fortinet.fortimanager.fmgr_vap module – Configure Virtual Access Points
Note
This module is part of the fortinet.fortimanager collection (version 2.3.0).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install fortinet.fortimanager
.
To use it in a playbook, specify: fortinet.fortimanager.fmgr_vap
.
New in fortinet.fortimanager 2.0.0
Synopsis
This module is able to configure a FortiManager device.
Examples include all parameters and values which need to be adjusted to data sources before usage.
Parameters
Parameter |
Comments |
---|---|
The token to access FortiManager without using username and password. |
|
the parameter (adom) in requested url |
|
Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters. Choices:
|
|
Enable/Disable logging for task. Choices:
|
|
Authenticate Ansible client with forticloud API access token. |
|
The overridden method for the underlying Json RPC request. Choices:
|
|
The rc codes list with which the conditions to fail will be overriden. |
|
The rc codes list with which the conditions to succeed will be overriden. |
|
The directive to create, update or delete an object. Choices:
|
|
the top level parameters set |
|
_Centmgmt. Choices:
|
|
_Dhcp_Svr_Id. |
|
_Intf_Allowaccess. Choices:
|
|
_Intf_Device-Access-List. |
|
_Intf_Device-Identification. Choices:
|
|
_Intf_Device-Netscan. Choices:
|
|
(list) _Intf_Dhcp-Relay-Ip. |
|
_Intf_Dhcp-Relay-Service. Choices:
|
|
_Intf_Dhcp-Relay-Type. Choices:
|
|
_Intf_Dhcp6-Relay-Ip. |
|
_Intf_Dhcp6-Relay-Service. Choices:
|
|
_Intf_Dhcp6-Relay-Type. Choices:
|
|
_Intf_Ip. |
|
_Intf_Ip6-Address. |
|
_Intf_Ip6-Allowaccess. Choices:
|
|
_Intf_Listen-Forticlient-Connection. Choices:
|
|
no description Choices:
|
|
access-control-list profile name. |
|
WiFi RADIUS accounting interim interval |
|
Additional AKMs. Choices:
|
|
Address group ID. |
|
Configure MAC address filtering policy for MAC addresses that are in the address-group. Choices:
|
|
Alias. |
|
AntiVirus profile name. |
|
Enable/disable application detection engine Choices:
|
|
Enable/disable application attribute based DSCP marking Choices:
|
|
Application control list name. |
|
Application report interval |
|
Airtime weight in percentage |
|
Authentication protocol. Choices:
|
|
HTTPS server certificate. |
|
Address of captive portal. |
|
no description Choices:
|
|
Enable/disable broadcasting the SSID Choices:
|
|
Optional suppression of broadcast messages. Choices:
|
|
Enable/disable 802. Choices:
|
|
Enable/disable forcing of disassociation after the BSTM request timer has been reached Choices:
|
|
Time interval for client to voluntarily leave AP before forcing a disassociation due to AP load-balancing |
|
Time interval for client to voluntarily leave AP before forcing a disassociation due to low RSSI |
|
Local-bridging captive portal ac-name. |
|
Hard timeout - AP will always clear the session after timeout regardless of traffic |
|
Enable/disable RADIUS accounting for captive portal firewall authentication session. Choices:
|
|
(list) Secret key to access the macauth RADIUS server. |
|
Captive portal external RADIUS server domain name or IP address. |
|
(list) Secret key to access the RADIUS server. |
|
Captive portal RADIUS server domain name or IP address. |
|
Session timeout interval |
|
Enable/disable DHCP address enforcement Choices:
|
|
DHCP lease time in seconds for NAT IP address. |
|
Enable/disable insertion of DHCP option 43 Choices:
|
|
Enable/disable DHCP option 82 circuit-id insert Choices:
|
|
Enable/disable DHCP option 82 insert Choices:
|
|
Enable/disable DHCP option 82 remote-id insert Choices:
|
|
Enable/disable dynamic VLAN assignment. Choices:
|
|
Dynamic_Mapping. |
|
_Centmgmt. Choices:
|
|
_Dhcp_Svr_Id. |
|
_Intf_Allowaccess. Choices:
|
|
_Intf_Device-Access-List. |
|
_Intf_Device-Identification. Choices:
|
|
_Intf_Device-Netscan. Choices:
|
|
(list) _Intf_Dhcp-Relay-Ip. |
|
_Intf_Dhcp-Relay-Service. Choices:
|
|
_Intf_Dhcp-Relay-Type. Choices:
|
|
_Intf_Dhcp6-Relay-Ip. |
|
_Intf_Dhcp6-Relay-Service. Choices:
|
|
_Intf_Dhcp6-Relay-Type. Choices:
|
|
_Intf_Ip. |
|
_Intf_Ip6-Address. |
|
_Intf_Ip6-Allowaccess. Choices:
|
|
_Intf_Listen-Forticlient-Connection. Choices:
|
|
no description Choices:
|
|
_Scope. |
|
Name. |
|
Vdom. |
|
Access-Control-List. |
|
WiFi RADIUS accounting interim interval |
|
Additional-Akms. Choices:
|
|
Address group ID. |
|
Configure MAC address filtering policy for MAC addresses that are in the address-group. Choices:
|
|
Alias. |
|
AntiVirus profile name. |
|
Enable/disable application detection engine Choices:
|
|
Enable/disable application attribute based DSCP marking Choices:
|
|
Application control list name. |
|
Application report interval |
|
Airtime weight in percentage |
|
Authentication protocol. Choices:
|
|
HTTPS server certificate. |
|
Address of captive portal. |
|
no description Choices:
|
|
Enable/disable broadcasting the SSID Choices:
|
|
Optional suppression of broadcast messages. Choices:
|
|
Bss-Color-Partial. Choices:
|
|
Enable/disable forcing of disassociation after the BSTM request timer has been reached Choices:
|
|
Time interval for client to voluntarily leave AP before forcing a disassociation due to AP load-balancing |
|
Time interval for client to voluntarily leave AP before forcing a disassociation due to low RSSI |
|
Local-bridging captive portal ac-name. |
|
Captive-Portal-Auth-Timeout. |
|
Enable/disable RADIUS accounting for captive portal firewall authentication session. Choices:
|
|
(list) Secret key to access the macauth RADIUS server. |
|
Captive portal external RADIUS server domain name or IP address. |
|
(list) Secret key to access the RADIUS server. |
|
Captive portal RADIUS server domain name or IP address. |
|
Session timeout interval |
|
Client-Count. |
|
Enable/disable DHCP address enforcement Choices:
|
|
DHCP lease time in seconds for NAT IP address. |
|
Dhcp-Option43-Insertion. Choices:
|
|
Enable/disable DHCP option 82 circuit-id insert Choices:
|
|
Enable/disable DHCP option 82 insert Choices:
|
|
Enable/disable DHCP option 82 remote-id insert Choices:
|
|
Enable/disable dynamic VLAN assignment. Choices:
|
|
Enable/disable EAP re-authentication for WPA-Enterprise security. Choices:
|
|
EAP re-authentication interval |
|
Enable/disable retransmission of EAPOL-Key frames Choices:
|
|
Encryption protocol to use Choices:
|
|
Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate Choices:
|
|
URL of external authentication logout server. |
|
URL of external authentication web server. |
|
URL query parameter detection Choices:
|
|
Enable/disable 802. Choices:
|
|
Enable/disable fast-roaming, or pre-authentication, where supported by clients Choices:
|
|
Mobility domain identifier in FT |
|
Enable/disable FT over the Distribution System Choices:
|
|
Lifetime of the PMK-R0 key in FT, 1-65535 minutes. |
|
GAS comeback delay |
|
GAS fragmentation limit |
|
Enable/disable GTK rekey for WPA security. Choices:
|
|
GTK rekey interval |
|
Enable/disable 802. Choices:
|
|
Hotspot 2. |
|
Enable/disable IGMP snooping. Choices:
|
|
Enable/disable blocking communication between clients on the same SSID Choices:
|
|
IP address and subnet mask for the local standalone NAT subnet. |
|
IPS sensor name. |
|
Ipv6-Rules. Choices:
|
|
(list) WEP Key. |
|
WEP key index |
|
Enable/disable layer 3 roaming Choices:
|
|
Select the way that layer 3 roaming traffic is passed Choices:
|
|
VAP low-density parity-check Choices:
|
|
Enable/disable AP local authentication. Choices:
|
|
Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP Choices:
|
|
Allow/deny traffic destined for a Class A, B, or C private IP address Choices:
|
|
Enable/disable AP local standalone Choices:
|
|
Enable/disable AP local standalone DNS. Choices:
|
|
(list) no description |
|
Enable/disable AP local standalone NAT mode. Choices:
|
|
Local-Switching. Choices:
|
|
Enable/disable MAC authentication bypass. Choices:
|
|
MAC called station delimiter Choices:
|
|
MAC calling station delimiter Choices:
|
|
MAC case Choices:
|
|
Enable/disable MAC filtering to block wireless clients by mac address. Choices:
|
|
Allow or block clients with MAC addresses that are not in the filter list. Choices:
|
|
MAC authentication password delimiter Choices:
|
|
MAC authentication username delimiter Choices:
|
|
Maximum number of clients that can connect simultaneously to the VAP |
|
Maximum number of clients that can connect simultaneously to the VAP per AP radio |
|
Enable/disable Multiband Operation Choices:
|
|
MBO cell data connection preference Choices:
|
|
Disable multicast enhancement when this many clients are receiving multicast traffic. |
|
Enable/disable using this VAP as a WiFi mesh backhaul Choices:
|
|
Enable/disable multiple PSK authentication. Choices:
|
|
Maximum number of concurrent clients that connect using the same passphrase in multiple PSK authentication |
|
Mpsk-Profile. |
|
Enable/disable Multi-user MIMO Choices:
|
|
Enable/disable converting multicast to unicast to improve performance Choices:
|
|
Multicast rate Choices:
|
|
Enable/disable network access control. Choices:
|
|
NAC profile name. |
|
Enable/disable dual-band neighbor report Choices:
|
|
Enable/disable Opportunistic Key Caching Choices:
|
|
Enable/disable OSEN as part of key management Choices:
|
|
OWE-Groups. Choices:
|
|
Enable/disable OWE transition mode support. Choices:
|
|
OWE transition mode peer SSID. |
|
(list) WPA pre-shared key |
|
Protected Management Frames Choices:
|
|
Protected Management Frames |
|
Protected Management Frames |
|
Enable/disable LAN port MAC authentication Choices:
|
|
LAN port MAC authentication re-authentication timeout value |
|
LAN port MAC authentication idle timeout value |
|
Replacement message group for this VAP |
|
Captive portal functionality. Choices:
|
|
Primary wireless access gateway profile name. |
|
Enable/disable probe response suppression Choices:
|
|
Minimum signal level/threshold in dBm required for the AP response to probe requests |
|
Enable/disable PTK rekey for WPA-Enterprise security. Choices:
|
|
PTK rekey interval |
|
Quality of service profile name. |
|
Enable/disable station quarantine Choices:
|
|
Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2. |
|
Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band |
|
Enable/disable software radio sensitivity Choices:
|
|
Enable/disable RADIUS-based MAC authentication of clients Choices:
|
|
Dont send RADIUS MAC auth request again if the client has been rejected within specific interval |
|
RADIUS-based MAC authentication server. |
|
(list) Selective user groups that are permitted for RADIUS mac authentication. |
|
Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication Choices:
|
|
RADIUS MAC MPSK cache timeout interval |
|
RADIUS server to be used to authenticate WiFi users. |
|
Allowed data rates for 802. Choices:
|
|
Comma separated list of max supported VHT MCS for spatial streams 1 through 8. |
|
Allowed data rates for 802. Choices:
|
|
Allowed data rates for 802. Choices:
|
|
Comma separated list of max supported HE MCS for spatial streams 1 through 8. |
|
no description Choices:
|
|
no description Choices:
|
|
Allowed data rates for 802. Choices:
|
|
Allowed data rates for 802. Choices:
|
|
Allowed data rates for 802. Choices:
|
|
SAE-Groups. Choices:
|
|
Use hash-to-element-only mechanism for PWE derivation Choices:
|
|
(list) WPA3 SAE password to be used to authenticate WiFi users. |
|
Enable/disable WPA3 SAE-PK Choices:
|
|
Private key used for WPA3 SAE-PK authentication. |
|
Block or monitor connections to Botnet servers or disable Botnet scanning. Choices:
|
|
(list or str) Firewall schedules for enabling this VAP on the FortiAP. |
|
Secondary wireless access gateway profile name. |
|
Security mode for the wireless interface Choices:
|
|
Optional security exempt list for captive portal authentication. |
|
Enable/disable obsolete security options. Choices:
|
|
Optional URL for redirecting users after they pass captive portal authentication. |
|
(list or str) Selective user groups that are permitted to authenticate. |
|
Enable/disable split tunneling Choices:
|
|
IEEE 802. |
|
Sticky-Client-Remove. Choices:
|
|
Sticky-Client-Threshold-2G. |
|
Sticky-Client-Threshold-5G. |
|
Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP |
|
Enable/disable 802. Choices:
|
|
Enable/disable TKIP counter measure. Choices:
|
|
The time interval to send echo to both primary and secondary tunnel peers |
|
The time interval for secondary tunnel to fall back to primary tunnel |
|
(list or str) Firewall user group to be used to authenticate WiFi users. |
|
Enable/disable UTM logging. Choices:
|
|
UTM profile name. |
|
Enable to add one or more security profiles Choices:
|
|
(list or str) Vdom. |
|
Enable/disable automatic management of SSID VLAN interface. Choices:
|
|
Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools Choices:
|
|
Optional VLAN ID. |
|
Enable/disable 802. Choices:
|
|
WebFilter profile name. |
|
Enable/disable EAP re-authentication for WPA-Enterprise security. Choices:
|
|
EAP re-authentication interval |
|
Enable/disable retransmission of EAPOL-Key frames Choices:
|
|
Encryption protocol to use Choices:
|
|
Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate Choices:
|
|
URL of external authentication logout server. |
|
URL of external authentication web server. |
|
URL query parameter detection Choices:
|
|
Enable/disable 802. Choices:
|
|
Enable/disable fast-roaming, or pre-authentication, where supported by clients Choices:
|
|
Mobility domain identifier in FT |
|
Enable/disable FT over the Distribution System Choices:
|
|
Lifetime of the PMK-R0 key in FT, 1-65535 minutes. |
|
GAS comeback delay |
|
GAS fragmentation limit |
|
Enable/disable GTK rekey for WPA security. Choices:
|
|
GTK rekey interval |
|
Enable/disable 802. Choices:
|
|
Hotspot 2. |
|
Enable/disable IGMP snooping. Choices:
|
|
Enable/disable blocking communication between clients on the same SSID Choices:
|
|
IP address and subnet mask for the local standalone NAT subnet. |
|
IPS sensor name. |
|
Optional rules of IPv6 packets. Choices:
|
|
(list) WEP Key. |
|
WEP key index |
|
Enable/disable layer 3 roaming Choices:
|
|
Select the way that layer 3 roaming traffic is passed Choices:
|
|
VAP low-density parity-check Choices:
|
|
Enable/disable AP local authentication. Choices:
|
|
Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP Choices:
|
|
Allow/deny traffic destined for a Class A, B, or C private IP address Choices:
|
|
Enable/disable AP local standalone Choices:
|
|
Enable/disable AP local standalone DNS. Choices:
|
|
(list) no description |
|
Enable/disable AP local standalone NAT mode. Choices:
|
|
Enable/disable MAC authentication bypass. Choices:
|
|
MAC called station delimiter Choices:
|
|
MAC calling station delimiter Choices:
|
|
MAC case Choices:
|
|
Enable/disable MAC filtering to block wireless clients by mac address. Choices:
|
|
Mac-Filter-List. |
|
ID. |
|
MAC address. |
|
Deny or allow the client with this MAC address. Choices:
|
|
Allow or block clients with MAC addresses that are not in the filter list. Choices:
|
|
MAC authentication password delimiter Choices:
|
|
MAC authentication username delimiter Choices:
|
|
Maximum number of clients that can connect simultaneously to the VAP |
|
Maximum number of clients that can connect simultaneously to each radio |
|
Enable/disable Multiband Operation Choices:
|
|
MBO cell data connection preference Choices:
|
|
Disable multicast enhancement when this many clients are receiving multicast traffic. |
|
Enable/disable using this VAP as a WiFi mesh backhaul Choices:
|
|
Enable/disable multiple pre-shared keys Choices:
|
|
Number of pre-shared keys |
|
Mpsk-Key. |
|
Comment. |
|
Number of clients that can connect using this pre-shared key. |
|
Pre-shared key name. |
|
(list or str) Firewall schedule for MPSK passphrase. |
|
(list) WPA Pre-shared key. |
|
MPSK profile name. |
|
Enable/disable Multi-user MIMO Choices:
|
|
Enable/disable converting multicast to unicast to improve performance Choices:
|
|
Multicast rate Choices:
|
|
Enable/disable network access control. Choices:
|
|
NAC profile name. |
|
Virtual AP name. |
|
Enable/disable dual-band neighbor report Choices:
|
|
Enable/disable Opportunistic Key Caching Choices:
|
|
Enable/disable OSEN as part of key management Choices:
|
|
OWE-Groups. Choices:
|
|
Enable/disable OWE transition mode support. Choices:
|
|
OWE transition mode peer SSID. |
|
(list) WPA pre-shared key |
|
Protected Management Frames Choices:
|
|
Protected Management Frames |
|
Protected Management Frames |
|
Enable/disable LAN port MAC authentication Choices:
|
|
LAN port MAC authentication re-authentication timeout value |
|
LAN port MAC authentication idle timeout value |
|
Replacement message group for this VAP |
|
no description |
|
Override auth-disclaimer-page message with message from portal-message-overrides group. |
|
Override auth-login-failed-page message with message from portal-message-overrides group. |
|
Override auth-login-page message with message from portal-message-overrides group. |
|
Override auth-reject-page message with message from portal-message-overrides group. |
|
Captive portal functionality. Choices:
|
|
Primary wireless access gateway profile name. |
|
Enable/disable probe response suppression Choices:
|
|
Minimum signal level/threshold in dBm required for the AP response to probe requests |
|
Enable/disable PTK rekey for WPA-Enterprise security. Choices:
|
|
PTK rekey interval |
|
Quality of service profile name. |
|
Enable/disable station quarantine Choices:
|
|
Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2. |
|
Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band |
|
Enable/disable software radio sensitivity Choices:
|
|
Enable/disable RADIUS-based MAC authentication of clients Choices:
|
|
Dont send RADIUS MAC auth request again if the client has been rejected within specific interval |
|
RADIUS-based MAC authentication server. |
|
(list) Selective user groups that are permitted for RADIUS mac authentication. |
|
Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication Choices:
|
|
RADIUS MAC MPSK cache timeout interval |
|
RADIUS server to be used to authenticate WiFi users. |
|
Allowed data rates for 802. Choices:
|
|
Comma separated list of max supported VHT MCS for spatial streams 1 through 8. |
|
Allowed data rates for 802. Choices:
|
|
Allowed data rates for 802. Choices:
|
|
Comma separated list of max supported HE MCS for spatial streams 1 through 8. |
|
no description Choices:
|
|
no description Choices:
|
|
Allowed data rates for 802. Choices:
|
|
Allowed data rates for 802. Choices:
|
|
Allowed data rates for 802. Choices:
|
|
SAE-Groups. Choices:
|
|
Use hash-to-element-only mechanism for PWE derivation Choices:
|
|
(list) WPA3 SAE password to be used to authenticate WiFi users. |
|
Enable/disable WPA3 SAE-PK Choices:
|
|
Private key used for WPA3 SAE-PK authentication. |
|
Block or monitor connections to Botnet servers or disable Botnet scanning. Choices:
|
|
(list or str) VAP schedule name. |
|
Secondary wireless access gateway profile name. |
|
Security mode for the wireless interface Choices:
|
|
Optional security exempt list for captive portal authentication. |
|
Enable/disable obsolete security options. Choices:
|
|
Optional URL for redirecting users after they pass captive portal authentication. |
|
(list or str) Selective user groups that are permitted to authenticate. |
|
Enable/disable split tunneling Choices:
|
|
IEEE 802. |
|
Enable/disable sticky client remove to maintain good signal level clients in SSID. Choices:
|
|
Minimum signal level/threshold in dBm required for the 2G client to be serviced by the AP |
|
Minimum signal level/threshold in dBm required for the 5G client to be serviced by the AP |
|
Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP |
|
Enable/disable 802. Choices:
|
|
Enable/disable TKIP counter measure. Choices:
|
|
The time interval to send echo to both primary and secondary tunnel peers |
|
The time interval for secondary tunnel to fall back to primary tunnel |
|
(list or str) Firewall user group to be used to authenticate WiFi users. |
|
Enable/disable UTM logging. Choices:
|
|
UTM profile name. |
|
Enable to add one or more security profiles Choices:
|
|
Name of the VDOM that the Virtual AP has been added to. |
|
Enable/disable automatic management of SSID VLAN interface. Choices:
|
|
no description |
|
VLAN name. |
|
VLAN ID. |
|
Vlan-Pool. |
|
_Wtp-Group. |
|
ID. |
|
WTP group name. |
|
Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools Choices:
|
|
Optional VLAN ID. |
|
Enable/disable 802. Choices:
|
|
WebFilter profile name. |
|
The adom to lock for FortiManager running in workspace mode, the value can be global and others including root. |
|
The maximum time in seconds to wait for other user to release the workspace lock. Default: |
Notes
Note
Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.
To create or update an object, use state present directive.
To delete an object, use state absent directive.
Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded
Examples
- hosts: fortimanager-inventory
collections:
- fortinet.fortimanager
connection: httpapi
vars:
ansible_httpapi_use_ssl: True
ansible_httpapi_validate_certs: False
ansible_httpapi_port: 443
tasks:
- name: Configure Virtual Access Points
fmgr_vap:
bypass_validation: False
workspace_locking_adom: <value in [global, custom adom including root]>
workspace_locking_timeout: 300
rc_succeeded: [0, -2, -3, ...]
rc_failed: [-2, -3, ...]
adom: <your own value>
state: <value in [present, absent]>
vap:
_centmgmt: <value in [disable, enable]>
_dhcp_svr_id: <string>
_intf_allowaccess:
- https
- ping
- ssh
- snmp
- http
- telnet
- fgfm
- auto-ipsec
- radius-acct
- probe-response
- capwap
- dnp
- ftm
- fabric
- speed-test
_intf_device-identification: <value in [disable, enable]>
_intf_device-netscan: <value in [disable, enable]>
_intf_dhcp-relay-ip: <list or string>
_intf_dhcp-relay-service: <value in [disable, enable]>
_intf_dhcp-relay-type: <value in [regular, ipsec]>
_intf_dhcp6-relay-ip: <string>
_intf_dhcp6-relay-service: <value in [disable, enable]>
_intf_dhcp6-relay-type: <value in [regular]>
_intf_ip: <string>
_intf_ip6-address: <string>
_intf_ip6-allowaccess:
- https
- ping
- ssh
- snmp
- http
- telnet
- any
- fgfm
- capwap
_intf_listen-forticlient-connection: <value in [disable, enable]>
acct-interim-interval: <integer>
alias: <string>
auth: <value in [PSK, psk, RADIUS, ...]>
broadcast-ssid: <value in [disable, enable]>
broadcast-suppression:
- dhcp
- arp
- dhcp2
- arp2
- netbios-ns
- netbios-ds
- arp3
- dhcp-up
- dhcp-down
- arp-known
- arp-unknown
- arp-reply
- ipv6
- dhcp-starvation
- arp-poison
- all-other-mc
- all-other-bc
- arp-proxy
- dhcp-ucast
captive-portal-ac-name: <string>
captive-portal-macauth-radius-secret: <list or string>
captive-portal-macauth-radius-server: <string>
captive-portal-radius-secret: <list or string>
captive-portal-radius-server: <string>
captive-portal-session-timeout-interval: <integer>
dhcp-lease-time: <integer>
dhcp-option82-circuit-id-insertion: <value in [disable, style-1, style-2, ...]>
dhcp-option82-insertion: <value in [disable, enable]>
dhcp-option82-remote-id-insertion: <value in [disable, style-1]>
dynamic-vlan: <value in [disable, enable]>
dynamic_mapping:
-
_centmgmt: <value in [disable, enable]>
_dhcp_svr_id: <string>
_intf_allowaccess:
- https
- ping
- ssh
- snmp
- http
- telnet
- fgfm
- auto-ipsec
- radius-acct
- probe-response
- capwap
- dnp
- ftm
- fabric
- speed-test
_intf_device-identification: <value in [disable, enable]>
_intf_device-netscan: <value in [disable, enable]>
_intf_dhcp-relay-ip: <list or string>
_intf_dhcp-relay-service: <value in [disable, enable]>
_intf_dhcp-relay-type: <value in [regular, ipsec]>
_intf_dhcp6-relay-ip: <string>
_intf_dhcp6-relay-service: <value in [disable, enable]>
_intf_dhcp6-relay-type: <value in [regular]>
_intf_ip: <string>
_intf_ip6-address: <string>
_intf_ip6-allowaccess:
- https
- ping
- ssh
- snmp
- http
- telnet
- any
- fgfm
- capwap
_intf_listen-forticlient-connection: <value in [disable, enable]>
_scope:
-
name: <string>
vdom: <string>
acct-interim-interval: <integer>
address-group: <string>
alias: <string>
atf-weight: <integer>
auth: <value in [PSK, psk, RADIUS, ...]>
broadcast-ssid: <value in [disable, enable]>
broadcast-suppression:
- dhcp
- arp
- dhcp2
- arp2
- netbios-ns
- netbios-ds
- arp3
- dhcp-up
- dhcp-down
- arp-known
- arp-unknown
- arp-reply
- ipv6
- dhcp-starvation
- arp-poison
- all-other-mc
- all-other-bc
- arp-proxy
- dhcp-ucast
captive-portal-ac-name: <string>
captive-portal-macauth-radius-secret: <list or string>
captive-portal-macauth-radius-server: <string>
captive-portal-radius-secret: <list or string>
captive-portal-radius-server: <string>
captive-portal-session-timeout-interval: <integer>
client-count: <integer>
dhcp-lease-time: <integer>
dhcp-option82-circuit-id-insertion: <value in [disable, style-1, style-2, ...]>
dhcp-option82-insertion: <value in [disable, enable]>
dhcp-option82-remote-id-insertion: <value in [disable, style-1]>
dynamic-vlan: <value in [disable, enable]>
eap-reauth: <value in [disable, enable]>
eap-reauth-intv: <integer>
eapol-key-retries: <value in [disable, enable]>
encrypt: <value in [TKIP, AES, TKIP-AES]>
external-fast-roaming: <value in [disable, enable]>
external-logout: <string>
external-web: <string>
fast-bss-transition: <value in [disable, enable]>
fast-roaming: <value in [disable, enable]>
ft-mobility-domain: <integer>
ft-over-ds: <value in [disable, enable]>
ft-r0-key-lifetime: <integer>
gtk-rekey: <value in [disable, enable]>
gtk-rekey-intv: <integer>
hotspot20-profile: <string>
intra-vap-privacy: <value in [disable, enable]>
ip: <string>
key: <list or string>
keyindex: <integer>
ldpc: <value in [disable, tx, rx, ...]>
local-authentication: <value in [disable, enable]>
local-bridging: <value in [disable, enable]>
local-lan: <value in [deny, allow]>
local-standalone: <value in [disable, enable]>
local-standalone-nat: <value in [disable, enable]>
local-switching: <value in [disable, enable]>
mac-auth-bypass: <value in [disable, enable]>
mac-filter: <value in [disable, enable]>
mac-filter-policy-other: <value in [deny, allow]>
max-clients: <integer>
max-clients-ap: <integer>
me-disable-thresh: <integer>
mesh-backhaul: <value in [disable, enable]>
mpsk: <value in [disable, enable]>
mpsk-concurrent-clients: <integer>
multicast-enhance: <value in [disable, enable]>
multicast-rate: <value in [0, 6000, 12000, ...]>
okc: <value in [disable, enable]>
owe-groups:
- 19
- 20
- 21
owe-transition: <value in [disable, enable]>
owe-transition-ssid: <string>
passphrase: <list or string>
pmf: <value in [disable, enable, optional]>
pmf-assoc-comeback-timeout: <integer>
pmf-sa-query-retry-timeout: <integer>
portal-message-override-group: <string>
portal-type: <value in [auth, auth+disclaimer, disclaimer, ...]>
probe-resp-suppression: <value in [disable, enable]>
probe-resp-threshold: <string>
ptk-rekey: <value in [disable, enable]>
ptk-rekey-intv: <integer>
qos-profile: <string>
quarantine: <value in [disable, enable]>
radio-2g-threshold: <string>
radio-5g-threshold: <string>
radio-sensitivity: <value in [disable, enable]>
radius-mac-auth: <value in [disable, enable]>
radius-mac-auth-server: <string>
radius-mac-auth-usergroups: <list or string>
radius-server: <string>
rates-11a:
- 1
- 1-basic
- 2
- 2-basic
- 5.5
- 5.5-basic
- 6
- 6-basic
- 9
- 9-basic
- 12
- 12-basic
- 18
- 18-basic
- 24
- 24-basic
- 36
- 36-basic
- 48
- 48-basic
- 54
- 54-basic
- 11
- 11-basic
rates-11ac-ss12:
- mcs0/1
- mcs1/1
- mcs2/1
- mcs3/1
- mcs4/1
- mcs5/1
- mcs6/1
- mcs7/1
- mcs8/1
- mcs9/1
- mcs0/2
- mcs1/2
- mcs2/2
- mcs3/2
- mcs4/2
- mcs5/2
- mcs6/2
- mcs7/2
- mcs8/2
- mcs9/2
- mcs10/1
- mcs11/1
- mcs10/2
- mcs11/2
rates-11ac-ss34:
- mcs0/3
- mcs1/3
- mcs2/3
- mcs3/3
- mcs4/3
- mcs5/3
- mcs6/3
- mcs7/3
- mcs8/3
- mcs9/3
- mcs0/4
- mcs1/4
- mcs2/4
- mcs3/4
- mcs4/4
- mcs5/4
- mcs6/4
- mcs7/4
- mcs8/4
- mcs9/4
- mcs10/3
- mcs11/3
- mcs10/4
- mcs11/4
rates-11bg:
- 1
- 1-basic
- 2
- 2-basic
- 5.5
- 5.5-basic
- 6
- 6-basic
- 9
- 9-basic
- 12
- 12-basic
- 18
- 18-basic
- 24
- 24-basic
- 36
- 36-basic
- 48
- 48-basic
- 54
- 54-basic
- 11
- 11-basic
rates-11n-ss12:
- mcs0/1
- mcs1/1
- mcs2/1
- mcs3/1
- mcs4/1
- mcs5/1
- mcs6/1
- mcs7/1
- mcs8/2
- mcs9/2
- mcs10/2
- mcs11/2
- mcs12/2
- mcs13/2
- mcs14/2
- mcs15/2
rates-11n-ss34:
- mcs16/3
- mcs17/3
- mcs18/3
- mcs19/3
- mcs20/3
- mcs21/3
- mcs22/3
- mcs23/3
- mcs24/4
- mcs25/4
- mcs26/4
- mcs27/4
- mcs28/4
- mcs29/4
- mcs30/4
- mcs31/4
sae-groups:
- 1
- 2
- 5
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 27
- 28
- 29
- 30
- 31
sae-password: <list or string>
schedule: <list or string>
security: <value in [None, WEP64, wep64, ...]>
security-exempt-list: <string>
security-obsolete-option: <value in [disable, enable]>
security-redirect-url: <string>
selected-usergroups: <list or string>
split-tunneling: <value in [disable, enable]>
ssid: <string>
tkip-counter-measure: <value in [disable, enable]>
usergroup: <list or string>
utm-profile: <string>
vdom: <list or string>
vlan-auto: <value in [disable, enable]>
vlan-pooling: <value in [wtp-group, round-robin, hash, ...]>
vlanid: <integer>
voice-enterprise: <value in [disable, enable]>
mu-mimo: <value in [disable, enable]>
_intf_device-access-list: <string>
external-web-format: <value in [auto-detect, no-query-string, partial-query-string]>
high-efficiency: <value in [disable, enable]>
primary-wag-profile: <string>
secondary-wag-profile: <string>
target-wake-time: <value in [disable, enable]>
tunnel-echo-interval: <integer>
tunnel-fallback-interval: <integer>
access-control-list: <string>
captive-portal-auth-timeout: <integer>
ipv6-rules:
- drop-icmp6ra
- drop-icmp6rs
- drop-llmnr6
- drop-icmp6mld2
- drop-dhcp6s
- drop-dhcp6c
- ndp-proxy
- drop-ns-dad
- drop-ns-nondad
sticky-client-remove: <value in [disable, enable]>
sticky-client-threshold-2g: <string>
sticky-client-threshold-5g: <string>
bss-color-partial: <value in [disable, enable]>
dhcp-option43-insertion: <value in [disable, enable]>
mpsk-profile: <string>
igmp-snooping: <value in [disable, enable]>
port-macauth: <value in [disable, radius, address-group]>
port-macauth-reauth-timeout: <integer>
port-macauth-timeout: <integer>
additional-akms:
- akm6
bstm-disassociation-imminent: <value in [disable, enable]>
bstm-load-balancing-disassoc-timer: <integer>
bstm-rssi-disassoc-timer: <integer>
dhcp-address-enforcement: <value in [disable, enable]>
gas-comeback-delay: <integer>
gas-fragmentation-limit: <integer>
mac-called-station-delimiter: <value in [hyphen, single-hyphen, colon, ...]>
mac-calling-station-delimiter: <value in [hyphen, single-hyphen, colon, ...]>
mac-case: <value in [uppercase, lowercase]>
mac-password-delimiter: <value in [hyphen, single-hyphen, colon, ...]>
mac-username-delimiter: <value in [hyphen, single-hyphen, colon, ...]>
mbo: <value in [disable, enable]>
mbo-cell-data-conn-pref: <value in [excluded, prefer-not, prefer-use]>
nac: <value in [disable, enable]>
nac-profile: <string>
neighbor-report-dual-band: <value in [disable, enable]>
address-group-policy: <value in [disable, allow, deny]>
antivirus-profile: <string>
application-detection-engine: <value in [disable, enable]>
application-list: <string>
application-report-intv: <integer>
auth-cert: <string>
auth-portal-addr: <string>
beacon-advertising:
- name
- model
- serial-number
ips-sensor: <string>
l3-roaming: <value in [disable, enable]>
local-standalone-dns: <value in [disable, enable]>
local-standalone-dns-ip: <list or string>
osen: <value in [disable, enable]>
radius-mac-mpsk-auth: <value in [disable, enable]>
radius-mac-mpsk-timeout: <integer>
rates-11ax-ss12:
- mcs0/1
- mcs1/1
- mcs2/1
- mcs3/1
- mcs4/1
- mcs5/1
- mcs6/1
- mcs7/1
- mcs8/1
- mcs9/1
- mcs10/1
- mcs11/1
- mcs0/2
- mcs1/2
- mcs2/2
- mcs3/2
- mcs4/2
- mcs5/2
- mcs6/2
- mcs7/2
- mcs8/2
- mcs9/2
- mcs10/2
- mcs11/2
rates-11ax-ss34:
- mcs0/3
- mcs1/3
- mcs2/3
- mcs3/3
- mcs4/3
- mcs5/3
- mcs6/3
- mcs7/3
- mcs8/3
- mcs9/3
- mcs10/3
- mcs11/3
- mcs0/4
- mcs1/4
- mcs2/4
- mcs3/4
- mcs4/4
- mcs5/4
- mcs6/4
- mcs7/4
- mcs8/4
- mcs9/4
- mcs10/4
- mcs11/4
scan-botnet-connections: <value in [disable, block, monitor]>
utm-log: <value in [disable, enable]>
utm-status: <value in [disable, enable]>
webfilter-profile: <string>
sae-h2e-only: <value in [disable, enable]>
sae-pk: <value in [disable, enable]>
sae-private-key: <string>
sticky-client-threshold-6g: <string>
application-dscp-marking: <value in [disable, enable]>
l3-roaming-mode: <value in [direct, indirect]>
rates-11ac-mcs-map: <string>
rates-11ax-mcs-map: <string>
captive-portal-fw-accounting: <value in [disable, enable]>
radius-mac-auth-block-interval: <integer>
_is_factory_setting: <value in [disable, enable, ext]>
eap-reauth: <value in [disable, enable]>
eap-reauth-intv: <integer>
eapol-key-retries: <value in [disable, enable]>
encrypt: <value in [TKIP, AES, TKIP-AES]>
external-fast-roaming: <value in [disable, enable]>
external-logout: <string>
external-web: <string>
fast-bss-transition: <value in [disable, enable]>
fast-roaming: <value in [disable, enable]>
ft-mobility-domain: <integer>
ft-over-ds: <value in [disable, enable]>
ft-r0-key-lifetime: <integer>
gtk-rekey: <value in [disable, enable]>
gtk-rekey-intv: <integer>
hotspot20-profile: <string>
intra-vap-privacy: <value in [disable, enable]>
ip: <string>
key: <list or string>
keyindex: <integer>
ldpc: <value in [disable, tx, rx, ...]>
local-authentication: <value in [disable, enable]>
local-bridging: <value in [disable, enable]>
local-lan: <value in [deny, allow]>
local-standalone: <value in [disable, enable]>
local-standalone-nat: <value in [disable, enable]>
mac-auth-bypass: <value in [disable, enable]>
mac-filter: <value in [disable, enable]>
mac-filter-list:
-
id: <integer>
mac: <string>
mac-filter-policy: <value in [deny, allow]>
mac-filter-policy-other: <value in [deny, allow]>
max-clients: <integer>
max-clients-ap: <integer>
me-disable-thresh: <integer>
mesh-backhaul: <value in [disable, enable]>
mpsk: <value in [disable, enable]>
mpsk-concurrent-clients: <integer>
mpsk-key:
-
comment: <string>
concurrent-clients: <string>
key-name: <string>
passphrase: <list or string>
mpsk-schedules: <list or string>
multicast-enhance: <value in [disable, enable]>
multicast-rate: <value in [0, 6000, 12000, ...]>
name: <string>
okc: <value in [disable, enable]>
passphrase: <list or string>
pmf: <value in [disable, enable, optional]>
pmf-assoc-comeback-timeout: <integer>
pmf-sa-query-retry-timeout: <integer>
portal-message-override-group: <string>
portal-type: <value in [auth, auth+disclaimer, disclaimer, ...]>
probe-resp-suppression: <value in [disable, enable]>
probe-resp-threshold: <string>
ptk-rekey: <value in [disable, enable]>
ptk-rekey-intv: <integer>
qos-profile: <string>
quarantine: <value in [disable, enable]>
radio-2g-threshold: <string>
radio-5g-threshold: <string>
radio-sensitivity: <value in [disable, enable]>
radius-mac-auth: <value in [disable, enable]>
radius-mac-auth-server: <string>
radius-mac-auth-usergroups: <list or string>
radius-server: <string>
rates-11a:
- 1
- 1-basic
- 2
- 2-basic
- 5.5
- 5.5-basic
- 6
- 6-basic
- 9
- 9-basic
- 12
- 12-basic
- 18
- 18-basic
- 24
- 24-basic
- 36
- 36-basic
- 48
- 48-basic
- 54
- 54-basic
- 11
- 11-basic
rates-11ac-ss12:
- mcs0/1
- mcs1/1
- mcs2/1
- mcs3/1
- mcs4/1
- mcs5/1
- mcs6/1
- mcs7/1
- mcs8/1
- mcs9/1
- mcs0/2
- mcs1/2
- mcs2/2
- mcs3/2
- mcs4/2
- mcs5/2
- mcs6/2
- mcs7/2
- mcs8/2
- mcs9/2
- mcs10/1
- mcs11/1
- mcs10/2
- mcs11/2
rates-11ac-ss34:
- mcs0/3
- mcs1/3
- mcs2/3
- mcs3/3
- mcs4/3
- mcs5/3
- mcs6/3
- mcs7/3
- mcs8/3
- mcs9/3
- mcs0/4
- mcs1/4
- mcs2/4
- mcs3/4
- mcs4/4
- mcs5/4
- mcs6/4
- mcs7/4
- mcs8/4
- mcs9/4
- mcs10/3
- mcs11/3
- mcs10/4
- mcs11/4
rates-11bg:
- 1
- 1-basic
- 2
- 2-basic
- 5.5
- 5.5-basic
- 6
- 6-basic
- 9
- 9-basic
- 12
- 12-basic
- 18
- 18-basic
- 24
- 24-basic
- 36
- 36-basic
- 48
- 48-basic
- 54
- 54-basic
- 11
- 11-basic
rates-11n-ss12:
- mcs0/1
- mcs1/1
- mcs2/1
- mcs3/1
- mcs4/1
- mcs5/1
- mcs6/1
- mcs7/1
- mcs8/2
- mcs9/2
- mcs10/2
- mcs11/2
- mcs12/2
- mcs13/2
- mcs14/2
- mcs15/2
rates-11n-ss34:
- mcs16/3
- mcs17/3
- mcs18/3
- mcs19/3
- mcs20/3
- mcs21/3
- mcs22/3
- mcs23/3
- mcs24/4
- mcs25/4
- mcs26/4
- mcs27/4
- mcs28/4
- mcs29/4
- mcs30/4
- mcs31/4
schedule: <list or string>
security: <value in [None, WEP64, wep64, ...]>
security-exempt-list: <string>
security-obsolete-option: <value in [disable, enable]>
security-redirect-url: <string>
selected-usergroups: <list or string>
split-tunneling: <value in [disable, enable]>
ssid: <string>
tkip-counter-measure: <value in [disable, enable]>
usergroup: <list or string>
utm-profile: <string>
vdom: <string>
vlan-auto: <value in [disable, enable]>
vlan-pool:
-
_wtp-group: <string>
id: <integer>
wtp-group: <string>
vlan-pooling: <value in [wtp-group, round-robin, hash, ...]>
vlanid: <integer>
voice-enterprise: <value in [disable, enable]>
address-group: <string>
atf-weight: <integer>
mu-mimo: <value in [disable, enable]>
owe-groups:
- 19
- 20
- 21
owe-transition: <value in [disable, enable]>
owe-transition-ssid: <string>
sae-groups:
- 1
- 2
- 5
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 27
- 28
- 29
- 30
- 31
sae-password: <list or string>
_intf_device-access-list: <string>
external-web-format: <value in [auto-detect, no-query-string, partial-query-string]>
high-efficiency: <value in [disable, enable]>
primary-wag-profile: <string>
secondary-wag-profile: <string>
target-wake-time: <value in [disable, enable]>
tunnel-echo-interval: <integer>
tunnel-fallback-interval: <integer>
access-control-list: <string>
captive-portal-auth-timeout: <integer>
ipv6-rules:
- drop-icmp6ra
- drop-icmp6rs
- drop-llmnr6
- drop-icmp6mld2
- drop-dhcp6s
- drop-dhcp6c
- ndp-proxy
- drop-ns-dad
- drop-ns-nondad
sticky-client-remove: <value in [disable, enable]>
sticky-client-threshold-2g: <string>
sticky-client-threshold-5g: <string>
bss-color-partial: <value in [disable, enable]>
dhcp-option43-insertion: <value in [disable, enable]>
mpsk-profile: <string>
igmp-snooping: <value in [disable, enable]>
port-macauth: <value in [disable, radius, address-group]>
port-macauth-reauth-timeout: <integer>
port-macauth-timeout: <integer>
portal-message-overrides:
auth-disclaimer-page: <string>
auth-login-failed-page: <string>
auth-login-page: <string>
auth-reject-page: <string>
additional-akms:
- akm6
bstm-disassociation-imminent: <value in [disable, enable]>
bstm-load-balancing-disassoc-timer: <integer>
bstm-rssi-disassoc-timer: <integer>
dhcp-address-enforcement: <value in [disable, enable]>
gas-comeback-delay: <integer>
gas-fragmentation-limit: <integer>
mac-called-station-delimiter: <value in [hyphen, single-hyphen, colon, ...]>
mac-calling-station-delimiter: <value in [hyphen, single-hyphen, colon, ...]>
mac-case: <value in [uppercase, lowercase]>
mac-password-delimiter: <value in [hyphen, single-hyphen, colon, ...]>
mac-username-delimiter: <value in [hyphen, single-hyphen, colon, ...]>
mbo: <value in [disable, enable]>
mbo-cell-data-conn-pref: <value in [excluded, prefer-not, prefer-use]>
nac: <value in [disable, enable]>
nac-profile: <string>
neighbor-report-dual-band: <value in [disable, enable]>
address-group-policy: <value in [disable, allow, deny]>
antivirus-profile: <string>
application-detection-engine: <value in [disable, enable]>
application-list: <string>
application-report-intv: <integer>
auth-cert: <string>
auth-portal-addr: <string>
beacon-advertising:
- name
- model
- serial-number
ips-sensor: <string>
l3-roaming: <value in [disable, enable]>
local-standalone-dns: <value in [disable, enable]>
local-standalone-dns-ip: <list or string>
osen: <value in [disable, enable]>
radius-mac-mpsk-auth: <value in [disable, enable]>
radius-mac-mpsk-timeout: <integer>
rates-11ax-ss12:
- mcs0/1
- mcs1/1
- mcs2/1
- mcs3/1
- mcs4/1
- mcs5/1
- mcs6/1
- mcs7/1
- mcs8/1
- mcs9/1
- mcs10/1
- mcs11/1
- mcs0/2
- mcs1/2
- mcs2/2
- mcs3/2
- mcs4/2
- mcs5/2
- mcs6/2
- mcs7/2
- mcs8/2
- mcs9/2
- mcs10/2
- mcs11/2
rates-11ax-ss34:
- mcs0/3
- mcs1/3
- mcs2/3
- mcs3/3
- mcs4/3
- mcs5/3
- mcs6/3
- mcs7/3
- mcs8/3
- mcs9/3
- mcs10/3
- mcs11/3
- mcs0/4
- mcs1/4
- mcs2/4
- mcs3/4
- mcs4/4
- mcs5/4
- mcs6/4
- mcs7/4
- mcs8/4
- mcs9/4
- mcs10/4
- mcs11/4
scan-botnet-connections: <value in [disable, block, monitor]>
utm-log: <value in [disable, enable]>
utm-status: <value in [disable, enable]>
vlan-name:
-
name: <string>
vlan-id: <integer>
webfilter-profile: <string>
sae-h2e-only: <value in [disable, enable]>
sae-pk: <value in [disable, enable]>
sae-private-key: <string>
sticky-client-threshold-6g: <string>
application-dscp-marking: <value in [disable, enable]>
l3-roaming-mode: <value in [direct, indirect]>
rates-11ac-mcs-map: <string>
rates-11ax-mcs-map: <string>
captive-portal-fw-accounting: <value in [disable, enable]>
radius-mac-auth-block-interval: <integer>
_is_factory_setting: <value in [disable, enable, ext]>
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
The result of the request. Returned: always |
|
The full url requested. Returned: always Sample: |
|
The status of api request. Returned: always Sample: |
|
The api response. Returned: always |
|
The descriptive message of the api response. Returned: always Sample: |
|
The information of the target system. Returned: always |
|
The status the request. Returned: always Sample: |
|
Warning if the parameters used in the playbook are not supported by the current FortiManager version. Returned: complex |