fortinet.fortimanager.fmgr_devprof_system_global module – Configure global attributes.
Note
This module is part of the fortinet.fortimanager collection (version 2.8.0).
You might already have this collection installed if you are using the ansible package.
It is not included in ansible-core.
To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install fortinet.fortimanager.
To use it in a playbook, specify: fortinet.fortimanager.fmgr_devprof_system_global.
New in fortinet.fortimanager 1.0.0
Synopsis
This module is able to configure a FortiManager device.
Examples include all parameters and values which need to be adjusted to data sources before usage.
Parameters
Parameter |
Comments |
|---|---|
The token to access FortiManager without using username and password. |
|
The parameter (adom) in requested url. |
|
Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters. Choices:
|
|
The parameter (devprof) in requested url. |
|
The top level parameters set. |
|
Press the BLE button can enable BLE function Choices:
|
|
Enable/disable concurrent administrator logins. Choices:
|
|
Console login timeout that overrides the admin timeout value |
|
(list) Override access profile. |
|
Enable/disable FortiCloud admin login via SSO. Choices:
|
|
Administrative host for HTTP and HTTPS. |
|
HTTPS Strict-Transport-Security header max-age in seconds. |
|
Enable/disable admin login method. Choices:
|
|
Enable/disable redirection of HTTP administration access to HTTPS. Choices:
|
|
Select one or more cipher technologies that cannot be used in GUI HTTPS negotiations. Choices:
|
|
Select one or more TLS 1. Choices:
|
|
Allowed TLS versions for web administration. Choices:
|
|
Amount of time in seconds that an administrator account is locked out after reaching the admin-lockout-threshold for repea… |
|
Number of failed login attempts before an administrator account is locked out for the admin-lockout-duration. |
|
Maximum number of administrators who can be logged in at the same time |
|
Enable/disable maintainer administrator login. Choices:
|
|
Administrative access port for HTTP. |
|
Press the reset button can reset to factory default. Choices:
|
|
Enable/disable local admin authentication restriction when remote authenticator is up and running Choices:
|
|
Enable/disable using SCP to download the system configuration. Choices:
|
|
(list) Server certificate that the FortiGate uses for HTTPS administrative connections. |
|
Administrative access port for HTTPS. |
|
Maximum time in seconds permitted between making an SSH connection to the FortiGate unit and authenticating |
|
Enable/disable password authentication for SSH admin access. Choices:
|
|
Administrative access port for SSH. |
|
Enable/disable SSH v1 compatibility. Choices:
|
|
Enable/disable TELNET service. Choices:
|
|
Administrative access port for TELNET. |
|
Number of minutes before an idle administrator session times out |
|
Enable/disable airplane mode. Choices:
|
|
Alias for your FortiGate unit. |
|
Disable to prevent traffic with same local ingress and egress interface from being forwarded without policy check. Choices:
|
|
Level of checking for packet replay and TCP sequence checking. Choices:
|
|
Maximum number of dynamically learned MAC addresses that can be added to the ARP table |
|
(list) Server certificate that the FortiGate uses for HTTPS firewall authentication connections. |
|
User authentication HTTP port. |
|
User authentication HTTPS port. |
|
User IKE SAML authentication port |
|
Enable to prevent user authentication sessions from timing out when idle. Choices:
|
|
Enable/disable automatic and periodic backup of authentication sessions Choices:
|
|
Configure automatic authentication session backup interval in minutes Choices:
|
|
Action to take when the number of allowed user authenticated sessions is reached. Choices:
|
|
Enable/disable automatic authorization of dedicated Fortinet extension devices. Choices:
|
|
Enable/disable automatic log partition check after ungraceful shutdown. Choices:
|
|
Affinity setting for AV scanning |
|
Set the action to take if the FortiGate is running low on memory or the proxy connection limit has been reached. Choices:
|
|
When enabled and a proxy for a protocol runs out of room in its session table, that protocol goes into failopen mode and e… Choices:
|
|
Enable/disable batch mode, allowing you to enter a series of CLI commands that will execute as a group once they are loaded. Choices:
|
|
Affinity setting for BFD daemon |
|
Duration in seconds for blocked sessions |
|
Maximum number of bridge forwarding database |
|
Maximum number of certificates that can be traversed in a certificate chain. |
|
Time-out for reverting to the last saved configuration. |
|
Configuration file save mode for CLI changes. Choices:
|
|
Level of checking performed on protocol headers. Choices:
|
|
Configure ICMP error message verification. Choices:
|
|
Enable/disable CLI audit log. Choices:
|
|
Enable/disable all cloud communication. Choices:
|
|
Enable/disable requiring administrators to have a client certificate to log into the GUI using HTTPS. Choices:
|
|
Affinity setting for cmdbsvr |
|
Threshold at which CPU usage is reported |
|
Enable/disable the CA attribute in certificates. Choices:
|
|
Enable/disable daily restart of FortiGate unit. Choices:
|
|
Default service source port range |
|
Enable TCP NPU session delay to guarantee packet order of 3-way handshake. Choices:
|
|
Time in seconds that a device must be idle to automatically log the device user out. |
|
Number of bits to use in the Diffie-Hellman exchange for HTTPS/SSH protocols. Choices:
|
|
DHCP leases backup interval in seconds |
|
DNS proxy worker count. |
|
DP fragment session timeout |
|
DP pinhole session timeout |
|
DP rsync session timeout |
|
DP tcp normal timeout |
|
DP udp idle timer |
|
Enable/disable daylight saving time. Choices:
|
|
Enable/disable early TCP NPU session. Choices:
|
|
Enable/disable edit new VDOM prompt. Choices:
|
|
Endpoint control fds access. Choices:
|
|
(list) Configure reserved network subnet for managed LAN extension FortiExtender units. |
|
Maximum disk buffer size to temporarily store logs destined for FortiAnalyzer. |
|
Enable/disable sending IPS, Application Control, and AntiVirus data to FortiGuard. Choices:
|
|
FortiGuard statistics collection period in minutes. |
|
Local UDP port for Forward Error Correction |
|
Type of alert to retrieve from FortiGuard. Choices:
|
|
Forticarrier bypass. Choices:
|
|
Enable/disable FortiController proxy. Choices:
|
|
FortiController proxy port |
|
Enable/disable config upload to FortiConverter. Choices:
|
|
Enable/disable FortiConverter integration service. Choices:
|
|
Enable/disable FortiExtender. Choices:
|
|
FortiExtender data port |
|
Enable/disable FortiExtender CAPWAP lockdown. Choices:
|
|
Enable/disable automatic provisioning of latest FortiExtender firmware on authorization. Choices:
|
|
Enable/disable FortiExtender VLAN mode. Choices:
|
|
Enable/disable integration with the FortiGSLB cloud service. Choices:
|
|
Enable/disable integration with the FortiIPAM cloud service. Choices:
|
|
FortiService port |
|
Enable/disable FortiToken Cloud service. Choices:
|
|
Enable/disable FTM push service of FortiToken Cloud. Choices:
|
|
Fortitoken cloud service. Choices:
|
|
Interval in which to clean up remote users in FortiToken Cloud |
|
Enable/disable GTP-U dynamic source port support. Choices:
|
|
Enable/disable the factory default hostname warning on the GUI setup wizard. Choices:
|
|
Enable/disable Allow FGT with incompatible firmware to be treated as compatible in security fabric on the GUI. Choices:
|
|
Enable/disable Allow app-detection based SD-WAN. Choices:
|
|
Enable/disable the automatic patch upgrade setup prompt on the GUI. Choices:
|
|
Domain of CDN server. |
|
Enable/disable Load GUI static files from a CDN. Choices:
|
|
Enable/disable the System > Certificate GUI page, allowing you to add and configure certificates from the GUI. Choices:
|
|
Enable/disable custom languages in GUI. Choices:
|
|
Default date format used throughout GUI. Choices:
|
|
Source from which the FortiGate GUI uses to display date and time entries. Choices:
|
|
Support meta variable Add the latitude of the location of this FortiGate to position it on the Threat Map. |
|
Support meta variable Add the longitude of the location of this FortiGate to position it on the Threat Map. |
|
Enable/disable displaying the FortiGates hostname on the GUI login page. Choices:
|
|
Gui firmware upgrade setup warning. Choices:
|
|
Enable/disable the firmware upgrade warning on the GUI. Choices:
|
|
Enable/disable the FortiCare registration setup warning on the GUI. Choices:
|
|
Enable/disable displaying FortiGate Cloud Sandbox on the GUI. Choices:
|
|
Enable/disable retrieving static GUI resources from FortiGuard. Choices:
|
|
Enable/disable displaying FortiSandbox Cloud on the GUI. Choices:
|
|
Enable/disable IPv6 settings on the GUI. Choices:
|
|
Number of lines to display per page for web administration. |
|
Enable/disable Local-out traffic on the GUI. Choices:
|
|
Enable/disable replacement message groups on the GUI. Choices:
|
|
Enable/disable REST API result caching on FortiGate. Choices:
|
|
Color scheme for the administration GUI. Choices:
|
|
Enable/disable wireless open security option on the GUI. Choices:
|
|
Enable/disable Workflow management features on the GUI. Choices:
|
|
Affinity setting for HA daemons |
|
Enable/disable honoring of Dont-Fragment Choices:
|
|
Support meta variable FortiGate units hostname. |
|
HTTP request body size limit. |
|
HTTP request body size limit before authentication. |
|
Maximum number of simultaneous HTTP requests that will be served. |
|
Enable/disable hardware filter for certain Ethernet packet types. Choices:
|
|
Number of VDOMs for hyper scale license. |
|
Maximum number of IGMP memberships |
|
Enable/disable allowing use of interface-subnet setting in firewall addresses Choices:
|
|
Internal switch mode. Choices:
|
|
Internal port speed. Choices:
|
|
Configure which Internet Service database size to download from FortiGuard and use. Choices:
|
|
(list) Configure which on-demand Internet Service IDs are to be downloaded. |
|
Enable/disable logging of IPv4 address conflict detection. Choices:
|
|
Maximum memory |
|
Timeout value in seconds for any fragment not being reassembled |
|
(list) IP source port range used for traffic originating from the FortiGate unit. |
|
Affinity setting for IPS |
|
Enable/disable ASIC offloading Choices:
|
|
ESP jump ahead rate |
|
Enable/disable offloading Choices:
|
|
Enable/disable QAT offloading Choices:
|
|
Enable/disable round-robin redistribution to multiple CPUs for IPsec VPN traffic. Choices:
|
|
Enable/disable software decryption asynchronization Choices:
|
|
Enable/disable acceptance of IPv6 Duplicate Address Detection |
|
Enable/disable IPv6 address probe through Anycast. Choices:
|
|
Enable/disable silent drop of IPv6 local-in traffic. Choices:
|
|
Enable/disable silent drop of IPv6 local-in traffic. Choices:
|
|
Enable/disable IPv6 address probe through Multicast. Choices:
|
|
Disable to prevent IPv6 traffic with same local ingress and egress interface from being forwarded without policy check. Choices:
|
|
Timeout value in seconds for any IPv6 fragment not being reassembled |
|
Configure CPU IRQ time accounting mode. Choices:
|
|
GUI display language. Choices:
|
|
Global timeout for connections with remote LDAP servers in milliseconds |
|
Enable/disable legacy POE device support. Choices:
|
|
Enable/disable Link Layer Discovery Protocol Choices:
|
|
Enable/disable Link Layer Discovery Protocol Choices:
|
|
Enable/disable logging the event of a single CPU core reaching CPU usage threshold. Choices:
|
|
Enable/disable logging of SSL connection events. Choices:
|
|
Enable/disable insertion of address UUIDs to traffic logs. Choices:
|
|
Enable/disable insertion of policy UUIDs to traffic logs. Choices:
|
|
Enable/disable login time recording. Choices:
|
|
Enable/disable long VDOM name support. Choices:
|
|
Management IP address of this FortiGate. |
|
Overriding port for management connection |
|
Enable/disable use of the admin-sport setting for the management port. Choices:
|
|
(list) Management virtual domain name. |
|
Maximum number of IP route cache entries |
|
Threshold at which memory usage is considered extreme |
|
Threshold at which memory usage forces the FortiGate to exit conserve mode |
|
Threshold at which memory usage forces the FortiGate to enter conserve mode |
|
Affinity setting for logging |
|
Number of logging |
|
Enforce all login methods to require an additional authentication factor Choices:
|
|
Maximum number of NDP table entries |
|
Enable/disable sending of ARP/ICMP6 probing packets to update neighbors for offloaded sessions. Choices:
|
|
Flow mode optimization option. Choices:
|
|
Enable/disable per-user block/allow list filter. Choices:
|
|
Enable/disable per-user black/white list filter. Choices:
|
|
Enable/disable path MTU discovery. Choices:
|
|
Number of concurrent firewall use logins from the same user |
|
Enable/disable displaying the administrator access disclaimer message after an administrator successfully logs in. Choices:
|
|
Enable/disable displaying the administrator access disclaimer message on the login page before an administrator logs in. Choices:
|
|
Enable/disable private data encryption using an AES 128-bit key or passpharse. Choices:
|
|
Proxy and explicit proxy. Choices:
|
|
Enable/disable authenticated users lifetime control. Choices:
|
|
Lifetime timeout in minutes for authenticated users |
|
Authentication timeout in minutes for authenticated users |
|
Enable/disable using management VDOM to send requests. Choices:
|
|
Enable/disable using content processor Choices:
|
|
Enable/disable email proxy hardware acceleration. Choices:
|
|
Control if users must re-authenticate after a session is closed, traffic has been idle, or from the point at which the use… Choices:
|
|
Enable/disable using the content processor to accelerate KXP traffic. Choices:
|
|
Control if users must re-authenticate after a session is closed, traffic has been idle, or from the point at which the use… Choices:
|
|
The time limit that users must re-authenticate if proxy-keep-alive-mode is set to re-authenticate |
|
Enable/disable use of the maximum memory usage on the FortiGate units proxy processing of resources, such as block lists, … Choices:
|
|
Proxy worker count. |
|
Purdue Level of this FortiGate. Choices:
|
|
(list) Set port |
|
(list) Split qsfpddd port |
|
(list) Split qsfpddd port |
|
Maximum number of unacknowledged packets before sending ACK |
|
QUIC congestion control algorithm Choices:
|
|
Maximum transmit datagram size |
|
Enable/disable path MTU discovery Choices:
|
|
Time-to-live |
|
Enable/disable UDP payload size shaping per connection ID Choices:
|
|
RADIUS service port number. |
|
Enable/disable reboot of system upon restoring configuration. Choices:
|
|
Statistics refresh interval second |
|
Number of seconds that the FortiGate waits for responses from remote RADIUS, LDAP, or TACACS+ authentication servers. |
|
Action to perform if the FortiGate receives a TCP packet but cannot find a corresponding session in its session table. Choices:
|
|
Enable/disable support for passing REST API keys through URL query parameters. Choices:
|
|
Daily restart time |
|
Enable/disable back-up of the latest configuration revision when an administrator logs out of the CLI or GUI. Choices:
|
|
Enable/disable back-up of the latest image revision after the firmware is upgraded. Choices:
|
|
Number of scanunits. |
|
SCIM http port |
|
SCIM port |
|
(list) Server certificate that the FortiGate uses for SCIM connections. |
|
Enable/disable the submission of Security Rating results to FortiGuard. Choices:
|
|
Enable/disable scheduled runs of Security Rating. Choices:
|
|
Enable/disable sending of path maximum transmission unit Choices:
|
|
Maximum number of sflowd child processes allowed to run. |
|
Show/hide backplane interfaces Choices:
|
|
Enable/disable the ability to change the source NAT route. Choices:
|
|
Enable/disable detection of those special format files when using Data Loss Prevention. Choices:
|
|
Enable/disable speed test server. Choices:
|
|
Speedtest server controller port number. |
|
Speedtest server port number. |
|
(list) Split port |
|
Split port mode. |
|
Split port interface. |
|
The configuration mode for the split port interface. Choices:
|
|
Date within a month to run ssd trim. |
|
How often to run SSD Trim Choices:
|
|
Hour of the day on which to run SSD Trim |
|
Minute of the hour on which to run SSD Trim |
|
Day of week to run SSD Trim. Choices:
|
|
Enable/disable CBC cipher for SSH access. Choices:
|
|
Select one or more SSH ciphers. Choices:
|
|
Enable/disable HMAC-MD5 for SSH access. Choices:
|
|
Config SSH host key. |
|
Select one or more SSH hostkey algorithms. Choices:
|
|
Enable/disable SSH host key override in SSH daemon. Choices:
|
|
(list) Password for ssh-hostkey. |
|
Select one or more SSH kex algorithms. Choices:
|
|
Enable/disable SHA1 key exchange for SSH access. Choices:
|
|
Select one or more SSH MAC algorithms. Choices:
|
|
Enable/disable HMAC-SHA1 and UMAC-64-ETM for SSH access. Choices:
|
|
Minimum supported protocol version for SSL/TLS connections Choices:
|
|
Enable/disable static key ciphers in SSL/TLS connections Choices:
|
|
Enable/disable SSL-VPN hardware acceleration. Choices:
|
|
Enable/disable verification of EMS serial number in SSL-VPN connection. Choices:
|
|
Enable/disable SSL-VPN KXP hardware acceleration. Choices:
|
|
Maximum number of SSL-VPN processes. |
|
Enable/disable checking browsers plugin version by SSL-VPN. Choices:
|
|
Enable/disable SSL-VPN web mode. Choices:
|
|
Enable to check the session against the original policy when revalidating. Choices:
|
|
Enable to use strong encryption and only allow strong ciphers and digest for HTTPS/SSH/TLS/SSL functions. Choices:
|
|
Enable/disable switch controller feature. Choices:
|
|
(list) Configure reserved network subnet for managed switches. |
|
Set scheduled system file checking interval in minutes |
|
Time in minutes between updates of performance statistics logging. |
|
Affinity setting for syslog |
|
Number of seconds the FortiGate unit should wait to close a session after one peer has sent a FIN packet but the other has… |
|
Number of seconds the FortiGate unit should wait to close a session after one peer has sent an open session packet but the… |
|
Enable SACK, timestamp and MSS TCP options. Choices:
|
|
Length of the TCP CLOSE state in seconds |
|
Length of the TCP TIME-WAIT state in seconds |
|
Enable/disable TFTP. Choices:
|
|
Support meta variable Timezone database name. Choices:
|
|
Choose Type of Service Choices:
|
|
Default system-wide level of priority for traffic prioritization. Choices:
|
|
Email-based two-factor authentication session timeout |
|
FortiAuthenticator token authentication session timeout |
|
FortiToken authentication session timeout |
|
FortiToken Mobile session timeout |
|
SMS-based two-factor authentication session timeout |
|
UDP connection session timeout. |
|
URL filter CPU affinity. |
|
URL filter daemon count. |
|
Maximum number of devices allowed in user device store. |
|
Maximum unified memory allowed in user device store. |
|
Maximum number of users allowed in user device store. |
|
Maximum number of previous passwords saved per admin/user |
|
(list) Certificate to use for https user authentication. |
|
Enable/disable support for multiple virtual domains Choices:
|
|
Controls the number of ARPs that the FortiGate sends for a Virtual IP Choices:
|
|
Maximum number of virtual server processes to create. |
|
Enable/disable virtual server hardware acceleration. Choices:
|
|
Enable/disable virtual switch VLAN. Choices:
|
|
Enable/disable verification of EMS serial number in SSL-VPN connection. Choices:
|
|
Affinity setting for wad |
|
Number of concurrent WAD-cache-service object-cache processes. |
|
Number of concurrent WAD-cache-service byte-cache processes. |
|
Minimum percentage change in system memory usage detected by the wad daemon prior to adjusting TCP window size for any act… |
|
WAD workers daily restart end time |
|
WAD worker restart mode Choices:
|
|
WAD workers daily restart time |
|
Enable/disable dispatching traffic to WAD workers based on source affinity. Choices:
|
|
Number of explicit proxy WAN optimization daemon |
|
(list) CA certificate that verifies the WiFi certificate. |
|
(list) Certificate to use for WiFi authentication. |
|
Enable/disable comparability with WiMAX 4G USB devices. Choices:
|
|
Enable/disable the wireless controller feature to use the FortiGate unit to manage FortiAPs. Choices:
|
|
Port used for the control channel in wireless controller mode |
|
Wireless mode setting. Choices:
|
|
Xenserver tools daemon update frequency |
|
Enable/Disable logging for task. Choices:
|
|
Authenticate Ansible client with forticloud API access token. |
|
The overridden method for the underlying Json RPC request. Choices:
|
|
The rc codes list with which the conditions to fail will be overriden. |
|
The rc codes list with which the conditions to succeed will be overriden. |
|
The adom to lock for FortiManager running in workspace mode, the value can be global and others including root. |
|
The maximum time in seconds to wait for other user to release the workspace lock. Default: |
Notes
Note
Starting in version 2.4.0, all input arguments are named using the underscore naming convention (snake_case). Please change the arguments such as “var-name” to “var_name”. Old argument names are still available yet you will receive deprecation warnings. You can ignore this warning by setting deprecation_warnings=False in ansible.cfg.
Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.
Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded
Examples
- name: Example playbook (generated based on argument schema)
hosts: fortimanagers
connection: httpapi
vars:
ansible_httpapi_use_ssl: true
ansible_httpapi_validate_certs: false
ansible_httpapi_port: 443
tasks:
- name: Configure global attributes.
fortinet.fortimanager.fmgr_devprof_system_global:
# bypass_validation: false
workspace_locking_adom: <value in [global, custom adom including root]>
workspace_locking_timeout: 300
# rc_succeeded: [0, -2, -3, ...]
# rc_failed: [-2, -3, ...]
adom: <your own value>
devprof: <your own value>
devprof_system_global:
admin_https_redirect: <value in [disable, enable]>
admin_port: <integer>
admin_scp: <value in [disable, enable]>
admin_sport: <integer>
admin_ssh_port: <integer>
admin_ssh_v1: <value in [disable, enable]>
admin_telnet_port: <integer>
admintimeout: <integer>
gui_ipv6: <value in [disable, enable]>
gui_lines_per_page: <integer>
gui_theme: <value in [blue, green, melongene, ...]>
language: <value in [english, simch, japanese, ...]>
switch_controller: <value in [disable, enable]>
gui_device_latitude: <string>
gui_device_longitude: <string>
hostname: <string>
timezone:
- "00"
- "01"
- "02"
- "03"
- "04"
- "05"
- "06"
- "07"
- "08"
- "09"
- "10"
- "11"
- "12"
- "13"
- "14"
- "15"
- "16"
- "17"
- "18"
- "19"
- "20"
- "21"
- "22"
- "23"
- "24"
- "25"
- "26"
- "27"
- "28"
- "29"
- "30"
- "31"
- "32"
- "33"
- "34"
- "35"
- "36"
- "37"
- "38"
- "39"
- "40"
- "41"
- "42"
- "43"
- "44"
- "45"
- "46"
- "47"
- "48"
- "49"
- "50"
- "51"
- "52"
- "53"
- "54"
- "55"
- "56"
- "57"
- "58"
- "59"
- "60"
- "61"
- "62"
- "63"
- "64"
- "65"
- "66"
- "67"
- "68"
- "69"
- "70"
- "71"
- "72"
- "73"
- "74"
- "75"
- "76"
- "77"
- "78"
- "79"
- "80"
- "81"
- "82"
- "83"
- "84"
- "85"
- "86"
- "87"
check_reset_range: <value in [disable, strict]>
pmtu_discovery: <value in [disable, enable]>
gui_allow_incompatible_fabric_fgt: <value in [disable, enable]>
admin_restrict_local: <value in [disable, enable, all, ...]>
gui_workflow_management: <value in [disable, enable]>
send_pmtu_icmp: <value in [disable, enable]>
tcp_halfclose_timer: <integer>
admin_server_cert: <list or string>
dnsproxy_worker_count: <integer>
show_backplane_intf: <value in [disable, enable]>
gui_custom_language: <value in [disable, enable]>
ldapconntimeout: <integer>
auth_https_port: <integer>
revision_backup_on_logout: <value in [disable, enable]>
arp_max_entry: <integer>
long_vdom_name: <value in [disable, enable]>
pre_login_banner: <value in [disable, enable]>
qsfpdd_split8_port: <list or string>
max_route_cache_size: <integer>
fortitoken_cloud_push_status: <value in [disable, enable]>
ssh_hostkey_override: <value in [disable, enable]>
proxy_hardware_acceleration: <value in [disable, enable]>
switch_controller_reserved_network: <list or string>
ssd_trim_date: <integer>
wad_worker_count: <integer>
ssh_hostkey: <string>
wireless_controller_port: <integer>
fgd_alert_subscription:
- "advisory"
- "latest-threat"
- "latest-virus"
- "latest-attack"
- "new-antivirus-db"
- "new-attack-db"
forticontroller_proxy_port: <integer>
dh_params: <value in [1024, 1536, 2048, ...]>
memory_use_threshold_green: <integer>
proxy_cert_use_mgmt_vdom: <value in [disable, enable]>
proxy_auth_lifetime_timeout: <integer>
gui_auto_upgrade_setup_warning: <value in [disable, enable]>
gui_cdn_usage: <value in [disable, enable]>
two_factor_email_expiry: <integer>
udp_idle_timer: <integer>
interface_subnet_usage: <value in [disable, enable]>
forticontroller_proxy: <value in [disable, enable]>
ssh_enc_algo:
- "[email protected]"
- "aes128-ctr"
- "aes192-ctr"
- "aes256-ctr"
- "arcfour256"
- "arcfour128"
- "aes128-cbc"
- "3des-cbc"
- "blowfish-cbc"
- "cast128-cbc"
- "aes192-cbc"
- "aes256-cbc"
- "arcfour"
- "[email protected]"
- "[email protected]"
- "[email protected]"
block_session_timer: <integer>
quic_pmtud: <value in [disable, enable]>
admin_https_ssl_ciphersuites:
- "TLS-AES-128-GCM-SHA256"
- "TLS-AES-256-GCM-SHA384"
- "TLS-CHACHA20-POLY1305-SHA256"
- "TLS-AES-128-CCM-SHA256"
- "TLS-AES-128-CCM-8-SHA256"
security_rating_result_submission: <value in [disable, enable]>
user_device_store_max_unified_mem: <integer>
management_port: <integer>
fortigslb_integration: <value in [disable, enable]>
admin_https_ssl_versions:
- "tlsv1-0"
- "tlsv1-1"
- "tlsv1-2"
- "sslv3"
- "tlsv1-3"
cert_chain_max: <integer>
qsfp28_40g_port: <list or string>
strong_crypto: <value in [disable, enable]>
multi_factor_authentication: <value in [optional, mandatory]>
fds_statistics: <value in [disable, enable]>
gui_display_hostname: <value in [disable, enable]>
two_factor_ftk_expiry: <integer>
wad_source_affinity: <value in [disable, enable]>
ssl_static_key_ciphers: <value in [disable, enable]>
daily_restart: <value in [disable, enable]>
snat_route_change: <value in [disable, enable]>
tcp_rst_timer: <integer>
anti_replay: <value in [disable, loose, strict]>
ssl_min_proto_version: <value in [TLSv1, TLSv1-1, TLSv1-2, ...]>
speedtestd_server_port: <integer>
cpu_use_threshold: <integer>
admin_host: <string>
csr_ca_attribute: <value in [disable, enable]>
fortiservice_port: <integer>
ssd_trim_hour: <integer>
purdue_level: <value in [1, 2, 3, ...]>
management_vdom: <list or string>
quic_ack_thresold: <integer>
qsfpdd_100g_port: <list or string>
ips_affinity: <string>
vip_arp_range: <value in [restricted, unlimited]>
internet_service_database: <value in [mini, standard, full, ...]>
revision_image_auto_backup: <value in [disable, enable]>
sflowd_max_children_num: <integer>
admin_https_pki_required: <value in [disable, enable]>
special_file_23_support: <value in [disable, enable]>
npu_neighbor_update: <value in [disable, enable]>
log_single_cpu_high: <value in [disable, enable]>
management_ip: <string>
proxy_resource_mode: <value in [disable, enable]>
admin_ble_button: <value in [disable, enable]>
gui_firmware_upgrade_warning: <value in [disable, enable]>
dp_tcp_normal_timer: <integer>
ipv6_allow_traffic_redirect: <value in [disable, enable]>
cli_audit_log: <value in [disable, enable]>
memory_use_threshold_extreme: <integer>
ha_affinity: <string>
restart_time: <string>
speedtestd_ctrl_port: <integer>
gui_wireless_opensecurity: <value in [disable, enable]>
memory_use_threshold_red: <integer>
dp_fragment_timer: <integer>
wad_restart_start_time: <string>
proxy_re_authentication_time: <integer>
gui_app_detection_sdwan: <value in [disable, enable]>
scanunit_count: <integer>
tftp: <value in [disable, enable]>
xstools_update_frequency: <integer>
clt_cert_req: <value in [disable, enable]>
fortiextender_vlan_mode: <value in [disable, enable]>
auth_http_port: <integer>
per_user_bal: <value in [disable, enable]>
gui_date_format: <value in [yyyy/MM/dd, dd/MM/yyyy, MM/dd/yyyy, ...]>
log_uuid_address: <value in [disable, enable]>
cloud_communication: <value in [disable, enable]>
lldp_reception: <value in [disable, enable]>
two_factor_ftm_expiry: <integer>
quic_udp_payload_size_shaping_per_cid: <value in [disable, enable]>
autorun_log_fsck: <value in [disable, enable]>
vpn_ems_sn_check: <value in [disable, enable]>
admin_ssh_password: <value in [disable, enable]>
airplane_mode: <value in [disable, enable]>
batch_cmdb: <value in [disable, enable]>
ip_src_port_range: <list or string>
strict_dirty_session_check: <value in [disable, enable]>
user_device_store_max_devices: <integer>
dp_udp_idle_timer: <integer>
internal_switch_speed:
- "auto"
- "10full"
- "10half"
- "100full"
- "100half"
- "1000full"
- "1000auto"
forticonverter_config_upload: <value in [disable, once]>
ipsec_round_robin: <value in [disable, enable]>
wad_affinity: <string>
wifi_ca_certificate: <list or string>
wimax_4g_usb: <value in [disable, enable]>
miglog_affinity: <string>
faz_disk_buffer_size: <integer>
ssh_kex_algo:
- "diffie-hellman-group1-sha1"
- "diffie-hellman-group14-sha1"
- "diffie-hellman-group-exchange-sha1"
- "diffie-hellman-group-exchange-sha256"
- "[email protected]"
- "ecdh-sha2-nistp256"
- "ecdh-sha2-nistp384"
- "ecdh-sha2-nistp521"
- "diffie-hellman-group14-sha256"
- "diffie-hellman-group16-sha512"
- "diffie-hellman-group18-sha512"
auto_auth_extension_device: <value in [disable, enable]>
forticarrier_bypass: <value in [disable, enable]>
reset_sessionless_tcp: <value in [disable, enable]>
early_tcp_npu_session: <value in [disable, enable]>
http_unauthenticated_request_limit: <integer>
gui_local_out: <value in [disable, enable]>
tcp_option: <value in [disable, enable]>
proxy_auth_timeout: <integer>
fortiextender_discovery_lockdown: <value in [disable, enable]>
lldp_transmission: <value in [disable, enable]>
split_port: <list or string>
gui_certificates: <value in [disable, enable]>
cfg_save: <value in [automatic, manual, revert]>
auth_keepalive: <value in [disable, enable]>
split_port_mode:
-
interface: <string>
split_mode: <value in [disable, 4x10G, 4x25G, ...]>
admin_forticloud_sso_login: <value in [disable, enable]>
post_login_banner: <value in [disable, enable]>
br_fdb_max_entry: <integer>
ip_fragment_mem_thresholds: <integer>
fortiextender_provision_on_authorization: <value in [disable, enable]>
reboot_upon_config_restore: <value in [disable, enable]>
syslog_affinity: <string>
fortiextender_data_port: <integer>
quic_tls_handshake_timeout: <integer>
forticonverter_integration: <value in [disable, enable]>
proxy_keep_alive_mode: <value in [session, traffic, re-authentication]>
cmdbsvr_affinity: <string>
wad_memory_change_granularity: <integer>
dhcp_lease_backup_interval: <integer>
check_protocol_header: <value in [loose, strict]>
av_failopen_session: <value in [disable, enable]>
ipsec_ha_seqjump_rate: <integer>
admin_hsts_max_age: <integer>
igmp_state_limit: <integer>
admin_login_max: <integer>
ipv6_allow_multicast_probe: <value in [disable, enable]>
virtual_switch_vlan: <value in [disable, enable]>
admin_lockout_threshold: <integer>
dp_pinhole_timer: <integer>
wireless_controller: <value in [disable, enable]>
bfd_affinity: <string>
ssd_trim_freq: <value in [daily, weekly, monthly, ...]>
two_factor_sms_expiry: <integer>
traffic_priority: <value in [tos, dscp]>
proxy_and_explicit_proxy: <value in [disable, enable]>
sslvpn_web_mode: <value in [disable, enable]>
ssh_hostkey_password: <list or string>
wad_csvc_db_count: <integer>
ipv6_allow_anycast_probe: <value in [disable, enable]>
honor_df: <value in [disable, enable]>
hyper_scale_vdom_num: <integer>
wad_csvc_cs_count: <integer>
internal_switch_mode: <value in [switch, interface, hub]>
cfg_revert_timeout: <integer>
admin_concurrent: <value in [disable, enable]>
ipv6_allow_local_in_silent_drop: <value in [disable, enable]>
tcp_halfopen_timer: <integer>
dp_rsync_timer: <integer>
management_port_use_admin_sport: <value in [disable, enable]>
gui_forticare_registration_setup_warning: <value in [disable, enable]>
gui_replacement_message_groups: <value in [disable, enable]>
security_rating_run_on_schedule: <value in [disable, enable]>
admin_lockout_duration: <integer>
optimize_flow_mode: <value in [disable, enable]>
private_data_encryption: <value in [disable, enable]>
wireless_mode: <value in [ac, client, wtp, ...]>
alias: <string>
ssh_hostkey_algo:
- "ssh-rsa"
- "ecdsa-sha2-nistp521"
- "rsa-sha2-256"
- "rsa-sha2-512"
- "ssh-ed25519"
- "ecdsa-sha2-nistp384"
- "ecdsa-sha2-nistp256"
fortitoken_cloud: <value in [disable, enable]>
av_affinity: <string>
proxy_worker_count: <integer>
ipsec_asic_offload: <value in [disable, enable]>
miglogd_children: <integer>
sslvpn_max_worker_count: <integer>
ssh_mac_algo:
- "hmac-md5"
- "[email protected]"
- "hmac-md5-96"
- "[email protected]"
- "hmac-sha1"
- "[email protected]"
- "hmac-sha2-256"
- "[email protected]"
- "hmac-sha2-512"
- "[email protected]"
- "hmac-ripemd160"
- "[email protected]"
- "[email protected]"
- "[email protected]"
- "[email protected]"
- "[email protected]"
- "[email protected]"
url_filter_count: <integer>
wifi_certificate: <list or string>
radius_port: <integer>
sys_perf_log_interval: <integer>
gui_fortigate_cloud_sandbox: <value in [disable, enable]>
auth_cert: <list or string>
fortiextender: <value in [disable, enable]>
admin_reset_button: <value in [disable, enable]>
av_failopen: <value in [off, pass, one-shot, ...]>
user_device_store_max_users: <integer>
auth_session_limit: <value in [block-new, logout-inactive]>
ipv6_allow_local_in_slient_drop: <value in [disable, enable]>
quic_congestion_control_algo: <value in [cubic, bbr, bbr2, ...]>
auth_ike_saml_port: <integer>
wad_restart_end_time: <string>
http_request_limit: <integer>
irq_time_accounting: <value in [auto, force]>
remoteauthtimeout: <integer>
admin_https_ssl_banned_ciphers:
- "RSA"
- "DHE"
- "ECDHE"
- "DSS"
- "ECDSA"
- "AES"
- "AESGCM"
- "CAMELLIA"
- "3DES"
- "SHA1"
- "SHA256"
- "SHA384"
- "STATIC"
- "CHACHA20"
- "ARIA"
- "AESCCM"
allow_traffic_redirect: <value in [disable, enable]>
legacy_poe_device_support: <value in [disable, enable]>
wad_restart_mode: <value in [none, time, memory]>
fds_statistics_period: <integer>
admin_telnet: <value in [disable, enable]>
ipv6_accept_dad: <integer>
tcp_timewait_timer: <integer>
admin_console_timeout: <integer>
default_service_source_port: <string>
quic_max_datagram_size: <integer>
refresh: <integer>
extender_controller_reserved_network: <list or string>
url_filter_affinity: <string>
policy_auth_concurrent: <integer>
ipsec_hmac_offload: <value in [disable, enable]>
traffic_priority_level: <value in [high, medium, low]>
ipsec_qat_offload: <value in [disable, enable]>
ssd_trim_min: <integer>
gui_date_time_source: <value in [system, browser]>
log_ssl_connection: <value in [disable, enable]>
ndp_max_entry: <integer>
vdom_mode: <value in [no-vdom, multi-vdom, split-vdom]>
internet_service_download_list: <list or string>
fortitoken_cloud_sync_interval: <integer>
ssd_trim_weekday: <value in [sunday, monday, tuesday, ...]>
two_factor_fac_expiry: <integer>
gui_rest_api_cache: <value in [disable, enable]>
admin_forticloud_sso_default_profile: <list or string>
proxy_auth_lifetime: <value in [disable, enable]>
device_idle_timeout: <integer>
login_timestamp: <value in [disable, enable]>
speedtest_server: <value in [disable, enable]>
edit_vdom_prompt: <value in [disable, enable]>
gui_cdn_domain_override: <string>
admin_ssh_grace_time: <integer>
sslvpn_ems_sn_check: <value in [disable, enable]>
user_server_cert: <list or string>
gui_allow_default_hostname: <value in [disable, enable]>
proxy_re_authentication_mode: <value in [session, traffic, absolute]>
ipsec_soft_dec_async: <value in [disable, enable]>
admin_maintainer: <value in [disable, enable]>
dst: <value in [disable, enable]>
fec_port: <integer>
ssh_kex_sha1: <value in [disable, enable]>
ssh_mac_weak: <value in [disable, enable]>
sslvpn_cipher_hardware_acceleration: <value in [disable, enable]>
sys_file_check_interval: <integer>
ssh_hmac_md5: <value in [disable, enable]>
ssh_cbc_cipher: <value in [disable, enable]>
gui_fortiguard_resource_fetch: <value in [disable, enable]>
sslvpn_kxp_hardware_acceleration: <value in [disable, enable]>
sslvpn_plugin_version_check: <value in [disable, enable]>
fortiipam_integration: <value in [disable, enable]>
gui_firmware_upgrade_setup_warning: <value in [disable, enable]>
log_uuid_policy: <value in [disable, enable]>
per_user_bwl: <value in [disable, enable]>
gui_fortisandbox_cloud: <value in [disable, enable]>
fortitoken_cloud_service: <value in [disable, enable]>
hw_switch_ether_filter: <value in [disable, enable]>
virtual_server_count: <integer>
endpoint_control_fds_access: <value in [disable, enable]>
proxy_cipher_hardware_acceleration: <value in [disable, enable]>
proxy_kxp_hardware_acceleration: <value in [disable, enable]>
virtual_server_hardware_acceleration: <value in [disable, enable]>
user_history_password_threshold: <integer>
delay_tcp_npu_session: <value in [disable, enable]>
auth_session_auto_backup_interval: <value in [1min, 5min, 15min, ...]>
ip_conflict_detection: <value in [disable, enable]>
gtpu_dynamic_source_port: <value in [disable, enable]>
ip_fragment_timeout: <integer>
ipv6_fragment_timeout: <integer>
scim_server_cert: <list or string>
scim_http_port: <integer>
auth_session_auto_backup: <value in [disable, enable]>
scim_https_port: <integer>
httpd_max_worker_count: <integer>
rest_api_key_url_query: <value in [disable, enable]>
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
|---|---|
The result of the request. Returned: always |
|
The full url requested. Returned: always Sample: |
|
The status of api request. Returned: always Sample: |
|
The api response. Returned: always |
|
The descriptive message of the api response. Returned: always Sample: |
|
The information of the target system. Returned: always |
|
The status the request. Returned: always Sample: |
|
Warning if the parameters used in the playbook are not supported by the current FortiManager version. Returned: complex |