fortinet.fortimanager.fmgr_vap module – Configure Virtual Access Points
Note
This module is part of the fortinet.fortimanager collection (version 2.8.0).
You might already have this collection installed if you are using the ansible package.
It is not included in ansible-core.
To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install fortinet.fortimanager.
To use it in a playbook, specify: fortinet.fortimanager.fmgr_vap.
New in fortinet.fortimanager 2.0.0
Synopsis
This module is able to configure a FortiManager device.
Examples include all parameters and values which need to be adjusted to data sources before usage.
Parameters
Parameter |
Comments |
|---|---|
The token to access FortiManager without using username and password. |
|
The parameter (adom) in requested url. |
|
Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters. Choices:
|
|
Enable/Disable logging for task. Choices:
|
|
Authenticate Ansible client with forticloud API access token. |
|
The overridden method for the underlying Json RPC request. Choices:
|
|
The rc codes list with which the conditions to fail will be overriden. |
|
The rc codes list with which the conditions to succeed will be overriden. |
|
The directive to create, update or delete an object. Choices:
|
|
The top level parameters set. |
|
Centmgmt. Choices:
|
|
Dhcp svr id. |
|
Intf allowaccess. Choices:
|
|
Intf device access list. |
|
Intf device identification. Choices:
|
|
Intf device netscan. Choices:
|
|
Intf dhcp6 relay ip. |
|
Intf dhcp6 relay service. Choices:
|
|
Intf dhcp6 relay type. Choices:
|
|
(list) Intf dhcp relay ip. |
|
Intf dhcp relay service. Choices:
|
|
Intf dhcp relay type. Choices:
|
|
Intf ip. |
|
Intf ip6 address. |
|
Intf ip6 allowaccess. Choices:
|
|
Intf ip managed by fortiipam. Choices:
|
|
Intf listen forticlient connection. Choices:
|
|
Intf managed subnetwork size. Choices:
|
|
Is factory setting. Choices:
|
|
Access-control-list profile name. |
|
WiFi RADIUS accounting interim interval |
|
Additional AKMs. Choices:
|
|
Address group ID. |
|
Configure MAC address filtering policy for MAC addresses that are in the address-group. Choices:
|
|
WPA3 SAE using group-dependent hash only Choices:
|
|
Alias. |
|
AntiVirus profile name. |
|
Enable/disable application detection engine Choices:
|
|
Enable/disable application attribute based DSCP marking Choices:
|
|
Application control list name. |
|
Application report interval |
|
Airtime weight in percentage |
|
Authentication protocol. Choices:
|
|
HTTPS server certificate. |
|
Address of captive portal. |
|
Fortinet beacon advertising IE data Choices:
|
|
Enable/disable beacon protection support Choices:
|
|
Enable/disable broadcasting the SSID Choices:
|
|
Optional suppression of broadcast messages. Choices:
|
|
Enable/disable 802. Choices:
|
|
Enable/disable forcing of disassociation after the BSTM request timer has been reached Choices:
|
|
Time interval for client to voluntarily leave AP before forcing a disassociation due to AP load-balancing |
|
Time interval for client to voluntarily leave AP before forcing a disassociation due to low RSSI |
|
Enable/disable captive portal. Choices:
|
|
Local-bridging captive portal ac-name. |
|
Hard timeout - AP will always clear the session after timeout regardless of traffic |
|
Enable/disable RADIUS accounting for captive portal firewall authentication session. Choices:
|
|
(list) Secret key to access the macauth RADIUS server. |
|
Captive portal external RADIUS server domain name or IP address. |
|
(list) Secret key to access the RADIUS server. |
|
Captive portal RADIUS server domain name or IP address. |
|
Session timeout interval |
|
Enable/disable 802. Choices:
|
|
Enable/disable 802. Choices:
|
|
Enable/disable DHCP address enforcement Choices:
|
|
DHCP lease time in seconds for NAT IP address. |
|
Enable/disable insertion of DHCP option 43 Choices:
|
|
Enable/disable DHCP option 82 circuit-id insert Choices:
|
|
Enable/disable DHCP option 82 insert Choices:
|
|
Enable/disable DHCP option 82 remote-id insert Choices:
|
|
Enable/disable stripping domain name from identity Choices:
|
|
Dynamic mapping. |
|
Centmgmt. Choices:
|
|
Dhcp svr id. |
|
Intf allowaccess. Choices:
|
|
Intf device access list. |
|
Intf device identification. Choices:
|
|
Intf device netscan. Choices:
|
|
Intf dhcp6 relay ip. |
|
Intf dhcp6 relay service. Choices:
|
|
Intf dhcp6 relay type. Choices:
|
|
(list) Intf dhcp relay ip. |
|
Intf dhcp relay service. Choices:
|
|
Intf dhcp relay type. Choices:
|
|
Intf ip. |
|
Intf ip6 address. |
|
Intf ip6 allowaccess. Choices:
|
|
Intf ip managed by fortiipam. Choices:
|
|
Intf listen forticlient connection. Choices:
|
|
Intf managed subnetwork size. Choices:
|
|
Is factory setting. Choices:
|
|
Scope. |
|
Name. |
|
Vdom. |
|
Access control list. |
|
Acct interim interval. |
|
Additional AKMs. Choices:
|
|
Address group. |
|
Configure MAC address filtering policy for MAC addresses that are in the address-group. Choices:
|
|
WPA3 SAE using group-dependent hash only Choices:
|
|
Alias. |
|
AntiVirus profile name. |
|
Enable/disable application detection engine Choices:
|
|
Enable/disable application attribute based DSCP marking Choices:
|
|
Application control list name. |
|
Application report interval |
|
Atf weight. |
|
Auth. Choices:
|
|
HTTPS server certificate. |
|
Address of captive portal. |
|
Fortinet beacon advertising IE data Choices:
|
|
Enable/disable beacon protection support Choices:
|
|
Broadcast ssid. Choices:
|
|
Broadcast suppression. Choices:
|
|
Bss color partial. Choices:
|
|
Enable/disable forcing of disassociation after the BSTM request timer has been reached Choices:
|
|
Time interval for client to voluntarily leave AP before forcing a disassociation due to AP load-balancing |
|
Time interval for client to voluntarily leave AP before forcing a disassociation due to low RSSI |
|
Enable/disable captive portal. Choices:
|
|
Captive portal ac name. |
|
Captive portal auth timeout. |
|
Enable/disable RADIUS accounting for captive portal firewall authentication session. Choices:
|
|
(list) Captive portal macauth radius secret. |
|
Captive portal macauth radius server. |
|
(list) Captive portal radius secret. |
|
Captive portal radius server. |
|
Captive portal session timeout interval. |
|
Client count. |
|
Enable/disable 802. Choices:
|
|
Enable/disable 802. Choices:
|
|
Enable/disable DHCP address enforcement Choices:
|
|
Dhcp lease time. |
|
Dhcp option43 insertion. Choices:
|
|
Dhcp option82 circuit id insertion. Choices:
|
|
Dhcp option82 insertion. Choices:
|
|
Dhcp option82 remote id insertion. Choices:
|
|
Enable/disable stripping domain name from identity Choices:
|
|
Dynamic vlan. Choices:
|
|
Eap reauth. Choices:
|
|
Eap reauth intv. |
|
Eapol key retries. Choices:
|
|
Encrypt. Choices:
|
|
External fast roaming. Choices:
|
|
External logout. |
|
External web. |
|
External web format. Choices:
|
|
Fast bss transition. Choices:
|
|
Fast roaming. Choices:
|
|
Ft mobility domain. |
|
Ft over ds. Choices:
|
|
Ft r0 key lifetime. |
|
GAS comeback delay |
|
GAS fragmentation limit |
|
Gtk rekey. Choices:
|
|
Gtk rekey intv. |
|
High efficiency. Choices:
|
|
Hotspot20 profile. |
|
Enable/disable IGMP snooping. Choices:
|
|
Intra vap privacy. Choices:
|
|
Ip. |
|
IPS sensor name. |
|
Ipv6 rules. Choices:
|
|
(list) Key. |
|
Keyindex. |
|
Enable/disable layer 3 roaming Choices:
|
|
Select the way that layer 3 roaming traffic is passed Choices:
|
|
Ldpc. Choices:
|
|
Local authentication. Choices:
|
|
Local bridging. Choices:
|
|
Local lan. Choices:
|
|
Enable/disable segregating client traffic to local LAN side Choices:
|
|
Local standalone. Choices:
|
|
Enable/disable AP local standalone DNS. Choices:
|
|
(list) IPv4 addresses for the local standalone DNS. |
|
Local standalone nat. Choices:
|
|
Local switching. Choices:
|
|
Mac auth bypass. Choices:
|
|
MAC called station delimiter Choices:
|
|
MAC calling station delimiter Choices:
|
|
MAC case Choices:
|
|
Mac filter. Choices:
|
|
Mac filter policy other. Choices:
|
|
MAC authentication password delimiter Choices:
|
|
MAC authentication username delimiter Choices:
|
|
Max clients. |
|
Max clients ap. |
|
Enable/disable Multiband Operation Choices:
|
|
MBO cell data connection preference Choices:
|
|
Me disable thresh. |
|
Mesh backhaul. Choices:
|
|
Mpsk. Choices:
|
|
Mpsk concurrent clients. |
|
Mpsk profile. |
|
Mu mimo. Choices:
|
|
Multicast enhance. Choices:
|
|
Multicast rate. Choices:
|
|
Enable/disable network access control. Choices:
|
|
NAC profile name. |
|
Enable/disable NAS filter rule support Choices:
|
|
Enable/disable dual-band neighbor report Choices:
|
|
Okc. Choices:
|
|
Enable/disable OSEN as part of key management Choices:
|
|
Owe groups. Choices:
|
|
Owe transition. Choices:
|
|
Owe transition ssid. |
|
(list) Passphrase. |
|
Pmf. Choices:
|
|
Pmf assoc comeback timeout. |
|
Pmf sa query retry timeout. |
|
Enable/disable LAN port MAC authentication Choices:
|
|
LAN port MAC authentication re-authentication timeout value |
|
LAN port MAC authentication idle timeout value |
|
Portal message override group. |
|
Portal type. Choices:
|
|
Primary wag profile. |
|
Probe resp suppression. Choices:
|
|
Probe resp threshold. |
|
Ptk rekey. Choices:
|
|
Ptk rekey intv. |
|
Qos profile. |
|
Quarantine. Choices:
|
|
Radio 2g threshold. |
|
Radio 5g threshold. |
|
Radio sensitivity. Choices:
|
|
Radius mac auth. Choices:
|
|
Dont send RADIUS MAC auth request again if the client has been rejected within specific interval |
|
Radius mac auth server. |
|
(list) Radius mac auth usergroups. |
|
Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication Choices:
|
|
RADIUS MAC MPSK cache timeout interval |
|
Radius server. |
|
Rates 11a. Choices:
|
|
Comma separated list of max supported VHT MCS for spatial streams 1 through 8. |
|
Rates 11ac ss12. Choices:
|
|
Rates 11ac ss34. Choices:
|
|
Comma separated list of max supported HE MCS for spatial streams 1 through 8. |
|
Allowed data rates for 802. Choices:
|
|
Allowed data rates for 802. Choices:
|
|
Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 20MHz/40MHz/80MHz bandwidth. |
|
Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 160MHz bandwidth. |
|
Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 320MHz bandwidth. |
|
Rates 11bg. Choices:
|
|
Rates 11n ss12. Choices:
|
|
Rates 11n ss34. Choices:
|
|
Enable/disable using accounting interim update instead of accounting start/stop on roaming for WPA-Enterprise secu… Choices:
|
|
Sae groups. Choices:
|
|
Use hash-to-element-only mechanism for PWE derivation Choices:
|
|
Use hunting-and-pecking-only mechanism for PWE derivation Choices:
|
|
(list) Sae password. |
|
Enable/disable WPA3 SAE-PK Choices:
|
|
Private key used for WPA3 SAE-PK authentication. |
|
Block or monitor connections to Botnet servers or disable Botnet scanning. Choices:
|
|
(list or str) Schedule. |
|
Secondary wag profile. |
|
Security. Choices:
|
|
Security exempt list. |
|
Security obsolete option. Choices:
|
|
Security redirect url. |
|
(list or str) Selected usergroups. |
|
Split tunneling. Choices:
|
|
Ssid. |
|
Sticky client remove. Choices:
|
|
Sticky client threshold 2g. |
|
Sticky client threshold 5g. |
|
Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP |
|
Target wake time. Choices:
|
|
Tkip counter measure. Choices:
|
|
Tunnel echo interval. |
|
Tunnel fallback interval. |
|
(list or str) Usergroup. |
|
Enable/disable UTM logging. Choices:
|
|
Utm profile. |
|
Enable to add one or more security profiles Choices:
|
|
(list or str) Vdom. |
|
Vlan auto. Choices:
|
|
Vlan pooling. Choices:
|
|
Vlanid. |
|
Voice enterprise. Choices:
|
|
WebFilter profile name. |
|
Enable/disable dynamic VLAN assignment. Choices:
|
|
Enable/disable EAP re-authentication for WPA-Enterprise security. Choices:
|
|
EAP re-authentication interval |
|
Enable/disable retransmission of EAPOL-Key frames Choices:
|
|
Encryption protocol to use Choices:
|
|
Enable/disable fast roaming or pre-authentication with external APs not managed by the FortiGate Choices:
|
|
URL of external authentication logout server. |
|
URL of external authentication web server. |
|
URL query parameter detection Choices:
|
|
Enable/disable 802. Choices:
|
|
Enable/disable fast-roaming, or pre-authentication, where supported by clients Choices:
|
|
Mobility domain identifier in FT |
|
Enable/disable FT over the Distribution System Choices:
|
|
Lifetime of the PMK-R0 key in FT, 1-65535 minutes. |
|
GAS comeback delay |
|
GAS fragmentation limit |
|
Enable/disable GTK rekey for WPA security. Choices:
|
|
GTK rekey interval |
|
Enable/disable 802. Choices:
|
|
Hotspot 2. |
|
Enable/disable IGMP snooping. Choices:
|
|
Enable/disable blocking communication between clients on the same SSID Choices:
|
|
IP address and subnet mask for the local standalone NAT subnet. |
|
IPS sensor name. |
|
Optional rules of IPv6 packets. Choices:
|
|
(list) WEP Key. |
|
WEP key index |
|
Enable/disable layer 3 roaming Choices:
|
|
Select the way that layer 3 roaming traffic is passed Choices:
|
|
VAP low-density parity-check Choices:
|
|
Enable/disable AP local authentication. Choices:
|
|
Enable/disable bridging of wireless and Ethernet interfaces on the FortiAP Choices:
|
|
Allow/deny traffic destined for a Class A, B, or C private IP address Choices:
|
|
Enable/disable segregating client traffic to local LAN side Choices:
|
|
Enable/disable AP local standalone Choices:
|
|
Enable/disable AP local standalone DNS. Choices:
|
|
(list) IPv4 addresses for the local standalone DNS. |
|
Enable/disable AP local standalone NAT mode. Choices:
|
|
Enable/disable MAC authentication bypass. Choices:
|
|
MAC called station delimiter Choices:
|
|
MAC calling station delimiter Choices:
|
|
MAC case Choices:
|
|
Enable/disable MAC filtering to block wireless clients by mac address. Choices:
|
|
Mac filter list. |
|
ID. |
|
MAC address. |
|
Deny or allow the client with this MAC address. Choices:
|
|
Allow or block clients with MAC addresses that are not in the filter list. Choices:
|
|
MAC authentication password delimiter Choices:
|
|
MAC authentication username delimiter Choices:
|
|
Maximum number of clients that can connect simultaneously to the VAP |
|
Maximum number of clients that can connect simultaneously to each radio |
|
Enable/disable Multiband Operation Choices:
|
|
MBO cell data connection preference Choices:
|
|
Disable multicast enhancement when this many clients are receiving multicast traffic. |
|
Enable/disable using this VAP as a WiFi mesh backhaul Choices:
|
|
Enable/disable multiple pre-shared keys Choices:
|
|
Number of pre-shared keys |
|
Mpsk key. |
|
Comment. |
|
Number of clients that can connect using this pre-shared key. |
|
Pre-shared key name. |
|
(list or str) Firewall schedule for MPSK passphrase. |
|
(list) WPA Pre-shared key. |
|
MPSK profile name. |
|
Enable/disable Multi-user MIMO Choices:
|
|
Enable/disable converting multicast to unicast to improve performance Choices:
|
|
Multicast rate Choices:
|
|
Enable/disable network access control. Choices:
|
|
NAC profile name. |
|
Virtual AP name. |
|
Enable/disable NAS filter rule support Choices:
|
|
Enable/disable dual-band neighbor report Choices:
|
|
Enable/disable Opportunistic Key Caching Choices:
|
|
Enable/disable OSEN as part of key management Choices:
|
|
OWE-Groups. Choices:
|
|
Enable/disable OWE transition mode support. Choices:
|
|
OWE transition mode peer SSID. |
|
(list) WPA pre-shard key |
|
Protected Management Frames Choices:
|
|
Protected Management Frames |
|
Protected Management Frames |
|
Enable/disable LAN port MAC authentication Choices:
|
|
LAN port MAC authentication re-authentication timeout value |
|
LAN port MAC authentication idle timeout value |
|
Replacement message group for this VAP |
|
Portal message overrides. |
|
Override auth-disclaimer-page message with message from portal-message-overrides group. |
|
Override auth-login-failed-page message with message from portal-message-overrides group. |
|
Override auth-login-page message with message from portal-message-overrides group. |
|
Override auth-reject-page message with message from portal-message-overrides group. |
|
Captive portal functionality. Choices:
|
|
Primary wireless access gateway profile name. |
|
Enable/disable probe response suppression Choices:
|
|
Minimum signal level/threshold in dBm required for the AP response to probe requests |
|
Enable/disable PTK rekey for WPA-Enterprise security. Choices:
|
|
PTK rekey interval |
|
Quality of service profile name. |
|
Enable/disable station quarantine Choices:
|
|
Minimum signal level/threshold in dBm required for the AP response to receive a packet in 2. |
|
Minimum signal level/threshold in dBm required for the AP response to receive a packet in 5G band |
|
Enable/disable software radio sensitivity Choices:
|
|
Enable/disable RADIUS-based MAC authentication of clients Choices:
|
|
Dont send RADIUS MAC auth request again if the client has been rejected within specific interval |
|
RADIUS-based MAC authentication server. |
|
(list) Selective user groups that are permitted for RADIUS mac authentication. |
|
Enable/disable RADIUS-based MAC authentication of clients for MPSK authentication Choices:
|
|
RADIUS MAC MPSK cache timeout interval |
|
RADIUS server to be used to authenticate WiFi users. |
|
Allowed data rates for 802. Choices:
|
|
Comma separated list of max supported VHT MCS for spatial streams 1 through 8. |
|
Allowed data rates for 802. Choices:
|
|
Allowed data rates for 802. Choices:
|
|
Comma separated list of max supported HE MCS for spatial streams 1 through 8. |
|
Allowed data rates for 802. Choices:
|
|
Allowed data rates for 802. Choices:
|
|
Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 20MHz/40MHz/80MHz bandwidth. |
|
Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 160MHz bandwidth. |
|
Comma separated list of max nss that supports EHT-MCS 0-9, 10-11, 12-13 for 320MHz bandwidth. |
|
Allowed data rates for 802. Choices:
|
|
Allowed data rates for 802. Choices:
|
|
Allowed data rates for 802. Choices:
|
|
Enable/disable using accounting interim update instead of accounting start/stop on roaming for WPA-Enterprise security. Choices:
|
|
SAE-Groups. Choices:
|
|
Use hash-to-element-only mechanism for PWE derivation Choices:
|
|
Use hunting-and-pecking-only mechanism for PWE derivation Choices:
|
|
(list) WPA3 SAE password to be used to authenticate WiFi users. |
|
Enable/disable WPA3 SAE-PK Choices:
|
|
Private key used for WPA3 SAE-PK authentication. |
|
Block or monitor connections to Botnet servers or disable Botnet scanning. Choices:
|
|
(list or str) VAP schedule name. |
|
Secondary wireless access gateway profile name. |
|
Security mode for the wireless interface Choices:
|
|
Optional security exempt list for captive portal authentication. |
|
Enable/disable obsolete security options. Choices:
|
|
Optional URL for redirecting users after they pass captive portal authentication. |
|
(list or str) Selective user groups that are permitted to authenticate. |
|
Enable/disable split tunneling Choices:
|
|
IEEE 802. |
|
Enable/disable sticky client remove to maintain good signal level clients in SSID. Choices:
|
|
Minimum signal level/threshold in dBm required for the 2G client to be serviced by the AP |
|
Minimum signal level/threshold in dBm required for the 5G client to be serviced by the AP |
|
Minimum signal level/threshold in dBm required for the 6G client to be serviced by the AP |
|
Enable/disable 802. Choices:
|
|
Enable/disable TKIP counter measure. Choices:
|
|
The time interval to send echo to both primary and secondary tunnel peers |
|
The time interval for secondary tunnel to fall back to primary tunnel |
|
(list or str) Firewall user group to be used to authenticate WiFi users. |
|
Enable/disable UTM logging. Choices:
|
|
UTM profile name. |
|
Enable to add one or more security profiles Choices:
|
|
Name of the VDOM that the Virtual AP has been added to. |
|
Enable/disable automatic management of SSID VLAN interface. Choices:
|
|
Vlan name. |
|
VLAN name. |
|
VLAN ID. |
|
Vlan pool. |
|
Wtp group. |
|
ID. |
|
WTP group name. |
|
Enable/disable VLAN pooling, to allow grouping of multiple wireless controller VLANs into VLAN pools Choices:
|
|
Optional VLAN ID. |
|
Enable/disable 802. Choices:
|
|
WebFilter profile name. |
|
The adom to lock for FortiManager running in workspace mode, the value can be global and others including root. |
|
The maximum time in seconds to wait for other user to release the workspace lock. Default: |
Notes
Note
Starting in version 2.4.0, all input arguments are named using the underscore naming convention (snake_case). Please change the arguments such as “var-name” to “var_name”. Old argument names are still available yet you will receive deprecation warnings. You can ignore this warning by setting deprecation_warnings=False in ansible.cfg.
Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.
To create or update an object, use state present directive.
To delete an object, use state absent directive.
Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded
Examples
- name: Example playbook (generated based on argument schema)
hosts: fortimanagers
connection: httpapi
vars:
ansible_httpapi_use_ssl: true
ansible_httpapi_validate_certs: false
ansible_httpapi_port: 443
tasks:
- name: Configure Virtual Access Points
fortinet.fortimanager.fmgr_vap:
# bypass_validation: false
workspace_locking_adom: <value in [global, custom adom including root]>
workspace_locking_timeout: 300
# rc_succeeded: [0, -2, -3, ...]
# rc_failed: [-2, -3, ...]
adom: <your own value>
state: present # <value in [present, absent]>
vap:
_centmgmt: <value in [disable, enable]>
_dhcp_svr_id: <string>
_intf_allowaccess:
- "https"
- "ping"
- "ssh"
- "snmp"
- "http"
- "telnet"
- "fgfm"
- "auto-ipsec"
- "radius-acct"
- "probe-response"
- "capwap"
- "dnp"
- "ftm"
- "fabric"
- "speed-test"
_intf_device_identification: <value in [disable, enable]>
_intf_device_netscan: <value in [disable, enable]>
_intf_dhcp_relay_ip: <list or string>
_intf_dhcp_relay_service: <value in [disable, enable]>
_intf_dhcp_relay_type: <value in [regular, ipsec]>
_intf_dhcp6_relay_ip: <string>
_intf_dhcp6_relay_service: <value in [disable, enable]>
_intf_dhcp6_relay_type: <value in [regular]>
_intf_ip: <string>
_intf_ip6_address: <string>
_intf_ip6_allowaccess:
- "https"
- "ping"
- "ssh"
- "snmp"
- "http"
- "telnet"
- "any"
- "fgfm"
- "capwap"
_intf_listen_forticlient_connection: <value in [disable, enable]>
acct_interim_interval: <integer>
alias: <string>
auth: <value in [PSK, psk, RADIUS, ...]>
broadcast_ssid: <value in [disable, enable]>
broadcast_suppression:
- "dhcp"
- "arp"
- "dhcp2"
- "arp2"
- "netbios-ns"
- "netbios-ds"
- "arp3"
- "dhcp-up"
- "dhcp-down"
- "arp-known"
- "arp-unknown"
- "arp-reply"
- "ipv6"
- "dhcp-starvation"
- "arp-poison"
- "all-other-mc"
- "all-other-bc"
- "arp-proxy"
- "dhcp-ucast"
captive_portal_ac_name: <string>
captive_portal_macauth_radius_secret: <list or string>
captive_portal_macauth_radius_server: <string>
captive_portal_radius_secret: <list or string>
captive_portal_radius_server: <string>
captive_portal_session_timeout_interval: <integer>
dhcp_lease_time: <integer>
dhcp_option82_circuit_id_insertion: <value in [disable, style-1, style-2, ...]>
dhcp_option82_insertion: <value in [disable, enable]>
dhcp_option82_remote_id_insertion: <value in [disable, style-1]>
dynamic_vlan: <value in [disable, enable]>
dynamic_mapping:
-
_centmgmt: <value in [disable, enable]>
_dhcp_svr_id: <string>
_intf_allowaccess:
- "https"
- "ping"
- "ssh"
- "snmp"
- "http"
- "telnet"
- "fgfm"
- "auto-ipsec"
- "radius-acct"
- "probe-response"
- "capwap"
- "dnp"
- "ftm"
- "fabric"
- "speed-test"
_intf_device_identification: <value in [disable, enable]>
_intf_device_netscan: <value in [disable, enable]>
_intf_dhcp_relay_ip: <list or string>
_intf_dhcp_relay_service: <value in [disable, enable]>
_intf_dhcp_relay_type: <value in [regular, ipsec]>
_intf_dhcp6_relay_ip: <string>
_intf_dhcp6_relay_service: <value in [disable, enable]>
_intf_dhcp6_relay_type: <value in [regular]>
_intf_ip: <string>
_intf_ip6_address: <string>
_intf_ip6_allowaccess:
- "https"
- "ping"
- "ssh"
- "snmp"
- "http"
- "telnet"
- "any"
- "fgfm"
- "capwap"
_intf_listen_forticlient_connection: <value in [disable, enable]>
_scope:
-
name: <string>
vdom: <string>
acct_interim_interval: <integer>
address_group: <string>
alias: <string>
atf_weight: <integer>
auth: <value in [PSK, psk, RADIUS, ...]>
broadcast_ssid: <value in [disable, enable]>
broadcast_suppression:
- "dhcp"
- "arp"
- "dhcp2"
- "arp2"
- "netbios-ns"
- "netbios-ds"
- "arp3"
- "dhcp-up"
- "dhcp-down"
- "arp-known"
- "arp-unknown"
- "arp-reply"
- "ipv6"
- "dhcp-starvation"
- "arp-poison"
- "all-other-mc"
- "all-other-bc"
- "arp-proxy"
- "dhcp-ucast"
captive_portal_ac_name: <string>
captive_portal_macauth_radius_secret: <list or string>
captive_portal_macauth_radius_server: <string>
captive_portal_radius_secret: <list or string>
captive_portal_radius_server: <string>
captive_portal_session_timeout_interval: <integer>
client_count: <integer>
dhcp_lease_time: <integer>
dhcp_option82_circuit_id_insertion: <value in [disable, style-1, style-2, ...]>
dhcp_option82_insertion: <value in [disable, enable]>
dhcp_option82_remote_id_insertion: <value in [disable, style-1]>
dynamic_vlan: <value in [disable, enable]>
eap_reauth: <value in [disable, enable]>
eap_reauth_intv: <integer>
eapol_key_retries: <value in [disable, enable]>
encrypt: <value in [TKIP, AES, TKIP-AES]>
external_fast_roaming: <value in [disable, enable]>
external_logout: <string>
external_web: <string>
fast_bss_transition: <value in [disable, enable]>
fast_roaming: <value in [disable, enable]>
ft_mobility_domain: <integer>
ft_over_ds: <value in [disable, enable]>
ft_r0_key_lifetime: <integer>
gtk_rekey: <value in [disable, enable]>
gtk_rekey_intv: <integer>
hotspot20_profile: <string>
intra_vap_privacy: <value in [disable, enable]>
ip: <string>
key: <list or string>
keyindex: <integer>
ldpc: <value in [disable, tx, rx, ...]>
local_authentication: <value in [disable, enable]>
local_bridging: <value in [disable, enable]>
local_lan: <value in [deny, allow]>
local_standalone: <value in [disable, enable]>
local_standalone_nat: <value in [disable, enable]>
local_switching: <value in [disable, enable]>
mac_auth_bypass: <value in [disable, enable]>
mac_filter: <value in [disable, enable]>
mac_filter_policy_other: <value in [deny, allow]>
max_clients: <integer>
max_clients_ap: <integer>
me_disable_thresh: <integer>
mesh_backhaul: <value in [disable, enable]>
mpsk: <value in [disable, enable]>
mpsk_concurrent_clients: <integer>
multicast_enhance: <value in [disable, enable]>
multicast_rate: <value in [0, 6000, 12000, ...]>
okc: <value in [disable, enable]>
owe_groups:
- "19"
- "20"
- "21"
owe_transition: <value in [disable, enable]>
owe_transition_ssid: <string>
passphrase: <list or string>
pmf: <value in [disable, enable, optional]>
pmf_assoc_comeback_timeout: <integer>
pmf_sa_query_retry_timeout: <integer>
portal_message_override_group: <string>
portal_type: <value in [auth, auth+disclaimer, disclaimer, ...]>
probe_resp_suppression: <value in [disable, enable]>
probe_resp_threshold: <string>
ptk_rekey: <value in [disable, enable]>
ptk_rekey_intv: <integer>
qos_profile: <string>
quarantine: <value in [disable, enable]>
radio_2g_threshold: <string>
radio_5g_threshold: <string>
radio_sensitivity: <value in [disable, enable]>
radius_mac_auth: <value in [disable, enable]>
radius_mac_auth_server: <string>
radius_mac_auth_usergroups: <list or string>
radius_server: <string>
rates_11a:
- "1"
- "1-basic"
- "2"
- "2-basic"
- "5.5"
- "5.5-basic"
- "6"
- "6-basic"
- "9"
- "9-basic"
- "12"
- "12-basic"
- "18"
- "18-basic"
- "24"
- "24-basic"
- "36"
- "36-basic"
- "48"
- "48-basic"
- "54"
- "54-basic"
- "11"
- "11-basic"
rates_11ac_ss12:
- "mcs0/1"
- "mcs1/1"
- "mcs2/1"
- "mcs3/1"
- "mcs4/1"
- "mcs5/1"
- "mcs6/1"
- "mcs7/1"
- "mcs8/1"
- "mcs9/1"
- "mcs0/2"
- "mcs1/2"
- "mcs2/2"
- "mcs3/2"
- "mcs4/2"
- "mcs5/2"
- "mcs6/2"
- "mcs7/2"
- "mcs8/2"
- "mcs9/2"
- "mcs10/1"
- "mcs11/1"
- "mcs10/2"
- "mcs11/2"
rates_11ac_ss34:
- "mcs0/3"
- "mcs1/3"
- "mcs2/3"
- "mcs3/3"
- "mcs4/3"
- "mcs5/3"
- "mcs6/3"
- "mcs7/3"
- "mcs8/3"
- "mcs9/3"
- "mcs0/4"
- "mcs1/4"
- "mcs2/4"
- "mcs3/4"
- "mcs4/4"
- "mcs5/4"
- "mcs6/4"
- "mcs7/4"
- "mcs8/4"
- "mcs9/4"
- "mcs10/3"
- "mcs11/3"
- "mcs10/4"
- "mcs11/4"
rates_11bg:
- "1"
- "1-basic"
- "2"
- "2-basic"
- "5.5"
- "5.5-basic"
- "6"
- "6-basic"
- "9"
- "9-basic"
- "12"
- "12-basic"
- "18"
- "18-basic"
- "24"
- "24-basic"
- "36"
- "36-basic"
- "48"
- "48-basic"
- "54"
- "54-basic"
- "11"
- "11-basic"
rates_11n_ss12:
- "mcs0/1"
- "mcs1/1"
- "mcs2/1"
- "mcs3/1"
- "mcs4/1"
- "mcs5/1"
- "mcs6/1"
- "mcs7/1"
- "mcs8/2"
- "mcs9/2"
- "mcs10/2"
- "mcs11/2"
- "mcs12/2"
- "mcs13/2"
- "mcs14/2"
- "mcs15/2"
rates_11n_ss34:
- "mcs16/3"
- "mcs17/3"
- "mcs18/3"
- "mcs19/3"
- "mcs20/3"
- "mcs21/3"
- "mcs22/3"
- "mcs23/3"
- "mcs24/4"
- "mcs25/4"
- "mcs26/4"
- "mcs27/4"
- "mcs28/4"
- "mcs29/4"
- "mcs30/4"
- "mcs31/4"
sae_groups:
- "1"
- "2"
- "5"
- "14"
- "15"
- "16"
- "17"
- "18"
- "19"
- "20"
- "21"
- "27"
- "28"
- "29"
- "30"
- "31"
sae_password: <list or string>
schedule: <list or string>
security: <value in [None, WEP64, wep64, ...]>
security_exempt_list: <string>
security_obsolete_option: <value in [disable, enable]>
security_redirect_url: <string>
selected_usergroups: <list or string>
split_tunneling: <value in [disable, enable]>
ssid: <string>
tkip_counter_measure: <value in [disable, enable]>
usergroup: <list or string>
utm_profile: <string>
vdom: <list or string>
vlan_auto: <value in [disable, enable]>
vlan_pooling: <value in [wtp-group, round-robin, hash, ...]>
vlanid: <integer>
voice_enterprise: <value in [disable, enable]>
mu_mimo: <value in [disable, enable]>
_intf_device_access_list: <string>
external_web_format: <value in [auto-detect, no-query-string, partial-query-string]>
high_efficiency: <value in [disable, enable]>
primary_wag_profile: <string>
secondary_wag_profile: <string>
target_wake_time: <value in [disable, enable]>
tunnel_echo_interval: <integer>
tunnel_fallback_interval: <integer>
access_control_list: <string>
captive_portal_auth_timeout: <integer>
ipv6_rules:
- "drop-icmp6ra"
- "drop-icmp6rs"
- "drop-llmnr6"
- "drop-icmp6mld2"
- "drop-dhcp6s"
- "drop-dhcp6c"
- "ndp-proxy"
- "drop-ns-dad"
- "drop-ns-nondad"
sticky_client_remove: <value in [disable, enable]>
sticky_client_threshold_2g: <string>
sticky_client_threshold_5g: <string>
bss_color_partial: <value in [disable, enable]>
dhcp_option43_insertion: <value in [disable, enable]>
mpsk_profile: <string>
igmp_snooping: <value in [disable, enable]>
port_macauth: <value in [disable, radius, address-group]>
port_macauth_reauth_timeout: <integer>
port_macauth_timeout: <integer>
additional_akms:
- "akm6"
- "akm24"
bstm_disassociation_imminent: <value in [disable, enable]>
bstm_load_balancing_disassoc_timer: <integer>
bstm_rssi_disassoc_timer: <integer>
dhcp_address_enforcement: <value in [disable, enable]>
gas_comeback_delay: <integer>
gas_fragmentation_limit: <integer>
mac_called_station_delimiter: <value in [hyphen, single-hyphen, colon, ...]>
mac_calling_station_delimiter: <value in [hyphen, single-hyphen, colon, ...]>
mac_case: <value in [uppercase, lowercase]>
mac_password_delimiter: <value in [hyphen, single-hyphen, colon, ...]>
mac_username_delimiter: <value in [hyphen, single-hyphen, colon, ...]>
mbo: <value in [disable, enable]>
mbo_cell_data_conn_pref: <value in [excluded, prefer-not, prefer-use]>
nac: <value in [disable, enable]>
nac_profile: <string>
neighbor_report_dual_band: <value in [disable, enable]>
address_group_policy: <value in [disable, allow, deny]>
antivirus_profile: <string>
application_detection_engine: <value in [disable, enable]>
application_list: <string>
application_report_intv: <integer>
auth_cert: <string>
auth_portal_addr: <string>
beacon_advertising:
- "name"
- "model"
- "serial-number"
ips_sensor: <string>
l3_roaming: <value in [disable, enable]>
local_standalone_dns: <value in [disable, enable]>
local_standalone_dns_ip: <list or string>
osen: <value in [disable, enable]>
radius_mac_mpsk_auth: <value in [disable, enable]>
radius_mac_mpsk_timeout: <integer>
rates_11ax_ss12:
- "mcs0/1"
- "mcs1/1"
- "mcs2/1"
- "mcs3/1"
- "mcs4/1"
- "mcs5/1"
- "mcs6/1"
- "mcs7/1"
- "mcs8/1"
- "mcs9/1"
- "mcs10/1"
- "mcs11/1"
- "mcs0/2"
- "mcs1/2"
- "mcs2/2"
- "mcs3/2"
- "mcs4/2"
- "mcs5/2"
- "mcs6/2"
- "mcs7/2"
- "mcs8/2"
- "mcs9/2"
- "mcs10/2"
- "mcs11/2"
rates_11ax_ss34:
- "mcs0/3"
- "mcs1/3"
- "mcs2/3"
- "mcs3/3"
- "mcs4/3"
- "mcs5/3"
- "mcs6/3"
- "mcs7/3"
- "mcs8/3"
- "mcs9/3"
- "mcs10/3"
- "mcs11/3"
- "mcs0/4"
- "mcs1/4"
- "mcs2/4"
- "mcs3/4"
- "mcs4/4"
- "mcs5/4"
- "mcs6/4"
- "mcs7/4"
- "mcs8/4"
- "mcs9/4"
- "mcs10/4"
- "mcs11/4"
scan_botnet_connections: <value in [disable, block, monitor]>
utm_log: <value in [disable, enable]>
utm_status: <value in [disable, enable]>
webfilter_profile: <string>
sae_h2e_only: <value in [disable, enable]>
sae_pk: <value in [disable, enable]>
sae_private_key: <string>
sticky_client_threshold_6g: <string>
application_dscp_marking: <value in [disable, enable]>
l3_roaming_mode: <value in [direct, indirect]>
rates_11ac_mcs_map: <string>
rates_11ax_mcs_map: <string>
captive_portal_fw_accounting: <value in [disable, enable]>
radius_mac_auth_block_interval: <integer>
_is_factory_setting: <value in [disable, enable, ext]>
d80211k: <value in [disable, enable]>
d80211v: <value in [disable, enable]>
roaming_acct_interim_update: <value in [disable, enable]>
sae_hnp_only: <value in [disable, enable]>
akm24_only: <value in [disable, enable]>
beacon_protection: <value in [disable, enable]>
captive_portal: <value in [disable, enable]>
nas_filter_rule: <value in [disable, enable]>
rates_11be_mcs_map: <string>
rates_11be_mcs_map_160: <string>
rates_11be_mcs_map_320: <string>
_intf_ip_managed_by_fortiipam: <value in [disable, enable, inherit-global]>
_intf_managed_subnetwork_size: <value in [32, 64, 128, ...]>
domain_name_stripping: <value in [disable, enable]>
local_lan_partition: <value in [disable, enable]>
eap_reauth: <value in [disable, enable]>
eap_reauth_intv: <integer>
eapol_key_retries: <value in [disable, enable]>
encrypt: <value in [TKIP, AES, TKIP-AES]>
external_fast_roaming: <value in [disable, enable]>
external_logout: <string>
external_web: <string>
fast_bss_transition: <value in [disable, enable]>
fast_roaming: <value in [disable, enable]>
ft_mobility_domain: <integer>
ft_over_ds: <value in [disable, enable]>
ft_r0_key_lifetime: <integer>
gtk_rekey: <value in [disable, enable]>
gtk_rekey_intv: <integer>
hotspot20_profile: <string>
intra_vap_privacy: <value in [disable, enable]>
ip: <string>
key: <list or string>
keyindex: <integer>
ldpc: <value in [disable, tx, rx, ...]>
local_authentication: <value in [disable, enable]>
local_bridging: <value in [disable, enable]>
local_lan: <value in [deny, allow]>
local_standalone: <value in [disable, enable]>
local_standalone_nat: <value in [disable, enable]>
mac_auth_bypass: <value in [disable, enable]>
mac_filter: <value in [disable, enable]>
mac_filter_list:
-
id: <integer>
mac: <string>
mac_filter_policy: <value in [deny, allow]>
mac_filter_policy_other: <value in [deny, allow]>
max_clients: <integer>
max_clients_ap: <integer>
me_disable_thresh: <integer>
mesh_backhaul: <value in [disable, enable]>
mpsk: <value in [disable, enable]>
mpsk_concurrent_clients: <integer>
mpsk_key:
-
comment: <string>
concurrent_clients: <string>
key_name: <string>
passphrase: <list or string>
mpsk_schedules: <list or string>
multicast_enhance: <value in [disable, enable]>
multicast_rate: <value in [0, 6000, 12000, ...]>
name: <string>
okc: <value in [disable, enable]>
passphrase: <list or string>
pmf: <value in [disable, enable, optional]>
pmf_assoc_comeback_timeout: <integer>
pmf_sa_query_retry_timeout: <integer>
portal_message_override_group: <string>
portal_type: <value in [auth, auth+disclaimer, disclaimer, ...]>
probe_resp_suppression: <value in [disable, enable]>
probe_resp_threshold: <string>
ptk_rekey: <value in [disable, enable]>
ptk_rekey_intv: <integer>
qos_profile: <string>
quarantine: <value in [disable, enable]>
radio_2g_threshold: <string>
radio_5g_threshold: <string>
radio_sensitivity: <value in [disable, enable]>
radius_mac_auth: <value in [disable, enable]>
radius_mac_auth_server: <string>
radius_mac_auth_usergroups: <list or string>
radius_server: <string>
rates_11a:
- "1"
- "1-basic"
- "2"
- "2-basic"
- "5.5"
- "5.5-basic"
- "6"
- "6-basic"
- "9"
- "9-basic"
- "12"
- "12-basic"
- "18"
- "18-basic"
- "24"
- "24-basic"
- "36"
- "36-basic"
- "48"
- "48-basic"
- "54"
- "54-basic"
- "11"
- "11-basic"
rates_11ac_ss12:
- "mcs0/1"
- "mcs1/1"
- "mcs2/1"
- "mcs3/1"
- "mcs4/1"
- "mcs5/1"
- "mcs6/1"
- "mcs7/1"
- "mcs8/1"
- "mcs9/1"
- "mcs0/2"
- "mcs1/2"
- "mcs2/2"
- "mcs3/2"
- "mcs4/2"
- "mcs5/2"
- "mcs6/2"
- "mcs7/2"
- "mcs8/2"
- "mcs9/2"
- "mcs10/1"
- "mcs11/1"
- "mcs10/2"
- "mcs11/2"
rates_11ac_ss34:
- "mcs0/3"
- "mcs1/3"
- "mcs2/3"
- "mcs3/3"
- "mcs4/3"
- "mcs5/3"
- "mcs6/3"
- "mcs7/3"
- "mcs8/3"
- "mcs9/3"
- "mcs0/4"
- "mcs1/4"
- "mcs2/4"
- "mcs3/4"
- "mcs4/4"
- "mcs5/4"
- "mcs6/4"
- "mcs7/4"
- "mcs8/4"
- "mcs9/4"
- "mcs10/3"
- "mcs11/3"
- "mcs10/4"
- "mcs11/4"
rates_11bg:
- "1"
- "1-basic"
- "2"
- "2-basic"
- "5.5"
- "5.5-basic"
- "6"
- "6-basic"
- "9"
- "9-basic"
- "12"
- "12-basic"
- "18"
- "18-basic"
- "24"
- "24-basic"
- "36"
- "36-basic"
- "48"
- "48-basic"
- "54"
- "54-basic"
- "11"
- "11-basic"
rates_11n_ss12:
- "mcs0/1"
- "mcs1/1"
- "mcs2/1"
- "mcs3/1"
- "mcs4/1"
- "mcs5/1"
- "mcs6/1"
- "mcs7/1"
- "mcs8/2"
- "mcs9/2"
- "mcs10/2"
- "mcs11/2"
- "mcs12/2"
- "mcs13/2"
- "mcs14/2"
- "mcs15/2"
rates_11n_ss34:
- "mcs16/3"
- "mcs17/3"
- "mcs18/3"
- "mcs19/3"
- "mcs20/3"
- "mcs21/3"
- "mcs22/3"
- "mcs23/3"
- "mcs24/4"
- "mcs25/4"
- "mcs26/4"
- "mcs27/4"
- "mcs28/4"
- "mcs29/4"
- "mcs30/4"
- "mcs31/4"
schedule: <list or string>
security: <value in [None, WEP64, wep64, ...]>
security_exempt_list: <string>
security_obsolete_option: <value in [disable, enable]>
security_redirect_url: <string>
selected_usergroups: <list or string>
split_tunneling: <value in [disable, enable]>
ssid: <string>
tkip_counter_measure: <value in [disable, enable]>
usergroup: <list or string>
utm_profile: <string>
vdom: <string>
vlan_auto: <value in [disable, enable]>
vlan_pool:
-
_wtp_group: <string>
id: <integer>
wtp_group: <string>
vlan_pooling: <value in [wtp-group, round-robin, hash, ...]>
vlanid: <integer>
voice_enterprise: <value in [disable, enable]>
address_group: <string>
atf_weight: <integer>
mu_mimo: <value in [disable, enable]>
owe_groups:
- "19"
- "20"
- "21"
owe_transition: <value in [disable, enable]>
owe_transition_ssid: <string>
sae_groups:
- "1"
- "2"
- "5"
- "14"
- "15"
- "16"
- "17"
- "18"
- "19"
- "20"
- "21"
- "27"
- "28"
- "29"
- "30"
- "31"
sae_password: <list or string>
_intf_device_access_list: <string>
external_web_format: <value in [auto-detect, no-query-string, partial-query-string]>
high_efficiency: <value in [disable, enable]>
primary_wag_profile: <string>
secondary_wag_profile: <string>
target_wake_time: <value in [disable, enable]>
tunnel_echo_interval: <integer>
tunnel_fallback_interval: <integer>
access_control_list: <string>
captive_portal_auth_timeout: <integer>
ipv6_rules:
- "drop-icmp6ra"
- "drop-icmp6rs"
- "drop-llmnr6"
- "drop-icmp6mld2"
- "drop-dhcp6s"
- "drop-dhcp6c"
- "ndp-proxy"
- "drop-ns-dad"
- "drop-ns-nondad"
sticky_client_remove: <value in [disable, enable]>
sticky_client_threshold_2g: <string>
sticky_client_threshold_5g: <string>
bss_color_partial: <value in [disable, enable]>
dhcp_option43_insertion: <value in [disable, enable]>
mpsk_profile: <string>
igmp_snooping: <value in [disable, enable]>
port_macauth: <value in [disable, radius, address-group]>
port_macauth_reauth_timeout: <integer>
port_macauth_timeout: <integer>
portal_message_overrides:
auth_disclaimer_page: <string>
auth_login_failed_page: <string>
auth_login_page: <string>
auth_reject_page: <string>
additional_akms:
- "akm6"
- "akm24"
bstm_disassociation_imminent: <value in [disable, enable]>
bstm_load_balancing_disassoc_timer: <integer>
bstm_rssi_disassoc_timer: <integer>
dhcp_address_enforcement: <value in [disable, enable]>
gas_comeback_delay: <integer>
gas_fragmentation_limit: <integer>
mac_called_station_delimiter: <value in [hyphen, single-hyphen, colon, ...]>
mac_calling_station_delimiter: <value in [hyphen, single-hyphen, colon, ...]>
mac_case: <value in [uppercase, lowercase]>
mac_password_delimiter: <value in [hyphen, single-hyphen, colon, ...]>
mac_username_delimiter: <value in [hyphen, single-hyphen, colon, ...]>
mbo: <value in [disable, enable]>
mbo_cell_data_conn_pref: <value in [excluded, prefer-not, prefer-use]>
nac: <value in [disable, enable]>
nac_profile: <string>
neighbor_report_dual_band: <value in [disable, enable]>
address_group_policy: <value in [disable, allow, deny]>
antivirus_profile: <string>
application_detection_engine: <value in [disable, enable]>
application_list: <string>
application_report_intv: <integer>
auth_cert: <string>
auth_portal_addr: <string>
beacon_advertising:
- "name"
- "model"
- "serial-number"
ips_sensor: <string>
l3_roaming: <value in [disable, enable]>
local_standalone_dns: <value in [disable, enable]>
local_standalone_dns_ip: <list or string>
osen: <value in [disable, enable]>
radius_mac_mpsk_auth: <value in [disable, enable]>
radius_mac_mpsk_timeout: <integer>
rates_11ax_ss12:
- "mcs0/1"
- "mcs1/1"
- "mcs2/1"
- "mcs3/1"
- "mcs4/1"
- "mcs5/1"
- "mcs6/1"
- "mcs7/1"
- "mcs8/1"
- "mcs9/1"
- "mcs10/1"
- "mcs11/1"
- "mcs0/2"
- "mcs1/2"
- "mcs2/2"
- "mcs3/2"
- "mcs4/2"
- "mcs5/2"
- "mcs6/2"
- "mcs7/2"
- "mcs8/2"
- "mcs9/2"
- "mcs10/2"
- "mcs11/2"
rates_11ax_ss34:
- "mcs0/3"
- "mcs1/3"
- "mcs2/3"
- "mcs3/3"
- "mcs4/3"
- "mcs5/3"
- "mcs6/3"
- "mcs7/3"
- "mcs8/3"
- "mcs9/3"
- "mcs10/3"
- "mcs11/3"
- "mcs0/4"
- "mcs1/4"
- "mcs2/4"
- "mcs3/4"
- "mcs4/4"
- "mcs5/4"
- "mcs6/4"
- "mcs7/4"
- "mcs8/4"
- "mcs9/4"
- "mcs10/4"
- "mcs11/4"
scan_botnet_connections: <value in [disable, block, monitor]>
utm_log: <value in [disable, enable]>
utm_status: <value in [disable, enable]>
vlan_name:
-
name: <string>
vlan_id: <integer>
webfilter_profile: <string>
sae_h2e_only: <value in [disable, enable]>
sae_pk: <value in [disable, enable]>
sae_private_key: <string>
sticky_client_threshold_6g: <string>
application_dscp_marking: <value in [disable, enable]>
l3_roaming_mode: <value in [direct, indirect]>
rates_11ac_mcs_map: <string>
rates_11ax_mcs_map: <string>
captive_portal_fw_accounting: <value in [disable, enable]>
radius_mac_auth_block_interval: <integer>
_is_factory_setting: <value in [disable, enable, ext]>
d80211k: <value in [disable, enable]>
d80211v: <value in [disable, enable]>
roaming_acct_interim_update: <value in [disable, enable]>
sae_hnp_only: <value in [disable, enable]>
akm24_only: <value in [disable, enable]>
beacon_protection: <value in [disable, enable]>
captive_portal: <value in [disable, enable]>
nas_filter_rule: <value in [disable, enable]>
rates_11be_mcs_map: <string>
rates_11be_mcs_map_160: <string>
rates_11be_mcs_map_320: <string>
_intf_ip_managed_by_fortiipam: <value in [disable, enable, inherit-global]>
_intf_managed_subnetwork_size: <value in [32, 64, 128, ...]>
domain_name_stripping: <value in [disable, enable]>
local_lan_partition: <value in [disable, enable]>
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
|---|---|
The result of the request. Returned: always |
|
The full url requested. Returned: always Sample: |
|
The status of api request. Returned: always Sample: |
|
The api response. Returned: always |
|
The descriptive message of the api response. Returned: always Sample: |
|
The information of the target system. Returned: always |
|
The status the request. Returned: always Sample: |
|
Warning if the parameters used in the playbook are not supported by the current FortiManager version. Returned: complex |