fortinet.fortimanager.fmgr_system_global module – Global range attributes.

Note

This module is part of the fortinet.fortimanager collection (version 2.1.5).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install fortinet.fortimanager.

To use it in a playbook, specify: fortinet.fortimanager.fmgr_system_global.

New in version 2.10: of fortinet.fortimanager

Synopsis

  • This module is able to configure a FortiManager device.

  • Examples include all parameters and values which need to be adjusted to data sources before usage.

Parameters

Parameter

Comments

bypass_validation

boolean

only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters

Choices:

  • no ← (default)

  • yes

enable_log

boolean

Enable/Disable logging for task

Choices:

  • no ← (default)

  • yes

proposed_method

string

The overridden method for the underlying Json RPC request

Choices:

  • update

  • set

  • add

rc_failed

list / elements=string

the rc codes list with which the conditions to fail will be overriden

rc_succeeded

list / elements=string

the rc codes list with which the conditions to succeed will be overriden

state

string / required

the directive to create, update or delete an object

Choices:

  • present

  • absent

system_global

dictionary

the top level parameters set

admin-lockout-duration

integer

Lockout duration(sec) for administration.

Default: 60

admin-lockout-threshold

integer

Lockout threshold for administration.

Default: 3

adom-mode

string

ADOM mode.

normal - Normal ADOM mode.

advanced - Advanced ADOM mode.

Choices:

  • normal ← (default)

  • advanced

adom-rev-auto-delete

string

Auto delete features for old ADOM revisions.

disable - Disable auto delete function for ADOM revision.

by-revisions - Auto delete ADOM revisions by maximum number of revisions.

by-days - Auto delete ADOM revisions by maximum days.

Choices:

  • disable

  • by-revisions ← (default)

  • by-days

adom-rev-max-backup-revisions

integer

Maximum number of ADOM revisions to backup.

Default: 5

adom-rev-max-days

integer

Number of days to keep old ADOM revisions.

Default: 30

adom-rev-max-revisions

integer

Maximum number of ADOM revisions to keep.

Default: 120

adom-select

string

Enable/disable select ADOM after login.

disable - Disable select ADOM after login.

enable - Enable select ADOM after login.

Choices:

  • disable

  • enable ← (default)

adom-status

string

ADOM status.

disable - Disable ADOM mode.

enable - Enable ADOM mode.

Choices:

  • disable ← (default)

  • enable

clone-name-option

string

set the clone object names option.

default - Add a prefix of Clone of to the clone name.

keep - Keep the original name for user to edit.

Choices:

  • default ← (default)

  • keep

clt-cert-req

string

Require client certificate for GUI login.

disable - Disable setting.

enable - Require client certificate for GUI login.

optional - Optional client certificate for GUI login.

Choices:

  • disable ← (default)

  • enable

  • optional

console-output

string

Console output mode.

standard - Standard output.

more - More page output.

Choices:

  • standard ← (default)

  • more

country-flag

string

Country flag Status.

disable - Disable country flag icon beside ip address.

enable - Enable country flag icon beside ip address.

Choices:

  • disable

  • enable ← (default)

create-revision

string

Enable/disable create revision by default.

disable - Disable create revision by default.

enable - Enable create revision by default.

Choices:

  • disable ← (default)

  • enable

daylightsavetime

string

Enable/disable daylight saving time.

disable - Disable setting.

enable - Enable setting.

Choices:

  • disable

  • enable ← (default)

default-disk-quota

integer

Default disk quota for registered device (MB).

Default: 1000

detect-unregistered-log-device

string

Detect unregistered logging device from log message.

disable - Disable attribute function.

enable - Enable attribute function.

Choices:

  • disable

  • enable ← (default)

device-view-mode

string

Set devices/groups view mode.

regular - Regular view mode.

tree - Tree view mode.

Choices:

  • regular ← (default)

  • tree

dh-params

string

Minimum size of Diffie-Hellman prime for SSH/HTTPS (bits).

1024 - 1024 bits.

1536 - 1536 bits.

2048 - 2048 bits.

3072 - 3072 bits.

4096 - 4096 bits.

6144 - 6144 bits.

8192 - 8192 bits.

Choices:

  • 1024

  • 1536

  • 2048 ← (default)

  • 3072

  • 4096

  • 6144

  • 8192

disable-module

list / elements=string

Disable module list.

Choices:

  • fortiview-noc

  • none

  • fortirecorder

  • siem

  • soc

  • ai

enc-algorithm

string

SSL communication encryption algorithms.

low - SSL communication using all available encryption algorithms.

medium - SSL communication using high and medium encryption algorithms.

high - SSL communication using high encryption algorithms.

Choices:

  • low

  • medium

  • high ← (default)

faz-status

string

FAZ status.

disable - Disable FAZ feature.

enable - Enable FAZ feature.

Choices:

  • disable ← (default)

  • enable

fgfm-ca-cert

string

set the extra fgfm CA certificates.

fgfm-local-cert

string

set the fgfm local certificate.

fgfm-ssl-protocol

string

set the lowest SSL protocols for fgfmsd.

sslv3 - set SSLv3 as the lowest version.

tlsv1.0 - set TLSv1.0 as the lowest version.

tlsv1.1 - set TLSv1.1 as the lowest version.

tlsv1.2 - set TLSv1.2 as the lowest version (default).

Choices:

  • sslv3

  • tlsv1.0

  • tlsv1.1

  • tlsv1.2 ← (default)

  • tlsv1.3

ha-member-auto-grouping

string

Enable/disable automatically group HA members feature

disable - Disable automatically grouping HA members feature.

enable - Enable automatically grouping HA members only when group name is unique in your network.

Choices:

  • disable

  • enable ← (default)

hitcount_concurrent

integer

The number of FortiGates that FortiManager polls at one time (10 - 500, default = 100).

Default: 100

hitcount_interval

integer

The interval for getting hit count from managed FortiGate devices, in seconds (60 - 86400, default = 300).

Default: 300

hostname

string

System hostname.

Default: “FMG-VM64”

import-ignore-addr-cmt

string

Enable/Disable import ignore of address comments.

disable - Disable import ignore of address comments.

enable - Enable import ignore of address comments.

Choices:

  • disable ← (default)

  • enable

language

string

System global language.

english - English

simch - Simplified Chinese

japanese - Japanese

korean - Korean

spanish - Spanish

trach - Traditional Chinese

Choices:

  • english ← (default)

  • simch

  • japanese

  • korean

  • spanish

  • trach

latitude

string

fmg location latitude

ldap-cache-timeout

integer

LDAP browser cache timeout (seconds).

Default: 86400

ldapconntimeout

integer

LDAP connection timeout (msec).

Default: 60000

lock-preempt

string

Enable/disable ADOM lock override.

disable - Disable lock preempt.

enable - Enable lock preempt.

Choices:

  • disable ← (default)

  • enable

log-checksum

string

Record log file hash value, timestamp, and authentication code at transmission or rolling.

none - No record log file checksum.

md5 - Record log files MD5 hash value only.

md5-auth - Record log files MD5 hash value and authentication code.

Choices:

  • none ← (default)

  • md5

  • md5-auth

log-forward-cache-size

integer

Log forwarding disk cache size (GB).

Default: 0

longitude

string

fmg location longitude

max-log-forward

integer

Maximum number of log-forward and aggregation settings.

Default: 5

max-running-reports

integer

Maximum number of reports generating at one time.

Default: 1

mc-policy-disabled-adoms

list / elements=string

Mc-Policy-Disabled-Adoms.

adom-name

string

Adom names.

string

Enable/disable multiple steps upgade in autolink process

disable - Disable setting.

enable - Enable setting.

Choices:

  • disable ← (default)

  • enable

object-revision-db-max

integer

Maximum revisions for a single database (10,000-1,000,000 default 100,000).

Default: 100000

object-revision-mandatory-note

string

Enable/disable mandatory note when create revision.

disable - Disable object revision.

enable - Enable object revision.

Choices:

  • disable

  • enable ← (default)

object-revision-object-max

integer

Maximum revisions for a single object (10-1000 default 100).

Default: 100

object-revision-status

string

Enable/disable create revision when modify objects.

disable - Disable object revision.

enable - Enable object revision.

Choices:

  • disable

  • enable ← (default)

oftp-ssl-protocol

string

set the lowest SSL protocols for oftpd.

sslv3 - set SSLv3 as the lowest version.

tlsv1.0 - set TLSv1.0 as the lowest version.

tlsv1.1 - set TLSv1.1 as the lowest version.

tlsv1.2 - set TLSv1.2 as the lowest version (default).

Choices:

  • sslv3

  • tlsv1.0

  • tlsv1.1

  • tlsv1.2 ← (default)

  • tlsv1.3

partial-install

string

Enable/Disable partial install (install some objects).

disable - Disable partial install function.

enable - Enable partial install function.

Choices:

  • disable ← (default)

  • enable

partial-install-force

string

Enable/Disable partial install when devdb is modified.

disable - Disable partial install when devdb is modified.

enable - Enable partial install when devdb is modified.

Choices:

  • disable ← (default)

  • enable

partial-install-rev

string

Enable/Disable auto creating adom revision for partial install.

disable - Disable partial install revision.

enable - Enable partial install revision.

Choices:

  • disable ← (default)

  • enable

per-policy-lock

string

Enable/Disable per policy lock.

disable - Disable per policy lock.

enable - Enable per policy lock.

Choices:

  • disable ← (default)

  • enable

perform-improve-by-ha

string

Enable/Disable performance improvement by distributing tasks to HA slaves.

disable - Disable performance improvement by HA.

enable - Enable performance improvement by HA.

Choices:

  • disable ← (default)

  • enable

policy-hit-count

string

show policy hit count.

disable - Disable policy hit count.

enable - Enable policy hit count.

Choices:

  • disable ← (default)

  • enable

policy-object-icon

string

show icons of policy objects.

disable - Disable icon of policy objects.

enable - Enable icon of policy objects.

Choices:

  • disable ← (default)

  • enable

policy-object-in-dual-pane

string

show policies and objects in dual pane.

disable - Disable polices and objects in dual pane.

enable - Enable polices and objects in dual pane.

Choices:

  • disable ← (default)

  • enable

pre-login-banner

string

Enable/disable pre-login banner.

disable - Disable pre-login banner.

enable - Enable pre-login banner.

Choices:

  • disable ← (default)

  • enable

pre-login-banner-message

string

Pre-login banner message.

private-data-encryption

string

Enable/disable private data encryption using an AES 128-bit key.

disable - Disable private data encryption using an AES 128-bit key.

enable - Enable private data encryption using an AES 128-bit key.

Choices:

  • disable ← (default)

  • enable

remoteauthtimeout

integer

Remote authentication (RADIUS/LDAP) timeout (sec).

Default: 10

search-all-adoms

string

Enable/Disable Search all ADOMs for where-used query.

disable - Disable search all ADOMs for where-used queries.

enable - Enable search all ADOMs for where-used queries.

Choices:

  • disable ← (default)

  • enable

ssl-low-encryption

string

SSL low-grade encryption.

disable - Disable SSL low-grade encryption.

enable - Enable SSL low-grade encryption.

Choices:

  • disable ← (default)

  • enable

ssl-protocol

list / elements=string

SSL protocols.

Choices:

  • tlsv1.2

  • tlsv1.1

  • tlsv1.0

  • sslv3

  • tlsv1.3

ssl-static-key-ciphers

string

Enable/disable SSL static key ciphers.

disable - Disable setting.

enable - Enable setting.

Choices:

  • disable

  • enable ← (default)

task-list-size

integer

Maximum number of completed tasks to keep.

Default: 2000

tftp

string

Enable/disable TFTP in exec restore image command (disabled by default in FIPS mode)

disable - Disable TFTP

enable - Enable TFTP

Choices:

  • disable ← (default)

  • enable

timezone

string

Time zone.

00 - (GMT-12:00) Eniwetak, Kwajalein.

01 - (GMT-11:00) Midway Island, Samoa.

02 - (GMT-10:00) Hawaii.

03 - (GMT-9:00) Alaska.

04 - (GMT-8:00) Pacific Time (US & Canada).

05 - (GMT-7:00) Arizona.

06 - (GMT-7:00) Mountain Time (US & Canada).

07 - (GMT-6:00) Central America.

08 - (GMT-6:00) Central Time (US & Canada).

09 - (GMT-6:00) Mexico City.

10 - (GMT-6:00) Saskatchewan.

11 - (GMT-5:00) Bogota, Lima, Quito.

12 - (GMT-5:00) Eastern Time (US & Canada).

13 - (GMT-5:00) Indiana (East).

14 - (GMT-4:00) Atlantic Time (Canada).

15 - (GMT-4:00) La Paz.

16 - (GMT-4:00) Santiago.

17 - (GMT-3:30) Newfoundland.

18 - (GMT-3:00) Brasilia.

19 - (GMT-3:00) Buenos Aires, Georgetown.

20 - (GMT-3:00) Nuuk (Greenland).

21 - (GMT-2:00) Mid-Atlantic.

22 - (GMT-1:00) Azores.

23 - (GMT-1:00) Cape Verde Is.

24 - (GMT) Monrovia.

25 - (GMT) Greenwich Mean Time:Dublin, Edinburgh, Lisbon, London.

26 - (GMT+1:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna.

27 - (GMT+1:00) Belgrade, Bratislava, Budapest, Ljubljana, Prague.

28 - (GMT+1:00) Brussels, Copenhagen, Madrid, Paris.

29 - (GMT+1:00) Sarajevo, Skopje, Warsaw, Zagreb.

30 - (GMT+1:00) West Central Africa.

31 - (GMT+2:00) Athens, Sofia, Vilnius.

32 - (GMT+2:00) Bucharest.

33 - (GMT+2:00) Cairo.

34 - (GMT+2:00) Harare, Pretoria.

35 - (GMT+2:00) Helsinki, Riga,Tallinn.

36 - (GMT+2:00) Jerusalem.

37 - (GMT+3:00) Baghdad.

38 - (GMT+3:00) Kuwait, Riyadh.

39 - (GMT+3:00) St.Petersburg, Volgograd.

40 - (GMT+3:00) Nairobi.

41 - (GMT+3:30) Tehran.

42 - (GMT+4:00) Abu Dhabi, Muscat.

43 - (GMT+4:00) Baku.

44 - (GMT+4:30) Kabul.

45 - (GMT+5:00) Ekaterinburg.

46 - (GMT+5:00) Islamabad, Karachi,Tashkent.

47 - (GMT+5:30) Calcutta, Chennai, Mumbai, New Delhi.

48 - (GMT+5:45) Kathmandu.

49 - (GMT+6:00) Almaty, Novosibirsk.

50 - (GMT+6:00) Astana, Dhaka.

51 - (GMT+6:00) Sri Jayawardenapura.

52 - (GMT+6:30) Rangoon.

53 - (GMT+7:00) Bangkok, Hanoi, Jakarta.

54 - (GMT+7:00) Krasnoyarsk.

55 - (GMT+8:00) Beijing,ChongQing, HongKong,Urumqi.

56 - (GMT+8:00) Irkutsk, Ulaanbaatar.

57 - (GMT+8:00) Kuala Lumpur, Singapore.

58 - (GMT+8:00) Perth.

59 - (GMT+8:00) Taipei.

60 - (GMT+9:00) Osaka, Sapporo, Tokyo, Seoul.

61 - (GMT+9:00) Yakutsk.

62 - (GMT+9:30) Adelaide.

63 - (GMT+9:30) Darwin.

64 - (GMT+10:00) Brisbane.

65 - (GMT+10:00) Canberra, Melbourne, Sydney.

66 - (GMT+10:00) Guam, Port Moresby.

67 - (GMT+10:00) Hobart.

68 - (GMT+10:00) Vladivostok.

69 - (GMT+11:00) Magadan.

70 - (GMT+11:00) Solomon Is., New Caledonia.

71 - (GMT+12:00) Auckland, Wellington.

72 - (GMT+12:00) Fiji, Kamchatka, Marshall Is.

73 - (GMT+13:00) Nukualofa.

74 - (GMT-4:30) Caracas.

75 - (GMT+1:00) Namibia.

76 - (GMT-5:00) Brazil-Acre.

77 - (GMT-4:00) Brazil-West.

78 - (GMT-3:00) Brazil-East.

79 - (GMT-2:00) Brazil-DeNoronha.

80 - (GMT+14:00) Kiritimati.

81 - (GMT-7:00) Baja California Sur, Chihuahua.

82 - (GMT+12:45) Chatham Islands.

83 - (GMT+3:00) Minsk.

84 - (GMT+13:00) Samoa.

85 - (GMT+3:00) Istanbul.

86 - (GMT-4:00) Paraguay.

87 - (GMT) Casablanca.

88 - (GMT+3:00) Moscow.

89 - (GMT) Greenwich Mean Time.

Choices:

  • 00

  • 01

  • 02

  • 03

  • 04 ← (default)

  • 05

  • 06

  • 07

  • 08

  • 09

  • 10

  • 11

  • 12

  • 13

  • 14

  • 15

  • 16

  • 17

  • 18

  • 19

  • 20

  • 21

  • 22

  • 23

  • 24

  • 25

  • 26

  • 27

  • 28

  • 29

  • 30

  • 31

  • 32

  • 33

  • 34

  • 35

  • 36

  • 37

  • 38

  • 39

  • 40

  • 41

  • 42

  • 43

  • 44

  • 45

  • 46

  • 47

  • 48

  • 49

  • 50

  • 51

  • 52

  • 53

  • 54

  • 55

  • 56

  • 57

  • 58

  • 59

  • 60

  • 61

  • 62

  • 63

  • 64

  • 65

  • 66

  • 67

  • 68

  • 69

  • 70

  • 71

  • 72

  • 73

  • 74

  • 75

  • 76

  • 77

  • 78

  • 79

  • 80

  • 81

  • 82

  • 83

  • 84

  • 85

  • 86

  • 87

  • 88

  • 89

  • 90

  • 91

tunnel-mtu

integer

Maximum transportation unit(68 - 9000).

Default: 1500

usg

string

Enable/disable Fortiguard server restriction.

disable - Contact any Fortiguard server

enable - Contact Fortiguard server in USA only

Choices:

  • disable ← (default)

  • enable

vdom-mirror

string

VDOM mirror.

disable - Disable VDOM mirror function.

enable - Enable VDOM mirror function.

Choices:

  • disable ← (default)

  • enable

webservice-proto

list / elements=string

Web Service connection support SSL protocols.

Choices:

  • tlsv1.2

  • tlsv1.1

  • tlsv1.0

  • sslv3

  • sslv2

  • tlsv1.3

workflow-max-sessions

integer

Maximum number of workflow sessions per ADOM (minimum 100).

Default: 500

workspace-mode

string

Set workspace mode (ADOM Locking).

disabled - Workspace disabled.

normal - Workspace lock mode.

workflow - Workspace workflow mode.

Choices:

  • disabled ← (default)

  • normal

  • workflow

  • per-adom

workspace_locking_adom

string

the adom to lock for FortiManager running in workspace mode, the value can be global and others including root

workspace_locking_timeout

integer

the maximum time in seconds to wait for other user to release the workspace lock

Default: 300

Notes

Note

  • Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.

  • To create or update an object, use state present directive.

  • To delete an object, use state absent directive.

  • Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded

Examples

- hosts: fortimanager00
  collections:
    - fortinet.fortimanager
  connection: httpapi
  vars:
     ansible_httpapi_use_ssl: True
     ansible_httpapi_validate_certs: False
     ansible_httpapi_port: 443
  tasks:
   - name: enable workspace mode
     fmgr_system_global:
        system_global:
             adom-status: enable
             workspace-mode: normal

   - name: Script table.
     fmgr_dvmdb_script:
        bypass_validation: False
        adom: root
        state: present
        workspace_locking_adom: 'root'
        dvmdb_script:
           content: 'ansiblt-test'
           name: 'fooscript000'
           target: device_database
           type: cli

   - name: verify script table
     fmgr_fact:
        facts:
           selector: 'dvmdb_script'
           params:
               adom: 'root'
               script: 'fooscript000'
     register: info
     failed_when: info.meta.response_code != 0

   - name: restore workspace mode
     fmgr_system_global:
        system_global:
            adom-status: enable
            workspace-mode: disabled

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

request_url

string

The full url requested

Returned: always

Sample: “/sys/login/user”

response_code

integer

The status of api request

Returned: always

Sample: 0

response_message

string

The descriptive message of the api response

Returned: always

Sample: “OK.”

Authors

  • Link Zheng (@chillancezen)

  • Jie Xue (@JieX19)

  • Frank Shen (@fshen01)

  • Hongbin Lu (@fgtdev-hblu)