fortinet.fortimanager.fmgr_fsp_vlan_dynamicmapping module – Fsp vlan dynamic mapping

Note

This module is part of the fortinet.fortimanager collection (version 2.8.2).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install fortinet.fortimanager.

To use it in a playbook, specify: fortinet.fortimanager.fmgr_fsp_vlan_dynamicmapping.

New in fortinet.fortimanager 2.0.0

Synopsis

  • This module is able to configure a FortiManager device.

  • Examples include all parameters and values which need to be adjusted to data sources before usage.

Parameters

Parameter

Comments

access_token

string

The token to access FortiManager without using username and password.

adom

string / required

The parameter (adom) in requested url.

bypass_validation

boolean

Only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters.

Choices:

  • false ← (default)

  • true

enable_log

boolean

Enable/Disable logging for task.

Choices:

  • false ← (default)

  • true

forticloud_access_token

string

Authenticate Ansible client with forticloud API access token.

fsp_vlan_dynamicmapping

dictionary

The top level parameters set.

_dhcp_status

aliases: _dhcp-status

string

Dhcp status.

Choices:

  • "disable"

  • "enable"

_scope

list / elements=dictionary

Scope.

name

string

Name.

vdom

string

Vdom.

dhcp_server

aliases: dhcp-server

dictionary

Dhcp server.

auto_configuration

aliases: auto-configuration

string

Enable/disable auto configuration.

Choices:

  • "disable"

  • "enable"

auto_managed_status

aliases: auto-managed-status

string

Enable/disable use of this DHCP server once this interface has been assigned an IP address from FortiIPAM.

Choices:

  • "disable"

  • "enable"

conflicted_ip_timeout

aliases: conflicted-ip-timeout

integer

Time in seconds to wait after a conflicted IP address is removed from the DHCP range before it can be reused.

ddns_auth

aliases: ddns-auth

string

DDNS authentication mode.

Choices:

  • "disable"

  • "tsig"

ddns_key

aliases: ddns-key

any

(list or str) DDNS update key

ddns_keyname

aliases: ddns-keyname

string

DDNS update key name.

ddns_server_ip

aliases: ddns-server-ip

string

DDNS server IP.

ddns_ttl

aliases: ddns-ttl

integer

TTL.

ddns_update

aliases: ddns-update

string

Enable/disable DDNS update for DHCP.

Choices:

  • "disable"

  • "enable"

ddns_update_override

aliases: ddns-update-override

string

Enable/disable DDNS update override for DHCP.

Choices:

  • "disable"

  • "enable"

ddns_zone

aliases: ddns-zone

string

Zone of your domain name

default_gateway

aliases: default-gateway

string

Default gateway IP address assigned by the DHCP server.

dhcp_settings_from_fortiipam

aliases: dhcp-settings-from-fortiipam

string

Enable/disable populating of DHCP server settings from FortiIPAM.

Choices:

  • "disable"

  • "enable"

dns_server1

aliases: dns-server1

string

DNS server 1.

dns_server2

aliases: dns-server2

string

DNS server 2.

dns_server3

aliases: dns-server3

string

DNS server 3.

dns_server4

aliases: dns-server4

string

DNS server 4.

dns_service

aliases: dns-service

string

Options for assigning DNS servers to DHCP clients.

Choices:

  • "default"

  • "specify"

  • "local"

domain

string

Domain name suffix for the IP addresses that the DHCP server assigns to clients.

enable

string

Enable.

Choices:

  • "disable"

  • "enable"

exclude_range

aliases: exclude-range

list / elements=dictionary

Exclude range.

end_ip

aliases: end-ip

string

End of IP range.

id

integer

ID.

lease_time

aliases: lease-time

integer

Lease time in seconds, 0 means default lease time.

start_ip

aliases: start-ip

string

Start of IP range.

uci_match

aliases: uci-match

string

Enable/disable user class identifier

Choices:

  • "disable"

  • "enable"

uci_string

aliases: uci-string

any

(list) One or more UCI strings in quotes separated by spaces.

vci_match

aliases: vci-match

string

Enable/disable vendor class identifier

Choices:

  • "disable"

  • "enable"

vci_string

aliases: vci-string

any

(list) One or more VCI strings in quotes separated by spaces.

filename

string

Name of the boot file on the TFTP server.

forticlient_on_net_status

aliases: forticlient-on-net-status

string

Enable/disable FortiClient-On-Net service for this DHCP server.

Choices:

  • "disable"

  • "enable"

id

integer

ID.

ip_mode

aliases: ip-mode

string

Method used to assign client IP.

Choices:

  • "range"

  • "usrgrp"

ip_range

aliases: ip-range

list / elements=dictionary

Ip range.

end_ip

aliases: end-ip

string

End of IP range.

id

integer

ID.

lease_time

aliases: lease-time

integer

Lease time in seconds, 0 means default lease time.

start_ip

aliases: start-ip

string

Start of IP range.

uci_match

aliases: uci-match

string

Enable/disable user class identifier

Choices:

  • "disable"

  • "enable"

uci_string

aliases: uci-string

any

(list) One or more UCI strings in quotes separated by spaces.

vci_match

aliases: vci-match

string

Enable/disable vendor class identifier

Choices:

  • "disable"

  • "enable"

vci_string

aliases: vci-string

any

(list) One or more VCI strings in quotes separated by spaces.

ipsec_lease_hold

aliases: ipsec-lease-hold

integer

DHCP over IPsec leases expire this many seconds after tunnel down

lease_time

aliases: lease-time

integer

Lease time in seconds, 0 means unlimited.

mac_acl_default_action

aliases: mac-acl-default-action

string

MAC access control default action

Choices:

  • "assign"

  • "block"

netmask

string

Netmask assigned by the DHCP server.

next_server

aliases: next-server

string

IP address of a server

ntp_server1

aliases: ntp-server1

string

NTP server 1.

ntp_server2

aliases: ntp-server2

string

NTP server 2.

ntp_server3

aliases: ntp-server3

string

NTP server 3.

ntp_service

aliases: ntp-service

string

Options for assigning Network Time Protocol

Choices:

  • "default"

  • "specify"

  • "local"

option1

any

(list) Option1.

option2

any

(list) Option2.

option3

any

(list) Option3.

option4

string

Option4.

option5

string

Option5.

option6

string

Option6.

options

list / elements=dictionary

Options.

code

integer

DHCP option code.

id

integer

ID.

ip

any

(list) DHCP option IPs.

type

string

DHCP option type.

Choices:

  • "hex"

  • "string"

  • "ip"

  • "fqdn"

uci_match

aliases: uci-match

string

Enable/disable user class identifier

Choices:

  • "disable"

  • "enable"

uci_string

aliases: uci-string

any

(list) One or more UCI strings in quotes separated by spaces.

value

string

DHCP option value.

vci_match

aliases: vci-match

string

Enable/disable vendor class identifier

Choices:

  • "disable"

  • "enable"

vci_string

aliases: vci-string

any

(list) One or more VCI strings in quotes separated by spaces.

relay_agent

aliases: relay-agent

string

Relay agent IP.

reserved_address

aliases: reserved-address

list / elements=dictionary

Reserved address.

action

string

Options for the DHCP server to configure the client with the reserved MAC address.

Choices:

  • "assign"

  • "block"

  • "reserved"

circuit_id

aliases: circuit-id

string

Option 82 circuit-ID of the client that will get the reserved IP address.

circuit_id_type

aliases: circuit-id-type

string

DHCP option type.

Choices:

  • "hex"

  • "string"

description

string

Description.

id

integer

ID.

ip

string

IP address to be reserved for the MAC address.

mac

string

MAC address of the client that will get the reserved IP address.

remote_id

aliases: remote-id

string

Option 82 remote-ID of the client that will get the reserved IP address.

remote_id_type

aliases: remote-id-type

string

DHCP option type.

Choices:

  • "hex"

  • "string"

type

string

DHCP reserved-address type.

Choices:

  • "mac"

  • "option82"

server_type

aliases: server-type

string

DHCP server can be a normal DHCP server or an IPsec DHCP server.

Choices:

  • "regular"

  • "ipsec"

shared_subnet

aliases: shared-subnet

string

Enable/disable shared subnet.

Choices:

  • "disable"

  • "enable"

status

string

Enable/disable this DHCP configuration.

Choices:

  • "disable"

  • "enable"

tftp_server

aliases: tftp-server

any

(list) One or more hostnames or IP addresses of the TFTP servers in quotes separated by spaces.

timezone

string

Select the time zone to be assigned to DHCP clients.

Choices:

  • "00"

  • "01"

  • "02"

  • "03"

  • "04"

  • "05"

  • "06"

  • "07"

  • "08"

  • "09"

  • "10"

  • "11"

  • "12"

  • "13"

  • "14"

  • "15"

  • "16"

  • "17"

  • "18"

  • "19"

  • "20"

  • "21"

  • "22"

  • "23"

  • "24"

  • "25"

  • "26"

  • "27"

  • "28"

  • "29"

  • "30"

  • "31"

  • "32"

  • "33"

  • "34"

  • "35"

  • "36"

  • "37"

  • "38"

  • "39"

  • "40"

  • "41"

  • "42"

  • "43"

  • "44"

  • "45"

  • "46"

  • "47"

  • "48"

  • "49"

  • "50"

  • "51"

  • "52"

  • "53"

  • "54"

  • "55"

  • "56"

  • "57"

  • "58"

  • "59"

  • "60"

  • "61"

  • "62"

  • "63"

  • "64"

  • "65"

  • "66"

  • "67"

  • "68"

  • "69"

  • "70"

  • "71"

  • "72"

  • "73"

  • "74"

  • "75"

  • "76"

  • "77"

  • "78"

  • "79"

  • "80"

  • "81"

  • "82"

  • "83"

  • "84"

  • "85"

  • "86"

  • "87"

timezone_option

aliases: timezone-option

string

Options for the DHCP server to set the clients time zone.

Choices:

  • "disable"

  • "default"

  • "specify"

vci_match

aliases: vci-match

string

Enable/disable vendor class identifier

Choices:

  • "disable"

  • "enable"

vci_string

aliases: vci-string

any

(list) One or more VCI strings in quotes separated by spaces.

wifi_ac1

aliases: wifi-ac1

string

WiFi Access Controller 1 IP address

wifi_ac2

aliases: wifi-ac2

string

WiFi Access Controller 2 IP address

wifi_ac3

aliases: wifi-ac3

string

WiFi Access Controller 3 IP address

wifi_ac_service

aliases: wifi-ac-service

string

Options for assigning WiFi Access Controllers to DHCP clients

Choices:

  • "specify"

  • "local"

wins_server1

aliases: wins-server1

string

WINS server 1.

wins_server2

aliases: wins-server2

string

WINS server 2.

interface

dictionary

Interface.

dhcp_relay_agent_option

aliases: dhcp-relay-agent-option

string

Dhcp relay agent option.

Choices:

  • "disable"

  • "enable"

dhcp_relay_interface_select_method

aliases: dhcp-relay-interface-select-method

string

Dhcp relay interface select method.

Choices:

  • "auto"

  • "sdwan"

  • "specify"

dhcp_relay_ip

aliases: dhcp-relay-ip

any

(list) Dhcp relay ip.

dhcp_relay_service

aliases: dhcp-relay-service

string

Dhcp relay service.

Choices:

  • "disable"

  • "enable"

dhcp_relay_type

aliases: dhcp-relay-type

string

Dhcp relay type.

Choices:

  • "regular"

  • "ipsec"

ip

string

Ip.

ipv6

dictionary

Ipv6.

autoconf

string

Enable/disable address auto config.

Choices:

  • "disable"

  • "enable"

cli_conn6_status

aliases: cli-conn6-status

integer

Cli conn6 status.

dhcp6_client_options

aliases: dhcp6-client-options

list / elements=string

Dhcp6 client options.

Choices:

  • "rapid"

  • "iapd"

  • "iana"

  • "dns"

  • "dnsname"

dhcp6_information_request

aliases: dhcp6-information-request

string

Enable/disable DHCPv6 information request.

Choices:

  • "disable"

  • "enable"

dhcp6_prefix_delegation

aliases: dhcp6-prefix-delegation

string

Enable/disable DHCPv6 prefix delegation.

Choices:

  • "disable"

  • "enable"

dhcp6_prefix_hint

aliases: dhcp6-prefix-hint

string

DHCPv6 prefix that will be used as a hint to the upstream DHCPv6 server.

dhcp6_prefix_hint_plt

aliases: dhcp6-prefix-hint-plt

integer

DHCPv6 prefix hint preferred life time

dhcp6_prefix_hint_vlt

aliases: dhcp6-prefix-hint-vlt

integer

DHCPv6 prefix hint valid life time

dhcp6_relay_interface_id

aliases: dhcp6-relay-interface-id

string

DHCP6 relay interface ID.

dhcp6_relay_ip

aliases: dhcp6-relay-ip

string

DHCPv6 relay IP address.

dhcp6_relay_service

aliases: dhcp6-relay-service

string

Enable/disable DHCPv6 relay.

Choices:

  • "disable"

  • "enable"

dhcp6_relay_source_interface

aliases: dhcp6-relay-source-interface

string

Enable/disable use of address on this interface as the source address of the relay message.

Choices:

  • "disable"

  • "enable"

dhcp6_relay_source_ip

aliases: dhcp6-relay-source-ip

string

IPv6 address used by the DHCP6 relay as its source IP.

dhcp6_relay_type

aliases: dhcp6-relay-type

string

DHCPv6 relay type.

Choices:

  • "regular"

icmp6_send_redirect

aliases: icmp6-send-redirect

string

Enable/disable sending of ICMPv6 redirects.

Choices:

  • "disable"

  • "enable"

interface_identifier

aliases: interface-identifier

string

IPv6 interface identifier.

ip6_address

aliases: ip6-address

string

Primary IPv6 address prefix, syntax

ip6_allowaccess

aliases: ip6-allowaccess

list / elements=string

Allow management access to the interface.

Choices:

  • "https"

  • "ping"

  • "ssh"

  • "snmp"

  • "http"

  • "telnet"

  • "fgfm"

  • "capwap"

  • "fabric"

ip6_default_life

aliases: ip6-default-life

integer

Default life

ip6_delegated_prefix_iaid

aliases: ip6-delegated-prefix-iaid

integer

IAID of obtained delegated-prefix from the upstream interface.

ip6_delegated_prefix_list

aliases: ip6-delegated-prefix-list

list / elements=dictionary

Ip6 delegated prefix list.

autonomous_flag

aliases: autonomous-flag

string

Enable/disable the autonomous flag.

Choices:

  • "disable"

  • "enable"

delegated_prefix_iaid

aliases: delegated-prefix-iaid

integer

IAID of obtained delegated-prefix from the upstream interface.

onlink_flag

aliases: onlink-flag

string

Enable/disable the onlink flag.

Choices:

  • "disable"

  • "enable"

prefix_id

aliases: prefix-id

integer

Prefix ID.

rdnss

any

(list) Recursive DNS server option.

rdnss_service

aliases: rdnss-service

string

Recursive DNS service option.

Choices:

  • "delegated"

  • "default"

  • "specify"

subnet

string

Add subnet ID to routing prefix.

upstream_interface

aliases: upstream-interface

string

Name of the interface that provides delegated information.

ip6_dns_server_override

aliases: ip6-dns-server-override

string

Enable/disable using the DNS server acquired by DHCP.

Choices:

  • "disable"

  • "enable"

ip6_extra_addr

aliases: ip6-extra-addr

list / elements=dictionary

Ip6 extra addr.

prefix

string

IPv6 address prefix.

ip6_hop_limit

aliases: ip6-hop-limit

integer

Hop limit

ip6_link_mtu

aliases: ip6-link-mtu

integer

IPv6 link MTU.

ip6_manage_flag

aliases: ip6-manage-flag

string

Enable/disable the managed flag.

Choices:

  • "disable"

  • "enable"

ip6_max_interval

aliases: ip6-max-interval

integer

IPv6 maximum interval

ip6_min_interval

aliases: ip6-min-interval

integer

IPv6 minimum interval

ip6_mode

aliases: ip6-mode

string

Addressing mode

Choices:

  • "static"

  • "dhcp"

  • "pppoe"

  • "delegated"

ip6_other_flag

aliases: ip6-other-flag

string

Enable/disable the other IPv6 flag.

Choices:

  • "disable"

  • "enable"

ip6_prefix_list

aliases: ip6-prefix-list

list / elements=dictionary

Ip6 prefix list.

autonomous_flag

aliases: autonomous-flag

string

Enable/disable the autonomous flag.

Choices:

  • "disable"

  • "enable"

dnssl

any

(list) DNS search list option.

onlink_flag

aliases: onlink-flag

string

Enable/disable the onlink flag.

Choices:

  • "disable"

  • "enable"

preferred_life_time

aliases: preferred-life-time

integer

Preferred life time

prefix

string

IPv6 prefix.

rdnss

any

(list) Recursive DNS server option.

valid_life_time

aliases: valid-life-time

integer

Valid life time

ip6_prefix_mode

aliases: ip6-prefix-mode

string

Assigning a prefix from DHCP or RA.

Choices:

  • "dhcp6"

  • "ra"

ip6_reachable_time

aliases: ip6-reachable-time

integer

IPv6 reachable time

ip6_retrans_time

aliases: ip6-retrans-time

integer

IPv6 retransmit time

ip6_send_adv

aliases: ip6-send-adv

string

Enable/disable sending advertisements about the interface.

Choices:

  • "disable"

  • "enable"

ip6_subnet

aliases: ip6-subnet

string

Subnet to routing prefix, syntax

ip6_upstream_interface

aliases: ip6-upstream-interface

string

Interface name providing delegated information.

nd_cert

aliases: nd-cert

string

Neighbor discovery certificate.

nd_cga_modifier

aliases: nd-cga-modifier

string

Neighbor discovery CGA modifier.

nd_mode

aliases: nd-mode

string

Neighbor discovery mode.

Choices:

  • "basic"

  • "SEND-compatible"

nd_security_level

aliases: nd-security-level

integer

Neighbor discovery security level

nd_timestamp_delta

aliases: nd-timestamp-delta

integer

Neighbor discovery timestamp delta value

nd_timestamp_fuzz

aliases: nd-timestamp-fuzz

integer

Neighbor discovery timestamp fuzz factor

ra_send_mtu

aliases: ra-send-mtu

string

Enable/disable sending link MTU in RA packet.

Choices:

  • "disable"

  • "enable"

unique_autoconf_addr

aliases: unique-autoconf-addr

string

Enable/disable unique auto config address.

Choices:

  • "disable"

  • "enable"

string

Link-local IPv6 address of virtual router.

vrrp6

list / elements=dictionary

Vrrp6.

accept_mode

aliases: accept-mode

string

Enable/disable accept mode.

Choices:

  • "disable"

  • "enable"

adv_interval

aliases: adv-interval

integer

Advertisement interval

ignore_default_route

aliases: ignore-default-route

string

Enable/disable ignoring of default route when checking destination.

Choices:

  • "disable"

  • "enable"

preempt

string

Enable/disable preempt mode.

Choices:

  • "disable"

  • "enable"

priority

integer

Priority of the virtual router

start_time

aliases: start-time

integer

Startup time

status

string

Enable/disable VRRP.

Choices:

  • "disable"

  • "enable"

vrdst6

string

Monitor the route to this destination.

vrdst_priority

aliases: vrdst-priority

integer

Priority of the virtual router when the virtual router destination becomes unreachable

vrgrp

integer

VRRP group ID

vrid

integer

Virtual router identifier

vrip6

string

IPv6 address of the virtual router.

vrrp_virtual_mac6

aliases: vrrp-virtual-mac6

string

Enable/disable virtual MAC for VRRP.

Choices:

  • "disable"

  • "enable"

secondary_IP

aliases: secondary-IP

string

Secondary IP.

Choices:

  • "disable"

  • "enable"

secondaryip

list / elements=dictionary

Secondaryip.

allowaccess

list / elements=string

Management access settings for the secondary IP address.

Choices:

  • "https"

  • "ping"

  • "ssh"

  • "snmp"

  • "http"

  • "telnet"

  • "fgfm"

  • "auto-ipsec"

  • "radius-acct"

  • "probe-response"

  • "capwap"

  • "dnp"

  • "ftm"

  • "fabric"

  • "speed-test"

  • "icond"

  • "scim"

detectprotocol

list / elements=string

Protocols used to detect the server.

Choices:

  • "ping"

  • "tcp-echo"

  • "udp-echo"

detectserver

string

Gateways ping server for this IP.

gwdetect

string

Enable/disable detect gateway alive for first.

Choices:

  • "disable"

  • "enable"

ha_priority

aliases: ha-priority

integer

HA election priority for the PING server.

id

integer

ID.

ip

string

Secondary IP address of the interface.

ping_serv_status

aliases: ping-serv-status

integer

Ping serv status.

secip_relay_ip

aliases: secip-relay-ip

string

DHCP relay IP address.

seq

integer

Seq.

vlanid

integer

Vlanid.

vrrp

list / elements=dictionary

Vrrp.

accept_mode

aliases: accept-mode

string

Enable/disable accept mode.

Choices:

  • "disable"

  • "enable"

adv_interval

aliases: adv-interval

integer

Advertisement interval

ignore_default_route

aliases: ignore-default-route

string

Enable/disable ignoring of default route when checking destination.

Choices:

  • "disable"

  • "enable"

preempt

string

Enable/disable preempt mode.

Choices:

  • "disable"

  • "enable"

priority

integer

Priority of the virtual router

proxy_arp

aliases: proxy-arp

list / elements=dictionary

Proxy arp.

id

integer

ID.

ip

string

Set IP addresses of proxy ARP.

start_time

aliases: start-time

integer

Startup time

status

string

Enable/disable this VRRP configuration.

Choices:

  • "disable"

  • "enable"

version

string

VRRP version.

Choices:

  • "2"

  • "3"

vrdst

any

(list) Monitor the route to this destination.

vrdst_priority

aliases: vrdst-priority

integer

Priority of the virtual router when the virtual router destination becomes unreachable

vrgrp

integer

VRRP group ID

vrid

integer

Virtual router identifier

vrip

string

IP address of the virtual router.

proposed_method

string

The overridden method for the underlying Json RPC request.

Choices:

  • "update"

  • "set"

  • "add"

rc_failed

list / elements=integer

The rc codes list with which the conditions to fail will be overriden.

rc_succeeded

list / elements=integer

The rc codes list with which the conditions to succeed will be overriden.

state

string / required

The directive to create, update or delete an object.

Choices:

  • "present"

  • "absent"

vlan

string / required

The parameter (vlan) in requested url.

workspace_locking_adom

string

The adom to lock for FortiManager running in workspace mode, the value can be global and others including root.

workspace_locking_timeout

integer

The maximum time in seconds to wait for other user to release the workspace lock.

Default: 300

Notes

Note

  • Starting in version 2.4.0, all input arguments are named using the underscore naming convention (snake_case). Please change the arguments such as “var-name” to “var_name”. Old argument names are still available yet you will receive deprecation warnings. You can ignore this warning by setting deprecation_warnings=False in ansible.cfg.

  • Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.

  • To create or update an object, use state present directive.

  • To delete an object, use state absent directive.

  • Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded

Examples

- name: Example playbook (generated based on argument schema)
  hosts: fortimanagers
  connection: httpapi
  vars:
    ansible_httpapi_use_ssl: true
    ansible_httpapi_validate_certs: false
    ansible_httpapi_port: 443
  tasks:
    - name: Fsp vlan dynamic mapping
      fortinet.fortimanager.fmgr_fsp_vlan_dynamicmapping:
        # bypass_validation: false
        workspace_locking_adom: <value in [global, custom adom including root]>
        workspace_locking_timeout: 300
        # rc_succeeded: [0, -2, -3, ...]
        # rc_failed: [-2, -3, ...]
        adom: <your own value>
        vlan: <your own value>
        state: present # <value in [present, absent]>
        fsp_vlan_dynamicmapping:
          _dhcp_status: <value in [disable, enable]>
          _scope:
            -
              name: <string>
              vdom: <string>
          dhcp_server:
            auto_configuration: <value in [disable, enable]>
            auto_managed_status: <value in [disable, enable]>
            conflicted_ip_timeout: <integer>
            ddns_auth: <value in [disable, tsig]>
            ddns_key: <list or string>
            ddns_keyname: <string>
            ddns_server_ip: <string>
            ddns_ttl: <integer>
            ddns_update: <value in [disable, enable]>
            ddns_update_override: <value in [disable, enable]>
            ddns_zone: <string>
            default_gateway: <string>
            dhcp_settings_from_fortiipam: <value in [disable, enable]>
            dns_server1: <string>
            dns_server2: <string>
            dns_server3: <string>
            dns_server4: <string>
            dns_service: <value in [default, specify, local]>
            domain: <string>
            enable: <value in [disable, enable]>
            exclude_range:
              -
                end_ip: <string>
                id: <integer>
                start_ip: <string>
                vci_match: <value in [disable, enable]>
                vci_string: <list or string>
                lease_time: <integer>
                uci_match: <value in [disable, enable]>
                uci_string: <list or string>
            filename: <string>
            forticlient_on_net_status: <value in [disable, enable]>
            id: <integer>
            ip_mode: <value in [range, usrgrp]>
            ip_range:
              -
                end_ip: <string>
                id: <integer>
                start_ip: <string>
                vci_match: <value in [disable, enable]>
                vci_string: <list or string>
                lease_time: <integer>
                uci_match: <value in [disable, enable]>
                uci_string: <list or string>
            ipsec_lease_hold: <integer>
            lease_time: <integer>
            mac_acl_default_action: <value in [assign, block]>
            netmask: <string>
            next_server: <string>
            ntp_server1: <string>
            ntp_server2: <string>
            ntp_server3: <string>
            ntp_service: <value in [default, specify, local]>
            option1: <list or string>
            option2: <list or string>
            option3: <list or string>
            option4: <string>
            option5: <string>
            option6: <string>
            options:
              -
                code: <integer>
                id: <integer>
                ip: <list or string>
                type: <value in [hex, string, ip, ...]>
                value: <string>
                vci_match: <value in [disable, enable]>
                vci_string: <list or string>
                uci_match: <value in [disable, enable]>
                uci_string: <list or string>
            reserved_address:
              -
                action: <value in [assign, block, reserved]>
                circuit_id: <string>
                circuit_id_type: <value in [hex, string]>
                description: <string>
                id: <integer>
                ip: <string>
                mac: <string>
                remote_id: <string>
                remote_id_type: <value in [hex, string]>
                type: <value in [mac, option82]>
            server_type: <value in [regular, ipsec]>
            status: <value in [disable, enable]>
            tftp_server: <list or string>
            timezone: <value in [00, 01, 02, ...]>
            timezone_option: <value in [disable, default, specify]>
            vci_match: <value in [disable, enable]>
            vci_string: <list or string>
            wifi_ac_service: <value in [specify, local]>
            wifi_ac1: <string>
            wifi_ac2: <string>
            wifi_ac3: <string>
            wins_server1: <string>
            wins_server2: <string>
            relay_agent: <string>
            shared_subnet: <value in [disable, enable]>
          interface:
            dhcp_relay_agent_option: <value in [disable, enable]>
            dhcp_relay_ip: <list or string>
            dhcp_relay_service: <value in [disable, enable]>
            dhcp_relay_type: <value in [regular, ipsec]>
            ip: <string>
            ipv6:
              autoconf: <value in [disable, enable]>
              dhcp6_client_options:
                - "rapid"
                - "iapd"
                - "iana"
                - "dns"
                - "dnsname"
              dhcp6_information_request: <value in [disable, enable]>
              dhcp6_prefix_delegation: <value in [disable, enable]>
              dhcp6_prefix_hint: <string>
              dhcp6_prefix_hint_plt: <integer>
              dhcp6_prefix_hint_vlt: <integer>
              dhcp6_relay_ip: <string>
              dhcp6_relay_service: <value in [disable, enable]>
              dhcp6_relay_type: <value in [regular]>
              icmp6_send_redirect: <value in [disable, enable]>
              interface_identifier: <string>
              ip6_address: <string>
              ip6_allowaccess:
                - "https"
                - "ping"
                - "ssh"
                - "snmp"
                - "http"
                - "telnet"
                - "fgfm"
                - "capwap"
                - "fabric"
              ip6_default_life: <integer>
              ip6_delegated_prefix_list:
                -
                  autonomous_flag: <value in [disable, enable]>
                  onlink_flag: <value in [disable, enable]>
                  prefix_id: <integer>
                  rdnss: <list or string>
                  rdnss_service: <value in [delegated, default, specify]>
                  subnet: <string>
                  upstream_interface: <string>
                  delegated_prefix_iaid: <integer>
              ip6_dns_server_override: <value in [disable, enable]>
              ip6_extra_addr:
                -
                  prefix: <string>
              ip6_hop_limit: <integer>
              ip6_link_mtu: <integer>
              ip6_manage_flag: <value in [disable, enable]>
              ip6_max_interval: <integer>
              ip6_min_interval: <integer>
              ip6_mode: <value in [static, dhcp, pppoe, ...]>
              ip6_other_flag: <value in [disable, enable]>
              ip6_prefix_list:
                -
                  autonomous_flag: <value in [disable, enable]>
                  dnssl: <list or string>
                  onlink_flag: <value in [disable, enable]>
                  preferred_life_time: <integer>
                  prefix: <string>
                  rdnss: <list or string>
                  valid_life_time: <integer>
              ip6_reachable_time: <integer>
              ip6_retrans_time: <integer>
              ip6_send_adv: <value in [disable, enable]>
              ip6_subnet: <string>
              ip6_upstream_interface: <string>
              nd_cert: <string>
              nd_cga_modifier: <string>
              nd_mode: <value in [basic, SEND-compatible]>
              nd_security_level: <integer>
              nd_timestamp_delta: <integer>
              nd_timestamp_fuzz: <integer>
              unique_autoconf_addr: <value in [disable, enable]>
              vrip6_link_local: <string>
              vrrp_virtual_mac6: <value in [disable, enable]>
              vrrp6:
                -
                  accept_mode: <value in [disable, enable]>
                  adv_interval: <integer>
                  preempt: <value in [disable, enable]>
                  priority: <integer>
                  start_time: <integer>
                  status: <value in [disable, enable]>
                  vrdst6: <string>
                  vrgrp: <integer>
                  vrid: <integer>
                  vrip6: <string>
                  ignore_default_route: <value in [disable, enable]>
                  vrdst_priority: <integer>
              cli_conn6_status: <integer>
              ip6_prefix_mode: <value in [dhcp6, ra]>
              ra_send_mtu: <value in [disable, enable]>
              ip6_delegated_prefix_iaid: <integer>
              dhcp6_relay_source_interface: <value in [disable, enable]>
              dhcp6_relay_interface_id: <string>
              dhcp6_relay_source_ip: <string>
            secondary_IP: <value in [disable, enable]>
            secondaryip:
              -
                allowaccess:
                  - "https"
                  - "ping"
                  - "ssh"
                  - "snmp"
                  - "http"
                  - "telnet"
                  - "fgfm"
                  - "auto-ipsec"
                  - "radius-acct"
                  - "probe-response"
                  - "capwap"
                  - "dnp"
                  - "ftm"
                  - "fabric"
                  - "speed-test"
                  - "icond"
                  - "scim"
                detectprotocol:
                  - "ping"
                  - "tcp-echo"
                  - "udp-echo"
                detectserver: <string>
                gwdetect: <value in [disable, enable]>
                ha_priority: <integer>
                id: <integer>
                ip: <string>
                ping_serv_status: <integer>
                seq: <integer>
                secip_relay_ip: <string>
            vlanid: <integer>
            dhcp_relay_interface_select_method: <value in [auto, sdwan, specify]>
            vrrp:
              -
                accept_mode: <value in [disable, enable]>
                adv_interval: <integer>
                ignore_default_route: <value in [disable, enable]>
                preempt: <value in [disable, enable]>
                priority: <integer>
                proxy_arp:
                  -
                    id: <integer>
                    ip: <string>
                start_time: <integer>
                status: <value in [disable, enable]>
                version: <value in [2, 3]>
                vrdst: <list or string>
                vrdst_priority: <integer>
                vrgrp: <integer>
                vrid: <integer>
                vrip: <string>

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

meta

dictionary

The result of the request.

Returned: always

request_url

string

The full url requested.

Returned: always

Sample: "/sys/login/user"

response_code

integer

The status of api request.

Returned: always

Sample: 0

response_data

list / elements=string

The api response.

Returned: always

response_message

string

The descriptive message of the api response.

Returned: always

Sample: "OK."

system_information

dictionary

The information of the target system.

Returned: always

rc

integer

The status the request.

Returned: always

Sample: 0

version_check_warning

list / elements=string

Warning if the parameters used in the playbook are not supported by the current FortiManager version.

Returned: complex

Authors

  • Xinwei Du (@dux-fortinet)

  • Xing Li (@lix-fortinet)

  • Jie Xue (@JieX19)

  • Link Zheng (@chillancezen)

  • Frank Shen (@fshen01)

  • Hongbin Lu (@fgtdev-hblu)