fortinet.fortios.fortios_wireless_controller_wtp_profile module – Configure WTP profiles or FortiAP profiles that define radio settings for manageable FortiAP platforms in Fortinet’s FortiOS and FortiGate.
Note
This module is part of the fortinet.fortios collection (version 2.1.6).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install fortinet.fortios
.
To use it in a playbook, specify: fortinet.fortios.fortios_wireless_controller_wtp_profile
.
New in version 2.0.0: of fortinet.fortios
Synopsis
This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify wireless_controller feature and wtp_profile category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
Requirements
The below requirements are needed on the host that executes this module.
ansible>=2.9.0
Parameters
Parameter |
Comments |
---|---|
Token-based authentication. Generated from GUI of Fortigate. |
|
Enable/Disable logging for task. Choices:
|
|
Member attribute path to operate on. Delimited by a slash character if there are more than one attribute. Parameter marked with member_path is legitimate for doing member operation. |
|
Add or delete a member under specified attribute path. When member_state is specified, the state option is ignored. Choices:
|
|
Indicates whether to create or remove the object. Choices:
|
|
Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. Default: “root” |
|
Configure WTP profiles or FortiAP profiles that define radio settings for manageable FortiAP platforms. |
|
Control management access to the managed WTP, FortiAP, or AP. Separate entries with a space. Choices:
|
|
Country in which this WTP, FortiAP, or AP will operate . Choices:
|
|
Enable/disable AP handoff of clients to other APs . Choices:
|
|
AP local configuration profile name. Source wireless-controller.apcfg-profile.name. |
|
Bluetooth Low Energy profile name. Source wireless-controller.ble-profile.name. |
|
Comment. |
|
Enable/disable FortiAP console login access . Choices:
|
|
Enable/disable CAPWAP control message data channel offload. Choices:
|
|
List of MAC addresses that are denied access to this WTP, FortiAP, or AP. |
|
ID. |
|
A WiFi device with this MAC address is denied access to this WTP, FortiAP or AP. |
|
Enable/disable data channel DTLS in kernel. Choices:
|
|
WTP data channel DTLS policy . Choices:
|
|
Enable/disable use of energy efficient Ethernet on WTP. Choices:
|
|
ESL SES-imagotag dongle configuration. |
|
ESL SES-imagotag APC address type . Choices:
|
|
FQDN of ESL SES-imagotag Access Point Controller (APC). |
|
IP address of ESL SES-imagotag Access Point Controller (APC). |
|
Port of ESL SES-imagotag Access Point Controller (APC). |
|
ESL SES-imagotag dongle coexistence level . Choices:
|
|
Compliance levels for the ESL solution integration . Choices:
|
|
ESL SES-imagotag dongle channel . Choices:
|
|
ESL SES-imagotag dongle output power . Choices:
|
|
Enable/disable ESL SES-imagotag Serial Communication Daemon (SCD) . Choices:
|
|
Enable/disable TLS certificate verification . Choices:
|
|
Enable/disable TLS certificate verification . Choices:
|
|
Enable/disable station/VAP/radio extension information. Choices:
|
|
Enable/disable frequency handoff of clients to other channels . Choices:
|
|
Enable/disable client load balancing during roaming to avoid roaming delay . Choices:
|
|
Minimum received signal strength indicator (RSSI) value for handoff (20 - 30). |
|
Threshold value for AP handoff. |
|
Set to allow indoor/outdoor-only channels under regulatory rules . Choices:
|
|
Method(s) by which IP fragmentation is prevented for control and data packets through CAPWAP tunnel . Choices:
|
|
WTP LAN port mapping. |
|
LAN port 1 mode. Choices:
|
|
Bridge LAN port 1 to SSID. Source system.interface.name. |
|
LAN port 2 mode. Choices:
|
|
Bridge LAN port 2 to SSID. Source system.interface.name. |
|
LAN port 3 mode. Choices:
|
|
Bridge LAN port 3 to SSID. Source system.interface.name. |
|
LAN port 4 mode. Choices:
|
|
Bridge LAN port 4 to SSID. Source system.interface.name. |
|
LAN port 5 mode. Choices:
|
|
Bridge LAN port 5 to SSID. Source system.interface.name. |
|
LAN port 6 mode. Choices:
|
|
Bridge LAN port 6 to SSID. Source system.interface.name. |
|
LAN port 7 mode. Choices:
|
|
Bridge LAN port 7 to SSID. Source system.interface.name. |
|
LAN port 8 mode. Choices:
|
|
Bridge LAN port 8 to SSID. Source system.interface.name. |
|
ESL port mode. Choices:
|
|
Bridge ESL port to SSID. Source system.interface.name. |
|
LAN port mode. Choices:
|
|
Bridge LAN port to SSID. Source system.interface.name. |
|
Set various location based service (LBS) options. |
|
Enable/disable AeroScout Real Time Location Service (RTLS) support . Choices:
|
|
Use BSSID or board MAC address as AP MAC address in AeroScout AP messages . Choices:
|
|
Enable/disable compounded AeroScout tag and MU report . Choices:
|
|
Enable/disable AeroScout Mobile Unit (MU) support . Choices:
|
|
AeroScout MU mode dilution factor . |
|
AeroScout MU mode timeout (0 - 65535 sec). |
|
IP address of AeroScout server. |
|
AeroScout server UDP listening port. |
|
Enable/disable Ekahau blink mode (now known as AiRISTA Flow) to track and locate WiFi tags . Choices:
|
|
WiFi frame MAC address or WiFi Tag. |
|
IP address of Ekahau RTLS Controller (ERC). |
|
Ekahau RTLS Controller (ERC) UDP listening port. |
|
Enable/disable FortiPresence to monitor the location and activity of WiFi clients even if they don”t connect to this WiFi network . Choices:
|
|
Enable/disable FortiPresence finding and reporting BLE devices. Choices:
|
|
FortiPresence report transmit frequency (5 - 65535 sec). |
|
UDP listening port of FortiPresence server . |
|
FortiPresence project name (max. 16 characters). |
|
Enable/disable FortiPresence finding and reporting rogue APs. Choices:
|
|
FortiPresence secret password (max. 16 characters). |
|
IP address of FortiPresence server. |
|
FortiPresence server address type . Choices:
|
|
FQDN of FortiPresence server. |
|
Enable/disable FortiPresence finding and reporting unassociated stations. Choices:
|
|
Enable/disable client station locating services for all clients, whether associated or not . Choices:
|
|
Recurring firewall schedules for illuminating LEDs on the FortiAP. If led-state is enabled, LEDs will be visible when at least one of the schedules is valid. Separate multiple schedule names with a space. |
|
Schedule name. Source firewall.schedule.group.name firewall.schedule.recurring.name firewall.schedule.onetime.name. |
|
Enable/disable use of LEDs on WTP . Choices:
|
|
Enable/disable Link Layer Discovery Protocol (LLDP) for the WTP, FortiAP, or AP . Choices:
|
|
Set the managed WTP, FortiAP, or AP”s administrator password. |
|
Change or reset the administrator password of a managed WTP, FortiAP or AP (yes, default, or no). Choices:
|
|
Maximum number of stations (STAs) supported by the WTP . |
|
WTP (or FortiAP or AP) profile name. |
|
WTP, FortiAP, or AP platform. |
|
Enable/disable use of one radio for dedicated dual-band scanning to detect RF characterization and wireless threat management. Choices:
|
|
Configure operation mode of 5G radios . Choices:
|
|
WTP, FortiAP or AP platform type. There are built-in WTP profiles for all supported FortiAP models. You can select a built-in profile and customize it or create a new profile. Choices:
|
|
Set the WTP, FortiAP, or AP”s PoE mode. Choices:
|
|
Configuration options for radio 1. |
|
Enable/disable airtime fairness . Choices:
|
|
Enable/disable 802.11n AMSDU support. AMSDU can improve performance if supported by your WiFi clients . Choices:
|
|
Enable/disable AP handoff of clients to other APs . Choices:
|
|
MAC address to monitor. |
|
Sniffer buffer size (1 - 32 MB). |
|
Channel on which to operate the sniffer . |
|
Enable/disable sniffer on WiFi control frame . Choices:
|
|
Enable/disable sniffer on WiFi data frame . Choices:
|
|
Enable/disable sniffer on WiFi management Beacon frames . Choices:
|
|
Enable/disable sniffer on WiFi management other frames . Choices:
|
|
Enable/disable sniffer on WiFi management probe frames . Choices:
|
|
Distributed Automatic Radio Resource Provisioning (DARRP) profile name to assign to the radio. Source wireless-controller .arrp-profile.name. |
|
The upper bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type). |
|
Enable/disable automatic power-level adjustment to prevent co-channel interference . Choices:
|
|
The lower bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type). |
|
Target of automatic transmit power adjustment in dBm (-95 to -20). |
|
WiFi band that Radio 1 operates on. Choices:
|
|
WiFi 5G band type. Choices:
|
|
Enable/disable WiFi multimedia (WMM) bandwidth admission control to optimize WiFi bandwidth use. A request to join the wireless network is only allowed if the access point has enough bandwidth to support it. Choices:
|
|
Maximum bandwidth capacity allowed (1 - 600000 Kbps). |
|
Beacon interval. The time between beacon frames in milliseconds. Actual range of beacon interval depends on the AP platform type . |
|
BSS color value for this 11ax radio (0 - 63, disable = 0). |
|
BSS color mode for this 11ax radio . Choices:
|
|
Enable/disable WiFi multimedia (WMM) call admission control to optimize WiFi bandwidth use for VoIP calls. New VoIP calls are only accepted if there is enough bandwidth available to support them. Choices:
|
|
Maximum number of Voice over WLAN (VoWLAN) phones supported by the radio (0 - 60). |
|
Selected list of wireless radio channels. |
|
Channel number. |
|
Channel bandwidth: 160,80, 40, or 20MHz. Channels may use both 20 and 40 by enabling coexistence. Choices:
|
|
Enable/disable measuring channel utilization. Choices:
|
|
Enable/disable allowing both HT20 and HT40 on the same radio . Choices:
|
|
Enable/disable Distributed Automatic Radio Resource Provisioning (DARRP) to make sure the radio is always using the most optimal channel . Choices:
|
|
Enable/disable dynamic radio mode assignment (DRMA) . Choices:
|
|
Network Coverage Factor (NCF) percentage required to consider a radio as redundant . Choices:
|
|
Delivery Traffic Indication Map (DTIM) period (1 - 255). Set higher to save battery life of WiFi client in power-save mode. |
|
Maximum packet size that can be sent without fragmentation (800 - 2346 bytes). |
|
Enable/disable frequency handoff of clients to other channels . Choices:
|
|
Iperf test protocol . Choices:
|
|
Iperf service port number. |
|
Maximum number of stations (STAs) or WiFi clients supported by the radio. Range depends on the hardware. |
|
Maximum expected distance between the AP and clients (0 - 54000 m). |
|
Mode of radio 1. Radio 1 can be disabled, configured as an access point, a rogue AP monitor, a sniffer, or a station. Choices:
|
|
Radio EIRP power level as a percentage of the maximum EIRP power (0 - 100). |
|
Set radio effective isotropic radiated power (EIRP) in dBm or by a percentage of the maximum EIRP . This power takes into account both radio transmit power and antenna gain. Higher power level settings may be constrained by local regulatory requirements and AP capabilities. Choices:
|
|
Radio EIRP power in dBm (1 - 33). |
|
Enable client power-saving features such as TIM, AC VO, and OBSS etc. Choices:
|
|
Enable/disable 802.11g protection modes to support backwards compatibility with older clients (rtscts, ctsonly, disable). Choices:
|
|
radio-id |
|
Maximum packet size for RTS transmissions, specifying the maximum size of a data packet before RTS/CTS (256 - 2346 bytes). |
|
BSSID for WiFi network. |
|
Enable/disable Captive Portal Authentication . Choices:
|
|
Failure identification on the page after an incorrect login. |
|
Identification string from the captive portal login form. |
|
Password for captive portal authentication. |
|
Success identification on the page after a successful login. |
|
Website the client is trying to access. |
|
Username for captive portal authentication. |
|
Passphrase for WiFi network connection. |
|
SAM report interval (sec), 0 for a one-time report. |
|
Select WiFi network security type . Choices:
|
|
SAM test server IP address or domain name. |
|
SAM test server domain name. |
|
SAM test server IP address. |
|
Select SAM server type . Choices:
|
|
SSID for WiFi network. |
|
Select SAM test type . Choices:
|
|
Username for WiFi network connection. |
|
Use either the short guard interval (Short GI) of 400 ns or the long guard interval (Long GI) of 800 ns. Choices:
|
|
Enable/disable spectrum analysis to find interference that would negatively impact wireless performance. Choices:
|
|
Packet transmission optimization options including power saving, aggregation limiting, retry limiting, etc. All are enabled by default. Choices:
|
|
Configure method for assigning SSIDs to this FortiAP . Choices:
|
|
Manually selected list of Virtual Access Points (VAPs). |
|
Virtual Access Point (VAP) name. Source wireless-controller.vap-group.name system.interface.name. |
|
Wireless Intrusion Detection System (WIDS) profile name to assign to the radio. Source wireless-controller.wids-profile.name. |
|
Enable/disable zero wait DFS on radio . Choices:
|
|
Configuration options for radio 2. |
|
Enable/disable airtime fairness . Choices:
|
|
Enable/disable 802.11n AMSDU support. AMSDU can improve performance if supported by your WiFi clients . Choices:
|
|
Enable/disable AP handoff of clients to other APs . Choices:
|
|
MAC address to monitor. |
|
Sniffer buffer size (1 - 32 MB). |
|
Channel on which to operate the sniffer . |
|
Enable/disable sniffer on WiFi control frame . Choices:
|
|
Enable/disable sniffer on WiFi data frame . Choices:
|
|
Enable/disable sniffer on WiFi management Beacon frames . Choices:
|
|
Enable/disable sniffer on WiFi management other frames . Choices:
|
|
Enable/disable sniffer on WiFi management probe frames . Choices:
|
|
Distributed Automatic Radio Resource Provisioning (DARRP) profile name to assign to the radio. Source wireless-controller .arrp-profile.name. |
|
The upper bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type). |
|
Enable/disable automatic power-level adjustment to prevent co-channel interference . Choices:
|
|
The lower bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type). |
|
Target of automatic transmit power adjustment in dBm (-95 to -20). |
|
WiFi band that Radio 2 operates on. Choices:
|
|
WiFi 5G band type. Choices:
|
|
Enable/disable WiFi multimedia (WMM) bandwidth admission control to optimize WiFi bandwidth use. A request to join the wireless network is only allowed if the access point has enough bandwidth to support it. Choices:
|
|
Maximum bandwidth capacity allowed (1 - 600000 Kbps). |
|
Beacon interval. The time between beacon frames in milliseconds. Actual range of beacon interval depends on the AP platform type . |
|
BSS color value for this 11ax radio (0 - 63, disable = 0). |
|
BSS color mode for this 11ax radio . Choices:
|
|
Enable/disable WiFi multimedia (WMM) call admission control to optimize WiFi bandwidth use for VoIP calls. New VoIP calls are only accepted if there is enough bandwidth available to support them. Choices:
|
|
Maximum number of Voice over WLAN (VoWLAN) phones supported by the radio (0 - 60). |
|
Selected list of wireless radio channels. |
|
Channel number. |
|
Channel bandwidth: 160,80, 40, or 20MHz. Channels may use both 20 and 40 by enabling coexistence. Choices:
|
|
Enable/disable measuring channel utilization. Choices:
|
|
Enable/disable allowing both HT20 and HT40 on the same radio . Choices:
|
|
Enable/disable Distributed Automatic Radio Resource Provisioning (DARRP) to make sure the radio is always using the most optimal channel . Choices:
|
|
Enable/disable dynamic radio mode assignment (DRMA) . Choices:
|
|
Network Coverage Factor (NCF) percentage required to consider a radio as redundant . Choices:
|
|
Delivery Traffic Indication Map (DTIM) period (1 - 255). Set higher to save battery life of WiFi client in power-save mode. |
|
Maximum packet size that can be sent without fragmentation (800 - 2346 bytes). |
|
Enable/disable frequency handoff of clients to other channels . Choices:
|
|
Iperf test protocol . Choices:
|
|
Iperf service port number. |
|
Maximum number of stations (STAs) or WiFi clients supported by the radio. Range depends on the hardware. |
|
Maximum expected distance between the AP and clients (0 - 54000 m). |
|
Mode of radio 2. Radio 2 can be disabled, configured as an access point, a rogue AP monitor, a sniffer, or a station. Choices:
|
|
Radio EIRP power level as a percentage of the maximum EIRP power (0 - 100). |
|
Set radio effective isotropic radiated power (EIRP) in dBm or by a percentage of the maximum EIRP . This power takes into account both radio transmit power and antenna gain. Higher power level settings may be constrained by local regulatory requirements and AP capabilities. Choices:
|
|
Radio EIRP power in dBm (1 - 33). |
|
Enable client power-saving features such as TIM, AC VO, and OBSS etc. Choices:
|
|
Enable/disable 802.11g protection modes to support backwards compatibility with older clients (rtscts, ctsonly, disable). Choices:
|
|
radio-id |
|
Maximum packet size for RTS transmissions, specifying the maximum size of a data packet before RTS/CTS (256 - 2346 bytes). |
|
BSSID for WiFi network. |
|
Enable/disable Captive Portal Authentication . Choices:
|
|
Failure identification on the page after an incorrect login. |
|
Identification string from the captive portal login form. |
|
Password for captive portal authentication. |
|
Success identification on the page after a successful login. |
|
Website the client is trying to access. |
|
Username for captive portal authentication. |
|
Passphrase for WiFi network connection. |
|
SAM report interval (sec), 0 for a one-time report. |
|
Select WiFi network security type . Choices:
|
|
SAM test server IP address or domain name. |
|
SAM test server domain name. |
|
SAM test server IP address. |
|
Select SAM server type . Choices:
|
|
SSID for WiFi network. |
|
Select SAM test type . Choices:
|
|
Username for WiFi network connection. |
|
Use either the short guard interval (Short GI) of 400 ns or the long guard interval (Long GI) of 800 ns. Choices:
|
|
Enable/disable spectrum analysis to find interference that would negatively impact wireless performance. Choices:
|
|
Packet transmission optimization options including power saving, aggregation limiting, retry limiting, etc. All are enabled by default. Choices:
|
|
Configure method for assigning SSIDs to this FortiAP . Choices:
|
|
Manually selected list of Virtual Access Points (VAPs). |
|
Virtual Access Point (VAP) name. Source wireless-controller.vap-group.name system.interface.name. |
|
Wireless Intrusion Detection System (WIDS) profile name to assign to the radio. Source wireless-controller.wids-profile.name. |
|
Enable/disable zero wait DFS on radio . Choices:
|
|
Configuration options for radio 3. |
|
Enable/disable airtime fairness . Choices:
|
|
Enable/disable 802.11n AMSDU support. AMSDU can improve performance if supported by your WiFi clients . Choices:
|
|
Enable/disable AP handoff of clients to other APs . Choices:
|
|
MAC address to monitor. |
|
Sniffer buffer size (1 - 32 MB). |
|
Channel on which to operate the sniffer . |
|
Enable/disable sniffer on WiFi control frame . Choices:
|
|
Enable/disable sniffer on WiFi data frame . Choices:
|
|
Enable/disable sniffer on WiFi management Beacon frames . Choices:
|
|
Enable/disable sniffer on WiFi management other frames . Choices:
|
|
Enable/disable sniffer on WiFi management probe frames . Choices:
|
|
Distributed Automatic Radio Resource Provisioning (DARRP) profile name to assign to the radio. Source wireless-controller .arrp-profile.name. |
|
The upper bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type). |
|
Enable/disable automatic power-level adjustment to prevent co-channel interference . Choices:
|
|
The lower bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type). |
|
Target of automatic transmit power adjustment in dBm (-95 to -20). |
|
WiFi band that Radio 3 operates on. Choices:
|
|
WiFi 5G band type. Choices:
|
|
Enable/disable WiFi multimedia (WMM) bandwidth admission control to optimize WiFi bandwidth use. A request to join the wireless network is only allowed if the access point has enough bandwidth to support it. Choices:
|
|
Maximum bandwidth capacity allowed (1 - 600000 Kbps). |
|
Beacon interval. The time between beacon frames in milliseconds. Actual range of beacon interval depends on the AP platform type . |
|
BSS color value for this 11ax radio (0 - 63, disable = 0). |
|
BSS color mode for this 11ax radio . Choices:
|
|
Enable/disable WiFi multimedia (WMM) call admission control to optimize WiFi bandwidth use for VoIP calls. New VoIP calls are only accepted if there is enough bandwidth available to support them. Choices:
|
|
Maximum number of Voice over WLAN (VoWLAN) phones supported by the radio (0 - 60). |
|
Selected list of wireless radio channels. |
|
Channel number. |
|
Channel bandwidth: 160,80, 40, or 20MHz. Channels may use both 20 and 40 by enabling coexistence. Choices:
|
|
Enable/disable measuring channel utilization. Choices:
|
|
Enable/disable allowing both HT20 and HT40 on the same radio . Choices:
|
|
Enable/disable Distributed Automatic Radio Resource Provisioning (DARRP) to make sure the radio is always using the most optimal channel . Choices:
|
|
Enable/disable dynamic radio mode assignment (DRMA) . Choices:
|
|
Network Coverage Factor (NCF) percentage required to consider a radio as redundant . Choices:
|
|
Delivery Traffic Indication Map (DTIM) period (1 - 255). Set higher to save battery life of WiFi client in power-save mode. |
|
Maximum packet size that can be sent without fragmentation (800 - 2346 bytes). |
|
Enable/disable frequency handoff of clients to other channels . Choices:
|
|
Iperf test protocol . Choices:
|
|
Iperf service port number. |
|
Maximum number of stations (STAs) or WiFi clients supported by the radio. Range depends on the hardware. |
|
Maximum expected distance between the AP and clients (0 - 54000 m). |
|
Mode of radio 3. Radio 3 can be disabled, configured as an access point, a rogue AP monitor, a sniffer, or a station. Choices:
|
|
Radio EIRP power level as a percentage of the maximum EIRP power (0 - 100). |
|
Set radio effective isotropic radiated power (EIRP) in dBm or by a percentage of the maximum EIRP . This power takes into account both radio transmit power and antenna gain. Higher power level settings may be constrained by local regulatory requirements and AP capabilities. Choices:
|
|
Radio EIRP power in dBm (1 - 33). |
|
Enable client power-saving features such as TIM, AC VO, and OBSS etc. Choices:
|
|
Enable/disable 802.11g protection modes to support backwards compatibility with older clients (rtscts, ctsonly, disable). Choices:
|
|
radio-id |
|
Maximum packet size for RTS transmissions, specifying the maximum size of a data packet before RTS/CTS (256 - 2346 bytes). |
|
BSSID for WiFi network. |
|
Enable/disable Captive Portal Authentication . Choices:
|
|
Failure identification on the page after an incorrect login. |
|
Identification string from the captive portal login form. |
|
Password for captive portal authentication. |
|
Success identification on the page after a successful login. |
|
Website the client is trying to access. |
|
Username for captive portal authentication. |
|
Passphrase for WiFi network connection. |
|
SAM report interval (sec), 0 for a one-time report. |
|
Select WiFi network security type . Choices:
|
|
SAM test server IP address or domain name. |
|
SAM test server domain name. |
|
SAM test server IP address. |
|
Select SAM server type . Choices:
|
|
SSID for WiFi network. |
|
Select SAM test type . Choices:
|
|
Username for WiFi network connection. |
|
Use either the short guard interval (Short GI) of 400 ns or the long guard interval (Long GI) of 800 ns. Choices:
|
|
Enable/disable spectrum analysis to find interference that would negatively impact wireless performance. Choices:
|
|
Packet transmission optimization options including power saving, aggregation limiting, retry limiting, etc. All are enabled by default. Choices:
|
|
Configure method for assigning SSIDs to this FortiAP . Choices:
|
|
Manually selected list of Virtual Access Points (VAPs). |
|
Virtual Access Point (VAP) name. Source wireless-controller.vap-group.name system.interface.name. |
|
Wireless Intrusion Detection System (WIDS) profile name to assign to the radio. Source wireless-controller.wids-profile.name. |
|
Enable/disable zero wait DFS on radio . Choices:
|
|
Configuration options for radio 4. |
|
Enable/disable airtime fairness . Choices:
|
|
Enable/disable 802.11n AMSDU support. AMSDU can improve performance if supported by your WiFi clients . Choices:
|
|
Enable/disable AP handoff of clients to other APs . Choices:
|
|
MAC address to monitor. |
|
Sniffer buffer size (1 - 32 MB). |
|
Channel on which to operate the sniffer . |
|
Enable/disable sniffer on WiFi control frame . Choices:
|
|
Enable/disable sniffer on WiFi data frame . Choices:
|
|
Enable/disable sniffer on WiFi management Beacon frames . Choices:
|
|
Enable/disable sniffer on WiFi management other frames . Choices:
|
|
Enable/disable sniffer on WiFi management probe frames . Choices:
|
|
Distributed Automatic Radio Resource Provisioning (DARRP) profile name to assign to the radio. Source wireless-controller .arrp-profile.name. |
|
The upper bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type). |
|
Enable/disable automatic power-level adjustment to prevent co-channel interference . Choices:
|
|
The lower bound of automatic transmit power adjustment in dBm (the actual range of transmit power depends on the AP platform type). |
|
Target of automatic transmit power adjustment in dBm (-95 to -20). |
|
WiFi band that Radio 3 operates on. Choices:
|
|
WiFi 5G band type. Choices:
|
|
Enable/disable WiFi multimedia (WMM) bandwidth admission control to optimize WiFi bandwidth use. A request to join the wireless network is only allowed if the access point has enough bandwidth to support it. Choices:
|
|
Maximum bandwidth capacity allowed (1 - 600000 Kbps). |
|
Beacon interval. The time between beacon frames in milliseconds. Actual range of beacon interval depends on the AP platform type . |
|
BSS color value for this 11ax radio (0 - 63, disable = 0). |
|
BSS color mode for this 11ax radio . Choices:
|
|
Enable/disable WiFi multimedia (WMM) call admission control to optimize WiFi bandwidth use for VoIP calls. New VoIP calls are only accepted if there is enough bandwidth available to support them. Choices:
|
|
Maximum number of Voice over WLAN (VoWLAN) phones supported by the radio (0 - 60). |
|
Selected list of wireless radio channels. |
|
Channel number. |
|
Channel bandwidth: 160,80, 40, or 20MHz. Channels may use both 20 and 40 by enabling coexistence. Choices:
|
|
Enable/disable measuring channel utilization. Choices:
|
|
Enable/disable allowing both HT20 and HT40 on the same radio . Choices:
|
|
Enable/disable Distributed Automatic Radio Resource Provisioning (DARRP) to make sure the radio is always using the most optimal channel . Choices:
|
|
Enable/disable dynamic radio mode assignment (DRMA) . Choices:
|
|
Network Coverage Factor (NCF) percentage required to consider a radio as redundant . Choices:
|
|
Delivery Traffic Indication Map (DTIM) period (1 - 255). Set higher to save battery life of WiFi client in power-save mode. |
|
Maximum packet size that can be sent without fragmentation (800 - 2346 bytes). |
|
Enable/disable frequency handoff of clients to other channels . Choices:
|
|
Iperf test protocol . Choices:
|
|
Iperf service port number. |
|
Maximum number of stations (STAs) or WiFi clients supported by the radio. Range depends on the hardware. |
|
Maximum expected distance between the AP and clients (0 - 54000 m). |
|
Mode of radio 3. Radio 3 can be disabled, configured as an access point, a rogue AP monitor, a sniffer, or a station. Choices:
|
|
Radio EIRP power level as a percentage of the maximum EIRP power (0 - 100). |
|
Set radio effective isotropic radiated power (EIRP) in dBm or by a percentage of the maximum EIRP . This power takes into account both radio transmit power and antenna gain. Higher power level settings may be constrained by local regulatory requirements and AP capabilities. Choices:
|
|
Radio EIRP power in dBm (1 - 33). |
|
Enable client power-saving features such as TIM, AC VO, and OBSS etc. Choices:
|
|
Enable/disable 802.11g protection modes to support backwards compatibility with older clients (rtscts, ctsonly, disable). Choices:
|
|
Maximum packet size for RTS transmissions, specifying the maximum size of a data packet before RTS/CTS (256 - 2346 bytes). |
|
BSSID for WiFi network. |
|
Enable/disable Captive Portal Authentication . Choices:
|
|
Failure identification on the page after an incorrect login. |
|
Identification string from the captive portal login form. |
|
Password for captive portal authentication. |
|
Success identification on the page after a successful login. |
|
Website the client is trying to access. |
|
Username for captive portal authentication. |
|
Passphrase for WiFi network connection. |
|
SAM report interval (sec), 0 for a one-time report. |
|
Select WiFi network security type . Choices:
|
|
SAM test server IP address or domain name. |
|
SAM test server domain name. |
|
SAM test server IP address. |
|
Select SAM server type . Choices:
|
|
SSID for WiFi network. |
|
Select SAM test type . Choices:
|
|
Username for WiFi network connection. |
|
Use either the short guard interval (Short GI) of 400 ns or the long guard interval (Long GI) of 800 ns. Choices:
|
|
Enable/disable spectrum analysis to find interference that would negatively impact wireless performance. Choices:
|
|
Packet transmission optimization options including power saving, aggregation limiting, retry limiting, etc. All are enabled by default. Choices:
|
|
Configure method for assigning SSIDs to this FortiAP . Choices:
|
|
Manually selected list of Virtual Access Points (VAPs). |
|
Virtual Access Point (VAP) name. Source wireless-controller.vap-group.name system.interface.name. |
|
Wireless Intrusion Detection System (WIDS) profile name to assign to the radio. Source wireless-controller.wids-profile.name. |
|
Enable/disable zero wait DFS on radio . Choices:
|
|
Split tunneling ACL filter list. |
|
Destination IP and mask for the split-tunneling subnet. |
|
ID. |
|
Enable/disable automatically adding local subnetwork of FortiAP to split-tunneling ACL . Choices:
|
|
Split tunneling ACL path is local/tunnel. Choices:
|
|
System log server configuration profile name. Source wireless-controller.syslog-profile.name. |
|
The MTU of downlink CAPWAP tunnel (576 - 1500 bytes or 0; 0 means the local MTU of FortiAP; ). |
|
The maximum transmission unit (MTU) of uplink CAPWAP tunnel (576 - 1500 bytes or 0; 0 means the local MTU of FortiAP; ). |
|
Set WAN port authentication mode . Choices:
|
|
WAN port 802.1x supplicant EAP methods . Choices:
|
|
Set WAN port 802.1x supplicant password. |
|
Set WAN port 802.1x supplicant user name. |
|
Enable/disable using a WAN port as a LAN port. Choices:
|
Examples
- hosts: fortigates
collections:
- fortinet.fortios
connection: httpapi
vars:
vdom: "root"
ansible_httpapi_use_ssl: yes
ansible_httpapi_validate_certs: no
ansible_httpapi_port: 443
tasks:
- name: Configure WTP profiles or FortiAP profiles that define radio settings for manageable FortiAP platforms.
fortios_wireless_controller_wtp_profile:
vdom: "{{ vdom }}"
state: "present"
access_token: "<your_own_value>"
wireless_controller_wtp_profile:
allowaccess: "https"
ap_country: "--"
ap_handoff: "enable"
apcfg_profile: "<your_own_value> (source wireless-controller.apcfg-profile.name)"
ble_profile: "<your_own_value> (source wireless-controller.ble-profile.name)"
comment: "Comment."
console_login: "enable"
control_message_offload: "ebp-frame"
deny_mac_list:
-
id: "12"
mac: "<your_own_value>"
dtls_in_kernel: "enable"
dtls_policy: "clear-text"
energy_efficient_ethernet: "enable"
esl_ses_dongle:
apc_addr_type: "fqdn"
apc_fqdn: "<your_own_value>"
apc_ip: "<your_own_value>"
apc_port: "21"
coex_level: "none"
compliance_level: "compliance-level-2"
esl_channel: "-1"
output_power: "a"
scd_enable: "enable"
tls_cert_verification: "enable"
tls_fqdn_verification: "enable"
ext_info_enable: "enable"
frequency_handoff: "enable"
handoff_roaming: "enable"
handoff_rssi: "32"
handoff_sta_thresh: "33"
indoor_outdoor_deployment: "platform-determined"
ip_fragment_preventing: "tcp-mss-adjust"
lan:
port_esl_mode: "offline"
port_esl_ssid: "<your_own_value> (source system.interface.name)"
port_mode: "offline"
port_ssid: "<your_own_value> (source system.interface.name)"
port1_mode: "offline"
port1_ssid: "<your_own_value> (source system.interface.name)"
port2_mode: "offline"
port2_ssid: "<your_own_value> (source system.interface.name)"
port3_mode: "offline"
port3_ssid: "<your_own_value> (source system.interface.name)"
port4_mode: "offline"
port4_ssid: "<your_own_value> (source system.interface.name)"
port5_mode: "offline"
port5_ssid: "<your_own_value> (source system.interface.name)"
port6_mode: "offline"
port6_ssid: "<your_own_value> (source system.interface.name)"
port7_mode: "offline"
port7_ssid: "<your_own_value> (source system.interface.name)"
port8_mode: "offline"
port8_ssid: "<your_own_value> (source system.interface.name)"
lbs:
aeroscout: "enable"
aeroscout_ap_mac: "bssid"
aeroscout_mmu_report: "enable"
aeroscout_mu: "enable"
aeroscout_mu_factor: "62"
aeroscout_mu_timeout: "63"
aeroscout_server_ip: "<your_own_value>"
aeroscout_server_port: "65"
ekahau_blink_mode: "enable"
ekahau_tag: "<your_own_value>"
erc_server_ip: "<your_own_value>"
erc_server_port: "69"
fortipresence: "foreign"
fortipresence_ble: "enable"
fortipresence_frequency: "72"
fortipresence_port: "73"
fortipresence_project: "<your_own_value>"
fortipresence_rogue: "enable"
fortipresence_secret: "<your_own_value>"
fortipresence_server: "<your_own_value>"
fortipresence_server_addr_type: "ipv4"
fortipresence_server_fqdn: "<your_own_value>"
fortipresence_unassoc: "enable"
station_locate: "enable"
led_schedules:
-
name: "default_name_83 (source firewall.schedule.group.name firewall.schedule.recurring.name firewall.schedule.onetime.name)"
led_state: "enable"
lldp: "enable"
login_passwd: "<your_own_value>"
login_passwd_change: "yes"
max_clients: "88"
name: "default_name_89"
platform:
ddscan: "enable"
mode: "single-5G"
type: "AP-11N"
poe_mode: "auto"
radio_1:
airtime_fairness: "enable"
amsdu: "enable"
ap_handoff: "enable"
ap_sniffer_addr: "<your_own_value>"
ap_sniffer_bufsize: "100"
ap_sniffer_chan: "101"
ap_sniffer_ctl: "enable"
ap_sniffer_data: "enable"
ap_sniffer_mgmt_beacon: "enable"
ap_sniffer_mgmt_other: "enable"
ap_sniffer_mgmt_probe: "enable"
arrp_profile: "<your_own_value> (source wireless-controller.arrp-profile.name)"
auto_power_high: "108"
auto_power_level: "enable"
auto_power_low: "110"
auto_power_target: "<your_own_value>"
band: "802.11a"
band_5g_type: "5g-full"
bandwidth_admission_control: "enable"
bandwidth_capacity: "115"
beacon_interval: "116"
bss_color: "117"
bss_color_mode: "auto"
call_admission_control: "enable"
call_capacity: "120"
channel:
-
chan: "<your_own_value>"
channel_bonding: "160MHz"
channel_utilization: "enable"
coexistence: "enable"
darrp: "enable"
drma: "disable"
drma_sensitivity: "low"
dtim: "129"
frag_threshold: "130"
frequency_handoff: "enable"
iperf_protocol: "udp"
iperf_server_port: "133"
max_clients: "134"
max_distance: "135"
mode: "disabled"
power_level: "137"
power_mode: "dBm"
power_value: "139"
powersave_optimize: "tim"
protection_mode: "rtscts"
radio_id: "142"
rts_threshold: "143"
sam_bssid: "<your_own_value>"
sam_captive_portal: "enable"
sam_cwp_failure_string: "<your_own_value>"
sam_cwp_match_string: "<your_own_value>"
sam_cwp_password: "<your_own_value>"
sam_cwp_success_string: "<your_own_value>"
sam_cwp_test_url: "<your_own_value>"
sam_cwp_username: "<your_own_value>"
sam_password: "<your_own_value>"
sam_report_intv: "153"
sam_security_type: "open"
sam_server: "<your_own_value>"
sam_server_fqdn: "<your_own_value>"
sam_server_ip: "<your_own_value>"
sam_server_type: "ip"
sam_ssid: "<your_own_value>"
sam_test: "ping"
sam_username: "<your_own_value>"
short_guard_interval: "enable"
spectrum_analysis: "enable"
transmit_optimize: "disable"
vap_all: "tunnel"
vaps:
-
name: "default_name_167 (source wireless-controller.vap-group.name system.interface.name)"
wids_profile: "<your_own_value> (source wireless-controller.wids-profile.name)"
zero_wait_dfs: "enable"
radio_2:
airtime_fairness: "enable"
amsdu: "enable"
ap_handoff: "enable"
ap_sniffer_addr: "<your_own_value>"
ap_sniffer_bufsize: "175"
ap_sniffer_chan: "176"
ap_sniffer_ctl: "enable"
ap_sniffer_data: "enable"
ap_sniffer_mgmt_beacon: "enable"
ap_sniffer_mgmt_other: "enable"
ap_sniffer_mgmt_probe: "enable"
arrp_profile: "<your_own_value> (source wireless-controller.arrp-profile.name)"
auto_power_high: "183"
auto_power_level: "enable"
auto_power_low: "185"
auto_power_target: "<your_own_value>"
band: "802.11a"
band_5g_type: "5g-full"
bandwidth_admission_control: "enable"
bandwidth_capacity: "190"
beacon_interval: "191"
bss_color: "192"
bss_color_mode: "auto"
call_admission_control: "enable"
call_capacity: "195"
channel:
-
chan: "<your_own_value>"
channel_bonding: "160MHz"
channel_utilization: "enable"
coexistence: "enable"
darrp: "enable"
drma: "disable"
drma_sensitivity: "low"
dtim: "204"
frag_threshold: "205"
frequency_handoff: "enable"
iperf_protocol: "udp"
iperf_server_port: "208"
max_clients: "209"
max_distance: "210"
mode: "disabled"
power_level: "212"
power_mode: "dBm"
power_value: "214"
powersave_optimize: "tim"
protection_mode: "rtscts"
radio_id: "217"
rts_threshold: "218"
sam_bssid: "<your_own_value>"
sam_captive_portal: "enable"
sam_cwp_failure_string: "<your_own_value>"
sam_cwp_match_string: "<your_own_value>"
sam_cwp_password: "<your_own_value>"
sam_cwp_success_string: "<your_own_value>"
sam_cwp_test_url: "<your_own_value>"
sam_cwp_username: "<your_own_value>"
sam_password: "<your_own_value>"
sam_report_intv: "228"
sam_security_type: "open"
sam_server: "<your_own_value>"
sam_server_fqdn: "<your_own_value>"
sam_server_ip: "<your_own_value>"
sam_server_type: "ip"
sam_ssid: "<your_own_value>"
sam_test: "ping"
sam_username: "<your_own_value>"
short_guard_interval: "enable"
spectrum_analysis: "enable"
transmit_optimize: "disable"
vap_all: "tunnel"
vaps:
-
name: "default_name_242 (source wireless-controller.vap-group.name system.interface.name)"
wids_profile: "<your_own_value> (source wireless-controller.wids-profile.name)"
zero_wait_dfs: "enable"
radio_3:
airtime_fairness: "enable"
amsdu: "enable"
ap_handoff: "enable"
ap_sniffer_addr: "<your_own_value>"
ap_sniffer_bufsize: "250"
ap_sniffer_chan: "251"
ap_sniffer_ctl: "enable"
ap_sniffer_data: "enable"
ap_sniffer_mgmt_beacon: "enable"
ap_sniffer_mgmt_other: "enable"
ap_sniffer_mgmt_probe: "enable"
arrp_profile: "<your_own_value> (source wireless-controller.arrp-profile.name)"
auto_power_high: "258"
auto_power_level: "enable"
auto_power_low: "260"
auto_power_target: "<your_own_value>"
band: "802.11a"
band_5g_type: "5g-full"
bandwidth_admission_control: "enable"
bandwidth_capacity: "265"
beacon_interval: "266"
bss_color: "267"
bss_color_mode: "auto"
call_admission_control: "enable"
call_capacity: "270"
channel:
-
chan: "<your_own_value>"
channel_bonding: "160MHz"
channel_utilization: "enable"
coexistence: "enable"
darrp: "enable"
drma: "disable"
drma_sensitivity: "low"
dtim: "279"
frag_threshold: "280"
frequency_handoff: "enable"
iperf_protocol: "udp"
iperf_server_port: "283"
max_clients: "284"
max_distance: "285"
mode: "disabled"
power_level: "287"
power_mode: "dBm"
power_value: "289"
powersave_optimize: "tim"
protection_mode: "rtscts"
radio_id: "292"
rts_threshold: "293"
sam_bssid: "<your_own_value>"
sam_captive_portal: "enable"
sam_cwp_failure_string: "<your_own_value>"
sam_cwp_match_string: "<your_own_value>"
sam_cwp_password: "<your_own_value>"
sam_cwp_success_string: "<your_own_value>"
sam_cwp_test_url: "<your_own_value>"
sam_cwp_username: "<your_own_value>"
sam_password: "<your_own_value>"
sam_report_intv: "303"
sam_security_type: "open"
sam_server: "<your_own_value>"
sam_server_fqdn: "<your_own_value>"
sam_server_ip: "<your_own_value>"
sam_server_type: "ip"
sam_ssid: "<your_own_value>"
sam_test: "ping"
sam_username: "<your_own_value>"
short_guard_interval: "enable"
spectrum_analysis: "enable"
transmit_optimize: "disable"
vap_all: "tunnel"
vaps:
-
name: "default_name_317 (source wireless-controller.vap-group.name system.interface.name)"
wids_profile: "<your_own_value> (source wireless-controller.wids-profile.name)"
zero_wait_dfs: "enable"
radio_4:
airtime_fairness: "enable"
amsdu: "enable"
ap_handoff: "enable"
ap_sniffer_addr: "<your_own_value>"
ap_sniffer_bufsize: "325"
ap_sniffer_chan: "326"
ap_sniffer_ctl: "enable"
ap_sniffer_data: "enable"
ap_sniffer_mgmt_beacon: "enable"
ap_sniffer_mgmt_other: "enable"
ap_sniffer_mgmt_probe: "enable"
arrp_profile: "<your_own_value> (source wireless-controller.arrp-profile.name)"
auto_power_high: "333"
auto_power_level: "enable"
auto_power_low: "335"
auto_power_target: "<your_own_value>"
band: "802.11a"
band_5g_type: "5g-full"
bandwidth_admission_control: "enable"
bandwidth_capacity: "340"
beacon_interval: "341"
bss_color: "342"
bss_color_mode: "auto"
call_admission_control: "enable"
call_capacity: "345"
channel:
-
chan: "<your_own_value>"
channel_bonding: "160MHz"
channel_utilization: "enable"
coexistence: "enable"
darrp: "enable"
drma: "disable"
drma_sensitivity: "low"
dtim: "354"
frag_threshold: "355"
frequency_handoff: "enable"
iperf_protocol: "udp"
iperf_server_port: "358"
max_clients: "359"
max_distance: "360"
mode: "disabled"
power_level: "362"
power_mode: "dBm"
power_value: "364"
powersave_optimize: "tim"
protection_mode: "rtscts"
rts_threshold: "367"
sam_bssid: "<your_own_value>"
sam_captive_portal: "enable"
sam_cwp_failure_string: "<your_own_value>"
sam_cwp_match_string: "<your_own_value>"
sam_cwp_password: "<your_own_value>"
sam_cwp_success_string: "<your_own_value>"
sam_cwp_test_url: "<your_own_value>"
sam_cwp_username: "<your_own_value>"
sam_password: "<your_own_value>"
sam_report_intv: "377"
sam_security_type: "open"
sam_server: "<your_own_value>"
sam_server_fqdn: "<your_own_value>"
sam_server_ip: "<your_own_value>"
sam_server_type: "ip"
sam_ssid: "<your_own_value>"
sam_test: "ping"
sam_username: "<your_own_value>"
short_guard_interval: "enable"
spectrum_analysis: "enable"
transmit_optimize: "disable"
vap_all: "tunnel"
vaps:
-
name: "default_name_391 (source wireless-controller.vap-group.name system.interface.name)"
wids_profile: "<your_own_value> (source wireless-controller.wids-profile.name)"
zero_wait_dfs: "enable"
split_tunneling_acl:
-
dest_ip: "<your_own_value>"
id: "396"
split_tunneling_acl_local_ap_subnet: "enable"
split_tunneling_acl_path: "tunnel"
syslog_profile: "<your_own_value> (source wireless-controller.syslog-profile.name)"
tun_mtu_downlink: "400"
tun_mtu_uplink: "401"
wan_port_auth: "none"
wan_port_auth_methods: "all"
wan_port_auth_password: "<your_own_value>"
wan_port_auth_usrname: "<your_own_value>"
wan_port_mode: "wan-lan"
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
Build number of the fortigate image Returned: always Sample: “1547” |
|
Last method used to provision the content into FortiGate Returned: always Sample: “PUT” |
|
Last result given by FortiGate on last operation applied Returned: always Sample: “200” |
|
Master key (id) used in the last call to FortiGate Returned: success Sample: “id” |
|
Name of the table used to fulfill the request Returned: always Sample: “urlfilter” |
|
Path of the table used to fulfill the request Returned: always Sample: “webfilter” |
|
Internal revision number Returned: always Sample: “17.0.2.10658” |
|
Serial number of the unit Returned: always Sample: “FGVMEVYYQT3AB5352” |
|
Indication of the operation’s result Returned: always Sample: “success” |
|
Virtual domain used Returned: always Sample: “root” |
|
Version of the FortiGate Returned: always Sample: “v5.6.3” |
Authors
Link Zheng (@chillancezen)
Jie Xue (@JieX19)
Hongbin Lu (@fgtdev-hblu)
Frank Shen (@frankshen01)
Miguel Angel Munoz (@mamunozgonzalez)
Nicolas Thomas (@thomnico)