fortinet.fortimanager.fmgr_fsp_vlan module – no description
Note
This module is part of the fortinet.fortimanager collection (version 2.2.0).
You might already have this collection installed if you are using the ansible package.
It is not included in ansible-core.
To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install fortinet.fortimanager.
To use it in a playbook, specify: fortinet.fortimanager.fmgr_fsp_vlan.
New in fortinet.fortimanager 2.0.0
Synopsis
This module is able to configure a FortiManager device.
Examples include all parameters and values which need to be adjusted to data sources before usage.
Parameters
Parameter |
Comments |
|---|---|
The token to access FortiManager without using username and password. |
|
the parameter (adom) in requested url |
|
Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters. Choices:
|
|
Enable/Disable logging for task. Choices:
|
|
Authenticate Ansible client with forticloud API access token. |
|
the top level parameters set |
|
_Dhcp-Status. Choices:
|
|
no description Choices:
|
|
Color. |
|
no description |
|
no description |
|
Enable/disable auto configuration. Choices:
|
|
Enable/disable use of this DHCP server once this interface has been assigned an IP address from FortiIPAM. Choices:
|
|
Time in seconds to wait after a conflicted IP address is removed from the DHCP range before it can be reused. |
|
DDNS authentication mode. Choices:
|
|
DDNS update key |
|
DDNS update key name. |
|
DDNS server IP. |
|
TTL. |
|
Enable/disable DDNS update for DHCP. Choices:
|
|
Enable/disable DDNS update override for DHCP. Choices:
|
|
Zone of your domain name |
|
Default gateway IP address assigned by the DHCP server. |
|
Enable/disable populating of DHCP server settings from FortiIPAM. Choices:
|
|
DNS server 1. |
|
DNS server 2. |
|
DNS server 3. |
|
DNS server 4. |
|
Options for assigning DNS servers to DHCP clients. Choices:
|
|
Domain name suffix for the IP addresses that the DHCP server assigns to clients. |
|
Enable. Choices:
|
|
Exclude-Range. |
|
End of IP range. |
|
ID. |
|
Lease time in seconds, 0 means default lease time. |
|
Start of IP range. |
|
Enable/disable user class identifier Choices:
|
|
description |
|
Enable/disable vendor class identifier Choices:
|
|
description |
|
Name of the boot file on the TFTP server. |
|
Enable/disable FortiClient-On-Net service for this DHCP server. Choices:
|
|
ID. |
|
Method used to assign client IP. Choices:
|
|
Ip-Range. |
|
End of IP range. |
|
ID. |
|
Lease time in seconds, 0 means default lease time. |
|
Start of IP range. |
|
Enable/disable user class identifier Choices:
|
|
description |
|
Enable/disable vendor class identifier Choices:
|
|
description |
|
DHCP over IPsec leases expire this many seconds after tunnel down |
|
Lease time in seconds, 0 means unlimited. |
|
MAC access control default action Choices:
|
|
Netmask assigned by the DHCP server. |
|
IP address of a server |
|
NTP server 1. |
|
NTP server 2. |
|
NTP server 3. |
|
Options for assigning Network Time Protocol Choices:
|
|
Option1. |
|
Option2. |
|
Option3. |
|
Option4. |
|
Option5. |
|
Option6. |
|
Options. |
|
DHCP option code. |
|
ID. |
|
DHCP option IPs. |
|
DHCP option type. Choices:
|
|
Enable/disable user class identifier Choices:
|
|
description |
|
DHCP option value. |
|
Enable/disable vendor class identifier Choices:
|
|
description |
|
Relay agent IP. |
|
Reserved-Address. |
|
Options for the DHCP server to configure the client with the reserved MAC address. Choices:
|
|
Option 82 circuit-ID of the client that will get the reserved IP address. |
|
DHCP option type. Choices:
|
|
Description. |
|
ID. |
|
IP address to be reserved for the MAC address. |
|
MAC address of the client that will get the reserved IP address. |
|
Option 82 remote-ID of the client that will get the reserved IP address. |
|
DHCP option type. Choices:
|
|
DHCP reserved-address type. Choices:
|
|
DHCP server can be a normal DHCP server or an IPsec DHCP server. Choices:
|
|
Enable/disable shared subnet. Choices:
|
|
Enable/disable this DHCP configuration. Choices:
|
|
One or more hostnames or IP addresses of the TFTP servers in quotes separated by spaces. |
|
Select the time zone to be assigned to DHCP clients. Choices:
|
|
Options for the DHCP server to set the clients time zone. Choices:
|
|
Enable/disable vendor class identifier Choices:
|
|
One or more VCI strings in quotes separated by spaces. |
|
Options for assigning WiFi Access Controllers to DHCP clients Choices:
|
|
WiFi Access Controller 1 IP address |
|
WiFi Access Controller 2 IP address |
|
WiFi Access Controller 3 IP address |
|
WINS server 1. |
|
WINS server 2. |
|
Dynamic_Mapping. |
|
_Dhcp-Status. Choices:
|
|
_Scope. |
|
Name. |
|
Vdom. |
|
no description |
|
Enable/disable auto configuration. Choices:
|
|
Enable/disable use of this DHCP server once this interface has been assigned an IP address from FortiIPAM. Choices:
|
|
Time in seconds to wait after a conflicted IP address is removed from the DHCP range before it can be reused. |
|
DDNS authentication mode. Choices:
|
|
DDNS update key |
|
DDNS update key name. |
|
DDNS server IP. |
|
TTL. |
|
Enable/disable DDNS update for DHCP. Choices:
|
|
Enable/disable DDNS update override for DHCP. Choices:
|
|
Zone of your domain name |
|
Default gateway IP address assigned by the DHCP server. |
|
Enable/disable populating of DHCP server settings from FortiIPAM. Choices:
|
|
DNS server 1. |
|
DNS server 2. |
|
DNS server 3. |
|
DNS server 4. |
|
Options for assigning DNS servers to DHCP clients. Choices:
|
|
Domain name suffix for the IP addresses that the DHCP server assigns to clients. |
|
Enable. Choices:
|
|
Exclude-Range. |
|
End of IP range. |
|
ID. |
|
Lease time in seconds, 0 means default lease time. |
|
Start of IP range. |
|
Enable/disable user class identifier Choices:
|
|
description |
|
Enable/disable vendor class identifier Choices:
|
|
description |
|
Name of the boot file on the TFTP server. |
|
Enable/disable FortiClient-On-Net service for this DHCP server. Choices:
|
|
ID. |
|
Method used to assign client IP. Choices:
|
|
Ip-Range. |
|
End of IP range. |
|
ID. |
|
Lease time in seconds, 0 means default lease time. |
|
Start of IP range. |
|
Enable/disable user class identifier Choices:
|
|
description |
|
Enable/disable vendor class identifier Choices:
|
|
description |
|
DHCP over IPsec leases expire this many seconds after tunnel down |
|
Lease time in seconds, 0 means unlimited. |
|
MAC access control default action Choices:
|
|
Netmask assigned by the DHCP server. |
|
IP address of a server |
|
NTP server 1. |
|
NTP server 2. |
|
NTP server 3. |
|
Options for assigning Network Time Protocol Choices:
|
|
Option1. |
|
Option2. |
|
Option3. |
|
Option4. |
|
Option5. |
|
Option6. |
|
Options. |
|
DHCP option code. |
|
ID. |
|
DHCP option IPs. |
|
DHCP option type. Choices:
|
|
Enable/disable user class identifier Choices:
|
|
description |
|
DHCP option value. |
|
Enable/disable vendor class identifier Choices:
|
|
description |
|
Relay agent IP. |
|
Reserved-Address. |
|
Options for the DHCP server to configure the client with the reserved MAC address. Choices:
|
|
Option 82 circuit-ID of the client that will get the reserved IP address. |
|
DHCP option type. Choices:
|
|
Description. |
|
ID. |
|
IP address to be reserved for the MAC address. |
|
MAC address of the client that will get the reserved IP address. |
|
Option 82 remote-ID of the client that will get the reserved IP address. |
|
DHCP option type. Choices:
|
|
DHCP reserved-address type. Choices:
|
|
DHCP server can be a normal DHCP server or an IPsec DHCP server. Choices:
|
|
Enable/disable shared subnet. Choices:
|
|
Enable/disable this DHCP configuration. Choices:
|
|
One or more hostnames or IP addresses of the TFTP servers in quotes separated by spaces. |
|
Select the time zone to be assigned to DHCP clients. Choices:
|
|
Options for the DHCP server to set the clients time zone. Choices:
|
|
Enable/disable vendor class identifier Choices:
|
|
One or more VCI strings in quotes separated by spaces. |
|
Options for assigning WiFi Access Controllers to DHCP clients Choices:
|
|
WiFi Access Controller 1 IP address |
|
WiFi Access Controller 2 IP address |
|
WiFi Access Controller 3 IP address |
|
WINS server 1. |
|
WINS server 2. |
|
no description |
|
Dhcp-Relay-Agent-Option. Choices:
|
|
no description Choices:
|
|
Dhcp-Relay-Ip. |
|
Dhcp-Relay-Service. Choices:
|
|
Dhcp-Relay-Type. Choices:
|
|
Ip. |
|
no description |
|
Enable/disable address auto config. Choices:
|
|
Cli-Conn6-Status. |
|
Dhcp6-Client-Options. Choices:
|
|
Enable/disable DHCPv6 information request. Choices:
|
|
Enable/disable DHCPv6 prefix delegation. Choices:
|
|
DHCPv6 prefix that will be used as a hint to the upstream DHCPv6 server. |
|
DHCPv6 prefix hint preferred life time |
|
DHCPv6 prefix hint valid life time |
|
DHCPv6 relay IP address. |
|
Enable/disable DHCPv6 relay. Choices:
|
|
Enable/disable use of address on this interface as the source address of the relay message. Choices:
|
|
DHCPv6 relay type. Choices:
|
|
Enable/disable sending of ICMPv6 redirects. Choices:
|
|
IPv6 interface identifier. |
|
Primary IPv6 address prefix, syntax |
|
Allow management access to the interface. Choices:
|
|
Default life |
|
IAID of obtained delegated-prefix from the upstream interface. |
|
Ip6-Delegated-Prefix-List. |
|
Enable/disable the autonomous flag. Choices:
|
|
IAID of obtained delegated-prefix from the upstream interface. |
|
Enable/disable the onlink flag. Choices:
|
|
Prefix ID. |
|
Recursive DNS server option. |
|
Recursive DNS service option. Choices:
|
|
Add subnet ID to routing prefix. |
|
Name of the interface that provides delegated information. |
|
Enable/disable using the DNS server acquired by DHCP. Choices:
|
|
Ip6-Extra-Addr. |
|
IPv6 address prefix. |
|
Hop limit |
|
IPv6 link MTU. |
|
Enable/disable the managed flag. Choices:
|
|
IPv6 maximum interval |
|
IPv6 minimum interval |
|
Addressing mode Choices:
|
|
Enable/disable the other IPv6 flag. Choices:
|
|
Ip6-Prefix-List. |
|
Enable/disable the autonomous flag. Choices:
|
|
DNS search list option. |
|
Enable/disable the onlink flag. Choices:
|
|
Preferred life time |
|
IPv6 prefix. |
|
Recursive DNS server option. |
|
Valid life time |
|
Assigning a prefix from DHCP or RA. Choices:
|
|
IPv6 reachable time |
|
IPv6 retransmit time |
|
Enable/disable sending advertisements about the interface. Choices:
|
|
Subnet to routing prefix, syntax |
|
Interface name providing delegated information. |
|
Neighbor discovery certificate. |
|
Neighbor discovery CGA modifier. |
|
Neighbor discovery mode. Choices:
|
|
Neighbor discovery security level |
|
Neighbor discovery timestamp delta value |
|
Neighbor discovery timestamp fuzz factor |
|
Enable/disable sending link MTU in RA packet. Choices:
|
|
Enable/disable unique auto config address. Choices:
|
|
Link-local IPv6 address of virtual router. |
|
Enable/disable virtual MAC for VRRP. Choices:
|
|
Vrrp6. |
|
Enable/disable accept mode. Choices:
|
|
Advertisement interval |
|
Enable/disable preempt mode. Choices:
|
|
Priority of the virtual router |
|
Startup time |
|
Enable/disable VRRP. Choices:
|
|
Monitor the route to this destination. |
|
VRRP group ID |
|
Virtual router identifier |
|
IPv6 address of the virtual router. |
|
Secondary-Ip. Choices:
|
|
Secondaryip. |
|
Management access settings for the secondary IP address. Choices:
|
|
Protocols used to detect the server. Choices:
|
|
Gateways ping server for this IP. |
|
Enable/disable detect gateway alive for first. Choices:
|
|
HA election priority for the PING server. |
|
ID. |
|
Secondary IP address of the interface. |
|
Ping-Serv-Status. |
|
DHCP relay IP address. |
|
Seq. |
|
Vlanid. |
|
description |
|
Enable/disable accept mode. Choices:
|
|
Advertisement interval |
|
Enable/disable ignoring of default route when checking destination. Choices:
|
|
Enable/disable preempt mode. Choices:
|
|
Priority of the virtual router |
|
description |
|
ID. |
|
Set IP addresses of proxy ARP. |
|
Startup time |
|
Enable/disable this VRRP configuration. Choices:
|
|
VRRP version. Choices:
|
|
description |
|
Priority of the virtual router when the virtual router destination becomes unreachable |
|
VRRP group ID |
|
Virtual router identifier |
|
IP address of the virtual router. |
|
no description |
|
PPPoE server name. |
|
Aggregate. |
|
Type of aggregation. Choices:
|
|
Frame distribution algorithm. Choices:
|
|
Alias will be displayed with the interface name to make it easier to distinguish. |
|
Permitted types of management access to this interface. Choices:
|
|
Enable/disable automatic registration of unknown FortiAP devices. Choices:
|
|
Enable/disable ARP forwarding. Choices:
|
|
ATM protocol. Choices:
|
|
HTTPS server certificate. |
|
Address of captive portal. |
|
PPP authentication type to use. Choices:
|
|
Enable/disable automatic authorization of dedicated Fortinet extension device on this interface. Choices:
|
|
Bandwidth measure time |
|
Bidirectional Forwarding Detection Choices:
|
|
BFD desired minimal transmit interval. |
|
BFD detection multiplier. |
|
BFD required minimal receive interval. |
|
Enable/disable broadcasting FortiClient discovery messages. Choices:
|
|
Enable/disable broadcast forwarding. Choices:
|
|
Enable/disable captive portal. |
|
Cli-Conn-Status. |
|
Color of icon on the GUI. |
|
Ddns. Choices:
|
|
Ddns-Auth. Choices:
|
|
Ddns-Domain. |
|
Ddns-Key. |
|
Ddns-Keyname. |
|
Ddns-Password. |
|
Ddns-Server. Choices:
|
|
Ddns-Server-Ip. |
|
Ddns-Sn. |
|
Ddns-Ttl. |
|
Ddns-Username. |
|
Ddns-Zone. |
|
Configure interface for single purpose. Choices:
|
|
default purdue level of device detected on this interface. Choices:
|
|
Enable to get the gateway IP from the DHCP or PPPoE server. Choices:
|
|
Description. |
|
Detected-Peer-Mtu. |
|
Protocols used to detect the server. Choices:
|
|
Gateways ping server for this IP. |
|
Device access list. |
|
Enable/disable passively gathering of device identity information about the devices on the network connected to this in… Choices:
|
|
Enable/disable active gathering of device identity information about the devices on the network connected to this inter… Choices:
|
|
Enable/disable inclusion of devices detected on this interface in network vulnerability scans. Choices:
|
|
Enable/disable passive gathering of user identity information about users on this interface. Choices:
|
|
Devindex. |
|
Enable/disable setting of the broadcast flag in messages sent by the DHCP client Choices:
|
|
Enable/disable addition of classless static routes retrieved from DHCP server. Choices:
|
|
DHCP client identifier. |
|
Enable/disable DHCP relay agent option. Choices:
|
|
Specify outgoing interface to reach server. |
|
Specify how to select outgoing interface to reach server. Choices:
|
|
DHCP relay IP address. |
|
DHCP relay link selection. |
|
Enable/disable sending of DHCP requests to all servers. Choices:
|
|
Enable/disable allowing this interface to act as a DHCP relay. Choices:
|
|
DHCP relay type Choices:
|
|
DHCP renew time in seconds |
|
Enable/disable DHCP smart relay. Choices:
|
|
Time in seconds to wait before retrying to start a PPPoE discovery, 0 means no timeout. |
|
Time in milliseconds to wait before sending a notification that this interface is down or disconnected. |
|
Distance for routes learned through PPPoE or DHCP, lower distance indicates preferred route. |
|
Dns-Query. Choices:
|
|
Enable/disable use DNS acquired by DHCP or PPPoE. Choices:
|
|
description Choices:
|
|
Enable/disable drop fragment packets. Choices:
|
|
Enable/disable drop overlapped fragment packets. Choices:
|
|
EAP CA certificate name. |
|
EAP identity. |
|
EAP method. Choices:
|
|
description |
|
Enable/disable EAP-Supplicant. Choices:
|
|
EAP user certificate name. |
|
Override outgoing CoS in user VLAN tag. Choices:
|
|
Outgoing traffic shaping profile. |
|
Eip. |
|
Enable/disable endpoint compliance enforcement. Choices:
|
|
Estimated maximum downstream bandwidth |
|
Estimated maximum upstream bandwidth |
|
Enable/disable the explicit FTP proxy on this interface. Choices:
|
|
Enable/disable the explicit web proxy on this interface. Choices:
|
|
Enable/disable identifying the interface as an external interface Choices:
|
|
Action on extender when interface fail . Choices:
|
|
Names of the FortiGate interfaces to which the link failure alert is sent. |
|
Select link-failed-signal or link-down method to alert about a failed link. Choices:
|
|
Enable/disable fail detection features for this interface. Choices:
|
|
Options for detecting that this interface has failed. Choices:
|
|
Fdp. Choices:
|
|
Enable/disable FortiHeartBeat Choices:
|
|
Enable FortiLink to dedicate this interface to manage other Fortinet devices. Choices:
|
|
Fortilink-Backup-Link. |
|
Protocol for FortiGate neighbor discovery. Choices:
|
|
Enable/disable FortiLink split interface to connect member link to different FortiSwitch in stack for uplink redundancy. Choices:
|
|
Enable/disable FortiLink switch-stacking on this interface. Choices:
|
|
Transparent mode forward domain. |
|
Enable/disable forward error correction Choices:
|
|
Fp-Anomaly. Choices:
|
|
Fp-Disable. Choices:
|
|
Gateway address |
|
no description Choices:
|
|
Enable/disable Gi Gatekeeper. Choices:
|
|
Gateway address |
|
Enable/disable detect gateway alive for first. Choices:
|
|
HA election priority for the PING server. |
|
Enable/disable ICMP accept redirect. Choices:
|
|
Enable/disable ICMP redirect. Choices:
|
|
Enable/disable sending of ICMP redirects. Choices:
|
|
Enable/disable authentication for this interface. Choices:
|
|
PPPoE auto disconnect after idle timeout seconds, 0 means no timeout. |
|
Interface MDIX mode Choices:
|
|
Select interface media type Choices:
|
|
Configure IKE authentication SAML server. |
|
In-Force-Vlan-Cos. |
|
Bandwidth limit for incoming traffic |
|
Override incoming CoS in user VLAN tag on VLAN interface or assign a priority VLAN tag on physical interface. Choices:
|
|
Incoming traffic shaping profile. |
|
Ingress Spillover threshold |
|
Set interconnect profile. Choices:
|
|
Implicitly created. |
|
Interface IPv4 address and subnet mask, syntax |
|
Enable/disable automatic IP address assignment of this interface by FortiIPAM. Choices:
|
|
Enable/disable IP/MAC binding. Choices:
|
|
Enable/disable the use of this interface as a one-armed sniffer. Choices:
|
|
Unnumbered IP used for PPPoE interfaces for which no unique local address is provided. |
|
no description |
|
Enable/disable address auto config. Choices:
|
|
Cli-Conn6-Status. |
|
Dhcp6-Client-Options. Choices:
|
|
Enable/disable DHCPv6 information request. Choices:
|
|
Enable/disable DHCPv6 prefix delegation. Choices:
|
|
DHCPv6 prefix that will be used as a hint to the upstream DHCPv6 server. |
|
DHCPv6 prefix hint preferred life time |
|
DHCPv6 prefix hint valid life time |
|
DHCPv6 relay IP address. |
|
Enable/disable DHCPv6 relay. Choices:
|
|
Enable/disable use of address on this interface as the source address of the relay message. Choices:
|
|
DHCPv6 relay type. Choices:
|
|
Enable/disable sending of ICMPv6 redirects. Choices:
|
|
IPv6 interface identifier. |
|
Primary IPv6 address prefix, syntax |
|
Allow management access to the interface. Choices:
|
|
Default life |
|
IAID of obtained delegated-prefix from the upstream interface. |
|
Ip6-Delegated-Prefix-List. |
|
Enable/disable the autonomous flag. Choices:
|
|
IAID of obtained delegated-prefix from the upstream interface. |
|
Enable/disable the onlink flag. Choices:
|
|
Prefix ID. |
|
Recursive DNS server option. |
|
Recursive DNS service option. Choices:
|
|
Add subnet ID to routing prefix. |
|
Name of the interface that provides delegated information. |
|
Enable/disable using the DNS server acquired by DHCP. Choices:
|
|
Ip6-Extra-Addr. |
|
IPv6 address prefix. |
|
Hop limit |
|
IPv6 link MTU. |
|
Enable/disable the managed flag. Choices:
|
|
IPv6 maximum interval |
|
IPv6 minimum interval |
|
Addressing mode Choices:
|
|
Enable/disable the other IPv6 flag. Choices:
|
|
Ip6-Prefix-List. |
|
Enable/disable the autonomous flag. Choices:
|
|
DNS search list option. |
|
Enable/disable the onlink flag. Choices:
|
|
Preferred life time |
|
IPv6 prefix. |
|
Recursive DNS server option. |
|
Valid life time |
|
Assigning a prefix from DHCP or RA. Choices:
|
|
IPv6 reachable time |
|
IPv6 retransmit time |
|
Enable/disable sending advertisements about the interface. Choices:
|
|
Subnet to routing prefix, syntax |
|
Interface name providing delegated information. |
|
Neighbor discovery certificate. |
|
Neighbor discovery CGA modifier. |
|
Neighbor discovery mode. Choices:
|
|
Neighbor discovery security level |
|
Neighbor discovery timestamp delta value |
|
Neighbor discovery timestamp fuzz factor |
|
Enable/disable sending link MTU in RA packet. Choices:
|
|
Enable/disable unique auto config address. Choices:
|
|
Link-local IPv6 address of virtual router. |
|
Enable/disable virtual MAC for VRRP. Choices:
|
|
Vrrp6. |
|
Enable/disable accept mode. Choices:
|
|
Advertisement interval |
|
Enable/disable preempt mode. Choices:
|
|
Priority of the virtual router |
|
Startup time |
|
Enable/disable VRRP. Choices:
|
|
Monitor the route to this destination. |
|
VRRP group ID |
|
Virtual router identifier |
|
IPv6 address of the virtual router. |
|
Enable/disable l2 forwarding. Choices:
|
|
Enable/disable this interface as a Layer 2 Tunnelling Protocol Choices:
|
|
no description Choices:
|
|
LACP HA slave. Choices:
|
|
LACP mode. Choices:
|
|
How often the interface sends LACP messages. Choices:
|
|
no description Choices:
|
|
Time in seconds between PPPoE Link Control Protocol |
|
Maximum missed LCP echo messages before disconnect. |
|
Number of milliseconds to wait before considering a link is up. |
|
Listen-Forticlient-Connection. Choices:
|
|
LLDP-MED network policy profile. |
|
Enable/disable Link Layer Discovery Protocol Choices:
|
|
Enable/disable Link Layer Discovery Protocol Choices:
|
|
Log. Choices:
|
|
Change the interfaces MAC address. |
|
Number of IP addresses to be allocated by FortiIPAM and used by this FortiGate units DHCP server settings. Choices:
|
|
High Availability in-band management IP address of this interface. |
|
Max egress burst rate |
|
Max egress rate |
|
Measured downstream bandwidth |
|
Measured upstream bandwidth |
|
Select SFP media interface type Choices:
|
|
Physical interfaces that belong to the aggregate or redundant interface. |
|
Minimum number of aggregated ports that must be up. |
|
Action to take when less than the configured minimum number of links are active. Choices:
|
|
Addressing mode Choices:
|
|
Enable monitoring bandwidth on this interface. Choices:
|
|
MTU value for this interface. |
|
Enable to set a custom MTU for this interface. Choices:
|
|
Multiplexer type Choices:
|
|
Name. |
|
Enable/disable NDISC forwarding. Choices:
|
|
Enable/disable NETBIOS forwarding. Choices:
|
|
Enable/disable NetFlow on this interface and set the data that NetFlow collects Choices:
|
|
NP QoS profile ID. |
|
Npu-Fastpath. Choices:
|
|
Nst. Choices:
|
|
Out-Force-Vlan-Cos. |
|
Bandwidth limit for outgoing traffic |
|
PPPoE Active Discovery Terminate |
|
PPPoE accounts password. |
|
Peer-Interface. |
|
DSL physical mode. Choices:
|
|
Ping-Serv-Status. |
|
Enable/disable PoE status. Choices:
|
|
sFlow polling interval |
|
Enable/disable PPPoE unnumbered negotiation. Choices:
|
|
PPTP authentication type. Choices:
|
|
Enable/disable PPTP client. Choices:
|
|
PPTP password. |
|
PPTP server IP address. |
|
Idle timer in minutes |
|
PPTP user name. |
|
Enable/disable preservation of session route when dirty. Choices:
|
|
Priority of learned routes. |
|
Enable/disable fail back to higher priority port once recovered. Choices:
|
|
Enable/disable proxy captive portal on this interface. Choices:
|
|
SFP-DSL ADSL Fallback PVC ATM QoS. Choices:
|
|
SFP-DSL ADSL Fallback PVC Channel. |
|
SFP-DSL ADSL Fallback PVC CRC Option |
|
SFP-DSL ADSL Fallback PVC Packet Cell Rate in cells |
|
SFP-DSL ADSL Fallback PVC Sustainable Cell Rate in cells |
|
SFP-DSL ADSL Fallback PVC VLAN ID. |
|
SFP-DSL ADSL Fallback PVC VLANID RX. |
|
SFP-DSL ADSL Fallback PVC VLAN RX op. Choices:
|
|
SFP-DSL ADSL Fallback PVC VLAN ID TX. |
|
SFP-DSL ADSL Fallback PVC VLAN TX op. Choices:
|
|
IPv4 reachable time in milliseconds |
|
Redundant-Interface. |
|
Remote IP address of tunnel. |
|
Replacement message override group. |
|
Enable/disable DSL retransmission. Choices:
|
|
RX ring size. |
|
TX ring size. |
|
Interface role. Choices:
|
|
Data that NetFlow collects Choices:
|
|
sFlow sample rate |
|
Enable monitoring or blocking connections to Botnet servers through this interface. Choices:
|
|
Enable/disable adding a secondary IP to this interface. Choices:
|
|
Secondaryip. |
|
Management access settings for the secondary IP address. Choices:
|
|
Protocols used to detect the server. Choices:
|
|
Gateways ping server for this IP. |
|
Enable/disable detect gateway alive for first. Choices:
|
|
HA election priority for the PING server. |
|
ID. |
|
Secondary IP address of the interface. |
|
Ping-Serv-Status. |
|
DHCP relay IP address. |
|
Seq. |
|
VLAN ID for virtual switch. |
|
Choices:
|
|
Name of security-exempt-list. |
|
URL of external authentication logout server. |
|
URL of external authentication web server. |
|
User groups that can authenticate with the captive portal. |
|
Enable/disable MAC authentication bypass. Choices:
|
|
Turn on captive portal authentication for this interface. Choices:
|
|
URL redirection after disclaimer/authentication. |
|
Select VDSL Profile 30a or 35b. Choices:
|
|
PPPoE service name. |
|
Enable/disable sFlow on this interface. Choices:
|
|
Enable/disable SFP DSL. Choices:
|
|
Enable/disable SFP DSL ADSL fallback. Choices:
|
|
Enable/disable SFP DSL MAC address autodetect. Choices:
|
|
SFP DSL MAC address. |
|
Interface speed. Choices:
|
|
Egress Spillover threshold |
|
Enable/disable source IP check. Choices:
|
|
Bring the interface up or shut the interface down. Choices:
|
|
Enable/disable STP. Choices:
|
|
Control STP behaviour on HA secondary. Choices:
|
|
Control STP behaviour on HA slave. Choices:
|
|
Enable/disable STP forwarding. Choices:
|
|
Configure STP forwarding mode. Choices:
|
|
Strip-Priority-Vlan-Tag. Choices:
|
|
Enable to always send packets from this interface to a destination MAC address. Choices:
|
|
Destination MAC address that all packets are sent to from this interface. |
|
Frame distribution algorithm for switch. Choices:
|
|
Initial create for switch-controller VLANs. |
|
Swc-Vlan. |
|
Switch. |
|
Block FortiSwitch port-to-port traffic. Choices:
|
|
Enable/disable FortiSwitch ARP inspection. Choices:
|
|
Switch controller authentication. Choices:
|
|
Switch controller DHCP snooping. Choices:
|
|
Switch controller DHCP snooping option82. Choices:
|
|
Switch controller DHCP snooping verify MAC. Choices:
|
|
Integrated FortiLink settings for managed FortiSwitch. |
|
Interfaces purpose when assigning traffic Choices:
|
|
Switch controller IGMP snooping. Choices:
|
|
Switch controller IGMP snooping fast-leave. Choices:
|
|
Switch controller IGMP snooping proxy. Choices:
|
|
Enable/disable managed FortiSwitch IoT scanning. Choices:
|
|
Limit the number of dynamic MAC addresses on this VLAN |
|
VLAN to use for FortiLink management purposes. |
|
Integrated NAC settings for managed FortiSwitch. |
|
NetFlow collection and processing. Choices:
|
|
no description Choices:
|
|
no description Choices:
|
|
no description |
|
RADIUS server name for this FortiSwitch VLAN. |
|
Stop Layer2 MAC learning and interception of BPDUs and other packets on this interface. Choices:
|
|
Source IP address used in FortiLink over L3 connections. Choices:
|
|
Switch controller traffic policy for the VLAN. |
|
Define a system ID for the aggregate interface. |
|
Method in which system ID is generated. Choices:
|
|
DSL transfer mode. Choices:
|
|
TCP maximum segment size. |
|
Enable/disable VLAN trunk. Choices:
|
|
Trusted host for dedicated management traffic |
|
Trusted host for dedicated management traffic |
|
Trusted host for dedicated management traffic |
|
Trusted IPv6 host for dedicated management traffic |
|
Trusted IPv6 host for dedicated management traffic |
|
Trusted IPv6 host for dedicated management traffic |
|
Interface type. Choices:
|
|
Username of the PPPoE account, provided by your ISP. |
|
Virtual Channel ID |
|
Enable/disable DSL vectoring. Choices:
|
|
Vindex. |
|
Vlan ID |
|
Configure DSL 802. Choices:
|
|
Ethernet protocol of VLAN. Choices:
|
|
Enable/disable traffic forwarding between VLANs on this interface. Choices:
|
|
VLAN ID |
|
Virtual Path ID |
|
Virtual Routing Forwarding ID. |
|
Vrrp. |
|
Enable/disable accept mode. Choices:
|
|
Advertisement interval |
|
Enable/disable ignoring of default route when checking destination. Choices:
|
|
Enable/disable preempt mode. Choices:
|
|
Priority of the virtual router |
|
description |
|
ID. |
|
Set IP addresses of proxy ARP. |
|
Startup time |
|
Enable/disable this VRRP configuration. Choices:
|
|
VRRP version. Choices:
|
|
Monitor the route to this destination. |
|
Priority of the virtual router when the virtual router destination becomes unreachable |
|
VRRP group ID |
|
Virtual router identifier |
|
IP address of the virtual router. |
|
Enable/disable use of virtual MAC for VRRP. Choices:
|
|
Enable/disable WCCP on this interface. Choices:
|
|
Default weight for static routes |
|
Minimal signal strength to be considered as a good 5G AP. |
|
Access control for MAC addresses in the MAC list. Choices:
|
|
How to select the AP to connect. Choices:
|
|
WiFi authentication. Choices:
|
|
Enable/disable WiFi network auto connect. Choices:
|
|
Enable/disable WiFi network automatic save. Choices:
|
|
Enable/disable SSID broadcast in the beacon. Choices:
|
|
DNS server 1. |
|
DNS server 2. |
|
Data encryption. Choices:
|
|
WiFi fragment threshold |
|
IPv4 default gateway IP address. |
|
WiFi WEP Key. |
|
WEP key index |
|
Enable/disable MAC filter status. Choices:
|
|
WiFi pre-shared key for WPA. |
|
WiFi RADIUS server for WPA. |
|
WiFi RTS threshold |
|
Wireless access security of SSID. Choices:
|
|
IEEE 802. |
|
WiFi user group for WPA. |
|
WINS server IP. |
|
Name. |
|
no description |
|
no description |
|
no description Choices:
|
|
no description |
|
no description |
|
Vdom. |
|
Vlanid. |
|
The overridden method for the underlying Json RPC request. Choices:
|
|
The rc codes list with which the conditions to fail will be overriden. |
|
The rc codes list with which the conditions to succeed will be overriden. |
|
The directive to create, update or delete an object. Choices:
|
|
The adom to lock for FortiManager running in workspace mode, the value can be global and others including root. |
|
The maximum time in seconds to wait for other user to release the workspace lock. Default: |
Notes
Note
Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.
To create or update an object, use state present directive.
To delete an object, use state absent directive.
Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded
Examples
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: no description
fmgr_fsp_vlan:
bypass_validation: False
workspace_locking_adom: <value in [global, custom adom including root]>
workspace_locking_timeout: 300
rc_succeeded: [0, -2, -3, ...]
rc_failed: [-2, -3, ...]
adom: <your own value>
state: <value in [present, absent]>
fsp_vlan:
_dhcp-status: <value in [disable, enable]>
auth: <value in [radius, usergroup]>
color: <value of integer>
comments: <value of string>
dynamic_mapping:
-
_dhcp-status: <value in [disable, enable]>
_scope:
-
name: <value of string>
vdom: <value of string>
dhcp-server:
auto-configuration: <value in [disable, enable]>
auto-managed-status: <value in [disable, enable]>
conflicted-ip-timeout: <value of integer>
ddns-auth: <value in [disable, tsig]>
ddns-key: <value of string>
ddns-keyname: <value of string>
ddns-server-ip: <value of string>
ddns-ttl: <value of integer>
ddns-update: <value in [disable, enable]>
ddns-update-override: <value in [disable, enable]>
ddns-zone: <value of string>
default-gateway: <value of string>
dhcp-settings-from-fortiipam: <value in [disable, enable]>
dns-server1: <value of string>
dns-server2: <value of string>
dns-server3: <value of string>
dns-server4: <value of string>
dns-service: <value in [default, specify, local]>
domain: <value of string>
enable: <value in [disable, enable]>
exclude-range:
-
end-ip: <value of string>
id: <value of integer>
start-ip: <value of string>
vci-match: <value in [disable, enable]>
vci-string: <value of string>
lease-time: <value of integer>
uci-match: <value in [disable, enable]>
uci-string: <value of string>
filename: <value of string>
forticlient-on-net-status: <value in [disable, enable]>
id: <value of integer>
ip-mode: <value in [range, usrgrp]>
ip-range:
-
end-ip: <value of string>
id: <value of integer>
start-ip: <value of string>
vci-match: <value in [disable, enable]>
vci-string: <value of string>
lease-time: <value of integer>
uci-match: <value in [disable, enable]>
uci-string: <value of string>
ipsec-lease-hold: <value of integer>
lease-time: <value of integer>
mac-acl-default-action: <value in [assign, block]>
netmask: <value of string>
next-server: <value of string>
ntp-server1: <value of string>
ntp-server2: <value of string>
ntp-server3: <value of string>
ntp-service: <value in [default, specify, local]>
option1: <value of string>
option2: <value of string>
option3: <value of string>
option4: <value of string>
option5: <value of string>
option6: <value of string>
options:
-
code: <value of integer>
id: <value of integer>
ip: <value of string>
type: <value in [hex, string, ip, ...]>
value: <value of string>
vci-match: <value in [disable, enable]>
vci-string: <value of string>
uci-match: <value in [disable, enable]>
uci-string: <value of string>
reserved-address:
-
action: <value in [assign, block, reserved]>
circuit-id: <value of string>
circuit-id-type: <value in [hex, string]>
description: <value of string>
id: <value of integer>
ip: <value of string>
mac: <value of string>
remote-id: <value of string>
remote-id-type: <value in [hex, string]>
type: <value in [mac, option82]>
server-type: <value in [regular, ipsec]>
status: <value in [disable, enable]>
tftp-server: <value of string>
timezone: <value in [00, 01, 02, ...]>
timezone-option: <value in [disable, default, specify]>
vci-match: <value in [disable, enable]>
vci-string: <value of string>
wifi-ac-service: <value in [specify, local]>
wifi-ac1: <value of string>
wifi-ac2: <value of string>
wifi-ac3: <value of string>
wins-server1: <value of string>
wins-server2: <value of string>
relay-agent: <value of string>
shared-subnet: <value in [disable, enable]>
interface:
dhcp-relay-agent-option: <value in [disable, enable]>
dhcp-relay-ip: <value of string>
dhcp-relay-service: <value in [disable, enable]>
dhcp-relay-type: <value in [regular, ipsec]>
ip: <value of string>
ipv6:
autoconf: <value in [disable, enable]>
dhcp6-client-options:
- rapid
- iapd
- iana
- dns
- dnsname
dhcp6-information-request: <value in [disable, enable]>
dhcp6-prefix-delegation: <value in [disable, enable]>
dhcp6-prefix-hint: <value of string>
dhcp6-prefix-hint-plt: <value of integer>
dhcp6-prefix-hint-vlt: <value of integer>
dhcp6-relay-ip: <value of string>
dhcp6-relay-service: <value in [disable, enable]>
dhcp6-relay-type: <value in [regular]>
icmp6-send-redirect: <value in [disable, enable]>
interface-identifier: <value of string>
ip6-address: <value of string>
ip6-allowaccess:
- https
- ping
- ssh
- snmp
- http
- telnet
- fgfm
- capwap
- fabric
ip6-default-life: <value of integer>
ip6-delegated-prefix-list:
-
autonomous-flag: <value in [disable, enable]>
onlink-flag: <value in [disable, enable]>
prefix-id: <value of integer>
rdnss: <value of string>
rdnss-service: <value in [delegated, default, specify]>
subnet: <value of string>
upstream-interface: <value of string>
delegated-prefix-iaid: <value of integer>
ip6-dns-server-override: <value in [disable, enable]>
ip6-extra-addr:
-
prefix: <value of string>
ip6-hop-limit: <value of integer>
ip6-link-mtu: <value of integer>
ip6-manage-flag: <value in [disable, enable]>
ip6-max-interval: <value of integer>
ip6-min-interval: <value of integer>
ip6-mode: <value in [static, dhcp, pppoe, ...]>
ip6-other-flag: <value in [disable, enable]>
ip6-prefix-list:
-
autonomous-flag: <value in [disable, enable]>
dnssl: <value of string>
onlink-flag: <value in [disable, enable]>
preferred-life-time: <value of integer>
prefix: <value of string>
rdnss: <value of string>
valid-life-time: <value of integer>
ip6-reachable-time: <value of integer>
ip6-retrans-time: <value of integer>
ip6-send-adv: <value in [disable, enable]>
ip6-subnet: <value of string>
ip6-upstream-interface: <value of string>
nd-cert: <value of string>
nd-cga-modifier: <value of string>
nd-mode: <value in [basic, SEND-compatible]>
nd-security-level: <value of integer>
nd-timestamp-delta: <value of integer>
nd-timestamp-fuzz: <value of integer>
unique-autoconf-addr: <value in [disable, enable]>
vrip6_link_local: <value of string>
vrrp-virtual-mac6: <value in [disable, enable]>
vrrp6:
-
accept-mode: <value in [disable, enable]>
adv-interval: <value of integer>
preempt: <value in [disable, enable]>
priority: <value of integer>
start-time: <value of integer>
status: <value in [disable, enable]>
vrdst6: <value of string>
vrgrp: <value of integer>
vrid: <value of integer>
vrip6: <value of string>
cli-conn6-status: <value of integer>
ip6-prefix-mode: <value in [dhcp6, ra]>
ra-send-mtu: <value in [disable, enable]>
ip6-delegated-prefix-iaid: <value of integer>
dhcp6-relay-source-interface: <value in [disable, enable]>
secondary-IP: <value in [disable, enable]>
secondaryip:
-
allowaccess:
- https
- ping
- ssh
- snmp
- http
- telnet
- fgfm
- auto-ipsec
- radius-acct
- probe-response
- capwap
- dnp
- ftm
- fabric
- speed-test
detectprotocol:
- ping
- tcp-echo
- udp-echo
detectserver: <value of string>
gwdetect: <value in [disable, enable]>
ha-priority: <value of integer>
id: <value of integer>
ip: <value of string>
ping-serv-status: <value of integer>
seq: <value of integer>
secip-relay-ip: <value of string>
vlanid: <value of integer>
dhcp-relay-interface-select-method: <value in [auto, sdwan, specify]>
vrrp:
-
accept-mode: <value in [disable, enable]>
adv-interval: <value of integer>
ignore-default-route: <value in [disable, enable]>
preempt: <value in [disable, enable]>
priority: <value of integer>
proxy-arp:
-
id: <value of integer>
ip: <value of string>
start-time: <value of integer>
status: <value in [disable, enable]>
version: <value in [2, 3]>
vrdst: <value of string>
vrdst-priority: <value of integer>
vrgrp: <value of integer>
vrid: <value of integer>
vrip: <value of string>
name: <value of string>
portal-message-override-group: <value of string>
radius-server: <value of string>
security: <value in [open, captive-portal, 8021x]>
selected-usergroups: <value of string>
usergroup: <value of string>
vdom: <value of string>
vlanid: <value of integer>
dhcp-server:
auto-configuration: <value in [disable, enable]>
auto-managed-status: <value in [disable, enable]>
conflicted-ip-timeout: <value of integer>
ddns-auth: <value in [disable, tsig]>
ddns-key: <value of string>
ddns-keyname: <value of string>
ddns-server-ip: <value of string>
ddns-ttl: <value of integer>
ddns-update: <value in [disable, enable]>
ddns-update-override: <value in [disable, enable]>
ddns-zone: <value of string>
default-gateway: <value of string>
dhcp-settings-from-fortiipam: <value in [disable, enable]>
dns-server1: <value of string>
dns-server2: <value of string>
dns-server3: <value of string>
dns-server4: <value of string>
dns-service: <value in [default, specify, local]>
domain: <value of string>
enable: <value in [disable, enable]>
exclude-range:
-
end-ip: <value of string>
id: <value of integer>
start-ip: <value of string>
vci-match: <value in [disable, enable]>
vci-string: <value of string>
lease-time: <value of integer>
uci-match: <value in [disable, enable]>
uci-string: <value of string>
filename: <value of string>
forticlient-on-net-status: <value in [disable, enable]>
id: <value of integer>
ip-mode: <value in [range, usrgrp]>
ip-range:
-
end-ip: <value of string>
id: <value of integer>
start-ip: <value of string>
vci-match: <value in [disable, enable]>
vci-string: <value of string>
lease-time: <value of integer>
uci-match: <value in [disable, enable]>
uci-string: <value of string>
ipsec-lease-hold: <value of integer>
lease-time: <value of integer>
mac-acl-default-action: <value in [assign, block]>
netmask: <value of string>
next-server: <value of string>
ntp-server1: <value of string>
ntp-server2: <value of string>
ntp-server3: <value of string>
ntp-service: <value in [default, specify, local]>
option1: <value of string>
option2: <value of string>
option3: <value of string>
option4: <value of string>
option5: <value of string>
option6: <value of string>
options:
-
code: <value of integer>
id: <value of integer>
ip: <value of string>
type: <value in [hex, string, ip, ...]>
value: <value of string>
vci-match: <value in [disable, enable]>
vci-string: <value of string>
uci-match: <value in [disable, enable]>
uci-string: <value of string>
reserved-address:
-
action: <value in [assign, block, reserved]>
circuit-id: <value of string>
circuit-id-type: <value in [hex, string]>
description: <value of string>
id: <value of integer>
ip: <value of string>
mac: <value of string>
remote-id: <value of string>
remote-id-type: <value in [hex, string]>
type: <value in [mac, option82]>
server-type: <value in [regular, ipsec]>
status: <value in [disable, enable]>
tftp-server: <value of string>
timezone: <value in [00, 01, 02, ...]>
timezone-option: <value in [disable, default, specify]>
vci-match: <value in [disable, enable]>
vci-string: <value of string>
wifi-ac-service: <value in [specify, local]>
wifi-ac1: <value of string>
wifi-ac2: <value of string>
wifi-ac3: <value of string>
wins-server1: <value of string>
wins-server2: <value of string>
relay-agent: <value of string>
shared-subnet: <value in [disable, enable]>
interface:
ac-name: <value of string>
aggregate: <value of string>
algorithm: <value in [L2, L3, L4, ...]>
alias: <value of string>
allowaccess:
- https
- ping
- ssh
- snmp
- http
- telnet
- fgfm
- auto-ipsec
- radius-acct
- probe-response
- capwap
- dnp
- ftm
- fabric
- speed-test
ap-discover: <value in [disable, enable]>
arpforward: <value in [disable, enable]>
atm-protocol: <value in [none, ipoa]>
auth-type: <value in [auto, pap, chap, ...]>
auto-auth-extension-device: <value in [disable, enable]>
bandwidth-measure-time: <value of integer>
bfd: <value in [global, enable, disable]>
bfd-desired-min-tx: <value of integer>
bfd-detect-mult: <value of integer>
bfd-required-min-rx: <value of integer>
broadcast-forticlient-discovery: <value in [disable, enable]>
broadcast-forward: <value in [disable, enable]>
captive-portal: <value of integer>
cli-conn-status: <value of integer>
color: <value of integer>
ddns: <value in [disable, enable]>
ddns-auth: <value in [disable, tsig]>
ddns-domain: <value of string>
ddns-key: <value of string>
ddns-keyname: <value of string>
ddns-password: <value of string>
ddns-server: <value in [dhs.org, dyndns.org, dyns.net, ...]>
ddns-server-ip: <value of string>
ddns-sn: <value of string>
ddns-ttl: <value of integer>
ddns-username: <value of string>
ddns-zone: <value of string>
dedicated-to: <value in [none, management]>
defaultgw: <value in [disable, enable]>
description: <value of string>
detected-peer-mtu: <value of integer>
detectprotocol:
- ping
- tcp-echo
- udp-echo
detectserver: <value of string>
device-access-list: <value of string>
device-identification: <value in [disable, enable]>
device-identification-active-scan: <value in [disable, enable]>
device-netscan: <value in [disable, enable]>
device-user-identification: <value in [disable, enable]>
devindex: <value of integer>
dhcp-client-identifier: <value of string>
dhcp-relay-agent-option: <value in [disable, enable]>
dhcp-relay-interface: <value of string>
dhcp-relay-interface-select-method: <value in [auto, sdwan, specify]>
dhcp-relay-ip: <value of string>
dhcp-relay-service: <value in [disable, enable]>
dhcp-relay-type: <value in [regular, ipsec]>
dhcp-renew-time: <value of integer>
disc-retry-timeout: <value of integer>
disconnect-threshold: <value of integer>
distance: <value of integer>
dns-query: <value in [disable, recursive, non-recursive]>
dns-server-override: <value in [disable, enable]>
drop-fragment: <value in [disable, enable]>
drop-overlapped-fragment: <value in [disable, enable]>
egress-cos: <value in [disable, cos0, cos1, ...]>
egress-shaping-profile: <value of string>
eip: <value of string>
endpoint-compliance: <value in [disable, enable]>
estimated-downstream-bandwidth: <value of integer>
estimated-upstream-bandwidth: <value of integer>
explicit-ftp-proxy: <value in [disable, enable]>
explicit-web-proxy: <value in [disable, enable]>
external: <value in [disable, enable]>
fail-action-on-extender: <value in [soft-restart, hard-restart, reboot]>
fail-alert-interfaces: <value of string>
fail-alert-method: <value in [link-failed-signal, link-down]>
fail-detect: <value in [disable, enable]>
fail-detect-option:
- detectserver
- link-down
fdp: <value in [disable, enable]>
fortiheartbeat: <value in [disable, enable]>
fortilink: <value in [disable, enable]>
fortilink-backup-link: <value of integer>
fortilink-neighbor-detect: <value in [lldp, fortilink]>
fortilink-split-interface: <value in [disable, enable]>
fortilink-stacking: <value in [disable, enable]>
forward-domain: <value of integer>
forward-error-correction: <value in [disable, enable, rs-fec, ...]>
fp-anomaly:
- drop_tcp_fin_noack
- pass_winnuke
- pass_tcpland
- pass_udpland
- pass_icmpland
- pass_ipland
- pass_iprr
- pass_ipssrr
- pass_iplsrr
- pass_ipstream
- pass_ipsecurity
- pass_iptimestamp
- pass_ipunknown_option
- pass_ipunknown_prot
- pass_icmp_frag
- pass_tcp_no_flag
- pass_tcp_fin_noack
- drop_winnuke
- drop_tcpland
- drop_udpland
- drop_icmpland
- drop_ipland
- drop_iprr
- drop_ipssrr
- drop_iplsrr
- drop_ipstream
- drop_ipsecurity
- drop_iptimestamp
- drop_ipunknown_option
- drop_ipunknown_prot
- drop_icmp_frag
- drop_tcp_no_flag
fp-disable:
- all
- ipsec
- none
gateway-address: <value of string>
gi-gk: <value in [disable, enable]>
gwaddr: <value of string>
gwdetect: <value in [disable, enable]>
ha-priority: <value of integer>
icmp-accept-redirect: <value in [disable, enable]>
icmp-redirect: <value in [disable, enable]>
icmp-send-redirect: <value in [disable, enable]>
ident-accept: <value in [disable, enable]>
idle-timeout: <value of integer>
if-mdix: <value in [auto, normal, crossover]>
if-media: <value in [auto, copper, fiber]>
in-force-vlan-cos: <value of integer>
inbandwidth: <value of integer>
ingress-cos: <value in [disable, cos0, cos1, ...]>
ingress-shaping-profile: <value of string>
ingress-spillover-threshold: <value of integer>
internal: <value of integer>
ip: <value of string>
ip-managed-by-fortiipam: <value in [disable, enable, inherit-global]>
ipmac: <value in [disable, enable]>
ips-sniffer-mode: <value in [disable, enable]>
ipunnumbered: <value of string>
ipv6:
autoconf: <value in [disable, enable]>
dhcp6-client-options:
- rapid
- iapd
- iana
- dns
- dnsname
dhcp6-information-request: <value in [disable, enable]>
dhcp6-prefix-delegation: <value in [disable, enable]>
dhcp6-prefix-hint: <value of string>
dhcp6-prefix-hint-plt: <value of integer>
dhcp6-prefix-hint-vlt: <value of integer>
dhcp6-relay-ip: <value of string>
dhcp6-relay-service: <value in [disable, enable]>
dhcp6-relay-type: <value in [regular]>
icmp6-send-redirect: <value in [disable, enable]>
interface-identifier: <value of string>
ip6-address: <value of string>
ip6-allowaccess:
- https
- ping
- ssh
- snmp
- http
- telnet
- fgfm
- capwap
- fabric
ip6-default-life: <value of integer>
ip6-delegated-prefix-list:
-
autonomous-flag: <value in [disable, enable]>
onlink-flag: <value in [disable, enable]>
prefix-id: <value of integer>
rdnss: <value of string>
rdnss-service: <value in [delegated, default, specify]>
subnet: <value of string>
upstream-interface: <value of string>
delegated-prefix-iaid: <value of integer>
ip6-dns-server-override: <value in [disable, enable]>
ip6-extra-addr:
-
prefix: <value of string>
ip6-hop-limit: <value of integer>
ip6-link-mtu: <value of integer>
ip6-manage-flag: <value in [disable, enable]>
ip6-max-interval: <value of integer>
ip6-min-interval: <value of integer>
ip6-mode: <value in [static, dhcp, pppoe, ...]>
ip6-other-flag: <value in [disable, enable]>
ip6-prefix-list:
-
autonomous-flag: <value in [disable, enable]>
dnssl: <value of string>
onlink-flag: <value in [disable, enable]>
preferred-life-time: <value of integer>
prefix: <value of string>
rdnss: <value of string>
valid-life-time: <value of integer>
ip6-reachable-time: <value of integer>
ip6-retrans-time: <value of integer>
ip6-send-adv: <value in [disable, enable]>
ip6-subnet: <value of string>
ip6-upstream-interface: <value of string>
nd-cert: <value of string>
nd-cga-modifier: <value of string>
nd-mode: <value in [basic, SEND-compatible]>
nd-security-level: <value of integer>
nd-timestamp-delta: <value of integer>
nd-timestamp-fuzz: <value of integer>
unique-autoconf-addr: <value in [disable, enable]>
vrip6_link_local: <value of string>
vrrp-virtual-mac6: <value in [disable, enable]>
vrrp6:
-
accept-mode: <value in [disable, enable]>
adv-interval: <value of integer>
preempt: <value in [disable, enable]>
priority: <value of integer>
start-time: <value of integer>
status: <value in [disable, enable]>
vrdst6: <value of string>
vrgrp: <value of integer>
vrid: <value of integer>
vrip6: <value of string>
cli-conn6-status: <value of integer>
ip6-prefix-mode: <value in [dhcp6, ra]>
ra-send-mtu: <value in [disable, enable]>
ip6-delegated-prefix-iaid: <value of integer>
dhcp6-relay-source-interface: <value in [disable, enable]>
l2forward: <value in [disable, enable]>
l2tp-client: <value in [disable, enable]>
lacp-ha-slave: <value in [disable, enable]>
lacp-mode: <value in [static, passive, active]>
lacp-speed: <value in [slow, fast]>
lcp-echo-interval: <value of integer>
lcp-max-echo-fails: <value of integer>
link-up-delay: <value of integer>
listen-forticlient-connection: <value in [disable, enable]>
lldp-network-policy: <value of string>
lldp-reception: <value in [disable, enable, vdom]>
lldp-transmission: <value in [enable, disable, vdom]>
log: <value in [disable, enable]>
macaddr: <value of string>
managed-subnetwork-size: <value in [256, 512, 1024, ...]>
management-ip: <value of string>
max-egress-burst-rate: <value of integer>
max-egress-rate: <value of integer>
measured-downstream-bandwidth: <value of integer>
measured-upstream-bandwidth: <value of integer>
mediatype: <value in [serdes-sfp, sgmii-sfp, cfp2-sr10, ...]>
member: <value of string>
min-links: <value of integer>
min-links-down: <value in [operational, administrative]>
mode: <value in [static, dhcp, pppoe, ...]>
monitor-bandwidth: <value in [disable, enable]>
mtu: <value of integer>
mtu-override: <value in [disable, enable]>
mux-type: <value in [llc-encaps, vc-encaps]>
name: <value of string>
ndiscforward: <value in [disable, enable]>
netbios-forward: <value in [disable, enable]>
netflow-sampler: <value in [disable, tx, rx, ...]>
np-qos-profile: <value of integer>
npu-fastpath: <value in [disable, enable]>
nst: <value in [disable, enable]>
out-force-vlan-cos: <value of integer>
outbandwidth: <value of integer>
padt-retry-timeout: <value of integer>
password: <value of string>
peer-interface: <value of string>
phy-mode: <value in [auto, adsl, vdsl, ...]>
ping-serv-status: <value of integer>
poe: <value in [disable, enable]>
polling-interval: <value of integer>
pppoe-unnumbered-negotiate: <value in [disable, enable]>
pptp-auth-type: <value in [auto, pap, chap, ...]>
pptp-client: <value in [disable, enable]>
pptp-password: <value of string>
pptp-server-ip: <value of string>
pptp-timeout: <value of integer>
pptp-user: <value of string>
preserve-session-route: <value in [disable, enable]>
priority: <value of integer>
priority-override: <value in [disable, enable]>
proxy-captive-portal: <value in [disable, enable]>
redundant-interface: <value of string>
remote-ip: <value of string>
replacemsg-override-group: <value of string>
retransmission: <value in [disable, enable]>
ring-rx: <value of integer>
ring-tx: <value of integer>
role: <value in [lan, wan, dmz, ...]>
sample-direction: <value in [rx, tx, both]>
sample-rate: <value of integer>
scan-botnet-connections: <value in [disable, block, monitor]>
secondary-IP: <value in [disable, enable]>
secondaryip:
-
allowaccess:
- https
- ping
- ssh
- snmp
- http
- telnet
- fgfm
- auto-ipsec
- radius-acct
- probe-response
- capwap
- dnp
- ftm
- fabric
- speed-test
detectprotocol:
- ping
- tcp-echo
- udp-echo
detectserver: <value of string>
gwdetect: <value in [disable, enable]>
ha-priority: <value of integer>
id: <value of integer>
ip: <value of string>
ping-serv-status: <value of integer>
seq: <value of integer>
secip-relay-ip: <value of string>
security-8021x-dynamic-vlan-id: <value of integer>
security-8021x-master: <value of string>
security-8021x-mode: <value in [default, dynamic-vlan, fallback, ...]>
security-exempt-list: <value of string>
security-external-logout: <value of string>
security-external-web: <value of string>
security-groups: <value of string>
security-mac-auth-bypass: <value in [disable, enable, mac-auth-only]>
security-mode: <value in [none, captive-portal, 802.1X]>
security-redirect-url: <value of string>
service-name: <value of string>
sflow-sampler: <value in [disable, enable]>
speed: <value in [auto, 10full, 10half, ...]>
spillover-threshold: <value of integer>
src-check: <value in [disable, enable]>
status: <value in [down, up]>
stp: <value in [disable, enable]>
stp-ha-slave: <value in [disable, enable, priority-adjust]>
stpforward: <value in [disable, enable]>
stpforward-mode: <value in [rpl-all-ext-id, rpl-bridge-ext-id, rpl-nothing]>
strip-priority-vlan-tag: <value in [disable, enable]>
subst: <value in [disable, enable]>
substitute-dst-mac: <value of string>
swc-first-create: <value of integer>
swc-vlan: <value of integer>
switch: <value of string>
switch-controller-access-vlan: <value in [disable, enable]>
switch-controller-arp-inspection: <value in [disable, enable]>
switch-controller-auth: <value in [radius, usergroup]>
switch-controller-dhcp-snooping: <value in [disable, enable]>
switch-controller-dhcp-snooping-option82: <value in [disable, enable]>
switch-controller-dhcp-snooping-verify-mac: <value in [disable, enable]>
switch-controller-feature: <value in [none, default-vlan, quarantine, ...]>
switch-controller-igmp-snooping: <value in [disable, enable]>
switch-controller-igmp-snooping-fast-leave: <value in [disable, enable]>
switch-controller-igmp-snooping-proxy: <value in [disable, enable]>
switch-controller-iot-scanning: <value in [disable, enable]>
switch-controller-learning-limit: <value of integer>
switch-controller-mgmt-vlan: <value of integer>
switch-controller-nac: <value of string>
switch-controller-radius-server: <value of string>
switch-controller-rspan-mode: <value in [disable, enable]>
switch-controller-source-ip: <value in [outbound, fixed]>
switch-controller-traffic-policy: <value of string>
tc-mode: <value in [ptm, atm]>
tcp-mss: <value of integer>
trunk: <value in [disable, enable]>
trust-ip-1: <value of string>
trust-ip-2: <value of string>
trust-ip-3: <value of string>
trust-ip6-1: <value of string>
trust-ip6-2: <value of string>
trust-ip6-3: <value of string>
type: <value in [physical, vlan, aggregate, ...]>
username: <value of string>
vci: <value of integer>
vectoring: <value in [disable, enable]>
vindex: <value of integer>
vlan-protocol: <value in [8021q, 8021ad]>
vlanforward: <value in [disable, enable]>
vlanid: <value of integer>
vpi: <value of integer>
vrf: <value of integer>
vrrp:
-
accept-mode: <value in [disable, enable]>
adv-interval: <value of integer>
ignore-default-route: <value in [disable, enable]>
preempt: <value in [disable, enable]>
priority: <value of integer>
start-time: <value of integer>
status: <value in [disable, enable]>
version: <value in [2, 3]>
vrdst: <value of string>
vrdst-priority: <value of integer>
vrgrp: <value of integer>
vrid: <value of integer>
vrip: <value of string>
proxy-arp:
-
id: <value of integer>
ip: <value of string>
vrrp-virtual-mac: <value in [disable, enable]>
wccp: <value in [disable, enable]>
weight: <value of integer>
wifi-5g-threshold: <value of string>
wifi-acl: <value in [deny, allow]>
wifi-ap-band: <value in [any, 5g-preferred, 5g-only]>
wifi-auth: <value in [PSK, RADIUS, radius, ...]>
wifi-auto-connect: <value in [disable, enable]>
wifi-auto-save: <value in [disable, enable]>
wifi-broadcast-ssid: <value in [disable, enable]>
wifi-encrypt: <value in [TKIP, AES]>
wifi-fragment-threshold: <value of integer>
wifi-key: <value of string>
wifi-keyindex: <value of integer>
wifi-mac-filter: <value in [disable, enable]>
wifi-passphrase: <value of string>
wifi-radius-server: <value of string>
wifi-rts-threshold: <value of integer>
wifi-security: <value in [None, WEP64, wep64, ...]>
wifi-ssid: <value of string>
wifi-usergroup: <value of string>
wins-ip: <value of string>
dhcp-relay-request-all-server: <value in [disable, enable]>
stp-ha-secondary: <value in [disable, enable, priority-adjust]>
switch-controller-dynamic: <value of string>
auth-cert: <value of string>
auth-portal-addr: <value of string>
dhcp-classless-route-addition: <value in [disable, enable]>
dhcp-relay-link-selection: <value of string>
dns-server-protocol:
- cleartext
- dot
- doh
eap-ca-cert: <value of string>
eap-identity: <value of string>
eap-method: <value in [tls, peap]>
eap-password: <value of string>
eap-supplicant: <value in [disable, enable]>
eap-user-cert: <value of string>
ike-saml-server: <value of string>
lacp-ha-secondary: <value in [disable, enable]>
pvc-atm-qos: <value in [cbr, rt-vbr, nrt-vbr]>
pvc-chan: <value of integer>
pvc-crc: <value of integer>
pvc-pcr: <value of integer>
pvc-scr: <value of integer>
pvc-vlan-id: <value of integer>
pvc-vlan-rx-id: <value of integer>
pvc-vlan-rx-op: <value in [pass-through, replace, remove]>
pvc-vlan-tx-id: <value of integer>
pvc-vlan-tx-op: <value in [pass-through, replace, remove]>
reachable-time: <value of integer>
select-profile-30a-35b: <value in [30A, 35B]>
sfp-dsl: <value in [disable, enable]>
sfp-dsl-adsl-fallback: <value in [disable, enable]>
sfp-dsl-autodetect: <value in [disable, enable]>
sfp-dsl-mac: <value of string>
sw-algorithm: <value in [l2, l3, eh]>
system-id: <value of string>
system-id-type: <value in [auto, user]>
vlan-id: <value of integer>
vlan-op-mode: <value in [tag, untag, passthrough]>
generic-receive-offload: <value in [disable, enable]>
interconnect-profile: <value in [default, profile1, profile2]>
large-receive-offload: <value in [disable, enable]>
aggregate-type: <value in [physical, vxlan]>
switch-controller-netflow-collect: <value in [disable, enable]>
wifi-dns-server1: <value of string>
wifi-dns-server2: <value of string>
wifi-gateway: <value of string>
default-purdue-level: <value in [1, 2, 3, ...]>
dhcp-broadcast-flag: <value in [disable, enable]>
dhcp-smart-relay: <value in [disable, enable]>
switch-controller-offloading: <value in [disable, enable]>
switch-controller-offloading-gw: <value in [disable, enable]>
switch-controller-offloading-ip: <value of string>
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
|---|---|
The result of the request. Returned: always |
|
The full url requested. Returned: always Sample: |
|
The status of api request. Returned: always Sample: |
|
The api response. Returned: always |
|
The descriptive message of the api response. Returned: always Sample: |
|
The information of the target system. Returned: always |
|
The status the request. Returned: always Sample: |
|
Warning if the parameters used in the playbook are not supported by the current FortiManager version. Returned: complex |