fortinet.fortimanager.fmgr_vap module – Configure Virtual Access Points

Note

This module is part of the fortinet.fortimanager collection (version 2.8.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install fortinet.fortimanager.

To use it in a playbook, specify: fortinet.fortimanager.fmgr_vap.

New in fortinet.fortimanager 2.0.0

Synopsis

  • This module is able to configure a FortiManager device.

  • Examples include all parameters and values which need to be adjusted to data sources before usage.

Parameters

Parameter

Comments

access_token

string

The token to access FortiManager without using username and password.

adom

string / required

The parameter (adom) in requested url.

bypass_validation

boolean

Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters.

Choices:

  • false ← (default)

  • true

enable_log

boolean

Enable/Disable logging for task.

Choices:

  • false ← (default)

  • true

forticloud_access_token

string

Authenticate Ansible client with forticloud API access token.

proposed_method

string

The overridden method for the underlying Json RPC request.

Choices:

  • "update"

  • "set"

  • "add"

rc_failed

list / elements=integer

The rc codes list with which the conditions to fail will be overriden.

rc_succeeded

list / elements=integer

The rc codes list with which the conditions to succeed will be overriden.

state

string / required

The directive to create, update or delete an object.

Choices:

  • "present"

  • "absent"

vap

dictionary

The top level parameters set.

_centmgmt

string

Centmgmt.

Choices:

  • "disable"

  • "enable"

_dhcp_svr_id

string

Dhcp svr id.

_intf_allowaccess

list / elements=string

Intf allowaccess.

Choices:

  • "https"

  • "ping"

  • "ssh"

  • "snmp"

  • "http"

  • "telnet"

  • "fgfm"

  • "auto-ipsec"

  • "radius-acct"

  • "probe-response"

  • "capwap"

  • "dnp"

  • "ftm"

  • "fabric"

  • "speed-test"

_intf_device_access_list

string

Intf device access list.

_intf_device_identification

string

Intf device identification.

Choices:

  • "disable"

  • "enable"

_intf_device_netscan

string

Intf device netscan.

Choices:

  • "disable"

  • "enable"

_intf_dhcp6_relay_ip

string

Intf dhcp6 relay ip.

_intf_dhcp6_relay_service

string

Intf dhcp6 relay service.

Choices:

  • "disable"

  • "enable"

_intf_dhcp6_relay_type

string

Intf dhcp6 relay type.

Choices:

  • "regular"

_intf_dhcp_relay_ip

any

(list) Intf dhcp relay ip.

_intf_dhcp_relay_service

string

Intf dhcp relay service.

Choices:

  • "disable"

  • "enable"

_intf_dhcp_relay_type

string

Intf dhcp relay type.

Choices:

  • "regular"

  • "ipsec"

_intf_ip

string

Intf ip.

_intf_ip6_address

string

Intf ip6 address.

_intf_ip6_allowaccess

list / elements=string

Intf ip6 allowaccess.

Choices:

  • "https"

  • "ping"

  • "ssh"

  • "snmp"

  • "http"

  • "telnet"

  • "any"

  • "fgfm"

  • "capwap"

_intf_ip_managed_by_fortiipam

string

Intf ip managed by fortiipam.

Choices:

  • "disable"

  • "enable"

  • "inherit-global"

_intf_listen_forticlient_connection

string

Intf listen forticlient connection.

Choices:

  • "disable"

  • "enable"

_intf_managed_subnetwork_size

string

Intf managed subnetwork size.

Choices:

  • "32"

  • "64"

  • "128"

  • "256"

  • "512"

  • "1024"

  • "2048"

  • "4096"

  • "8192"

  • "16384"

  • "32768"

  • "65536"

_is_factory_setting

string

Is factory setting.

Choices:

  • "disable"

  • "enable"

  • "ext"

access_control_list

string

Access-control-list profile name.

acct_interim_interval

integer

WiFi RADIUS accounting interim interval

additional_akms

list / elements=string

Additional AKMs.

Choices:

  • "akm6"

  • "akm24"

address_group

string

Address group ID.

address_group_policy

string

Configure MAC address filtering policy for MAC addresses that are in the address-group.

Choices:

  • "disable"

  • "allow"

  • "deny"

akm24_only

string

WPA3 SAE using group-dependent hash only

Choices:

  • "disable"

  • "enable"

alias

string

Alias.

antivirus_profile

string

AntiVirus profile name.

application_detection_engine

string

Enable/disable application detection engine

Choices:

  • "disable"

  • "enable"

application_dscp_marking

string

Enable/disable application attribute based DSCP marking

Choices:

  • "disable"

  • "enable"

application_list

string

Application control list name.

application_report_intv

integer

Application report interval

atf_weight

integer

Airtime weight in percentage

auth

string

Authentication protocol.

Choices:

  • "PSK"

  • "psk"

  • "RADIUS"

  • "radius"

  • "usergroup"

auth_cert

string

HTTPS server certificate.

auth_portal_addr

string

Address of captive portal.

beacon_advertising

list / elements=string

Fortinet beacon advertising IE data

Choices:

  • "name"

  • "model"

  • "serial-number"

beacon_protection

string

Enable/disable beacon protection support

Choices:

  • "disable"

  • "enable"

broadcast_ssid

string

Enable/disable broadcasting the SSID

Choices:

  • "disable"

  • "enable"

broadcast_suppression

list / elements=string

Optional suppression of broadcast messages.

Choices:

  • "dhcp"

  • "arp"

  • "dhcp2"

  • "arp2"

  • "netbios-ns"

  • "netbios-ds"

  • "arp3"

  • "dhcp-up"

  • "dhcp-down"

  • "arp-known"

  • "arp-unknown"

  • "arp-reply"

  • "ipv6"

  • "dhcp-starvation"

  • "arp-poison"

  • "all-other-mc"

  • "all-other-bc"

  • "arp-proxy"

  • "dhcp-ucast"

bss_color_partial

string

Enable/disable 802.

Choices:

  • "disable"

  • "enable"

bstm_disassociation_imminent

string

Enable/disable forcing of disassociation after the BSTM request timer has been reached

Choices:

  • "disable"

  • "enable"

bstm_load_balancing_disassoc_timer

integer

Time interval for client to voluntarily leave AP before forcing a disassociation due to AP load-balancing

bstm_rssi_disassoc_timer

integer

Time interval for client to voluntarily leave AP before forcing a disassociation due to low RSSI

captive_portal

string

Enable/disable captive portal.

Choices:

  • "disable"

  • "enable"

captive_portal_ac_name

string

Local-bridging captive portal ac-name.

captive_portal_auth_timeout

integer

Hard timeout - AP will always clear the session after timeout regardless of traffic

captive_portal_fw_accounting

string

Enable/disable RADIUS accounting for captive portal firewall authentication session.

Choices:

  • "disable"

  • "enable"

captive_portal_macauth_radius_secret

any

(list) Secret key to access the macauth RADIUS server.

captive_portal_macauth_radius_server

string

Captive portal external RADIUS server domain name or IP address.

captive_portal_radius_secret

any

(list) Secret key to access the RADIUS server.

captive_portal_radius_server

string

Captive portal RADIUS server domain name or IP address.

captive_portal_session_timeout_interval

integer

Session timeout interval

d80211k

string

Enable/disable 802.

Choices:

  • "disable"

  • "enable"

d80211v

string

Enable/disable 802.

Choices:

  • "disable"

  • "enable"

dhcp_address_enforcement

string

Enable/disable DHCP address enforcement

Choices:

  • "disable"

  • "enable"

dhcp_lease_time

integer

DHCP lease time in seconds for NAT IP address.

dhcp_option43_insertion

string

Enable/disable insertion of DHCP option 43

Choices:

  • "disable"

  • "enable"

dhcp_option82_circuit_id_insertion

string

Enable/disable DHCP option 82 circuit-id insert

Choices:

  • "disable"

  • "style-1"

  • "style-2"

  • "style-3"

dhcp_option82_insertion

string

Enable/disable DHCP option 82 insert

Choices:

  • "disable"

  • "enable"

dhcp_option82_remote_id_insertion

string

Enable/disable DHCP option 82 remote-id insert

Choices:

  • "disable"

  • "style-1"

domain_name_stripping

string

Enable/disable stripping domain name from identity

Choices:

  • "disable"

  • "enable"

dynamic_mapping

list / elements=dictionary

Dynamic mapping.

_centmgmt

string

Centmgmt.

Choices:

  • "disable"

  • "enable"

_dhcp_svr_id

string

Dhcp svr id.

_intf_allowaccess

list / elements=string

Intf allowaccess.

Choices:

  • "https"

  • "ping"

  • "ssh"

  • "snmp"

  • "http"

  • "telnet"

  • "fgfm"

  • "auto-ipsec"

  • "radius-acct"

  • "probe-response"

  • "capwap"

  • "dnp"

  • "ftm"

  • "fabric"

  • "speed-test"

_intf_device_access_list

string

Intf device access list.

_intf_device_identification

string

Intf device identification.

Choices:

  • "disable"

  • "enable"

_intf_device_netscan

string

Intf device netscan.

Choices:

  • "disable"

  • "enable"

_intf_dhcp6_relay_ip

string

Intf dhcp6 relay ip.

_intf_dhcp6_relay_service

string

Intf dhcp6 relay service.

Choices:

  • "disable"

  • "enable"

_intf_dhcp6_relay_type

string

Intf dhcp6 relay type.

Choices:

  • "regular"

_intf_dhcp_relay_ip

any

(list) Intf dhcp relay ip.

_intf_dhcp_relay_service

string

Intf dhcp relay service.

Choices:

  • "disable"

  • "enable"

_intf_dhcp_relay_type

string

Intf dhcp relay type.

Choices:

  • "regular"

  • "ipsec"

_intf_ip

string

Intf ip.

_intf_ip6_address

string

Intf ip6 address.

_intf_ip6_allowaccess

list / elements=string

Intf ip6 allowaccess.

Choices:

  • "https"

  • "ping"

  • "ssh"

  • "snmp"

  • "http"

  • "telnet"

  • "any"

  • "fgfm"

  • "capwap"

_intf_ip_managed_by_fortiipam

string

Intf ip managed by fortiipam.

Choices:

  • "disable"

  • "enable"

  • "inherit-global"

_intf_listen_forticlient_connection

string

Intf listen forticlient connection.

Choices:

  • "disable"

  • "enable"

_intf_managed_subnetwork_size

string

Intf managed subnetwork size.

Choices:

  • "32"

  • "64"

  • "128"

  • "256"

  • "512"

  • "1024"

  • "2048"

  • "4096"

  • "8192"

  • "16384"

  • "32768"

  • "65536"

_is_factory_setting

string

Is factory setting.

Choices:

  • "disable"

  • "enable"

  • "ext"

_scope

list / elements=dictionary

Scope.

name

string

Name.

vdom

string

Vdom.

access_control_list

string

Access control list.

acct_interim_interval

integer

Acct interim interval.

additional_akms

list / elements=string

Additional AKMs.

Choices:

  • "akm6"

  • "akm24"

address_group

string

Address group.

address_group_policy

string

Configure MAC address filtering policy for MAC addresses that are in the address-group.

Choices:

  • "disable"

  • "allow"

  • "deny"

akm24_only

string

WPA3 SAE using group-dependent hash only

Choices:

  • "disable"

  • "enable"

alias

string

Alias.

antivirus_profile

string

AntiVirus profile name.

application_detection_engine

string

Enable/disable application detection engine

Choices:

  • "disable"

  • "enable"

application_dscp_marking

string

Enable/disable application attribute based DSCP marking

Choices:

  • "disable"

  • "enable"

application_list

string

Application control list name.

application_report_intv

integer

Application report interval

atf_weight

integer

Atf weight.

auth

string

Auth.

Choices:

  • "PSK"

  • "psk"

  • "RADIUS"

  • "radius"

  • "usergroup"

auth_cert

string

HTTPS server certificate.

auth_portal_addr

string

Address of captive portal.

beacon_advertising

list / elements=string

Fortinet beacon advertising IE data

Choices:

  • "name"

  • "model"

  • "serial-number"

beacon_protection

string

Enable/disable beacon protection support

Choices:

  • "disable"

  • "enable"

broadcast_ssid

string

Broadcast ssid.

Choices:

  • "disable"

  • "enable"

broadcast_suppression

list / elements=string

Broadcast suppression.

Choices:

  • "dhcp"

  • "arp"

  • "dhcp2"

  • "arp2"

  • "netbios-ns"

  • "netbios-ds"

  • "arp3"

  • "dhcp-up"

  • "dhcp-down"

  • "arp-known"

  • "arp-unknown"

  • "arp-reply"

  • "ipv6"

  • "dhcp-starvation"

  • "arp-poison"

  • "all-other-mc"

  • "all-other-bc"

  • "arp-proxy"

  • "dhcp-ucast"

bss_color_partial

string

Bss color partial.

Choices:

  • "disable"

  • "enable"

bstm_disassociation_imminent

string

Enable/disable forcing of disassociation after the BSTM request timer has been reached

Choices:

  • "disable"

  • "enable"

bstm_load_balancing_disassoc_timer

integer

Time interval for client to voluntarily leave AP before forcing a disassociation due to AP load-balancing

bstm_rssi_disassoc_timer

integer

Time interval for client to voluntarily leave AP before forcing a disassociation due to low RSSI

captive_portal

string

Enable/disable captive portal.

Choices:

  • "disable"

  • "enable"

captive_portal_ac_name

string

Captive portal ac name.

captive_portal_auth_timeout

integer

Captive portal auth timeout.

captive_portal_fw_accounting

string

Enable/disable RADIUS accounting for captive portal firewall authentication session.

Choices:

  • "disable"

  • "enable"

captive_portal_macauth_radius_secret

any

(list) Captive portal macauth radius secret.

captive_portal_macauth_radius_server

string

Captive portal macauth radius server.

captive_portal_radius_secret

any

(list) Captive portal radius secret.

captive_portal_radius_server

string

Captive portal radius server.

captive_portal_session_timeout_interval

integer

Captive portal session timeout interval.

client_count

integer

Client count.

d80211k

string

Enable/disable 802.

Choices:

  • "disable"

  • "enable"

d80211v

string

Enable/disable 802.

Choices:

  • "disable"

  • "enable"

dhcp_address_enforcement

string

Enable/disable DHCP address enforcement

Choices:

  • "disable"

  • "enable"

dhcp_lease_time

integer

Dhcp lease time.

dhcp_option43_insertion

string

Dhcp option43 insertion.

Choices:

  • "disable"

  • "enable"

dhcp_option82_circuit_id_insertion

string

Dhcp option82 circuit id insertion.

Choices:

  • "disable"

  • "style-1"

  • "style-2"

  • "style-3"

dhcp_option82_insertion

string

Dhcp option82 insertion.

Choices:

  • "disable"

  • "enable"

dhcp_option82_remote_id_insertion

string

Dhcp option82 remote id insertion.

Choices:

  • "disable"

  • "style-1"

domain_name_stripping

string

Enable/disable stripping domain name from identity

Choices:

  • "disable"

  • "enable"

dynamic_vlan

string

Dynamic vlan.

Choices:

  • "disable"

  • "enable"

eap_reauth

string

Eap reauth.

Choices:

  • "disable"

  • "enable"

eap_reauth_intv

integer

Eap reauth intv.

eapol_key_retries

string

Eapol key retries.

Choices:

  • "disable"

  • "enable"

encrypt

string

Encrypt.

Choices:

  • "TKIP"

  • "AES"

  • "TKIP-AES"

external_fast_roaming

string

External fast roaming.

Choices:

  • "disable"

  • "enable"

external_logout

string

External logout.

external_web

string

External web.

external_web_format

string

External web format.

Choices:

  • "auto-detect"

  • "no-query-string"

  • "partial-query-string"

fast_bss_transition

string

Fast bss transition.

Choices:

  • "disable"

  • "enable"

fast_roaming

string

Fast roaming.

Choices:

  • "disable"

  • "enable"

ft_mobility_domain

integer

Ft mobility domain.

ft_over_ds

string

Ft over ds.

Choices:

  • "disable"

  • "enable"

ft_r0_key_lifetime

integer

Ft r0 key lifetime.

gas_comeback_delay

integer

GAS comeback delay

gas_fragmentation_limit

integer

GAS fragmentation limit

gtk_rekey

string

Gtk rekey.

Choices:

  • "disable"

  • "enable"

gtk_rekey_intv

integer

Gtk rekey intv.

high_efficiency

string

High efficiency.

Choices:

  • "disable"

  • "enable"

hotspot20_profile

string

Hotspot20 profile.

igmp_snooping

string

Enable/disable IGMP snooping.

Choices:

  • "disable"

  • "enable"

intra_vap_privacy

string

Intra vap privacy.

Choices:

  • "disable"

  • "enable"

ip

string

Ip.

ips_sensor

string

IPS sensor name.

ipv6_rules

list / elements=string

Ipv6 rules.

Choices:

  • "drop-icmp6ra"

  • "drop-icmp6rs"

  • "drop-llmnr6"

  • "drop-icmp6mld2"

  • "drop-dhcp6s"

  • "drop-dhcp6c"

  • "ndp-proxy"

  • "drop-ns-dad"

  • "drop-ns-nondad"

key

any

(list) Key.

keyindex

integer

Keyindex.

l3_roaming

string

Enable/disable layer 3 roaming

Choices:

  • "disable"

  • "enable"

l3_roaming_mode

string

Select the way that layer 3 roaming traffic is passed

Choices:

  • "direct"

  • "indirect"

ldpc

string

Ldpc.

Choices:

  • "disable"

  • "tx"

  • "rx"

  • "rxtx"

local_authentication

string

Local authentication.

Choices:

  • "disable"

  • "enable"

local_bridging

string

Local bridging.

Choices:

  • "disable"

  • "enable"

local_lan

string

Local lan.

Choices:

  • "deny"

  • "allow"

local_lan_partition

string

Enable/disable segregating client traffic to local LAN side

Choices:

  • "disable"

  • "enable"

local_standalone

string

Local standalone.

Choices:

  • "disable"

  • "enable"

local_standalone_dns

string

Enable/disable AP local standalone DNS.

Choices:

  • "disable"

  • "enable"

local_standalone_dns_ip

any

(list) IPv4 addresses for the local standalone DNS.

local_standalone_nat

string

Local standalone nat.

Choices:

  • "disable"

  • "enable"

local_switching

string

Local switching.

Choices:

  • "disable"

  • "enable"

mac_auth_bypass

string

Mac auth bypass.

Choices:

  • "disable"

  • "enable"

mac_called_station_delimiter

string

MAC called station delimiter

Choices:

  • "hyphen"

  • "single-hyphen"

  • "colon"

  • "none"

mac_calling_station_delimiter

string

MAC calling station delimiter

Choices:

  • "hyphen"

  • "single-hyphen"

  • "colon"

  • "none"

mac_case

string

MAC case

Choices:

  • "uppercase"

  • "lowercase"

mac_filter

string

Mac filter.

Choices:

  • "disable"

  • "enable"

mac_filter_policy_other

string

Mac filter policy other.

Choices:

  • "deny"

  • "allow"

mac_password_delimiter

string

MAC authentication password delimiter

Choices:

  • "hyphen"

  • "single-hyphen"

  • "colon"

  • "none"

mac_username_delimiter

string

MAC authentication username delimiter

Choices:

  • "hyphen"

  • "single-hyphen"

  • "colon"

  • "none"

max_clients

integer

Max clients.

max_clients_ap

integer

Max clients ap.

mbo

string

Enable/disable Multiband Operation

Choices:

  • "disable"

  • "enable"

mbo_cell_data_conn_pref

string

MBO cell data connection preference

Choices:

  • "excluded"

  • "prefer-not"

  • "prefer-use"

me_disable_thresh

integer

Me disable thresh.

mesh_backhaul

string

Mesh backhaul.

Choices:

  • "disable"

  • "enable"

mpsk

string

Mpsk.

Choices:

  • "disable"

  • "enable"

mpsk_concurrent_clients

integer

Mpsk concurrent clients.

mpsk_profile

string

Mpsk profile.

mu_mimo

string

Mu mimo.

Choices:

  • "disable"

  • "enable"

multicast_enhance

string

Multicast enhance.

Choices:

  • "disable"

  • "enable"

multicast_rate

string

Multicast rate.

Choices:

  • "0"

  • "6000"

  • "12000"

  • "24000"

nac

string

Enable/disable network access control.

Choices:

  • "disable"

  • "enable"

nac_profile

string

NAC profile name.

nas_filter_rule

string

Enable/disable NAS filter rule support

Choices:

  • "disable"

  • "enable"

neighbor_report_dual_band

string

Enable/disable dual-band neighbor report

Choices:

  • "disable"

  • "enable"

okc

string

Okc.

Choices:

  • "disable"

  • "enable"

osen

string

Enable/disable OSEN as part of key management

Choices:

  • "disable"

  • "enable"

owe_groups

list / elements=string

Owe groups.

Choices:

  • "19"

  • "20"

  • "21"

owe_transition

string

Owe transition.

Choices:

  • "disable"

  • "enable"

owe_transition_ssid

string

Owe transition ssid.

passphrase

any

(list) Passphrase.

pmf

string

Pmf.

Choices:

  • "disable"

  • "enable"

  • "optional"

pmf_assoc_comeback_timeout

integer

Pmf assoc comeback timeout.

pmf_sa_query_retry_timeout

integer

Pmf sa query retry timeout.

port_macauth

string

Enable/disable LAN port MAC authentication

Choices:

  • "disable"

  • "radius"

  • "address-group"

port_macauth_reauth_timeout

integer

LAN port MAC authentication re-authentication timeout value

port_macauth_timeout

integer

LAN port MAC authentication idle timeout value

portal_message_override_group

string

Portal message override group.

portal_type

string

Portal type.

Choices:

  • "auth"

  • "auth+disclaimer"

  • "disclaimer"

  • "email-collect"

  • "cmcc"

  • "cmcc-macauth"

  • "auth-mac"

  • "external-auth"

  • "external-macauth"

primary_wag_profile

string

Primary wag profile.

probe_resp_suppression

string

Probe resp suppression.

Choices:

  • "disable"

  • "enable"

probe_resp_threshold

string

Probe resp threshold.

ptk_rekey

string

Ptk rekey.

Choices:

  • "disable"

  • "enable"

ptk_rekey_intv

integer

Ptk rekey intv.

qos_profile

string

Qos profile.

quarantine

string

Quarantine.

Choices:

  • "disable"

  • "enable"

radio_2g_threshold

string

Radio 2g threshold.

radio_5g_threshold

string

Radio 5g threshold.

radio_sensitivity

string

Radio sensitivity.

Choices:

  • "disable"

  • "enable"

radius_mac_auth

string

Radius mac auth.

Choices:

  • "disable"

  • "enable"

radius_mac_auth_block_interval

integer

Dont send RADIUS MAC auth request again if the client has been rejected within specific interval

radius_mac_auth_server

string

Radius mac auth server.

radius_mac_auth_usergroups

any

(list) Radius mac auth usergroups.

radius_mac_mpsk_auth

string

Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication

Choices:

  • "disable"

  • "enable"

radius_mac_mpsk_timeout

integer

RADIUS MAC MPSK cache timeout interval

radius_server

string

Radius server.

rates_11a

list / elements=string

Rates 11a.

Choices:

  • "1"

  • "1-basic"

  • "2"

  • "2-basic"

  • "5.5"

  • "5.5-basic"

  • "6"

  • "6-basic"

  • "9"

  • "9-basic"

  • "12"

  • "12-basic"

  • "18"

  • "18-basic"

  • "24"

  • "24-basic"

  • "36"

  • "36-basic"

  • "48"

  • "48-basic"

  • "54"

  • "54-basic"

  • "11"

  • "11-basic"

rates_11ac_mcs_map

string

Comma separated list of max supported VHT MCS for spatial streams 1 through 8.

rates_11ac_ss12

list / elements=string

Rates 11ac ss12.

Choices:

  • "mcs0/1"

  • "mcs1/1"

  • "mcs2/1"

  • "mcs3/1"

  • "mcs4/1"

  • "mcs5/1"

  • "mcs6/1"

  • "mcs7/1"

  • "mcs8/1"

  • "mcs9/1"

  • "mcs0/2"

  • "mcs1/2"

  • "mcs2/2"

  • "mcs3/2"

  • "mcs4/2"

  • "mcs5/2"

  • "mcs6/2"

  • "mcs7/2"

  • "mcs8/2"

  • "mcs9/2"

  • "mcs10/1"

  • "mcs11/1"

  • "mcs10/2"

  • "mcs11/2"

rates_11ac_ss34

list / elements=string

Rates 11ac ss34.

Choices:

  • "mcs0/3"

  • "mcs1/3"

  • "mcs2/3"

  • "mcs3/3"

  • "mcs4/3"

  • "mcs5/3"

  • "mcs6/3"

  • "mcs7/3"

  • "mcs8/3"

  • "mcs9/3"

  • "mcs0/4"

  • "mcs1/4"

  • "mcs2/4"

  • "mcs3/4"

  • "mcs4/4"

  • "mcs5/4"

  • "mcs6/4"

  • "mcs7/4"

  • "mcs8/4"

  • "mcs9/4"

  • "mcs10/3"

  • "mcs11/3"

  • "mcs10/4"

  • "mcs11/4"

rates_11ax_mcs_map

string

Comma separated list of max supported HE MCS for spatial streams 1 through 8.

rates_11ax_ss12

list / elements=string

Allowed data rates for 802.

Choices:

  • "mcs0/1"

  • "mcs1/1"

  • "mcs2/1"

  • "mcs3/1"

  • "mcs4/1"

  • "mcs5/1"

  • "mcs6/1"

  • "mcs7/1"

  • "mcs8/1"

  • "mcs9/1"

  • "mcs10/1"

  • "mcs11/1"

  • "mcs0/2"

  • "mcs1/2"

  • "mcs2/2"

  • "mcs3/2"

  • "mcs4/2"

  • "mcs5/2"

  • "mcs6/2"

  • "mcs7/2"

  • "mcs8/2"

  • "mcs9/2"

  • "mcs10/2"

  • "mcs11/2"

rates_11ax_ss34

list / elements=string

Allowed data rates for 802.

Choices:

  • "mcs0/3"

  • "mcs1/3"

  • "mcs2/3"

  • "mcs3/3"

  • "mcs4/3"

  • "mcs5/3"

  • "mcs6/3"

  • "mcs7/3"

  • "mcs8/3"

  • "mcs9/3"

  • "mcs10/3"

  • "mcs11/3"

  • "mcs0/4"

  • "mcs1/4"

  • "mcs2/4"

  • "mcs3/4"

  • "mcs4/4"

  • "mcs5/4"

  • "mcs6/4"

  • "mcs7/4"

  • "mcs8/4"

  • "mcs9/4"

  • "mcs10/4"

  • "mcs11/4"

rates_11be_mcs_map

string

Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 20MHz/40MHz/80MHz bandwidth.

rates_11be_mcs_map_160

string

Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 160MHz bandwidth.

rates_11be_mcs_map_320

string

Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 320MHz bandwidth.

rates_11bg

list / elements=string

Rates 11bg.

Choices:

  • "1"

  • "1-basic"

  • "2"

  • "2-basic"

  • "5.5"

  • "5.5-basic"

  • "6"

  • "6-basic"

  • "9"

  • "9-basic"

  • "12"

  • "12-basic"

  • "18"

  • "18-basic"

  • "24"

  • "24-basic"

  • "36"

  • "36-basic"

  • "48"

  • "48-basic"

  • "54"

  • "54-basic"

  • "11"

  • "11-basic"

rates_11n_ss12

list / elements=string

Rates 11n ss12.

Choices:

  • "mcs0/1"

  • "mcs1/1"

  • "mcs2/1"

  • "mcs3/1"

  • "mcs4/1"

  • "mcs5/1"

  • "mcs6/1"

  • "mcs7/1"

  • "mcs8/2"

  • "mcs9/2"

  • "mcs10/2"

  • "mcs11/2"

  • "mcs12/2"

  • "mcs13/2"

  • "mcs14/2"

  • "mcs15/2"

rates_11n_ss34

list / elements=string

Rates 11n ss34.

Choices:

  • "mcs16/3"

  • "mcs17/3"

  • "mcs18/3"

  • "mcs19/3"

  • "mcs20/3"

  • "mcs21/3"

  • "mcs22/3"

  • "mcs23/3"

  • "mcs24/4"

  • "mcs25/4"

  • "mcs26/4"

  • "mcs27/4"

  • "mcs28/4"

  • "mcs29/4"

  • "mcs30/4"

  • "mcs31/4"

roaming_acct_interim_update

string

Enable/disable using accounting interim update instead of accounting start/stop on roaming for WPA-Enterprise secu…

Choices:

  • "disable"

  • "enable"

sae_groups

list / elements=string

Sae groups.

Choices:

  • "1"

  • "2"

  • "5"

  • "14"

  • "15"

  • "16"

  • "17"

  • "18"

  • "19"

  • "20"

  • "21"

  • "27"

  • "28"

  • "29"

  • "30"

  • "31"

sae_h2e_only

string

Use hash-to-element-only mechanism for PWE derivation

Choices:

  • "disable"

  • "enable"

sae_hnp_only

string

Use hunting-and-pecking-only mechanism for PWE derivation

Choices:

  • "disable"

  • "enable"

sae_password

any

(list) Sae password.

sae_pk

string

Enable/disable WPA3 SAE-PK

Choices:

  • "disable"

  • "enable"

sae_private_key

string

Private key used for WPA3 SAE-PK authentication.

scan_botnet_connections

string

Block or monitor connections to Botnet servers or disable Botnet scanning.

Choices:

  • "disable"

  • "block"

  • "monitor"

schedule

any

(list or str) Schedule.

secondary_wag_profile

string

Secondary wag profile.

security

string

Security.

Choices:

  • "None"

  • "WEP64"

  • "wep64"

  • "WEP128"

  • "wep128"

  • "WPA_PSK"

  • "WPA_RADIUS"

  • "WPA"

  • "WPA2"

  • "WPA2_AUTO"

  • "open"

  • "wpa-personal"

  • "wpa-enterprise"

  • "captive-portal"

  • "wpa-only-personal"

  • "wpa-only-enterprise"

  • "wpa2-only-personal"

  • "wpa2-only-enterprise"

  • "wpa-personal+captive-portal"

  • "wpa-only-personal+captive-portal"

  • "wpa2-only-personal+captive-portal"

  • "osen"

  • "wpa3-enterprise"

  • "sae"

  • "sae-transition"

  • "owe"

  • "wpa3-sae"

  • "wpa3-sae-transition"

  • "wpa3-only-enterprise"

  • "wpa3-enterprise-transition"

security_exempt_list

string

Security exempt list.

security_obsolete_option

string

Security obsolete option.

Choices:

  • "disable"

  • "enable"

security_redirect_url

string

Security redirect url.

selected_usergroups

any

(list or str) Selected usergroups.

split_tunneling

string

Split tunneling.

Choices:

  • "disable"

  • "enable"

ssid

string

Ssid.

sticky_client_remove

string

Sticky client remove.

Choices:

  • "disable"

  • "enable"

sticky_client_threshold_2g

string

Sticky client threshold 2g.

sticky_client_threshold_5g

string

Sticky client threshold 5g.

sticky_client_threshold_6g

string

Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP

target_wake_time

string

Target wake time.

Choices:

  • "disable"

  • "enable"

tkip_counter_measure

string

Tkip counter measure.

Choices:

  • "disable"

  • "enable"

tunnel_echo_interval

integer

Tunnel echo interval.

tunnel_fallback_interval

integer

Tunnel fallback interval.

usergroup

any

(list or str) Usergroup.

utm_log

string

Enable/disable UTM logging.

Choices:

  • "disable"

  • "enable"

utm_profile

string

Utm profile.

utm_status

string

Enable to add one or more security profiles

Choices:

  • "disable"

  • "enable"

vdom

any

(list or str) Vdom.

vlan_auto

string

Vlan auto.

Choices:

  • "disable"

  • "enable"

vlan_pooling

string

Vlan pooling.

Choices:

  • "wtp-group"

  • "round-robin"

  • "hash"

  • "disable"

vlanid

integer

Vlanid.

voice_enterprise

string

Voice enterprise.

Choices:

  • "disable"

  • "enable"

webfilter_profile

string

WebFilter profile name.

dynamic_vlan

string

Enable/disable dynamic VLAN assignment.

Choices:

  • "disable"

  • "enable"

eap_reauth

string

Enable/disable EAP re-authentication for WPA-Enterprise security.

Choices:

  • "disable"

  • "enable"

eap_reauth_intv

integer

EAP re-authentication interval

eapol_key_retries

string

Enable/disable retransmission of EAPOL-Key frames

Choices:

  • "disable"

  • "enable"

encrypt

string

Encryption protocol to use

Choices:

  • "TKIP"

  • "AES"

  • "TKIP-AES"

external_fast_roaming

string

Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate

Choices:

  • "disable"

  • "enable"

external_logout

string

URL of external authentication logout server.

external_web

string

URL of external authentication web server.

external_web_format

string

URL query parameter detection

Choices:

  • "auto-detect"

  • "no-query-string"

  • "partial-query-string"

fast_bss_transition

string

Enable/disable 802.

Choices:

  • "disable"

  • "enable"

fast_roaming

string

Enable/disable fast-roaming, or pre-authentication, where supported by clients

Choices:

  • "disable"

  • "enable"

ft_mobility_domain

integer

Mobility domain identifier in FT

ft_over_ds

string

Enable/disable FT over the Distribution System

Choices:

  • "disable"

  • "enable"

ft_r0_key_lifetime

integer

Lifetime of the PMK-R0 key in FT, 1-65535 minutes.

gas_comeback_delay

integer

GAS comeback delay

gas_fragmentation_limit

integer

GAS fragmentation limit

gtk_rekey

string

Enable/disable GTK rekey for WPA security.

Choices:

  • "disable"

  • "enable"

gtk_rekey_intv

integer

GTK rekey interval

high_efficiency

string

Enable/disable 802.

Choices:

  • "disable"

  • "enable"

hotspot20_profile

string

Hotspot 2.

igmp_snooping

string

Enable/disable IGMP snooping.

Choices:

  • "disable"

  • "enable"

intra_vap_privacy

string

Enable/disable blocking communication between clients on the same SSID

Choices:

  • "disable"

  • "enable"

ip

string

IP address and subnet mask for the local standalone NAT subnet.

ips_sensor

string

IPS sensor name.

ipv6_rules

list / elements=string

Optional rules of IPv6 packets.

Choices:

  • "drop-icmp6ra"

  • "drop-icmp6rs"

  • "drop-llmnr6"

  • "drop-icmp6mld2"

  • "drop-dhcp6s"

  • "drop-dhcp6c"

  • "ndp-proxy"

  • "drop-ns-dad"

  • "drop-ns-nondad"

key

any

(list) WEP Key.

keyindex

integer

WEP key index

l3_roaming

string

Enable/disable layer 3 roaming

Choices:

  • "disable"

  • "enable"

l3_roaming_mode

string

Select the way that layer 3 roaming traffic is passed

Choices:

  • "direct"

  • "indirect"

ldpc

string

VAP low-density parity-check

Choices:

  • "disable"

  • "tx"

  • "rx"

  • "rxtx"

local_authentication

string

Enable/disable AP local authentication.

Choices:

  • "disable"

  • "enable"

local_bridging

string

Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP

Choices:

  • "disable"

  • "enable"

local_lan

string

Allow/deny traffic destined for a Class A, B, or C private IP address

Choices:

  • "deny"

  • "allow"

local_lan_partition

string

Enable/disable segregating client traffic to local LAN side

Choices:

  • "disable"

  • "enable"

local_standalone

string

Enable/disable AP local standalone

Choices:

  • "disable"

  • "enable"

local_standalone_dns

string

Enable/disable AP local standalone DNS.

Choices:

  • "disable"

  • "enable"

local_standalone_dns_ip

any

(list) IPv4 addresses for the local standalone DNS.

local_standalone_nat

string

Enable/disable AP local standalone NAT mode.

Choices:

  • "disable"

  • "enable"

mac_auth_bypass

string

Enable/disable MAC authentication bypass.

Choices:

  • "disable"

  • "enable"

mac_called_station_delimiter

string

MAC called station delimiter

Choices:

  • "hyphen"

  • "single-hyphen"

  • "colon"

  • "none"

mac_calling_station_delimiter

string

MAC calling station delimiter

Choices:

  • "hyphen"

  • "single-hyphen"

  • "colon"

  • "none"

mac_case

string

MAC case

Choices:

  • "uppercase"

  • "lowercase"

mac_filter

string

Enable/disable MAC filtering to block wireless clients by mac address.

Choices:

  • "disable"

  • "enable"

mac_filter_list

list / elements=dictionary

Mac filter list.

id

integer

ID.

mac

string

MAC address.

mac_filter_policy

string

Deny or allow the client with this MAC address.

Choices:

  • "deny"

  • "allow"

mac_filter_policy_other

string

Allow or block clients with MAC addresses that are not in the filter list.

Choices:

  • "deny"

  • "allow"

mac_password_delimiter

string

MAC authentication password delimiter

Choices:

  • "hyphen"

  • "single-hyphen"

  • "colon"

  • "none"

mac_username_delimiter

string

MAC authentication username delimiter

Choices:

  • "hyphen"

  • "single-hyphen"

  • "colon"

  • "none"

max_clients

integer

Maximum number of clients that can connect simultaneously to the VAP

max_clients_ap

integer

Maximum number of clients that can connect simultaneously to each radio

mbo

string

Enable/disable Multiband Operation

Choices:

  • "disable"

  • "enable"

mbo_cell_data_conn_pref

string

MBO cell data connection preference

Choices:

  • "excluded"

  • "prefer-not"

  • "prefer-use"

me_disable_thresh

integer

Disable multicast enhancement when this many clients are receiving multicast traffic.

mesh_backhaul

string

Enable/disable using this VAP as a WiFi mesh backhaul

Choices:

  • "disable"

  • "enable"

mpsk

string

Enable/disable multiple pre-shared keys

Choices:

  • "disable"

  • "enable"

mpsk_concurrent_clients

integer

Number of pre-shared keys

mpsk_key

list / elements=dictionary

Mpsk key.

comment

string

Comment.

concurrent_clients

string

Number of clients that can connect using this pre-shared key.

key_name

string

Pre-shared key name.

mpsk_schedules

any

(list or str) Firewall schedule for MPSK passphrase.

passphrase

any

(list) WPA Pre-shared key.

mpsk_profile

string

MPSK profile name.

mu_mimo

string

Enable/disable Multi-user MIMO

Choices:

  • "disable"

  • "enable"

multicast_enhance

string

Enable/disable converting multicast to unicast to improve performance

Choices:

  • "disable"

  • "enable"

multicast_rate

string

Multicast rate

Choices:

  • "0"

  • "6000"

  • "12000"

  • "24000"

nac

string

Enable/disable network access control.

Choices:

  • "disable"

  • "enable"

nac_profile

string

NAC profile name.

name

string / required

Virtual AP name.

nas_filter_rule

string

Enable/disable NAS filter rule support

Choices:

  • "disable"

  • "enable"

neighbor_report_dual_band

string

Enable/disable dual-band neighbor report

Choices:

  • "disable"

  • "enable"

okc

string

Enable/disable Opportunistic Key Caching

Choices:

  • "disable"

  • "enable"

osen

string

Enable/disable OSEN as part of key management

Choices:

  • "disable"

  • "enable"

owe_groups

list / elements=string

OWE-Groups.

Choices:

  • "19"

  • "20"

  • "21"

owe_transition

string

Enable/disable OWE transition mode support.

Choices:

  • "disable"

  • "enable"

owe_transition_ssid

string

OWE transition mode peer SSID.

passphrase

any

(list) WPA pre-shard key

pmf

string

Protected Management Frames

Choices:

  • "disable"

  • "enable"

  • "optional"

pmf_assoc_comeback_timeout

integer

Protected Management Frames

pmf_sa_query_retry_timeout

integer

Protected Management Frames

port_macauth

string

Enable/disable LAN port MAC authentication

Choices:

  • "disable"

  • "radius"

  • "address-group"

port_macauth_reauth_timeout

integer

LAN port MAC authentication re-authentication timeout value

port_macauth_timeout

integer

LAN port MAC authentication idle timeout value

portal_message_override_group

string

Replacement message group for this VAP

portal_message_overrides

dictionary

Portal message overrides.

auth_disclaimer_page

string

Override auth-disclaimer-page message with message from portal-message-overrides group.

auth_login_failed_page

string

Override auth-login-failed-page message with message from portal-message-overrides group.

auth_login_page

string

Override auth-login-page message with message from portal-message-overrides group.

auth_reject_page

string

Override auth-reject-page message with message from portal-message-overrides group.

portal_type

string

Captive portal functionality.

Choices:

  • "auth"

  • "auth+disclaimer"

  • "disclaimer"

  • "email-collect"

  • "cmcc"

  • "cmcc-macauth"

  • "auth-mac"

  • "external-auth"

  • "external-macauth"

primary_wag_profile

string

Primary wireless access gateway profile name.

probe_resp_suppression

string

Enable/disable probe response suppression

Choices:

  • "disable"

  • "enable"

probe_resp_threshold

string

Minimum signal level/threshold in dBm required for the AP response to probe requests

ptk_rekey

string

Enable/disable PTK rekey for WPA-Enterprise security.

Choices:

  • "disable"

  • "enable"

ptk_rekey_intv

integer

PTK rekey interval

qos_profile

string

Quality of service profile name.

quarantine

string

Enable/disable station quarantine

Choices:

  • "disable"

  • "enable"

radio_2g_threshold

string

Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2.

radio_5g_threshold

string

Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band

radio_sensitivity

string

Enable/disable software radio sensitivity

Choices:

  • "disable"

  • "enable"

radius_mac_auth

string

Enable/disable RADIUS-based MAC authentication of clients

Choices:

  • "disable"

  • "enable"

radius_mac_auth_block_interval

integer

Dont send RADIUS MAC auth request again if the client has been rejected within specific interval

radius_mac_auth_server

string

RADIUS-based MAC authentication server.

radius_mac_auth_usergroups

any

(list) Selective user groups that are permitted for RADIUS mac authentication.

radius_mac_mpsk_auth

string

Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication

Choices:

  • "disable"

  • "enable"

radius_mac_mpsk_timeout

integer

RADIUS MAC MPSK cache timeout interval

radius_server

string

RADIUS server to be used to authenticate WiFi users.

rates_11a

list / elements=string

Allowed data rates for 802.

Choices:

  • "1"

  • "1-basic"

  • "2"

  • "2-basic"

  • "5.5"

  • "5.5-basic"

  • "6"

  • "6-basic"

  • "9"

  • "9-basic"

  • "12"

  • "12-basic"

  • "18"

  • "18-basic"

  • "24"

  • "24-basic"

  • "36"

  • "36-basic"

  • "48"

  • "48-basic"

  • "54"

  • "54-basic"

  • "11"

  • "11-basic"

rates_11ac_mcs_map

string

Comma separated list of max supported VHT MCS for spatial streams 1 through 8.

rates_11ac_ss12

list / elements=string

Allowed data rates for 802.

Choices:

  • "mcs0/1"

  • "mcs1/1"

  • "mcs2/1"

  • "mcs3/1"

  • "mcs4/1"

  • "mcs5/1"

  • "mcs6/1"

  • "mcs7/1"

  • "mcs8/1"

  • "mcs9/1"

  • "mcs0/2"

  • "mcs1/2"

  • "mcs2/2"

  • "mcs3/2"

  • "mcs4/2"

  • "mcs5/2"

  • "mcs6/2"

  • "mcs7/2"

  • "mcs8/2"

  • "mcs9/2"

  • "mcs10/1"

  • "mcs11/1"

  • "mcs10/2"

  • "mcs11/2"

rates_11ac_ss34

list / elements=string

Allowed data rates for 802.

Choices:

  • "mcs0/3"

  • "mcs1/3"

  • "mcs2/3"

  • "mcs3/3"

  • "mcs4/3"

  • "mcs5/3"

  • "mcs6/3"

  • "mcs7/3"

  • "mcs8/3"

  • "mcs9/3"

  • "mcs0/4"

  • "mcs1/4"

  • "mcs2/4"

  • "mcs3/4"

  • "mcs4/4"

  • "mcs5/4"

  • "mcs6/4"

  • "mcs7/4"

  • "mcs8/4"

  • "mcs9/4"

  • "mcs10/3"

  • "mcs11/3"

  • "mcs10/4"

  • "mcs11/4"

rates_11ax_mcs_map

string

Comma separated list of max supported HE MCS for spatial streams 1 through 8.

rates_11ax_ss12

list / elements=string

Allowed data rates for 802.

Choices:

  • "mcs0/1"

  • "mcs1/1"

  • "mcs2/1"

  • "mcs3/1"

  • "mcs4/1"

  • "mcs5/1"

  • "mcs6/1"

  • "mcs7/1"

  • "mcs8/1"

  • "mcs9/1"

  • "mcs10/1"

  • "mcs11/1"

  • "mcs0/2"

  • "mcs1/2"

  • "mcs2/2"

  • "mcs3/2"

  • "mcs4/2"

  • "mcs5/2"

  • "mcs6/2"

  • "mcs7/2"

  • "mcs8/2"

  • "mcs9/2"

  • "mcs10/2"

  • "mcs11/2"

rates_11ax_ss34

list / elements=string

Allowed data rates for 802.

Choices:

  • "mcs0/3"

  • "mcs1/3"

  • "mcs2/3"

  • "mcs3/3"

  • "mcs4/3"

  • "mcs5/3"

  • "mcs6/3"

  • "mcs7/3"

  • "mcs8/3"

  • "mcs9/3"

  • "mcs10/3"

  • "mcs11/3"

  • "mcs0/4"

  • "mcs1/4"

  • "mcs2/4"

  • "mcs3/4"

  • "mcs4/4"

  • "mcs5/4"

  • "mcs6/4"

  • "mcs7/4"

  • "mcs8/4"

  • "mcs9/4"

  • "mcs10/4"

  • "mcs11/4"

rates_11be_mcs_map

string

Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 20MHz/40MHz/80MHz bandwidth.

rates_11be_mcs_map_160

string

Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 160MHz bandwidth.

rates_11be_mcs_map_320

string

Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 320MHz bandwidth.

rates_11bg

list / elements=string

Allowed data rates for 802.

Choices:

  • "1"

  • "1-basic"

  • "2"

  • "2-basic"

  • "5.5"

  • "5.5-basic"

  • "6"

  • "6-basic"

  • "9"

  • "9-basic"

  • "12"

  • "12-basic"

  • "18"

  • "18-basic"

  • "24"

  • "24-basic"

  • "36"

  • "36-basic"

  • "48"

  • "48-basic"

  • "54"

  • "54-basic"

  • "11"

  • "11-basic"

rates_11n_ss12

list / elements=string

Allowed data rates for 802.

Choices:

  • "mcs0/1"

  • "mcs1/1"

  • "mcs2/1"

  • "mcs3/1"

  • "mcs4/1"

  • "mcs5/1"

  • "mcs6/1"

  • "mcs7/1"

  • "mcs8/2"

  • "mcs9/2"

  • "mcs10/2"

  • "mcs11/2"

  • "mcs12/2"

  • "mcs13/2"

  • "mcs14/2"

  • "mcs15/2"

rates_11n_ss34

list / elements=string

Allowed data rates for 802.

Choices:

  • "mcs16/3"

  • "mcs17/3"

  • "mcs18/3"

  • "mcs19/3"

  • "mcs20/3"

  • "mcs21/3"

  • "mcs22/3"

  • "mcs23/3"

  • "mcs24/4"

  • "mcs25/4"

  • "mcs26/4"

  • "mcs27/4"

  • "mcs28/4"

  • "mcs29/4"

  • "mcs30/4"

  • "mcs31/4"

roaming_acct_interim_update

string

Enable/disable using accounting interim update instead of accounting start/stop on roaming for WPA-Enterprise security.

Choices:

  • "disable"

  • "enable"

sae_groups

list / elements=string

SAE-Groups.

Choices:

  • "1"

  • "2"

  • "5"

  • "14"

  • "15"

  • "16"

  • "17"

  • "18"

  • "19"

  • "20"

  • "21"

  • "27"

  • "28"

  • "29"

  • "30"

  • "31"

sae_h2e_only

string

Use hash-to-element-only mechanism for PWE derivation

Choices:

  • "disable"

  • "enable"

sae_hnp_only

string

Use hunting-and-pecking-only mechanism for PWE derivation

Choices:

  • "disable"

  • "enable"

sae_password

any

(list) WPA3 SAE password to be used to authenticate WiFi users.

sae_pk

string

Enable/disable WPA3 SAE-PK

Choices:

  • "disable"

  • "enable"

sae_private_key

string

Private key used for WPA3 SAE-PK authentication.

scan_botnet_connections

string

Block or monitor connections to Botnet servers or disable Botnet scanning.

Choices:

  • "disable"

  • "block"

  • "monitor"

schedule

any

(list or str) VAP schedule name.

secondary_wag_profile

string

Secondary wireless access gateway profile name.

security

string

Security mode for the wireless interface

Choices:

  • "None"

  • "WEP64"

  • "wep64"

  • "WEP128"

  • "wep128"

  • "WPA_PSK"

  • "WPA_RADIUS"

  • "WPA"

  • "WPA2"

  • "WPA2_AUTO"

  • "open"

  • "wpa-personal"

  • "wpa-enterprise"

  • "captive-portal"

  • "wpa-only-personal"

  • "wpa-only-enterprise"

  • "wpa2-only-personal"

  • "wpa2-only-enterprise"

  • "wpa-personal+captive-portal"

  • "wpa-only-personal+captive-portal"

  • "wpa2-only-personal+captive-portal"

  • "osen"

  • "wpa3-enterprise"

  • "sae"

  • "sae-transition"

  • "owe"

  • "wpa3-sae"

  • "wpa3-sae-transition"

  • "wpa3-only-enterprise"

  • "wpa3-enterprise-transition"

security_exempt_list

string

Optional security exempt list for captive portal authentication.

security_obsolete_option

string

Enable/disable obsolete security options.

Choices:

  • "disable"

  • "enable"

security_redirect_url

string

Optional URL for redirecting users after they pass captive portal authentication.

selected_usergroups

any

(list or str) Selective user groups that are permitted to authenticate.

split_tunneling

string

Enable/disable split tunneling

Choices:

  • "disable"

  • "enable"

ssid

string

IEEE 802.

sticky_client_remove

string

Enable/disable sticky client remove to maintain good signal level clients in SSID.

Choices:

  • "disable"

  • "enable"

sticky_client_threshold_2g

string

Minimum signal level/threshold in dBm required for the 2G client to be serviced by the AP

sticky_client_threshold_5g

string

Minimum signal level/threshold in dBm required for the 5G client to be serviced by the AP

sticky_client_threshold_6g

string

Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP

target_wake_time

string

Enable/disable 802.

Choices:

  • "disable"

  • "enable"

tkip_counter_measure

string

Enable/disable TKIP counter measure.

Choices:

  • "disable"

  • "enable"

tunnel_echo_interval

integer

The time interval to send echo to both primary and secondary tunnel peers

tunnel_fallback_interval

integer

The time interval for secondary tunnel to fall back to primary tunnel

usergroup

any

(list or str) Firewall user group to be used to authenticate WiFi users.

utm_log

string

Enable/disable UTM logging.

Choices:

  • "disable"

  • "enable"

utm_profile

string

UTM profile name.

utm_status

string

Enable to add one or more security profiles

Choices:

  • "disable"

  • "enable"

vdom

string

Name of the VDOM that the Virtual AP has been added to.

vlan_auto

string

Enable/disable automatic management of SSID VLAN interface.

Choices:

  • "disable"

  • "enable"

vlan_name

list / elements=dictionary

Vlan name.

name

string

VLAN name.

vlan_id

integer

VLAN ID.

vlan_pool

list / elements=dictionary

Vlan pool.

_wtp_group

string

Wtp group.

id

integer

ID.

wtp_group

string

WTP group name.

vlan_pooling

string

Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools

Choices:

  • "wtp-group"

  • "round-robin"

  • "hash"

  • "disable"

vlanid

integer

Optional VLAN ID.

voice_enterprise

string

Enable/disable 802.

Choices:

  • "disable"

  • "enable"

webfilter_profile

string

WebFilter profile name.

workspace_locking_adom

string

The adom to lock for FortiManager running in workspace mode, the value can be global and others including root.

workspace_locking_timeout

integer

The maximum time in seconds to wait for other user to release the workspace lock.

Default: 300

Notes

Note

  • Starting in version 2.4.0, all input arguments are named using the underscore naming convention (snake_case). Please change the arguments such as “var-name” to “var_name”. Old argument names are still available yet you will receive deprecation warnings. You can ignore this warning by setting deprecation_warnings=False in ansible.cfg.

  • Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.

  • To create or update an object, use state present directive.

  • To delete an object, use state absent directive.

  • Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded

Examples

- name: Example playbook (generated based on argument schema)
  hosts: fortimanagers
  connection: httpapi
  vars:
    ansible_httpapi_use_ssl: true
    ansible_httpapi_validate_certs: false
    ansible_httpapi_port: 443
  tasks:
    - name: Configure Virtual Access Points
      fortinet.fortimanager.fmgr_vap:
        # bypass_validation: false
        workspace_locking_adom: <value in [global, custom adom including root]>
        workspace_locking_timeout: 300
        # rc_succeeded: [0, -2, -3, ...]
        # rc_failed: [-2, -3, ...]
        adom: <your own value>
        state: present # <value in [present, absent]>
        vap:
          _centmgmt: <value in [disable, enable]>
          _dhcp_svr_id: <string>
          _intf_allowaccess:
            - "https"
            - "ping"
            - "ssh"
            - "snmp"
            - "http"
            - "telnet"
            - "fgfm"
            - "auto-ipsec"
            - "radius-acct"
            - "probe-response"
            - "capwap"
            - "dnp"
            - "ftm"
            - "fabric"
            - "speed-test"
          _intf_device_identification: <value in [disable, enable]>
          _intf_device_netscan: <value in [disable, enable]>
          _intf_dhcp_relay_ip: <list or string>
          _intf_dhcp_relay_service: <value in [disable, enable]>
          _intf_dhcp_relay_type: <value in [regular, ipsec]>
          _intf_dhcp6_relay_ip: <string>
          _intf_dhcp6_relay_service: <value in [disable, enable]>
          _intf_dhcp6_relay_type: <value in [regular]>
          _intf_ip: <string>
          _intf_ip6_address: <string>
          _intf_ip6_allowaccess:
            - "https"
            - "ping"
            - "ssh"
            - "snmp"
            - "http"
            - "telnet"
            - "any"
            - "fgfm"
            - "capwap"
          _intf_listen_forticlient_connection: <value in [disable, enable]>
          acct_interim_interval: <integer>
          alias: <string>
          auth: <value in [PSK, psk, RADIUS, ...]>
          broadcast_ssid: <value in [disable, enable]>
          broadcast_suppression:
            - "dhcp"
            - "arp"
            - "dhcp2"
            - "arp2"
            - "netbios-ns"
            - "netbios-ds"
            - "arp3"
            - "dhcp-up"
            - "dhcp-down"
            - "arp-known"
            - "arp-unknown"
            - "arp-reply"
            - "ipv6"
            - "dhcp-starvation"
            - "arp-poison"
            - "all-other-mc"
            - "all-other-bc"
            - "arp-proxy"
            - "dhcp-ucast"
          captive_portal_ac_name: <string>
          captive_portal_macauth_radius_secret: <list or string>
          captive_portal_macauth_radius_server: <string>
          captive_portal_radius_secret: <list or string>
          captive_portal_radius_server: <string>
          captive_portal_session_timeout_interval: <integer>
          dhcp_lease_time: <integer>
          dhcp_option82_circuit_id_insertion: <value in [disable, style-1, style-2, ...]>
          dhcp_option82_insertion: <value in [disable, enable]>
          dhcp_option82_remote_id_insertion: <value in [disable, style-1]>
          dynamic_vlan: <value in [disable, enable]>
          dynamic_mapping:
            -
              _centmgmt: <value in [disable, enable]>
              _dhcp_svr_id: <string>
              _intf_allowaccess:
                - "https"
                - "ping"
                - "ssh"
                - "snmp"
                - "http"
                - "telnet"
                - "fgfm"
                - "auto-ipsec"
                - "radius-acct"
                - "probe-response"
                - "capwap"
                - "dnp"
                - "ftm"
                - "fabric"
                - "speed-test"
              _intf_device_identification: <value in [disable, enable]>
              _intf_device_netscan: <value in [disable, enable]>
              _intf_dhcp_relay_ip: <list or string>
              _intf_dhcp_relay_service: <value in [disable, enable]>
              _intf_dhcp_relay_type: <value in [regular, ipsec]>
              _intf_dhcp6_relay_ip: <string>
              _intf_dhcp6_relay_service: <value in [disable, enable]>
              _intf_dhcp6_relay_type: <value in [regular]>
              _intf_ip: <string>
              _intf_ip6_address: <string>
              _intf_ip6_allowaccess:
                - "https"
                - "ping"
                - "ssh"
                - "snmp"
                - "http"
                - "telnet"
                - "any"
                - "fgfm"
                - "capwap"
              _intf_listen_forticlient_connection: <value in [disable, enable]>
              _scope:
                -
                  name: <string>
                  vdom: <string>
              acct_interim_interval: <integer>
              address_group: <string>
              alias: <string>
              atf_weight: <integer>
              auth: <value in [PSK, psk, RADIUS, ...]>
              broadcast_ssid: <value in [disable, enable]>
              broadcast_suppression:
                - "dhcp"
                - "arp"
                - "dhcp2"
                - "arp2"
                - "netbios-ns"
                - "netbios-ds"
                - "arp3"
                - "dhcp-up"
                - "dhcp-down"
                - "arp-known"
                - "arp-unknown"
                - "arp-reply"
                - "ipv6"
                - "dhcp-starvation"
                - "arp-poison"
                - "all-other-mc"
                - "all-other-bc"
                - "arp-proxy"
                - "dhcp-ucast"
              captive_portal_ac_name: <string>
              captive_portal_macauth_radius_secret: <list or string>
              captive_portal_macauth_radius_server: <string>
              captive_portal_radius_secret: <list or string>
              captive_portal_radius_server: <string>
              captive_portal_session_timeout_interval: <integer>
              client_count: <integer>
              dhcp_lease_time: <integer>
              dhcp_option82_circuit_id_insertion: <value in [disable, style-1, style-2, ...]>
              dhcp_option82_insertion: <value in [disable, enable]>
              dhcp_option82_remote_id_insertion: <value in [disable, style-1]>
              dynamic_vlan: <value in [disable, enable]>
              eap_reauth: <value in [disable, enable]>
              eap_reauth_intv: <integer>
              eapol_key_retries: <value in [disable, enable]>
              encrypt: <value in [TKIP, AES, TKIP-AES]>
              external_fast_roaming: <value in [disable, enable]>
              external_logout: <string>
              external_web: <string>
              fast_bss_transition: <value in [disable, enable]>
              fast_roaming: <value in [disable, enable]>
              ft_mobility_domain: <integer>
              ft_over_ds: <value in [disable, enable]>
              ft_r0_key_lifetime: <integer>
              gtk_rekey: <value in [disable, enable]>
              gtk_rekey_intv: <integer>
              hotspot20_profile: <string>
              intra_vap_privacy: <value in [disable, enable]>
              ip: <string>
              key: <list or string>
              keyindex: <integer>
              ldpc: <value in [disable, tx, rx, ...]>
              local_authentication: <value in [disable, enable]>
              local_bridging: <value in [disable, enable]>
              local_lan: <value in [deny, allow]>
              local_standalone: <value in [disable, enable]>
              local_standalone_nat: <value in [disable, enable]>
              local_switching: <value in [disable, enable]>
              mac_auth_bypass: <value in [disable, enable]>
              mac_filter: <value in [disable, enable]>
              mac_filter_policy_other: <value in [deny, allow]>
              max_clients: <integer>
              max_clients_ap: <integer>
              me_disable_thresh: <integer>
              mesh_backhaul: <value in [disable, enable]>
              mpsk: <value in [disable, enable]>
              mpsk_concurrent_clients: <integer>
              multicast_enhance: <value in [disable, enable]>
              multicast_rate: <value in [0, 6000, 12000, ...]>
              okc: <value in [disable, enable]>
              owe_groups:
                - "19"
                - "20"
                - "21"
              owe_transition: <value in [disable, enable]>
              owe_transition_ssid: <string>
              passphrase: <list or string>
              pmf: <value in [disable, enable, optional]>
              pmf_assoc_comeback_timeout: <integer>
              pmf_sa_query_retry_timeout: <integer>
              portal_message_override_group: <string>
              portal_type: <value in [auth, auth+disclaimer, disclaimer, ...]>
              probe_resp_suppression: <value in [disable, enable]>
              probe_resp_threshold: <string>
              ptk_rekey: <value in [disable, enable]>
              ptk_rekey_intv: <integer>
              qos_profile: <string>
              quarantine: <value in [disable, enable]>
              radio_2g_threshold: <string>
              radio_5g_threshold: <string>
              radio_sensitivity: <value in [disable, enable]>
              radius_mac_auth: <value in [disable, enable]>
              radius_mac_auth_server: <string>
              radius_mac_auth_usergroups: <list or string>
              radius_server: <string>
              rates_11a:
                - "1"
                - "1-basic"
                - "2"
                - "2-basic"
                - "5.5"
                - "5.5-basic"
                - "6"
                - "6-basic"
                - "9"
                - "9-basic"
                - "12"
                - "12-basic"
                - "18"
                - "18-basic"
                - "24"
                - "24-basic"
                - "36"
                - "36-basic"
                - "48"
                - "48-basic"
                - "54"
                - "54-basic"
                - "11"
                - "11-basic"
              rates_11ac_ss12:
                - "mcs0/1"
                - "mcs1/1"
                - "mcs2/1"
                - "mcs3/1"
                - "mcs4/1"
                - "mcs5/1"
                - "mcs6/1"
                - "mcs7/1"
                - "mcs8/1"
                - "mcs9/1"
                - "mcs0/2"
                - "mcs1/2"
                - "mcs2/2"
                - "mcs3/2"
                - "mcs4/2"
                - "mcs5/2"
                - "mcs6/2"
                - "mcs7/2"
                - "mcs8/2"
                - "mcs9/2"
                - "mcs10/1"
                - "mcs11/1"
                - "mcs10/2"
                - "mcs11/2"
              rates_11ac_ss34:
                - "mcs0/3"
                - "mcs1/3"
                - "mcs2/3"
                - "mcs3/3"
                - "mcs4/3"
                - "mcs5/3"
                - "mcs6/3"
                - "mcs7/3"
                - "mcs8/3"
                - "mcs9/3"
                - "mcs0/4"
                - "mcs1/4"
                - "mcs2/4"
                - "mcs3/4"
                - "mcs4/4"
                - "mcs5/4"
                - "mcs6/4"
                - "mcs7/4"
                - "mcs8/4"
                - "mcs9/4"
                - "mcs10/3"
                - "mcs11/3"
                - "mcs10/4"
                - "mcs11/4"
              rates_11bg:
                - "1"
                - "1-basic"
                - "2"
                - "2-basic"
                - "5.5"
                - "5.5-basic"
                - "6"
                - "6-basic"
                - "9"
                - "9-basic"
                - "12"
                - "12-basic"
                - "18"
                - "18-basic"
                - "24"
                - "24-basic"
                - "36"
                - "36-basic"
                - "48"
                - "48-basic"
                - "54"
                - "54-basic"
                - "11"
                - "11-basic"
              rates_11n_ss12:
                - "mcs0/1"
                - "mcs1/1"
                - "mcs2/1"
                - "mcs3/1"
                - "mcs4/1"
                - "mcs5/1"
                - "mcs6/1"
                - "mcs7/1"
                - "mcs8/2"
                - "mcs9/2"
                - "mcs10/2"
                - "mcs11/2"
                - "mcs12/2"
                - "mcs13/2"
                - "mcs14/2"
                - "mcs15/2"
              rates_11n_ss34:
                - "mcs16/3"
                - "mcs17/3"
                - "mcs18/3"
                - "mcs19/3"
                - "mcs20/3"
                - "mcs21/3"
                - "mcs22/3"
                - "mcs23/3"
                - "mcs24/4"
                - "mcs25/4"
                - "mcs26/4"
                - "mcs27/4"
                - "mcs28/4"
                - "mcs29/4"
                - "mcs30/4"
                - "mcs31/4"
              sae_groups:
                - "1"
                - "2"
                - "5"
                - "14"
                - "15"
                - "16"
                - "17"
                - "18"
                - "19"
                - "20"
                - "21"
                - "27"
                - "28"
                - "29"
                - "30"
                - "31"
              sae_password: <list or string>
              schedule: <list or string>
              security: <value in [None, WEP64, wep64, ...]>
              security_exempt_list: <string>
              security_obsolete_option: <value in [disable, enable]>
              security_redirect_url: <string>
              selected_usergroups: <list or string>
              split_tunneling: <value in [disable, enable]>
              ssid: <string>
              tkip_counter_measure: <value in [disable, enable]>
              usergroup: <list or string>
              utm_profile: <string>
              vdom: <list or string>
              vlan_auto: <value in [disable, enable]>
              vlan_pooling: <value in [wtp-group, round-robin, hash, ...]>
              vlanid: <integer>
              voice_enterprise: <value in [disable, enable]>
              mu_mimo: <value in [disable, enable]>
              _intf_device_access_list: <string>
              external_web_format: <value in [auto-detect, no-query-string, partial-query-string]>
              high_efficiency: <value in [disable, enable]>
              primary_wag_profile: <string>
              secondary_wag_profile: <string>
              target_wake_time: <value in [disable, enable]>
              tunnel_echo_interval: <integer>
              tunnel_fallback_interval: <integer>
              access_control_list: <string>
              captive_portal_auth_timeout: <integer>
              ipv6_rules:
                - "drop-icmp6ra"
                - "drop-icmp6rs"
                - "drop-llmnr6"
                - "drop-icmp6mld2"
                - "drop-dhcp6s"
                - "drop-dhcp6c"
                - "ndp-proxy"
                - "drop-ns-dad"
                - "drop-ns-nondad"
              sticky_client_remove: <value in [disable, enable]>
              sticky_client_threshold_2g: <string>
              sticky_client_threshold_5g: <string>
              bss_color_partial: <value in [disable, enable]>
              dhcp_option43_insertion: <value in [disable, enable]>
              mpsk_profile: <string>
              igmp_snooping: <value in [disable, enable]>
              port_macauth: <value in [disable, radius, address-group]>
              port_macauth_reauth_timeout: <integer>
              port_macauth_timeout: <integer>
              additional_akms:
                - "akm6"
                - "akm24"
              bstm_disassociation_imminent: <value in [disable, enable]>
              bstm_load_balancing_disassoc_timer: <integer>
              bstm_rssi_disassoc_timer: <integer>
              dhcp_address_enforcement: <value in [disable, enable]>
              gas_comeback_delay: <integer>
              gas_fragmentation_limit: <integer>
              mac_called_station_delimiter: <value in [hyphen, single-hyphen, colon, ...]>
              mac_calling_station_delimiter: <value in [hyphen, single-hyphen, colon, ...]>
              mac_case: <value in [uppercase, lowercase]>
              mac_password_delimiter: <value in [hyphen, single-hyphen, colon, ...]>
              mac_username_delimiter: <value in [hyphen, single-hyphen, colon, ...]>
              mbo: <value in [disable, enable]>
              mbo_cell_data_conn_pref: <value in [excluded, prefer-not, prefer-use]>
              nac: <value in [disable, enable]>
              nac_profile: <string>
              neighbor_report_dual_band: <value in [disable, enable]>
              address_group_policy: <value in [disable, allow, deny]>
              antivirus_profile: <string>
              application_detection_engine: <value in [disable, enable]>
              application_list: <string>
              application_report_intv: <integer>
              auth_cert: <string>
              auth_portal_addr: <string>
              beacon_advertising:
                - "name"
                - "model"
                - "serial-number"
              ips_sensor: <string>
              l3_roaming: <value in [disable, enable]>
              local_standalone_dns: <value in [disable, enable]>
              local_standalone_dns_ip: <list or string>
              osen: <value in [disable, enable]>
              radius_mac_mpsk_auth: <value in [disable, enable]>
              radius_mac_mpsk_timeout: <integer>
              rates_11ax_ss12:
                - "mcs0/1"
                - "mcs1/1"
                - "mcs2/1"
                - "mcs3/1"
                - "mcs4/1"
                - "mcs5/1"
                - "mcs6/1"
                - "mcs7/1"
                - "mcs8/1"
                - "mcs9/1"
                - "mcs10/1"
                - "mcs11/1"
                - "mcs0/2"
                - "mcs1/2"
                - "mcs2/2"
                - "mcs3/2"
                - "mcs4/2"
                - "mcs5/2"
                - "mcs6/2"
                - "mcs7/2"
                - "mcs8/2"
                - "mcs9/2"
                - "mcs10/2"
                - "mcs11/2"
              rates_11ax_ss34:
                - "mcs0/3"
                - "mcs1/3"
                - "mcs2/3"
                - "mcs3/3"
                - "mcs4/3"
                - "mcs5/3"
                - "mcs6/3"
                - "mcs7/3"
                - "mcs8/3"
                - "mcs9/3"
                - "mcs10/3"
                - "mcs11/3"
                - "mcs0/4"
                - "mcs1/4"
                - "mcs2/4"
                - "mcs3/4"
                - "mcs4/4"
                - "mcs5/4"
                - "mcs6/4"
                - "mcs7/4"
                - "mcs8/4"
                - "mcs9/4"
                - "mcs10/4"
                - "mcs11/4"
              scan_botnet_connections: <value in [disable, block, monitor]>
              utm_log: <value in [disable, enable]>
              utm_status: <value in [disable, enable]>
              webfilter_profile: <string>
              sae_h2e_only: <value in [disable, enable]>
              sae_pk: <value in [disable, enable]>
              sae_private_key: <string>
              sticky_client_threshold_6g: <string>
              application_dscp_marking: <value in [disable, enable]>
              l3_roaming_mode: <value in [direct, indirect]>
              rates_11ac_mcs_map: <string>
              rates_11ax_mcs_map: <string>
              captive_portal_fw_accounting: <value in [disable, enable]>
              radius_mac_auth_block_interval: <integer>
              _is_factory_setting: <value in [disable, enable, ext]>
              d80211k: <value in [disable, enable]>
              d80211v: <value in [disable, enable]>
              roaming_acct_interim_update: <value in [disable, enable]>
              sae_hnp_only: <value in [disable, enable]>
              akm24_only: <value in [disable, enable]>
              beacon_protection: <value in [disable, enable]>
              captive_portal: <value in [disable, enable]>
              nas_filter_rule: <value in [disable, enable]>
              rates_11be_mcs_map: <string>
              rates_11be_mcs_map_160: <string>
              rates_11be_mcs_map_320: <string>
              _intf_ip_managed_by_fortiipam: <value in [disable, enable, inherit-global]>
              _intf_managed_subnetwork_size: <value in [32, 64, 128, ...]>
              domain_name_stripping: <value in [disable, enable]>
              local_lan_partition: <value in [disable, enable]>
          eap_reauth: <value in [disable, enable]>
          eap_reauth_intv: <integer>
          eapol_key_retries: <value in [disable, enable]>
          encrypt: <value in [TKIP, AES, TKIP-AES]>
          external_fast_roaming: <value in [disable, enable]>
          external_logout: <string>
          external_web: <string>
          fast_bss_transition: <value in [disable, enable]>
          fast_roaming: <value in [disable, enable]>
          ft_mobility_domain: <integer>
          ft_over_ds: <value in [disable, enable]>
          ft_r0_key_lifetime: <integer>
          gtk_rekey: <value in [disable, enable]>
          gtk_rekey_intv: <integer>
          hotspot20_profile: <string>
          intra_vap_privacy: <value in [disable, enable]>
          ip: <string>
          key: <list or string>
          keyindex: <integer>
          ldpc: <value in [disable, tx, rx, ...]>
          local_authentication: <value in [disable, enable]>
          local_bridging: <value in [disable, enable]>
          local_lan: <value in [deny, allow]>
          local_standalone: <value in [disable, enable]>
          local_standalone_nat: <value in [disable, enable]>
          mac_auth_bypass: <value in [disable, enable]>
          mac_filter: <value in [disable, enable]>
          mac_filter_list:
            -
              id: <integer>
              mac: <string>
              mac_filter_policy: <value in [deny, allow]>
          mac_filter_policy_other: <value in [deny, allow]>
          max_clients: <integer>
          max_clients_ap: <integer>
          me_disable_thresh: <integer>
          mesh_backhaul: <value in [disable, enable]>
          mpsk: <value in [disable, enable]>
          mpsk_concurrent_clients: <integer>
          mpsk_key:
            -
              comment: <string>
              concurrent_clients: <string>
              key_name: <string>
              passphrase: <list or string>
              mpsk_schedules: <list or string>
          multicast_enhance: <value in [disable, enable]>
          multicast_rate: <value in [0, 6000, 12000, ...]>
          name: <string>
          okc: <value in [disable, enable]>
          passphrase: <list or string>
          pmf: <value in [disable, enable, optional]>
          pmf_assoc_comeback_timeout: <integer>
          pmf_sa_query_retry_timeout: <integer>
          portal_message_override_group: <string>
          portal_type: <value in [auth, auth+disclaimer, disclaimer, ...]>
          probe_resp_suppression: <value in [disable, enable]>
          probe_resp_threshold: <string>
          ptk_rekey: <value in [disable, enable]>
          ptk_rekey_intv: <integer>
          qos_profile: <string>
          quarantine: <value in [disable, enable]>
          radio_2g_threshold: <string>
          radio_5g_threshold: <string>
          radio_sensitivity: <value in [disable, enable]>
          radius_mac_auth: <value in [disable, enable]>
          radius_mac_auth_server: <string>
          radius_mac_auth_usergroups: <list or string>
          radius_server: <string>
          rates_11a:
            - "1"
            - "1-basic"
            - "2"
            - "2-basic"
            - "5.5"
            - "5.5-basic"
            - "6"
            - "6-basic"
            - "9"
            - "9-basic"
            - "12"
            - "12-basic"
            - "18"
            - "18-basic"
            - "24"
            - "24-basic"
            - "36"
            - "36-basic"
            - "48"
            - "48-basic"
            - "54"
            - "54-basic"
            - "11"
            - "11-basic"
          rates_11ac_ss12:
            - "mcs0/1"
            - "mcs1/1"
            - "mcs2/1"
            - "mcs3/1"
            - "mcs4/1"
            - "mcs5/1"
            - "mcs6/1"
            - "mcs7/1"
            - "mcs8/1"
            - "mcs9/1"
            - "mcs0/2"
            - "mcs1/2"
            - "mcs2/2"
            - "mcs3/2"
            - "mcs4/2"
            - "mcs5/2"
            - "mcs6/2"
            - "mcs7/2"
            - "mcs8/2"
            - "mcs9/2"
            - "mcs10/1"
            - "mcs11/1"
            - "mcs10/2"
            - "mcs11/2"
          rates_11ac_ss34:
            - "mcs0/3"
            - "mcs1/3"
            - "mcs2/3"
            - "mcs3/3"
            - "mcs4/3"
            - "mcs5/3"
            - "mcs6/3"
            - "mcs7/3"
            - "mcs8/3"
            - "mcs9/3"
            - "mcs0/4"
            - "mcs1/4"
            - "mcs2/4"
            - "mcs3/4"
            - "mcs4/4"
            - "mcs5/4"
            - "mcs6/4"
            - "mcs7/4"
            - "mcs8/4"
            - "mcs9/4"
            - "mcs10/3"
            - "mcs11/3"
            - "mcs10/4"
            - "mcs11/4"
          rates_11bg:
            - "1"
            - "1-basic"
            - "2"
            - "2-basic"
            - "5.5"
            - "5.5-basic"
            - "6"
            - "6-basic"
            - "9"
            - "9-basic"
            - "12"
            - "12-basic"
            - "18"
            - "18-basic"
            - "24"
            - "24-basic"
            - "36"
            - "36-basic"
            - "48"
            - "48-basic"
            - "54"
            - "54-basic"
            - "11"
            - "11-basic"
          rates_11n_ss12:
            - "mcs0/1"
            - "mcs1/1"
            - "mcs2/1"
            - "mcs3/1"
            - "mcs4/1"
            - "mcs5/1"
            - "mcs6/1"
            - "mcs7/1"
            - "mcs8/2"
            - "mcs9/2"
            - "mcs10/2"
            - "mcs11/2"
            - "mcs12/2"
            - "mcs13/2"
            - "mcs14/2"
            - "mcs15/2"
          rates_11n_ss34:
            - "mcs16/3"
            - "mcs17/3"
            - "mcs18/3"
            - "mcs19/3"
            - "mcs20/3"
            - "mcs21/3"
            - "mcs22/3"
            - "mcs23/3"
            - "mcs24/4"
            - "mcs25/4"
            - "mcs26/4"
            - "mcs27/4"
            - "mcs28/4"
            - "mcs29/4"
            - "mcs30/4"
            - "mcs31/4"
          schedule: <list or string>
          security: <value in [None, WEP64, wep64, ...]>
          security_exempt_list: <string>
          security_obsolete_option: <value in [disable, enable]>
          security_redirect_url: <string>
          selected_usergroups: <list or string>
          split_tunneling: <value in [disable, enable]>
          ssid: <string>
          tkip_counter_measure: <value in [disable, enable]>
          usergroup: <list or string>
          utm_profile: <string>
          vdom: <string>
          vlan_auto: <value in [disable, enable]>
          vlan_pool:
            -
              _wtp_group: <string>
              id: <integer>
              wtp_group: <string>
          vlan_pooling: <value in [wtp-group, round-robin, hash, ...]>
          vlanid: <integer>
          voice_enterprise: <value in [disable, enable]>
          address_group: <string>
          atf_weight: <integer>
          mu_mimo: <value in [disable, enable]>
          owe_groups:
            - "19"
            - "20"
            - "21"
          owe_transition: <value in [disable, enable]>
          owe_transition_ssid: <string>
          sae_groups:
            - "1"
            - "2"
            - "5"
            - "14"
            - "15"
            - "16"
            - "17"
            - "18"
            - "19"
            - "20"
            - "21"
            - "27"
            - "28"
            - "29"
            - "30"
            - "31"
          sae_password: <list or string>
          _intf_device_access_list: <string>
          external_web_format: <value in [auto-detect, no-query-string, partial-query-string]>
          high_efficiency: <value in [disable, enable]>
          primary_wag_profile: <string>
          secondary_wag_profile: <string>
          target_wake_time: <value in [disable, enable]>
          tunnel_echo_interval: <integer>
          tunnel_fallback_interval: <integer>
          access_control_list: <string>
          captive_portal_auth_timeout: <integer>
          ipv6_rules:
            - "drop-icmp6ra"
            - "drop-icmp6rs"
            - "drop-llmnr6"
            - "drop-icmp6mld2"
            - "drop-dhcp6s"
            - "drop-dhcp6c"
            - "ndp-proxy"
            - "drop-ns-dad"
            - "drop-ns-nondad"
          sticky_client_remove: <value in [disable, enable]>
          sticky_client_threshold_2g: <string>
          sticky_client_threshold_5g: <string>
          bss_color_partial: <value in [disable, enable]>
          dhcp_option43_insertion: <value in [disable, enable]>
          mpsk_profile: <string>
          igmp_snooping: <value in [disable, enable]>
          port_macauth: <value in [disable, radius, address-group]>
          port_macauth_reauth_timeout: <integer>
          port_macauth_timeout: <integer>
          portal_message_overrides:
            auth_disclaimer_page: <string>
            auth_login_failed_page: <string>
            auth_login_page: <string>
            auth_reject_page: <string>
          additional_akms:
            - "akm6"
            - "akm24"
          bstm_disassociation_imminent: <value in [disable, enable]>
          bstm_load_balancing_disassoc_timer: <integer>
          bstm_rssi_disassoc_timer: <integer>
          dhcp_address_enforcement: <value in [disable, enable]>
          gas_comeback_delay: <integer>
          gas_fragmentation_limit: <integer>
          mac_called_station_delimiter: <value in [hyphen, single-hyphen, colon, ...]>
          mac_calling_station_delimiter: <value in [hyphen, single-hyphen, colon, ...]>
          mac_case: <value in [uppercase, lowercase]>
          mac_password_delimiter: <value in [hyphen, single-hyphen, colon, ...]>
          mac_username_delimiter: <value in [hyphen, single-hyphen, colon, ...]>
          mbo: <value in [disable, enable]>
          mbo_cell_data_conn_pref: <value in [excluded, prefer-not, prefer-use]>
          nac: <value in [disable, enable]>
          nac_profile: <string>
          neighbor_report_dual_band: <value in [disable, enable]>
          address_group_policy: <value in [disable, allow, deny]>
          antivirus_profile: <string>
          application_detection_engine: <value in [disable, enable]>
          application_list: <string>
          application_report_intv: <integer>
          auth_cert: <string>
          auth_portal_addr: <string>
          beacon_advertising:
            - "name"
            - "model"
            - "serial-number"
          ips_sensor: <string>
          l3_roaming: <value in [disable, enable]>
          local_standalone_dns: <value in [disable, enable]>
          local_standalone_dns_ip: <list or string>
          osen: <value in [disable, enable]>
          radius_mac_mpsk_auth: <value in [disable, enable]>
          radius_mac_mpsk_timeout: <integer>
          rates_11ax_ss12:
            - "mcs0/1"
            - "mcs1/1"
            - "mcs2/1"
            - "mcs3/1"
            - "mcs4/1"
            - "mcs5/1"
            - "mcs6/1"
            - "mcs7/1"
            - "mcs8/1"
            - "mcs9/1"
            - "mcs10/1"
            - "mcs11/1"
            - "mcs0/2"
            - "mcs1/2"
            - "mcs2/2"
            - "mcs3/2"
            - "mcs4/2"
            - "mcs5/2"
            - "mcs6/2"
            - "mcs7/2"
            - "mcs8/2"
            - "mcs9/2"
            - "mcs10/2"
            - "mcs11/2"
          rates_11ax_ss34:
            - "mcs0/3"
            - "mcs1/3"
            - "mcs2/3"
            - "mcs3/3"
            - "mcs4/3"
            - "mcs5/3"
            - "mcs6/3"
            - "mcs7/3"
            - "mcs8/3"
            - "mcs9/3"
            - "mcs10/3"
            - "mcs11/3"
            - "mcs0/4"
            - "mcs1/4"
            - "mcs2/4"
            - "mcs3/4"
            - "mcs4/4"
            - "mcs5/4"
            - "mcs6/4"
            - "mcs7/4"
            - "mcs8/4"
            - "mcs9/4"
            - "mcs10/4"
            - "mcs11/4"
          scan_botnet_connections: <value in [disable, block, monitor]>
          utm_log: <value in [disable, enable]>
          utm_status: <value in [disable, enable]>
          vlan_name:
            -
              name: <string>
              vlan_id: <integer>
          webfilter_profile: <string>
          sae_h2e_only: <value in [disable, enable]>
          sae_pk: <value in [disable, enable]>
          sae_private_key: <string>
          sticky_client_threshold_6g: <string>
          application_dscp_marking: <value in [disable, enable]>
          l3_roaming_mode: <value in [direct, indirect]>
          rates_11ac_mcs_map: <string>
          rates_11ax_mcs_map: <string>
          captive_portal_fw_accounting: <value in [disable, enable]>
          radius_mac_auth_block_interval: <integer>
          _is_factory_setting: <value in [disable, enable, ext]>
          d80211k: <value in [disable, enable]>
          d80211v: <value in [disable, enable]>
          roaming_acct_interim_update: <value in [disable, enable]>
          sae_hnp_only: <value in [disable, enable]>
          akm24_only: <value in [disable, enable]>
          beacon_protection: <value in [disable, enable]>
          captive_portal: <value in [disable, enable]>
          nas_filter_rule: <value in [disable, enable]>
          rates_11be_mcs_map: <string>
          rates_11be_mcs_map_160: <string>
          rates_11be_mcs_map_320: <string>
          _intf_ip_managed_by_fortiipam: <value in [disable, enable, inherit-global]>
          _intf_managed_subnetwork_size: <value in [32, 64, 128, ...]>
          domain_name_stripping: <value in [disable, enable]>
          local_lan_partition: <value in [disable, enable]>

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

meta

dictionary

The result of the request.

Returned: always

request_url

string

The full url requested.

Returned: always

Sample: "/sys/login/user"

response_code

integer

The status of api request.

Returned: always

Sample: 0

response_data

list / elements=string

The api response.

Returned: always

response_message

string

The descriptive message of the api response.

Returned: always

Sample: "OK."

system_information

dictionary

The information of the target system.

Returned: always

rc

integer

The status the request.

Returned: always

Sample: 0

version_check_warning

list / elements=string

Warning if the parameters used in the playbook are not supported by the current FortiManager version.

Returned: complex

Authors

  • Xinwei Du (@dux-fortinet)

  • Xing Li (@lix-fortinet)

  • Jie Xue (@JieX19)

  • Link Zheng (@chillancezen)

  • Frank Shen (@fshen01)

  • Hongbin Lu (@fgtdev-hblu)