fortinet.fortios.fortios_system_interface module – Configure interfaces in Fortinet’s FortiOS and FortiGate.
Note
This module is part of the fortinet.fortios collection (version 2.3.8).
You might already have this collection installed if you are using the ansible package.
It is not included in ansible-core.
To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install fortinet.fortios.
You need further requirements to be able to use this module,
see Requirements for details.
To use it in a playbook, specify: fortinet.fortios.fortios_system_interface.
New in fortinet.fortios 2.0.0
Synopsis
This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify system feature and interface category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0
Requirements
The below requirements are needed on the host that executes this module.
ansible>=2.15
Parameters
Parameter |
Comments |
|---|---|
Token-based authentication. Generated from GUI of Fortigate. |
|
Enable/Disable logging for task. Choices:
|
|
Member attribute path to operate on. Delimited by a slash character if there are more than one attribute. Parameter marked with member_path is legitimate for doing member operation. |
|
Add or delete a member under specified attribute path. When member_state is specified, the state option is ignored. Choices:
|
|
Indicates whether to create or remove the object. Choices:
|
|
Configure interfaces. |
|
PPPoE server name. |
|
Aggregate interface. |
|
Type of aggregation. Choices:
|
|
Frame distribution algorithm. Choices:
|
|
Alias will be displayed with the interface name to make it easier to distinguish. |
|
Permitted types of management access to this interface. Choices:
|
|
Enable/disable automatic registration of unknown FortiAP devices. Choices:
|
|
Enable/disable ARP forwarding. Choices:
|
|
HTTPS server certificate. Source vpn.certificate.local.name. |
|
Address of captive portal. |
|
PPP authentication type to use. Choices:
|
|
Enable/disable automatic authorization of dedicated Fortinet extension device on this interface. Choices:
|
|
Bandwidth measure time. |
|
Bidirectional Forwarding Detection (BFD) settings. Choices:
|
|
BFD desired minimal transmit interval. |
|
BFD detection multiplier. |
|
BFD required minimal receive interval. |
|
Enable/disable broadcasting FortiClient discovery messages. Choices:
|
|
Enable/disable broadcast forwarding. Choices:
|
|
Enable/disable captive portal. |
|
CLI connection status. |
|
DHCP client options. |
|
DHCP client option code. |
|
ID. see <a href=’#notes’>Notes</a>. |
|
DHCP option IPs. |
|
DHCP client option type. Choices:
|
|
DHCP client option value. |
|
Color of icon on the GUI. |
|
Configure interface for single purpose. Choices:
|
|
default purdue level of device detected on this interface. Choices:
|
|
Enable to get the gateway IP from the DHCP or PPPoE server. Choices:
|
|
Description. |
|
MTU of detected peer (0 - 4294967295). |
|
Protocols used to detect the server. Choices:
|
|
Gateway”s ping server for this IP. |
|
Device access list. |
|
Enable/disable passively gathering of device identity information about the devices on the network connected to this interface. Choices:
|
|
Enable/disable active gathering of device identity information about the devices on the network connected to this interface. Choices:
|
|
Enable/disable inclusion of devices detected on this interface in network vulnerability scans. Choices:
|
|
Enable/disable passive gathering of user identity information about users on this interface. Choices:
|
|
Device Index. |
|
Enable/disable setting of the broadcast flag in messages sent by the DHCP client . Choices:
|
|
Enable/disable addition of classless static routes retrieved from DHCP server. Choices:
|
|
DHCP client identifier. |
|
Enable/disable DHCP relay agent option. Choices:
|
|
Enable/disable relaying DHCP messages with no end option. Choices:
|
|
DHCP relay circuit ID. |
|
Specify outgoing interface to reach server. Source system.interface.name. |
|
Specify how to select outgoing interface to reach server. Choices:
|
|
DHCP relay IP address. |
|
DHCP relay link selection. |
|
Enable/disable sending of DHCP requests to all servers. Choices:
|
|
Enable/disable allowing this interface to act as a DHCP relay. Choices:
|
|
IP address used by the DHCP relay as its source IP. |
|
DHCP relay type (regular or IPsec). Choices:
|
|
DHCP renew time in seconds (300-604800), 0 means use the renew time provided by the server. |
|
Enable/disable DHCP smart relay. Choices:
|
|
Configure DHCP server access list. |
|
DHCP server name. |
|
IP address for DHCP server. |
|
Time in seconds to wait before retrying to start a PPPoE discovery, 0 means no timeout. |
|
Time in milliseconds to wait before sending a notification that this interface is down or disconnected. |
|
Distance for routes learned through PPPoE or DHCP, lower distance indicates preferred route. |
|
Enable/disable use DNS acquired by DHCP or PPPoE. Choices:
|
|
DNS transport protocols. Choices:
|
|
Enable/disable drop fragment packets. Choices:
|
|
Enable/disable drop overlapped fragment packets. Choices:
|
|
EAP CA certificate name. Source certificate.ca.name. |
|
EAP identity. |
|
EAP method. Choices:
|
|
EAP password. |
|
Enable/disable EAP-Supplicant. Choices:
|
|
EAP user certificate name. Source certificate.local.name. |
|
Override outgoing CoS in user VLAN tag. Choices:
|
|
Configure queues of NP port on egress path. |
|
CoS profile name for CoS 0. Source system.isf-queue-profile.name. |
|
CoS profile name for CoS 1. Source system.isf-queue-profile.name. |
|
CoS profile name for CoS 2. Source system.isf-queue-profile.name. |
|
CoS profile name for CoS 3. Source system.isf-queue-profile.name. |
|
CoS profile name for CoS 4. Source system.isf-queue-profile.name. |
|
CoS profile name for CoS 5. Source system.isf-queue-profile.name. |
|
CoS profile name for CoS 6. Source system.isf-queue-profile.name. |
|
CoS profile name for CoS 7. Source system.isf-queue-profile.name. |
|
Outgoing traffic shaping profile. Source firewall.shaping-profile.profile-name. |
|
Enable/disable endpoint compliance enforcement. Choices:
|
|
Estimated maximum downstream bandwidth (kbps). Used to estimate link utilization. |
|
Estimated maximum upstream bandwidth (kbps). Used to estimate link utilization. |
|
Enable/disable the explicit FTP proxy on this interface. Choices:
|
|
Enable/disable the explicit web proxy on this interface. Choices:
|
|
Enable/disable identifying the interface as an external interface (which usually means it”s connected to the Internet). Choices:
|
|
Action on FortiExtender when interface fail. Choices:
|
|
Names of the FortiGate interfaces to which the link failure alert is sent. |
|
Names of the non-virtual interface. Source system.interface.name. |
|
Select link-failed-signal or link-down method to alert about a failed link. Choices:
|
|
Enable/disable fail detection features for this interface. Choices:
|
|
Options for detecting that this interface has failed. Choices:
|
|
Enable/disable FortiHeartBeat (FortiTelemetry on GUI). Choices:
|
|
Enable FortiLink to dedicate this interface to manage other Fortinet devices. Choices:
|
|
FortiLink split interface backup link. |
|
Protocol for FortiGate neighbor discovery. Choices:
|
|
Enable/disable FortiLink split interface to connect member link to different FortiSwitch in stack for uplink redundancy. Choices:
|
|
Enable/disable FortiLink switch-stacking on this interface. Choices:
|
|
Transparent mode forward domain. |
|
Configure forward error correction (FEC). Choices:
|
|
Enable/disable Gi Gatekeeper. Choices:
|
|
Enable/disable detect gateway alive for first. Choices:
|
|
HA election priority for the PING server. |
|
Enable/disable ICMP accept redirect. Choices:
|
|
Enable/disable sending of ICMP redirects. Choices:
|
|
Enable/disable authentication for this interface. Choices:
|
|
PPPoE auto disconnect after idle timeout seconds, 0 means no timeout. |
|
Configure IKE authentication SAML server. Source user.saml.name. |
|
Bandwidth limit for incoming traffic (0 - 80000000 kbps), 0 means unlimited. |
|
Override incoming CoS in user VLAN tag on VLAN interface or assign a priority VLAN tag on physical interface. Choices:
|
|
Incoming traffic shaping profile. Source firewall.shaping-profile.profile-name. |
|
Ingress Spillover threshold (0 - 16776000 kbps), 0 means unlimited. |
|
Set interconnect profile. Choices:
|
|
Interface name. Source system.interface.name. |
|
Implicitly created. |
|
Interface IPv4 address and subnet mask, syntax: X.X.X.X/24. |
|
Enable/disable automatic IP address assignment of this interface by FortiIPAM. Choices:
|
|
Enable/disable IP/MAC binding. Choices:
|
|
Enable/disable the use of this interface as a one-armed sniffer. Choices:
|
|
Unnumbered IP used for PPPoE interfaces for which no unique local address is provided. |
|
IPv6 of interface. |
|
Enable/disable address auto config. Choices:
|
|
CLI IPv6 connection status. |
|
DHCP6 client options. |
|
DHCPv6 option code. |
|
ID. see <a href=’#notes’>Notes</a>. |
|
DHCP option IP6s. |
|
DHCPv6 option type. Choices:
|
|
DHCPv6 option value (hexadecimal value must be even). |
|
DHCPv6 client options. Choices:
|
|
DHCPv6 IA-PD list. |
|
Identity association identifier. see <a href=’#notes’>Notes</a>. |
|
DHCPv6 prefix that will be used as a hint to the upstream DHCPv6 server. |
|
DHCPv6 prefix hint preferred life time (sec), 0 means unlimited lease time. |
|
DHCPv6 prefix hint valid life time (sec). |
|
Enable/disable DHCPv6 information request. Choices:
|
|
Enable/disable DHCPv6 prefix delegation. Choices:
|
|
DHCPv6 prefix that will be used as a hint to the upstream DHCPv6 server. |
|
DHCPv6 prefix hint preferred life time (sec), 0 means unlimited lease time. |
|
DHCPv6 prefix hint valid life time (sec). |
|
DHCP6 relay interface ID. |
|
DHCPv6 relay IP address. |
|
Enable/disable DHCPv6 relay. Choices:
|
|
Enable/disable use of address on this interface as the source address of the relay message. Choices:
|
|
IPv6 address used by the DHCP6 relay as its source IP. |
|
DHCPv6 relay type. Choices:
|
|
Enable/disable sending of ICMPv6 redirects. Choices:
|
|
IPv6 interface identifier. |
|
Primary IPv6 address prefix. Syntax: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/xxx. |
|
Allow management access to the interface. Choices:
|
|
Default life (sec). |
|
IAID of obtained delegated-prefix from the upstream interface. |
|
Advertised IPv6 delegated prefix list. |
|
Enable/disable the autonomous flag. Choices:
|
|
IAID of obtained delegated-prefix from the upstream interface. |
|
Enable/disable the onlink flag. Choices:
|
|
Prefix ID. see <a href=’#notes’>Notes</a>. |
|
Recursive DNS server option. |
|
Recursive DNS service option. Choices:
|
|
Add subnet ID to routing prefix. |
|
Name of the interface that provides delegated information. Source system.interface.name. |
|
Enable/disable using the DNS server acquired by DHCP. Choices:
|
|
Extra IPv6 address prefixes of interface. |
|
IPv6 address prefix. |
|
Hop limit (0 means unspecified). |
|
IPv6 link MTU. |
|
Enable/disable the managed flag. Choices:
|
|
IPv6 maximum interval (4 to 1800 sec). |
|
IPv6 minimum interval (3 to 1350 sec). |
|
Addressing mode (static, DHCP, delegated). Choices:
|
|
Enable/disable the other IPv6 flag. Choices:
|
|
Advertised prefix list. |
|
Enable/disable the autonomous flag. Choices:
|
|
DNS search list option. |
|
Domain name. |
|
Enable/disable the onlink flag. Choices:
|
|
Preferred life time (sec). |
|
IPv6 prefix. |
|
Recursive DNS server option. |
|
Valid life time (sec). |
|
Assigning a prefix from DHCP or RA. Choices:
|
|
IPv6 reachable time (milliseconds; 0 means unspecified). |
|
IPv6 retransmit time (milliseconds; 0 means unspecified). |
|
Enable/disable sending advertisements about the interface. Choices:
|
|
Subnet to routing prefix. Syntax: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/xxx. |
|
Interface name providing delegated information. Source system.interface.name. |
|
Neighbor discovery certificate. Source certificate.local.name. |
|
Neighbor discovery CGA modifier. |
|
Neighbor discovery mode. Choices:
|
|
Neighbor discovery security level (0 - 7; 0 = least secure). |
|
Neighbor discovery timestamp delta value (1 - 3600 sec; ). |
|
Neighbor discovery timestamp fuzz factor (1 - 60 sec; ). |
|
Enable/disable sending link MTU in RA packet. Choices:
|
|
Enable/disable unique auto config address. Choices:
|
|
Link-local IPv6 address of virtual router. |
|
IPv6 VRRP configuration. |
|
Enable/disable accept mode. Choices:
|
|
Advertisement interval (250 - 255000 milliseconds). |
|
Enable/disable ignoring of default route when checking destination. Choices:
|
|
Enable/disable preempt mode. Choices:
|
|
Priority of the virtual router (1 - 255). |
|
Startup time (1 - 255 seconds). |
|
Enable/disable VRRP. Choices:
|
|
Monitor the route to this destination. |
|
Priority of the virtual router when the virtual router destination becomes unreachable (0 - 254). |
|
VRRP group ID (1 - 65535). |
|
Virtual router identifier (1 - 255). see <a href=’#notes’>Notes</a>. |
|
IPv6 address of the virtual router. |
|
Enable/disable virtual MAC for VRRP. Choices:
|
|
Enable/disable l2 forwarding. Choices:
|
|
LACP HA secondary member. Choices:
|
|
LACP HA slave. Choices:
|
|
LACP mode. Choices:
|
|
How often the interface sends LACP messages. Choices:
|
|
Time in seconds between PPPoE Link Control Protocol (LCP) echo requests. |
|
Maximum missed LCP echo messages before disconnect. |
|
Number of milliseconds to wait before considering a link is up. |
|
LLDP-MED network policy profile. Source system.lldp.network-policy.name. |
|
Enable/disable Link Layer Discovery Protocol (LLDP) reception. Choices:
|
|
Enable/disable Link Layer Discovery Protocol (LLDP) transmission. Choices:
|
|
Change the interface”s MAC address. |
|
Available when FortiLink is enabled, used for managed devices through FortiLink interface. |
|
Managed dev identifier. |
|
Number of IP addresses to be allocated by FortiIPAM and used by this FortiGate unit”s DHCP server settings. Choices:
|
|
High Availability in-band management IP address of this interface. |
|
Measured downstream bandwidth (kbps). |
|
Measured upstream bandwidth (kbps). |
|
Select SFP media interface type Choices:
|
|
Physical interfaces that belong to the aggregate or redundant interface. |
|
Physical interface name. Source system.interface.name. |
|
Minimum number of aggregated ports that must be up. |
|
Action to take when less than the configured minimum number of links are active. Choices:
|
|
Port mirroring direction. Choices:
|
|
Mirroring filter. |
|
Destinatin port of mirroring filter. |
|
Destinatin IP and mask of mirroring filter. |
|
Protocol of mirroring filter. |
|
Source port of mirroring filter. |
|
Source IP and mask of mirroring filter. |
|
Mirroring port. Source system.interface.name. |
|
Addressing mode (static, DHCP, PPPoE). Choices:
|
|
Enable monitoring bandwidth on this interface. Choices:
|
|
MTU value for this interface. |
|
Enable to set a custom MTU for this interface. Choices:
|
|
Name. |
|
Enable/disable NDISC forwarding. Choices:
|
|
Enable/disable NETBIOS forwarding. Choices:
|
|
NetFlow sample rate. Sample one packet every configured number of packets(1 - 65535). |
|
Enable/disable NetFlow on this interface and set the data that NetFlow collects (rx, tx, or both). Choices:
|
|
Netflow sampler ID. |
|
NP QoS profile ID. |
|
Bandwidth limit for outgoing traffic (0 - 80000000 kbps). |
|
PPPoE Active Discovery Terminate (PADT) used to terminate sessions after an idle time. |
|
PPPoE account”s password. |
|
PING server status. |
|
sFlow polling interval in seconds (1 - 255). |
|
Enable/disable NP port mirroring. Choices:
|
|
CoS in VLAN tag for outgoing PPPoE/PPP packets. Choices:
|
|
Enable/disable PPPoE unnumbered negotiation. Choices:
|
|
PPTP authentication type. Choices:
|
|
Enable/disable PPTP client. Choices:
|
|
PPTP password. |
|
PPTP server IP address. |
|
Idle timer in minutes (0 for disabled). |
|
PPTP user name. |
|
Enable/disable preservation of session route when dirty. Choices:
|
|
Priority of learned routes. |
|
Enable/disable fail back to higher priority port once recovered. Choices:
|
|
Enable/disable proxy captive portal on this interface. Choices:
|
|
IPv4 reachable time in milliseconds (30000 - 3600000). |
|
Redundant interface. |
|
Remote IP address of tunnel. |
|
Replacement message override group. |
|
RX ring size. |
|
TX ring size. |
|
Interface role. Choices:
|
|
Data that NetFlow collects (rx, tx, or both). Choices:
|
|
sFlow sample rate (10 - 99999). |
|
Enable monitoring or blocking connections to Botnet servers through this interface. Choices:
|
|
Enable/disable adding a secondary IP to this interface. Choices:
|
|
Second IP address of interface. |
|
Management access settings for the secondary IP address. Choices:
|
|
Protocols used to detect the server. Choices:
|
|
Gateway”s ping server for this IP. |
|
Enable/disable detect gateway alive for first. Choices:
|
|
HA election priority for the PING server. |
|
ID. see <a href=’#notes’>Notes</a>. |
|
Secondary IP address of the interface. |
|
PING server status. |
|
DHCP relay IP address. |
|
VLAN ID for virtual switch. |
|
802.1X master virtual-switch. |
|
802.1X member mode. Choices:
|
|
802.1X mode. Choices:
|
|
Name of security-exempt-list. |
|
URL of external authentication logout server. |
|
URL of external authentication web server. |
|
User groups that can authenticate with the captive portal. |
|
Names of user groups that can authenticate with the captive portal. Source user.group.name. |
|
Enable/disable IP authentication bypass. Choices:
|
|
Enable/disable MAC authentication bypass. Choices:
|
|
Turn on captive portal authentication for this interface. Choices:
|
|
URL redirection after disclaimer/authentication. |
|
PPPoE service name. |
|
Enable/disable sFlow on this interface. Choices:
|
|
Permanent SNMP Index of the interface. |
|
Interface speed. The default setting and the options available depend on the interface hardware. Choices:
|
|
Egress Spillover threshold (0 - 16776000 kbps), 0 means unlimited. |
|
Enable/disable source IP check. Choices:
|
|
Bring the interface up or shut the interface down. Choices:
|
|
Enable/disable STP. Choices:
|
|
Enable/disable as STP edge port. Choices:
|
|
Control STP behavior on HA secondary. Choices:
|
|
Control STP behaviour on HA slave. Choices:
|
|
Enable/disable STP forwarding. Choices:
|
|
Configure STP forwarding mode. Choices:
|
|
Enable to always send packets from this interface to a destination MAC address. Choices:
|
|
Destination MAC address that all packets are sent to from this interface. |
|
Frame distribution algorithm for switch. Choices:
|
|
Initial create for switch-controller VLANs. |
|
Creation status for switch-controller VLANs. |
|
Contained in switch. |
|
Block FortiSwitch port-to-port traffic. Choices:
|
|
Enable/disable/Monitor FortiSwitch ARP inspection. Choices:
|
|
Switch controller DHCP snooping. Choices:
|
|
Switch controller DHCP snooping option82. Choices:
|
|
Switch controller DHCP snooping verify MAC. Choices:
|
|
Integrated FortiLink settings for managed FortiSwitch. Source switch-controller.fortilink-settings.name. |
|
Interface”s purpose when assigning traffic (read only). Choices:
|
|
Switch controller IGMP snooping. Choices:
|
|
Switch controller IGMP snooping fast-leave. Choices:
|
|
Switch controller IGMP snooping proxy. Choices:
|
|
Enable/disable managed FortiSwitch IoT scanning. Choices:
|
|
Limit the number of dynamic MAC addresses on this VLAN (1 - 128, 0 = no limit, default). |
|
VLAN to use for FortiLink management purposes. |
|
Integrated FortiLink settings for managed FortiSwitch. Source switch-controller.fortilink-settings.name. |
|
NetFlow collection and processing. Choices:
|
|
Enable/disable managed FortiSwitch routing offload. Choices:
|
|
Enable/disable managed FortiSwitch routing offload gateway. Choices:
|
|
IP for routing offload on FortiSwitch. |
|
Stop Layer2 MAC learning and interception of BPDUs and other packets on this interface. Choices:
|
|
Source IP address used in FortiLink over L3 connections. Choices:
|
|
Switch controller traffic policy for the VLAN. Source switch-controller.traffic-policy.name. |
|
Define a system ID for the aggregate interface. |
|
Method in which system ID is generated. Choices:
|
|
Config object tagging. |
|
Tag category. Source system.object-tagging.category. |
|
Tagging entry name. |
|
Tags. |
|
Tag name. Source system.object-tagging.tags.name. |
|
TCP maximum segment size. 0 means do not change segment size. |
|
Enable/disable VLAN trunk. Choices:
|
|
Trusted IPv6 host for dedicated management traffic (::/0 for all hosts). |
|
Trusted IPv6 host for dedicated management traffic (::/0 for all hosts). |
|
Trusted IPv6 host for dedicated management traffic (::/0 for all hosts). |
|
Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts). |
|
Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts). |
|
Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts). |
|
Interface type. Choices:
|
|
Username of the PPPoE account, provided by your ISP. |
|
Interface is in this virtual domain (VDOM). Source system.vdom.name. |
|
Switch control interface VLAN ID. |
|
Change the interface”s virtual MAC address. |
|
Ethernet protocol of VLAN. Choices:
|
|
Enable/disable traffic forwarding between VLANs on this interface. Choices:
|
|
VLAN ID (1 - 4094). |
|
Virtual Routing Forwarding ID. |
|
VRRP configuration. |
|
Enable/disable accept mode. Choices:
|
|
Advertisement interval (250 - 255000 milliseconds). |
|
Enable/disable ignoring of default route when checking destination. Choices:
|
|
Enable/disable preempt mode. Choices:
|
|
Priority of the virtual router (1 - 255). |
|
VRRP Proxy ARP configuration. |
|
ID. see <a href=’#notes’>Notes</a>. |
|
Set IP addresses of proxy ARP. |
|
Startup time (1 - 255 seconds). |
|
Enable/disable this VRRP configuration. Choices:
|
|
VRRP version. Choices:
|
|
Monitor the route to this destination. |
|
Priority of the virtual router when the virtual router destination becomes unreachable (0 - 254). |
|
VRRP group ID (1 - 65535). |
|
Virtual router identifier (1 - 255). see <a href=’#notes’>Notes</a>. |
|
IP address of the virtual router. |
|
Enable/disable use of virtual MAC for VRRP. Choices:
|
|
Enable/disable WCCP on this interface. Used for encapsulated WCCP communication between WCCP clients and servers. Choices:
|
|
Default weight for static routes (if route has no weight configured). |
|
WINS server IP. |
|
Virtual domain, among those defined previously. A vdom is a virtual instance of the FortiGate that can be configured and used as a different unit. Default: |
Notes
Note
Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks
The module supports check_mode.
Examples
- name: Configure interfaces.
fortinet.fortios.fortios_system_interface:
vdom: "{{ vdom }}"
state: "present"
access_token: "<your_own_value>"
system_interface:
ac_name: "<your_own_value>"
aggregate: "<your_own_value>"
aggregate_type: "physical"
algorithm: "L2"
alias: "<your_own_value>"
allowaccess: "ping"
ap_discover: "enable"
arpforward: "enable"
auth_cert: "<your_own_value> (source vpn.certificate.local.name)"
auth_portal_addr: "<your_own_value>"
auth_type: "auto"
auto_auth_extension_device: "enable"
bandwidth_measure_time: "0"
bfd: "global"
bfd_desired_min_tx: "250"
bfd_detect_mult: "3"
bfd_required_min_rx: "250"
broadcast_forticlient_discovery: "enable"
broadcast_forward: "enable"
captive_portal: "2147483647"
cli_conn_status: "0"
client_options:
-
code: "0"
id: "26"
ip: "<your_own_value>"
type: "hex"
value: "<your_own_value>"
color: "0"
dedicated_to: "none"
default_purdue_level: "1"
defaultgw: "enable"
description: "<your_own_value>"
detected_peer_mtu: "0"
detectprotocol: "ping"
detectserver: "<your_own_value>"
device_access_list: "<your_own_value>"
device_identification: "enable"
device_identification_active_scan: "enable"
device_netscan: "disable"
device_user_identification: "enable"
devindex: "0"
dhcp_broadcast_flag: "disable"
dhcp_classless_route_addition: "enable"
dhcp_client_identifier: "myId_46"
dhcp_relay_agent_option: "enable"
dhcp_relay_allow_no_end_option: "disable"
dhcp_relay_circuit_id: "<your_own_value>"
dhcp_relay_interface: "<your_own_value> (source system.interface.name)"
dhcp_relay_interface_select_method: "auto"
dhcp_relay_ip: "<your_own_value>"
dhcp_relay_link_selection: "<your_own_value>"
dhcp_relay_request_all_server: "disable"
dhcp_relay_service: "disable"
dhcp_relay_source_ip: "<your_own_value>"
dhcp_relay_type: "regular"
dhcp_renew_time: "0"
dhcp_smart_relay: "disable"
dhcp_snooping_server_list:
-
name: "default_name_61"
server_ip: "<your_own_value>"
disc_retry_timeout: "1"
disconnect_threshold: "0"
distance: "5"
dns_server_override: "enable"
dns_server_protocol: "cleartext"
drop_fragment: "enable"
drop_overlapped_fragment: "enable"
eap_ca_cert: "<your_own_value> (source certificate.ca.name)"
eap_identity: "<your_own_value>"
eap_method: "tls"
eap_password: "<your_own_value>"
eap_supplicant: "enable"
eap_user_cert: "<your_own_value> (source certificate.local.name)"
egress_cos: "disable"
egress_queues:
cos0: "<your_own_value> (source system.isf-queue-profile.name)"
cos1: "<your_own_value> (source system.isf-queue-profile.name)"
cos2: "<your_own_value> (source system.isf-queue-profile.name)"
cos3: "<your_own_value> (source system.isf-queue-profile.name)"
cos4: "<your_own_value> (source system.isf-queue-profile.name)"
cos5: "<your_own_value> (source system.isf-queue-profile.name)"
cos6: "<your_own_value> (source system.isf-queue-profile.name)"
cos7: "<your_own_value> (source system.isf-queue-profile.name)"
egress_shaping_profile: "<your_own_value> (source firewall.shaping-profile.profile-name)"
endpoint_compliance: "enable"
estimated_downstream_bandwidth: "0"
estimated_upstream_bandwidth: "0"
explicit_ftp_proxy: "enable"
explicit_web_proxy: "enable"
external: "enable"
fail_action_on_extender: "soft-restart"
fail_alert_interfaces:
-
name: "default_name_95 (source system.interface.name)"
fail_alert_method: "link-failed-signal"
fail_detect: "enable"
fail_detect_option: "detectserver"
fortiheartbeat: "enable"
fortilink: "enable"
fortilink_backup_link: "0"
fortilink_neighbor_detect: "lldp"
fortilink_split_interface: "enable"
fortilink_stacking: "enable"
forward_domain: "0"
forward_error_correction: "none"
gi_gk: "enable"
gwdetect: "enable"
ha_priority: "1"
icmp_accept_redirect: "enable"
icmp_send_redirect: "enable"
ident_accept: "enable"
idle_timeout: "0"
ike_saml_server: "<your_own_value> (source user.saml.name)"
inbandwidth: "0"
ingress_cos: "disable"
ingress_shaping_profile: "<your_own_value> (source firewall.shaping-profile.profile-name)"
ingress_spillover_threshold: "0"
interconnect_profile: "default"
interface: "<your_own_value> (source system.interface.name)"
internal: "0"
ip: "<your_own_value>"
ip_managed_by_fortiipam: "inherit-global"
ipmac: "enable"
ips_sniffer_mode: "enable"
ipunnumbered: "<your_own_value>"
ipv6:
autoconf: "enable"
cli_conn6_status: "0"
client_options:
-
code: "0"
id: "132"
ip6: "<your_own_value>"
type: "hex"
value: "<your_own_value>"
dhcp6_client_options: "rapid"
dhcp6_iapd_list:
-
iaid: "<you_own_value>"
prefix_hint: "<your_own_value>"
prefix_hint_plt: "604800"
prefix_hint_vlt: "2592000"
dhcp6_information_request: "enable"
dhcp6_prefix_delegation: "enable"
dhcp6_prefix_hint: "<your_own_value>"
dhcp6_prefix_hint_plt: "604800"
dhcp6_prefix_hint_vlt: "2592000"
dhcp6_relay_interface_id: "<your_own_value>"
dhcp6_relay_ip: "<your_own_value>"
dhcp6_relay_service: "disable"
dhcp6_relay_source_interface: "disable"
dhcp6_relay_source_ip: "<your_own_value>"
dhcp6_relay_type: "regular"
icmp6_send_redirect: "enable"
interface_identifier: "myId_154"
ip6_address: "<your_own_value>"
ip6_allowaccess: "ping"
ip6_default_life: "1800"
ip6_delegated_prefix_iaid: "0"
ip6_delegated_prefix_list:
-
autonomous_flag: "enable"
delegated_prefix_iaid: "0"
onlink_flag: "enable"
prefix_id: "<you_own_value>"
rdnss: "<your_own_value>"
rdnss_service: "delegated"
subnet: "<your_own_value>"
upstream_interface: "<your_own_value> (source system.interface.name)"
ip6_dns_server_override: "enable"
ip6_extra_addr:
-
prefix: "<your_own_value>"
ip6_hop_limit: "0"
ip6_link_mtu: "0"
ip6_manage_flag: "enable"
ip6_max_interval: "600"
ip6_min_interval: "198"
ip6_mode: "static"
ip6_other_flag: "enable"
ip6_prefix_list:
-
autonomous_flag: "enable"
dnssl:
-
domain: "<your_own_value>"
onlink_flag: "enable"
preferred_life_time: "604800"
prefix: "<your_own_value>"
rdnss: "<your_own_value>"
valid_life_time: "2592000"
ip6_prefix_mode: "dhcp6"
ip6_reachable_time: "0"
ip6_retrans_time: "0"
ip6_send_adv: "enable"
ip6_subnet: "<your_own_value>"
ip6_upstream_interface: "<your_own_value> (source system.interface.name)"
nd_cert: "<your_own_value> (source certificate.local.name)"
nd_cga_modifier: "<your_own_value>"
nd_mode: "basic"
nd_security_level: "0"
nd_timestamp_delta: "300"
nd_timestamp_fuzz: "1"
ra_send_mtu: "enable"
unique_autoconf_addr: "enable"
vrip6_link_local: "<your_own_value>"
vrrp_virtual_mac6: "enable"
vrrp6:
-
accept_mode: "enable"
adv_interval: "1000"
ignore_default_route: "enable"
preempt: "enable"
priority: "100"
start_time: "3"
status: "enable"
vrdst_priority: "0"
vrdst6: "<your_own_value>"
vrgrp: "0"
vrid: "<you_own_value>"
vrip6: "<your_own_value>"
l2forward: "enable"
lacp_ha_secondary: "enable"
lacp_ha_slave: "enable"
lacp_mode: "static"
lacp_speed: "slow"
lcp_echo_interval: "5"
lcp_max_echo_fails: "3"
link_up_delay: "50"
lldp_network_policy: "<your_own_value> (source system.lldp.network-policy.name)"
lldp_reception: "enable"
lldp_transmission: "enable"
macaddr: "<your_own_value>"
managed_device:
-
name: "default_name_229"
managed_subnetwork_size: "32"
management_ip: "<your_own_value>"
measured_downstream_bandwidth: "0"
measured_upstream_bandwidth: "0"
mediatype: "none"
member:
-
interface_name: "<your_own_value> (source system.interface.name)"
min_links: "1"
min_links_down: "operational"
mirroring_direction: "rx"
mirroring_filter:
filter_dport: "0"
filter_dstip: "<your_own_value>"
filter_protocol: "0"
filter_sport: "0"
filter_srcip: "<your_own_value>"
mirroring_port: "<your_own_value> (source system.interface.name)"
mode: "static"
monitor_bandwidth: "enable"
mtu: "1500"
mtu_override: "enable"
name: "default_name_251"
ndiscforward: "enable"
netbios_forward: "disable"
netflow_sample_rate: "1"
netflow_sampler: "disable"
netflow_sampler_id: "0"
np_qos_profile: "0"
outbandwidth: "0"
padt_retry_timeout: "1"
password: "<your_own_value>"
ping_serv_status: "0"
polling_interval: "20"
port_mirroring: "disable"
pppoe_egress_cos: "cos0"
pppoe_unnumbered_negotiate: "enable"
pptp_auth_type: "auto"
pptp_client: "enable"
pptp_password: "<your_own_value>"
pptp_server_ip: "<your_own_value>"
pptp_timeout: "0"
pptp_user: "<your_own_value>"
preserve_session_route: "enable"
priority: "1"
priority_override: "enable"
proxy_captive_portal: "enable"
reachable_time: "30000"
redundant_interface: "<your_own_value>"
remote_ip: "<your_own_value>"
replacemsg_override_group: "<your_own_value>"
ring_rx: "0"
ring_tx: "0"
role: "lan"
sample_direction: "tx"
sample_rate: "2000"
scan_botnet_connections: "disable"
secondary_IP: "enable"
secondaryip:
-
allowaccess: "ping"
detectprotocol: "ping"
detectserver: "<your_own_value>"
gwdetect: "enable"
ha_priority: "1"
id: "293"
ip: "<your_own_value>"
ping_serv_status: "0"
secip_relay_ip: "<your_own_value>"
security_8021x_dynamic_vlan_id: "0"
security_8021x_master: "<your_own_value>"
security_8021x_member_mode: "switch"
security_8021x_mode: "default"
security_exempt_list: "<your_own_value>"
security_external_logout: "<your_own_value>"
security_external_web: "<your_own_value>"
security_groups:
-
name: "default_name_305 (source user.group.name)"
security_ip_auth_bypass: "enable"
security_mac_auth_bypass: "mac-auth-only"
security_mode: "none"
security_redirect_url: "<your_own_value>"
service_name: "<your_own_value>"
sflow_sampler: "enable"
snmp_index: "0"
speed: "auto"
spillover_threshold: "0"
src_check: "enable"
status: "up"
stp: "disable"
stp_edge: "disable"
stp_ha_secondary: "disable"
stp_ha_slave: "disable"
stpforward: "enable"
stpforward_mode: "rpl-all-ext-id"
subst: "enable"
substitute_dst_mac: "<your_own_value>"
sw_algorithm: "l2"
swc_first_create: "0"
swc_vlan: "0"
switch: "<your_own_value>"
switch_controller_access_vlan: "enable"
switch_controller_arp_inspection: "enable"
switch_controller_dhcp_snooping: "enable"
switch_controller_dhcp_snooping_option82: "enable"
switch_controller_dhcp_snooping_verify_mac: "enable"
switch_controller_dynamic: "<your_own_value> (source switch-controller.fortilink-settings.name)"
switch_controller_feature: "none"
switch_controller_igmp_snooping: "enable"
switch_controller_igmp_snooping_fast_leave: "enable"
switch_controller_igmp_snooping_proxy: "enable"
switch_controller_iot_scanning: "enable"
switch_controller_learning_limit: "0"
switch_controller_mgmt_vlan: "4094"
switch_controller_nac: "<your_own_value> (source switch-controller.fortilink-settings.name)"
switch_controller_netflow_collect: "disable"
switch_controller_offload: "enable"
switch_controller_offload_gw: "enable"
switch_controller_offload_ip: "<your_own_value>"
switch_controller_rspan_mode: "disable"
switch_controller_source_ip: "outbound"
switch_controller_traffic_policy: "<your_own_value> (source switch-controller.traffic-policy.name)"
system_id: "<your_own_value>"
system_id_type: "auto"
tagging:
-
category: "<your_own_value> (source system.object-tagging.category)"
name: "default_name_354"
tags:
-
name: "default_name_356 (source system.object-tagging.tags.name)"
tcp_mss: "0"
trunk: "enable"
trust_ip_1: "<your_own_value>"
trust_ip_2: "<your_own_value>"
trust_ip_3: "<your_own_value>"
trust_ip6_1: "<your_own_value>"
trust_ip6_2: "<your_own_value>"
trust_ip6_3: "<your_own_value>"
type: "physical"
username: "<your_own_value>"
vdom: "<your_own_value> (source system.vdom.name)"
vindex: "0"
virtual_mac: "<your_own_value>"
vlan_protocol: "8021q"
vlanforward: "enable"
vlanid: "0"
vrf: "0"
vrrp:
-
accept_mode: "enable"
adv_interval: "1000"
ignore_default_route: "enable"
preempt: "enable"
priority: "100"
proxy_arp:
-
id: "381"
ip: "<your_own_value>"
start_time: "3"
status: "enable"
version: "2"
vrdst: "<your_own_value>"
vrdst_priority: "0"
vrgrp: "0"
vrid: "<you_own_value>"
vrip: "<your_own_value>"
vrrp_virtual_mac: "enable"
wccp: "enable"
weight: "0"
wins_ip: "<your_own_value>"
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
|---|---|
Build number of the fortigate image Returned: always Sample: |
|
Last method used to provision the content into FortiGate Returned: always Sample: |
|
Last result given by FortiGate on last operation applied Returned: always Sample: |
|
Master key (id) used in the last call to FortiGate Returned: success Sample: |
|
Name of the table used to fulfill the request Returned: always Sample: |
|
Path of the table used to fulfill the request Returned: always Sample: |
|
Internal revision number Returned: always Sample: |
|
Serial number of the unit Returned: always Sample: |
|
Indication of the operation’s result Returned: always Sample: |
|
Virtual domain used Returned: always Sample: |
|
Version of the FortiGate Returned: always Sample: |