fortinet.fortimanager.fmgr_wtpprofile module – Configure WTP profiles or FortiAP profiles that define radio settings for manageable FortiAP platforms.
Note
This module is part of the fortinet.fortimanager collection (version 2.1.5).
You might already have this collection installed if you are using the ansible package.
It is not included in ansible-core.
To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install fortinet.fortimanager.
To use it in a playbook, specify: fortinet.fortimanager.fmgr_wtpprofile.
New in version 2.10: of fortinet.fortimanager
Synopsis
This module is able to configure a FortiManager device.
Examples include all parameters and values which need to be adjusted to data sources before usage.
Parameters
Parameter |
Comments |
|---|---|
the parameter (adom) in requested url |
|
only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters Choices:
|
|
Enable/Disable logging for task Choices:
|
|
The overridden method for the underlying Json RPC request Choices:
|
|
the rc codes list with which the conditions to fail will be overriden |
|
the rc codes list with which the conditions to succeed will be overriden |
|
the directive to create, update or delete an object Choices:
|
|
the adom to lock for FortiManager running in workspace mode, the value can be global and others including root |
|
the maximum time in seconds to wait for other user to release the workspace lock Default: 300 |
|
the top level parameters set |
|
Control management access to the managed WTP, FortiAP, or AP. Separate entries with a space. Choices:
|
|
Country in which this WTP, FortiAP or AP will operate (default = NA, automatically use the country configured for the current … Choices:
|
|
Enable/disable AP handoff of clients to other APs (default = disable). Choices:
|
|
AP local configuration profile name. |
|
Bluetooth Low Energy profile name. |
|
Comment. |
|
Enable/disable CAPWAP control message data channel offload. Choices:
|
|
Deny-Mac-List. |
|
ID. |
|
A WiFi device with this MAC address is denied access to this WTP, FortiAP or AP. |
|
Enable/disable data channel DTLS in kernel. Choices:
|
|
WTP data channel DTLS policy (default = clear-text). Choices:
|
|
Enable/disable use of energy efficient Ethernet on WTP. Choices:
|
|
Enable/disable station/VAP/radio extension information. Choices:
|
|
Enable/disable frequency handoff of clients to other channels (default = disable). Choices:
|
|
Enable/disable client load balancing during roaming to avoid roaming delay (default = disable). Choices:
|
|
Minimum received signal strength indicator (RSSI) value for handoff (20 - 30, default = 25). |
|
Threshold value for AP handoff. |
|
Method(s) by which IP fragmentation is prevented for control and data packets through CAPWAP tunnel (default = tcp-mss-adjust). Choices:
|
|
no description |
|
ESL port mode. Choices:
|
|
Bridge ESL port to SSID. |
|
LAN port mode. Choices:
|
|
Bridge LAN port to SSID. |
|
LAN port 1 mode. Choices:
|
|
Bridge LAN port 1 to SSID. |
|
LAN port 2 mode. Choices:
|
|
Bridge LAN port 2 to SSID. |
|
LAN port 3 mode. Choices:
|
|
Bridge LAN port 3 to SSID. |
|
LAN port 4 mode. Choices:
|
|
Bridge LAN port 4 to SSID. |
|
LAN port 5 mode. Choices:
|
|
Bridge LAN port 5 to SSID. |
|
LAN port 6 mode. Choices:
|
|
Bridge LAN port 6 to SSID. |
|
LAN port 7 mode. Choices:
|
|
Bridge LAN port 7 to SSID. |
|
LAN port 8 mode. Choices:
|
|
Bridge LAN port 8 to SSID. |
|
no description |
|
Enable/disable AeroScout Real Time Location Service (RTLS) support (default = disable). Choices:
|
|
Use BSSID or board MAC address as AP MAC address in AeroScout AP messages (default = bssid). Choices:
|
|
Enable/disable compounded AeroScout tag and MU report (default = enable). Choices:
|
|
Enable/disable AeroScout Mobile Unit (MU) support (default = disable). Choices:
|
|
AeroScout MU mode dilution factor (default = 20). |
|
AeroScout MU mode timeout (0 - 65535 sec, default = 5). |
|
IP address of AeroScout server. |
|
AeroScout server UDP listening port. |
|
Enable/disable Ekahau blink mode (now known as AiRISTA Flow) to track and locate WiFi tags (default = disable). Choices:
|
|
WiFi frame MAC address or WiFi Tag. |
|
IP address of Ekahau RTLS Controller (ERC). |
|
Ekahau RTLS Controller (ERC) UDP listening port. |
|
Enable/disable FortiPresence to monitor the location and activity of WiFi clients even if they dont connect to this Wi… Choices:
|
|
Enable/disable FortiPresence finding and reporting BLE devices. Choices:
|
|
FortiPresence report transmit frequency (5 - 65535 sec, default = 30). |
|
FortiPresence server UDP listening port (default = 3000). |
|
FortiPresence project name (max. 16 characters, default = fortipresence). |
|
Enable/disable FortiPresence finding and reporting rogue APs. Choices:
|
|
FortiPresence secret password (max. 16 characters). |
|
FortiPresence server IP address. |
|
Enable/disable FortiPresence finding and reporting unassociated stations. Choices:
|
|
Enable/disable client station locating services for all clients, whether associated or not (default = disable). Choices:
|
|
Recurring firewall schedules for illuminating LEDs on the FortiAP. If led-state is enabled, LEDs will be visible when at least… |
|
Enable/disable use of LEDs on WTP (default = disable). Choices:
|
|
Enable/disable Link Layer Discovery Protocol (LLDP) for the WTP, FortiAP, or AP (default = disable). Choices:
|
|
Set the managed WTP, FortiAP, or APs administrator password. |
|
Change or reset the administrator password of a managed WTP, FortiAP or AP (yes, default, or no, default = no). Choices:
|
|
Maximum number of stations (STAs) supported by the WTP (default = 0, meaning no client limitation). |
|
WTP (or FortiAP or AP) profile name. |
|
no description |
|
_Local_Platform_Str. |
|
Enable/disable use of one radio for dedicated dual-band scanning to detect RF characterization and wireless threat man… Choices:
|
|
Configure operation mode of 5G radios (default = single-5G). Choices:
|
|
WTP, FortiAP or AP platform type. There are built-in WTP profiles for all supported FortiAP models. You can select a b… Choices:
|
|
Set the WTP, FortiAP, or APs PoE mode. Choices:
|
|
no description |
|
Enable/disable airtime fairness (default = disable). Choices:
|
|
Enable/disable 802.11n AMSDU support. AMSDU can improve performance if supported by your WiFi clients (default = enable). Choices:
|
|
MAC address to monitor. |
|
Sniffer buffer size (1 - 32 MB, default = 16). |
|
Channel on which to operate the sniffer (default = 6). |
|
Enable/disable sniffer on WiFi control frame (default = enable). Choices:
|
|
Enable/disable sniffer on WiFi data frame (default = enable). Choices:
|
|
Enable/disable sniffer on WiFi management Beacon frames (default = enable). Choices:
|
|
Enable/disable sniffer on WiFi management other frames (default = enable). Choices:
|
|
Enable/disable sniffer on WiFi management probe frames (default = enable). Choices:
|
|
The upper bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP pl… |
|
Enable/disable automatic power-level adjustment to prevent co-channel interference (default = enable). Choices:
|
|
The lower bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP pl… |
|
The target of automatic transmit power adjustment in dBm. (-95 to -20, default = -70). |
|
WiFi band that Radio 1 operates on. Choices:
|
|
WiFi 5G band type. Choices:
|
|
Enable/disable WiFi multimedia (WMM) bandwidth admission control to optimize WiFi bandwidth use. A request to join the… Choices:
|
|
Maximum bandwidth capacity allowed (1 - 600000 Kbps, default = 2000). |
|
Beacon interval. The time between beacon frames in msec (the actual range of beacon interval depends on the AP platfor… |
|
BSS color value for this 11ax radio (0 - 63, 0 means disable. default = 0). |
|
Enable/disable WiFi multimedia (WMM) call admission control to optimize WiFi bandwidth use for VoIP calls. New VoIP ca… Choices:
|
|
Maximum number of Voice over WLAN (VoWLAN) phones supported by the radio (0 - 60, default = 10). |
|
Selected list of wireless radio channels. |
|
Channel bandwidth: 160,80, 40, or 20MHz. Channels may use both 20 and 40 by enabling coexistence. Choices:
|
|
Enable/disable measuring channel utilization. Choices:
|
|
Enable/disable allowing both HT20 and HT40 on the same radio (default = enable). Choices:
|
|
Enable/disable Distributed Automatic Radio Resource Provisioning (DARRP) to make sure the radio is always using the mo… Choices:
|
|
Enable/disable dynamic radio mode assignment (DRMA) (default = disable). Choices:
|
|
Network Coverage Factor (NCF) percentage required to consider a radio as redundant (default = low). Choices:
|
|
Delivery Traffic Indication Map (DTIM) period (1 - 255, default = 1). Set higher to save battery life of WiFi client i… |
|
Maximum packet size that can be sent without fragmentation (800 - 2346 bytes, default = 2346). |
|
Iperf test protocol (default = “UDP”). Choices:
|
|
Iperf service port number. |
|
Maximum number of stations (STAs) or WiFi clients supported by the radio. Range depends on the hardware. |
|
Maximum expected distance between the AP and clients (0 - 54000 m, default = 0). |
|
Mode of radio 1. Radio 1 can be disabled, configured as an access point, a rogue AP monitor, or a sniffer. Choices:
|
|
Radio power level as a percentage of the maximum transmit power (0 - 100, default = 100). |
|
Set radio effective isotropic radiated power (EIRP) in dBm or by a percentage of the maximum EIRP (default = percentag… Choices:
|
|
Radio EIRP power in dBm (1 - 33, default = 27). |
|
Enable client power-saving features such as TIM, AC VO, and OBSS etc. Choices:
|
|
Enable/disable 802.11g protection modes to support backwards compatibility with older clients (rtscts, ctsonly, disable). Choices:
|
|
Radio-Id. |
|
Maximum packet size for RTS transmissions, specifying the maximum size of a data packet before RTS/CTS (256 - 2346 byt… |
|
BSSID for WiFi network. |
|
Enable/disable Captive Portal Authentication (default = disable). Choices:
|
|
Passphrase for WiFi network connection. |
|
SAM report interval (sec), 0 for a one-time report. |
|
Select WiFi network security type (default = “wpa-personal”). Choices:
|
|
SAM test server IP address or domain name. |
|
SSID for WiFi network. |
|
Select SAM test type (default = “PING”). Choices:
|
|
Username for WiFi network connection. |
|
Use either the short guard interval (Short GI) of 400 ns or the long guard interval (Long GI) of 800 ns. Choices:
|
|
Spectrum-Analysis. Choices:
|
|
Packet transmission optimization options including power saving, aggregation limiting, retry limiting, etc. All are enabled by default. Choices:
|
|
Configure method for assigning SSIDs to this FortiAP (default = automatically assign tunnel SSIDs). Choices:
|
|
Virtual Access Point (VAP) for wlan ID 1 |
|
Virtual Access Point (VAP) for wlan ID 2 |
|
Virtual Access Point (VAP) for wlan ID 3 |
|
Virtual Access Point (VAP) for wlan ID 4 |
|
Virtual Access Point (VAP) for wlan ID 5 |
|
Virtual Access Point (VAP) for wlan ID 6 |
|
Virtual Access Point (VAP) for wlan ID 7 |
|
Virtual Access Point (VAP) for wlan ID 8 |
|
Manually selected list of Virtual Access Points (VAPs). |
|
Wireless Intrusion Detection System (WIDS) profile name to assign to the radio. |
|
Enable/disable zero wait DFS on radio (default = enable). Choices:
|
|
no description |
|
Enable/disable airtime fairness (default = disable). Choices:
|
|
Enable/disable 802.11n AMSDU support. AMSDU can improve performance if supported by your WiFi clients (default = enable). Choices:
|
|
MAC address to monitor. |
|
Sniffer buffer size (1 - 32 MB, default = 16). |
|
Channel on which to operate the sniffer (default = 6). |
|
Enable/disable sniffer on WiFi control frame (default = enable). Choices:
|
|
Enable/disable sniffer on WiFi data frame (default = enable). Choices:
|
|
Enable/disable sniffer on WiFi management Beacon frames (default = enable). Choices:
|
|
Enable/disable sniffer on WiFi management other frames (default = enable). Choices:
|
|
Enable/disable sniffer on WiFi management probe frames (default = enable). Choices:
|
|
The upper bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP pl… |
|
Enable/disable automatic power-level adjustment to prevent co-channel interference (default = enable). Choices:
|
|
The lower bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP pl… |
|
The target of automatic transmit power adjustment in dBm. (-95 to -20, default = -70). |
|
WiFi band that Radio 2 operates on. Choices:
|
|
WiFi 5G band type. Choices:
|
|
Enable/disable WiFi multimedia (WMM) bandwidth admission control to optimize WiFi bandwidth use. A request to join the… Choices:
|
|
Maximum bandwidth capacity allowed (1 - 600000 Kbps, default = 2000). |
|
Beacon interval. The time between beacon frames in msec (the actual range of beacon interval depends on the AP platfor… |
|
BSS color value for this 11ax radio (0 - 63, 0 means disable. default = 0). |
|
Enable/disable WiFi multimedia (WMM) call admission control to optimize WiFi bandwidth use for VoIP calls. New VoIP ca… Choices:
|
|
Maximum number of Voice over WLAN (VoWLAN) phones supported by the radio (0 - 60, default = 10). |
|
Selected list of wireless radio channels. |
|
Channel bandwidth: 160,80, 40, or 20MHz. Channels may use both 20 and 40 by enabling coexistence. Choices:
|
|
Enable/disable measuring channel utilization. Choices:
|
|
Enable/disable allowing both HT20 and HT40 on the same radio (default = enable). Choices:
|
|
Enable/disable Distributed Automatic Radio Resource Provisioning (DARRP) to make sure the radio is always using the mo… Choices:
|
|
Enable/disable dynamic radio mode assignment (DRMA) (default = disable). Choices:
|
|
Network Coverage Factor (NCF) percentage required to consider a radio as redundant (default = low). Choices:
|
|
Delivery Traffic Indication Map (DTIM) period (1 - 255, default = 1). Set higher to save battery life of WiFi client i… |
|
Maximum packet size that can be sent without fragmentation (800 - 2346 bytes, default = 2346). |
|
Iperf test protocol (default = “UDP”). Choices:
|
|
Iperf service port number. |
|
Maximum number of stations (STAs) or WiFi clients supported by the radio. Range depends on the hardware. |
|
Maximum expected distance between the AP and clients (0 - 54000 m, default = 0). |
|
Mode of radio 2. Radio 2 can be disabled, configured as an access point, a rogue AP monitor, or a sniffer. Choices:
|
|
Radio power level as a percentage of the maximum transmit power (0 - 100, default = 100). |
|
Set radio effective isotropic radiated power (EIRP) in dBm or by a percentage of the maximum EIRP (default = percentag… Choices:
|
|
Radio EIRP power in dBm (1 - 33, default = 27). |
|
Enable client power-saving features such as TIM, AC VO, and OBSS etc. Choices:
|
|
Enable/disable 802.11g protection modes to support backwards compatibility with older clients (rtscts, ctsonly, disable). Choices:
|
|
Radio-Id. |
|
Maximum packet size for RTS transmissions, specifying the maximum size of a data packet before RTS/CTS (256 - 2346 byt… |
|
BSSID for WiFi network. |
|
Enable/disable Captive Portal Authentication (default = disable). Choices:
|
|
Passphrase for WiFi network connection. |
|
SAM report interval (sec), 0 for a one-time report. |
|
Select WiFi network security type (default = “wpa-personal”). Choices:
|
|
SAM test server IP address or domain name. |
|
SSID for WiFi network. |
|
Select SAM test type (default = “PING”). Choices:
|
|
Username for WiFi network connection. |
|
Use either the short guard interval (Short GI) of 400 ns or the long guard interval (Long GI) of 800 ns. Choices:
|
|
Spectrum-Analysis. Choices:
|
|
Packet transmission optimization options including power saving, aggregation limiting, retry limiting, etc. All are enabled by default. Choices:
|
|
Configure method for assigning SSIDs to this FortiAP (default = automatically assign tunnel SSIDs). Choices:
|
|
Virtual Access Point (VAP) for wlan ID 1 |
|
Virtual Access Point (VAP) for wlan ID 2 |
|
Virtual Access Point (VAP) for wlan ID 3 |
|
Virtual Access Point (VAP) for wlan ID 4 |
|
Virtual Access Point (VAP) for wlan ID 5 |
|
Virtual Access Point (VAP) for wlan ID 6 |
|
Virtual Access Point (VAP) for wlan ID 7 |
|
Virtual Access Point (VAP) for wlan ID 8 |
|
Manually selected list of Virtual Access Points (VAPs). |
|
Wireless Intrusion Detection System (WIDS) profile name to assign to the radio. |
|
Enable/disable zero wait DFS on radio (default = enable). Choices:
|
|
no description |
|
Enable/disable airtime fairness (default = disable). Choices:
|
|
Enable/disable 802.11n AMSDU support. AMSDU can improve performance if supported by your WiFi clients (default = enable). Choices:
|
|
MAC address to monitor. |
|
Sniffer buffer size (1 - 32 MB, default = 16). |
|
Channel on which to operate the sniffer (default = 6). |
|
Enable/disable sniffer on WiFi control frame (default = enable). Choices:
|
|
Enable/disable sniffer on WiFi data frame (default = enable). Choices:
|
|
Enable/disable sniffer on WiFi management Beacon frames (default = enable). Choices:
|
|
Enable/disable sniffer on WiFi management other frames (default = enable). Choices:
|
|
Enable/disable sniffer on WiFi management probe frames (default = enable). Choices:
|
|
The upper bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP pl… |
|
Enable/disable automatic power-level adjustment to prevent co-channel interference (default = enable). Choices:
|
|
The lower bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP pl… |
|
The target of automatic transmit power adjustment in dBm. (-95 to -20, default = -70). |
|
WiFi band that Radio 3 operates on. Choices:
|
|
WiFi 5G band type. Choices:
|
|
Enable/disable WiFi multimedia (WMM) bandwidth admission control to optimize WiFi bandwidth use. A request to join the… Choices:
|
|
Maximum bandwidth capacity allowed (1 - 600000 Kbps, default = 2000). |
|
Beacon interval. The time between beacon frames in msec (the actual range of beacon interval depends on the AP platfor… |
|
BSS color value for this 11ax radio (0 - 63, 0 means disable. default = 0). |
|
Enable/disable WiFi multimedia (WMM) call admission control to optimize WiFi bandwidth use for VoIP calls. New VoIP ca… Choices:
|
|
Maximum number of Voice over WLAN (VoWLAN) phones supported by the radio (0 - 60, default = 10). |
|
Selected list of wireless radio channels. |
|
Channel bandwidth: 160,80, 40, or 20MHz. Channels may use both 20 and 40 by enabling coexistence. Choices:
|
|
Enable/disable measuring channel utilization. Choices:
|
|
Enable/disable allowing both HT20 and HT40 on the same radio (default = enable). Choices:
|
|
Enable/disable Distributed Automatic Radio Resource Provisioning (DARRP) to make sure the radio is always using the mo… Choices:
|
|
Enable/disable dynamic radio mode assignment (DRMA) (default = disable). Choices:
|
|
Network Coverage Factor (NCF) percentage required to consider a radio as redundant (default = low). Choices:
|
|
Delivery Traffic Indication Map (DTIM) period (1 - 255, default = 1). Set higher to save battery life of WiFi client i… |
|
Maximum packet size that can be sent without fragmentation (800 - 2346 bytes, default = 2346). |
|
Iperf test protocol (default = “UDP”). Choices:
|
|
Iperf service port number. |
|
Maximum number of stations (STAs) or WiFi clients supported by the radio. Range depends on the hardware. |
|
Maximum expected distance between the AP and clients (0 - 54000 m, default = 0). |
|
Mode of radio 3. Radio 3 can be disabled, configured as an access point, a rogue AP monitor, or a sniffer. Choices:
|
|
Radio power level as a percentage of the maximum transmit power (0 - 100, default = 100). |
|
Set radio effective isotropic radiated power (EIRP) in dBm or by a percentage of the maximum EIRP (default = percentag… Choices:
|
|
Radio EIRP power in dBm (1 - 33, default = 27). |
|
Enable client power-saving features such as TIM, AC VO, and OBSS etc. Choices:
|
|
Enable/disable 802.11g protection modes to support backwards compatibility with older clients (rtscts, ctsonly, disable). Choices:
|
|
Radio-Id. |
|
Maximum packet size for RTS transmissions, specifying the maximum size of a data packet before RTS/CTS (256 - 2346 byt… |
|
BSSID for WiFi network. |
|
Enable/disable Captive Portal Authentication (default = disable). Choices:
|
|
Passphrase for WiFi network connection. |
|
SAM report interval (sec), 0 for a one-time report. |
|
Select WiFi network security type (default = “wpa-personal”). Choices:
|
|
SAM test server IP address or domain name. |
|
SSID for WiFi network. |
|
Select SAM test type (default = “PING”). Choices:
|
|
Username for WiFi network connection. |
|
Use either the short guard interval (Short GI) of 400 ns or the long guard interval (Long GI) of 800 ns. Choices:
|
|
Spectrum-Analysis. Choices:
|
|
Packet transmission optimization options including power saving, aggregation limiting, retry limiting, etc. All are enabled by default. Choices:
|
|
Configure method for assigning SSIDs to this FortiAP (default = automatically assign tunnel SSIDs). Choices:
|
|
Virtual Access Point (VAP) for wlan ID 1 |
|
Virtual Access Point (VAP) for wlan ID 2 |
|
Virtual Access Point (VAP) for wlan ID 3 |
|
Virtual Access Point (VAP) for wlan ID 4 |
|
Virtual Access Point (VAP) for wlan ID 5 |
|
Virtual Access Point (VAP) for wlan ID 6 |
|
Virtual Access Point (VAP) for wlan ID 7 |
|
Virtual Access Point (VAP) for wlan ID 8 |
|
Manually selected list of Virtual Access Points (VAPs). |
|
Wireless Intrusion Detection System (WIDS) profile name to assign to the radio. |
|
Enable/disable zero wait DFS on radio (default = enable). Choices:
|
|
no description |
|
Enable/disable airtime fairness (default = disable). Choices:
|
|
Enable/disable 802.11n AMSDU support. AMSDU can improve performance if supported by your WiFi clients (default = enable). Choices:
|
|
MAC address to monitor. |
|
Sniffer buffer size (1 - 32 MB, default = 16). |
|
Channel on which to operate the sniffer (default = 6). |
|
Enable/disable sniffer on WiFi control frame (default = enable). Choices:
|
|
Enable/disable sniffer on WiFi data frame (default = enable). Choices:
|
|
Enable/disable sniffer on WiFi management Beacon frames (default = enable). Choices:
|
|
Enable/disable sniffer on WiFi management other frames (default = enable). Choices:
|
|
Enable/disable sniffer on WiFi management probe frames (default = enable). Choices:
|
|
The upper bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP pl… |
|
Enable/disable automatic power-level adjustment to prevent co-channel interference (default = enable). Choices:
|
|
The lower bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP pl… |
|
The target of automatic transmit power adjustment in dBm. (-95 to -20, default = -70). |
|
WiFi band that Radio 3 operates on. Choices:
|
|
WiFi 5G band type. Choices:
|
|
Enable/disable WiFi multimedia (WMM) bandwidth admission control to optimize WiFi bandwidth use. A request to join the… Choices:
|
|
Maximum bandwidth capacity allowed (1 - 600000 Kbps, default = 2000). |
|
Beacon interval. The time between beacon frames in msec (the actual range of beacon interval depends on the AP platfor… |
|
BSS color value for this 11ax radio (0 - 63, 0 means disable. default = 0). |
|
Enable/disable WiFi multimedia (WMM) call admission control to optimize WiFi bandwidth use for VoIP calls. New VoIP ca… Choices:
|
|
Maximum number of Voice over WLAN (VoWLAN) phones supported by the radio (0 - 60, default = 10). |
|
Selected list of wireless radio channels. |
|
Channel bandwidth: 160,80, 40, or 20MHz. Channels may use both 20 and 40 by enabling coexistence. Choices:
|
|
Enable/disable measuring channel utilization. Choices:
|
|
Enable/disable allowing both HT20 and HT40 on the same radio (default = enable). Choices:
|
|
Enable/disable Distributed Automatic Radio Resource Provisioning (DARRP) to make sure the radio is always using the mo… Choices:
|
|
Enable/disable dynamic radio mode assignment (DRMA) (default = disable). Choices:
|
|
Network Coverage Factor (NCF) percentage required to consider a radio as redundant (default = low). Choices:
|
|
Delivery Traffic Indication Map (DTIM) period (1 - 255, default = 1). Set higher to save battery life of WiFi client i… |
|
Maximum packet size that can be sent without fragmentation (800 - 2346 bytes, default = 2346). |
|
Iperf test protocol (default = “UDP”). Choices:
|
|
Iperf service port number. |
|
Maximum number of stations (STAs) or WiFi clients supported by the radio. Range depends on the hardware. |
|
Maximum expected distance between the AP and clients (0 - 54000 m, default = 0). |
|
Mode of radio 3. Radio 3 can be disabled, configured as an access point, a rogue AP monitor, or a sniffer. Choices:
|
|
Radio power level as a percentage of the maximum transmit power (0 - 100, default = 100). |
|
Set radio effective isotropic radiated power (EIRP) in dBm or by a percentage of the maximum EIRP (default = percentag… Choices:
|
|
Radio EIRP power in dBm (1 - 33, default = 27). |
|
Enable client power-saving features such as TIM, AC VO, and OBSS etc. Choices:
|
|
Enable/disable 802.11g protection modes to support backwards compatibility with older clients (rtscts, ctsonly, disable). Choices:
|
|
Radio-Id. |
|
Maximum packet size for RTS transmissions, specifying the maximum size of a data packet before RTS/CTS (256 - 2346 byt… |
|
BSSID for WiFi network. |
|
Enable/disable Captive Portal Authentication (default = disable). Choices:
|
|
Passphrase for WiFi network connection. |
|
SAM report interval (sec), 0 for a one-time report. |
|
Select WiFi network security type (default = “wpa-personal”). Choices:
|
|
SAM test server IP address or domain name. |
|
SSID for WiFi network. |
|
Select SAM test type (default = “PING”). Choices:
|
|
Username for WiFi network connection. |
|
Use either the short guard interval (Short GI) of 400 ns or the long guard interval (Long GI) of 800 ns. Choices:
|
|
Spectrum-Analysis. Choices:
|
|
Packet transmission optimization options including power saving, aggregation limiting, retry limiting, etc. All are enabled by default. Choices:
|
|
Configure method for assigning SSIDs to this FortiAP (default = automatically assign tunnel SSIDs). Choices:
|
|
Virtual Access Point (VAP) for wlan ID 1 |
|
Virtual Access Point (VAP) for wlan ID 2 |
|
Virtual Access Point (VAP) for wlan ID 3 |
|
Virtual Access Point (VAP) for wlan ID 4 |
|
Virtual Access Point (VAP) for wlan ID 5 |
|
Virtual Access Point (VAP) for wlan ID 6 |
|
Virtual Access Point (VAP) for wlan ID 7 |
|
Virtual Access Point (VAP) for wlan ID 8 |
|
Manually selected list of Virtual Access Points (VAPs). |
|
Wireless Intrusion Detection System (WIDS) profile name to assign to the radio. |
|
Enable/disable zero wait DFS on radio (default = enable). Choices:
|
|
Enable/disable SNMP for the WTP, FortiAP, or AP (default = disable). Choices:
|
|
Split-Tunneling-Acl. |
|
Destination IP and mask for the split-tunneling subnet. |
|
ID. |
|
Enable/disable automatically adding local subnetwork of FortiAP to split-tunneling ACL (default = disable). Choices:
|
|
Split tunneling ACL path is local/tunnel. Choices:
|
|
Downlink CAPWAP tunnel MTU (0, 576, or 1500 bytes, default = 0). |
|
Uplink CAPWAP tunnel MTU (0, 576, or 1500 bytes, default = 0). |
|
Enable/disable using a WAN port as a LAN port. Choices:
|
Notes
Note
Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.
To create or update an object, use state present directive.
To delete an object, use state absent directive.
Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded
Examples
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: Configure WTP profiles or FortiAP profiles that define radio settings for manageable FortiAP platforms.
fmgr_wtpprofile:
bypass_validation: False
workspace_locking_adom: <value in [global, custom adom including root]>
workspace_locking_timeout: 300
rc_succeeded: [0, -2, -3, ...]
rc_failed: [-2, -3, ...]
adom: <your own value>
state: <value in [present, absent]>
wtpprofile:
allowaccess:
- https
- ssh
- snmp
- http
- telnet
ap-country: <value in [AL, DZ, AR, ...]>
ble-profile: <value of string>
comment: <value of string>
control-message-offload:
- ebp-frame
- aeroscout-tag
- ap-list
- sta-list
- sta-cap-list
- stats
- aeroscout-mu
- sta-health
- spectral-analysis
deny-mac-list:
-
id: <value of integer>
mac: <value of string>
dtls-in-kernel: <value in [disable, enable]>
dtls-policy:
- clear-text
- dtls-enabled
- ipsec-vpn
energy-efficient-ethernet: <value in [disable, enable]>
ext-info-enable: <value in [disable, enable]>
handoff-roaming: <value in [disable, enable]>
handoff-rssi: <value of integer>
handoff-sta-thresh: <value of integer>
ip-fragment-preventing:
- tcp-mss-adjust
- icmp-unreachable
led-schedules: <value of string>
led-state: <value in [disable, enable]>
lldp: <value in [disable, enable]>
login-passwd: <value of string>
login-passwd-change: <value in [no, yes, default]>
max-clients: <value of integer>
name: <value of string>
poe-mode: <value in [auto, 8023af, 8023at, ...]>
split-tunneling-acl:
-
dest-ip: <value of string>
id: <value of integer>
split-tunneling-acl-local-ap-subnet: <value in [disable, enable]>
split-tunneling-acl-path: <value in [tunnel, local]>
tun-mtu-downlink: <value of integer>
tun-mtu-uplink: <value of integer>
wan-port-mode: <value in [wan-lan, wan-only]>
snmp: <value in [disable, enable]>
ap-handoff: <value in [disable, enable]>
apcfg-profile: <value of string>
frequency-handoff: <value in [disable, enable]>
lan:
port-esl-mode: <value in [offline, bridge-to-wan, bridge-to-ssid, ...]>
port-esl-ssid: <value of string>
port-mode: <value in [offline, bridge-to-wan, bridge-to-ssid, ...]>
port-ssid: <value of string>
port1-mode: <value in [offline, bridge-to-wan, bridge-to-ssid, ...]>
port1-ssid: <value of string>
port2-mode: <value in [offline, bridge-to-wan, bridge-to-ssid, ...]>
port2-ssid: <value of string>
port3-mode: <value in [offline, bridge-to-wan, bridge-to-ssid, ...]>
port3-ssid: <value of string>
port4-mode: <value in [offline, bridge-to-wan, bridge-to-ssid, ...]>
port4-ssid: <value of string>
port5-mode: <value in [offline, bridge-to-wan, bridge-to-ssid, ...]>
port5-ssid: <value of string>
port6-mode: <value in [offline, bridge-to-wan, bridge-to-ssid, ...]>
port6-ssid: <value of string>
port7-mode: <value in [offline, bridge-to-wan, bridge-to-ssid, ...]>
port7-ssid: <value of string>
port8-mode: <value in [offline, bridge-to-wan, bridge-to-ssid, ...]>
port8-ssid: <value of string>
lbs:
aeroscout: <value in [disable, enable]>
aeroscout-ap-mac: <value in [bssid, board-mac]>
aeroscout-mmu-report: <value in [disable, enable]>
aeroscout-mu: <value in [disable, enable]>
aeroscout-mu-factor: <value of integer>
aeroscout-mu-timeout: <value of integer>
aeroscout-server-ip: <value of string>
aeroscout-server-port: <value of integer>
ekahau-blink-mode: <value in [disable, enable]>
ekahau-tag: <value of string>
erc-server-ip: <value of string>
erc-server-port: <value of integer>
fortipresence: <value in [disable, enable, enable2, ...]>
fortipresence-ble: <value in [disable, enable]>
fortipresence-frequency: <value of integer>
fortipresence-port: <value of integer>
fortipresence-project: <value of string>
fortipresence-rogue: <value in [disable, enable]>
fortipresence-secret: <value of string>
fortipresence-server: <value of string>
fortipresence-unassoc: <value in [disable, enable]>
station-locate: <value in [disable, enable]>
platform:
ddscan: <value in [disable, enable]>
mode: <value in [dual-5G, single-5G]>
type: <value in [30B-50B, 60B, 80CM-81CM, ...]>
_local_platform_str: <value of string>
radio-1:
airtime-fairness: <value in [disable, enable]>
amsdu: <value in [disable, enable]>
ap-sniffer-addr: <value of string>
ap-sniffer-bufsize: <value of integer>
ap-sniffer-chan: <value of integer>
ap-sniffer-ctl: <value in [disable, enable]>
ap-sniffer-data: <value in [disable, enable]>
ap-sniffer-mgmt-beacon: <value in [disable, enable]>
ap-sniffer-mgmt-other: <value in [disable, enable]>
ap-sniffer-mgmt-probe: <value in [disable, enable]>
auto-power-high: <value of integer>
auto-power-level: <value in [disable, enable]>
auto-power-low: <value of integer>
auto-power-target: <value of string>
band: <value in [802.11b, 802.11a, 802.11g, ...]>
band-5g-type: <value in [5g-full, 5g-high, 5g-low]>
bandwidth-admission-control: <value in [disable, enable]>
bandwidth-capacity: <value of integer>
beacon-interval: <value of integer>
bss-color: <value of integer>
call-admission-control: <value in [disable, enable]>
call-capacity: <value of integer>
channel: <value of string>
channel-bonding: <value in [disable, enable, 80MHz, ...]>
channel-utilization: <value in [disable, enable]>
coexistence: <value in [disable, enable]>
darrp: <value in [disable, enable]>
drma: <value in [disable, enable]>
drma-sensitivity: <value in [low, medium, high]>
dtim: <value of integer>
frag-threshold: <value of integer>
max-clients: <value of integer>
max-distance: <value of integer>
mode: <value in [disabled, ap, monitor, ...]>
power-level: <value of integer>
powersave-optimize:
- tim
- ac-vo
- no-obss-scan
- no-11b-rate
- client-rate-follow
protection-mode: <value in [rtscts, ctsonly, disable]>
radio-id: <value of integer>
rts-threshold: <value of integer>
short-guard-interval: <value in [disable, enable]>
spectrum-analysis: <value in [disable, enable, scan-only]>
transmit-optimize:
- disable
- power-save
- aggr-limit
- retry-limit
- send-bar
vap-all: <value in [disable, enable, tunnel, ...]>
vap1: <value of string>
vap2: <value of string>
vap3: <value of string>
vap4: <value of string>
vap5: <value of string>
vap6: <value of string>
vap7: <value of string>
vap8: <value of string>
vaps: <value of string>
wids-profile: <value of string>
zero-wait-dfs: <value in [disable, enable]>
iperf-protocol: <value in [udp, tcp]>
iperf-server-port: <value of integer>
power-mode: <value in [dBm, percentage]>
power-value: <value of integer>
sam-bssid: <value of string>
sam-captive-portal: <value in [disable, enable]>
sam-password: <value of string>
sam-report-intv: <value of integer>
sam-security-type: <value in [open, wpa-personal, wpa-enterprise]>
sam-server: <value of string>
sam-ssid: <value of string>
sam-test: <value in [ping, iperf]>
sam-username: <value of string>
radio-2:
airtime-fairness: <value in [disable, enable]>
amsdu: <value in [disable, enable]>
ap-sniffer-addr: <value of string>
ap-sniffer-bufsize: <value of integer>
ap-sniffer-chan: <value of integer>
ap-sniffer-ctl: <value in [disable, enable]>
ap-sniffer-data: <value in [disable, enable]>
ap-sniffer-mgmt-beacon: <value in [disable, enable]>
ap-sniffer-mgmt-other: <value in [disable, enable]>
ap-sniffer-mgmt-probe: <value in [disable, enable]>
auto-power-high: <value of integer>
auto-power-level: <value in [disable, enable]>
auto-power-low: <value of integer>
auto-power-target: <value of string>
band: <value in [802.11b, 802.11a, 802.11g, ...]>
band-5g-type: <value in [5g-full, 5g-high, 5g-low]>
bandwidth-admission-control: <value in [disable, enable]>
bandwidth-capacity: <value of integer>
beacon-interval: <value of integer>
bss-color: <value of integer>
call-admission-control: <value in [disable, enable]>
call-capacity: <value of integer>
channel: <value of string>
channel-bonding: <value in [disable, enable, 80MHz, ...]>
channel-utilization: <value in [disable, enable]>
coexistence: <value in [disable, enable]>
darrp: <value in [disable, enable]>
drma: <value in [disable, enable]>
drma-sensitivity: <value in [low, medium, high]>
dtim: <value of integer>
frag-threshold: <value of integer>
max-clients: <value of integer>
max-distance: <value of integer>
mode: <value in [disabled, ap, monitor, ...]>
power-level: <value of integer>
powersave-optimize:
- tim
- ac-vo
- no-obss-scan
- no-11b-rate
- client-rate-follow
protection-mode: <value in [rtscts, ctsonly, disable]>
radio-id: <value of integer>
rts-threshold: <value of integer>
short-guard-interval: <value in [disable, enable]>
spectrum-analysis: <value in [disable, enable, scan-only]>
transmit-optimize:
- disable
- power-save
- aggr-limit
- retry-limit
- send-bar
vap-all: <value in [disable, enable, tunnel, ...]>
vap1: <value of string>
vap2: <value of string>
vap3: <value of string>
vap4: <value of string>
vap5: <value of string>
vap6: <value of string>
vap7: <value of string>
vap8: <value of string>
vaps: <value of string>
wids-profile: <value of string>
zero-wait-dfs: <value in [disable, enable]>
iperf-protocol: <value in [udp, tcp]>
iperf-server-port: <value of integer>
power-mode: <value in [dBm, percentage]>
power-value: <value of integer>
sam-bssid: <value of string>
sam-captive-portal: <value in [disable, enable]>
sam-password: <value of string>
sam-report-intv: <value of integer>
sam-security-type: <value in [open, wpa-personal, wpa-enterprise]>
sam-server: <value of string>
sam-ssid: <value of string>
sam-test: <value in [ping, iperf]>
sam-username: <value of string>
radio-3:
airtime-fairness: <value in [disable, enable]>
amsdu: <value in [disable, enable]>
ap-sniffer-addr: <value of string>
ap-sniffer-bufsize: <value of integer>
ap-sniffer-chan: <value of integer>
ap-sniffer-ctl: <value in [disable, enable]>
ap-sniffer-data: <value in [disable, enable]>
ap-sniffer-mgmt-beacon: <value in [disable, enable]>
ap-sniffer-mgmt-other: <value in [disable, enable]>
ap-sniffer-mgmt-probe: <value in [disable, enable]>
auto-power-high: <value of integer>
auto-power-level: <value in [disable, enable]>
auto-power-low: <value of integer>
auto-power-target: <value of string>
band: <value in [802.11b, 802.11a, 802.11g, ...]>
band-5g-type: <value in [5g-full, 5g-high, 5g-low]>
bandwidth-admission-control: <value in [disable, enable]>
bandwidth-capacity: <value of integer>
beacon-interval: <value of integer>
bss-color: <value of integer>
call-admission-control: <value in [disable, enable]>
call-capacity: <value of integer>
channel: <value of string>
channel-bonding: <value in [80MHz, 40MHz, 20MHz, ...]>
channel-utilization: <value in [disable, enable]>
coexistence: <value in [disable, enable]>
darrp: <value in [disable, enable]>
drma: <value in [disable, enable]>
drma-sensitivity: <value in [low, medium, high]>
dtim: <value of integer>
frag-threshold: <value of integer>
max-clients: <value of integer>
max-distance: <value of integer>
mode: <value in [disabled, ap, monitor, ...]>
power-level: <value of integer>
powersave-optimize:
- tim
- ac-vo
- no-obss-scan
- no-11b-rate
- client-rate-follow
protection-mode: <value in [rtscts, ctsonly, disable]>
radio-id: <value of integer>
rts-threshold: <value of integer>
short-guard-interval: <value in [disable, enable]>
spectrum-analysis: <value in [disable, enable, scan-only]>
transmit-optimize:
- disable
- power-save
- aggr-limit
- retry-limit
- send-bar
vap-all: <value in [disable, enable, tunnel, ...]>
vap1: <value of string>
vap2: <value of string>
vap3: <value of string>
vap4: <value of string>
vap5: <value of string>
vap6: <value of string>
vap7: <value of string>
vap8: <value of string>
vaps: <value of string>
wids-profile: <value of string>
zero-wait-dfs: <value in [disable, enable]>
iperf-protocol: <value in [udp, tcp]>
iperf-server-port: <value of integer>
power-mode: <value in [dBm, percentage]>
power-value: <value of integer>
sam-bssid: <value of string>
sam-captive-portal: <value in [disable, enable]>
sam-password: <value of string>
sam-report-intv: <value of integer>
sam-security-type: <value in [open, wpa-personal, wpa-enterprise]>
sam-server: <value of string>
sam-ssid: <value of string>
sam-test: <value in [ping, iperf]>
sam-username: <value of string>
radio-4:
airtime-fairness: <value in [disable, enable]>
amsdu: <value in [disable, enable]>
ap-sniffer-addr: <value of string>
ap-sniffer-bufsize: <value of integer>
ap-sniffer-chan: <value of integer>
ap-sniffer-ctl: <value in [disable, enable]>
ap-sniffer-data: <value in [disable, enable]>
ap-sniffer-mgmt-beacon: <value in [disable, enable]>
ap-sniffer-mgmt-other: <value in [disable, enable]>
ap-sniffer-mgmt-probe: <value in [disable, enable]>
auto-power-high: <value of integer>
auto-power-level: <value in [disable, enable]>
auto-power-low: <value of integer>
auto-power-target: <value of string>
band: <value in [802.11b, 802.11a, 802.11g, ...]>
band-5g-type: <value in [5g-full, 5g-high, 5g-low]>
bandwidth-admission-control: <value in [disable, enable]>
bandwidth-capacity: <value of integer>
beacon-interval: <value of integer>
bss-color: <value of integer>
call-admission-control: <value in [disable, enable]>
call-capacity: <value of integer>
channel: <value of string>
channel-bonding: <value in [80MHz, 40MHz, 20MHz, ...]>
channel-utilization: <value in [disable, enable]>
coexistence: <value in [disable, enable]>
darrp: <value in [disable, enable]>
drma: <value in [disable, enable]>
drma-sensitivity: <value in [low, medium, high]>
dtim: <value of integer>
frag-threshold: <value of integer>
max-clients: <value of integer>
max-distance: <value of integer>
mode: <value in [ap, monitor, sniffer, ...]>
power-level: <value of integer>
powersave-optimize:
- tim
- ac-vo
- no-obss-scan
- no-11b-rate
- client-rate-follow
protection-mode: <value in [rtscts, ctsonly, disable]>
radio-id: <value of integer>
rts-threshold: <value of integer>
short-guard-interval: <value in [disable, enable]>
spectrum-analysis: <value in [disable, enable, scan-only]>
transmit-optimize:
- disable
- power-save
- aggr-limit
- retry-limit
- send-bar
vap-all: <value in [disable, enable, tunnel, ...]>
vap1: <value of string>
vap2: <value of string>
vap3: <value of string>
vap4: <value of string>
vap5: <value of string>
vap6: <value of string>
vap7: <value of string>
vap8: <value of string>
vaps: <value of string>
wids-profile: <value of string>
zero-wait-dfs: <value in [disable, enable]>
iperf-protocol: <value in [udp, tcp]>
iperf-server-port: <value of integer>
power-mode: <value in [dBm, percentage]>
power-value: <value of integer>
sam-bssid: <value of string>
sam-captive-portal: <value in [disable, enable]>
sam-password: <value of string>
sam-report-intv: <value of integer>
sam-security-type: <value in [open, wpa-personal, wpa-enterprise]>
sam-server: <value of string>
sam-ssid: <value of string>
sam-test: <value in [ping, iperf]>
sam-username: <value of string>
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
|---|---|
The full url requested Returned: always Sample: “/sys/login/user” |
|
The status of api request Returned: always Sample: 0 |
|
The descriptive message of the api response Returned: always Sample: “OK.” |
Authors
Link Zheng (@chillancezen)
Jie Xue (@JieX19)
Frank Shen (@fshen01)
Hongbin Lu (@fgtdev-hblu)