fortinet.fortimanager.fmgr_system_global module – Global range attributes.
Note
This module is part of the fortinet.fortimanager collection (version 2.1.5).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install fortinet.fortimanager
.
To use it in a playbook, specify: fortinet.fortimanager.fmgr_system_global
.
New in version 2.10: of fortinet.fortimanager
Synopsis
This module is able to configure a FortiManager device.
Examples include all parameters and values which need to be adjusted to data sources before usage.
Parameters
Parameter |
Comments |
---|---|
only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters Choices:
|
|
Enable/Disable logging for task Choices:
|
|
The overridden method for the underlying Json RPC request Choices:
|
|
the rc codes list with which the conditions to fail will be overriden |
|
the rc codes list with which the conditions to succeed will be overriden |
|
the directive to create, update or delete an object Choices:
|
|
the top level parameters set |
|
Lockout duration(sec) for administration. Default: 60 |
|
Lockout threshold for administration. Default: 3 |
|
ADOM mode. normal - Normal ADOM mode. advanced - Advanced ADOM mode. Choices:
|
|
Auto delete features for old ADOM revisions. disable - Disable auto delete function for ADOM revision. by-revisions - Auto delete ADOM revisions by maximum number of revisions. by-days - Auto delete ADOM revisions by maximum days. Choices:
|
|
Maximum number of ADOM revisions to backup. Default: 5 |
|
Number of days to keep old ADOM revisions. Default: 30 |
|
Maximum number of ADOM revisions to keep. Default: 120 |
|
Enable/disable select ADOM after login. disable - Disable select ADOM after login. enable - Enable select ADOM after login. Choices:
|
|
ADOM status. disable - Disable ADOM mode. enable - Enable ADOM mode. Choices:
|
|
set the clone object names option. default - Add a prefix of Clone of to the clone name. keep - Keep the original name for user to edit. Choices:
|
|
Require client certificate for GUI login. disable - Disable setting. enable - Require client certificate for GUI login. optional - Optional client certificate for GUI login. Choices:
|
|
Console output mode. standard - Standard output. more - More page output. Choices:
|
|
Country flag Status. disable - Disable country flag icon beside ip address. enable - Enable country flag icon beside ip address. Choices:
|
|
Enable/disable create revision by default. disable - Disable create revision by default. enable - Enable create revision by default. Choices:
|
|
Enable/disable daylight saving time. disable - Disable setting. enable - Enable setting. Choices:
|
|
Default disk quota for registered device (MB). Default: 1000 |
|
Detect unregistered logging device from log message. disable - Disable attribute function. enable - Enable attribute function. Choices:
|
|
Set devices/groups view mode. regular - Regular view mode. tree - Tree view mode. Choices:
|
|
Minimum size of Diffie-Hellman prime for SSH/HTTPS (bits). 1024 - 1024 bits. 1536 - 1536 bits. 2048 - 2048 bits. 3072 - 3072 bits. 4096 - 4096 bits. 6144 - 6144 bits. 8192 - 8192 bits. Choices:
|
|
Disable module list. Choices:
|
|
SSL communication encryption algorithms. low - SSL communication using all available encryption algorithms. medium - SSL communication using high and medium encryption algorithms. high - SSL communication using high encryption algorithms. Choices:
|
|
FAZ status. disable - Disable FAZ feature. enable - Enable FAZ feature. Choices:
|
|
set the extra fgfm CA certificates. |
|
set the fgfm local certificate. |
|
set the lowest SSL protocols for fgfmsd. sslv3 - set SSLv3 as the lowest version. tlsv1.0 - set TLSv1.0 as the lowest version. tlsv1.1 - set TLSv1.1 as the lowest version. tlsv1.2 - set TLSv1.2 as the lowest version (default). Choices:
|
|
Enable/disable automatically group HA members feature disable - Disable automatically grouping HA members feature. enable - Enable automatically grouping HA members only when group name is unique in your network. Choices:
|
|
The number of FortiGates that FortiManager polls at one time (10 - 500, default = 100). Default: 100 |
|
The interval for getting hit count from managed FortiGate devices, in seconds (60 - 86400, default = 300). Default: 300 |
|
System hostname. Default: “FMG-VM64” |
|
Enable/Disable import ignore of address comments. disable - Disable import ignore of address comments. enable - Enable import ignore of address comments. Choices:
|
|
System global language. english - English simch - Simplified Chinese japanese - Japanese korean - Korean spanish - Spanish trach - Traditional Chinese Choices:
|
|
fmg location latitude |
|
LDAP browser cache timeout (seconds). Default: 86400 |
|
LDAP connection timeout (msec). Default: 60000 |
|
Enable/disable ADOM lock override. disable - Disable lock preempt. enable - Enable lock preempt. Choices:
|
|
Record log file hash value, timestamp, and authentication code at transmission or rolling. none - No record log file checksum. md5 - Record log files MD5 hash value only. md5-auth - Record log files MD5 hash value and authentication code. Choices:
|
|
Log forwarding disk cache size (GB). Default: 0 |
|
fmg location longitude |
|
Maximum number of log-forward and aggregation settings. Default: 5 |
|
Maximum number of reports generating at one time. Default: 1 |
|
Mc-Policy-Disabled-Adoms. |
|
Adom names. |
|
Enable/disable multiple steps upgade in autolink process disable - Disable setting. enable - Enable setting. Choices:
|
|
Maximum revisions for a single database (10,000-1,000,000 default 100,000). Default: 100000 |
|
Enable/disable mandatory note when create revision. disable - Disable object revision. enable - Enable object revision. Choices:
|
|
Maximum revisions for a single object (10-1000 default 100). Default: 100 |
|
Enable/disable create revision when modify objects. disable - Disable object revision. enable - Enable object revision. Choices:
|
|
set the lowest SSL protocols for oftpd. sslv3 - set SSLv3 as the lowest version. tlsv1.0 - set TLSv1.0 as the lowest version. tlsv1.1 - set TLSv1.1 as the lowest version. tlsv1.2 - set TLSv1.2 as the lowest version (default). Choices:
|
|
Enable/Disable partial install (install some objects). disable - Disable partial install function. enable - Enable partial install function. Choices:
|
|
Enable/Disable partial install when devdb is modified. disable - Disable partial install when devdb is modified. enable - Enable partial install when devdb is modified. Choices:
|
|
Enable/Disable auto creating adom revision for partial install. disable - Disable partial install revision. enable - Enable partial install revision. Choices:
|
|
Enable/Disable per policy lock. disable - Disable per policy lock. enable - Enable per policy lock. Choices:
|
|
Enable/Disable performance improvement by distributing tasks to HA slaves. disable - Disable performance improvement by HA. enable - Enable performance improvement by HA. Choices:
|
|
show policy hit count. disable - Disable policy hit count. enable - Enable policy hit count. Choices:
|
|
show icons of policy objects. disable - Disable icon of policy objects. enable - Enable icon of policy objects. Choices:
|
|
show policies and objects in dual pane. disable - Disable polices and objects in dual pane. enable - Enable polices and objects in dual pane. Choices:
|
|
Enable/disable pre-login banner. disable - Disable pre-login banner. enable - Enable pre-login banner. Choices:
|
|
Pre-login banner message. |
|
Enable/disable private data encryption using an AES 128-bit key. disable - Disable private data encryption using an AES 128-bit key. enable - Enable private data encryption using an AES 128-bit key. Choices:
|
|
Remote authentication (RADIUS/LDAP) timeout (sec). Default: 10 |
|
Enable/Disable Search all ADOMs for where-used query. disable - Disable search all ADOMs for where-used queries. enable - Enable search all ADOMs for where-used queries. Choices:
|
|
SSL low-grade encryption. disable - Disable SSL low-grade encryption. enable - Enable SSL low-grade encryption. Choices:
|
|
SSL protocols. Choices:
|
|
Enable/disable SSL static key ciphers. disable - Disable setting. enable - Enable setting. Choices:
|
|
Maximum number of completed tasks to keep. Default: 2000 |
|
Enable/disable TFTP in exec restore image command (disabled by default in FIPS mode) disable - Disable TFTP enable - Enable TFTP Choices:
|
|
Time zone. 00 - (GMT-12:00) Eniwetak, Kwajalein. 01 - (GMT-11:00) Midway Island, Samoa. 02 - (GMT-10:00) Hawaii. 03 - (GMT-9:00) Alaska. 04 - (GMT-8:00) Pacific Time (US & Canada). 05 - (GMT-7:00) Arizona. 06 - (GMT-7:00) Mountain Time (US & Canada). 07 - (GMT-6:00) Central America. 08 - (GMT-6:00) Central Time (US & Canada). 09 - (GMT-6:00) Mexico City. 10 - (GMT-6:00) Saskatchewan. 11 - (GMT-5:00) Bogota, Lima, Quito. 12 - (GMT-5:00) Eastern Time (US & Canada). 13 - (GMT-5:00) Indiana (East). 14 - (GMT-4:00) Atlantic Time (Canada). 15 - (GMT-4:00) La Paz. 16 - (GMT-4:00) Santiago. 17 - (GMT-3:30) Newfoundland. 18 - (GMT-3:00) Brasilia. 19 - (GMT-3:00) Buenos Aires, Georgetown. 20 - (GMT-3:00) Nuuk (Greenland). 21 - (GMT-2:00) Mid-Atlantic. 22 - (GMT-1:00) Azores. 23 - (GMT-1:00) Cape Verde Is. 24 - (GMT) Monrovia. 25 - (GMT) Greenwich Mean Time:Dublin, Edinburgh, Lisbon, London. 26 - (GMT+1:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna. 27 - (GMT+1:00) Belgrade, Bratislava, Budapest, Ljubljana, Prague. 28 - (GMT+1:00) Brussels, Copenhagen, Madrid, Paris. 29 - (GMT+1:00) Sarajevo, Skopje, Warsaw, Zagreb. 30 - (GMT+1:00) West Central Africa. 31 - (GMT+2:00) Athens, Sofia, Vilnius. 32 - (GMT+2:00) Bucharest. 33 - (GMT+2:00) Cairo. 34 - (GMT+2:00) Harare, Pretoria. 35 - (GMT+2:00) Helsinki, Riga,Tallinn. 36 - (GMT+2:00) Jerusalem. 37 - (GMT+3:00) Baghdad. 38 - (GMT+3:00) Kuwait, Riyadh. 39 - (GMT+3:00) St.Petersburg, Volgograd. 40 - (GMT+3:00) Nairobi. 41 - (GMT+3:30) Tehran. 42 - (GMT+4:00) Abu Dhabi, Muscat. 43 - (GMT+4:00) Baku. 44 - (GMT+4:30) Kabul. 45 - (GMT+5:00) Ekaterinburg. 46 - (GMT+5:00) Islamabad, Karachi,Tashkent. 47 - (GMT+5:30) Calcutta, Chennai, Mumbai, New Delhi. 48 - (GMT+5:45) Kathmandu. 49 - (GMT+6:00) Almaty, Novosibirsk. 50 - (GMT+6:00) Astana, Dhaka. 51 - (GMT+6:00) Sri Jayawardenapura. 52 - (GMT+6:30) Rangoon. 53 - (GMT+7:00) Bangkok, Hanoi, Jakarta. 54 - (GMT+7:00) Krasnoyarsk. 55 - (GMT+8:00) Beijing,ChongQing, HongKong,Urumqi. 56 - (GMT+8:00) Irkutsk, Ulaanbaatar. 57 - (GMT+8:00) Kuala Lumpur, Singapore. 58 - (GMT+8:00) Perth. 59 - (GMT+8:00) Taipei. 60 - (GMT+9:00) Osaka, Sapporo, Tokyo, Seoul. 61 - (GMT+9:00) Yakutsk. 62 - (GMT+9:30) Adelaide. 63 - (GMT+9:30) Darwin. 64 - (GMT+10:00) Brisbane. 65 - (GMT+10:00) Canberra, Melbourne, Sydney. 66 - (GMT+10:00) Guam, Port Moresby. 67 - (GMT+10:00) Hobart. 68 - (GMT+10:00) Vladivostok. 69 - (GMT+11:00) Magadan. 70 - (GMT+11:00) Solomon Is., New Caledonia. 71 - (GMT+12:00) Auckland, Wellington. 72 - (GMT+12:00) Fiji, Kamchatka, Marshall Is. 73 - (GMT+13:00) Nukualofa. 74 - (GMT-4:30) Caracas. 75 - (GMT+1:00) Namibia. 76 - (GMT-5:00) Brazil-Acre. 77 - (GMT-4:00) Brazil-West. 78 - (GMT-3:00) Brazil-East. 79 - (GMT-2:00) Brazil-DeNoronha. 80 - (GMT+14:00) Kiritimati. 81 - (GMT-7:00) Baja California Sur, Chihuahua. 82 - (GMT+12:45) Chatham Islands. 83 - (GMT+3:00) Minsk. 84 - (GMT+13:00) Samoa. 85 - (GMT+3:00) Istanbul. 86 - (GMT-4:00) Paraguay. 87 - (GMT) Casablanca. 88 - (GMT+3:00) Moscow. 89 - (GMT) Greenwich Mean Time. Choices:
|
|
Maximum transportation unit(68 - 9000). Default: 1500 |
|
Enable/disable Fortiguard server restriction. disable - Contact any Fortiguard server enable - Contact Fortiguard server in USA only Choices:
|
|
VDOM mirror. disable - Disable VDOM mirror function. enable - Enable VDOM mirror function. Choices:
|
|
Web Service connection support SSL protocols. Choices:
|
|
Maximum number of workflow sessions per ADOM (minimum 100). Default: 500 |
|
Set workspace mode (ADOM Locking). disabled - Workspace disabled. normal - Workspace lock mode. workflow - Workspace workflow mode. Choices:
|
|
the adom to lock for FortiManager running in workspace mode, the value can be global and others including root |
|
the maximum time in seconds to wait for other user to release the workspace lock Default: 300 |
Notes
Note
Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.
To create or update an object, use state present directive.
To delete an object, use state absent directive.
Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded
Examples
- hosts: fortimanager00
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: enable workspace mode
fmgr_system_global:
system_global:
adom-status: enable
workspace-mode: normal
- name: Script table.
fmgr_dvmdb_script:
bypass_validation: False
adom: root
state: present
workspace_locking_adom: 'root'
dvmdb_script:
content: 'ansiblt-test'
name: 'fooscript000'
target: device_database
type: cli
- name: verify script table
fmgr_fact:
facts:
selector: 'dvmdb_script'
params:
adom: 'root'
script: 'fooscript000'
register: info
failed_when: info.meta.response_code != 0
- name: restore workspace mode
fmgr_system_global:
system_global:
adom-status: enable
workspace-mode: disabled
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
The full url requested Returned: always Sample: “/sys/login/user” |
|
The status of api request Returned: always Sample: 0 |
|
The descriptive message of the api response Returned: always Sample: “OK.” |
Authors
Link Zheng (@chillancezen)
Jie Xue (@JieX19)
Frank Shen (@fshen01)
Hongbin Lu (@fgtdev-hblu)