fortinet.fortimanager.fmgr_vap module – Configure Virtual Access Points
Note
This module is part of the fortinet.fortimanager collection (version 2.4.0).
You might already have this collection installed if you are using the ansible package.
It is not included in ansible-core.
To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install fortinet.fortimanager.
To use it in a playbook, specify: fortinet.fortimanager.fmgr_vap.
New in fortinet.fortimanager 2.0.0
Synopsis
This module is able to configure a FortiManager device.
Examples include all parameters and values which need to be adjusted to data sources before usage.
Parameters
Parameter |
Comments |
|---|---|
The token to access FortiManager without using username and password. |
|
The parameter (adom) in requested url. |
|
Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters. Choices:
|
|
Enable/Disable logging for task. Choices:
|
|
Authenticate Ansible client with forticloud API access token. |
|
The overridden method for the underlying Json RPC request. Choices:
|
|
The rc codes list with which the conditions to fail will be overriden. |
|
The rc codes list with which the conditions to succeed will be overriden. |
|
The directive to create, update or delete an object. Choices:
|
|
The top level parameters set. |
|
Deprecated, please rename it to d80211k. Enable/disable 802. Choices:
|
|
Deprecated, please rename it to d80211v. Enable/disable 802. Choices:
|
|
_Centmgmt. Choices:
|
|
_Dhcp_Svr_Id. |
|
_Intf_Allowaccess. Choices:
|
|
Deprecated, please rename it to _intf_device_access_list. _Intf_Device-Access-List. |
|
Deprecated, please rename it to _intf_device_identification. _Intf_Device-Identification. Choices:
|
|
Deprecated, please rename it to _intf_device_netscan. _Intf_Device-Netscan. Choices:
|
|
(list) Deprecated, please rename it to _intf_dhcp_relay_ip. _Intf_Dhcp-Relay-Ip. |
|
Deprecated, please rename it to _intf_dhcp_relay_service. _Intf_Dhcp-Relay-Service. Choices:
|
|
Deprecated, please rename it to _intf_dhcp_relay_type. _Intf_Dhcp-Relay-Type. Choices:
|
|
Deprecated, please rename it to _intf_dhcp6_relay_ip. _Intf_Dhcp6-Relay-Ip. |
|
Deprecated, please rename it to _intf_dhcp6_relay_service. _Intf_Dhcp6-Relay-Service. Choices:
|
|
Deprecated, please rename it to _intf_dhcp6_relay_type. _Intf_Dhcp6-Relay-Type. Choices:
|
|
_Intf_Ip. |
|
Deprecated, please rename it to _intf_ip6_address. _Intf_Ip6-Address. |
|
Deprecated, please rename it to _intf_ip6_allowaccess. _Intf_Ip6-Allowaccess. Choices:
|
|
Deprecated, please rename it to _intf_listen_forticlient_connection. _Intf_Listen-Forticlient-Connection. Choices:
|
|
No description. Choices:
|
|
Deprecated, please rename it to access_control_list. Access-control-list profile name. |
|
Deprecated, please rename it to acct_interim_interval. WiFi RADIUS accounting interim interval |
|
Deprecated, please rename it to additional_akms. Additional AKMs. Choices:
|
|
Deprecated, please rename it to address_group. Address group ID. |
|
Deprecated, please rename it to address_group_policy. Configure MAC address filtering policy for MAC addresses that are in… Choices:
|
|
Alias. |
|
Deprecated, please rename it to antivirus_profile. AntiVirus profile name. |
|
Deprecated, please rename it to application_detection_engine. Enable/disable application detection engine Choices:
|
|
Deprecated, please rename it to application_dscp_marking. Enable/disable application attribute based DSCP marking Choices:
|
|
Deprecated, please rename it to application_list. Application control list name. |
|
Deprecated, please rename it to application_report_intv. Application report interval |
|
Deprecated, please rename it to atf_weight. Airtime weight in percentage |
|
Authentication protocol. Choices:
|
|
Deprecated, please rename it to auth_cert. HTTPS server certificate. |
|
Deprecated, please rename it to auth_portal_addr. Address of captive portal. |
|
Deprecated, please rename it to beacon_advertising. Choices:
|
|
Deprecated, please rename it to broadcast_ssid. Enable/disable broadcasting the SSID Choices:
|
|
Deprecated, please rename it to broadcast_suppression. Optional suppression of broadcast messages. Choices:
|
|
Deprecated, please rename it to bss_color_partial. Enable/disable 802. Choices:
|
|
Deprecated, please rename it to bstm_disassociation_imminent. Enable/disable forcing of disassociation after the BSTM requ… Choices:
|
|
Deprecated, please rename it to bstm_load_balancing_disassoc_timer. Time interval for client to voluntarily leave AP befor… |
|
Deprecated, please rename it to bstm_rssi_disassoc_timer. Time interval for client to voluntarily leave AP before forcing … |
|
Deprecated, please rename it to captive_portal_ac_name. Local-bridging captive portal ac-name. |
|
Deprecated, please rename it to captive_portal_auth_timeout. Hard timeout - AP will always clear the session after timeout… |
|
Deprecated, please rename it to captive_portal_fw_accounting. Enable/disable RADIUS accounting for captive portal firewall… Choices:
|
|
(list) Deprecated, please rename it to captive_portal_macauth_radius_secret. Secret key to access the macauth RADIUS server. |
|
Deprecated, please rename it to captive_portal_macauth_radius_server. Captive portal external RADIUS server domain name or… |
|
(list) Deprecated, please rename it to captive_portal_radius_secret. Secret key to access the RADIUS server. |
|
Deprecated, please rename it to captive_portal_radius_server. Captive portal RADIUS server domain name or IP address. |
|
Deprecated, please rename it to captive_portal_session_timeout_interval. Session timeout interval |
|
Deprecated, please rename it to dhcp_address_enforcement. Enable/disable DHCP address enforcement Choices:
|
|
Deprecated, please rename it to dhcp_lease_time. DHCP lease time in seconds for NAT IP address. |
|
Deprecated, please rename it to dhcp_option43_insertion. Enable/disable insertion of DHCP option 43 Choices:
|
|
Deprecated, please rename it to dhcp_option82_circuit_id_insertion. Enable/disable DHCP option 82 circuit-id insert Choices:
|
|
Deprecated, please rename it to dhcp_option82_insertion. Enable/disable DHCP option 82 insert Choices:
|
|
Deprecated, please rename it to dhcp_option82_remote_id_insertion. Enable/disable DHCP option 82 remote-id insert Choices:
|
|
Deprecated, please rename it to dynamic_vlan. Enable/disable dynamic VLAN assignment. Choices:
|
|
Dynamic_Mapping. |
|
Deprecated, please rename it to d80211k. Enable/disable 802. Choices:
|
|
Deprecated, please rename it to d80211v. Enable/disable 802. Choices:
|
|
_Centmgmt. Choices:
|
|
_Dhcp_Svr_Id. |
|
_Intf_Allowaccess. Choices:
|
|
Deprecated, please rename it to _intf_device_access_list. _Intf_Device-Access-List. |
|
Deprecated, please rename it to _intf_device_identification. _Intf_Device-Identification. Choices:
|
|
Deprecated, please rename it to _intf_device_netscan. _Intf_Device-Netscan. Choices:
|
|
(list) Deprecated, please rename it to _intf_dhcp_relay_ip. _Intf_Dhcp-Relay-Ip. |
|
Deprecated, please rename it to _intf_dhcp_relay_service. _Intf_Dhcp-Relay-Service. Choices:
|
|
Deprecated, please rename it to _intf_dhcp_relay_type. _Intf_Dhcp-Relay-Type. Choices:
|
|
Deprecated, please rename it to _intf_dhcp6_relay_ip. _Intf_Dhcp6-Relay-Ip. |
|
Deprecated, please rename it to _intf_dhcp6_relay_service. _Intf_Dhcp6-Relay-Service. Choices:
|
|
Deprecated, please rename it to _intf_dhcp6_relay_type. _Intf_Dhcp6-Relay-Type. Choices:
|
|
_Intf_Ip. |
|
Deprecated, please rename it to _intf_ip6_address. _Intf_Ip6-Address. |
|
Deprecated, please rename it to _intf_ip6_allowaccess. _Intf_Ip6-Allowaccess. Choices:
|
|
Deprecated, please rename it to _intf_listen_forticlient_connection. _Intf_Listen-Forticlient-Connection. Choices:
|
|
No description. Choices:
|
|
_Scope. |
|
Name. |
|
Vdom. |
|
Deprecated, please rename it to access_control_list. Access-Control-List. |
|
Deprecated, please rename it to acct_interim_interval. WiFi RADIUS accounting interim interval |
|
Deprecated, please rename it to additional_akms. Additional-Akms. Choices:
|
|
Deprecated, please rename it to address_group. Address group ID. |
|
Deprecated, please rename it to address_group_policy. Configure MAC address filtering policy for MAC addresses tha… Choices:
|
|
Alias. |
|
Deprecated, please rename it to antivirus_profile. AntiVirus profile name. |
|
Deprecated, please rename it to application_detection_engine. Enable/disable application detection engine Choices:
|
|
Deprecated, please rename it to application_dscp_marking. Enable/disable application attribute based DSCP marking Choices:
|
|
Deprecated, please rename it to application_list. Application control list name. |
|
Deprecated, please rename it to application_report_intv. Application report interval |
|
Deprecated, please rename it to atf_weight. Airtime weight in percentage |
|
Authentication protocol. Choices:
|
|
Deprecated, please rename it to auth_cert. HTTPS server certificate. |
|
Deprecated, please rename it to auth_portal_addr. Address of captive portal. |
|
Deprecated, please rename it to beacon_advertising. Choices:
|
|
Deprecated, please rename it to broadcast_ssid. Enable/disable broadcasting the SSID Choices:
|
|
Deprecated, please rename it to broadcast_suppression. Optional suppression of broadcast messages. Choices:
|
|
Deprecated, please rename it to bss_color_partial. Bss-Color-Partial. Choices:
|
|
Deprecated, please rename it to bstm_disassociation_imminent. Enable/disable forcing of disassociation after the B… Choices:
|
|
Deprecated, please rename it to bstm_load_balancing_disassoc_timer. Time interval for client to voluntarily leave … |
|
Deprecated, please rename it to bstm_rssi_disassoc_timer. Time interval for client to voluntarily leave AP before … |
|
Deprecated, please rename it to captive_portal_ac_name. Local-bridging captive portal ac-name. |
|
Deprecated, please rename it to captive_portal_auth_timeout. Captive-Portal-Auth-Timeout. |
|
Deprecated, please rename it to captive_portal_fw_accounting. Enable/disable RADIUS accounting for captive portal … Choices:
|
|
(list) Deprecated, please rename it to captive_portal_macauth_radius_secret. Secret key to access the macauth RADI… |
|
Deprecated, please rename it to captive_portal_macauth_radius_server. Captive portal external RADIUS server domain… |
|
(list) Deprecated, please rename it to captive_portal_radius_secret. Secret key to access the RADIUS server. |
|
Deprecated, please rename it to captive_portal_radius_server. Captive portal RADIUS server domain name or IP address. |
|
Deprecated, please rename it to captive_portal_session_timeout_interval. Session timeout interval |
|
Deprecated, please rename it to client_count. Client-Count. |
|
Deprecated, please rename it to dhcp_address_enforcement. Enable/disable DHCP address enforcement Choices:
|
|
Deprecated, please rename it to dhcp_lease_time. DHCP lease time in seconds for NAT IP address. |
|
Deprecated, please rename it to dhcp_option43_insertion. Dhcp-Option43-Insertion. Choices:
|
|
Deprecated, please rename it to dhcp_option82_circuit_id_insertion. Enable/disable DHCP option 82 circuit-id insert Choices:
|
|
Deprecated, please rename it to dhcp_option82_insertion. Enable/disable DHCP option 82 insert Choices:
|
|
Deprecated, please rename it to dhcp_option82_remote_id_insertion. Enable/disable DHCP option 82 remote-id insert Choices:
|
|
Deprecated, please rename it to dynamic_vlan. Enable/disable dynamic VLAN assignment. Choices:
|
|
Deprecated, please rename it to eap_reauth. Enable/disable EAP re-authentication for WPA-Enterprise security. Choices:
|
|
Deprecated, please rename it to eap_reauth_intv. EAP re-authentication interval |
|
Deprecated, please rename it to eapol_key_retries. Enable/disable retransmission of EAPOL-Key frames Choices:
|
|
Encryption protocol to use Choices:
|
|
Deprecated, please rename it to external_fast_roaming. Enable/disable fast roaming or pre-authentication with exte… Choices:
|
|
Deprecated, please rename it to external_logout. URL of external authentication logout server. |
|
Deprecated, please rename it to external_web. URL of external authentication web server. |
|
Deprecated, please rename it to external_web_format. URL query parameter detection Choices:
|
|
Deprecated, please rename it to fast_bss_transition. Enable/disable 802. Choices:
|
|
Deprecated, please rename it to fast_roaming. Enable/disable fast-roaming, or pre-authentication, where supported … Choices:
|
|
Deprecated, please rename it to ft_mobility_domain. Mobility domain identifier in FT |
|
Deprecated, please rename it to ft_over_ds. Enable/disable FT over the Distribution System Choices:
|
|
Deprecated, please rename it to ft_r0_key_lifetime. Lifetime of the PMK-R0 key in FT, 1-65535 minutes. |
|
Deprecated, please rename it to gas_comeback_delay. GAS comeback delay |
|
Deprecated, please rename it to gas_fragmentation_limit. GAS fragmentation limit |
|
Deprecated, please rename it to gtk_rekey. Enable/disable GTK rekey for WPA security. Choices:
|
|
Deprecated, please rename it to gtk_rekey_intv. GTK rekey interval |
|
Deprecated, please rename it to high_efficiency. Enable/disable 802. Choices:
|
|
Deprecated, please rename it to hotspot20_profile. Hotspot 2. |
|
Deprecated, please rename it to igmp_snooping. Enable/disable IGMP snooping. Choices:
|
|
Deprecated, please rename it to intra_vap_privacy. Enable/disable blocking communication between clients on the sa… Choices:
|
|
IP address and subnet mask for the local standalone NAT subnet. |
|
Deprecated, please rename it to ips_sensor. IPS sensor name. |
|
Deprecated, please rename it to ipv6_rules. Ipv6-Rules. Choices:
|
|
(list) WEP Key. |
|
WEP key index |
|
Deprecated, please rename it to l3_roaming. Enable/disable layer 3 roaming Choices:
|
|
Deprecated, please rename it to l3_roaming_mode. Select the way that layer 3 roaming traffic is passed Choices:
|
|
VAP low-density parity-check Choices:
|
|
Deprecated, please rename it to local_authentication. Enable/disable AP local authentication. Choices:
|
|
Deprecated, please rename it to local_bridging. Enable/disable bridging of wireless and Ethernet interfaces on the… Choices:
|
|
Deprecated, please rename it to local_lan. Allow/deny traffic destined for a Class A, B, or C private IP address Choices:
|
|
Deprecated, please rename it to local_standalone. Enable/disable AP local standalone Choices:
|
|
Deprecated, please rename it to local_standalone_dns. Enable/disable AP local standalone DNS. Choices:
|
|
(list) Deprecated, please rename it to local_standalone_dns_ip. |
|
Deprecated, please rename it to local_standalone_nat. Enable/disable AP local standalone NAT mode. Choices:
|
|
Deprecated, please rename it to local_switching. Local-Switching. Choices:
|
|
Deprecated, please rename it to mac_auth_bypass. Enable/disable MAC authentication bypass. Choices:
|
|
Deprecated, please rename it to mac_called_station_delimiter. MAC called station delimiter Choices:
|
|
Deprecated, please rename it to mac_calling_station_delimiter. MAC calling station delimiter Choices:
|
|
Deprecated, please rename it to mac_case. MAC case Choices:
|
|
Deprecated, please rename it to mac_filter. Enable/disable MAC filtering to block wireless clients by mac address. Choices:
|
|
Deprecated, please rename it to mac_filter_policy_other. Allow or block clients with MAC addresses that are not in… Choices:
|
|
Deprecated, please rename it to mac_password_delimiter. MAC authentication password delimiter Choices:
|
|
Deprecated, please rename it to mac_username_delimiter. MAC authentication username delimiter Choices:
|
|
Deprecated, please rename it to max_clients. Maximum number of clients that can connect simultaneously to the VAP |
|
Deprecated, please rename it to max_clients_ap. Maximum number of clients that can connect simultaneously to the V… |
|
Enable/disable Multiband Operation Choices:
|
|
Deprecated, please rename it to mbo_cell_data_conn_pref. MBO cell data connection preference Choices:
|
|
Deprecated, please rename it to me_disable_thresh. Disable multicast enhancement when this many clients are receiv… |
|
Deprecated, please rename it to mesh_backhaul. Enable/disable using this VAP as a WiFi mesh backhaul Choices:
|
|
Enable/disable multiple PSK authentication. Choices:
|
|
Deprecated, please rename it to mpsk_concurrent_clients. Maximum number of concurrent clients that connect using t… |
|
Deprecated, please rename it to mpsk_profile. Mpsk-Profile. |
|
Deprecated, please rename it to mu_mimo. Enable/disable Multi-user MIMO Choices:
|
|
Deprecated, please rename it to multicast_enhance. Enable/disable converting multicast to unicast to improve perfo… Choices:
|
|
Deprecated, please rename it to multicast_rate. Multicast rate Choices:
|
|
Enable/disable network access control. Choices:
|
|
Deprecated, please rename it to nac_profile. NAC profile name. |
|
Deprecated, please rename it to neighbor_report_dual_band. Enable/disable dual-band neighbor report Choices:
|
|
Enable/disable Opportunistic Key Caching Choices:
|
|
Enable/disable OSEN as part of key management Choices:
|
|
Deprecated, please rename it to owe_groups. OWE-Groups. Choices:
|
|
Deprecated, please rename it to owe_transition. Enable/disable OWE transition mode support. Choices:
|
|
Deprecated, please rename it to owe_transition_ssid. OWE transition mode peer SSID. |
|
(list) WPA pre-shared key |
|
Protected Management Frames Choices:
|
|
Deprecated, please rename it to pmf_assoc_comeback_timeout. Protected Management Frames |
|
Deprecated, please rename it to pmf_sa_query_retry_timeout. Protected Management Frames |
|
Deprecated, please rename it to port_macauth. Enable/disable LAN port MAC authentication Choices:
|
|
Deprecated, please rename it to port_macauth_reauth_timeout. LAN port MAC authentication re-authentication timeout… |
|
Deprecated, please rename it to port_macauth_timeout. LAN port MAC authentication idle timeout value |
|
Deprecated, please rename it to portal_message_override_group. Replacement message group for this VAP |
|
Deprecated, please rename it to portal_type. Captive portal functionality. Choices:
|
|
Deprecated, please rename it to primary_wag_profile. Primary wireless access gateway profile name. |
|
Deprecated, please rename it to probe_resp_suppression. Enable/disable probe response suppression Choices:
|
|
Deprecated, please rename it to probe_resp_threshold. Minimum signal level/threshold in dBm required for the AP re… |
|
Deprecated, please rename it to ptk_rekey. Enable/disable PTK rekey for WPA-Enterprise security. Choices:
|
|
Deprecated, please rename it to ptk_rekey_intv. PTK rekey interval |
|
Deprecated, please rename it to qos_profile. Quality of service profile name. |
|
Enable/disable station quarantine Choices:
|
|
Deprecated, please rename it to radio_2g_threshold. Minimum signal level/threshold in dBm required for the AP resp… |
|
Deprecated, please rename it to radio_5g_threshold. Minimum signal level/threshold in dBm required for the AP resp… |
|
Deprecated, please rename it to radio_sensitivity. Enable/disable software radio sensitivity Choices:
|
|
Deprecated, please rename it to radius_mac_auth. Enable/disable RADIUS-based MAC authentication of clients Choices:
|
|
Deprecated, please rename it to radius_mac_auth_block_interval. Dont send RADIUS MAC auth request again if the cli… |
|
Deprecated, please rename it to radius_mac_auth_server. RADIUS-based MAC authentication server. |
|
(list) Deprecated, please rename it to radius_mac_auth_usergroups. Selective user groups that are permitted for RA… |
|
Deprecated, please rename it to radius_mac_mpsk_auth. Enable/disable RADIUS-based MAC authentication of clients fo… Choices:
|
|
Deprecated, please rename it to radius_mac_mpsk_timeout. RADIUS MAC MPSK cache timeout interval |
|
Deprecated, please rename it to radius_server. RADIUS server to be used to authenticate WiFi users. |
|
Deprecated, please rename it to rates_11a. Allowed data rates for 802. Choices:
|
|
Deprecated, please rename it to rates_11ac_mcs_map. Comma separated list of max supported VHT MCS for spatial stre… |
|
Deprecated, please rename it to rates_11ac_ss12. Allowed data rates for 802. Choices:
|
|
Deprecated, please rename it to rates_11ac_ss34. Allowed data rates for 802. Choices:
|
|
Deprecated, please rename it to rates_11ax_mcs_map. Comma separated list of max supported HE MCS for spatial strea… |
|
Deprecated, please rename it to rates_11ax_ss12. Choices:
|
|
Deprecated, please rename it to rates_11ax_ss34. Choices:
|
|
Deprecated, please rename it to rates_11bg. Allowed data rates for 802. Choices:
|
|
Deprecated, please rename it to rates_11n_ss12. Allowed data rates for 802. Choices:
|
|
Deprecated, please rename it to rates_11n_ss34. Allowed data rates for 802. Choices:
|
|
Deprecated, please rename it to roaming_acct_interim_update. Enable/disable using accounting interim update instea… Choices:
|
|
Deprecated, please rename it to sae_groups. SAE-Groups. Choices:
|
|
Deprecated, please rename it to sae_h2e_only. Use hash-to-element-only mechanism for PWE derivation Choices:
|
|
Deprecated, please rename it to sae_hnp_only. Use hunting-and-pecking-only mechanism for PWE derivation Choices:
|
|
(list) Deprecated, please rename it to sae_password. WPA3 SAE password to be used to authenticate WiFi users. |
|
Deprecated, please rename it to sae_pk. Enable/disable WPA3 SAE-PK Choices:
|
|
Deprecated, please rename it to sae_private_key. Private key used for WPA3 SAE-PK authentication. |
|
Deprecated, please rename it to scan_botnet_connections. Block or monitor connections to Botnet servers or disable… Choices:
|
|
(list or str) Firewall schedules for enabling this VAP on the FortiAP. |
|
Deprecated, please rename it to secondary_wag_profile. Secondary wireless access gateway profile name. |
|
Security mode for the wireless interface Choices:
|
|
Deprecated, please rename it to security_exempt_list. Optional security exempt list for captive portal authentication. |
|
Deprecated, please rename it to security_obsolete_option. Enable/disable obsolete security options. Choices:
|
|
Deprecated, please rename it to security_redirect_url. Optional URL for redirecting users after they pass captive … |
|
(list or str) Deprecated, please rename it to selected_usergroups. Selective user groups that are permitted to aut… |
|
Deprecated, please rename it to split_tunneling. Enable/disable split tunneling Choices:
|
|
IEEE 802. |
|
Deprecated, please rename it to sticky_client_remove. Sticky-Client-Remove. Choices:
|
|
Deprecated, please rename it to sticky_client_threshold_2g. Sticky-Client-Threshold-2G. |
|
Deprecated, please rename it to sticky_client_threshold_5g. Sticky-Client-Threshold-5G. |
|
Deprecated, please rename it to sticky_client_threshold_6g. Minimum signal level/threshold in dBm required for the… |
|
Deprecated, please rename it to target_wake_time. Enable/disable 802. Choices:
|
|
Deprecated, please rename it to tkip_counter_measure. Enable/disable TKIP counter measure. Choices:
|
|
Deprecated, please rename it to tunnel_echo_interval. The time interval to send echo to both primary and secondary… |
|
Deprecated, please rename it to tunnel_fallback_interval. The time interval for secondary tunnel to fall back to p… |
|
(list or str) Firewall user group to be used to authenticate WiFi users. |
|
Deprecated, please rename it to utm_log. Enable/disable UTM logging. Choices:
|
|
Deprecated, please rename it to utm_profile. UTM profile name. |
|
Deprecated, please rename it to utm_status. Enable to add one or more security profiles Choices:
|
|
(list or str) Vdom. |
|
Deprecated, please rename it to vlan_auto. Enable/disable automatic management of SSID VLAN interface. Choices:
|
|
Deprecated, please rename it to vlan_pooling. Enable/disable VLAN pooling, to allow grouping of multiple wireless … Choices:
|
|
Optional VLAN ID. |
|
Deprecated, please rename it to voice_enterprise. Enable/disable 802. Choices:
|
|
Deprecated, please rename it to webfilter_profile. WebFilter profile name. |
|
Deprecated, please rename it to eap_reauth. Enable/disable EAP re-authentication for WPA-Enterprise security. Choices:
|
|
Deprecated, please rename it to eap_reauth_intv. EAP re-authentication interval |
|
Deprecated, please rename it to eapol_key_retries. Enable/disable retransmission of EAPOL-Key frames Choices:
|
|
Encryption protocol to use Choices:
|
|
Deprecated, please rename it to external_fast_roaming. Enable/disable fast roaming or pre-authentication with external APs… Choices:
|
|
Deprecated, please rename it to external_logout. URL of external authentication logout server. |
|
Deprecated, please rename it to external_web. URL of external authentication web server. |
|
Deprecated, please rename it to external_web_format. URL query parameter detection Choices:
|
|
Deprecated, please rename it to fast_bss_transition. Enable/disable 802. Choices:
|
|
Deprecated, please rename it to fast_roaming. Enable/disable fast-roaming, or pre-authentication, where supported by clients Choices:
|
|
Deprecated, please rename it to ft_mobility_domain. Mobility domain identifier in FT |
|
Deprecated, please rename it to ft_over_ds. Enable/disable FT over the Distribution System Choices:
|
|
Deprecated, please rename it to ft_r0_key_lifetime. Lifetime of the PMK-R0 key in FT, 1-65535 minutes. |
|
Deprecated, please rename it to gas_comeback_delay. GAS comeback delay |
|
Deprecated, please rename it to gas_fragmentation_limit. GAS fragmentation limit |
|
Deprecated, please rename it to gtk_rekey. Enable/disable GTK rekey for WPA security. Choices:
|
|
Deprecated, please rename it to gtk_rekey_intv. GTK rekey interval |
|
Deprecated, please rename it to high_efficiency. Enable/disable 802. Choices:
|
|
Deprecated, please rename it to hotspot20_profile. Hotspot 2. |
|
Deprecated, please rename it to igmp_snooping. Enable/disable IGMP snooping. Choices:
|
|
Deprecated, please rename it to intra_vap_privacy. Enable/disable blocking communication between clients on the same SSID Choices:
|
|
IP address and subnet mask for the local standalone NAT subnet. |
|
Deprecated, please rename it to ips_sensor. IPS sensor name. |
|
Deprecated, please rename it to ipv6_rules. Optional rules of IPv6 packets. Choices:
|
|
(list) WEP Key. |
|
WEP key index |
|
Deprecated, please rename it to l3_roaming. Enable/disable layer 3 roaming Choices:
|
|
Deprecated, please rename it to l3_roaming_mode. Select the way that layer 3 roaming traffic is passed Choices:
|
|
VAP low-density parity-check Choices:
|
|
Deprecated, please rename it to local_authentication. Enable/disable AP local authentication. Choices:
|
|
Deprecated, please rename it to local_bridging. Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP Choices:
|
|
Deprecated, please rename it to local_lan. Allow/deny traffic destined for a Class A, B, or C private IP address Choices:
|
|
Deprecated, please rename it to local_standalone. Enable/disable AP local standalone Choices:
|
|
Deprecated, please rename it to local_standalone_dns. Enable/disable AP local standalone DNS. Choices:
|
|
(list) Deprecated, please rename it to local_standalone_dns_ip. |
|
Deprecated, please rename it to local_standalone_nat. Enable/disable AP local standalone NAT mode. Choices:
|
|
Deprecated, please rename it to mac_auth_bypass. Enable/disable MAC authentication bypass. Choices:
|
|
Deprecated, please rename it to mac_called_station_delimiter. MAC called station delimiter Choices:
|
|
Deprecated, please rename it to mac_calling_station_delimiter. MAC calling station delimiter Choices:
|
|
Deprecated, please rename it to mac_case. MAC case Choices:
|
|
Deprecated, please rename it to mac_filter. Enable/disable MAC filtering to block wireless clients by mac address. Choices:
|
|
Deprecated, please rename it to mac_filter_list. Mac-Filter-List. |
|
ID. |
|
MAC address. |
|
Deprecated, please rename it to mac_filter_policy. Deny or allow the client with this MAC address. Choices:
|
|
Deprecated, please rename it to mac_filter_policy_other. Allow or block clients with MAC addresses that are not in the fil… Choices:
|
|
Deprecated, please rename it to mac_password_delimiter. MAC authentication password delimiter Choices:
|
|
Deprecated, please rename it to mac_username_delimiter. MAC authentication username delimiter Choices:
|
|
Deprecated, please rename it to max_clients. Maximum number of clients that can connect simultaneously to the VAP |
|
Deprecated, please rename it to max_clients_ap. Maximum number of clients that can connect simultaneously to each radio |
|
Enable/disable Multiband Operation Choices:
|
|
Deprecated, please rename it to mbo_cell_data_conn_pref. MBO cell data connection preference Choices:
|
|
Deprecated, please rename it to me_disable_thresh. Disable multicast enhancement when this many clients are receiving mult… |
|
Deprecated, please rename it to mesh_backhaul. Enable/disable using this VAP as a WiFi mesh backhaul Choices:
|
|
Enable/disable multiple pre-shared keys Choices:
|
|
Deprecated, please rename it to mpsk_concurrent_clients. Number of pre-shared keys |
|
Deprecated, please rename it to mpsk_key. Mpsk-Key. |
|
Comment. |
|
Deprecated, please rename it to concurrent_clients. Number of clients that can connect using this pre-shared key. |
|
Deprecated, please rename it to key_name. Pre-shared key name. |
|
(list or str) Deprecated, please rename it to mpsk_schedules. Firewall schedule for MPSK passphrase. |
|
(list) WPA Pre-shared key. |
|
Deprecated, please rename it to mpsk_profile. MPSK profile name. |
|
Deprecated, please rename it to mu_mimo. Enable/disable Multi-user MIMO Choices:
|
|
Deprecated, please rename it to multicast_enhance. Enable/disable converting multicast to unicast to improve performance Choices:
|
|
Deprecated, please rename it to multicast_rate. Multicast rate Choices:
|
|
Enable/disable network access control. Choices:
|
|
Deprecated, please rename it to nac_profile. NAC profile name. |
|
Virtual AP name. |
|
Deprecated, please rename it to neighbor_report_dual_band. Enable/disable dual-band neighbor report Choices:
|
|
Enable/disable Opportunistic Key Caching Choices:
|
|
Enable/disable OSEN as part of key management Choices:
|
|
Deprecated, please rename it to owe_groups. OWE-Groups. Choices:
|
|
Deprecated, please rename it to owe_transition. Enable/disable OWE transition mode support. Choices:
|
|
Deprecated, please rename it to owe_transition_ssid. OWE transition mode peer SSID. |
|
(list) WPA pre-shared key |
|
Protected Management Frames Choices:
|
|
Deprecated, please rename it to pmf_assoc_comeback_timeout. Protected Management Frames |
|
Deprecated, please rename it to pmf_sa_query_retry_timeout. Protected Management Frames |
|
Deprecated, please rename it to port_macauth. Enable/disable LAN port MAC authentication Choices:
|
|
Deprecated, please rename it to port_macauth_reauth_timeout. LAN port MAC authentication re-authentication timeout value |
|
Deprecated, please rename it to port_macauth_timeout. LAN port MAC authentication idle timeout value |
|
Deprecated, please rename it to portal_message_override_group. Replacement message group for this VAP |
|
Deprecated, please rename it to portal_message_overrides. |
|
Deprecated, please rename it to auth_disclaimer_page. Override auth-disclaimer-page message with message from port… |
|
Deprecated, please rename it to auth_login_failed_page. Override auth-login-failed-page message with message from … |
|
Deprecated, please rename it to auth_login_page. Override auth-login-page message with message from portal-message… |
|
Deprecated, please rename it to auth_reject_page. Override auth-reject-page message with message from portal-messa… |
|
Deprecated, please rename it to portal_type. Captive portal functionality. Choices:
|
|
Deprecated, please rename it to primary_wag_profile. Primary wireless access gateway profile name. |
|
Deprecated, please rename it to probe_resp_suppression. Enable/disable probe response suppression Choices:
|
|
Deprecated, please rename it to probe_resp_threshold. Minimum signal level/threshold in dBm required for the AP response t… |
|
Deprecated, please rename it to ptk_rekey. Enable/disable PTK rekey for WPA-Enterprise security. Choices:
|
|
Deprecated, please rename it to ptk_rekey_intv. PTK rekey interval |
|
Deprecated, please rename it to qos_profile. Quality of service profile name. |
|
Enable/disable station quarantine Choices:
|
|
Deprecated, please rename it to radio_2g_threshold. Minimum signal level/threshold in dBm required for the AP response to … |
|
Deprecated, please rename it to radio_5g_threshold. Minimum signal level/threshold in dBm required for the AP response to … |
|
Deprecated, please rename it to radio_sensitivity. Enable/disable software radio sensitivity Choices:
|
|
Deprecated, please rename it to radius_mac_auth. Enable/disable RADIUS-based MAC authentication of clients Choices:
|
|
Deprecated, please rename it to radius_mac_auth_block_interval. Dont send RADIUS MAC auth request again if the client has … |
|
Deprecated, please rename it to radius_mac_auth_server. RADIUS-based MAC authentication server. |
|
(list) Deprecated, please rename it to radius_mac_auth_usergroups. Selective user groups that are permitted for RADIUS mac… |
|
Deprecated, please rename it to radius_mac_mpsk_auth. Enable/disable RADIUS-based MAC authentication of clients for MPSK a… Choices:
|
|
Deprecated, please rename it to radius_mac_mpsk_timeout. RADIUS MAC MPSK cache timeout interval |
|
Deprecated, please rename it to radius_server. RADIUS server to be used to authenticate WiFi users. |
|
Deprecated, please rename it to rates_11a. Allowed data rates for 802. Choices:
|
|
Deprecated, please rename it to rates_11ac_mcs_map. Comma separated list of max supported VHT MCS for spatial streams 1 th… |
|
Deprecated, please rename it to rates_11ac_ss12. Allowed data rates for 802. Choices:
|
|
Deprecated, please rename it to rates_11ac_ss34. Allowed data rates for 802. Choices:
|
|
Deprecated, please rename it to rates_11ax_mcs_map. Comma separated list of max supported HE MCS for spatial streams 1 thr… |
|
Deprecated, please rename it to rates_11ax_ss12. Choices:
|
|
Deprecated, please rename it to rates_11ax_ss34. Choices:
|
|
Deprecated, please rename it to rates_11bg. Allowed data rates for 802. Choices:
|
|
Deprecated, please rename it to rates_11n_ss12. Allowed data rates for 802. Choices:
|
|
Deprecated, please rename it to rates_11n_ss34. Allowed data rates for 802. Choices:
|
|
Deprecated, please rename it to roaming_acct_interim_update. Enable/disable using accounting interim update instead of acc… Choices:
|
|
Deprecated, please rename it to sae_groups. SAE-Groups. Choices:
|
|
Deprecated, please rename it to sae_h2e_only. Use hash-to-element-only mechanism for PWE derivation Choices:
|
|
Deprecated, please rename it to sae_hnp_only. Use hunting-and-pecking-only mechanism for PWE derivation Choices:
|
|
(list) Deprecated, please rename it to sae_password. WPA3 SAE password to be used to authenticate WiFi users. |
|
Deprecated, please rename it to sae_pk. Enable/disable WPA3 SAE-PK Choices:
|
|
Deprecated, please rename it to sae_private_key. Private key used for WPA3 SAE-PK authentication. |
|
Deprecated, please rename it to scan_botnet_connections. Block or monitor connections to Botnet servers or disable Botnet … Choices:
|
|
(list or str) VAP schedule name. |
|
Deprecated, please rename it to secondary_wag_profile. Secondary wireless access gateway profile name. |
|
Security mode for the wireless interface Choices:
|
|
Deprecated, please rename it to security_exempt_list. Optional security exempt list for captive portal authentication. |
|
Deprecated, please rename it to security_obsolete_option. Enable/disable obsolete security options. Choices:
|
|
Deprecated, please rename it to security_redirect_url. Optional URL for redirecting users after they pass captive portal a… |
|
(list or str) Deprecated, please rename it to selected_usergroups. Selective user groups that are permitted to authenticate. |
|
Deprecated, please rename it to split_tunneling. Enable/disable split tunneling Choices:
|
|
IEEE 802. |
|
Deprecated, please rename it to sticky_client_remove. Enable/disable sticky client remove to maintain good signal level cl… Choices:
|
|
Deprecated, please rename it to sticky_client_threshold_2g. Minimum signal level/threshold in dBm required for the 2G clie… |
|
Deprecated, please rename it to sticky_client_threshold_5g. Minimum signal level/threshold in dBm required for the 5G clie… |
|
Deprecated, please rename it to sticky_client_threshold_6g. Minimum signal level/threshold in dBm required for the 6G clie… |
|
Deprecated, please rename it to target_wake_time. Enable/disable 802. Choices:
|
|
Deprecated, please rename it to tkip_counter_measure. Enable/disable TKIP counter measure. Choices:
|
|
Deprecated, please rename it to tunnel_echo_interval. The time interval to send echo to both primary and secondary tunnel … |
|
Deprecated, please rename it to tunnel_fallback_interval. The time interval for secondary tunnel to fall back to primary t… |
|
(list or str) Firewall user group to be used to authenticate WiFi users. |
|
Deprecated, please rename it to utm_log. Enable/disable UTM logging. Choices:
|
|
Deprecated, please rename it to utm_profile. UTM profile name. |
|
Deprecated, please rename it to utm_status. Enable to add one or more security profiles Choices:
|
|
Name of the VDOM that the Virtual AP has been added to. |
|
Deprecated, please rename it to vlan_auto. Enable/disable automatic management of SSID VLAN interface. Choices:
|
|
Deprecated, please rename it to vlan_name. |
|
VLAN name. |
|
Deprecated, please rename it to vlan_id. VLAN ID. |
|
Deprecated, please rename it to vlan_pool. Vlan-Pool. |
|
Deprecated, please rename it to _wtp_group. _Wtp-Group. |
|
ID. |
|
Deprecated, please rename it to wtp_group. WTP group name. |
|
Deprecated, please rename it to vlan_pooling. Enable/disable VLAN pooling, to allow grouping of multiple wireless controll… Choices:
|
|
Optional VLAN ID. |
|
Deprecated, please rename it to voice_enterprise. Enable/disable 802. Choices:
|
|
Deprecated, please rename it to webfilter_profile. WebFilter profile name. |
|
The adom to lock for FortiManager running in workspace mode, the value can be global and others including root. |
|
The maximum time in seconds to wait for other user to release the workspace lock. Default: |
Notes
Note
Starting in version 2.4.0, all input arguments are named using the underscore naming convention (snake_case). Please change the arguments such as “var-name” to “var_name”. Old argument names are still available yet you will receive deprecation warnings. You can ignore this warning by setting deprecation_warnings=False in ansible.cfg.
Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.
To create or update an object, use state present directive.
To delete an object, use state absent directive.
Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded
Examples
- name: Example playbook (generated based on argument schema)
hosts: fortimanagers
connection: httpapi
vars:
ansible_httpapi_use_ssl: true
ansible_httpapi_validate_certs: false
ansible_httpapi_port: 443
tasks:
- name: Configure Virtual Access Points
fortinet.fortimanager.fmgr_vap:
# bypass_validation: false
workspace_locking_adom: <value in [global, custom adom including root]>
workspace_locking_timeout: 300
# rc_succeeded: [0, -2, -3, ...]
# rc_failed: [-2, -3, ...]
adom: <your own value>
state: present # <value in [present, absent]>
vap:
_centmgmt: <value in [disable, enable]>
_dhcp_svr_id: <string>
_intf_allowaccess:
- https
- ping
- ssh
- snmp
- http
- telnet
- fgfm
- auto-ipsec
- radius-acct
- probe-response
- capwap
- dnp
- ftm
- fabric
- speed-test
_intf_device_identification: <value in [disable, enable]>
_intf_device_netscan: <value in [disable, enable]>
_intf_dhcp_relay_ip: <list or string>
_intf_dhcp_relay_service: <value in [disable, enable]>
_intf_dhcp_relay_type: <value in [regular, ipsec]>
_intf_dhcp6_relay_ip: <string>
_intf_dhcp6_relay_service: <value in [disable, enable]>
_intf_dhcp6_relay_type: <value in [regular]>
_intf_ip: <string>
_intf_ip6_address: <string>
_intf_ip6_allowaccess:
- https
- ping
- ssh
- snmp
- http
- telnet
- any
- fgfm
- capwap
_intf_listen_forticlient_connection: <value in [disable, enable]>
acct_interim_interval: <integer>
alias: <string>
auth: <value in [PSK, psk, RADIUS, ...]>
broadcast_ssid: <value in [disable, enable]>
broadcast_suppression:
- dhcp
- arp
- dhcp2
- arp2
- netbios-ns
- netbios-ds
- arp3
- dhcp-up
- dhcp-down
- arp-known
- arp-unknown
- arp-reply
- ipv6
- dhcp-starvation
- arp-poison
- all-other-mc
- all-other-bc
- arp-proxy
- dhcp-ucast
captive_portal_ac_name: <string>
captive_portal_macauth_radius_secret: <list or string>
captive_portal_macauth_radius_server: <string>
captive_portal_radius_secret: <list or string>
captive_portal_radius_server: <string>
captive_portal_session_timeout_interval: <integer>
dhcp_lease_time: <integer>
dhcp_option82_circuit_id_insertion: <value in [disable, style-1, style-2, ...]>
dhcp_option82_insertion: <value in [disable, enable]>
dhcp_option82_remote_id_insertion: <value in [disable, style-1]>
dynamic_vlan: <value in [disable, enable]>
dynamic_mapping:
-
_centmgmt: <value in [disable, enable]>
_dhcp_svr_id: <string>
_intf_allowaccess:
- https
- ping
- ssh
- snmp
- http
- telnet
- fgfm
- auto-ipsec
- radius-acct
- probe-response
- capwap
- dnp
- ftm
- fabric
- speed-test
_intf_device_identification: <value in [disable, enable]>
_intf_device_netscan: <value in [disable, enable]>
_intf_dhcp_relay_ip: <list or string>
_intf_dhcp_relay_service: <value in [disable, enable]>
_intf_dhcp_relay_type: <value in [regular, ipsec]>
_intf_dhcp6_relay_ip: <string>
_intf_dhcp6_relay_service: <value in [disable, enable]>
_intf_dhcp6_relay_type: <value in [regular]>
_intf_ip: <string>
_intf_ip6_address: <string>
_intf_ip6_allowaccess:
- https
- ping
- ssh
- snmp
- http
- telnet
- any
- fgfm
- capwap
_intf_listen_forticlient_connection: <value in [disable, enable]>
_scope:
-
name: <string>
vdom: <string>
acct_interim_interval: <integer>
address_group: <string>
alias: <string>
atf_weight: <integer>
auth: <value in [PSK, psk, RADIUS, ...]>
broadcast_ssid: <value in [disable, enable]>
broadcast_suppression:
- dhcp
- arp
- dhcp2
- arp2
- netbios-ns
- netbios-ds
- arp3
- dhcp-up
- dhcp-down
- arp-known
- arp-unknown
- arp-reply
- ipv6
- dhcp-starvation
- arp-poison
- all-other-mc
- all-other-bc
- arp-proxy
- dhcp-ucast
captive_portal_ac_name: <string>
captive_portal_macauth_radius_secret: <list or string>
captive_portal_macauth_radius_server: <string>
captive_portal_radius_secret: <list or string>
captive_portal_radius_server: <string>
captive_portal_session_timeout_interval: <integer>
client_count: <integer>
dhcp_lease_time: <integer>
dhcp_option82_circuit_id_insertion: <value in [disable, style-1, style-2, ...]>
dhcp_option82_insertion: <value in [disable, enable]>
dhcp_option82_remote_id_insertion: <value in [disable, style-1]>
dynamic_vlan: <value in [disable, enable]>
eap_reauth: <value in [disable, enable]>
eap_reauth_intv: <integer>
eapol_key_retries: <value in [disable, enable]>
encrypt: <value in [TKIP, AES, TKIP-AES]>
external_fast_roaming: <value in [disable, enable]>
external_logout: <string>
external_web: <string>
fast_bss_transition: <value in [disable, enable]>
fast_roaming: <value in [disable, enable]>
ft_mobility_domain: <integer>
ft_over_ds: <value in [disable, enable]>
ft_r0_key_lifetime: <integer>
gtk_rekey: <value in [disable, enable]>
gtk_rekey_intv: <integer>
hotspot20_profile: <string>
intra_vap_privacy: <value in [disable, enable]>
ip: <string>
key: <list or string>
keyindex: <integer>
ldpc: <value in [disable, tx, rx, ...]>
local_authentication: <value in [disable, enable]>
local_bridging: <value in [disable, enable]>
local_lan: <value in [deny, allow]>
local_standalone: <value in [disable, enable]>
local_standalone_nat: <value in [disable, enable]>
local_switching: <value in [disable, enable]>
mac_auth_bypass: <value in [disable, enable]>
mac_filter: <value in [disable, enable]>
mac_filter_policy_other: <value in [deny, allow]>
max_clients: <integer>
max_clients_ap: <integer>
me_disable_thresh: <integer>
mesh_backhaul: <value in [disable, enable]>
mpsk: <value in [disable, enable]>
mpsk_concurrent_clients: <integer>
multicast_enhance: <value in [disable, enable]>
multicast_rate: <value in [0, 6000, 12000, ...]>
okc: <value in [disable, enable]>
owe_groups:
- 19
- 20
- 21
owe_transition: <value in [disable, enable]>
owe_transition_ssid: <string>
passphrase: <list or string>
pmf: <value in [disable, enable, optional]>
pmf_assoc_comeback_timeout: <integer>
pmf_sa_query_retry_timeout: <integer>
portal_message_override_group: <string>
portal_type: <value in [auth, auth+disclaimer, disclaimer, ...]>
probe_resp_suppression: <value in [disable, enable]>
probe_resp_threshold: <string>
ptk_rekey: <value in [disable, enable]>
ptk_rekey_intv: <integer>
qos_profile: <string>
quarantine: <value in [disable, enable]>
radio_2g_threshold: <string>
radio_5g_threshold: <string>
radio_sensitivity: <value in [disable, enable]>
radius_mac_auth: <value in [disable, enable]>
radius_mac_auth_server: <string>
radius_mac_auth_usergroups: <list or string>
radius_server: <string>
rates_11a:
- 1
- 1-basic
- 2
- 2-basic
- 5.5
- 5.5-basic
- 6
- 6-basic
- 9
- 9-basic
- 12
- 12-basic
- 18
- 18-basic
- 24
- 24-basic
- 36
- 36-basic
- 48
- 48-basic
- 54
- 54-basic
- 11
- 11-basic
rates_11ac_ss12:
- mcs0/1
- mcs1/1
- mcs2/1
- mcs3/1
- mcs4/1
- mcs5/1
- mcs6/1
- mcs7/1
- mcs8/1
- mcs9/1
- mcs0/2
- mcs1/2
- mcs2/2
- mcs3/2
- mcs4/2
- mcs5/2
- mcs6/2
- mcs7/2
- mcs8/2
- mcs9/2
- mcs10/1
- mcs11/1
- mcs10/2
- mcs11/2
rates_11ac_ss34:
- mcs0/3
- mcs1/3
- mcs2/3
- mcs3/3
- mcs4/3
- mcs5/3
- mcs6/3
- mcs7/3
- mcs8/3
- mcs9/3
- mcs0/4
- mcs1/4
- mcs2/4
- mcs3/4
- mcs4/4
- mcs5/4
- mcs6/4
- mcs7/4
- mcs8/4
- mcs9/4
- mcs10/3
- mcs11/3
- mcs10/4
- mcs11/4
rates_11bg:
- 1
- 1-basic
- 2
- 2-basic
- 5.5
- 5.5-basic
- 6
- 6-basic
- 9
- 9-basic
- 12
- 12-basic
- 18
- 18-basic
- 24
- 24-basic
- 36
- 36-basic
- 48
- 48-basic
- 54
- 54-basic
- 11
- 11-basic
rates_11n_ss12:
- mcs0/1
- mcs1/1
- mcs2/1
- mcs3/1
- mcs4/1
- mcs5/1
- mcs6/1
- mcs7/1
- mcs8/2
- mcs9/2
- mcs10/2
- mcs11/2
- mcs12/2
- mcs13/2
- mcs14/2
- mcs15/2
rates_11n_ss34:
- mcs16/3
- mcs17/3
- mcs18/3
- mcs19/3
- mcs20/3
- mcs21/3
- mcs22/3
- mcs23/3
- mcs24/4
- mcs25/4
- mcs26/4
- mcs27/4
- mcs28/4
- mcs29/4
- mcs30/4
- mcs31/4
sae_groups:
- 1
- 2
- 5
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 27
- 28
- 29
- 30
- 31
sae_password: <list or string>
schedule: <list or string>
security: <value in [None, WEP64, wep64, ...]>
security_exempt_list: <string>
security_obsolete_option: <value in [disable, enable]>
security_redirect_url: <string>
selected_usergroups: <list or string>
split_tunneling: <value in [disable, enable]>
ssid: <string>
tkip_counter_measure: <value in [disable, enable]>
usergroup: <list or string>
utm_profile: <string>
vdom: <list or string>
vlan_auto: <value in [disable, enable]>
vlan_pooling: <value in [wtp-group, round-robin, hash, ...]>
vlanid: <integer>
voice_enterprise: <value in [disable, enable]>
mu_mimo: <value in [disable, enable]>
_intf_device_access_list: <string>
external_web_format: <value in [auto-detect, no-query-string, partial-query-string]>
high_efficiency: <value in [disable, enable]>
primary_wag_profile: <string>
secondary_wag_profile: <string>
target_wake_time: <value in [disable, enable]>
tunnel_echo_interval: <integer>
tunnel_fallback_interval: <integer>
access_control_list: <string>
captive_portal_auth_timeout: <integer>
ipv6_rules:
- drop-icmp6ra
- drop-icmp6rs
- drop-llmnr6
- drop-icmp6mld2
- drop-dhcp6s
- drop-dhcp6c
- ndp-proxy
- drop-ns-dad
- drop-ns-nondad
sticky_client_remove: <value in [disable, enable]>
sticky_client_threshold_2g: <string>
sticky_client_threshold_5g: <string>
bss_color_partial: <value in [disable, enable]>
dhcp_option43_insertion: <value in [disable, enable]>
mpsk_profile: <string>
igmp_snooping: <value in [disable, enable]>
port_macauth: <value in [disable, radius, address-group]>
port_macauth_reauth_timeout: <integer>
port_macauth_timeout: <integer>
additional_akms:
- akm6
bstm_disassociation_imminent: <value in [disable, enable]>
bstm_load_balancing_disassoc_timer: <integer>
bstm_rssi_disassoc_timer: <integer>
dhcp_address_enforcement: <value in [disable, enable]>
gas_comeback_delay: <integer>
gas_fragmentation_limit: <integer>
mac_called_station_delimiter: <value in [hyphen, single-hyphen, colon, ...]>
mac_calling_station_delimiter: <value in [hyphen, single-hyphen, colon, ...]>
mac_case: <value in [uppercase, lowercase]>
mac_password_delimiter: <value in [hyphen, single-hyphen, colon, ...]>
mac_username_delimiter: <value in [hyphen, single-hyphen, colon, ...]>
mbo: <value in [disable, enable]>
mbo_cell_data_conn_pref: <value in [excluded, prefer-not, prefer-use]>
nac: <value in [disable, enable]>
nac_profile: <string>
neighbor_report_dual_band: <value in [disable, enable]>
address_group_policy: <value in [disable, allow, deny]>
antivirus_profile: <string>
application_detection_engine: <value in [disable, enable]>
application_list: <string>
application_report_intv: <integer>
auth_cert: <string>
auth_portal_addr: <string>
beacon_advertising:
- name
- model
- serial-number
ips_sensor: <string>
l3_roaming: <value in [disable, enable]>
local_standalone_dns: <value in [disable, enable]>
local_standalone_dns_ip: <list or string>
osen: <value in [disable, enable]>
radius_mac_mpsk_auth: <value in [disable, enable]>
radius_mac_mpsk_timeout: <integer>
rates_11ax_ss12:
- mcs0/1
- mcs1/1
- mcs2/1
- mcs3/1
- mcs4/1
- mcs5/1
- mcs6/1
- mcs7/1
- mcs8/1
- mcs9/1
- mcs10/1
- mcs11/1
- mcs0/2
- mcs1/2
- mcs2/2
- mcs3/2
- mcs4/2
- mcs5/2
- mcs6/2
- mcs7/2
- mcs8/2
- mcs9/2
- mcs10/2
- mcs11/2
rates_11ax_ss34:
- mcs0/3
- mcs1/3
- mcs2/3
- mcs3/3
- mcs4/3
- mcs5/3
- mcs6/3
- mcs7/3
- mcs8/3
- mcs9/3
- mcs10/3
- mcs11/3
- mcs0/4
- mcs1/4
- mcs2/4
- mcs3/4
- mcs4/4
- mcs5/4
- mcs6/4
- mcs7/4
- mcs8/4
- mcs9/4
- mcs10/4
- mcs11/4
scan_botnet_connections: <value in [disable, block, monitor]>
utm_log: <value in [disable, enable]>
utm_status: <value in [disable, enable]>
webfilter_profile: <string>
sae_h2e_only: <value in [disable, enable]>
sae_pk: <value in [disable, enable]>
sae_private_key: <string>
sticky_client_threshold_6g: <string>
application_dscp_marking: <value in [disable, enable]>
l3_roaming_mode: <value in [direct, indirect]>
rates_11ac_mcs_map: <string>
rates_11ax_mcs_map: <string>
captive_portal_fw_accounting: <value in [disable, enable]>
radius_mac_auth_block_interval: <integer>
_is_factory_setting: <value in [disable, enable, ext]>
d80211k: <value in [disable, enable]>
d80211v: <value in [disable, enable]>
roaming_acct_interim_update: <value in [disable, enable]>
sae_hnp_only: <value in [disable, enable]>
eap_reauth: <value in [disable, enable]>
eap_reauth_intv: <integer>
eapol_key_retries: <value in [disable, enable]>
encrypt: <value in [TKIP, AES, TKIP-AES]>
external_fast_roaming: <value in [disable, enable]>
external_logout: <string>
external_web: <string>
fast_bss_transition: <value in [disable, enable]>
fast_roaming: <value in [disable, enable]>
ft_mobility_domain: <integer>
ft_over_ds: <value in [disable, enable]>
ft_r0_key_lifetime: <integer>
gtk_rekey: <value in [disable, enable]>
gtk_rekey_intv: <integer>
hotspot20_profile: <string>
intra_vap_privacy: <value in [disable, enable]>
ip: <string>
key: <list or string>
keyindex: <integer>
ldpc: <value in [disable, tx, rx, ...]>
local_authentication: <value in [disable, enable]>
local_bridging: <value in [disable, enable]>
local_lan: <value in [deny, allow]>
local_standalone: <value in [disable, enable]>
local_standalone_nat: <value in [disable, enable]>
mac_auth_bypass: <value in [disable, enable]>
mac_filter: <value in [disable, enable]>
mac_filter_list:
-
id: <integer>
mac: <string>
mac_filter_policy: <value in [deny, allow]>
mac_filter_policy_other: <value in [deny, allow]>
max_clients: <integer>
max_clients_ap: <integer>
me_disable_thresh: <integer>
mesh_backhaul: <value in [disable, enable]>
mpsk: <value in [disable, enable]>
mpsk_concurrent_clients: <integer>
mpsk_key:
-
comment: <string>
concurrent_clients: <string>
key_name: <string>
passphrase: <list or string>
mpsk_schedules: <list or string>
multicast_enhance: <value in [disable, enable]>
multicast_rate: <value in [0, 6000, 12000, ...]>
name: <string>
okc: <value in [disable, enable]>
passphrase: <list or string>
pmf: <value in [disable, enable, optional]>
pmf_assoc_comeback_timeout: <integer>
pmf_sa_query_retry_timeout: <integer>
portal_message_override_group: <string>
portal_type: <value in [auth, auth+disclaimer, disclaimer, ...]>
probe_resp_suppression: <value in [disable, enable]>
probe_resp_threshold: <string>
ptk_rekey: <value in [disable, enable]>
ptk_rekey_intv: <integer>
qos_profile: <string>
quarantine: <value in [disable, enable]>
radio_2g_threshold: <string>
radio_5g_threshold: <string>
radio_sensitivity: <value in [disable, enable]>
radius_mac_auth: <value in [disable, enable]>
radius_mac_auth_server: <string>
radius_mac_auth_usergroups: <list or string>
radius_server: <string>
rates_11a:
- 1
- 1-basic
- 2
- 2-basic
- 5.5
- 5.5-basic
- 6
- 6-basic
- 9
- 9-basic
- 12
- 12-basic
- 18
- 18-basic
- 24
- 24-basic
- 36
- 36-basic
- 48
- 48-basic
- 54
- 54-basic
- 11
- 11-basic
rates_11ac_ss12:
- mcs0/1
- mcs1/1
- mcs2/1
- mcs3/1
- mcs4/1
- mcs5/1
- mcs6/1
- mcs7/1
- mcs8/1
- mcs9/1
- mcs0/2
- mcs1/2
- mcs2/2
- mcs3/2
- mcs4/2
- mcs5/2
- mcs6/2
- mcs7/2
- mcs8/2
- mcs9/2
- mcs10/1
- mcs11/1
- mcs10/2
- mcs11/2
rates_11ac_ss34:
- mcs0/3
- mcs1/3
- mcs2/3
- mcs3/3
- mcs4/3
- mcs5/3
- mcs6/3
- mcs7/3
- mcs8/3
- mcs9/3
- mcs0/4
- mcs1/4
- mcs2/4
- mcs3/4
- mcs4/4
- mcs5/4
- mcs6/4
- mcs7/4
- mcs8/4
- mcs9/4
- mcs10/3
- mcs11/3
- mcs10/4
- mcs11/4
rates_11bg:
- 1
- 1-basic
- 2
- 2-basic
- 5.5
- 5.5-basic
- 6
- 6-basic
- 9
- 9-basic
- 12
- 12-basic
- 18
- 18-basic
- 24
- 24-basic
- 36
- 36-basic
- 48
- 48-basic
- 54
- 54-basic
- 11
- 11-basic
rates_11n_ss12:
- mcs0/1
- mcs1/1
- mcs2/1
- mcs3/1
- mcs4/1
- mcs5/1
- mcs6/1
- mcs7/1
- mcs8/2
- mcs9/2
- mcs10/2
- mcs11/2
- mcs12/2
- mcs13/2
- mcs14/2
- mcs15/2
rates_11n_ss34:
- mcs16/3
- mcs17/3
- mcs18/3
- mcs19/3
- mcs20/3
- mcs21/3
- mcs22/3
- mcs23/3
- mcs24/4
- mcs25/4
- mcs26/4
- mcs27/4
- mcs28/4
- mcs29/4
- mcs30/4
- mcs31/4
schedule: <list or string>
security: <value in [None, WEP64, wep64, ...]>
security_exempt_list: <string>
security_obsolete_option: <value in [disable, enable]>
security_redirect_url: <string>
selected_usergroups: <list or string>
split_tunneling: <value in [disable, enable]>
ssid: <string>
tkip_counter_measure: <value in [disable, enable]>
usergroup: <list or string>
utm_profile: <string>
vdom: <string>
vlan_auto: <value in [disable, enable]>
vlan_pool:
-
_wtp_group: <string>
id: <integer>
wtp_group: <string>
vlan_pooling: <value in [wtp-group, round-robin, hash, ...]>
vlanid: <integer>
voice_enterprise: <value in [disable, enable]>
address_group: <string>
atf_weight: <integer>
mu_mimo: <value in [disable, enable]>
owe_groups:
- 19
- 20
- 21
owe_transition: <value in [disable, enable]>
owe_transition_ssid: <string>
sae_groups:
- 1
- 2
- 5
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 27
- 28
- 29
- 30
- 31
sae_password: <list or string>
_intf_device_access_list: <string>
external_web_format: <value in [auto-detect, no-query-string, partial-query-string]>
high_efficiency: <value in [disable, enable]>
primary_wag_profile: <string>
secondary_wag_profile: <string>
target_wake_time: <value in [disable, enable]>
tunnel_echo_interval: <integer>
tunnel_fallback_interval: <integer>
access_control_list: <string>
captive_portal_auth_timeout: <integer>
ipv6_rules:
- drop-icmp6ra
- drop-icmp6rs
- drop-llmnr6
- drop-icmp6mld2
- drop-dhcp6s
- drop-dhcp6c
- ndp-proxy
- drop-ns-dad
- drop-ns-nondad
sticky_client_remove: <value in [disable, enable]>
sticky_client_threshold_2g: <string>
sticky_client_threshold_5g: <string>
bss_color_partial: <value in [disable, enable]>
dhcp_option43_insertion: <value in [disable, enable]>
mpsk_profile: <string>
igmp_snooping: <value in [disable, enable]>
port_macauth: <value in [disable, radius, address-group]>
port_macauth_reauth_timeout: <integer>
port_macauth_timeout: <integer>
portal_message_overrides:
auth_disclaimer_page: <string>
auth_login_failed_page: <string>
auth_login_page: <string>
auth_reject_page: <string>
additional_akms:
- akm6
bstm_disassociation_imminent: <value in [disable, enable]>
bstm_load_balancing_disassoc_timer: <integer>
bstm_rssi_disassoc_timer: <integer>
dhcp_address_enforcement: <value in [disable, enable]>
gas_comeback_delay: <integer>
gas_fragmentation_limit: <integer>
mac_called_station_delimiter: <value in [hyphen, single-hyphen, colon, ...]>
mac_calling_station_delimiter: <value in [hyphen, single-hyphen, colon, ...]>
mac_case: <value in [uppercase, lowercase]>
mac_password_delimiter: <value in [hyphen, single-hyphen, colon, ...]>
mac_username_delimiter: <value in [hyphen, single-hyphen, colon, ...]>
mbo: <value in [disable, enable]>
mbo_cell_data_conn_pref: <value in [excluded, prefer-not, prefer-use]>
nac: <value in [disable, enable]>
nac_profile: <string>
neighbor_report_dual_band: <value in [disable, enable]>
address_group_policy: <value in [disable, allow, deny]>
antivirus_profile: <string>
application_detection_engine: <value in [disable, enable]>
application_list: <string>
application_report_intv: <integer>
auth_cert: <string>
auth_portal_addr: <string>
beacon_advertising:
- name
- model
- serial-number
ips_sensor: <string>
l3_roaming: <value in [disable, enable]>
local_standalone_dns: <value in [disable, enable]>
local_standalone_dns_ip: <list or string>
osen: <value in [disable, enable]>
radius_mac_mpsk_auth: <value in [disable, enable]>
radius_mac_mpsk_timeout: <integer>
rates_11ax_ss12:
- mcs0/1
- mcs1/1
- mcs2/1
- mcs3/1
- mcs4/1
- mcs5/1
- mcs6/1
- mcs7/1
- mcs8/1
- mcs9/1
- mcs10/1
- mcs11/1
- mcs0/2
- mcs1/2
- mcs2/2
- mcs3/2
- mcs4/2
- mcs5/2
- mcs6/2
- mcs7/2
- mcs8/2
- mcs9/2
- mcs10/2
- mcs11/2
rates_11ax_ss34:
- mcs0/3
- mcs1/3
- mcs2/3
- mcs3/3
- mcs4/3
- mcs5/3
- mcs6/3
- mcs7/3
- mcs8/3
- mcs9/3
- mcs10/3
- mcs11/3
- mcs0/4
- mcs1/4
- mcs2/4
- mcs3/4
- mcs4/4
- mcs5/4
- mcs6/4
- mcs7/4
- mcs8/4
- mcs9/4
- mcs10/4
- mcs11/4
scan_botnet_connections: <value in [disable, block, monitor]>
utm_log: <value in [disable, enable]>
utm_status: <value in [disable, enable]>
vlan_name:
-
name: <string>
vlan_id: <integer>
webfilter_profile: <string>
sae_h2e_only: <value in [disable, enable]>
sae_pk: <value in [disable, enable]>
sae_private_key: <string>
sticky_client_threshold_6g: <string>
application_dscp_marking: <value in [disable, enable]>
l3_roaming_mode: <value in [direct, indirect]>
rates_11ac_mcs_map: <string>
rates_11ax_mcs_map: <string>
captive_portal_fw_accounting: <value in [disable, enable]>
radius_mac_auth_block_interval: <integer>
_is_factory_setting: <value in [disable, enable, ext]>
d80211k: <value in [disable, enable]>
d80211v: <value in [disable, enable]>
roaming_acct_interim_update: <value in [disable, enable]>
sae_hnp_only: <value in [disable, enable]>
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
|---|---|
The result of the request. Returned: always |
|
The full url requested. Returned: always Sample: |
|
The status of api request. Returned: always Sample: |
|
The api response. Returned: always |
|
The descriptive message of the api response. Returned: always Sample: |
|
The information of the target system. Returned: always |
|
The status the request. Returned: always Sample: |
|
Warning if the parameters used in the playbook are not supported by the current FortiManager version. Returned: complex |