fortinet.fortimanager.fmgr_system_global module – Global range attributes.
Note
This module is part of the fortinet.fortimanager collection (version 2.7.0).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install fortinet.fortimanager
.
To use it in a playbook, specify: fortinet.fortimanager.fmgr_system_global
.
New in fortinet.fortimanager 1.0.0
Synopsis
This module is able to configure a FortiManager device.
Examples include all parameters and values which need to be adjusted to data sources before usage.
Parameters
Parameter |
Comments |
---|---|
The token to access FortiManager without using username and password. |
|
Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters. Choices:
|
|
Enable/Disable logging for task. Choices:
|
|
Authenticate Ansible client with forticloud API access token. |
|
The overridden method for the underlying Json RPC request. Choices:
|
|
The rc codes list with which the conditions to fail will be overriden. |
|
The rc codes list with which the conditions to succeed will be overriden. |
|
The top level parameters set. |
|
Deprecated, please rename it to admin_host. Administrative host for HTTP and HTTPs. |
|
Deprecated, please rename it to admin_lockout_duration. Lockout duration |
|
Deprecated, please rename it to admin_lockout_method. Lockout method for administration. ip - Lockout by IP user - Lockout by user Choices:
|
|
Deprecated, please rename it to admin_lockout_threshold. Lockout threshold for administration. |
|
Deprecated, please rename it to admin_ssh_grace_time. Maximum time in seconds permitted between making an SSH connection t… |
|
Deprecated, please rename it to adom_mode. ADOM mode. normal - Normal ADOM mode. advanced - Advanced ADOM mode. Choices:
|
|
Deprecated, please rename it to adom_rev_auto_delete. Auto delete features for old ADOM revisions. disable - Disable auto delete function for ADOM revision. by-revisions - Auto delete ADOM revisions by maximum number of revisions. by-days - Auto delete ADOM revisions by maximum days. Choices:
|
|
Deprecated, please rename it to adom_rev_max_backup_revisions. Maximum number of ADOM revisions to backup. |
|
Deprecated, please rename it to adom_rev_max_days. Number of days to keep old ADOM revisions. |
|
Deprecated, please rename it to adom_rev_max_revisions. Maximum number of ADOM revisions to keep. |
|
Deprecated, please rename it to adom_select. Enable/disable select ADOM after login. disable - Disable select ADOM after login. enable - Enable select ADOM after login. Choices:
|
|
Deprecated, please rename it to adom_status. ADOM status. disable - Disable ADOM mode. enable - Enable ADOM mode. Choices:
|
|
Deprecated, please rename it to apache_mode. Set apache mode. event - Apache event mode. prefork - Apache prefork mode. Choices:
|
|
Deprecated, please rename it to api_ip_binding. Enable/disable source IP check for JSON API request. disable - Disable setting. enable - Enable setting. Choices:
|
|
Deprecated, please rename it to clone_name_option. set the clone object names option. default - Add a prefix of Clone of to the clone name. keep - Keep the original name for user to edit. Choices:
|
|
Deprecated, please rename it to clt_cert_req. Require client certificate for GUI login. disable - Disable setting. enable - Require client certificate for GUI login. optional - Optional client certificate for GUI login. Choices:
|
|
Deprecated, please rename it to console_output. Console output mode. standard - Standard output. more - More page output. Choices:
|
|
Deprecated, please rename it to contentpack_fgt_install. Enable/disable outbreak alert auto install for FGT ADOMS . disable - Disable the sql report auto outbreak auto install. enable - Enable the sql report auto outbreak auto install. Choices:
|
|
Deprecated, please rename it to country_flag. Country flag Status. disable - Disable country flag icon beside ip address. enable - Enable country flag icon beside ip address. Choices:
|
|
Deprecated, please rename it to create_revision. Enable/disable create revision by default. disable - Disable create revision by default. enable - Enable create revision by default. Choices:
|
|
Enable/disable daylight saving time. disable - Disable setting. enable - Enable setting. Choices:
|
|
Deprecated, please rename it to default_disk_quota. Default disk quota for registered device |
|
Deprecated, please rename it to detect_unregistered_log_device. Detect unregistered logging device from log message. disable - Disable attribute function. enable - Enable attribute function. Choices:
|
|
Deprecated, please rename it to device_view_mode. Set devices/groups view mode. regular - Regular view mode. tree - Tree view mode. Choices:
|
|
Deprecated, please rename it to dh_params. Minimum size of Diffie-Hellman prime for SSH/HTTPS 1024 - 1024 bits. 1536 - 1536 bits. 2048 - 2048 bits. 3072 - 3072 bits. 4096 - 4096 bits. 6144 - 6144 bits. 8192 - 8192 bits. Choices:
|
|
Deprecated, please rename it to disable_module. Disable module list. fortiview-noc - FortiView/NOC-SOC module. Choices:
|
|
Deprecated, please rename it to enc_algorithm. SSL communication encryption algorithms. low - SSL communication using all available encryption algorithms. medium - SSL communication using high and medium encryption algorithms. high - SSL communication using high encryption algorithms. Choices:
|
|
Deprecated, please rename it to fabric_storage_pool_quota. Disk quota for Fabric |
|
Deprecated, please rename it to fabric_storage_pool_size. Max storage pooll size |
|
Deprecated, please rename it to faz_status. FAZ status. disable - Disable FAZ feature. enable - Enable FAZ feature. Choices:
|
|
Deprecated, please rename it to fcp_cfg_service. Enable/disable FCP service processing configuration requests disable - FCP service doesn't process configuration requests from web enable - FCP service processes configuration requests from web. Choices:
|
|
Deprecated, please rename it to fgfm_ca_cert. Set the extra fgfm CA certificates. |
|
Deprecated, please rename it to fgfm_cert_exclusive. set if the local or CA certificates should be used exclusively. disable - Used certificate best-effort. enable - Used certificate exclusive. Choices:
|
|
Deprecated, please rename it to fgfm_deny_unknown. set if allow devices with unknown SN actively register as an unauthorized device. disable - Allow devices with unknown SN to actively register as an unauthorized device. enable - Deny devices with unknown SN to actively register as an unauthorized device. Choices:
|
|
Deprecated, please rename it to fgfm_local_cert. Set the fgfm local certificate. |
|
Deprecated, please rename it to fgfm_peercert_withoutsn. set if the subject CN or SAN of peer's SSL certificate sent in FGFM should include the serial number of the device. disable - Peer's certificate must include serial number in subject CN or SAN. enable - Peer's certificate might not include serial number in subject CN or SAN. Choices:
|
|
Deprecated, please rename it to fgfm_ssl_protocol. set the lowest SSL protocols for fgfmsd. sslv3 - set SSLv3 as the lowest version. tlsv1. tlsv1. tlsv1. Choices:
|
|
Deprecated, please rename it to fortiservice_port. FortiService port |
|
Deprecated, please rename it to gui_curl_timeout. GUI curl timeout in seconds |
|
Deprecated, please rename it to gui_polling_interval. GUI polling interval in seconds |
|
Deprecated, please rename it to ha_member_auto_grouping. Enable/disable automatically group HA members feature disable - Disable automatically grouping HA members feature. enable - Enable automatically grouping HA members only when group name is unique in your network. Choices:
|
|
The number of FortiGates that FortiManager polls at one time |
|
The interval for getting hit count from managed FortiGate devices, in seconds |
|
System hostname. |
|
Deprecated, please rename it to import_ignore_addr_cmt. Enable/Disable import ignore of address comments. disable - Disable import ignore of address comments. enable - Enable import ignore of address comments. Choices:
|
|
Deprecated, please rename it to jsonapi_log. enable jsonapi log. disable - disable jsonapi log. request - logging jsonapi request. response - logging jsonapi response. all - logging both jsonapi request & response. Choices:
|
|
System global language. english - English simch - Simplified Chinese japanese - Japanese korean - Korean spanish - Spanish trach - Traditional Chinese Choices:
|
|
Fmg location latitude |
|
Deprecated, please rename it to ldap_cache_timeout. LDAP browser cache timeout |
|
LDAP connection timeout |
|
Deprecated, please rename it to lock_preempt. Enable/disable ADOM lock override. disable - Disable lock preempt. enable - Enable lock preempt. Choices:
|
|
Deprecated, please rename it to log_checksum. Record log file hash value, timestamp, and authentication code at transmission or rolling. none - No record log file checksum. md5 - Record log files MD5 hash value only. md5-auth - Record log files MD5 hash value and authentication code. Choices:
|
|
Deprecated, please rename it to log_checksum_upload. Enable/disable upload log checksum with log files. disable - Disable attribute function. enable - Enable attribute function. Choices:
|
|
Deprecated, please rename it to log_forward_cache_size. Log forwarding disk cache size |
|
Fmg location longitude |
|
Deprecated, please rename it to management_ip. Management IP address of this FortiGate. |
|
Deprecated, please rename it to management_port. Overriding port for management connection |
|
Deprecated, please rename it to max_log_forward. Maximum number of log-forward and aggregation settings. |
|
Deprecated, please rename it to max_running_reports. Maximum number of reports generating at one time. |
|
Deprecated, please rename it to mc_policy_disabled_adoms. Mc policy disabled adoms. |
|
Deprecated, please rename it to adom_name. Adom names. |
|
Deprecated, please rename it to multiple_steps_upgrade_in_autolink. Enable/disable multiple steps upgade in autolink process disable - Disable setting. enable - Enable setting. Choices:
|
|
Deprecated, please rename it to no_copy_permission_check. Do not perform permission check to block object changes in different adom during copy and install. disable - Disable setting. enable - Enable setting. Choices:
|
|
Deprecated, please rename it to no_vip_value_check. Enable/disable skipping policy instead of throwing error when vip has no default or dynamic mapping during policy copy disable - Disable setting. enable - Enable setting. Choices:
|
|
Deprecated, please rename it to normalized_intf_zone_only. allow normalized interface to be zone only. disable - Disable SSL low-grade encryption. enable - Enable SSL low-grade encryption. Choices:
|
|
Deprecated, please rename it to object_revision_db_max. Maximum revisions for a single database |
|
Deprecated, please rename it to object_revision_mandatory_note. Enable/disable mandatory note when create revision. disable - Disable object revision. enable - Enable object revision. Choices:
|
|
Deprecated, please rename it to object_revision_object_max. Maximum revisions for a single object |
|
Deprecated, please rename it to object_revision_status. Enable/disable create revision when modify objects. disable - Disable object revision. enable - Enable object revision. Choices:
|
|
Deprecated, please rename it to oftp_ssl_protocol. set the lowest SSL protocols for oftpd. sslv3 - set SSLv3 as the lowest version. tlsv1. tlsv1. tlsv1. Choices:
|
|
Deprecated, please rename it to partial_install. Enable/Disable partial install disable - Disable partial install function. enable - Enable partial install function. Choices:
|
|
Deprecated, please rename it to partial_install_force. Enable/Disable partial install when devdb is modified. disable - Disable partial install when devdb is modified. enable - Enable partial install when devdb is modified. Choices:
|
|
Deprecated, please rename it to partial_install_rev. Enable/Disable auto creating adom revision for partial install. disable - Disable partial install revision. enable - Enable partial install revision. Choices:
|
|
Deprecated, please rename it to per_policy_lock. Enable/Disable per policy lock. disable - Disable per policy lock. enable - Enable per policy lock. Choices:
|
|
Deprecated, please rename it to perform_improve_by_ha. Enable/Disable performance improvement by distributing tasks to HA slaves. disable - Disable performance improvement by HA. enable - Enable performance improvement by HA. Choices:
|
|
Deprecated, please rename it to policy_hit_count. show policy hit count. disable - Disable policy hit count. enable - Enable policy hit count. Choices:
|
|
Deprecated, please rename it to policy_object_icon. show icons of policy objects. disable - Disable icon of policy objects. enable - Enable icon of policy objects. Choices:
|
|
Deprecated, please rename it to policy_object_in_dual_pane. show policies and objects in dual pane. disable - Disable polices and objects in dual pane. enable - Enable polices and objects in dual pane. Choices:
|
|
Deprecated, please rename it to pre_login_banner. Enable/disable pre-login banner. disable - Disable pre-login banner. enable - Enable pre-login banner. Choices:
|
|
Deprecated, please rename it to pre_login_banner_message. Pre-login banner message. |
|
Deprecated, please rename it to private_data_encryption. Enable/disable private data encryption using an AES 128-bit key. disable - Disable private data encryption using an AES 128-bit key. enable - Enable private data encryption using an AES 128-bit key. Choices:
|
|
Remote authentication |
|
Deprecated, please rename it to save_last_hit_in_adomdb. Enable/Disable save last-hit value in adomdb. disable - Disable save last-hit value in adomdb. enable - Enable save last-hit value in adomdb. Choices:
|
|
Deprecated, please rename it to search_all_adoms. Enable/Disable Search all ADOMs for where-used query. disable - Disable search all ADOMs for where-used queries. enable - Enable search all ADOMs for where-used queries. Choices:
|
|
Deprecated, please rename it to ssh_enc_algo. Select one or more SSH ciphers. aes128-ctr aes192-ctr aes256-ctr arcfour256 arcfour128 aes128-cbc 3des-cbc blowfish-cbc cast128-cbc aes192-cbc aes256-cbc arcfour Choices:
|
|
Deprecated, please rename it to ssh_hostkey_algo. Select one or more SSH hostkey algorithms. ssh-rsa ecdsa-sha2-nistp521 rsa-sha2-256 rsa-sha2-512 ssh-ed25519 Choices:
|
|
Deprecated, please rename it to ssh_kex_algo. Select one or more SSH kex algorithms. diffie-hellman-group1-sha1 diffie-hellman-group14-sha1 diffie-hellman-group14-sha256 diffie-hellman-group16-sha512 diffie-hellman-group18-sha512 diffie-hellman-group-exchange-sha1 diffie-hellman-group-exchange-sha256 ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 Choices:
|
|
Deprecated, please rename it to ssh_mac_algo. Select one or more SSH MAC algorithms. hmac-md5 hmac-md5-96 hmac-sha1 hmac-sha2-256 hmac-sha2-512 hmac-ripemd160 Choices:
|
|
Deprecated, please rename it to ssh_strong_crypto. Only allow strong ciphers for SSH when enabled. disable - Disable strong crypto for SSH. enable - Enable strong crypto for SSH. Choices:
|
|
Deprecated, please rename it to ssl_cipher_suites. Ssl cipher suites. |
|
Cipher name |
|
SSL/TLS cipher suites priority. |
|
SSL/TLS version the cipher suite can be used with. tls1. tls1. Choices:
|
|
Deprecated, please rename it to ssl_low_encryption. SSL low-grade encryption. disable - Disable SSL low-grade encryption. enable - Enable SSL low-grade encryption. Choices:
|
|
Deprecated, please rename it to ssl_protocol. SSL protocols. tlsv1. tlsv1. tlsv1. sslv3 - Enable SSLv3. Choices:
|
|
Deprecated, please rename it to ssl_static_key_ciphers. Enable/disable SSL static key ciphers. disable - Disable setting. enable - Enable setting. Choices:
|
|
Deprecated, please rename it to table_entry_blink. Enable/disable table entry blink in GUI disable - Disable setting. enable - Enable setting. Choices:
|
|
Deprecated, please rename it to task_list_size. Maximum number of completed tasks to keep. |
|
Enable/disable TFTP in `exec restore image` command disable - Disable TFTP enable - Enable TFTP Choices:
|
|
Time zone. 00 - 01 - 02 - 03 - 04 - 05 - 06 - 07 - 08 - 09 - 10 - 11 - 12 - 13 - 14 - 15 - 16 - 17 - 18 - 19 - 20 - 21 - 22 - 23 - 24 - 25 - 26 - 27 - 28 - 29 - 30 - 31 - 32 - 33 - 34 - 35 - 36 - 37 - 38 - 39 - 40 - 41 - 42 - 43 - 44 - 45 - 46 - 47 - 48 - 49 - 50 - 51 - 52 - 53 - 54 - 55 - 56 - 57 - 58 - 59 - 60 - 61 - 62 - 63 - 64 - 65 - 66 - 67 - 68 - 69 - 70 - 71 - 72 - 73 - 74 - 75 - 76 - 77 - 78 - 79 - 80 - 81 - 82 - 83 - 84 - 85 - 86 - 87 - 88 - 89 - Choices:
|
|
Deprecated, please rename it to tunnel_mtu. Maximum transportation unit |
|
Enable/disable Fortiguard server restriction. disable - Contact any Fortiguard server enable - Contact Fortiguard server in USA only Choices:
|
|
Deprecated, please rename it to vdom_mirror. VDOM mirror. disable - Disable VDOM mirror function. enable - Enable VDOM mirror function. Choices:
|
|
Deprecated, please rename it to webservice_proto. Web Service connection support SSL protocols. tlsv1. tlsv1. tlsv1. sslv3 - Web Service connection using SSLv3 protocol. sslv2 - Web Service connection using SSLv2 protocol. Choices:
|
|
Deprecated, please rename it to workflow_max_sessions. Maximum number of workflow sessions per ADOM |
|
Deprecated, please rename it to workspace_mode. Set workspace mode disabled - Workspace disabled. normal - Workspace lock mode. workflow - Workspace workflow mode. Choices:
|
|
Deprecated, please rename it to workspace_unlock_after_install. Enable/disable ADOM auto-unlock after device installation. disable - Disable automatically unlock adom after device installation. enable - Enable automatically unlock adom after device installation. Choices:
|
|
The adom to lock for FortiManager running in workspace mode, the value can be global and others including root. |
|
The maximum time in seconds to wait for other user to release the workspace lock. Default: |
Notes
Note
Starting in version 2.4.0, all input arguments are named using the underscore naming convention (snake_case). Please change the arguments such as “var-name” to “var_name”. Old argument names are still available yet you will receive deprecation warnings. You can ignore this warning by setting deprecation_warnings=False in ansible.cfg.
Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.
Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded
Examples
- name: Example playbook
hosts: fortimanagers
connection: httpapi
vars:
ansible_httpapi_use_ssl: true
ansible_httpapi_validate_certs: false
ansible_httpapi_port: 443
tasks:
- name: Enable workspace mode
fortinet.fortimanager.fmgr_system_global:
system_global:
adom-status: enable
workspace-mode: normal
- name: Script table.
fortinet.fortimanager.fmgr_dvmdb_script:
bypass_validation: false
adom: root
state: present
workspace_locking_adom: "root"
dvmdb_script:
content: "ansiblt-test"
name: "fooscript000"
target: device_database
type: cli
- name: Verify script table
fortinet.fortimanager.fmgr_fact:
facts:
selector: "dvmdb_script"
params:
adom: "root"
script: "fooscript000"
register: info
failed_when: info.meta.response_code != 0
- name: Restore workspace mode
fortinet.fortimanager.fmgr_system_global:
system_global:
adom-status: enable
workspace-mode: disabled
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
The result of the request. Returned: always |
|
The full url requested. Returned: always Sample: |
|
The status of api request. Returned: always Sample: |
|
The api response. Returned: always |
|
The descriptive message of the api response. Returned: always Sample: |
|
The information of the target system. Returned: always |
|
The status the request. Returned: always Sample: |
|
Warning if the parameters used in the playbook are not supported by the current FortiManager version. Returned: complex |