fortinet.fortimanager.fmgr_fsp_vlan_interface – Configure interfaces.

Note

This plugin is part of the fortinet.fortimanager collection (version 2.1.4).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install fortinet.fortimanager.

To use it in a playbook, specify: fortinet.fortimanager.fmgr_fsp_vlan_interface.

New in version 2.10: of fortinet.fortimanager

Synopsis

  • This module is able to configure a FortiManager device.

  • Examples include all parameters and values which need to be adjusted to data sources before usage.

Parameters

Parameter Choices/Defaults Comments
adom
string / required
the parameter (adom) in requested url
bypass_validation
boolean
    Choices:
  • no ←
  • yes
only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters
enable_log
boolean
    Choices:
  • no ←
  • yes
Enable/Disable logging for task
fsp_vlan_interface
dictionary
the top level parameters set
ac-name
string
no description
aggregate
string
no description
algorithm
string
    Choices:
  • L2
  • L3
  • L4
no description
alias
string
no description
allowaccess
list / elements=string
    Choices:
  • https
  • ping
  • ssh
  • snmp
  • http
  • telnet
  • fgfm
  • auto-ipsec
  • radius-acct
  • probe-response
  • capwap
  • dnp
  • ftm
  • fabric
no description
ap-discover
string
    Choices:
  • disable
  • enable
no description
arpforward
string
    Choices:
  • disable
  • enable
no description
atm-protocol
string
    Choices:
  • none
  • ipoa
no description
auth-type
string
    Choices:
  • auto
  • pap
  • chap
  • mschapv1
  • mschapv2
no description
auto-auth-extension-device
string
    Choices:
  • disable
  • enable
no description
bandwidth-measure-time
integer
no description
bfd
string
    Choices:
  • global
  • enable
  • disable
no description
bfd-desired-min-tx
integer
no description
bfd-detect-mult
integer
no description
bfd-required-min-rx
integer
no description
broadcast-forticlient-discovery
string
    Choices:
  • disable
  • enable
no description
broadcast-forward
string
    Choices:
  • disable
  • enable
no description
captive-portal
integer
no description
cli-conn-status
integer
no description
color
integer
no description
ddns
string
    Choices:
  • disable
  • enable
no description
ddns-auth
string
    Choices:
  • disable
  • tsig
no description
ddns-domain
string
no description
ddns-key
string
no description
ddns-keyname
string
no description
ddns-password
string
no description
ddns-server
string
    Choices:
  • dhs.org
  • dyndns.org
  • dyns.net
  • tzo.com
  • ods.org
  • vavic.com
  • now.net.cn
  • dipdns.net
  • easydns.com
  • genericDDNS
no description
ddns-server-ip
string
no description
ddns-sn
string
no description
ddns-ttl
integer
no description
ddns-username
string
no description
ddns-zone
string
no description
dedicated-to
string
    Choices:
  • none
  • management
no description
defaultgw
string
    Choices:
  • disable
  • enable
no description
description
string
no description
detected-peer-mtu
integer
no description
detectprotocol
list / elements=string
    Choices:
  • ping
  • tcp-echo
  • udp-echo
no description
detectserver
string
no description
device-access-list
string
no description
device-identification
string
    Choices:
  • disable
  • enable
no description
device-identification-active-scan
string
    Choices:
  • disable
  • enable
no description
device-netscan
string
    Choices:
  • disable
  • enable
no description
device-user-identification
string
    Choices:
  • disable
  • enable
no description
devindex
integer
no description
dhcp-client-identifier
string
no description
dhcp-relay-agent-option
string
    Choices:
  • disable
  • enable
no description
dhcp-relay-interface
string
no description
dhcp-relay-interface-select-method
string
    Choices:
  • auto
  • sdwan
  • specify
no description
dhcp-relay-ip
string
no description
dhcp-relay-request-all-server
string
    Choices:
  • disable
  • enable
Enable/disable sending of DHCP requests to all servers.
dhcp-relay-service
string
    Choices:
  • disable
  • enable
no description
dhcp-relay-type
string
    Choices:
  • regular
  • ipsec
no description
dhcp-renew-time
integer
no description
disc-retry-timeout
integer
no description
disconnect-threshold
integer
no description
distance
integer
no description
dns-query
string
    Choices:
  • disable
  • recursive
  • non-recursive
no description
dns-server-override
string
    Choices:
  • disable
  • enable
no description
drop-fragment
string
    Choices:
  • disable
  • enable
no description
drop-overlapped-fragment
string
    Choices:
  • disable
  • enable
no description
egress-cos
string
    Choices:
  • disable
  • cos0
  • cos1
  • cos2
  • cos3
  • cos4
  • cos5
  • cos6
  • cos7
no description
egress-shaping-profile
string
no description
eip
string
no description
endpoint-compliance
string
    Choices:
  • disable
  • enable
no description
estimated-downstream-bandwidth
integer
no description
estimated-upstream-bandwidth
integer
no description
explicit-ftp-proxy
string
    Choices:
  • disable
  • enable
no description
explicit-web-proxy
string
    Choices:
  • disable
  • enable
no description
external
string
    Choices:
  • disable
  • enable
no description
fail-action-on-extender
string
    Choices:
  • soft-restart
  • hard-restart
  • reboot
no description
fail-alert-interfaces
string
no description
fail-alert-method
string
    Choices:
  • link-failed-signal
  • link-down
no description
fail-detect
string
    Choices:
  • disable
  • enable
no description
fail-detect-option
list / elements=string
    Choices:
  • detectserver
  • link-down
no description
fdp
string
    Choices:
  • disable
  • enable
no description
fortiheartbeat
string
    Choices:
  • disable
  • enable
no description
fortilink
string
    Choices:
  • disable
  • enable
no description
fortilink-backup-link
integer
no description
fortilink-neighbor-detect
string
    Choices:
  • lldp
  • fortilink
no description
fortilink-split-interface
string
    Choices:
  • disable
  • enable
no description
fortilink-stacking
string
    Choices:
  • disable
  • enable
no description
forward-domain
integer
no description
forward-error-correction
string
    Choices:
  • disable
  • enable
  • rs-fec
  • base-r-fec
  • fec-cl91
  • fec-cl74
no description
fp-anomaly
list / elements=string
    Choices:
  • drop_tcp_fin_noack
  • pass_winnuke
  • pass_tcpland
  • pass_udpland
  • pass_icmpland
  • pass_ipland
  • pass_iprr
  • pass_ipssrr
  • pass_iplsrr
  • pass_ipstream
  • pass_ipsecurity
  • pass_iptimestamp
  • pass_ipunknown_option
  • pass_ipunknown_prot
  • pass_icmp_frag
  • pass_tcp_no_flag
  • pass_tcp_fin_noack
  • drop_winnuke
  • drop_tcpland
  • drop_udpland
  • drop_icmpland
  • drop_ipland
  • drop_iprr
  • drop_ipssrr
  • drop_iplsrr
  • drop_ipstream
  • drop_ipsecurity
  • drop_iptimestamp
  • drop_ipunknown_option
  • drop_ipunknown_prot
  • drop_icmp_frag
  • drop_tcp_no_flag
no description
fp-disable
list / elements=string
    Choices:
  • all
  • ipsec
  • none
no description
gateway-address
string
no description
gi-gk
string
    Choices:
  • disable
  • enable
no description
gwaddr
string
no description
gwdetect
string
    Choices:
  • disable
  • enable
no description
ha-priority
integer
no description
icmp-accept-redirect
string
    Choices:
  • disable
  • enable
no description
icmp-redirect
string
    Choices:
  • disable
  • enable
no description
icmp-send-redirect
string
    Choices:
  • disable
  • enable
no description
ident-accept
string
    Choices:
  • disable
  • enable
no description
idle-timeout
integer
no description
if-mdix
string
    Choices:
  • auto
  • normal
  • crossover
no description
if-media
string
    Choices:
  • auto
  • copper
  • fiber
no description
in-force-vlan-cos
integer
no description
inbandwidth
integer
no description
ingress-cos
string
    Choices:
  • disable
  • cos0
  • cos1
  • cos2
  • cos3
  • cos4
  • cos5
  • cos6
  • cos7
no description
ingress-shaping-profile
string
no description
ingress-spillover-threshold
integer
no description
internal
integer
no description
ip
string
no description
ip-managed-by-fortiipam
string
    Choices:
  • disable
  • enable
no description
ipmac
string
    Choices:
  • disable
  • enable
no description
ips-sniffer-mode
string
    Choices:
  • disable
  • enable
no description
ipunnumbered
string
no description
ipv6
dictionary
no description
autoconf
string
    Choices:
  • disable
  • enable
no description
cli-conn6-status
integer
no description
dhcp6-client-options
list / elements=string
    Choices:
  • rapid
  • iapd
  • iana
  • dns
  • dnsname
no description
dhcp6-information-request
string
    Choices:
  • disable
  • enable
no description
dhcp6-prefix-delegation
string
    Choices:
  • disable
  • enable
no description
dhcp6-prefix-hint
string
no description
dhcp6-prefix-hint-plt
integer
no description
dhcp6-prefix-hint-vlt
integer
no description
dhcp6-relay-ip
string
no description
dhcp6-relay-service
string
    Choices:
  • disable
  • enable
no description
dhcp6-relay-type
string
    Choices:
  • regular
no description
icmp6-send-redirect
string
    Choices:
  • disable
  • enable
Enable/disable sending of ICMPv6 redirects.
interface-identifier
string
no description
ip6-address
string
no description
ip6-allowaccess
list / elements=string
    Choices:
  • https
  • ping
  • ssh
  • snmp
  • http
  • telnet
  • fgfm
  • capwap
  • fabric
no description
ip6-default-life
integer
no description
ip6-delegated-prefix-list
list / elements=string
no description
autonomous-flag
string
    Choices:
  • disable
  • enable
no description
onlink-flag
string
    Choices:
  • disable
  • enable
no description
prefix-id
integer
no description
rdnss
string
no description
rdnss-service
string
    Choices:
  • delegated
  • default
  • specify
no description
subnet
string
no description
upstream-interface
string
no description
ip6-dns-server-override
string
    Choices:
  • disable
  • enable
no description
ip6-extra-addr
list / elements=string
no description
prefix
string
no description
ip6-hop-limit
integer
no description
ip6-link-mtu
integer
no description
ip6-manage-flag
string
    Choices:
  • disable
  • enable
no description
ip6-max-interval
integer
no description
ip6-min-interval
integer
no description
ip6-mode
string
    Choices:
  • static
  • dhcp
  • pppoe
  • delegated
no description
ip6-other-flag
string
    Choices:
  • disable
  • enable
no description
ip6-prefix-list
list / elements=string
no description
autonomous-flag
string
    Choices:
  • disable
  • enable
no description
dnssl
string
no description
onlink-flag
string
    Choices:
  • disable
  • enable
no description
preferred-life-time
integer
no description
prefix
string
no description
rdnss
string
no description
valid-life-time
integer
no description
ip6-prefix-mode
string
    Choices:
  • dhcp6
  • ra
Assigning a prefix from DHCP or RA.
ip6-reachable-time
integer
no description
ip6-retrans-time
integer
no description
ip6-send-adv
string
    Choices:
  • disable
  • enable
no description
ip6-subnet
string
no description
ip6-upstream-interface
string
no description
nd-cert
string
no description
nd-cga-modifier
string
no description
nd-mode
string
    Choices:
  • basic
  • SEND-compatible
no description
nd-security-level
integer
no description
nd-timestamp-delta
integer
no description
nd-timestamp-fuzz
integer
no description
ra-send-mtu
string
    Choices:
  • disable
  • enable
Enable/disable sending link MTU in RA packet.
unique-autoconf-addr
string
    Choices:
  • disable
  • enable
no description
vrip6_link_local
string
no description
vrrp-virtual-mac6
string
    Choices:
  • disable
  • enable
no description
vrrp6
list / elements=string
no description
accept-mode
string
    Choices:
  • disable
  • enable
no description
adv-interval
integer
no description
preempt
string
    Choices:
  • disable
  • enable
no description
priority
integer
no description
start-time
integer
no description
status
string
    Choices:
  • disable
  • enable
no description
vrdst6
string
no description
vrgrp
integer
no description
vrid
integer
no description
vrip6
string
no description
l2forward
string
    Choices:
  • disable
  • enable
no description
l2tp-client
string
    Choices:
  • disable
  • enable
no description
lacp-ha-slave
string
    Choices:
  • disable
  • enable
no description
lacp-mode
string
    Choices:
  • static
  • passive
  • active
no description
lacp-speed
string
    Choices:
  • slow
  • fast
no description
lcp-echo-interval
integer
no description
lcp-max-echo-fails
integer
no description
link-up-delay
integer
no description
listen-forticlient-connection
string
    Choices:
  • disable
  • enable
no description
lldp-network-policy
string
no description
lldp-reception
string
    Choices:
  • disable
  • enable
  • vdom
no description
lldp-transmission
string
    Choices:
  • enable
  • disable
  • vdom
no description
log
string
    Choices:
  • disable
  • enable
no description
macaddr
string
no description
managed-subnetwork-size
string
    Choices:
  • 256
  • 512
  • 1024
  • 2048
  • 4096
  • 8192
  • 16384
  • 32768
  • 65536
no description
management-ip
string
no description
max-egress-burst-rate
integer
no description
max-egress-rate
integer
no description
measured-downstream-bandwidth
integer
no description
measured-upstream-bandwidth
integer
no description
mediatype
string
    Choices:
  • serdes-sfp
  • sgmii-sfp
  • cfp2-sr10
  • cfp2-lr4
  • serdes-copper-sfp
  • sr
  • cr
  • lr
  • qsfp28-sr4
  • qsfp28-lr4
  • qsfp28-cr4
  • sr4
  • cr4
  • lr4
no description
member
string
no description
min-links
integer
no description
min-links-down
string
    Choices:
  • operational
  • administrative
no description
mode
string
    Choices:
  • static
  • dhcp
  • pppoe
  • pppoa
  • ipoa
  • eoa
no description
monitor-bandwidth
string
    Choices:
  • disable
  • enable
no description
mtu
integer
no description
mtu-override
string
    Choices:
  • disable
  • enable
no description
mux-type
string
    Choices:
  • llc-encaps
  • vc-encaps
no description
name
string
no description
ndiscforward
string
    Choices:
  • disable
  • enable
no description
netbios-forward
string
    Choices:
  • disable
  • enable
no description
netflow-sampler
string
    Choices:
  • disable
  • tx
  • rx
  • both
no description
np-qos-profile
integer
no description
npu-fastpath
string
    Choices:
  • disable
  • enable
no description
nst
string
    Choices:
  • disable
  • enable
no description
out-force-vlan-cos
integer
no description
outbandwidth
integer
no description
padt-retry-timeout
integer
no description
password
string
no description
peer-interface
string
no description
phy-mode
string
    Choices:
  • auto
  • adsl
  • vdsl
no description
ping-serv-status
integer
no description
poe
string
    Choices:
  • disable
  • enable
no description
polling-interval
integer
no description
pppoe-unnumbered-negotiate
string
    Choices:
  • disable
  • enable
no description
pptp-auth-type
string
    Choices:
  • auto
  • pap
  • chap
  • mschapv1
  • mschapv2
no description
pptp-client
string
    Choices:
  • disable
  • enable
no description
pptp-password
string
no description
pptp-server-ip
string
no description
pptp-timeout
integer
no description
pptp-user
string
no description
preserve-session-route
string
    Choices:
  • disable
  • enable
no description
priority
integer
no description
priority-override
string
    Choices:
  • disable
  • enable
no description
proxy-captive-portal
string
    Choices:
  • disable
  • enable
no description
redundant-interface
string
no description
remote-ip
string
no description
replacemsg-override-group
string
no description
retransmission
string
    Choices:
  • disable
  • enable
no description
ring-rx
integer
no description
ring-tx
integer
no description
role
string
    Choices:
  • lan
  • wan
  • dmz
  • undefined
no description
sample-direction
string
    Choices:
  • rx
  • tx
  • both
no description
sample-rate
integer
no description
scan-botnet-connections
string
    Choices:
  • disable
  • block
  • monitor
no description
secondary-IP
string
    Choices:
  • disable
  • enable
no description
secondaryip
list / elements=string
no description
allowaccess
list / elements=string
    Choices:
  • https
  • ping
  • ssh
  • snmp
  • http
  • telnet
  • fgfm
  • auto-ipsec
  • radius-acct
  • probe-response
  • capwap
  • dnp
  • ftm
  • fabric
no description
detectprotocol
list / elements=string
    Choices:
  • ping
  • tcp-echo
  • udp-echo
no description
detectserver
string
no description
gwdetect
string
    Choices:
  • disable
  • enable
no description
ha-priority
integer
no description
id
integer
no description
ip
string
no description
ping-serv-status
integer
no description
seq
integer
no description
security-8021x-dynamic-vlan-id
integer
no description
security-8021x-master
string
no description
security-8021x-mode
string
    Choices:
  • default
  • dynamic-vlan
  • fallback
  • slave
no description
security-exempt-list
string
no description
security-external-logout
string
no description
security-external-web
string
no description
security-groups
string
no description
security-mac-auth-bypass
string
    Choices:
  • disable
  • enable
  • mac-auth-only
no description
security-mode
string
    Choices:
  • none
  • captive-portal
  • 802.1X
no description
security-redirect-url
string
no description
service-name
string
no description
sflow-sampler
string
    Choices:
  • disable
  • enable
no description
speed
string
    Choices:
  • auto
  • 10full
  • 10half
  • 100full
  • 100half
  • 1000full
  • 1000half
  • 10000full
  • 1000auto
  • 10000auto
  • 40000full
  • 100Gfull
  • 25000full
  • 40000auto
  • 25000auto
  • 100Gauto
no description
spillover-threshold
integer
no description
src-check
string
    Choices:
  • disable
  • enable
no description
status
string
    Choices:
  • down
  • up
no description
stp
string
    Choices:
  • disable
  • enable
no description
stp-ha-secondary
string
    Choices:
  • disable
  • enable
  • priority-adjust
Control STP behaviour on HA secondary.
stp-ha-slave
string
    Choices:
  • disable
  • enable
  • priority-adjust
no description
stpforward
string
    Choices:
  • disable
  • enable
no description
stpforward-mode
string
    Choices:
  • rpl-all-ext-id
  • rpl-bridge-ext-id
  • rpl-nothing
no description
strip-priority-vlan-tag
string
    Choices:
  • disable
  • enable
no description
subst
string
    Choices:
  • disable
  • enable
no description
substitute-dst-mac
string
no description
swc-first-create
integer
Initial create for switch-controller VLANs.
swc-vlan
integer
no description
switch
string
no description
switch-controller-access-vlan
string
    Choices:
  • disable
  • enable
no description
switch-controller-arp-inspection
string
    Choices:
  • disable
  • enable
no description
switch-controller-auth
string
    Choices:
  • radius
  • usergroup
no description
switch-controller-dhcp-snooping
string
    Choices:
  • disable
  • enable
no description
switch-controller-dhcp-snooping-option82
string
    Choices:
  • disable
  • enable
no description
switch-controller-dhcp-snooping-verify-mac
string
    Choices:
  • disable
  • enable
no description
switch-controller-dynamic
string
Integrated FortiLink settings for managed FortiSwitch.
switch-controller-feature
string
    Choices:
  • none
  • default-vlan
  • quarantine
  • sniffer
  • voice
  • camera
  • rspan
  • video
  • nac
no description
switch-controller-igmp-snooping
string
    Choices:
  • disable
  • enable
no description
switch-controller-igmp-snooping-fast-leave
string
    Choices:
  • disable
  • enable
no description
switch-controller-igmp-snooping-proxy
string
    Choices:
  • disable
  • enable
no description
switch-controller-iot-scanning
string
    Choices:
  • disable
  • enable
Enable/disable managed FortiSwitch IoT scanning.
switch-controller-learning-limit
integer
no description
switch-controller-mgmt-vlan
integer
no description
switch-controller-nac
string
no description
switch-controller-radius-server
string
no description
switch-controller-rspan-mode
string
    Choices:
  • disable
  • enable
no description
switch-controller-source-ip
string
    Choices:
  • outbound
  • fixed
Source IP address used in FortiLink over L3 connections.
switch-controller-traffic-policy
string
no description
tc-mode
string
    Choices:
  • ptm
  • atm
no description
tcp-mss
integer
no description
trunk
string
    Choices:
  • disable
  • enable
no description
trust-ip-1
string
no description
trust-ip-2
string
no description
trust-ip-3
string
no description
trust-ip6-1
string
no description
trust-ip6-2
string
no description
trust-ip6-3
string
no description
type
string
    Choices:
  • physical
  • vlan
  • aggregate
  • redundant
  • tunnel
  • wireless
  • vdom-link
  • loopback
  • switch
  • hard-switch
  • hdlc
  • vap-switch
  • wl-mesh
  • fortilink
  • switch-vlan
  • fctrl-trunk
  • tdm
  • fext-wan
  • vxlan
  • emac-vlan
  • geneve
  • ssl
no description
username
string
no description
vci
integer
no description
vectoring
string
    Choices:
  • disable
  • enable
no description
vindex
integer
no description
vlan-protocol
string
    Choices:
  • 8021q
  • 8021ad
no description
vlanforward
string
    Choices:
  • disable
  • enable
no description
vlanid
integer
no description
vpi
integer
no description
vrf
integer
no description
vrrp
list / elements=string
no description
accept-mode
string
    Choices:
  • disable
  • enable
no description
adv-interval
integer
no description
ignore-default-route
string
    Choices:
  • disable
  • enable
no description
preempt
string
    Choices:
  • disable
  • enable
no description
priority
integer
no description
start-time
integer
no description
status
string
    Choices:
  • disable
  • enable
no description
version
string
    Choices:
  • 2
  • 3
no description
vrdst
string
no description
vrdst-priority
integer
no description
vrgrp
integer
no description
vrid
integer
no description
vrip
string
no description
vrrp-virtual-mac
string
    Choices:
  • disable
  • enable
no description
wccp
string
    Choices:
  • disable
  • enable
no description
weight
integer
no description
wifi-5g-threshold
string
no description
wifi-acl
string
    Choices:
  • deny
  • allow
no description
wifi-ap-band
string
    Choices:
  • any
  • 5g-preferred
  • 5g-only
no description
wifi-auth
string
    Choices:
  • PSK
  • RADIUS
  • radius
  • usergroup
no description
wifi-auto-connect
string
    Choices:
  • disable
  • enable
no description
wifi-auto-save
string
    Choices:
  • disable
  • enable
no description
wifi-broadcast-ssid
string
    Choices:
  • disable
  • enable
no description
wifi-encrypt
string
    Choices:
  • TKIP
  • AES
no description
wifi-fragment-threshold
integer
no description
wifi-key
string
no description
wifi-keyindex
integer
no description
wifi-mac-filter
string
    Choices:
  • disable
  • enable
no description
wifi-passphrase
string
no description
wifi-radius-server
string
no description
wifi-rts-threshold
integer
no description
wifi-security
string
    Choices:
  • None
  • WEP64
  • wep64
  • WEP128
  • wep128
  • WPA_PSK
  • WPA_RADIUS
  • WPA
  • WPA2
  • WPA2_AUTO
  • open
  • wpa-personal
  • wpa-enterprise
  • wpa-only-personal
  • wpa-only-enterprise
  • wpa2-only-personal
  • wpa2-only-enterprise
no description
wifi-ssid
string
no description
wifi-usergroup
string
no description
wins-ip
string
no description
proposed_method
string
    Choices:
  • update
  • set
  • add
The overridden method for the underlying Json RPC request
rc_failed
list / elements=string
the rc codes list with which the conditions to fail will be overriden
rc_succeeded
list / elements=string
the rc codes list with which the conditions to succeed will be overriden
state
string / required
    Choices:
  • present
  • absent
the directive to create, update or delete an object
vlan
string / required
the parameter (vlan) in requested url
workspace_locking_adom
string
the adom to lock for FortiManager running in workspace mode, the value can be global and others including root
workspace_locking_timeout
integer
Default:
300
the maximum time in seconds to wait for other user to release the workspace lock

Notes

Note

  • Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.

  • To create or update an object, use state present directive.

  • To delete an object, use state absent directive.

  • Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded

Examples

- hosts: fortimanager-inventory
  collections:
    - fortinet.fortimanager
  connection: httpapi
  vars:
     ansible_httpapi_use_ssl: True
     ansible_httpapi_validate_certs: False
     ansible_httpapi_port: 443
  tasks:
   - name: Configure interfaces.
     fmgr_fsp_vlan_interface:
        bypass_validation: False
        workspace_locking_adom: <value in [global, custom adom including root]>
        workspace_locking_timeout: 300
        rc_succeeded: [0, -2, -3, ...]
        rc_failed: [-2, -3, ...]
        adom: <your own value>
        vlan: <your own value>
        fsp_vlan_interface:
           ac-name: <value of string>
           aggregate: <value of string>
           algorithm: <value in [L2, L3, L4]>
           alias: <value of string>
           allowaccess:
             - https
             - ping
             - ssh
             - snmp
             - http
             - telnet
             - fgfm
             - auto-ipsec
             - radius-acct
             - probe-response
             - capwap
             - dnp
             - ftm
             - fabric
           ap-discover: <value in [disable, enable]>
           arpforward: <value in [disable, enable]>
           atm-protocol: <value in [none, ipoa]>
           auth-type: <value in [auto, pap, chap, ...]>
           auto-auth-extension-device: <value in [disable, enable]>
           bfd: <value in [global, enable, disable]>
           bfd-desired-min-tx: <value of integer>
           bfd-detect-mult: <value of integer>
           bfd-required-min-rx: <value of integer>
           broadcast-forticlient-discovery: <value in [disable, enable]>
           broadcast-forward: <value in [disable, enable]>
           captive-portal: <value of integer>
           cli-conn-status: <value of integer>
           color: <value of integer>
           ddns: <value in [disable, enable]>
           ddns-auth: <value in [disable, tsig]>
           ddns-domain: <value of string>
           ddns-key: <value of string>
           ddns-keyname: <value of string>
           ddns-password: <value of string>
           ddns-server: <value in [dhs.org, dyndns.org, dyns.net, ...]>
           ddns-server-ip: <value of string>
           ddns-sn: <value of string>
           ddns-ttl: <value of integer>
           ddns-username: <value of string>
           ddns-zone: <value of string>
           dedicated-to: <value in [none, management]>
           defaultgw: <value in [disable, enable]>
           description: <value of string>
           detected-peer-mtu: <value of integer>
           detectprotocol:
             - ping
             - tcp-echo
             - udp-echo
           detectserver: <value of string>
           device-access-list: <value of string>
           device-identification: <value in [disable, enable]>
           device-identification-active-scan: <value in [disable, enable]>
           device-netscan: <value in [disable, enable]>
           device-user-identification: <value in [disable, enable]>
           devindex: <value of integer>
           dhcp-client-identifier: <value of string>
           dhcp-relay-agent-option: <value in [disable, enable]>
           dhcp-relay-ip: <value of string>
           dhcp-relay-service: <value in [disable, enable]>
           dhcp-relay-type: <value in [regular, ipsec]>
           dhcp-renew-time: <value of integer>
           disc-retry-timeout: <value of integer>
           disconnect-threshold: <value of integer>
           distance: <value of integer>
           dns-query: <value in [disable, recursive, non-recursive]>
           dns-server-override: <value in [disable, enable]>
           drop-fragment: <value in [disable, enable]>
           drop-overlapped-fragment: <value in [disable, enable]>
           egress-cos: <value in [disable, cos0, cos1, ...]>
           egress-shaping-profile: <value of string>
           endpoint-compliance: <value in [disable, enable]>
           estimated-downstream-bandwidth: <value of integer>
           estimated-upstream-bandwidth: <value of integer>
           explicit-ftp-proxy: <value in [disable, enable]>
           explicit-web-proxy: <value in [disable, enable]>
           external: <value in [disable, enable]>
           fail-action-on-extender: <value in [soft-restart, hard-restart, reboot]>
           fail-alert-interfaces: <value of string>
           fail-alert-method: <value in [link-failed-signal, link-down]>
           fail-detect: <value in [disable, enable]>
           fail-detect-option:
             - detectserver
             - link-down
           fdp: <value in [disable, enable]>
           fortiheartbeat: <value in [disable, enable]>
           fortilink: <value in [disable, enable]>
           fortilink-backup-link: <value of integer>
           fortilink-split-interface: <value in [disable, enable]>
           fortilink-stacking: <value in [disable, enable]>
           forward-domain: <value of integer>
           forward-error-correction: <value in [disable, enable, rs-fec, ...]>
           fp-anomaly:
             - drop_tcp_fin_noack
             - pass_winnuke
             - pass_tcpland
             - pass_udpland
             - pass_icmpland
             - pass_ipland
             - pass_iprr
             - pass_ipssrr
             - pass_iplsrr
             - pass_ipstream
             - pass_ipsecurity
             - pass_iptimestamp
             - pass_ipunknown_option
             - pass_ipunknown_prot
             - pass_icmp_frag
             - pass_tcp_no_flag
             - pass_tcp_fin_noack
             - drop_winnuke
             - drop_tcpland
             - drop_udpland
             - drop_icmpland
             - drop_ipland
             - drop_iprr
             - drop_ipssrr
             - drop_iplsrr
             - drop_ipstream
             - drop_ipsecurity
             - drop_iptimestamp
             - drop_ipunknown_option
             - drop_ipunknown_prot
             - drop_icmp_frag
             - drop_tcp_no_flag
           fp-disable:
             - all
             - ipsec
             - none
           gateway-address: <value of string>
           gi-gk: <value in [disable, enable]>
           gwaddr: <value of string>
           gwdetect: <value in [disable, enable]>
           ha-priority: <value of integer>
           icmp-accept-redirect: <value in [disable, enable]>
           icmp-redirect: <value in [disable, enable]>
           icmp-send-redirect: <value in [disable, enable]>
           ident-accept: <value in [disable, enable]>
           idle-timeout: <value of integer>
           if-mdix: <value in [auto, normal, crossover]>
           if-media: <value in [auto, copper, fiber]>
           in-force-vlan-cos: <value of integer>
           inbandwidth: <value of integer>
           ingress-cos: <value in [disable, cos0, cos1, ...]>
           ingress-spillover-threshold: <value of integer>
           internal: <value of integer>
           ip: <value of string>
           ipmac: <value in [disable, enable]>
           ips-sniffer-mode: <value in [disable, enable]>
           ipunnumbered: <value of string>
           ipv6:
              autoconf: <value in [disable, enable]>
              dhcp6-client-options:
                - rapid
                - iapd
                - iana
                - dns
                - dnsname
              dhcp6-information-request: <value in [disable, enable]>
              dhcp6-prefix-delegation: <value in [disable, enable]>
              dhcp6-prefix-hint: <value of string>
              dhcp6-prefix-hint-plt: <value of integer>
              dhcp6-prefix-hint-vlt: <value of integer>
              dhcp6-relay-ip: <value of string>
              dhcp6-relay-service: <value in [disable, enable]>
              dhcp6-relay-type: <value in [regular]>
              ip6-address: <value of string>
              ip6-allowaccess:
                - https
                - ping
                - ssh
                - snmp
                - http
                - telnet
                - fgfm
                - capwap
                - fabric
              ip6-default-life: <value of integer>
              ip6-dns-server-override: <value in [disable, enable]>
              ip6-hop-limit: <value of integer>
              ip6-link-mtu: <value of integer>
              ip6-manage-flag: <value in [disable, enable]>
              ip6-max-interval: <value of integer>
              ip6-min-interval: <value of integer>
              ip6-mode: <value in [static, dhcp, pppoe, ...]>
              ip6-other-flag: <value in [disable, enable]>
              ip6-reachable-time: <value of integer>
              ip6-retrans-time: <value of integer>
              ip6-send-adv: <value in [disable, enable]>
              ip6-subnet: <value of string>
              ip6-upstream-interface: <value of string>
              nd-cert: <value of string>
              nd-cga-modifier: <value of string>
              nd-mode: <value in [basic, SEND-compatible]>
              nd-security-level: <value of integer>
              nd-timestamp-delta: <value of integer>
              nd-timestamp-fuzz: <value of integer>
              vrip6_link_local: <value of string>
              vrrp-virtual-mac6: <value in [disable, enable]>
              ip6-delegated-prefix-list:
                -
                    autonomous-flag: <value in [disable, enable]>
                    onlink-flag: <value in [disable, enable]>
                    prefix-id: <value of integer>
                    rdnss: <value of string>
                    rdnss-service: <value in [delegated, default, specify]>
                    subnet: <value of string>
                    upstream-interface: <value of string>
              ip6-extra-addr:
                -
                    prefix: <value of string>
              ip6-prefix-list:
                -
                    autonomous-flag: <value in [disable, enable]>
                    dnssl: <value of string>
                    onlink-flag: <value in [disable, enable]>
                    preferred-life-time: <value of integer>
                    prefix: <value of string>
                    rdnss: <value of string>
                    valid-life-time: <value of integer>
              vrrp6:
                -
                    accept-mode: <value in [disable, enable]>
                    adv-interval: <value of integer>
                    preempt: <value in [disable, enable]>
                    priority: <value of integer>
                    start-time: <value of integer>
                    status: <value in [disable, enable]>
                    vrdst6: <value of string>
                    vrgrp: <value of integer>
                    vrid: <value of integer>
                    vrip6: <value of string>
              interface-identifier: <value of string>
              unique-autoconf-addr: <value in [disable, enable]>
              icmp6-send-redirect: <value in [disable, enable]>
              cli-conn6-status: <value of integer>
              ip6-prefix-mode: <value in [dhcp6, ra]>
              ra-send-mtu: <value in [disable, enable]>
           l2forward: <value in [disable, enable]>
           l2tp-client: <value in [disable, enable]>
           lacp-ha-slave: <value in [disable, enable]>
           lacp-mode: <value in [static, passive, active]>
           lacp-speed: <value in [slow, fast]>
           lcp-echo-interval: <value of integer>
           lcp-max-echo-fails: <value of integer>
           link-up-delay: <value of integer>
           listen-forticlient-connection: <value in [disable, enable]>
           lldp-network-policy: <value of string>
           lldp-reception: <value in [disable, enable, vdom]>
           lldp-transmission: <value in [enable, disable, vdom]>
           log: <value in [disable, enable]>
           macaddr: <value of string>
           management-ip: <value of string>
           max-egress-burst-rate: <value of integer>
           max-egress-rate: <value of integer>
           mediatype: <value in [serdes-sfp, sgmii-sfp, cfp2-sr10, ...]>
           member: <value of string>
           min-links: <value of integer>
           min-links-down: <value in [operational, administrative]>
           mode: <value in [static, dhcp, pppoe, ...]>
           mtu: <value of integer>
           mtu-override: <value in [disable, enable]>
           mux-type: <value in [llc-encaps, vc-encaps]>
           name: <value of string>
           ndiscforward: <value in [disable, enable]>
           netbios-forward: <value in [disable, enable]>
           netflow-sampler: <value in [disable, tx, rx, ...]>
           npu-fastpath: <value in [disable, enable]>
           nst: <value in [disable, enable]>
           out-force-vlan-cos: <value of integer>
           outbandwidth: <value of integer>
           padt-retry-timeout: <value of integer>
           password: <value of string>
           peer-interface: <value of string>
           phy-mode: <value in [auto, adsl, vdsl]>
           ping-serv-status: <value of integer>
           poe: <value in [disable, enable]>
           polling-interval: <value of integer>
           pppoe-unnumbered-negotiate: <value in [disable, enable]>
           pptp-auth-type: <value in [auto, pap, chap, ...]>
           pptp-client: <value in [disable, enable]>
           pptp-password: <value of string>
           pptp-server-ip: <value of string>
           pptp-timeout: <value of integer>
           pptp-user: <value of string>
           preserve-session-route: <value in [disable, enable]>
           priority: <value of integer>
           priority-override: <value in [disable, enable]>
           proxy-captive-portal: <value in [disable, enable]>
           redundant-interface: <value of string>
           remote-ip: <value of string>
           replacemsg-override-group: <value of string>
           retransmission: <value in [disable, enable]>
           role: <value in [lan, wan, dmz, ...]>
           sample-direction: <value in [rx, tx, both]>
           sample-rate: <value of integer>
           scan-botnet-connections: <value in [disable, block, monitor]>
           secondary-IP: <value in [disable, enable]>
           secondaryip:
             -
                 allowaccess:
                   - https
                   - ping
                   - ssh
                   - snmp
                   - http
                   - telnet
                   - fgfm
                   - auto-ipsec
                   - radius-acct
                   - probe-response
                   - capwap
                   - dnp
                   - ftm
                   - fabric
                 detectprotocol:
                   - ping
                   - tcp-echo
                   - udp-echo
                 detectserver: <value of string>
                 gwdetect: <value in [disable, enable]>
                 ha-priority: <value of integer>
                 id: <value of integer>
                 ip: <value of string>
                 ping-serv-status: <value of integer>
                 seq: <value of integer>
           security-8021x-dynamic-vlan-id: <value of integer>
           security-8021x-master: <value of string>
           security-8021x-mode: <value in [default, dynamic-vlan, fallback, ...]>
           security-exempt-list: <value of string>
           security-external-logout: <value of string>
           security-external-web: <value of string>
           security-groups: <value of string>
           security-mac-auth-bypass: <value in [disable, enable, mac-auth-only]>
           security-mode: <value in [none, captive-portal, 802.1X]>
           security-redirect-url: <value of string>
           service-name: <value of string>
           sflow-sampler: <value in [disable, enable]>
           speed: <value in [auto, 10full, 10half, ...]>
           spillover-threshold: <value of integer>
           src-check: <value in [disable, enable]>
           status: <value in [down, up]>
           stp: <value in [disable, enable]>
           stp-ha-slave: <value in [disable, enable, priority-adjust]>
           stpforward: <value in [disable, enable]>
           stpforward-mode: <value in [rpl-all-ext-id, rpl-bridge-ext-id, rpl-nothing]>
           strip-priority-vlan-tag: <value in [disable, enable]>
           subst: <value in [disable, enable]>
           substitute-dst-mac: <value of string>
           switch: <value of string>
           switch-controller-access-vlan: <value in [disable, enable]>
           switch-controller-arp-inspection: <value in [disable, enable]>
           switch-controller-auth: <value in [radius, usergroup]>
           switch-controller-dhcp-snooping: <value in [disable, enable]>
           switch-controller-dhcp-snooping-option82: <value in [disable, enable]>
           switch-controller-dhcp-snooping-verify-mac: <value in [disable, enable]>
           switch-controller-igmp-snooping: <value in [disable, enable]>
           switch-controller-learning-limit: <value of integer>
           switch-controller-radius-server: <value of string>
           switch-controller-traffic-policy: <value of string>
           tc-mode: <value in [ptm, atm]>
           tcp-mss: <value of integer>
           trunk: <value in [disable, enable]>
           trust-ip-1: <value of string>
           trust-ip-2: <value of string>
           trust-ip-3: <value of string>
           trust-ip6-1: <value of string>
           trust-ip6-2: <value of string>
           trust-ip6-3: <value of string>
           type: <value in [physical, vlan, aggregate, ...]>
           username: <value of string>
           vci: <value of integer>
           vectoring: <value in [disable, enable]>
           vindex: <value of integer>
           vlanforward: <value in [disable, enable]>
           vlanid: <value of integer>
           vpi: <value of integer>
           vrf: <value of integer>
           vrrp:
             -
                 accept-mode: <value in [disable, enable]>
                 adv-interval: <value of integer>
                 ignore-default-route: <value in [disable, enable]>
                 preempt: <value in [disable, enable]>
                 priority: <value of integer>
                 start-time: <value of integer>
                 status: <value in [disable, enable]>
                 version: <value in [2, 3]>
                 vrdst: <value of string>
                 vrdst-priority: <value of integer>
                 vrgrp: <value of integer>
                 vrid: <value of integer>
                 vrip: <value of string>
           vrrp-virtual-mac: <value in [disable, enable]>
           wccp: <value in [disable, enable]>
           weight: <value of integer>
           wifi-5g-threshold: <value of string>
           wifi-acl: <value in [deny, allow]>
           wifi-ap-band: <value in [any, 5g-preferred, 5g-only]>
           wifi-auth: <value in [PSK, RADIUS, radius, ...]>
           wifi-auto-connect: <value in [disable, enable]>
           wifi-auto-save: <value in [disable, enable]>
           wifi-broadcast-ssid: <value in [disable, enable]>
           wifi-encrypt: <value in [TKIP, AES]>
           wifi-fragment-threshold: <value of integer>
           wifi-key: <value of string>
           wifi-keyindex: <value of integer>
           wifi-mac-filter: <value in [disable, enable]>
           wifi-passphrase: <value of string>
           wifi-radius-server: <value of string>
           wifi-rts-threshold: <value of integer>
           wifi-security: <value in [None, WEP64, wep64, ...]>
           wifi-ssid: <value of string>
           wifi-usergroup: <value of string>
           wins-ip: <value of string>
           eip: <value of string>
           fortilink-neighbor-detect: <value in [lldp, fortilink]>
           ingress-shaping-profile: <value of string>
           ring-rx: <value of integer>
           ring-tx: <value of integer>
           switch-controller-igmp-snooping-fast-leave: <value in [disable, enable]>
           switch-controller-igmp-snooping-proxy: <value in [disable, enable]>
           switch-controller-rspan-mode: <value in [disable, enable]>
           bandwidth-measure-time: <value of integer>
           ip-managed-by-fortiipam: <value in [disable, enable]>
           managed-subnetwork-size: <value in [256, 512, 1024, ...]>
           measured-downstream-bandwidth: <value of integer>
           measured-upstream-bandwidth: <value of integer>
           monitor-bandwidth: <value in [disable, enable]>
           swc-vlan: <value of integer>
           switch-controller-feature: <value in [none, default-vlan, quarantine, ...]>
           switch-controller-mgmt-vlan: <value of integer>
           switch-controller-nac: <value of string>
           vlan-protocol: <value in [8021q, 8021ad]>
           dhcp-relay-interface: <value of string>
           dhcp-relay-interface-select-method: <value in [auto, sdwan, specify]>
           np-qos-profile: <value of integer>
           swc-first-create: <value of integer>
           switch-controller-iot-scanning: <value in [disable, enable]>
           switch-controller-source-ip: <value in [outbound, fixed]>
           dhcp-relay-request-all-server: <value in [disable, enable]>
           stp-ha-secondary: <value in [disable, enable, priority-adjust]>
           switch-controller-dynamic: <value of string>

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
request_url
string
always
The full url requested

Sample:
/sys/login/user
response_code
integer
always
The status of api request

response_message
string
always
The descriptive message of the api response

Sample:
OK.


Authors

  • Link Zheng (@chillancezen)

  • Jie Xue (@JieX19)

  • Frank Shen (@fshen01)

  • Hongbin Lu (@fgtdev-hblu)