fortinet.fortimanager.fmgr_vap_dynamicmapping module – Configure Virtual Access Points
Note
This module is part of the fortinet.fortimanager collection (version 2.3.0).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install fortinet.fortimanager
.
To use it in a playbook, specify: fortinet.fortimanager.fmgr_vap_dynamicmapping
.
New in fortinet.fortimanager 2.0.0
Synopsis
This module is able to configure a FortiManager device.
Examples include all parameters and values which need to be adjusted to data sources before usage.
Parameters
Parameter |
Comments |
---|---|
The token to access FortiManager without using username and password. |
|
the parameter (adom) in requested url |
|
Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters. Choices:
|
|
Enable/Disable logging for task. Choices:
|
|
Authenticate Ansible client with forticloud API access token. |
|
The overridden method for the underlying Json RPC request. Choices:
|
|
The rc codes list with which the conditions to fail will be overriden. |
|
The rc codes list with which the conditions to succeed will be overriden. |
|
The directive to create, update or delete an object. Choices:
|
|
the parameter (vap) in requested url |
|
the top level parameters set |
|
no description Choices:
|
|
no description |
|
no description Choices:
|
|
no description |
|
no description Choices:
|
|
no description Choices:
|
|
(list) no description |
|
no description Choices:
|
|
no description Choices:
|
|
no description |
|
no description Choices:
|
|
no description Choices:
|
|
no description |
|
no description |
|
no description Choices:
|
|
no description Choices:
|
|
no description Choices:
|
|
no description |
|
no description |
|
no description |
|
no description |
|
no description |
|
no description Choices:
|
|
no description |
|
Configure MAC address filtering policy for MAC addresses that are in the address-group. Choices:
|
|
no description |
|
AntiVirus profile name. |
|
Enable/disable application detection engine Choices:
|
|
Enable/disable application attribute based DSCP marking Choices:
|
|
Application control list name. |
|
Application report interval |
|
no description |
|
no description Choices:
|
|
HTTPS server certificate. |
|
Address of captive portal. |
|
no description Choices:
|
|
no description Choices:
|
|
no description Choices:
|
|
no description Choices:
|
|
Enable/disable forcing of disassociation after the BSTM request timer has been reached Choices:
|
|
Time interval for client to voluntarily leave AP before forcing a disassociation due to AP load-balancing |
|
Time interval for client to voluntarily leave AP before forcing a disassociation due to low RSSI |
|
no description |
|
no description |
|
Enable/disable RADIUS accounting for captive portal firewall authentication session. Choices:
|
|
(list) no description |
|
no description |
|
(list) no description |
|
no description |
|
no description |
|
no description |
|
Enable/disable DHCP address enforcement Choices:
|
|
no description |
|
no description Choices:
|
|
no description Choices:
|
|
no description Choices:
|
|
no description Choices:
|
|
no description Choices:
|
|
no description Choices:
|
|
no description |
|
no description Choices:
|
|
no description Choices:
|
|
no description Choices:
|
|
no description |
|
no description |
|
no description Choices:
|
|
no description Choices:
|
|
no description Choices:
|
|
no description |
|
no description Choices:
|
|
no description |
|
GAS comeback delay |
|
GAS fragmentation limit |
|
no description Choices:
|
|
no description |
|
no description Choices:
|
|
no description |
|
Enable/disable IGMP snooping. Choices:
|
|
no description Choices:
|
|
no description |
|
IPS sensor name. |
|
no description Choices:
|
|
(list) no description |
|
no description |
|
Enable/disable layer 3 roaming Choices:
|
|
Select the way that layer 3 roaming traffic is passed Choices:
|
|
no description Choices:
|
|
no description Choices:
|
|
no description Choices:
|
|
no description Choices:
|
|
no description Choices:
|
|
Enable/disable AP local standalone DNS. Choices:
|
|
(list) no description |
|
no description Choices:
|
|
no description Choices:
|
|
no description Choices:
|
|
MAC called station delimiter Choices:
|
|
MAC calling station delimiter Choices:
|
|
MAC case Choices:
|
|
no description Choices:
|
|
no description Choices:
|
|
MAC authentication password delimiter Choices:
|
|
MAC authentication username delimiter Choices:
|
|
no description |
|
no description |
|
Enable/disable Multiband Operation Choices:
|
|
MBO cell data connection preference Choices:
|
|
no description |
|
no description Choices:
|
|
no description Choices:
|
|
no description |
|
no description |
|
no description Choices:
|
|
no description Choices:
|
|
no description Choices:
|
|
Enable/disable network access control. Choices:
|
|
NAC profile name. |
|
Enable/disable dual-band neighbor report Choices:
|
|
no description Choices:
|
|
Enable/disable OSEN as part of key management Choices:
|
|
no description Choices:
|
|
no description Choices:
|
|
no description |
|
(list) no description |
|
no description Choices:
|
|
no description |
|
no description |
|
Enable/disable LAN port MAC authentication Choices:
|
|
LAN port MAC authentication re-authentication timeout value |
|
LAN port MAC authentication idle timeout value |
|
no description |
|
no description Choices:
|
|
no description |
|
no description Choices:
|
|
no description |
|
no description Choices:
|
|
no description |
|
no description |
|
no description Choices:
|
|
no description |
|
no description |
|
no description Choices:
|
|
no description Choices:
|
|
Dont send RADIUS MAC auth request again if the client has been rejected within specific interval |
|
no description |
|
(list) no description |
|
Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication Choices:
|
|
RADIUS MAC MPSK cache timeout interval |
|
no description |
|
no description Choices:
|
|
Comma separated list of max supported VHT MCS for spatial streams 1 through 8. |
|
no description Choices:
|
|
no description Choices:
|
|
Comma separated list of max supported HE MCS for spatial streams 1 through 8. |
|
no description Choices:
|
|
no description Choices:
|
|
no description Choices:
|
|
no description Choices:
|
|
no description Choices:
|
|
no description Choices:
|
|
Use hash-to-element-only mechanism for PWE derivation Choices:
|
|
(list) no description |
|
Enable/disable WPA3 SAE-PK Choices:
|
|
Private key used for WPA3 SAE-PK authentication. |
|
Block or monitor connections to Botnet servers or disable Botnet scanning. Choices:
|
|
(list or str) no description |
|
no description |
|
no description Choices:
|
|
no description |
|
no description Choices:
|
|
no description |
|
(list or str) no description |
|
no description Choices:
|
|
no description |
|
no description Choices:
|
|
no description |
|
no description |
|
Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP |
|
no description Choices:
|
|
no description Choices:
|
|
no description |
|
no description |
|
(list or str) no description |
|
Enable/disable UTM logging. Choices:
|
|
no description |
|
Enable to add one or more security profiles Choices:
|
|
(list or str) no description |
|
no description Choices:
|
|
no description Choices:
|
|
no description |
|
no description Choices:
|
|
WebFilter profile name. |
|
The adom to lock for FortiManager running in workspace mode, the value can be global and others including root. |
|
The maximum time in seconds to wait for other user to release the workspace lock. Default: |
Notes
Note
Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.
To create or update an object, use state present directive.
To delete an object, use state absent directive.
Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded
Examples
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: Configure Virtual Access Points
fmgr_vap_dynamicmapping:
bypass_validation: False
workspace_locking_adom: <value in [global, custom adom including root]>
workspace_locking_timeout: 300
rc_succeeded: [0, -2, -3, ...]
rc_failed: [-2, -3, ...]
adom: <your own value>
vap: <your own value>
state: <value in [present, absent]>
vap_dynamicmapping:
_centmgmt: <value in [disable, enable]>
_dhcp_svr_id: <string>
_intf_allowaccess:
- https
- ping
- ssh
- snmp
- http
- telnet
- fgfm
- auto-ipsec
- radius-acct
- probe-response
- capwap
- dnp
- ftm
- fabric
- speed-test
_intf_device-identification: <value in [disable, enable]>
_intf_device-netscan: <value in [disable, enable]>
_intf_dhcp-relay-ip: <list or string>
_intf_dhcp-relay-service: <value in [disable, enable]>
_intf_dhcp-relay-type: <value in [regular, ipsec]>
_intf_dhcp6-relay-ip: <string>
_intf_dhcp6-relay-service: <value in [disable, enable]>
_intf_dhcp6-relay-type: <value in [regular]>
_intf_ip: <string>
_intf_ip6-address: <string>
_intf_ip6-allowaccess:
- https
- ping
- ssh
- snmp
- http
- telnet
- any
- fgfm
- capwap
_intf_listen-forticlient-connection: <value in [disable, enable]>
_scope:
-
name: <string>
vdom: <string>
acct-interim-interval: <integer>
address-group: <string>
alias: <string>
atf-weight: <integer>
auth: <value in [PSK, psk, RADIUS, ...]>
broadcast-ssid: <value in [disable, enable]>
broadcast-suppression:
- dhcp
- arp
- dhcp2
- arp2
- netbios-ns
- netbios-ds
- arp3
- dhcp-up
- dhcp-down
- arp-known
- arp-unknown
- arp-reply
- ipv6
- dhcp-starvation
- arp-poison
- all-other-mc
- all-other-bc
- arp-proxy
- dhcp-ucast
captive-portal-ac-name: <string>
captive-portal-macauth-radius-secret: <list or string>
captive-portal-macauth-radius-server: <string>
captive-portal-radius-secret: <list or string>
captive-portal-radius-server: <string>
captive-portal-session-timeout-interval: <integer>
client-count: <integer>
dhcp-lease-time: <integer>
dhcp-option82-circuit-id-insertion: <value in [disable, style-1, style-2, ...]>
dhcp-option82-insertion: <value in [disable, enable]>
dhcp-option82-remote-id-insertion: <value in [disable, style-1]>
dynamic-vlan: <value in [disable, enable]>
eap-reauth: <value in [disable, enable]>
eap-reauth-intv: <integer>
eapol-key-retries: <value in [disable, enable]>
encrypt: <value in [TKIP, AES, TKIP-AES]>
external-fast-roaming: <value in [disable, enable]>
external-logout: <string>
external-web: <string>
fast-bss-transition: <value in [disable, enable]>
fast-roaming: <value in [disable, enable]>
ft-mobility-domain: <integer>
ft-over-ds: <value in [disable, enable]>
ft-r0-key-lifetime: <integer>
gtk-rekey: <value in [disable, enable]>
gtk-rekey-intv: <integer>
hotspot20-profile: <string>
intra-vap-privacy: <value in [disable, enable]>
ip: <string>
key: <list or string>
keyindex: <integer>
ldpc: <value in [disable, tx, rx, ...]>
local-authentication: <value in [disable, enable]>
local-bridging: <value in [disable, enable]>
local-lan: <value in [deny, allow]>
local-standalone: <value in [disable, enable]>
local-standalone-nat: <value in [disable, enable]>
local-switching: <value in [disable, enable]>
mac-auth-bypass: <value in [disable, enable]>
mac-filter: <value in [disable, enable]>
mac-filter-policy-other: <value in [deny, allow]>
max-clients: <integer>
max-clients-ap: <integer>
me-disable-thresh: <integer>
mesh-backhaul: <value in [disable, enable]>
mpsk: <value in [disable, enable]>
mpsk-concurrent-clients: <integer>
multicast-enhance: <value in [disable, enable]>
multicast-rate: <value in [0, 6000, 12000, ...]>
okc: <value in [disable, enable]>
owe-groups:
- 19
- 20
- 21
owe-transition: <value in [disable, enable]>
owe-transition-ssid: <string>
passphrase: <list or string>
pmf: <value in [disable, enable, optional]>
pmf-assoc-comeback-timeout: <integer>
pmf-sa-query-retry-timeout: <integer>
portal-message-override-group: <string>
portal-type: <value in [auth, auth+disclaimer, disclaimer, ...]>
probe-resp-suppression: <value in [disable, enable]>
probe-resp-threshold: <string>
ptk-rekey: <value in [disable, enable]>
ptk-rekey-intv: <integer>
qos-profile: <string>
quarantine: <value in [disable, enable]>
radio-2g-threshold: <string>
radio-5g-threshold: <string>
radio-sensitivity: <value in [disable, enable]>
radius-mac-auth: <value in [disable, enable]>
radius-mac-auth-server: <string>
radius-mac-auth-usergroups: <list or string>
radius-server: <string>
rates-11a:
- 1
- 1-basic
- 2
- 2-basic
- 5.5
- 5.5-basic
- 6
- 6-basic
- 9
- 9-basic
- 12
- 12-basic
- 18
- 18-basic
- 24
- 24-basic
- 36
- 36-basic
- 48
- 48-basic
- 54
- 54-basic
- 11
- 11-basic
rates-11ac-ss12:
- mcs0/1
- mcs1/1
- mcs2/1
- mcs3/1
- mcs4/1
- mcs5/1
- mcs6/1
- mcs7/1
- mcs8/1
- mcs9/1
- mcs0/2
- mcs1/2
- mcs2/2
- mcs3/2
- mcs4/2
- mcs5/2
- mcs6/2
- mcs7/2
- mcs8/2
- mcs9/2
- mcs10/1
- mcs11/1
- mcs10/2
- mcs11/2
rates-11ac-ss34:
- mcs0/3
- mcs1/3
- mcs2/3
- mcs3/3
- mcs4/3
- mcs5/3
- mcs6/3
- mcs7/3
- mcs8/3
- mcs9/3
- mcs0/4
- mcs1/4
- mcs2/4
- mcs3/4
- mcs4/4
- mcs5/4
- mcs6/4
- mcs7/4
- mcs8/4
- mcs9/4
- mcs10/3
- mcs11/3
- mcs10/4
- mcs11/4
rates-11bg:
- 1
- 1-basic
- 2
- 2-basic
- 5.5
- 5.5-basic
- 6
- 6-basic
- 9
- 9-basic
- 12
- 12-basic
- 18
- 18-basic
- 24
- 24-basic
- 36
- 36-basic
- 48
- 48-basic
- 54
- 54-basic
- 11
- 11-basic
rates-11n-ss12:
- mcs0/1
- mcs1/1
- mcs2/1
- mcs3/1
- mcs4/1
- mcs5/1
- mcs6/1
- mcs7/1
- mcs8/2
- mcs9/2
- mcs10/2
- mcs11/2
- mcs12/2
- mcs13/2
- mcs14/2
- mcs15/2
rates-11n-ss34:
- mcs16/3
- mcs17/3
- mcs18/3
- mcs19/3
- mcs20/3
- mcs21/3
- mcs22/3
- mcs23/3
- mcs24/4
- mcs25/4
- mcs26/4
- mcs27/4
- mcs28/4
- mcs29/4
- mcs30/4
- mcs31/4
sae-groups:
- 1
- 2
- 5
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 27
- 28
- 29
- 30
- 31
sae-password: <list or string>
schedule: <list or string>
security: <value in [None, WEP64, wep64, ...]>
security-exempt-list: <string>
security-obsolete-option: <value in [disable, enable]>
security-redirect-url: <string>
selected-usergroups: <list or string>
split-tunneling: <value in [disable, enable]>
ssid: <string>
tkip-counter-measure: <value in [disable, enable]>
usergroup: <list or string>
utm-profile: <string>
vdom: <list or string>
vlan-auto: <value in [disable, enable]>
vlan-pooling: <value in [wtp-group, round-robin, hash, ...]>
vlanid: <integer>
voice-enterprise: <value in [disable, enable]>
mu-mimo: <value in [disable, enable]>
_intf_device-access-list: <string>
external-web-format: <value in [auto-detect, no-query-string, partial-query-string]>
high-efficiency: <value in [disable, enable]>
primary-wag-profile: <string>
secondary-wag-profile: <string>
target-wake-time: <value in [disable, enable]>
tunnel-echo-interval: <integer>
tunnel-fallback-interval: <integer>
access-control-list: <string>
captive-portal-auth-timeout: <integer>
ipv6-rules:
- drop-icmp6ra
- drop-icmp6rs
- drop-llmnr6
- drop-icmp6mld2
- drop-dhcp6s
- drop-dhcp6c
- ndp-proxy
- drop-ns-dad
- drop-ns-nondad
sticky-client-remove: <value in [disable, enable]>
sticky-client-threshold-2g: <string>
sticky-client-threshold-5g: <string>
bss-color-partial: <value in [disable, enable]>
dhcp-option43-insertion: <value in [disable, enable]>
mpsk-profile: <string>
igmp-snooping: <value in [disable, enable]>
port-macauth: <value in [disable, radius, address-group]>
port-macauth-reauth-timeout: <integer>
port-macauth-timeout: <integer>
additional-akms:
- akm6
bstm-disassociation-imminent: <value in [disable, enable]>
bstm-load-balancing-disassoc-timer: <integer>
bstm-rssi-disassoc-timer: <integer>
dhcp-address-enforcement: <value in [disable, enable]>
gas-comeback-delay: <integer>
gas-fragmentation-limit: <integer>
mac-called-station-delimiter: <value in [hyphen, single-hyphen, colon, ...]>
mac-calling-station-delimiter: <value in [hyphen, single-hyphen, colon, ...]>
mac-case: <value in [uppercase, lowercase]>
mac-password-delimiter: <value in [hyphen, single-hyphen, colon, ...]>
mac-username-delimiter: <value in [hyphen, single-hyphen, colon, ...]>
mbo: <value in [disable, enable]>
mbo-cell-data-conn-pref: <value in [excluded, prefer-not, prefer-use]>
nac: <value in [disable, enable]>
nac-profile: <string>
neighbor-report-dual-band: <value in [disable, enable]>
address-group-policy: <value in [disable, allow, deny]>
antivirus-profile: <string>
application-detection-engine: <value in [disable, enable]>
application-list: <string>
application-report-intv: <integer>
auth-cert: <string>
auth-portal-addr: <string>
beacon-advertising:
- name
- model
- serial-number
ips-sensor: <string>
l3-roaming: <value in [disable, enable]>
local-standalone-dns: <value in [disable, enable]>
local-standalone-dns-ip: <list or string>
osen: <value in [disable, enable]>
radius-mac-mpsk-auth: <value in [disable, enable]>
radius-mac-mpsk-timeout: <integer>
rates-11ax-ss12:
- mcs0/1
- mcs1/1
- mcs2/1
- mcs3/1
- mcs4/1
- mcs5/1
- mcs6/1
- mcs7/1
- mcs8/1
- mcs9/1
- mcs10/1
- mcs11/1
- mcs0/2
- mcs1/2
- mcs2/2
- mcs3/2
- mcs4/2
- mcs5/2
- mcs6/2
- mcs7/2
- mcs8/2
- mcs9/2
- mcs10/2
- mcs11/2
rates-11ax-ss34:
- mcs0/3
- mcs1/3
- mcs2/3
- mcs3/3
- mcs4/3
- mcs5/3
- mcs6/3
- mcs7/3
- mcs8/3
- mcs9/3
- mcs10/3
- mcs11/3
- mcs0/4
- mcs1/4
- mcs2/4
- mcs3/4
- mcs4/4
- mcs5/4
- mcs6/4
- mcs7/4
- mcs8/4
- mcs9/4
- mcs10/4
- mcs11/4
scan-botnet-connections: <value in [disable, block, monitor]>
utm-log: <value in [disable, enable]>
utm-status: <value in [disable, enable]>
webfilter-profile: <string>
sae-h2e-only: <value in [disable, enable]>
sae-pk: <value in [disable, enable]>
sae-private-key: <string>
sticky-client-threshold-6g: <string>
application-dscp-marking: <value in [disable, enable]>
l3-roaming-mode: <value in [direct, indirect]>
rates-11ac-mcs-map: <string>
rates-11ax-mcs-map: <string>
captive-portal-fw-accounting: <value in [disable, enable]>
radius-mac-auth-block-interval: <integer>
_is_factory_setting: <value in [disable, enable, ext]>
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
The result of the request. Returned: always |
|
The full url requested. Returned: always Sample: |
|
The status of api request. Returned: always Sample: |
|
The api response. Returned: always |
|
The descriptive message of the api response. Returned: always Sample: |
|
The information of the target system. Returned: always |
|
The status the request. Returned: always Sample: |
|
Warning if the parameters used in the playbook are not supported by the current FortiManager version. Returned: complex |