fortinet.fortimanager.fmgr_fsp_vlan module – no description
Note
This module is part of the fortinet.fortimanager collection (version 2.1.5).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install fortinet.fortimanager
.
To use it in a playbook, specify: fortinet.fortimanager.fmgr_fsp_vlan
.
New in version 2.10: of fortinet.fortimanager
Synopsis
This module is able to configure a FortiManager device.
Examples include all parameters and values which need to be adjusted to data sources before usage.
Parameters
Parameter |
Comments |
---|---|
the parameter (adom) in requested url |
|
only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters Choices:
|
|
Enable/Disable logging for task Choices:
|
|
the top level parameters set |
|
_Dhcp-Status. Choices:
|
|
no description Choices:
|
|
Color. |
|
no description |
|
no description |
|
Enable/disable auto configuration. Choices:
|
|
Enable/disable use of this DHCP server once this interface has been assigned an IP address from FortiIPAM. Choices:
|
|
Time in seconds to wait after a conflicted IP address is removed from the DHCP range before it can be reused. |
|
DDNS authentication mode. Choices:
|
|
DDNS update key (base 64 encoding). |
|
DDNS update key name. |
|
DDNS server IP. |
|
TTL. |
|
Enable/disable DDNS update for DHCP. Choices:
|
|
Enable/disable DDNS update override for DHCP. Choices:
|
|
Zone of your domain name (ex. DDNS.com). |
|
Default gateway IP address assigned by the DHCP server. |
|
Enable/disable populating of DHCP server settings from FortiIPAM. Choices:
|
|
DNS server 1. |
|
DNS server 2. |
|
DNS server 3. |
|
DNS server 4. |
|
Options for assigning DNS servers to DHCP clients. Choices:
|
|
Domain name suffix for the IP addresses that the DHCP server assigns to clients. |
|
Enable. Choices:
|
|
Exclude-Range. |
|
End of IP range. |
|
ID. |
|
Start of IP range. |
|
Name of the boot file on the TFTP server. |
|
Enable/disable FortiClient-On-Net service for this DHCP server. Choices:
|
|
ID. |
|
Method used to assign client IP. Choices:
|
|
Ip-Range. |
|
End of IP range. |
|
ID. |
|
Start of IP range. |
|
DHCP over IPsec leases expire this many seconds after tunnel down (0 to disable forced-expiry). |
|
Lease time in seconds, 0 means unlimited. |
|
MAC access control default action (allow or block assigning IP settings). Choices:
|
|
Netmask assigned by the DHCP server. |
|
IP address of a server (for example, a TFTP sever) that DHCP clients can download a boot file from. |
|
NTP server 1. |
|
NTP server 2. |
|
NTP server 3. |
|
Options for assigning Network Time Protocol (NTP) servers to DHCP clients. Choices:
|
|
Option1. |
|
Option2. |
|
Option3. |
|
Option4. |
|
Option5. |
|
Option6. |
|
Options. |
|
DHCP option code. |
|
ID. |
|
DHCP option IPs. |
|
DHCP option type. Choices:
|
|
DHCP option value. |
|
Reserved-Address. |
|
Options for the DHCP server to configure the client with the reserved MAC address. Choices:
|
|
Option 82 circuit-ID of the client that will get the reserved IP address. |
|
DHCP option type. Choices:
|
|
Description. |
|
ID. |
|
IP address to be reserved for the MAC address. |
|
MAC address of the client that will get the reserved IP address. |
|
Option 82 remote-ID of the client that will get the reserved IP address. |
|
DHCP option type. Choices:
|
|
DHCP reserved-address type. Choices:
|
|
DHCP server can be a normal DHCP server or an IPsec DHCP server. Choices:
|
|
Enable/disable this DHCP configuration. Choices:
|
|
One or more hostnames or IP addresses of the TFTP servers in quotes separated by spaces. |
|
Select the time zone to be assigned to DHCP clients. Choices:
|
|
Options for the DHCP server to set the clients time zone. Choices:
|
|
Enable/disable vendor class identifier (VCI) matching. When enabled only DHCP requests with a matching VCI are served. Choices:
|
|
One or more VCI strings in quotes separated by spaces. |
|
Options for assigning WiFi Access Controllers to DHCP clients Choices:
|
|
WiFi Access Controller 1 IP address (DHCP option 138, RFC 5417). |
|
WiFi Access Controller 2 IP address (DHCP option 138, RFC 5417). |
|
WiFi Access Controller 3 IP address (DHCP option 138, RFC 5417). |
|
WINS server 1. |
|
WINS server 2. |
|
Dynamic_Mapping. |
|
_Dhcp-Status. Choices:
|
|
_Scope. |
|
Name. |
|
Vdom. |
|
no description |
|
Enable/disable auto configuration. Choices:
|
|
Enable/disable use of this DHCP server once this interface has been assigned an IP address from FortiIPAM. Choices:
|
|
Time in seconds to wait after a conflicted IP address is removed from the DHCP range before it can be reused. |
|
DDNS authentication mode. Choices:
|
|
DDNS update key (base 64 encoding). |
|
DDNS update key name. |
|
DDNS server IP. |
|
TTL. |
|
Enable/disable DDNS update for DHCP. Choices:
|
|
Enable/disable DDNS update override for DHCP. Choices:
|
|
Zone of your domain name (ex. DDNS.com). |
|
Default gateway IP address assigned by the DHCP server. |
|
Enable/disable populating of DHCP server settings from FortiIPAM. Choices:
|
|
DNS server 1. |
|
DNS server 2. |
|
DNS server 3. |
|
DNS server 4. |
|
Options for assigning DNS servers to DHCP clients. Choices:
|
|
Domain name suffix for the IP addresses that the DHCP server assigns to clients. |
|
Enable. Choices:
|
|
Exclude-Range. |
|
End of IP range. |
|
ID. |
|
Start of IP range. |
|
Name of the boot file on the TFTP server. |
|
Enable/disable FortiClient-On-Net service for this DHCP server. Choices:
|
|
ID. |
|
Method used to assign client IP. Choices:
|
|
Ip-Range. |
|
End of IP range. |
|
ID. |
|
Start of IP range. |
|
DHCP over IPsec leases expire this many seconds after tunnel down (0 to disable forced-expiry). |
|
Lease time in seconds, 0 means unlimited. |
|
MAC access control default action (allow or block assigning IP settings). Choices:
|
|
Netmask assigned by the DHCP server. |
|
IP address of a server (for example, a TFTP sever) that DHCP clients can download a boot file from. |
|
NTP server 1. |
|
NTP server 2. |
|
NTP server 3. |
|
Options for assigning Network Time Protocol (NTP) servers to DHCP clients. Choices:
|
|
Option1. |
|
Option2. |
|
Option3. |
|
Option4. |
|
Option5. |
|
Option6. |
|
Options. |
|
DHCP option code. |
|
ID. |
|
DHCP option IPs. |
|
DHCP option type. Choices:
|
|
DHCP option value. |
|
Reserved-Address. |
|
Options for the DHCP server to configure the client with the reserved MAC address. Choices:
|
|
Option 82 circuit-ID of the client that will get the reserved IP address. |
|
DHCP option type. Choices:
|
|
Description. |
|
ID. |
|
IP address to be reserved for the MAC address. |
|
MAC address of the client that will get the reserved IP address. |
|
Option 82 remote-ID of the client that will get the reserved IP address. |
|
DHCP option type. Choices:
|
|
DHCP reserved-address type. Choices:
|
|
DHCP server can be a normal DHCP server or an IPsec DHCP server. Choices:
|
|
Enable/disable this DHCP configuration. Choices:
|
|
One or more hostnames or IP addresses of the TFTP servers in quotes separated by spaces. |
|
Select the time zone to be assigned to DHCP clients. Choices:
|
|
Options for the DHCP server to set the clients time zone. Choices:
|
|
Enable/disable vendor class identifier (VCI) matching. When enabled only DHCP requests with a matching VCI are… Choices:
|
|
One or more VCI strings in quotes separated by spaces. |
|
Options for assigning WiFi Access Controllers to DHCP clients Choices:
|
|
WiFi Access Controller 1 IP address (DHCP option 138, RFC 5417). |
|
WiFi Access Controller 2 IP address (DHCP option 138, RFC 5417). |
|
WiFi Access Controller 3 IP address (DHCP option 138, RFC 5417). |
|
WINS server 1. |
|
WINS server 2. |
|
no description |
|
Dhcp-Relay-Agent-Option. Choices:
|
|
Dhcp-Relay-Ip. |
|
Dhcp-Relay-Service. Choices:
|
|
Dhcp-Relay-Type. Choices:
|
|
Ip. |
|
no description |
|
Enable/disable address auto config. Choices:
|
|
Cli-Conn6-Status. |
|
Dhcp6-Client-Options. Choices:
|
|
Enable/disable DHCPv6 information request. Choices:
|
|
Enable/disable DHCPv6 prefix delegation. Choices:
|
|
DHCPv6 prefix that will be used as a hint to the upstream DHCPv6 server. |
|
DHCPv6 prefix hint preferred life time (sec), 0 means unlimited lease time. |
|
DHCPv6 prefix hint valid life time (sec). |
|
DHCPv6 relay IP address. |
|
Enable/disable DHCPv6 relay. Choices:
|
|
DHCPv6 relay type. Choices:
|
|
Enable/disable sending of ICMPv6 redirects. Choices:
|
|
IPv6 interface identifier. |
|
Primary IPv6 address prefix, syntax: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/xxx |
|
Allow management access to the interface. Choices:
|
|
Default life (sec). |
|
Ip6-Delegated-Prefix-List. |
|
Enable/disable the autonomous flag. Choices:
|
|
Enable/disable the onlink flag. Choices:
|
|
Prefix ID. |
|
Recursive DNS server option. |
|
Recursive DNS service option. Choices:
|
|
Add subnet ID to routing prefix. |
|
Name of the interface that provides delegated information. |
|
Enable/disable using the DNS server acquired by DHCP. Choices:
|
|
Ip6-Extra-Addr. |
|
IPv6 address prefix. |
|
Hop limit (0 means unspecified). |
|
IPv6 link MTU. |
|
Enable/disable the managed flag. Choices:
|
|
IPv6 maximum interval (4 to 1800 sec). |
|
IPv6 minimum interval (3 to 1350 sec). |
|
Addressing mode (static, DHCP, delegated). Choices:
|
|
Enable/disable the other IPv6 flag. Choices:
|
|
Ip6-Prefix-List. |
|
Enable/disable the autonomous flag. Choices:
|
|
DNS search list option. |
|
Enable/disable the onlink flag. Choices:
|
|
Preferred life time (sec). |
|
IPv6 prefix. |
|
Recursive DNS server option. |
|
Valid life time (sec). |
|
Assigning a prefix from DHCP or RA. Choices:
|
|
IPv6 reachable time (milliseconds; 0 means unspecified). |
|
IPv6 retransmit time (milliseconds; 0 means unspecified). |
|
Enable/disable sending advertisements about the interface. Choices:
|
|
Subnet to routing prefix, syntax: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/xxx |
|
Interface name providing delegated information. |
|
Neighbor discovery certificate. |
|
Neighbor discovery CGA modifier. |
|
Neighbor discovery mode. Choices:
|
|
Neighbor discovery security level (0 - 7; 0 = least secure, default = 0). |
|
Neighbor discovery timestamp delta value (1 - 3600 sec; default = 300). |
|
Neighbor discovery timestamp fuzz factor (1 - 60 sec; default = 1). |
|
Enable/disable sending link MTU in RA packet. Choices:
|
|
Enable/disable unique auto config address. Choices:
|
|
Link-local IPv6 address of virtual router. |
|
Enable/disable virtual MAC for VRRP. Choices:
|
|
Vrrp6. |
|
Enable/disable accept mode. Choices:
|
|
Advertisement interval (1 - 255 seconds). |
|
Enable/disable preempt mode. Choices:
|
|
Priority of the virtual router (1 - 255). |
|
Startup time (1 - 255 seconds). |
|
Enable/disable VRRP. Choices:
|
|
Monitor the route to this destination. |
|
VRRP group ID (1 - 65535). |
|
Virtual router identifier (1 - 255). |
|
IPv6 address of the virtual router. |
|
Secondary-Ip. Choices:
|
|
Secondaryip. |
|
Management access settings for the secondary IP address. Choices:
|
|
Protocols used to detect the server. Choices:
|
|
Gateways ping server for this IP. |
|
Enable/disable detect gateway alive for first. Choices:
|
|
HA election priority for the PING server. |
|
ID. |
|
Secondary IP address of the interface. |
|
Ping-Serv-Status. |
|
Seq. |
|
Vlanid. |
|
no description |
|
PPPoE server name. |
|
Aggregate. |
|
Frame distribution algorithm. Choices:
|
|
Alias will be displayed with the interface name to make it easier to distinguish. |
|
Permitted types of management access to this interface. Choices:
|
|
Enable/disable automatic registration of unknown FortiAP devices. Choices:
|
|
Enable/disable ARP forwarding. Choices:
|
|
ATM protocol. Choices:
|
|
PPP authentication type to use. Choices:
|
|
Enable/disable automatic authorization of dedicated Fortinet extension device on this interface. Choices:
|
|
Bandwidth measure time |
|
Bidirectional Forwarding Detection (BFD) settings. Choices:
|
|
BFD desired minimal transmit interval. |
|
BFD detection multiplier. |
|
BFD required minimal receive interval. |
|
Broadcast-Forticlient-Discovery. Choices:
|
|
Enable/disable broadcast forwarding. Choices:
|
|
Enable/disable captive portal. |
|
Cli-Conn-Status. |
|
Color of icon on the GUI. |
|
Ddns. Choices:
|
|
Ddns-Auth. Choices:
|
|
Ddns-Domain. |
|
Ddns-Key. |
|
Ddns-Keyname. |
|
Ddns-Password. |
|
Ddns-Server. Choices:
|
|
Ddns-Server-Ip. |
|
Ddns-Sn. |
|
Ddns-Ttl. |
|
Ddns-Username. |
|
Ddns-Zone. |
|
Configure interface for single purpose. Choices:
|
|
Enable to get the gateway IP from the DHCP or PPPoE server. Choices:
|
|
Description. |
|
Detected-Peer-Mtu. |
|
Protocols used to detect the server. Choices:
|
|
Gateways ping server for this IP. |
|
Device-Access-List. |
|
Enable/disable passively gathering of device identity information about the devices on the network connected to this i… Choices:
|
|
Device-Identification-Active-Scan. Choices:
|
|
Device-Netscan. Choices:
|
|
Enable/disable passive gathering of user identity information about users on this interface. Choices:
|
|
Devindex. |
|
DHCP client identifier. |
|
Enable/disable DHCP relay agent option. Choices:
|
|
Specify outgoing interface to reach server. |
|
Specify how to select outgoing interface to reach server. Choices:
|
|
DHCP relay IP address. |
|
Enable/disable sending of DHCP requests to all servers. Choices:
|
|
Enable/disable allowing this interface to act as a DHCP relay. Choices:
|
|
DHCP relay type (regular or IPsec). Choices:
|
|
DHCP renew time in seconds (300-604800), 0 means use the renew time provided by the server. |
|
Time in seconds to wait before retrying to start a PPPoE discovery, 0 means no timeout. |
|
Time in milliseconds to wait before sending a notification that this interface is down or disconnected. |
|
Distance for routes learned through PPPoE or DHCP, lower distance indicates preferred route. |
|
Dns-Query. Choices:
|
|
Enable/disable use DNS acquired by DHCP or PPPoE. Choices:
|
|
Enable/disable drop fragment packets. Choices:
|
|
Enable/disable drop overlapped fragment packets. Choices:
|
|
Override outgoing CoS in user VLAN tag. Choices:
|
|
Outgoing traffic shaping profile. |
|
Eip. |
|
Endpoint-Compliance. Choices:
|
|
Estimated maximum downstream bandwidth (kbps). Used to estimate link utilization. |
|
Estimated maximum upstream bandwidth (kbps). Used to estimate link utilization. |
|
Enable/disable the explicit FTP proxy on this interface. Choices:
|
|
Enable/disable the explicit web proxy on this interface. Choices:
|
|
Enable/disable identifying the interface as an external interface (which usually means its connected to the Internet). Choices:
|
|
Action on extender when interface fail . Choices:
|
|
Names of the FortiGate interfaces to which the link failure alert is sent. |
|
Select link-failed-signal or link-down method to alert about a failed link. Choices:
|
|
Enable/disable fail detection features for this interface. Choices:
|
|
Options for detecting that this interface has failed. Choices:
|
|
Fdp. Choices:
|
|
Fortiheartbeat. Choices:
|
|
Enable FortiLink to dedicate this interface to manage other Fortinet devices. Choices:
|
|
Fortilink-Backup-Link. |
|
Protocol for FortiGate neighbor discovery. Choices:
|
|
Enable/disable FortiLink split interface to connect member link to different FortiSwitch in stack for uplink redundancy. Choices:
|
|
Enable/disable FortiLink switch-stacking on this interface. Choices:
|
|
Transparent mode forward domain. |
|
Enable/disable forward error correction (FEC Clause 91). Choices:
|
|
Fp-Anomaly. Choices:
|
|
Fp-Disable. Choices:
|
|
Gateway address |
|
Enable/disable Gi Gatekeeper. Choices:
|
|
Gateway address |
|
Enable/disable detect gateway alive for first. Choices:
|
|
HA election priority for the PING server. |
|
Enable/disable ICMP accept redirect. Choices:
|
|
Icmp-Redirect. Choices:
|
|
Enable/disable sending of ICMP redirects. Choices:
|
|
Enable/disable authentication for this interface. Choices:
|
|
PPPoE auto disconnect after idle timeout seconds, 0 means no timeout. |
|
If-Mdix. Choices:
|
|
If-Media. Choices:
|
|
In-Force-Vlan-Cos. |
|
Bandwidth limit for incoming traffic (0 - 16776000 kbps), 0 means unlimited. |
|
Override incoming CoS in user VLAN tag on VLAN interface or assign a priority VLAN tag on physical interface. Choices:
|
|
Incoming traffic shaping profile. |
|
Ingress Spillover threshold (0 - 16776000 kbps), 0 means unlimited. |
|
Implicitly created. |
|
Interface IPv4 address and subnet mask, syntax: X.X.X.X/24. |
|
Enable/disable automatic IP address assignment of this interface by FortiIPAM. Choices:
|
|
Enable/disable IP/MAC binding. Choices:
|
|
Enable/disable the use of this interface as a one-armed sniffer. Choices:
|
|
Unnumbered IP used for PPPoE interfaces for which no unique local address is provided. |
|
no description |
|
Enable/disable address auto config. Choices:
|
|
Cli-Conn6-Status. |
|
Dhcp6-Client-Options. Choices:
|
|
Enable/disable DHCPv6 information request. Choices:
|
|
Enable/disable DHCPv6 prefix delegation. Choices:
|
|
DHCPv6 prefix that will be used as a hint to the upstream DHCPv6 server. |
|
DHCPv6 prefix hint preferred life time (sec), 0 means unlimited lease time. |
|
DHCPv6 prefix hint valid life time (sec). |
|
DHCPv6 relay IP address. |
|
Enable/disable DHCPv6 relay. Choices:
|
|
DHCPv6 relay type. Choices:
|
|
Enable/disable sending of ICMPv6 redirects. Choices:
|
|
IPv6 interface identifier. |
|
Primary IPv6 address prefix, syntax: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/xxx |
|
Allow management access to the interface. Choices:
|
|
Default life (sec). |
|
Ip6-Delegated-Prefix-List. |
|
Enable/disable the autonomous flag. Choices:
|
|
Enable/disable the onlink flag. Choices:
|
|
Prefix ID. |
|
Recursive DNS server option. |
|
Recursive DNS service option. Choices:
|
|
Add subnet ID to routing prefix. |
|
Name of the interface that provides delegated information. |
|
Enable/disable using the DNS server acquired by DHCP. Choices:
|
|
Ip6-Extra-Addr. |
|
IPv6 address prefix. |
|
Hop limit (0 means unspecified). |
|
IPv6 link MTU. |
|
Enable/disable the managed flag. Choices:
|
|
IPv6 maximum interval (4 to 1800 sec). |
|
IPv6 minimum interval (3 to 1350 sec). |
|
Addressing mode (static, DHCP, delegated). Choices:
|
|
Enable/disable the other IPv6 flag. Choices:
|
|
Ip6-Prefix-List. |
|
Enable/disable the autonomous flag. Choices:
|
|
DNS search list option. |
|
Enable/disable the onlink flag. Choices:
|
|
Preferred life time (sec). |
|
IPv6 prefix. |
|
Recursive DNS server option. |
|
Valid life time (sec). |
|
Assigning a prefix from DHCP or RA. Choices:
|
|
IPv6 reachable time (milliseconds; 0 means unspecified). |
|
IPv6 retransmit time (milliseconds; 0 means unspecified). |
|
Enable/disable sending advertisements about the interface. Choices:
|
|
Subnet to routing prefix, syntax: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/xxx |
|
Interface name providing delegated information. |
|
Neighbor discovery certificate. |
|
Neighbor discovery CGA modifier. |
|
Neighbor discovery mode. Choices:
|
|
Neighbor discovery security level (0 - 7; 0 = least secure, default = 0). |
|
Neighbor discovery timestamp delta value (1 - 3600 sec; default = 300). |
|
Neighbor discovery timestamp fuzz factor (1 - 60 sec; default = 1). |
|
Enable/disable sending link MTU in RA packet. Choices:
|
|
Enable/disable unique auto config address. Choices:
|
|
Link-local IPv6 address of virtual router. |
|
Enable/disable virtual MAC for VRRP. Choices:
|
|
Vrrp6. |
|
Enable/disable accept mode. Choices:
|
|
Advertisement interval (1 - 255 seconds). |
|
Enable/disable preempt mode. Choices:
|
|
Priority of the virtual router (1 - 255). |
|
Startup time (1 - 255 seconds). |
|
Enable/disable VRRP. Choices:
|
|
Monitor the route to this destination. |
|
VRRP group ID (1 - 65535). |
|
Virtual router identifier (1 - 255). |
|
IPv6 address of the virtual router. |
|
Enable/disable l2 forwarding. Choices:
|
|
Enable/disable this interface as a Layer 2 Tunnelling Protocol (L2TP) client. Choices:
|
|
LACP HA slave. Choices:
|
|
LACP mode. Choices:
|
|
How often the interface sends LACP messages. Choices:
|
|
Time in seconds between PPPoE Link Control Protocol (LCP) echo requests. |
|
Maximum missed LCP echo messages before disconnect. |
|
Number of milliseconds to wait before considering a link is up. |
|
Listen-Forticlient-Connection. Choices:
|
|
LLDP-MED network policy profile. |
|
Enable/disable Link Layer Discovery Protocol (LLDP) reception. Choices:
|
|
Enable/disable Link Layer Discovery Protocol (LLDP) transmission. Choices:
|
|
Log. Choices:
|
|
Change the interfaces MAC address. |
|
Number of IP addresses to be allocated by FortiIPAM and used by this FortiGate units DHCP server settings. Choices:
|
|
High Availability in-band management IP address of this interface. |
|
Max-Egress-Burst-Rate. |
|
Max-Egress-Rate. |
|
Measured downstream bandwidth (kbps). |
|
Measured upstream bandwidth (kbps). |
|
Select SFP media interface type Choices:
|
|
Physical interfaces that belong to the aggregate or redundant interface. |
|
Minimum number of aggregated ports that must be up. |
|
Action to take when less than the configured minimum number of links are active. Choices:
|
|
Addressing mode (static, DHCP, PPPoE). Choices:
|
|
Enable monitoring bandwidth on this interface. Choices:
|
|
MTU value for this interface. |
|
Enable to set a custom MTU for this interface. Choices:
|
|
Multiplexer type Choices:
|
|
Name. |
|
Enable/disable NDISC forwarding. Choices:
|
|
Enable/disable NETBIOS forwarding. Choices:
|
|
Enable/disable NetFlow on this interface and set the data that NetFlow collects (rx, tx, or both). Choices:
|
|
Np-Qos-Profile. |
|
Npu-Fastpath. Choices:
|
|
Nst. Choices:
|
|
Out-Force-Vlan-Cos. |
|
Bandwidth limit for outgoing traffic (0 - 16776000 kbps), 0 means unlimited. |
|
PPPoE Active Discovery Terminate (PADT) used to terminate sessions after an idle time. |
|
PPPoE accounts password. |
|
Peer-Interface. |
|
DSL physical mode. Choices:
|
|
Ping-Serv-Status. |
|
Enable/disable PoE status. Choices:
|
|
sFlow polling interval (1 - 255 sec). |
|
Enable/disable PPPoE unnumbered negotiation. Choices:
|
|
PPTP authentication type. Choices:
|
|
Enable/disable PPTP client. Choices:
|
|
PPTP password. |
|
PPTP server IP address. |
|
Idle timer in minutes (0 for disabled). |
|
PPTP user name. |
|
Enable/disable preservation of session route when dirty. Choices:
|
|
Priority of learned routes. |
|
Enable/disable fail back to higher priority port once recovered. Choices:
|
|
Enable/disable proxy captive portal on this interface. Choices:
|
|
Redundant-Interface. |
|
Remote IP address of tunnel. |
|
Replacement message override group. |
|
Enable/disable DSL retransmission. Choices:
|
|
RX ring size. |
|
TX ring size. |
|
Interface role. Choices:
|
|
Data that NetFlow collects (rx, tx, or both). Choices:
|
|
sFlow sample rate (10 - 99999). |
|
Scan-Botnet-Connections. Choices:
|
|
Enable/disable adding a secondary IP to this interface. Choices:
|
|
Secondaryip. |
|
Management access settings for the secondary IP address. Choices:
|
|
Protocols used to detect the server. Choices:
|
|
Gateways ping server for this IP. |
|
Enable/disable detect gateway alive for first. Choices:
|
|
HA election priority for the PING server. |
|
ID. |
|
Secondary IP address of the interface. |
|
Ping-Serv-Status. |
|
Seq. |
|
VLAN ID for virtual switch. |
|
802.1X master virtual-switch. |
|
802.1X mode. Choices:
|
|
Name of security-exempt-list. |
|
URL of external authentication logout server. |
|
URL of external authentication web server. |
|
User groups that can authenticate with the captive portal. |
|
Enable/disable MAC authentication bypass. Choices:
|
|
Turn on captive portal authentication for this interface. Choices:
|
|
URL redirection after disclaimer/authentication. |
|
PPPoE service name. |
|
Enable/disable sFlow on this interface. Choices:
|
|
Interface speed. The default setting and the options available depend on the interface hardware. Choices:
|
|
Egress Spillover threshold (0 - 16776000 kbps), 0 means unlimited. |
|
Enable/disable source IP check. Choices:
|
|
Bring the interface up or shut the interface down. Choices:
|
|
Enable/disable STP. Choices:
|
|
Control STP behaviour on HA secondary. Choices:
|
|
Control STP behaviour on HA slave. Choices:
|
|
Enable/disable STP forwarding. Choices:
|
|
Configure STP forwarding mode. Choices:
|
|
Strip-Priority-Vlan-Tag. Choices:
|
|
Enable to always send packets from this interface to a destination MAC address. Choices:
|
|
Destination MAC address that all packets are sent to from this interface. |
|
Initial create for switch-controller VLANs. |
|
Swc-Vlan. |
|
Switch. |
|
Block FortiSwitch port-to-port traffic. Choices:
|
|
Enable/disable FortiSwitch ARP inspection. Choices:
|
|
Switch-Controller-Auth. Choices:
|
|
Switch controller DHCP snooping. Choices:
|
|
Switch controller DHCP snooping option82. Choices:
|
|
Switch controller DHCP snooping verify MAC. Choices:
|
|
Integrated FortiLink settings for managed FortiSwitch. |
|
Interfaces purpose when assigning traffic (read only). Choices:
|
|
Switch controller IGMP snooping. Choices:
|
|
Switch controller IGMP snooping fast-leave. Choices:
|
|
Switch controller IGMP snooping proxy. Choices:
|
|
Enable/disable managed FortiSwitch IoT scanning. Choices:
|
|
Limit the number of dynamic MAC addresses on this VLAN (1 - 128, 0 = no limit, default). |
|
VLAN to use for FortiLink management purposes. |
|
Integrated NAC settings for managed FortiSwitch. |
|
Switch-Controller-Radius-Server. |
|
Stop Layer2 MAC learning and interception of BPDUs and other packets on this interface. Choices:
|
|
Source IP address used in FortiLink over L3 connections. Choices:
|
|
Switch controller traffic policy for the VLAN. |
|
DSL transfer mode. Choices:
|
|
TCP maximum segment size. 0 means do not change segment size. |
|
Enable/disable VLAN trunk. Choices:
|
|
Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts). |
|
Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts). |
|
Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts). |
|
Trusted IPv6 host for dedicated management traffic (::/0 for all hosts). |
|
Trusted IPv6 host for dedicated management traffic (::/0 for all hosts). |
|
Trusted IPv6 host for dedicated management traffic (::/0 for all hosts). |
|
Interface type. Choices:
|
|
Username of the PPPoE account, provided by your ISP. |
|
Virtual Channel ID |
|
Enable/disable DSL vectoring. Choices:
|
|
Vindex. |
|
Ethernet protocol of VLAN. Choices:
|
|
Enable/disable traffic forwarding between VLANs on this interface. Choices:
|
|
VLAN ID (1 - 4094). |
|
Virtual Path ID |
|
Virtual Routing Forwarding ID. |
|
Vrrp. |
|
Enable/disable accept mode. Choices:
|
|
Advertisement interval (1 - 255 seconds). |
|
Enable/disable ignoring of default route when checking destination. Choices:
|
|
Enable/disable preempt mode. Choices:
|
|
Priority of the virtual router (1 - 255). |
|
Startup time (1 - 255 seconds). |
|
Enable/disable this VRRP configuration. Choices:
|
|
VRRP version. Choices:
|
|
Monitor the route to this destination. |
|
Priority of the virtual router when the virtual router destination becomes unreachable (0 - 254). |
|
VRRP group ID (1 - 65535). |
|
Virtual router identifier (1 - 255). |
|
IP address of the virtual router. |
|
Enable/disable use of virtual MAC for VRRP. Choices:
|
|
Enable/disable WCCP on this interface. Used for encapsulated WCCP communication between WCCP clients and servers. Choices:
|
|
Default weight for static routes (if route has no weight configured). |
|
Minimal signal strength to be considered as a good 5G AP. |
|
Access control for MAC addresses in the MAC list. Choices:
|
|
How to select the AP to connect. Choices:
|
|
WiFi authentication. Choices:
|
|
Enable/disable WiFi network auto connect. Choices:
|
|
Enable/disable WiFi network automatic save. Choices:
|
|
Enable/disable SSID broadcast in the beacon. Choices:
|
|
Data encryption. Choices:
|
|
WiFi fragment threshold (800 - 2346). |
|
WiFi WEP Key. |
|
WEP key index (1 - 4). |
|
Enable/disable MAC filter status. Choices:
|
|
WiFi pre-shared key for WPA. |
|
WiFi RADIUS server for WPA. |
|
WiFi RTS threshold (256 - 2346). |
|
Wireless access security of SSID. Choices:
|
|
IEEE 802.11 Service Set Identifier. |
|
WiFi user group for WPA. |
|
WINS server IP. |
|
Name. |
|
no description |
|
no description |
|
no description Choices:
|
|
no description |
|
no description |
|
Vdom. |
|
Vlanid. |
|
The overridden method for the underlying Json RPC request Choices:
|
|
the rc codes list with which the conditions to fail will be overriden |
|
the rc codes list with which the conditions to succeed will be overriden |
|
the directive to create, update or delete an object Choices:
|
|
the adom to lock for FortiManager running in workspace mode, the value can be global and others including root |
|
the maximum time in seconds to wait for other user to release the workspace lock Default: 300 |
Notes
Note
Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.
To create or update an object, use state present directive.
To delete an object, use state absent directive.
Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded
Examples
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: no description
fmgr_fsp_vlan:
bypass_validation: False
workspace_locking_adom: <value in [global, custom adom including root]>
workspace_locking_timeout: 300
rc_succeeded: [0, -2, -3, ...]
rc_failed: [-2, -3, ...]
adom: <your own value>
state: <value in [present, absent]>
fsp_vlan:
_dhcp-status: <value in [disable, enable]>
auth: <value in [radius, usergroup]>
color: <value of integer>
comments: <value of string>
dynamic_mapping:
-
_dhcp-status: <value in [disable, enable]>
_scope:
-
name: <value of string>
vdom: <value of string>
dhcp-server:
auto-configuration: <value in [disable, enable]>
auto-managed-status: <value in [disable, enable]>
conflicted-ip-timeout: <value of integer>
ddns-auth: <value in [disable, tsig]>
ddns-key: <value of string>
ddns-keyname: <value of string>
ddns-server-ip: <value of string>
ddns-ttl: <value of integer>
ddns-update: <value in [disable, enable]>
ddns-update-override: <value in [disable, enable]>
ddns-zone: <value of string>
default-gateway: <value of string>
dhcp-settings-from-fortiipam: <value in [disable, enable]>
dns-server1: <value of string>
dns-server2: <value of string>
dns-server3: <value of string>
dns-server4: <value of string>
dns-service: <value in [default, specify, local]>
domain: <value of string>
enable: <value in [disable, enable]>
exclude-range:
-
end-ip: <value of string>
id: <value of integer>
start-ip: <value of string>
filename: <value of string>
forticlient-on-net-status: <value in [disable, enable]>
id: <value of integer>
ip-mode: <value in [range, usrgrp]>
ip-range:
-
end-ip: <value of string>
id: <value of integer>
start-ip: <value of string>
ipsec-lease-hold: <value of integer>
lease-time: <value of integer>
mac-acl-default-action: <value in [assign, block]>
netmask: <value of string>
next-server: <value of string>
ntp-server1: <value of string>
ntp-server2: <value of string>
ntp-server3: <value of string>
ntp-service: <value in [default, specify, local]>
option1: <value of string>
option2: <value of string>
option3: <value of string>
option4: <value of string>
option5: <value of string>
option6: <value of string>
options:
-
code: <value of integer>
id: <value of integer>
ip: <value of string>
type: <value in [hex, string, ip, ...]>
value: <value of string>
reserved-address:
-
action: <value in [assign, block, reserved]>
circuit-id: <value of string>
circuit-id-type: <value in [hex, string]>
description: <value of string>
id: <value of integer>
ip: <value of string>
mac: <value of string>
remote-id: <value of string>
remote-id-type: <value in [hex, string]>
type: <value in [mac, option82]>
server-type: <value in [regular, ipsec]>
status: <value in [disable, enable]>
tftp-server: <value of string>
timezone: <value in [00, 01, 02, ...]>
timezone-option: <value in [disable, default, specify]>
vci-match: <value in [disable, enable]>
vci-string: <value of string>
wifi-ac-service: <value in [specify, local]>
wifi-ac1: <value of string>
wifi-ac2: <value of string>
wifi-ac3: <value of string>
wins-server1: <value of string>
wins-server2: <value of string>
interface:
dhcp-relay-agent-option: <value in [disable, enable]>
dhcp-relay-ip: <value of string>
dhcp-relay-service: <value in [disable, enable]>
dhcp-relay-type: <value in [regular, ipsec]>
ip: <value of string>
ipv6:
autoconf: <value in [disable, enable]>
dhcp6-client-options:
- rapid
- iapd
- iana
- dns
- dnsname
dhcp6-information-request: <value in [disable, enable]>
dhcp6-prefix-delegation: <value in [disable, enable]>
dhcp6-prefix-hint: <value of string>
dhcp6-prefix-hint-plt: <value of integer>
dhcp6-prefix-hint-vlt: <value of integer>
dhcp6-relay-ip: <value of string>
dhcp6-relay-service: <value in [disable, enable]>
dhcp6-relay-type: <value in [regular]>
icmp6-send-redirect: <value in [disable, enable]>
interface-identifier: <value of string>
ip6-address: <value of string>
ip6-allowaccess:
- https
- ping
- ssh
- snmp
- http
- telnet
- fgfm
- capwap
- fabric
ip6-default-life: <value of integer>
ip6-delegated-prefix-list:
-
autonomous-flag: <value in [disable, enable]>
onlink-flag: <value in [disable, enable]>
prefix-id: <value of integer>
rdnss: <value of string>
rdnss-service: <value in [delegated, default, specify]>
subnet: <value of string>
upstream-interface: <value of string>
ip6-dns-server-override: <value in [disable, enable]>
ip6-extra-addr:
-
prefix: <value of string>
ip6-hop-limit: <value of integer>
ip6-link-mtu: <value of integer>
ip6-manage-flag: <value in [disable, enable]>
ip6-max-interval: <value of integer>
ip6-min-interval: <value of integer>
ip6-mode: <value in [static, dhcp, pppoe, ...]>
ip6-other-flag: <value in [disable, enable]>
ip6-prefix-list:
-
autonomous-flag: <value in [disable, enable]>
dnssl: <value of string>
onlink-flag: <value in [disable, enable]>
preferred-life-time: <value of integer>
prefix: <value of string>
rdnss: <value of string>
valid-life-time: <value of integer>
ip6-reachable-time: <value of integer>
ip6-retrans-time: <value of integer>
ip6-send-adv: <value in [disable, enable]>
ip6-subnet: <value of string>
ip6-upstream-interface: <value of string>
nd-cert: <value of string>
nd-cga-modifier: <value of string>
nd-mode: <value in [basic, SEND-compatible]>
nd-security-level: <value of integer>
nd-timestamp-delta: <value of integer>
nd-timestamp-fuzz: <value of integer>
unique-autoconf-addr: <value in [disable, enable]>
vrip6_link_local: <value of string>
vrrp-virtual-mac6: <value in [disable, enable]>
vrrp6:
-
accept-mode: <value in [disable, enable]>
adv-interval: <value of integer>
preempt: <value in [disable, enable]>
priority: <value of integer>
start-time: <value of integer>
status: <value in [disable, enable]>
vrdst6: <value of string>
vrgrp: <value of integer>
vrid: <value of integer>
vrip6: <value of string>
cli-conn6-status: <value of integer>
ip6-prefix-mode: <value in [dhcp6, ra]>
ra-send-mtu: <value in [disable, enable]>
secondary-IP: <value in [disable, enable]>
secondaryip:
-
allowaccess:
- https
- ping
- ssh
- snmp
- http
- telnet
- fgfm
- auto-ipsec
- radius-acct
- probe-response
- capwap
- dnp
- ftm
- fabric
detectprotocol:
- ping
- tcp-echo
- udp-echo
detectserver: <value of string>
gwdetect: <value in [disable, enable]>
ha-priority: <value of integer>
id: <value of integer>
ip: <value of string>
ping-serv-status: <value of integer>
seq: <value of integer>
vlanid: <value of integer>
name: <value of string>
portal-message-override-group: <value of string>
radius-server: <value of string>
security: <value in [open, captive-portal, 8021x]>
selected-usergroups: <value of string>
usergroup: <value of string>
vdom: <value of string>
vlanid: <value of integer>
dhcp-server:
auto-configuration: <value in [disable, enable]>
auto-managed-status: <value in [disable, enable]>
conflicted-ip-timeout: <value of integer>
ddns-auth: <value in [disable, tsig]>
ddns-key: <value of string>
ddns-keyname: <value of string>
ddns-server-ip: <value of string>
ddns-ttl: <value of integer>
ddns-update: <value in [disable, enable]>
ddns-update-override: <value in [disable, enable]>
ddns-zone: <value of string>
default-gateway: <value of string>
dhcp-settings-from-fortiipam: <value in [disable, enable]>
dns-server1: <value of string>
dns-server2: <value of string>
dns-server3: <value of string>
dns-server4: <value of string>
dns-service: <value in [default, specify, local]>
domain: <value of string>
enable: <value in [disable, enable]>
exclude-range:
-
end-ip: <value of string>
id: <value of integer>
start-ip: <value of string>
filename: <value of string>
forticlient-on-net-status: <value in [disable, enable]>
id: <value of integer>
ip-mode: <value in [range, usrgrp]>
ip-range:
-
end-ip: <value of string>
id: <value of integer>
start-ip: <value of string>
ipsec-lease-hold: <value of integer>
lease-time: <value of integer>
mac-acl-default-action: <value in [assign, block]>
netmask: <value of string>
next-server: <value of string>
ntp-server1: <value of string>
ntp-server2: <value of string>
ntp-server3: <value of string>
ntp-service: <value in [default, specify, local]>
option1: <value of string>
option2: <value of string>
option3: <value of string>
option4: <value of string>
option5: <value of string>
option6: <value of string>
options:
-
code: <value of integer>
id: <value of integer>
ip: <value of string>
type: <value in [hex, string, ip, ...]>
value: <value of string>
reserved-address:
-
action: <value in [assign, block, reserved]>
circuit-id: <value of string>
circuit-id-type: <value in [hex, string]>
description: <value of string>
id: <value of integer>
ip: <value of string>
mac: <value of string>
remote-id: <value of string>
remote-id-type: <value in [hex, string]>
type: <value in [mac, option82]>
server-type: <value in [regular, ipsec]>
status: <value in [disable, enable]>
tftp-server: <value of string>
timezone: <value in [00, 01, 02, ...]>
timezone-option: <value in [disable, default, specify]>
vci-match: <value in [disable, enable]>
vci-string: <value of string>
wifi-ac-service: <value in [specify, local]>
wifi-ac1: <value of string>
wifi-ac2: <value of string>
wifi-ac3: <value of string>
wins-server1: <value of string>
wins-server2: <value of string>
interface:
ac-name: <value of string>
aggregate: <value of string>
algorithm: <value in [L2, L3, L4]>
alias: <value of string>
allowaccess:
- https
- ping
- ssh
- snmp
- http
- telnet
- fgfm
- auto-ipsec
- radius-acct
- probe-response
- capwap
- dnp
- ftm
- fabric
ap-discover: <value in [disable, enable]>
arpforward: <value in [disable, enable]>
atm-protocol: <value in [none, ipoa]>
auth-type: <value in [auto, pap, chap, ...]>
auto-auth-extension-device: <value in [disable, enable]>
bandwidth-measure-time: <value of integer>
bfd: <value in [global, enable, disable]>
bfd-desired-min-tx: <value of integer>
bfd-detect-mult: <value of integer>
bfd-required-min-rx: <value of integer>
broadcast-forticlient-discovery: <value in [disable, enable]>
broadcast-forward: <value in [disable, enable]>
captive-portal: <value of integer>
cli-conn-status: <value of integer>
color: <value of integer>
ddns: <value in [disable, enable]>
ddns-auth: <value in [disable, tsig]>
ddns-domain: <value of string>
ddns-key: <value of string>
ddns-keyname: <value of string>
ddns-password: <value of string>
ddns-server: <value in [dhs.org, dyndns.org, dyns.net, ...]>
ddns-server-ip: <value of string>
ddns-sn: <value of string>
ddns-ttl: <value of integer>
ddns-username: <value of string>
ddns-zone: <value of string>
dedicated-to: <value in [none, management]>
defaultgw: <value in [disable, enable]>
description: <value of string>
detected-peer-mtu: <value of integer>
detectprotocol:
- ping
- tcp-echo
- udp-echo
detectserver: <value of string>
device-access-list: <value of string>
device-identification: <value in [disable, enable]>
device-identification-active-scan: <value in [disable, enable]>
device-netscan: <value in [disable, enable]>
device-user-identification: <value in [disable, enable]>
devindex: <value of integer>
dhcp-client-identifier: <value of string>
dhcp-relay-agent-option: <value in [disable, enable]>
dhcp-relay-interface: <value of string>
dhcp-relay-interface-select-method: <value in [auto, sdwan, specify]>
dhcp-relay-ip: <value of string>
dhcp-relay-service: <value in [disable, enable]>
dhcp-relay-type: <value in [regular, ipsec]>
dhcp-renew-time: <value of integer>
disc-retry-timeout: <value of integer>
disconnect-threshold: <value of integer>
distance: <value of integer>
dns-query: <value in [disable, recursive, non-recursive]>
dns-server-override: <value in [disable, enable]>
drop-fragment: <value in [disable, enable]>
drop-overlapped-fragment: <value in [disable, enable]>
egress-cos: <value in [disable, cos0, cos1, ...]>
egress-shaping-profile: <value of string>
eip: <value of string>
endpoint-compliance: <value in [disable, enable]>
estimated-downstream-bandwidth: <value of integer>
estimated-upstream-bandwidth: <value of integer>
explicit-ftp-proxy: <value in [disable, enable]>
explicit-web-proxy: <value in [disable, enable]>
external: <value in [disable, enable]>
fail-action-on-extender: <value in [soft-restart, hard-restart, reboot]>
fail-alert-interfaces: <value of string>
fail-alert-method: <value in [link-failed-signal, link-down]>
fail-detect: <value in [disable, enable]>
fail-detect-option:
- detectserver
- link-down
fdp: <value in [disable, enable]>
fortiheartbeat: <value in [disable, enable]>
fortilink: <value in [disable, enable]>
fortilink-backup-link: <value of integer>
fortilink-neighbor-detect: <value in [lldp, fortilink]>
fortilink-split-interface: <value in [disable, enable]>
fortilink-stacking: <value in [disable, enable]>
forward-domain: <value of integer>
forward-error-correction: <value in [disable, enable, rs-fec, ...]>
fp-anomaly:
- drop_tcp_fin_noack
- pass_winnuke
- pass_tcpland
- pass_udpland
- pass_icmpland
- pass_ipland
- pass_iprr
- pass_ipssrr
- pass_iplsrr
- pass_ipstream
- pass_ipsecurity
- pass_iptimestamp
- pass_ipunknown_option
- pass_ipunknown_prot
- pass_icmp_frag
- pass_tcp_no_flag
- pass_tcp_fin_noack
- drop_winnuke
- drop_tcpland
- drop_udpland
- drop_icmpland
- drop_ipland
- drop_iprr
- drop_ipssrr
- drop_iplsrr
- drop_ipstream
- drop_ipsecurity
- drop_iptimestamp
- drop_ipunknown_option
- drop_ipunknown_prot
- drop_icmp_frag
- drop_tcp_no_flag
fp-disable:
- all
- ipsec
- none
gateway-address: <value of string>
gi-gk: <value in [disable, enable]>
gwaddr: <value of string>
gwdetect: <value in [disable, enable]>
ha-priority: <value of integer>
icmp-accept-redirect: <value in [disable, enable]>
icmp-redirect: <value in [disable, enable]>
icmp-send-redirect: <value in [disable, enable]>
ident-accept: <value in [disable, enable]>
idle-timeout: <value of integer>
if-mdix: <value in [auto, normal, crossover]>
if-media: <value in [auto, copper, fiber]>
in-force-vlan-cos: <value of integer>
inbandwidth: <value of integer>
ingress-cos: <value in [disable, cos0, cos1, ...]>
ingress-shaping-profile: <value of string>
ingress-spillover-threshold: <value of integer>
internal: <value of integer>
ip: <value of string>
ip-managed-by-fortiipam: <value in [disable, enable]>
ipmac: <value in [disable, enable]>
ips-sniffer-mode: <value in [disable, enable]>
ipunnumbered: <value of string>
ipv6:
autoconf: <value in [disable, enable]>
dhcp6-client-options:
- rapid
- iapd
- iana
- dns
- dnsname
dhcp6-information-request: <value in [disable, enable]>
dhcp6-prefix-delegation: <value in [disable, enable]>
dhcp6-prefix-hint: <value of string>
dhcp6-prefix-hint-plt: <value of integer>
dhcp6-prefix-hint-vlt: <value of integer>
dhcp6-relay-ip: <value of string>
dhcp6-relay-service: <value in [disable, enable]>
dhcp6-relay-type: <value in [regular]>
icmp6-send-redirect: <value in [disable, enable]>
interface-identifier: <value of string>
ip6-address: <value of string>
ip6-allowaccess:
- https
- ping
- ssh
- snmp
- http
- telnet
- fgfm
- capwap
- fabric
ip6-default-life: <value of integer>
ip6-delegated-prefix-list:
-
autonomous-flag: <value in [disable, enable]>
onlink-flag: <value in [disable, enable]>
prefix-id: <value of integer>
rdnss: <value of string>
rdnss-service: <value in [delegated, default, specify]>
subnet: <value of string>
upstream-interface: <value of string>
ip6-dns-server-override: <value in [disable, enable]>
ip6-extra-addr:
-
prefix: <value of string>
ip6-hop-limit: <value of integer>
ip6-link-mtu: <value of integer>
ip6-manage-flag: <value in [disable, enable]>
ip6-max-interval: <value of integer>
ip6-min-interval: <value of integer>
ip6-mode: <value in [static, dhcp, pppoe, ...]>
ip6-other-flag: <value in [disable, enable]>
ip6-prefix-list:
-
autonomous-flag: <value in [disable, enable]>
dnssl: <value of string>
onlink-flag: <value in [disable, enable]>
preferred-life-time: <value of integer>
prefix: <value of string>
rdnss: <value of string>
valid-life-time: <value of integer>
ip6-reachable-time: <value of integer>
ip6-retrans-time: <value of integer>
ip6-send-adv: <value in [disable, enable]>
ip6-subnet: <value of string>
ip6-upstream-interface: <value of string>
nd-cert: <value of string>
nd-cga-modifier: <value of string>
nd-mode: <value in [basic, SEND-compatible]>
nd-security-level: <value of integer>
nd-timestamp-delta: <value of integer>
nd-timestamp-fuzz: <value of integer>
unique-autoconf-addr: <value in [disable, enable]>
vrip6_link_local: <value of string>
vrrp-virtual-mac6: <value in [disable, enable]>
vrrp6:
-
accept-mode: <value in [disable, enable]>
adv-interval: <value of integer>
preempt: <value in [disable, enable]>
priority: <value of integer>
start-time: <value of integer>
status: <value in [disable, enable]>
vrdst6: <value of string>
vrgrp: <value of integer>
vrid: <value of integer>
vrip6: <value of string>
cli-conn6-status: <value of integer>
ip6-prefix-mode: <value in [dhcp6, ra]>
ra-send-mtu: <value in [disable, enable]>
l2forward: <value in [disable, enable]>
l2tp-client: <value in [disable, enable]>
lacp-ha-slave: <value in [disable, enable]>
lacp-mode: <value in [static, passive, active]>
lacp-speed: <value in [slow, fast]>
lcp-echo-interval: <value of integer>
lcp-max-echo-fails: <value of integer>
link-up-delay: <value of integer>
listen-forticlient-connection: <value in [disable, enable]>
lldp-network-policy: <value of string>
lldp-reception: <value in [disable, enable, vdom]>
lldp-transmission: <value in [enable, disable, vdom]>
log: <value in [disable, enable]>
macaddr: <value of string>
managed-subnetwork-size: <value in [256, 512, 1024, ...]>
management-ip: <value of string>
max-egress-burst-rate: <value of integer>
max-egress-rate: <value of integer>
measured-downstream-bandwidth: <value of integer>
measured-upstream-bandwidth: <value of integer>
mediatype: <value in [serdes-sfp, sgmii-sfp, cfp2-sr10, ...]>
member: <value of string>
min-links: <value of integer>
min-links-down: <value in [operational, administrative]>
mode: <value in [static, dhcp, pppoe, ...]>
monitor-bandwidth: <value in [disable, enable]>
mtu: <value of integer>
mtu-override: <value in [disable, enable]>
mux-type: <value in [llc-encaps, vc-encaps]>
name: <value of string>
ndiscforward: <value in [disable, enable]>
netbios-forward: <value in [disable, enable]>
netflow-sampler: <value in [disable, tx, rx, ...]>
np-qos-profile: <value of integer>
npu-fastpath: <value in [disable, enable]>
nst: <value in [disable, enable]>
out-force-vlan-cos: <value of integer>
outbandwidth: <value of integer>
padt-retry-timeout: <value of integer>
password: <value of string>
peer-interface: <value of string>
phy-mode: <value in [auto, adsl, vdsl]>
ping-serv-status: <value of integer>
poe: <value in [disable, enable]>
polling-interval: <value of integer>
pppoe-unnumbered-negotiate: <value in [disable, enable]>
pptp-auth-type: <value in [auto, pap, chap, ...]>
pptp-client: <value in [disable, enable]>
pptp-password: <value of string>
pptp-server-ip: <value of string>
pptp-timeout: <value of integer>
pptp-user: <value of string>
preserve-session-route: <value in [disable, enable]>
priority: <value of integer>
priority-override: <value in [disable, enable]>
proxy-captive-portal: <value in [disable, enable]>
redundant-interface: <value of string>
remote-ip: <value of string>
replacemsg-override-group: <value of string>
retransmission: <value in [disable, enable]>
ring-rx: <value of integer>
ring-tx: <value of integer>
role: <value in [lan, wan, dmz, ...]>
sample-direction: <value in [rx, tx, both]>
sample-rate: <value of integer>
scan-botnet-connections: <value in [disable, block, monitor]>
secondary-IP: <value in [disable, enable]>
secondaryip:
-
allowaccess:
- https
- ping
- ssh
- snmp
- http
- telnet
- fgfm
- auto-ipsec
- radius-acct
- probe-response
- capwap
- dnp
- ftm
- fabric
detectprotocol:
- ping
- tcp-echo
- udp-echo
detectserver: <value of string>
gwdetect: <value in [disable, enable]>
ha-priority: <value of integer>
id: <value of integer>
ip: <value of string>
ping-serv-status: <value of integer>
seq: <value of integer>
security-8021x-dynamic-vlan-id: <value of integer>
security-8021x-master: <value of string>
security-8021x-mode: <value in [default, dynamic-vlan, fallback, ...]>
security-exempt-list: <value of string>
security-external-logout: <value of string>
security-external-web: <value of string>
security-groups: <value of string>
security-mac-auth-bypass: <value in [disable, enable, mac-auth-only]>
security-mode: <value in [none, captive-portal, 802.1X]>
security-redirect-url: <value of string>
service-name: <value of string>
sflow-sampler: <value in [disable, enable]>
speed: <value in [auto, 10full, 10half, ...]>
spillover-threshold: <value of integer>
src-check: <value in [disable, enable]>
status: <value in [down, up]>
stp: <value in [disable, enable]>
stp-ha-slave: <value in [disable, enable, priority-adjust]>
stpforward: <value in [disable, enable]>
stpforward-mode: <value in [rpl-all-ext-id, rpl-bridge-ext-id, rpl-nothing]>
strip-priority-vlan-tag: <value in [disable, enable]>
subst: <value in [disable, enable]>
substitute-dst-mac: <value of string>
swc-first-create: <value of integer>
swc-vlan: <value of integer>
switch: <value of string>
switch-controller-access-vlan: <value in [disable, enable]>
switch-controller-arp-inspection: <value in [disable, enable]>
switch-controller-auth: <value in [radius, usergroup]>
switch-controller-dhcp-snooping: <value in [disable, enable]>
switch-controller-dhcp-snooping-option82: <value in [disable, enable]>
switch-controller-dhcp-snooping-verify-mac: <value in [disable, enable]>
switch-controller-feature: <value in [none, default-vlan, quarantine, ...]>
switch-controller-igmp-snooping: <value in [disable, enable]>
switch-controller-igmp-snooping-fast-leave: <value in [disable, enable]>
switch-controller-igmp-snooping-proxy: <value in [disable, enable]>
switch-controller-iot-scanning: <value in [disable, enable]>
switch-controller-learning-limit: <value of integer>
switch-controller-mgmt-vlan: <value of integer>
switch-controller-nac: <value of string>
switch-controller-radius-server: <value of string>
switch-controller-rspan-mode: <value in [disable, enable]>
switch-controller-source-ip: <value in [outbound, fixed]>
switch-controller-traffic-policy: <value of string>
tc-mode: <value in [ptm, atm]>
tcp-mss: <value of integer>
trunk: <value in [disable, enable]>
trust-ip-1: <value of string>
trust-ip-2: <value of string>
trust-ip-3: <value of string>
trust-ip6-1: <value of string>
trust-ip6-2: <value of string>
trust-ip6-3: <value of string>
type: <value in [physical, vlan, aggregate, ...]>
username: <value of string>
vci: <value of integer>
vectoring: <value in [disable, enable]>
vindex: <value of integer>
vlan-protocol: <value in [8021q, 8021ad]>
vlanforward: <value in [disable, enable]>
vlanid: <value of integer>
vpi: <value of integer>
vrf: <value of integer>
vrrp:
-
accept-mode: <value in [disable, enable]>
adv-interval: <value of integer>
ignore-default-route: <value in [disable, enable]>
preempt: <value in [disable, enable]>
priority: <value of integer>
start-time: <value of integer>
status: <value in [disable, enable]>
version: <value in [2, 3]>
vrdst: <value of string>
vrdst-priority: <value of integer>
vrgrp: <value of integer>
vrid: <value of integer>
vrip: <value of string>
vrrp-virtual-mac: <value in [disable, enable]>
wccp: <value in [disable, enable]>
weight: <value of integer>
wifi-5g-threshold: <value of string>
wifi-acl: <value in [deny, allow]>
wifi-ap-band: <value in [any, 5g-preferred, 5g-only]>
wifi-auth: <value in [PSK, RADIUS, radius, ...]>
wifi-auto-connect: <value in [disable, enable]>
wifi-auto-save: <value in [disable, enable]>
wifi-broadcast-ssid: <value in [disable, enable]>
wifi-encrypt: <value in [TKIP, AES]>
wifi-fragment-threshold: <value of integer>
wifi-key: <value of string>
wifi-keyindex: <value of integer>
wifi-mac-filter: <value in [disable, enable]>
wifi-passphrase: <value of string>
wifi-radius-server: <value of string>
wifi-rts-threshold: <value of integer>
wifi-security: <value in [None, WEP64, wep64, ...]>
wifi-ssid: <value of string>
wifi-usergroup: <value of string>
wins-ip: <value of string>
dhcp-relay-request-all-server: <value in [disable, enable]>
stp-ha-secondary: <value in [disable, enable, priority-adjust]>
switch-controller-dynamic: <value of string>
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
The full url requested Returned: always Sample: “/sys/login/user” |
|
The status of api request Returned: always Sample: 0 |
|
The descriptive message of the api response Returned: always Sample: “OK.” |
Authors
Link Zheng (@chillancezen)
Jie Xue (@JieX19)
Frank Shen (@fshen01)
Hongbin Lu (@fgtdev-hblu)