii-sfp, cfp2-sr10, ...]>
           member: <value of string>
           min-links: <value of integer>
           min-links-down: <value in [operational, administrative]>
           mode: <value in [static, dhcp, pppoe, ...]>
           mtu: <value of integer>
           mtu-override: <value in [disable, enable]>
           mux-type: <value in [llc-encaps, vc-encaps]>
           name: <value of string>
           ndiscforward: <value in [disable, enable]>
           netbios-forward: <value in [disable, enable]>
           netflow-sampler: <value in [disable, tx, rx, ...]>
           npu-fastpath: <value in [disable, enable]>
           nst: <value in [disable, enable]>
           out-force-vlan-cos: <value of integer>
           outbandwidth: <value of integer>
           padt-retry-timeout: <value of integer>
           password: <value of string>
           peer-interface: <value of string>
           phy-mode: <value in [auto, adsl, vdsl]>
           ping-serv-status: <value of integer>
           poe: <value in [disable, enable]>
           polling-interval: <value of integer>
           pppoe-unnumbered-negotiate: <value in [disable, enable]>
           pptp-auth-type: <value in [auto, pap, chap, ...]>
           pptp-client: <value in [disable, enable]>
           pptp-password: <value of string>
           pptp-server-ip: <value of string>
           pptp-timeout: <value of integer>
           pptp-user: <value of string>
           preserve-session-route: <value in [disable, enable]>
           priority: <value of integer>
           priority-override: <value in [disable, enable]>
           proxy-captive-portal: <value in [disable, enable]>
           redundant-interface: <value of string>
           remote-ip: <value of string>
           replacemsg-override-group: <value of string>
           retransmission: <value in [disable, enable]>
           role: <value in [lan, wan, dmz, ...]>
           sample-direction: <value in [rx, tx, both]>
           sample-rate: <value of integer>
           scan-botnet-connections: <value in [disable, block, monitor]>
           secondary-IP: <value in [disable, enable]>
           secondaryip:
             -
                 allowaccess:
                   - https
                   - ping
                   - ssh
                   - snmp
                   - http
                   - telnet
                   - fgfm
                   - auto-ipsec
                   - radius-acct
                   - probe-response
                   - capwap
                   - dnp
                   - ftm
                   - fabric
                 detectprotocol:
                   - ping
                   - tcp-echo
                   - udp-echo
                 detectserver: <value of string>
                 gwdetect: <value in [disable, enable]>
                 ha-priority: <value of integer>
                 id: <value of integer>
                 ip: <value of string>
                 ping-serv-status: <value of integer>
                 seq: <value of integer>
           security-8021x-dynamic-vlan-id: <value of integer>
           security-8021x-master: <value of string>
           security-8021x-mode: <value in [default, dynamic-vlan, fallback, ...]>
           security-exempt-list: <value of string>
           security-external-logout: <value of string>
           security-external-web: <value of string>
           security-groups: <value of string>
           security-mac-auth-bypass: <value in [disable, enable, mac-auth-only]>
           security-mode: <value in [none, captive-portal, 802.1X]>
           security-redirect-url: <value of string>
           service-name: <value of string>
           sflow-sampler: <value in [disable, enable]>
           speed: <value in [auto, 10full, 10half, ...]>
           spillover-threshold: <value of integer>
           src-check: <value in [disable, enable]>
           status: <value in [down, up]>
           stp: <value in [disable, enable]>
           stp-ha-slave: <value in [disable, enable, priority-adjust]>
           stpforward: <value in [disable, enable]>
           stpforward-mode: <value in [rpl-all-ext-id, rpl-bridge-ext-id, rpl-nothing]>
           strip-priority-vlan-tag: <value in [disable, enable]>
           subst: <value in [disable, enable]>
           substitute-dst-mac: <value of string>
           switch: <value of string>
           switch-controller-access-vlan: <value in [disable, enable]>
           switch-controller-arp-inspection: <value in [disable, enable]>
           switch-controller-auth: <value in [radius, usergroup]>
           switch-controller-dhcp-snooping: <value in [disable, enable]>
           switch-controller-dhcp-snooping-option82: <value in [disable, enable]>
           switch-controller-dhcp-snooping-verify-mac: <value in [disable, enable]>
           switch-controller-igmp-snooping: <value in [disable, enable]>
           switch-controller-learning-limit: <value of integer>
           switch-controller-radius-server: <value of string>
           switch-controller-traffic-policy: <value of string>
           tc-mode: <value in [ptm, atm]>
           tcp-mss: <value of integer>
           trunk: <value in [disable, enable]>
           trust-ip-1: <value of string>
           trust-ip-2: <value of string>
           trust-ip-3: <value of string>
           trust-ip6-1: <value of string>
           trust-ip6-2: <value of string>
           trust-ip6-3: <value of string>
           type: <value in [physical, vlan, aggregate, ...]>
           username: <value of string>
           vci: <value of integer>
           vectoring: <value in [disable, enable]>
           vindex: <value of integer>
           vlanforward: <value in [disable, enable]>
           vlanid: <value of integer>
           vpi: <value of integer>
           vrf: <value of integer>
           vrrp:
             -
                 accept-mode: <value in [disable, enable]>
                 adv-interval: <value of integer>
                 ignore-default-route: <value in [disable, enable]>
                 preempt: <value in [disable, enable]>
                 priority: <value of integer>
                 start-time: <value of integer>
                 status: <value in [disable, enable]>
                 version: <value in [2, 3]>
                 vrdst: <value of string>
                 vrdst-priority: <value of integer>
                 vrgrp: <value of integer>
                 vrid: <value of integer>
                 vrip: <value of string>
           vrrp-virtual-mac: <value in [disable, enable]>
           wccp: <value in [disable, enable]>
           weight: <value of integer>
           wifi-5g-threshold: <value of string>
           wifi-acl: <value in [deny, allow]>
           wifi-ap-band: <value in [any, 5g-preferred, 5g-only]>
           wifi-auth: <value in [PSK, RADIUS, radius, ...]>
           wifi-auto-connect: <value in [disable, enable]>
           wifi-auto-save: <value in [disable, enable]>
           wifi-broadcast-ssid: <value in [disable, enable]>
           wifi-encrypt: <value in [TKIP, AES]>
           wifi-fragment-threshold: <value of integer>
           wifi-key: <value of string>
           wifi-keyindex: <value of integer>
           wifi-mac-filter: <value in [disable, enable]>
           wifi-passphrase: <value of string>
           wifi-radius-server: <value of string>
           wifi-rts-threshold: <value of integer>
           wifi-security: <value in [None, WEP64, wep64, ...]>
           wifi-ssid: <value of string>
           wifi-usergroup: <value of string>
           wins-ip: <value of string>
           eip: <value of string>
           fortilink-neighbor-detect: <value in [lldp, fortilink]>
           ingress-shaping-profile: <value of string>
           ring-rx: <value of integer>
           ring-tx: <value of integer>
           switch-controller-igmp-snooping-fast-leave: <value in [disable, enable]>
           switch-controller-igmp-snooping-proxy: <value in [disable, enable]>
           switch-controller-rspan-mode: <value in [disable, enable]>
           bandwidth-measure-time: <value of integer>
           ip-managed-by-fortiipam: <value in [disable, enable]>
           managed-subnetwork-size: <value in [256, 512, 1024, ...]>
           measured-downstream-bandwidth: <value of integer>
           measured-upstream-bandwidth: <value of integer>
           monitor-bandwidth: <value in [disable, enable]>
           swc-vlan: <value of integer>
           switch-controller-feature: <value in [none, default-vlan, quarantine, ...]>
           switch-controller-mgmt-vlan: <value of integer>
           switch-controller-nac: <value of string>
           vlan-protocol: <value in [8021q, 8021ad]>
           dhcp-relay-interface: <value of string>
           dhcp-relay-interface-select-method: <value in [auto, sdwan, specify]>
           np-qos-profile: <value of integer>
           swc-first-create: <value of integer>
           switch-controller-iot-scanning: <value in [disable, enable]>
           switch-controller-source-ip: <value in [outbound, fixed]>
           dhcp-relay-request-all-server: <value in [disable, enable]>
           stp-ha-secondary: <value in [disable, enable, priority-adjust]>
           switch-controller-dynamic: <value of string>

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

request_url

string

The full url requested

Returned: always

Sample: “/sys/login/user”

response_code

integer

The status of api request

Returned: always

Sample: 0

response_message

string

The descriptive message of the api response

Returned: always

Sample: “OK.”

Authors

  • Link Zheng (@chillancezen)

  • Jie Xue (@JieX19)

  • Frank Shen (@fshen01)

  • Hongbin Lu (@fgtdev-hblu)