fortinet.fortimanager.fmgr_vap module – Configure Virtual Access Points

Note

This module is part of the fortinet.fortimanager collection (version 2.7.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install fortinet.fortimanager.

To use it in a playbook, specify: fortinet.fortimanager.fmgr_vap.

New in fortinet.fortimanager 2.0.0

Synopsis

  • This module is able to configure a FortiManager device.

  • Examples include all parameters and values which need to be adjusted to data sources before usage.

Parameters

Parameter

Comments

access_token

string

The token to access FortiManager without using username and password.

adom

string / required

The parameter (adom) in requested url.

bypass_validation

boolean

Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters.

Choices:

  • false ← (default)

  • true

enable_log

boolean

Enable/Disable logging for task.

Choices:

  • false ← (default)

  • true

forticloud_access_token

string

Authenticate Ansible client with forticloud API access token.

proposed_method

string

The overridden method for the underlying Json RPC request.

Choices:

  • "update"

  • "set"

  • "add"

rc_failed

list / elements=integer

The rc codes list with which the conditions to fail will be overriden.

rc_succeeded

list / elements=integer

The rc codes list with which the conditions to succeed will be overriden.

state

string / required

The directive to create, update or delete an object.

Choices:

  • "present"

  • "absent"

vap

dictionary

The top level parameters set.

80211k

string

Deprecated, please rename it to d80211k. Enable/disable 802.

Choices:

  • "disable"

  • "enable"

80211v

string

Deprecated, please rename it to d80211v. Enable/disable 802.

Choices:

  • "disable"

  • "enable"

_centmgmt

string

Centmgmt.

Choices:

  • "disable"

  • "enable"

_dhcp_svr_id

string

Dhcp svr id.

_intf_allowaccess

list / elements=string

Intf allowaccess.

Choices:

  • "https"

  • "ping"

  • "ssh"

  • "snmp"

  • "http"

  • "telnet"

  • "fgfm"

  • "auto-ipsec"

  • "radius-acct"

  • "probe-response"

  • "capwap"

  • "dnp"

  • "ftm"

  • "fabric"

  • "speed-test"

_intf_device-access-list

string

Deprecated, please rename it to _intf_device_access_list. Intf device access list.

_intf_device-identification

string

Deprecated, please rename it to _intf_device_identification. Intf device identification.

Choices:

  • "disable"

  • "enable"

_intf_device-netscan

string

Deprecated, please rename it to _intf_device_netscan. Intf device netscan.

Choices:

  • "disable"

  • "enable"

_intf_dhcp-relay-ip

any

(list) Deprecated, please rename it to _intf_dhcp_relay_ip. Intf dhcp relay ip.

_intf_dhcp-relay-service

string

Deprecated, please rename it to _intf_dhcp_relay_service. Intf dhcp relay service.

Choices:

  • "disable"

  • "enable"

_intf_dhcp-relay-type

string

Deprecated, please rename it to _intf_dhcp_relay_type. Intf dhcp relay type.

Choices:

  • "regular"

  • "ipsec"

_intf_dhcp6-relay-ip

string

Deprecated, please rename it to _intf_dhcp6_relay_ip. Intf dhcp6 relay ip.

_intf_dhcp6-relay-service

string

Deprecated, please rename it to _intf_dhcp6_relay_service. Intf dhcp6 relay service.

Choices:

  • "disable"

  • "enable"

_intf_dhcp6-relay-type

string

Deprecated, please rename it to _intf_dhcp6_relay_type. Intf dhcp6 relay type.

Choices:

  • "regular"

_intf_ip

string

Intf ip.

_intf_ip-managed-by-fortiipam

string

Deprecated, please rename it to _intf_ip_managed_by_fortiipam. Intf ip managed by fortiipam.

Choices:

  • "disable"

  • "enable"

  • "inherit-global"

_intf_ip6-address

string

Deprecated, please rename it to _intf_ip6_address. Intf ip6 address.

_intf_ip6-allowaccess

list / elements=string

Deprecated, please rename it to _intf_ip6_allowaccess. Intf ip6 allowaccess.

Choices:

  • "https"

  • "ping"

  • "ssh"

  • "snmp"

  • "http"

  • "telnet"

  • "any"

  • "fgfm"

  • "capwap"

_intf_listen-forticlient-connection

string

Deprecated, please rename it to _intf_listen_forticlient_connection. Intf listen forticlient connection.

Choices:

  • "disable"

  • "enable"

_intf_managed-subnetwork-size

string

Deprecated, please rename it to _intf_managed_subnetwork_size. Intf managed subnetwork size.

Choices:

  • "32"

  • "64"

  • "128"

  • "256"

  • "512"

  • "1024"

  • "2048"

  • "4096"

  • "8192"

  • "16384"

  • "32768"

  • "65536"

_is_factory_setting

string

Is factory setting.

Choices:

  • "disable"

  • "enable"

  • "ext"

access-control-list

string

Deprecated, please rename it to access_control_list. Access-control-list profile name.

acct-interim-interval

integer

Deprecated, please rename it to acct_interim_interval. WiFi RADIUS accounting interim interval

additional-akms

list / elements=string

Deprecated, please rename it to additional_akms. Additional AKMs.

Choices:

  • "akm6"

  • "akm24"

address-group

string

Deprecated, please rename it to address_group. Address group ID.

address-group-policy

string

Deprecated, please rename it to address_group_policy. Configure MAC address filtering policy for MAC addresses that are in…

Choices:

  • "disable"

  • "allow"

  • "deny"

akm24-only

string

Deprecated, please rename it to akm24_only. WPA3 SAE using group-dependent hash only

Choices:

  • "disable"

  • "enable"

alias

string

Alias.

antivirus-profile

string

Deprecated, please rename it to antivirus_profile. AntiVirus profile name.

application-detection-engine

string

Deprecated, please rename it to application_detection_engine. Enable/disable application detection engine

Choices:

  • "disable"

  • "enable"

application-dscp-marking

string

Deprecated, please rename it to application_dscp_marking. Enable/disable application attribute based DSCP marking

Choices:

  • "disable"

  • "enable"

application-list

string

Deprecated, please rename it to application_list. Application control list name.

application-report-intv

integer

Deprecated, please rename it to application_report_intv. Application report interval

atf-weight

integer

Deprecated, please rename it to atf_weight. Airtime weight in percentage

auth

string

Authentication protocol.

Choices:

  • "PSK"

  • "psk"

  • "RADIUS"

  • "radius"

  • "usergroup"

auth-cert

string

Deprecated, please rename it to auth_cert. HTTPS server certificate.

auth-portal-addr

string

Deprecated, please rename it to auth_portal_addr. Address of captive portal.

beacon-advertising

list / elements=string

Deprecated, please rename it to beacon_advertising. Fortinet beacon advertising IE data

Choices:

  • "name"

  • "model"

  • "serial-number"

beacon-protection

string

Deprecated, please rename it to beacon_protection. Enable/disable beacon protection support

Choices:

  • "disable"

  • "enable"

broadcast-ssid

string

Deprecated, please rename it to broadcast_ssid. Enable/disable broadcasting the SSID

Choices:

  • "disable"

  • "enable"

broadcast-suppression

list / elements=string

Deprecated, please rename it to broadcast_suppression. Optional suppression of broadcast messages.

Choices:

  • "dhcp"

  • "arp"

  • "dhcp2"

  • "arp2"

  • "netbios-ns"

  • "netbios-ds"

  • "arp3"

  • "dhcp-up"

  • "dhcp-down"

  • "arp-known"

  • "arp-unknown"

  • "arp-reply"

  • "ipv6"

  • "dhcp-starvation"

  • "arp-poison"

  • "all-other-mc"

  • "all-other-bc"

  • "arp-proxy"

  • "dhcp-ucast"

bss-color-partial

string

Deprecated, please rename it to bss_color_partial. Enable/disable 802.

Choices:

  • "disable"

  • "enable"

bstm-disassociation-imminent

string

Deprecated, please rename it to bstm_disassociation_imminent. Enable/disable forcing of disassociation after the BSTM requ…

Choices:

  • "disable"

  • "enable"

bstm-load-balancing-disassoc-timer

integer

Deprecated, please rename it to bstm_load_balancing_disassoc_timer. Time interval for client to voluntarily leave AP befor…

bstm-rssi-disassoc-timer

integer

Deprecated, please rename it to bstm_rssi_disassoc_timer. Time interval for client to voluntarily leave AP before forcing …

captive-portal

string

Deprecated, please rename it to captive_portal. Enable/disable captive portal.

Choices:

  • "disable"

  • "enable"

captive-portal-ac-name

string

Deprecated, please rename it to captive_portal_ac_name. Local-bridging captive portal ac-name.

captive-portal-auth-timeout

integer

Deprecated, please rename it to captive_portal_auth_timeout. Hard timeout - AP will always clear the session after timeout…

captive-portal-fw-accounting

string

Deprecated, please rename it to captive_portal_fw_accounting. Enable/disable RADIUS accounting for captive portal firewall…

Choices:

  • "disable"

  • "enable"

captive-portal-macauth-radius-secret

any

(list) Deprecated, please rename it to captive_portal_macauth_radius_secret. Secret key to access the macauth RADIUS server.

captive-portal-macauth-radius-server

string

Deprecated, please rename it to captive_portal_macauth_radius_server. Captive portal external RADIUS server domain name or…

captive-portal-radius-secret

any

(list) Deprecated, please rename it to captive_portal_radius_secret. Secret key to access the RADIUS server.

captive-portal-radius-server

string

Deprecated, please rename it to captive_portal_radius_server. Captive portal RADIUS server domain name or IP address.

captive-portal-session-timeout-interval

integer

Deprecated, please rename it to captive_portal_session_timeout_interval. Session timeout interval

dhcp-address-enforcement

string

Deprecated, please rename it to dhcp_address_enforcement. Enable/disable DHCP address enforcement

Choices:

  • "disable"

  • "enable"

dhcp-lease-time

integer

Deprecated, please rename it to dhcp_lease_time. DHCP lease time in seconds for NAT IP address.

dhcp-option43-insertion

string

Deprecated, please rename it to dhcp_option43_insertion. Enable/disable insertion of DHCP option 43

Choices:

  • "disable"

  • "enable"

dhcp-option82-circuit-id-insertion

string

Deprecated, please rename it to dhcp_option82_circuit_id_insertion. Enable/disable DHCP option 82 circuit-id insert

Choices:

  • "disable"

  • "style-1"

  • "style-2"

  • "style-3"

dhcp-option82-insertion

string

Deprecated, please rename it to dhcp_option82_insertion. Enable/disable DHCP option 82 insert

Choices:

  • "disable"

  • "enable"

dhcp-option82-remote-id-insertion

string

Deprecated, please rename it to dhcp_option82_remote_id_insertion. Enable/disable DHCP option 82 remote-id insert

Choices:

  • "disable"

  • "style-1"

domain-name-stripping

string

Deprecated, please rename it to domain_name_stripping. Enable/disable stripping domain name from identity

Choices:

  • "disable"

  • "enable"

dynamic-vlan

string

Deprecated, please rename it to dynamic_vlan. Enable/disable dynamic VLAN assignment.

Choices:

  • "disable"

  • "enable"

dynamic_mapping

list / elements=dictionary

Dynamic mapping.

80211k

string

Deprecated, please rename it to d80211k. Enable/disable 802.

Choices:

  • "disable"

  • "enable"

80211v

string

Deprecated, please rename it to d80211v. Enable/disable 802.

Choices:

  • "disable"

  • "enable"

_centmgmt

string

Centmgmt.

Choices:

  • "disable"

  • "enable"

_dhcp_svr_id

string

Dhcp svr id.

_intf_allowaccess

list / elements=string

Intf allowaccess.

Choices:

  • "https"

  • "ping"

  • "ssh"

  • "snmp"

  • "http"

  • "telnet"

  • "fgfm"

  • "auto-ipsec"

  • "radius-acct"

  • "probe-response"

  • "capwap"

  • "dnp"

  • "ftm"

  • "fabric"

  • "speed-test"

_intf_device-access-list

string

Deprecated, please rename it to _intf_device_access_list. Intf device access list.

_intf_device-identification

string

Deprecated, please rename it to _intf_device_identification. Intf device identification.

Choices:

  • "disable"

  • "enable"

_intf_device-netscan

string

Deprecated, please rename it to _intf_device_netscan. Intf device netscan.

Choices:

  • "disable"

  • "enable"

_intf_dhcp-relay-ip

any

(list) Deprecated, please rename it to _intf_dhcp_relay_ip. Intf dhcp relay ip.

_intf_dhcp-relay-service

string

Deprecated, please rename it to _intf_dhcp_relay_service. Intf dhcp relay service.

Choices:

  • "disable"

  • "enable"

_intf_dhcp-relay-type

string

Deprecated, please rename it to _intf_dhcp_relay_type. Intf dhcp relay type.

Choices:

  • "regular"

  • "ipsec"

_intf_dhcp6-relay-ip

string

Deprecated, please rename it to _intf_dhcp6_relay_ip. Intf dhcp6 relay ip.

_intf_dhcp6-relay-service

string

Deprecated, please rename it to _intf_dhcp6_relay_service. Intf dhcp6 relay service.

Choices:

  • "disable"

  • "enable"

_intf_dhcp6-relay-type

string

Deprecated, please rename it to _intf_dhcp6_relay_type. Intf dhcp6 relay type.

Choices:

  • "regular"

_intf_ip

string

Intf ip.

_intf_ip-managed-by-fortiipam

string

Deprecated, please rename it to _intf_ip_managed_by_fortiipam. Intf ip managed by fortiipam.

Choices:

  • "disable"

  • "enable"

  • "inherit-global"

_intf_ip6-address

string

Deprecated, please rename it to _intf_ip6_address. Intf ip6 address.

_intf_ip6-allowaccess

list / elements=string

Deprecated, please rename it to _intf_ip6_allowaccess. Intf ip6 allowaccess.

Choices:

  • "https"

  • "ping"

  • "ssh"

  • "snmp"

  • "http"

  • "telnet"

  • "any"

  • "fgfm"

  • "capwap"

_intf_listen-forticlient-connection

string

Deprecated, please rename it to _intf_listen_forticlient_connection. Intf listen forticlient connection.

Choices:

  • "disable"

  • "enable"

_intf_managed-subnetwork-size

string

Deprecated, please rename it to _intf_managed_subnetwork_size. Intf managed subnetwork size.

Choices:

  • "32"

  • "64"

  • "128"

  • "256"

  • "512"

  • "1024"

  • "2048"

  • "4096"

  • "8192"

  • "16384"

  • "32768"

  • "65536"

_is_factory_setting

string

Is factory setting.

Choices:

  • "disable"

  • "enable"

  • "ext"

_scope

list / elements=dictionary

Scope.

name

string

Name.

vdom

string

Vdom.

access-control-list

string

Deprecated, please rename it to access_control_list. Access control list.

acct-interim-interval

integer

Deprecated, please rename it to acct_interim_interval. Acct interim interval.

additional-akms

list / elements=string

Deprecated, please rename it to additional_akms. Additional AKMs.

Choices:

  • "akm6"

  • "akm24"

address-group

string

Deprecated, please rename it to address_group. Address group.

address-group-policy

string

Deprecated, please rename it to address_group_policy. Configure MAC address filtering policy for MAC addresses tha…

Choices:

  • "disable"

  • "allow"

  • "deny"

akm24-only

string

Deprecated, please rename it to akm24_only. WPA3 SAE using group-dependent hash only

Choices:

  • "disable"

  • "enable"

alias

string

Alias.

antivirus-profile

string

Deprecated, please rename it to antivirus_profile. AntiVirus profile name.

application-detection-engine

string

Deprecated, please rename it to application_detection_engine. Enable/disable application detection engine

Choices:

  • "disable"

  • "enable"

application-dscp-marking

string

Deprecated, please rename it to application_dscp_marking. Enable/disable application attribute based DSCP marking

Choices:

  • "disable"

  • "enable"

application-list

string

Deprecated, please rename it to application_list. Application control list name.

application-report-intv

integer

Deprecated, please rename it to application_report_intv. Application report interval

atf-weight

integer

Deprecated, please rename it to atf_weight. Atf weight.

auth

string

Auth.

Choices:

  • "PSK"

  • "psk"

  • "RADIUS"

  • "radius"

  • "usergroup"

auth-cert

string

Deprecated, please rename it to auth_cert. HTTPS server certificate.

auth-portal-addr

string

Deprecated, please rename it to auth_portal_addr. Address of captive portal.

beacon-advertising

list / elements=string

Deprecated, please rename it to beacon_advertising. Fortinet beacon advertising IE data

Choices:

  • "name"

  • "model"

  • "serial-number"

beacon-protection

string

Deprecated, please rename it to beacon_protection. Enable/disable beacon protection support

Choices:

  • "disable"

  • "enable"

broadcast-ssid

string

Deprecated, please rename it to broadcast_ssid. Broadcast ssid.

Choices:

  • "disable"

  • "enable"

broadcast-suppression

list / elements=string

Deprecated, please rename it to broadcast_suppression. Broadcast suppression.

Choices:

  • "dhcp"

  • "arp"

  • "dhcp2"

  • "arp2"

  • "netbios-ns"

  • "netbios-ds"

  • "arp3"

  • "dhcp-up"

  • "dhcp-down"

  • "arp-known"

  • "arp-unknown"

  • "arp-reply"

  • "ipv6"

  • "dhcp-starvation"

  • "arp-poison"

  • "all-other-mc"

  • "all-other-bc"

  • "arp-proxy"

  • "dhcp-ucast"

bss-color-partial

string

Deprecated, please rename it to bss_color_partial. Bss color partial.

Choices:

  • "disable"

  • "enable"

bstm-disassociation-imminent

string

Deprecated, please rename it to bstm_disassociation_imminent. Enable/disable forcing of disassociation after the B…

Choices:

  • "disable"

  • "enable"

bstm-load-balancing-disassoc-timer

integer

Deprecated, please rename it to bstm_load_balancing_disassoc_timer. Time interval for client to voluntarily leave …

bstm-rssi-disassoc-timer

integer

Deprecated, please rename it to bstm_rssi_disassoc_timer. Time interval for client to voluntarily leave AP before …

captive-portal

string

Deprecated, please rename it to captive_portal. Enable/disable captive portal.

Choices:

  • "disable"

  • "enable"

captive-portal-ac-name

string

Deprecated, please rename it to captive_portal_ac_name. Captive portal ac name.

captive-portal-auth-timeout

integer

Deprecated, please rename it to captive_portal_auth_timeout. Captive portal auth timeout.

captive-portal-fw-accounting

string

Deprecated, please rename it to captive_portal_fw_accounting. Enable/disable RADIUS accounting for captive portal …

Choices:

  • "disable"

  • "enable"

captive-portal-macauth-radius-secret

any

(list) Deprecated, please rename it to captive_portal_macauth_radius_secret. Captive portal macauth radius secret.

captive-portal-macauth-radius-server

string

Deprecated, please rename it to captive_portal_macauth_radius_server. Captive portal macauth radius server.

captive-portal-radius-secret

any

(list) Deprecated, please rename it to captive_portal_radius_secret. Captive portal radius secret.

captive-portal-radius-server

string

Deprecated, please rename it to captive_portal_radius_server. Captive portal radius server.

captive-portal-session-timeout-interval

integer

Deprecated, please rename it to captive_portal_session_timeout_interval. Captive portal session timeout interval.

client-count

integer

Deprecated, please rename it to client_count. Client count.

dhcp-address-enforcement

string

Deprecated, please rename it to dhcp_address_enforcement. Enable/disable DHCP address enforcement

Choices:

  • "disable"

  • "enable"

dhcp-lease-time

integer

Deprecated, please rename it to dhcp_lease_time. Dhcp lease time.

dhcp-option43-insertion

string

Deprecated, please rename it to dhcp_option43_insertion. Dhcp option43 insertion.

Choices:

  • "disable"

  • "enable"

dhcp-option82-circuit-id-insertion

string

Deprecated, please rename it to dhcp_option82_circuit_id_insertion. Dhcp option82 circuit id insertion.

Choices:

  • "disable"

  • "style-1"

  • "style-2"

  • "style-3"

dhcp-option82-insertion

string

Deprecated, please rename it to dhcp_option82_insertion. Dhcp option82 insertion.

Choices:

  • "disable"

  • "enable"

dhcp-option82-remote-id-insertion

string

Deprecated, please rename it to dhcp_option82_remote_id_insertion. Dhcp option82 remote id insertion.

Choices:

  • "disable"

  • "style-1"

domain-name-stripping

string

Deprecated, please rename it to domain_name_stripping. Enable/disable stripping domain name from identity

Choices:

  • "disable"

  • "enable"

dynamic-vlan

string

Deprecated, please rename it to dynamic_vlan. Dynamic vlan.

Choices:

  • "disable"

  • "enable"

eap-reauth

string

Deprecated, please rename it to eap_reauth. Eap reauth.

Choices:

  • "disable"

  • "enable"

eap-reauth-intv

integer

Deprecated, please rename it to eap_reauth_intv. Eap reauth intv.

eapol-key-retries

string

Deprecated, please rename it to eapol_key_retries. Eapol key retries.

Choices:

  • "disable"

  • "enable"

encrypt

string

Encrypt.

Choices:

  • "TKIP"

  • "AES"

  • "TKIP-AES"

external-fast-roaming

string

Deprecated, please rename it to external_fast_roaming. External fast roaming.

Choices:

  • "disable"

  • "enable"

external-logout

string

Deprecated, please rename it to external_logout. External logout.

external-web

string

Deprecated, please rename it to external_web. External web.

external-web-format

string

Deprecated, please rename it to external_web_format. External web format.

Choices:

  • "auto-detect"

  • "no-query-string"

  • "partial-query-string"

fast-bss-transition

string

Deprecated, please rename it to fast_bss_transition. Fast bss transition.

Choices:

  • "disable"

  • "enable"

fast-roaming

string

Deprecated, please rename it to fast_roaming. Fast roaming.

Choices:

  • "disable"

  • "enable"

ft-mobility-domain

integer

Deprecated, please rename it to ft_mobility_domain. Ft mobility domain.

ft-over-ds

string

Deprecated, please rename it to ft_over_ds. Ft over ds.

Choices:

  • "disable"

  • "enable"

ft-r0-key-lifetime

integer

Deprecated, please rename it to ft_r0_key_lifetime. Ft r0 key lifetime.

gas-comeback-delay

integer

Deprecated, please rename it to gas_comeback_delay. GAS comeback delay

gas-fragmentation-limit

integer

Deprecated, please rename it to gas_fragmentation_limit. GAS fragmentation limit

gtk-rekey

string

Deprecated, please rename it to gtk_rekey. Gtk rekey.

Choices:

  • "disable"

  • "enable"

gtk-rekey-intv

integer

Deprecated, please rename it to gtk_rekey_intv. Gtk rekey intv.

high-efficiency

string

Deprecated, please rename it to high_efficiency. High efficiency.

Choices:

  • "disable"

  • "enable"

hotspot20-profile

string

Deprecated, please rename it to hotspot20_profile. Hotspot20 profile.

igmp-snooping

string

Deprecated, please rename it to igmp_snooping. Enable/disable IGMP snooping.

Choices:

  • "disable"

  • "enable"

intra-vap-privacy

string

Deprecated, please rename it to intra_vap_privacy. Intra vap privacy.

Choices:

  • "disable"

  • "enable"

ip

string

Ip.

ips-sensor

string

Deprecated, please rename it to ips_sensor. IPS sensor name.

ipv6-rules

list / elements=string

Deprecated, please rename it to ipv6_rules. Ipv6 rules.

Choices:

  • "drop-icmp6ra"

  • "drop-icmp6rs"

  • "drop-llmnr6"

  • "drop-icmp6mld2"

  • "drop-dhcp6s"

  • "drop-dhcp6c"

  • "ndp-proxy"

  • "drop-ns-dad"

  • "drop-ns-nondad"

key

any

(list) Key.

keyindex

integer

Keyindex.

l3-roaming

string

Deprecated, please rename it to l3_roaming. Enable/disable layer 3 roaming

Choices:

  • "disable"

  • "enable"

l3-roaming-mode

string

Deprecated, please rename it to l3_roaming_mode. Select the way that layer 3 roaming traffic is passed

Choices:

  • "direct"

  • "indirect"

ldpc

string

Ldpc.

Choices:

  • "disable"

  • "tx"

  • "rx"

  • "rxtx"

local-authentication

string

Deprecated, please rename it to local_authentication. Local authentication.

Choices:

  • "disable"

  • "enable"

local-bridging

string

Deprecated, please rename it to local_bridging. Local bridging.

Choices:

  • "disable"

  • "enable"

local-lan

string

Deprecated, please rename it to local_lan. Local lan.

Choices:

  • "deny"

  • "allow"

local-lan-partition

string

Deprecated, please rename it to local_lan_partition. Enable/disable segregating client traffic to local LAN side

Choices:

  • "disable"

  • "enable"

local-standalone

string

Deprecated, please rename it to local_standalone. Local standalone.

Choices:

  • "disable"

  • "enable"

local-standalone-dns

string

Deprecated, please rename it to local_standalone_dns. Enable/disable AP local standalone DNS.

Choices:

  • "disable"

  • "enable"

local-standalone-dns-ip

any

(list) Deprecated, please rename it to local_standalone_dns_ip. IPv4 addresses for the local standalone DNS.

local-standalone-nat

string

Deprecated, please rename it to local_standalone_nat. Local standalone nat.

Choices:

  • "disable"

  • "enable"

local-switching

string

Deprecated, please rename it to local_switching. Local switching.

Choices:

  • "disable"

  • "enable"

mac-auth-bypass

string

Deprecated, please rename it to mac_auth_bypass. Mac auth bypass.

Choices:

  • "disable"

  • "enable"

mac-called-station-delimiter

string

Deprecated, please rename it to mac_called_station_delimiter. MAC called station delimiter

Choices:

  • "hyphen"

  • "single-hyphen"

  • "colon"

  • "none"

mac-calling-station-delimiter

string

Deprecated, please rename it to mac_calling_station_delimiter. MAC calling station delimiter

Choices:

  • "hyphen"

  • "single-hyphen"

  • "colon"

  • "none"

mac-case

string

Deprecated, please rename it to mac_case. MAC case

Choices:

  • "uppercase"

  • "lowercase"

mac-filter

string

Deprecated, please rename it to mac_filter. Mac filter.

Choices:

  • "disable"

  • "enable"

mac-filter-policy-other

string

Deprecated, please rename it to mac_filter_policy_other. Mac filter policy other.

Choices:

  • "deny"

  • "allow"

mac-password-delimiter

string

Deprecated, please rename it to mac_password_delimiter. MAC authentication password delimiter

Choices:

  • "hyphen"

  • "single-hyphen"

  • "colon"

  • "none"

mac-username-delimiter

string

Deprecated, please rename it to mac_username_delimiter. MAC authentication username delimiter

Choices:

  • "hyphen"

  • "single-hyphen"

  • "colon"

  • "none"

max-clients

integer

Deprecated, please rename it to max_clients. Max clients.

max-clients-ap

integer

Deprecated, please rename it to max_clients_ap. Max clients ap.

mbo

string

Enable/disable Multiband Operation

Choices:

  • "disable"

  • "enable"

mbo-cell-data-conn-pref

string

Deprecated, please rename it to mbo_cell_data_conn_pref. MBO cell data connection preference

Choices:

  • "excluded"

  • "prefer-not"

  • "prefer-use"

me-disable-thresh

integer

Deprecated, please rename it to me_disable_thresh. Me disable thresh.

mesh-backhaul

string

Deprecated, please rename it to mesh_backhaul. Mesh backhaul.

Choices:

  • "disable"

  • "enable"

mpsk

string

Mpsk.

Choices:

  • "disable"

  • "enable"

mpsk-concurrent-clients

integer

Deprecated, please rename it to mpsk_concurrent_clients. Mpsk concurrent clients.

mpsk-profile

string

Deprecated, please rename it to mpsk_profile. Mpsk profile.

mu-mimo

string

Deprecated, please rename it to mu_mimo. Mu mimo.

Choices:

  • "disable"

  • "enable"

multicast-enhance

string

Deprecated, please rename it to multicast_enhance. Multicast enhance.

Choices:

  • "disable"

  • "enable"

multicast-rate

string

Deprecated, please rename it to multicast_rate. Multicast rate.

Choices:

  • "0"

  • "6000"

  • "12000"

  • "24000"

nac

string

Enable/disable network access control.

Choices:

  • "disable"

  • "enable"

nac-profile

string

Deprecated, please rename it to nac_profile. NAC profile name.

nas-filter-rule

string

Deprecated, please rename it to nas_filter_rule. Enable/disable NAS filter rule support

Choices:

  • "disable"

  • "enable"

neighbor-report-dual-band

string

Deprecated, please rename it to neighbor_report_dual_band. Enable/disable dual-band neighbor report

Choices:

  • "disable"

  • "enable"

okc

string

Okc.

Choices:

  • "disable"

  • "enable"

osen

string

Enable/disable OSEN as part of key management

Choices:

  • "disable"

  • "enable"

owe-groups

list / elements=string

Deprecated, please rename it to owe_groups. Owe groups.

Choices:

  • "19"

  • "20"

  • "21"

owe-transition

string

Deprecated, please rename it to owe_transition. Owe transition.

Choices:

  • "disable"

  • "enable"

owe-transition-ssid

string

Deprecated, please rename it to owe_transition_ssid. Owe transition ssid.

passphrase

any

(list) Passphrase.

pmf

string

Pmf.

Choices:

  • "disable"

  • "enable"

  • "optional"

pmf-assoc-comeback-timeout

integer

Deprecated, please rename it to pmf_assoc_comeback_timeout. Pmf assoc comeback timeout.

pmf-sa-query-retry-timeout

integer

Deprecated, please rename it to pmf_sa_query_retry_timeout. Pmf sa query retry timeout.

port-macauth

string

Deprecated, please rename it to port_macauth. Enable/disable LAN port MAC authentication

Choices:

  • "disable"

  • "radius"

  • "address-group"

port-macauth-reauth-timeout

integer

Deprecated, please rename it to port_macauth_reauth_timeout. LAN port MAC authentication re-authentication timeout…

port-macauth-timeout

integer

Deprecated, please rename it to port_macauth_timeout. LAN port MAC authentication idle timeout value

portal-message-override-group

string

Deprecated, please rename it to portal_message_override_group. Portal message override group.

portal-type

string

Deprecated, please rename it to portal_type. Portal type.

Choices:

  • "auth"

  • "auth+disclaimer"

  • "disclaimer"

  • "email-collect"

  • "cmcc"

  • "cmcc-macauth"

  • "auth-mac"

  • "external-auth"

  • "external-macauth"

primary-wag-profile

string

Deprecated, please rename it to primary_wag_profile. Primary wag profile.

probe-resp-suppression

string

Deprecated, please rename it to probe_resp_suppression. Probe resp suppression.

Choices:

  • "disable"

  • "enable"

probe-resp-threshold

string

Deprecated, please rename it to probe_resp_threshold. Probe resp threshold.

ptk-rekey

string

Deprecated, please rename it to ptk_rekey. Ptk rekey.

Choices:

  • "disable"

  • "enable"

ptk-rekey-intv

integer

Deprecated, please rename it to ptk_rekey_intv. Ptk rekey intv.

qos-profile

string

Deprecated, please rename it to qos_profile. Qos profile.

quarantine

string

Quarantine.

Choices:

  • "disable"

  • "enable"

radio-2g-threshold

string

Deprecated, please rename it to radio_2g_threshold. Radio 2g threshold.

radio-5g-threshold

string

Deprecated, please rename it to radio_5g_threshold. Radio 5g threshold.

radio-sensitivity

string

Deprecated, please rename it to radio_sensitivity. Radio sensitivity.

Choices:

  • "disable"

  • "enable"

radius-mac-auth

string

Deprecated, please rename it to radius_mac_auth. Radius mac auth.

Choices:

  • "disable"

  • "enable"

radius-mac-auth-block-interval

integer

Deprecated, please rename it to radius_mac_auth_block_interval. Dont send RADIUS MAC auth request again if the cli…

radius-mac-auth-server

string

Deprecated, please rename it to radius_mac_auth_server. Radius mac auth server.

radius-mac-auth-usergroups

any

(list) Deprecated, please rename it to radius_mac_auth_usergroups. Radius mac auth usergroups.

radius-mac-mpsk-auth

string

Deprecated, please rename it to radius_mac_mpsk_auth. Enable/disable RADIUS-based MAC authentication of clients fo…

Choices:

  • "disable"

  • "enable"

radius-mac-mpsk-timeout

integer

Deprecated, please rename it to radius_mac_mpsk_timeout. RADIUS MAC MPSK cache timeout interval

radius-server

string

Deprecated, please rename it to radius_server. Radius server.

rates-11a

list / elements=string

Deprecated, please rename it to rates_11a. Rates 11a.

Choices:

  • "1"

  • "1-basic"

  • "2"

  • "2-basic"

  • "5.5"

  • "5.5-basic"

  • "6"

  • "6-basic"

  • "9"

  • "9-basic"

  • "12"

  • "12-basic"

  • "18"

  • "18-basic"

  • "24"

  • "24-basic"

  • "36"

  • "36-basic"

  • "48"

  • "48-basic"

  • "54"

  • "54-basic"

  • "11"

  • "11-basic"

rates-11ac-mcs-map

string

Deprecated, please rename it to rates_11ac_mcs_map. Comma separated list of max supported VHT MCS for spatial stre…

rates-11ac-ss12

list / elements=string

Deprecated, please rename it to rates_11ac_ss12. Rates 11ac ss12.

Choices:

  • "mcs0/1"

  • "mcs1/1"

  • "mcs2/1"

  • "mcs3/1"

  • "mcs4/1"

  • "mcs5/1"

  • "mcs6/1"

  • "mcs7/1"

  • "mcs8/1"

  • "mcs9/1"

  • "mcs0/2"

  • "mcs1/2"

  • "mcs2/2"

  • "mcs3/2"

  • "mcs4/2"

  • "mcs5/2"

  • "mcs6/2"

  • "mcs7/2"

  • "mcs8/2"

  • "mcs9/2"

  • "mcs10/1"

  • "mcs11/1"

  • "mcs10/2"

  • "mcs11/2"

rates-11ac-ss34

list / elements=string

Deprecated, please rename it to rates_11ac_ss34. Rates 11ac ss34.

Choices:

  • "mcs0/3"

  • "mcs1/3"

  • "mcs2/3"

  • "mcs3/3"

  • "mcs4/3"

  • "mcs5/3"

  • "mcs6/3"

  • "mcs7/3"

  • "mcs8/3"

  • "mcs9/3"

  • "mcs0/4"

  • "mcs1/4"

  • "mcs2/4"

  • "mcs3/4"

  • "mcs4/4"

  • "mcs5/4"

  • "mcs6/4"

  • "mcs7/4"

  • "mcs8/4"

  • "mcs9/4"

  • "mcs10/3"

  • "mcs11/3"

  • "mcs10/4"

  • "mcs11/4"

rates-11ax-mcs-map

string

Deprecated, please rename it to rates_11ax_mcs_map. Comma separated list of max supported HE MCS for spatial strea…

rates-11ax-ss12

list / elements=string

Deprecated, please rename it to rates_11ax_ss12. Allowed data rates for 802.

Choices:

  • "mcs0/1"

  • "mcs1/1"

  • "mcs2/1"

  • "mcs3/1"

  • "mcs4/1"

  • "mcs5/1"

  • "mcs6/1"

  • "mcs7/1"

  • "mcs8/1"

  • "mcs9/1"

  • "mcs10/1"

  • "mcs11/1"

  • "mcs0/2"

  • "mcs1/2"

  • "mcs2/2"

  • "mcs3/2"

  • "mcs4/2"

  • "mcs5/2"

  • "mcs6/2"

  • "mcs7/2"

  • "mcs8/2"

  • "mcs9/2"

  • "mcs10/2"

  • "mcs11/2"

rates-11ax-ss34

list / elements=string

Deprecated, please rename it to rates_11ax_ss34. Allowed data rates for 802.

Choices:

  • "mcs0/3"

  • "mcs1/3"

  • "mcs2/3"

  • "mcs3/3"

  • "mcs4/3"

  • "mcs5/3"

  • "mcs6/3"

  • "mcs7/3"

  • "mcs8/3"

  • "mcs9/3"

  • "mcs10/3"

  • "mcs11/3"

  • "mcs0/4"

  • "mcs1/4"

  • "mcs2/4"

  • "mcs3/4"

  • "mcs4/4"

  • "mcs5/4"

  • "mcs6/4"

  • "mcs7/4"

  • "mcs8/4"

  • "mcs9/4"

  • "mcs10/4"

  • "mcs11/4"

rates-11be-mcs-map

string

Deprecated, please rename it to rates_11be_mcs_map. Comma separated list of max nss that supports EHT-MCS 0-9, 10-…

rates-11be-mcs-map-160

string

Deprecated, please rename it to rates_11be_mcs_map_160. Comma separated list of max nss that supports EHT-MCS 0-9,…

rates-11be-mcs-map-320

string

Deprecated, please rename it to rates_11be_mcs_map_320. Comma separated list of max nss that supports EHT-MCS 0-9,…

rates-11bg

list / elements=string

Deprecated, please rename it to rates_11bg. Rates 11bg.

Choices:

  • "1"

  • "1-basic"

  • "2"

  • "2-basic"

  • "5.5"

  • "5.5-basic"

  • "6"

  • "6-basic"

  • "9"

  • "9-basic"

  • "12"

  • "12-basic"

  • "18"

  • "18-basic"

  • "24"

  • "24-basic"

  • "36"

  • "36-basic"

  • "48"

  • "48-basic"

  • "54"

  • "54-basic"

  • "11"

  • "11-basic"

rates-11n-ss12

list / elements=string

Deprecated, please rename it to rates_11n_ss12. Rates 11n ss12.

Choices:

  • "mcs0/1"

  • "mcs1/1"

  • "mcs2/1"

  • "mcs3/1"

  • "mcs4/1"

  • "mcs5/1"

  • "mcs6/1"

  • "mcs7/1"

  • "mcs8/2"

  • "mcs9/2"

  • "mcs10/2"

  • "mcs11/2"

  • "mcs12/2"

  • "mcs13/2"

  • "mcs14/2"

  • "mcs15/2"

rates-11n-ss34

list / elements=string

Deprecated, please rename it to rates_11n_ss34. Rates 11n ss34.

Choices:

  • "mcs16/3"

  • "mcs17/3"

  • "mcs18/3"

  • "mcs19/3"

  • "mcs20/3"

  • "mcs21/3"

  • "mcs22/3"

  • "mcs23/3"

  • "mcs24/4"

  • "mcs25/4"

  • "mcs26/4"

  • "mcs27/4"

  • "mcs28/4"

  • "mcs29/4"

  • "mcs30/4"

  • "mcs31/4"

roaming-acct-interim-update

string

Deprecated, please rename it to roaming_acct_interim_update. Enable/disable using accounting interim update instea…

Choices:

  • "disable"

  • "enable"

sae-groups

list / elements=string

Deprecated, please rename it to sae_groups. Sae groups.

Choices:

  • "1"

  • "2"

  • "5"

  • "14"

  • "15"

  • "16"

  • "17"

  • "18"

  • "19"

  • "20"

  • "21"

  • "27"

  • "28"

  • "29"

  • "30"

  • "31"

sae-h2e-only

string

Deprecated, please rename it to sae_h2e_only. Use hash-to-element-only mechanism for PWE derivation

Choices:

  • "disable"

  • "enable"

sae-hnp-only

string

Deprecated, please rename it to sae_hnp_only. Use hunting-and-pecking-only mechanism for PWE derivation

Choices:

  • "disable"

  • "enable"

sae-password

any

(list) Deprecated, please rename it to sae_password. Sae password.

sae-pk

string

Deprecated, please rename it to sae_pk. Enable/disable WPA3 SAE-PK

Choices:

  • "disable"

  • "enable"

sae-private-key

string

Deprecated, please rename it to sae_private_key. Private key used for WPA3 SAE-PK authentication.

scan-botnet-connections

string

Deprecated, please rename it to scan_botnet_connections. Block or monitor connections to Botnet servers or disable…

Choices:

  • "disable"

  • "block"

  • "monitor"

schedule

any

(list or str) Schedule.

secondary-wag-profile

string

Deprecated, please rename it to secondary_wag_profile. Secondary wag profile.

security

string

Security.

Choices:

  • "None"

  • "WEP64"

  • "wep64"

  • "WEP128"

  • "wep128"

  • "WPA_PSK"

  • "WPA_RADIUS"

  • "WPA"

  • "WPA2"

  • "WPA2_AUTO"

  • "open"

  • "wpa-personal"

  • "wpa-enterprise"

  • "captive-portal"

  • "wpa-only-personal"

  • "wpa-only-enterprise"

  • "wpa2-only-personal"

  • "wpa2-only-enterprise"

  • "wpa-personal+captive-portal"

  • "wpa-only-personal+captive-portal"

  • "wpa2-only-personal+captive-portal"

  • "osen"

  • "wpa3-enterprise"

  • "sae"

  • "sae-transition"

  • "owe"

  • "wpa3-sae"

  • "wpa3-sae-transition"

  • "wpa3-only-enterprise"

  • "wpa3-enterprise-transition"

security-exempt-list

string

Deprecated, please rename it to security_exempt_list. Security exempt list.

security-obsolete-option

string

Deprecated, please rename it to security_obsolete_option. Security obsolete option.

Choices:

  • "disable"

  • "enable"

security-redirect-url

string

Deprecated, please rename it to security_redirect_url. Security redirect url.

selected-usergroups

any

(list or str) Deprecated, please rename it to selected_usergroups. Selected usergroups.

split-tunneling

string

Deprecated, please rename it to split_tunneling. Split tunneling.

Choices:

  • "disable"

  • "enable"

ssid

string

Ssid.

sticky-client-remove

string

Deprecated, please rename it to sticky_client_remove. Sticky client remove.

Choices:

  • "disable"

  • "enable"

sticky-client-threshold-2g

string

Deprecated, please rename it to sticky_client_threshold_2g. Sticky client threshold 2g.

sticky-client-threshold-5g

string

Deprecated, please rename it to sticky_client_threshold_5g. Sticky client threshold 5g.

sticky-client-threshold-6g

string

Deprecated, please rename it to sticky_client_threshold_6g. Minimum signal level/threshold in dBm required for the…

target-wake-time

string

Deprecated, please rename it to target_wake_time. Target wake time.

Choices:

  • "disable"

  • "enable"

tkip-counter-measure

string

Deprecated, please rename it to tkip_counter_measure. Tkip counter measure.

Choices:

  • "disable"

  • "enable"

tunnel-echo-interval

integer

Deprecated, please rename it to tunnel_echo_interval. Tunnel echo interval.

tunnel-fallback-interval

integer

Deprecated, please rename it to tunnel_fallback_interval. Tunnel fallback interval.

usergroup

any

(list or str) Usergroup.

utm-log

string

Deprecated, please rename it to utm_log. Enable/disable UTM logging.

Choices:

  • "disable"

  • "enable"

utm-profile

string

Deprecated, please rename it to utm_profile. Utm profile.

utm-status

string

Deprecated, please rename it to utm_status. Enable to add one or more security profiles

Choices:

  • "disable"

  • "enable"

vdom

any

(list or str) Vdom.

vlan-auto

string

Deprecated, please rename it to vlan_auto. Vlan auto.

Choices:

  • "disable"

  • "enable"

vlan-pooling

string

Deprecated, please rename it to vlan_pooling. Vlan pooling.

Choices:

  • "wtp-group"

  • "round-robin"

  • "hash"

  • "disable"

vlanid

integer

Vlanid.

voice-enterprise

string

Deprecated, please rename it to voice_enterprise. Voice enterprise.

Choices:

  • "disable"

  • "enable"

webfilter-profile

string

Deprecated, please rename it to webfilter_profile. WebFilter profile name.

eap-reauth

string

Deprecated, please rename it to eap_reauth. Enable/disable EAP re-authentication for WPA-Enterprise security.

Choices:

  • "disable"

  • "enable"

eap-reauth-intv

integer

Deprecated, please rename it to eap_reauth_intv. EAP re-authentication interval

eapol-key-retries

string

Deprecated, please rename it to eapol_key_retries. Enable/disable retransmission of EAPOL-Key frames

Choices:

  • "disable"

  • "enable"

encrypt

string

Encryption protocol to use

Choices:

  • "TKIP"

  • "AES"

  • "TKIP-AES"

external-fast-roaming

string

Deprecated, please rename it to external_fast_roaming. Enable/disable fast roaming or pre-authentication with external APs…

Choices:

  • "disable"

  • "enable"

external-logout

string

Deprecated, please rename it to external_logout. URL of external authentication logout server.

external-web

string

Deprecated, please rename it to external_web. URL of external authentication web server.

external-web-format

string

Deprecated, please rename it to external_web_format. URL query parameter detection

Choices:

  • "auto-detect"

  • "no-query-string"

  • "partial-query-string"

fast-bss-transition

string

Deprecated, please rename it to fast_bss_transition. Enable/disable 802.

Choices:

  • "disable"

  • "enable"

fast-roaming

string

Deprecated, please rename it to fast_roaming. Enable/disable fast-roaming, or pre-authentication, where supported by clients

Choices:

  • "disable"

  • "enable"

ft-mobility-domain

integer

Deprecated, please rename it to ft_mobility_domain. Mobility domain identifier in FT

ft-over-ds

string

Deprecated, please rename it to ft_over_ds. Enable/disable FT over the Distribution System

Choices:

  • "disable"

  • "enable"

ft-r0-key-lifetime

integer

Deprecated, please rename it to ft_r0_key_lifetime. Lifetime of the PMK-R0 key in FT, 1-65535 minutes.

gas-comeback-delay

integer

Deprecated, please rename it to gas_comeback_delay. GAS comeback delay

gas-fragmentation-limit

integer

Deprecated, please rename it to gas_fragmentation_limit. GAS fragmentation limit

gtk-rekey

string

Deprecated, please rename it to gtk_rekey. Enable/disable GTK rekey for WPA security.

Choices:

  • "disable"

  • "enable"

gtk-rekey-intv

integer

Deprecated, please rename it to gtk_rekey_intv. GTK rekey interval

high-efficiency

string

Deprecated, please rename it to high_efficiency. Enable/disable 802.

Choices:

  • "disable"

  • "enable"

hotspot20-profile

string

Deprecated, please rename it to hotspot20_profile. Hotspot 2.

igmp-snooping

string

Deprecated, please rename it to igmp_snooping. Enable/disable IGMP snooping.

Choices:

  • "disable"

  • "enable"

intra-vap-privacy

string

Deprecated, please rename it to intra_vap_privacy. Enable/disable blocking communication between clients on the same SSID

Choices:

  • "disable"

  • "enable"

ip

string

IP address and subnet mask for the local standalone NAT subnet.

ips-sensor

string

Deprecated, please rename it to ips_sensor. IPS sensor name.

ipv6-rules

list / elements=string

Deprecated, please rename it to ipv6_rules. Optional rules of IPv6 packets.

Choices:

  • "drop-icmp6ra"

  • "drop-icmp6rs"

  • "drop-llmnr6"

  • "drop-icmp6mld2"

  • "drop-dhcp6s"

  • "drop-dhcp6c"

  • "ndp-proxy"

  • "drop-ns-dad"

  • "drop-ns-nondad"

key

any

(list) WEP Key.

keyindex

integer

WEP key index

l3-roaming

string

Deprecated, please rename it to l3_roaming. Enable/disable layer 3 roaming

Choices:

  • "disable"

  • "enable"

l3-roaming-mode

string

Deprecated, please rename it to l3_roaming_mode. Select the way that layer 3 roaming traffic is passed

Choices:

  • "direct"

  • "indirect"

ldpc

string

VAP low-density parity-check

Choices:

  • "disable"

  • "tx"

  • "rx"

  • "rxtx"

local-authentication

string

Deprecated, please rename it to local_authentication. Enable/disable AP local authentication.

Choices:

  • "disable"

  • "enable"

local-bridging

string

Deprecated, please rename it to local_bridging. Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP

Choices:

  • "disable"

  • "enable"

local-lan

string

Deprecated, please rename it to local_lan. Allow/deny traffic destined for a Class A, B, or C private IP address

Choices:

  • "deny"

  • "allow"

local-lan-partition

string

Deprecated, please rename it to local_lan_partition. Enable/disable segregating client traffic to local LAN side

Choices:

  • "disable"

  • "enable"

local-standalone

string

Deprecated, please rename it to local_standalone. Enable/disable AP local standalone

Choices:

  • "disable"

  • "enable"

local-standalone-dns

string

Deprecated, please rename it to local_standalone_dns. Enable/disable AP local standalone DNS.

Choices:

  • "disable"

  • "enable"

local-standalone-dns-ip

any

(list) Deprecated, please rename it to local_standalone_dns_ip. IPv4 addresses for the local standalone DNS.

local-standalone-nat

string

Deprecated, please rename it to local_standalone_nat. Enable/disable AP local standalone NAT mode.

Choices:

  • "disable"

  • "enable"

mac-auth-bypass

string

Deprecated, please rename it to mac_auth_bypass. Enable/disable MAC authentication bypass.

Choices:

  • "disable"

  • "enable"

mac-called-station-delimiter

string

Deprecated, please rename it to mac_called_station_delimiter. MAC called station delimiter

Choices:

  • "hyphen"

  • "single-hyphen"

  • "colon"

  • "none"

mac-calling-station-delimiter

string

Deprecated, please rename it to mac_calling_station_delimiter. MAC calling station delimiter

Choices:

  • "hyphen"

  • "single-hyphen"

  • "colon"

  • "none"

mac-case

string

Deprecated, please rename it to mac_case. MAC case

Choices:

  • "uppercase"

  • "lowercase"

mac-filter

string

Deprecated, please rename it to mac_filter. Enable/disable MAC filtering to block wireless clients by mac address.

Choices:

  • "disable"

  • "enable"

mac-filter-list

list / elements=dictionary

Deprecated, please rename it to mac_filter_list. Mac filter list.

id

integer

ID.

mac

string

MAC address.

mac-filter-policy

string

Deprecated, please rename it to mac_filter_policy. Deny or allow the client with this MAC address.

Choices:

  • "deny"

  • "allow"

mac-filter-policy-other

string

Deprecated, please rename it to mac_filter_policy_other. Allow or block clients with MAC addresses that are not in the fil…

Choices:

  • "deny"

  • "allow"

mac-password-delimiter

string

Deprecated, please rename it to mac_password_delimiter. MAC authentication password delimiter

Choices:

  • "hyphen"

  • "single-hyphen"

  • "colon"

  • "none"

mac-username-delimiter

string

Deprecated, please rename it to mac_username_delimiter. MAC authentication username delimiter

Choices:

  • "hyphen"

  • "single-hyphen"

  • "colon"

  • "none"

max-clients

integer

Deprecated, please rename it to max_clients. Maximum number of clients that can connect simultaneously to the VAP

max-clients-ap

integer

Deprecated, please rename it to max_clients_ap. Maximum number of clients that can connect simultaneously to each radio

mbo

string

Enable/disable Multiband Operation

Choices:

  • "disable"

  • "enable"

mbo-cell-data-conn-pref

string

Deprecated, please rename it to mbo_cell_data_conn_pref. MBO cell data connection preference

Choices:

  • "excluded"

  • "prefer-not"

  • "prefer-use"

me-disable-thresh

integer

Deprecated, please rename it to me_disable_thresh. Disable multicast enhancement when this many clients are receiving mult…

mesh-backhaul

string

Deprecated, please rename it to mesh_backhaul. Enable/disable using this VAP as a WiFi mesh backhaul

Choices:

  • "disable"

  • "enable"

mpsk

string

Enable/disable multiple pre-shared keys

Choices:

  • "disable"

  • "enable"

mpsk-concurrent-clients

integer

Deprecated, please rename it to mpsk_concurrent_clients. Number of pre-shared keys

mpsk-key

list / elements=dictionary

Deprecated, please rename it to mpsk_key. Mpsk key.

comment

string

Comment.

concurrent-clients

string

Deprecated, please rename it to concurrent_clients. Number of clients that can connect using this pre-shared key.

key-name

string

Deprecated, please rename it to key_name. Pre-shared key name.

mpsk-schedules

any

(list or str) Deprecated, please rename it to mpsk_schedules. Firewall schedule for MPSK passphrase.

passphrase

any

(list) WPA Pre-shared key.

mpsk-profile

string

Deprecated, please rename it to mpsk_profile. MPSK profile name.

mu-mimo

string

Deprecated, please rename it to mu_mimo. Enable/disable Multi-user MIMO

Choices:

  • "disable"

  • "enable"

multicast-enhance

string

Deprecated, please rename it to multicast_enhance. Enable/disable converting multicast to unicast to improve performance

Choices:

  • "disable"

  • "enable"

multicast-rate

string

Deprecated, please rename it to multicast_rate. Multicast rate

Choices:

  • "0"

  • "6000"

  • "12000"

  • "24000"

nac

string

Enable/disable network access control.

Choices:

  • "disable"

  • "enable"

nac-profile

string

Deprecated, please rename it to nac_profile. NAC profile name.

name

string / required

Virtual AP name.

nas-filter-rule

string

Deprecated, please rename it to nas_filter_rule. Enable/disable NAS filter rule support

Choices:

  • "disable"

  • "enable"

neighbor-report-dual-band

string

Deprecated, please rename it to neighbor_report_dual_band. Enable/disable dual-band neighbor report

Choices:

  • "disable"

  • "enable"

okc

string

Enable/disable Opportunistic Key Caching

Choices:

  • "disable"

  • "enable"

osen

string

Enable/disable OSEN as part of key management

Choices:

  • "disable"

  • "enable"

owe-groups

list / elements=string

Deprecated, please rename it to owe_groups. OWE-Groups.

Choices:

  • "19"

  • "20"

  • "21"

owe-transition

string

Deprecated, please rename it to owe_transition. Enable/disable OWE transition mode support.

Choices:

  • "disable"

  • "enable"

owe-transition-ssid

string

Deprecated, please rename it to owe_transition_ssid. OWE transition mode peer SSID.

passphrase

any

(list) WPA pre-shard key

pmf

string

Protected Management Frames

Choices:

  • "disable"

  • "enable"

  • "optional"

pmf-assoc-comeback-timeout

integer

Deprecated, please rename it to pmf_assoc_comeback_timeout. Protected Management Frames

pmf-sa-query-retry-timeout

integer

Deprecated, please rename it to pmf_sa_query_retry_timeout. Protected Management Frames

port-macauth

string

Deprecated, please rename it to port_macauth. Enable/disable LAN port MAC authentication

Choices:

  • "disable"

  • "radius"

  • "address-group"

port-macauth-reauth-timeout

integer

Deprecated, please rename it to port_macauth_reauth_timeout. LAN port MAC authentication re-authentication timeout value

port-macauth-timeout

integer

Deprecated, please rename it to port_macauth_timeout. LAN port MAC authentication idle timeout value

portal-message-override-group

string

Deprecated, please rename it to portal_message_override_group. Replacement message group for this VAP

portal-message-overrides

dictionary

Deprecated, please rename it to portal_message_overrides. Portal message overrides.

auth-disclaimer-page

string

Deprecated, please rename it to auth_disclaimer_page. Override auth-disclaimer-page message with message from port…

auth-login-failed-page

string

Deprecated, please rename it to auth_login_failed_page. Override auth-login-failed-page message with message from …

auth-login-page

string

Deprecated, please rename it to auth_login_page. Override auth-login-page message with message from portal-message…

auth-reject-page

string

Deprecated, please rename it to auth_reject_page. Override auth-reject-page message with message from portal-messa…

portal-type

string

Deprecated, please rename it to portal_type. Captive portal functionality.

Choices:

  • "auth"

  • "auth+disclaimer"

  • "disclaimer"

  • "email-collect"

  • "cmcc"

  • "cmcc-macauth"

  • "auth-mac"

  • "external-auth"

  • "external-macauth"

primary-wag-profile

string

Deprecated, please rename it to primary_wag_profile. Primary wireless access gateway profile name.

probe-resp-suppression

string

Deprecated, please rename it to probe_resp_suppression. Enable/disable probe response suppression

Choices:

  • "disable"

  • "enable"

probe-resp-threshold

string

Deprecated, please rename it to probe_resp_threshold. Minimum signal level/threshold in dBm required for the AP response t…

ptk-rekey

string

Deprecated, please rename it to ptk_rekey. Enable/disable PTK rekey for WPA-Enterprise security.

Choices:

  • "disable"

  • "enable"

ptk-rekey-intv

integer

Deprecated, please rename it to ptk_rekey_intv. PTK rekey interval

qos-profile

string

Deprecated, please rename it to qos_profile. Quality of service profile name.

quarantine

string

Enable/disable station quarantine

Choices:

  • "disable"

  • "enable"

radio-2g-threshold

string

Deprecated, please rename it to radio_2g_threshold. Minimum signal level/threshold in dBm required for the AP response to …

radio-5g-threshold

string

Deprecated, please rename it to radio_5g_threshold. Minimum signal level/threshold in dBm required for the AP response to …

radio-sensitivity

string

Deprecated, please rename it to radio_sensitivity. Enable/disable software radio sensitivity

Choices:

  • "disable"

  • "enable"

radius-mac-auth

string

Deprecated, please rename it to radius_mac_auth. Enable/disable RADIUS-based MAC authentication of clients

Choices:

  • "disable"

  • "enable"

radius-mac-auth-block-interval

integer

Deprecated, please rename it to radius_mac_auth_block_interval. Dont send RADIUS MAC auth request again if the client has …

radius-mac-auth-server

string

Deprecated, please rename it to radius_mac_auth_server. RADIUS-based MAC authentication server.

radius-mac-auth-usergroups

any

(list) Deprecated, please rename it to radius_mac_auth_usergroups. Selective user groups that are permitted for RADIUS mac…

radius-mac-mpsk-auth

string

Deprecated, please rename it to radius_mac_mpsk_auth. Enable/disable RADIUS-based MAC authentication of clients for MPSK a…

Choices:

  • "disable"

  • "enable"

radius-mac-mpsk-timeout

integer

Deprecated, please rename it to radius_mac_mpsk_timeout. RADIUS MAC MPSK cache timeout interval

radius-server

string

Deprecated, please rename it to radius_server. RADIUS server to be used to authenticate WiFi users.

rates-11a

list / elements=string

Deprecated, please rename it to rates_11a. Allowed data rates for 802.

Choices:

  • "1"

  • "1-basic"

  • "2"

  • "2-basic"

  • "5.5"

  • "5.5-basic"

  • "6"

  • "6-basic"

  • "9"

  • "9-basic"

  • "12"

  • "12-basic"

  • "18"

  • "18-basic"

  • "24"

  • "24-basic"

  • "36"

  • "36-basic"

  • "48"

  • "48-basic"

  • "54"

  • "54-basic"

  • "11"

  • "11-basic"

rates-11ac-mcs-map

string

Deprecated, please rename it to rates_11ac_mcs_map. Comma separated list of max supported VHT MCS for spatial streams 1 th…

rates-11ac-ss12

list / elements=string

Deprecated, please rename it to rates_11ac_ss12. Allowed data rates for 802.

Choices:

  • "mcs0/1"

  • "mcs1/1"

  • "mcs2/1"

  • "mcs3/1"

  • "mcs4/1"

  • "mcs5/1"

  • "mcs6/1"

  • "mcs7/1"

  • "mcs8/1"

  • "mcs9/1"

  • "mcs0/2"

  • "mcs1/2"

  • "mcs2/2"

  • "mcs3/2"

  • "mcs4/2"

  • "mcs5/2"

  • "mcs6/2"

  • "mcs7/2"

  • "mcs8/2"

  • "mcs9/2"

  • "mcs10/1"

  • "mcs11/1"

  • "mcs10/2"

  • "mcs11/2"

rates-11ac-ss34

list / elements=string

Deprecated, please rename it to rates_11ac_ss34. Allowed data rates for 802.

Choices:

  • "mcs0/3"

  • "mcs1/3"

  • "mcs2/3"

  • "mcs3/3"

  • "mcs4/3"

  • "mcs5/3"

  • "mcs6/3"

  • "mcs7/3"

  • "mcs8/3"

  • "mcs9/3"

  • "mcs0/4"

  • "mcs1/4"

  • "mcs2/4"

  • "mcs3/4"

  • "mcs4/4"

  • "mcs5/4"

  • "mcs6/4"

  • "mcs7/4"

  • "mcs8/4"

  • "mcs9/4"

  • "mcs10/3"

  • "mcs11/3"

  • "mcs10/4"

  • "mcs11/4"

rates-11ax-mcs-map

string

Deprecated, please rename it to rates_11ax_mcs_map. Comma separated list of max supported HE MCS for spatial streams 1 thr…

rates-11ax-ss12

list / elements=string

Deprecated, please rename it to rates_11ax_ss12. Allowed data rates for 802.

Choices:

  • "mcs0/1"

  • "mcs1/1"

  • "mcs2/1"

  • "mcs3/1"

  • "mcs4/1"

  • "mcs5/1"

  • "mcs6/1"

  • "mcs7/1"

  • "mcs8/1"

  • "mcs9/1"

  • "mcs10/1"

  • "mcs11/1"

  • "mcs0/2"

  • "mcs1/2"

  • "mcs2/2"

  • "mcs3/2"

  • "mcs4/2"

  • "mcs5/2"

  • "mcs6/2"

  • "mcs7/2"

  • "mcs8/2"

  • "mcs9/2"

  • "mcs10/2"

  • "mcs11/2"

rates-11ax-ss34

list / elements=string

Deprecated, please rename it to rates_11ax_ss34. Allowed data rates for 802.

Choices:

  • "mcs0/3"

  • "mcs1/3"

  • "mcs2/3"

  • "mcs3/3"

  • "mcs4/3"

  • "mcs5/3"

  • "mcs6/3"

  • "mcs7/3"

  • "mcs8/3"

  • "mcs9/3"

  • "mcs10/3"

  • "mcs11/3"

  • "mcs0/4"

  • "mcs1/4"

  • "mcs2/4"

  • "mcs3/4"

  • "mcs4/4"

  • "mcs5/4"

  • "mcs6/4"

  • "mcs7/4"

  • "mcs8/4"

  • "mcs9/4"

  • "mcs10/4"

  • "mcs11/4"

rates-11be-mcs-map

string

Deprecated, please rename it to rates_11be_mcs_map. Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-1…

rates-11be-mcs-map-160

string

Deprecated, please rename it to rates_11be_mcs_map_160. Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, …

rates-11be-mcs-map-320

string

Deprecated, please rename it to rates_11be_mcs_map_320. Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, …

rates-11bg

list / elements=string

Deprecated, please rename it to rates_11bg. Allowed data rates for 802.

Choices:

  • "1"

  • "1-basic"

  • "2"

  • "2-basic"

  • "5.5"

  • "5.5-basic"

  • "6"

  • "6-basic"

  • "9"

  • "9-basic"

  • "12"

  • "12-basic"

  • "18"

  • "18-basic"

  • "24"

  • "24-basic"

  • "36"

  • "36-basic"

  • "48"

  • "48-basic"

  • "54"

  • "54-basic"

  • "11"

  • "11-basic"

rates-11n-ss12

list / elements=string

Deprecated, please rename it to rates_11n_ss12. Allowed data rates for 802.

Choices:

  • "mcs0/1"

  • "mcs1/1"

  • "mcs2/1"

  • "mcs3/1"

  • "mcs4/1"

  • "mcs5/1"

  • "mcs6/1"

  • "mcs7/1"

  • "mcs8/2"

  • "mcs9/2"

  • "mcs10/2"

  • "mcs11/2"

  • "mcs12/2"

  • "mcs13/2"

  • "mcs14/2"

  • "mcs15/2"

rates-11n-ss34

list / elements=string

Deprecated, please rename it to rates_11n_ss34. Allowed data rates for 802.

Choices:

  • "mcs16/3"

  • "mcs17/3"

  • "mcs18/3"

  • "mcs19/3"

  • "mcs20/3"

  • "mcs21/3"

  • "mcs22/3"

  • "mcs23/3"

  • "mcs24/4"

  • "mcs25/4"

  • "mcs26/4"

  • "mcs27/4"

  • "mcs28/4"

  • "mcs29/4"

  • "mcs30/4"

  • "mcs31/4"

roaming-acct-interim-update

string

Deprecated, please rename it to roaming_acct_interim_update. Enable/disable using accounting interim update instead of acc…

Choices:

  • "disable"

  • "enable"

sae-groups

list / elements=string

Deprecated, please rename it to sae_groups. SAE-Groups.

Choices:

  • "1"

  • "2"

  • "5"

  • "14"

  • "15"

  • "16"

  • "17"

  • "18"

  • "19"

  • "20"

  • "21"

  • "27"

  • "28"

  • "29"

  • "30"

  • "31"

sae-h2e-only

string

Deprecated, please rename it to sae_h2e_only. Use hash-to-element-only mechanism for PWE derivation

Choices:

  • "disable"

  • "enable"

sae-hnp-only

string

Deprecated, please rename it to sae_hnp_only. Use hunting-and-pecking-only mechanism for PWE derivation

Choices:

  • "disable"

  • "enable"

sae-password

any

(list) Deprecated, please rename it to sae_password. WPA3 SAE password to be used to authenticate WiFi users.

sae-pk

string

Deprecated, please rename it to sae_pk. Enable/disable WPA3 SAE-PK

Choices:

  • "disable"

  • "enable"

sae-private-key

string

Deprecated, please rename it to sae_private_key. Private key used for WPA3 SAE-PK authentication.

scan-botnet-connections

string

Deprecated, please rename it to scan_botnet_connections. Block or monitor connections to Botnet servers or disable Botnet …

Choices:

  • "disable"

  • "block"

  • "monitor"

schedule

any

(list or str) VAP schedule name.

secondary-wag-profile

string

Deprecated, please rename it to secondary_wag_profile. Secondary wireless access gateway profile name.

security

string

Security mode for the wireless interface

Choices:

  • "None"

  • "WEP64"

  • "wep64"

  • "WEP128"

  • "wep128"

  • "WPA_PSK"

  • "WPA_RADIUS"

  • "WPA"

  • "WPA2"

  • "WPA2_AUTO"

  • "open"

  • "wpa-personal"

  • "wpa-enterprise"

  • "captive-portal"

  • "wpa-only-personal"

  • "wpa-only-enterprise"

  • "wpa2-only-personal"

  • "wpa2-only-enterprise"

  • "wpa-personal+captive-portal"

  • "wpa-only-personal+captive-portal"

  • "wpa2-only-personal+captive-portal"

  • "osen"

  • "wpa3-enterprise"

  • "sae"

  • "sae-transition"

  • "owe"

  • "wpa3-sae"

  • "wpa3-sae-transition"

  • "wpa3-only-enterprise"

  • "wpa3-enterprise-transition"

security-exempt-list

string

Deprecated, please rename it to security_exempt_list. Optional security exempt list for captive portal authentication.

security-obsolete-option

string

Deprecated, please rename it to security_obsolete_option. Enable/disable obsolete security options.

Choices:

  • "disable"

  • "enable"

security-redirect-url

string

Deprecated, please rename it to security_redirect_url. Optional URL for redirecting users after they pass captive portal a…

selected-usergroups

any

(list or str) Deprecated, please rename it to selected_usergroups. Selective user groups that are permitted to authenticate.

split-tunneling

string

Deprecated, please rename it to split_tunneling. Enable/disable split tunneling

Choices:

  • "disable"

  • "enable"

ssid

string

IEEE 802.

sticky-client-remove

string

Deprecated, please rename it to sticky_client_remove. Enable/disable sticky client remove to maintain good signal level cl…

Choices:

  • "disable"

  • "enable"

sticky-client-threshold-2g

string

Deprecated, please rename it to sticky_client_threshold_2g. Minimum signal level/threshold in dBm required for the 2G clie…

sticky-client-threshold-5g

string

Deprecated, please rename it to sticky_client_threshold_5g. Minimum signal level/threshold in dBm required for the 5G clie…

sticky-client-threshold-6g

string

Deprecated, please rename it to sticky_client_threshold_6g. Minimum signal level/threshold in dBm required for the 6G clie…

target-wake-time

string

Deprecated, please rename it to target_wake_time. Enable/disable 802.

Choices:

  • "disable"

  • "enable"

tkip-counter-measure

string

Deprecated, please rename it to tkip_counter_measure. Enable/disable TKIP counter measure.

Choices:

  • "disable"

  • "enable"

tunnel-echo-interval

integer

Deprecated, please rename it to tunnel_echo_interval. The time interval to send echo to both primary and secondary tunnel …

tunnel-fallback-interval

integer

Deprecated, please rename it to tunnel_fallback_interval. The time interval for secondary tunnel to fall back to primary t…

usergroup

any

(list or str) Firewall user group to be used to authenticate WiFi users.

utm-log

string

Deprecated, please rename it to utm_log. Enable/disable UTM logging.

Choices:

  • "disable"

  • "enable"

utm-profile

string

Deprecated, please rename it to utm_profile. UTM profile name.

utm-status

string

Deprecated, please rename it to utm_status. Enable to add one or more security profiles

Choices:

  • "disable"

  • "enable"

vdom

string

Name of the VDOM that the Virtual AP has been added to.

vlan-auto

string

Deprecated, please rename it to vlan_auto. Enable/disable automatic management of SSID VLAN interface.

Choices:

  • "disable"

  • "enable"

vlan-name

list / elements=dictionary

Deprecated, please rename it to vlan_name. Vlan name.

name

string

VLAN name.

vlan-id

integer

Deprecated, please rename it to vlan_id. VLAN ID.

vlan-pool

list / elements=dictionary

Deprecated, please rename it to vlan_pool. Vlan pool.

_wtp-group

string

Deprecated, please rename it to _wtp_group. Wtp group.

id

integer

ID.

wtp-group

string

Deprecated, please rename it to wtp_group. WTP group name.

vlan-pooling

string

Deprecated, please rename it to vlan_pooling. Enable/disable VLAN pooling, to allow grouping of multiple wireless controll…

Choices:

  • "wtp-group"

  • "round-robin"

  • "hash"

  • "disable"

vlanid

integer

Optional VLAN ID.

voice-enterprise

string

Deprecated, please rename it to voice_enterprise. Enable/disable 802.

Choices:

  • "disable"

  • "enable"

webfilter-profile

string

Deprecated, please rename it to webfilter_profile. WebFilter profile name.

workspace_locking_adom

string

The adom to lock for FortiManager running in workspace mode, the value can be global and others including root.

workspace_locking_timeout

integer

The maximum time in seconds to wait for other user to release the workspace lock.

Default: 300

Notes

Note

  • Starting in version 2.4.0, all input arguments are named using the underscore naming convention (snake_case). Please change the arguments such as “var-name” to “var_name”. Old argument names are still available yet you will receive deprecation warnings. You can ignore this warning by setting deprecation_warnings=False in ansible.cfg.

  • Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.

  • To create or update an object, use state present directive.

  • To delete an object, use state absent directive.

  • Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded

Examples

- name: Example playbook (generated based on argument schema)
  hosts: fortimanagers
  connection: httpapi
  vars:
    ansible_httpapi_use_ssl: true
    ansible_httpapi_validate_certs: false
    ansible_httpapi_port: 443
  tasks:
    - name: Configure Virtual Access Points
      fortinet.fortimanager.fmgr_vap:
        # bypass_validation: false
        workspace_locking_adom: <value in [global, custom adom including root]>
        workspace_locking_timeout: 300
        # rc_succeeded: [0, -2, -3, ...]
        # rc_failed: [-2, -3, ...]
        adom: <your own value>
        state: present # <value in [present, absent]>
        vap:
          _centmgmt: <value in [disable, enable]>
          _dhcp_svr_id: <string>
          _intf_allowaccess:
            - https
            - ping
            - ssh
            - snmp
            - http
            - telnet
            - fgfm
            - auto-ipsec
            - radius-acct
            - probe-response
            - capwap
            - dnp
            - ftm
            - fabric
            - speed-test
          _intf_device_identification: <value in [disable, enable]>
          _intf_device_netscan: <value in [disable, enable]>
          _intf_dhcp_relay_ip: <list or string>
          _intf_dhcp_relay_service: <value in [disable, enable]>
          _intf_dhcp_relay_type: <value in [regular, ipsec]>
          _intf_dhcp6_relay_ip: <string>
          _intf_dhcp6_relay_service: <value in [disable, enable]>
          _intf_dhcp6_relay_type: <value in [regular]>
          _intf_ip: <string>
          _intf_ip6_address: <string>
          _intf_ip6_allowaccess:
            - https
            - ping
            - ssh
            - snmp
            - http
            - telnet
            - any
            - fgfm
            - capwap
          _intf_listen_forticlient_connection: <value in [disable, enable]>
          acct_interim_interval: <integer>
          alias: <string>
          auth: <value in [PSK, psk, RADIUS, ...]>
          broadcast_ssid: <value in [disable, enable]>
          broadcast_suppression:
            - dhcp
            - arp
            - dhcp2
            - arp2
            - netbios-ns
            - netbios-ds
            - arp3
            - dhcp-up
            - dhcp-down
            - arp-known
            - arp-unknown
            - arp-reply
            - ipv6
            - dhcp-starvation
            - arp-poison
            - all-other-mc
            - all-other-bc
            - arp-proxy
            - dhcp-ucast
          captive_portal_ac_name: <string>
          captive_portal_macauth_radius_secret: <list or string>
          captive_portal_macauth_radius_server: <string>
          captive_portal_radius_secret: <list or string>
          captive_portal_radius_server: <string>
          captive_portal_session_timeout_interval: <integer>
          dhcp_lease_time: <integer>
          dhcp_option82_circuit_id_insertion: <value in [disable, style-1, style-2, ...]>
          dhcp_option82_insertion: <value in [disable, enable]>
          dhcp_option82_remote_id_insertion: <value in [disable, style-1]>
          dynamic_vlan: <value in [disable, enable]>
          dynamic_mapping:
            -
              _centmgmt: <value in [disable, enable]>
              _dhcp_svr_id: <string>
              _intf_allowaccess:
                - https
                - ping
                - ssh
                - snmp
                - http
                - telnet
                - fgfm
                - auto-ipsec
                - radius-acct
                - probe-response
                - capwap
                - dnp
                - ftm
                - fabric
                - speed-test
              _intf_device_identification: <value in [disable, enable]>
              _intf_device_netscan: <value in [disable, enable]>
              _intf_dhcp_relay_ip: <list or string>
              _intf_dhcp_relay_service: <value in [disable, enable]>
              _intf_dhcp_relay_type: <value in [regular, ipsec]>
              _intf_dhcp6_relay_ip: <string>
              _intf_dhcp6_relay_service: <value in [disable, enable]>
              _intf_dhcp6_relay_type: <value in [regular]>
              _intf_ip: <string>
              _intf_ip6_address: <string>
              _intf_ip6_allowaccess:
                - https
                - ping
                - ssh
                - snmp
                - http
                - telnet
                - any
                - fgfm
                - capwap
              _intf_listen_forticlient_connection: <value in [disable, enable]>
              _scope:
                -
                  name: <string>
                  vdom: <string>
              acct_interim_interval: <integer>
              address_group: <string>
              alias: <string>
              atf_weight: <integer>
              auth: <value in [PSK, psk, RADIUS, ...]>
              broadcast_ssid: <value in [disable, enable]>
              broadcast_suppression:
                - dhcp
                - arp
                - dhcp2
                - arp2
                - netbios-ns
                - netbios-ds
                - arp3
                - dhcp-up
                - dhcp-down
                - arp-known
                - arp-unknown
                - arp-reply
                - ipv6
                - dhcp-starvation
                - arp-poison
                - all-other-mc
                - all-other-bc
                - arp-proxy
                - dhcp-ucast
              captive_portal_ac_name: <string>
              captive_portal_macauth_radius_secret: <list or string>
              captive_portal_macauth_radius_server: <string>
              captive_portal_radius_secret: <list or string>
              captive_portal_radius_server: <string>
              captive_portal_session_timeout_interval: <integer>
              client_count: <integer>
              dhcp_lease_time: <integer>
              dhcp_option82_circuit_id_insertion: <value in [disable, style-1, style-2, ...]>
              dhcp_option82_insertion: <value in [disable, enable]>
              dhcp_option82_remote_id_insertion: <value in [disable, style-1]>
              dynamic_vlan: <value in [disable, enable]>
              eap_reauth: <value in [disable, enable]>
              eap_reauth_intv: <integer>
              eapol_key_retries: <value in [disable, enable]>
              encrypt: <value in [TKIP, AES, TKIP-AES]>
              external_fast_roaming: <value in [disable, enable]>
              external_logout: <string>
              external_web: <string>
              fast_bss_transition: <value in [disable, enable]>
              fast_roaming: <value in [disable, enable]>
              ft_mobility_domain: <integer>
              ft_over_ds: <value in [disable, enable]>
              ft_r0_key_lifetime: <integer>
              gtk_rekey: <value in [disable, enable]>
              gtk_rekey_intv: <integer>
              hotspot20_profile: <string>
              intra_vap_privacy: <value in [disable, enable]>
              ip: <string>
              key: <list or string>
              keyindex: <integer>
              ldpc: <value in [disable, tx, rx, ...]>
              local_authentication: <value in [disable, enable]>
              local_bridging: <value in [disable, enable]>
              local_lan: <value in [deny, allow]>
              local_standalone: <value in [disable, enable]>
              local_standalone_nat: <value in [disable, enable]>
              local_switching: <value in [disable, enable]>
              mac_auth_bypass: <value in [disable, enable]>
              mac_filter: <value in [disable, enable]>
              mac_filter_policy_other: <value in [deny, allow]>
              max_clients: <integer>
              max_clients_ap: <integer>
              me_disable_thresh: <integer>
              mesh_backhaul: <value in [disable, enable]>
              mpsk: <value in [disable, enable]>
              mpsk_concurrent_clients: <integer>
              multicast_enhance: <value in [disable, enable]>
              multicast_rate: <value in [0, 6000, 12000, ...]>
              okc: <value in [disable, enable]>
              owe_groups:
                - 19
                - 20
                - 21
              owe_transition: <value in [disable, enable]>
              owe_transition_ssid: <string>
              passphrase: <list or string>
              pmf: <value in [disable, enable, optional]>
              pmf_assoc_comeback_timeout: <integer>
              pmf_sa_query_retry_timeout: <integer>
              portal_message_override_group: <string>
              portal_type: <value in [auth, auth+disclaimer, disclaimer, ...]>
              probe_resp_suppression: <value in [disable, enable]>
              probe_resp_threshold: <string>
              ptk_rekey: <value in [disable, enable]>
              ptk_rekey_intv: <integer>
              qos_profile: <string>
              quarantine: <value in [disable, enable]>
              radio_2g_threshold: <string>
              radio_5g_threshold: <string>
              radio_sensitivity: <value in [disable, enable]>
              radius_mac_auth: <value in [disable, enable]>
              radius_mac_auth_server: <string>
              radius_mac_auth_usergroups: <list or string>
              radius_server: <string>
              rates_11a:
                - 1
                - 1-basic
                - 2
                - 2-basic
                - 5.5
                - 5.5-basic
                - 6
                - 6-basic
                - 9
                - 9-basic
                - 12
                - 12-basic
                - 18
                - 18-basic
                - 24
                - 24-basic
                - 36
                - 36-basic
                - 48
                - 48-basic
                - 54
                - 54-basic
                - 11
                - 11-basic
              rates_11ac_ss12:
                - mcs0/1
                - mcs1/1
                - mcs2/1
                - mcs3/1
                - mcs4/1
                - mcs5/1
                - mcs6/1
                - mcs7/1
                - mcs8/1
                - mcs9/1
                - mcs0/2
                - mcs1/2
                - mcs2/2
                - mcs3/2
                - mcs4/2
                - mcs5/2
                - mcs6/2
                - mcs7/2
                - mcs8/2
                - mcs9/2
                - mcs10/1
                - mcs11/1
                - mcs10/2
                - mcs11/2
              rates_11ac_ss34:
                - mcs0/3
                - mcs1/3
                - mcs2/3
                - mcs3/3
                - mcs4/3
                - mcs5/3
                - mcs6/3
                - mcs7/3
                - mcs8/3
                - mcs9/3
                - mcs0/4
                - mcs1/4
                - mcs2/4
                - mcs3/4
                - mcs4/4
                - mcs5/4
                - mcs6/4
                - mcs7/4
                - mcs8/4
                - mcs9/4
                - mcs10/3
                - mcs11/3
                - mcs10/4
                - mcs11/4
              rates_11bg:
                - 1
                - 1-basic
                - 2
                - 2-basic
                - 5.5
                - 5.5-basic
                - 6
                - 6-basic
                - 9
                - 9-basic
                - 12
                - 12-basic
                - 18
                - 18-basic
                - 24
                - 24-basic
                - 36
                - 36-basic
                - 48
                - 48-basic
                - 54
                - 54-basic
                - 11
                - 11-basic
              rates_11n_ss12:
                - mcs0/1
                - mcs1/1
                - mcs2/1
                - mcs3/1
                - mcs4/1
                - mcs5/1
                - mcs6/1
                - mcs7/1
                - mcs8/2
                - mcs9/2
                - mcs10/2
                - mcs11/2
                - mcs12/2
                - mcs13/2
                - mcs14/2
                - mcs15/2
              rates_11n_ss34:
                - mcs16/3
                - mcs17/3
                - mcs18/3
                - mcs19/3
                - mcs20/3
                - mcs21/3
                - mcs22/3
                - mcs23/3
                - mcs24/4
                - mcs25/4
                - mcs26/4
                - mcs27/4
                - mcs28/4
                - mcs29/4
                - mcs30/4
                - mcs31/4
              sae_groups:
                - 1
                - 2
                - 5
                - 14
                - 15
                - 16
                - 17
                - 18
                - 19
                - 20
                - 21
                - 27
                - 28
                - 29
                - 30
                - 31
              sae_password: <list or string>
              schedule: <list or string>
              security: <value in [None, WEP64, wep64, ...]>
              security_exempt_list: <string>
              security_obsolete_option: <value in [disable, enable]>
              security_redirect_url: <string>
              selected_usergroups: <list or string>
              split_tunneling: <value in [disable, enable]>
              ssid: <string>
              tkip_counter_measure: <value in [disable, enable]>
              usergroup: <list or string>
              utm_profile: <string>
              vdom: <list or string>
              vlan_auto: <value in [disable, enable]>
              vlan_pooling: <value in [wtp-group, round-robin, hash, ...]>
              vlanid: <integer>
              voice_enterprise: <value in [disable, enable]>
              mu_mimo: <value in [disable, enable]>
              _intf_device_access_list: <string>
              external_web_format: <value in [auto-detect, no-query-string, partial-query-string]>
              high_efficiency: <value in [disable, enable]>
              primary_wag_profile: <string>
              secondary_wag_profile: <string>
              target_wake_time: <value in [disable, enable]>
              tunnel_echo_interval: <integer>
              tunnel_fallback_interval: <integer>
              access_control_list: <string>
              captive_portal_auth_timeout: <integer>
              ipv6_rules:
                - drop-icmp6ra
                - drop-icmp6rs
                - drop-llmnr6
                - drop-icmp6mld2
                - drop-dhcp6s
                - drop-dhcp6c
                - ndp-proxy
                - drop-ns-dad
                - drop-ns-nondad
              sticky_client_remove: <value in [disable, enable]>
              sticky_client_threshold_2g: <string>
              sticky_client_threshold_5g: <string>
              bss_color_partial: <value in [disable, enable]>
              dhcp_option43_insertion: <value in [disable, enable]>
              mpsk_profile: <string>
              igmp_snooping: <value in [disable, enable]>
              port_macauth: <value in [disable, radius, address-group]>
              port_macauth_reauth_timeout: <integer>
              port_macauth_timeout: <integer>
              additional_akms:
                - akm6
                - akm24
              bstm_disassociation_imminent: <value in [disable, enable]>
              bstm_load_balancing_disassoc_timer: <integer>
              bstm_rssi_disassoc_timer: <integer>
              dhcp_address_enforcement: <value in [disable, enable]>
              gas_comeback_delay: <integer>
              gas_fragmentation_limit: <integer>
              mac_called_station_delimiter: <value in [hyphen, single-hyphen, colon, ...]>
              mac_calling_station_delimiter: <value in [hyphen, single-hyphen, colon, ...]>
              mac_case: <value in [uppercase, lowercase]>
              mac_password_delimiter: <value in [hyphen, single-hyphen, colon, ...]>
              mac_username_delimiter: <value in [hyphen, single-hyphen, colon, ...]>
              mbo: <value in [disable, enable]>
              mbo_cell_data_conn_pref: <value in [excluded, prefer-not, prefer-use]>
              nac: <value in [disable, enable]>
              nac_profile: <string>
              neighbor_report_dual_band: <value in [disable, enable]>
              address_group_policy: <value in [disable, allow, deny]>
              antivirus_profile: <string>
              application_detection_engine: <value in [disable, enable]>
              application_list: <string>
              application_report_intv: <integer>
              auth_cert: <string>
              auth_portal_addr: <string>
              beacon_advertising:
                - name
                - model
                - serial-number
              ips_sensor: <string>
              l3_roaming: <value in [disable, enable]>
              local_standalone_dns: <value in [disable, enable]>
              local_standalone_dns_ip: <list or string>
              osen: <value in [disable, enable]>
              radius_mac_mpsk_auth: <value in [disable, enable]>
              radius_mac_mpsk_timeout: <integer>
              rates_11ax_ss12:
                - mcs0/1
                - mcs1/1
                - mcs2/1
                - mcs3/1
                - mcs4/1
                - mcs5/1
                - mcs6/1
                - mcs7/1
                - mcs8/1
                - mcs9/1
                - mcs10/1
                - mcs11/1
                - mcs0/2
                - mcs1/2
                - mcs2/2
                - mcs3/2
                - mcs4/2
                - mcs5/2
                - mcs6/2
                - mcs7/2
                - mcs8/2
                - mcs9/2
                - mcs10/2
                - mcs11/2
              rates_11ax_ss34:
                - mcs0/3
                - mcs1/3
                - mcs2/3
                - mcs3/3
                - mcs4/3
                - mcs5/3
                - mcs6/3
                - mcs7/3
                - mcs8/3
                - mcs9/3
                - mcs10/3
                - mcs11/3
                - mcs0/4
                - mcs1/4
                - mcs2/4
                - mcs3/4
                - mcs4/4
                - mcs5/4
                - mcs6/4
                - mcs7/4
                - mcs8/4
                - mcs9/4
                - mcs10/4
                - mcs11/4
              scan_botnet_connections: <value in [disable, block, monitor]>
              utm_log: <value in [disable, enable]>
              utm_status: <value in [disable, enable]>
              webfilter_profile: <string>
              sae_h2e_only: <value in [disable, enable]>
              sae_pk: <value in [disable, enable]>
              sae_private_key: <string>
              sticky_client_threshold_6g: <string>
              application_dscp_marking: <value in [disable, enable]>
              l3_roaming_mode: <value in [direct, indirect]>
              rates_11ac_mcs_map: <string>
              rates_11ax_mcs_map: <string>
              captive_portal_fw_accounting: <value in [disable, enable]>
              radius_mac_auth_block_interval: <integer>
              _is_factory_setting: <value in [disable, enable, ext]>
              d80211k: <value in [disable, enable]>
              d80211v: <value in [disable, enable]>
              roaming_acct_interim_update: <value in [disable, enable]>
              sae_hnp_only: <value in [disable, enable]>
              akm24_only: <value in [disable, enable]>
              beacon_protection: <value in [disable, enable]>
              captive_portal: <value in [disable, enable]>
              nas_filter_rule: <value in [disable, enable]>
              rates_11be_mcs_map: <string>
              rates_11be_mcs_map_160: <string>
              rates_11be_mcs_map_320: <string>
              _intf_ip_managed_by_fortiipam: <value in [disable, enable, inherit-global]>
              _intf_managed_subnetwork_size: <value in [32, 64, 128, ...]>
              domain_name_stripping: <value in [disable, enable]>
              local_lan_partition: <value in [disable, enable]>
          eap_reauth: <value in [disable, enable]>
          eap_reauth_intv: <integer>
          eapol_key_retries: <value in [disable, enable]>
          encrypt: <value in [TKIP, AES, TKIP-AES]>
          external_fast_roaming: <value in [disable, enable]>
          external_logout: <string>
          external_web: <string>
          fast_bss_transition: <value in [disable, enable]>
          fast_roaming: <value in [disable, enable]>
          ft_mobility_domain: <integer>
          ft_over_ds: <value in [disable, enable]>
          ft_r0_key_lifetime: <integer>
          gtk_rekey: <value in [disable, enable]>
          gtk_rekey_intv: <integer>
          hotspot20_profile: <string>
          intra_vap_privacy: <value in [disable, enable]>
          ip: <string>
          key: <list or string>
          keyindex: <integer>
          ldpc: <value in [disable, tx, rx, ...]>
          local_authentication: <value in [disable, enable]>
          local_bridging: <value in [disable, enable]>
          local_lan: <value in [deny, allow]>
          local_standalone: <value in [disable, enable]>
          local_standalone_nat: <value in [disable, enable]>
          mac_auth_bypass: <value in [disable, enable]>
          mac_filter: <value in [disable, enable]>
          mac_filter_list:
            -
              id: <integer>
              mac: <string>
              mac_filter_policy: <value in [deny, allow]>
          mac_filter_policy_other: <value in [deny, allow]>
          max_clients: <integer>
          max_clients_ap: <integer>
          me_disable_thresh: <integer>
          mesh_backhaul: <value in [disable, enable]>
          mpsk: <value in [disable, enable]>
          mpsk_concurrent_clients: <integer>
          mpsk_key:
            -
              comment: <string>
              concurrent_clients: <string>
              key_name: <string>
              passphrase: <list or string>
              mpsk_schedules: <list or string>
          multicast_enhance: <value in [disable, enable]>
          multicast_rate: <value in [0, 6000, 12000, ...]>
          name: <string>
          okc: <value in [disable, enable]>
          passphrase: <list or string>
          pmf: <value in [disable, enable, optional]>
          pmf_assoc_comeback_timeout: <integer>
          pmf_sa_query_retry_timeout: <integer>
          portal_message_override_group: <string>
          portal_type: <value in [auth, auth+disclaimer, disclaimer, ...]>
          probe_resp_suppression: <value in [disable, enable]>
          probe_resp_threshold: <string>
          ptk_rekey: <value in [disable, enable]>
          ptk_rekey_intv: <integer>
          qos_profile: <string>
          quarantine: <value in [disable, enable]>
          radio_2g_threshold: <string>
          radio_5g_threshold: <string>
          radio_sensitivity: <value in [disable, enable]>
          radius_mac_auth: <value in [disable, enable]>
          radius_mac_auth_server: <string>
          radius_mac_auth_usergroups: <list or string>
          radius_server: <string>
          rates_11a:
            - 1
            - 1-basic
            - 2
            - 2-basic
            - 5.5
            - 5.5-basic
            - 6
            - 6-basic
            - 9
            - 9-basic
            - 12
            - 12-basic
            - 18
            - 18-basic
            - 24
            - 24-basic
            - 36
            - 36-basic
            - 48
            - 48-basic
            - 54
            - 54-basic
            - 11
            - 11-basic
          rates_11ac_ss12:
            - mcs0/1
            - mcs1/1
            - mcs2/1
            - mcs3/1
            - mcs4/1
            - mcs5/1
            - mcs6/1
            - mcs7/1
            - mcs8/1
            - mcs9/1
            - mcs0/2
            - mcs1/2
            - mcs2/2
            - mcs3/2
            - mcs4/2
            - mcs5/2
            - mcs6/2
            - mcs7/2
            - mcs8/2
            - mcs9/2
            - mcs10/1
            - mcs11/1
            - mcs10/2
            - mcs11/2
          rates_11ac_ss34:
            - mcs0/3
            - mcs1/3
            - mcs2/3
            - mcs3/3
            - mcs4/3
            - mcs5/3
            - mcs6/3
            - mcs7/3
            - mcs8/3
            - mcs9/3
            - mcs0/4
            - mcs1/4
            - mcs2/4
            - mcs3/4
            - mcs4/4
            - mcs5/4
            - mcs6/4
            - mcs7/4
            - mcs8/4
            - mcs9/4
            - mcs10/3
            - mcs11/3
            - mcs10/4
            - mcs11/4
          rates_11bg:
            - 1
            - 1-basic
            - 2
            - 2-basic
            - 5.5
            - 5.5-basic
            - 6
            - 6-basic
            - 9
            - 9-basic
            - 12
            - 12-basic
            - 18
            - 18-basic
            - 24
            - 24-basic
            - 36
            - 36-basic
            - 48
            - 48-basic
            - 54
            - 54-basic
            - 11
            - 11-basic
          rates_11n_ss12:
            - mcs0/1
            - mcs1/1
            - mcs2/1
            - mcs3/1
            - mcs4/1
            - mcs5/1
            - mcs6/1
            - mcs7/1
            - mcs8/2
            - mcs9/2
            - mcs10/2
            - mcs11/2
            - mcs12/2
            - mcs13/2
            - mcs14/2
            - mcs15/2
          rates_11n_ss34:
            - mcs16/3
            - mcs17/3
            - mcs18/3
            - mcs19/3
            - mcs20/3
            - mcs21/3
            - mcs22/3
            - mcs23/3
            - mcs24/4
            - mcs25/4
            - mcs26/4
            - mcs27/4
            - mcs28/4
            - mcs29/4
            - mcs30/4
            - mcs31/4
          schedule: <list or string>
          security: <value in [None, WEP64, wep64, ...]>
          security_exempt_list: <string>
          security_obsolete_option: <value in [disable, enable]>
          security_redirect_url: <string>
          selected_usergroups: <list or string>
          split_tunneling: <value in [disable, enable]>
          ssid: <string>
          tkip_counter_measure: <value in [disable, enable]>
          usergroup: <list or string>
          utm_profile: <string>
          vdom: <string>
          vlan_auto: <value in [disable, enable]>
          vlan_pool:
            -
              _wtp_group: <string>
              id: <integer>
              wtp_group: <string>
          vlan_pooling: <value in [wtp-group, round-robin, hash, ...]>
          vlanid: <integer>
          voice_enterprise: <value in [disable, enable]>
          address_group: <string>
          atf_weight: <integer>
          mu_mimo: <value in [disable, enable]>
          owe_groups:
            - 19
            - 20
            - 21
          owe_transition: <value in [disable, enable]>
          owe_transition_ssid: <string>
          sae_groups:
            - 1
            - 2
            - 5
            - 14
            - 15
            - 16
            - 17
            - 18
            - 19
            - 20
            - 21
            - 27
            - 28
            - 29
            - 30
            - 31
          sae_password: <list or string>
          _intf_device_access_list: <string>
          external_web_format: <value in [auto-detect, no-query-string, partial-query-string]>
          high_efficiency: <value in [disable, enable]>
          primary_wag_profile: <string>
          secondary_wag_profile: <string>
          target_wake_time: <value in [disable, enable]>
          tunnel_echo_interval: <integer>
          tunnel_fallback_interval: <integer>
          access_control_list: <string>
          captive_portal_auth_timeout: <integer>
          ipv6_rules:
            - drop-icmp6ra
            - drop-icmp6rs
            - drop-llmnr6
            - drop-icmp6mld2
            - drop-dhcp6s
            - drop-dhcp6c
            - ndp-proxy
            - drop-ns-dad
            - drop-ns-nondad
          sticky_client_remove: <value in [disable, enable]>
          sticky_client_threshold_2g: <string>
          sticky_client_threshold_5g: <string>
          bss_color_partial: <value in [disable, enable]>
          dhcp_option43_insertion: <value in [disable, enable]>
          mpsk_profile: <string>
          igmp_snooping: <value in [disable, enable]>
          port_macauth: <value in [disable, radius, address-group]>
          port_macauth_reauth_timeout: <integer>
          port_macauth_timeout: <integer>
          portal_message_overrides:
            auth_disclaimer_page: <string>
            auth_login_failed_page: <string>
            auth_login_page: <string>
            auth_reject_page: <string>
          additional_akms:
            - akm6
            - akm24
          bstm_disassociation_imminent: <value in [disable, enable]>
          bstm_load_balancing_disassoc_timer: <integer>
          bstm_rssi_disassoc_timer: <integer>
          dhcp_address_enforcement: <value in [disable, enable]>
          gas_comeback_delay: <integer>
          gas_fragmentation_limit: <integer>
          mac_called_station_delimiter: <value in [hyphen, single-hyphen, colon, ...]>
          mac_calling_station_delimiter: <value in [hyphen, single-hyphen, colon, ...]>
          mac_case: <value in [uppercase, lowercase]>
          mac_password_delimiter: <value in [hyphen, single-hyphen, colon, ...]>
          mac_username_delimiter: <value in [hyphen, single-hyphen, colon, ...]>
          mbo: <value in [disable, enable]>
          mbo_cell_data_conn_pref: <value in [excluded, prefer-not, prefer-use]>
          nac: <value in [disable, enable]>
          nac_profile: <string>
          neighbor_report_dual_band: <value in [disable, enable]>
          address_group_policy: <value in [disable, allow, deny]>
          antivirus_profile: <string>
          application_detection_engine: <value in [disable, enable]>
          application_list: <string>
          application_report_intv: <integer>
          auth_cert: <string>
          auth_portal_addr: <string>
          beacon_advertising:
            - name
            - model
            - serial-number
          ips_sensor: <string>
          l3_roaming: <value in [disable, enable]>
          local_standalone_dns: <value in [disable, enable]>
          local_standalone_dns_ip: <list or string>
          osen: <value in [disable, enable]>
          radius_mac_mpsk_auth: <value in [disable, enable]>
          radius_mac_mpsk_timeout: <integer>
          rates_11ax_ss12:
            - mcs0/1
            - mcs1/1
            - mcs2/1
            - mcs3/1
            - mcs4/1
            - mcs5/1
            - mcs6/1
            - mcs7/1
            - mcs8/1
            - mcs9/1
            - mcs10/1
            - mcs11/1
            - mcs0/2
            - mcs1/2
            - mcs2/2
            - mcs3/2
            - mcs4/2
            - mcs5/2
            - mcs6/2
            - mcs7/2
            - mcs8/2
            - mcs9/2
            - mcs10/2
            - mcs11/2
          rates_11ax_ss34:
            - mcs0/3
            - mcs1/3
            - mcs2/3
            - mcs3/3
            - mcs4/3
            - mcs5/3
            - mcs6/3
            - mcs7/3
            - mcs8/3
            - mcs9/3
            - mcs10/3
            - mcs11/3
            - mcs0/4
            - mcs1/4
            - mcs2/4
            - mcs3/4
            - mcs4/4
            - mcs5/4
            - mcs6/4
            - mcs7/4
            - mcs8/4
            - mcs9/4
            - mcs10/4
            - mcs11/4
          scan_botnet_connections: <value in [disable, block, monitor]>
          utm_log: <value in [disable, enable]>
          utm_status: <value in [disable, enable]>
          vlan_name:
            -
              name: <string>
              vlan_id: <integer>
          webfilter_profile: <string>
          sae_h2e_only: <value in [disable, enable]>
          sae_pk: <value in [disable, enable]>
          sae_private_key: <string>
          sticky_client_threshold_6g: <string>
          application_dscp_marking: <value in [disable, enable]>
          l3_roaming_mode: <value in [direct, indirect]>
          rates_11ac_mcs_map: <string>
          rates_11ax_mcs_map: <string>
          captive_portal_fw_accounting: <value in [disable, enable]>
          radius_mac_auth_block_interval: <integer>
          _is_factory_setting: <value in [disable, enable, ext]>
          d80211k: <value in [disable, enable]>
          d80211v: <value in [disable, enable]>
          roaming_acct_interim_update: <value in [disable, enable]>
          sae_hnp_only: <value in [disable, enable]>
          akm24_only: <value in [disable, enable]>
          beacon_protection: <value in [disable, enable]>
          captive_portal: <value in [disable, enable]>
          nas_filter_rule: <value in [disable, enable]>
          rates_11be_mcs_map: <string>
          rates_11be_mcs_map_160: <string>
          rates_11be_mcs_map_320: <string>
          _intf_ip_managed_by_fortiipam: <value in [disable, enable, inherit-global]>
          _intf_managed_subnetwork_size: <value in [32, 64, 128, ...]>
          domain_name_stripping: <value in [disable, enable]>
          local_lan_partition: <value in [disable, enable]>

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

meta

dictionary

The result of the request.

Returned: always

request_url

string

The full url requested.

Returned: always

Sample: "/sys/login/user"

response_code

integer

The status of api request.

Returned: always

Sample: 0

response_data

list / elements=string

The api response.

Returned: always

response_message

string

The descriptive message of the api response.

Returned: always

Sample: "OK."

system_information

dictionary

The information of the target system.

Returned: always

rc

integer

The status the request.

Returned: always

Sample: 0

version_check_warning

list / elements=string

Warning if the parameters used in the playbook are not supported by the current FortiManager version.

Returned: complex

Authors

  • Xinwei Du (@dux-fortinet)

  • Xing Li (@lix-fortinet)

  • Jie Xue (@JieX19)

  • Link Zheng (@chillancezen)

  • Frank Shen (@fshen01)

  • Hongbin Lu (@fgtdev-hblu)