fortinet.fortimanager.fmgr_devprof_system_global module – Configure global attributes.
Note
This module is part of the fortinet.fortimanager collection (version 2.7.0).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install fortinet.fortimanager
.
To use it in a playbook, specify: fortinet.fortimanager.fmgr_devprof_system_global
.
New in fortinet.fortimanager 1.0.0
Synopsis
This module is able to configure a FortiManager device.
Examples include all parameters and values which need to be adjusted to data sources before usage.
Parameters
Parameter |
Comments |
---|---|
The token to access FortiManager without using username and password. |
|
The parameter (adom) in requested url. |
|
Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters. Choices:
|
|
The parameter (devprof) in requested url. |
|
The top level parameters set. |
|
Deprecated, please rename it to admin_ble_button. Press the BLE button can enable BLE function Choices:
|
|
Deprecated, please rename it to admin_concurrent. Enable/disable concurrent administrator logins. Choices:
|
|
Deprecated, please rename it to admin_console_timeout. Console login timeout that overrides the admin timeout value |
|
(list) Deprecated, please rename it to admin_forticloud_sso_default_profile. Override access profile. |
|
Deprecated, please rename it to admin_forticloud_sso_login. Enable/disable FortiCloud admin login via SSO. Choices:
|
|
Deprecated, please rename it to admin_host. Administrative host for HTTP and HTTPS. |
|
Deprecated, please rename it to admin_hsts_max_age. HTTPS Strict-Transport-Security header max-age in seconds. |
|
Deprecated, please rename it to admin_https_pki_required. Enable/disable admin login method. Choices:
|
|
Deprecated, please rename it to admin_https_redirect. Enable/disable redirection of HTTP administration access to HTTPS. Choices:
|
|
Deprecated, please rename it to admin_https_ssl_banned_ciphers. Select one or more cipher technologies that cannot be used… Choices:
|
|
Deprecated, please rename it to admin_https_ssl_ciphersuites. Select one or more TLS 1. Choices:
|
|
Deprecated, please rename it to admin_https_ssl_versions. Allowed TLS versions for web administration. Choices:
|
|
Deprecated, please rename it to admin_lockout_duration. Amount of time in seconds that an administrator account is locked … |
|
Deprecated, please rename it to admin_lockout_threshold. Number of failed login attempts before an administrator account i… |
|
Deprecated, please rename it to admin_login_max. Maximum number of administrators who can be logged in at the same time |
|
Deprecated, please rename it to admin_maintainer. Enable/disable maintainer administrator login. Choices:
|
|
Deprecated, please rename it to admin_port. Administrative access port for HTTP. |
|
Deprecated, please rename it to admin_reset_button. Press the reset button can reset to factory default. Choices:
|
|
Deprecated, please rename it to admin_restrict_local. Enable/disable local admin authentication restriction when remote au… Choices:
|
|
Deprecated, please rename it to admin_scp. Enable/disable using SCP to download the system configuration. Choices:
|
|
(list) Deprecated, please rename it to admin_server_cert. Server certificate that the FortiGate uses for HTTPS administrat… |
|
Deprecated, please rename it to admin_sport. Administrative access port for HTTPS. |
|
Deprecated, please rename it to admin_ssh_grace_time. Maximum time in seconds permitted between making an SSH connection t… |
|
Deprecated, please rename it to admin_ssh_password. Enable/disable password authentication for SSH admin access. Choices:
|
|
Deprecated, please rename it to admin_ssh_port. Administrative access port for SSH. |
|
Deprecated, please rename it to admin_ssh_v1. Enable/disable SSH v1 compatibility. Choices:
|
|
Deprecated, please rename it to admin_telnet. Enable/disable TELNET service. Choices:
|
|
Deprecated, please rename it to admin_telnet_port. Administrative access port for TELNET. |
|
Number of minutes before an idle administrator session times out |
|
Deprecated, please rename it to airplane_mode. Enable/disable airplane mode. Choices:
|
|
Alias for your FortiGate unit. |
|
Deprecated, please rename it to allow_traffic_redirect. Disable to prevent traffic with same local ingress and egress inte… Choices:
|
|
Deprecated, please rename it to anti_replay. Level of checking for packet replay and TCP sequence checking. Choices:
|
|
Deprecated, please rename it to arp_max_entry. Maximum number of dynamically learned MAC addresses that can be added to th… |
|
(list) Deprecated, please rename it to auth_cert. Server certificate that the FortiGate uses for HTTPS firewall authentica… |
|
Deprecated, please rename it to auth_http_port. User authentication HTTP port. |
|
Deprecated, please rename it to auth_https_port. User authentication HTTPS port. |
|
Deprecated, please rename it to auth_ike_saml_port. User IKE SAML authentication port |
|
Deprecated, please rename it to auth_keepalive. Enable to prevent user authentication sessions from timing out when idle. Choices:
|
|
Deprecated, please rename it to auth_session_auto_backup. Enable/disable automatic and periodic backup of authentication s… Choices:
|
|
Deprecated, please rename it to auth_session_auto_backup_interval. Configure automatic authentication session backup inter… Choices:
|
|
Deprecated, please rename it to auth_session_limit. Action to take when the number of allowed user authenticated sessions … Choices:
|
|
Deprecated, please rename it to auto_auth_extension_device. Enable/disable automatic authorization of dedicated Fortinet e… Choices:
|
|
Deprecated, please rename it to autorun_log_fsck. Enable/disable automatic log partition check after ungraceful shutdown. Choices:
|
|
Deprecated, please rename it to av_affinity. Affinity setting for AV scanning |
|
Deprecated, please rename it to av_failopen. Set the action to take if the FortiGate is running low on memory or the proxy… Choices:
|
|
Deprecated, please rename it to av_failopen_session. When enabled and a proxy for a protocol runs out of room in its sessi… Choices:
|
|
Deprecated, please rename it to batch_cmdb. Enable/disable batch mode, allowing you to enter a series of CLI commands that… Choices:
|
|
Deprecated, please rename it to bfd_affinity. Affinity setting for BFD daemon |
|
Deprecated, please rename it to block_session_timer. Duration in seconds for blocked sessions |
|
Deprecated, please rename it to br_fdb_max_entry. Maximum number of bridge forwarding database |
|
Deprecated, please rename it to cert_chain_max. Maximum number of certificates that can be traversed in a certificate chain. |
|
Deprecated, please rename it to cfg_revert_timeout. Time-out for reverting to the last saved configuration. |
|
Deprecated, please rename it to cfg_save. Configuration file save mode for CLI changes. Choices:
|
|
Deprecated, please rename it to check_protocol_header. Level of checking performed on protocol headers. Choices:
|
|
Deprecated, please rename it to check_reset_range. Configure ICMP error message verification. Choices:
|
|
Deprecated, please rename it to cli_audit_log. Enable/disable CLI audit log. Choices:
|
|
Deprecated, please rename it to cloud_communication. Enable/disable all cloud communication. Choices:
|
|
Deprecated, please rename it to clt_cert_req. Enable/disable requiring administrators to have a client certificate to log … Choices:
|
|
Deprecated, please rename it to cmdbsvr_affinity. Affinity setting for cmdbsvr |
|
Deprecated, please rename it to cpu_use_threshold. Threshold at which CPU usage is reported |
|
Deprecated, please rename it to csr_ca_attribute. Enable/disable the CA attribute in certificates. Choices:
|
|
Deprecated, please rename it to daily_restart. Enable/disable daily restart of FortiGate unit. Choices:
|
|
Deprecated, please rename it to default_service_source_port. Default service source port range |
|
Deprecated, please rename it to delay_tcp_npu_session. Enable TCP NPU session delay to guarantee packet order of 3-way han… Choices:
|
|
Deprecated, please rename it to device_idle_timeout. Time in seconds that a device must be idle to automatically log the d… |
|
Deprecated, please rename it to dh_params. Number of bits to use in the Diffie-Hellman exchange for HTTPS/SSH protocols. Choices:
|
|
Deprecated, please rename it to dhcp_lease_backup_interval. DHCP leases backup interval in seconds |
|
Deprecated, please rename it to dnsproxy_worker_count. DNS proxy worker count. |
|
Deprecated, please rename it to dp_fragment_timer. DP fragment session timeout |
|
Deprecated, please rename it to dp_pinhole_timer. DP pinhole session timeout |
|
Deprecated, please rename it to dp_rsync_timer. DP rsync session timeout |
|
Deprecated, please rename it to dp_tcp_normal_timer. DP tcp normal timeout |
|
Deprecated, please rename it to dp_udp_idle_timer. DP udp idle timer |
|
Enable/disable daylight saving time. Choices:
|
|
Deprecated, please rename it to early_tcp_npu_session. Enable/disable early TCP NPU session. Choices:
|
|
Deprecated, please rename it to edit_vdom_prompt. Enable/disable edit new VDOM prompt. Choices:
|
|
Deprecated, please rename it to endpoint_control_fds_access. Endpoint control fds access. Choices:
|
|
(list) Deprecated, please rename it to extender_controller_reserved_network. Configure reserved network subnet for managed… |
|
Deprecated, please rename it to faz_disk_buffer_size. Maximum disk buffer size to temporarily store logs destined for Fort… |
|
Deprecated, please rename it to fds_statistics. Enable/disable sending IPS, Application Control, and AntiVirus data to For… Choices:
|
|
Deprecated, please rename it to fds_statistics_period. FortiGuard statistics collection period in minutes. |
|
Deprecated, please rename it to fec_port. Local UDP port for Forward Error Correction |
|
Deprecated, please rename it to fgd_alert_subscription. Type of alert to retrieve from FortiGuard. Choices:
|
|
Deprecated, please rename it to forticarrier_bypass. Forticarrier bypass. Choices:
|
|
Deprecated, please rename it to forticontroller_proxy. Enable/disable FortiController proxy. Choices:
|
|
Deprecated, please rename it to forticontroller_proxy_port. FortiController proxy port |
|
Deprecated, please rename it to forticonverter_config_upload. Enable/disable config upload to FortiConverter. Choices:
|
|
Deprecated, please rename it to forticonverter_integration. Enable/disable FortiConverter integration service. Choices:
|
|
Enable/disable FortiExtender. Choices:
|
|
Deprecated, please rename it to fortiextender_data_port. FortiExtender data port |
|
Deprecated, please rename it to fortiextender_discovery_lockdown. Enable/disable FortiExtender CAPWAP lockdown. Choices:
|
|
Deprecated, please rename it to fortiextender_provision_on_authorization. Enable/disable automatic provisioning of latest … Choices:
|
|
Deprecated, please rename it to fortiextender_vlan_mode. Enable/disable FortiExtender VLAN mode. Choices:
|
|
Deprecated, please rename it to fortigslb_integration. Enable/disable integration with the FortiGSLB cloud service. Choices:
|
|
Deprecated, please rename it to fortiipam_integration. Enable/disable integration with the FortiIPAM cloud service. Choices:
|
|
Deprecated, please rename it to fortiservice_port. FortiService port |
|
Deprecated, please rename it to fortitoken_cloud. Enable/disable FortiToken Cloud service. Choices:
|
|
Deprecated, please rename it to fortitoken_cloud_push_status. Enable/disable FTM push service of FortiToken Cloud. Choices:
|
|
Deprecated, please rename it to fortitoken_cloud_service. Fortitoken cloud service. Choices:
|
|
Deprecated, please rename it to fortitoken_cloud_sync_interval. Interval in which to clean up remote users in FortiToken Cloud |
|
Deprecated, please rename it to gtpu_dynamic_source_port. Enable/disable GTP-U dynamic source port support. Choices:
|
|
Deprecated, please rename it to gui_allow_default_hostname. Enable/disable the factory default hostname warning on the GUI… Choices:
|
|
Deprecated, please rename it to gui_allow_incompatible_fabric_fgt. Enable/disable Allow FGT with incompatible firmware to … Choices:
|
|
Deprecated, please rename it to gui_app_detection_sdwan. Enable/disable Allow app-detection based SD-WAN. Choices:
|
|
Deprecated, please rename it to gui_auto_upgrade_setup_warning. Enable/disable the automatic patch upgrade setup prompt on… Choices:
|
|
Deprecated, please rename it to gui_cdn_domain_override. Domain of CDN server. |
|
Deprecated, please rename it to gui_cdn_usage. Enable/disable Load GUI static files from a CDN. Choices:
|
|
Deprecated, please rename it to gui_certificates. Enable/disable the System > Certificate GUI page, allowing you to add an… Choices:
|
|
Deprecated, please rename it to gui_custom_language. Enable/disable custom languages in GUI. Choices:
|
|
Deprecated, please rename it to gui_date_format. Default date format used throughout GUI. Choices:
|
|
Deprecated, please rename it to gui_date_time_source. Source from which the FortiGate GUI uses to display date and time en… Choices:
|
|
Deprecated, please rename it to gui_device_latitude. Support meta variable Add the latitude of the location of this FortiGate to position it on the Threat Map. |
|
Deprecated, please rename it to gui_device_longitude. Support meta variable Add the longitude of the location of this FortiGate to position it on the Threat Map. |
|
Deprecated, please rename it to gui_display_hostname. Enable/disable displaying the FortiGates hostname on the GUI login page. Choices:
|
|
Deprecated, please rename it to gui_firmware_upgrade_setup_warning. Gui firmware upgrade setup warning. Choices:
|
|
Deprecated, please rename it to gui_firmware_upgrade_warning. Enable/disable the firmware upgrade warning on the GUI. Choices:
|
|
Deprecated, please rename it to gui_forticare_registration_setup_warning. Enable/disable the FortiCare registration setup … Choices:
|
|
Deprecated, please rename it to gui_fortigate_cloud_sandbox. Enable/disable displaying FortiGate Cloud Sandbox on the GUI. Choices:
|
|
Deprecated, please rename it to gui_fortiguard_resource_fetch. Enable/disable retrieving static GUI resources from FortiGuard. Choices:
|
|
Deprecated, please rename it to gui_fortisandbox_cloud. Enable/disable displaying FortiSandbox Cloud on the GUI. Choices:
|
|
Deprecated, please rename it to gui_ipv6. Enable/disable IPv6 settings on the GUI. Choices:
|
|
Deprecated, please rename it to gui_lines_per_page. Number of lines to display per page for web administration. |
|
Deprecated, please rename it to gui_local_out. Enable/disable Local-out traffic on the GUI. Choices:
|
|
Deprecated, please rename it to gui_replacement_message_groups. Enable/disable replacement message groups on the GUI. Choices:
|
|
Deprecated, please rename it to gui_rest_api_cache. Enable/disable REST API result caching on FortiGate. Choices:
|
|
Deprecated, please rename it to gui_theme. Color scheme for the administration GUI. Choices:
|
|
Deprecated, please rename it to gui_wireless_opensecurity. Enable/disable wireless open security option on the GUI. Choices:
|
|
Deprecated, please rename it to gui_workflow_management. Enable/disable Workflow management features on the GUI. Choices:
|
|
Deprecated, please rename it to ha_affinity. Affinity setting for HA daemons |
|
Deprecated, please rename it to honor_df. Enable/disable honoring of Dont-Fragment Choices:
|
|
Support meta variable FortiGate units hostname. |
|
Deprecated, please rename it to http_request_limit. HTTP request body size limit. |
|
Deprecated, please rename it to http_unauthenticated_request_limit. HTTP request body size limit before authentication. |
|
Deprecated, please rename it to httpd_max_worker_count. Maximum number of simultaneous HTTP requests that will be served. |
|
Deprecated, please rename it to hw_switch_ether_filter. Enable/disable hardware filter for certain Ethernet packet types. Choices:
|
|
Deprecated, please rename it to hyper_scale_vdom_num. Number of VDOMs for hyper scale license. |
|
Deprecated, please rename it to igmp_state_limit. Maximum number of IGMP memberships |
|
Deprecated, please rename it to interface_subnet_usage. Enable/disable allowing use of interface-subnet setting in firewal… Choices:
|
|
Deprecated, please rename it to internal_switch_mode. Internal switch mode. Choices:
|
|
Deprecated, please rename it to internal_switch_speed. Internal port speed. Choices:
|
|
Deprecated, please rename it to internet_service_database. Configure which Internet Service database size to download from… Choices:
|
|
(list) Deprecated, please rename it to internet_service_download_list. Configure which on-demand Internet Service IDs are … |
|
Deprecated, please rename it to ip_conflict_detection. Enable/disable logging of IPv4 address conflict detection. Choices:
|
|
Deprecated, please rename it to ip_fragment_mem_thresholds. Maximum memory |
|
Deprecated, please rename it to ip_fragment_timeout. Timeout value in seconds for any fragment not being reassembled |
|
(list) Deprecated, please rename it to ip_src_port_range. IP source port range used for traffic originating from the Forti… |
|
Deprecated, please rename it to ips_affinity. Affinity setting for IPS |
|
Deprecated, please rename it to ipsec_asic_offload. Enable/disable ASIC offloading Choices:
|
|
Deprecated, please rename it to ipsec_ha_seqjump_rate. ESP jump ahead rate |
|
Deprecated, please rename it to ipsec_hmac_offload. Enable/disable offloading Choices:
|
|
Deprecated, please rename it to ipsec_qat_offload. Enable/disable QAT offloading Choices:
|
|
Deprecated, please rename it to ipsec_round_robin. Enable/disable round-robin redistribution to multiple CPUs for IPsec VP… Choices:
|
|
Deprecated, please rename it to ipsec_soft_dec_async. Enable/disable software decryption asynchronization Choices:
|
|
Deprecated, please rename it to ipv6_accept_dad. Enable/disable acceptance of IPv6 Duplicate Address Detection |
|
Deprecated, please rename it to ipv6_allow_anycast_probe. Enable/disable IPv6 address probe through Anycast. Choices:
|
|
Deprecated, please rename it to ipv6_allow_local_in_silent_drop. Enable/disable silent drop of IPv6 local-in traffic. Choices:
|
|
Deprecated, please rename it to ipv6_allow_local_in_slient_drop. Enable/disable silent drop of IPv6 local-in traffic. Choices:
|
|
Deprecated, please rename it to ipv6_allow_multicast_probe. Enable/disable IPv6 address probe through Multicast. Choices:
|
|
Deprecated, please rename it to ipv6_allow_traffic_redirect. Disable to prevent IPv6 traffic with same local ingress and e… Choices:
|
|
Deprecated, please rename it to ipv6_fragment_timeout. Timeout value in seconds for any IPv6 fragment not being reassembled |
|
Deprecated, please rename it to irq_time_accounting. Configure CPU IRQ time accounting mode. Choices:
|
|
GUI display language. Choices:
|
|
Global timeout for connections with remote LDAP servers in milliseconds |
|
Deprecated, please rename it to legacy_poe_device_support. Enable/disable legacy POE device support. Choices:
|
|
Deprecated, please rename it to lldp_reception. Enable/disable Link Layer Discovery Protocol Choices:
|
|
Deprecated, please rename it to lldp_transmission. Enable/disable Link Layer Discovery Protocol Choices:
|
|
Deprecated, please rename it to log_single_cpu_high. Enable/disable logging the event of a single CPU core reaching CPU us… Choices:
|
|
Deprecated, please rename it to log_ssl_connection. Enable/disable logging of SSL connection events. Choices:
|
|
Deprecated, please rename it to log_uuid_address. Enable/disable insertion of address UUIDs to traffic logs. Choices:
|
|
Deprecated, please rename it to log_uuid_policy. Enable/disable insertion of policy UUIDs to traffic logs. Choices:
|
|
Deprecated, please rename it to login_timestamp. Enable/disable login time recording. Choices:
|
|
Deprecated, please rename it to long_vdom_name. Enable/disable long VDOM name support. Choices:
|
|
Deprecated, please rename it to management_ip. Management IP address of this FortiGate. |
|
Deprecated, please rename it to management_port. Overriding port for management connection |
|
Deprecated, please rename it to management_port_use_admin_sport. Enable/disable use of the admin-sport setting for the man… Choices:
|
|
(list) Deprecated, please rename it to management_vdom. Management virtual domain name. |
|
Deprecated, please rename it to max_route_cache_size. Maximum number of IP route cache entries |
|
Deprecated, please rename it to memory_use_threshold_extreme. Threshold at which memory usage is considered extreme |
|
Deprecated, please rename it to memory_use_threshold_green. Threshold at which memory usage forces the FortiGate to exit c… |
|
Deprecated, please rename it to memory_use_threshold_red. Threshold at which memory usage forces the FortiGate to enter co… |
|
Deprecated, please rename it to miglog_affinity. Affinity setting for logging |
|
Deprecated, please rename it to miglogd_children. Number of logging |
|
Deprecated, please rename it to multi_factor_authentication. Enforce all login methods to require an additional authentica… Choices:
|
|
Deprecated, please rename it to ndp_max_entry. Maximum number of NDP table entries |
|
Deprecated, please rename it to npu_neighbor_update. Enable/disable sending of ARP/ICMP6 probing packets to update neighbo… Choices:
|
|
Deprecated, please rename it to optimize_flow_mode. Flow mode optimization option. Choices:
|
|
Deprecated, please rename it to per_user_bal. Enable/disable per-user block/allow list filter. Choices:
|
|
Deprecated, please rename it to per_user_bwl. Enable/disable per-user black/white list filter. Choices:
|
|
Deprecated, please rename it to pmtu_discovery. Enable/disable path MTU discovery. Choices:
|
|
Deprecated, please rename it to policy_auth_concurrent. Number of concurrent firewall use logins from the same user |
|
Deprecated, please rename it to post_login_banner. Enable/disable displaying the administrator access disclaimer message a… Choices:
|
|
Deprecated, please rename it to pre_login_banner. Enable/disable displaying the administrator access disclaimer message on… Choices:
|
|
Deprecated, please rename it to private_data_encryption. Enable/disable private data encryption using an AES 128-bit key o… Choices:
|
|
Deprecated, please rename it to proxy_and_explicit_proxy. Proxy and explicit proxy. Choices:
|
|
Deprecated, please rename it to proxy_auth_lifetime. Enable/disable authenticated users lifetime control. Choices:
|
|
Deprecated, please rename it to proxy_auth_lifetime_timeout. Lifetime timeout in minutes for authenticated users |
|
Deprecated, please rename it to proxy_auth_timeout. Authentication timeout in minutes for authenticated users |
|
Deprecated, please rename it to proxy_cert_use_mgmt_vdom. Enable/disable using management VDOM to send requests. Choices:
|
|
Deprecated, please rename it to proxy_cipher_hardware_acceleration. Enable/disable using content processor Choices:
|
|
Deprecated, please rename it to proxy_hardware_acceleration. Enable/disable email proxy hardware acceleration. Choices:
|
|
Deprecated, please rename it to proxy_keep_alive_mode. Control if users must re-authenticate after a session is closed, tr… Choices:
|
|
Deprecated, please rename it to proxy_kxp_hardware_acceleration. Enable/disable using the content processor to accelerate … Choices:
|
|
Deprecated, please rename it to proxy_re_authentication_mode. Control if users must re-authenticate after a session is clo… Choices:
|
|
Deprecated, please rename it to proxy_re_authentication_time. The time limit that users must re-authenticate if proxy-keep… |
|
Deprecated, please rename it to proxy_resource_mode. Enable/disable use of the maximum memory usage on the FortiGate units… Choices:
|
|
Deprecated, please rename it to proxy_worker_count. Proxy worker count. |
|
Deprecated, please rename it to purdue_level. Purdue Level of this FortiGate. Choices:
|
|
(list) Deprecated, please rename it to qsfp28_40g_port. Set port |
|
(list) Deprecated, please rename it to qsfpdd_100g_port. Split qsfpddd port |
|
(list) Deprecated, please rename it to qsfpdd_split8_port. Split qsfpddd port |
|
Deprecated, please rename it to quic_ack_thresold. Maximum number of unacknowledged packets before sending ACK |
|
Deprecated, please rename it to quic_congestion_control_algo. QUIC congestion control algorithm Choices:
|
|
Deprecated, please rename it to quic_max_datagram_size. Maximum transmit datagram size |
|
Deprecated, please rename it to quic_pmtud. Enable/disable path MTU discovery Choices:
|
|
Deprecated, please rename it to quic_tls_handshake_timeout. Time-to-live |
|
Deprecated, please rename it to quic_udp_payload_size_shaping_per_cid. Enable/disable UDP payload size shaping per connect… Choices:
|
|
Deprecated, please rename it to radius_port. RADIUS service port number. |
|
Deprecated, please rename it to reboot_upon_config_restore. Enable/disable reboot of system upon restoring configuration. Choices:
|
|
Statistics refresh interval second |
|
Number of seconds that the FortiGate waits for responses from remote RADIUS, LDAP, or TACACS+ authentication servers. |
|
Deprecated, please rename it to reset_sessionless_tcp. Action to perform if the FortiGate receives a TCP packet but cannot… Choices:
|
|
Deprecated, please rename it to restart_time. Daily restart time |
|
Deprecated, please rename it to revision_backup_on_logout. Enable/disable back-up of the latest configuration revision whe… Choices:
|
|
Deprecated, please rename it to revision_image_auto_backup. Enable/disable back-up of the latest image revision after the … Choices:
|
|
Deprecated, please rename it to scanunit_count. Number of scanunits. |
|
Deprecated, please rename it to scim_http_port. SCIM http port |
|
Deprecated, please rename it to scim_https_port. SCIM port |
|
(list) Deprecated, please rename it to scim_server_cert. Server certificate that the FortiGate uses for SCIM connections. |
|
Deprecated, please rename it to security_rating_result_submission. Enable/disable the submission of Security Rating result… Choices:
|
|
Deprecated, please rename it to security_rating_run_on_schedule. Enable/disable scheduled runs of Security Rating. Choices:
|
|
Deprecated, please rename it to send_pmtu_icmp. Enable/disable sending of path maximum transmission unit Choices:
|
|
Deprecated, please rename it to sflowd_max_children_num. Maximum number of sflowd child processes allowed to run. |
|
Deprecated, please rename it to show_backplane_intf. Show/hide backplane interfaces Choices:
|
|
Deprecated, please rename it to snat_route_change. Enable/disable the ability to change the source NAT route. Choices:
|
|
Deprecated, please rename it to special_file_23_support. Enable/disable detection of those special format files when using… Choices:
|
|
Deprecated, please rename it to speedtest_server. Enable/disable speed test server. Choices:
|
|
Deprecated, please rename it to speedtestd_ctrl_port. Speedtest server controller port number. |
|
Deprecated, please rename it to speedtestd_server_port. Speedtest server port number. |
|
(list) Deprecated, please rename it to split_port. Split port |
|
Deprecated, please rename it to split_port_mode. Split port mode. |
|
Split port interface. |
|
Deprecated, please rename it to split_mode. The configuration mode for the split port interface. Choices:
|
|
Deprecated, please rename it to ssd_trim_date. Date within a month to run ssd trim. |
|
Deprecated, please rename it to ssd_trim_freq. How often to run SSD Trim Choices:
|
|
Deprecated, please rename it to ssd_trim_hour. Hour of the day on which to run SSD Trim |
|
Deprecated, please rename it to ssd_trim_min. Minute of the hour on which to run SSD Trim |
|
Deprecated, please rename it to ssd_trim_weekday. Day of week to run SSD Trim. Choices:
|
|
Deprecated, please rename it to ssh_cbc_cipher. Enable/disable CBC cipher for SSH access. Choices:
|
|
Deprecated, please rename it to ssh_enc_algo. Select one or more SSH ciphers. Choices:
|
|
Deprecated, please rename it to ssh_hmac_md5. Enable/disable HMAC-MD5 for SSH access. Choices:
|
|
Deprecated, please rename it to ssh_hostkey. Config SSH host key. |
|
Deprecated, please rename it to ssh_hostkey_algo. Select one or more SSH hostkey algorithms. Choices:
|
|
Deprecated, please rename it to ssh_hostkey_override. Enable/disable SSH host key override in SSH daemon. Choices:
|
|
(list) Deprecated, please rename it to ssh_hostkey_password. Password for ssh-hostkey. |
|
Deprecated, please rename it to ssh_kex_algo. Select one or more SSH kex algorithms. Choices:
|
|
Deprecated, please rename it to ssh_kex_sha1. Enable/disable SHA1 key exchange for SSH access. Choices:
|
|
Deprecated, please rename it to ssh_mac_algo. Select one or more SSH MAC algorithms. Choices:
|
|
Deprecated, please rename it to ssh_mac_weak. Enable/disable HMAC-SHA1 and UMAC-64-ETM for SSH access. Choices:
|
|
Deprecated, please rename it to ssl_min_proto_version. Minimum supported protocol version for SSL/TLS connections Choices:
|
|
Deprecated, please rename it to ssl_static_key_ciphers. Enable/disable static key ciphers in SSL/TLS connections Choices:
|
|
Deprecated, please rename it to sslvpn_cipher_hardware_acceleration. Enable/disable SSL-VPN hardware acceleration. Choices:
|
|
Deprecated, please rename it to sslvpn_ems_sn_check. Enable/disable verification of EMS serial number in SSL-VPN connection. Choices:
|
|
Deprecated, please rename it to sslvpn_kxp_hardware_acceleration. Enable/disable SSL-VPN KXP hardware acceleration. Choices:
|
|
Deprecated, please rename it to sslvpn_max_worker_count. Maximum number of SSL-VPN processes. |
|
Deprecated, please rename it to sslvpn_plugin_version_check. Enable/disable checking browsers plugin version by SSL-VPN. Choices:
|
|
Deprecated, please rename it to sslvpn_web_mode. Enable/disable SSL-VPN web mode. Choices:
|
|
Deprecated, please rename it to strict_dirty_session_check. Enable to check the session against the original policy when r… Choices:
|
|
Deprecated, please rename it to strong_crypto. Enable to use strong encryption and only allow strong ciphers and digest fo… Choices:
|
|
Deprecated, please rename it to switch_controller. Enable/disable switch controller feature. Choices:
|
|
(list) Deprecated, please rename it to switch_controller_reserved_network. Configure reserved network subnet for managed s… |
|
Deprecated, please rename it to sys_file_check_interval. Set scheduled system file checking interval in minutes |
|
Deprecated, please rename it to sys_perf_log_interval. Time in minutes between updates of performance statistics logging. |
|
Deprecated, please rename it to syslog_affinity. Affinity setting for syslog |
|
Deprecated, please rename it to tcp_halfclose_timer. Number of seconds the FortiGate unit should wait to close a session a… |
|
Deprecated, please rename it to tcp_halfopen_timer. Number of seconds the FortiGate unit should wait to close a session af… |
|
Deprecated, please rename it to tcp_option. Enable SACK, timestamp and MSS TCP options. Choices:
|
|
Deprecated, please rename it to tcp_rst_timer. Length of the TCP CLOSE state in seconds |
|
Deprecated, please rename it to tcp_timewait_timer. Length of the TCP TIME-WAIT state in seconds |
|
Enable/disable TFTP. Choices:
|
|
(list) Support meta variable Timezone database name. |
|
Deprecated, please rename it to traffic_priority. Choose Type of Service Choices:
|
|
Deprecated, please rename it to traffic_priority_level. Default system-wide level of priority for traffic prioritization. Choices:
|
|
Deprecated, please rename it to two_factor_email_expiry. Email-based two-factor authentication session timeout |
|
Deprecated, please rename it to two_factor_fac_expiry. FortiAuthenticator token authentication session timeout |
|
Deprecated, please rename it to two_factor_ftk_expiry. FortiToken authentication session timeout |
|
Deprecated, please rename it to two_factor_ftm_expiry. FortiToken Mobile session timeout |
|
Deprecated, please rename it to two_factor_sms_expiry. SMS-based two-factor authentication session timeout |
|
Deprecated, please rename it to udp_idle_timer. UDP connection session timeout. |
|
Deprecated, please rename it to url_filter_affinity. URL filter CPU affinity. |
|
Deprecated, please rename it to url_filter_count. URL filter daemon count. |
|
Deprecated, please rename it to user_device_store_max_devices. Maximum number of devices allowed in user device store. |
|
Deprecated, please rename it to user_device_store_max_unified_mem. Maximum unified memory allowed in user device store. |
|
Deprecated, please rename it to user_device_store_max_users. Maximum number of users allowed in user device store. |
|
Deprecated, please rename it to user_history_password_threshold. Maximum number of previous passwords saved per admin/user |
|
(list) Deprecated, please rename it to user_server_cert. Certificate to use for https user authentication. |
|
Deprecated, please rename it to vdom_mode. Enable/disable support for multiple virtual domains Choices:
|
|
Deprecated, please rename it to vip_arp_range. Controls the number of ARPs that the FortiGate sends for a Virtual IP Choices:
|
|
Deprecated, please rename it to virtual_server_count. Maximum number of virtual server processes to create. |
|
Deprecated, please rename it to virtual_server_hardware_acceleration. Enable/disable virtual server hardware acceleration. Choices:
|
|
Deprecated, please rename it to virtual_switch_vlan. Enable/disable virtual switch VLAN. Choices:
|
|
Deprecated, please rename it to vpn_ems_sn_check. Enable/disable verification of EMS serial number in SSL-VPN connection. Choices:
|
|
Deprecated, please rename it to wad_affinity. Affinity setting for wad |
|
Deprecated, please rename it to wad_csvc_cs_count. Number of concurrent WAD-cache-service object-cache processes. |
|
Deprecated, please rename it to wad_csvc_db_count. Number of concurrent WAD-cache-service byte-cache processes. |
|
Deprecated, please rename it to wad_memory_change_granularity. Minimum percentage change in system memory usage detected b… |
|
Deprecated, please rename it to wad_restart_end_time. WAD workers daily restart end time |
|
Deprecated, please rename it to wad_restart_mode. WAD worker restart mode Choices:
|
|
Deprecated, please rename it to wad_restart_start_time. WAD workers daily restart time |
|
Deprecated, please rename it to wad_source_affinity. Enable/disable dispatching traffic to WAD workers based on source aff… Choices:
|
|
Deprecated, please rename it to wad_worker_count. Number of explicit proxy WAN optimization daemon |
|
(list) Deprecated, please rename it to wifi_ca_certificate. CA certificate that verifies the WiFi certificate. |
|
(list) Deprecated, please rename it to wifi_certificate. Certificate to use for WiFi authentication. |
|
Deprecated, please rename it to wimax_4g_usb. Enable/disable comparability with WiMAX 4G USB devices. Choices:
|
|
Deprecated, please rename it to wireless_controller. Enable/disable the wireless controller feature to use the FortiGate u… Choices:
|
|
Deprecated, please rename it to wireless_controller_port. Port used for the control channel in wireless controller mode |
|
Deprecated, please rename it to wireless_mode. Wireless mode setting. Choices:
|
|
Deprecated, please rename it to xstools_update_frequency. Xenserver tools daemon update frequency |
|
Enable/Disable logging for task. Choices:
|
|
Authenticate Ansible client with forticloud API access token. |
|
The overridden method for the underlying Json RPC request. Choices:
|
|
The rc codes list with which the conditions to fail will be overriden. |
|
The rc codes list with which the conditions to succeed will be overriden. |
|
The adom to lock for FortiManager running in workspace mode, the value can be global and others including root. |
|
The maximum time in seconds to wait for other user to release the workspace lock. Default: |
Notes
Note
Starting in version 2.4.0, all input arguments are named using the underscore naming convention (snake_case). Please change the arguments such as “var-name” to “var_name”. Old argument names are still available yet you will receive deprecation warnings. You can ignore this warning by setting deprecation_warnings=False in ansible.cfg.
Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.
Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded
Examples
- name: Example playbook (generated based on argument schema)
hosts: fortimanagers
connection: httpapi
vars:
ansible_httpapi_use_ssl: true
ansible_httpapi_validate_certs: false
ansible_httpapi_port: 443
tasks:
- name: Configure global attributes.
fortinet.fortimanager.fmgr_devprof_system_global:
# bypass_validation: false
workspace_locking_adom: <value in [global, custom adom including root]>
workspace_locking_timeout: 300
# rc_succeeded: [0, -2, -3, ...]
# rc_failed: [-2, -3, ...]
adom: <your own value>
devprof: <your own value>
devprof_system_global:
admin_https_redirect: <value in [disable, enable]>
admin_port: <integer>
admin_scp: <value in [disable, enable]>
admin_sport: <integer>
admin_ssh_port: <integer>
admin_ssh_v1: <value in [disable, enable]>
admin_telnet_port: <integer>
admintimeout: <integer>
gui_ipv6: <value in [disable, enable]>
gui_lines_per_page: <integer>
gui_theme: <value in [blue, green, melongene, ...]>
language: <value in [english, simch, japanese, ...]>
switch_controller: <value in [disable, enable]>
gui_device_latitude: <string>
gui_device_longitude: <string>
hostname: <string>
timezone: <list or string>
check_reset_range: <value in [disable, strict]>
pmtu_discovery: <value in [disable, enable]>
gui_allow_incompatible_fabric_fgt: <value in [disable, enable]>
admin_restrict_local: <value in [disable, enable, all, ...]>
gui_workflow_management: <value in [disable, enable]>
send_pmtu_icmp: <value in [disable, enable]>
tcp_halfclose_timer: <integer>
admin_server_cert: <list or string>
dnsproxy_worker_count: <integer>
show_backplane_intf: <value in [disable, enable]>
gui_custom_language: <value in [disable, enable]>
ldapconntimeout: <integer>
auth_https_port: <integer>
revision_backup_on_logout: <value in [disable, enable]>
arp_max_entry: <integer>
long_vdom_name: <value in [disable, enable]>
pre_login_banner: <value in [disable, enable]>
qsfpdd_split8_port: <list or string>
max_route_cache_size: <integer>
fortitoken_cloud_push_status: <value in [disable, enable]>
ssh_hostkey_override: <value in [disable, enable]>
proxy_hardware_acceleration: <value in [disable, enable]>
switch_controller_reserved_network: <list or string>
ssd_trim_date: <integer>
wad_worker_count: <integer>
ssh_hostkey: <string>
wireless_controller_port: <integer>
fgd_alert_subscription:
- advisory
- latest-threat
- latest-virus
- latest-attack
- new-antivirus-db
- new-attack-db
forticontroller_proxy_port: <integer>
dh_params: <value in [1024, 1536, 2048, ...]>
memory_use_threshold_green: <integer>
proxy_cert_use_mgmt_vdom: <value in [disable, enable]>
proxy_auth_lifetime_timeout: <integer>
gui_auto_upgrade_setup_warning: <value in [disable, enable]>
gui_cdn_usage: <value in [disable, enable]>
two_factor_email_expiry: <integer>
udp_idle_timer: <integer>
interface_subnet_usage: <value in [disable, enable]>
forticontroller_proxy: <value in [disable, enable]>
ssh_enc_algo:
- [email protected]
- aes128-ctr
- aes192-ctr
- aes256-ctr
- arcfour256
- arcfour128
- aes128-cbc
- 3des-cbc
- blowfish-cbc
- cast128-cbc
- aes192-cbc
- aes256-cbc
- arcfour
- [email protected]
- [email protected]
- [email protected]
block_session_timer: <integer>
quic_pmtud: <value in [disable, enable]>
admin_https_ssl_ciphersuites:
- TLS-AES-128-GCM-SHA256
- TLS-AES-256-GCM-SHA384
- TLS-CHACHA20-POLY1305-SHA256
- TLS-AES-128-CCM-SHA256
- TLS-AES-128-CCM-8-SHA256
security_rating_result_submission: <value in [disable, enable]>
user_device_store_max_unified_mem: <integer>
management_port: <integer>
fortigslb_integration: <value in [disable, enable]>
admin_https_ssl_versions:
- tlsv1-0
- tlsv1-1
- tlsv1-2
- sslv3
- tlsv1-3
cert_chain_max: <integer>
qsfp28_40g_port: <list or string>
strong_crypto: <value in [disable, enable]>
multi_factor_authentication: <value in [optional, mandatory]>
fds_statistics: <value in [disable, enable]>
gui_display_hostname: <value in [disable, enable]>
two_factor_ftk_expiry: <integer>
wad_source_affinity: <value in [disable, enable]>
ssl_static_key_ciphers: <value in [disable, enable]>
daily_restart: <value in [disable, enable]>
snat_route_change: <value in [disable, enable]>
tcp_rst_timer: <integer>
anti_replay: <value in [disable, loose, strict]>
ssl_min_proto_version: <value in [TLSv1, TLSv1-1, TLSv1-2, ...]>
speedtestd_server_port: <integer>
cpu_use_threshold: <integer>
admin_host: <string>
csr_ca_attribute: <value in [disable, enable]>
fortiservice_port: <integer>
ssd_trim_hour: <integer>
purdue_level: <value in [1, 2, 3, ...]>
management_vdom: <list or string>
quic_ack_thresold: <integer>
qsfpdd_100g_port: <list or string>
ips_affinity: <string>
vip_arp_range: <value in [restricted, unlimited]>
internet_service_database: <value in [mini, standard, full, ...]>
revision_image_auto_backup: <value in [disable, enable]>
sflowd_max_children_num: <integer>
admin_https_pki_required: <value in [disable, enable]>
special_file_23_support: <value in [disable, enable]>
npu_neighbor_update: <value in [disable, enable]>
log_single_cpu_high: <value in [disable, enable]>
management_ip: <string>
proxy_resource_mode: <value in [disable, enable]>
admin_ble_button: <value in [disable, enable]>
gui_firmware_upgrade_warning: <value in [disable, enable]>
dp_tcp_normal_timer: <integer>
ipv6_allow_traffic_redirect: <value in [disable, enable]>
cli_audit_log: <value in [disable, enable]>
memory_use_threshold_extreme: <integer>
ha_affinity: <string>
restart_time: <string>
speedtestd_ctrl_port: <integer>
gui_wireless_opensecurity: <value in [disable, enable]>
memory_use_threshold_red: <integer>
dp_fragment_timer: <integer>
wad_restart_start_time: <string>
proxy_re_authentication_time: <integer>
gui_app_detection_sdwan: <value in [disable, enable]>
scanunit_count: <integer>
tftp: <value in [disable, enable]>
xstools_update_frequency: <integer>
clt_cert_req: <value in [disable, enable]>
fortiextender_vlan_mode: <value in [disable, enable]>
auth_http_port: <integer>
per_user_bal: <value in [disable, enable]>
gui_date_format: <value in [yyyy/MM/dd, dd/MM/yyyy, MM/dd/yyyy, ...]>
log_uuid_address: <value in [disable, enable]>
cloud_communication: <value in [disable, enable]>
lldp_reception: <value in [disable, enable]>
two_factor_ftm_expiry: <integer>
quic_udp_payload_size_shaping_per_cid: <value in [disable, enable]>
autorun_log_fsck: <value in [disable, enable]>
vpn_ems_sn_check: <value in [disable, enable]>
admin_ssh_password: <value in [disable, enable]>
airplane_mode: <value in [disable, enable]>
batch_cmdb: <value in [disable, enable]>
ip_src_port_range: <list or string>
strict_dirty_session_check: <value in [disable, enable]>
user_device_store_max_devices: <integer>
dp_udp_idle_timer: <integer>
internal_switch_speed:
- auto
- 10full
- 10half
- 100full
- 100half
- 1000full
- 1000auto
forticonverter_config_upload: <value in [disable, once]>
ipsec_round_robin: <value in [disable, enable]>
wad_affinity: <string>
wifi_ca_certificate: <list or string>
wimax_4g_usb: <value in [disable, enable]>
miglog_affinity: <string>
faz_disk_buffer_size: <integer>
ssh_kex_algo:
- diffie-hellman-group1-sha1
- diffie-hellman-group14-sha1
- diffie-hellman-group-exchange-sha1
- diffie-hellman-group-exchange-sha256
- [email protected]
- ecdh-sha2-nistp256
- ecdh-sha2-nistp384
- ecdh-sha2-nistp521
- diffie-hellman-group14-sha256
- diffie-hellman-group16-sha512
- diffie-hellman-group18-sha512
auto_auth_extension_device: <value in [disable, enable]>
forticarrier_bypass: <value in [disable, enable]>
reset_sessionless_tcp: <value in [disable, enable]>
early_tcp_npu_session: <value in [disable, enable]>
http_unauthenticated_request_limit: <integer>
gui_local_out: <value in [disable, enable]>
tcp_option: <value in [disable, enable]>
proxy_auth_timeout: <integer>
fortiextender_discovery_lockdown: <value in [disable, enable]>
lldp_transmission: <value in [disable, enable]>
split_port: <list or string>
gui_certificates: <value in [disable, enable]>
cfg_save: <value in [automatic, manual, revert]>
auth_keepalive: <value in [disable, enable]>
split_port_mode:
-
interface: <string>
split_mode: <value in [disable, 4x10G, 4x25G, ...]>
admin_forticloud_sso_login: <value in [disable, enable]>
post_login_banner: <value in [disable, enable]>
br_fdb_max_entry: <integer>
ip_fragment_mem_thresholds: <integer>
fortiextender_provision_on_authorization: <value in [disable, enable]>
reboot_upon_config_restore: <value in [disable, enable]>
syslog_affinity: <string>
fortiextender_data_port: <integer>
quic_tls_handshake_timeout: <integer>
forticonverter_integration: <value in [disable, enable]>
proxy_keep_alive_mode: <value in [session, traffic, re-authentication]>
cmdbsvr_affinity: <string>
wad_memory_change_granularity: <integer>
dhcp_lease_backup_interval: <integer>
check_protocol_header: <value in [loose, strict]>
av_failopen_session: <value in [disable, enable]>
ipsec_ha_seqjump_rate: <integer>
admin_hsts_max_age: <integer>
igmp_state_limit: <integer>
admin_login_max: <integer>
ipv6_allow_multicast_probe: <value in [disable, enable]>
virtual_switch_vlan: <value in [disable, enable]>
admin_lockout_threshold: <integer>
dp_pinhole_timer: <integer>
wireless_controller: <value in [disable, enable]>
bfd_affinity: <string>
ssd_trim_freq: <value in [daily, weekly, monthly, ...]>
two_factor_sms_expiry: <integer>
traffic_priority: <value in [tos, dscp]>
proxy_and_explicit_proxy: <value in [disable, enable]>
sslvpn_web_mode: <value in [disable, enable]>
ssh_hostkey_password: <list or string>
wad_csvc_db_count: <integer>
ipv6_allow_anycast_probe: <value in [disable, enable]>
honor_df: <value in [disable, enable]>
hyper_scale_vdom_num: <integer>
wad_csvc_cs_count: <integer>
internal_switch_mode: <value in [switch, interface, hub]>
cfg_revert_timeout: <integer>
admin_concurrent: <value in [disable, enable]>
ipv6_allow_local_in_silent_drop: <value in [disable, enable]>
tcp_halfopen_timer: <integer>
dp_rsync_timer: <integer>
management_port_use_admin_sport: <value in [disable, enable]>
gui_forticare_registration_setup_warning: <value in [disable, enable]>
gui_replacement_message_groups: <value in [disable, enable]>
security_rating_run_on_schedule: <value in [disable, enable]>
admin_lockout_duration: <integer>
optimize_flow_mode: <value in [disable, enable]>
private_data_encryption: <value in [disable, enable]>
wireless_mode: <value in [ac, client, wtp, ...]>
alias: <string>
ssh_hostkey_algo:
- ssh-rsa
- ecdsa-sha2-nistp521
- rsa-sha2-256
- rsa-sha2-512
- ssh-ed25519
- ecdsa-sha2-nistp384
- ecdsa-sha2-nistp256
fortitoken_cloud: <value in [disable, enable]>
av_affinity: <string>
proxy_worker_count: <integer>
ipsec_asic_offload: <value in [disable, enable]>
miglogd_children: <integer>
sslvpn_max_worker_count: <integer>
ssh_mac_algo:
- hmac-md5
- [email protected]
- hmac-md5-96
- [email protected]
- hmac-sha1
- [email protected]
- hmac-sha2-256
- [email protected]
- hmac-sha2-512
- [email protected]
- hmac-ripemd160
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
url_filter_count: <integer>
wifi_certificate: <list or string>
radius_port: <integer>
sys_perf_log_interval: <integer>
gui_fortigate_cloud_sandbox: <value in [disable, enable]>
auth_cert: <list or string>
fortiextender: <value in [disable, enable]>
admin_reset_button: <value in [disable, enable]>
av_failopen: <value in [off, pass, one-shot, ...]>
user_device_store_max_users: <integer>
auth_session_limit: <value in [block-new, logout-inactive]>
ipv6_allow_local_in_slient_drop: <value in [disable, enable]>
quic_congestion_control_algo: <value in [cubic, bbr, bbr2, ...]>
auth_ike_saml_port: <integer>
wad_restart_end_time: <string>
http_request_limit: <integer>
irq_time_accounting: <value in [auto, force]>
remoteauthtimeout: <integer>
admin_https_ssl_banned_ciphers:
- RSA
- DHE
- ECDHE
- DSS
- ECDSA
- AES
- AESGCM
- CAMELLIA
- 3DES
- SHA1
- SHA256
- SHA384
- STATIC
- CHACHA20
- ARIA
- AESCCM
allow_traffic_redirect: <value in [disable, enable]>
legacy_poe_device_support: <value in [disable, enable]>
wad_restart_mode: <value in [none, time, memory]>
fds_statistics_period: <integer>
admin_telnet: <value in [disable, enable]>
ipv6_accept_dad: <integer>
tcp_timewait_timer: <integer>
admin_console_timeout: <integer>
default_service_source_port: <string>
quic_max_datagram_size: <integer>
refresh: <integer>
extender_controller_reserved_network: <list or string>
url_filter_affinity: <string>
policy_auth_concurrent: <integer>
ipsec_hmac_offload: <value in [disable, enable]>
traffic_priority_level: <value in [high, medium, low]>
ipsec_qat_offload: <value in [disable, enable]>
ssd_trim_min: <integer>
gui_date_time_source: <value in [system, browser]>
log_ssl_connection: <value in [disable, enable]>
ndp_max_entry: <integer>
vdom_mode: <value in [no-vdom, multi-vdom, split-vdom]>
internet_service_download_list: <list or string>
fortitoken_cloud_sync_interval: <integer>
ssd_trim_weekday: <value in [sunday, monday, tuesday, ...]>
two_factor_fac_expiry: <integer>
gui_rest_api_cache: <value in [disable, enable]>
admin_forticloud_sso_default_profile: <list or string>
proxy_auth_lifetime: <value in [disable, enable]>
device_idle_timeout: <integer>
login_timestamp: <value in [disable, enable]>
speedtest_server: <value in [disable, enable]>
edit_vdom_prompt: <value in [disable, enable]>
gui_cdn_domain_override: <string>
admin_ssh_grace_time: <integer>
sslvpn_ems_sn_check: <value in [disable, enable]>
user_server_cert: <list or string>
gui_allow_default_hostname: <value in [disable, enable]>
proxy_re_authentication_mode: <value in [session, traffic, absolute]>
ipsec_soft_dec_async: <value in [disable, enable]>
admin_maintainer: <value in [disable, enable]>
dst: <value in [disable, enable]>
fec_port: <integer>
ssh_kex_sha1: <value in [disable, enable]>
ssh_mac_weak: <value in [disable, enable]>
sslvpn_cipher_hardware_acceleration: <value in [disable, enable]>
sys_file_check_interval: <integer>
ssh_hmac_md5: <value in [disable, enable]>
ssh_cbc_cipher: <value in [disable, enable]>
gui_fortiguard_resource_fetch: <value in [disable, enable]>
sslvpn_kxp_hardware_acceleration: <value in [disable, enable]>
sslvpn_plugin_version_check: <value in [disable, enable]>
fortiipam_integration: <value in [disable, enable]>
gui_firmware_upgrade_setup_warning: <value in [disable, enable]>
log_uuid_policy: <value in [disable, enable]>
per_user_bwl: <value in [disable, enable]>
gui_fortisandbox_cloud: <value in [disable, enable]>
fortitoken_cloud_service: <value in [disable, enable]>
hw_switch_ether_filter: <value in [disable, enable]>
virtual_server_count: <integer>
endpoint_control_fds_access: <value in [disable, enable]>
proxy_cipher_hardware_acceleration: <value in [disable, enable]>
proxy_kxp_hardware_acceleration: <value in [disable, enable]>
virtual_server_hardware_acceleration: <value in [disable, enable]>
user_history_password_threshold: <integer>
delay_tcp_npu_session: <value in [disable, enable]>
auth_session_auto_backup_interval: <value in [1min, 5min, 15min, ...]>
ip_conflict_detection: <value in [disable, enable]>
gtpu_dynamic_source_port: <value in [disable, enable]>
ip_fragment_timeout: <integer>
ipv6_fragment_timeout: <integer>
scim_server_cert: <list or string>
scim_http_port: <integer>
auth_session_auto_backup: <value in [disable, enable]>
scim_https_port: <integer>
httpd_max_worker_count: <integer>
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
The result of the request. Returned: always |
|
The full url requested. Returned: always Sample: |
|
The status of api request. Returned: always Sample: |
|
The api response. Returned: always |
|
The descriptive message of the api response. Returned: always Sample: |
|
The information of the target system. Returned: always |
|
The status the request. Returned: always Sample: |
|
Warning if the parameters used in the playbook are not supported by the current FortiManager version. Returned: complex |