fortinet.fortimanager.fmgr_fsp_vlan – no description

Note

This plugin is part of the fortinet.fortimanager collection (version 2.1.3).

To install it use: ansible-galaxy collection install fortinet.fortimanager.

To use it in a playbook, specify: fortinet.fortimanager.fmgr_fsp_vlan.

New in version 2.10: of fortinet.fortimanager

Synopsis

  • This module is able to configure a FortiManager device.

  • Examples include all parameters and values which need to be adjusted to data sources before usage.

Parameters

Parameter Choices/Defaults Comments
adom
string / required
the parameter (adom) in requested url
bypass_validation
boolean
    Choices:
  • no ←
  • yes
only set to True when module schema diffs with FortiManager API structure, module continues to execute without validating parameters
enable_log
boolean
    Choices:
  • no ←
  • yes
Enable/Disable logging for task
fsp_vlan
dictionary
the top level parameters set
_dhcp-status
string
    Choices:
  • disable
  • enable
no description
auth
string
    Choices:
  • radius
  • usergroup
no description
color
integer
no description
comments
string
no description
dhcp-server
dictionary
no description
auto-configuration
string
    Choices:
  • disable
  • enable
Enable/disable auto configuration.
auto-managed-status
string
    Choices:
  • disable
  • enable
Enable/disable use of this DHCP server once this interface has been assigned an IP address from FortiIPAM.
conflicted-ip-timeout
integer
Time in seconds to wait after a conflicted IP address is removed from the DHCP range before it can be reused.
ddns-auth
string
    Choices:
  • disable
  • tsig
DDNS authentication mode.
ddns-key
string
DDNS update key (base 64 encoding).
ddns-keyname
string
DDNS update key name.
ddns-server-ip
string
DDNS server IP.
ddns-ttl
integer
TTL.
ddns-update
string
    Choices:
  • disable
  • enable
Enable/disable DDNS update for DHCP.
ddns-update-override
string
    Choices:
  • disable
  • enable
Enable/disable DDNS update override for DHCP.
ddns-zone
string
Zone of your domain name (ex. DDNS.com).
default-gateway
string
Default gateway IP address assigned by the DHCP server.
dhcp-settings-from-fortiipam
string
    Choices:
  • disable
  • enable
Enable/disable populating of DHCP server settings from FortiIPAM.
dns-server1
string
DNS server 1.
dns-server2
string
DNS server 2.
dns-server3
string
DNS server 3.
dns-server4
string
DNS server 4.
dns-service
string
    Choices:
  • default
  • specify
  • local
Options for assigning DNS servers to DHCP clients.
domain
string
Domain name suffix for the IP addresses that the DHCP server assigns to clients.
enable
string
    Choices:
  • disable
  • enable
no description
exclude-range
list / elements=string
no description
end-ip
string
End of IP range.
id
integer
ID.
start-ip
string
Start of IP range.
filename
string
Name of the boot file on the TFTP server.
forticlient-on-net-status
string
    Choices:
  • disable
  • enable
Enable/disable FortiClient-On-Net service for this DHCP server.
id
integer
ID.
ip-mode
string
    Choices:
  • range
  • usrgrp
Method used to assign client IP.
ip-range
list / elements=string
no description
end-ip
string
End of IP range.
id
integer
ID.
start-ip
string
Start of IP range.
ipsec-lease-hold
integer
DHCP over IPsec leases expire this many seconds after tunnel down (0 to disable forced-expiry).
lease-time
integer
Lease time in seconds, 0 means unlimited.
mac-acl-default-action
string
    Choices:
  • assign
  • block
MAC access control default action (allow or block assigning IP settings).
netmask
string
Netmask assigned by the DHCP server.
next-server
string
IP address of a server (for example, a TFTP sever) that DHCP clients can download a boot file from.
ntp-server1
string
NTP server 1.
ntp-server2
string
NTP server 2.
ntp-server3
string
NTP server 3.
ntp-service
string
    Choices:
  • default
  • specify
  • local
Options for assigning Network Time Protocol (NTP) servers to DHCP clients.
option1
string
no description
option2
string
no description
option3
string
no description
option4
string
no description
option5
string
no description
option6
string
no description
options
list / elements=string
no description
code
integer
DHCP option code.
id
integer
ID.
ip
string
no description
type
string
    Choices:
  • hex
  • string
  • ip
  • fqdn
DHCP option type.
value
string
DHCP option value.
reserved-address
list / elements=string
no description
action
string
    Choices:
  • assign
  • block
  • reserved
Options for the DHCP server to configure the client with the reserved MAC address.
circuit-id
string
Option 82 circuit-ID of the client that will get the reserved IP address.
circuit-id-type
string
    Choices:
  • hex
  • string
DHCP option type.
description
string
Description.
id
integer
ID.
ip
string
IP address to be reserved for the MAC address.
mac
string
MAC address of the client that will get the reserved IP address.
remote-id
string
Option 82 remote-ID of the client that will get the reserved IP address.
remote-id-type
string
    Choices:
  • hex
  • string
DHCP option type.
type
string
    Choices:
  • mac
  • option82
DHCP reserved-address type.
server-type
string
    Choices:
  • regular
  • ipsec
DHCP server can be a normal DHCP server or an IPsec DHCP server.
status
string
    Choices:
  • disable
  • enable
Enable/disable this DHCP configuration.
tftp-server
string
no description
timezone
string
    Choices:
  • 00
  • 01
  • 02
  • 03
  • 04
  • 05
  • 06
  • 07
  • 08
  • 09
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
Select the time zone to be assigned to DHCP clients.
timezone-option
string
    Choices:
  • disable
  • default
  • specify
Options for the DHCP server to set the clients time zone.
vci-match
string
    Choices:
  • disable
  • enable
Enable/disable vendor class identifier (VCI) matching. When enabled only DHCP requests with a matching VCI are served.
vci-string
string
no description
wifi-ac-service
string
    Choices:
  • specify
  • local
Options for assigning WiFi Access Controllers to DHCP clients
wifi-ac1
string
WiFi Access Controller 1 IP address (DHCP option 138, RFC 5417).
wifi-ac2
string
WiFi Access Controller 2 IP address (DHCP option 138, RFC 5417).
wifi-ac3
string
WiFi Access Controller 3 IP address (DHCP option 138, RFC 5417).
wins-server1
string
WINS server 1.
wins-server2
string
WINS server 2.
dynamic_mapping
list / elements=string
no description
_dhcp-status
string
    Choices:
  • disable
  • enable
no description
_scope
list / elements=string
no description
name
string
no description
vdom
string
no description
dhcp-server
dictionary
no description
auto-configuration
string
    Choices:
  • disable
  • enable
Enable/disable auto configuration.
auto-managed-status
string
    Choices:
  • disable
  • enable
Enable/disable use of this DHCP server once this interface has been assigned an IP address from FortiIPAM.
conflicted-ip-timeout
integer
Time in seconds to wait after a conflicted IP address is removed from the DHCP range before it can be reused.
ddns-auth
string
    Choices:
  • disable
  • tsig
DDNS authentication mode.
ddns-key
string
DDNS update key (base 64 encoding).
ddns-keyname
string
DDNS update key name.
ddns-server-ip
string
DDNS server IP.
ddns-ttl
integer
TTL.
ddns-update
string
    Choices:
  • disable
  • enable
Enable/disable DDNS update for DHCP.
ddns-update-override
string
    Choices:
  • disable
  • enable
Enable/disable DDNS update override for DHCP.
ddns-zone
string
Zone of your domain name (ex. DDNS.com).
default-gateway
string
Default gateway IP address assigned by the DHCP server.
dhcp-settings-from-fortiipam
string
    Choices:
  • disable
  • enable
Enable/disable populating of DHCP server settings from FortiIPAM.
dns-server1
string
DNS server 1.
dns-server2
string
DNS server 2.
dns-server3
string
DNS server 3.
dns-server4
string
DNS server 4.
dns-service
string
    Choices:
  • default
  • specify
  • local
Options for assigning DNS servers to DHCP clients.
domain
string
Domain name suffix for the IP addresses that the DHCP server assigns to clients.
enable
string
    Choices:
  • disable
  • enable
no description
exclude-range
list / elements=string
no description
end-ip
string
End of IP range.
id
integer
ID.
start-ip
string
Start of IP range.
filename
string
Name of the boot file on the TFTP server.
forticlient-on-net-status
string
    Choices:
  • disable
  • enable
Enable/disable FortiClient-On-Net service for this DHCP server.
id
integer
ID.
ip-mode
string
    Choices:
  • range
  • usrgrp
Method used to assign client IP.
ip-range
list / elements=string
no description
end-ip
string
End of IP range.
id
integer
ID.
start-ip
string
Start of IP range.
ipsec-lease-hold
integer
DHCP over IPsec leases expire this many seconds after tunnel down (0 to disable forced-expiry).
lease-time
integer
Lease time in seconds, 0 means unlimited.
mac-acl-default-action
string
    Choices:
  • assign
  • block
MAC access control default action (allow or block assigning IP settings).
netmask
string
Netmask assigned by the DHCP server.
next-server
string
IP address of a server (for example, a TFTP sever) that DHCP clients can download a boot file from.
ntp-server1
string
NTP server 1.
ntp-server2
string
NTP server 2.
ntp-server3
string
NTP server 3.
ntp-service
string
    Choices:
  • default
  • specify
  • local
Options for assigning Network Time Protocol (NTP) servers to DHCP clients.
option1
string
no description
option2
string
no description
option3
string
no description
option4
string
no description
option5
string
no description
option6
string
no description
options
list / elements=string
no description
code
integer
DHCP option code.
id
integer
ID.
ip
string
no description
type
string
    Choices:
  • hex
  • string
  • ip
  • fqdn
DHCP option type.
value
string
DHCP option value.
reserved-address
list / elements=string
no description
action
string
    Choices:
  • assign
  • block
  • reserved
Options for the DHCP server to configure the client with the reserved MAC address.
circuit-id
string
Option 82 circuit-ID of the client that will get the reserved IP address.
circuit-id-type
string
    Choices:
  • hex
  • string
DHCP option type.
description
string
Description.
id
integer
ID.
ip
string
IP address to be reserved for the MAC address.
mac
string
MAC address of the client that will get the reserved IP address.
remote-id
string
Option 82 remote-ID of the client that will get the reserved IP address.
remote-id-type
string
    Choices:
  • hex
  • string
DHCP option type.
type
string
    Choices:
  • mac
  • option82
DHCP reserved-address type.
server-type
string
    Choices:
  • regular
  • ipsec
DHCP server can be a normal DHCP server or an IPsec DHCP server.
status
string
    Choices:
  • disable
  • enable
Enable/disable this DHCP configuration.
tftp-server
string
no description
timezone
string
    Choices:
  • 00
  • 01
  • 02
  • 03
  • 04
  • 05
  • 06
  • 07
  • 08
  • 09
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
Select the time zone to be assigned to DHCP clients.
timezone-option
string
    Choices:
  • disable
  • default
  • specify
Options for the DHCP server to set the clients time zone.
vci-match
string
    Choices:
  • disable
  • enable
Enable/disable vendor class identifier (VCI) matching. When enabled only DHCP requests with a matching VCI are...
vci-string
string
no description
wifi-ac-service
string
    Choices:
  • specify
  • local
Options for assigning WiFi Access Controllers to DHCP clients
wifi-ac1
string
WiFi Access Controller 1 IP address (DHCP option 138, RFC 5417).
wifi-ac2
string
WiFi Access Controller 2 IP address (DHCP option 138, RFC 5417).
wifi-ac3
string
WiFi Access Controller 3 IP address (DHCP option 138, RFC 5417).
wins-server1
string
WINS server 1.
wins-server2
string
WINS server 2.
interface
dictionary
no description
dhcp-relay-agent-option
string
    Choices:
  • disable
  • enable
no description
dhcp-relay-ip
string
no description
dhcp-relay-service
string
    Choices:
  • disable
  • enable
no description
dhcp-relay-type
string
    Choices:
  • regular
  • ipsec
no description
ip
string
no description
ipv6
dictionary
no description
autoconf
string
    Choices:
  • disable
  • enable
Enable/disable address auto config.
cli-conn6-status
integer
no description
dhcp6-client-options
list / elements=string
    Choices:
  • rapid
  • iapd
  • iana
  • dns
  • dnsname
no description
dhcp6-information-request
string
    Choices:
  • disable
  • enable
Enable/disable DHCPv6 information request.
dhcp6-prefix-delegation
string
    Choices:
  • disable
  • enable
Enable/disable DHCPv6 prefix delegation.
dhcp6-prefix-hint
string
DHCPv6 prefix that will be used as a hint to the upstream DHCPv6 server.
dhcp6-prefix-hint-plt
integer
DHCPv6 prefix hint preferred life time (sec), 0 means unlimited lease time.
dhcp6-prefix-hint-vlt
integer
DHCPv6 prefix hint valid life time (sec).
dhcp6-relay-ip
string
DHCPv6 relay IP address.
dhcp6-relay-service
string
    Choices:
  • disable
  • enable
Enable/disable DHCPv6 relay.
dhcp6-relay-type
string
    Choices:
  • regular
DHCPv6 relay type.
icmp6-send-redirect
string
    Choices:
  • disable
  • enable
Enable/disable sending of ICMPv6 redirects.
interface-identifier
string
IPv6 interface identifier.
ip6-address
string
Primary IPv6 address prefix, syntax: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/xxx
ip6-allowaccess
list / elements=string
    Choices:
  • https
  • ping
  • ssh
  • snmp
  • http
  • telnet
  • fgfm
  • capwap
  • fabric
no description
ip6-default-life
integer
Default life (sec).
ip6-delegated-prefix-list
list / elements=string
no description
autonomous-flag
string
    Choices:
  • disable
  • enable
Enable/disable the autonomous flag.
onlink-flag
string
    Choices:
  • disable
  • enable
Enable/disable the onlink flag.
prefix-id
integer
Prefix ID.
rdnss
string
no description
rdnss-service
string
    Choices:
  • delegated
  • default
  • specify
Recursive DNS service option.
subnet
string
Add subnet ID to routing prefix.
upstream-interface
string
Name of the interface that provides delegated information.
ip6-dns-server-override
string
    Choices:
  • disable
  • enable
Enable/disable using the DNS server acquired by DHCP.
ip6-extra-addr
list / elements=string
no description
prefix
string
IPv6 address prefix.
ip6-hop-limit
integer
Hop limit (0 means unspecified).
ip6-link-mtu
integer
IPv6 link MTU.
ip6-manage-flag
string
    Choices:
  • disable
  • enable
Enable/disable the managed flag.
ip6-max-interval
integer
IPv6 maximum interval (4 to 1800 sec).
ip6-min-interval
integer
IPv6 minimum interval (3 to 1350 sec).
ip6-mode
string
    Choices:
  • static
  • dhcp
  • pppoe
  • delegated
Addressing mode (static, DHCP, delegated).
ip6-other-flag
string
    Choices:
  • disable
  • enable
Enable/disable the other IPv6 flag.
ip6-prefix-list
list / elements=string
no description
autonomous-flag
string
    Choices:
  • disable
  • enable
Enable/disable the autonomous flag.
dnssl
string
no description
onlink-flag
string
    Choices:
  • disable
  • enable
Enable/disable the onlink flag.
preferred-life-time
integer
Preferred life time (sec).
prefix
string
IPv6 prefix.
rdnss
string
no description
valid-life-time
integer
Valid life time (sec).
ip6-prefix-mode
string
    Choices:
  • dhcp6
  • ra
Assigning a prefix from DHCP or RA.
ip6-reachable-time
integer
IPv6 reachable time (milliseconds; 0 means unspecified).
ip6-retrans-time
integer
IPv6 retransmit time (milliseconds; 0 means unspecified).
ip6-send-adv
string
    Choices:
  • disable
  • enable
Enable/disable sending advertisements about the interface.
ip6-subnet
string
Subnet to routing prefix, syntax: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/xxx
ip6-upstream-interface
string
Interface name providing delegated information.
nd-cert
string
Neighbor discovery certificate.
nd-cga-modifier
string
Neighbor discovery CGA modifier.
nd-mode
string
    Choices:
  • basic
  • SEND-compatible
Neighbor discovery mode.
nd-security-level
integer
Neighbor discovery security level (0 - 7; 0 = least secure, default = 0).
nd-timestamp-delta
integer
Neighbor discovery timestamp delta value (1 - 3600 sec; default = 300).
nd-timestamp-fuzz
integer
Neighbor discovery timestamp fuzz factor (1 - 60 sec; default = 1).
ra-send-mtu
string
    Choices:
  • disable
  • enable
Enable/disable sending link MTU in RA packet.
unique-autoconf-addr
string
    Choices:
  • disable
  • enable
Enable/disable unique auto config address.
vrip6_link_local
string
Link-local IPv6 address of virtual router.
vrrp-virtual-mac6
string
    Choices:
  • disable
  • enable
Enable/disable virtual MAC for VRRP.
vrrp6
list / elements=string
no description
accept-mode
string
    Choices:
  • disable
  • enable
Enable/disable accept mode.
adv-interval
integer
Advertisement interval (1 - 255 seconds).
preempt
string
    Choices:
  • disable
  • enable
Enable/disable preempt mode.
priority
integer
Priority of the virtual router (1 - 255).
start-time
integer
Startup time (1 - 255 seconds).
status
string
    Choices:
  • disable
  • enable
Enable/disable VRRP.
vrdst6
string
Monitor the route to this destination.
vrgrp
integer
VRRP group ID (1 - 65535).
vrid
integer
Virtual router identifier (1 - 255).
vrip6
string
IPv6 address of the virtual router.
secondary-IP
string
    Choices:
  • disable
  • enable
no description
secondaryip
list / elements=string
no description
allowaccess
list / elements=string
    Choices:
  • https
  • ping
  • ssh
  • snmp
  • http
  • telnet
  • fgfm
  • auto-ipsec
  • radius-acct
  • probe-response
  • capwap
  • dnp
  • ftm
  • fabric
no description
detectprotocol
list / elements=string
    Choices:
  • ping
  • tcp-echo
  • udp-echo
no description
detectserver
string
Gateways ping server for this IP.
gwdetect
string
    Choices:
  • disable
  • enable
Enable/disable detect gateway alive for first.
ha-priority
integer
HA election priority for the PING server.
id
integer
ID.
ip
string
Secondary IP address of the interface.
ping-serv-status
integer
no description
seq
integer
no description
vlanid
integer
no description
interface
dictionary
no description
ac-name
string
PPPoE server name.
aggregate
string
no description
algorithm
string
    Choices:
  • L2
  • L3
  • L4
Frame distribution algorithm.
alias
string
Alias will be displayed with the interface name to make it easier to distinguish.
allowaccess
list / elements=string
    Choices:
  • https
  • ping
  • ssh
  • snmp
  • http
  • telnet
  • fgfm
  • auto-ipsec
  • radius-acct
  • probe-response
  • capwap
  • dnp
  • ftm
  • fabric
no description
ap-discover
string
    Choices:
  • disable
  • enable
Enable/disable automatic registration of unknown FortiAP devices.
arpforward
string
    Choices:
  • disable
  • enable
Enable/disable ARP forwarding.
atm-protocol
string
    Choices:
  • none
  • ipoa
ATM protocol.
auth-type
string
    Choices:
  • auto
  • pap
  • chap
  • mschapv1
  • mschapv2
PPP authentication type to use.
auto-auth-extension-device
string
    Choices:
  • disable
  • enable
Enable/disable automatic authorization of dedicated Fortinet extension device on this interface.
bandwidth-measure-time
integer
Bandwidth measure time
bfd
string
    Choices:
  • global
  • enable
  • disable
Bidirectional Forwarding Detection (BFD) settings.
bfd-desired-min-tx
integer
BFD desired minimal transmit interval.
bfd-detect-mult
integer
BFD detection multiplier.
bfd-required-min-rx
integer
BFD required minimal receive interval.
broadcast-forticlient-discovery
string
    Choices:
  • disable
  • enable
no description
broadcast-forward
string
    Choices:
  • disable
  • enable
Enable/disable broadcast forwarding.
captive-portal
integer
Enable/disable captive portal.
cli-conn-status
integer
no description
color
integer
Color of icon on the GUI.
ddns
string
    Choices:
  • disable
  • enable
no description
ddns-auth
string
    Choices:
  • disable
  • tsig
no description
ddns-domain
string
no description
ddns-key
string
no description
ddns-keyname
string
no description
ddns-password
string
no description
ddns-server
string
    Choices:
  • dhs.org
  • dyndns.org
  • dyns.net
  • tzo.com
  • ods.org
  • vavic.com
  • now.net.cn
  • dipdns.net
  • easydns.com
  • genericDDNS
no description
ddns-server-ip
string
no description
ddns-sn
string
no description
ddns-ttl
integer
no description
ddns-username
string
no description
ddns-zone
string
no description
dedicated-to
string
    Choices:
  • none
  • management
Configure interface for single purpose.
defaultgw
string
    Choices:
  • disable
  • enable
Enable to get the gateway IP from the DHCP or PPPoE server.
description
string
Description.
detected-peer-mtu
integer
no description
detectprotocol
list / elements=string
    Choices:
  • ping
  • tcp-echo
  • udp-echo
no description
detectserver
string
Gateways ping server for this IP.
device-access-list
string
no description
device-identification
string
    Choices:
  • disable
  • enable
Enable/disable passively gathering of device identity information about the devices on the network connected to this i...
device-identification-active-scan
string
    Choices:
  • disable
  • enable
no description
device-netscan
string
    Choices:
  • disable
  • enable
no description
device-user-identification
string
    Choices:
  • disable
  • enable
Enable/disable passive gathering of user identity information about users on this interface.
devindex
integer
no description
dhcp-client-identifier
string
DHCP client identifier.
dhcp-relay-agent-option
string
    Choices:
  • disable
  • enable
Enable/disable DHCP relay agent option.
dhcp-relay-interface
string
Specify outgoing interface to reach server.
dhcp-relay-interface-select-method
string
    Choices:
  • auto
  • sdwan
  • specify
Specify how to select outgoing interface to reach server.
dhcp-relay-ip
string
no description
dhcp-relay-request-all-server
string
    Choices:
  • disable
  • enable
Enable/disable sending of DHCP requests to all servers.
dhcp-relay-service
string
    Choices:
  • disable
  • enable
Enable/disable allowing this interface to act as a DHCP relay.
dhcp-relay-type
string
    Choices:
  • regular
  • ipsec
DHCP relay type (regular or IPsec).
dhcp-renew-time
integer
DHCP renew time in seconds (300-604800), 0 means use the renew time provided by the server.
disc-retry-timeout
integer
Time in seconds to wait before retrying to start a PPPoE discovery, 0 means no timeout.
disconnect-threshold
integer
Time in milliseconds to wait before sending a notification that this interface is down or disconnected.
distance
integer
Distance for routes learned through PPPoE or DHCP, lower distance indicates preferred route.
dns-query
string
    Choices:
  • disable
  • recursive
  • non-recursive
no description
dns-server-override
string
    Choices:
  • disable
  • enable
Enable/disable use DNS acquired by DHCP or PPPoE.
drop-fragment
string
    Choices:
  • disable
  • enable
Enable/disable drop fragment packets.
drop-overlapped-fragment
string
    Choices:
  • disable
  • enable
Enable/disable drop overlapped fragment packets.
egress-cos
string
    Choices:
  • disable
  • cos0
  • cos1
  • cos2
  • cos3
  • cos4
  • cos5
  • cos6
  • cos7
Override outgoing CoS in user VLAN tag.
egress-shaping-profile
string
Outgoing traffic shaping profile.
eip
string
no description
endpoint-compliance
string
    Choices:
  • disable
  • enable
no description
estimated-downstream-bandwidth
integer
Estimated maximum downstream bandwidth (kbps). Used to estimate link utilization.
estimated-upstream-bandwidth
integer
Estimated maximum upstream bandwidth (kbps). Used to estimate link utilization.
explicit-ftp-proxy
string
    Choices:
  • disable
  • enable
Enable/disable the explicit FTP proxy on this interface.
explicit-web-proxy
string
    Choices:
  • disable
  • enable
Enable/disable the explicit web proxy on this interface.
external
string
    Choices:
  • disable
  • enable
Enable/disable identifying the interface as an external interface (which usually means its connected to the Internet).
fail-action-on-extender
string
    Choices:
  • soft-restart
  • hard-restart
  • reboot
Action on extender when interface fail .
fail-alert-interfaces
string
Names of the FortiGate interfaces to which the link failure alert is sent.
fail-alert-method
string
    Choices:
  • link-failed-signal
  • link-down
Select link-failed-signal or link-down method to alert about a failed link.
fail-detect
string
    Choices:
  • disable
  • enable
Enable/disable fail detection features for this interface.
fail-detect-option
list / elements=string
    Choices:
  • detectserver
  • link-down
no description
fdp
string
    Choices:
  • disable
  • enable
no description
fortiheartbeat
string
    Choices:
  • disable
  • enable
no description
fortilink
string
    Choices:
  • disable
  • enable
Enable FortiLink to dedicate this interface to manage other Fortinet devices.
fortilink-backup-link
integer
no description
fortilink-neighbor-detect
string
    Choices:
  • lldp
  • fortilink
Protocol for FortiGate neighbor discovery.
fortilink-split-interface
string
    Choices:
  • disable
  • enable
Enable/disable FortiLink split interface to connect member link to different FortiSwitch in stack for uplink redundancy.
fortilink-stacking
string
    Choices:
  • disable
  • enable
Enable/disable FortiLink switch-stacking on this interface.
forward-domain
integer
Transparent mode forward domain.
forward-error-correction
string
    Choices:
  • disable
  • enable
  • rs-fec
  • base-r-fec
  • fec-cl91
  • fec-cl74
Enable/disable forward error correction (FEC Clause 91).
fp-anomaly
list / elements=string
    Choices:
  • drop_tcp_fin_noack
  • pass_winnuke
  • pass_tcpland
  • pass_udpland
  • pass_icmpland
  • pass_ipland
  • pass_iprr
  • pass_ipssrr
  • pass_iplsrr
  • pass_ipstream
  • pass_ipsecurity
  • pass_iptimestamp
  • pass_ipunknown_option
  • pass_ipunknown_prot
  • pass_icmp_frag
  • pass_tcp_no_flag
  • pass_tcp_fin_noack
  • drop_winnuke
  • drop_tcpland
  • drop_udpland
  • drop_icmpland
  • drop_ipland
  • drop_iprr
  • drop_ipssrr
  • drop_iplsrr
  • drop_ipstream
  • drop_ipsecurity
  • drop_iptimestamp
  • drop_ipunknown_option
  • drop_ipunknown_prot
  • drop_icmp_frag
  • drop_tcp_no_flag
no description
fp-disable
list / elements=string
    Choices:
  • all
  • ipsec
  • none
no description
gateway-address
string
Gateway address
gi-gk
string
    Choices:
  • disable
  • enable
Enable/disable Gi Gatekeeper.
gwaddr
string
Gateway address
gwdetect
string
    Choices:
  • disable
  • enable
Enable/disable detect gateway alive for first.
ha-priority
integer
HA election priority for the PING server.
icmp-accept-redirect
string
    Choices:
  • disable
  • enable
Enable/disable ICMP accept redirect.
icmp-redirect
string
    Choices:
  • disable
  • enable
no description
icmp-send-redirect
string
    Choices:
  • disable
  • enable
Enable/disable sending of ICMP redirects.
ident-accept
string
    Choices:
  • disable
  • enable
Enable/disable authentication for this interface.
idle-timeout
integer
PPPoE auto disconnect after idle timeout seconds, 0 means no timeout.
if-mdix
string
    Choices:
  • auto
  • normal
  • crossover
no description
if-media
string
    Choices:
  • auto
  • copper
  • fiber
no description
in-force-vlan-cos
integer
no description
inbandwidth
integer
Bandwidth limit for incoming traffic (0 - 16776000 kbps), 0 means unlimited.
ingress-cos
string
    Choices:
  • disable
  • cos0
  • cos1
  • cos2
  • cos3
  • cos4
  • cos5
  • cos6
  • cos7
Override incoming CoS in user VLAN tag on VLAN interface or assign a priority VLAN tag on physical interface.
ingress-shaping-profile
string
Incoming traffic shaping profile.
ingress-spillover-threshold
integer
Ingress Spillover threshold (0 - 16776000 kbps), 0 means unlimited.
internal
integer
Implicitly created.
ip
string
Interface IPv4 address and subnet mask, syntax: X.X.X.X/24.
ip-managed-by-fortiipam
string
    Choices:
  • disable
  • enable
Enable/disable automatic IP address assignment of this interface by FortiIPAM.
ipmac
string
    Choices:
  • disable
  • enable
Enable/disable IP/MAC binding.
ips-sniffer-mode
string
    Choices:
  • disable
  • enable
Enable/disable the use of this interface as a one-armed sniffer.
ipunnumbered
string
Unnumbered IP used for PPPoE interfaces for which no unique local address is provided.
ipv6
dictionary
no description
autoconf
string
    Choices:
  • disable
  • enable
Enable/disable address auto config.
cli-conn6-status
integer
no description
dhcp6-client-options
list / elements=string
    Choices:
  • rapid
  • iapd
  • iana
  • dns
  • dnsname
no description
dhcp6-information-request
string
    Choices:
  • disable
  • enable
Enable/disable DHCPv6 information request.
dhcp6-prefix-delegation
string
    Choices:
  • disable
  • enable
Enable/disable DHCPv6 prefix delegation.
dhcp6-prefix-hint
string
DHCPv6 prefix that will be used as a hint to the upstream DHCPv6 server.
dhcp6-prefix-hint-plt
integer
DHCPv6 prefix hint preferred life time (sec), 0 means unlimited lease time.
dhcp6-prefix-hint-vlt
integer
DHCPv6 prefix hint valid life time (sec).
dhcp6-relay-ip
string
DHCPv6 relay IP address.
dhcp6-relay-service
string
    Choices:
  • disable
  • enable
Enable/disable DHCPv6 relay.
dhcp6-relay-type
string
    Choices:
  • regular
DHCPv6 relay type.
icmp6-send-redirect
string
    Choices:
  • disable
  • enable
Enable/disable sending of ICMPv6 redirects.
interface-identifier
string
IPv6 interface identifier.
ip6-address
string
Primary IPv6 address prefix, syntax: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/xxx
ip6-allowaccess
list / elements=string
    Choices:
  • https
  • ping
  • ssh
  • snmp
  • http
  • telnet
  • fgfm
  • capwap
  • fabric
no description
ip6-default-life
integer
Default life (sec).
ip6-delegated-prefix-list
list / elements=string
no description
autonomous-flag
string
    Choices:
  • disable
  • enable
Enable/disable the autonomous flag.
onlink-flag
string
    Choices:
  • disable
  • enable
Enable/disable the onlink flag.
prefix-id
integer
Prefix ID.
rdnss
string
no description
rdnss-service
string
    Choices:
  • delegated
  • default
  • specify
Recursive DNS service option.
subnet
string
Add subnet ID to routing prefix.
upstream-interface
string
Name of the interface that provides delegated information.
ip6-dns-server-override
string
    Choices:
  • disable
  • enable
Enable/disable using the DNS server acquired by DHCP.
ip6-extra-addr
list / elements=string
no description
prefix
string
IPv6 address prefix.
ip6-hop-limit
integer
Hop limit (0 means unspecified).
ip6-link-mtu
integer
IPv6 link MTU.
ip6-manage-flag
string
    Choices:
  • disable
  • enable
Enable/disable the managed flag.
ip6-max-interval
integer
IPv6 maximum interval (4 to 1800 sec).
ip6-min-interval
integer
IPv6 minimum interval (3 to 1350 sec).
ip6-mode
string
    Choices:
  • static
  • dhcp
  • pppoe
  • delegated
Addressing mode (static, DHCP, delegated).
ip6-other-flag
string
    Choices:
  • disable
  • enable
Enable/disable the other IPv6 flag.
ip6-prefix-list
list / elements=string
no description
autonomous-flag
string
    Choices:
  • disable
  • enable
Enable/disable the autonomous flag.
dnssl
string
no description
onlink-flag
string
    Choices:
  • disable
  • enable
Enable/disable the onlink flag.
preferred-life-time
integer
Preferred life time (sec).
prefix
string
IPv6 prefix.
rdnss
string
no description
valid-life-time
integer
Valid life time (sec).
ip6-prefix-mode
string
    Choices:
  • dhcp6
  • ra
Assigning a prefix from DHCP or RA.
ip6-reachable-time
integer
IPv6 reachable time (milliseconds; 0 means unspecified).
ip6-retrans-time
integer
IPv6 retransmit time (milliseconds; 0 means unspecified).
ip6-send-adv
string
    Choices:
  • disable
  • enable
Enable/disable sending advertisements about the interface.
ip6-subnet
string
Subnet to routing prefix, syntax: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/xxx
ip6-upstream-interface
string
Interface name providing delegated information.
nd-cert
string
Neighbor discovery certificate.
nd-cga-modifier
string
Neighbor discovery CGA modifier.
nd-mode
string
    Choices:
  • basic
  • SEND-compatible
Neighbor discovery mode.
nd-security-level
integer
Neighbor discovery security level (0 - 7; 0 = least secure, default = 0).
nd-timestamp-delta
integer
Neighbor discovery timestamp delta value (1 - 3600 sec; default = 300).
nd-timestamp-fuzz
integer
Neighbor discovery timestamp fuzz factor (1 - 60 sec; default = 1).
ra-send-mtu
string
    Choices:
  • disable
  • enable
Enable/disable sending link MTU in RA packet.
unique-autoconf-addr
string
    Choices:
  • disable
  • enable
Enable/disable unique auto config address.
vrip6_link_local
string
Link-local IPv6 address of virtual router.
vrrp-virtual-mac6
string
    Choices:
  • disable
  • enable
Enable/disable virtual MAC for VRRP.
vrrp6
list / elements=string
no description
accept-mode
string
    Choices:
  • disable
  • enable
Enable/disable accept mode.
adv-interval
integer
Advertisement interval (1 - 255 seconds).
preempt
string
    Choices:
  • disable
  • enable
Enable/disable preempt mode.
priority
integer
Priority of the virtual router (1 - 255).
start-time
integer
Startup time (1 - 255 seconds).
status
string
    Choices:
  • disable
  • enable
Enable/disable VRRP.
vrdst6
string
Monitor the route to this destination.
vrgrp
integer
VRRP group ID (1 - 65535).
vrid
integer
Virtual router identifier (1 - 255).
vrip6
string
IPv6 address of the virtual router.
l2forward
string
    Choices:
  • disable
  • enable
Enable/disable l2 forwarding.
l2tp-client
string
    Choices:
  • disable
  • enable
Enable/disable this interface as a Layer 2 Tunnelling Protocol (L2TP) client.
lacp-ha-slave
string
    Choices:
  • disable
  • enable
LACP HA slave.
lacp-mode
string
    Choices:
  • static
  • passive
  • active
LACP mode.
lacp-speed
string
    Choices:
  • slow
  • fast
How often the interface sends LACP messages.
lcp-echo-interval
integer
Time in seconds between PPPoE Link Control Protocol (LCP) echo requests.
lcp-max-echo-fails
integer
Maximum missed LCP echo messages before disconnect.
link-up-delay
integer
Number of milliseconds to wait before considering a link is up.
listen-forticlient-connection
string
    Choices:
  • disable
  • enable
no description
lldp-network-policy
string
LLDP-MED network policy profile.
lldp-reception
string
    Choices:
  • disable
  • enable
  • vdom
Enable/disable Link Layer Discovery Protocol (LLDP) reception.
lldp-transmission
string
    Choices:
  • enable
  • disable
  • vdom
Enable/disable Link Layer Discovery Protocol (LLDP) transmission.
log
string
    Choices:
  • disable
  • enable
no description
macaddr
string
Change the interfaces MAC address.
managed-subnetwork-size
string
    Choices:
  • 256
  • 512
  • 1024
  • 2048
  • 4096
  • 8192
  • 16384
  • 32768
  • 65536
Number of IP addresses to be allocated by FortiIPAM and used by this FortiGate units DHCP server settings.
management-ip
string
High Availability in-band management IP address of this interface.
max-egress-burst-rate
integer
no description
max-egress-rate
integer
no description
measured-downstream-bandwidth
integer
Measured downstream bandwidth (kbps).
measured-upstream-bandwidth
integer
Measured upstream bandwidth (kbps).
mediatype
string
    Choices:
  • serdes-sfp
  • sgmii-sfp
  • cfp2-sr10
  • cfp2-lr4
  • serdes-copper-sfp
  • sr
  • cr
  • lr
  • qsfp28-sr4
  • qsfp28-lr4
  • qsfp28-cr4
  • sr4
  • cr4
  • lr4
Select SFP media interface type
member
string
Physical interfaces that belong to the aggregate or redundant interface.
min-links
integer
Minimum number of aggregated ports that must be up.
min-links-down
string
    Choices:
  • operational
  • administrative
Action to take when less than the configured minimum number of links are active.
mode
string
    Choices:
  • static
  • dhcp
  • pppoe
  • pppoa
  • ipoa
  • eoa
Addressing mode (static, DHCP, PPPoE).
monitor-bandwidth
string
    Choices:
  • disable
  • enable
Enable monitoring bandwidth on this interface.
mtu
integer
MTU value for this interface.
mtu-override
string
    Choices:
  • disable
  • enable
Enable to set a custom MTU for this interface.
mux-type
string
    Choices:
  • llc-encaps
  • vc-encaps
Multiplexer type
name
string
Name.
ndiscforward
string
    Choices:
  • disable
  • enable
Enable/disable NDISC forwarding.
netbios-forward
string
    Choices:
  • disable
  • enable
Enable/disable NETBIOS forwarding.
netflow-sampler
string
    Choices:
  • disable
  • tx
  • rx
  • both
Enable/disable NetFlow on this interface and set the data that NetFlow collects (rx, tx, or both).
np-qos-profile
integer
no description
npu-fastpath
string
    Choices:
  • disable
  • enable
no description
nst
string
    Choices:
  • disable
  • enable
no description
out-force-vlan-cos
integer
no description
outbandwidth
integer
Bandwidth limit for outgoing traffic (0 - 16776000 kbps), 0 means unlimited.
padt-retry-timeout
integer
PPPoE Active Discovery Terminate (PADT) used to terminate sessions after an idle time.
password
string
no description
peer-interface
string
no description
phy-mode
string
    Choices:
  • auto
  • adsl
  • vdsl
DSL physical mode.
ping-serv-status
integer
no description
poe
string
    Choices:
  • disable
  • enable
Enable/disable PoE status.
polling-interval
integer
sFlow polling interval (1 - 255 sec).
pppoe-unnumbered-negotiate
string
    Choices:
  • disable
  • enable
Enable/disable PPPoE unnumbered negotiation.
pptp-auth-type
string
    Choices:
  • auto
  • pap
  • chap
  • mschapv1
  • mschapv2
PPTP authentication type.
pptp-client
string
    Choices:
  • disable
  • enable
Enable/disable PPTP client.
pptp-password
string
no description
pptp-server-ip
string
PPTP server IP address.
pptp-timeout
integer
Idle timer in minutes (0 for disabled).
pptp-user
string
PPTP user name.
preserve-session-route
string
    Choices:
  • disable
  • enable
Enable/disable preservation of session route when dirty.
priority
integer
Priority of learned routes.
priority-override
string
    Choices:
  • disable
  • enable
Enable/disable fail back to higher priority port once recovered.
proxy-captive-portal
string
    Choices:
  • disable
  • enable
Enable/disable proxy captive portal on this interface.
redundant-interface
string
no description
remote-ip
string
Remote IP address of tunnel.
replacemsg-override-group
string
Replacement message override group.
retransmission
string
    Choices:
  • disable
  • enable
Enable/disable DSL retransmission.
ring-rx
integer
RX ring size.
ring-tx
integer
TX ring size.
role
string
    Choices:
  • lan
  • wan
  • dmz
  • undefined
Interface role.
sample-direction
string
    Choices:
  • rx
  • tx
  • both
Data that NetFlow collects (rx, tx, or both).
sample-rate
integer
sFlow sample rate (10 - 99999).
scan-botnet-connections
string
    Choices:
  • disable
  • block
  • monitor
no description
secondary-IP
string
    Choices:
  • disable
  • enable
Enable/disable adding a secondary IP to this interface.
secondaryip
list / elements=string
no description
allowaccess
list / elements=string
    Choices:
  • https
  • ping
  • ssh
  • snmp
  • http
  • telnet
  • fgfm
  • auto-ipsec
  • radius-acct
  • probe-response
  • capwap
  • dnp
  • ftm
  • fabric
no description
detectprotocol
list / elements=string
    Choices:
  • ping
  • tcp-echo
  • udp-echo
no description
detectserver
string
Gateways ping server for this IP.
gwdetect
string
    Choices:
  • disable
  • enable
Enable/disable detect gateway alive for first.
ha-priority
integer
HA election priority for the PING server.
id
integer
ID.
ip
string
Secondary IP address of the interface.
ping-serv-status
integer
no description
seq
integer
no description
security-8021x-dynamic-vlan-id
integer
VLAN ID for virtual switch.
security-8021x-master
string
802.1X master virtual-switch.
security-8021x-mode
string
    Choices:
  • default
  • dynamic-vlan
  • fallback
  • slave
802.1X mode.
security-exempt-list
string
Name of security-exempt-list.
security-external-logout
string
URL of external authentication logout server.
security-external-web
string
URL of external authentication web server.
security-groups
string
User groups that can authenticate with the captive portal.
security-mac-auth-bypass
string
    Choices:
  • disable
  • enable
  • mac-auth-only
Enable/disable MAC authentication bypass.
security-mode
string
    Choices:
  • none
  • captive-portal
  • 802.1X
Turn on captive portal authentication for this interface.
security-redirect-url
string
URL redirection after disclaimer/authentication.
service-name
string
PPPoE service name.
sflow-sampler
string
    Choices:
  • disable
  • enable
Enable/disable sFlow on this interface.
speed
string
    Choices:
  • auto
  • 10full
  • 10half
  • 100full
  • 100half
  • 1000full
  • 1000half
  • 10000full
  • 1000auto
  • 10000auto
  • 40000full
  • 100Gfull
  • 25000full
  • 40000auto
  • 25000auto
  • 100Gauto
Interface speed. The default setting and the options available depend on the interface hardware.
spillover-threshold
integer
Egress Spillover threshold (0 - 16776000 kbps), 0 means unlimited.
src-check
string
    Choices:
  • disable
  • enable
Enable/disable source IP check.
status
string
    Choices:
  • down
  • up
Bring the interface up or shut the interface down.
stp
string
    Choices:
  • disable
  • enable
Enable/disable STP.
stp-ha-secondary
string
    Choices:
  • disable
  • enable
  • priority-adjust
Control STP behaviour on HA secondary.
stp-ha-slave
string
    Choices:
  • disable
  • enable
  • priority-adjust
Control STP behaviour on HA slave.
stpforward
string
    Choices:
  • disable
  • enable
Enable/disable STP forwarding.
stpforward-mode
string
    Choices:
  • rpl-all-ext-id
  • rpl-bridge-ext-id
  • rpl-nothing
Configure STP forwarding mode.
strip-priority-vlan-tag
string
    Choices:
  • disable
  • enable
no description
subst
string
    Choices:
  • disable
  • enable
Enable to always send packets from this interface to a destination MAC address.
substitute-dst-mac
string
Destination MAC address that all packets are sent to from this interface.
swc-first-create
integer
Initial create for switch-controller VLANs.
swc-vlan
integer
no description
switch
string
no description
switch-controller-access-vlan
string
    Choices:
  • disable
  • enable
Block FortiSwitch port-to-port traffic.
switch-controller-arp-inspection
string
    Choices:
  • disable
  • enable
Enable/disable FortiSwitch ARP inspection.
switch-controller-auth
string
    Choices:
  • radius
  • usergroup
no description
switch-controller-dhcp-snooping
string
    Choices:
  • disable
  • enable
Switch controller DHCP snooping.
switch-controller-dhcp-snooping-option82
string
    Choices:
  • disable
  • enable
Switch controller DHCP snooping option82.
switch-controller-dhcp-snooping-verify-mac
string
    Choices:
  • disable
  • enable
Switch controller DHCP snooping verify MAC.
switch-controller-dynamic
string
Integrated FortiLink settings for managed FortiSwitch.
switch-controller-feature
string
    Choices:
  • none
  • default-vlan
  • quarantine
  • sniffer
  • voice
  • camera
  • rspan
  • video
  • nac
Interfaces purpose when assigning traffic (read only).
switch-controller-igmp-snooping
string
    Choices:
  • disable
  • enable
Switch controller IGMP snooping.
switch-controller-igmp-snooping-fast-leave
string
    Choices:
  • disable
  • enable
Switch controller IGMP snooping fast-leave.
switch-controller-igmp-snooping-proxy
string
    Choices:
  • disable
  • enable
Switch controller IGMP snooping proxy.
switch-controller-iot-scanning
string
    Choices:
  • disable
  • enable
Enable/disable managed FortiSwitch IoT scanning.
switch-controller-learning-limit
integer
Limit the number of dynamic MAC addresses on this VLAN (1 - 128, 0 = no limit, default).
switch-controller-mgmt-vlan
integer
VLAN to use for FortiLink management purposes.
switch-controller-nac
string
Integrated NAC settings for managed FortiSwitch.
switch-controller-radius-server
string
no description
switch-controller-rspan-mode
string
    Choices:
  • disable
  • enable
Stop Layer2 MAC learning and interception of BPDUs and other packets on this interface.
switch-controller-source-ip
string
    Choices:
  • outbound
  • fixed
Source IP address used in FortiLink over L3 connections.
switch-controller-traffic-policy
string
Switch controller traffic policy for the VLAN.
tc-mode
string
    Choices:
  • ptm
  • atm
DSL transfer mode.
tcp-mss
integer
TCP maximum segment size. 0 means do not change segment size.
trunk
string
    Choices:
  • disable
  • enable
Enable/disable VLAN trunk.
trust-ip-1
string
Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts).
trust-ip-2
string
Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts).
trust-ip-3
string
Trusted host for dedicated management traffic (0.0.0.0/24 for all hosts).
trust-ip6-1
string
Trusted IPv6 host for dedicated management traffic (::/0 for all hosts).
trust-ip6-2
string
Trusted IPv6 host for dedicated management traffic (::/0 for all hosts).
trust-ip6-3
string
Trusted IPv6 host for dedicated management traffic (::/0 for all hosts).
type
string
    Choices:
  • physical
  • vlan
  • aggregate
  • redundant
  • tunnel
  • wireless
  • vdom-link
  • loopback
  • switch
  • hard-switch
  • hdlc
  • vap-switch
  • wl-mesh
  • fortilink
  • switch-vlan
  • fctrl-trunk
  • tdm
  • fext-wan
  • vxlan
  • emac-vlan
  • geneve
  • ssl
Interface type.
username
string
Username of the PPPoE account, provided by your ISP.
vci
integer
Virtual Channel ID
vectoring
string
    Choices:
  • disable
  • enable
Enable/disable DSL vectoring.
vindex
integer
no description
vlan-protocol
string
    Choices:
  • 8021q
  • 8021ad
Ethernet protocol of VLAN.
vlanforward
string
    Choices:
  • disable
  • enable
Enable/disable traffic forwarding between VLANs on this interface.
vlanid
integer
VLAN ID (1 - 4094).
vpi
integer
Virtual Path ID
vrf
integer
Virtual Routing Forwarding ID.
vrrp
list / elements=string
no description
accept-mode
string
    Choices:
  • disable
  • enable
Enable/disable accept mode.
adv-interval
integer
Advertisement interval (1 - 255 seconds).
ignore-default-route
string
    Choices:
  • disable
  • enable
Enable/disable ignoring of default route when checking destination.
preempt
string
    Choices:
  • disable
  • enable
Enable/disable preempt mode.
priority
integer
Priority of the virtual router (1 - 255).
start-time
integer
Startup time (1 - 255 seconds).
status
string
    Choices:
  • disable
  • enable
Enable/disable this VRRP configuration.
version
string
    Choices:
  • 2
  • 3
VRRP version.
vrdst
string
no description
vrdst-priority
integer
Priority of the virtual router when the virtual router destination becomes unreachable (0 - 254).
vrgrp
integer
VRRP group ID (1 - 65535).
vrid
integer
Virtual router identifier (1 - 255).
vrip
string
IP address of the virtual router.
vrrp-virtual-mac
string
    Choices:
  • disable
  • enable
Enable/disable use of virtual MAC for VRRP.
wccp
string
    Choices:
  • disable
  • enable
Enable/disable WCCP on this interface. Used for encapsulated WCCP communication between WCCP clients and servers.
weight
integer
Default weight for static routes (if route has no weight configured).
wifi-5g-threshold
string
Minimal signal strength to be considered as a good 5G AP.
wifi-acl
string
    Choices:
  • deny
  • allow
Access control for MAC addresses in the MAC list.
wifi-ap-band
string
    Choices:
  • any
  • 5g-preferred
  • 5g-only
How to select the AP to connect.
wifi-auth
string
    Choices:
  • PSK
  • RADIUS
  • radius
  • usergroup
WiFi authentication.
wifi-auto-connect
string
    Choices:
  • disable
  • enable
Enable/disable WiFi network auto connect.
wifi-auto-save
string
    Choices:
  • disable
  • enable
Enable/disable WiFi network automatic save.
wifi-broadcast-ssid
string
    Choices:
  • disable
  • enable
Enable/disable SSID broadcast in the beacon.
wifi-encrypt
string
    Choices:
  • TKIP
  • AES
Data encryption.
wifi-fragment-threshold
integer
WiFi fragment threshold (800 - 2346).
wifi-key
string
no description
wifi-keyindex
integer
WEP key index (1 - 4).
wifi-mac-filter
string
    Choices:
  • disable
  • enable
Enable/disable MAC filter status.
wifi-passphrase
string
no description
wifi-radius-server
string
WiFi RADIUS server for WPA.
wifi-rts-threshold
integer
WiFi RTS threshold (256 - 2346).
wifi-security
string
    Choices:
  • None
  • WEP64
  • wep64
  • WEP128
  • wep128
  • WPA_PSK
  • WPA_RADIUS
  • WPA
  • WPA2
  • WPA2_AUTO
  • open
  • wpa-personal
  • wpa-enterprise
  • wpa-only-personal
  • wpa-only-enterprise
  • wpa2-only-personal
  • wpa2-only-enterprise
Wireless access security of SSID.
wifi-ssid
string
IEEE 802.11 Service Set Identifier.
wifi-usergroup
string
WiFi user group for WPA.
wins-ip
string
WINS server IP.
name
string
no description
portal-message-override-group
string
no description
radius-server
string
no description
security
string
    Choices:
  • open
  • captive-portal
  • 8021x
no description
selected-usergroups
string
no description
usergroup
string
no description
vdom
string
no description
vlanid
integer
no description
proposed_method
string
    Choices:
  • update
  • set
  • add
The overridden method for the underlying Json RPC request
rc_failed
list / elements=string
the rc codes list with which the conditions to fail will be overriden
rc_succeeded
list / elements=string
the rc codes list with which the conditions to succeed will be overriden
state
string / required
    Choices:
  • present
  • absent
the directive to create, update or delete an object
workspace_locking_adom
string
the adom to lock for FortiManager running in workspace mode, the value can be global and others including root
workspace_locking_timeout
integer
Default:
300
the maximum time in seconds to wait for other user to release the workspace lock

Notes

Note

  • Running in workspace locking mode is supported in this FortiManager module, the top level parameters workspace_locking_adom and workspace_locking_timeout help do the work.

  • To create or update an object, use state present directive.

  • To delete an object, use state absent directive.

  • Normally, running one module can fail when a non-zero rc is returned. you can also override the conditions to fail or succeed with parameters rc_failed and rc_succeeded

Examples

- hosts: fortimanager-inventory
  collections:
    - fortinet.fortimanager
  connection: httpapi
  vars:
     ansible_httpapi_use_ssl: True
     ansible_httpapi_validate_certs: False
     ansible_httpapi_port: 443
  tasks:
   - name: no description
     fmgr_fsp_vlan:
        bypass_validation: False
        workspace_locking_adom: <value in [global, custom adom including root]>
        workspace_locking_timeout: 300
        rc_succeeded: [0, -2, -3, ...]
        rc_failed: [-2, -3, ...]
        adom: <your own value>
        state: <value in [present, absent]>
        fsp_vlan:
           _dhcp-status: <value in [disable, enable]>
           auth: <value in [radius, usergroup]>
           color: <value of integer>
           comments: <value of string>
           dynamic_mapping:
             -
                 _dhcp-status: <value in [disable, enable]>
                 _scope:
                   -
                       name: <value of string>
                       vdom: <value of string>
                 dhcp-server:
                    auto-configuration: <value in [disable, enable]>
                    auto-managed-status: <value in [disable, enable]>
                    conflicted-ip-timeout: <value of integer>
                    ddns-auth: <value in [disable, tsig]>
                    ddns-key: <value of string>
                    ddns-keyname: <value of string>
                    ddns-server-ip: <value of string>
                    ddns-ttl: <value of integer>
                    ddns-update: <value in [disable, enable]>
                    ddns-update-override: <value in [disable, enable]>
                    ddns-zone: <value of string>
                    default-gateway: <value of string>
                    dhcp-settings-from-fortiipam: <value in [disable, enable]>
                    dns-server1: <value of string>
                    dns-server2: <value of string>
                    dns-server3: <value of string>
                    dns-server4: <value of string>
                    dns-service: <value in [default, specify, local]>
                    domain: <value of string>
                    enable: <value in [disable, enable]>
                    exclude-range:
                      -
                          end-ip: <value of string>
                          id: <value of integer>
                          start-ip: <value of string>
                    filename: <value of string>
                    forticlient-on-net-status: <value in [disable, enable]>
                    id: <value of integer>
                    ip-mode: <value in [range, usrgrp]>
                    ip-range:
                      -
                          end-ip: <value of string>
                          id: <value of integer>
                          start-ip: <value of string>
                    ipsec-lease-hold: <value of integer>
                    lease-time: <value of integer>
                    mac-acl-default-action: <value in [assign, block]>
                    netmask: <value of string>
                    next-server: <value of string>
                    ntp-server1: <value of string>
                    ntp-server2: <value of string>
                    ntp-server3: <value of string>
                    ntp-service: <value in [default, specify, local]>
                    option1: <value of string>
                    option2: <value of string>
                    option3: <value of string>
                    option4: <value of string>
                    option5: <value of string>
                    option6: <value of string>
                    options:
                      -
                          code: <value of integer>
                          id: <value of integer>
                          ip: <value of string>
                          type: <value in [hex, string, ip, ...]>
                          value: <value of string>
                    reserved-address:
                      -
                          action: <value in [assign, block, reserved]>
                          circuit-id: <value of string>
                          circuit-id-type: <value in [hex, string]>
                          description: <value of string>
                          id: <value of integer>
                          ip: <value of string>
                          mac: <value of string>
                          remote-id: <value of string>
                          remote-id-type: <value in [hex, string]>
                          type: <value in [mac, option82]>
                    server-type: <value in [regular, ipsec]>
                    status: <value in [disable, enable]>
                    tftp-server: <value of string>
                    timezone: <value in [00, 01, 02, ...]>
                    timezone-option: <value in [disable, default, specify]>
                    vci-match: <value in [disable, enable]>
                    vci-string: <value of string>
                    wifi-ac-service: <value in [specify, local]>
                    wifi-ac1: <value of string>
                    wifi-ac2: <value of string>
                    wifi-ac3: <value of string>
                    wins-server1: <value of string>
                    wins-server2: <value of string>
                 interface:
                    dhcp-relay-agent-option: <value in [disable, enable]>
                    dhcp-relay-ip: <value of string>
                    dhcp-relay-service: <value in [disable, enable]>
                    dhcp-relay-type: <value in [regular, ipsec]>
                    ip: <value of string>
                    ipv6:
                       autoconf: <value in [disable, enable]>
                       dhcp6-client-options:
                         - rapid
                         - iapd
                         - iana
                         - dns
                         - dnsname
                       dhcp6-information-request: <value in [disable, enable]>
                       dhcp6-prefix-delegation: <value in [disable, enable]>
                       dhcp6-prefix-hint: <value of string>
                       dhcp6-prefix-hin