fortinet.fortimanager.fmgr_fsp_vlan_interface – Configure interfaces.

Note

This plugin is part of the fortinet.fortimanager collection (version 2.1.3).

To install it use: ansible-galaxy collection install fortinet.fortimanager.

To use it in a playbook, specify: fortinet.fortimanager.fmgr_fsp_vlan_interface.

New in version 2.10: of fortinet.fortimanager

Synopsis

  • This module is able to configure a FortiManager device.

  • Examples include all parameters and values which need to be adjusted to data sources before usage.

Parameters

Parameter Choices/Defaults Comments
adom
string / required
the parameter (adom) in requested url
bypass_validation
boolean
    Choices:
  • no ←
  • yes
only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters
enable_log
boolean
    Choices:
  • no ←
  • yes
Enable/Disable logging for task
fsp_vlan_interface
dictionary
the top level parameters set
ac-name
string
no description
aggregate
string
no description
algorithm
string
    Choices:
  • L2
  • L3
  • L4
no description
alias
string
no description
allowaccess
list / elements=string
    Choices:
  • https
  • ping
  • ssh
  • snmp
  • http
  • telnet
  • fgfm
  • auto-ipsec
  • radius-acct
  • probe-response
  • capwap
  • dnp
  • ftm
  • fabric
no description
ap-discover
string
    Choices:
  • disable
  • enable
no description
arpforward
string
    Choices:
  • disable
  • enable
no description
atm-protocol
string
    Choices:
  • none
  • ipoa
no description
auth-type
string
    Choices:
  • auto
  • pap
  • chap
  • mschapv1
  • mschapv2
no description
auto-auth-extension-device
string
    Choices:
  • disable
  • enable
no description
bandwidth-measure-time
integer
no description
bfd
string
    Choices:
  • global
  • enable
  • disable
no description
bfd-desired-min-tx
integer
no description
bfd-detect-mult
integer
no description
bfd-required-min-rx
integer
no description
broadcast-forticlient-discovery
string
    Choices:
  • disable
  • enable
no description
broadcast-forward
string
    Choices:
  • disable
  • enable
no description
captive-portal
integer
no description
cli-conn-status
integer
no description
color
integer
no description
ddns
string
    Choices:
  • disable
  • enable
no description
ddns-auth
string
    Choices:
  • disable
  • tsig
no description
ddns-domain
string
no description
ddns-key
string
no description
ddns-keyname
string
no description
ddns-password
string
no description
ddns-server
string
    Choices:
  • dhs.org
  • dyndns.org
  • dyns.net
  • tzo.com
  • ods.org
  • vavic.com
  • now.net.cn
  • dipdns.net
  • easydns.com
  • genericDDNS
no description
ddns-server-ip
string
no description
ddns-sn
string
no description
ddns-ttl
integer
no description
ddns-username
string
no description
ddns-zone
string
no description
dedicated-to
string
    Choices:
  • none
  • management
no description
defaultgw
string
    Choices:
  • disable
  • enable
no description
description
string
no description
detected-peer-mtu
integer
no description
detectprotocol
list / elements=string
    Choices:
  • ping
  • tcp-echo
  • udp-echo
no description
detectserver
string
no description
device-access-list
string
no description
device-identification
string
    Choices:
  • disable
  • enable
no description
device-identification-active-scan
string
    Choices:
  • disable
  • enable
no description
device-netscan
string
    Choices:
  • disable
  • enable
no description
device-user-identification
string
    Choices:
  • disable
  • enable
no description
devindex
integer
no description
dhcp-client-identifier
string
no description
dhcp-relay-agent-option
string
    Choices:
  • disable
  • enable
no description
dhcp-relay-interface
string
no description
dhcp-relay-interface-select-method
string
    Choices:
  • auto
  • sdwan
  • specify
no description
dhcp-relay-ip
string
no description
dhcp-relay-request-all-server
string
    Choices:
  • disable
  • enable
Enable/disable sending of DHCP requests to all servers.
dhcp-relay-service
string
    Choices:
  • disable
  • enable
no description
dhcp-relay-type
string
    Choices:
  • regular
  • ipsec
no description
dhcp-renew-time
integer
no description
disc-retry-timeout
integer
no description
disconnect-threshold
integer
no description
distance
integer
no description
dns-query
string
    Choices:
  • disable
  • recursive
  • non-recursive
no description
dns-server-override
string
    Choices:
  • disable
  • enable
no description
drop-fragment
string
    Choices:
  • disable
  • enable
no description
drop-overlapped-fragment
string
    Choices:
  • disable
  • enable
no description
egress-cos
string
    Choices:
  • disable
  • cos0
  • cos1
  • cos2
  • cos3
  • cos4
  • cos5
  • cos6
  • cos7
no description
egress-shaping-profile
string
no description
eip
string
no description
endpoint-compliance
string
    Choices:
  • disable
  • enable
no description
estimated-downstream-bandwidth
integer
no description
estimated-upstream-bandwidth
integer
no description
explicit-ftp-proxy
string
    Choices:
  • disable
  • enable
no description
explicit-web-proxy
string
    Choices:
  • disable
  • enable
no description
external
string
    Choices:
  • disable
  • enable
no description
fail-action-on-extender
string
    Choices:
  • soft-restart
  • hard-restart
  • reboot
no description
fail-alert-interfaces
string
no description
fail-alert-method
string
    Choices:
  • link-failed-signal
  • link-down
no description
fail-detect
string
    Choices:
  • disable
  • enable
no description
fail-detect-option
list / elements=string
    Choices:
  • detectserver
  • link-down
no description
fdp
string
    Choices:
  • disable
  • enable
no description
fortiheartbeat
string
    Choices:
  • disable
  • enable
no description
fortilink
string
    Choices:
  • disable
  • enable
no description
fortilink-backup-link
integer
no description
fortilink-neighbor-detect
string
    Choices:
  • lldp
  • fortilink
no description
fortilink-split-interface
string
    Choices:
  • disable
  • enable
no description
fortilink-stacking
string
    Choices:
  • disable
  • enable
no description
forward-domain
integer
no description
forward-error-correction
string
    Choices:
  • disable
  • enable
  • rs-fec
  • base-r-fec
  • fec-cl91
  • fec-cl74
no description
fp-anomaly
list / elements=string
    Choices:
  • drop_tcp_fin_noack
  • pass_winnuke
  • pass_tcpland
  • pass_udpland
  • pass_icmpland
  • pass_ipland
  • pass_iprr
  • pass_ipssrr
  • pass_iplsrr
  • pass_ipstream
  • pass_ipsecurity
  • pass_iptimestamp
  • pass_ipunknown_option
  • pass_ipunknown_prot
  • pass_icmp_frag
  • pass_tcp_no_flag
  • pass_tcp_fin_noack
  • drop_winnuke
  • drop_tcpland
  • drop_udpland
  • drop_icmpland
  • drop_ipland
  • drop_iprr
  • drop_ipssrr
  • drop_iplsrr
  • drop_ipstream
  • drop_ipsecurity
  • drop_iptimestamp
  • drop_ipunknown_option
  • drop_ipunknown_prot
  • drop_icmp_frag
  • drop_tcp_no_flag
no description
fp-disable
list / elements=string
    Choices:
  • all
  • ipsec
  • none
no description
gateway-address
string
no description
gi-gk
string
    Choices:
  • disable
  • enable
no description
gwaddr
string
no description
gwdetect
string
    Choices:
  • disable
  • enable
no description
ha-priority
integer
no description
icmp-accept-redirect
string
    Choices:
  • disable
  • enable
no description
icmp-redirect
string
    Choices:
  • disable
  • enable
no description
icmp-send-redirect
string
    Choices:
  • disable
  • enable
no description
ident-accept
string
    Choices:
  • disable
  • enable
no description
idle-timeout
integer
no description
if-mdix
string
    Choices:
  • auto
  • normal
  • crossover
no description
if-media
string
    Choices:
  • auto
  • copper
  • fiber
no description
in-force-vlan-cos
integer
no description
inbandwidth
integer
no description
ingress-cos
string
    Choices:
  • disable
  • cos0
  • cos1
  • cos2
  • cos3
  • cos4
  • cos5
  • cos6
  • cos7
no description
ingress-shaping-profile
string
no description
ingress-spillover-threshold
integer
no description
internal
integer
no description
ip
string
no description
ip-managed-by-fortiipam
string
    Choices:
  • disable
  • enable
no description
ipmac
string
    Choices:
  • disable
  • enable
no description
ips-sniffer-mode
string
    Choices:
  • disable
  • enable
no description
ipunnumbered
string
no description
ipv6
dictionary
no description
autoconf
string
    Choices:
  • disable
  • enable
no description
cli-conn6-status
integer
no description
dhcp6-client-options
list / elements=string
    Choices:
  • rapid
  • iapd
  • iana
  • dns
  • dnsname
no description
dhcp6-information-request
string
    Choices:
  • disable
  • enable
no description
dhcp6-prefix-delegation
string
    Choices:
  • disable
  • enable
no description
dhcp6-prefix-hint
string
no description
dhcp6-prefix-hint-plt
integer
no description
dhcp6-prefix-hint-vlt
integer
no description
dhcp6-relay-ip
string
no description
dhcp6-relay-service
string
    Choices:
  • disable
  • enable
no description
dhcp6-relay-type
string
    Choices:
  • regular
no description
icmp6-send-redirect
string
    Choices:
  • disable
  • enable
Enable/disable sending of ICMPv6 redirects.
interface-identifier
string
no description
ip6-address
string
no description
ip6-allowaccess
list / elements=string
    Choices:
  • https
  • ping
  • ssh
  • snmp
  • http
  • telnet
  • fgfm
  • capwap
  • fabric
no description
ip6-default-life
integer
no description
ip6-delegated-prefix-list
list / elements=string
no description
autonomous-flag
string
    Choices:
  • disable
  • enable
no description
onlink-flag
string
    Choices:
  • disable
  • enable
no description
prefix-id
integer
no description
rdnss
string
no description
rdnss-service
string
    Choices:
  • delegated
  • default
  • specify
no description
subnet
string
no description
upstream-interface
string
no description
ip6-dns-server-override
string
    Choices:
  • disable
  • enable
no description
ip6-extra-addr
list / elements=string
no description
prefix
string
no description
ip6-hop-limit
integer
no description
ip6-link-mtu
integer
no description
ip6-manage-flag
string
    Choices:
  • disable
  • enable
no description
ip6-max-interval
integer
no description
ip6-min-interval
integer
no description
ip6-mode
string
    Choices:
  • static
  • dhcp
  • pppoe
  • delegated
no description
ip6-other-flag
string
    Choices:
  • disable
  • enable
no description
ip6-prefix-list
list / elements=string
no description
autonomous-flag
string
    Choices:
  • disable
  • enable
no description
dnssl
string
no description
onlink-flag
string
    Choices:
  • disable
  • enable
no description
preferred-life-time
integer
no description
prefix
string
no description
rdnss
string
no description
valid-life-time
integer
no description
ip6-prefix-mode
string
    Choices:
  • dhcp6
  • ra
Assigning a prefix from DHCP or RA.
ip6-reachable-time
integer
no description
ip6-retrans-time
integer
no description
ip6-send-adv
string
    Choices:
  • disable
  • enable
no description
ip6-subnet
string
no description
ip6-upstream-interface
string
no description
nd-cert
string
no description
nd-cga-modifier
string
no description
nd-mode
string
    Choices:
  • basic
  • SEND-compatible
no description
nd-security-level
integer
no description
nd-timestamp-delta
integer
no description
nd-timestamp-fuzz
integer
no description
ra-send-mtu
string
    Choices:
  • disable
  • enable
Enable/disable sending link MTU in RA packet.
unique-autoconf-addr
string
    Choices:
  • disable
  • enable
no description
vrip6_link_local
string
no description
vrrp-virtual-mac6
string
    Choices:
  • disable
  • enable
no description
vrrp6
list / elements=string
no description
accept-mode
string
    Choices:
  • disable
  • enable
no description
adv-interval
integer
no description
preempt
string
    Choices:
  • disable
  • enable
no description
priority
integer
no description
start-time
integer
no description
status
string
    Choices:
  • disable
  • enable
no description
vrdst6
string
no description
vrgrp
integer
no description
vrid
integer
no description
vrip6
string
no description
l2forward
string
    Choices:
  • disable
  • enable
no description
l2tp-client
string
    Choices:
  • disable
  • enable
no description
lacp-ha-slave
string
    Choices:
  • disable
  • enable
no description
lacp-mode
string
    Choices:
  • static
  • passive
  • active
no description
lacp-speed
string
    Choices:
  • slow
  • fast
no description
lcp-echo-interval
integer
no description
lcp-max-echo-fails
integer
no description
link-up-delay
integer
no description
listen-forticlient-connection
string
    Choices:
  • disable
  • enable
no description
lldp-network-policy
string
no description
lldp-reception
string
    Choices:
  • disable
  • enable
  • vdom
no description
lldp-transmission
string
    Choices:
  • enable
  • disable
  • vdom
no description
log
string
    Choices:
  • disable
  • enable
no description
macaddr
string
no description
managed-subnetwork-size
string
    Choices:
  • 256
  • 512
  • 1024
  • 2048
  • 4096
  • 8192
  • 16384
  • 32768
  • 65536
no description
management-ip
string
no description
max-egress-burst-rate
integer
no description
max-egress-rate
integer
no description
measured-downstream-bandwidth
integer
no description
measured-upstream-bandwidth
integer
no description
mediatype
string
    Choices:
  • serdes-sfp
  • sgmii-sfp
  • cfp2-sr10
  • cfp2-lr4
  • serdes-copper-sfp
  • sr
  • cr
  • lr
  • qsfp28-sr4
  • qsfp28-lr4
  • qsfp28-cr4
  • sr4
  • cr4
  • lr4
no description
member
string
no description
min-links
integer
no description
min-links-down
string
    Choices:
  • operational
  • administrative
no description
mode
string
    Choices:
  • static
  • dhcp
  • pppoe
  • pppoa
  • ipoa
  • eoa
no description
monitor-bandwidth
string
    Choices:
  • disable
  • enable
no description
mtu
integer
no description
mtu-override
string
    Choices:
  • disable
  • enable
no description
mux-type
string
    Choices:
  • llc-encaps
  • vc-encaps
no description
name
string
no description
ndiscforward
string
    Choices:
  • disable
  • enable
no description
netbios-forward
string
    Choices:
  • disable
  • enable
no description
netflow-sampler
string
    Choices:
  • disable
  • tx
  • rx
  • both
no description
np-qos-profile
integer
no description
npu-fastpath
string
    Choices:
  • disable
  • enable
no description
nst
string
    Choices:
  • disable
  • enable
no description
out-force-vlan-cos
integer
no description
outbandwidth
integer
no description
padt-retry-timeout
integer
no description
password
string
no description
peer-interface
string
no description
phy-mode
string
    Choices:
  • auto
  • adsl
  • vdsl
no description
ping-serv-status
integer
no description
poe
string
    Choices:
  • disable
  • enable
no description
polling-interval
integer
no description
pppoe-unnumbered-negotiate
string
    Choices:
  • disable
  • enable
no description
pptp-auth-type
string
    Choices:
  • auto
  • pap
  • chap
  • mschapv1
  • mschapv2
no description
pptp-client
string
    Choices:
  • disable
  • enable
no description
pptp-password
string
no description
pptp-server-ip
string
no description
pptp-timeout
integer
no description
pptp-user
string
no description
preserve-session-route
string
    Choices:
  • disable
  • enable
no description
priority
integer
no description
priority-override
string
    Choices:
  • disable
  • enable
no description
proxy-captive-portal
string
    Choices:
  • disable
  • enable
no description
redundant-interface
string
no description
remote-ip
string
no description
replacemsg-override-group
string
no description
retransmission
string
    Choices:
  • disable
  • enable
no description
ring-rx
integer
no description
ring-tx
integer
no description
role
string
    Choices:
  • lan
  • wan
  • dmz
  • undefined
no description
sample-direction
string
    Choices:
  • rx
  • tx
  • both
no description
sample-rate
integer
no description
scan-botnet-connections
string
    Choices:
  • disable
  • block
  • monitor
no description
secondary-IP
string
    Choices:
  • disable
  • enable
no description
secondaryip
list / elements=string
no description
allowaccess
list / elements=string
    Choices:
  • https
  • ping
  • ssh
  • snmp
  • http
  • telnet
  • fgfm
  • auto-ipsec
  • radius-acct
  • probe-response
  • capwap
  • dnp
  • ftm
  • fabric
no description
detectprotocol
list / elements=string
    Choices:
  • ping
  • tcp-echo
  • udp-echo
no description
detectserver
string
no description
gwdetect
string
    Choices:
  • disable
  • enable
no description
ha-priority
integer
no description
id
integer
no description
ip
string
no description
ping-serv-status
integer
no description
seq
integer
no description
security-8021x-dynamic-vlan-id
integer
no description
security-8021x-master
string
no description
security-8021x-mode
string
    Choices:
  • default
  • dynamic-vlan
  • fallback
  • slave
no description
security-exempt-list
string
no description
security-external-logout
string
no description
security-external-web
string
no description
security-groups
string
no description
security-mac-auth-bypass
string
    Choices:
  • disable
  • enable
  • mac-auth-only
no description
security-mode
string
    Choices:
  • none
  • captive-portal
  • 802.1X
no description
security-redirect-url
string
no description
service-name
string
no description
sflow-sampler
string
    Choices:
  • disable
  • enable
no description
speed
string
    Choices:
  • auto
  • 10full
  • 10half
  • 100full
  • 100half
  • 1000full
  • 1000half
  • 10000full
  • 1000auto
  • 10000auto
  • 40000full
  • 100Gfull
  • 25000full
  • 40000auto
  • 25000auto
  • 100Gauto
no description
spillover-threshold
integer
no description
src-check
string
    Choices:
  • disable
  • enable
no description
status
string
    Choices:
  • down
  • up
no description
stp
string
    Choices:
  • disable
  • enable
no description
stp-ha-secondary
string
    Choices:
  • disable
  • enable
  • priority-adjust
Control STP behaviour on HA secondary.
stp-ha-slave
string
    Choices:
  • disable
  • enable
  • priority-adjust
no description
stpforward
string
    Choices:
  • disable
  • enable
no description
stpforward-mode
string
    Choices:
  • rpl-all-ext-id
  • rpl-bridge-ext-id
  • rpl-nothing
no description
strip-priority-vlan-tag
string
    Choices:
  • disable
  • enable
no description
subst
string
    Choices:
  • disable
  • enable
no description
substitute-dst-mac
string
no description
swc-first-create
integer
Initial create for switch-controller VLANs.
swc-vlan
integer
no description
switch
string
no description
switch-controller-access-vlan
string
    Choices:
  • disable
  • enable
no description
switch-controller-arp-inspection
string
    Choices:
  • disable
  • enable
no description
switch-controller-auth
string
    Choices:
  • radius
  • usergroup
no description
switch-controller-dhcp-snooping
string
    Choices:
  • disable
  • enable
no description
switch-controller-dhcp-snooping-option82
string
    Choices:
  • disable
  • enable
no description
switch-controller-dhcp-snooping-verify-mac
string
    Choices:
  • disable
  • enable
no description
switch-controller-dynamic
string
Integrated FortiLink settings for managed FortiSwitch.
switch-controller-feature
string
    Choices:
  • none
  • default-vlan
  • quarantine
  • sniffer
  • voice
  • camera
  • rspan
  • video
  • nac
no description
switch-controller-igmp-snooping
string
    Choices:
  • disable
  • enable
no description
switch-controller-igmp-snooping-fast-leave
string
    Choices:
  • disable
  • enable
no description
switch-controller-igmp-snooping-proxy
string
    Choices:
  • disable
  • enable
no description
switch-controller-iot-scanning
string
    Choices:
  • disable
  • enable
Enable/disable managed FortiSwitch IoT scanning.
switch-controller-learning-limit
integer
no description
switch-controller-mgmt-vlan
integer
no description
switch-controller-nac
string
no description
switch-controller-radius-server
string
no description
switch-controller-rspan-mode
string
    Choices:
  • disable
  • enable
no description
switch-controller-source-ip
string
    Choices:
  • outbound
  • fixed
Source IP address used in FortiLink over L3 connections.
switch-controller-traffic-policy
string
no description
tc-mode
string
    Choices:
  • ptm
  • atm
no description
tcp-mss
integer
no description
trunk
string
    Choices:
  • disable
  • enable
no description
trust-ip-1
string
no description
trust-ip-2
string
no description
trust-ip-3
string
no description
trust-ip6-1
string
no description
trust-ip6-2
string
no description
trust-ip6-3
string
no description
type
string
    Choices:
  • physical
  • vlan
  • aggregate
  • redundant
  • tunnel
  • wireless
  • vdom-link
  • loopback
  • switch
  • hard-switch
  • hdlc
  • vap-switch
  • wl-mesh
  • fortilink
  • switch-vlan
  • fctrl-trunk
  • tdm
  • fext-wan
  • vxlan
  • emac-vlan
  • geneve
  • ssl
no description
username
string
no description
vci
integer
no description
vectoring
string
    Choices:
  • disable
  • enable
no description
vindex
integer
no description
vlan-protocol
string
    Choices:
  • 8021q
  • 8021ad
no description
vlanforward
string
    Choices:
  • disable
  • enable
no description
vlanid
integer
no description
vpi
integer
no description
vrf
integer
no description
vrrp
list / elements=string
no description
accept-mode
string
    Choices:
  • disable
  • enable
no description
adv-interval
integer
no description
ignore-default-route
string
    Choices:
  • disable
  • enable
no description
preempt
string
    Choices:
  • disable
  • enable
no description
priority
integer
no description
start-time
integer
no description
status
string
    Choices:
  • disable
  • enable
no description
version
string
    Choices:
  • 2
  • 3
no description
vrdst
string
no description
vrdst-priority
integer
no description
vrgrp
integer
no description
vrid
integer
no description
vrip
string
no description
vrrp-virtual-mac
string
    Choices:
  • disable
  • enable
no description
wccp
string
    Choices:
  • disable
  • enable
no description
weight
integer
no description
wifi-5g-threshold
string
no description
wifi-acl
string
    Choices:
  • deny
  • allow
no description
wifi-ap-band
string
    Choices:
  • any
  • 5g-preferred
  • 5g-only
no description
wifi-auth
string
    Choices:
  • PSK
  • RADIUS
  • radius
  • usergroup
no description
wifi-auto-connect
string
    Choices:
  • disable
  • enable
no description
wifi-auto-save
string
    Choices:
  • disable
  • enable
no description
wifi-broadcast-ssid
string
    Choices:
  • disable
  • enable
no description
wifi-encrypt
string
    Choices:
  • TKIP
  • AES
no description
wifi-fragment-threshold
integer
no description
wifi-key
string
no description
wifi-keyindex
integer
no description
wifi-mac-filter
string
    Choices:
  • disable
  • enable
no description
wifi-passphrase
string
no description
wifi-radius-server
string
no description
wifi-rts-threshold
integer
no description
wifi-security
string
    Choices:
  • None
  • WEP64
  • wep64
  • WEP128
  • wep128
  • WPA_PSK
  • WPA_RADIUS
  • WPA
  • WPA2
  • WPA2_AUTO
  • open
  • wpa-personal
  • wpa-enterprise
  • wpa-only-personal
  • wpa-only-enterprise
  • wpa2-only-personal
  • wpa2-only-enterprise
no description
wifi-ssid
string
no description
wifi-usergroup
string
no description
wins-ip
string
no description
proposed_method
string
    Choices:
  • update
  • set
  • add
The overridden method for the underlying Json RPC request
rc_failed
list / elements=string
the rc codes list with which the conditions to fail will be overriden
rc_succeeded
list / elements=string
the rc codes list with which the conditions to succeed will be overriden
state
string / required
    Choices:
  • present
  • absent
the directive to create, update or delete an object
vlan
string / required
the parameter (vlan) in requested url
workspace_locking_adom
string
the adom to lock for FortiManager running in workspace mode, the value can be global and others including root
workspace_locking_timeout
integer
Default:
300
the maximum time in seconds to wait for other user to release the workspace lock

Notes

Note

  • Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.

  • To create or update an object, use state present directive.

  • To delete an object, use state absent directive.

  • Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded

Examples

- hosts: fortimanager-inventory
  collections:
    - fortinet.fortimanager
  connection: httpapi
  vars:
     ansible_httpapi_use_ssl: True
     ansible_httpapi_validate_certs: False
     ansible_httpapi_port: 443
  tasks:
   - name: Configure interfaces.
     fmgr_fsp_vlan_interface:
        bypass_validation: False
        workspace_locking_adom: <value in [global, custom adom including root]>
        workspace_locking_timeout: 300
        rc_succeeded: [0, -2, -3, ...]
        rc_failed: [-2, -3, ...]
        adom: <your own value>
        vlan: <your own value>
        fsp_vlan_interface:
           ac-name: <value of string>
           aggregate: <value of string>
           algorithm: <value in [L2, L3, L4]>
           alias: <value of string>
           allowaccess:
             - https
             - ping
             - ssh
             - snmp
             - http
             - telnet
             - fgfm
             - auto-ipsec
             - radius-acct
             - probe-response
             - capwap
             - dnp
             - ftm
             - fabric
           ap-discover: <value in [disable, enable]>
           arpforward: <value in [disable, enable]>
           atm-protocol: <value in [none, ipoa]>
           auth-type: <value in [auto, pap, chap, ...]>
           auto-auth-extension-device: <value in [disable, enable]>
           bfd: <value in [global, enable, disable]>
           bfd-desired-min-tx: <value of integer>
           bfd-detect-mult: <value of integer>
           bfd-required-min-rx: <value of integer>
           broadcast-forticlient-discovery: <value in [disable, enable]>
           broadcast-forward: <value in [disable, enable]>
           captive-portal: <value of integer>
           cli-conn-status: <value of integer>
           color: <value of integer>
           ddns: <value in [disable, enable]>
           ddns-auth: <value in [disable, tsig]>
           ddns-domain: <value of string>
           ddns-key: <value of string>
           ddns-keyname: <value of string>
           ddns-password: <value of string>
           ddns-server: <value in [dhs.org, dyndns.org, dyns.net, ...]>
           ddns-server-ip: <value of string>
           ddns-sn: <value of string>
           ddns-ttl: <value of integer>
           ddns-username: <value of string>
           ddns-zone: <value of string>
           dedicated-to: <value in [none, management]>
           defaultgw: <value in [disable, enable]>
           description: <value of string>
           detected-peer-mtu: <value of integer>
           detectprotocol:
             - ping
             - tcp-echo
             - udp-echo
           detectserver: <value of string>
           device-access-list: <value of string>
           device-identification: <value in [disable, enable]>
           device-identification-active-scan: <value in [disable, enable]>
           device-netscan: <value in [disable, enable]>
           device-user-identification: <value in [disable, enable]>
           devindex: <value of integer>
           dhcp-client-identifier: <value of string>
           dhcp-relay-agent-option: <value in [disable, enable]>
           dhcp-relay-ip: <value of string>
           dhcp-relay-service: <value in [disable, enable]>
           dhcp-relay-type: <value in [regular, ipsec]>
           dhcp-renew-time: <value of integer>
           disc-retry-timeout: <value of integer>
           disconnect-threshold: <value of integer>
           distance: <value of integer>
           dns-query: <value in [disable, recursive, non-recursive]>
           dns-server-override: <value in [disable, enable]>
           drop-fragment: <value in [disable, enable]>
           drop-overlapped-fragment: <value in [disable, enable]>
           egress-cos: <value in [disable, cos0, cos1, ...]>
           egress-shaping-profile: <value of string>
           endpoint-compliance: <value in [disable, enable]>
           estimated-downstream-bandwidth: <value of integer>
           estimated-upstream-bandwidth: <value of integer>
           explicit-ftp-proxy: <value in [disable, enable]>
           explicit-web-proxy: <value in [disable, enable]>
           external: <value in [disable, enable]>
           fail-action-on-extender: <value in [soft-restart, hard-restart, reboot]>
           fail-alert-interfaces: <value of string>
           fail-alert-method: <value in [link-failed-signal, link-down]>
           fail-detect: <value in [disable, enable]>
           fail-detect-option:
             - detectserver
             - link-down
           fdp: <value in [disable, enable]>
           fortiheartbeat: <value in [disable, enable]>
           fortilink: <value in [disable, enable]>
           fortilink-backup-link: <value of integer>
           fortilink-split-interface: <value in [disable, enable]>
           fortilink-stacking: <value in [disable, enable]>
           forward-domain: <value of integer>
           forward-error-correction: <value in [disable, enable, rs-fec, ...]>
           fp-anomaly:
             - drop_tcp_fin_noack
             - pass_winnuke
             - pass_tcpland
             - pass_udpland
             - pass_icmpland
             - pass_ipland
             - pass_iprr
             - pass_ipssrr
             - pass_iplsrr
             - pass_ipstream
             - pass_ipsecurity
             - pass_iptimestamp
             - pass_ipunknown_option
             - pass_ipunknown_prot
             - pass_icmp_frag
             - pass_tcp_no_flag
             - pass_tcp_fin_noack
             - drop_winnuke
             - drop_tcpland
             - drop_udpland
             - drop_icmpland
             - drop_ipland
             - drop_iprr
             - drop_ipssrr
             - drop_iplsrr
             - drop_ipstream
             - drop_ipsecurity
             - drop_iptimestamp
             - drop_ipunknown_option
             - drop_ipunknown_prot
             - drop_icmp_frag
             - drop_tcp_no_flag
           fp-disable:
             - all
             - ipsec
             - none
           gateway-address: <value of string>
           gi-gk: <value in [disable, enable]>
           gwaddr: <value of string>
           gwdetect: <value in [disable, enable]>
           ha-priority: <value of integer>
           icmp-accept-redirect: <value in [disable, enable]>
           icmp-redirect: <value in [disable, enable]>
           icmp-send-redirect: <value in [disable, enable]>
           ident-accept: <value in [disable, enable]>
           idle-timeout: <value of integer>
           if-mdix: <value in [auto, normal, crossover]>
           if-media: <value in [auto, copper, fiber]>
           in-force-vlan-cos: <value of integer>
           inbandwidth: <value of integer>
           ingress-cos: <value in [disable, cos0, cos1, ...]>
           ingress-spillover-threshold: <value of integer>
           internal: <value of integer>
           ip: <value of string>
           ipmac: <value in [disable, enable]>
           ips-sniffer-mode: <value in [disable, enable]>
           ipunnumbered: <value of string>
           ipv6:
              autoconf: <value in [disable, enable]>
              dhcp6-client-options:
                - rapid
                - iapd
                - iana
                - dns
                - dnsname
              dhcp6-information-request: <value in [disable, enable]>
              dhcp6-prefix-delegation: <value in [disable, enable]>
              dhcp6-prefix-hint: <value of string>
              dhcp6-prefix-hint-plt: <value of integer>
              dhcp6-prefix-hint-vlt: <value of integer>
              dhcp6-relay-ip: <value of string>
              dhcp6-relay-service: <value in [disable, enable]>
              dhcp6-relay-type: <value in [regular]>
              ip6-address: <value of string>
              ip6-allowaccess:
                - https
                - ping
                - ssh
                - snmp
                - http
                - telnet
                - fgfm
                - capwap
                - fabric
              ip6-default-life: <value of integer>
              ip6-dns-server-override: <value in [disable, enable]>
              ip6-hop-limit: <value of integer>
              ip6-link-mtu: <value of integer>
              ip6-manage-flag: <value in [disable, enable]>
              ip6-max-interval: <value of integer>
              ip6-min-interval: <value of integer>
              ip6-mode: <value in [static, dhcp, pppoe, ...]>
              ip6-other-flag: <value in [disable, enable]>
              ip6-reachable-time: <value of integer>
              ip6-retrans-time: <value of integer>
              ip6-send-adv: <value in [disable, enable]>
              ip6-subnet: <value of string>
              ip6-upstream-interface: <value of string>
              nd-cert: <value of string>
              nd-cga-modifier: <value of string>
              nd-mode: <value in [basic, SEND-compatible]>
              nd-security-level: <value of integer>
              nd-timestamp-delta: <value of integer>
              nd-timestamp-fuzz: <value of integer>
              vrip6_link_local: <value of string>
              vrrp-virtual-mac6: <value in [disable, enable]>
              ip6-delegated-prefix-list:
                -
                    autonomous-flag: <value in [disable, enable]>
                    onlink-flag: <value in [disable, enable]>
                    prefix-id: <value of integer>
                    rdnss: <value of string>
                    rdnss-service: <value in [delegated, default, specify]>
                    subnet: <value of string>
                    upstream-interface: <value of string>
              ip6-extra-addr:
                -
                    prefix: <value of string>
              ip6-prefix-list:
                -
                    autonomous-flag: <value in [disable, enable]>
                    dnssl: <value of string>
                    onlink-flag: <value in [disable, enable]>
                    preferred-life-time: <value of integer>
                    prefix: <value of string>
                    rdnss: <value of string>
                    valid-life-time: <value of integer>
              vrrp6:
                -
                    accept-mode: <value in [disable, enable]>
                    adv-interval: <value of integer>
                    preempt: <value in [disable, enable]>
                    priority: <value of integer>
                    start-time: <value of integer>
                    status: <value in [disable, enable]>
                    vrdst6: <value of string>
                    vrgrp: <value of integer>
                    vrid: <value of integer>
                    vrip6: <value of string>
              interface-identifier: <value of string>
              unique-autoconf-addr: <value in [disable, enable]>
              icmp6-send-redirect: <value in [disable, enable]>
              cli-conn6-status: <value of integer>
              ip6-prefix-mode: <value in [dhcp6, ra]>
              ra-send-mtu: <value in [disable, enable]>
           l2forward: <value in [disable, enable]>
           l2tp-client: <value in [disable, enable]>
           lacp-ha-slave: <value in [disable, enable]>
           lacp-mode: <value in [static, passive, active]>
           lacp-speed: <value in [slow, fast]>
           lcp-echo-interval: <value of integer>
           lcp-max-echo-fails: <value of integer>
           link-up-delay: <value of integer>
           listen-forticlient-connection: <value in [disable, enable]>
           lldp-network-policy: <value of string>
           lldp-reception: <value in [disable, enable, vdom]>
           lldp-transmission: <value in [enable, disable, vdom]>
           log: <value in [disable, enable]>
           macaddr: <value of string>
           management-ip: <value of string>
           max-egress-burst-rate: <value of integer>
           max-egress-rate: <value of integer>
           mediatype: <value in [serdes-sfp, sgmii-sfp, cfp2-sr10, ...]>
           member: <value of string>
           min-links: <value of integer>
           min-links-down: <value in [operational, administrative]>
           mode: <value in [static, dhcp, pppoe, ...]>
           mtu: <value of integer>
           mtu-override: <value in [disable, enable]>
           mux-type: <value in [llc-encaps, vc-encaps]>
           name: <value of string>
           ndiscforward: <value in [disable, enable]>
           netbios-forward: <value in [disable, enable]>
           netflow-sampler: <value in [disable, tx, rx, ...]>
           npu-fastpath: <value in [disable, enable]>
           nst: <value in [disable, enable]>
           out-force-vlan-cos: <value of integer>
           outbandwidth: <value of integer>
           padt-retry-timeout: <value of integer>
           password: <value of string>
           peer-interface: <value of string>
           phy-mode: <value in [auto, adsl, vdsl]>
           ping-serv-status: <value of integer>
           poe: <value in [disable, enable]>
           polling-interval: <value of integer>
           pppoe-unnumbered-negotiate: <value in [disable, enable]>
           pptp-auth-type: <value in [auto, pap, chap, ...]>
           pptp-client: <value in [disable, enable]>
           pptp-password: <value of string>
           pptp-server-ip: <value of string>
           pptp-timeout: <value of integer>
           pptp-user: <value of string>
           preserve-session-route: <value in [disable, enable]>
           priority: <value of integer>
           priority-override: <value in [disable, enable]>
           proxy-captive-portal: <value in [disable, enable]>
           redundant-interface: <value of string>
           remote-ip: <value of string>
           replacemsg-override-group: <value of string>
           retransmission: <value in [disable, enable]>
           role: <value in [lan, wan, dmz, ...]>
           sample-direction: <value in [rx, tx, both]>
           sample-rate: <value of integer>
           scan-botnet-connections: <value in [disable, block, monitor]>
           secondary-IP: <value in [disable, enable]>
           secondaryip:
             -
                 allowaccess:
                   - https
                   - ping
                   - ssh
                   - snmp
                   - http
                   - telnet
                   - fgfm
                   - auto-ipsec
                   - radius-acct
                   - probe-response
                   - capwap
                   - dnp
                   - ftm
                   - fabric
                 detectprotocol:
                   - ping
                   - tcp-echo
                   - udp-echo
                 detectserver: <value of string>
                 gwdetect: <value in [disable, enable]>
                 ha-priority: <value of integer>
                 id: <value of integer>
                 ip: <value of string>
                 ping-serv-status: <value of integer>
                 seq: <value of integer>
           security-8021x-dynamic-vlan-id: <value of integer>
           security-8021x-master: <value of string>
           security-8021x-mode: <value in [default, dynamic-vlan, fallback, ...]>
           security-exempt-list: <value of string>
           security-external-logout: <value of string>
           security-external-web: <value of string>
           security-groups: <value of string>
           security-mac-auth-bypass: <value in [disable, enable, mac-auth-only]>
           security-mode: <value in [none, captive-portal, 802.1X]>
           security-redirect-url: <value of string>
           service-name: <value of string>
           sflow-sampler: <value in [disable, enable]>
           speed: <value in [auto, 10full, 10half, ...]>
           spillover-threshold: <value of integer>
           src-check: <value in [disable, enable]>
           status: <value in [down, up]>
           stp: <value in [disable, enable]>
           stp-ha-slave: <value in [disable, enable, priority-adjust]>
           stpforward: <value in [disable, enable]>
           stpforward-mode: <value in [rpl-all-ext-id, rpl-bridge-ext-id, rpl-nothing]>
           strip-priority-vlan-tag: <value in [disable, enable]>
           subst: <value in [disable, enable]>
           substitute-dst-mac: <value of string>
           switch: <value of string>
           switch-controller-access-vlan: <value in [disable, enable]>
           switch-controller-arp-inspection: <value in [disable, enable]>
           switch-controller-auth: <value in [radius, usergroup]>
           switch-controller-dhcp-snooping: <value in [disable, enable]>
           switch-controller-dhcp-snooping-option82: <value in [disable, enable]>
           switch-controller-dhcp-snooping-verify-mac: <value in [disable, enable]>
           switch-controller-igmp-snooping: <value in [disable, enable]>
           switch-controller-learning-limit: <value of integer>
           switch-controller-radius-server: <value of string>
           switch-controller-traffic-policy: <value of string>
           tc-mode: <value in [ptm, atm]>
           tcp-mss: <value of integer>
           trunk: <value in [disable, enable]>
           trust-ip-1: <value of string>
           trust-ip-2: <value of string>
           trust-ip-3: <value of string>
           trust-ip6-1: <value of string>
           trust-ip6-2: <value of string>
           trust-ip6-3: <value of string>
           type: <value in [physical, vlan, aggregate, ...]>
           username: <value of string>
           vci: <value of integer>
           vectoring: <value in [disable, enable]>
           vindex: <value of integer>
           vlanforward: <value in [disable, enable]>
           vlanid: <value of integer>
           vpi: <value of integer>
           vrf: <value of integer>
           vrrp:
             -
                 accept-mode: <value in [disable, enable]>
                 adv-interval: <value of integer>
                 ignore-default-route: <value in [disable, enable]>
                 preempt: <value in [disable, enable]>
                 priority: <value of integer>
                 start-time: <value of integer>
                 status: <value in [disable, enable]>
                 version: <value in [2, 3]>
                 vrdst: <value of string>
                 vrdst-priority: <value of integer>
                 vrgrp: <value of integer>
                 vrid: <value of integer>
                 vrip: <value of string>
           vrrp-virtual-mac: <value in [disable, enable]>
           wccp: <value in [disable, enable]>
           weight: <value of integer>
           wifi-5g-threshold: <value of string>
           wifi-acl: <value in [deny, allow]>
           wifi-ap-band: <value in [any, 5g-preferred, 5g-only]>
           wifi-auth: <value in [PSK, RADIUS, radius, ...]>
           wifi-auto-connect: <value in [disable, enable]>
           wifi-auto-save: <value in [disable, enable]>
           wifi-broadcast-ssid: <value in [disable, enable]>
           wifi-encrypt: <value in [TKIP, AES]>
           wifi-fragment-threshold: <value of integer>
           wifi-key: <value of string>
           wifi-keyindex: <value of integer>
           wifi-mac-filter: <value in [disable, enable]>
           wifi-passphrase: <value of string>
           wifi-radius-server: <value of string>
           wifi-rts-threshold: <value of integer>
           wifi-security: <value in [None, WEP64, wep64, ...]>
           wifi-ssid: <value of string>
           wifi-usergroup: <value of string>
           wins-ip: <value of string>
           eip: <value of string>
           fortilink-neighbor-detect: <value in [lldp, fortilink]>
           ingress-shaping-profile: <value of string>
           ring-rx: <value of integer>
           ring-tx: <value of integer>
           switch-controller-igmp-snooping-fast-leave: <value in [disable, enable]>
           switch-controller-igmp-snooping-proxy: <value in [disable, enable]>
           switch-controller-rspan-mode: <value in [disable, enable]>
           bandwidth-measure-time: <value of integer>
           ip-managed-by-fortiipam: <value in [disable, enable]>
           managed-subnetwork-size: <value in [256, 512, 1024, ...]>
           measured-downstream-bandwidth: <value of integer>
           measured-upstream-bandwidth: <value of integer>
           monitor-bandwidth: <value in [disable, enable]>
           swc-vlan: <value of integer>
           switch-controller-feature: <value in [none, default-vlan, quarantine, ...]>
           switch-controller-mgmt-vlan: <value of integer>
           switch-controller-nac: <value of string>
           vlan-protocol: <value in [8021q, 8021ad]>
           dhcp-relay-interface: <value of string>
           dhcp-relay-interface-select-method: <value in [auto, sdwan, specify]>
           np-qos-profile: <value of integer>
           swc-first-create: <value of integer>
           switch-controller-iot-scanning: <value in [disable, enable]>
           switch-controller-source-ip: <value in [outbound, fixed]>
           dhcp-relay-request-all-server: <value in [disable, enable]>
           stp-ha-secondary: <value in [disable, enable, priority-adjust]>
           switch-controller-dynamic: <value of string>

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
request_url
string
always
The full url requested

Sample:
/sys/login/user
response_code
integer
always
The status of api request

response_message
string
always
The descriptive message of the api response

Sample:
OK.


Authors

  • Link Zheng (@chillancezen)

  • Jie Xue (@JieX19)

  • Frank Shen (@fshen01)

  • Hongbin Lu (@fgtdev-hblu)